Connecting to Resources on the Protected Network.


PDN: University

Connecting to a file share over VPN 

First you will need to install the Duke VPN client if you have not already done so, the client can be installed from: https://portal.duke.edu/

Once you have the VPN software installed click on connect. 

 

You should then be able to choose the “Protected_Data” connection under the Group dropdown, type in your netid and password.  The “Second Password” field is used for Duke’s multi-factor login service.  In the “Second Password” field you have several options for authentication depending on your preference. 

 

  1. To send an access request notification to your smartphone type: push. 
  2. To have the application call one of your pre-configured phone numbers type: phone.  (or phone1, phone2, etc.)
  3. You may enter the six digit code generated by the Duo Mobile application on your cell phone. 
  4. You may press the button on your YubiKey to have it enter a code.

 

Once your VPN software is connected to the “Protected_Data” VPN you will need to connect to or map your share.

Mapping to a share (Windows):

  1. Click on the start button on the lower left of the screen
  2. On the open menu click “computer”
  3. Once the explorer windows for “computer” opens up click on “Map a network Drive” on the upper bar.
  4. The “Map Network Drive” will present you with selecting a drive letter, a folder to map to, and reconnection
    1. Drive letter: your choice, but there might be a project specific letter that is preferred
    2. Folder: type \\secure-nas-fe01.oit.duke.edu\<YOUR SHARE NAME> (where <YOUR SHARE NAME>=the name of the network share assigned to your group).
    3. Reconnect: Click “Reconnect at logon” to make the computer reconnect the next time you login
    4. Click Finished. You should now have a mapped drive to the share. You can check it by going back to “computer” and looking for your drive.

 Mapping to a share (Mac):

  1. Go to Finder -> Go -> Connect to Server
  2. In the server address bar type in smb://secure-nas-fe01.oit.duke.edu/<YOUR_SHARE_NAME> and click the Connect button.
  3. You will be prompted to select the volumes you want to mount.  Select the share associated with your group and click the OK button.
  4.  You should now have the share mounted on your system.

 

 

Connecting to a VM over RDP (from campus) 

First you will need to configure your Microsoft Remote Desktop (RDP) Client.

(For Macs): Install the Microsoft Remote Desktop app from the Mac App Store. Start the Remote Desktop client and click New to create a new connection. Use the information in 1b and 4 below to configure the connection.

  1. From your start menu (in Windows), select “remote desktop connection
    1. The first time that you use this protocol, you will have to change your remote desktop gateway.  To do this, select the “show options” menu and then select the Advanced tab.  Select “settings” and “use these RD Gateway server settings
    2. The gateway server name is :  oit-srdsgw-pap1.win.duke.edu
    3. Hit Okay and return to the “general” tab.  From the connection settings on the general tab, hit save.
  2.  From your start menu (in Windows), select “remote desktop connection
  3. From the remote desktop login, select the path to your VM (e.g., <PROJECTNAME>-pap1.win.duke.edu).  Then select “connect
  4. Next, a RD gateway server credential menu will ask for your credentials (username and password). 
    1. Username = WIN\NetID
    2. Password = NetID password
  5. You will then see a screen with an icon for “Other User”- select it.  You will be prompted to enter your username (NetID) and password (associated with the NetID).
  6. The Duo security menu will prompt you to enter a second factor – you can enter the 6 digit number provided by the Duo app, or push for a message to your phone.  Once you provide an authentication, you are entered into the protected desktop space.

 

Connecting to a VM over SSH (from campus)

1.  Using your SSH client of choice, connect to pn-jump-01.oit.duke.edu (or pn-jump-ssri-01.oit.duke.edu for SSRI users), and authenticate with your netID and second factor.

2.  From that “jump” box, connect to your protected network VM via SSH, see example below.

 

Connecting to a VM over RDP or SSH (from off-campus) 

First you will need to install the Duke VPN client if you have not already done so, the client can be installed from: https://portal.duke.edu/ 

Once you have the VPN software installed click on connect. 

 

You should then be able to choose the “Protected_Data” connection under the Group dropdown, type in your netid and password then press OK.

 

Once your VPN software is connected to the “Protected_Data” VPN, you can connect via RDP or SSH using the (appropriate) steps outlined above. 

**NOTE** For SSH connections via the VPN, you can connect directly to your VM, rather than doing so via the “jump” box; that is, do step 1 above, but connect directly to the host appropriate for step 2.

Information on Duke’s multi factor service and how to enroll may be found by going to https://oit.duke.edu/mfa. 

If you have questions about the change and how it will affect you, please contact your local IT support or the Duke security office at security@duke.edu