Gatekeepers

The gatekeepers shield NCAR/UCAR computers from intruders by authenticating users who need to access systems inside the UCAR firewall security perimeter. To ensure that NCAR's vital computing resources are used only for their intended purpose, CISL restricts access to certain systems with one-time passwords. Users must prove their identity via a secure hardware device called a CRYPTOCard. After satisfying a gatekeeper, users must then use their UCAR Central Authentication Server (UCAS) password before logging on to the computer inside the security perimeter.

One gatekeeper cluster (top right) controls access to the supercomputing resources, and another gatekeeper cluster (bottom right) controls access to the other systems inside the UCAR security perimeter.

The VPN server also performs a gatekeeper function, allowing users to securely access UCAR's internal networks from an external network just as if they had an Ethernet connection inside the security perimeter.