FAQs: Globus Connect and Endpoints

Globus Connect is easy-to-install, pre-configured software that turns your laptop, server, cluster or other local resource into a Globus endpoint.

There are two versions of Globus Connect, one for use with personal machines such as your laptop, and another for use with server-class machines such as campus computing clusters and lab servers.

Globus Connect Personal is used to create an endpoint on a single-user system, e.g. on a laptop or a personal desktop machine. We sometimes refer to this as a "personal endpoint". Use Globus Connect Personal to enable file transfer to and from your personal machine (laptop or desktop.) A Globus Connect Personal endpoint is intended to be used only by a single user.

Globus Connect Server is used to create an endpoint on a multi-user system, e.g. on a campus HPC cluster or a lab server. We sometimes refer to this as a "server endpoint". Globus Connect Server enables system administrators to turn shared resources such as campus clusters and lab servers into a Globus endpoint. If it is made publicly visible, a Globus Connect Server endpoint can be used by multiple Globus users.

An "endpoint" is one of the two file transfer locations – either the source or the destination – between which files can move. Once a resource (server, cluster, storage system, laptop, or other system) is defined as an endpoint, it will be available to authorized users who can transfer files to or from this endpoint.

Globus endpoints are named using the following format: <globus-username>#<endpoint-name>. For example, the XSEDE project has a Globus account under the username "xsede" and so it’s endpoints are named xsede#stampede (for the Stampede system at Texas Advanced Computing Center) and xsede#kraken (for the Kraken system at the National Institute for Computational Sciences). Likewise, an individual that has a Globus account under the username "maxim" might have a personal endpoint called maxim#mylaptop.

If you wish to create an endpoint on a personal machine (laptop, personal desktop computer, etc.) please see the instructions for setting up a Globus Connect Personal endpoint here: Mac OS X, Windows, Linux.

If you are setting up an endpoint on a multi-user machine (e.g. HPC cluster, lab server, etc.) please follow the instructions in the Globus Connect Server Installation Guide.

Instructions for setting up an S3 endpoint are available here. Please note that S3 endpoints require a Globus subscription - if you’re not a current Globus subscriber, please complete this form to start your free one-month trial, which will allow you to experiment with and test all Globus premium features.

Yes. To transfer between two Globus Connect Personal (GCP) endpoints, one of the users must create a share hosted on their GCP endpoint, then grant the other user(s) access to that share. Any user that has access to that share (via an individual permission or group permission ACL) can transfer between it and their GCP endpoint. To create a share, the GCP endpoint needs to be created by a user who is in a Globus Plus group, or it has to be an actual managed endpoint, set by a subscription manager. Your account may be upgraded to Globus Plus if your institution subscribes to a Globus subscription.

Globus Connect Personal communicates with the Globus service to receive the commands needed to perform and manage transfers. File data itself is always transferred directly between the Globus Connect Personal endpoint and the destination endpoint – data does not "flow through" Globus in any way.

In the event that you see an error like this - Message: This server version does not support timestamp preservation, follow the steps below.

This error message occurs if you run the globus-connect-server-setup or globus-connect-servser-web-setup command multiple times using different Globus usernames. As a workaround to get rid of this error, run this command as root, and then rerun the setup script:

If you are not using an OAuth server in your configuration (if you are using, for example, IdentityMethod = MyProxy in your configuration), you can disable the OAuth server by commenting out the Server = %(HOSTNAME)s line in the [OAuth] section of the configuration file.

If you experience issues with Globus Connect Server version 4 related to file permissions, e.g. 500-globus_sysconfig: File has bad permissions: Could not read /var/lib/globus-connect-server/grid-security/certificates, ensure that your Globus Connect Server installation has the correct permissions set. /var/lib/globus-connect-server should have the following permissions:

The files in /var/lib/globus-connect-server/grid-security/certificates should all have permissions set to 644.

If you have configured a Globus Connect Server version 4 endpoint and have selected the MyProxy identity provider option for use with your endpoint, then your endpoint will be running two key components: a GridFTP server and a MyProxy server. By default, certificates for both of these components are automatically installed so there is no need to add or configure X.509 certificates separately. You may choose to configure Globus Connect Server to use a certificate other than the default one installed. Please refer to the Globus Connect Server configuration section to see how that can be set up.

If you install Globus Connect Server and select the MyProxy OAuth option, an additional component is installed, namely an OAuth server (either on an existing web server or as part of a new Apache server installation). In this instance, you will need a certificate to be installed on the Apache server and this certificate should be issued by a Certificate Authority (CA) that is automatically trusted by the browser.

The Globus web app provides an interface to manage roles on the endpoint on the Endpoints page. You can see a description of the supported roles here. Once you select your endpoint, you can choose the Roles tab to grant/revoke various roles on the endpoint.

Note that your endpoint needs to be covered under a subscription as managed endpoint to be able to set roles on the endpoint.

You can also use the Transfer API to manage roles on an endpoint.

On a Globus Connect Server version 4 endpoint, the /~/ path translates to the home directory of the local user mapped to by the activation credentials of the Globus user accessing the endpoint. By default, the /~/ path will map to the home directory for the local user as reported by the operating system. It is possible to override this behavior using the home_dir GridFTP option, so as to make the /~/ path translate to a path other than the user’s home directory as reported by the operating system. The home_dir GridFTP option respects the $USER variable, which translates as the username of the local user mapped to by the activation credentials of the Globus user accessing the endpoint.

For example, let’s say that the system hosting our endpoint has a path /data/project/, which contains sub-directories with names that match the usernames of their owners. Let’s also say that the home directories for users on this system are located under /home/. Let’s then say that we want to configure our endpoint to use a custom home directory, such that the /~/ path will map to the user’s sub-directory in the /data/project/ path. To do this, we could create a custom GridFTP config file in the /etc/gridftp.d/ directory specifying the following:

The Console provides a web interface for Administrators, Activity Managers, and Activity Monitors to monitor or manage activity on managed collections. It also allows Administrators to find and edit (managed and unmanaged) GCSv5 endpoints.

The Dashboard tab includes an interactive, graphical representation of activity across all of your managed collections where green represents transfers that are making progress (or queued), orange represents transfers that are paused, and red represents tasks that are being retried because of errors. The Dashboard tab also includes a list of all your managed collections. GCSv5 endpoints do not appear on the Dashboard tab because they do not support data access. If you have a role on a mapped collection, you can view the activity of any guest collections by selecting the funnel icon of the mapped collection.

The Activity tab can be used to view and manage active tasks across all of your managed collections. Completed tasks may also be viewed in the Activity tab on a per collection basis. Tasks are visible for ninety days after completion and event logs are visible thirty days after task completion.