Installing Globus Connect Personal

Before you start working with Globus Connect Personal, you will need to have logged in to Globus. Read more about Globus accounts; and, if you don’t have one already, create your Globus account.

Already have a non-Stanford Globus account?

If you already have access to Globus, using a non-Stanford account, you should link your Stanford identity. You should also consider demoting your non-Stanford identity.

Once you have a Globus account for your Stanford identity, you may begin to configure Globus Connect personal. This downloading and installing the Globus Connect Personal software, performing initial setup, and configuring both the software and your new collection.

Admin Access Required

You will need administrative access to your machine in order to install Globus Connect Personal. If you do not normally have access to install software, talk to your IT contact before you proceed.

Network Access Required

Globus Connect Personal needs to be able to make outbound Internet connections. If Globus Connect Personal reports problems connecting, talk to your IT contact. Connections must be allowed out to port 2223 (for control traffic), and to any Internet host on TCP and UDP ports 50000-51000 (for data transfer). Connections must also be allowed to AWS S3 on TCP port 443 (HTTPS), for the new version check to succeed.

Install Globus Connect Personal

Globus have written a set of detailed installation guides explaining how to install Globus Connect Personal:

  • Install Globus Connect Personal for macOS

    Only Mac OS X 10.7 and later versions are supported, on Intel CPUs only.

  • Install Globus Connect Personal for Windows

    A recent version of Windows is required. If your version of Windows no longer receives patches from Microsoft, Globus Connect Personal may not work.

  • Install Globus Connect Personal for Linux

    A recent Linux distribution is required. Supported distributions include CentOS, Debian, Fedora, Linux Mint, openSUSE, Red Hat, and Ubuntu. If the distributor has End-Of-Lifed your distribution, Globus Connect Personal may not work. To use the GUI frontend to Globus Connect Personal, Tcl/Tk must be installed.

The instructions linked above will walk you through downloading Globus Connect Personal, installing it, and creating a collection representing your local machine.

Unexpected Login Prompt?

As part of the setup process, a web browser will be launched and you will be asked to log in to Globus. If you did not expect this, go back to the top of this page and look at the links in the first paragraph.

High Assurance Endpoints

At this time, Stanford does not have the Globus subscription needed to support High Risk data. So, please leave the high assurance option off for now, and do not install Globus Connect Personal on a system containing High Risk data.

Configure your Endpoint

At the end of the setup, you were shown a Setup Successful screen, with a link to “show collection details”. Click on that link.

The Globus Connect Personal setup screen, showing a successful setup.

Successful Globus Connect Personal installation

Clicking 'show collection details' will allow you to view the collection you just created.

When you click on the link, you will be taken to your collection’s information page. The only things filled in will be the name and (optionally) the description you entered during initial setup, as well as your Globus identity (as the owner of the collection).

The collection overview screen, showing a newly-created personal collection.

A New Personal Collection

The display name has been entered, and you are now ready to continue to the next step!

Most of the fields are empty, and a few should be filled in. Click on the Edit Attributes button, and make the following changes:

  • Change the Contact E-mail to be your email address.

  • Change the Organization to Stanford University, and change the Department to be the name of your Group (such as your Lab), your Department, or your School.

  • If your machine has access to Moderate Risk data, Force encryption must be set to Yes. Otherwise, the setting is is optional.

Once you save changes, then configuration is complete! Congratulations!

At this time, your Globus Connect Personal collection is configured to provide access only to you, and only to files that live in your home directory.

If you would like Globus Connect Personal to access other parts of your system, read on. If you would like to give other people access to files on your machine, first give Globus Connect Personal access to those directories, and then enable Globus Plus.

Add Allowed Paths

When Globus wants to perform an operation on your system (such as a write, or listing the contents of a directory), two security checks are performed:

  • The user running Globus Connect Personal must be allowed to perform the operation. This check is enforced by the OS, and cannot be changed by Globus.

  • Globus Connect Personal must allow access to the directory.

To change the list of allowed paths, click on the Globus toolbar (or menu bar) icon to bring up the Globus Connect Personal menu:

The Globus Connect Personal application menu, which appears when you click on the Globus Connect Personal icon.

The Globus Connect Personal menu

The exact look and feel will vary from computer to computer.

In the Globus Connect Personal menu, choose Preferences; when the Preferences window appears, go to the Access tab.

The Globus Connect Personal access configuration screen.

Globus Connect Personal Access Configuration

To allow access to additional directories, use the button to add an entry. Once added, use the Writeable box to give write access; if that box is not checked, the access will be read-only.

The Shareable checkbox is used to allow sharing for a directory. This feature is only available as part of Globus Plus.

To remove an entry, click on it to select the entry, and then click on the button to delete the entry.

Changes are immediate

Changes to access configuration take effect immediately. If you delete access to a directory that has a transfer in progress (or you disable write access to a directory being written to), the affected transfers will begin to fail.

Globus Connect Personal’s access configuration is Default-Deny: If a directory is not covered by at least one access rule, then it will not be accessible through Globus Connect Personal.

Conversely, if a directory is covered by multiple access rules, only the most-specific rule will apply. For example, let’s say you have three access rules:

  • Access to /Users/me, read-only.

  • Access to /Users/me/Dropbox, read-write.

  • Access to /Users/me/Dropbox/X, read-only.

In the above configuration, Globus will allow write access to all of the Dropbox directory, except for the X directory, which will be kept read-only.

That’s it! You now have Globus Connect Personal fully configured. You can now make transfers from—and, if your allowed write access, to—your collection!

If you would like to share files from your collection with other people, you should now proceed to enable Globus Plus.