VA Maryland Health Care System Information Security Office Request for VPN Access

salmonbrisketSoftware and s/w Development

Nov 2, 2013 (4 years and 9 days ago)

161 views

VA Maryland Health Care System

Information Security Office

Request for VPN Access


Note: R
equesters must have a VA network account established prior to submitting request.

1.

Go

to
https://vpnportal.
vansoc.va.gov/SelfService/

(This
must

be done from a VA
computer!)

2.

Enter your
n
etwork
information:

a.

Your u
ser

n
ame:

for example

VHAPERxxxxxx ; VHABALxxxxxx; VHAFTHxxxxxx

b.

Your network password

c.

For Domain,
Select

VHA05

3.

Once on the web site
,

on the left side

click on ‘REQUEST VPN ACCOUNT”

4.

Provide the requested information and click on submit. Please note: if your superviso
r
is not listed, please send a message to
vamhcsisostaff@va.gov


5.

Your supervisor will get a
n e
-
mail
, which he/she must approve before your account will
be established.

An example is shown below:


Employee A

has requested a VPN

(remote) a
ccount and has provided the following business justification:

“Needed to a
ccess
Outlook

e
-
mail
s
ystem

and CPRS

from
h
ome

and while on travel”

Click here to APPROVE the request

Or


Click here to DENY the request


Thank you


One VA VPN Portal Administrator

6.


Please advise your supervisor to expect the e
-
mail.

7.

Once yo
ur supervisor approves your
request, your
Information Security Office will
also
get a message to
approve the establishment of your account
.

8.

A Welcome letter will be sent to you via

Outlook
.

9.

After you receive the welcome letter, go to the following link an
d follow the prompts:

https://vareast.vpn.va.gov
. Remember to use the VHA05
\
vhabalxxxxxx or
VHA05
\
vhaperxxxxxx format for your
Domain
\
User Name
.

10.

Note:
Depending on your Operating System you will need to approve
the installation of
an online Plug
-
In, when prompted by Citrix.


Please direct questions to the Outl
ook mail group:
VAMHCSISOStaff@VA.GOV


For a more immediate response, you may call one of the following:




Balt
imore

ISO
:

410
-
605
-
7140

/ 7141



Perry Point ISO
:
410
-
605
-
1881




DEPARTMENT OF
VETERANS AFFAI RS







OF F I CE OF I NF ORMAT I O
N AND T E CHNOL OGY

F I E L D OP E RAT I ONS


Region 4
CITRIX

Farm

Instructions for Access Using the

VA
CITRIX

Access Gateway (CAG)



Version 1.
2

June

13
,
2011




Contents

Accessing the CITRIX Access Gateway (CAG) instructions

4

Technical Points of contact

7

We value your feedback

8

System Requirements and Compatibility for the CITRIX Online Plug
-
in

9

How

to Access CITRIX Access Gateway

10

WINDOWS

10

How to Access CITRIX Access Gateway

13

Macintosh Users

13

HOW TO SETUP OUTLOOK FOR THE FIRST TIME WITHIN THE REGION 4 CITRIX FARM

17

How to import your PKI Certif
icates into Outlook

20

Accessing your Internet Favorites in the CITRIX Access Gateway (CAG)

23

Mapping to a Network (Shared) Drive

25




Accessing the
CITRIX

Access Gateway (CAG) instructions



1.


Log on to the website:
https://vareast.vpn.va.gov/

2.


You will see the warning screen shown below



3.

In the Domain
\
Usernam
e field type your information (e.g. VHA01
\
VHABEDNAME, VHA02
\
VHA
ALNNAME, VHA03
\
VHABRXNAME, VHA04
\
VHALEBNAME, etc…)

a.

It is important that you fill in the Domain with the “
\
” before putting in your username

b.

Your username is the same name you use to log in at

your facility.

4.

Enter your normal network password in both fields (this is the same password you use to log in
at your facility)

5.

You may be prompted to load a CITRIX plug
-
in. Choose Yes. This plug in is required to allow you
access to the system. If thi
s occurs please reference the steps outlined in
How to Access
CITRIX

Access Gateway

for your operating system
.










After gaining access you will be presented with the following screen:






From this screen you may access the applications presented.

If you are planning on accessing
multiple applications, we recommend that you enter the farm through the Full Desktop. (
Note
:
if you access one of the icons from this view you will need to wait 15 minutes after closing it
before you will be allowed acces
s to another icon)

To access CPRS, BCMA, or VISTA single click on the Desktops tab


For access to the full desktop, select the “Desktops” Tab you will be presented with this view.




To launch an application, simply “
single click
” on the icon












A

security warning screen will appear
.




Select “OK” and you will be presented this view:







When done using
CITRIX
, make sure your sessions is released by clicking on LOG OFF and
close your browser





Warning:

You must click on
LOG OFF

before

closing the internet browser.

Without
doing so, you might end up having multiple sessions on different servers and they can get
stuck or corrupted and prevent applications from working properly.

Logging off
properly will ensure that all previous session
s, including the corrupted & idle sessions
get released so that the next time you use CITRIX, all applications will run smoothly.








Technical Points of contact


If an application is not working properly or fail
s

to launch, it could mean that your p
revious
sessions might not have been logged off properly.


Who to
contact
:


Access
support
:


Contact your local ISO


Application
/Technical S
upport
: email the appropriate team for your VISN:



VISN 01 Citrix Technical Support

VISN 01 Citrix TS POCs


VISN 02 Citrix Technical Support

VISN 02 Citrix TS POCs

VISN 03 Citrix Technical Support

VISN 03
Citrix TS POCs

VISN 04 Citrix Technical Support

VISN 04 Citrix TS POCs

VISN 05 Citrix Technical Support

VISN 05 Citrix TS POCs





We value you
r fe
ed
back




S
elect the Region 4
CITRIX

Farm Survey Form from the content tab



System Requirements and Compatibility for the
CITRIX

Online Plug
-
in



Supported Windows Operating Systems:




Windows 7, 32
-
bit and 64
-
bit editions (including Embedded Edition)




Windows XP Professional, 32
-
bit and 64
-
bit editions



Windows XP Embedded



Windows Vista, 32
-
bit and 64
-
bit editions



Windows Server 2008 R1, 32
-
bit and 64
-
bit editions (not supported by XenDesktop
connections)



Windows Server 2008 R2, 64
-
bit edition (not

supported by XenDesktop connections)



Windows Server 2003, 32
-
bit and 64
-
bit editions (not supported by XenDesktop
connections)

Important:

For XenDesktop connections, be aware that the Desktop Appliance Lock is
only supported on Windows XP Professional a
nd Windows XP Embedded.



CITRIX Receiver Support
. CITRIX Receiver for Windows Versions 1.2 and 2.0 are supported
for the online plug
-
in.



Dazzle and ICA File Signing Support
. ICA File Signing is not supported with Dazzle 1.1.



Upgrades
. Upgrades are support
ed only for CITRIX Presentation Server Client 10.200, CITRIX
XenApp Plugin for Hosted Apps 11.0, Desktop Receiver 11.1, and CITRIX online plug
-
in
11.1,11.2, and 12.0.
x

releases.



Availability of online plug
-
in 12.1 features
. Some of the features and functi
onality of the online
plug
-
in are available only when connecting to newer versions of the products and might
require the latest hotfixes for XenApp, XenDesktop, and Secure Gateway.



Previous versions of the online plug
-
in and the icaclient.adm file.

Previo
us versions of the
online plug
-
in are not compatible with the online plug
-
in 12.1 icaclient.adm file.



Supported Browsers:




Internet Explorer Version 6.0 through 8.0



Mozilla Firefox Version 1.
x

through 3.
x




.NET Framework Requirements (XenDesktop Connecti
ons Only)


To use the Desktop Viewer, .NET 2.0 Service Pack 1 or later is required. This version is
required because, if Internet access is not available, certificate revocation checks slow down
connection startup times. The checks can be turned off and st
artup times improved with this
version of the Framework but not with .NET 2.0. Displaying virtual desktops in full
-
screen
-
only mode does not require the .NET Framework to be installed.



Hardware Requirements:




VGA or SVGA video adapter with color monitor



W
indows
-
compatible sound card for sound support (optional)



For network connections to the server farm, a network interface card (NIC) and the
appropriate network transport software


How to Access
CITRIX

Access Gateway


WINDOWS


1.

Verify that Transport Laye
r Security 1.0 is enabled on your browser. For Internet
Explorer, select the Tools menu item and click Internet Options.


From the Internet Options window, select the Advanced tab. Scroll down to the Use
TLS 1.0 selection and be sure it is selected. Cli
ck OK and close the browser


2.

Open Internet browser again and access NCAG at:
https://vareast.vpn.va.gov/
CITRIX
.
Enter your windows account (domain
\
WindowsAccount) and password. Please note
that you’ll have
to enter your password twice
.


3.

If this is your first time using
CITRIX
, you will be given option to install the latest
CITRIX

client. Simply check to agree with the license agreement and click INSTALL




4.

On the popup screen below, click run to start downl
oading the
CITRIX

client.
Depending on your internet connection, It might take 10 to 20 minutes to download
the client so be patient.



















5.

Once it’s done downloading the client, you’ll need to click RUN again to install the
client




After
about 3 minutes, the client installation is finish. Please click OK




6.

Once the installation is completed.
CITRIX

will continue logging you on and redirect you
to
CITRIX

home screen showing most commonly used applications such as: Outlook,
CPRS, and Inter
net Explorer.







How to Access
CITRIX

Access Gateway


Macintosh Users


Macintosh installation is performed in a similar manner.

Open Safari (Internet Browser)

Navigate to
https://vareast.vpn.va.gov



Log
-
in
as shown in the previous section, if you are presented with the following window
select agree and install.





You should see the plug
-
in being downloaded to your machine.





Once downloaded, the plug
-
in should prompt you with the following screen askin
g what
you would like to do next. Double click the “Install
CITRIX

online plug
-
in.pkg”




You may be presented with the following window (as shown below) click Open. This is a
normal security check making sure that you want to install the plug
-
in.




Select “Continue” on the next screen.




Click continue on the next screen






Select “Agree” to accept the liscens agreement and continue installing the plug
-
in. The
license agreement simply states that you are using the Online Plug
-
in associated with

CITRIX

products.





Select the location that you wish to install the plug
-
in to (single click) and the select
“continue”.





Select Install





You may be prompted for your computer account that is allowed to install the software
(an administrator ac
count)




Once complete click “close”




Once the installation is complete, be sure to log out from the
Region 4

CITRIX

site, close
your browser and reopen it to log in.


HOW TO SETUP OUTLOOK FOR THE FIRST TIME WITHIN THE REGION 4
CITRIX

FARM


1.

Open Out
look: Double Click the icon on your desktop called “Microsoft Outlook. A window
similar to the following will appear. At the “Outlook 2007 Startup window click next when ready.




2.

At the Account Configuration leave the selection at Yes and click next




3.

Outlook will begin to look for your Email. Once it finds your mail a window similar to the
following will appear. Leave all the default selections here. DO

NOT

edit the email address.
Confirm that “Manually configure server settings or additional server ty
pes” is unchecked. Click

next


when ready.




4.

At the Add New Email account window wait for outlook to finish search some more. Confirm
that in the center of the window you see “Your e
-
mail account is successfully configured to use
Microsoft Exchange.” Cl
ick “
Finish


when ready.




5.

DONE with the configuration.

When
outlook opens for the first time it will begin to run
through some post configuration
steps. Below is an explanation of some of the items.


1.

Exchange Archive Solution (EAS):

this window pops
-
up
to inform you that EAS has been
configured to use your mail. Be aware you may have to close outlook and reopen it to read your
EAS Mail correctly.




2.

RSS Feeds: RSS stands for Really Simple Syndication and is a family of web formats used to
publish freq
uently updated works


such as blogs, news headlines, audio and video in a
standard format. Feeds allow you to sync this content.
We do not use RSS Feeds. So Select NO
here.




You are ALL DONE with configuring Outlook for the first time. If you come bac
k to the
Region 4
CITRIX Farm to use O
utlook again these settings will be in place.





H
ow to import your PKI Certificates into Outlook


1.

Go to the Menu tools and select Trust Center

2.

On the left Pane select “Email Security”

3.

On the right Pane click the bu
tton labeled ‘Import/Export’






4.

This will bring you to a window similar to the following.











5.

Click the Browse button and select your PKI Certificate to import from your home directory.
Click the “
Open”

button when ready. You will now be back at

the Import/Export Digital ID
window




6.

In the password field type in the Password you used when you original setup your PKI
Certificates. In the Digital ID Name field type in the Digital ID Name you used. Click “
OK
” when
ready.


7.

You will be prompted with

a window similar to the following.









8.

Confirm the Security Level set is equal to High. Click on the “
Set Security Level


button. A
window similar to the following will appear.





9.

Type in a strong password and next to the confirm field type it in
again. Click Finish when ready.
Then click “
OK
”.


10.

Repeat steps 1 through 9 above for your second certificate.



11.

DONE



Accessing your Internet Favorites in the
CITRIX

Access Gateway (CAG)


The process consists of 2 steps, Exporting and Importing the favo
rites file. To begin you will first export the
Favorites folder
from the VA computer where you currently access to your favorites.



To export the Favorites folder, follow these steps:

1.

Open
Internet Explorer, click
Add to Favorites


It’s the star with t
he + sign towards
the top left of the window
,
or

(Alt
-
Z)
, and then click
Import and Export
.

2.

In the Import/Export Wizard, click
Next
.

3.

Select
Export Favorites
, and then click
Next
.

4.

Click
Favorites

and then click
Next
.

5.

Click the
Browse

button.

6.

Select your

personal drive under the “Save in:” drop down at the top of that window
. It should
have the same title as your log
-
on username.


7.

Click
Save
.

8.

Click
Next
.

Note

If you already have a file that has the same name, Internet Explorer asks you to replace
it. Cl
ick
Yes

to replace the file. Click
No

to provide a new file name.

9.

Click
Finish

then
O
K.



For the importing favorites portion you must be logged into the CAG. Once logged in go to the “Desktops”
t
ab, then select “Full Desktop” and log in. Continue to the
next page


To import the Favorites folder in to the CAG, follow these steps:

1.

In Internet Explorer

within the CAG desktop window
, click
Add to Favorites


, and
then click
Import and Export
.

2.

In the Import/Export Wizard, click
Next
.

3.

Select
Import Favori
tes
, and then click
Next
.

4.

Click the
Browse

button and then select your personal drive under the “Look in:” drop down at
the top of that window
. It should have the same title as your log
-
on username.



5.

Next, locate and select the file you created in the
first step of this process called bookmark.htm

double
-
click on the icon or highlight and select
Ope
n.

6.


It will then go back out to the Import/Export Wizard with the file input into the field.

7.

Click Next

8.

You will then be prompted to “select the folder wh
ere the imported favorites will be placed”. The
top folder titled “Favorites” will be highlighted, if isn’t not click to select and click
Next.

9.

The next screen will say “Completing Import/Export Wizard” Click
Finish
.

10.

A box will appear saying “Successfully
Imported Favorites” click ok.

11.

You should now have access to your Internet Favorite sites in Internet Explorer 7.




Mapping to a Network (Shared) Drive


Once in the “Full Desktop” open the Computer icon in the upper left of the screen




Select


Map Ne
twork Drive






F
ill in the path to your needed share…


Ensure “
Reconnect at Logon
” is checked, this will
ensure the mapped drive will return on subsequent logons.

Repeat for other d
rives as
needed
.