Zone Access
Accessing the Collaboration and Restricted Zones
The table below provides tips for accessing the Collaboration Zone (CZ) and the Restricted Zone (RZ) from your desktop or a Livermore Computing (LC) CZ or RZ machine.
| From | To | Usage Notes |
|---|---|---|
| CZ Machines | RZ machine | Not permitted. |
| CZ machine | SSH with LLNL RSA token; SSH keys permitted. | |
| Enterprise services | Not permitted. | |
| storage | OK for CZ-only users; not permitted for RZ users. No sensitive content. | |
| fis, fastfis, tapefis | FTP to host; authenticate with LLNL RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead. | |
| rzfis, rzfastfis, rztapefis | Not permitted. | |
| rzstage | Not permitted. | |
| rzarchive rzstorage |
Not permitted. | |
| give/take | Unique to CZ (and separate from RZ). No sensitive content. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Unique to CZ (and separate from RZ). No sensitive content. | |
| /nfs/tmp2 | Unique to CZ (and separate from RZ). No sensitive content. | |
| /p/lscratchrz[*] | Not mounted. | |
| /p/lscratch[*] | Mounted. No sensitive content. | |
| /usr/gapps | Unique to CZ (and separate from RZ). No sensitive content. | |
| /collab/usr/gapps | Mounted as read/execute only. Shared with RZ. | |
| From | To | Usage Notes |
| LLNL Desktops |
RZ machine | SSH to RZ machine with RZ PIN + RZ RSA token again. |
| CZ machine | SSH with LLNL RSA token; SSH keys not permitted. | |
| Enterprise services | OK | |
| storage | CZ-only users. RZ users must FTP to rzarchive/rzstorage and authenticate with RZ RSA token. No sensitive content. | |
| fis, fastfis, tapefis | FTP to host; authenticate with LLNL RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead. | |
| rzfis, rzfastfis, rztapefis | RZ users only. FTP to host; authenticate with RZ RSA token. | |
| rzstage | RZ users only. Use SFTP, SCP or Hopper; FTP not permitted. Authenticate with RZ RSA token. Refer to Technical Bulletin 469. | |
| rzarchive rzstorage |
RZ usrs only. FTP to rzarchive or rzstorage; authenticate with RZ RSA token. | |
| give/take | Mounting from desktop not permitted. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Mounting from desktop not permitted. | |
| /nfs/tmp2 | Mounting from desktop not permitted. | |
| /p/lscratchrz[*] | Mounting from desktop not permitted. | |
| /p/lscratch[*] | Mounting from desktop not permitted. | |
| /usr/gapps | Mounting from desktop not permitted. | |
| /collab/usr/gapps | Mounting from desktop not permitted. | |
| From | To | Usage Notes |
| RZ Machines | RZ machine | SSH with LLNL RSA token; SSH keys permitted. |
| CZ machine | SSH with LLNL RSA token; SSH keys permitted. | |
| Enterprise services | OK | |
| storage | OK from RZ machines only. Sensitive content permitted. | |
| fis, fastfis, tapefis | Not permitted. Use rzfis, rzfastfis, rztapefis. | |
| rzfis, rzfastfis, rztapefis | FTP to host; authenticate with RZ RSA token. | |
| rzstage | N/A | |
| rzarchive rzstorage |
N/A. Use FTP to storage. | |
| give/take | Unique to RZ. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Unique to RZ (and separate from CZ). Sensitive content permitted. | |
| /nfs/tmp2 | Unique to RZ (and separate from CZ). Sensitive content permitted. | |
| /p/lscratchrz[*] | Mounted from RZ machines. Sensitive content permitted. | |
| /p/lscratch[*] | Mounted by RZSLIC for convenience. | |
| /usr/gapps | Unique to RZ (and separate from CZ). | |
| /collab/usr/gapps | Mounted as read/write/execute. Shared with CZ. | |
| From | To | Usage Notes |
| External Internet |
CZ machine | SSH with LLNL RSA token; SSH keys not permitted. |
| RZ machine | VPN required. SSH to RZ machine with RZ PIN + RZ RSA token. | |
| LANL, Sandia Machines |
CZ machine | See instructions located at: Sandia Access |
| RZ |
See instructions located at: LANL Access
|