Last Updated: June 18, 2020


The Box connector enables use of a Globus data access interface on an Box storage system, via the Box API. This requires the installation of Globus Connect Server and an additional package that is specific to the Box storage system called the Box DSI.

The Box connector is a premium feature available only to Globus subscribers, and is thus only available for Managed Endpoints.

The installation must be done by a system administrator, and has the following distinct set of steps:

  • Installation of the packages needed for Globus Connect Server version 5 endpoint as well as creation of the endpoint itself.

  • Create a Box Application for your Box Enterprise account

  • Grant the Box Application access to your Enterprise

  • Create a Box Storage Gateway


Prerequisites

A functional Globus Connect Server installation is required for installation and use of the Box connector. The Globus Connect Server v5 Installation Guide provides detailed documentation on the steps for installing and configuring a server endpoint.

The Box connector is available for all Linux distributions supported by Globus Connect Server v5.

In order to give the Box connector access to a Box Enterprise account, you must be an administrator of that Box Enterprise account or request access from an administrator.

Supported Box versions

The Box DSI should be used with the latest version of Box using a Box Enterprise Account.

Supported Globus Connect Server versions

The Box DSI should be used with the latest version of Globus Connect Server v5

Installation

Install the package globus-gridftp-server-box from the Globus repository.

For RedHat-based systems:

$ yum install globus-gridftp-server-box

For Debian-based systems:

$ apt-get install globus-gridftp-server-box

For SLES 11-based systems:

$ zypper install globus-gridftp-server-box

Create a Box Application

The Box Connector uses the Box API to interact with the Box web service. In order to do this. You must create an application configuration on the Box developers console and enable the features that the Box Connector needs.

  • Open the Newapp Page

  • Select Custom App for the App Type

  • Select OAuth2.0 with JWT (Server Authentication) for the Authentication type

  • Enter a name for your app.

  • Update your app configuration as follows:

    • set the Application Access to Enterprise

    • check the following Application Scopes

      • Read and write all files and folders stored in Box

      • Manage Users

    • Under Advanced Features, enable Generate User Access Tokens

    • Make sure to save your changes

  • Copy the Client ID under the OAuth2.0 Credentials section. You will need this to Grant the Box Application access to your Enterprise

  • Under the Add and Manage Public Keys section press Generate a Public/Private Keypair. This will prompt you to save a .json (you may need to allow a popup) configuration file on your machine. You will need this file when creating the Box Storage Gateway in GCS Manager.

Grant the Box Application access to your Enterprise

In order for the Box connector to access files owned by users of your enterprise, the application created in the previous step must be allowed access by the enterprise administrator. The administrator must perform the following steps:

  • Open the Enterpise App Settings page for you Box Enterprise account

  • Under the Custom Applications section, select Authorize New App

  • When prompted for the API Key, enter the Client ID for the Application from the Create a Box Application step.

Note

This authorization action must be performed again by the enterprise administrator if you ever make any changes to the box application or its requested scopes.

Create a Box Storage Gateway in GCS Manager

To create a Box Storage Gateways on an endpoint, the ‘globus-connect-server-config storage-gateway create’ command is used. Make sure the --box-json-config option points to the .json file downloaded earlier. For example:

$ sudo globus-connect-server-config storage-gateway create \
    --root "/" \
    --display-name "Box Storage Gateway" \
    --domain "example.edu" \
    --connector "Box" \
    --box-json-config /example_config.json

Storage Gateway Created: 2f1dc912-af31-4244-82e5-f3818f486a4f

The globus-connect-server-config storage-gateway create command supports the following options for storage gateways configured to use the Box connector, in addition to the common options supported for all storage connectors:

--domain option

Identities from this domain are allowed to use the storage gateway to create collections for the Box account associated with this identity. For example, if this value was set to example.edu, then a Globus user would need to have logged into Globus with a Globus Account that included an example.edu identity to be able to create collections using this storage gateway. A Globus user that did have an example.edu identity in their Globus Account would be able to use this storage gateway to create collections, and that collection would access the Box account having a primary login that matches their example.edu identity.

--box-json-config option

Path to the configuration file generated by the Box admin console after creating the Box application. This provides the information and credentials that allow the Box connector to authenticate to your Box enterprise on behalf of your users.

Collections

Once the Box Connector has been installed and a Storage Gateway created, Box collections can be made. The Box Connector supports both guest collections and mapped collections.

In order to access a Box mapped collection, or create a Box guest collection, a user must have an identity in their Globus account that meets the domain requirements of the Storage Gateway created above, and exactly matches their Box login account. For example a user Sam could only make a guest collection on a Box Storage Gateway restricted to the example.edu domain if they had a sam@example.edu identity in their Globus account, and a sam@example.edu login to the Box Enterprise to which the Storage Gateway gives access.

For instructions on how to create a mapped collection as an endpoint administrator see the mapped collection creation section of our Globus Connect Server version 5 guide.

Once the Box storage connector and a Box storage gateway have been installed, authorized users can create guest collections. A guest collection enables authorized Globus users to access a portion of the storage associated with the storage gateway and share it with other Globus users through Globus ACLs. For instructions on how you and your authorized users can create guest collections follow our Box guest collection how-to.

Known Limitations

Box Bookmarks are not supported, and will not be visible on a Globus endpoint.

© 2010- The University of Chicago Legal