User Guide Remote Access To VDI/Workplace Using PIV
User GuideRemote Access to VDI/Workplace Using PIVInnovation & Engineering Office (IM-64)May 2019
Table of Contents1Overview . 32Smart Card Readers and Installation . 33Install an External Reader on a PC. 44Access from an EITS-provisioned Laptop . 45Access from a Home Personal Computer . 76Access from an EITS-provisioned Mac Laptop . 107Access from a Home Personal Mac . 13Appendix A:Remove an Incorrect Certificate from Mac. 17Appendix B:Selecting Incorrect Certificate . 19Appendix C:Switching from Light Version to Citrix Receiver . 20U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 2
1 OverviewAs mandated by the Homeland Security Presidential Directive 12 (HSPD-12), Office ofManagement and Budget (OMB) M 11-11, and Department of Energy (DOE) O 206.2, the Officeof the Chief Information Office (OCIO) Energy IT Services (EITS) has deployed hardware,software, and configuration changes that enable EITS customers to log on to their computers withtheir HSPD-12 credentials.The HSPD-12 directive also covers the implementation of virtual desktops. Personal identityverification (PIV) authentication is integrated in the virtual desktop infrastructure (VDI) designand implementation. VDI is accessible from DOE-provided trusted EITS zero-clients, laptops,and conventional desktops provisioned by EITS. VDI can also be securely accessed fromexternal clients, such as personal computers, over the Internet, which is one of the great benefitsof VDI technology.As a remote VDI user, you must authenticate your identity with your PIV card per the HSPD-12directive. In certain cases when you cannot use your PIV card, you can use your RSA token to logon.2 Smart Card Readers and InstallationThe three types of smart card readers used in the DOE environment are displayed below. To learnmore about card readers, see https://powerpedia.energy.gov/wiki/Smart card reader.1. Internal Card Reader2. Portable Card Reader3. Standard Card ReaderU. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 3
3 Install the External Reader on a PCTo install the external card reader, connect the card reader to your workstation. The card readerself-installs. To view the status of the installed card reader, go to the lower left of the Windowsscreen. Select Start Devices and Printers.4Access from an EITS-provisioned Laptop1. Once the card reader has been installed, insert your PIV card into the reader.2. Open web browser, type https://mydesktop.doe.gov and press Enter.3. Select Access VDI/Workplace using your PIV card.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 4
4. A certificate box displays.5. To determine the correct certificate is being used, select Click here to view certificateproperties. Select the Detail tab.a.Click on the “Show:” tab and select “All”. Scroll down and select Enhanced KeyUsage and look for Smart Card Logon as shown below.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 5
b.After verifying the certificate, select OK.Note: The desktop may not ask for your PIN because it was cachedafter you logged onto the laptop.6. If you only have one desktop, it auto-launches. If you have more than one desktop, select thedesktop you wish to open. Select OK on the DOE Security Banner screen.7. Type your PIN at the desktop and press Enter.Note: If you see the username and password fields, select theOther Credentials button. Select the PIV card, type your PIN, andpress Enter.8. You are now connected to a remote desktop session.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 6
5Access from a Home Personal Computer1. Download and install the latest EITS supported Citrix Receiver LTSR for orwindows-ltsr- 4 9 4000 .html.2. Insert a card reader if necessary. The card reader self-installs. To view the status of theinstalled card reader, go to the lower left of the Windows screen. Select Start Devicesand Printers.3. Once the card reader has been installed, insert your PIV card into the reader.4. Open web browser, type in https://mydesktop.doe.gov and press Enter.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 7
5. Select Access VDI/Workplace using your PIV card.6. A certificate box displays.7. To determine the correct certificate is being used, select Click here to view certificateproperties. Select the Detail tab.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 8
a.Click on the “Show:” tab and select “All”. Scroll down and select Enhanced Key Usage andlook for Smart Card Logon as shown below.b.c.After verifying the certificate, select OK.The PIN prompt box displays.8. Type your PIN and select OK. If you do not see the PIN prompt box, check to make sure itdid not pop up behind another window.9. If you only have one desktop, it auto-launches. If you have more than one desktop, select thedesktop you wish to open. Select OK on the DOE Security Banner screen.10. Type your PIN at the desktop prompt and press Enter.Note: If you see the username and password fields, select theOther Credentials button. Select the PIV card and type your PIN.11. You are now connected to a remote desktop session.Note: If you connect using the “Light Version aka HTML5”, which has limited desktop functionality,please see appendix c for steps to connect using the full version of Citrix Receiver. (Light Version willappear as a “Browser Tab” within your browser instead of a separate Citrix Receiver Window)U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 9
6Access from an EITS-provisioned Mac Laptop1.2.3.4.Insert a card reader and your PIV card.Log on to your Mac using your PIV credential.Open Safari or Chrome.Go to https://mydesktop.doe.gov.5. Select Access VDI/Workplace using your PIV card.6. You are prompted to select a certificate. Select the first certificate and verify that it’sthe correct certificate by selecting the “Show Certificate” button and scroll down toPurpose #2 Smartcard Logon.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 10
7. After verifying the certificate, select Continue.8. You may not be required to enter your PIN because it was cached during logon to your Mac.9. At the prompt Do you want to trust the website “mydesktop-piv.vdi.doe.gov” to use“Citrix Workspace Plug-in?”, select Trust to unblock the Citrix plug-in.10. For Safari 12 and above, if this is the first time you have attempted to login, Safariwill ask you to detect Citrix Workplace”. Click “Detect Receiver”, then click “Allow”to allow the browser to open Citrix Workspace Launcher.app.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 11
11. Your desktop displays.a. If you have a single desktop, it auto-launches.b. If you have more than one desktop, select the preferred desktop to launch.12. After the desktop has launched, the DOE Security Banner screen appears. Select OK tocontinue.13. The desktop displays the message Reading smart card 14. At the prompt, type your PIN and press Enter.15. You are now connected to a remote desktop session.Note: If you connect using the “Light Version aka HTML5”, which has limited desktop functionality,please see appendix c for steps to connect using the full version of Citrix Receiver. (Light Version willappear as a “Browser Tab” within your browser instead of a separate Citrix Receiver Window)U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 12
7Access from a Home Personal MacIf you are a Mac user and want to access VDI/Workplace using your PIV card, you should havethe supported operating systems, 10.13.6 or higher.Download and install the latest Citrix Workspace from 3.4.Insert the card reader.Insert your PIV card.Open Safari and type https://mydesktop.doe.gov.Select Access VDI/Workplace using your PIV card.5. You are prompted to select a certificate. Select the first certificate and verify that it’sthe correct certificate by selecting the “Show Certificate” button and scroll downto Purpose #2 Smartcard Logon. If Purpose #2 Smartcard Logon is notshowing, select “Hide Certificate” and choose another certificate.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 13
6. After verifying the certificate, select Continue.a. If you accidentally select the wrong certificate, see appendix A for the stepsto remove the certificate from the keychain application.7. At the next prompt, type your PIV card PIN. Select OK.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 14
8. At the prompt Do you want to trust the website “mydesktop-piv.vdi.doe.gov” to use“Citrix Workspace Plug-in?”, select Trust to unblock the Citrix plug-in.9. For Safari 12 and above, if this is the first time you have attempted to login, Safariwill ask you to detect Citrix Workplace”. Click “Detect Receiver”, then click “Allow”to allow the browser to open Citrix Workspace Launcher.app.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 15
Your desktop displays.a. If you have a single desktop, it auto-launches.b. If you have more than one desktop, select the preferred desktop to launch.10. After the desktop has launched, the DOE Security Banner screen appears. Select OK tocontinue.11. The desktop displays the message Reading smart card 12. At the prompt, type your PIN and press Enter.13. You are now connected to a remote desktop session.Note: If you connect using the “Light Version aka HTML5”, which has limited desktop functionality,please see appendix c for steps to connect using the full version of Citrix Receiver. (Light Version willappear as a “Browser Tab” within your browser instead of a separate Citrix Receiver Window)U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 16
Appendix A:Remove an Incorrect Certificate from MacIf you select the wrong certificate in Safari, you must remove it from the KeychainAccess.app so that you will be prompted to select a certificate again.1.If the certificate did not show Purpose #2 Smartcard Logon, you have selected the wrongcertificate.2.Open Launchpad, click on the “Other” folder, and open Keychain Access.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 17
3.4.On the left, under Keychains select login, then under Category select All Items.On the right, select the identity preference entry, that reads mydesktop.doe.gov, and select Delete.5.Go back to section 6, Access from a Home Personal Mac. Go to step 6 to log on again.The system will now prompt you to select the certificate.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 18
Appendix B:Selecting Incorrect CertificateIf you select the wrong certificate after entering your PIN, an error message states the page cannotbe displayed. Follow these troubleshooting steps to select the correct certificate.1.2.3.4.Close the browser.Remove your PIV card from the reader, then re-insert it.Open the browser again.Go back to the logon instructions to select the correct certificate.If the wrong certificate was chosen in Safari, first follow the steps in Appendix A, Remove anIncorrect Certificate, then follow the instructions.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 19
Appendix C: Switching from Light Version to Citrix ReceiverCitrix “Light Version aka HTML5”, is a Citrix plug-in that allows DOE users to access Citrix Desktops.This version is a “fail safe” version for computers that fail to successfully launch Citrix Receiver. This“Light Version aka HTML5”, is very limited in desktop functionality. Functions such as: Local printing,PIV card access from within the Citrix Desktop, Camera and Microphone access, and other functions willnot work properly using the “Light Version aka HTML5”.Note: The Microsoft Internet Browser EDGE is not supported and the steps below will not work. If you wishto use a Microsoft browser, please use Microsoft Internet Explorer instead of Microsoft Edge for all“mydesktop.doe.gov” connections.Below is a snapshot of an Internet Browser connected to DOE Citrix Workplace using the Citrix “LightVersion aka HTML5”.Initially, customers may not realize that the computer is connected using the “Light Version aka HTML5”.The best way to identify is to check the current internet browser that was used to connect tomydesktop.doe.gov. The “Light Version aka HTML5” will appear as a “Browser Tab” within your browserinstead of a separate Citrix Receiver Window. If this is the case, follow the below steps to have yourbrowser “detect” Citrix Receiver.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 20
1.2.Log out of your desktop that is connected using the “Light Version aka HTML5”At the top right click on your name and select “Change Citrix Receiver”3.On the next screen select “Detect Receiver” and wait for the browser to detect. It may take a fewseconds.4.Depending on the browser you are using, you may see an additional pop-up window asking if youwould like your browser to open this page using Citrix. Click “Allow”.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 21
5.Your desktop icon(s) should now be present. Launch your desktop and verify that you are nolonger using the “Light Version aka HTML5” and your desktop session has now launched in aseparate Citrix widow.6.If you are still experiencing issue changing your Citrix connection from the “Light Version akaHTML5” to the full Citrix Receiver or Citrix Workspace (Mac) please call the EITS Service desk:310-903-2500.U. S. Department of Energy Remote Access to VDI/Workplace Using a PIV 22
3 Install the External Reader on a PC To install the external card reader, connect the card reader to your workstation. The card reader self-installs. To view the status of the installed card reader, go to the lower left of the Windows screen. Select Start Devices
What is Interactive Remote Access . Interactive Remote Access - Effective 4/1/16- Interactive Remote Access. is defined as: "User-initiated access by a person . employing a remote access client or other remote access technology . using a routable protocol. Remote access originates from a Cyber Asset. that is . not. an . Intermediate System .
Chapter 29 Managing Remote Access VPNs: The Basics Understanding Remote Access VPNs Understanding Remote Access IPSec VPNs Remote access IPSec VPNs permit secure, encrypted connections between a company's private network and remote users, by establishing an encrypted IPS ec tunnel across the Internet using broadband cable,
Remote Access, you must enable Network File Sharing. Click the Setting up file sharing link on the Remote Access Summary page or click Help at the upper-right of any 2Wire gateway Web page for more information. You can access your Remote Access Center directly from the Remote Access Summary page by
Employee Kaseya Remote Access First Time Logon [Information for Fond du Lac Personnel when logging into Kaseya Remote Access for the first time ] What is Kaseya Remote Access: Kaseya Remote Access is the application that is used by the Fond du Lac Reservation IT Division when working remotely to resolve an end user's workstation issues.
1. Role of Remote Access in Business Continuity Planning (BCP)—this section provides an overview of remote access and its interrelationship with BCP and management. 2. Remote access and BCP, issues and areas of focus—this section provides advice on identifying key business processes and personnel for a remote-access capability by taking
Then, use the "remote desktop" software to “connect-in” to your shack PC. You “see” the shack desktop, and control the station, just like being there. 9 #3. Remote Desktop software There are many good free “Remote desktop“ programs (also called VNC): TeamViewer, Chrome Remote Desktop, Windows Remote Desktop, Splashtop,
work/products (Beading, Candles, Carving, Food Products, Soap, Weaving, etc.) ⃝I understand that if my work contains Indigenous visual representation that it is a reflection of the Indigenous culture of my native region. ⃝To the best of my knowledge, my work/products fall within Craft Council standards and expectations with respect to
If you want, you can also install the ReadyNAS Remote client (app) on your smartphone or tablet. See Install the ReadyNAS Remote Client on Remote Devices on page 8. 3. Grant access to Cloud users. See Allow Cloud Users to Access Your ReadyNAS System on page 11. 4. Use ReadyNAS Remote to remotely access your ReadyNAS.
