Gateways on Oak#

What are Oak Gateways?#

Put simply, Oak Gateways are well-resourced servers that allow you to access your Oak storage. Oak is pre-configured on popular on-campus computing resources like Sherlock and SCG. If you're not using either of those systems to manage your storage, you'll need to use one of the gateway options listed below to connect to Oak.

Oak's internal network consists of multiple servers and storage devices, connected using advanced Infiniband fiber-optic technology to create a single filesystem. This system presents a challenge as Infiniband doesn't use the typical IPv4/6 protocol. To bridge this gap between our Infiniband network and IPv4/6 users, we employ gateways.

Gateways, capable of speaking both Infiniband and IPv4/6, function as an intermediary. With a 200Gb/s connection to Oak and a 25Gb/s Ethernet connection to the Stanford Research Network, they enable data transfer across network fabrics. Whether you're using a Data Transfer Node, Globus, or mounting Oak with NFS or SMB, gateways facilitate the process.

Types of Oak Gateways#

Oak Globus Endpoint#

Cost: Free for Oak users#

Example Use Case: Transferring large datasets in/out of Oak from non-Stanford locations or sharing files with collaborators outside of Stanford.#

Oak has a Globus Endpoint. Globus provides a suite of cloud-based, software-as-a-service services for moving, synchronizing, and sharing big data. We're currently experimenting a Managed Endpoint with the Globus Sharing option enabled.

Globus: anyone with an Oak account can use the Globus endpoint:

• go to https://app.globus.org/file-manager
• in "Use your existing organizational login", choose "Stanford University"
• authenticate with your SUNet ID and password
• optional: install Globus Connect Personal to transfer files from/to your local machine
• lookup the Oak Globus endpoint: SRCC Oak
• transfer files!

Oak Data Transfer Node (DTN)#

Cost: Free for Oak users#

Example Use Case: Using scp to send or receive data between your Oak and your computer.#

Authorized Oak users can use the Oak Data Transfer Node (DTN). Similar to the Sherlock DTN, the following protocols are available: scp, rsync, sftp, sshfs, and bbcp.

The Oak DTN is available from anywhere and requires two-factor authentication using Duo (Kerberos is not required).

SCP (Secure Copy)#

Example of use on Linux or Mac:

scp archive.zip $SUNETID@oak-dtn.stanford.edu:/oak/stanford/groups/$GROUP

SFTP#

University IT provides free licenses for some SFTP clients: Fetch for Mac and SecureFX for Windows. Below is an example of using Fetch on Mac. Replace $SUNETID with your SUNet ID and enter your SUNet ID password. The Initial Folder field is optional.

If you want to connect using SFTP from a Linux machine, just type:

sftp $SUNETID@oak-dtn.stanford.edu

Rsync over SSH#

Rsync is widely used for backups and mirroring and as an improved copy command for everyday use. Please see the example below which would copy a directory named my_dir to your Oak's group directory (on Linux or macOS):

 rsync -rltP my_dir $SUNETID@oak-dtn.stanford.edu:/oak/stanford/groups/$GROUP

Note: rsync on the DTN doesn't support all features like preservation of ACLs and permissions. It currently behaves pretty much like scp in that aspect.

SSHFS#

To mount Oak on macOS using SSHFS:

Replace $SUNETID and $GROUP respectively to fit your needs.

mkdir ~/Desktop/Oak
sshfs $SUNETID@oak-dtn.stanford.edu:/oak/stanford/groups/$GROUP ~/Desktop/Oak -o cache=no -o nolocalcaches -o volname=oak-sshfs -o defer_permissions

When you're done, we recommend to properly un-mount Oak:

umount ~/Desktop/Oak

How do I avoid the Duo prompt every time?#

Here are two ways you can avoid using a Duo Prompt:

1. Set up Public Key Authentication on the Oak DTN

2. Edit the SSH options your client will use for the Oak DTN in your ~/.ssh/config file on your local machine following the template below. This will enable a persistent ControlMaster which will create a tunnel on your first login, and will re-use the same tunnel on subsequent connections.

   Host oak-dtn dtn.oak.stanford.edu
   ControlMaster auto
   ControlPath ~/.ssh/%r@%h:%p
   ControlPersist yes

Oak SMB Gateway#

Cost: Monthly fee required. For latest rates, please see https://uit.stanford.edu/rates/rcstorage#

Example Use Case: Your lab wants to mount Oak storage as a network drive using Windows Explorer or macOS finder.#

SMB Gateways are a popular choice, allowing you to mount your Oak space as a network volume on Windows Explorer, macOS, or Linux. They are also a great way to provide a massive storage target for instruments that generate large amounts of data (sequencers, microscopes, spectrometers, MRI/CT scanners, etc.).

Connecting to your SMB Gateway#

Please see our SMB Gateways page for detailed instructions on how to connect.

Oak NFSv4 Gateways#

Cost: Monthly fee required. For latest rates, please see https://uit.stanford.edu/rates/rcstorage#

Example Use Case: Your lab wants to mount Oak storage on an internal server.#

NFS Gateways enable you to mount Oak on your own servers, workstations, and instrumentation.

Oak NFS gateways have a very specific configuration, which clients must support:

• NFS version 4.0 or later (ideally 4.1 or 4.2)

• Kerberos security (sec=krb5). Specifically, sec=sys is NOT supported.

• All client devices must have a valid host Keytab

• All users accessing Oak must have an active Kerberos credential.

Please contact us at srcc-support@stanford.edu for more info about NFSv4 Oak gateways.

For instructions on mounting NFSv4 Gateways, please see our NFSv4 Gateways page.