As a part of our HIPAA compliance activities, we need to shut down the external gateway access to Minerva.  PI’s need to sponsor their external collaborators through Sailpoint, including requesting a school VPN account and renewing every 120 days.  The High Performance Computing team has made adjustments so that all users can connect to internal login nodes, thus all users will need a VPN account for off-campus login.

For Mount Sinai internal users the external gateway will be removed as of April 15th
For Non-Mount Sinai external collaborators the gateway will be removed on April 30th 

Please note: If you are an external collaborator (Non-Mount Sinai, you need to speak with your PI for access).  External users cannot request their own access. PI’s, please refer to the instructions below.

Changes starting April 30 2020:

  • all userswill need a VPN account for off-campus login 
  • The PIsneed to apply for a Mount Sinai school VPN for this external collaborator within campus network
  • The network/VPN account expiration is 120 days maximum. An email will go out to PIs in Sailpoint 21 daysbefore the expiration date directing them to log into Sailpoint to extend (or deny) the network/VPN account.

Instructions for how to request Mount Sinai school VPN  for collaborators (Non-Mount Sinai Users)

 

  1. PI’s need to Create a Volunteer Identity following instructions at https://wiki.mountsinai.org/display/ITSECURITY/Sailpont+-+Create+Volunteer
  2. PI’s need to proceed to ‘Request Access’ for school VPN Tunnel, following instructions at https://itsecurity.mssm.edu/vpn-instructions/outlook/sailpoint-request/
  3. Once step 2 is approved, PI’s will receive an email notification informing you that your SailPoint request has been completed with Mount Sinai Login ID and password. You (collaborators)may need to change this password before logon to school VPN. Please check by visiting https://msvpn.mssm.edu, and input your ID and password, which will direct you for password change if needed. You do not need to do the “Enter Security code or leave blank for push”, because you have not yet registered a VIP token yet.
  4. You (collaborators) can proceed to VIP Two-Factor setup for school VPN access, following instructions at https://itsecurity.mssm.edu/vpn-instructions/outlook/vpn-step-2/  After you download the VIP token to your local device, you may need to send an email to school IT at ASCIT@mssm.edu for help with registration if you have trouble accessing https://register4vip.mssm.edu while off-campus
  5. You (collaborators) can proceed to login to the VPN at https://itsecurity.mssm.edu/vpn-instructions/outlook/vpn-step-3/ (greater detail here if needed:  https://itsecurity.mssm.edu/) and then access Minerva as normal, using ssh your_Minerva_userid+yldap@minerva.hpc.mssm.edu (if you already have Minerva account and are still using Yubikey)

If you don’t have a Minerva account, please apply for one using the Mount Sinai ID received above at https://acctreq.hpc.mssm.edu/  Please check external account in the form.

You can reach out to the IT Helpdesk here for assistance on VPN issues:

By Phone: 1-212-241-7091
Via email: ASCIT@mssm.edu

General Note:
Firefox is the preferred browser for launching f5 software, while Chrome may sometimes have troubles.

Instructions on F5 setup on Linux (such as Ubuntu) system: 
On your Ubuntu machine go to https://mshmsvpn.mssm.edu/my.policy and log in with your password / VIP token.  The welcome page will have many boxes.  Click on linux_deb  and download the f5 software.  Open a terminal on Ubuntu and move to the folder that contains the download, then: sudo apt install /path/to/package/name. deb/opt/f5 will be created.  Click on “tunnel” and on the f5 popup, “Choose” /opt/f5/vpn/f5vpn and you should  be in.