Last Updated: June 18, 2020
The Box connector enables use of a Globus data access interface on an Box storage system, via the Box API. This requires the installation of Globus Connect Server and an additional package that is specific to the Box storage system called the Box DSI.
The Box connector is a premium feature available only to Globus subscribers, and is thus only available for Managed Endpoints.
The installation must be done by a system administrator, and has the following distinct set of steps:
Installation of the packages needed for Globus Connect Server version 5 endpoint as well as creation of the endpoint itself.
Create a Box Application for your Box Enterprise account
Grant the Box Application access to your Enterprise
Create a Box Storage Gateway
A functional Globus Connect Server installation is required for installation and use of the Box connector. The Globus Connect Server v5 Installation Guide provides detailed documentation on the steps for installing and configuring a server endpoint.
The Box connector is available for all Linux distributions supported by Globus Connect Server v5.
In order to give the Box connector access to a Box Enterprise account, you must be an administrator of that Box Enterprise account or request access from an administrator.
The Box DSI should be used with the latest version of Box using a Box Enterprise Account.
Install the package globus-gridftp-server-box from the Globus repository.
For RedHat-based systems:
$ yum install globus-gridftp-server-box
For Debian-based systems:
$ apt-get install globus-gridftp-server-box
For SLES 11-based systems:
$ zypper install globus-gridftp-server-box
The Box Connector uses the Box API to interact with the Box web service. In order to do this. You must create an application configuration on the Box developers console and enable the features that the Box Connector needs.
Open the Newapp Page
Select Custom App for the App Type
Select Server Authentication (with JWT) for the Authentication type
Enter a name for your app.
Update your app configuration as follows:
set the Application Access to Enterprise
check the following Application Scopes
Read and write all files and folders stored in Box
Under Advanced Features, enable Generate User Access Tokens
Make sure to save your changes
Copy the Client ID under the OAuth2.0 Credentials section. You will need this to Grant the Box Application access to your Enterprise
Under the Add and Manage Public Keys section press Generate a Public/Private Keypair. This will prompt you to save a .json (you may need to allow a popup) configuration file on your machine. You will need this file when creating the Box Storage Gateway in GCS Manager.
In order for the Box connector to access files owned by users of your enterprise, the application created in the previous step must be allowed access by the enterprise administrator. The administrator must perform the following steps:
To create a Box Storage Gateways on an endpoint, the 'globus-connect-server-config storage-gateway create' command is used. Make sure the
--box-json-config option points to the .json file downloaded earlier. For example:
$ sudo globus-connect-server-config storage-gateway create \ --root "/" \ --display-name "Box Storage Gateway" \ --domain "example.edu" \ --connector "Box" \ --box-json-config /example_config.json Storage Gateway Created: 2f1dc912-af31-4244-82e5-f3818f486a4f
The globus-connect-server-config storage-gateway create command supports the following options for storage gateways configured to use the Box connector, in addition to the common options supported for all storage connectors:
Identities from this domain are allowed to use the storage gateway to create
collections for the Box account associated with this identity. For example, if
this value was set to
example.edu, then a Globus user would need
to have logged into Globus with a Globus Account that included an
example.edu identity to be able to create collections using this storage gateway. A Globus user that did have an
example.edu identity in their Globus Account would be able to use this storage gateway to create collections, and that collection would access the Box account having a primary login that matches their
In order to access a Box mapped collection, or create a Box guest collection, a
user must have an identity in their Globus account that meets the domain requirements of the Storage Gateway created above, and exactly matches their Box login account. For example a user Sam could only make a guest collection on a Box Storage Gateway restricted to the
example.edu domain if they had a
email@example.com identity in their Globus account, and a
firstname.lastname@example.org login to the Box Enterprise to which the Storage Gateway gives access.
For instructions on how to create a mapped collection as an endpoint administrator see the mapped collection creation section of our Globus Connect Server version 5 guide.
Once the Box storage connector and a Box storage gateway have been installed, authorized users can create guest collections. A guest collection enables authorized Globus users to access a portion of the storage associated with the storage gateway and share it with other Globus users through Globus ACLs. For instructions on how you and your authorized users can create guest collections follow our Box guest collection how-to.