VPN connection to MAX IV
MAX IV users can access the MAX IV computers from external locations with a VPN connection. Currently, active users with a DUO account can establish a connection to the white network that comprises computers and servers outside the beamlines and accelerators and log in to the offline cluster to access data and files stored at MAX IV, for example to prepare an experiment or reprocess the data. External access to the beamline network during experiments is available for commissioning users at BioMAX. Since the Summer of 2019 the VPN to MAX IV can be initiated from any computer either standalone or part of an internal network infraestructure. The only restriction is that only one connection is allowed from the same machine at one time.
Before connecting to MAX IV, users must ensure that they enter a cell phone number in DUO where they can receive an SMS. This is required for the user to receive an otp (“one time password”) for two-step authentication; if preferred, for subsequent logins it is possible to activate a mobile application as an otp authenticator. The next step is to install a VPN client, like Pulse Secure. Note: At the moment, VPN to MAX IV should not be initiated from a machine that is part of a internal network infrastructure with network mounted disks, (since the connection to those may be lost), only from stand-alone computers or laptops.
Using Pulse Secure
The Pulse Secure client provides an interface for users to connect to MAX IV and it is easy to install in many platforms. To download and install Pulse Secure, follow these steps:
- On a web browser, open http://vpn-white.maxiv.lu.se . Type your DUO username and password to log in. A new window will open asking you for the otp code sent to your phone. Note that the otp will expire after a while, so if you cannot type it in immediately, you will have to type your user name and password again to get another code.
- Download the Pulse Secure VPN application launcher and install it on your machine (Note: You must have administrator permissions on your machine to be able to do this!):
- On Windows machines, a launcher script will be downloaded automatically; after installing it, it will download and install the application. If the installation is successful, you will see the pulse secure icon in your program tray.
- On Linux and Macs, you must select the appropriate installer from the displayed list and click on it to download it.
- After the installation is completed, create a connection to in Pulse Secure:
- The name of the connection can be anything you choose that allows you to identify it easily (e.g., “White MAX IV”).
- The name of the server is vpn-white.maxiv.lu.se. (Users connecting to the BioMAX beamline network for remote experiments must use a different server; please consult the BioMAX specific documentation).
- The user name and the password are the DUO account credentials; select DUO Users as the realm. The server, user name and realm will be stored under the connection name. Finally, type the otp code you receive on your phone after authenticating.
After establishing the VPN connection, the next step is to open a remote desktop at MAX IV. Please see how to connect to the offline MAX IV HPC with the ThinLinc client.
If you prefer not to have the otp sent in an SMS, you can set up an application like Pocket Pass or similar mobile app to generate the otp. To activate this, you need to connect to the MAX IV network following the above described procedure. Once in the MAX IV network, follow these instructions.