1 / 15

Endpoint Setup with Globus Connect Multiuser

Endpoint Setup with Globus Connect Multiuser. Raj Kettimuthu Lukasz Lacinski. GlobusWorld 201 3 April 16 , 201 3. Globus Connect Multi u ser. What is Globus Connect Multiuser ? Packages a GridFTP server and MyProxy CA, pre-configured for use with Globus Online

phillips
Télécharger la présentation

Endpoint Setup with Globus Connect Multiuser

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Endpoint Setup with Globus Connect Multiuser Raj Kettimuthu Lukasz Lacinski GlobusWorld 2013 April 16, 2013

  2. Globus Connect Multiuser • What is Globus Connect Multiuser? • Packages a GridFTP serverandMyProxy CA,pre-configured for use with Globus Online • Why Globus Connect Multiuser? • Create transfer endpoints in minutes • Easily set up a Globus Online endpoint on any server, which then enables users with local accounts on that server to transfer files to/from that endpoint • Avoid complex GridFTP install • What’s new? • Available as part of the Globus Toolkit • Native packages • RPMs and DEBs • No need to setup SSH keys

  3. GCMU Deployments

  4. Globus Connect Multiuser Demo

  5. Hands-on Session The goal of thissessionis to show you (hands-on)how to take a resource and turn it into a Globus Onlineendpoint. Each of youis provided with an amazon EC2 machine for this tutorial.

  6. Log into your host Your slip of paper has the host information. Log in as user “gw13”: Ssh gw13@ec2-xx-xx-xx-xx.compute-1.amazonaws.com Use the password on the slip of paper. gw13has passwordless sudo privileges.

  7. Globus Connect Multiuser curl -LOs http://www.globus.org/ftppub/gt5/5.2/stable/installers/repo/globus-repository-5.2-stable-precise_0.0.3_all.deb sudo dpkg -i globus-repository-5.2-stable-precise_0.0.3_all.deb sudo aptitude update sudo aptitude -y install globus-connect-multiuser sudo vi /etc/globus-connect-multiuser.conf <-- replace "SHORT_HOSTNAME" with “gw13dtn” sudo globus-connect-multiuser-setup <-- enter Globus Online username and password

  8. Try doing the following Create a file called tutorial.txt in /home/joe Go to the GO Web UI -> Start Transfer Select endpoint username#gw13dtn Activate the endpoint as user “joe” (not gw13). You should see joe's home directory. Transfer between thisendpoint and your Globus Connect or any other endpoint you have access to.

  9. Making endpoint public Try to access the endpoint created by the person sitting next to you You will get the following message: ‘Could not find endpoint with name ‘gw13dtn’ owned by user ‘<username of person sitting next to you>’ Go to your Globus Connect Multiuser server machine sudo vi /etc/globus-connect-multiuser.conf <-- uncomment“Public = False” and replace “False” with “True” Now when you access your neighbor’s endpoint, you will not get the message anymore, rather you will be prompted for username and password But you can not access it since you do not have an account on that machine

  10. Enable sharing sudo vi /etc/globus-connect-multiuser.conf <-- uncomment Sharing = True Go to the GO Web UI -> Start Transfer Select endpoint username#gw13dtn Share your home directory on this endpoint with neighbor Access your neighbor’s endpoint

  11. Username password certifficate Access files Globus Online / Globus Connect Multiuser Interaction Step 1 Access Endpoint Globus Online (Hosted Service) Step 2 Username password Step 3 Step 5 Transfer request Step 6 TLS handshake Username password certificate certificate Globus Connect Multiuser GridFTP Server Step 9 GridFTP Server MyProxyOnline CA certificate Authentication & Data Transfer Remote Cluster / User’s PC PAM Step 8 Step 7 Step 4 Campus Cluster Authorization Local Storage Local Authentication System (LDAP, RADIUS, Kerberos etc)

  12. Firewall configuration • Allow inbound connections to port 2811 (GridFTP control channel), 7512 (MyProxy CA) • From 174.129.226.69 • Allow inbound connections to ports 50000-51000 (GridFTP data channel) • If transfers to/from this machine will happen only from/to a known set of endpoints (not common), you can restrict connections to this port range only from those machines • If your firewall restricts outbound connections • Allow outbound connections if the source port is in the range 50000-51000

  13. MyProxyOAuth server • Site passwords flow through Globus Online • Globus Online does not store passwords • Just pass along to MyProxy servers at site • Still a security concern for some sites • OAuth • Sites run a MyProxyOAuth server • MyProxyOAuth server in Globus Connect Multiuser (coming soon) • Users enter username and password only on a site’s webpage • Globus Online gets an X.509 credential via OAuth protocol

  14. Username password certifficate Access files Globus Connect Multi User Step 1 Access Endpoint Globus Online (Hosted Service) Step 2 Step 7 Transfer request Step 8 Step 3 Redirect Username password certificate certificate GCMU Step 4 GridFTP Server Step 11 Oauth Server Username password GridFTP Server MyProxyOnline CA certificate Authentication & Data Transfer certificate Remote Cluster / User’s PC PAM Step 6 Step 10 Step 9 Step 5 Campus Cluster Authorization Local Storage Local Authentication System (LDAP, RADIUS, Kerberos etc)

  15. For More Information • Visithttps://www.globusonline.org/signupto: • Get a free account and start moving files • Visitwww.globusonline.orgfor: • Tutorials, FAQs, Pro Tips, Troubleshooting • Papers • Case Studies • Contactsupport@globusonline.org for: • Help getting started • Help using the service • Follow us at @globusonlineon Twitterand Globus Online on Facebook

More Related