Remote Access 2.0 Non-GFE User's Guide

UNITED STATES ATTORNEYS’ OFFICE

United States Attorneys’ Virtual Office Network (USAVON)

Remote Access 2.0 Non-GFE User’s Guide

RA2.0-NGFE-UG-0-0.27

LIMITED OFFICIAL USE

Non-GFE User’s Guide Revision History

Limited Official Use i RA2.0-NGFE-UG-0-0.27

Revision History Rev. Date Purpose

0.1 5/24/2012 Initial draft.

0.2 5/30/2012 Reviewed and revised by the TW.

0.13 10/6/2014 Completely reworked by the engineer (HS-F). Formatted, reviewed, and revised by the TW.

0.14 10/8/2014 Updated by CW and HS-F. Formatted, reviewed, and revised by the TW.

0.15 10/22/2014 Section 2 updated by the engineer (HS-F). Reviewed and revised by the TW.

0.16 10/23/2014 Document retitled to include Non-GFE by CW, and document reviewed and revised by CW, HS-F, and the TW.

0.17 12/23/2014

References to version 3.1 of the VMware-Horizon-Client updated to 3.2. Figures 2-1 through 2-5, 3-1 through 3-3, and 4-1 through 4-4, and 4-6 updated. Section 4.3 added by the engineer (HS-F). Reviewed and revised by the TW.

0.18 1/7/2015 The following sections updated based on feedback from the SM (R. Robinson): Sections 2.1, 2.3, 3.3, and 4.2. Formatted, reviewed, and revised by the TW.

0.19 1/15/2015 Document updated to reflect change from Remote Access 2014 to Remote Access 2.0 as requested by CW.

0.20 1/30/2015 Section 3-4 added by the engineer (HS-F). Formatted, reviewed, and revised by the TW.

0.21 8/7/2015 Prerequisite added to Sections 2.1 and 3.1, and Figures 2-2 through 2-5 updated by the engineer (HS-F). Formatted, reviewed, and revised by the TW.

0.22 9/16/2015 A FAQ / Troubleshooting section added by the engineer (HS-F). Reviewed, revised, and reposted by the TW.

0.23 10/20.2015 The screenshots in Section 2.2 updated (by the engineer RS-F) to reflect a change to the title of the Windows Client installer. Formatted, reviewed, and revised by the TW.

0.24 8/24/2016 Document updated extensively by the engineer (CJ). Mac-related information expanded. HTML Access no longer supported; therefore, the section removed. Formatted, reviewed, and revised by the TW.

0.25 11/2/2016 Extensively revised by the engineer (RS-F) for the new VDI desktops, which are based on Image 2016 and Windows 10. Formatted, reviewed, and revised by the TW.

0.26 10/11/2017 Prerequisites for Section 3 (Procedures for MAC) updated by the engineer. Reviewed and revised by the TW.

0.27 5/4/2018 Update Figures 2-1, 3-1, and 4-1, and document reviewed by the TW.

Non-GFE User’s Guide Contents

Limited Official Use ii RA2.0-NGFE-UG-0-0.27

Contents

1 INTRODUCTION ................................................................................................................................ 1

1.1 Purpose .......................................................................................................................................... 1 2 PROCEDURES FOR WINDOWS (FULL-FEATURED EXPERIENCE) ..................................... 2

2.1 Prerequisites .................................................................................................................................. 2 2.2 Obtaining and Installing the VMware Horizon Client for Windows ............................................ 2 2.3 Establishing a Connection with the Horizon View Client for Windows ...................................... 4

3 PROCEDURES FOR MAC (FULL-FEATURED EXPERIENCE) ................................................ 7 3.1 Prerequisites .................................................................................................................................. 7 3.2 Obtaining and Installing the VMware Horizon Client for Mac .................................................... 7 3.3 Establishing a Connection with the Horizon View Client for Mac ............................................... 9

4 HTML ACCESS (CLIENTLESS ACCESS) .................................................................................... 13 4.1 Prerequisites ................................................................................................................................ 13 4.2 Establishing a Connection with the HTML Access .................................................................... 13

5 FAQ / TROUBLESHOOTING ......................................................................................................... 16 5.1 Caps Lock Status on Virtual Desktop Is Not Synchronized with Physical Desktop .................. 16

5.1.1 Symptoms ........................................................................................................................... 16 5.1.2 Solution ............................................................................................................................... 16

Non-GFE User’s Guide Introduction

Limited Official Use 1 RA2.0-NGFE-UG-0-0.27

1 INTRODUCTION This document is the Remote Access 2.0 User’s Guide (Non-GFE). It has been developed for the United States Attorneys’ Office (USAO). 1.1 Purpose The purpose of this document is to provide instructions for using non-Government Furnished Equipment (non-GFE) in order to connect remotely to the USAO network. Connections from non-GFE devices are provided via VMware’s Horizon View virtual desktop infrastructure (VDI).

Non-GFE User’s Guide Procedures for Windows (Full-Featured Experience)


2 PROCEDURES FOR WINDOWS (FULL-FEATURED EXPERIENCE) Personally owned (non-GFE) computers running a Windows operating system can access the USAO network with the following procedures. 2.1 Prerequisites

• An RSA application must be installed on the government-furnished iPad, iPhone, and / or BlackBerry, or you must have an RSA token. Contact your local Systems Manager for assistance in obtaining the RSA application or token.

• The RSA application or token must be specifically authorized for Remote Access. • VMware Horizon Client software (version 4.x and above) must be installed for the

best desktop experience and performance. • EOUSA has tested the VMware Horizon Client software on Windows 7, 8, 8.1, and

10.

NOTE The screen captures used in the procedure that follow are from a Windows 10 workstation. The procedure is identical when using other versions of Windows.

2.2 Obtaining and Installing the VMware Horizon Client for Windows As noted in the prerequisites, the best experience and performance can be obtained by installing the VMware Horizon Client. The Client will allow softphone access, USB redirection, and numerous other features.

NOTE The Horizon View Client should only be installed on a computer that you own, and you will need Administrator privileges to do so. If you do not own the computer, or if you do not have Administrator privileges, then please skip this section and refer to Section 4 HTML Access.

In order to obtain the VMware Horizon Client, proceed as follows: 1. Visit https://usaremote.justice.gov and view the USAO Virtual Desktop portal:

Figure 2-1. USAO Virtual Desktop Portal

https://usaremote.justice.gov/



2. Select (by clicking on it) the icon on the left, labelled Install VMware Horizon View Client to download the client software.

NOTE The EOUSA has packaged the client software for both 32-bit and 64-bit operating systems into a single installer. The installer will automatically choose the appropriate client for your computer.

3. Save the client installer VMware-Horizon-Client.exe to your computer’s hard drive. 4. Select (by right-clicking) the VMware-Horizon-Client.exe file and then select Run as

Administrator from the context menu. Provide administrator credentials, if necessary.

NOTE Most web browsers will save the client installer into your Downloads folder, so check there first! Also, if Windows warns you about running a program that was downloaded from the Internet, please allow the program to run. This installer was developed and tested by EOUSA, and it is safe for your computer.

5. At the Extracting the wscript.exe message, ensure the Run after extract: wscript.exe… checkbox is enabled (has a mark in it), and then select the OK button. This allows the self-extracting installer to copy its files into a temporary directory on your computer’s hard drive.

Figure 2-2. Extracting the wscript.exe message

6. Select the Yes button to allow the installer to create the temporary C:\temp\VMware folder.

7. Select the OK button when the extraction is complete. 8. At the Do you want to run the following program message, select the Yes button:

Figure 2-3. Do you want to run the following program message

9. At the Installation Progress window, wait until the installation is complete. A progress bar allows you to monitor the progress of the installation.



Figure 2-4. Installation Progress message

10. When the installation is complete, an Installation Completed message is displayed. Select the OK button to close the box and finish the installation.

Figure 2-5. Installation Completed message

NOTE The temporary C:\temp\VMware folder can be deleted after the installation is complete.

2.3 Establishing a Connection with the Horizon View Client for Windows To establish a secure connection with Remote Access 2.0; it will prompt you to enter your credentials twice, once for RSA authentication and once for Active Directory. 1. Start the VMware Horizon Client. The client will automatically connect to

usaremote.justice.gov.

Figure 2-6. VMware Horizon Client icon

2. At the first Login dialog box, enter your USAO [username] and RSA [passcode].



Figure 2-7. Login dialog box a. Soft Token (BlackBerry or iPad/iPhone App) - Your RSA [passcode] is the

randomly generated eight numbers on your RSA SecurID app. b. Hard Token (keyring fob) - Your RSA [passcode] is a combination of your PIN

and the randomly generated six numbers on your RSA SecurID token. For example, if your PIN is 1234, and your SecurID token is currently showing 260610, the resulting RSA passcode is 1234260610.

3. At the second Login dialog box, enter your USAO Network [password].

Figure 2-8. Login dialog box [2]

4. \Once your credentials have been verified, the VMware Horizon Client window displays any desktop pools for which you have been granted access. For Remote Access 2.0, select (by double-clicking) the Image-2016-VDI (District) pool or the Image-2012-VDI (District) pool to connect to a desktop.

Figure 2-9. Select a desktop pool

NOTE Two different pools may be available, depending on the District and when you log on. EOUSA is deploying new VDI desktops based on Image 2016 (Windows 10). This deployment process will take some time, and each District will have a transition period in which both desktop pools are available. If both pools are available, EOUSA recommends selecting the Image-2016-VDI (District) pool to begin your transition.

5. Acknowledge the standard USAO Security Warning by selecting the OK button.



Figure 2-10. USAO Security Warning

6. Please allow 30 to 45 seconds for the Desktop to initialize.

Figure 2-11. Remote Access 2.0 Desktop

7. Use your Remote Access 2.0 desktop as you would use your USAO workstation. All of the standard Image 2016 applications have been pre-loaded for your convenience.

8. To end the session, select the Start button, select your name, and then select Sign out. Signing out from your desktop closes all applications, saves all of your profile data for your next session, and closes the VMware Horizon Client.

Non-GFE User’s Guide Procedures for MAC (Full Featured Experience)


3 PROCEDURES FOR MAC (FULL-FEATURED EXPERIENCE) Personally owned (non-GFE) computers running a Mac operating system can access the USAO network with the following procedures. 3.1 Prerequisites

• The RSA application must be installed on the government-furnished iPad and / or BlackBerry, or you must have an RSA token. Contact your local Systems Manager for assistance in obtaining the RSA application or token.

• The RSA application or token must be specifically authorized for Remote Access. • The VMware Horizon Client software (version 3.x and above) must be installed for

the best desktop experience and performance. • According to the vendor, the VMware Horizon Client is supported on Mac OS X

Mavericks (10.9), Mac OS X Yosemite (10.10), Mac OS X El Capitan (10.11), and Mac OS X Sierra (10.12).

3.2 Obtaining and Installing the VMware Horizon Client for Mac As noted in the prerequisites, the best experience and performance can be obtained by installing the VMware Horizon Client. The Client will allow softphone access, USB redirection, and numerous other features.

NOTE The Horizon View Client should only be installed on a computer that you own, and you will need Administrator privileges to do so. If you do not own the computer, or if you do not have Administrator privileges, then please skip this section and refer to Section 4 HTML Access.

In order to obtain the VMware Horizon Client for Mac, proceed as follows: 1. Visit https://usaremote.justice.gov and view the USAO Virtual Desktop portal:


2. Select the icon on the left, labelled Install VMware Horizon View Client, to download the client software.




3. When the client software has finished downloading, use Finder to open your Downloads folder. Look for VMware-Horizon-Client-4.2.0-4336768.dmg, which is a disk image that contains the actual client software.

Figure 3-2. VMware Horizon Client downloaded

4. Double-click the VMware-Horizon-Client-4.2.0-4336768.dmg image to mount the disk image. Acknowledge the VMware End-User License Agreement by selecting the Agree button.

Figure 3-3. VMware Horizon Client End-User License Agreement

5. Drag the VMware Horizon Client icon into the Applications folder to install the client. Close the window when the installation is complete.



Figure 3-4. Installing the VMware Horizon Client

6. You can unmount the VMware Horizon Client installer and delete the VMware-Horizon-Client-4.2.0-4336768.dmg disk image when the installation is complete.

3.3 Establishing a Connection with the Horizon View Client for Mac To establish a secure connection with Remote Access 2.0; it will prompt you to enter your credentials twice, once for RSA authentication and once for Active Directory. 1. Start the VMware Horizon Client. 2. If this is the first time the VMware Horizon Client is being run on the Mac, select the New

server icon and enter usaremote.justice.gov to connect to the USAO VDI. Otherwise, you should already have an icon for usaremote.justice.gov; double-click that icon to connect to the USAO VDI.



Figure 3-5. Connecting the Mac client to Remote Access 2.0

3. At the first Login dialog box, enter your USAO [username] and RSA [passcode].

Figure 3-6. Login dialog box – Certificate selection

a. Soft Token (BlackBerry or iPad/iPhone App) - Your RSA [passcode] is the randomly generated eight numbers on your RSA SecurID app.

b. Hard Token (keyring fob) - Your RSA [passcode] is a combination of your PIN and the randomly generated six numbers on your RSA SecurID token. For example, if your PIN is 1234, and your SecurID token is currently showing 260610, the resulting RSA passcode is 1234260610.

4. At the second Login dialog box, enter your USAO Network [password].



Figure 3-7. Login dialog box – PIN entry

5. Once your credentials have been verified, the VMware Horizon Client displays any desktop pools for which you have been granted access. For Remote Access 2.0, select the Image-2016-VDI (District) pool. Double-click to connect to a desktop.

NOTE If you have previously connected to Remote Access 2.0, and if you are not authorized to use any other VDI pools, the client may automatically connect you to your Remote Access 2.0 desktop.

6. Acknowledge the standard USAO Security Warning by selecting the OK button.

Figure 3-8. USAO Security Warning

7. Please allow 30 to 45 seconds for the Desktop to initialize.



Figure 3-9. Remote Access 2.0 Desktop


9. To end the session, select the Start button, select your name, and then select Sign out. Signing out from your desktop closes all applications, saves all of your profile data for your next session, and closes the VMware Horizon Client.

Non-GFE User’s Guide HTML Access (Clientless Access)


4 HTML ACCESS (CLIENTLESS ACCESS) If you do not wish to install the VMware Horizon Client, or you are unable to do so, then you can access Remote Access 2.0 with a web browser.

NOTE This connection method does not support the use of two-way audio and video (i.e. Softphone and Lync video chat will not be available).

4.1 Prerequisites

• The RSA application/token must be available and authorized for remote access. Contact your local Systems Manager for assistance in obtaining the RSA application or token.

• The RSA application or token must be specifically authorized for Remote Access. • HTML Access depends on HTML5 and is only compatible with the following web

browsers: o Internet Explorer 10 or later o Firefox 21 or later o Chrome 28 or later o Safari 6 or later o Mobile Safari on iOS devices running iOS 6 or later

NOTE USAO recommends using Microsoft Internet Explorer.

4.2 Establishing a Connection with the HTML Access 1. Start Internet Explorer (or another compatible web browser of your choice). 2. Type in the following URL: https://usaremote.justice.gov 3. The USAO Virtual Desktop Portal should appear. To begin a Remote Access 2.0 session,

select the icon to the right, which is labelled Image 2012 VDI HTML Access:





4. At the RSA SecurID dialog box, enter your USAO [username] and RSA [passcode] and then select the Log In button. a. Soft Token (BlackBerry or iPad/iPhone App) - Your RSA [passcode] is the

randomly generated eight numbers on your RSA SecurID app. b. Hard Token (keyring fob) - Your RSA [passcode] is a combination of your PIN

and the randomly generated six numbers on your RSA SecurID token. For example, if your PIN is 1234, and your SecurID token is currently showing 260610, the resulting RSA passcode is 1234260610.

Figure 4-2. RSA SecurID dialog box

5. At the Log In dialog box, enter your USAO Network [password] and then select the Sign in button.

Figure 4-3. Log In dialog box

6. Once your credentials have been verified, the USAO Virtual Desktop Portal will display any desktop pools for which you have been granted access. For Remote Access 2.0, select the Image-2016-VDI [District] pool.




7. Acknowledge the standard USAO Security Warning by selecting the OK button. 8. Please allow 30 to 45 seconds for the Desktop to initialize.

Figure 4-5. HTML Access: Remote Access 2.0 Desktop


10. To end the session, select the Start button, select your name, and then select Sign out. Signing out from your desktop closes all applications and saves all of your profile data for your next session.

11. Select the Close button on the Desktop Disconnected message and then close your web browser.

Figure 4-6. Desktop Disconnected message

Non-GFE User’s Guide FAQ / Troubleshooting


5 FAQ / TROUBLESHOOTING This section contains miscellaneous tips and solutions for error conditions that have been encountered by other users. 5.1 Caps Lock Status on Virtual Desktop Is Not Synchronized with Physical Desktop 5.1.1 Symptoms Under normal conditions, Caps Lock is synchronized between the virtual and physical desktops. In other words, when Caps Lock is enabled on the physical desktop, it will also be enabled on the virtual desktop and vice-versa. However, a specific set of circumstances will “break” this synchronization, and they are: 1. The user connects to a virtual desktop. 2. While using the virtual desktop, the user presses the Caps Lock key. 3. Next, the user locks the physical desktop by pressing the Ctrl-Alt-Del keys. While the

physical desktop is locked, the user presses the Caps Lock key again. 4. The user unlocks the physical desktop and returns to the virtual desktop. 5. The Caps Lock synchronization between the virtual and physical desktops is broken. Caps

Lock will still be enabled in the virtual desktop, but it will be disabled in the physical desktop. Pressing the Caps Lock key again will reverse the status of both desktops, but they will remain out-of-sync.

5.1.2 Solution Fortunately, the solution to restore synchronization is to repeat the scenario that “broke” the synchronization. In other words, please follow these steps: 1. Lock the physical desktop by pressing the Ctrl-Alt-Del keys. 2. While the physical desktop is locked, press the Caps Lock key again. 3. Unlock the physical desktop and return to the virtual desktop. 4. The Caps Lock synchronization between the virtual and physical desktops should be

restored. If the above process is unsuccessful, please log off from your virtual desktop by clicking the Start button and then choosing Logoff. Wait one or two minutes and then log on again to receive a fresh virtual desktop.

Documents

Remote Access 2.0 Non-GFE User's Guide