mopdf.com

U SI N G CUNY S E CU R E R E M O T E A CCE S S1USING CUNY SECURE REMOTE ACCESS(SSL VPN)Computing and Information ServicesInformation Security GroupMarch 20, 2018Rev: 2.0

U SI N G CUNY S E CU R E R E M O T E A CCE S S2IntroductionCUNY Secure Remote Access (https://ra.cuny.edu/) offers web-based, off-campus access tointernal, restricted CUNY network resources using Pulse Secure SSL Virtual Private Network (SSL VPN)technology. Because SSL VPN leverages capabilities already built into web browsers, it functions insituations where traditional “IPsec” VPN can be troublesome or does not function at all.Your access to resources when using Secure Remote Access is based upon access profiles (“roles”)associated with groups and other attributes established in the CIS Active Directory. To be able to useSecure Remote Access, you must have valid credentials in the directory and membership in the groupsassociated with each resource or groups of resources you are authorized to access remotely.Access MethodsSecure Remote Access provides two general remote access methods: Web Access and NetworkConnect. Your Secure Remote Access account will provide you with either or both of theseaccess methods depending upon your requirements.Web AccessUsing the Web Access method, resources can be accessed remotely through a webbased interface using a computer with a compatible web browser. After logging intoSecure Remote Access successfully, resources appear as clickable hyperlinks(bookmarks) on your Secure Remote Access home page. Your home page is tailored tocontain bookmarks to only those resources that you are authorized to access. Throughthis method, you can remotely access web-based applications, file shares, remotedesktops (Windows Only) and servers using Telnet/SSH. Additionally, client/serverapplications can be secured for remote access using the Secure Application Managerfeature.Network ConnectIn situations where access to applications or protocols that are not supported by theWeb Access method is required, you can, as authorized, make use of the NetworkConnect feature by clicking on the Network Connect button on your Secure RemoteAccess home page. When using Network Connect, VPN software downloaded to yourcomputer establishes a virtual network “tunnel” with Secure Remote Access, providingsecure, transparent network access to authorized hosts, subnets and protocols. BecauseNetwork Connect establishes a direct path between your computer and CUNY’s internalnetwork (intranet), additional restrictions and validations can be expected.Supported ConfigurationsMarch 20, 2018Rev: 2.0

U SI N G CUNY S E CU R E R E M O T E A CCE S S3Compatible Operating System and Web Browser ConfigurationsOperating SystemWeb BrowserWindows 7 (64-bit)Firefox 52, Google Chrome Internet Explorer 11Windows 7 (32-bit)Firefox 31, Google Chrome Internet Explorer 11Windows 8.1FireFox 31, Google Chrome, Internet Explorer 11Windows 8FireFox 31, Google Chrome, Internet Explorer 10Windows 10Microsoft Edge, FireFox 52, Google Chrome, Internet Explorer 11Mac OS X (10.8 and higher)Safari 6.0Linux: 1OpenSuse 10.x, 11x, 12.1 (32-bit only)Ubuntu 9.10, 10x, 11x, 12.04, 14.04, 15.04, 16.04 (64-bit only)Red Hat Enterprise Linux 5 (32-bit only), 7(64-bit only)Access to some resource types requires Sun Java Runtime Environment (JRE), generally preinstalled on most computers. JRE should be updated to the most recent version available butmust be at version 7 or later.Browser pop-up blockers must be inhibited for ra.cuny.edu or disabled.Note: Should you be unable to connect using “Terminal Services”, please attempt using“HTML5 Access”.HTML5 Access provides a browser based remote session that should be used only whenTerminal Access is unavailable.1Linux is certified compatible by the Secure Remote Access vendor but is supported on a best effort basis only.March 20, 2018Rev: 2.0

U SI N G CUNY S E CU R E R E M O T E A CCE S S4FireFox Remote Access Instructions1. Using your web browser, go to Secure Remote Access’s sign-in page located athttps://ra.cuny.eduYou will see a page similar to the one below:2. Enter your CIS Active Directory username as [email protected] where usernameis your CIS Active Directory login name and domain is the Active Directory domain where yourcredentials exist. (e.g., @co.cuny.adlan for Central Office, @affiliates.cuny.adlan for affiliatedusers, @qc.cuny.adlan for Queens College, etc.) Then enter your password.Note: Do not confuse your CIS Active Directory username and password with CUNY Portalcredentials nor any other CUNY online credentials that you may have. Typically, these are thesame credentials as those you use to log into your Central Office Windows desktop. If you areuncertain as to which credential to use, do not know if you have CIS Active Directory credentialsor have trouble signing on, please contact the CIS Helpdesk at [email protected]. Choose a realm from the pull-down menu. Currently there are two realms to choose from,Web Access and Network Connect. Web Access can normally be selected. For convenience, therealm you last selected will be remembered from session to session if your web browser hascookies enabled.Choose the Network Connect realm if you are authorized for Network Connect and wish to useit. Choosing the Network Connect realm initiates Host Checker validation as required forNetwork Connect. See Network Connect and Host Checker below for further detail.March 20, 2018Rev: 2.0

U SI N G CUNY S E CU R E R E M O T E A CCE S S54. Click the Sign In buttonAfter you log in and authenticate successfully, your Secure Remote Access home page will bedisplayed:Your home page will look somewhat different as the bookmarks and options displayed on thepage are customized for the remote access roles that are authorized to you. In this example,bookmarks are presented to access CUNYfirst and the users Terminal and HTML5 sessions.Most Windows users will be using the “Terminal Session”. If you experience any issues pleaseattempt connection via the “HTML5 Access”.Note: the session will show your name next to “Desktop”.When you access web applications and sites through web bookmarks, a small floating toolbarmay appear in the upper right of the window with buttons to return you to the home page, signout, etc. The toolbar provides a convenient means for you to manage your Secure Remote Accessweb session.5. At the end of your remote access session, click the Sign out button. You can find it located inthe upper-right hand corner of the home page or on the floating toolbar.Note: Should you be unable to connect using “Terminal Services”, please attempt using“HTML5 Access”.HTML5 Access provides a browser based remote session that should be used only whenTerminal Access is unavailable.SEE BELOW FOR FIRST TIME USE INSTRUCTIONSMarch 20, 2018Rev: 2.0

6U SI N G CUNY S E CU R E R E M O T E A CCE S SView when first logging in if Pulse is not installed locally you will receive the following window.You can choose to wait for the download to launch automatically or click on “Download” to initiate theinstallation. If prompted select “Save File”.March 20, 2018Rev: 2.0

7U SI N G CUNY S E CU R E R E M O T E A CCE S SWhen first launching the installation file you may receive the below prompt, “Open Executable File?”Accept the executable file by clicking “OK”.Another prompt will then open asking if you wish to “run this file”. Click on “Run”.March 20, 2018Rev: 2.0

8U SI N G CUNY S E CU R E R E M O T E A CCE S SPlease wait while Pulse installs.After installation is complete and you select “click HERE” per the page instructions you may receive thebelow “Launch Application” options menu. Select “Pulse Secure Application Launcher”, “Remembermy choice” and “open link”.March 20, 2018Rev: 2.0

9U SI N G CUNY S E CU R E R E M O T E A CCE S SOn you first connection attempt when Pulse Launches it may need to download additional updates.After the download completes your remote desktop will launch.You should now see your desktop, remote machine access complete. March 20, 2018Rev: 2.0

U SI N G CUNY S E CU R E R E M O T E A CCE S S10Microsoft Edge Remote Access Instructions1. Using your web browser, go to Secure Remote Access’s sign-in page located athttps://ra.cuny.eduYou will see a page similar to the one below:2. Enter your CIS Active Directory username as [email protected] where usernameis your CIS Active Directory login name and domain is the Active Directory domain where yourcredentials exist. (e.g., @co.cuny.adlan for Central Office, @affiliates.cuny.adlan for affiliatedusers, @qc.cuny.adlan for Queens College, etc.) Then enter your password.Note: Do not confuse your CIS Active Directory username and password with CUNY Portalcredentials nor any other CUNY online credentials that you may have. Typically, these are thesame credentials as those you use to log into your Central Office Windows desktop. If you areuncertain as to which credential to use, do not know if you have CIS Active Directory credentialsor have trouble signing on, please contact the CIS Helpdesk at [email protected]. Choose a realm from the pull-down menu. Currently there are two realms to choose from,Web Access and Network Connect. Web Access can normally be selected. For convenience, therealm you last selected will be remembered from session to session if your web browser hascookies enabled.March 20, 2018Rev: 2.0