Difference between revisions of "VPN - JHU"
| (29 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
:Several JHU IT-based resources require your computer to be connected to the JHU network for access. For example, JHU-located share drives and certain JHU websites/services. If you're outside of JHU, for instance, at home or at a hotel, you are not on the JHU network, and therefore, cannot access the JHU Network-only resources. | :Several JHU IT-based resources require your computer to be connected to the JHU network for access. For example, JHU-located share drives and certain JHU websites/services. If you're outside of JHU, for instance, at home or at a hotel, you are not on the JHU network, and therefore, cannot access the JHU Network-only resources. | ||
| − | :Enter the '''VPN'''. A VPN ('''''V'''irtual '''P'''rivate '''N'''etwork'') is a way to access resources of another network, for example, | + | :Enter the '''VPN'''. A VPN ('''''V'''irtual '''P'''rivate '''N'''etwork'') is a way to access resources of another network, for example, a business's network, without physically residing on that network. You can connect to a VPN from home/mobile, and it will look to your computer and to the business's server as if you were on that server's network, even if physically, you're not. |
:JHU hosts its own VPN. The JHU VPN will allow JHU users' home/mobile/etc. computers who are ''outside'' of the JHU network to connect to JHU as if they were physically on campus. | :JHU hosts its own VPN. The JHU VPN will allow JHU users' home/mobile/etc. computers who are ''outside'' of the JHU network to connect to JHU as if they were physically on campus. | ||
| Line 15: | Line 15: | ||
<!--'''NOTE: In order for some of the links below to bring you to the correct site, you need to be on the JHU network (or the JHU VPN.)''' --> | <!--'''NOTE: In order for some of the links below to bring you to the correct site, you need to be on the JHU network (or the JHU VPN.)''' --> | ||
| − | :JHU | + | :JHU requires [https://it.johnshopkins.edu/services/directoryservices/jhea/AzureMFA/AzureLoginMFA '''M'''ulti-'''F'''actor '''A'''uthentication (MFA)] to access some of its services... ''including the JHU VPN''. JHU uses ''Microsoft Azure'' for providing JHU's Multi Factor Authentication service. |
:(Besides this page we're providing you, WSE IT has put together a document discussing MFA [http://wseit.engineering.jhu.edu/get-help/multi-factor-authentication here] as well.) | :(Besides this page we're providing you, WSE IT has put together a document discussing MFA [http://wseit.engineering.jhu.edu/get-help/multi-factor-authentication here] as well.) | ||
| − | : | + | :To get started with MFA, you will need to visit the Azure MFA Resource Center's '''''[https://livejohnshopkins.sharepoint.com/sites/Office365Hub/SitePages/Multi-Factor-Authentication.aspx Enrollment Page]''''' to enroll. <!-- your JHED ID to have it work in conjunction with what JHU calls its ''myIT Login Code''.--> |
:That page and its video will show you how to enroll your JHED ID with the Azure MFA. The video is very helpful in explaining the process. You are encouraged to watch it all the way through. | :That page and its video will show you how to enroll your JHED ID with the Azure MFA. The video is very helpful in explaining the process. You are encouraged to watch it all the way through. | ||
| − | :As part of the MFA setup process, you will end up having to choose an | + | ====Authenticators==== |
| + | |||
| + | :As part of the MFA setup process, you will end up having to choose an '''authenticator''' method to use. There are several authenticator methods: | ||
| + | |||
| + | * Text your phone: When JHU needs you to enter your MFA code during login to JHU's MFA-required pages/apps, they will text your phone with the MFA code that you will use to enter into whatever prompt they send you. | ||
| + | |||
| + | * Use an app/program: Alternatively, you can choose to install an authenticator program on your computer (or phone.) The authenticator program, when run, will provide the 6-digit number to enter when you are prompted at JHU for your MFA code. JHU suggests you use the Microsoft Authenticator App (for Windows) to generate that numerical code. You can download Microsoft Authenticator according to instructions from the enrollment process video. Additionally, you can choose to run other authenticators to run (under Windows) instead, including a program called WinAuth. Macs, Androids and IPhones have various authenticators available as well. Note that the codes are generated using time-based factors... so, the code you generate needs to be entered soon (up to a minute) when you are prompted, otherwise, you need to generate another code. | ||
:Please install your Authenticator program before continuing. | :Please install your Authenticator program before continuing. | ||
| − | :If you want to change your authenticator method or manage your MFA, please first visit the main [https://it.johnshopkins.edu/services/directoryservices/jhea/AzureMFA/AzureLoginMFA Azure MFA page] and then click on ''Manage Azure MFA''. | + | ::NOTE: If you want to change your authenticator method or manage your MFA at some point, please first visit the main [https://it.johnshopkins.edu/services/directoryservices/jhea/AzureMFA/AzureLoginMFA Azure MFA page] and then click on ''Manage Azure MFA''. |
You will need your MFA configured in order to access the JHU VPN in the next step. | You will need your MFA configured in order to access the JHU VPN in the next step. | ||
| − | <span style="color:#ff0000">'''NOTE:''' If you have any issues with setting up Multi-factor authentication, ''you should contact'' JHU IT's support helpdesk | + | <span style="color:#ff0000">'''NOTE:''' If you have any issues with setting up Multi-factor authentication, ''you should contact'' [https://support.cs.jhu.edu/wiki/Contacting_JHU_IT_Support JHU IT's support helpdesk]</span> |
<br> | <br> | ||
| − | ===STEP 2: Installing the JHU VPN Client Program, JH Pulse Secure=== | + | ===STEP 2: Installing and Running the JHU VPN Client Program, JH Pulse Secure=== |
| + | |||
| + | :Please visit the [https://cds.johnshopkins.edu/vpn JHU VPN Resource page.] | ||
| − | : | + | :Once there, Under '''VPN Quick Links''' on the right, choose '''Request VPN Access'''. It's possible you might already have VPN access (and if you think you already do, you can skip below the next step.) <span style="color:#ff0000">'''NOTE:''' As of 2020, we're told that you might not need to request VPN access, as access is now granted automatically.</span> |
| − | : | + | :Next, below the VPN Quick Links section on that page, you'll find '''VPN CLient Installs (for New VPN Installs).''' Click on the operating system you're downloading for. This will download the '''''Pulse Secure''''' software that will run on your computer as your gateway to the JHU VPN. |
| − | : | + | :Install the Pulse Secure package. |
| − | :The | + | :Run the Pulse Secure program. The following is for a Windows systems running Pulse Secure. Other operating systems may be similar. |
| − | + | * Look for ''Connections''. | |
| − | + | * If for some reason, there are no connections listed, follow the steps directly below... | |
| + | ** Click on the + symbol right next to the word Connections. | ||
| + | ** The + sign opens up the '''Add Connections''' section. | ||
| + | ***Leave the '''Type''' as is. | ||
| + | ***Give the VPN connection a '''Name''' (e.g. ''JHU VPN''), just so you can identify it. | ||
| + | ***Then, enter in the '''Server URL''' (which is basically, the VPN address. Use '''vpn.''jh''.edu''' (Notice that it's "jh" and not "jhu" in the server name.) | ||
| + | ***Now, click Add, and you should have a new connection ready to go. | ||
| − | + | *Choose the JHU VPN from your list of connections. | |
| − | + | *Click Proceed | |
| + | |||
| + | * You will be prompted for your JHED credentials. Enter them. | ||
| + | |||
| + | *You'll see '''Enter code'''. This is where you need your MFA ''Authenticator'' code from Step 1 above. So, depending how you set up your MFA, you might receive a code via Text or you might need to run your Authenticator program (e.g., Microsoft Authenticator, WinAuth, etc.) and enter in the 6-digit code it provides you. | ||
| + | ** You MFA code changes every minute, so if you don't type in your code in time, refresh your Authenticator and try the next code it gives you. | ||
| − | + | * Once you enter that code, Pulse Secure will complete making the VPN connection. | |
| − | + | *When you are done for the work day, go back to the Pulse Secure App and click Disconnect. | |
| + | **Note that when you are on the VPN, you are now passing all your computer's network traffic through JHU before it goes out to the rest of the Internet. When you are done using the VPN, disconnecting from Pulse Secure will allow your computer's network traffic to run through your ISP's network directly out to the Internet (as it normally does.) | ||
| − | |||
| − | : | + | <span style="color:#ff0000">'''NOTE:''' If you have any issues with installing or using the JH Pulse Secure client on your computer, ''you should contact'' [https://support.cs.jhu.edu/wiki/Contacting_JHU_IT_Support JHU IT's support helpdesk].</span> |
| − | |||
| − | |||
<br> | <br> | ||
==Changing your default JHU VPN authentication Method== | ==Changing your default JHU VPN authentication Method== | ||
| − | :By default, the new JHU VPN (hosted by Microsoft Azure) seems to make texting your phone the way to provide you | + | :By default, the new JHU VPN (hosted by Microsoft Azure) seems to make texting your phone the way to provide you your MFA authentication code to use to connect to the VPN. Some users might want to change from the texting method to using an '''Authenticator app''' (e.g., Microsoft Authenticator, WinAuth, or similar) instead, as it was before JHU moved to using Azure. |
| + | |||
| + | : To change your default authentication method, simply log into [https://mysignins.microsoft.com/security-info https://mysignins.microsoft.com/security-info] ''Once logged in, if you're not directed directly to the Security Info page, simply click '''Security info''' on the left.'' You'll see a list of your authentication options, and you can change the default option to using a Hardware Token (Authenticator App) instead of the Phone (text) option. You can also add additional methods if you choose to. | ||
| + | |||
| + | <span style="color:#ff0000">'''NOTE:''' If you have any issues with setting up your Authenticators, ''you should contact'' [https://support.cs.jhu.edu/wiki/Contacting_JHU_IT_Support JHU IT's support helpdesk]</span> | ||
| + | |||
| + | <br> | ||
| − | |||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Networking]] | [[Category:Networking]] | ||
Latest revision as of 18:44, 5 August 2022
INTRO
- Several JHU IT-based resources require your computer to be connected to the JHU network for access. For example, JHU-located share drives and certain JHU websites/services. If you're outside of JHU, for instance, at home or at a hotel, you are not on the JHU network, and therefore, cannot access the JHU Network-only resources.
- Enter the VPN. A VPN (Virtual Private Network) is a way to access resources of another network, for example, a business's network, without physically residing on that network. You can connect to a VPN from home/mobile, and it will look to your computer and to the business's server as if you were on that server's network, even if physically, you're not.
- JHU hosts its own VPN. The JHU VPN will allow JHU users' home/mobile/etc. computers who are outside of the JHU network to connect to JHU as if they were physically on campus.
Connecting to the JHU VPN
STEP 1: Setting Up Multi-Factor Authentication
- JHU requires Multi-Factor Authentication (MFA) to access some of its services... including the JHU VPN. JHU uses Microsoft Azure for providing JHU's Multi Factor Authentication service.
- (Besides this page we're providing you, WSE IT has put together a document discussing MFA here as well.)
- To get started with MFA, you will need to visit the Azure MFA Resource Center's Enrollment Page to enroll.
- That page and its video will show you how to enroll your JHED ID with the Azure MFA. The video is very helpful in explaining the process. You are encouraged to watch it all the way through.
Authenticators
- As part of the MFA setup process, you will end up having to choose an authenticator method to use. There are several authenticator methods:
- Text your phone: When JHU needs you to enter your MFA code during login to JHU's MFA-required pages/apps, they will text your phone with the MFA code that you will use to enter into whatever prompt they send you.
- Use an app/program: Alternatively, you can choose to install an authenticator program on your computer (or phone.) The authenticator program, when run, will provide the 6-digit number to enter when you are prompted at JHU for your MFA code. JHU suggests you use the Microsoft Authenticator App (for Windows) to generate that numerical code. You can download Microsoft Authenticator according to instructions from the enrollment process video. Additionally, you can choose to run other authenticators to run (under Windows) instead, including a program called WinAuth. Macs, Androids and IPhones have various authenticators available as well. Note that the codes are generated using time-based factors... so, the code you generate needs to be entered soon (up to a minute) when you are prompted, otherwise, you need to generate another code.
- Please install your Authenticator program before continuing.
- NOTE: If you want to change your authenticator method or manage your MFA at some point, please first visit the main Azure MFA page and then click on Manage Azure MFA.
You will need your MFA configured in order to access the JHU VPN in the next step.
NOTE: If you have any issues with setting up Multi-factor authentication, you should contact JHU IT's support helpdesk
STEP 2: Installing and Running the JHU VPN Client Program, JH Pulse Secure
- Please visit the JHU VPN Resource page.
- Once there, Under VPN Quick Links on the right, choose Request VPN Access. It's possible you might already have VPN access (and if you think you already do, you can skip below the next step.) NOTE: As of 2020, we're told that you might not need to request VPN access, as access is now granted automatically.
- Next, below the VPN Quick Links section on that page, you'll find VPN CLient Installs (for New VPN Installs). Click on the operating system you're downloading for. This will download the Pulse Secure software that will run on your computer as your gateway to the JHU VPN.
- Install the Pulse Secure package.
- Run the Pulse Secure program. The following is for a Windows systems running Pulse Secure. Other operating systems may be similar.
- Look for Connections.
- If for some reason, there are no connections listed, follow the steps directly below...
- Click on the + symbol right next to the word Connections.
- The + sign opens up the Add Connections section.
- Leave the Type as is.
- Give the VPN connection a Name (e.g. JHU VPN), just so you can identify it.
- Then, enter in the Server URL (which is basically, the VPN address. Use vpn.jh.edu (Notice that it's "jh" and not "jhu" in the server name.)
- Now, click Add, and you should have a new connection ready to go.
- Choose the JHU VPN from your list of connections.
- Click Proceed
- You will be prompted for your JHED credentials. Enter them.
- You'll see Enter code. This is where you need your MFA Authenticator code from Step 1 above. So, depending how you set up your MFA, you might receive a code via Text or you might need to run your Authenticator program (e.g., Microsoft Authenticator, WinAuth, etc.) and enter in the 6-digit code it provides you.
- You MFA code changes every minute, so if you don't type in your code in time, refresh your Authenticator and try the next code it gives you.
- Once you enter that code, Pulse Secure will complete making the VPN connection.
- When you are done for the work day, go back to the Pulse Secure App and click Disconnect.
- Note that when you are on the VPN, you are now passing all your computer's network traffic through JHU before it goes out to the rest of the Internet. When you are done using the VPN, disconnecting from Pulse Secure will allow your computer's network traffic to run through your ISP's network directly out to the Internet (as it normally does.)
NOTE: If you have any issues with installing or using the JH Pulse Secure client on your computer, you should contact JHU IT's support helpdesk.
Changing your default JHU VPN authentication Method
- By default, the new JHU VPN (hosted by Microsoft Azure) seems to make texting your phone the way to provide you your MFA authentication code to use to connect to the VPN. Some users might want to change from the texting method to using an Authenticator app (e.g., Microsoft Authenticator, WinAuth, or similar) instead, as it was before JHU moved to using Azure.
- To change your default authentication method, simply log into https://mysignins.microsoft.com/security-info Once logged in, if you're not directed directly to the Security Info page, simply click Security info on the left. You'll see a list of your authentication options, and you can change the default option to using a Hardware Token (Authenticator App) instead of the Phone (text) option. You can also add additional methods if you choose to.
NOTE: If you have any issues with setting up your Authenticators, you should contact JHU IT's support helpdesk