Accessing the Collaboration and Restricted Zones, a.k.a. "The Enclave"
The table below provides tips for accessing the Collaboration Zone (CZ) and the Restricted Zone (RZ) from your desktop or a Livermore Computing (LC) CZ or RZ machine.
| From | To | Usage Notes |
|---|---|---|
| CZ Machines | RZ machine | Not permitted. |
| CZ machine | SSH with LLNL RSA token; SSH keys permitted. | |
| Enterprise services | Not permitted. | |
| storage czarchive czstorage |
OK for CZ-only users; not permitted for RZ users. No sensitive content. | |
| fis, fastfis, tapefis | FTP to host; authenticate with LLNL RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead. | |
| rzfis, rzfastfis, rztapefis | Not permitted. | |
| rzarchive rzstorage |
Not permitted. | |
| give/take | Unique to CZ (and separate from RZ). No sensitive content. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Unique to CZ (and separate from RZ). No sensitive content. | |
| /usr/workspace | Mounted. No sensitive content. | |
| /p/lustre[*] | Mounted. No sensitive content. | |
| /usr/gapps | Unique to CZ (and separate from RZ). No sensitive content. | |
| /collab/usr/gapps | Mounted as read/execute only. Shared with RZ. | |
| From | To | Usage Notes |
| LLNL Desktops |
RZ machine | SSH to RZ machine with RZ PIN + RZ RSA token again. |
| CZ machine | SSH with LLNL RSA token; SSH keys not permitted. | |
| Enterprise services | OK | |
| storage | Not permitted. | |
| czarchive czstorage |
CZ-only users. FTP to czarchive or czstorage; authenticate with LLNL RSA token. No sensitive content. RZ users must FTP to rzarchive/rzstorage and authenticate with RZ RSA token. | |
| fis, fastfis, tapefis | FTP to host; authenticate with LLNL RSA token. RZ users do not have access - must use rzfis, rzfastfis, rztapefis instead. | |
| rzfis, rzfastfis, rztapefis | RZ users only. FTP to host; authenticate with RZ RSA token. | |
| rzarchive rzstorage |
RZ usrs only. FTP to rzarchive or rzstorage; authenticate with RZ RSA token. | |
| give/take | Mounting from desktop not permitted. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Mounting from desktop not permitted. | |
| /usr/workspace | Mounting from desktop not permitted. | |
| /p/lustre[*] | Mounting from desktop not permitted. | |
| /usr/gapps | Mounting from desktop not permitted. | |
| /collab/usr/gapps | Mounting from desktop not permitted. | |
| From | To | Usage Notes |
| RZ Machines | RZ machine | SSH with LLNL RSA token; SSH keys permitted. |
| CZ machine | SSH with LLNL RSA token; SSH keys permitted. | |
| Enterprise services | OK | |
| storage, rzarchive, rzstorage | OK from RZ machines only. Sensitive content permitted. | |
| fis, fastfis, tapefis | Not permitted. Use rzfis, rzfastfis, rztapefis. | |
| rzfis, rzfastfis, rztapefis | FTP to host; authenticate with RZ RSA token. | |
| give/take | Unique to RZ. | |
| rzlc.llnl.gov Web pages | Authenticate with RZ RSA token, then with RZ RSA token again. | |
| Home directories | Unique to RZ (and separate from CZ). Sensitive content permitted. | |
| /p/lustre[*] | Mounted from RZ machines. Sensitive content permitted. | |
| /p/czlustre[*] | Mounted by RZSLIC for convenience. | |
| /usr/gapps | Unique to RZ (and separate from CZ). | |
| /collab/usr/gapps | Mounted as read/write/execute. Shared with CZ. |
| From | To | Usage Notes |
|---|---|---|
| External Internet |
CZ machine | SSH with LLNL RSA token; SSH keys not permitted. |
| RZ machine | VPN required. SSH to RZ machine with RZ PIN + RZ RSA token. | |
| LANL, Sandia Machines |
CZ machine | See instructions located at: Sandia Access |
| RZ | See instructions located at: LANL Access |