DHS Remote&Access ... - Olive View-UCLA Remote Access_v2_4sm.pdf ·...
Transcript of DHS Remote&Access ... - Olive View-UCLA Remote Access_v2_4sm.pdf ·...
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 1
DHS Remote Access (Adaptive Authentication)
Reference Guide
https://sslvpn.lacounty.gov/dhs
V2.4
Version: 1.0 Harbor-‐UCLA Informatics/[email protected]/23-‐Oct-‐2014 2.0 DHS/[email protected]/24-‐Oct-‐2014 2.1 Harbor-‐UCLA Informatics/[email protected]/30-‐Oct-‐2014 2.2 Harbor-‐UCLA Informatics/[email protected]/06-‐Feb-‐2015 2.3 Harbor-‐UCLA Informatics/[email protected]/02-‐Apr-‐2015 2.4 Harbor-‐UCLA Informatics/[email protected]/21-‐Nov-‐2015
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 2
Table of Contents
Installation Requirements ....................................................................................................... 3
Access URL .............................................................................................................................. 3
Prerequisite Set-‐up for Mac OS X ............................................................................................ 4 A. Install Java ................................................................................................................................................................................ 4 B. Prepare Safari browser ...................................................................................................................................................... 6 Initial SSL VPN Set-‐up (Mac OS X) .......................................................................................... 10
Signing into ORCHID (Mac OS X) ............................................................................................ 13
Initial SSL VPN Set-‐up (Microsoft Windows) .......................................................................... 18
Signing into ORCHID (Microsoft Windows) ............................................................................ 21
Appendix A: Citrix Receiver Installation ................................................................................. 24
Appendix B: Mac OS X Troubleshooting ................................................................................. 26
Appendix C: Advanced Mac OS X Troubleshooting ................................................................ 27 Problem: Do not see Mac-‐specific links for ORCHID ............................................................................................... 27 Problem: Host Checker does not launch ....................................................................................................................... 28 Problem: Java Secure Application Manager does not automatically launch ................................................. 30 Problem: PowerChart (or other ORCHID application) will not launch ........................................................... 32 Appendix D: Acceptable Antivirus (as of 10/18/2015) ............................................................ 34
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 3
Installation Requirements
1. Operating System: a. Microsoft Windows 7 Professional or Windows 8/8.1 b. Mac OS X (10.9 or 10.10)
2. Browser:
a. Microsoft Windows: Internet Explorer, Firefox b. Mac OS X: Safari only
3. Java:
a. Windows: current version, available at http://www.java.com/en/download/ b. Mac OS X:
i. current version, available at: http://www.java.com/en/download/mac_download.jsp?locale-‐=en
ii. Apple Java SE 6, available at http://support.apple.com/kb/DL1572
4. Citrix Receiver: current version, available at: http://www.citrix.com/go/receiver.html (see Appendix A for detailed installation instructions)
5. Antivirus software is *** REQUIRED *** (See Appendix C)
Access URL To access the DHS sslvpn Remote Access solution, go to:
https://sslvpn.lacounty.gov/dhs
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 4
Prerequisite Set-‐up for Mac OS X
A. Install Java 1. Install the current version of Java for Mac OS X. Go to: https://java.com/en/download/mac_download.jsp to download the current version. Open the disk image. You will see an installer package. Double-‐click on the package to install.
You should see the following after installation is completed successfully.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 5
2. In order to use the SSL VPN service on Mac OS X, you must have Apple Java for OS X 2015-‐001 installed. This will install the Oracle Java SE 6 components necessary to remotely access ORCHID. Go to: http://support.apple.com/kb/DL1572 to download this update. Open the disk image. Double-‐click on the installer package to install.
You should see the following after installation is completed successfully.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 6
B. Prepare Safari browser 1. In Safari, go to: https://sslvpn.lacounty.gov/dhs and then log in using your HOSTED username and password (the e or c number used for email and timecard)
2. When asked to trust the website, click on Trust
3. You must now reset the Java security setting for the site to allow for the SSLVPN Host Checker software to run. At this point, you may get an error message indicating that you are not allowed to sign-‐in. (Don’t panic. It’s ok.)
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 7
4. Open Safari Preferences:
5. Click on the Security icon. At the Internet plug-‐ins section, Make sure that Allow Plug-‐ins is checked and then click on Website Settings:
6. Find and click on Java in the left column. Then click on the drop down box next to sslvpn.lacounty.gov
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 8
7. Change the security setting from Allow to Run in Unsafe Mode (It’s ok, really. Trust us.)
8. You will see a pop-‐up dialog box asking if you are sure that you trust the website. Click on Trust.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 9
9. Click on Done.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 10
Initial SSL VPN Set-‐up (Mac OS X) 1. Now, log in again using your HOSTED (DHS Active Directory) username and password (the e or c number used for email and timecard systems)
2. If this is the first time you have used the SSL VPN from any device, you will be prompted to enroll in the sslvpn Adaptive Authentication system. You will be led through a series of screens to set up your account.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 11
3. You will be prompted to set up three challenge questions.
4. Next you will be prompted to set up alternate email notification addresses. Alternate email addresses are important because if you log in from a computer that is not recognized (i.e. you haven’t used it for DHS remote access before), then you will receive an email at your defined email addresses with a confirmation code to enter, similar to what banks do.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 12
5. At the end, you will see a confirmation of the challenge questions and your answers. Click on Finish and you will be ready to use DHS Remote Access.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 13
Signing into ORCHID (Mac OS X) 1. In Safari, go to: https://sslvpn.lacounty.gov/dhs and then log in using your HOSTED username and password (the e or c number used for email and timecard)
2. You will then be prompted to answer a challenge question and given the option to “Remember this Computer”.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 14
3. The Java-‐based Host Checker will then run. Host Checker is a Java-‐based software application that verifies that the computer meets the minimum requirements.
A pop-‐up dialog window should appear indicating that the Host Checker is launching. If you do not see the following pop-‐up, quit your browser completely (not just closing the tab or window) and re-‐launch.
You may see the following dialog box requesting permission for Java to run depending upon your system settings.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 15
4. The following page should now appear. Before opening ORCHID, first start the Java Secure Application Manager.
The Juniper application should then launch and the following pop-‐up should appear.
Once the application has successfully launched, a new status window will appear.
You are now logged in to the SSL VPN.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 16
5. Select the ORCHID Production bookmark
6. You will now see the ORCHID application portal. Select the desired application, e.g. PowerChart.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 17
7. The Citrix Receiver client should then launch.
8. The ORCHID/Cerner Millennium login window will display.
You may now log into ORCHID.
Notes: 1. Fuji Synapse PACS images are currently unable to be viewed through the SSL VPN. 2. To sign out cleanly, please close your browser window. 3. Apple iOS devices are not currently supported.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 18
Initial SSL VPN Set-‐up (Microsoft Windows) 1. In a compatible browser, go to: https://sslvpn.lacounty.gov/dhs and then log in using your HOSTED username and password (the e or c number used for email and timecard)
2. If this is the first time you have used the SSL VPN from any device, you will be prompted to enroll in the sslvpn Adaptive Authentication system. You will be led through a series of screens to set up your account.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 19
3. You will be prompted to set up three challenge questions.
4. Next you will be prompted to set up alternate email notification addresses. Alternate email addresses are important because if you log in from a computer that is not recognized (i.e. you haven’t used it for DHS remote access before), then you will receive an email at your defined email addresses with a confirmation code to enter, similar to what banks do.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 20
5. At the end, you will see a confirmation of the challenge questions and your answers. Click on Finish and you will be ready to use DHS Remote Access.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 21
Signing into ORCHID (Microsoft Windows) 1. In a compatible browser, go to: https://sslvpn.lacounty.gov/dhs and then log in using your HOSTED (DHS Active Directory) username and password (the e or c number used for email and timecard systems)
2. You will be prompted to answer a challenge question and given the option to “Remember this Computer”.
3. The Java-‐based Host Checker will then run.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 22
The first time you use Remote Access you will be asked to trust the “sslvpn.lacounty.gov” Java plug-‐in. If you have not installed Java, you will be prompted to install it. You are now logged in to the SSL VPN. 4. Select the ORCHID Production bookmark
5. You will now see the ORCHID application portal. Select the desired application, e.g. PowerChart.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 23
6. The Juniper Citrix Services Client and Citrix Receiver client should then launch.
7. The ORCHID/Cerner Millennium login window will display.
You may now log into ORCHID.
Notes: 1. Fuji Synapse PACS images are currently unable to be viewed through the SSL VPN. 2. To sign out cleanly, please close your browser window.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 24
Appendix A: Citrix Receiver Installation
1. Download the latest version of the Citrix Receiver at http://www.citrix.com/go/receiver.html (it will automatically detect the correct version to download)
2. Open the downloaded file and select Install.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 25
3. When the installation has completed, select Finish.
** NOTE: Citrix Receiver may ask you to add a Connection Server. You may ignore this and click cancel.
4. Quit all browsers after Citrix Receiver has installed and restart.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 26
Appendix B: Mac OS X Troubleshooting
Most problems related to being unable to launch the SSL VPN connection successfully are related to Java. Common errors include:
1. Unsupported session warning
2. Host Checker hanging (Safari spinning beach ball) or does not load
Please try the following steps:
1. Remove the current version of Java by following the instructions here:
http://www.java.com/en/download/help/mac_uninstall_java.xml
2. Reboot your computer
3. Reinstall the Java components in the following order:
a. Oracle Java current version, available at:
http://www.java.com/en/download/mac_download.jsp?locale-‐=en
b. Apple Java SE 6, available at http://support.apple.com/kb/DL1572
4. Reboot your computer
If still unable to launch ORCHID successfully, try the additional steps listed here:
http://support.apple.com/en-‐us/HT202643
to re-‐enable the Apple-‐provided Java SE 6 web plug-‐in and Web Start features that are
required for ORCHID remote access on Mac OS X devices.
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 27
Appendix C: Advanced Mac OS X Troubleshooting
Problem: Do not see Mac-‐specific links for ORCHID when logging into https://sslvpn.lacounty.gov/DHS
1. If the (Mac) Web Bookmarks do not appear:
then your computer was not correctly identified as running Mac OS X. This is because the Host Checker Java application did not run successfully.
2. Make sure your anti-‐virus software is up to date, and then try reinstalling the most recent Java version.
3. While installing the Java update, do not select Restore Java Security Prompts
DO NOT CHECK
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 28
Problem: Host Checker does not launch after installing the most recent Java update
1. Verify that the Java plug-‐in is set to “Allow Always” and “Run in Unsafe Mode”
a. Go to Safari > Preferences
b. In Security, click on Plug-‐in Settings
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 29
c. Select the Java plug-‐in and verify that the site sslvpn.lacounty.gov is set to “Allow Always” and “Run in Unsafe Mode”
d. If it does not show as above (Allow Always with the black hazard triangle),
click on the blue arrows and select “Allow Always” and “Run in Safe Mode”
e. When prompted, click on “Trust” when asked to run “Java” in unsafe mode
2. Click on “Done” to save changes, then quit and relaunch Safari
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 30
Problem: Java Secure Application Manager does not automatically launch after successfully logging into sslvpn
1. Click on Java Secure Application Manager
2. When prompted, allow Java to make changes by entering your password
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 31
3. The Java Secure Application Manager should then load:
4. After the Java Secure Application Manager session begins,
you should be able to select the needed ORCHID domain:
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 32
Problem: PowerChart (or other ORCHID application) will not launch from Cerner Millennium Application Portal
1. After clicking on one of the icons from the Portal, Citrix Receiver should launch and you should see this grey “Starting application…” box appear:
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 33
2. If this does not appear, reinstall the following: a. Java for OS X 2015-‐001 at
https://support.apple.com/kb/DL1572?locale=en_US b. Citrix Receiver at
https://www.citrix.com/downloads/citrix-‐receiver/mac.html
DHS Remote Access (Adaptive Authentication) Reference Guide – v2.4 34
Appendix D: Acceptable Antivirus (as of 10/18/2015) Anti-‐virus software is required for remote access to ORCHID. The Java-‐based Host Checker will check the security compliance to make sure that:
1. The operating system of the computer accessing ORCHID remotely has been updated with all necessary service packs or security updates; and
2. The anti-‐virus software virus definition files are not older than the 4th most recent updates
The following is a list of some commonly available and security-‐compliant anti-‐virus software that will pass the Host Checker. DHS makes no assurances as to the compatibility of any of the listed software packages with applications that may already be loaded on end-‐user systems and does not provide support for any of the below, with the exception of County-‐provided anti-‐virus software on County-‐issued computer hardware. DHS does not specifically endorse any of the products listed below.
Product Name 1. Sophos Antivirus (Mac, Windows)
a. provided to UCLA faculty, fellows, residents via Bruin OnLine at https://www.bol.ucla.edu/software/
b. provided to LA Biomed faculty and staff via the LA Biomed intranet c. (Mac, free) http://www.sophos.com/en-‐us/products/free-‐tools/sophos-‐
antivirus-‐for-‐mac-‐home-‐edition.aspx 2. AVG Antivirus (Mac, Windows, free) http://free.avg.com/us-‐en/homepage 3. Ad-‐Aware Free Antivirus+ (Windows, free)
http://www.lavasoft.com/products/ad_aware_free.php 4. Avast Free Antivirus (Mac, Windows, free) https://www.avast.com/index 5. BitDefender (Mac, Windows, paid) http://www.bitdefender.com/ 6. F-‐Secure Anti-‐Virus (Mac, Windows, paid) https://www.f-‐
secure.com/en_US/web/home_us/anti-‐virus 7. Intego Mac Internet Security X8 (Mac, paid) http://www.intego.com/products 8. Panda Antivirus 2015 (Mac, Windows, paid)
http://www.pandasecurity.com/usa/homeusers/downloads/ 9. Webroot SecureAnywhere Antivirus (Mac, Windows, paid)
http://www.webroot.com/us/en/home/products/av