Installing Globus Connect Personal

Before you start working with Globus Connect Personal, you will need to have logged in to Globus. Read more about Globus accounts; and, if you don’t have one already, create your Globus account.

Already have a non-Stanford Globus account?

If you already have access to Globus, using a non-Stanford account, you should link your Stanford identity. You should also consider demoting your non-Stanford identity.

Once you have a Globus account for your Stanford identity, you may begin to configure Globus Connect personal. This involves creating a Globus Connect Personal endpoint, downloading and installing the Globus Connect Personal software, and configuring both the software and your new endpoint.

Admin Access Required

You will need administrative access to your endpoint in order to install Globus Connect Personal. If you do not normally have access to install software, talk to your IT contact before you proceed.

Network Access Required

Globus Connect Personal needs to be able to make outbound Internet connections. If Globus Connect Personal reports problems connecting, talk to your IT contact. Connections must be allowed out to 54.237.254.192/29 port 2223 (for control traffic), and to any Internet host on TCP ports 50000-51000 (for data transfer). Connections must also be allowed to AWS S3 on TCP port 443 (HTTPS), for the new version check to succeed.

No High Risk Data

Globus may only be used at Stanford with Low or Moderate Risk data. Please do not install this software on systems which have access to any form of High Risk data (including PCI and PHI data).

Create an Endpoint

To begin, log in to Globus and go to the Endpoints page.

The 'Endpoints' page, showing recently-used endpoints.

Globus Endpoints

On the Endpoints page, click on Create New Endpoint (in the upper-right of the page), and then click on Globus Connect Personal. You will be taken to the endpoint creation page.

The 'Add Globus Connect Personal Endpoint' page, with a display name already filled in.

Create Globus Connect Personal Endpoint

On the endpoint-creation screen, enter a display name for your endpoint. This will be the name that you see when you look at your endpoint on the Globus web site.

Detail is good!

It is preferable to provide detail here, especially when you are trying to find your endpoint in the future.

High Assurance Endpoints

At this time, Stanford does not have the Globus subscription needed to support High Risk data. So, please leave the high assurance endpoint option off for now.

Once you have decided on a display name, make sure your @stanford.edu email address is selected, and click the Generate Setup Key button.

The 'Add Globus Connect Personal Endpoint' page, showing an endpoint setup key.

Create Globus Connect Personal Endpoint

The display name has been entered, and you are now ready to continue to the next step!

The Globus web site has created a Globus Connect Personal endpoint for you, and now displays a setup key. This setup key is a one-time code that links the Globus Connect Personal software on your laptop, to the Globus Connect Personal endpoint on the Globus web site.

You should now download Globus Connect Personal, using one of the links provided by Globus.

Install Globus Connect Personal

The installation procedure for Globus Connect Personal is different for each OS:

  • Download Globus Connect Personal for macOS

    Once downloaded, double-click on the disk image (.dmg) file, and then drag the Globus Connect Personal application into your Applications folder. Mac OS X 10.4 or later is required. If you are running Mac OS X 10.4 or 10.5, only Intel CPUs are supported.

  • Download Globus Connect Personal for Windows

    Simply run the downloaded executable (.exe) installer. On Windows, Globus Connect Personal comes delivered as an executable (.exe) installer. To install, download and run the executable. A recent version of Windows is required.

  • Download Globus Connect Personal for Linux

    Expand and un-tar the .tgz file, and then run globusconnect. Python 2 is required; and to use the GUI, Tcl/Tk 8.4 or later is needed.

Once Globus Connect Personal is installed and started, you will be asked to enter your setup key.

Globus Connect Personal, asking for an endpoint setup key.

Globus Connect Personal Setup

Enter the setup key that was generated on the Globus web site. If your key is correct, the Setup window will close, and Globus will start waiting for instructions. The Globus icon will appear in the toolbar.

Keep the box checked

From time to time, Globus releases software updates. By default, Globus Connect Personal will check for updates, and let you know when new software is available. Please do not disable the update check!

You should now go back to the Globus web site, where you will finish configuring your endpoint.

Configure your Endpoint

While you have been installing the Globus Connect Personal software, the web site has been continuing to show your setup key:

The 'Add Globus Connect Personal Endpoint' page, showing an endpoint setup key.

Create Globus Connect Personal Endpoint

Notice how the endpoint's name is a clickable link…

At the time the setup key was generated, Globus created an endpoint for you. To view the endpoint’s information, click on your endpoint’s name, which appears inside the green box.

The 'Add Globus Connect Personal Endpoint' page, showing an endpoint setup key.

Create Globus Connect Personal Endpoint

The display name has been entered, and you are now ready to continue to the next step!

Most of the fields are empty, and a few should be filled in. Click on the Edit Attributes button, and make the following changes:

  • Change the Contact E-mail to be your email address.

  • Change the Organization to Stanford University, and change the Department to be the name of your Group (such as your Lab), your Department, or your School.

  • If your endpoint has access to Moderate Risk data, Force encryption must be set to Yes. Otherwise, the setting is is optional.

Once you save changes, then configuration is complete! Congratulations!

At this time, your Globus Connect Personal endpoint is configured to provide access only to you, and only to files that live in your home directory.

If you would like Globus Connect Personal to access other parts of your system, read on. If you would like to give other people access to files on your endpoint, first give Globus Connect Personal access to those directories, and then enable Globus Plus.

Add Allowed Paths

When Globus wants to perform an operation on your system (such as a write, or listing the contents of a directory), two security checks are performed:

  • The user running Globus Connect Personal must be allowed to perform the operation. This check is enforced by the OS, and cannot be changed by Globus.

  • Globus Connect Personal must allow access to the directory.

To change the list of allowed paths, click on the Globus toolbar (or menu bar) icon to bring up the Globus Connect Personal menu:

The Globus Connect Personal application menu, which appears when you click on the Globus Connect Personal icon.

The Globus Connect Personal menu

The exact look and feel will vary from computer to computer.

In the Globus Connect Personal menu, choose Preferences; when the Preferences window appears, go to the Access tab.

The Globus Connect Personal access configuration screen.

Globus Connect Personal Access Configuration

To allow access to additional directories, use the button to add an entry. Once added, use the Writeable box to give write access; if that box is not checked, the access will be read-only.

The Shareable checkbox is used to allow sharing for a directory. This feature is only available as part of Globus Plus.

To remove an entry, click on it to select the entry, and then click on the button to delete the entry.

Changes are immediate

Changes to access configuration take effect immediately. If you delete access to a directory that has a transfer in progress (or you disable write access to a directory being written to), the affected transfers will begin to fail.

Globus Connect Personal’s access configuration is Default-Deny: If a directory is not covered by at least one access rule, then it will not be accessible through Globus Connect Personal.

Conversely, if a directory is covered by multiple access rules, only the most-specific rule will apply. For example, let’s say you have three access rules:

  • Access to /Users/me, read-only.

  • Access to /Users/me/Dropbox, read-write.

  • Access to /Users/me/Dropbox/X, read-only.

In the above configuration, Globus will allow write access to all of the Dropbox directory, except for the X directory, which will be kept read-only.

That’s it! You now have Globus Connect Personal fully configured. You can now make transfers from—and, if your allowed write access, to—your endpoint!

If you would like to share files from your endpoint with other people, you should now proceed to enable Globus Plus.