Globus is a non-profit service designed to enhance the efficiency of researchers in data-driven science by facilitating secure data transfer and sharing across various storage systems. It offers a range of capabilities, including file transfers, access control, and support for building data-centric applications while ensuring compliance with security standards. The service is free for non-profit research but requires subscriptions for enhanced features and transfers involving commercial entities.

1. Introduction to Globus
for Researchers
Vas Vasiliadis
vas@uchicago.edu
8 July 2022

2. Follow along on laptop
or virtual machine
Watch demonstration
(and do it yourself)
2

3. To participate…
Recent version of web browser
SSH client for later sessions
3

4. Globus is …
a non-profit service
developed and operated by

5. Our mission is to…
increase the efficiency and
effectiveness of researchers
engaged in data-driven
science and scholarship
through sustainable software.

6. 6
Research Computing HPC
Desktop Workstations
Archives Instruments
Personal Systems
Public Cloud Storage
National Resources
We unify data access across disparate systems…
“I need to easily,
securely, & reliably
move or replicate
my data between
systems.”

7. Public / private cloud stores
Campus
stores
Project repositories,
replication stores
Public repositories
…simplify secure sharing with collaborators…

8. Analysis
store
Next-Gen Sequencer
MRI
Advanced Light Source
Personal system
Remote visualization
Light Sheet Microscope
High-durability,
low-cost store
…help researchers manage instrument data…
Cryo-EM

9. …and help you build data-centric applications
9

10. Core capabilities
Researcher initiates
transfer request; or
requested automatically
by script, science
gateway
1
Instrument
Compute Facility
Globus transfers files
reliably, securely
2
Globus controls
access to shared
files on existing
storage; no need
to move files to
cloud storage!
4
Researcher
selects files to
share, selects
user or group,
and sets access
permissions
3
Collaborator logs in to
Globus and accesses
shared files; no local
account required;
download via Globus
5
Streamlining research
workflows and
ensuring those that
need access to the
data have it.
8
Personal Computer
Transfer
Share
• Use a Web browser or
platform services
• Access any storage
• Use an existing identity
Build
The Globus
Command Line
Interface, API sets,
Python SDK and
Action Providers give
you a platform…
6
… for building
science gateways,
portals and
automations.
7
Search
Automate

11. One service, many interfaces
11
GET /endpoint/go%23ep1
PUT /endpoint/vas#my_endpt
200 OK
X-Transfer-API-Version: 0.10
Content-Type: application/json
…
Globus service
Web
CLI
Rest
API
Flows

12. Hybrid SaaS – Transfer – Mapped Collections

13. Hybrid SaaS – Sharing – Guest Collections

14. Endpoints, Collections and
Globus Connect
• Globus Connect Server
– for multi-user Linux Systems
docs.globus.org/globus-connect-server
• Globus Connect Personal
– for personal workstations and laptops
globus.org/globus-connect-personal
docs.globus.org/how-to

15. Let’s take a look…
Authenticate
Search collections and transfer files
View transfer activity and logs
Install Globus Connect Personal
Up/download files via browser
15

16. The cool stuff…
Share data
Manage permissions
Link identities
Create bookmarks
16

17. Globus core security features
• Access Control
– Identities provided and managed by institution
– Institution controls all access policies
– Globus is identity broker; no access to/storage of user credentials
• Data remain at institutions, no storage/routing via Globus
• Integrity checks of transferred data
• Enforced encryption of Globus control data
• Institution-configured encryption of user data in transit

18. Globus High Assurance features
• Additional authentication assurance
– Authenticate with a specific identity within session
– Reauthenticate after specified time period
• Session/device isolation
– Authentication context is per application, per session
• Enforces encryption of all user data in transit
• Audit logging

19. Globus High Assurance for managing protected data
Restricted data
handling
à PHI, PII, CUI
à Compliant
data sharing
Security controls
à NIST 800-53
à 800-171 Low+
BAA w/Uchicago
à UChicago BAA with Amazon

20. Accessing diverse
storage systems
20

21. Globus connectors

22. Move without (worrying about) limits
• API request rates
• File size
• Data volume
• Third-party tools cannot circumvent…
• …but Globus lets you “fire-and-forget”
• à it will (eventually) be done
22

23. Uniform interface, consistent user experience
23

24. More cool stuff…
Access protected data
Access cloud storage
Manage groups
24

25. On sustainability…
25

26. Development is partly funded by...
U . S . D E PA R T M E N T O F
ENERGY

27. …Operations are funded by subscribers

28. Our sustainability model
• File transfer for non-profit research is free to all
– Subscription required if transferring to/from a commercial entity
• Subscriptions enable multiple enhanced features
– Researchers: Data sharing, transfer/sharing to/from personal
endpoints, HTTPS access, Globus Flows for automation
– Sysadmins: Management console, usage reporting
– Developers: Globus Search, app integration support
– Additional security/logging for protected data management
– Priority support
• Subscriptions are required for access to connectors

29. Support resources
• Globus documentation: docs.globus.org
• YouTube channel: youtube.com/user/GlobusOnline
• Helpdesk and issue escalation: support@globus.org
• Mailing Lists
– globus.org/mailing-lists
• Customer engagement team
– Office Hours