Sponsored by BMBF Logo

How to access grid resources from non-grid machines

Users of laptops and other personal computers may want to log in directly to grid resources, or to transfer files between their computer and a grid resource. This may be accomplished in several ways--in this page we will discuss these:

Client certificates

Besides installing software, a user will need two sets of certificates:

  1. User certificate
  2. Signing authority certificate(s)

Note that a client installation does not require a host certificate for the client machine.

See the AstroGrid Membership page for instructions on how to get user certificates.

Each grid host has a signing authority. One set of signing authority certificates is needed corresponding to that of host that will be accessed. Signing authority certificates are free for download from the signing authorities web site.

For instance, AstroGrid-D machines use the GridKA signing authority. The certificate files for GridKA have names like
   dd4b34ea.signing_policy, dd4b34ea.crl_url, dd4b34ea.0
Note the ".ro" file should not be copied unless you are running a server.  It can expire, and block access from the client.

Client installation of Globus

To install Globus as client software is relatively easy, and is the preferred way to access Grid hosts from a non-grid machine.

First, Globus installation requires Java JDK with a version of at least 1.4; version 1.5 is preferred.

Software installation options

There are two approaches to Globus software installation
Distribution package installation
This is easiest for many users. 
Find the Globus installation package for the system, and install it in the usual way.
Installation from Globus source
If the machine is expected to become a grid host in the future, this option is preferred.

If the user has administrative access to the machine, Globus may be installed wherever is convenient.
If the machine is shared by many users, it is best to install Globus in a public directory, such as
It is also possible to install in a user's home directory.

Certificate installation options

Signing authority certificates can be placed in one of the public certificate directories, such as

  1. $GLOBUS_LOCATION/share/certificates/
  2. /etc/grid_security/certificates
(the first is best when the software is being installed by someone other than the machine administrator)

User certificates should be placed in the users directory


Some environment variables need to be set.
export JAVA_HOME=path_to_Java_installation
export GLOBUS_LOCATION=path_to_Globus_gtxxx_directory


At this point, the user can initialize their grid proxy so:

Then, a remote session can be started on a grid host
    gsissh hostname

and files can be transferred between the local machine and grid hosts
    gsiscp filename hostname:

CoG (Commodity Grid) Toolkit

GoG Toolkit is a pure Java implementation of grid standards, with an additional GUI. Its immediate advantages are that it installs on any system, including Windows, with relative ease. Prerequisites are just a recent Java JDK installation.

Unfortunately, the last version is lacking some crucial capabilities, including a gsissh terminal and a convenient GUI interface for copying files.

Quick start

  1. cd to build directory
  2. $ ant
  3. cd to dist/cog-4_1_5/bin
    Here are many binaries. Some of them are analogous to the Globus versions.
    runs main GUI environment
    cog-file-transfer -s gridftp::///full-path-source -d file::///full_path_dest
    command-line file transfer


GSI-SSHTerm is a Java web applet, providing gsissh/gsiscp

The idea is good: a grid institution could provide this as a way for grid users to log in directly to grid machines, and copy files to the local computer. All that is required is a Java Runtime Environment and certificates installed in the user's web browser.

However, as of this writing, the current version fails or dies silently and without error output even in normal circumstances.

It has been installed at LRZ:  See the LRZ Grid Portal page.