Working off-campus using VPN and Remote Desktop

**Work from home

Employees : Catholic-WFH (DUO Enabled VPN)

Overview - WFH remote access

Catholic University provides the "Catholic-WFH" virtual private network (VPN) for Work from Home employees. The VPN extends the campus network to the computer in their home location. The VPN helps to protect the University's systems and services while allowing employees to access them easily from the home location. You use the Cisco AnyConnect Secure Mobility Client application to connect to the Catholic-WFH VPN.

The university also requires the use of Duo for multi-factor authentication (known as MFA or 2FA). MFA allows you to present two categories of credentials when authenticating to a service. Duo is a software tool provided by Duo Security, a cloud-based access security provider that enables us to support a second factor when authenticating to certain Cardinal Applications and to the WFH VPN connection. Duo provides 'something you have' and, when paired with your password 'something you know', we have a greater assurance that the individual logging in is who they say they are. Please read about Using Duo to learn more about Duo, including how to enroll your devices.

This page explains how to

  1. Connect to the Catholic-WFH VPN.

  2. Use Remote Desktop to connect to a campus computer (normally your assigned office computer).


But first, a few important FAQs

Why do I need to use the VPN?

VPN ensures no one can observe the network traffic from your home to campus and multi-factor (using a product called DUO) secures your personal login. Taken in combination, these ensure only you can log in to the university services, even if someone else with nefarious intent may have stolen your password and that your communications can’t be listened to by third parties.

When do I need to use the VPN while working from home or off-campus?

Consistent with the University’s expectations of information security for employees working at the office, Work from Home (WFH) employees must ensure the protection of proprietary University information accessible from their home location. Appropriate steps include regular password maintenance, segregation of University materials from access by others, and any other measures imposed by the department or appropriate for the job and the environment.

  • Employees working from home or off-campus are required to use multi-factor authentication provided by Technology Services to securely access and connect to University systems. This is accomplished using the University's Duo Security service.

  • Employees are required to connect to the Catholic-WFH VPN and log in using Remote Desktop Services if they need to use their office desktop computer from their home location.

    • Work products like reports, documents, or other files should be stored on the University provided storage (e.g. the Cardinal Mail Google Drive) and not on personal devices.

How do I work at home or off-campus safely?

Please follow Microsoft's steps to keep your remote Windows computer safe before using it to access University data. Mac users should similarly follow Apple's recommendations to keep your Mac secure and guard your privacy.

Please exercise care in handling University data:

  • Please be sure to keep system data within its system, and

  • Store CatholicU-related products like reports, papers, spreadsheets, or other files on University-provided storage (Cardinal Mail Google Drive) and not stored on personal devices.

How to connect

Please read on for detailed instructions on how to connect.

Apple users: While the instructions in this article are for Microsoft Windows, Cisco AnyConnect and Microsoft Remote Desktop work similarly on Apple Mac. Please install the free Microsoft Remote Desktop app from the Mac App Store, and install Cisco AnyConnect as described below. Take steps to keep your Mac secure and guard your privacy.

Prerequisites

Before you can follow the steps below, please make sure you have completed the necessary preliminary steps.

Screenshot of the Windows 10 "Security at a glance" window, showing that all settings are green-checked.

  • You have taken steps to keep your home computer safe. Your home computer is up-to-date with security updates, has a firewall enabled and is running antivirus software that performs regular scans and is updated automatically.

Duo request screen from a mobile device showing prominent Approve and Deny buttons.

  • You have an enrolled Duo device. This document assumes you are using the free Duo Mobile app on your smartphone to respond to requests; this is the recommended method.

Enrolling into DUO

  • You have the Cisco AnyConnect Secure Mobility Client software installed on your home computer.

    • To install: Browse to vpn.cua.edu and log on with your Cardinal Credentials. Click "Instructions" and follow the steps.

    • Please see Additional Resources below for a printable install guide.

  • The office computer to which you will connect is powered on, and you know its hostname or IP address.

    • To find the hostname (Full computer name), on your office computer, press the Windows key + the Pause/Break key simultaneously to open the System information window.

1. On your home computer, use Cisco AnyConnect to connect to the VPN

This extends the campus network to the computer in your home location, allowing you to access networked resources and services as if you were on campus. The VPN connection is required for you to be able to make a remote connection to your office computer.

Screenshot of the Cisco AnyConnect connection prompt showing "vpn.cua.edu" entered into the text box. There is a "Connect" button to the right of the text box.

  • Ensure that you have your Duo enrolled device ready. (This is usually your smartphone with the Duo Mobile app configured.)

  • Open the Cisco AnyConnect application on your computer.

    • Enter vpn.cua.edu in the text box.

    • Click Connect.

  • The AnyConnect logon screen appears.

    • In the Group pull-down menu, select Catholic-WFH.

    • In the Username box, enter your Cardinal Credentials username.

    • In the Password box, enter your Cardinal Credentials password.

    • If are using the Duo Mobile smartphone app (recommended), in the Second Password box, enter push.

    • Click OK

****NOTE****

Second Password: push

(Alternatives)

    • Approve the Duo authentication request for the VPN connection on your enrolled device.






Windows 10 notification from Cisco AnyConnect stating it is Connected.

  • You receive a Windows notification from Cisco AnyConnect that you are connected.

2. Connect to your campus computer using Microsoft Remote Desktop

Working from Home by remote access to your office computer is the best way to make sure University data remains stored on the University provided storage, not on your personal devices.

Screenshot of Remote Desktop Connection connection screen, with a blurred hostname.cua.edu entered into the Computer text box. There are Connect and Help buttons in the lower right of the window.

  • Open the Microsoft Remote Desktop Connection application on your computer.

  • In Remote Desktop window, enter the hostname or IP address of your office computer. When entering a hostname, include the ".cua.edu" suffix.

  • Click Connect.

Microsoft Remote Desktop logon screen showing text boxes for Username and Password. There are OK and Cancel buttons on the bottom edge of the window.

  • Enter your Cardinal Credentials username as cua\username.

  • Enter your Cardinal Credentials password.

  • Do NOT check "Remember me"—to best protect university data, type your credentials each time you connect.

  • Click OK.

"The identity of the remote computer cannot be verified" warning screen annotated with an arrow pointing to the location of the remote computer name. There are Yes and No buttons in the bottom right corner of the window.

  • Verify that the remote computer name matches that of your campus computer.

  • Click Yes to connect

Screenshot of a remote desktop session, showing the remote computer running Microsoft Excel and Cardinal Mail and Cardinal Faculty and Staff in Chrome tabs.

  • The Remote Desktop application connects to your campus computer and mirrors its screen so that you can use it as if you were on campus.

Screenshot of the Windows 10 Start Menu showing the navigation to the Sign out button when the Start menu is right-clicked.

  • When you are finished with your Remote Desktop session, right-click the Start menu on the campus computer and navigate to Sign out (fully end session).

  • The Remote Desktop window closes, and you can exit the application on your home computer.

  • To finish your WFH session, Disconnect the Cisco AnyConnect VPN on your home computer.