U.S. CMS
Search
uscms.org  www 

Fermilab: remote working (VPN, MFA, videoconferencing, general)

This is not a conclusive list of things to know about remote work for cmslpc resources at Fermilab. Much more information can be found at the Fermilab ServiceDesk Knowledgebase.

Follow this link to learn how to connect to the cmslpc interactive nodes. - VPN NOT needed to connect to cmslpc nodes


VPN for Fermilab Network

Why would I need VPN?

Note: This is not a complete list.
  • If you are trying to access a Fermilab website that says "Internal Content", you need VPN.
  • Some of the cmslpc System Status pages require VPN to access from offsite
  • Submitting a Fermilab Photo of the Day
  • For Fermilab employees: payroll, timesheets
You do NOT need VPN for: kinit, ssh, scp, sftp to cmslpc*.fnal.gov, you may continue using those remotely without VPN.

How do I setup and use VPN?

The most complete information is here in the Fermilab Service Desk article about getting VPN.
Requirements for VPN:
  1. FNAL RSA soft token - may take up to 1 business day to obtain. Note you will also need to Setup your RSA PIN
  2. Fermilab certificates installed (not needed for Fermilab owned computers)
  3. Services password (DIFFERENT from Kerberos): obtain it from the Fermilab Service Desk: Password obtain/reset at Fermilab
  4. VPN software
    • Use Self-Service for FNAL owned computers
    • Download at https://vpn.fnal.gov after doing the VPN setup above and logging into SiteVPN-RSA using the VPN instructions (also below) for passwords

Once VPN is setup, you choose SiteVPN-RSA and enter:
  • Password: Services password (DIFFERENT from Kerberos)
  • UI Verify Method: RSA PIN followed by RSA token, except Android RSA - see below
    • For Android RSA keys, only if the RSA app asks you for your RSA PIN before giving you your token, then:
    • Android UI Verify Method: RSA token


MFA (Multi-Factor Authentication) for Fermilab Microsoft Exchange email

Note: If you have an email with forwards from @fnal.gov to another place, this is not an issue for you. This will be needed for Fermilab employees and some Fermilab users who have full Microsoft Exchange @fnal.gov email.

Main page of information: mfa.fnal.gov - requires a VPN connection or being onsite at Fermilab to access. Alternately, see Offsite accessible mfa documentation

MFA requirements:

  • Full Microsoft Exchange fnal.gov email
  • FNAL RSA soft token - may take up to 1 business day to obtain. Be sure to advise the Service Desk if your MFA was turned on and you cannot check your @fnal.gov email as you must do that from your smartphone to obtain the token.
  • Services password (DIFFERENT from Kerberos): obtain it from the Fermilab Service Desk: Password obtain/reset at Fermilab
Note: You will use your FNAL RSA soft token code Without the PIN for Fermilab MFA.

Vidyo videoconferencing

What if I am having problems with Vidyo?

  • Keep trying, sometimes people are able to connect after multiple tries
  • Use the Vidyo phone bridges, they use a different server than the desktop
  • Be sure you have the latest version of the Vidyo Connect Software, or use WebRTC client (Linux)
  • Contact CERN service desk vidyo-support: vidyo-support at cern.ch


Zoom Videoconferencing at Fermilab

Zoom tips and more documentation



General work from home advice

Here are some guides that CERN and others have shared. Not everything is applicable for working from home for Fermilab machines (for instance, we will not install nomachine)
Webmaster | Last modified: Thursday, 26-Mar-2020 12:55:08 CDT