Remote Access Guidance


Technology Guide for Remote Working

Below are tips, tricks and “how‐tos” to aid our users when leveraging technology to work remotely.

General Computer Use Guidelines
  • Users should ensure their home computer systems are all up to date.
  • Follow the user guides for accessing network resources from your Windows and MacOS devices.
  • Utilize Skype as a means of communication with other employees.
  • Remember to lock your desktop before walking away from your machine, even from home.
  • Document printing at home is not authorized, and violates company policy.
  • Acceptable Use policy still applies while working remotely.
IT Issues?

The IT Service Desk is your “one-stop-shop” for all IT related issues. For a quick response, utilize the chat feature or you can complete an Incident or a Service Request on our online ServiceNow portal. If you are unable to log in, you can call (702) 295-1800. Depending on call volume you may be prompted to leave a voicemail, all voicemails will be returned in the order they were received.

Information Technology and Cyber – FAQs

How do I log in in from home?
Follow the instructions available on the corresponding tabs on this webpage.

What if I don’t have a government-issued laptop or device?
You may use your personally owned equipment to connect to your VDI. This is not permitted with the FortiClient VPN.

How do I get a computer or cellphone for home use?
Discuss your needs with your immediate manager. IT will disposition all requests in alignment with approved response plans. Employees are urged to use their personal equipment to perform job functions.

How do I turn my government-issued iPhone into a hot spot?
Instructions can be found here: https://support.apple.com/en‐us/HT204023.

Can I connect my Government Furnished Equipment (GFE) into a personal monitor or screens?
Yes.

Can I use my own mouse and keyboard with GFE?
You may use your own mouse (wired or wireless) and you may use your own wired keyboard. The use of wireless keyboards is not allowed .

How do I get a conference bridge line?
Call the Service Desk at (702) 295‐1800 or send an email to conferencebridge@nv.doe.gov.

How do I get my password unlocked?
Call the Service Desk at (702) 295‐1800.

How do I print from home?
You cannot print from home. This is considered a violation of company policy.

Can I “tether” my iPhone to my GFE for Wi-Fi?
No. Simply use your government-issued cellphone as a mobile hot spot.

Can I use my Wi‐Fi at my house?
Yes, you may connect government-issued computers to your home Wi-Fi, personal cellular hot spot or government-issued cellphone hot spot. We are temporarily allowing individuals to use their government-issued cellphones as hot spots. Employees should not connect personally owned equipment to the government-owned iPhone hot spot. We are also temporarily allowing individuals to use their government issued air cards with their personal laptops. If you do not have a government-issued cellphone, discuss your need with your immediate manager, and submit a request in Service Now as appropriate.

What about sensitive information (e.g., PII, PHI, OUO, UCNI, Company Private)?
You must still enforce need-to-know requirements for anyone you discuss or share sensitive information with. This includes anyone near you while you are working remote. Entrust must still be used when sending emails that contain sensitive information. You can chat, screen share, and collaborate on sensitive documents via Skype. Printing of any documents while working remote is NOT authorized. You may NOT discuss UCNI information over ANY unclassified phone line. You may discuss PII, PHI, OUO, or Company Private information on the phone provided you have verified that everyone on the call has a valid need-to-know.

Can I use FaceTime on my company issued iPhone or iPad?
We are temporarily allowing employees to use FaceTime on their company issued devices with the following restrictions:
  • Only approved for use while off site.
  • Only approved for use when the conversation will NOT involve CUI (OUO, PII, PHI, UCNI, etc.).
  • The FaceTime session is NOT recorded in any capacity (audio or video).

Can I use my personal computer to perform work functions?
You may use your personal computer in order to remote in via Horizon View Client.
You may not perform any work functions directly on your home computer.

Personal computers are NOT authorized for any other official business. Company documents cannot be worked on (reviewed, revised, edited, drafted, etc.) on personal computers unless the documents have first been approved for Public Release by the Classification Office. Printing at home is NOT authorized.

Can I take UCNI and/or OUO to my remote work location?
Yes, you may take it to your remote work location by following these simple rules:
  1. Place the information in an opaque envelope marked with your name and the worlds “TO BE OPENED BY ADDRESSEE ONLY.”
  2. Transport the information in your vehicle and go directly to where you are remotely working. Do not share the information with non-employees or employees who do not have the need to know.
  3. Secure the information at the end of the work day by locking it in a cabinet or brief case where it cannot be accessed by non-employees or employees who do not have the need to know.

REMINDERS:
As the NNSS continues to maximize telework, please remember the following when discussing or presenting sensitive material:
  • Personnel may use MSTS-hosted Webex or Skype to present Official Use Only (OUO), Company Private, Protected Health Information (PHI) or Personally Identifiable Information (PII).
  • Personnel may also use Skype to present documents containing Unclassified Controlled Nuclear Information (UCNI) or use the Skype “chat” feature to have a text-based discussion involving UCNI.
  • Personnel should use a phone authorized for classified (STE or ViPER) conversations if there is a need for live, real-time discussion.
  • Personnel CANNOT discuss UCNI over any unclassified phone line.
  • Personnel CANNOT use Webex to present or discuss UCNI.
If you have any security-related questions or concerns about using Webex or Skype, please contact Cyber Security at 702-295-2927 or CyberSecurity@nv.doe.gov.

Skype

Skype is our MSTS tool used for chat which helps facilitate communications for both employees on-site, at remote sites, and working from home. If you know someone’s email address at another NNSA site, you should be able to engage in a chat session with them. Skype visually captures presence information. This means you can quickly see whether someone is “Available”, “Busy”, or away from their work station. Skype is a powerful and effective tool for immediate, real-time conversations that can be used in many ways:

  • One‐on‐one chat
  • Multiple one-on-one chats (Multi-tasking)
  • Group chats

Things you can do in a chat session beyond just chat:

  • Add someone to a chat session
  • Share your desktop
  • Let someone else share their desktop
  • Send a file to all participants in the chat

Getting the most out of Skype:

  • Add individuals into Groups you create to quickly see availability
  • Create Groups for the individuals you communicate with most frequently
  • Add “Skype Meeting” to your meetings where someone will or may be remote so they can join easily and see your shared desktop for material being presented
  • Add a conference call‐in # for your meetings

Webex

Webex is a tool provided to MSTS employees to collaborate with vendors or contacts outside of the NNSS. Similar to Skype, you can utilize Webex to share your screens for a meeting in conjunction with an audio call. To obtain a Webex account, simply submit a SAR.

WebEx instructions are available here: WebEx Instructions

Telephone Information


Telephone Guidance
  • Call forwarding is available. Send an email to telephonesupport@nv.doe.gov for assistance.
  • Voicemail can be checked at any time from any location by calling (702) 295-0600 once you have completed the initial set up.
  • Employees should update their email signatures to include a telephone number they can be reached at.
  • • For improved mobile phone reception, you can use Wi‐Fi Calling provided by your phone carrier. Instructions for enabling this on your phone are available here.

Please remember that our telephone system is receiving an extremely high number of calls. To alleviate issues with the phone system, we recommend that when you receive an inbound call to a phone you have forwarded, ask the caller if they tried to reach you using your desk number. If so, please let the caller know that you will call them back directly from your alternate number. This will prevent overloading the capacity of the system and causing busy lines for others.

Conference Bridges
  • If you need a conference bridge (5-3344 number), you can request one by sending an email to conferencebridge@nv.doe.gov
  • Employees may request a WebEx account by submitting a System Account Request (SAR). Instructions for WebEx are available here.
  • IT reminds employees to exercise good conference-call etiquette and to mute your phone when you are not speaking.
Hot Spot and Air Cards
  • Employees are approved to use company iPhones as hot spots with their company issued laptops. Do not connect your personally owned computer to the hot spot on your company issued iPhone.
  • Employees are approved to use their company issued air cards with a personal or company issued device.
  • FaceTime is permitted on company issued iPhones as long as the following conditions are met:
    • Only approved for use while off site.
    • Do NOT use them if the conversation will include CUI (OUO, PII, PHI, UCNI, etc.).
    • Do NOT record the FaceTime session in any capacity (audio or video).

Remote Access Guide


Windows:

Downloading

  1. Open the following URL: https://vdi.nnss.gov or navigate to it by copy and pasting into any web browser’s address bar
  2. Click on Install VMware Horizon Client.
  3. Click on Go to Downloads and select the appropriate operating system.
  4. Click on Download and save the file to your computer.

Installation

  1. After the download has been saved to your computer, double-click the file to begin installation.
  2. Click on the Agree & Install button to proceed with installation.
  3. Wait for the installation to show a "Success!" screen. Click Finish to complete the installation.

VMware Horizon Client Application Configuration

  1. Double-click on the VMware Horizon Client icon from the desktop.
  2. After launching the application, double-click on New Server.
  3. Follow the instructions below for logging on with your Smart Badge OR RSA token.

Using Smart Badge PIV Badge

  1. Type in "vdi.nnss.gov"
  2. Insert your company issued HSPD-12 or LSSO Smart Badge into your company issued Smart Badge Reader.
  3. Click Connect.
  4. Click Accept. There may be mutiple choices of certificates.
    • For PIV (HSPD), select the certificate labeled with your name (affiliate).
    • For CIV (other), select the certificate that has your name.
  5. Click OK.
  6. You will be presented with a prompt for the PIN associated with your badge. Enter your credentials and click Login.

MacOS:

Downloading

  1. Open the following URL: https://vdi.nnss.gov or navigate to it by copy and pasting into any web browser’s address bar
  2. Click on Install VMware Horizon Client.
  3. Click on Go to Downloads and select the appropriate operating system.
  4. Click on Download and save the file to your computer.

Installation

  1. Double-click the file to begin installation. Note: This should be located in your "downloads" folder.
  2. Click the Agree button.
  3. Click and drag the "VMware Horizon Client" icon to the "Applications" folder.
    Note: If you already have an older version of this application installed, you may receive additional messages.
    Click Replace to ensure you are on the latest VMware Horizon Client.

Configuration

  1. Double-click on the VMware Horizon Client icon from the desktop.
  2. After launching the application, double-click on New Server.

Using Your RSA RSA SecureID

  1. After selecting New Server above, type in connect.nv.doe.gov.
  2. Click Connect.
  3. Click Accept and you will be prompted for your network username and RSA Passcode (8 Digit Pin + RSA token (Key Fob)). After this is entered, click Login.
  4. You will be presented with a prompt for your userame and password. Enter your credentials and click Login.

Download FortiClient from Software Center

  • Click the Start button, which is similar to the following icon: Start Icon
  • Type "Software Center" into the search box and then click Software Center.
    Software Center Image
  • In the Software Center window, search FortiClient in the top-right search field.
  • Click the Forticlient Icon, and select Install.
  • Run/Launch the FortiClient application after installation.
  • Verify the VPN name is NNSS Smart Card VPN and that your smart card is inserted into the laptop
  • Log in with your Client Certificate. (If Client Certificate says “Prompt on Connect”, follow the indented steps below)
    • For HSPD12 – Select the furthest up (Affiliate) certificate.
    • For LSSO - Select the furthest up NNSS Root CA certificate.
  • If prompted for an Address, type in pva.nnss.gov.


Logging in to FortiClient

  • Right click the Start button, which is similar to the following icon: Start Icon
  • Open "Program and Features" to check if FortiClient is installed.
    • NOTE: The FortiClient software download is only available in Software Center while logged on to the network.
  • If FortiClient is not installed, proceed to download steps above.
  • If FortiClient is installed, Run/Launch the FortiClient Application.
  • Verify the VPN name is NNSS Smart Card VPN and that your smart card is inserted into the laptop
  • Log in with your Client Certificate. (If Client Certificate says “Prompt on Connect”, follow the indented steps below)
    • For HSPD12 – Select the furthest up (Affiliate) certificate.
    • For LSSO - Select the furthest up NNSS Root CA certificate.
  • If prompted for an Address, type in pva.nnss.gov.


VDI and Remote Desktop Connection:


***Find the hostname of the physical system you wish to access before working remotely!

  1. Click the Start button, which is similar to the following icon: Start Icon
  2. Launch Search, type in cmd and then click Command Prompt.
  3. Type hostname and press Enter/Return key.
  4. The Computer Name will be displayed.

ENSURE THE PHYSICAL WORKSTATION IS POWERED ON BEFORE YOU LEAVE THE OFFICE.

Once connected to a VDI from a remote location, open Remote Desktop Connection.

  1. Click the Start button, which is similar to the following icon: Start Icon
  2. Launch Search, type in Remote Desktop Connection and then click on Remote Desktop Connection.
  3. Expand Show Options, and type in your Computer Name in the Computer field.
  4. Select Connect.
  5. Windows Security box will populate with Smart Card Credentials information
  6. Enter the PIN for your Smart Card
  7. Click OK.