it.ucsf.edu

VPN Frequently Asked Questions

John Kealy's picture

What is a Virtual Private Network?

A virtual private network (VPN) extends the UCSF network across a public network, such as the Internet. It enables a computer, laptop, or smart phone to send and receive encrypted data across public networks as if it were directly connected to the UCSF network.

A VPN allows UCSF staff to securely access the UCSF intranet while away from their office, lab or classroom. A VPN also secures a user’s transactions for the purpose of protecting personal identity and location.

What is happening with UCSF’s VPN?

UCSF currently has three (3) different VPN products in place. By consolidating the VPN to one product, UCSF will provide an enterprise-wide, consistent tool that reduces troubleshooting that is commonly experienced with multiple products. UCSF IT is in the process of consolidating and subsequently retiring these older solutions. This new solution is a Juniper MultiAccess Gateway (aka Junos Pulse).

What are the Benefits of Junos Pulse (the new VPN)?

  • All UCSF faculty, staff, students and affiliates can access the virtual network (aka VPN) through Active Directory or SFID credentials.
  • Junos Pulse client will use your existing VPN account.
  • Junos Pulse ensures simplified support and troubleshooting.
  • Junos Pulse offers critical redundancy during emergency situations.
  • Junos Pulse provides enhanced vendor support.
  • Junos Pulse will require simple installation for all non IT Field Services (ITSF) managed machines.
  • Junos Puse will retain your previously bookmarked locations.
  • For IT Field Services managed computers, there will be no change to their log-in other than a newly UCSF branded logo homepage.
  • For the Med Center computers, IT will replace the Cisco VPN client with Junos Pulse.

Who is impacted by the roll-out of the new VPN?

Any user who accesses UCSF resources from home or while traveling.

Campus Clients

For Campus clients the new remote log in has changed to: remote.ucsf.edu. Other updates for the Campus include:

  • User bookmarks and file settings are being carried over from the existing system.
  • The NetworkConnect desktop client is being replaced with Junos Pulse (see below for installation instructions).
  • The big news is that you can now logon using your Windows account.

 

Medical Center Clients

Medical Center users will begin using Junos Pulse instead of the Cisco VPN client.  Users will have access to the web portal, remote.ucsf.edu.  User log-on credentials will remain the same. 

What is an SSL VPN?

Secure Sockets Layer (SSL) is the same technology used in your browser that encrypts your communication with web sites (HTTPS). Because the SSL VPN client uses the same port as secure web pages, it is more likely to be allowed through firewalls at remote locations.

What is a web portal?

Provides secure access to UCSF networked resources without installing a desktop client. An ssl tunnel is created from your web browser to the UCSF VPN server. You can access websites, remote desktop sessions and other UCSF resources from inside the connected browser. Anything outside the browser is not secured.

Users can create bookmarks to frequently used resources (e.g., iMedRIS, HBS, MyReports, MySoft, PeopleSoft, Weblinks, etc.)

How do I get connected?

Log-on to the web portal at https://remote.ucsf.edu. Use your Active Directory (AD) credentials, or your SFID credentials.

Will the old VPN connections continue to be available?

Yes. The existing Campus and Medical Center VPNs will be available until August 31, 2015, however VPN users are requested to use the new http://remote.ucsf.edu as soon as possible as the new system is faster and more reliable.

Where do I get the Junos Pulse client?

Users with ITFS-managed desktops will receive the new client automatically.

Other users can install the client by following the instructions at https://software.ucsf.edu/. You will need administrator privileges to install the client.

What operating systems are compatible with the new VPN?

  • A Windows, Mac OS X, or Apple device running iOS
  • An Active Directory credential

Linux clients will continue connecting to VPN.UCSF.EDU via NetworkConnect until the new Junos Pulse Linux client becomes available. This is expected to be available in the Fall of 2015.

I already have the existing Juniper Network Connect software installed. Will I still be able to use it?

Yes, until the legacy VPN is decommissioned on August 31, 2015.  Users with managed desktops will receive the new client automatically. Other users may install the client by following the instructions at http://software.ucsf.edu/applications/. You will need administrator privileges to install the client.

What is the deployment / availability schedule?

December 2014 – New Juniper equipment installed

February 2015 – Pilot users (~60 users)

June 2015 – All Medical Center and Campus users (~3,000); except for Linux users

August 31, 2015 - The legacy VPN is de-commissioned

Fall 2015 – Linux client available

 

Can my mobile device connect with VPN?

The UCSF Service Desk does not currently support mobile devices or tablets.   However, you can download the Junos Pulse mobile client from either Google Play or the App Store.  Use https://remote.ucsf.edu for the connection url.  

Is my usage logged or tracked?

Use of the UCSF VPN is subject to the UC Electronic Communications Policy: http://policy.ucop.edu/doc/7000470/ElectronicCommunications.

Computers using the Junos Pulse client must adhere to the UCSF Minimum Security Standards.

I am connected to VPN. How do I connect to my office computer remotely?

In order to configure your computer for remote desk top, please contact the ServiceDesk since this may require a local administrator privilege.

How do I add bookmarks?

  •  In the Web Bookmarks section, click the plus sign that appears on the right hand side. In the Bookmark Name field enter the name that you want to appear in your Web gateway list for this connection; in the URL field enter the complete URL for the application you are adding. Click Add Bookmark. The new bookmark will appear on your homepage underneath the system-defined entries.

[[{"fid":"4096","view_mode":"media_full","fields":{"format":"media_full","field_image_position[und]":"_none"},"type":"media","link_text":null,"attributes":{"alt":"vpn bookmark illustration","height":248,"width":1019,"style":"font-size: 16px;","class":"media-element file-media-full"}}]]

  • To add a bookmark to a terminal-based application, in the Terminal Sessions section, click the icon of the computer with a plus sign that appears on the right hand side. Select SSH, telnet, Citrix or Windows Terminal Services from the Session Type dropdown. Enter the appropriate information then click Add. The link will appear on your homepage.

[[{"fid":"4101","view_mode":"media_full","fields":{"format":"media_full","field_image_position[und]":"_none"},"type":"media","link_text":null,"attributes":{"alt":"Telnet illistration","height":109,"width":1090,"class":"media-element file-media-full"}}]]

Some of my bookmarks are missing on the new web portal.

User bookmarks were migrated as close as possible to the release date of the new system. If you are missing bookmarks:

Some of my bookmarks stopped working.

Please make sure your bookmark is using a FQDN (Fully Qualified Domain Name). For example you may have a bookmark that’s mapped to URL https://apexconnect .

This bookmarks needs to be updated to URL https://apexconnect.ucsfmedicalctr.org .

Another example is http://hr – since hr.ucsf.edu and hr.medicalcenter.org are two different sites, your bookmark needs to be updated with FQDN of the correct site.

I can’t browse to a UCSF or UCSF Medical Center website from the web portal

Make sure you use the full website address and not just the host name. For example:

 

Will I still have access to local network printers/servers while I am connected to the VPN?

Yes. The VPN connects your computer to the UCSF network and all the resources you would have available if you were at work. It also allows you to connect to local resources on the same subnet as your computer.  All the data is sent directly to the UCSF network.

How long can I stay connected to the VPN?

A session is limited to 10 concurrent hours.

Sessions with no activity for 60 minutes will be automatically logged out.

You will be offered the option to extend your session 10 minutes before it expires.

The remaining session time is displayed:

  • In the upper right-hand corner of the web portal screen
  • By clicking on the Junos Pulse taskbar icon, select Open Pulse, click on UCSF Remote Access and select Advanced Connection Details.

Can I establish a VPN connection from more than one computer at a time?

No. You can have a single web portal or Junos Pulse session at a time.

My VPN client shows I am connected, but I cannot reach any resources.

Please disconnect and re-connect to VPN using the same client pointing to https://remote.ucsf.edu before contacting the Service Desk (415-514-4100).

How do I disconnect from the VPN?

  • Junos Pulse - right click the Pulse Icon in the system tray, select the active session, and choose Disconnect
  • Web portal – Click the Sign Out icon (upper right-hand corner)

I need to give an external contractor access to the network. Is this still possible?

Yes. Request a unique SF id for your contractor following account request procedures. For medical center account request at https://it.ucsf.edu/services/medical-center-account-request; for campus account request at https://it.ucsf.edu/services/it-account-request-forms

Who do I contact if I’m having problems?

  • First level of support the Support Desk - 415.514-4100
  • Report via ServiceNow https://help.ucsf.edu/
  • Escalation will automatically occur to resolve problems

Why is VPN happening now?

  • The current equipment (Juniper and Cisco) is past “end of support”. This means that the equipment is obsolete and is no longer serviced or supported by the respective manufacturers