Globus Connect Server Quickstart Guide

Skip to the appropriate section for your Linux distribution and follow the instructions to install Globus Connect Server on your system.

To create the endpoint, run the globus-connect-server endpoint setup command.

The command returns information about the endpoint that may be useful for additional configuration later, including the domain name of the endpoint, a link to send to subscription managers to set the endpoint as managed, and the redirect URI needed if Google Drive or Cloud connectors will be used with this endpoint.

Run the globus-connect-server node setup command to configure and start the Globus services on the Data Transfer Node. This command must be done as the root user, as it enables and starts systemd services. The deployment-key.json file from the previous step will be used by this command.

This creates local authentication tokens that can be used by the Globus Connect Server command-line interface to interact with the endpoint. Log in with the identity you chose as the endpoint owner in Create the Endpoint.

Endpoints that require premium functionality—​such as guest collections for data sharing and premium connectors—​must be managed under a Globus subscription. If your organization has a subscription, and your Globus account has the subscription manager role, you may set the endpoint as managed using the globus-connect-server command as follows.

If your site does not have a identity provider available for logging in to Globus, you can use a Globus provided OIDC provider that uses PAM to authenticate users with local accounts. This is documented in the Globus OIDC Installation Guide. For this quickstart, we’ll use the --quickstart-server-name option to register the identity provider using the identity subdomain of the endpoint’s domain. The guide contains information about how to use a site-specific DNS name and certificate for this service.

This script will print out a line indicating the domain that is being used for the OIDC server. Use this in place of example.edu when creating the storage gateway in the next step to use this service for authentication.

This creates a Storage Gateway named Posix Gateway that restricts access to identities that have an example.edu domain. Copy the Storage Gateway ID in the output to use in the next step in place of STORAGE_GATEWAY_ID.

For more information on other policies that can be set on a Storage Gateway see The Storage Gateway section of the Data Access Guide. For instructions on creating Storage Gateways for Connectors other that POSIX see GCS Premium Connectors

This creates a Mapped Collection named Example Collection rooted on the path /home/ using the Storage Gateway created in Create the Storage Gateway. This Collection will be visible to users through the Globus Web App, who will be able to access data in /home/ if they have an account from example.edu. The Globus accounts USER@example.edu will be granted access if there is a corresponding local account for USER.