Introduction to Globus
Brigitte Raumann
braumann@uchicago.edu
University of Michigan
July 22, 2019

GlobusWorld Tour Agenda
Introduction to Globus (Monday)
13:15—13:30 registration
13:30—14:45 Introduction to Globus for New Users
14:45—15:00 beverage break
15:00—16:30 Introduction to Globus for System Administrators
Developer workshop (Tuesday)
8:45—9:00 registration
9:00—10:30 Introduction to the Globus Platform
10:30—10:45 beverage break
10:45—11:30 Building Research Data Portals
11:30—12:15 Automating flows with the Globus CLI
12:15—13:30 lunch break
13:30—14:30 Working with instrument data
14:30—15:00 Automate – The Globus Vision
15:00—15:15 beverage break
15:15—16:00 Globus Integrations
16:00 Open discussion/hack session

Research data management today
How do they...
...move?
...share?
...discover?
...reproduce?
Researchers manage
data using a variety of
– Locations
– Storage platforms
– Identities
– Networks
– IT expertise levels

Mission
Globus lowers barriers to
collaborative science and
discovery by delivering easy,
reliable, and secure research
data movement, sharing, and
synchronization.

5
Research Computing HPC
Desktop Workstations
Mass Storage Instruments
Personal Resources
Public Cloud
National Resources
“I need to easily, securely, & reliably move or
replicate my data between systems.”

…makes your
storage system
a Globus
endpoint

IBM Spectrum Scale
Current
Planned
Storage Connectors - globus.org/connectors
In Progress

Globus Connect Personal
• Installers do not require admin access
• Zero configuration; auto updating
• Handles NATs

Analysis
store
Next-Gen Sequencer
MRI
Advanced Light Source
Personal system
Remote visualization
High-durability,
low-cost store
Light Sheet Microscope
“I need to get data from a scientific instrument
to my analysis system.”
Cryo-EM

Instrument Data Distribution with Globus
Facilities
• Sequencing
• Cryo-EM
• Synchrotron radiation
Automation
• Back-up
• Deletion
• Sharing

Use(r)-appropriate interfaces
11
GET /endpoint/go%23ep1
PUT /endpoint/vas#my_endpt
200 OK
X-Transfer-API-Version: 0.10
Content-Type:
application/json
…
Globus
service
Web
CLI
Rest
API

Public / private cloud stores
External
campus
storage
EC2
Project
repositories,
replication stores
Public repositories
“I need to easily and securely share my data with my
colleagues at other institutions.”

The RUNX1
International
Sequencing
Consortium
(RISC)
Protected Hematologic Cancer Research Network

How Globus works
Researcher initiates
transfer request; or
requested automatically
by script, science
gateway
1
Instrument
Compute Facility
Globus transfers files
reliably, securely
2
Globus controls
access to shared
files on existing
storage; no need
to move files to
cloud storage!
4
Researcher
selects files to
share, selects
user or group,
and sets access
permissions
3
Collaborator logs in to
Globus and accesses
shared files; no local
account required;
download via Globus
5
Automating research
workflows and
ensuring those that
need access to the
data have it.
8
Personal Computer
Transfer
Share
• Use a Web browser or
platform services
• Access any storage
• Use an existing identity
Build
The Globus
Command Line
Interface, API sets,
and Python SDK
provide a platform…
6
… for building
science gateways,
portals and
publication services.
7

Hybrid SaaS

Sharing
User managed ”overlay”
permissions stored on
Globus service

Demo
Identities
• Linking
• Consents
Transfer
• Activity monitor
• Transfer options
• File option
Sharing
• Groups
Bookmarks
HTTPS
Collection creation
Roles
Console
• Linking
• Consents

Globus sustainability model
• Free Tier
• Standard Subscription
– Shared endpoints
– HTTPS support
– Management console
– Usage reporting
– Priority support
• Branded Web Site
• Premium Storage Connectors
• Alternate Identity Provider
• High Assurance
19

Thank you to our subscribers…

…and to our sponsors.
U.S. DEPARTMENT OF
ENERGY

Support resources
• Globus documentation: docs.globus.org
• Helpdesk and issue escalation: support@globus.org
• Mailing Lists
– https://www.globus.org/mailing-lists
• Customer engagement team
• Globus professional services team
– Assist with portal/gateway/app architecture and design
– Develop custom applications that leverage the Globus platform
– Advise on customized deployment and integration scenarios

• Access Control
– Identities provided and managed by institution
– Acts as identity broker only, does not access or store any institutional user credentials
– Institution controls all access policies (at multiple levels)
o who can access what data and with what permissions
o who can share what data and with what permissions
o all access policies can be changed or revoked at any time
– Researchers can overlay sharing permissions
• Data remain at institution, not hosted by Globus
• Automated integrity checks of transferred data
• High service availability
• Monitoring
• Encryption (all communications, optional data in transit)
Globus security and compliance features

High Assurance features for PHI, CUI
• Additional authentication assurance
– Reauthentication after specified time period
– Authenticates with the specific identity within session
• Isolation of applications
– Authentication context is per application, per session
• Enforced encryption of data in transit
• Local audit logging

Secure operations
• Intrusion detection and prevention
• Encryption
• Logging
• Secure remote access, access control
• Uniform configuration management and change control
• AWS best practices for securing operating environment:
VPCs, security groups, IAM best practices
• Comply with HIPAA, NIST SP800-171, NIST SP800-53

Globus on your Campus
• Webinars
• Programs
– Helping you evangelize Globus within your
institution.
• Professional Services
• Globus World Tour
– Taking the show on the road.
26