Installing Globus Connect Personal
Once you have a Globus account for your Stanford identity, you may begin to configure Globus Connect personal. This involves creating a Globus Connect Personal endpoint, downloading and installing the Globus Connect Personal software, and configuring both the software and your new endpoint.
Admin Access Required
You will need administrative access to your endpoint in order to install Globus Connect Personal. If you do not normally have access to install software, talk to your IT contact before you proceed.
Network Access Required
Globus Connect Personal needs to be able to make outbound Internet connections. If Globus Connect Personal reports problems connecting, talk to your IT contact. Connections must be allowed out to 220.127.116.11/29 port 2223 (for control traffic), and to any Internet host on TCP ports 50000-51000 (for data transfer). Connections must also be allowed to AWS S3 on TCP port 443 (HTTPS), for the new version check to succeed.
No High Risk Data
Globus may only be used at Stanford with Low or Moderate Risk data. Please do not install this software on systems which have access to any form of High Risk data (including PCI and PHI data).
Create an Endpoint
To begin, log in to Globus and go to the Endpoints page.
On the Endpoints page, click on Create New Endpoint (in the upper-right of the page), and then click on Globus Connect Personal. You will be taken to the endpoint creation page.
On the endpoint-creation screen, enter a display name for your endpoint. This will be the name that you see when you look at your endpoint on the Globus web site.
Detail is good!
It is preferable to provide detail here, especially when you are trying to find your endpoint in the future.
High Assurance Endpoints
At this time, Stanford does not have the Globus subscription needed to support High Risk data. So, please leave the high assurance endpoint option off for now.
Once you have decided on a display name, make sure your @stanford.edu email address is selected, and click the Generate Setup Key button.
The Globus web site has created a Globus Connect Personal endpoint for you, and now displays a setup key. This setup key is a one-time code that links the Globus Connect Personal software on your laptop, to the Globus Connect Personal endpoint on the Globus web site.
You should now download Globus Connect Personal, using one of the links provided by Globus.
Install Globus Connect Personal
The installation procedure for Globus Connect Personal is different for each OS:
Once downloaded, double-click on the disk image (.dmg) file, and then drag the Globus Connect Personal application into your Applications folder. Mac OS X 10.4 or later is required. If you are running Mac OS X 10.4 or 10.5, only Intel CPUs are supported.
Simply run the downloaded executable (.exe) installer. On Windows, Globus Connect Personal comes delivered as an executable (.exe) installer. To install, download and run the executable. A recent version of Windows is required.
Expand and un-tar the .tgz file, and then run
globusconnect. Python 2 is required; and to use the GUI, Tcl/Tk 8.4 or later is needed.
Once Globus Connect Personal is installed and started, you will be asked to enter your setup key.
Enter the setup key that was generated on the Globus web site. If your key is correct, the Setup window will close, and Globus will start waiting for instructions. The Globus icon will appear in the toolbar.
Keep the box checked
From time to time, Globus releases software updates. By default, Globus Connect Personal will check for updates, and let you know when new software is available. Please do not disable the update check!
You should now go back to the Globus web site, where you will finish configuring your endpoint.
Configure your Endpoint
While you have been installing the Globus Connect Personal software, the web site has been continuing to show your setup key:
At the time the setup key was generated, Globus created an endpoint for you. To view the endpoint’s information, click on your endpoint’s name, which appears inside the green box.
Most of the fields are empty, and a few should be filled in. Click on the Edit Attributes button, and make the following changes:
Change the Contact E-mail to be your email address.
Change the Organization to
Stanford University, and change the Department to be the name of your Group (such as your Lab), your Department, or your School.
If your endpoint has access to Moderate Risk data, Force encryption must be set to
Yes. Otherwise, the setting is is optional.
Once you save changes, then configuration is complete! Congratulations!
At this time, your Globus Connect Personal endpoint is configured to provide access only to you, and only to files that live in your home directory.
If you would like Globus Connect Personal to access other parts of your system, read on. If you would like to give other people access to files on your endpoint, first give Globus Connect Personal access to those directories, and then enable Globus Plus.
Add Allowed Paths
When Globus wants to perform an operation on your system (such as a write, or listing the contents of a directory), two security checks are performed:
The user running Globus Connect Personal must be allowed to perform the operation. This check is enforced by the OS, and cannot be changed by Globus.
Globus Connect Personal must allow access to the directory.
To change the list of allowed paths, click on the Globus toolbar (or menu bar) icon to bring up the Globus Connect Personal menu:
In the Globus Connect Personal menu, choose Preferences; when the Preferences window appears, go to the Access tab.
To allow access to additional directories, use the button to add an entry. Once added, use the Writeable box to give write access; if that box is not checked, the access will be read-only.
The Shareable checkbox is used to allow sharing for a directory. This feature is only available as part of Globus Plus.
To remove an entry, click on it to select the entry, and then click on the button to delete the entry.
Changes are immediate
Changes to access configuration take effect immediately. If you delete access to a directory that has a transfer in progress (or you disable write access to a directory being written to), the affected transfers will begin to fail.
Globus Connect Personal’s access configuration is Default-Deny: If a directory is not covered by at least one access rule, then it will not be accessible through Globus Connect Personal.
Conversely, if a directory is covered by multiple access rules, only the most-specific rule will apply. For example, let’s say you have three access rules:
In the above configuration, Globus will allow write access to all of the
directory, except for the
X directory, which will be kept read-only.
That’s it! You now have Globus Connect Personal fully configured. You can now make transfers from—and, if your allowed write access, to—your endpoint!
If you would like to share files from your endpoint with other people, you should now proceed to enable Globus Plus.