Last Updated: April 25, 2018


The Google Drive storage connector allows Globus Connect Server to access Google Drives associated with Google accounts. Access to Google Drives through the Google Drive connector is facilitated by the creation of Google Drive storage gateways on an endpoint. The Google Drive connector is available as an add-on subscription to organizations with a Globus Standard subscription - please contact us for pricing.

This document describes how to install and configure the Google Drive connector as well as create Google Drive storage gateways. After the installation is complete, any authorized user can establish a connection to their personal Google Drive by following the steps in this How To in order to create a collection using a configured Google Drive storage gateway on the endpoint.

The installation must be done by a system administrator, and has the following distinct set of steps:

  • Installation of the packages needed for Globus Connect Server version 5 endpoint and the Google Drive connector, as well as creation of the endpoint itself.

  • Registration of the endpoint with Google to obtain credentials for the endpoint to securely use the Google Drive APIs for accessing data.

  • Create a storage gateway on the endpoint configured to use the Google Drive connector and the credentials from Google.

Please contact us at support@globus.org if you have questions or need help with installation and use of the Google Drive connector.


Table of Contents

Endpoint Installation

The Google Drive Connector requires a functional Globus Connect Server 5 endpoint in order to be used. Instructions for installing and configuring and endpoint using Globus Connect Server 5 can be found here. The rest of this document assumes that a functional Globus Connect Server 5 endpoint is being used when attempting to configure the Google Drive Connector.

Registration of endpoint with Google

The Globus Connect Server v5 endpoint needs to be registered as an application with Google so that users can authorize the endpoint to access their Google Drive on their behalf. The following steps describe how the endpoint can be registered as a Google OAuth client to obtain a client id and secret from Google.

Prerequisites

It is necessary that these steps be performed on a fully functional Globus Connect Server 5 endpoint, as discussed above.

You will need a Google account to complete these steps, and the registration will be stored under that Google account. This account is only for registration of the application and has no bearing on Google accounts that will be allowed to use this endpoint to access data. An administrator may use an existing Google account.

Steps

  1. To register the endpoint with Google, go to their Developer Console (https://console.developers.google.com/projectselector/iam-admin/iam)

  2. If you have never created a project with Google, you will be prompted to create one. If you create a project, you do not have to change the default permissions for the project when given the option to do so.

  3. After you have created or selected a project, go to the Google API Manager Dashboard (https://console.developers.google.com/apis/dashboard) and choose the "Credentials" option to create credentials for use with the endpoint.

  4. Choose the "Create credentials" button and "OAuth client ID" option.

  5. You will be prompted to configure the consent screen that will be shown to the users when they sign in to your endpoint.

  6. Once you have configured the consent screen, you will be prompted to select an application type. Choose "Web application" and configure it as follows:

    1. Name: set a descriptive name to be able to identify the registration of this endpoint in your projects on the Google API Manager. For example, the endpoint Display Name can be used for this.

    2. Authorization redirect URIs: set to the value that was given for the “Google Drive Redirect URL” when the Globus Connect Server 5 endpoint was created, as discussed in the Create Globus Endpoint section of the Globus Connect Server 5 Install Guide.

    3. Select "Create".

  7. Make note of the client ID and secret you get from Google for this application, as you will need them to configure the endpoint.

  8. The next step is to enable this registration to use the Google Drive API. Select the "Library" menu, and search for the "Drive API".

  9. Once you have the "Google Drive API" page, select the "Enable" option to allow the endpoint to access the Google Drive API using these credentials.

  10. Google has a quota on the number of calls that can be made to it’s API. We recommend requesting for an increase in the quota for the Google Drive API to improve performance on data transfers to and from Google Drive.

    1. Under Google Drive API, choose the "Quotas" tab.

    2. Choose to edit the "Queries per 100 seconds", and that window provides a link to "apply for higher quota".

    3. Using the form you can request for higher API limits per user using the "Explanation" section of the form. Following is an example to serve as guidance:

      Requested max Queries per Day: Default setting, no change requested
      Requested peak QPS: 500

      Explanation: We are using Globus (globus.org) for Google Drive and use is limited by the API quota. Please increase the max queries per 100 seconds to 50000.

      You can also provide additional context about your institution.

Creating a Storage Gateway using the Google Drive Connector

To create storage gateways on an endpoint, the ‘/opt/globus/bin/gcs-config storage-gateway create’ command is used. For example:

$ sudo /opt/globus/bin/gcs-config storage-gateway create --root "/My Drive" --display-name "Google Drive Storage Gateway" --domain example.edu --connector "Google Drive" --client-secret 13Dsbcsecretl-xnsecret5K3s --client-id 1866039G8774-r255xclientid0i4ho1gik791bcgscxj8.apps.googleusercontent.com

Storage Gateway Created: 2f1dc912-af31-4244-82e5-f3818f486a4f

Note that the ID of the new storage gateway is given in the output.

This would create a storage gateway on the endpoint that:

  1. Causes new collections to be rooted at "/My Drive" in the Google Drive that users configure their collections to use.

  2. Allows Globus users with a Globus Account that includes an identity from the Identity Provider that controls the example.edu domain to create collections in the Google Drive associated with their example.edu identity.

  3. Uses the "Google Drive" storage connector.

  4. Has a display name of "Google Drive Storage Gateway".

  5. Uses the Google app with client ID = “1866039G8774-r255xclientid0i4ho1gik791bcgscxj8.apps.googleusercontent.com”.

  6. Uses the “13Dsbcsecretl-xnsecret5K3s” client secret to communicate with the Google app specified above.

The the /opt/globus/bin/gcs-config storage-gateway create command supports the following options for storage gateways configured to use the POSIX connector, in addition to the common options supported for all storage connectors:

--domain option

Identities from this domain are allowed to use the storage gateway to create collections for the Google Drive associated with this identity. For example, if this value was set to abc.edu, then a Globus user would need to have logged into Globus with a Globus Account that included an abc.edu identity to be able to create collections using this storage gateway. A Globus user that did have an abc.edu identity in their Globus Account would be able to use this storage gateway to create collections on the Google Drive associated with their abc.edu identity.

--user-api-rate-quota option

This should only be set if the admin has contacted Google and asked them to adjust the Google Drive API Rate Quota for the Google app that the storage gateway is configured to use, and Google has agreed to do so. In such a case, this value should be set to whatever value Google has changed the quota to. In all other cases, this value should not be set and this option should not be used.

--client-id option

The Client ID of the Google app that the storage gateway has been configured to use.

--client-secret option

The Client Secret of the Google app that the storage gateway has been configured to use.

Creating a collection via a Google Drive storage gateway

Once a Google Drive storage gateway has been configured on the endpoint, permitted users can then create collections using the storage gateway. These collections allow permitted Globus users access to the Google Drive of the user that created the collection. The process of creating a new collection using a storage gateway configured to use the Google Drive connector is found here. Please refer to the Globus Connect Server install document for the various options available in the tool to manage storage gateways.


© 2010- The University of Chicago Legal