Fermilab

Off-Site Access Instructions – Remote Desktop

Fermilab’s online journals and subscription databases are accessible to Fermilab employees working off-site when signed on to the Fermilab VPN. Instructions here are for enabling remote access to a desktop computer at the lab.

Questions?

For questions about journals and subscription databases, or requests to have PDF’s of journal articles sent to you by e-mail, contact the Fermilab library.

If any issues with the below steps, please contact the Service Desk.

 

Remote Desktop method

**Beginning mid-January 2020, any device connecting via VPN must be running Windows 10 or later. Devices running Windows 7 or earlier will be blocked from the Fermilab Network. Please contact the service desk with questions.

Step 1

You will either be remoting into a Fermilab computer at the lab or the Fermilab Windows Terminal Server (FERMI-TS). If you are currently using your Fermilab work computer outside of the Fermilab network, you will most likely connect to FERMI-TS. You can check if you have access by following the next steps. If you do not, contact the Service Desk to request the needed permissions for FERMI-TS.

You can also bring in your personal computer to the Service Desk, and they can set this up for you.

Step 2

Log into VPN to connect to the Fermilab network.

Fermilab VPN users are required to use multifactor authentication via a YubiKey or an RSA token.

To do so, you will need to follow the steps at: https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0013046

Step 3

Open a Remote Desktop session.

Windows

You can find the Remote Desktop Connection program via a Start menu search.

Or follow these steps based on your operating system:

  • Windows 7&10: Select Start Menu->All Programs->Accessories->Remote Desktop Connection
  • Windows 8 users, launch your Remote Desktop Connection client by selecting Start Menu. Enter the word “Remote” in search box, and hit “Enter.” (For Remote Desktop Connection.
  • Windows XP: Select Start Menu->Programs->Accessories->Remote Desktop Connection
  • Windows Vista: Select Start Menu->All Programs->Accessories->Remote Desktop Connection
  • Windows command line: mstsc

Either enter “Fermi-TS.fnal.gov” or the IP address of the Fermilab computer you will be logging into on the Fermi network in the “Computer” field.

Now click Connect.

 

Step 4

Log in with your regular Fermi domain account to (choose one):

The Fermilab Windows Terminal Server — This requires access to the FERMI-TS server, you’ll need to contact the Service Desk to set that up.

Your office computer or some other computer at Fermilab — You need to know the name or IP address of the computer to do this. You will need to already have access and a user account to the computer you connect to at the lab.

For the User Name, enter your Windows Network (or “Fermi”) account name, and enter your password in the Password field. Make sure the, ‘Log on to:’ field says ‘FERMI’. If it does not say Fermi, type in FERMI\ before your account name in the User Name field. For example, if your user name is jsmith, you would type in FERMI\jsmith in the User Name field.

Select OK when you are prompted to accept the log-on banner.

 

Step 5

Once signed on, bring up a browser from the remote desktop, you should be able to download article PDFs now. As a test, see if you can view the following Physical Review D pdf.

For ease of access in the future, bookmark the Remote Desktop Connection application.
  • Select Start Menu > Programs > Accessories
  • Click and drag the Remote Desktop icon to your taskbar or desktop.
  • Alternatively, you can right click on Remote Desktop Access and choose “Pin to Start Menu,” “Pin to Taskbar,” or “Send to” and choose “Desktop (create shortcut)”

 

Resources

In order to view the Knowledge Base articles below, you will need to first log into the Fermilab VPN.

Windows Terminal Server User Guide

Step 1

You will be remoting into a Fermilab computer at the lab or the Fermilab Windows Terminal Server (FERMI-TS). If you are currently using your Fermilab work computer outside of the Fermilab network, you will most likely connect to FERMI-TS. You can check if you have access by following the next steps. If you do not, contact the Service Desk to request the needed permissions for FERMI-TS.

You can also bring in your personal computer to the Service Desk, and they can set this up for you.

 

Step 2

Log into VPN to connect to the Fermilab network.

Fermilab VPN users are required to use multifactor authentication via a YubiKey or an RSA token.

To do so, you will need to follow the steps at: https://fermi.service-now.com/wp?id=kb_article&sys_id=KB0013046

Step 3

Open a Remote Desktop session.

Select Go>Applications>Microsoft Remote Desktop

  If you don’t see the Microsoft Remote Desktop application, it can be downloaded from either Self Service or the App Store (https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417?mt=12.). Make sure you have the Microsoft Remote Desktop app (version 8.0.33 or higher) installed.

Create a new session by clicking New.

 

Step 4

Log in with your regular Fermi domain account to (choose one):

The Fermilab Windows Terminal Server. This requires access to the FERMI-TS server, you’ll need to contact the Service Desk to set that up.

Enter “fermi-ts.fnal.gov” for both the Connection name and PC name fields. Close the window when finished.

Your office computer or some other computer at Fermilab. You need to know the name or IP address of the computer to do this. You will need to already have access and a user account to the computer you connect to at the lab.

Enter your SERVICES credentials, then select OK.

For the User Name, enter your Windows Network (or “Fermi”) account name, and enter your password in the Password field. Make sure the, ‘Log on to:’ field says ‘FERMI’. If it does not say Fermi, type in FERMI\ before your account name in the User Name field. For example, if your user name is jsmith, you would type in FERMI\jsmith in the User Name field.

Select OK when you are prompted to accept the log-on banner.

 

Step 5

Bring up a browser from the remote desktop, you should be able to download article PDFs now. As a test, see if you can view the following Physical Review D pdf.

For ease of access in the future, bookmark the Remote Desktop Connection application:
  • Select Finder> Applications
  • Click and drag the Remote Desktop icon to your taskbar or desktop.
  • Alternatively, you can right click on Remote Desktop Connection and choose “Pin to Start Menu.”

Resources

In order to view the Knowledge Base articles below, you will need to first log into the Fermilab VPN.

Cisco VPN with iOS Devices (iPad and iPhone)

Installing Cisco AnyConnect VPN Client to a Mac – Using Safari

Windows Terminal Server User Guide

Step 1

You will either be remoting into a Fermilab computer at the lab or the Fermilab Windows Terminal Server (FERMI-TS). If you are currently using your Fermilab work computer outside of the Fermilab network, you will most likely connect to FERMI-TS. You can check if you have access by following the next steps. If you do not, contact the Service Desk to request the needed permissions for FERMI-TS.

You can also bring in your personal computer to the Service Desk, and they can set this up for you.

Step 2

Log into VPN to connect to the Fermilab network.

You need to do this as root.

Load in the vpn kernel module by typing the command

/etc/init.d/vpnclient_init start

Start the VPN.

NOTE: don’t do this in a window you plan on using unless you are going to put it in the background. If that is the case, put an & at the end of the command.

cd /root/

vpnclient connect cd_vpn

You will be asked for your user name and password.

It has been found that on some RedHat 9 based systems, with the proper combination of ‘compat’ libraries, that the recompiled vpnclient will not work. If that is the case copy the vpnclient from the tar file over to replace the recompiled vpnclient.

cp /tmp/vpnclient/vpnclient /usr/local/bin/vpnclient

Step 3

Open a Remote Desktop session by opening a terminal window and running this command:

$ rdesktop fermi-elh.fnal.gov -u username -d fermi

NOTE: Here, username is your Kerberos principal/account name. This command has been tested with rdesktop 1.6.0 and 1.7.2. If you experience any problems connecting to the Windows Terminal Server, please update your RDC client to the most current version in your Linux distribution.

 

Step 4

Log in with your regular Fermi domain account to (choose one):

The Fermilab Windows Terminal Server. This requires access to the FERMI-TS server, you’ll need to contact the Service Desk to set that up.

Your office computer or some other computer at Fermilab. You need to know the name or IP address of the computer to do this. You will need to already have access and a user account to the computer you connect to at the lab.

For the User Name, enter your Windows Network (or “Fermi”) account name, and enter your password in the Password field. Make sure the, ‘Log on to:’ field says ‘FERMI’. If it does not say Fermi, type in FERMI\ before your account name in the User Name field. For example, if your user name is jsmith, you would type in FERMI\jsmith in the User Name field.

FNALU

How to open a Remote Desktop session by logging onto one of the FNALU nodes, export your display, and run the following two commands:

  •  $ setup rdesktop
  •  $ rdesktop fermi-elh.fnal.gov &

Step 5

Bring up a browser from the remote desktop, you should be able to download article PDFs now. As a test, see if you can view the following Physical Review D pdf.

 

Resources

In order to view the Knowledge Base articles below, you will need to first log into the Fermilab VPN.

Installing VPN for use on Linux

Configuring VPN for use on Linux

Starting VPN for use on Linux

Windows Terminal Server User Guide