User Guide Remote PIV to VDI Using a PIV Card



Similar documents
User Guide Remote Access to VDI/Workplace Using PIV

Remote Access End User Reference Guide for SHC Portal Access

SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client

Install and End User Reference Guide for Direct Access to Citrix Applications

mystanwell.com Installing Citrix Client Software Information and Business Systems

Employee Express - PIV Card Registration Instructions

Windows Installation 1. On a Windows PC (For MAC, skip to next section), at the file download prompt click Run.

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

Finance & Information Management Network Operations

VPN User Guide. For Mac

VPN User Guide. For Mac


WHAT IS VIRTUAL DESKTOP? WHAT YOU NEED LOG IN TO VIRTUAL DESKTOP SET UP CITRIX RECEIVER REMOTE ACCESS GUIDE

How do I use Citrix Staff Remote Desktop

Defense Logistics Agency. Virtual Desktop: User Guide

These instructions will allow you to configure your computer to install necessary software to access mystanwell.com.

Coillte IT has recently upgraded the Remote Access Solution to a new platform.

Instructions for Accessing the Hodges University Virtual Lab

Two Factor Authentication - USER GUIDE

Accessing TP SSL VPN

Massey University Wireless Network Client Configuration Mac OS X

BT Lancashire Services

Connecting Remotely via the Citrix Access Gateway (CAG)

Introduction Requesting a VPN Account Accessing the Citrix Access Gateway (CAG) Tips and Tricks... 9

DPH TOKEN SELF SERVICE SITE INSTRUCTIONS:

Department of Veterans Affairs Two-Factor Authentication MobilePASS Quick Start Guide November 18, 2015

Carroll Hospital Center

Citrix : Remediation - MAC

Accessing the Media General SSL VPN

isupplygw Site Login Troubleshooting

Access to applications and the network depends on whether or not you are using personal equipment or a Firm-issued laptop or desktop.

CONNECT-TO-CHOP USER GUIDE

Portal Instructions for Mac

...1 CITRIX REMOTE ACCESS WINDOWS TABLE OF CONTENTS...1 ADDING CITRIX.AKERMAN.COM AS A TRUSTED SITE TO INTERNET EXPLORER

Overview 1. Minimum Requirements for Physician Remote Access - Clinical

Secure Access Portal. Getting Started Guide for using the Secure Access Portal. August Information Services

Outlook Web Access 2003 Remote User Guide

Remote Desktop Web Access. Using Remote Desktop Web Access

VPN Web Portal Usage Guide

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

This document shows new Citrix users how to set up and log in to their Citrix account.

Section 1.0 Getting Started with the Vālant EMR. Contents

XEN Web Portal Instructions

Citrix Mac OS X Guide

MED ACCESS USER INSTRUCTIONS FOR INSTALLING THE CITRIX RECEIVER FOR ACCESS TO ALBERTA NETCARE VIA PLB

Remote Access Services Apple Macintosh - Installation Guide

Mac Installation and User Guide

Technology Services Group Procedures. IH Anywhere guide. 0 P a g e

of Delaware, Inc. a subsidiary of Universal Health Services UHS FUSION CERNER MILLENNIUM APPLICATION PORTAL USER GUIDE

Instructions for installing Citrix Receiver

How to Use Remote Access Using Internet Explorer

ARCHER & GREINER. Citrix Client Install Instructions - For ALL Citrix Users. BigHand Client Install Instructions - For BigHand Users Only

Secure Parliamentary Remote Access (SPRA)

Mac OS X. Staff members using NEIU issued laptops and computers on Active Directory can access NEIU resources that are available on the wired network.

Learning Management System (LMS) Quick Tips. Contents LMS REFERENCE GUIDE

Remote Access: Internet Explorer

Citrix Receiver 11.8 for Macintosh OS X

Guide: Using Citrix for Home/ Office

Installation Guide. (You can get these files from

Lync Online Deployment Guide. Version 1.0

8x8 Click2Pop User Guide

Installing the Citrix Online Plug-In

Citrix Remote Access Work Instructions

ANZ TRANSACTIVE GETTING STARTED GUIDE AUSTRALIA & NEW ZEALAND

Hosted Service Tips and Troubleshooting

Medstar Health Dell Services

Remote Access. Remote Access Start-up Guide. Non Cheshire East Council PC s/laptops. Page 0

How to Use the Billericay School Portal

For Mac User Directions, see page 5

Remote Access Services Microsoft Windows - Installation Guide

Connecting Remotely via the Citrix Access Gateway (CAG)

Network Connect Installation and Usage Guide

1. Accessing the LONZA network from a private PC or Internet Café

Citrix XenApp 6.5 User Guide. For Windows and OS X

Quick User Guide. The KLZ Home Page

SSL VPN Support Guide

Wireless Setup for Windows 8

Using Access.Centegra.Com (Physician Access) Secure Remote Access from the Internet

How to File the FBAR Electronically. The following steps describe the process of filing an FBAR electronically with our system.

NETWRIX IDENTITY MANAGEMENT SUITE

Labour Market Programs Support System. LaMPSS Computer Compatibility Guide

Citrix Remote Access Portal U s e r M a n u a l

How to Remotely Access the C&CDHB Network from a Personal Device

Secure Global Desktop (SGD)

SmartGrant Web Browser Set-Up

Massey University Wireless Network Client Configuration Windows 7

Procedure for How to Enroll for Digital Signature

Citrix Client Install Instructions

2-FACTOR AUTHENTICATION WITH

USER GUIDE WWPass Security for Windows Logon

Reading an sent with Voltage Secur . Using the Voltage Secur Zero Download Messenger (ZDM)

Downloading and installing SMART Notebook Software

Entrust Managed Services PKI

Check current version of Remote Desktop Connection for Mac.. Page 2. Remove Old Version Remote Desktop Connection..Page 8

Akita International University Online Application System. Usage Manual

Allianz Global Investors Remote Access Guide

XenApp & XenDesktop Documentation. Help Desk (202)

Transcription:

User Guide Remote PIV to VDI Using a PIV Card Energy IT Services (IM-64) March 2015

Authors Prepared By Matthew Cummings Senior Systems Engineer IM-64 Version Control Date Version Document Revision Description Revision Author 12/15/2014 1.0 Document created Matthew Cummings 12/19/2014 1.1 Formatted and edited Leslie O Gwin-Rivers 12/29/2014 1.2 Updated Matthew Cummings 3/11/2015 1.3 Updated Matthew Cummings 3/12/2015 1.4 Formatted and edited Leslie O Gwin-Rivers 3/16/2015 1.5 Updated Harpreet Talwar 3/16/2015 1.6 Formatted Leslie O Gwin-Rivers 3/17/2015 1.7 Updated Harpreet Talwar U. S. Department of Energy Remote PIV to VDI Using a PIV Card 2

Table of Contents 1 Overview... 4 2 Scope... 4 2.1 Web Browsers... 4 2.2 Operating Systems... 4 3 Types of Smart Card Readers and Installation... 5 4 Install the External Reader on a PC... 5 5 Access from a GFE Laptop... 5 6 Access from a Home Personal Computer... 9 7 Access from a Home Personal Mac... 13 8 Access from a Government Furnished Equipment (GFE) Mac... 19 Appendix A: Remove an Incorrect Certificate... 23 Appendix B: Troubleshooting... 25 U. S. Department of Energy Remote PIV to VDI Using a PIV Card 3

1 Overview As mandated by the Homeland Security Presidential Directive 12 (HSPD-12), Office of Management and Budget (OMB) M 11-11, and Department of Energy (DOE) O 206.2, Office of the Chief Information Office (OCIO) Energy IT Services (EITS) has deployed hardware, software, and configuration changes that enable EITS customers to log on to their computers with their HSPD-12 credentials. The implementation of virtual desktops also falls under the HSPD-12 directive. Personal identity verification (PIV) authentication is integrated in the virtual desktop infrastructure (VDI) design and implementation. VDI is accessible from DOE internal trusted EITS zero-clients, laptops, and conventional desktops. This equipment provided by DOE is also known as government-furnished equipment (GFE). VDI can also be securely accessed from external clients over the Internet, however, which is one of the great benefits of VDI technology. As a remote VDI user, you must also authenticate your identity with your PIV card per the HSPD- 12 directive. In certain cases where the HSPD-12 credential cannot be used, an RSA token is the alternative form of two-factor authentication for external VDI users. 2 Scope The tables below list the Internet browsers and operating systems that were tested with version and ability to function with remote PIV with VDI. 2.1 Web Browsers Browser Version Function Microsoft Internet Explorer 9.0.8112.16421 Yes Microsoft Internet Explorer 11.0.9600.17358 Yes Google Chrome 38.0.2125.111 m and above Yes Safari 6.2.3 and above Yes Mozilla Firefox 31.1.1 Not supported. Reconfiguration is required to support PIV and is not recommended. 2.2 Operating Systems Operating System Version Function Windows 7.0 and above Yes Personal Mac 10.10.2 Yes GFE Mac 10.8.5/0.9.5 Yes U. S. Department of Energy Remote PIV to VDI Using a PIV Card 4

3 Types of Smart Card Readers and Installation There are three types of smart card readers used in the DOE environment. They are listed and displayed below. To learn more about card readers, go to the following Powerpedia page: HTTPS://POWERPEDIA.ENERGY.GOV/WIKI/SMART_CARD_READER. 1. Internal Card Reader 2. Portable Card Reader 3. Standard Card Reader 4 Install the External Reader on a PC To install the external card reader, connect the card reader to your workstation. The card reader self-installs. To view the installed card reader s status, go to the lower left of the Windows screen. Select Start Devices and Printers. 5 Access from a GFE Laptop 1. Once the card reader has been installed, insert your PIV card into the reader. 2. Open Internet Explorer and type in HTTPS://MYDESKTOP-TEST.DOE.GOV and press [Enter]. 3. Select the link for the PIV card. The PIV card must be inserted prior to selecting the link. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 5

4. A certificate box is displayed. 5. To determine the correct certificate is being used, select the link, Click here to view certificate properties. Select the Detail tab. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 6

a. Select Enhanced Key Usage to display the Smart Card Logon as shown below. b. After verifying the correct certificate, select [OK]. Note: The desktop will not ask for your PIN because it was cached after logging onto your GFE laptop. 6. The desktop auto-launches. Select [OK] on the DOE Security Banner screen. 7. Type your PIN at the desktop and press [Enter]. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 7

Note: If you see the username and password fields, select the Other Credentials button. Select the PIV car, type your PIN. Press [Enter]. You are now logged into the VDI desktop. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 8

6 Access from a Home Personal Computer 1. Download and install the latest receiver from HTTP://WWW.CITRIX.COM/GO/RECEIVER.HTML. 2. Insert a card reader if necessary. The card reader installs. To view the installed card reader s status, go to the lower left of the Windows screen. Select Start Devices and Printers. 3. Once the card reader has been installed, insert your PIV card into the reader. 4. Open Internet Explorer and type in HTTPS://MYDESKTOP-TEST.DOE.GOV and press [Enter]. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 9

5. Select the link Access VDI using your PIV card. The PIV card must be inserted prior to selecting the link. 6. A certificate box is displayed. 7. To determine the correct certificate is being used, select the link, Click here to view certificate properties. Select the Detail tab. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 10

a. Select Enhanced Key Usage to display the Smart Card Logon as shown below. b. After verifying the correct certificate, and select [OK]. 8. The PIN prompt box is displayed. 9. Type your PIN and select [OK]. If you do not see the PIN prompt box, check to make sure it did not pop up behind another window. 10. The desktop auto-launches. Select [OK] on the DOE Security Banner screen. 11. Type your PIN at the desktop and press [Enter]. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 11

Note: If you see the username and password fields, select the Other Credentials button. Select the PIV card and type your PIN. 12. You are now logged onto the VDI desktop. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 12

7 Access from a Home Personal Mac If you are a Mac user and want to access VDI using your PIV card, you must have the operating system, X Yosemite 10.10.2 or higher and have Centrify Express for Smartcard installed. 1. Download and install the latest Mac receiver from the following site: HTTP://WWW.CITRIX.COM/GO/RECEIVER.HTML. 2. Go to HTTP://WWW.CENTRIFY.COM/EXPRESS/SMART-CARD-FORM. Complete the form and accept the End User License Agreement (EULA). Select the Download Now button to see Centrify Express for Smartcard. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 13

3. Select Download for Mac OS 10.7, 10.8, 10.9, 10.10. 4. Install Centrify Express for Smartcard. 5. To verify that Centrify Express for Smartcard is installed, select the Launchpad. Find the Smart Card Assistant. 6. Open Safari and go to HTTPS://MYDESKTOP-TEST.DOE.GOV. 7. Insert the card reader. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 14

8. Insert your PIV card. 9. Select Access VDI using your PIV card. 10. At the certificate, prompt, select a certificate and scroll down to Purpose #2 Smartcard Logon. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 15

11. When the correct certificate is selected, select Continue. a. Centrify Express for Smartcard stores this option in the keychain, and you are not prompted to select the certificate again. b. If you accidentally select the wrong certificate, see appendix A for the steps to remove the certificate from the Centrify Express for Smartcard keychain. 12. At the next prompt, type your PIV card PIN, which is your keychain password. Press [OK]. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 16

13. At the prompt to Trust the Citrix Receiver Plug-in, select Trust. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 17

14. The Storefront displays. a. If you have a single desktop, it auto-launches. b. If you have more than one desktop, select the preferred desktop to launch. 15. When the desktop displays, the DOE Security Banner screen appears. Select [OK] to continue. 16. The desktop displays the message: Reading smart card 17. At the prompt, type your PIN and press [Enter]. 18. You are now logged on to the desktop. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 18

8 Access from a Government Furnished Equipment (GFE) Mac 1. Insert card reader and PIV card. 2. Logon to your Mac using your PIV credential. 3. Open Safari or Chrome. 4. Go to https://mydesktop-test.doe.gov. 5. Click on the link to [ Access VDI using your PIV card ] 6. You will be prompted to select a certificate. a. Click on a certificate, click the button for Show Certificate and scroll down to look for Purpose #2 Smartcard Logon. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 19

7. Once the correct certificate is chosen, click [ OK/Continue ] 8. You will not be required to enter your PIN as it was cached during logon to your Mac. 9. Click [ Trust ] to unblock the Citrix Receiver Plug-in. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 20

10. The Storefront displays. a. If you have a single desktop, it auto-launches. b. If you have more than one desktop, select the preferred desktop to launch. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 21

11. When the desktop displays, the DOE Security Banner screen appears. Select [OK] to continue. 12. The desktop displays the message: Reading smart card 13. At the prompt, type your PIN and press [Enter]. 14. You are now logged on to the desktop. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 22

Appendix A: Remove an Incorrect Certificate If you accidentally select the wrong certificate in Safari, you must remove it from the Centrify Express for Smartcard keychain to be prompted to select a certificate again. 1. Open Launchpad and open Smart Card Assistant. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 23

2. Select Diagnostics, then press the Open Keychain button. 3. On the left, select login under keychains and then All Items under Category. 4. On the right, select the identity preference entry and press [Delete]. 5. Go back to section 6, Access from a Home Personal Mac. Go to step 6 to log on again and be prompted for the correct certificate. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 24

Appendix B: Troubleshooting If you select the wrong certificate after entering your PIN, an error message displays that states the page cannot be displayed. Follow these troubleshooting steps to select the correct certificate. 1. Close the browser. 2. Remove your PIV card from the reader, then re-insert it. 3. Open the browser again. 4. Go back to the logon instructions to select the correct certificate. If the wrong certificate was chosen in Safari,first follow the steps in Appendix A, Remove an Incorrect Certificate, then complete these instructions. U. S. Department of Energy Remote PIV to VDI Using a PIV Card 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information