RAS Third-Party Users - Ontario



[pic]

RAS User Guide for

Non-OPS/Third-Party Users

Children’s Aid Societies

Version 2.2cas (v2008-05)

Setting Up RAS 2

Remote Software Client 2

Administrative Rights 2

No Administrative Rights 2

Manually Installing the Software 2

Set up for Dial-up Users 5

Windows XP 5

Windows 2000 10

RAS Registration 17

Token Activation 18

Ordering RAS 19

Eligibility 19

Technical requirements for RAS/VPN 19

How to submit a Request for Adding/Deleting Accounts 19

Using RAS 20

Launching RAS 20

Third-party User - Qs & As 21

1. What is required to use RAS? 21

2. What is VPN? 21

3. I already have RAS, so what do I need to do to transition my Account? 22

4. Why am I not receiving Go Remote Administration e-mails? 22

5. What is a token? 22

6. When will I receive a token? 22

7. Now that I’m transitioned, how do I use RAS? 23

8. What if I lose my token or forget my PIN? 23

9. How do I request a replacement token? 25

10. How do I change my PIN? 27

11. What is the cost to replace a token? 28

12. Which staff will provide technical support for RAS or VPN issues? 28

13. Do I need a personal firewall for my PC? 28

14. Where can I obtain more information? 28

Setting Up RAS

Remote Software Client

Administrative Rights

If you have administrative rights, please visit the Go-Remote site home page at and the software will automatically install to your machine. Please bookmark this URL.

No Administrative Rights

If you do not have administrative rights, please request assistance from your local IT support staff.

If you are unable to obtain administrative rights for installation, contact the OPS IT Service Desk at 1-888-677-4873 (1-888-OPS-ITSD). If you are in the GTA, please call 416-246-7171. The OPS IT Service desk will send you a software package. See the instructions for installation below.

Should you need assistance with installation, please contact your usual technical support.

Manually Installing the Software

If you are manually installing the package, follow the steps below:

Should you need assistance with installation, please contact your usual technical support.

1. Unzip downloaded Dial-Up zip file.

[pic]

Double-Click on MGS_TELUS.Internet_1.0 Folder to access MSI installation package.

[pic]

Double-Click on TELUS_Internet_1.0.msi Windows Installer Package

[pic]

2. Click on RUN to start the installation

[pic]

The TELUS Internet Icon will be installed on the user device at the end of the installation.

(“VPN only” users can skip this section and continue on page 17)

Set up for Dial-up Users

Windows XP

This walkthrough outlines how to get your computer, using Windows XP, connected to the Internet using a regular dial-up modem.

Step 1: Open the Control Panel

1. Click on the Start menu.

2. Click on Control Panel.

3. If you're using Category View, click Network and Internet Connections then click Network Connections.

NOTE: If you're using Classic View, click Network Connections from the list.

Step 2: Create a new connection

1. From the Network Connections window, click Create a New Connection from the upper left corner of the screen.

2. Click Next.

3. Choose Connect to the Internet. Click Next.

[pic]

Figure 1 - Create New Connection, Step 1 of 6

4. Choose Set up my connection manually. Click Next.

[pic]

Figure 2 - Create New Connection, Step 2 of 6

5. Choose Connect using a dial-up modem. Click Next.

[pic]

Figure 3 - Create New Connection, Step 3 of 6

6. Type TELUS Internet as the ISP Name. Click Next.

[pic]

Figure 4 - Create New Connection, Step 4 of 6

7. Type OPS Ontario Toll Free access number 1-866-967-3668. Or for outside of Ontario, the local access number is 416-342-5300.

NOTE: If you subscribe to Call Waiting on your phone line, ensure that it is disabled. If this service is not disabled while you're connected to the Internet, an incoming call will disconnect the modem. To disable Call Waiting, see How to disable Call Waiting below.

[pic]

Figure 5 - Create New Connection, Step 5 of 6

8. Enter, in lowercase, your username and password.

If you do not remember your username and/or password please contact Service Desk at 1-888-677-4873 or 416-246-7171.

[pic]

Figure 6 - Create New Connection, Step 6 of 6

9. Place a check mark in Add a shortcut to this connection to my desktop.

10. Click Finish. This will return you to the Network Connections window.

Step 3: Connect to the Internet

1. Double-click your new TELUS Internet icon.

2. When you're ready to connect to the Internet, Click Dial.

[pic]

Figure 7 - Click Dial

How to disable Call Waiting

If you subscribe to Call Waiting on your phone line, ensure that it is disabled. If this service is not disabled while you're connected to the Internet, an incoming call will disconnect the modem.

To disable Call Waiting for the duration of your dial-up connection, add *70 before the local access number in your dial-up connection.

[pic]

Windows 2000

If you have a regular dial-up modem and use Windows 2000, follow these steps to connect your computer to the Internet. These instructions use the Microsoft Internet Connection Wizard.

Step 1: Create a Dial-up Networking Connection

1. Click Start.

2. Choose Settings.

3. Choose Control Panel.

4. Double-click Network and Dial up Connections.

5. Double-click Make New Connection.

6. Click Next.

7. Click on the second option that says "Dial-up to the Internet Connect to the Internet using my phone line (modem or ISDN)".

[pic]

Figure 1 - Make New Connection Step 3

8. Click Next.

9. Choose the last option "I want to set up my Internet connection manually, or I want to connect through a local area network (LAN)".

[pic]

Figure 2 - Make New Connection Step 4

10. Click Next.

11. Choose the option that says "I connect through a phone line and a modem".

[pic]

Figure 3 - Make New Connection Step 5

12. Click Next.

13. You will then be prompted to "Type the phone number for the computer you want to call." Type OPS Ontario Toll Free access number 1-866-967-3668. Or for outside of Ontario, the local access number is 416-342-5300.

NOTE: If you subscribe to Call Waiting on your phone line, ensure that it is disabled. If this feature is not disabled while you're connected to the Internet, an incoming call will disconnect the modem. To disable Call Waiting, see How to disable Call Waiting below.

[pic]

Figure 4 - Make New Connection Step 6

14. Click on the Advanced button. In the new window, click on the Addresses tab. Ensure that Server Assigned IP Address has a dot beside it as well as My ISP Automatically provides a Domain Name Server (DNS) address.

[pic]

Figure 5 - Make New Connection Step 7

15. Click OK, then click Next.

16. You will then be prompted for your username and password. Please enter them in the appropriate fields.

[pic]

Figure 6 - Make New Connection Step 8

17. Click Next.

18. You will then be prompted for a Connection name. Type TELUS Internet.

[pic]

Figure 7 - Make New Connection Step 9

19. Click Next.

20. You will then be prompted to set up an Internet mail account. Click No.

[pic]

Figure 8 - Make New Connection Step 10

21. Click Next.

22. Remove the check mark from To connect to the Internet immediately, select this box and then click Finish.

23. Click Finish.

24. When you are ready to connect open the Network and Dialup Connections Window, double-click the new icon called TELUS Internet and click the Connect button.

How to disable Call Waiting

If you subscribe to Call Waiting on your phone line, ensure that it is disabled. If this feature is not disabled while you're connected to the Internet, an incoming call will disconnect the modem.

To disable call waiting for the duration of your dial-up connection, add *70 before the local access number in your dial-up connection.

RAS Registration

During May –June 2008, as a confirmed RAS user you will be transitioning to the new RAS.

You will receive an automated message from GO-Remote Administration with a personalized URL, requesting you to re-register.

|Tip: Ensure Filters Allow Go Remote Administration Emails. Update your SPAM filter to allow emails from *.ontario.ca .This is |

|to ensure that the Go Remote emails are not filtered out of your in box. |

The email from Go Remote Administration will ask you to:

1. Click on the registration link provided in the e-mail;

2. Login with the GO PKI profile, as requested. (The GO PKI profile is the same account you use to log in to FastTrack.)

3. Select the location of the GO PKI profile and enter the GO PKI password (as per usual PKI authentication procedure). Click Continue

4. Agree with the terms and conditions of the RAS “GO Remote” by clicking Continue.

5. Confirm the RAS user information.

6. Confirm the token delivery address (as per the approved request for RAS service) or enter a new delivery address. The fields in this section are editable. The token is required to log on the RAS gateway therefore a valid token delivery address is mandatory. Click Continue.

7. Wait for delivery of your token.

|Tip: Ensure the address for token delivery is correct (e.g. building, floor number, postal code) to prevent lost/delayed delivery |

|of your token which will be sent via post. |

The successful self-registration triggers the shipment of the token. During transition the token will be shipped in May with activation instructions.

Note: If you are having trouble registering, you may not have Java 1.5.10 installed. Please contact your local IT support staff for assistance.

Token Activation

Once you receive the token by post, as well as the “activation” e-mail from GO Remote Administration, activate your token.

1. Click on the link provided in the activation e-mail.

2. Enter the token serial number

▪ Enter the number engraved on the back of the token in the first two editable fields and the Activation Code (sent via e-mail) in the third field. Click Continue.

3. Set your Personal PIN

▪ Enter and confirm (re-enter) a 4 digit personal PIN that will be associated with the token.

▪ The Personal PIN entered on this page is part of the passcode that is required along with the RAS User ID (the e-mail address) for each login on the RAS “GO Remote” gateway (after the service is activated). The passcode is the personal 4 digit PIN followed by the 6-digit code displayed by the token at the time of the login. Click Continue.

4. Click the OK button to exit the activation and to access the RAS “GO Remote” gateway. The gateway allows the user to access the RAS services

For more details about VPN or PKI, visit the VPN User Guide at

Ordering RAS

To use RAS, you must have a PKI certificate, a VPN client, and be eligible for the service.

Eligibility

Appropriate approvals are required to obtain RAS/VPN. Currently this service is only available to staff in Children’s Aid Societies who have valid PKI certificates for logging into FastTrack.

Technical requirements for RAS/VPN

▪ Java runtime 1.5.0_12.

▪ New remote software client

▪ Hardware Token

▪ Windows XP, 2000

▪ Internet explorer versions 6 or 7.

How to submit a Request for Adding/Deleting Accounts

Application forms are available at fasttrack..on.ca to apply for GO Remote Access Service. Download the form and fill in all required fields.

Notes:

▪ Section 1: Include a full mailing address as the login token will be delivered by regular mail. Applicants are required to have an active GO PKI certificate (FastTrack login account).

▪ Section 2: The requestor is an agency Local PKI Registration Authority (LRA) or a Designated Site Authority (DSA).

▪ Section 3: Select the request type (creation or deletion). There is the option for dial-up service if required. Include a note about the reason/need for this service. In most cases it is used by on-call after hour’s staff or those who work off site.

When the form is complete, the LRA/DSA submits the application by email to opssd@ontario.ca or by fax to 416-246-7116 for processing. The application will be forwarded to the Children, Youth and Social Services Support Centre for approval and processing.

❖ Note: For account deletions, return the token in a padded envelope to the following address. Include your agency name and the token user’s name.

CYSSC Cluster Security Officer

5775 Yonge Street, 4th floor

Toronto, ON M2M 4J1

Using RAS

Launching RAS

Web Browser - by entering the URL of the RAS “GO Remote” gateway in a browser session. The URL is . Once the gateway is accessed it can be added to the browser’s favourites (bookmarked) for future use.

When the gateway is accessed, the sign-in page is presented. Enter the e-mail address (RAS User ID) and a valid passcode (the 4-digit personal PIN followed by the 6-digit code displayed by the token) and click on the Sign In button.

Once logged in, minimize your web browser so that you can see your desktop. You can now launch the FastTrack application. When you are finished using FastTrack and have closed the application, open the minimized login window and click on the "Sign Out" icon to return to normal access on your computer. If you happen to close the login web page before logging out of RAS/VPN, you can sign out of your remote session through a right click on the yellow "lock" icon displayed on your desktop task bar.

See the VPN User Guide for details posted on the GO Remote site at

Third-party User - Qs & As

1. What is required to use RAS?

To use RAS, you must have:

▪ PKI certificate

▪ VPN client account

▪ Java runtime 1.5.0_12.

▪ New remote software client

▪ Hardware Token

▪ Government standard Operating System - Windows XP or 2000

▪ Government standard for internet – Internet explorer versions 6 or 7.

1. What is VPN?

Within the OPS there are two VPNs:

▪ Enterprise Solution - Juniper SSL VPN gateway with authentication by RSA one-time password tokens for OPS Enterprise users,

▪ Ontario Provincial Police Dedicated Solution - Nortel IPsec VPN gateway with authentication by PKI for the OPP.

The following questions will address the Enterprise Solution as the OPP have their own unique requirements that they will handle.

[pic]

The Enterprise VPN from TELUS for the OPS is a Secure Socket Layer (SSL) VPN. Without going into a lot of technicalities, this provides an advantage over the existing IPsec VPN provided by EDS. With SSL, there is two-factor authentication – PKI and a token. You access the VPN through any Internet browser accessing a URL that will be provided to you.

How VPN works

VPNs create "virtual" point-to-point connections using a technique called "tunneling". As the name suggests, tunneling acts like a "pipe" that bores through a network cloud to connect two points. Typically started by a remote user, the tunneling process encapsulates data and encrypts it into standard TCP/IP packets, which can then safely travel across a network in this theoretical tunnel. VPN allows users to access essential internal data by ensuring that only properly configured and authenticated users can access the network data through the firewall. VPN ensures that data is secure through encryption, allowing companies to implement mobile network access and telecommuting from any Internet-enabled location.

2. I already have RAS, so what do I need to do to transition my Account?

During the RAS transition period (May-June), if you are a confirmed RAS user, you will receive an email from GO Remote Administration with a personalized URL.

You will need to use this URL to re-register and activate a token which you will receive in the mail (post).

3. Why am I not receiving Go Remote Administration e-mails?

Ensure your email filters allow Go Remote Administration emails.

Update your SPAM filter to allow e-mails from *.ontario.ca .This is to ensure that the Go Remote e-mails are not filtered out of your in box.

If you received an introductory message from the OPS IT Services Desk/Cluster but still are not receiving messages from Go Remote Admin, with the assistance of local IT support please call the OPS IT Service Desk at 1-888-677-4873 (1-888-OPS-ITSD). If you are in the GTA, please call 416-246-7171.

4. What is a token?

For secure authentication, the OPS will be using one-time password tokens. This is a device that creates a unique 6-digit random number every minute. This random number plus a four digit PIN (similar to your debit card PIN) created by the user provides strong 2-factor authentication – something you know (PIN) and something you have (random number). Without both, you cannot access the network and someone finding a lost token cannot use it.

The battery in the tokens will last for 5 years at which time they will have to be replaced.

There is an option to have the token functionality loaded onto a Blackberry and have the random number generated on the Blackberry thus saving having to carry around another device. This option will be available later as the method of distributing the Blackberry software has to be determined.

5. When will I receive a token?

During the transition period (May-June), you will receive a token in May. The delivery time is expected to be delayed due to the volume of RAS users transitioning during this period.

Following the transition period, you will receive the token in 3-5 business days subsequent to your on-line registration.

6. Now that I’m transitioned, how do I use RAS?

Bookmark the Go Remote URL . You can use this link once you are registered.

7. What if I lose my token or forget my PIN?

Once you have notified your manager and IT support staff, enter into the self administration site.

* * Note: There is a cost to replace a token and/or change your PIN.

The self-administration site can be accessed by clicking on the “Trouble logging in?” link available on the RAS “GO Remote” gateway login page at .

The site is protected and therefore the user must login with the GO PKI profile, in order to access it.

Enter your GO PKI password and click Continue.

Once authenticated the menu page of the self-administration site will be opened. The page presents the links for the functions that the user can perform to self-administer the service.

[pic]

[pic]

IMPORTANT NOTE:

a. The links presented on the page are functional only when the token / service is activated.

b. When a link on the menu is clicked the corresponding function page is opened.

c. The Logout link available on the page closes the self-administration application and terminates the GO PKI session.

d. The Help link available on the page opens the User Guide for the RAS “GO Remote” Service.

8. How do I request a replacement token?

Enter into the self administration site (see above), click on the “Token Replacement” link on the self-administration menu.

[pic]

The following activities must be performed in order successfully complete the token replacement request.

1. Confirm the address displayed on the page (from the previous token delivery) or enter a new address where the replacement token will be delivered. Ensure that the floor number and postal code fields are completed correctly.

2. Select a Replacement Reason from the dropdown box

3. Enter a temporary password (8-12 alphanumeric characters, no special characters) in the Emergency Password and Confirm Emergency Password fields. This password is valid 10 days and can be entered in the passcode field on the RAS gateway, in order to continue to use the service until the new token is activated.

4. Click on the Continue button

The Home link or the Cancel button takes the user back to the self-administration menu page.

The Help link opens the User Guide for the RAS “GO Remote” Service

Please note that there will be an additional cost for both the replacement and other services associated with RAS.

9. How do I change my PIN?

Once you have notified your manager and IT support staff, enter into the self administration site. Note: there is a cost associated with changing your PIN. Click on the Change your PIN” on the self-administration menu

[pic]

1. Enter your PIN (4 digit) in the Personal PIN and Confirm Personal PIN fields

2. Click on the Continue button

When the PIN change is successfully completed a confirmation message is displayed after which the user is redirected back to the self-administration menu page.

The Home link or the Cancel button takes the user back to the self-administration menu page.

The Help link opens the User Guide for the RAS “GO Remote” Service.

Please note that there will be an additional cost for both the replacement and other services associated with RAS.

10. What is the cost to replace a token?

A charge of $52.50 for regular service delivery of each replacement token will be billed.

11. Which staff will provide technical support for RAS or VPN issues?

Contact your local IT support staff first. They can determine if further support is required by the OPS Service Desk which is available 24/7. They can be reached by calling 1-888-677-4873 or 416- 246-7171.

12. Do I need a personal firewall for my PC?

Yes, personal firewall is mandatory software is required for each computer. It is recommended that your use an agency–issue computer when using RAS.

13. Where can I obtain more information?

▪ OPS IT Service Desk - for a copy of the software package and questions

▪ Your usual technical support staff for software package installation assistance. There might be specific guidelines created for your agency.

▪ VPN User Guide -

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download