Data transfer on the Secure Enclave is performed with the Globus research data transfer and management cloud-based service. Traditional file transfer tools such as SCP, SFTP, or other utilities should not be used on the Secure Enclave. Please be aware that all data transfer operations should be done on the Secure Enclave Data Transfer Nodes (DTN). There are two: one for the Secure Enclave VMs and one for the HPC cluster.
To use Globus, access the Globus website and open the File Manager from the left-side of the interface.
Staff will be providing a Using Globus video which will show a user how to access and use Globus with the Secure Enclave. A short video is a better tool to explain how to use Globus than a text based documentation. Until this video is available, please contact the OIT Help Desk (see https://help.utk.edu) to request a short Secure Enclave Globus training session via Zoom videoconferencing.
It is important to note that Globus data transfers to and from outside the University network will only work if you are connected to the UTK VPN. If you are not and you initiate a transfer sending data to the Secure Enclave, Globus will created the file and it will look like it was successful, but the file will be empty and have a size of 0. This is because access for the command protocol to the Globus cloud is open but the file transfer ports are only allowed from University addresses which includes the VPN. Avoid this situation and connect to the VPN before you use Globus. To learn how to setup and configure the VPN on your device, please review OIT’s VPN User Guide. Transfers to or from another Globus endpoint and or the Open Enclave endpoints do not require the use of the VPN.
Transferring Data in Unencrypted Space
For data that is not stored in encrypted space on the SIP, transfer it normally. The directories do not need to be mounted or decrypted. This applies to your NFS home directory and your personal Lustre project space. For more information on these directories, please review the File Systems document.
Transferring Data in Encrypted Space
For data that is stored in encrypted space on the SIP, additional steps are necessary to initiate transfers to and from these spaces. These steps are outlined below.
- Login to the Citrix Secure Enclave environment.
- Launch the PuTTY application.
- Enter “sip-login1-se.acf.tennessee.edu” into the Host Name / Address field. Select “Connect.” Provide your NetID and NetID password, then authenticate with Duo TFA.
- Access the Secure Enclave data transfer node with ssh. Figure 4.1 depicts how to connect to the DTN using ssh.
- Execute the
sipmountcommand on the Secure Enclave DTN. Figure 4.2 shows how to use this command. When you execute it, you must provide your NetID password and authenticate with Duo TFA. Replace the <project-name> argument with your project identifier, such as UTK-9999. You can determine the name of the projects to which you belong in the User Portal. More information is available in the Navigating the User Portal document.
- Verify that the space was mounted with the ls -l command. Figure 4.3 shows the syntax to use for this command.
- Return to the Globus File Manager and navigate to the /projects/<project-name> directory. Its contents should be visible. If not, wait approximately five minutes, then refresh the directory.
After you complete your data transfers, you may unmount the encrypted space on the SIP. Use the
sipunmount command to unmount this space. Its syntax and usage is the same as the
sipmount command. If you do not unmount the encrypted space, it will automatically be unmounted after fifteen minutes. For more information, please refer to the File Systems document.
Transferring Data to External Globus Endpoints
Data transfer from the Secure Enclave to external non-UT Globus endpoints is only allowed after authorization. These external endpoints must be authorized before they can be used. If you have an external Globus endpoint that you would like to be allowed to transfer data to/from the Secure Enclave, please submit a request to the OIT Help Desk (see https://help.utk.edu/) with the details.
Before you initiate data transfers to or from the SIP, consider preparing the data you wish to transfer by archiving and compressing it. When you archive data, several files and directories can be added to the same location. When you compress data, you reduce its total size. Both methods reduce the total amount of data that must be sent across the network and make it easier for you to organize the data you wish to transfer. At the time of this writing, the tar and zip utilities are the best methods for data archiving and compression for Secure Enclave users across Linux, MacOS, and Windows.
When you prepare your data, please avoid using a login node. Instead, use the SIP’s DTN (data transfer node). Figure 1.1 in the Introduction shows how to access the DTN.
Using the tar Utility
The tar (tape archiver) utility uses simple command syntax and allows large amounts of data to be aggregated into the same archive. Linux, MacOS, and updated Windows 10 systems can use tar. Older Windows systems will be limited to the zip utility.
To create a tar archive, execute
tar czvf <archive-name> <dir-to-archive>. Replace the <archive-name> argument with the name of the new archive. Be sure to follow the name with the .tar.gz extension, as in my_archive.tar.gz. Replace the <dir-to-archive> argument with the directory you wish to place within the archive. If the directory you intend to archive is not within your working directory, specify the relative or absolute path to it. By default, tar will recursively place the directory and its contents into the new archive. Figure 2.1 shows the successful creation of a tar archive.
[user@sip-dtn1 ~]$ tar czvf new_archive.tar.gz Documents Documents/ Documents/IntroUnix.pdf Documents/JobSubData.zip Documents/MATLAB/ Documents/Scripts.zip Documents/PyLists.py
After the archive is created, execute
ls -l to verify that the archive exists. You can view its contents with the
tar tvf <archive-name> command. You may then transfer the archive using Globus. Please refer to the Configuring Globus section to learn how to configure it for your system.
On the remote system, execute
tar xvf <archive-name> to extract the contents of the archive. The files will be extracted into your working directory.
Using the zip Utility
On older Windows systems, the zip utility should be used to archive and compress your data on the SIP.
To create a zip archive on the SIP, execute zip -r <archive-name>.zip <dir-to-archive>. Be sure that the directory you wish to archive is in your working directory. Otherwise, specify the relative or absolute path to the directory you wish to archive. Replace the <archive-name> argument with the name of the new zip archive. You may or may not include the .zip file extension to the archive’s name; if you do not, the zip utility will add it automatically. Replace the <dir-to-archive> argument with the directory you wish to place in the zip archive. The -r option ensures that the directory and its contents are archived and compressed. Figure 2.2 shows the successful creation of a zip archive.
[user@sip-dtn1 ~]$ zip -r Documents Documents adding: Documents/ (stored 0%) adding: Documents/IntroUnix.pdf (deflated 4%) adding: Documents/MATLAB/ (stored 0%) adding: Documents/PyLists.py (deflated 61%)
After the zip archive has been created, execute
ls -l in the directory from which you created it to ensure the archive exists. It will appear with the name you gave to the archive followed by the .zip extension.
With the zip archive created and verified, transfer it to your system using Globus. Please refer to the Configuring Globus section to learn how to use it on your system. Once you transfer the zip archive to your system, open the File Explorer and navigate to the directory in which you placed the archive. Right-click on the archive and select the “Extract All…” option in the submenu. Figure 2.3 shows where to locate this option. Specify the directory in which the contents should be extracted, then select “Extract.” You may then open the archive and peruse its contents.