Accessing the Collaboration and Restricted Zones

The table below provides tips for accessing the Collaboration Zone (CZ) and the Restricted Zone (RZ) from your desktop or a Livermore Computing (LC) CZ or RZ machine.

From To Usage Notes
CZ Machines RZ machine Not permitted.
CZ machine SSH with RSA token; SSH keys permitted.
Enterprise services Not permitted.
storage OK for CZ-only users; not permitted for RZ users. No sensitive content.
fis, fastfis, tapefis FTP to host; authenticate with RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead.
rzfis, rzfastfis, rztapefis Not permitted.
rzstage Not permitted.
rzarchive
rzstorage
Not permitted.
give/take Unique to CZ (and separate from RZ). No sensitive content.
rzlc.llnl.gov Web pages Authenticate with CRYPTOCard, then with RSA token.
Home directories Unique to CZ (and separate from RZ). No sensitive content.
/nfs/tmp2 Unique to CZ (and separate from RZ). No sensitive content.
/p/lscratchrz[*] Not mounted.
/p/lscratch[*] Mounted. No sensitive content.
/usr/gapps Unique to CZ (and separate from RZ). No sensitive content.
/collab/usr/gapps Mounted as read/execute only. Shared with RZ.
From To Usage Notes
LLNL
Desktops
RZ machine SSH to rzgw.llnl.gov with CRYPTOCard, then SSH to RZ machine with RSA token.
CZ machine SSH with RSA token; SSH keys not permitted.
Enterprise services OK
storage CZ-only users. RZ users must FTP to rzarchive/rzstorage and authenticate with CRYPTOCard. No sensitive content.
fis, fastfis, tapefis FTP to host; authenticate with RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead.
rzfis, rzfastfis, rztapefis RZ users only. FTP to host; authenticate with CRYPTOCard.
rzstage RZ users only. Use SFTP, SCP or Hopper; FTP not permitted. Authenticate with CRYPTOCard. Refer to Technical Bulletin 469.
rzarchive
rzstorage
RZ usrs only. FTP to rzarchive or rzstorage; authenticate with CRYPTOCard.
give/take Mounting from desktop not permitted.
rzlc.llnl.gov Web pages Authenticate with CRYPTOCard, then with RSA token.
Home directories Mounting from desktop not permitted.
/nfs/tmp2 Mounting from desktop not permitted.
/p/lscratchrz[*] Mounting from desktop not permitted.
/p/lscratch[*] Mounting from desktop not permitted.
/usr/gapps Mounting from desktop not permitted.
/collab/usr/gapps Mounting from desktop not permitted.
From To Usage Notes
RZ Machines RZ machine SSH with RSA token; SSH keys permitted.
CZ machine SSH with RSA token; SSH keys permitted.
Enterprise services OK
storage OK from RZ machines only. Sensitive content permitted.
fis, fastfis, tapefis Not permitted. Use rzfis, rzfastfis, rztapefis.
rzfis, rzfastfis, rztapefis FTP to host; authenticate with CRYPTOCard.
rzstage N/A
rzarchive
rzstorage
N/A. Use FTP to storage.
give/take Unique to RZ.
rzlc.llnl.gov Web pages Authenticate with CRYPTOCard, then with RSA token.
Home directories Unique to RZ (and separate from CZ). Sensitive content permitted.
/nfs/tmp2 Unique to RZ (and separate from CZ). Sensitive content permitted.
/p/lscratchrz[*] Mounted from RZ machines. Sensitive content permitted.
/p/lscratch[*] Mounted by RZSLIC for convenience.
/usr/gapps Unique to RZ (and separate from CZ).
/collab/usr/gapps Mounted as read/write/execute. Shared with CZ.
From To Usage Notes
External
Internet
CZ machine SSH with RSA token; SSH keys not permitted.
RZ machine VPN required. SSH to rzgw.llnl.gov with CRYPTOCard, then SSH to RZ machine with RSA token.
LANL, Sandia
Machines
CZ machine See instructions located at: https://computing.llnl.gov/?set=access&page=index#ssh1
RZ See instructions located at: https://computing.llnl.gov/?set=access&page=index#ssh1

Top