The Livermore Computing (LC) file interchange service (FIS) allows LC users to transfer files between the unclassified Open Computing Facility (OCF)—both the Collaboration Zone (CZ) and the Restricted Zone (RZ)—and the classified iSNSI and Secure Computing Facility (SCF). This document describes how FIS works and how to use it effectively.

Two implementations of FIS are available. One implementation uses an electronic One Way Link (OWL), and the other uses tape technology.  The OWL implementation is unidirectional, is much faster, and is used for transfers from the OCF CZ and RZ to either the iSNSI or SCF networks. The tape technology FIS is bidirectional and is primarily used for transfers from the SCF to the OCF. On the iSNSI network, OWL is available for transfer from the OCF to the iSNSI network and Pinot cluster, as well as a tape implementation for transfer between the OCF and the iSNSI network and Pinot cluster .

Note: Throughout this document, the OWL implementation of FIS is referred to as FastFIS, while the tape implementation of FIS is referred to as TapeFIS.

For help, contact the LC Hotline at 925-422-4531 or via e-mail (OCF: lc-hotline@llnl.gov, SCF: lc-hotline@pop.llnl.gov).

Overview

There are four FIS servers, one in each environment (i.e., CZ, RZ, iSNSI, and SCF). For the user, each server represents the place to which files are submitted for transfer and the place from which to retrieve files that have been transferred.

To utilize the OWL FIS, users should connect to the fastfis.llnl.gov server. To utilize the tape FIS system, users should connect to the tapefis.llnl.gov server. Please also note that the server name fis.llnl.gov is an alias for fastfis.llnl.gov.

FastFIS service is unidirectional from the OCF to the SCF or from the OCF to the iSNSI; there is no SCF to OCF FastFIS. Files are queued for transfer within 5 minutes of submission to FastFIS, so no user notification will be sent when the files reach their destination. TapeFIS service is bidirectional, and although the transfer mechanism is the same in both directions, the user interface and operational aspects are different for SCF to OCF transfers. This is because of the asymmetric need to verify that only unclassified content moves from the secure to the open network - this need should be met by having your organization's Derivative Classifiers (DCs) inspect the transferred files. For users on the iSNSI network, both TapeFIS and OWL FIS are available. See the section in this manual on the iSNSI Network for more information.

Users cannot have accounts on both CZFastFIS and RZFastFIS. To protect security, general login capability is disabled. To connect to a FIS server, an FTP or SFTP/SCP client must be executable on your local machine.

The table below provides connection guidelines. Use TapeFIS only for very large one-time data transfers from the OCF to the SCF or when moving files from the SCF to the OCF. For details about file transfers from the SCF to the OCF using TapeFIS, see DC Support for Secure-to-Open Transfers.

Connecting to FastFIS

Transfer Originating From Server Name Alias
OCF CZ fastfis.llnl.gov fastfis
fis
OCF RZ rzfastfis.llnl.gov rzfastfis
rzfis
SCF retrieval fastfis.llnl.gov fastfis
fis

Connecting to TapeFIS

Use TapeFIS only for very large one-time data transfers from the OCF to the SCF or when moving files from the SCF to the OCF.

Transfer Originating From Server Name Alias
OCF CZ tapefis.llnl.gov tapefis
OCF RZ rztapefis.llnl.gov rztapefis
SCF retrieval tapefis.llnl.gov tapefis

Users and Authentication

The diagram below identifies the FIS servers and the authentication and login methods on the OCF.

Image
FIS diagram

Which FIS server to use on the OCF depends upon whether a user is CZ-only, RZ-only, or both CZ and RZ.

CZ-only Users

  •     Connect to fastfis.llnl.gov located on the CZ.
  •     May connect to FastFIS from the CZ or the EN.
  •     Allowed connection methods: FTP, SFTP, SCP, Hopper (use the "Connect to FastFIS" menu option).
  •     Authentication methods:  LLNL RSA token/OTP password, Kerberos password of the day (POD), or SSH keys from a CZ cluster.

RZ-only Users or CZ/RZ Users

  •     Connect to rzfastfis.llnl.gov located on the RZ.
  •     May connect to FastFIS from the RZ or the EN.
  •     Allowed connection methods: FTP, SFTP, SCP, Hopper (use the Connect to Rzfastfis (RZFIS) menu option).
  •     Authentication methods: RZ RSA Token, SSH keys from an RZ cluster only (LLNL RSA SecurID OTP authentication will not work)
  •     Note:  If off site VPN must be running

Usage Guidelines

  1. You cannot use NFT to connect to FastFIS.
  2. LC uses its hardware/software security "firewall" to block direct FTP connections from machines outside the llnl.gov domain to LC machines within llnl.gov (including FIS). Such FTP blocking means that you must start your FTP client on a within-llnl.gov machine (or one with a VPN virtual llnl.gov address).
  3. The maximum number of simultaneous FTP connections to FastFIS is 25 (with SFTP, no maximum). While often an invisible limit, this may prevent your reaching the FastFIS server during busy file-exchange periods.
  4. FIS automatically changes some characters in a file's name (not body) during transfer. See the section on "FIS and File Names" for details and a work-around.
  5. There is no per-file FIS size limit, but there are system limitations (e.g., available disk, checksumming time). FastFIS capacity is 1 TB and TapeFIS is 3 TB. 
  6. FIS cannot process a directory. Make a TAR file instead.

FIS Passwords and Authorization Requests

To use FastFIS, you must already have an account and valid password for at least one open and one secure machine. Before your first use of FastFIS, you must request access via the File Interchange Service form. This form creates your FIS account. It needs Computer Coordinator approval for open-to-secure transfers, and it needs division or department head approval for secure-to-open transfers (which a DC always monitors). OCF (CZ/RZ)-to-SCF FIS and OCF (CZ/RZ)-to-iSNSI accounts do not expire once approved; however, SCF-to-OCF FIS accounts must be renewed annually, and failure to promptly renew them will cause LC to close the account.

Any user can receive authorization to move files from the open to the secure network. To receive authorization to move files from the secure to the open network, you must specify the kinds of files to be moved and obtain the approval of your division leader or department head (in the appropriate places on the FIS form). The instructions on the FIS form remind you of these requirements in relation to each blank.

Once you are authorized, you will be able to use your current authenticator-generated one-time password (RSA SecurID OTP for CZ-only users; RZ OTP for RZ-only and CZ/RZ users) to access the corresponding FastFIS server. On the SCF, the FIS server uses the password you use for SCF production machines. Each user of FastFIS has an account on both OCF (CZ or RZ) and SCF servers. A prerequisite for this is an established user record for LC's SCF. The user name for your FIS account is the same as your user name for any LC machine.

How To Use FIS

All users of FastFIS are permitted to transfer from the OCF (CZ/RZ) to the SCF. On the FastFIS server, each user has a private work space. The work space on the CZ and RZ FIS servers consists of two subdirectories named TO and FROM. The TO directory is where a user places files to be transferred to the SCF. The FROM directory is where files will appear on the SCF after transfer.

Only the procedure for a FastFIS transfer from the OCF (CZ/RZ) to the SCF is described in this section. The TapeFIS transfer from the SCF to the OCF follows a similar pattern but requires DC review. See Secure-to-Open Transfers for more information.

FIS and File Names

When FastFIS moves files from one server to another, it automatically changes some characters in each file name (not in the body of the file, just in the file name) to avoid characters troublesome to some UNIX file-handling utilities. The table below shows which file name characters are changed during a transfer.

File Name Character Changes To
alphabetic no change
numeric no change
internal . (dot) no change
leading . (dot) _ (underscore)
All others (includes
space, hyphen, quote)
_ (underscore)

Users' file-handling scripts and commands need to take account of these changes in file name characters (on the receiving side) to avoid losing or omitting some FastFIS-transferred files. To preserve the special characters in a file's name unchanged, use the UNIX TAR utility to embed the file inside a TAR output file, transfer the TAR file with FTP (in Binary mode, required) to FastFIS, then run TAR again on the receiving side to extract the original file with its original name. (Changing your FastFIS access software from FTP to SFTP or Hopper has no effect on the file name changes described here.)

Depositing Open-to-Secure Files

FastFIS does not accept file transfers using NFT; you must use FTP or SFTP/SCP. Hopper may also be used. (Use the "Connect to FastFIS" or "Connect to RZFastFIS" options in Hopper's Connect menu.) If your files are not already on an llnl.gov machine, you must run FTP or Hopper on an llnl.gov machine to first get your files from outside. Files with blanks (spaces), or those with nonASCII characters in their names (such as some Macintosh files), will not be handled properly on UNIX machines. See the FIS and File Names section on how FIS handles all file names. The maximum number of simultaneous FTP connections with FastFIS is 25; SFTP connections have no maximum.

If you have one or more files you wish to transfer from the OCF (CZ/RZ) to the iSNSI or SCF, you must first gain access to the machine that has the file(s) and cd to the directory that contains the file(s). You submit files by using Hopper, FTP or SFTP/SCP to make a copy of a file from your local machine onto the transfer machine. For CZ-only users: Initiate the FTP, SFTP/SCP client software or Hopper and connect to fastfis.llnl.gov, authenticating via RSA OTP. For RZ/CZ-RZ users: Connect to rzfastfis.llnl.gov, authenticating via RZ RSA token. After you have connected to fastfis.llnl.gov/rzfastfis.llnl.gov, change to your TO directory so that you can submit files for transfer. A binary transfer will copy the file from the local machine to the transfer machine unchanged. In most cases you will want to select the binary transfer mode. FIS treats all files as binary files and does not perform any data translation.

For RZ/CZ-RZ users who are off site, additional steps are necessary. Start VPN on the off-site system. Initiate the FTP , SFTP/SCP or Hopper on the off site system. Connect to rzslic and move the files there. Close the connection, logon to rzslic and from there you can move the files to rzfastfis. Due to security requirements rzfastfis will not accept direct connections from systems that are off site, even if VPN is running.

Note: It is the responsibility of each user to be mindful of the data transferred and to safeguard against viruses, worms, trojan horses, and other hazards. In addition, the user should ensure that the file content faithfully represents that which the user is attempting to copy.

After copies of your local file(s) are put into the TO directory, they will be queued for transfer within 5 minutes of submission to FastFIS. No user notification will be sent when the files reach their destination. On FastFIS, the individual TO directories are scanned periodically and submitted file(s) are moved as a batch to a transfer area. The files are then automatically transferred across the OWL to the server on the SCF and deposited in the FROM directory. The file transfer time depends on the size of your files and the size of the files in the queue ahead of yours. Batches are transferred in a FIFO (first-in-first-out) manner, but within a batch, files may be transferred in any order.

If transferring files using TapeFIS, the individual TO directories are scanned periodically and your submitted file(s) are moved to a central collection area. The LC Operations staff monitors this collection area, and they will write a transfer tape (depending on the age and amount of accumulated files). (The separation between open and secure systems is maintained while files are transferred across it by copying the files to tape and physically moving those tapes from the open TapeFIS server to its counterpart on the SCF.) Files are generally transferred within 4 hours. You will receive a transfer notification via e-mail message on the OCF confirming that your files have arrived on the SCF.

Claiming Open-to-Secure

Retrieve files on the SCF by using SFTP/SCP, FTP or Hopper to make a copy of a file from the transfer server to your local machine (note: FTP is required for connections to tapefis on the SCF). Initiate the FTP client software, connect to fastfis.llnl.gov, and complete the authentication process (by specifying a user name and SCF password). After you have connected to to fastfis.llnl.gov, change to your FROM directory and list the file(s) in the directory. Use FTP to get a copy of the file from the transfer server and store it on your local machine. A binary transfer will copy the file from the local machine to the transfer machine unchanged. (In most cases, you will want to select the binary transfer mode.)

Because the transfer server has a finite amount of space and transfers will be impacted if file space is low, it is a good idea to delete the files from the FROM directory once you have retrieved and stored them on your local machine. After several days, files left in the FROM directory will be automatically purged.

Example Using OWL/FastFIS/FIS

Sending Retrieving
CZ-only Users RZ Users SCF or SNSI
sftp fis (PIN and LLNL RSA token)
cd TO
put <filename>
exit
sftp rzfis (PIN and RZ RSA token)
cd TO
put <filename>
exit
sftp fis (PIN and LLNL RSA token)
cd FROM
get <filename>
exit

FIS to and from the iSNSI Network

Both TapeFIS and OWL (one-way link) FIS are available on the iSNSI network. iSNSI TapeFIS is bidirectional and requires Derivative Classifier (DC) intervention for file transfers from Pinot to the OCF. Login examples are provided below. OWL transfers are significantly faster but are unidirectional for transfers from CZ and RZ to the SCF.

Note: User authentication to iSNSI TapeFIS on the OCF via the CZ (snsifis) or RZ (rzsnsifis) requires your OCF LC user name. Authentication to iSNSI TapeFIS from Pinot (tapefis) requires your official user name (OUN), which may differ from your OCF LC user name.

CZ Access to iSNSI FIS

Tape OWL
sftp snsitapefis (authenticate with OCF PIN and LLNL RSA SecurID token code)
cd TO
put filename
sftp snsifis(authenticate with OCF PIN and LLNL RSA SecurID token code)
cd TO
put filename

RZ Access to iSNSI FIS

Tape OWL
sftp rzsnsitapefis (authenticate with PIN and RZ RSA token code)
cd TO
put filename
sftp rzsnsifis (authenticate with PIN and RZ RSA token code)
cd TO
put filename

Retrieving Files from iSNSI FIS

Tape OWL
From an iSNSI desktop or Pinot
ftp tapefis (authenticate with OUN and SNSI PIN and LLNL RSA token code)
cd FROM
get filename
sftp fastfis (authenticate with OUN and SNSI PIN and LLNL RSA token code)
cd FROM
get filename

Quickstart Guide: Hopper and FIS

NOTE These instructions assume:

  • Your LC Account is provisioned to use FIS through LC Support and your LC Computer Coordinator has signed a FIS form;
  • You have the appropriate Classified Access Subplans approved in CAAS;
  • You have a working RSA PIN+Token code for each network; and,
  • You have the current version of Hopper on each network.

What you need to know in order to use Hopper and connect to one of the FIS servers

  • What is your LC Username? (This can be your OUN or something different)
    • OCF (CZ and RZ) network uses: your LC Username
    • SCF (iSRD) network uses: your LC Username
    • SNSI network uses: your OUN
  • Which Unclassified access do you have, CZ or RZ? 
    CZ or RZ
  • What network are you transferring data => TO: SCF (iSRD) or SNSI?

Getting Started

NOTE These examples are using a Windows Desktop version, but the process is the same.

Launch Hopper

This window will appear, we will call it Window #1.

Hopper connection window

NOTE You cannot drag files from your desktop to the TO folder: you should only drag files between this Hopper window and the TO Folder window.

Moving Files

Choose the directions that apply to your situation

OCF CZ (Unclassified) to SCF (iSRD)

1. Using the Connect Menu dropdown, go to: Connect / Connect to Fastfis (Fis)…

Connect

2. The following dialog will pop up:

 

Connecting screenshot

3. In the dialog, enter in the following

  • Host: fastfis  (and skip the Port: it should remain blank)
  • User: Your LC Username
  • Protocol: SFTP

4. Click the Connect button
5. This dialog will appear:

Password dialog with LLNL RSA token picture

6. Enter in your 8-character alphanumeric PIN and 6-digit Token code; For a total of 14 characters, no spaces
7. Click OK button

To

8. A new Hopper Window will pop up. We'll call this Window #2.

  • Window #2 displays your “TO” folder

9. Drag and drop from Window #1 to the TO folder in Window #2 to move files to the SCF (iSRD) Network.

NOTE You cannot drag files from your desktop to the TO folder: you can only drag files between Hopper windows.

OCF RZ (Unclassified) to SCF (iSRD)

Note: You must initiate these steps from another LC system (rzslic.llnl.gov)

1. Using the Connect Menu dropdown go to: Connect / Connect to Rzfastfis (Rzfis)…

RZ fastfis dialog

2. This dialog will pop up:

RZ fast fis pop up

3. In the dialog, enter in the following

  • Host: rzfastfis (and skip the Port: it should remain blank)
  • User: Your LC Username
  • Protocol: SFTP

4. Click the Connect button
5. This dialog will appear:

RZ Token dialog

6. Enter in your 8-character alphanumeric PIN and 6-digit Token code; For a total of 14 characters, no spaces
7. Click OK button
8. A new Hopper Window will pop up. We'll call this Window #2.

  • Window #2 displays your “TO” folder

9. Drag and drop from Window #1 to the TO folder in Window #2 to move files to the SCF (iSRD) Network.

NOTE You cannot drag files from your desktop to the TO folder: you can only drag files between Hopper windows.

OCF CZ (Unclassified) to iSNSI

1. Using the Connect Menu dropdown, go to: Connect / Connect to Snsifis…

iSNSI dialog

2.This dialog will appear:

iSNSI dialog

3. In the dialog, enter in the following

  • Host: snsifis (and skip the Port: it should remain blank)
  • User: Your LC Username
  • Protocol: SFTP

4. Click the Connect button
5. This dialog will appear:

Password dialog with LLNL RSA token picture

6. Enter in your 8-character alphanumeric PIN and 6-digit Token code; For a total of 14 characters, no spaces
7. Click OK button

8. A new Hopper Window will pop up. We'll call this Window #2.

  • Window #2 displays your “TO” folder

9. Drag and drop from Window #1 to the TO folder in Window #2 to move files to the iSNSI Network.

NOTE You cannot drag files from your desktop to the TO folder: you can only drag files between Hopper windows.

OCF RZ (Unclassified) to iSNSI

Note: You must initiate these steps from another LC system (rzslic.llnl.gov)

1. Using the Connect Menu dropdown go to: Connect / Connect to Rzsnsifis…

Dialog

2. This dialog will appear:

 

3. In the dialog, enter in the following

  • Host: rzsnsifis (and skip the Port: it should remain blank)
  • User: Your LC Username
  • Protocol: SFTP

4. Click the Connect button
5. This dialog will appear:

RZ Token dialog

6. Enter in your 8-character alphanumeric PIN and 6-digit Token code; For a total of 14 characters, no spaces
7. Click OK button

To

8. A new Hopper Window will pop up. We'll call this Window #2.

  • Window #2 displays your “TO” folder

9. Drag and drop from Window #1 to the TO folder in Window #2 to move files to the iSNSI Network.

NOTE You cannot drag files from your desktop to the TO folder: you can only drag files between Hopper windows.

Retrieving your file from the Classified (iSNSI or iSRD) network

After about 10 minutes or so, your files should be ready to retrieve on the classified network. The steps for retrieving your file are very much like for sending them, with these differences:

1. Running Hopper on the classified network, use the Connect Menu dropdown and select: Connect / Connect to FIS -> Fastfis…

2. In the password prompt dialog, enter in your 8-character alphanumeric PIN and 6-digit Token code, for a total of 14 characters, no spaces. Be sure to use your classified network PIN, which should be different than your open side PIN.

3. In the resulting "fastfis" Hopper window, navigate into the "FROM" directory to see the file(s) you sent. If the files are not there, wait a few more minutes and refresh the display to see if they have arrived. Repeat as necessary.

4. To retrieve the files, drag them from the fastfis Hopper window to your original Hopper window.

NOTE You cannot drag files from your desktop to the TO folder: you can only drag files between Hopper windows.

DC Support for Secure-to-Open Transfers

(SCF/iSNSI --> OCF)

Review by a DC is part of every secure-to-open—i.e., SCF to OCF—TapeFIS file transfer. (Note: A special visualization FIS-DC is needed for secure-to-open image and movie file transfers.) To help DCs carry out this review role, TapeFIS provides a special set of directories dedicated to managing files undergoing review and a special software tool (ADCTOOL) for conducting the review online.

DC Review Area

In addition to the TO and FROM directories seen by each regular user of the secure FIS server, DCs have access to a separate review area (where files wait, hidden from users and protected from outside changes). This review area is organized by DC pool and user and managed when DCs run the ADCTOOL utility.

DC Pools

Each organization that participates in TapeFIS secure-to-open file transfers has established one or more "DC review pools" that are responsible for inspecting candidate files submitted from users in that organization. A DC review pool consists of one or more DCs and follows these rules:

  • Each DC in a pool must be capable of reviewing the content of files submitted by all users assigned to that pool.
  • All DCs in the same pool work as peers, with equal authority. Departments or divisions may, however, add extra security by requiring dual reviews (such as both general and content-specific reviews) from different DCs for some data.
  • Every FIS user is assigned to a DC review pool based on the scope of their work as determined by their organization.
  • A user assigned to one DC pool can only have their submitted files reviewed by a member of that review pool (although DCs in the same pool can exchange review duties among themselves to better handle absences or workload).
  • A DC is only permitted to examine and approve (or disapprove) files submitted by the users assigned to his or her review pool.
  • Associated with each DC is a lifetime. Once the lifetime has expired, the DC cannot access files from their (former) pool for review. The LIST ADCS option of ADCTOOL reveals the current expiration date for every DC in the pool of the DC who runs it.

The secure-to-open review process, based on these DC pools, is simple:

  1. A user submits one or more files for transfer from the secure to the open network (by FTPing them to their TO directory on the secure TapeFIS server).
  2. The user then contacts a DC from their review pool and alerts them that files await inspection.
  3. The authorized DC runs ADCTOOL on the secure TapeFIS server to list the submitting user's queued files, move some (or all) of them to a special area (inaccessible to the user) for formal review, and pass (or fail) the files for transfer once reviewed.
  4. The user checks their README file (/users/username/README) on the secure TapeFIS server about the outcome of each file review and claims the file on the TapeFIS node if it is transferred.

ADCTOOL Explained (For DCs Only)

ADCTOOL Quick Reference Guide

If you are a DC, you can log into the secure (SCF/iSNSI) TapeFIS server (using SSH) to manipulate files that users have submitted for review. A utility called ADCTOOL runs as a shell as soon as you log in and offers commands designed to select, (dis)approve, and otherwise manage user-submitted files and share DC duties among those in your DC pool. ADCTOOL offers the prompt:

ADC-yourusername>

and accepts these commands:

list [target]

reports all files currently submitted for transfer or held for review by the DC running ADCTOOL, or (with target options) selectively reports only submitted files (queue), review-held files (held), the users for whom this DC can perform reviews (users), or this DC's peer reviewers and their expiration dates (adcs).

review [username [filelist]]

moves the specified file(s) for the specified user into the review area of the DC running ADCTOOL.

pass [username [filelist]]

approves the specified file(s) for the specified user, prompts for a description of the file type(s), moves the file(s) into the collection area for tape transfer to the open network, and alerts the user by appending a message to their README file.

fail [username [filelist]]

disapproves the specified file(s) for the specified user, deletes the file(s) and overwrites the space, and alerts the user by appending a message to their README file.

assume [username [adcname]]

enables the DC running ADCTOOL to "assume" review duties from the specified DC (adcname) for all currently held files of the specified user.

ftp [username]

starts an FTP session so you can move any currently held files for the specified user to another machine where you can examine their contents to determine their classification status.

help [command]

displays general ADCTOOL help, or help on the specified command.

quit

ends ADCTOOL and logs out of the secure (SCF) FIS node.

File-Management Commands

assume [username [dcname]]

Enables a second DC to "assume" review duties from a first DC (called dcname) for all (and only the) currently held (under-review) files submitted by username. If one DC transfers username's file(s) to their review area to begin the classification review but does not complete the process, this command lets any other DC in the same review pool (only) move the already-held files to their second review area to resume review. If you specify username but no dcname, ADCTOOL prompts for the missing DC's name. If you omit both names, ADCTOOL prompts for each one.

ftp [username]

Enables you to move held files to another machine (this is the only way you can examine their content in detail to confirm their classification status). This command:

  1. Starts an FTP client on the secure FIS node.
  2. Changes local directories so that (only) file(s) submitted by username are available for transfer.
  3. Lets you OPEN a connection to another secure machine, PUT files, and then QUIT the FTP session.>
  4. Resumes your ADCTOOL session when FTP ends.

While FTP runs, you get its prompt directly (and you can use any of its options). If you omit username, ADCTOOL prompts for it. Only a file copy is transferred to the remote machine; each file's reference version remains in the FIS node's review area until you pass or fail it with ADCTOOL.

Housekeeping Commands

help [command]

Displays a brief descriptive list of available ADCTOOL commands, or, if you specify command, provides a brief explanation of that command's role.

quit

Ends ADCTOOL and logs you out of your current interactive session on the secure FIS node.

Authorization Levels: The Classification Review Categories

Most users are prohibited from transferring any data from the SCF to the OCF. The use of the secure transfer server is limited to retrieving files transferred from the open environment. Users have a TO directory as part of the standard work space, but any files placed in that directory will not be transferred.

NEED Category

For users who have a need and are authorized to transfer files from SCF to OCF, you will have the standard work space (TO and FROM directories) for submitting and retrieving files. Files that you place in the TO directory will be held in the TO directory awaiting DC review and approval. Typically, you submit files into the TO directory and then seek out a DC within your organization who is capable of reviewing your data. Your completed user request form contains the name of a DC pool; the DCs assigned to this pool are capable of reviewing your data. Ask your computer coordinator for the names of the DCs assigned to this pool. Each department or division determines its own file review policy for its own DCs. LC, for example, expects a "cognizant system administrator" DC to review system data before a second, routine review by a "FIS DC" takes place.

You and your DC(s) will usually begin by discussing the content of your submitted files. The DC is also able to select and copy your files for review and examine them on his or her local computer (assisted by a special program called ADCTOOL). The DC can accept the files as approved data and release them back into the transfer path or reject the files as disapproved data and purge the files from FIS.

When a file is selected for review by a DC, it is copied from your TO directory into a review area that is inaccessible by the user. (All files must be submitted in the TO directory, where they await DC inspection.)

So how do users find out if their files have completed review? One way is to ask the DC; another is to look at the README file found in your top-level directory on the secure FIS node (/var/spool/fis/ftp/users/yourname/README). Each time a file has been reviewed (pass or fail), an entry is added to README; you can examine the tail end of this file for the results of the review, or you can simply examine the modification time of the README file to determine if the review action has occurred.