Nuclear Regulatory Commission
Remote Access System
User Documentation
March 2007
�Table of Contents
1. Introduction ..............................................................................................................................1 1.1 Overview of the Process to Obtain RAS Access...............................................................1 1.2 Accessing Documentation.................................................................................................2 2. System Requirements for Using RAS ......................................................................................3 2.1 System Prerequisites ........................................................................................................3 2.2 Software Conflicts .............................................................................................................5 2.3 Personal Firewall...............................................................................................................5 2.4 Anti-Virus Software............................................................................................................5 2.5 LAN/WAN Network Drive Access......................................................................................5 3. Installing RAS ..........................................................................................................................6 3.1 Preparing for the RAS Dial-Up Installation ........................................................................6 3.2 Installing the RAS Dial-Up Service....................................................................................9 3.3 Enrolling for the NRC MPKI Digital Certificates...............................................................12 3.4 Transferring Certificates from an NRC Machine to a Remote Machine ..........................19 3.4.1 How to Export MPKI Certificates .............................................................................20 3.4.3 How to Import MPKI Certificates .............................................................................21 3.5 Renewing NRC MPKI Certificates...................................................................................22 4. Using the Remote Access System.........................................................................................28 4.1 Connecting to the NRC RAS Solution .............................................................................28 4.2 How to End a Remote Session .......................................................................................33 4.3 How to Access Local and Network Drives.......................................................................35 4.4 How to Copy Files ...........................................................................................................37 4.5 Printing Remotely ............................................................................................................38 APPENDIX A – Frequently Asked Questions .............................................................................39 APPENDIX B – Troubleshooting Tips .........................................................................................40
NRC RAS User Documentation Revised March 14, 2007
i
�1. Introduction
The Remote Access System (RAS) solution enables authorized users to remotely access Nuclear Regulatory Commission=s (NRC) Local Area Network/Wide Area Network (LAN/WAN) resources via the Citrix Web Interface using either a broadband connection (Cable modem, digital subscriber line (DSL), 3rd party Internet service provider, etc.) or the Agency’s dial-up service. With a Web browser and NRC Managed Public Key Infrastructure (MPKI) digital certificates, approved NRC users can remotely access their NRC e-mail, network files, and NRC standard applications. Additionally, users can transfer files to and from NRC and home or another remote location and print documents at home using BRD. This Guide provides: • • • • • • System requirements for using RAS; Instructions for installing and configuring a remote workstation to access RAS via the NRC’s dial-up service; Instructions for installing the VeriSign based NRC MPKI digital certificates; Instructions for exporting and importing VeriSign based NRC MPKI digital certificates; Instructions for renewing VeriSign based NRC MPKI digital certificates; and Instructions for using the Citrix Web Interface to access NRC from remote sites such as home.
The NRC Customer Support Center (CSC) Helpdesk is available to answer questions about the information contained in this Guide as well as to help resolve problems you may experience. Hours of operation are 6:00 a.m. to 6:00 p.m. EST, Monday through Friday excluding holidays. The CSC accepts messages after hours. Call (301) 415-1234 or send an e-mail message to csc@nrc.gov. When contacting the CSC, have the following information available: • • • • • Your name; Your LAN ID (initials); PC's Operating System; Printer Type; and Connection Type (Cable modem, digital subscriber line (DSL), 3rd party Internet service provider, or Agency dial-up)
1.1 Overview of the Process to Obtain RAS Access
This section provides an overview of the process used to approve and issue RAS access to NRC users. RAS access allows users to access the NRC LAN/WAN from a remote computer using either broadband or Agency dial-up connectivity. Users can use RAS to connect from home or from remote locations when traveling as long as a broadband connection or telephone line is available. To obtain RAS access: 1. A user requests RAS access from their IT Coordinator, Regional LAN Manager, or NRC RAS User Documentation Revised March 14, 2007 1
�Regional Point of Contact (POC) who approves the request and provides information about the user to the Customer Support Center (CSC). 2. The CSC arranges for the prospective RAS users located at Headquarters to come to the CSC and show proof of their identity. LAN Administrators proof the identification of Regional Office and RISE users. 3. CSC personnel add the user to the Citrix Users group and establishes an account for a Managed Public Key Infrastructure (MPKI) Certificate. The MPKI Certificate automatically encrypts information transferred over the broadband/dial-up connection. 4. The CSC sends an e-mail to the user when the MPKI Certificate account has been created. This e-mail contains a link to this RAS User Guide and the BRD Quick Reference Guide. 5. The user accesses a specific Web site and obtains the MPKI Certificates. The user must enroll from their NRC workstation and export the certificates to a removable media for installation on remote workstations. Once the MPKI Certificate is acquired, the user can begin to use RAS.
1.2 Accessing Documentation
When the CSC creates an MPKI Certificate account for a user, they send the user an email that contains a link to the RAS User Guide and the BRD Quick Reference Guide. The documentation is provided in Adobe Acrobat (.pdf extension) format. An Adobe Acrobat reader can be downloaded for free from the Adobe Web site.
NRC RAS User Documentation Revised March 14, 2007
2
�2. System Requirements for Using RAS
The following information applies to home computers and other non-NRC standard workstations.
2.1 System Prerequisites
To connect to RAS, the remote computer must have: • (Both Broadband and Agency Dial-Up Users) Administrative rights are required on the target machine for a successful installation. Contact your IT Coordinator or whoever setup your machine if you don’t have administrative rights; (Both Broadband and Agency Dial-Up Users) During the installation or enrollment processes, you may be prompted to install plug-ins from Microsoft, VeriSign, or Citrix. Answer Yes to these prompts. These web browser plug-ins are required to complete the installation and enrollment processes. (Both Broadband and Agency Dial-Up Users) Adobe Acrobat Reader Installed. Adobe Acrobat reader can be downloaded for free from Adobe’s Web site at www.adobe.com; (Both Broadband and Agency Dial-Up Users) 30 MB Hard Disk Space Free on the Remote Computer; (Both Broadband and Agency Dial-Up Users) A Web Browser Installed on the Remote Computer. This documentation was developed using Internet Explorer versions 6 and 7. Other browsers may work if they support installing VeriSign-based certificates into a certificate store. Refer to the vendor=s documentation regarding the installation of the digital certificates; (Both Broadband and Agency Dial-Up Users) Empty the Temporary Internet File Cache. Delete your temporary Internet files before downloading the certificate. In Internet Explorer, select Tools, Internet Options, General, and click Delete Files in the Temporary Internet Files tab. This may take a several minutes to complete. Close the browser, reopen it, and continue with the instructions; (Both Broadband and Agency Dial-Up Users) Windows Video Display Mode Set to at least 800 x 600 Pixels or Resolution and a 256 Color Palette - If video display mode is not set correctly, the display window will not fit properly on the monitor screen. Refer to the Microsoft Windows documentation that accompanied the remote computer, for how to set the video display and the recommended monitor resolution;
•
•
• •
•
•
NRC RAS User Documentation Revised March 14, 2007
3
�•
(Broadband RAS Users Only) A functioning broadband connection. To verify that the broadband connection is working, access an Internet site such as www.google.com or www.nrc.gov. Table 1 lists types of broadband connections:
Type Cable modem Digital Subscriber Line (DSL) Satellite Internet Access 3rd party ISP Dial-Up Description A service provided by your local cable company (i.e. Comcast or Cox Communications). A service provided by your local phone company (i.e. Verizon or Cavalier Telephone). A service provided by digital satellite providers (i.e. StarBand or DirecWay) Modem dial-up access to the Internet via a source other than NRC=s Remote Access Service (RAS) (i.e. AOL, Earthlink, PeoplePC, NetZero, etc.)
Table 1 - Broadband Internet Connections
•
(Agency Dial-Up Users Only) A compatible modem installed and configured to use the TCP/IP Protocol (Agency Dial-Up Users Only). NOTE: If you are able to establish a dial-up connection to the Internet via an Internet Service Provider (ISP) such as MSN, NetZero, or AOL, this service is already installed. If you are not sure that your modem is properly configured, please see your modem documentation for further instructions. The types of modems to be used with the Agency’s Dial-Up service are listed on the Compatible Modems list located in the Documentation folder on the RAS installation CD. Although other modems may also work, the list contains the types of modems that are tested and certified by the vendor. To open the Compatible Modems list: 1. Double-click on the My Computer icon located on your Desktop. 2. Right-click on the Drive Letter (e.g. D:, E:) for the CD-ROM drive. 3. Click on Open. 4. Double-click on the Documentation folder. 5. Double-click on the Compatible Modems.pdf file to view the list. NOTE: Configuring these features may require your original operating system installation CD.
•
(Agency Dial-Up Users Only) A RAS User ID and Password is required. Headquarters users will receive their logon information in a blue envelope labeled “To be opened by addressee only.” Other offices will receive their password from designated regional personnel. (Agency Dial-Up Users Only) NRC RAS Installation CD. The CD contains the necessary installation files to install RAS. (Agency Dial-Up Users Only) Broadband connections enabled may cause connectivity interference. The Office of Information Services (OIS) recommends that broadband connections are turned off during the dial-up session. To disable and enable your broadband, see your service provider documentation for further instructions. After the dial-up session is ended, re-enable your broadband connection.
• •
NRC RAS User Documentation Revised March 14, 2007
4
�2.2 Software Conflicts
The Citrix Web Interface client of RAS may or may not conflict with other applications that are loaded on the remote computer. If the RAS installation instructions are not followed as written, disruptions in the operation of the target computer software could occur. Note: Although no permanent damage is likely to occur, the NRC cannot be liable for any damages to non-agency computers that result from the installation of the software. The installation process is conducted at the user=s risk.
2.3 Personal Firewall
A computer is vulnerable to intruders every time it is connected to the Internet. Personal firewall software such as Zone Labs ZoneAlarm, Norton Personal Firewall, McAfee Firewall, and ISS BlackICE protect the computer from incoming and outgoing connection attempts. Depending on how your personal firewall software is configured, you may be prompted several times to allow outbound traffic during the use of RAS. Refer to your firewall documentation about how to configure your personal firewall to allow RAS to work properly.
2.4 Anti-Virus Software
OIS highly recommends that you use anti-virus software on all computers. It is critical to keep your anti-virus software up-to-date. Many anti-virus packages support automatic updates of virus definitions. OIS recommends the use of these automatic updates when available.
2.5 LAN/WAN Network Drive Access
When you are working via RAS and also working at the office, you should save all of your files on the P drive or another network drive, so that you can access it from work or home via RAS. When using RAS, you will not have access to the C: drive on your NRC Windows XP workstation.
NRC RAS User Documentation Revised March 14, 2007
5
�3. Installing RAS
3.1 Preparing for the RAS Dial-Up Installation
NOTE: This section is for RAS Users using the NRC’s Dial-Up Service. Broadband Users skip directly to Section 3.3. Before you begin installing the RAS client, you need to perform the following procedures. • • Adjust your desktop image to the standard XP background Determine if you have more than one modem installed on your computer so the RAS software will not select one that is not appropriate
It is very important that you shut down any open applications prior to performing these procedures. Please read and follow all the steps provided in this document. You may need your operating system installation CD to complete the installation in this section. This process only needs to be completed once. Step 1 This guide was prepared using the standard Start menu for XP as shown in Figure 1. If you are using the classic Windows 9x/NT Start menu on your computer, you may wish to temporarily change to the standard XP Start menu by right clicking Start, clicking Properties, selecting Start menu, and clicking OK.
Figure 1 – Standard XP Start Menu
NRC RAS User Documentation Revised March 14, 2007
6
�Step 2
To determine if you have multiple modems installed on your computer, from the desktop, click Start and select Control Panel as shown in Figure 2.
Figure 2 – Start Menu/Control Panel
Step 3
If the Control Panel category view is displayed as shown in Figure 3, click Network and Internet Connections and go to Step 4. If the classic icon or list view is displayed, double-click the Phone and Modem Options icon, and go to Step 5.
Figure 3 – Control Panel category view
NRC RAS User Documentation Revised March 14, 2007
7
�Step 4
Click Phone and Modem Options on the right hand side as shown in Figure 4.
Figure 4 – Phone and Modem Options
Step 5
Select the Modem tab to display a list of modems installed on your computer. If only one modem is listed, proceed to the next step in the installation process, see Figure 5. If more than one modem is listed, DO NOT proceed with the installation. Call the CSC Helpdesk for assistance in identifying which modem you should use for remote access.
Figure 5 – The Modem Tab
NRC RAS User Documentation Revised March 14, 2007
8
�Step 6 Step 7
Click OK to close the Phone and Modem Options window and display the Control Panel. To return to your desktop, click File on the menu bar and select Close as shown in Figure 6.
Figure 6 – The File Menu
3.2 Installing the RAS Dial-Up Service
NOTE: This section is for RAS Users using the NRC’s Dial-Up Service. Broadband Users skip directly to Section 3.3. It is very important that you shut down any open applications prior to the installation of the RAS. Please read and follow all the steps provided in this document. You may need your operating system installation CD to complete the installation in this section. This process only needs to be completed once.
NRC RAS User Documentation Revised March 14, 2007
9
�Step 1
Insert the RAS Installation CD in the CD-ROM drive. The CD automatically runs in approximately 10 seconds. If you have auto-run disabled on your computer, you must start the program manually. To start the program manually, click Start, Run...,and Browse. Double click on the drive that refers to your CD drive to display a list of folders. From the NRCICA folder, double-click NewInstall.exe. When prompted to install the RAS Client, click OK to install the NRC RAS Client as shown in Figure 7.
Figure 7 – RAS Client Install Prompt
If you have an older PC, it may take several minutes to start the installation. Wait a few minutes or you may risk running several installations simultaneously. Older CD drives may stop and start due to the Autoplay feature causing multiple installs. If this occurs, DO NOT initiate another installation. If the computer on which you are installing the RAS client is your personal computer, select Privately Owned. If the computer is a loaned computer from the NRC, select NRC Loaner. If the Privately Owned radio button is selected, the NRC Remote Access icon displays on the desktop of only in the installer’s profile. When the NRC Loaner radio button is selected, the NRC Remote Access icon displays on the desktop of all existing and future profiles. Click on OK to begin installation as shown in Figure 8.
Figure 8 – Computer Owner Dialog
NRC RAS User Documentation Revised March 14, 2007
10
�The hands-free installation can take several minutes. The Infrastructure Services and Support Contract (ISSC) RAS Client Installation screen, as shown in Figure 9, displays during the installation process. Sometimes it pauses and takes a while to initiate the next action. The installation is complete when the message, “Installation Successful...” displays.
Figure 9 – RAS Client Installation Screen
Step 2
Everything you need to access the Remote Access Service is now installed on your computer. You are now able to access your e-mail, files and mapped server drives remotely. When prompted to restart your computer, remove the RAS Installation CD, and click OK as shown in Figure 10. Select Start, Shutdown, and then Restart.
Figure 10 – Reboot Dialog
The new RAS installation cleans up previous installs of the RAS and Citrix client software. You may have to manually delete desktop icons by rightclicking and selecting Delete on the icon and dial-up networking entries. DO NOT delete the NRC phonebook entry or NRC Remote Access desktop icon. If you need assistance in deleting the icons, please contact the CSC Helpdesk.
NRC RAS User Documentation Revised March 14, 2007
11
�3.3 Enrolling for the NRC MPKI Digital Certificates
NOTE: Both Broadband and Agency Dial-Up users must complete this section and those that follow. OIS requires that you enroll for your NRC MPKI certificates from your NRC workstation. The CSC Helpdesk is available during normal business hours. You will need to export the MPKI Certificate from the NRC workstation and then import it to the remote workstation. Instructions for exporting and importing MPKI Certificates are located in Section 3.4. Step 1 Open Internet Explorer and go to the following URL: https://www.nrc.gov/certificates. OIS recommends that you bookmark this URL in your Web browser. From the Enroll section, click for Encryption and Signing Digital ID as shown in Figure 11. This is the first option listed under AEnroll.@
Figure 11: NRC Digital ID Center
Step 2
Complete the Enrollment form shown in Figure 12. You must provide information for First Name, Last Name, Your e-mail Address, PIN, and Challenge Phrase. The e-mail address you provide must be your NRC email address. Document the Challenge Phrase and keep it in a secure location. You will need this phrase to use self-service features such as certificate renewal or certificate revocation. Scroll to the bottom of the page, read the subscriber agreement, and click Submit.
NRC RAS User Documentation Revised March 14, 2007
12
�Figure 12: Enrollment Form as seen in Internet Explorer v6
Step 3
When prompted to confirm your e-mail address as shown in Figure 13, review the information and click OK to continue if it is correct. Otherwise, click Cancel and restart the process.
Figure 13: Confirm e-mail Address
Step 4
When prompted to request a certificate as shown in Figure 14, click Yes. This is the first of two certificates that you will receive during the enrollment process.
Figure 14: Request Certificate
NRC RAS User Documentation Revised March 14, 2007
13
�Step 5
When prompted to create the RSA exchange key as shown in Figure 15, click Set Security Level.
Figure 15: Create a New RSA Exchange Key
Step 6
When prompted to choose a security level as shown in Figure 16, select High and click Next.
Figure 16: Choose a Security Level
NRC RAS User Documentation Revised March 14, 2007
14
�Step 7
When prompted to create a password for this key as shown in Figure 17, enter a password and confirm it. After you create the password, click Finish. OIS reminds users that RAS users are responsible for implementing acceptable password practices as defined in NRC Management Directive 12.5. When this certificate is used by the system, you will be prompted for this password to keep unauthorized users from using your certificate. Retain this password in a secure location. Without this password, you will not be able to use this certificate. The system administrators cannot reset this password. If you forget this password and do not have it stored in a secure location, you will have to revoke your certificates and go through the proofing and enrollment process again.
Note:
Figure 17: Create a Password
Step 8
Verify that the Security level is now set to High as shown in Figure 18 and click OK to continue. If not, repeat step 7.
Figure 18: Verify Security Level
NRC RAS User Documentation Revised March 14, 2007
15
�Step 9
While the certificates are being generated, a status message, as shown in Figure 19, displays.
Figure 19: Status Message
Step 10
When prompted to create another RSA exchange key for your second certificate as shown in Figure 20, click Set Security Level.
Figure 20: Create a New RSA Exchange Key
Step 11
When prompted to choose a security level as shown in Figure 21, select High and click Next.
Figure 21: Choose a Security Level
NRC RAS User Documentation Revised March 14, 2007
16
�Step 12 Note:
When prompted to create a password for this key as shown in Figure 22, enter a password and confirm it. After you create the password, click Finish. OIS reminds users that RAS users are responsible for implementing acceptable password practices as defined in NRC Management Directive 12.5. When this certificate is used by the system, you will be prompted for this password to keep unauthorized users from using your certificate. Retain this password in a secure location. Without this password, you will not be able to use this certificate. The system administrators cannot reset this password. If you forget this password and do not have it stored in a secure location, you will have to revoke your certificates and go through the proofing and enrollment process again.
Figure 22: Create a Password
Step 13
Verify that the security level is set to High as shown in Figure 232 and click OK. If not, repeat Step 12.
Figure 23: Verify Security Level
NRC RAS User Documentation Revised March 14, 2007
17
�Step 14
When prompted to request a certificate as shown in Figure 24, click Yes.
Figure 24: Request a Certificate
Note: If both certificates were successfully installed, a confirmation message, as shown in Figure 25, displays. If not, note the error code at the bottom of the web page and try the enrollment again and verify that you entered all the required information correctly. If you still experience problems enrolling, please call the Helpdesk for assistance.
Figure 25: Confirmation Message
NRC RAS User Documentation Revised March 14, 2007
18
�3.4 Transferring Certificates from an NRC Machine to a Remote Machine
This section provides instructions for transferring an MPKI Certificate from your NRC workstation to your remote computer. Once you export an MPKI Certificate to a file, you can import it into multiple workstations. For example, you can import your MPKI Certificate to your home desktop computer and your laptop. These instructions are written for and tested with Internet Explorer. If you use another Web browser, refer to the documentation provided. When you enrolled for your MPKI certificates, two certificates were installed into your web browser. When exporting certificates, OIS highly recommends exporting both and keeping them together.
NRC RAS User Documentation Revised March 14, 2007
19
�3.4.1 How to Export MPKI Certificates
1. Launch Internet Explorer. 2. Go to Tools, Internet Options, Content, and click Certificates. 3. Left-click once on the first certificate with your user name to highlight it. 4. Click Export. 5. Click Next. 6. Select Yes, export the private key and click Next. 7. Select the option for PKCS #12. 8. Select the Include all certificates . . . and Enable Strong Protection . . . options. Do not select the Delete the private key if the export is successful option. If this option is selected, uncheck it. 9. Click Next. 10. Enter and confirm a password. This password will be needed to import the certificate into another browser. If you forget the password, you will need to export the certificate again. Note: OIS reminds users that RAS users are responsible for implementing acceptable password practices as defined in NRC Management Directive 12.5. 11. Click Next. 12. Enter a path and filename. For example, to save the exported certificate to a floppy disk, insert a floppy disk into the A: drive and enter Aa:\@ (without the quotes and where is the name you wish to call the file. OIS recommends using the date as part of the filename to help you remember when the exported file was created.) 13. Click Next and click Finish. 14. If you set High security on your certificate when you originally created it, you will be prompted for your certificate password. Provide the password and click OK. 15. The browser will report that the export is successful. Click OK. 16. Repeat steps 3 through 15 with the second certificate but use a different filename in step 12. 17. When both of your certificates have been exported, click Close and Cancel to exit back into Internet Explorer. 18. To verify that the certificate was exported, use the My Computer icon and select the drive letter where you save the certificate in step 12. Browse through the file structure and look for a file by the name of A.pfx@ (without the quotes and where is the name you used in step 12). Note: OIS recommends that you keep copies of your certificates in a secure location. Please refer to the MPKI end-user agreement and NRC retention policies for more information regarding the retention and storage of MPKI certificates.
NRC RAS User Documentation Revised March 14, 2007
20
�3.4.3 How to Import MPKI Certificates
When you enrolled for your MPKI certificates, two certificates were installed into your web browser. When importing the certificates from your NRC workstation, import both certificates into your home browser. 1. Launch Internet Explorer. 2. Go to Tools, Internet Options, Content, and click Certificates. 3. Click Import. 4. Click Next. 5. Click Browse next to the File Name field. At the bottom of the window, click the File of type drop-down list and select All Files. 6. Browse to the location of the file created in Step 12 of the Certificate Export Procedure. Select the file and click Open and Next. 7. Enter the password used in Step 10 of the Certificate Export Procedure. 8. Select the Enable Strong Private Key Protection . . . and Mark this key as exportable . . . options. 9. Click Next. 10. Select Place all certificates in the following store and click Browse. 11. Select Personal and click OK and Next. 12. Click Finish. 13. Click Set Security Level. 14. Select High and click Next. 15. Enter and confirm a password to protect the certificate. It is recommended that you use the password referred to in Step 14 of the Certificate Export Procedure. Note: OIS reminds users that RAS users are responsible for implementing acceptable password practices as defined in NRC Management Directive 12.5. 16. Click Finish and OK. 17. The browser will report that the import is successful. Click OK. 18. Repeat steps 3 through 17 for the second certificate. 19. Click Close and Cancel to exit back into Internet Explorer.
NRC RAS User Documentation Revised March 14, 2007
21
�3.5 Renewing NRC MPKI Certificates
Notes: • The graphics in this section were captured from a workstation using Internet Explorer (IE) version 7. Although the toolbars and menus look different, the prompts and web page content is the same regardless of IE version. These instructions were developed using IE, for other web browser applications; please refer to the documentation provided by the software developer. The certificates issued by the NRC MPKI are a certificate pair. One certificate is used for encryption operations; the second is used for signing and identity operations. Since both certificates are issued at the same time, they should both be renewed at the same time. OIS highly recommends that the renewal should be done from the workstation where the original certificates were obtained. This should be the user’s NRC provided workstation. The expired certificates must be present on the workstation performing the renewal. Open Internet Explorer and browse to the following URL: https://www.nrc.gov/certificates. If prompted to identify your web browser, select the one matching your browser. For the purposes of these instructions, Microsoft Internet Explorer would be selected. In the Renew section, select 'for Encryption Digital ID' to renew the encryption certificate as shown in Figure 26
•
Renewal Prerequisites •
•
Renewal Process for the Encryption Certificate Step 1
Step 2
Figure 26 – NRC MPKI Digital ID Center
NRC RAS User Documentation Revised March 14, 2007
22
�Note:
You may be prompted for the installation of plug-ins from Microsoft, Citrix, or VeriSign during this process as shown in Figure 27. Please allow the browser to install the plug-ins accordingly.
Figure 27 – Plug-in Installation Prompt
Step 3
The system will prompt you to confirm you are renewing the Encryption certificate as shown in Figure 28. Click Renew to continue.
Figure 28 – Encryption Certificate Renewal Verification
NRC RAS User Documentation Revised March 14, 2007
23
�Step 4
The system examines the expired certificate and prompts you to confirm the information within the certificate as shown in Figure 29. Click Renew to continue.
Figure 29 – Certificate Information Verification
Step 5
When prompted to request a certificate as shown in Figure 30, click Yes.
Figure 30: Request Certificate
Step 6
When prompted to create the RSA exchange key as shown in Figure 31, click Set Security Level.
Figure 31: Create a New RSA Exchange Key
NRC RAS User Documentation Revised March 14, 2007
24
�Step 7
When prompted to choose a security level as shown in Figure 32, select High and click Next.
Figure 32: Choose a Security Level
Step 8
When prompted to create a password for this key as shown in Figure 33, enter a password and confirm it. After you create the password, click Finish. OIS reminds users that RAS users are responsible for acceptable password practices as defined in NRC Management Directive 12.5. When this certificate is used by the system, you will be prompted for this password to keep unauthorized users from using your certificate. Retain this password in a secure location. Without this password, you will not be able to use this certificate. The system administrators cannot reset this password. If you forget this password and do not have it stored in a secure location, you will have to revoke your certificates and go through the proofing and enrollment process again.
Note:
Figure 33: Create a Password
NRC RAS User Documentation Revised March 14, 2007
25
�Step 9
Verify that the Security level is now set to High as shown in Figure 34 and click OK to continue. If not, repeat step 6.
Figure 34: Verify Security Level
Step 10
While the certificates are being generated, a status message, as shown in Figure 35, displays.
Figure 35: Status Message
Step 11
If prompted to request a certificate as shown in Figure 36, click Yes.
Figure 36: Request a Certificate
NRC RAS User Documentation Revised March 14, 2007
26
�If the certificate was successfully installed, a confirmation message, similar to the one shown in Figure 37, displays. If not, note the error code at the bottom of the web page and try the enrollment again and verify that you entered all the required information correctly. If you still experience problems enrolling, please call the CSC Helpdesk for assistance.
Figure 37: Confirmation Message
Renewal Process for the Signing Certificate Step 1 With IE still open, browse to the following URL: https://www.nrc.gov/certificates. If prompted to identify your web browser, select the one matching your browser. For the purposes of these instructions, Microsoft Internet Explorer would be selected. In the Renew section, select 'for Signing Digital ID only' to renew the signing certificate as shown in Figure 26.
Step 2
Repeat Steps 3 through Step 11 from above. However, in Step 3 above the Signing Certificate will be referenced instead of the Encryption Certificate.
NRC RAS User Documentation Revised March 14, 2007
27
�4. Using the Remote Access System
4.1 Connecting to the NRC RAS Solution
Broadband users start with Step 1a. Agency Dial-Up users start with Step 1b. Step 1a (Broadband Users Only) From the remote desktop, launch the Web browser and enter the following URL - https://access1.nrc.gov. If prompted for client authentication, select your Username from the list. Skip directly to Step 8. (Agency Dial-up Users Only) From your desktop, double-click the NRC Remote Access icon installed during the RAS installation as shown in Figure 38. Continue with Step 2.
Step 1b
Figure 38 – The NRC Remote Access Icon
Step 2
The NRC Remote Access window as shown in Figure 39 displays a set of technical parameters for the RAS session. Select the appropriate parameters as follows: • • Select the Citrix server you would like to connect to. The second check box enables 1-800 number access. Leave this box unchecked if you are local to the remote access system. Check this box if you need to make a long distance phone call to make a connection. The third check box disables call waiting. If you have call waiting at your dialing location, an incoming call could disconnect your session. Check this box to prevent an incoming from breaking connection. The fourth check box enables the use of a dialing prefix to obtain an outside line. Depending on your location a 9, 8 or 010 may be required to obtain an outside line. If dialing from a hotel while on travel, a special number may be required to access an outside line and/or a 2-second pause (comma) between multiple inputs may be needed during dialing. You can also enter a 1 for dialing long distance or a country code if 28
•
•
NRC RAS User Documentation Revised March 14, 2007
�needed. • When you have made the appropriate selections, click Connect.
Figure 39 – RAS Client Dialing Parameters
Step 3
Enter your NRC User ID, the RAS Password, a 2nd time to verify the password, and click OK as shown in Figure 40. A valid RAS password was assigned to you by the NRC through your IT coordinator when your Agency Dial-Up account was activated. You cannot change this password. To prevent someone from reading your password from your screen, the RAS application hides your password as you type it in. Reenter your password again in the 2nd password field to verify it.
Figure 40 – RAS Client Password
NRC RAS User Documentation Revised March 14, 2007
29
�Step 4
The Connect To window as shown in Figure 41 opens and dynamically enters the values represented by your selections in the previous two windows. Do not disrupt the initialization process until the connection process is completed.
Figure 41 – RAS Client Connect To Window Step 5
Step 5
Once you are successfully connected to the Remote Access session, your computer automatically launches Internet Explorer and browses to the RAS URL at https://access1.nrc.gov. At the NRC Broadband Remote Desktop Login page, enter your NRC Novell Login ID and password in the Username and password fields as shown in Figure 42.
Step 6
Figure 42: NRC Broadband Remote Desktop Login Page
NRC RAS User Documentation Revised March 14, 2007
30
�Step 7
From the Applications window, select the application name closest to your work place as shown in Figure 43.
Figure 43: Applications Window
Step 8
When connected to the application, the NRC Warning Banner opens as shown in Figure 44. Click OK.
Figure 44: NRC Warning Banner
NRC RAS User Documentation Revised March 14, 2007
31
�Step 9
From the Novell Client for Windows dialog box as shown in Figure 45, enter the NRC Novell Username and password and click OK.
Figure 45: Novell Client for Windows dialog box
Step 10
After logging in to the NRC Network, a modified start-up screen opens on your remote computer and looks similar to the window shown in Figure 46. The start-up screen contains the same standard NRC applications and services available on your NRC workstation.
Figure 46: Citrix Presentation Server Desktop
The session is now available for use. See section 4.3 to properly log off the session.
NRC RAS User Documentation Revised March 14, 2007
32
�4.2 How to End a Remote Session
Step 1. To disconnect from the NRC RAS, from the Start menu, select Shutdown as shown in Figure 47. The client closes the application and disconnects the web browser from the service. Note: Until the Citrix screen disappears, DO NOT close the web browser by clicking the X in the upper right-hand corner of the desktop. Clicking the X ends the session on the workstation, but could leave sessions improperly open on the Citrix server and your modem could remain connected (Agency Dial-Up Users Only).
Figure 47: Citrix Presentation Server Start Menu
NRC RAS User Documentation Revised March 14, 2007
33
�Step 2.
Click OK to complete the session as shown in Figure 48. It may take several minutes for applications to close and the shut down process to complete.
Figure 48: Citrix Presentation Server Shutdown Menu
It may take a minute or more for the screen to clear off. When the screen clears, the Citrix session is closed. However, to completely close out your BRD session, click Logout in the Application Web page. Close any open Web browsers using File and Close on the menu bar or right click the X in the upper right hand corner of the window.
NRC RAS User Documentation Revised March 14, 2007
34
�4.3 How to Access Local and Network Drives
When logged in to the Remote Access Service, both local and network drives are available from the Citrix Web window. Launching Windows Explorer from inside the Citrix Web window will display the network drives accessible via Citrix from a remote location as shown in Table 2. Note: NRC workstation hard drives are not accessible via Citrix Web.
Drive Remote Computer A: NRC CITRIX Drive (RESERVED) NRC CITRIX Drive (RESERVED) NRC CITRIX Drive (RESERVED) Remote Computer C: NRC CITRIX Drive (RESERVED) Label (A:) A$ on >Client= (C:) C_Drv (D:) CD Drive (E:) E_Drv (W:) C$ on >Client= (X:) Ghost_Drv Drive Letter A: C: D: E: W: X:
Table 2: Network Drives Accessible via Citrix
The drives on the remote/home computer appear in Citrix Web under the same drive letters used for local drives on NRC workstations. In CITRIX Web, they appear as >$ on ‘Client= followed by the drive letter. For example, your computer drives A: and C: are accessible via drive A: [(A:)A$ on >Client=] and W: [(W:) C$ on >Client=] respectively as shown in Figure 49.
Figure 49: Citrix Presentation Server Explorer
NRC RAS User Documentation Revised March 14, 2007
35
�Note: Several drives are listed as Reserved. These reserved drives are used for CITRIX functionality and are not for use by RAS users. LAN/WAN network drive letters will be the same on Citrix Web as they are on NRC workstations. For example, P: for personal drive; G: for group drive; R: for read-only drive; and S: for shared drive. NRC workstation hard drives are not accessible via Citrix Web, Note: OIS recommends that all work should be saved on the P drive so that it may be accessed from work or remotely via Citrix Web. Note: You may be prompted with the dialog shown in Figure 50. The settings shown in the figure are settings recommended by OIS to allow users to save files on their local workstations and/or print from the Citrix solution.
Figure 50: Citrix File Security Settings
NRC RAS User Documentation Revised March 14, 2007
36
�4.4 How to Copy Files
Files can be copied from the remote computer to the NRC LAN/WAN using the Citrix Web Interface. This section lists the steps to perform file and copy between a remote computer and the NRC LAN/WAN. Step 1. From the Citrix desktop, right-click on the Start menu and select Explore as shown in Figure 51.
Figure 51: Citrix Presentation Server Start Menu
Note: Do not to right-click on the local desktop Start menu to open your local desktop Explorer. You cannot perform file transfers this way
NRC RAS User Documentation Revised March 14, 2007
37
�Step 2. From the Explorer window as shown in Figure 52, select the local or network file to be copied. Drag and drop the file into the destination directory. Open the copied file to confirm that it was correctly copied.
Figure 52: Explorer Window
4.5 Printing Remotely
Through the Broadband Remote Desktop, documents can be printed directly to the printer attached to the remote computer. The NRC CITRIX server contains an extensive list of supported printers. If the remote printer is not an installed driver, Citrix Presentation Server uses a generic driver. Users experiencing printing problems should contact the CSC. Printing from the remote location via Citrix Web is performed as from the NRC and from any application (e.g., WordPerfect, GroupWise, etc.). The print data is sent via the broadband/dial-up connection from the NRC network to the remote computer before the printer is activated. Note: The process may take several minutes. When printing from the NRC network via CITRIX, be patient. Repeated attempts to print will ultimately slow down printing and result in multiple print jobs.
NRC RAS User Documentation Revised March 14, 2007
38
�APPENDIX A – Frequently Asked Questions
When the remote computer is configured properly, dialing into the NRC network can be easy, even though it may be slower than using a broadband connection or logging in at work. The following questions will help you assess whether your computer is ready to run Remote Access Service V4.1 successfully. What does OIS recommend? The OIS recommends the following minimum configurations for RAS access: • Pentium III class PC with keyboard and mouse • SVGA monitor with 32 MB of video memory • 20 MB free hard disk space • Broadband Internet connection (see Section 2.1) • Windows XP operating system What kind of PC should I use? See the recommendations from above. If you recently purchased a new system, you can be assured that it meets the above criteria. Older PCs might not be compatible. What kind of monitor should I use? You should use an SVGA (super video graphics array) monitor. Be sure you have a video card installed in your PC that has at least 32 MB of memory. Otherwise, changes in your display will be very slow on your screen. What kind of Internet connection should I use? Full time Internet connections as provided by cable modems or DSL lines provide the best performance. Please check with your local service provides for availability, performance, and pricing. What software will I need? You must have an operating system that supports Internet Explorer or NetScape Navigator. Other web browsers may work, but have not been tested with RAS. If using a web browser other than Internet Explorer, please see the vendor=s documentation for importing certificates. Also, check the Citrix Support website for information regarding the capability of your web browser version with Citrix products. Where can I get a copy of the software and password? If you do not have a RAS account, notify your IT Coordinator. Your IT Coordinator must make a request to the CSC Helpdesk for your RAS access. After that, you must present your NRC issued badge to the Helpdesk and sign an end-user agreement. The CSC will then issue you a PIN code to enroll for your certificates. The rest is done from your desktop via the web browser. Will I need anything else? From a location outside of the NRC, you need a functional Internet connection. Refer to Section 2.1 of this document for a description of valid connection types. Note: The NRC will not pay for Internet access fees resulting from use of RAS at home.
NRC RAS User Documentation Revised March 14, 2007
39
�APPENDIX B – Troubleshooting Tips
Problem Getting Error Messages during installation. “C:\WINDOWS\WBDEL44I.DLL – DLL File could not be created. Probably cause of error is that you cannot write to the disk or directory shown above.” “Fatal Error – DLL(s) not found or created” Modem will not make a connection. • • • If you have an external modem make sure it is turned on. If you have an external modem make sure it is connected to your computer. Make sure your modem is connected to the telephone jack. Resolution The user attempting the installation does not have administrative rights to the workstation. Please log into the workstation with an account with administrative access.
Port is already in use. Access is denied during modem connection. Modem establishes a connection but the Novell client login screen never launches. The web browser will not make a connection.
Disconnect your current modem session. Enter the CITRIX User ID and Password (found inside the blue envelope or given to you by designated personnel) in the NRC Remote Access Security window. Reinstall the CITRIX RAS client from the CD provided by the NRC.
• • •
Verify that your broadband Internet is functioning correctly by browsing to another site such as www.yahoo.com or www.nrc.gov; Verify that you installed the correct NRC MPKI certificates into the browser; or Verify that you are going to the correct URL. https://access1.nrc.gov.
Login fails.
On the main login screen: • Verify that the correct username and password were used; • Ensure that the Workstation Only check box is not selected; or • You DO NOT need to access the Advanced page to change any settings. If you do access this page and change any of the default settings, you may not be able to login. Reestablishing your connection will reset the default settings to their correct configuration. Your password expiration date may have transpired. Please contact the CSC to verify your password expiration date or check to see if your account is locked out. You selected the Workstation Only check box at the login screen. Checking this box logs you into Windows only. You must log out and log back in with the check box unchecked. • • • Make sure your printer is functioning properly Try printing something locally. If it does not work locally check that it is turned on, plugged in, etc.
The system does not accept my password. I was able to login but I do not see my network drives. Cannot print.
When you open GroupWise, an error message appears.
If you see an error message regarding your mail archive, click OK, DO NOT do anything else and contact the CSC. GroupWise is checking for the existence of your archive mail file which is actually on your local C drive at the NRC. It cannot find the file when you log in remotely via RAS. DO NOT follow the instructions under Options. You may accidentally delete all your archived mail messages.
If these troubleshooting steps do not resolve your problem(s)or if you need additional help, please refer to Appendix E for information on how to contact the CSC.
NRC RAS User Documentation Revised March 14, 2007
40
�