Globus Connect Server Storage Gateway

Storage Gateways

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Version 1.3.0 includes support for overriding the endpoint’s network use parameters on a storage gateway.

Connectors

Each Storage Gateway configures access to one type of data storage. The type of storage is referred to as a connector. Globus Connect Server supports the following connectors:

ActiveScale: Cloud data stored on ActiveScale Object Storage.
Amazon S3: Cloud data stored in the Amazon S3 service.
Box: Cloud data sharing systemd stored in the Box service.
Ceph: Distributed object storage stored in a Ceph RADOS object store.
Google Cloud Storage: Cloud data stored in the Google Cloud Storage service.
Google Drive: Cloud data stored in the Google Drive web service service.
HPSS: Archive data storage stored in an HPSS storage system.
iRODS: Storage Resources on an iRODS server.
Microsoft OneDrive: Cloud data stored in Microsoft OneDrive
POSIX: Local file storage backed by any file system that supports basic POSIX file API operations to access files, directories, and basic metadata.
POSIX Staging: Local file storage backed by a tertiary storage system. Provides for a command callout to stage data to cache.
Spectra Logic Black Pearl: Archive data storage stored in a Spectra Logic Black Pearl system.

Each of these connectors has some different configuration steps and storage policies. These are described in the individual connector storage gateway management commands.

Note

Connectors other than POSIX are premium features which require a subscription to enable use of those other connectors. See Premium Storage Connectors and https://globus.org/subscriptions for more information.

High Assurance

When a Storage Gateway is created, it can be configured to require High Assurance for data access. This enhances authentication assurance by enforcing session-based authentication timeouts and higher encryption standards for data in transit. Stricter access controls are employed when accessing the storage gateway configuration and performing data operations on collections created on High Assurance Storage Gateways.

Note

This is a premium feature, and requires a subscription with the high assurance add-on.

Important

If you are using Globus Connect Server with high assurance features, you will need to set all storage gateways that have access to restricted data as high assurance.

Commands

globus-connect-server storage-gateway create: Create a storage gateway
globus-connect-server storage-gateway delete: Delete a storage gateway
globus-connect-server storage-gateway list: List storage gateways
globus-connect-server storage-gateway show: Show a storage gateway definition
globus-connect-server storage-gateway update: Update an existing Storage Gateway