/
Globus V5 Terminology

Globus V5 Terminology

Owned by UKY CCS RCD
Jun 21, 2024
5 min read

With the introduction of Globus Connect Server version 5, a lot of terminology was introduced and modified. This document will discuss some of this new terminology, with commentary on how terms contrast with old terminology where appropriate.

Project

With Globus, we typically only register Globus Connect Server endpoints by installing the software on a DTN or other server. However, Globus allows you to register other kinds of applications to interact with their backend. To organize this, you can group these endpoints and applications into a project.

You can create projects and register applications by going to Settings > Developers on globus.org.

developer-page.png
View of projects you are a part of. You can also see options to register other kinds of applications.

 

project-view.png
The view of a project. Most often, they will just be Globus Connect Servers, but other applications are possible.

Endpoint

In older versions of the software, an endpoint was essentially just a specific node with the Globus Connect Software installed. In the newest version, the term “endpoint” is more abstract: rather than just being a single node, an endpoint consists of at least one but potentially multiple servers/DTNs that have the software installed. The term “node“ is used to refer to the individual systems that make up the endpoint. Because of this, the endpoint is essentially an administrative interface for this group of nodes that exists on Globus' backend system.

You can easily find endpoints

that you administer by going to Console > Endpoints on globus.org.

endpoint-view-20240131-210933.png
endpoint-overview.png
View of a particular endpoint. Notice that the “App Name” is the same as the endpoint name: newer versions of Globus automate the process of creating an app entry for an endpoint.

Storage Connector

A storage connector allows an endpoint to access a particular type of storage. By default, installing Globus Connect Server only gives you access to the POSIX Connector. A subscription allows you to use other connectors to access other kinds of storage systems (Google Drive, OneDrive, Ceph, etc.). An endpoint can have multiple connectors.

In practice, connectors aren’t directly dealt with when configuring a node. An endpoint needs to be associated with a subscription to use connectors other than POSIX. The following command does this.

globus-connect-server endpoint set-subscription-id <subscription-id>

When creating a storage gateway, you specify the type of storage you are connected to. The only case where a connector would be directly dealt with is with setting up custom identity mapping for a storage gateway (See Globus Connect Server Identity Mapping Guide for information about how connectors come into play). This last case does not commonly happen.

Storage Gateway

A storage gateway is an interface that defines access policies for a particular storage system. The main things defined by a storage system are

  1. What kind of storage system that will be accessed.

  2. What domains (e.x. uky.edu or access-ci.org) users can use to access the given storage system.

  3. What paths (with permission) users have access to on the storage system.

  4. How to map a user’s identity to one that is recognized by the storage system.

Storage gateways are defined on an endpoint, which must have an associated connector of the same storage type. An endpoint can have a storage gateway for each kind of connector it has, and any underlying storage system the endpoint has connectors for can have multiple storage gateways defined for it.

endpoint-gateway-list-20240131-215947.png
An endpoint with storage gateways for different types of storage systems.

Collection

A collection is a named interface that users will use to access/transfer data on a storage system via Globus. This interface is what users search for in the Globus File Manager. A collection is associated with one storage gateway. You can further refine data access on the collections by explicitly allowing/denying users on the collection and settings sharing policies. These are what were originally reffered to as “endpoints“

Mapped Collection

Mapped collections are the kind that an admin for an endpoint will create. This type is what most users will interact with. Users on a mapped collection will have to map to a local account of the storage system they ultimately connect to. These were formerly known as “host endpoints“.

collection.png

Guest Collection

Guest collections are collections that users can create based on an existing mapped collection. These kinds of collections are intended to share data with users who don’t have an account on the underlying storage systems. The admin for a mapped collection must enable this on a mapped collection before users can create these kinds of collections. These were formerly known as “shared endpoints“.

When a user creates a guest collection, access to the underlying storage system uses the same permissions as the local account they use when accessing the mapped collection. Users can then create their own access control list to determine which users can access their collections. Otherwise, these collections function like any other collection.

guest-collection-create.png
guest-collection-permissions.png
Users can make their guest collections and set permissions on globus.org

 

guest-collection-view.png
Guest collections, while looking like any other kind of collection, will be rooted in the directory that the user chooses to share.

 

 

Related content

Center for Computational Sciences