Globus is a non-profit service that aims to increase research efficiency by unifying access to disparate storage systems and simplifying secure data sharing. It allows users to easily, securely, and reliably transfer data between different resources like HPC systems, cloud storage, instruments, and personal computers. Globus also provides APIs and SDKs to help researchers build data-centric applications and automate workflows. Funding comes partly from government grants, with subscriptions enabling additional features and supporting ongoing operations.
1. Introduction to Globus capabilities
Rachana Ananthakrishnan
ranantha@uchicago.edu
September 7, 2022
Sponsored by
2. Globus is …
a non-profit service
developed and operated by
3. Our mission is to…
increase the efficiency and
effectiveness of researchers
engaged in data-driven
science and scholarship
through sustainable software.
4. 4
Research Computing HPC
Desktop Workstations
Archives Instruments
Personal Systems
Public Cloud Storage
National Resources
We unify data access across disparate systems…
“I need to easily,
securely, & reliably
move or replicate
my data between
systems.”
5. Public / private cloud stores
Campus
stores
Project repositories,
replication stores
Public repositories
…simplify secure sharing with collaborators…
8. Core capabilities
Researcher initiates
transfer request; or
requested automatically
by script, science
gateway
1
Instrument
Compute Facility
Globus transfers files
reliably, securely
2
Globus controls
access to shared
files on existing
storage; no need
to move files to
cloud storage!
4
Researcher
selects files to
share, selects
user or group,
and sets access
permissions
3
Collaborator logs in to
Globus and accesses
shared files; no local
account required;
download via Globus
5
Streamlining research
workflows and
ensuring those that
need access to the
data have it.
8
Personal Computer
Transfer
Share
• Use a Web browser or
platform services
• Access any storage
• Use an existing identity
Build
The Globus
Command Line
Interface, API sets,
Python SDK and
Action Providers give
you a platform…
6
… for building
science gateways,
portals and
automations.
7
Search
Automate
9. One service, many interfaces
9
GET /endpoint/go%23ep1
PUT /endpoint/vas#my_endpt
200 OK
X-Transfer-API-Version: 0.10
Content-Type: application/json
…
Globus service
Web
CLI
Rest
API
Flows
10. Endpoints, Collections and
Globus Connect
• Globus Connect Server
– for multi-user Linux Systems
docs.globus.org/globus-connect-server
• Globus Connect Personal
– for personal workstations and laptops
globus.org/globus-connect-personal
docs.globus.org/how-to
11. Let’s take a look…
Authenticate
Search collections and transfer files
View transfer activity and logs
Up/download files via browser
11
14. Globus core security features
• Access Control
– Identities provided and managed by institution
– Institution controls all access policies
– Globus is identity broker; no access to/storage of user credentials
• Data remain at institutions, no storage/routing via Globus
• Integrity checks of transferred data
• Enforced encryption of Globus control data
• Institution-configured encryption of user data in transit
15. Globus High Assurance features
• Additional authentication assurance
– Authenticate with a specific identity within session
– Reauthenticate after specified time period
• Session/device isolation
– Authentication context is per application, per session
• Enforces encryption of all user data in transit
• Audit logging
16. Globus High Assurance for managing protected data
Restricted data
handling
à PHI, PII, CUI
à Compliant
data sharing
Security controls
à NIST 800-53
à 800-171 Low+
BAA w/Uchicago
à UChicago BAA with Amazon
19. Move without (worrying about) limits
• API request rates
• File size
• Data volume
• Third-party tools cannot circumvent…
• …but Globus lets you “fire-and-forget”
• à it will (eventually) be done
19
25. Our sustainability model
• File transfer for non-profit research is free to all
– Subscription required if transferring to/from a commercial entity
• Subscriptions enable multiple enhanced features
– Researchers: Data sharing, transfer/sharing to/from personal
endpoints, HTTPS access, Globus Flows for automation
– Sysadmins: Management console, usage reporting
– Developers: Globus Search, app integration support
– Additional security/logging for protected data management
– Priority support
• Subscriptions are required for access to connectors
26. Support resources
• Globus documentation: docs.globus.org
• YouTube channel: youtube.com/user/GlobusOnline
• Helpdesk and issue escalation: support@globus.org
• Mailing Lists
– globus.org/mailing-lists
• Customer engagement team
– Office Hours