Working From Home
Connecting to computational systems and research data storage from off-campus
The CSF, iCSF, HTCondor, and Research Data Storage (Isilon) can all be accessed from off-campus, but, for security, some extra steps are needed.
Since November 2019 the University has been protecting remote access services with Global Protect and Duo 2FA. This has now been extended to include the ‘nyx’ X2GO gateways and the rds-ssh file-transfer gateways. Therefore from October 2020 you must now be logged in to the University VPN (GlobalProtect) with Duo 2-Factor Authentication in order to access these services from off-campus. |
If you need any help with the information on this page, please email the Research Infrastructure team using its-ri-team@manchester.ac.uk |
Tasks you can do from home
This page addresses the following tasks while working from home (or elsewhere off-campus), providing you with links to the relevant documentation. Jump to the sections you are interested in doing:
- Logging in to the CSF, iCSF or HTCondor submitter node, or the Research Infrastructure X2GO / SSH gateways, from off-campus once you have signed in to the GlobalProtect VPN. See below.
- Accessing Research Data Storage that you would usually map as a drive on a campus PC. See below.
- Copying files to/from Research Data Storage that you use on the CSF, iCSF or HTCondor submitter node. See below.
- Copying files to/from CSF scratch storage. See below.
The University VPN and GlobalProtect.
When accessing on-campus resources such as the CSF/iCSF from off-campus you are required to first sign in to the University VPN using the GlobalProtect software or OpenVPN software. GlobalProtect is recommended and it is available for Windows, Mac and Linux.
University managed laptops already have the GlobalProtect software installed. You can also download it and run it on your home PC/laptop. If not already installed, please install the IT Services VPN Software (GlobalProtect) on your home PC/laptop.
Problems with GlobalProtect?
If you are attempting the above tasks from home and are having problems when GlobalProtect is running, please see the GlobalProtect Problems and Solutions section below. |
Open each section below for the task you wish to perform.
1) How do I login to the CSF / iCSF / HTCondor from off campus?
a) Sign in to GlobalProtect then use direct ssh
- If not already installed, please install the IT Services VPN Software (GlobalProtect) on your home PC/laptop.
- Run the GlobalProtect software (see previous link). In short, this will make your PC/laptop appear to be on-campus.
- Now log in to the CSF or log in to the iCSF or condor submitter as usual using your preferred SSH application.
- If this method does not work for you, your ISP may not fully support the use of GlobalProtect. Please try using the IP number of the login node instead of the name:
ssh username@10.99.203.51 # CSF3 ssh username@10.99.203.43 # iCSF ssh username@10.99.203.70 # incline256 ssh username@10.99.203.69 # incline2000 ssh username@130.88.203.22 # submitter
Or alternatively use the Research IT SSH Gateway (method C below). More details are available in the GlobalProtect problems and solutions section.
b) Sign in to GlobalProtect then use the Research IT Linux Virtual Desktop (X2GO)
PLEASE NOTE: As of October 2020, before logging in to the Research IT Linux Virtual Desktop from off-campus, you must first log in to the University VPN (GlobalProtect). Full instructions are given in the pages linked below.
- Register to use the Research IT Linux Virtual Desktop by emailing its-ri-team@manchester.ac.uk.
- Download, install and setup on your home PC/laptop the small, free X2GO client. We have complete instructions for Windows, Mac and Linux home PCs/laptops.
- Now, from your home PC/laptop, use the X2GO client you’ve just installed to log in to the X2GO Linux Virtual Desktop.
- Finally, from a terminal on the Linux Virtual Desktop (nyx5,6,7) log in to the CSF, iCSF or Condor submitter using one of:
ssh csf3 ssh icsf # or incline256 or incline2000 ssh submitter
See here for screenshots and a complete example.
c) Sign in to GlobalProtect then use the Research IT SSH Gateway
PLEASE NOTE: As of October 2020, before logging in to the Research SSH Gateway from off-campus, you must first log in to the University VPN (GlobalProtect). Full instructions are given in the pages linked below.
- Register to use the Research IT SSH Gateway by emailing its-ri-team@manchester.ac.uk (if you have registered to use the X2GO service you don’t need to register again).
- Now install any free SSH application on your home PC/laptop. On Windows, a popular free app is MobaxTerm. On Mac and Linux, you can use the already-installed Terminal app to run SSH. You can even log in from Android, using JuiceSSH.
- Next, log in to the SSH gateway using the SSH app from your home PC/laptop. Use any one of the following addresses:
nyx5.itservices.manchester.ac.uk nyx6.itservices.manchester.ac.uk nyx7.itservices.manchester.ac.uk
- Finally, from the SSH gateway (nyx5,6,7) log in to CSF, iCSF or Condor submitter using one of:
ssh csf3 ssh icsf # or incline256 or incline2000 ssh submitter
Even if you had DNS-lookup problems in method a) above, the nyx addresses will always work.
2) How do I access Desktop-visible Research Data Storage (Isilon) from off campus?
- Desktop/PC visible storage, similar to your P-Drive. You map this as another drive on your PC (e.g., the R: drive).
- Storage visible on the central compute platforms such as the CSF, iCSF or HTCondor submitter. The Research IT team ensure this is visible on those platforms.
Here we cover how to access the first type – the Desktop/PC visible storage – while working at home.
Please note: If your data has been supplied by an external provider (e.g., NHS Digital) you must check any data sharing agreement you have with the provider that you are permitted to access that data from off-campus.
a) Via GlobalProtect
- You will need the path supplied to you when the storage was allocated. This will be something like:
\\nasr.man.ac.uk\bmhrss$\snapped\replicated\FolderName # # # # Specific to your project or research group # # Your faculty code eps, bmh, hum (or older codes fls and mhs)
- If not already installed, please install the IT Services VPN Software (GlobalProtect) on your home PC/laptop.
- Run the GlobalProtect software (see previous link). In short, this will make your PC/laptop appear to be on-campus.
- Now map the storage as a drive. We have documentation for Windows, Mac and Linux home PCs/laptops.
- If this method does not work for you, your ISP may not fully support the use of GlobalProtect. Please try using the IP number of the RDS storage system instead of the name:
\\10.2.82.7\bmhrss$\snapped\replicated\ProjectFolder
More details are available in the GlobalProtect problems and solutions section.
b) Via the Research IT RDS-SSH Gateway
PLEASE NOTE: As of October 2020, before logging in to the Research RDS-SSH Gateway from off-campus, you must first log in to the University VPN (GlobalProtect). Full instructions are given in the pages linked below.
- Register to use the Research IT RDS-SSH Gateway by emailing its-ri-team@manchester.ac.uk telling us the above storage path.
- Use a file-transfer app on your home PC/laptop (such as WinSCP or MobaXterm) to log in to the RDS-SSH gateway. The address of the gateway is
rds-ssh.itservices.manchester.ac.uk
You will then be able to navigate to your storage area. The Research IT team will tell you where your storage area is on the RDS-SSH server.
3) How do I copy files to/from CSF/iCSF/submitter-visible Research Data Storage (Isilon) from off campus?
- Desktop/PC visible storage, similar to your P-Drive. You map this as another drive on your PC (e.g., the R: drive).
- Storage visible on the central compute platforms such as the CSF or iCSF. The Research IT team ensure this is visible on those platforms.
Here we cover how to copy files to/from the second type – the CSF/iCSF/submitter visible storage – while working at home.
Please note: If your data has been supplied by an external provider (e.g., NHS Digital) you must check any data sharing agreement you have with the provider that you are permitted to access that data from off-campus.
a) Via GlobalProtect
University managed laptops already have the GlobalProtect software installed. You can also download it and run it on your home PC/laptop.
- If not already installed, please install the IT Services VPN Software (GlobalProtect) on your home PC/laptop.
- Run the GlobalProtect software (see previous link). In short, this will make your PC/laptop appear to be on-campus.
- Now use your preferred file-transfer app to access the CSF or the iCSF or condor submitter. All of your CSF/iCSF/submitter storage areas will be visible in the usual locations.
- If this method does not work for you, your ISP may not fully support the use of GlobalProtect. Please try using the IP number of the login node instead of the name in your file-transfer app:
10.99.203.51 # CSF3 10.99.203.43 # iCSF 130.88.203.22 # submitter
More details are available in the GlobalProtect problems and solutions section.
b) Via the Research IT RDS-SSH Gateway
PLEASE NOTE: As of October 2020, before logging in to the Research IT RDS-SSH Gateway from off-campus, you must first log in to the University VPN (GlobalProtect). Full instructions are given in the pages linked below.
- Register to use the Research IT RDS-SSH Gateway by emailing its-ri-team@manchester.ac.uk
- Use a file-transfer app on your home PC/laptop (such as WinSCP or MobaXterm) to log in to the RDS-SSH gateway. The address of the gateway is
rds-ssh.itservices.manchester.ac.uk
You will then be able to navigate to your storage area. By default you will be in your CSF/iCSF/HTCondor home directory. Other RDS areas are in the same place as on the CSF. Some storage will not be visible and for sensitivity/security can’t be mounted there – if you can’t find your storage email us with the path to discuss.
4) How do I copy files to/from CSF scratch storage from off campus?
a) Via GlobalProtect
- If not already installed, please install the IT Services VPN Software (GlobalProtect) on your home PC/laptop.
- Run the GlobalProtect software (see previous link). In short, this will make your PC/laptop appear to be on-campus.
- Use a file-transfer app on your home PC/laptop (such as WinSCP or MobaXterm) to log in to the CSF. The address of the CSF is
csf3.itservices.manchester.ac.uk
You will then be able to navigate to your scratch storage area.
- If this method does not work for you, your ISP may not fully support the use of GlobalProtect. Please try using the IP number of the CSF login node instead of the name:
10.99.203.51
More details are available in the GlobalProtect problems and solutions section.
5) How do I access the web and other external data from the CSF?
- While on the CSF or iCSF, load the proxy modulefile to allow access to the outside world by many common applications.
- To download data from external databases while using the computational platforms, use the NATaaS service. This is needed where the software used to do the download does not work through the University proxy.
6) GlobalProtect Problems and Solutions
a) Description of the Problem
csf3.itservices.manchester.ac.uk
or nasr.man.ac.uk
) to internal IP numbers (10.99.x.y
). Users on BT Internet have reported this problem. This is not a problem with GlobalProtect, or the CSF or Isilon.
This problem will affect the following tasks:
b) Logging in to the CSF – unknown hostname
ssh username@csf3.itservices.manchester.ac.uk
and receive an error similar to
Cannot resolve hostname (or unknown hostname) csf3.itservices.manchester.ac.uk
then your ISP is showing the problem described above.
The solution is to continue to run GlobalProtect, then use the CSF login node IP numbers directly. In particular:
ssh username@10.99.203.51
Replace
username
with your own IT username.
c) Mapping \\nasr.man.ac.uk Storage – no username/password prompt
\\nasr.man.ac.uk\bmhrss$\snapped\replicated\ProjectFolder # # # # Specific to your project # # Faculty code: eps, bmh, hum (or older codes fls, mhs)
you should normally be prompted for your IT username and password. However, if you are having the GlobalProtect problem with your ISP, this box may never be displayed and the storage will not be mapped as a drive.
The solution is to continue to run GlobalProtect, then use the IP number of the storage system. In particular:
\\10.2.82.10\bmhrss$\snapped\replicated\ProjectFolder
You should then be prompted for your username and password as normal.
7) Global Protect & Two Factor Authentication (2FA) on the X2GO/ssh gateway/nyx servers
As of October 2020 before logging in from off-campus you must first log in to the University VPN (GlobalProtect). If you are on-campus and NOT connected to the University VPN (GlobalProtect) you will be asked to authenticate using your UoM 2-Factor Authentication (2FA) device e.g. Duo Mobile app or Duo fob.
For 2-Factor Authentication to work with X2GO you must make sure you are using at least version 4.1.1.1 of the X2GO client.
We have updated our documentation to reflect the changes to the log in process see:
Please note that the Research Infrastructure Team are unable to provide general help and support for the VPN and 2FA (for example, installing Global Protect, registering a device, or how to authenticate if you are unable to get a data/wifi signal on your phone). IT Services have provided a very detailed FAQ which can be found on the 2FA Information Webpage in the ‘Help and Support’ section – it links to a PDF document (the FAQ).
The phonecall method of 2FA is not available on the nyx servers/X2GO . To set up and register for the mobile app method please follow Q5, Q6, and Q20 in the IT Services FAQ described above.
8) Connecting to an existing on-campus non-Research-IT desktop/laptop to access on campus resources such as the CSF/iCSF
You may be off-campus and connect to an existing on-campus desktop/laptop in order to use it as a ‘gateway’ to other on-campus resources such as the CSF/iCSF. This could be a PC in your office or lab for example. As of October 2020 you will still be able to do this, but in order to connect to your on-campus machine you will first need to connect to the University VPN using GlobalProtect.
- If not already installed, please install the IT Services VPN Software (GlobalProtect) on your home PC/laptop.
- Run the GlobalProtect software (see previous link). In short, this will make your PC/laptop appear to be on-campus.
Please note that the Research Infrastructure Team are unable to provide general help and support for 2FA (for example, registering a device, or how to authenticate if you are unable to get a data/wifi signal on your phone). Nor can we help with ad-hoc PCs around campus that you may be trying to log in to. IT Services have provided a very detailed FAQ which can be found on the 2FA Information Webpage in the ‘Help and Support’ section – it links to a PDF document (the FAQ).