DHS Remote&Access ... - Olive View-UCLA Remote Access_v2_4sm.pdf ·...

DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 1

DHS Remote Access (Adaptive Authentication)

Reference Guide

https://sslvpn.lacounty.gov/dhs

V2.4

Version: 1.0 Harbor-‐UCLA Informatics/[email protected]/23-‐Oct-‐2014 2.0 DHS/[email protected]/24-‐Oct-‐2014 2.1 Harbor-‐UCLA Informatics/[email protected]/30-‐Oct-‐2014 2.2 Harbor-‐UCLA Informatics/[email protected]/06-‐Feb-‐2015 2.3 Harbor-‐UCLA Informatics/[email protected]/02-‐Apr-‐2015 2.4 Harbor-‐UCLA Informatics/[email protected]/21-‐Nov-‐2015

mailto:Informatics/[email protected]/02-Apr-2015


Table of Contents

Installation Requirements ....................................................................................................... 3

Access URL .............................................................................................................................. 3

Prerequisite Set-‐up for Mac OS X ............................................................................................ 4 A. Install Java ................................................................................................................................................................................ 4 B. Prepare Safari browser ...................................................................................................................................................... 6 Initial SSL VPN Set-‐up (Mac OS X) .......................................................................................... 10

Signing into ORCHID (Mac OS X) ............................................................................................ 13

Initial SSL VPN Set-‐up (Microsoft Windows) .......................................................................... 18

Signing into ORCHID (Microsoft Windows) ............................................................................ 21

Appendix A: Citrix Receiver Installation ................................................................................. 24

Appendix B: Mac OS X Troubleshooting ................................................................................. 26

Appendix C: Advanced Mac OS X Troubleshooting ................................................................ 27 Problem: Do not see Mac-‐specific links for ORCHID ............................................................................................... 27 Problem: Host Checker does not launch ....................................................................................................................... 28 Problem: Java Secure Application Manager does not automatically launch ................................................. 30 Problem: PowerChart (or other ORCHID application) will not launch ........................................................... 32 Appendix D: Acceptable Antivirus (as of 10/18/2015) ............................................................ 34


Installation Requirements

1. Operating System: a. Microsoft Windows 7 Professional or Windows 8/8.1 b. Mac OS X (10.9 or 10.10)

2. Browser:

a. Microsoft Windows: Internet Explorer, Firefox b. Mac OS X: Safari only

3. Java:

a. Windows: current version, available at http://www.java.com/en/download/ b. Mac OS X:

i. current version, available at: http://www.java.com/en/download/mac_download.jsp?locale-‐=en

ii. Apple Java SE 6, available at http://support.apple.com/kb/DL1572

4. Citrix Receiver: current version, available at: http://www.citrix.com/go/receiver.html (see Appendix A for detailed installation instructions)

5. Antivirus software is *** REQUIRED *** (See Appendix C)

Access URL To access the DHS sslvpn Remote Access solution, go to:


http://www.java.com/en/download/

http://www.java.com/en/download/mac_download.jsp?locale-=en

http://support.apple.com/kb/DL1572

http://www.citrix.com/go/receiver.html



Prerequisite Set-‐up for Mac OS X

A. Install Java 1. Install the current version of Java for Mac OS X. Go to: https://java.com/en/download/mac_download.jsp to download the current version. Open the disk image. You will see an installer package. Double-‐click on the package to install.

You should see the following after installation is completed successfully.

https://java.com/en/download/mac_download.jsp


2. In order to use the SSL VPN service on Mac OS X, you must have Apple Java for OS X 2015-‐001 installed. This will install the Oracle Java SE 6 components necessary to remotely access ORCHID. Go to: http://support.apple.com/kb/DL1572 to download this update. Open the disk image. Double-‐click on the installer package to install.

You should see the following after installation is completed successfully.



B. Prepare Safari browser 1. In Safari, go to: https://sslvpn.lacounty.gov/dhs and then log in using your HOSTED username and password (the e or c number used for email and timecard)

2. When asked to trust the website, click on Trust

3. You must now reset the Java security setting for the site to allow for the SSLVPN Host Checker software to run. At this point, you may get an error message indicating that you are not allowed to sign-‐in. (Don’t panic. It’s ok.)



4. Open Safari Preferences:

5. Click on the Security icon. At the Internet plug-‐ins section, Make sure that Allow Plug-‐ins is checked and then click on Website Settings:

6. Find and click on Java in the left column. Then click on the drop down box next to sslvpn.lacounty.gov


7. Change the security setting from Allow to Run in Unsafe Mode (It’s ok, really. Trust us.)

8. You will see a pop-‐up dialog box asking if you are sure that you trust the website. Click on Trust.


9. Click on Done.


Initial SSL VPN Set-‐up (Mac OS X) 1. Now, log in again using your HOSTED (DHS Active Directory) username and password (the e or c number used for email and timecard systems)

2. If this is the first time you have used the SSL VPN from any device, you will be prompted to enroll in the sslvpn Adaptive Authentication system. You will be led through a series of screens to set up your account.


3. You will be prompted to set up three challenge questions.

4. Next you will be prompted to set up alternate email notification addresses. Alternate email addresses are important because if you log in from a computer that is not recognized (i.e. you haven’t used it for DHS remote access before), then you will receive an email at your defined email addresses with a confirmation code to enter, similar to what banks do.


5. At the end, you will see a confirmation of the challenge questions and your answers. Click on Finish and you will be ready to use DHS Remote Access.


Signing into ORCHID (Mac OS X) 1. In Safari, go to: https://sslvpn.lacounty.gov/dhs and then log in using your HOSTED username and password (the e or c number used for email and timecard)

2. You will then be prompted to answer a challenge question and given the option to “Remember this Computer”.



3. The Java-‐based Host Checker will then run. Host Checker is a Java-‐based software application that verifies that the computer meets the minimum requirements.

A pop-‐up dialog window should appear indicating that the Host Checker is launching. If you do not see the following pop-‐up, quit your browser completely (not just closing the tab or window) and re-‐launch.

You may see the following dialog box requesting permission for Java to run depending upon your system settings.


4. The following page should now appear. Before opening ORCHID, first start the Java Secure Application Manager.

The Juniper application should then launch and the following pop-‐up should appear.

Once the application has successfully launched, a new status window will appear.

You are now logged in to the SSL VPN.


5. Select the ORCHID Production bookmark

6. You will now see the ORCHID application portal. Select the desired application, e.g. PowerChart.


7. The Citrix Receiver client should then launch.

8. The ORCHID/Cerner Millennium login window will display.

You may now log into ORCHID.

Notes: 1. Fuji Synapse PACS images are currently unable to be viewed through the SSL VPN. 2. To sign out cleanly, please close your browser window. 3. Apple iOS devices are not currently supported.


Initial SSL VPN Set-‐up (Microsoft Windows) 1. In a compatible browser, go to: https://sslvpn.lacounty.gov/dhs and then log in using your HOSTED username and password (the e or c number used for email and timecard)

2. If this is the first time you have used the SSL VPN from any device, you will be prompted to enroll in the sslvpn Adaptive Authentication system. You will be led through a series of screens to set up your account.



3. You will be prompted to set up three challenge questions.

4. Next you will be prompted to set up alternate email notification addresses. Alternate email addresses are important because if you log in from a computer that is not recognized (i.e. you haven’t used it for DHS remote access before), then you will receive an email at your defined email addresses with a confirmation code to enter, similar to what banks do.


5. At the end, you will see a confirmation of the challenge questions and your answers. Click on Finish and you will be ready to use DHS Remote Access.


Signing into ORCHID (Microsoft Windows) 1. In a compatible browser, go to: https://sslvpn.lacounty.gov/dhs and then log in using your HOSTED (DHS Active Directory) username and password (the e or c number used for email and timecard systems)

2. You will be prompted to answer a challenge question and given the option to “Remember this Computer”.

3. The Java-‐based Host Checker will then run.



The first time you use Remote Access you will be asked to trust the “sslvpn.lacounty.gov” Java plug-‐in. If you have not installed Java, you will be prompted to install it. You are now logged in to the SSL VPN. 4. Select the ORCHID Production bookmark

5. You will now see the ORCHID application portal. Select the desired application, e.g. PowerChart.


6. The Juniper Citrix Services Client and Citrix Receiver client should then launch.

7. The ORCHID/Cerner Millennium login window will display.

You may now log into ORCHID.

Notes: 1. Fuji Synapse PACS images are currently unable to be viewed through the SSL VPN. 2. To sign out cleanly, please close your browser window.


Appendix A: Citrix Receiver Installation

1. Download the latest version of the Citrix Receiver at http://www.citrix.com/go/receiver.html (it will automatically detect the correct version to download)

2. Open the downloaded file and select Install.

http://www.citrix.com/go/receiver.html


3. When the installation has completed, select Finish.

** NOTE: Citrix Receiver may ask you to add a Connection Server. You may ignore this and click cancel.

4. Quit all browsers after Citrix Receiver has installed and restart.


Appendix B: Mac OS X Troubleshooting

Most problems related to being unable to launch the SSL VPN connection successfully are related to Java. Common errors include:

1. Unsupported session warning

2. Host Checker hanging (Safari spinning beach ball) or does not load

Please try the following steps:

1. Remove the current version of Java by following the instructions here:

http://www.java.com/en/download/help/mac_uninstall_java.xml

2. Reboot your computer

3. Reinstall the Java components in the following order:

a. Oracle Java current version, available at:

http://www.java.com/en/download/mac_download.jsp?locale-‐=en

b. Apple Java SE 6, available at http://support.apple.com/kb/DL1572

4. Reboot your computer

If still unable to launch ORCHID successfully, try the additional steps listed here:

http://support.apple.com/en-‐us/HT202643

to re-‐enable the Apple-‐provided Java SE 6 web plug-‐in and Web Start features that are

required for ORCHID remote access on Mac OS X devices.

http://www.java.com/en/download/help/mac_uninstall_java.xml

http://www.java.com/en/download/mac_download.jsp?locale-=en


http://support.apple.com/en-us/HT202643


Appendix C: Advanced Mac OS X Troubleshooting

Problem: Do not see Mac-‐specific links for ORCHID when logging into https://sslvpn.lacounty.gov/DHS

1. If the (Mac) Web Bookmarks do not appear:

then your computer was not correctly identified as running Mac OS X. This is because the Host Checker Java application did not run successfully.

2. Make sure your anti-‐virus software is up to date, and then try reinstalling the most recent Java version.

3. While installing the Java update, do not select Restore Java Security Prompts

DO NOT CHECK


Problem: Host Checker does not launch after installing the most recent Java update

1. Verify that the Java plug-‐in is set to “Allow Always” and “Run in Unsafe Mode”

a. Go to Safari > Preferences

b. In Security, click on Plug-‐in Settings


c. Select the Java plug-‐in and verify that the site sslvpn.lacounty.gov is set to “Allow Always” and “Run in Unsafe Mode”

d. If it does not show as above (Allow Always with the black hazard triangle),

click on the blue arrows and select “Allow Always” and “Run in Safe Mode”

e. When prompted, click on “Trust” when asked to run “Java” in unsafe mode

2. Click on “Done” to save changes, then quit and relaunch Safari


Problem: Java Secure Application Manager does not automatically launch after successfully logging into sslvpn

1. Click on Java Secure Application Manager

2. When prompted, allow Java to make changes by entering your password


3. The Java Secure Application Manager should then load:

4. After the Java Secure Application Manager session begins,

you should be able to select the needed ORCHID domain:


Problem: PowerChart (or other ORCHID application) will not launch from Cerner Millennium Application Portal

1. After clicking on one of the icons from the Portal, Citrix Receiver should launch and you should see this grey “Starting application…” box appear:


2. If this does not appear, reinstall the following: a. Java for OS X 2015-‐001 at

https://support.apple.com/kb/DL1572?locale=en_US b. Citrix Receiver at

https://www.citrix.com/downloads/citrix-‐receiver/mac.html

https://support.apple.com/kb/DL1572?locale=en_US

https://www.citrix.com/downloads/citrix-receiver/mac.html


Appendix D: Acceptable Antivirus (as of 10/18/2015) Anti-‐virus software is required for remote access to ORCHID. The Java-‐based Host Checker will check the security compliance to make sure that:

1. The operating system of the computer accessing ORCHID remotely has been updated with all necessary service packs or security updates; and

2. The anti-‐virus software virus definition files are not older than the 4th most recent updates

The following is a list of some commonly available and security-‐compliant anti-‐virus software that will pass the Host Checker. DHS makes no assurances as to the compatibility of any of the listed software packages with applications that may already be loaded on end-‐user systems and does not provide support for any of the below, with the exception of County-‐provided anti-‐virus software on County-‐issued computer hardware. DHS does not specifically endorse any of the products listed below.

Product Name 1. Sophos Antivirus (Mac, Windows)

a. provided to UCLA faculty, fellows, residents via Bruin OnLine at https://www.bol.ucla.edu/software/

b. provided to LA Biomed faculty and staff via the LA Biomed intranet c. (Mac, free) http://www.sophos.com/en-‐us/products/free-‐tools/sophos-‐

antivirus-‐for-‐mac-‐home-‐edition.aspx 2. AVG Antivirus (Mac, Windows, free) http://free.avg.com/us-‐en/homepage 3. Ad-‐Aware Free Antivirus+ (Windows, free)

http://www.lavasoft.com/products/ad_aware_free.php 4. Avast Free Antivirus (Mac, Windows, free) https://www.avast.com/index 5. BitDefender (Mac, Windows, paid) http://www.bitdefender.com/ 6. F-‐Secure Anti-‐Virus (Mac, Windows, paid) https://www.f-‐

secure.com/en_US/web/home_us/anti-‐virus 7. Intego Mac Internet Security X8 (Mac, paid) http://www.intego.com/products 8. Panda Antivirus 2015 (Mac, Windows, paid)

http://www.pandasecurity.com/usa/homeusers/downloads/ 9. Webroot SecureAnywhere Antivirus (Mac, Windows, paid)

http://www.webroot.com/us/en/home/products/av

https://www.bol.ucla.edu/software/

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

http://free.avg.com/us-en/homepage

http://www.lavasoft.com/products/ad_aware_free.php

https://www.avast.com/index

http://www.bitdefender.com/

https://www.f-secure.com/en_US/web/home_us/anti-virus

https://www.f-secure.com/en_US/web/home_us/anti-virus

http://www.intego.com/products

http://www.pandasecurity.com/usa/homeusers/downloads/

http://www.webroot.com/us/en/home/products/av

DHS Remote&Access ... - Olive View-UCLA Remote Access_v2_4sm.pdf ·...

Documents

Transcript of DHS Remote&Access ... - Olive View-UCLA Remote Access_v2_4sm.pdf ·...