Connecting to the SRE - instructions for Mac OS X users

Connecting to the SRE is a two-step process. First you need to connect to the VPN, then you are able to connect to the SRE.

Remote Desktop Connection only allows one connection at a time to the SRE Windows machine. Fortunately disconnecting does not logout or otherwise interrupt the work. The next time the first user reconnects, they will find all their applications have continued running uninterrupted (see also: Logging out of the SRE).

Connect to the VPN using AnyConnect

Step 1

Double click on the desktop Cisco VPN icon, or open it using Finder: Applications->Cisco->Cisco AnyConnect Secure Mobility Client

If there is no "Cisco Anyconnect" icon on your desktop, use Spotlight to find and start the application: press COMMAND-SPACE or click on magnifying glass in upper right corner, then type AnyConnect in search box, then click on "Cisco AnyConnect Secure Mobility Client". If AnyConnect application is already loaded, you can click its green dumbbell icon on top menu bar (note added gold lock when connected).

Note that the old version 2 "Cisco Anyconnect VPN Client" has a green dumbbell icon while the current version 3 "Cisco AnyConnect Secure Mobility" has a white circle icon with 2 green arcs. You might also find the diagnostic utility "Cisco AnyConnect DART" , depending on options you selected when installing AnyConnect ; it's useless for connecting, but can help collect information for troubleshooting.

Step 2

When AnyConnect opens, make sure that the server is “access.popdata.bc.ca”, then click [Connect].

Insert your YubiKey into a USB slot on your computer (you may use a USB extension cable).   Select group “sreyubi”; enter your short username (without the project number suffix);  for Passcode, begin by typing in your PopData password (the one that works on https://my.popdata.bc.ca) but DO NOT click OK or press Enter. Instead briefly touch the round copper metal button on the YubiKey. You should then be connected to the VPN.

See also YubiKey troubleshooting at: SRE/2factorID.html

When the Anyconnect status window says “connected” ,  you can hide it (note that closing it will not disconnect).  You may unplug the YubiKey any time.

Connect through VPN to the SRE using the Remote Desktop

Step 1

Check available SRE machines. Currently available servers are listed at: https://my.popdata.bc.ca/sre/available

Step 2

Start Microsoft Remote Desktop. You can use Spotlight Search from Upper Right corner, or a Dock link, or the Applications folder , or ... For keyboard or mouse issues, see Installing.html page. .

Step 3

Select from “My Desktops” an available SRE machine.  See “installing” page on creating, duplicating and/or modifying an existing “desktop” entry using right-click

If a message appears about "computer cannot be found" , your system may be one of those that prefers the long "fully-qualified" name for the remote computer: append ".popdata.bc.ca" (ex: srel5.popdata.bc.ca).

If you forget to check the "available" page and try to connect to a busy machine, you will probably see the cryptic message "Failed to read from socket".

Upon connecting, a complaint may pop up that the certificate is self-signed. While the PopData VPN is connected, there is minimal risk of connecting to a bad machine in the Secure Research Environment, so you can ignore this warning.

Logging out

When you are done, make sure you LOG OFF.

Failure to log off (for example just closing the RDC window) blocks other researchers from accessing this SRE machine.

Under Windows 10, the logout (Sign out) menu can be found next to the Cortana search box, its icon is a head-and-shoulders figure (an “o” above an inverted “U”).

Disconnecting from VPN after disconnecting from SRE Remote Desktop

You may prefer to disconnect "Cisco AnyConnect" whenever you stop your connection to the SRE. Click on AnyConnect icon or status window; click disconnect.

The PopData VPN connection does not interfere with your access to other parts of the Internet, including local computers around you, with two exceptions: DNS name resolution service is redirected to the PopData name-server (so connections to short names like "srtl4" go to "srtl4.popdata.bc.ca"), and connections from your computer to private PopData networks (under 10.50.*.*and 10.80.*.*) are routed through VPN server “access.popdata.bc.ca”. There is a small chance that these two features may interfere with your access to other computers near you while VPN is connected.

If there is a network interruption (for example due to a weak WiFi signal, or your computer going to sleep), the Remote Desktop session may go into a confused state and refuse to let you reconnect for up to an hour. you can email sre@popdata.bc.ca and ask us to terminate the session, or to make the machine accept re-connections.

If you anticipate that your computer might go to sleep, it may worth disconnecting your Remote Desktop session and reconnecting later.