ORNL is managed by UT-Battelle for the US Department of Energy

Globus: Proxy Lifetime Endpoint Lifetime

Oak Ridge Leadership Computing Facility

2 Presentation_name

GridFTP at OLCF

• GridFTP is a high-performance data transfer protocol based on FTP and optimized for high-bandwidth wide-area networks.

• OLCF supports globus, a file transfer service that uses a web interface. Has a command line interface too, globus CLI. Requires OSG certificates for authentication at OLCF.

• OLCF supports globus_url_copy- a scriptable transfer tool. Uses OSG certificates or ssh authentication.

3 Presentation_name

Workflow for Globus at OLCF

Web browser (done every time):

Go to Globus.org, setup/active endpoints at both ends of your transfer

Command line (done every time*):

Setup proxy certificate on the OLCF myproxy server from dtn.ccs.ornl.gov

Command line (done once):

Set up and map OSG certificate

4 Presentation_name

Globus Proxy lifetime.

• When you use globus or globus online you must generate a proxy certificate from the command-line on dtn.ccs.ornl.gov

• The default proxy lifespan is 12 hours.

• To get a longer proxy lifespan you must use the –t option followed by the number of hours you need.

• You can pick any time interval up to 72 hours.

• Use the shortest proxy lifespan you can for your workflow. Leaving a proxy open for longer than you need may pose a security risk.

5 Presentation_name

1. Generate a Proxy using –t

• 1.Generate a proxy certificate using “–t 32” from your OSG certificate from the command line on dtn.ccs.ornl.gov.

• Enter your OSG Certificate passphrase

6 Presentation_name

Retrieve the proxy using -t

• 2. Retrieve this proxy from the OLCF Myproxy server using the command line and” –t 32”on dtn.ccs.ornl.gov.

• This time use your OLCF PIN and RSA token code.

7 Presentation_name

3a. Activate the olcf#dtn globus endpoint

1. Open globus.org in a browser and login.

• 2. Select “Transfer Files”.

• 3. Active the OLCF#DTN endpoint.

8 Presentation_name

3a. Activate the olcf#dtn globus endpoint

• 3. Active the olcf#dtn endpoint using the advanced tab to set the endpoint lifetime up to your proxy lifetime in hours.

9 Presentation_name

The Other End of the Transfer.• You will need to do the analogous steps on the

other end of the transfer. Other facilities have different methods form managing their grid proxies.

10 Presentation_name

Workflow for Globus_url_copy at OLCF

Use globus_url_copy from a script or the command line

Command line (done every time*):

Setup proxy certificate on the OLCF myproxy server from dtn.ccs.ornl.gov

Command line (done once):

Set up and map OSG certificate

11 Presentation_name

3b. Use globus_url_copy and gsiftp

• Globus_url_copy does not require and endpoint.

• Syntax looks like this:

globus-url-copy -tcp-bs 12M -bs 12M -p 4 gsiftp://dtn03.ccs.ornl.gov/ccs/home/suzanne/file.dat gsiftp://remote.system.edu/directory/path/file.dat

12 Presentation_name

How do I get an OSG certificate?

5.Register (map) your grid ID with OLCF and your remote transfer site.

4. Extract certificate and private key.

3. Move Yourcert.p12 to .globus directory in your home directory on dtn.ccs.ornl.gov.

2. Retrieve grid certificate from your personal OSG Web link.

1. Go to the Office of Science Information Management Webpage and fill out the certificate request form.