Requirement for users to get GI VPN access: Difference between revisions

From UCSC Genomics Institute Computing Infrastructure Information

No edit summary
mNo edit summary
(38 intermediate revisions by 3 users not shown)
Line 1: Line 1:


If you need VPN access to the Genomics Institute firewalled/secure area (aka the "Prism" Environment), please make an appointment with the GI SysAdmin team by emailing ''cluster-admin@soe.ucsc.edu'' and Rochelle Fuller (hrfuller@ucsc.edu) requesting access. There are several requirements to gaining access to the firewalled area - please complete all these requirements '''BEFORE''' coming to have the VPN software set up for your laptop.
Before you are allowed access to our firewalled/secure area ("Prism"), you have to complete 3 items and provide the completed certificates or forms.  '''If you already have a VPN account with us and are just installing the VPN software on a new computer you do not need to do all these steps again'''.  Simply continue on to installing the VPN software on your new computer.  Otherwise, continue to follow these steps if you are getting a VPN account with us for the first time.


1: You are required to copy cluster-admin@soe.ucsc.edu on an email from your PI or supervisor requesting a VPN account for you - this email should include:
'''1''': You must take and complete the NIH Public Security Refresher Course online. You must complete the course in a single continuous sitting:


  Your name
https://irtsectraining.nih.gov/public.aspx
  Your PI's name
  PI's approval for this access
  What other access do you need such as a UNIX server account or access to OpenStack.  


2: You must take the NIH Public Security Refresher Course online, then print out the Completion Certificate (which should have your name on it) at the end of the training and deliver it when you come to your appointment to install the VPN software:
Click on the "Enter Public Training Portal" near the bottom of the page.  The course is titled "2024 Information Security, Insider Threats, Privacy Awareness, Records Management and Emergency Preparedness Refresher". At the end you will be able to save the completion certificate that should have your name on it.


https://irtsectraining.nih.gov/publicUser.aspx
'''2''': You need to sign the Genomics Institute VPN User Agreement (digital signature OK), located here for download:


Click on the "2018 Information Security, Counterintelligence, Privacy Awareness, Records Management Refresher" link to begin the course. At the end you will be able to print out the completion certificate that should have your name on it.
  [[Media:GI_VPN_Policy.pdf]]


3: You need to print and sign the Genomics Institute VPN User Agreement and bring it with you to your VPN software installation appointment:
'''3''': Please read and sign the last page of the NIH Genomic Data Sharing Policy agreement (digital signature OK), located here for download. By signing the document you agree that you have read and understand the policies described therein and that you agree to abide by those policies:


  [[:File:GI_VPN_Policy.pdf]]
  [[Media:NIH_GDS_Policy.pdf]]


4: Read and sign the last page of the NIH Data Use Agreement, located here for download:
When you have the three documents described above ready, please complete this form: https://app.smartsheet.com/b/form/a76dbd90ba0240ab9ea9d39b390586ce.


PDF DOWNLOAD
There are two parts in this process.


5: You will need access to the "eduroam" wireless network '''prior''' to your appointmentOther UCSC wireless networks such as "cruznet" will not work with our VPN software, so please make sure your laptop works with eduroam before coming to your appointment.  Instructions on how to get on eduroam are detailed here:
1. For the user, please fill in ALL required fields '''and attach''' all three required documents described aboveThe form then goes to your PI for approval - remind them to approve it, or it won't get sent to us for processing!


https://its.ucsc.edu/wireless/eduroam.html
2. For the Sponsor/PI - you will receive an email from Smartsheets. Please fill in all required fields and submit.
 
We will receive your completed request and we will create your account, then you will receive a welcome email with instructions on how to configure your VPN client and gain access to our systems.


When using the VPN software off-campus, it will usually work unless the wireless network you are on has restrictions preventing it from functioning.  Some other universities have such restrictions (notably UCSF), but most other wireless network and home wireless networks should work fine.
When using the VPN software off-campus, it will usually work unless the wireless network you are on has restrictions preventing it from functioning.  Some other universities have such restrictions (notably UCSF), but most other wireless network and home wireless networks should work fine.


6: Before your appointment, please make sure you install the appropriate OpenVPN software on your laptop:
'''PLEASE NOTE:''' Because of the overhead required in setting up VPN access, please only request access if you have an immediate need to work on data that exists behind the firewall. We have had a decent number of people request access and go through the setup but then never use it. In other words, please do not request access because "one day you might need it", but because you '''do''' actually need it!
 
  A laptop running OS X, Windows or Ubuntu
 
For Macs, please download and install '''Tunnelblick''' from https://tunnelblick.net/downloads.html. Select the Latest Stable version.
 
For Windows, please download and install '''OpenVPN Client''' from https://openvpn.net/index.php/open-source/downloads.html. Select ''openvpn-install-x.x.x-xxxx.exe''
 
For Ubuntu, please install network-manager-openvpn by typing:
  sudo apt-get install network-manager-openvpn network-manager-openvpn-gnome
 
Please do NOT worry about how to configure the software at this point. We will help you to set it up at your appointment.


We will correspond with you via email on when the appointment will beThe appointment can take up to 30 minutes per person depending on whether or not any issues come up during the software setup.
'''ALSO NOTE:''' VPN accounts typically expire after one year from the date of first gaining accessTo renew for another year you will need your PI/sponsor to send us a note asking for renewal.

Revision as of 13:42, 1 April 2025

Before you are allowed access to our firewalled/secure area ("Prism"), you have to complete 3 items and provide the completed certificates or forms. If you already have a VPN account with us and are just installing the VPN software on a new computer you do not need to do all these steps again. Simply continue on to installing the VPN software on your new computer. Otherwise, continue to follow these steps if you are getting a VPN account with us for the first time.

1: You must take and complete the NIH Public Security Refresher Course online. You must complete the course in a single continuous sitting: 

https://irtsectraining.nih.gov/public.aspx

Click on the "Enter Public Training Portal" near the bottom of the page. The course is titled "2024 Information Security, Insider Threats, Privacy Awareness, Records Management and Emergency Preparedness Refresher". At the end you will be able to save the completion certificate that should have your name on it.

2: You need to sign the Genomics Institute VPN User Agreement (digital signature OK), located here for download: 

Media:GI_VPN_Policy.pdf

3: Please read and sign the last page of the NIH Genomic Data Sharing Policy agreement (digital signature OK), located here for download. By signing the document you agree that you have read and understand the policies described therein and that you agree to abide by those policies: 

Media:NIH_GDS_Policy.pdf

When you have the three documents described above ready, please complete this form: https://app.smartsheet.com/b/form/a76dbd90ba0240ab9ea9d39b390586ce.

There are two parts in this process.

1. For the user, please fill in ALL required fields and attach all three required documents described above. The form then goes to your PI for approval - remind them to approve it, or it won't get sent to us for processing!

2. For the Sponsor/PI - you will receive an email from Smartsheets. Please fill in all required fields and submit.

We will receive your completed request and we will create your account, then you will receive a welcome email with instructions on how to configure your VPN client and gain access to our systems.

When using the VPN software off-campus, it will usually work unless the wireless network you are on has restrictions preventing it from functioning. Some other universities have such restrictions (notably UCSF), but most other wireless network and home wireless networks should work fine.

PLEASE NOTE: Because of the overhead required in setting up VPN access, please only request access if you have an immediate need to work on data that exists behind the firewall. We have had a decent number of people request access and go through the setup but then never use it. In other words, please do not request access because "one day you might need it", but because you do actually need it!

ALSO NOTE: VPN accounts typically expire after one year from the date of first gaining access. To renew for another year you will need your PI/sponsor to send us a note asking for renewal.

Retrieved from "http://giwiki.gi.ucsc.edu/index.php?title=Requirement_for_users_to_get_GI_VPN_access&oldid=685"