Download to read offline
Uploaded byGlobus
Globus Connect Server v5 Q&A Briefing
The document outlines the features and milestones of Globus Connect Server v5, highlighting updates such as support for multiple storage systems, guest collections, and high assurance data access. It provides installation instructions and describes changes in architecture and terminology from previous versions. The document also mentions upcoming features and resources for users seeking to understand the system better.
More Related Content
Similar to Globus Connect Server v5 Q&A Briefing
Globus Connect Server v5 Q&A Briefing
- 1. Globus Connect Serverv5 Rachana Ananthakrishnan PEARC19
- 2. Globus Connect Serverv5 Milestones v5.0: Google Drive v5.1: POSIX guest collections, HTTPS v5.x: v4 feature parity+ v5.3 • Multi DTN support • Additional storage systems • Endpoint specific identity providers • … Other features v5.2: High assurance v5.4: …
- 9. Out with theold, in with the new • Host endpoints Mapped collections – Need local account to access data • Shared endpoints Guest collections – No local account needed for data access, permissions set in Globus • Use host endpoint to create shared endpoint Use storage gateway to create (guest) collections • Access via GridFTP Access via GridFTP or HTTPS • Initially available via Globus Connect Server v5.2
- 10. Conceptual architecture: Mappedcollections Globus Endpoint Subscriber Security Domain Globus Security Domain DATA Channel CONTROL Channel No data relay or staging via Globus; files move directly between endpoints User identity mapped to local account Single, globally accessible multi-tenant service Globus “client” software Subscriber owned and administered storage system External Security Domain (User, web app, data portal, science gateway, …)
- 11. Conceptual architecture: GuestCollections Subscriber Security Domain User managed ”overlay” permissions stored in Globus service Guest Collection DATA Channel CONTROL Channel Subscriber managed filesystem and endpoint policies External Security Domain (User, web app, data portal, science gateway, …) Globus Endpoint Globus Security Domain
- 12. Globus Connect Server5.3 • Support for – high assurance data access (mapped and guest) – standard data access (guest only) • Multiple connectors: – POSIX – Google Drive – AWS S3 – Ceph – Box
- 13. Globus Connect Serverv5 installation flow • Install GCSv5.3+ binaries • Register the endpoint at developers.globus.org • Add connectors • Add storage gateways – Set as high assurance, configure authentication assurance timeout – Set policy on type of collections supported • Add mapped collection – User must login with identity from configured domain – Local account determined by removing the TLD: username@example1.org username is local account https://docs.globus.org/globus-connect-server-v5-installation-guide/ for installation instructions
- 14. Next set offeatures • Multi DTN support • Standard mapped collections • Custom authentication to collection (rather than CILogon) • Custom pluggable mapping model • …
- 15. Resources • New terminologiesand ways of doing things: https://docs.globus.org/globus-connect-server-v5- installation-guide/ for 4.x – 5.x terminology and architecture changes • GCSv5.3 installation instructions: https://docs.globus.org/globus- connect-server-v5-installation-guide/ for installation instructions
- 16.
Editor's Notes
- #2 Non-shared file system, HTTPS access inaddition to GridFTP, clearer separate of interfaces, security model based on Globus Auth, multi Connectors for single DTN set
- #4 Lets explain some of the new terminology from the ground up. No change here, the DTN is still the physical layer.
- #5 Endpoint is still a Globus term, but instead of being the point where users “come in” to access files, it is the management layer and configuration interface for all that exists above it. Note that multi DTN support is not quite available.
- #7 Storage gateways define the interface to the file system and determine what types of collections may be configured. They also determine some of the configuration of the additional authentication features I’ll cover in a bit.
- #8 Currently the only connectors in service are POSIX and Google Drive and therefor the only storage gateways that may be configured are POSIX and Google Drive. At the storage gateway level you can control (by domain) who has access to create collections – obvious in the on prem mapped collections case, but maybe not so obvious in the cloud storage case. (only @domain.edu)
- #9 And what we once called endpoints are now called Collections Mapped = host endpoint Guest = shared endpoint Don’t forget we now also offer HTTPS as well!
- #11 From a conceptual standpoint things will remain as they always have.
- #12 Guest collections will have some additional security, authorization and authentication features I’ll cover in a minute.
- #13 Support high assurance data access The Underlying Driver Multiple storage connectors per endpoint Ancillary benefits New terminologies and ways of doing things The things that had to change
- #14 What does this mean to you as an admin