Berkeley Lab Commons
  • Page tree
    Viewable by the world
    Skip to end of metadata
    Go to start of metadata

    ---

    Introduction

    5 Minute Video Introduction to Remote Access at LBL



    Icon

    Overview:

    1. Most services at LBL are available directly from the internet and require only a web browser to access.

    2. For services that are not available to the global internet, the
    Laboratory supports three types of remote access described below.

    Icon

    Get Ready:

    1. Know your LDAP Username/Password & Your Workstation Username/Password and Workstation Name (e.g. yourworkstation.dhcp.lbl.gov) - Don't know them?  Contact the helpdesk!

    2. Know your Voicemail Remote Access Password.  Don't know it?  Set it from within voicemail from your deskphone, or contact tsc@lbl.gov

    Services Available to the Global Internet

    Most lifeline and collaboration services are available from anywhere on the internet with a web browser - no special configuration required.

    The following chart shows key services.  Generally, use of the Web Access is recommended.

    Service

    Web Access (Recommended)

    Additional Access

    Email

    http://gmail.lbl.gov/
    http://lbl.gov/mail

    Gmail is available from offsite.  Legacy IMAP is available from offsite.   

    Calendar

    http://gcal.lbl.gov/

    Google Calendar is directly available offsite.

    LETS

    http://lets.lbl.gov

    N/A

    eRoom

    http://lbl.gov/eroom

    N/A

    Webspace

    http://webspace.lbl.gov

    WebDAV and Xythos Drive connections are available from offsite.

    Google Docs and Sites

    http://gstart.lbl.gov

    N/A

    TREX

    http://trex.lbl.gov

    N/A

     

     


    Note that this list is not exhaustive.  Other services are available from the outside world too.

    Note: For Conference Attendees

    Have you ever been to a conference, or an off-site meeting with a large number of other LBL employees, and not been able to access your email or network files from the conference center?

    The reason this happens is when a large number of people try to access the LBL network at the same time it appears to the Intrusion Detection System that the network is under attack, and it blocks access from the IP Address where the apparent attack is coming from.

    This can be avoided if the person who arranges the conference contacts the IT administrator at the conference center and gets the IP Address of the center. Once that IP Address is known it can be given to the Lab’s Computer Protection Program (CPP), and it will be put on a list of addresses that are allowed to access the LBL network.

    If the IP Address cannot be obtained before the conference starts, someone at the conference should use their laptop to go to the following web site: www.whatismyip.com.

    This site will show the IP Address that is being used at the conference center and should be given to Computer Protection Program either by email at cppm@lbl.gov, or by calling the IT Help Desk at 486-4357.

    Second Level Remote Access Methods

    If you need to access a service like a Windows Shared Folder (CIFS), or a financial or other institutional business system, you need to use a remote access method to access the Berkeley Lab Network.  The Laboratory supports three basic kinds of remote access:

    Service

    Description

    Pre-Configuration

    Discussion

    VPN

    Connects your laptop or desktop computer at home or on the road directly to the LBL network.

    You can download the software from software.lbl.gov

    When you connect your computer via VPN, all your traffic is tunneled to the Laboratory.  This traffic must comply with Laboratory acceptable use policies and you must take special care to secure the system you are using. 
    When your remote computer is connected via VPN, you won't be able to utilize other network resources on your home LAN.  For example, if you share files with another member of your household, or share a network-connected printer, you'll need to turn off VPN to access those resource.

    Remote Desktop

    The Laboratory supports direct remote desktop for Windows systems.  This gives you access to your desktop system from any computer.
    Other protocols like VNC require that you first VPN or SSH.

    Your Lab system must have remote deskop turned on, and you must have a remote desktop client (available from microsoft). Configuration information is availablehere.

    Some configuration settings permit you to share local drives and printers.
    Leaving remote desktop on at all times and not using it is an unnecessary security risk.  Unless you plan to use it, don't turn it on.

    SSH

    Connect securely to Linux and other systems with SSH turned on and properly configured.

    Your server must support SSH.

    If you know what this is, you probably don't need any help from this page.

    Unexpected Remote Access

    Under some scenarios we can contemplate (like a pandemic) large numbers of individuals may be unexpectedly telecommuting, possibly from systems they have never used before to conduct lab business.  While our approach may change as the situation develops, here are some tips to handle "unexpected" remote access.

    1. Do you need Second Level Remote Access at all?  If you just need to check email and access web-based document stores, you don't need anything but your LDAP password and your web browser.

    2. If you need Second Level Remote Access, consider which solution above you need.  If you already have Remote Desktop turned on on your work computer, this is almost certainly the easiest way to go.  If your home computer doesn't have the remote desktop client, you can get it here: Windows (note that it's probably already installed if you have a recent version of Windows)   Mac

    3. If you don't have Remote Desktop turned on on your work computer, you can still access other "inside" resources.

    Getting VPN From Offsite

    1. Visit software.lbl.gov and login with your LDAP username and password.

    2. If your home computer doesn't have up to date antivirus protection, download Sophos first and install it on your home computer.

    3. Download the Cisco VPN client appropriate for your platform from software.lbl.gov

    4. Follow the directions and install the software.

    5. Use your LBL LDAP username and password to authenticate.

    6. Congratulations, once you connect you're "inside" the LBL network and can access resources from your home or other system that are not normally available to the global internet. Remember that everything you do while connected is subject to monitoring and LBL policies.

    Working Together When You're Not Together

    Remote access to resources is only part of the picture.  In a pandemic or other continuity situation, you'll need ways to share information and work with people too.  Luckily, working with remote colleagues is actually a "normal" thing at LBL, and we have many resources to help you.  You can learn more at labtech.lbl.gov, but here are some things to get you started:

    Realtime Tools:

    1. ReadyTalk (Audio Conferencing and Slide Sharing):  Set up an audio conference, and share slides or documents with your colleagues via the computer.

    2. Google Talk (Pilot): Everyone at LBL has an account with Google Talk.  You can use the web version at gstart.lbl.gov, or the client.  More information coming soon.

    Sharing Tools:

    1. Google Docs and Sites

    2. Commons

    3. Webspace