SlideShare uma empresa Scribd logo

Globus Endpoint Administration (GlobusWorld Tour - STFC)

Globus
Globus

Presented at the GlobusWorld Tour workshop at the SFTC Rutherford Appleton Lab, on January 10, 2019.

Dados e análise
1 de 54
Baixar para ler offline
Globus Endpoint Administration Vas Vasiliadis vas@uchicago.edu STFC – January 10, 2019
Globus Connect Server 2 • Makes your storage accessible via Globus • Multi-user server, installed and managed by sysadmin docs.globus.org/globus-connect-server-installation-guide/ Local system users Local Storage System (HPC cluster, NAS, …) Globus Connect Server MyProxy CA GridFTP Server OAuth Server DTN • Default access for all local accounts • Native packaging Linux: DEB, RPM
Globus Connect Server 3 Local system users Local Storage System (HPC cluster, NAS, …) Globus Connect Server MyProxy CA GridFTP Server OAuth Server DTN Non-POSIX Connectors POSIX-compliant Connector server
IBM Spectrum Scale Current Planned Storage Connectors - globus.org/connectors ActiveScale
Creating a Globus endpoint on your server • In this example, Server = Amazon EC2 instance • Installation and configuration of Globus Connect Server requires a Globus ID • Go to globusid.org • Click “create a Globus ID” – Optional: associate it with your Globus account 5
What we are going to do: Install Globus Connect Server • Access server as user “campusadmin” • Update repo • Install package • Setup Globus Connect Server Server (AWS EC2) ssh ec2-22-23-24-25 Log into Globus Transfer a file 1 2 3 Access the newly created endpoint (as user ‘researcher’) 4 6
Access your server • Get the IP address for your EC2 server (bit.ly/ec2ip) • Log in as user ‘campusadmin’ ssh campusadmin@<EC2_instance_IP_address> • Please sudo su before continuing – User ‘campusadmin’ has passwordless sudo privileges 7
Install Globus Connect Server $ sudo su $ curl –LOs http://downloads.globus.org/toolkit/globus-connect- server/globus-connect-server-repo_latest_all.deb $ dpkg –i globus-connect-server-repo_latest_all.deb $ apt-get update $ apt-get -y install globus-connect-server $ globus-connect-server-setup You have a working Globus endpoint! Use your Globus ID username and password when prompted
Access the Globus endpoint • Go to Manage Data à Transfer Files • Access the endpoint you just created – Search for your EC2 host name in the Endpoint field – Log in as “researcher”; you will see the user’s home directory • Transfer files to/from a test endpoint (e.g. ESnet read- only) and your EC2 endpoint 9
Globus accounts and endpoint access • Globus account: Primary identity (+ Linked Identities) • Endpoint initially accessible by creator • Endpoint not visible? – Primary identity is your institutional ID? – Link your Globus ID!
Configuring Globus Connect Server 11
Endpoint configuration • On the Globus service: app.globus.org/endpoints • On your DTN: /etc/globus-connect-server.conf – Standard .ini format: [Section] Option = Value – To enable changes run globus-connect-server-setup – “Rinse and repeat” 12
Common configuration options • Manage Endpoints page – Display Name – Visibility – Encryption • DTN configuration file – RestrictPaths – Sharing – IdentityMethod (CILogon, Oauth) – SharingRestrictPaths
Exercise: Make your endpoint visible • Edit endpoint attributes – Change the name to something useful, e.g. <your_name> EC2 Endpoint – For the “Visible To” attribute select “Public - Visible to all users” • Find your neighbor’s endpoint – Thanks to our superb security …you can access it too J 14
Path Restriction • Default configuration: – All paths allowed, access control handled by the OS • Use RestrictPaths to customize – Specifies a comma separated list of full paths that clients may access – Each path may be prefixed by R (read) and/or W (write), or N (none) to explicitly deny access to a path – '~’ for authenticated user’s home directory, and * may be used for simple wildcard matching. • e.g. Full access to home directory, read access to /data: – RestrictPaths = RW~,R/data • e.g. Full access to home directory, deny hidden files: – RestrictPaths = RW~,N~/.* 15
Exercise: Restrict access • Set RestrictPaths=RW~,N~/archive • Run globus-connect-server-setup • Access your endpoint as ‘researcher’ • What’s changed? 16
• In config file, set Sharing=True • Run globus-connect-server-setup • Flag endpoint as “managed” (in web app or via CLI) * Note: Creation of shared endpoints requires a Globus subscription for the managed endpoint Enabling sharing on an endpoint 17
Limit sharing to specific accounts • SharingUsersAllow = • SharingGroupsAllow = • SharingUsersDeny = • SharingGroupsDeny = 18
Sharing Path Restriction • Restrict paths where users can create shared endpoints • Use SharingRestrictPaths to customize – Same syntax as RestrictPaths • e.g. Full access to home directory, deny hidden files: – SharingRestrictPaths = RW~,N~/.* • e.g. Full access to public folder under home directory: – SharingRestrictPaths = RW~/public • e.g. Full access to /proj, read access to /scratch: – SharingRestrictPaths = RW/proj,R/scratch 19
Endpoint Access Control/Activation 20
Ports needed for Globus • Inbound: 2811 (control channel) • Inbound: 7512 (MyProxy), 443 (OAuth) • Inbound: 50000-51000 (data channel) • If restricting outbound connections, allow connections on: – 80, 2223 (used during install/config) – 50000-51000 (GridFTP data channel) 21
EndpointactivationusingMyProxy Default configuration (avoid if at all possible)
EndpointactivationusingMyProxyOAuth Best practice configuration
Single Sign-On with InCommon/CILogon • Your Shibboleth server must release R&S attributes to CILogon—especially the ePPN attribute • Local account must match institutional ID (InCommon ID) – Test by creating a local user with same name • In /etc/globus-connect-server.conf set: AuthorizationMethod = CILogon CILogonIdentityProvider = <institution_listed_in_CILogon_IdP_list> 24
High Assurance Endpoints • Additional authentication assurance (IdP locking) • Application instance isolation • Comprehensive audit logging • Require Globus Connect Server v5.2+ – New installation method (using client ID, secret) – New architecture/terminology docs.globus.org/high-assurance/
Globus Connect Server v5 milestones v5.0: Google Drive v5.1: POSIX guest collections, HTTPS v5.x: v4 feature parity+v5.3: … • Multi DTN support Additional storage types • Custom IdPs • … Other features v5.2: High assurance
Out with the old, in with the new • Host endpoints è Mapped collections – Need local account to access data • Shared endpoints è Guest collections – No local account needed for data access, permissions set in Globus • Use host endpoint to create shared endpoint è Use storage gateway to create guest collections • Access via GridFTP è Access via GridFTP or HTTPS • Initially available via Globus Connect Server v5.2
Managed endpoints and subscriptions 29
Subscription configuration • Subscription manager – Create/upgrade managed endpoints – Requires Globus ID linked to Globus account • Management console permissions – Independent of subscription manager – Map managed endpoint to Globus ID • Globus Plus group – Subscription Manager is admin – Can grant admin rights to other members 30
Creating managed endpoints • Required for sharing, management console, reporting, … • Convert existing endpoint to managed via CLI (or web): globus endpoint update --managed <endpt_uuid> • Must be run by subscription manager • Important: Re-run endpoint update after deleting/re- creating endpoint 31
Monitoring and managing Globus endpoint activity 32
Management console • Monitor all transfers • Pause/resume specific transfers • Add pause conditions with various options • Resume specific tasks overriding pause conditions • Cancel tasks • View sharing ACLs 33
Endpoint Roles • Administrator: define endpoint and roles • Access Manager: manage permissions • Activity Manager: perform control tasks • Activity Monitor: view activity 34
Demonstration: Management console Endpoint Roles Usage Reporting 35
…on performance 36
Balance: performance - reliability • Network use parameters: concurrency, parallelism • Maximum, Preferred values for each • Transfer considers source and destination endpoint settings min( max(preferred src, preferred dest), max src, max dest ) • Service limits, e.g. concurrent requests 37
Illustrative performance
Disk-to-Disk Throughput: ESnet Testing 0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 9,000 scp scp (w/HPN) sftp GridFTP (1 stream) GridFTP (4 streams) Disk-to-Disk Throughput (Mbps) 39Source: ESnet (2016) • Berkeley, CA to Argonne, IL (RTT: 53 ms, Capacity: 10Gbps) • scp is 24x slower than GridFTP on this path • >1 Gbps (125 MB/s) disk-to-disk requires RAID array
Deployment Scenarios 40
Legacy Architecture 10GE Border Router WAN Firewall Enterprise perfSONAR perfSONAR Filesystem (data store) 10GE Portal Server Browsing path Query path Data path Portal server applications: · web server · search · database · authentication · data service
Current best practice 10GE10GE 10GE 10GE Border Router WAN Science DMZ Switch/Router Firewall Enterprise perfSONAR perfSONAR 10GE 10GE 10GE 10GE DTN DTN API DTNs (data access governed by portal) DTN DTN perfSONAR Filesystem (data store) 10GE Portal Server Browsing path Query path Portal server applications: · web server · search · database · authentication Data Path Data Transfer Path Portal Query/Browse Path
Science DMZ configuration 43 Source security filters Destination security filters Destination Science DMZ Source Science DMZ Source Border Router Destination Border Router Source Router Destination Router User Organization DATA CONTROL Physical Control Path Logical Control Path Physical Data Path Logical Data Path * Ports 443, 2811, 7512 * Ports 50000- 51000 Data Transfer Node (DTN) Data Transfer Node (DTN) * Please see TCP ports reference: https://docs.globus.org/resource-provider-guide/#open-tcp-ports_section
ext* XFS ZFS ~/ ~/scratch Common endpoint configuration Data Transfer Node POSIX Connector
ext* XFS ZFS GPFS Lustre ~/projects Common endpoint configuration Data Transfer Node POSIX Connector ~/ ~/scratch
ext* XFS ZFS GPFS Lustre ~/projects Multi-endpoint configuration Data Transfer Node POSIX Connector Western Digital ActiveScale Connector ~/archive ~/ ~/scratch
~/vault ext* XFS ZFS GPFS Lustre ~/projects Multi-endpoint configuration 47 Data Transfer Node POSIX Connector Western Digital ActiveScale Connector ~/archive Amazon S3 Bucket Amazon S3 Connector ~/ ~/scratch
Network paths • Separate control and data interfaces • "DataInterface =" option in globus-connect-server- conf • Common scenario: route data flows over Science DMZ link 48
Dual-homed DTN – high speed data path Data Transfer Node GridFTP Server Science DMZ Control Channel Data Transfer Node GridFTP Server Data Channel if0 if1 Internet2 path Control Channel
Dual-homed DTN – high speed data path Data Transfer Node GridFTP Server Science DMZ Control Channel Data Transfer Node GridFTP Server Data Channel if0 if1 LAN/ Intranet path Control Channel Firewall if0 if1
Distributing Globus Connect Server components • Globus Connect Server components – globus-connect-server-io, -id, -web • Default: -io, –id and –web on single server • Common options – Multiple –io servers for load balancing, failover, and performance – No -id server, e.g. third-party IdP – -id on separate server, e.g. non-DTN nodes – -web on either –id server or separate server for OAuth interface 51
ext* XFS ZFS Distributing Globus Connect Server components Data Transfer Node OAuth Server GridFTP Server MyProxy CA Science DMZ (ACL limited) Port 2811 accepts inbound connections from Globus Firewall
Setting up multiple –io servers • Guidelines – Use the same .conf file on all servers – First install on the server running the –id component, then all others • Install Globus Connect Server on all servers • Edit .conf file on one of the servers and set [MyProxy] Server to the hostname of the server you want the –id component installed on • Copy Globus Connect Server configuration file to all servers • Run globus-connect-server-setup on the server running the –id component • Run globus-connect-server-setup on all other servers • Repeat steps 2-5 as necessary to update configurations 53
Example: Two-node DTN 54 -id -io -io On other DTN nodes: /etc/globus-connect-server.conf [Endpoint] Name = globus_dtn [MyProxy] Server = 34.20.29.57 On “primary” DTN node (34.20.29.57): /etc/globus-connect-server.conf [Endpoint] Name = globus_dtn [MyProxy] Server = 34.20.29.57

Recomendados

Download presentation
Download presentationDownload presentation
Download presentationwebhostingguy
 
HBaseConEast2016: HBase on Docker with Clusterdock
HBaseConEast2016: HBase on Docker with ClusterdockHBaseConEast2016: HBase on Docker with Clusterdock
HBaseConEast2016: HBase on Docker with ClusterdockMichael Stack
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and dockerFabio Fumarola
 
HBaseCon 2013: A Developer’s Guide to Coprocessors
HBaseCon 2013: A Developer’s Guide to CoprocessorsHBaseCon 2013: A Developer’s Guide to Coprocessors
HBaseCon 2013: A Developer’s Guide to CoprocessorsCloudera, Inc.
 
Administration and Management with UltraESB
Administration and Management with UltraESBAdministration and Management with UltraESB
Administration and Management with UltraESBAdroitLogic
 
HBase 2.0 cluster topology
HBase 2.0 cluster topologyHBase 2.0 cluster topology
HBase 2.0 cluster topologyMikhail Antonov
 
Hbase 89 fb online configuration
Hbase 89 fb online configurationHbase 89 fb online configuration
Hbase 89 fb online configurationNCKU
 
ClickHouse Keeper
ClickHouse KeeperClickHouse Keeper
ClickHouse KeeperAltinity Ltd
 

Recomendados

Download presentation
Download presentationDownload presentation
Download presentationwebhostingguy
 
HBaseConEast2016: HBase on Docker with Clusterdock
HBaseConEast2016: HBase on Docker with ClusterdockHBaseConEast2016: HBase on Docker with Clusterdock
HBaseConEast2016: HBase on Docker with ClusterdockMichael Stack
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and dockerFabio Fumarola
 
HBaseCon 2013: A Developer’s Guide to Coprocessors
HBaseCon 2013: A Developer’s Guide to CoprocessorsHBaseCon 2013: A Developer’s Guide to Coprocessors
HBaseCon 2013: A Developer’s Guide to CoprocessorsCloudera, Inc.
 
Administration and Management with UltraESB
Administration and Management with UltraESBAdministration and Management with UltraESB
Administration and Management with UltraESBAdroitLogic
 
HBase 2.0 cluster topology
HBase 2.0 cluster topologyHBase 2.0 cluster topology
HBase 2.0 cluster topologyMikhail Antonov
 
Hbase 89 fb online configuration
Hbase 89 fb online configurationHbase 89 fb online configuration
Hbase 89 fb online configurationNCKU
 
ClickHouse Keeper
ClickHouse KeeperClickHouse Keeper
ClickHouse KeeperAltinity Ltd
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
Docker ppt
Docker pptDocker ppt
Docker pptBhanuchander Udhayakumar
 
Setting up a local WordPress development environment
Setting up a local WordPress development environmentSetting up a local WordPress development environment
Setting up a local WordPress development environmentZero Point Development
 
Webinar: MariaDB Provides the Solution to Ease Multi-Source Replication
Webinar: MariaDB Provides the Solution to Ease Multi-Source ReplicationWebinar: MariaDB Provides the Solution to Ease Multi-Source Replication
Webinar: MariaDB Provides the Solution to Ease Multi-Source ReplicationWagner Bianchi
 
Filesystems, RPC and HDFS
Filesystems, RPC and HDFSFilesystems, RPC and HDFS
Filesystems, RPC and HDFSAlexander Alten
 
Tomcatx performance-tuning
Tomcatx performance-tuningTomcatx performance-tuning
Tomcatx performance-tuningVladimir Khokhryakov
 
Automating Research Data Workflows (GlobusWorld Tour - STFC)
Automating Research Data Workflows (GlobusWorld Tour - STFC)Automating Research Data Workflows (GlobusWorld Tour - STFC)
Automating Research Data Workflows (GlobusWorld Tour - STFC)Globus
 
Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutSander Temme
 
Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus
 
Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus
 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsGlobus
 
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Globus
 
Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus
 
Advanced Globus System Administration Topics
Advanced Globus System Administration TopicsAdvanced Globus System Administration Topics
Advanced Globus System Administration TopicsGlobus
 
GlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobus
 
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Globus
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
 

Mais conteúdo relacionado

Mais procurados

Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
Setting up a local WordPress development environment
Setting up a local WordPress development environmentSetting up a local WordPress development environment
Setting up a local WordPress development environmentZero Point Development
 
Webinar: MariaDB Provides the Solution to Ease Multi-Source Replication
Webinar: MariaDB Provides the Solution to Ease Multi-Source ReplicationWebinar: MariaDB Provides the Solution to Ease Multi-Source Replication
Webinar: MariaDB Provides the Solution to Ease Multi-Source ReplicationWagner Bianchi
 
Filesystems, RPC and HDFS
Filesystems, RPC and HDFSFilesystems, RPC and HDFS
Filesystems, RPC and HDFSAlexander Alten
 
Automating Research Data Workflows (GlobusWorld Tour - STFC)
Automating Research Data Workflows (GlobusWorld Tour - STFC)Automating Research Data Workflows (GlobusWorld Tour - STFC)
Automating Research Data Workflows (GlobusWorld Tour - STFC)Globus
 
Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutSander Temme
 

Mais procurados (8)

Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
 
Docker ppt
Docker pptDocker ppt
Docker ppt
 
Setting up a local WordPress development environment
Setting up a local WordPress development environmentSetting up a local WordPress development environment
Setting up a local WordPress development environment
 
Webinar: MariaDB Provides the Solution to Ease Multi-Source Replication
Webinar: MariaDB Provides the Solution to Ease Multi-Source ReplicationWebinar: MariaDB Provides the Solution to Ease Multi-Source Replication
Webinar: MariaDB Provides the Solution to Ease Multi-Source Replication
 
Filesystems, RPC and HDFS
Filesystems, RPC and HDFSFilesystems, RPC and HDFS
Filesystems, RPC and HDFS
 
Tomcatx performance-tuning
Tomcatx performance-tuningTomcatx performance-tuning
Tomcatx performance-tuning
 
Automating Research Data Workflows (GlobusWorld Tour - STFC)
Automating Research Data Workflows (GlobusWorld Tour - STFC)Automating Research Data Workflows (GlobusWorld Tour - STFC)
Automating Research Data Workflows (GlobusWorld Tour - STFC)
 
Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling Out
 

Semelhante a Globus Endpoint Administration (GlobusWorld Tour - STFC)

Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus
 
Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus
 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsGlobus
 
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Globus
 
Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus
 
Advanced Globus System Administration Topics
Advanced Globus System Administration TopicsAdvanced Globus System Administration Topics
Advanced Globus System Administration TopicsGlobus
 
GlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobus
 
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Globus
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
 
Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Globus
 
Automating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformAutomating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformGlobus
 

Semelhante a Globus Endpoint Administration (GlobusWorld Tour - STFC) (20)

Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)
 
Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)
 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System Administrators
 
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
 
Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System Administrators
 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
 
Advanced Globus System Administration Topics
Advanced Globus System Administration TopicsAdvanced Globus System Administration Topics
Advanced Globus System Administration Topics
 
GlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System Administrators
 
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System Administrators
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System Administration
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System Administrators
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System Administration
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System Administration
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System Administrators
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System Administrators
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System Administrators
 
Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)
 
Automating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformAutomating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus Platform
 

Mais de Globus

Instrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowInstrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowGlobus
 
Building Research Applications with Globus PaaS
Building Research Applications with Globus PaaSBuilding Research Applications with Globus PaaS
Building Research Applications with Globus PaaSGlobus
 
Reliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesReliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesGlobus
 
Best Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusBest Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusGlobus
 
An Introduction to Globus for Researchers
An Introduction to Globus for ResearchersAn Introduction to Globus for Researchers
An Introduction to Globus for ResearchersGlobus
 
Introduction to Research Automation with Globus
Introduction to Research Automation with GlobusIntroduction to Research Automation with Globus
Introduction to Research Automation with GlobusGlobus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
 
Introduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersIntroduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersGlobus
 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersGlobus
 
Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Globus
 
Automating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeAutomating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeGlobus
 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New UsersGlobus
 
Working with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsWorking with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsGlobus
 
Globus Automation
Globus AutomationGlobus Automation
Globus AutomationGlobus
 
Introduction to Globus
Introduction to GlobusIntroduction to Globus
Introduction to GlobusGlobus
 
Working with Globus Platform Services
Working with Globus Platform ServicesWorking with Globus Platform Services
Working with Globus Platform ServicesGlobus
 
Using Globus to Streamline Research at Scale
Using Globus to Streamline Research at ScaleUsing Globus to Streamline Research at Scale
Using Globus to Streamline Research at ScaleGlobus
 
Introduction to Globus for Researchers
Introduction to Globus for ResearchersIntroduction to Globus for Researchers
Introduction to Globus for ResearchersGlobus
 
Automating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus PlatformAutomating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus PlatformGlobus
 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New UsersGlobus
 

Mais de Globus (20)

Instrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowInstrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a Flow
 
Building Research Applications with Globus PaaS
Building Research Applications with Globus PaaSBuilding Research Applications with Globus PaaS
Building Research Applications with Globus PaaS
 
Reliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesReliable, Remote Computation at All Scales
Reliable, Remote Computation at All Scales
 
Best Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusBest Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using Globus
 
An Introduction to Globus for Researchers
An Introduction to Globus for ResearchersAn Introduction to Globus for Researchers
An Introduction to Globus for Researchers
 
Introduction to Research Automation with Globus
Introduction to Research Automation with GlobusIntroduction to Research Automation with Globus
Introduction to Research Automation with Globus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System Administrators
 
Introduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersIntroduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for Researchers
 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for Developers
 
Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)
 
Automating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeAutomating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and Compute
 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New Users
 
Working with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsWorking with Globus Platform Services and Portals
Working with Globus Platform Services and Portals
 
Globus Automation
Globus AutomationGlobus Automation
Globus Automation
 
Introduction to Globus
Introduction to GlobusIntroduction to Globus
Introduction to Globus
 
Working with Globus Platform Services
Working with Globus Platform ServicesWorking with Globus Platform Services
Working with Globus Platform Services
 
Using Globus to Streamline Research at Scale
Using Globus to Streamline Research at ScaleUsing Globus to Streamline Research at Scale
Using Globus to Streamline Research at Scale
 
Introduction to Globus for Researchers
Introduction to Globus for ResearchersIntroduction to Globus for Researchers
Introduction to Globus for Researchers
 
Automating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus PlatformAutomating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus Platform
 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New Users
 

Último

CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Delhi Call girls
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxolyaivanovalion
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...SUHANI PANDEY
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxolyaivanovalion
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Delhi Call girls
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfadriantubila
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 

Último (20)

CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
Best VIP Call Girls Noida Sector 22 Call Me: 8448380779
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
Sampling (random) method and Non random.ppt
Sampling (random) method and Non random.pptSampling (random) method and Non random.ppt
Sampling (random) method and Non random.ppt
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 

Globus Endpoint Administration (GlobusWorld Tour - STFC)

  • 1. Globus Endpoint Administration Vas Vasiliadis vas@uchicago.edu STFC – January 10, 2019
  • 2. Globus Connect Server 2 • Makes your storage accessible via Globus • Multi-user server, installed and managed by sysadmin docs.globus.org/globus-connect-server-installation-guide/ Local system users Local Storage System (HPC cluster, NAS, …) Globus Connect Server MyProxy CA GridFTP Server OAuth Server DTN • Default access for all local accounts • Native packaging Linux: DEB, RPM
  • 3. Globus Connect Server 3 Local system users Local Storage System (HPC cluster, NAS, …) Globus Connect Server MyProxy CA GridFTP Server OAuth Server DTN Non-POSIX Connectors POSIX-compliant Connector server
  • 4. IBM Spectrum Scale Current Planned Storage Connectors - globus.org/connectors ActiveScale
  • 5. Creating a Globus endpoint on your server • In this example, Server = Amazon EC2 instance • Installation and configuration of Globus Connect Server requires a Globus ID • Go to globusid.org • Click “create a Globus ID” – Optional: associate it with your Globus account 5
  • 6. What we are going to do: Install Globus Connect Server • Access server as user “campusadmin” • Update repo • Install package • Setup Globus Connect Server Server (AWS EC2) ssh ec2-22-23-24-25 Log into Globus Transfer a file 1 2 3 Access the newly created endpoint (as user ‘researcher’) 4 6
  • 7. Access your server • Get the IP address for your EC2 server (bit.ly/ec2ip) • Log in as user ‘campusadmin’ ssh campusadmin@<EC2_instance_IP_address> • Please sudo su before continuing – User ‘campusadmin’ has passwordless sudo privileges 7
  • 8. Install Globus Connect Server $ sudo su $ curl –LOs http://downloads.globus.org/toolkit/globus-connect- server/globus-connect-server-repo_latest_all.deb $ dpkg –i globus-connect-server-repo_latest_all.deb $ apt-get update $ apt-get -y install globus-connect-server $ globus-connect-server-setup You have a working Globus endpoint! Use your Globus ID username and password when prompted
  • 9. Access the Globus endpoint • Go to Manage Data à Transfer Files • Access the endpoint you just created – Search for your EC2 host name in the Endpoint field – Log in as “researcher”; you will see the user’s home directory • Transfer files to/from a test endpoint (e.g. ESnet read- only) and your EC2 endpoint 9
  • 10. Globus accounts and endpoint access • Globus account: Primary identity (+ Linked Identities) • Endpoint initially accessible by creator • Endpoint not visible? – Primary identity is your institutional ID? – Link your Globus ID!
  • 12. Endpoint configuration • On the Globus service: app.globus.org/endpoints • On your DTN: /etc/globus-connect-server.conf – Standard .ini format: [Section] Option = Value – To enable changes run globus-connect-server-setup – “Rinse and repeat” 12
  • 13. Common configuration options • Manage Endpoints page – Display Name – Visibility – Encryption • DTN configuration file – RestrictPaths – Sharing – IdentityMethod (CILogon, Oauth) – SharingRestrictPaths
  • 14. Exercise: Make your endpoint visible • Edit endpoint attributes – Change the name to something useful, e.g. <your_name> EC2 Endpoint – For the “Visible To” attribute select “Public - Visible to all users” • Find your neighbor’s endpoint – Thanks to our superb security …you can access it too J 14
  • 15. Path Restriction • Default configuration: – All paths allowed, access control handled by the OS • Use RestrictPaths to customize – Specifies a comma separated list of full paths that clients may access – Each path may be prefixed by R (read) and/or W (write), or N (none) to explicitly deny access to a path – '~’ for authenticated user’s home directory, and * may be used for simple wildcard matching. • e.g. Full access to home directory, read access to /data: – RestrictPaths = RW~,R/data • e.g. Full access to home directory, deny hidden files: – RestrictPaths = RW~,N~/.* 15
  • 16. Exercise: Restrict access • Set RestrictPaths=RW~,N~/archive • Run globus-connect-server-setup • Access your endpoint as ‘researcher’ • What’s changed? 16
  • 17. • In config file, set Sharing=True • Run globus-connect-server-setup • Flag endpoint as “managed” (in web app or via CLI) * Note: Creation of shared endpoints requires a Globus subscription for the managed endpoint Enabling sharing on an endpoint 17
  • 18. Limit sharing to specific accounts • SharingUsersAllow = • SharingGroupsAllow = • SharingUsersDeny = • SharingGroupsDeny = 18
  • 19. Sharing Path Restriction • Restrict paths where users can create shared endpoints • Use SharingRestrictPaths to customize – Same syntax as RestrictPaths • e.g. Full access to home directory, deny hidden files: – SharingRestrictPaths = RW~,N~/.* • e.g. Full access to public folder under home directory: – SharingRestrictPaths = RW~/public • e.g. Full access to /proj, read access to /scratch: – SharingRestrictPaths = RW/proj,R/scratch 19
  • 21. Ports needed for Globus • Inbound: 2811 (control channel) • Inbound: 7512 (MyProxy), 443 (OAuth) • Inbound: 50000-51000 (data channel) • If restricting outbound connections, allow connections on: – 80, 2223 (used during install/config) – 50000-51000 (GridFTP data channel) 21
  • 24. Single Sign-On with InCommon/CILogon • Your Shibboleth server must release R&S attributes to CILogon—especially the ePPN attribute • Local account must match institutional ID (InCommon ID) – Test by creating a local user with same name • In /etc/globus-connect-server.conf set: AuthorizationMethod = CILogon CILogonIdentityProvider = <institution_listed_in_CILogon_IdP_list> 24
  • 25. High Assurance Endpoints • Additional authentication assurance (IdP locking) • Application instance isolation • Comprehensive audit logging • Require Globus Connect Server v5.2+ – New installation method (using client ID, secret) – New architecture/terminology docs.globus.org/high-assurance/
  • 26. Globus Connect Server v5 milestones v5.0: Google Drive v5.1: POSIX guest collections, HTTPS v5.x: v4 feature parity+v5.3: … • Multi DTN support Additional storage types • Custom IdPs • … Other features v5.2: High assurance
  • 27. Out with the old, in with the new • Host endpoints è Mapped collections – Need local account to access data • Shared endpoints è Guest collections – No local account needed for data access, permissions set in Globus • Use host endpoint to create shared endpoint è Use storage gateway to create guest collections • Access via GridFTP è Access via GridFTP or HTTPS • Initially available via Globus Connect Server v5.2
  • 28.
  • 30. Subscription configuration • Subscription manager – Create/upgrade managed endpoints – Requires Globus ID linked to Globus account • Management console permissions – Independent of subscription manager – Map managed endpoint to Globus ID • Globus Plus group – Subscription Manager is admin – Can grant admin rights to other members 30
  • 31. Creating managed endpoints • Required for sharing, management console, reporting, … • Convert existing endpoint to managed via CLI (or web): globus endpoint update --managed <endpt_uuid> • Must be run by subscription manager • Important: Re-run endpoint update after deleting/re- creating endpoint 31
  • 32. Monitoring and managing Globus endpoint activity 32
  • 33. Management console • Monitor all transfers • Pause/resume specific transfers • Add pause conditions with various options • Resume specific tasks overriding pause conditions • Cancel tasks • View sharing ACLs 33
  • 34. Endpoint Roles • Administrator: define endpoint and roles • Access Manager: manage permissions • Activity Manager: perform control tasks • Activity Monitor: view activity 34
  • 37. Balance: performance - reliability • Network use parameters: concurrency, parallelism • Maximum, Preferred values for each • Transfer considers source and destination endpoint settings min( max(preferred src, preferred dest), max src, max dest ) • Service limits, e.g. concurrent requests 37
  • 39. Disk-to-Disk Throughput: ESnet Testing 0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 8,000 9,000 scp scp (w/HPN) sftp GridFTP (1 stream) GridFTP (4 streams) Disk-to-Disk Throughput (Mbps) 39Source: ESnet (2016) • Berkeley, CA to Argonne, IL (RTT: 53 ms, Capacity: 10Gbps) • scp is 24x slower than GridFTP on this path • >1 Gbps (125 MB/s) disk-to-disk requires RAID array
  • 41. Legacy Architecture 10GE Border Router WAN Firewall Enterprise perfSONAR perfSONAR Filesystem (data store) 10GE Portal Server Browsing path Query path Data path Portal server applications: · web server · search · database · authentication · data service
  • 42. Current best practice 10GE10GE 10GE 10GE Border Router WAN Science DMZ Switch/Router Firewall Enterprise perfSONAR perfSONAR 10GE 10GE 10GE 10GE DTN DTN API DTNs (data access governed by portal) DTN DTN perfSONAR Filesystem (data store) 10GE Portal Server Browsing path Query path Portal server applications: · web server · search · database · authentication Data Path Data Transfer Path Portal Query/Browse Path
  • 43. Science DMZ configuration 43 Source security filters Destination security filters Destination Science DMZ Source Science DMZ Source Border Router Destination Border Router Source Router Destination Router User Organization DATA CONTROL Physical Control Path Logical Control Path Physical Data Path Logical Data Path * Ports 443, 2811, 7512 * Ports 50000- 51000 Data Transfer Node (DTN) Data Transfer Node (DTN) * Please see TCP ports reference: https://docs.globus.org/resource-provider-guide/#open-tcp-ports_section
  • 46. ext* XFS ZFS GPFS Lustre ~/projects Multi-endpoint configuration Data Transfer Node POSIX Connector Western Digital ActiveScale Connector ~/archive ~/ ~/scratch
  • 47. ~/vault ext* XFS ZFS GPFS Lustre ~/projects Multi-endpoint configuration 47 Data Transfer Node POSIX Connector Western Digital ActiveScale Connector ~/archive Amazon S3 Bucket Amazon S3 Connector ~/ ~/scratch
  • 48. Network paths • Separate control and data interfaces • "DataInterface =" option in globus-connect-server- conf • Common scenario: route data flows over Science DMZ link 48
  • 49. Dual-homed DTN – high speed data path Data Transfer Node GridFTP Server Science DMZ Control Channel Data Transfer Node GridFTP Server Data Channel if0 if1 Internet2 path Control Channel
  • 50. Dual-homed DTN – high speed data path Data Transfer Node GridFTP Server Science DMZ Control Channel Data Transfer Node GridFTP Server Data Channel if0 if1 LAN/ Intranet path Control Channel Firewall if0 if1
  • 51. Distributing Globus Connect Server components • Globus Connect Server components – globus-connect-server-io, -id, -web • Default: -io, –id and –web on single server • Common options – Multiple –io servers for load balancing, failover, and performance – No -id server, e.g. third-party IdP – -id on separate server, e.g. non-DTN nodes – -web on either –id server or separate server for OAuth interface 51
  • 52. ext* XFS ZFS Distributing Globus Connect Server components Data Transfer Node OAuth Server GridFTP Server MyProxy CA Science DMZ (ACL limited) Port 2811 accepts inbound connections from Globus Firewall
  • 53. Setting up multiple –io servers • Guidelines – Use the same .conf file on all servers – First install on the server running the –id component, then all others • Install Globus Connect Server on all servers • Edit .conf file on one of the servers and set [MyProxy] Server to the hostname of the server you want the –id component installed on • Copy Globus Connect Server configuration file to all servers • Run globus-connect-server-setup on the server running the –id component • Run globus-connect-server-setup on all other servers • Repeat steps 2-5 as necessary to update configurations 53
  • 54. Example: Two-node DTN 54 -id -io -io On other DTN nodes: /etc/globus-connect-server.conf [Endpoint] Name = globus_dtn [MyProxy] Server = 34.20.29.57 On “primary” DTN node (34.20.29.57): /etc/globus-connect-server.conf [Endpoint] Name = globus_dtn [MyProxy] Server = 34.20.29.57