Last Updated: March 14, 2019

The Box connector enables use of a Globus data access interface on an Box storage system, via the Box API. This requires the installation of Globus Connect Server and an additional package that is specific to the Box storage system called the Box DSI.

The Box connector is a premium feature available only to Globus subscribers, and is thus only available for Managed Endpoints.

Prerequisites

A functional Globus Connect Server installation is required for installation and use of the Box connector. The Globus Connect Server v5 Installation Guide provides detailed documentation on the steps for installing and configuring a server endpoint.

The Box connector is available for all Linux distributions supported by Globus Connect Server v5.

In order to give the Box connector access to a Box Enterprise account, you must be an administrator of that Box Enterprise account or request access from an administrator.

Supported Box versions

The Box DSI should be used with the latest version of Box using a Box Enterprise Account.

Supported Globus Connect Server versions

The Box DSI should be used with the latest version of Globus Connect Server v5

Installation

Install the package globus-gridftp-server-box from the Globus repository.

For RedHat-based systems:

# yum install globus-gridftp-server-box

For Debian-based systems:

# apt-get install globus-gridftp-server-box

For SLES 11-based systems:

# zypper install globus-gridftp-server-box

Configuration

The Box DSI requires the following steps for configuration before collections can be made:

  • Create a Box Application for your Box Enterprise account

  • Grant the Box Application access to your Enterprise

  • Create a Box Storage Gateway in GCS Manager

Create a Box Application for your Box Enterprise account

  • Open the Newapp Page

  • Select "Custom App" for the App Type

  • Select "OAuth2.0 with JWT (Server Authentication)" for the Authentication type

  • Enter a name for your app.

  • Update your app configuration as follows:

    • set the Application Access to Enterprise

    • check the following Application Scopes

      • "Read and write files and folders stored in Box"

      • "Manage Users"

    • Under Advanced Features, activate the slider for "Generate User Access Tokens"

    • Make sure to save your changes

  • Copy the "Client ID" under the "OAuth2.0 Credentials" section. You will need this to Grant the Box Application access to your Enterprise

  • Under the "Add and Manage Public Keys" section press "Generate a Public/Private Keypair". This will prompt you to save a .json (you may need to allow a popup) configuration file on your machine. You will need this file when creating the Box Storage Gateway in GCS Manager.

Grant the Box Application access to your Enterprise

Note: Box Enterprise Admin Required
Granting a Box App access to your Box Enterprise requires admin permissions. If you are are not an admin of your box Enterprise, send the Client ID to your admin and ask for your app to be authorized using these steps.
  • Open the Enterpise App Settings page for you Box Enterprise account

  • Under the Custom Applications section, select Authorize New App

  • When prompted for the API Key, enter the Client ID for the Application

Create a Box Storage Gateway in GCS Manager

To create a Box Storage Gateways on an endpoint, the ‘globus-connect-server-config storage-gateway create’ command is used. Make sure the --box-json-config option points to the .json file downloaded earlier. For example:

$ sudo globus-connect-server-config storage-gateway create --root "/" --display-name "Box Storage Gateway" --domain example.edu --connector "Box" --box-json-config /example_config.json

Storage Gateway Created: 2f1dc912-af31-4244-82e5-f3818f486a4f

Collections

Once the Box Connector has been installed and a Storage Gateway created, Box collections can be made. The Box Connector supports both guest collections and mapped collections.

In order to access a Box mapped collection, or create a Box guest collection, a user must have an identity in their Globus account that meets the domain requirements of the Storage Gateway created above, and exactly matches their Box login account. For example a user Sam could only make a guest collection on a Box Storage Gateway restricted to the example.edu domain if they had a sam@example.edu identity in their Globus account, and a sam@example.edu login to the Box Enterprise to which the Storage Gateway gives access.

For instructions on how to create a mapped collection as an endpoint administrator see the mapped collection creation section of our Globus Connect Server version 5 guide.

Once the Box storage connector and a Box storage gateway have been installed, authorized users can create guest collections. A guest collection enables authorized Globus users to access a portion of the storage associated with the storage gateway and share it with other Globus users through Globus ACLs. For instructions on how you and your authorized users can create guest collections follow our Box guest collection how-to.


© 2010- The University of Chicago Legal