vas's blog

We're thrilled to see NCAR using Globus to distribute data from their Research Data Archive (RDA). The RDA contains a large and diverse collection of meteorological and oceanographic observations, operational and reanalysis model outputs, and remote sensing datasets to support atmospheric and geosciences research.

On May 20th, 2015, a new vulnerability known as “Logjam” was discovered, as described in this NIST announcement. We reviewed the severity and impact to Globus services and posted the findings in our support forum. We do not anticipate additional updates on this issue.

Knowledge Lab is a University of Chicago research center that seeks to leverage insights into the dynamics of knowledge creation and advances in large-scale computation to reimagine the scientific processes of the future by identifying gaps in the global knowledge landscape, areas of rich potential for breakthroughs, and automating discovery through the generation of novel, potentially high impact hypotheses.
 

We've talked a lot recently about data publication and inevitably the conversation becomes one of definition and semantics. For many, data publication means making publicly available the data used to support the results described in a published paper. For some, it means making data selectively available to other investigators within a research discipline or community. For others, it means sharing research findings with collaborators at multiple institutions throughout the course of a project. And, as you might imagine, there are myriad scenarios in between these three.

On Saturday, March 21, 2015, starting at 10:00am CDT, the Globus service will undergo a significant upgrade. We will be making changes to the underlying services used for managing user identities and groups. While we are deploying these changes into our production environment, the Globus service will not be available. We expect that the upgrade will be completed within 4 hours, and the service should be fully operational by approximately 2pm CDT.

We are aware of the announced vulnerability described in CVE-2015-0235 (GHOST). We have investigated the issue and will continue to monitor our systems. Our assessment and mitigating actions are described in our support forum, and we will update this forum post with more detail as necessary. Our risk assessment and recommended actions are summarized below.

On Monday, December 8, 2014 we'll be updating the Globus file transfer service. As part of this update we're adding another IP address to the service that executes file transfer requests. The majority of our users will see no difference, and any active file transfers will continue without interruption. However, if you have endpoints behind a firewall with tight inbound rules explicitly identifying Globus machines, you will need to update these rules to allow the new IP addresses, otherwise file transfer requests to/from endpoints behind that firewall will fail.

Our first implementation for transferring files to/from Amazon S3 endpoints (buckets) was a good proof of concept but performance was, at best, average. In our latest release, we’ve upped the stakes significantly and used multiple techniques to improve performance: (1) using parallel TCP file streams, (2) quickly retrying on transient faults, and (3) using multipart-upload only for files greater than 100MB.

We recently changed the policies that govern access to certain Globus features. These changes are informed by our experiences in offering paid subscriptions to researchers and resource providers over the past ~2 years. Here's what's changing:

Two weeks after the discovery of the Heartbleed bug we’re still actively monitoring the situation and fixing systems that might be at risk. After updating software and certificates, we believe that our systems are no longer vulnerable to Heartbleed. We maintain a detailed list of the corrective actions we've taken in our support forum.