A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.
Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).
Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.
Version 1.2.0 includes support for admin managed credentials.
Each Storage Gateway configures access to one type of data storage. The type of storage is referred to as a connector. Globus Connect Server v5.4 supports the following connectors:
Cloud data stored on ActiveScale Object Storage.
- Amazon S3
Cloud data stored in the Amazon S3 service.
Cloud data sharing systemd stored in the Box service.
Distributed object storage stored in a Ceph RADOS object store.
- Google Cloud Storage
Cloud data stored in the Google Cloud Storage service.
- Google Drive
Cloud data stored in the Google Drive web service service.
Archive data storage stored in an HPSS storage system.
Storage Resources on an iRODS server.
- Microsoft OneDrive
Cloud data stored in Microsoft OneDrive
Local file storage backed by any file system that supports basic POSIX file API operations to access files, directories, and basic metadata.
- POSIX Staging
Local file storage backed by a tertiary storage system. Provides for a command callout to stage data to cache.
- Spectra Logic Black Pearl
Archive data storage stored in a Spectra Logic Black Pearl system.
Each of these connectors has some different configuration steps and storage policies. These are described in the individual connector storage gateway management commands.
When a Storage Gateway is created, it can be configured to require High Assurance for data access. This enhances authentication assurance by enforcing session-based authentication timeouts and higher encryption standards for data in transit. Stricter access controls are employed when accessing the storage gateway configuration and performing data operations on collections created on High Assurance Storage Gateways.
- globus-connect-server storage-gateway create
Create a storage gateway
- globus-connect-server storage-gateway delete
Delete a storage gateway
- globus-connect-server storage-gateway list
List storage gateways
- globus-connect-server storage-gateway show
Show a storage gateway definition
- globus-connect-server storage-gateway update
Update an existing Storage Gateway