Globus

From CC Doc
Jump to: navigation, search
Other languages:
English • ‎français

Globus is a service for fast, reliable, secure data movement. Designed specifically for researchers, Globus has an easy-to-use interface with background monitoring features that automate the management of file transfers between any two resources, whether they are at Compute Canada, another supercomputing facility, a campus cluster, lab server, desktop or laptop.

Globus leverages GridFTP for its transfer protocol but shields the end user from complex and time consuming tasks related to GridFTP and other aspects of data movement. It improves transfer performance over GridFTP, rsync, scp, and sftp, by automatically tuning transfer settings, restarting interrupted transfers, and checking file integrity.

Globus can be accessed via the main Globus website or via the Compute Canada Globus portal at https://globus.computecanada.ca.

Using Globus

Go to http://globus.computecanada.ca. Your "existing organizational login" is your CCDB account. Ensure that "Compute Canada" is selected in the drop-down, then click Continue. Supply your CCDB username and password on the Compute Canada MyProxy page which appears. This takes you to the web portal for Globus.

To Start a Transfer

Selecting a Globus endpoint. (Click for larger image.)

Globus transfers happen between so-called "Endpoints." Most Compute Canada systems have endpoints already. To transfer files to and from your computer, you need to create an endpoint for it. This requires a bit of setup initially, but once it has been done, Globus transfers require little more than making sure the endpoint application is running on your machine. More on this below under Personal Computers.

If the "Transfer Files" page in the Globus Portal is not already showing (see image), select it from the "Manage Data" menu.

Click on either one of the two "Endpoint" fields, and start typing the site name in the top box. For example, if you want to transfer data to or from the GPC cluster, type "gpc", wait two seconds for a list of matching sites to appear, and select computecanada#gpc. All Compute Canada resources have names prefixed with computecanada#.

You will be prompted to "authenticate" the endpoint. The appearance of this depends on which site is hosting the endpoint. For example, if you are activating the endpoint for GPC, which is run by SciNet, you will be asked for your SciNet username and password. The authentication of an endpoint remains valid for some time - currently (Apr 25, 2016) for one week for CC endpoints while personal endpoints do not expire. If you encounter difficulty at the authentication stage, see if there is regional documentation which applies to your situation:

Now select a second endpoint and authenticate it the same way.

Initiating a transfer. Note the highlighted files in the right-hand pane. (Click for larger image.)

Once an endpoint has been activated you should see a list of directories and files. You can navigate these by double-clicking on directories and using the "up one folder" button. Highlight a file or directory that you want to transfer by single-clicking on it. Control-click to highlight multiple things. Then click one of the big blue buttons with white arrowheads to initiate the transfer. The transfer job will be given a unique number and will begin right away. You will receive an email when the transfer is complete. You can also monitor in-progress transfers and view details of completed transfers from the Activity tab on the Globus Portal.

See also How To Log In and Transfer Files with Globus at the Globus.org site.

Options

Globus provides several other options in the "Transfer Settings" area at the bottom of the Transfer Files page. Here you can direct Globus to

  • sync - only transfer new or changed files
  • delete files on destination that do not exist on source
  • preserve source file modification times
  • verify file integrity after transfer (on by default)
  • encrypt transfer

Note that enabling encryption significantly reduces transfer performance, so it should only be used for sensitive data.

Personal Computers

Globus provides a desktop client, Globus Connect Personal, to make it easy to transfer files to and from a personal computer running Windows, MacOS X, or Linux.

To install Globus Connect Personal

  1. Go to the Compute Canada Globus portal and log in if you have not already done so.
  2. From the Manage Data menu, select Endpoints, and then click on “add Globus Connect Personal endpoint”.
  3. Enter an endpoint name of your choice, which you will use to access the computer you will be installing Globus Connect Personal on. Example: MacLaptop or WorkPC.
  4. Click the “Generate Setup Key” button. Copy the key to your computer’s clipboard, then click the download link for your operating system.
  5. Install the program.
  6. Once it is installed, run the Globus Connect Personal program.
  7. The first time you run the program, enter the Setup Key from step 4 in the box that pops up.
  8. You should now be able to access the endpoint through Globus. The full endpoint name is [your username]#[name from step 3] Example: smith#WorkPC

To run Globus Connect Personal

Globus Connect Personal application for a personal endpoint.

The above steps are only needed once, to setup the endpoint. For further file transfer operations, one has to make sure Globus Connect Personal is running, i.e., start the program and click "Connect."

Note that if the Globus Connect Personal program at your end point is closed during a file transfer to or from that endpoint, the transfer will stop. To restart the transfer, simply reopen the program and click "Connect".

Transfer between two personal endpoints

Although you can create endpoints for any number of personal computers, transfers between two personal endpoints is not enabled by default. If you need this capability, please contact globus@computecanada.ca to setup a "Globus Plus" account.

For more information see the Globus.org how-to pages, particularly:

Globus Sharing

Globus sharing makes collaboration with your colleagues easy. Sharing enables people to access files stored on your account on a Compute Canada system even if the other user does not have an account on that system. Files can be shared with any user, anywhere in the world, who has a Globus account. See How To Share Data Using Globus.

Creating a Shared Endpoint

To share a file or folder on an endpoint first requires that the system hosting the files has sharing enabled. All Compute Canada endpoints either have or will soon have sharing enabled.

Log into globus.computecanada.ca with your Globus credentials. Once you are logged in, you will see a transfer window. In the ‘endpoint’ field, type the endpoint identifier for the endpoint you wish to share from (e.g.computecanada#gpc) and activate the endpoint, if asked to.

Creating a shared endpoint (Click for larger image.)

Select an item that you wish to share, then click the three horizontal lines on the right side of the endpoint’s window to access the menu where you can then select share.

Selecting the share option

Selecting share opens a window that shows your current shared endpoints, if you have any, and a button labeled ‘Add Shared Endpoint’. Clicking that button will bring up the ‘Create New Shared Endpoint’ window. By default it will have values filled based on your previous selections. You can modify these as necessary, then click the ‘Create and Manage Access’ button.

Managing a Shared Endpoint

Managing Access

Once the endpoint is created, you will be shown the current access list, with only your account on it. Since sharing is of little use without someone to share with, click the ‘Add Permission’ button to add people or groups that you wish to share with.

You will now be prompted to select whether to share with people via email, username, or group.

  • E-mail is a good choice if you don’t know a person’s username on Globus. It will also allow you to share with people who do not currently have a Globus account, though they will need to create one to be able to access your share.
  • User presents a search box that allows you to search by name or Globus username. This is best if someone already has a Globus account, as it does not require any action on their part to be added to the share. Enter a name or Globus username (if you know it), and select the appropriate match from the list, then click ‘Use Selected’
  • Group allows you to share with a number of people simultaneously. You can search by group name or UUID. Group names may be ambiguous, so be sure to verify you are sharing with the correct one. This can be avoided by using the group’s UUID, which is available on the Groups page (See Groups Section)
Managing Shared Endpoint Permissions

To add or remove write permissions from a user, click the checkbox next to their name under the write column. It is not possible to remove read access.

Deleting users or groups from the list of people you are sharing with is as simple as clicking the ‘x’ at the end of the line containing their information.

Removing a Shared Endpoint

Once you no longer need your shared endpoint, remove it. To do this, go to the top of the page, and select ‘Manage Endpoints’ from the ‘Manage Data’ menu.

You will be shown a list of endpoints that you have created, including Globus Connect Personal or shared endpoints, as well as those you have recently used. Find the shared endpoint you wish to delete in the list, and expand it. Click the ‘delete endpoint’ button, and confirm the removal when prompted.

Removing a Shared Endpoint

The endpoint is now deleted. Your files will not be affected by this action, nor will those others may have uploaded.

Sharing Security

Sharing files entails a certain level of risk. By creating a share, you are opening up files that up to now have been in your exclusive control to others. The following list is some things to think about before sharing, though it is far from comprehensive.

  • Make sure you have permission to share the files, if you are not the data’s owner
  • Make sure you are sharing with only those you intend to. Verify the person you add to the access list is the person you think, there are often people with the same or similar names. Remember that Globus usernames are not linked to Compute Canada usernames. The recommended method of sharing is to use the email address of the person you wish to share with, unless you have the exact account name.
  • If you are sharing with a group you do not control, make sure you trust the owner of the group. They may add people who are not authorized to access your files.
  • If granting write access, make sure that you have backups of important files that are not on the shared endpoint, as users of the shared endpoint may delete or overwrite files, and do anything that you yourself can do to a file.
  • It is highly recommended that sharing be restricted to a subdirectory, rather than your top-level home directory.

Globus Groups

Globus groups provide an easy way to manage permissions for sharing with multiple users. When you create a group, you can use it from the sharing interface easily to control access for multiple users.

Creating a Group

Go to Groups tab at the top of the page. In the ‘My Groups’ tab there is ‘Create New Group’ button at the bottom of the page. Pressing this button brings up the ‘Create New Group’ window.

Creating a Globus Group
  • Enter the name of the group in the ‘Group Name’ field
  • Enter the group description in the ‘Group Description’ field
  • Select if the group is visible to only group members (private group) or all Globus users.
  • Click ‘Create Group’ to add the group.

Inviting Users

Once a group has been created, users can be added by selecting ‘Invite users’, and then either entering an email address (preferred) or searching for the username. Once users have been selected for invitation, click the invite button and they will be sent an email inviting them to connect. Once they’ve accepted, they will be visible in the group.

Modifying Membership

Click the pencil icon next to a user to modify their membership. The first tab shows the member info (username, email, name). The Role & Status tab allows status to be set to either Active, Suspended, or Remove which will change the group membership.

Role allows you to grant permissions to the user, including Admin (Full access), Manager (Change user roles), or Member (no management functions). The ‘Save Changes’ button commits the changes.

Group Settings

  • Policies Tab:
    • Shows current policies
    • Policies can be edited by clicking ‘edit’ button
  • Membership Requirements:
    • Can require additional information from a user requesting membership.
    • The options are from a list of predefined options.
  • Advanced Tab:
    • Allows group to be deleted.

Support and More Information

If you would like more information on Compute Canada’s use of Globus, or require support in using this service, please send an email to globus@computecanada.ca and provide the following information:

  • Name
  • Compute Canada Role Identifier (CCRI)
  • Institution
  • Inquiry or issue. Be sure to indicate which sites you want to transfer to and from.