Accessing the Collaboration and Restricted Zones, a.k.a. "The Enclave"

The table below provides tips for accessing the Collaboration Zone (CZ) and the Restricted Zone (RZ) from your desktop or a Livermore Computing (LC) CZ or RZ machine.

From To Usage Notes
CZ Machines RZ machine Not permitted.
CZ machine SSH with LLNL RSA token; SSH keys permitted.
Enterprise services Not permitted.
storage

czarchive

czstorage
OK for CZ-only users; not permitted for RZ users. No sensitive content.
fis, fastfis, tapefis FTP to host; authenticate with LLNL RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead.
rzfis, rzfastfis, rztapefis Not permitted.
rzarchive

rzstorage
Not permitted.
give/take Unique to CZ (and separate from RZ). No sensitive content.
rzlc.llnl.gov Web pages Authenticate with RZ RSA token, then with RZ RSA token again.
Home directories Unique to CZ (and separate from RZ). No sensitive content.
/usr/workspace Mounted. No sensitive content.
/p/lustre[*] Mounted. No sensitive content.
/usr/gapps Unique to CZ (and separate from RZ). No sensitive content.
/collab/usr/gapps Mounted as read/execute only. Shared with RZ.
From To Usage Notes
LLNL

Desktops
RZ machine SSH to RZ machine with RZ PIN + RZ RSA token again.
CZ machine SSH with LLNL RSA token; SSH keys not permitted.
Enterprise services OK
storage Not permitted.
czarchive

czstorage
CZ-only users. FTP to czarchive or czstorage; authenticate with LLNL RSA token. No sensitive content. RZ users must FTP to rzarchive/rzstorage and authenticate with RZ RSA token.
fis, fastfis, tapefis FTP to host; authenticate with LLNL RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead.
rzfis, rzfastfis, rztapefis RZ users only. FTP to host; authenticate with RZ RSA token.
rzarchive

rzstorage
RZ usrs only. FTP to rzarchive or rzstorage; authenticate with RZ RSA token.
give/take Mounting from desktop not permitted.
rzlc.llnl.gov Web pages Authenticate with RZ RSA token, then with RZ RSA token again.
Home directories Mounting from desktop not permitted.
/usr/workspace Mounting from desktop not permitted.
/p/lustre[*] Mounting from desktop not permitted.
/usr/gapps Mounting from desktop not permitted.
/collab/usr/gapps Mounting from desktop not permitted.
From To Usage Notes
RZ Machines RZ machine SSH with LLNL RSA token; SSH keys permitted.
CZ machine SSH with LLNL RSA token; SSH keys permitted.
Enterprise services OK
storage, rzarchive, rzstorage OK from RZ machines only. Sensitive content permitted.
fis, fastfis, tapefis Not permitted. Use rzfis, rzfastfis, rztapefis.
rzfis, rzfastfis, rztapefis FTP to host; authenticate with RZ RSA token.
give/take Unique to RZ.
rzlc.llnl.gov Web pages Authenticate with RZ RSA token, then with RZ RSA token again.
Home directories Unique to RZ (and separate from CZ). Sensitive content permitted.
/p/lustre[*] Mounted from RZ machines. Sensitive content permitted.
/p/czlustre[*] Mounted by RZSLIC for convenience.
/usr/gapps Unique to RZ (and separate from CZ).
/collab/usr/gapps Mounted as read/write/execute. Shared with CZ.
From To Usage Notes
External

Internet
CZ machine SSH with LLNL RSA token; SSH keys not permitted.
RZ machine VPN required. SSH to RZ machine with RZ PIN + RZ RSA token.
LANL, Sandia

Machines
CZ machine See instructions located at: Sandia Access
RZ See instructions located at: LANL Access