Globus is a service for fast, reliable, secure transfer of files. Designed specifically for researchers, Globus has an easy-to-use interface with background monitoring features that automate the management of file transfers between any two resources, whether they are at Compute Canada, another supercomputing facility, a campus cluster, lab server, desktop or laptop.
Globus leverages GridFTP for its transfer protocol but shields the end user from complex and time consuming tasks related to GridFTP and other aspects of data movement. It improves transfer performance over GridFTP, rsync, scp, and sftp, by automatically tuning transfer settings, restarting interrupted transfers, and checking file integrity.
Go to http://globus.computecanada.ca. Your "existing organizational login" is your CCDB account. Ensure that "Compute Canada" is selected in the drop-down, then click Continue. Supply your CCDB username (not your e-mail address or other identifier) and password on the Compute Canada MyProxy page which appears. This takes you to the web portal for Globus.
To Start a Transfer
Globus transfers happen between "collections" (formerly known as "endpoints" in previous Globus versions). Most Compute Canada systems have some standard collections set up for you to use. To transfer files to and from your computer, you need to create a collection for it. This requires a bit of setup initially, but once it has been done, transfers via Globus require little more than making sure the Globus Connect Personal software is running on your machine. More on this below under Personal Computers.
If the File Manager page in the Globus Portal is not already showing (see image), select it from the left sidebar.
On the top right of the page there are three buttons labelled "Panels". Select the second button (this will allow you to see two collections at the same time).
Find collections by clicking where the page says "Search" and entering a collection name.
You can start typing a collection name to select it. For example, if you want to transfer data to or from the Béluga cluster, type "beluga", wait two seconds for a list of matching sites to appear, and select
All Compute Canada resources have names prefixed with
computecanada#. For example,
computecanada#niagara (note that 'dtn' stands for 'data transfer node').
You may be prompted to "authenticate" the collection, depending on which site is hosting the collection. For example, if you are activating a collection hosted on Graham, you will be asked for your Compute Canada username and password. The authentication of a collection remains valid for some time - typically one week for CC collections while personal collections do not expire.
Now select a second collection, searching for it and authenticating if required.
Once a collection has been activated you should see a list of directories and files. You can navigate these by double-clicking on directories and using the "up one folder" button. Highlight a file or directory that you want to transfer by single-clicking on it. Control-click to highlight multiple things. Then click one of the big blue buttons with white arrowheads to initiate the transfer. The transfer job will be given a unique id and will begin right away. You will receive an email when the transfer is complete. You can also monitor in-progress transfers and view details of completed transfers from the ["Activity" button](https://globus.computecanada.ca/activity) on the left hand side .
See also How To Log In and Transfer Files with Globus at the Globus.org site.
Globus provides several other options in the "Transfer & Sync Options" in between the two "Start" buttons in the middle of the screen. Here you can direct Globus to
- sync - only transfer new or changed files
- delete files on destination that do not exist on source
- preserve source file modification times
- verify file integrity after transfer (on by default)
- encrypt transfer
Note that enabling encryption significantly reduces transfer performance, so it should only be used for sensitive data.
Globus provides a desktop client, Globus Connect Personal, to make it easy to transfer files to and from a personal computer running Windows, MacOS X, or Linux.
There are links on the Globus Connect Personal page which walk you through the setup of globus connect personal on the various operating systems, including setting it up from the commandline on Linux. If you are running Globus Connect Personal from the command line on linux, this FAQ on the Globus site describes configuring which paths you share and their permissions.
To install Globus Connect Personal
- Go to the Compute Canada Globus portal and log in if you have not already done so.
- From the File Manager screen click on the "Endpoints" icon on the left hand side.
- Click on the "Create a personal endpoint" button in the top right corner of the screen
- Enter an "Endpoint Display Name" of your choice, which you will use to access the computer you will be installing Globus Connect Personal on. Example: MacLaptop or WorkPC.
- Click on the download link for your operating system (May need to click on "Show me other supported operating systems if downloading for another computer)
- Install Globus Connect Personal
- You should now be able to access the endpoint through Globus. The full endpoint name is [your username]#[name you give setup] Example: smith#WorkPC
To run Globus Connect Personal
The above steps are only needed once, to setup the endpoint. For further file transfer operations, one has to make sure Globus Connect Personal is running, i.e., start the program, and ensure that the endpoint isn't paused.
Note that if the Globus Connect Personal program at your end point is closed during a file transfer to or from that endpoint, the transfer will stop. To restart the transfer, simply reopen the program.
Transfer between two personal endpoints
Although you can create endpoints for any number of personal computers, transfers between two personal endpoints is not enabled by default. If you need this capability, please contact firstname.lastname@example.org to setup a "Globus Plus" account.
For more information see the Globus.org how-to pages, particularly:
- Globus Connect Personal for Mac OS X
- Globus Connect Personal for Windows
- Globus Connect Personal for Linux
Globus sharing makes collaboration with your colleagues easy. Sharing enables people to access files stored on your account on a Compute Canada system even if the other user does not have an account on that system. Files can be shared with any user, anywhere in the world, who has a Globus account. See How To Share Data Using Globus.
To share a file or folder on an endpoint first requires that the system hosting the files has sharing enabled.
Globus sharing is disabled on Niagara.
To create a Globus Share on project for the other Compute Canada systems the PI will need to contact email@example.com with:
- Yes they want Globus sharing enabled
- The path to enable
- Whether the sharing will be read only, or sharing can be read and write
Data to be shared will need to be moved or copied into this path. Creating a symbolic link to the data will not allow access to the data.
Otherwise you will receive the error:
"The backend responded with an error: You do not have permission to create a shared endpoint on the selected path. The administrator of this endpoint has disabled creation of shared endpoints on the selected path."
Globus sharing is enabled for the home directory. By default we disable sharing on project to prevent users accidentally sharing other user's files. If you would like to test a Globus share you can create one in your home directory.
We suggest using a path that makes it clear to everyone that files in the directory might be shared such as:
Once we have enabled sharing on the path you will be able to create a new Globus shared endpoint for any sub directory under that path. So for example you will be able to create the sub directories:
Create a different Globus Share for each and share them with different users.
If you would like to have a Globus Share created on /project for one of these systems please email firstname.lastname@example.org.
Log into globus.computecanada.ca with your Globus credentials. Once you are logged in, you will see a transfer window. In the ‘endpoint’ field, type the endpoint identifier for the endpoint you wish to share from (e.g. computecanada#beluga-dtn, computecanada#cedar-dtn, computecanada#graham-globus, computecanada#niagara etc.) and activate the endpoint, if asked to.
Select a folder that you wish to share, then click the "Share" button to the right of the folder list.
Click on the "Add a Guest Collection" button in the top right corner of the screen.
Give the new share a name that is easy for you and the people you intend to share it with to find. You can also adjust from where you want to share using the "Browse" button.
Once the endpoint is created, you will be shown the current access list, with only your account on it. Since sharing is of little use without someone to share with, click the ‘Add Permissions -- Share With’ button to add people or groups that you wish to share with.
You will now be prompted to select whether to share with people via email, username, or group.
- E-mail is a good choice if you don’t know a person’s username on Globus. It will also allow you to share with people who do not currently have a Globus account, though they will need to create one to be able to access your share.
- User presents a search box that allows you to search by name or Globus username. This is best if someone already has a Globus account, as it does not require any action on their part to be added to the share. Enter a name or Globus username (if you know it), and select the appropriate match from the list, then click ‘Use Selected’
- Group allows you to share with a number of people simultaneously. You can search by group name or UUID. Group names may be ambiguous, so be sure to verify you are sharing with the correct one. This can be avoided by using the group’s UUID, which is available on the Groups page (See Groups Section)
To add or remove write permissions from a user, click the checkbox next to their name under the write column. It is not possible to remove read access.
Deleting users or groups from the list of people you are sharing with is as simple as clicking the ‘x’ at the end of the line containing their information.
You can remove Shared Collections once you no longer need it. To do this, click on endpoints, and click on the "Shareable by You" tab.
Click on the title of the "Shared Collection" you want to remove. Click on the "Delete Endpoint" on the right hand side of the screen. Confirm deleting it by clicking on the red button.
The endpoint is now deleted. Your files will not be affected by this action, nor will those others may have uploaded.
Sharing files entails a certain level of risk. By creating a share, you are opening up files that up to now have been in your exclusive control to others. The following list is some things to think about before sharing, though it is far from comprehensive.
- Make sure you have permission to share the files, if you are not the data’s owner
- Make sure you are sharing with only those you intend to. Verify the person you add to the access list is the person you think, there are often people with the same or similar names. Remember that Globus usernames are not linked to Compute Canada usernames. The recommended method of sharing is to use the email address of the person you wish to share with, unless you have the exact account name.
- If you are sharing with a group you do not control, make sure you trust the owner of the group. They may add people who are not authorized to access your files.
- If granting write access, make sure that you have backups of important files that are not on the shared endpoint, as users of the shared endpoint may delete or overwrite files, and do anything that you yourself can do to a file.
- It is highly recommended that sharing be restricted to a subdirectory, rather than your top-level home directory.
Globus groups provide an easy way to manage permissions for sharing with multiple users. When you create a group, you can use it from the sharing interface easily to control access for multiple users.
Creating a Group
Click on the "Groups" button on the left hand sidebar. Click on the "Create New Group" button on the top right of the screen. Pressing this button brings up the ‘Create New Group’ window.
- Enter the name of the group in the ‘Group Name’ field
- Enter the group description in the ‘Group Description’ field
- Select if the group is visible to only group members (private group) or all Globus users.
- Click ‘Create Group’ to add the group.
Once a group has been created, users can be added by selecting ‘Invite users’, and then either entering an email address (preferred) or searching for the username. Once users have been selected for invitation, click the add button and they will be sent an email inviting them to join. Once they’ve accepted, they will be visible in the group.
Click on a user to modify their membership. You can change their Role and Status. Role allows you to grant permissions to the user, including Admin (Full access), Manager (Change user roles), or Member (no management functions). The ‘Save Changes’ button commits the changes.
Command Line Interface (CLI)
The Globus command line interface is a python module which can be installed using pip. Below are the steps to install Globus CLI on one of our clusters.
- Create a virtual environment to install the Globus CLI into (see creating and using a virtual environment).
$ virtualenv $HOME/.globus-cli-virtualenv
- Activate the virtual environment
$ source $HOME/.globus-cli-virtualenv/bin/activate
- Install Globus CLI into the virtual environment (see installing modules).
$ pip install globus-cli
- Then deactivate the virtual environment.
- To avoid having to load that virtual environment every time before using Globus, you can add it to your path.
$ export PATH=$PATH:$HOME/.globus-cli-virtualenv/bin $ echo 'export PATH=$PATH:$HOME/.globus-cli-virtualenv/bin'>>$HOME/.bashrc
See the Globus docs page on installation for information on installing on different platforms, updating, and uninstalling.
- See the Globus Command Line Interface (CLI) documentation to learn about using the CLI.
- Also see the Globus Hosted Command Line Interface (Legacy) documentation, which allows authentication with SSH keys instead of requiring web based authentication.
- There is also a Python API, see the globus sdk python documentation.
Virtual Machine (Cloud VMs such as Arbutus, Cedar, East Cloud, Graham)
Globus Endpoints exist for the cluster systems (Beluga, Cedar, Graham, Niagara etc.) but not for Cloud VMs. The reason for this is that there isn't a singular storage for each VM so we can't create a single endpoint for everyone.
If you need a Globus Endpoint on your VM and can't use another transfer mechanism there are two options for installing a Globus Endpoint: Globus Connect Personal, and Globus Connect Server.
Globus Connect Personal
Globus Connect Personal is easier to install, manage and get through the firewall but is designed to be installed on laptops / desktops.
Install Globus Connect Personal on Windows: https://docs.globus.org/how-to/globus-connect-personal-windows/
Install Globus Connect Personal on Linux: https://docs.globus.org/how-to/globus-connect-personal-linux/
Globus Connect Server
Server is designed for headless (command line only, no gui) installations and has some additional features I don't think you would use (such as ability to add multiple servers to the endpoint). It does require opening some ports to allow transfers to occur (see https://docs.globus.org/globus-connect-server/v5/#open-tcp-ports_section).
Support and More Information
If you would like more information on Compute Canada’s use of Globus, or require support in using this service, please send an email to email@example.com and provide the following information:
- Compute Canada Role Identifier (CCRI)
- Inquiry or issue. Be sure to indicate which sites you want to transfer to and from.