VPN connection to MAX IV
MAX IV users can access the MAX IV computers from external locations with a VPN connection. Currently, active users with a DUO account can establish a connection to the white network that comprises computers and servers outside the beamlines and accelerators and log in to the offline cluster to access data and files stored at MAX IV, for example to prepare an experiment or reprocess the data. External access to the beamline network during experiments is not implemented yet.
Before connecting to MAX IV, users must ensure that they enter a cell phone number in DUO where they can receive an SMS. This is required for the user to receive an otp (“one time password”) for two-step authentication; if preferred, for subsequent logins it is possible to activate a mobile application as an otp authenticator. The next step is to install a VPN client, like Pulse Secure. Note: At the moment, VPN to MAX IV should not be initiated from a machine that is part of a internal network infrastructure with network mounted disks (may loose connection to those), only from stand-alone computers or laptops.
Using Pulse Secure
The Pulse Secure client provides an interface for users to connect to MAX IV and it is easy to install in many platforms. To download and install Pulse Secure, follow these steps:
- On a web browser, open http://vpn-white.maxiv.lu.se . Type your DUO username and password to log in. Then type in the otp code sent to your phone. Note that the otp will expire after a while, so if you cannot type it in immediately, you will have to type your user name and password again to get another code.
- Download the Pulse Secure VPN application and install it on your machine
- Create a connection to in Pulse Secure. The name of the connection can be anything you choose that allows you to identify it easily (e.g., “White MAX IV”). The name of the server is vpn-white.maxiv.lu.se and the user name and the password are the DUO account credentials. The server and user names will be stored under the connection name. Finally, type the otp code you receive on your phone after authenticating.
After establishing the VPN connection, the next step is to open a remote desktop at MAX IV. Please see how to connect to the offline MAX IV HPC with the ThinLinc client.
If you prefer not to have the otp sent in an SMS, you can set up an application like Pocket Pass or similar mobile app to generate the otp. To activate this, you need to connect to the MAX IV network following the above described procedure. Once in the MAX IV network, follow these instructions.