At IU, how do I use HSI to access my SDA account?

Important:
Files containing PHI must be encrypted when they are stored (i.e., at rest) and when they are transferred between networked systems (i.e., in transit). Do not use HSI, HTAR, or Samba to transfer data containing PHI unless those data are encrypted already; HSI, HTAR, and Samba do not encrypt data during transit. To ensure that files containing PHI remain encrypted during transit, use SFTP/SCP or the IU Globus Web App. To ensure that files containing PHI are encrypted when they are stored on the SDA, encrypt them before transferring them. For more, see Recommended tools for encrypting data containing HIPAA-regulated PHI.

On this page:


HSI at IU

The Hierarchical Storage Interface (HSI) application, created by Michael Gleicher, of Gleicher Enterprises, LLC, provides a convenient, Unix-style environment for interacting with High Performance Storage System (HPSS) resources.

At Indiana University, you can use HSI to transfer files to and from your account on the Scholarly Data Archive (SDA). HSI is available on the following IU research computing systems:

For use on personal workstations, IU SDA users can download and install HSI (bundled with its companion program, HTAR) from the UITS Research Storage HSI folder in Box. Bundles are available for 32- and 64-bit Windows, OS X, and Red Hat Enterprise Linux, and for 64-bit Ubuntu Linux.

Note:
HSI's companion program, HTAR, can simplify aggregation of many files into one large file, which is the preferred method of storage in HPSS. For more, see Use HTAR with your SDA account.

If you encounter a problem or have questions about using HSI to access your SDA account, email the UITS Research Storage team.

HSI commands

HSI commands are similar to those of FTP and should seem familiar to Linux users. A session might look like the following (% is the Unix shell prompt, and ? is the HSI prompt):

% hsi
Principal: jdoe
[jdoe]Password:
Username: jdoe  UID: 11021  CC: 11021 Copies: 1 [hsi.3.3.3 Fri
Jan 12 13:36:06 EST 2011]

? ls
/hpss/j/d/jdoe/:
NPB-ppcc.tar   foobar/        movies/

? du -k
861309  /hpss/j/d/jdoe/
-----------------------
861309  total 1024-byte blocks, 6 Files (881,979,719 bytes)

? put myfile1.dat
put myfile1.dat : /hpss/j/d/jdoe/myfile.dat ( 10485760 bytes,
12283.4 KBS (cos=3))

? cd movies
? get myfile2.mov
Scheduler: retrieving file(s)
get myfile2.mov : /hpss/j/d/jdoe/movies/myfile2.dat
(2010/09/29 08:49:03 10485760 bytes, 16842.8 KBS )

? exit

For more about HSI commands and command-line options, see the following pages in the Gleicher Enterprises HSI Reference Manual:

Alternative authentication methods

By default, HSI will prompt for login information (known in HSI as the "combo" authentication method). Alternatively, if your binaries are built with the appropriate method, you can enable authentication based on either existing Kerberos credentials (known as the "Kerberos" method) or Kerberos keytabs (known as the "keytab" method) using one of the following options.

Note:
You also can use the following options to set the "combo" authentication method explicitly (this is a common remedy for authentication problems in HSI).
  • On the command line, invoke hsi with the -A option; for example:
    • To enable the "kerberos" authentication method, enter:
      hsi -A kerberos
      
    • To explicitly enable the "combo" authentication method, enter:
      hsi -A combo
      
    • To enable the "keytab" authentication method, you also must include the -k option to specify the path to your keytab file (e.g., /path/to/my_keytab) and the -l option to specify the appropriate login name (e.g., username):
      hsi -A keytab -k /path/to/my_keytab -l username
      
  • Create a private HSI startup file (~/.hsirc) that contains the authmethod parameter. Create this file in your home directory on the system you use to connect to the SDA; do not create or store this file in your SDA home directory. Add the authmethod parameter line as follows:
    • To enable the "kerberos" authentication method, add:
      authmethod = kerberos
      
    • To explicitly enable the "combo" authentication method, add:
      authmethod = combo
      
    • To enable the "keytab" method, your private HSI startup file also must contain the keytab parameter to specify the path to your keytab file (e.g., /path/to/my_keytab) and the principal parameter to specify the appropriate login name (e.g., username):
      authmethod = keytab
      principal = username
      keytab = /path/to/my_keytab 
      

    For more about the HSI startup file, see the Gleicher Enterprises HSIRC File page.

  • Define the HPSS_AUTH_METHOD environment variable; for example:
    • In the csh or tcsh shell:
      • To enable the "kerberos" authentication method, enter:
        setenv HPSS_AUTH_METHOD kerberos
        
      • To explicitly enable the "combo" authentication method, enter:
        setenv HPSS_AUTH_METHOD combo
        
      • To enable the "keytab" authentication method, you also must define the HPSS_KEYTAB_PATH environment variable with the path to your keytab file (e.g., path/to/my_keytab) and the HPSS_PRINCIPAL environment variable with the appropriate login name (e.g., username):
        setenv HPSS_PRINCIPAL username
        setenv HPSS_AUTH_METHOD keytab
        setenv HPSS_KEYTAB_PATH /path/to/my_keytab
        
    • In the ksh or bash shell:
      • To enable the "kerberos" authentication method, enter:
        export HPSS_AUTH_METHOD=kerberos
        
      • To explicitly enable the "combo" authentication method, enter:
        export HPSS_AUTH_METHOD=combo
        
      • To enable the "keytab" authentication method, you also must define the HPSS_KEYTAB_PATH environment variable with the path to your keytab file (e.g., path/to/my_keytab) and the HPSS_PRINCIPAL environment variable with the appropriate login name (e.g., username):
        export HPSS_PRINCIPAL=username
        export HPSS_AUTH_METHOD=keytab
        export HPSS_KEYTAB_PATH=/path/to/my_keytab
        

    For more about HSI environment variables, see the HSI Environment Variables page in the Gleicher Enterprises HSI Reference Manual.

This is document avdb in the Knowledge Base.
Last modified on 2018-10-10 18:25:54.

Contact us

For help or to comment, email the UITS Support Center.