Zone Access
Accessing the Collaboration and Restricted Zones, aka "The Enclave"
The table below provides tips for accessing the Collaboration Zone (CZ) and the Restricted Zone (RZ) from your desktop or a Livermore Computing (LC) CZ or RZ machine.
| From | To | Usage Notes |
|---|---|---|
| CZ Machines | RZ machine | Not permitted. |
| CZ machine | SSH with LLNL RSA token; SSH keys permitted. | |
| Enterprise services | Not permitted. | |
| storage | OK for CZ-only users; not permitted for RZ users. No sensitive content. | |
| fis, fastfis, tapefis | FTP to host; authenticate with LLNL RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead. | |
| rzfis, rzfastfis, rztapefis | Not permitted. | |
| rzstage | Not permitted. | |
| rzarchive rzstorage |
Not permitted. | |
| give/take | Unique to CZ (and separate from RZ). No sensitive content. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Unique to CZ (and separate from RZ). No sensitive content. | |
| /usr/workspace | Mounted. No sensitive content. | |
| /p/lustre[*] | Mounted. No sensitive content. | |
| /usr/gapps | Unique to CZ (and separate from RZ). No sensitive content. | |
| /collab/usr/gapps | Mounted as read/execute only. Shared with RZ. | |
| From | To | Usage Notes |
| LLNL Desktops |
RZ machine | SSH to RZ machine with RZ PIN + RZ RSA token again. |
| CZ machine | SSH with LLNL RSA token; SSH keys not permitted. | |
| Enterprise services | OK | |
| storage | CZ-only users. RZ users must FTP to rzarchive/rzstorage and authenticate with RZ RSA token. No sensitive content. | |
| fis, fastfis, tapefis | FTP to host; authenticate with LLNL RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead. | |
| rzfis, rzfastfis, rztapefis | RZ users only. FTP to host; authenticate with RZ RSA token. | |
| rzstage | RZ users only. Use SFTP, SCP or Hopper; FTP not permitted. Authenticate with RZ RSA token. Refer to Technical Bulletin 469. | |
| rzarchive rzstorage |
RZ usrs only. FTP to rzarchive or rzstorage; authenticate with RZ RSA token. | |
| give/take | Mounting from desktop not permitted. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Mounting from desktop not permitted. | |
| /usr/workspace | Mounting from desktop not permitted. | |
| /p/lustre[*] | Mounting from desktop not permitted. | |
| /usr/gapps | Mounting from desktop not permitted. | |
| /collab/usr/gapps | Mounting from desktop not permitted. | |
| From | To | Usage Notes |
| RZ Machines | RZ machine | SSH with LLNL RSA token; SSH keys permitted. |
| CZ machine | SSH with LLNL RSA token; SSH keys permitted. | |
| Enterprise services | OK | |
| storage | OK from RZ machines only. Sensitive content permitted. | |
| fis, fastfis, tapefis | Not permitted. Use rzfis, rzfastfis, rztapefis. | |
| rzfis, rzfastfis, rztapefis | FTP to host; authenticate with RZ RSA token. | |
| rzstage | N/A | |
| rzarchive rzstorage |
N/A. Use FTP to storage. | |
| give/take | Unique to RZ. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Unique to RZ (and separate from CZ). Sensitive content permitted. | |
| /p/lustre[*] | Mounted from RZ machines. Sensitive content permitted. | |
| /p/czlustre[*] | Mounted by RZSLIC for convenience. | |
| /usr/gapps | Unique to RZ (and separate from CZ). | |
| /collab/usr/gapps | Mounted as read/write/execute. Shared with CZ. | |
| From | To | Usage Notes |
| External Internet |
CZ machine | SSH with LLNL RSA token; SSH keys not permitted. |
| RZ machine | VPN required. SSH to RZ machine with RZ PIN + RZ RSA token. | |
| LANL, Sandia Machines |
CZ machine | See instructions located at: Sandia Access |
| RZ |
See instructions located at: LANL Access
|