Note that this account is separate from any other account you have at Penn, including your UPHS account.

You need an account on the cluster to access it.

To get an account:

• email us, the administrators
• include your cell phone # for passwords
• IMPORTANT tell us whether you need to join an existing linux group for your lab and use its shared data dir, or if need your own data dir
• CC your PI and ask him or her to approve your account. If your PI is not sure about joining the cluster, contact John Detre and review the wiki page on cluster billing.

With this account you can access the cluster from any computer on the UPHS Network (aka HUPnet), and from anywhere else using VPN (see below).

The cluster resides on the UPHS Network (aka HUPnet or 'hospital network'). This network is separate from the main network on Penn's campus, called PennNet.

The wi-fi network for UPHS is called PennMedicine or UPHSFast. For PennNet, it's called AirPennNet.

Since the cluster resides on the UPHS Network, you have to be connected to the UPHS Network (either through a direct wired connection at your desk, or via the wi-fi network, or using VPN from any other network) before you can access the cluster - see below.

Depending on where you are, the wired network connection at your desk may be to UPHS Network or to PennNet. Or there may be one port for each. If you can get to the cluster without creating a VPN connection, you're on UPHS Network.

Ask your colleagues if they know what the situation is, and who the admin/network contact is for your building.Or you can call the UPHS Service Desk: 215-662-7474

The UPHS network wireless network is called PennMedicine (or UPHS-Fast - the old name). You will need a UPHS Network account to use this. The PennNet wireless network (more common all across campus) is called AirPennNet. If you use this, you'll need to create a VPN connection to get to the UPHS Network, and then to our cluster.

If you follow the instructions for logging in and get an error like

ssh: Could not resolve hostname chead: nodename nor servname provided, or not known

it most like means you are not connected to the UPHS Network. See below.

1. If your PI is a physician/MD at School of Medicine / UPHS:
   1. Have your BA or someone else with UPHS network access go here: http://uphsnet.uphs.upenn.edu/hr8888/ to start the process.
2. Otherwise, if your PI is not a physician/MD, Margaret Ryan has the form to fill out and can let you know of sponsorship options - ryanm@mail.med.upenn.edu
3. For both cases:
   1. You SS# is only needed if you need 'epic' access, which you probably don't need.
   2. Mention that you'd also like VPN access, since VPN access has to be added explicitly to a new UPHS account.
   3. Mention that you need to be added to the AD Security Group for Employee Exception VPN, and include the type of OS you use (Mac, Win, Linux, or any combination of these). This allows you to use VPN from a machine that's not managed by UPHS.
   4. you MUST have your PI act as the approver/sponsor for the application, including for VPN

See below and contact UPHS Service Desk.

If you have a username@pennmedicine.upenn.edu email address, this is a School of Medicine account and not a UPHS account. It's confusing, because UPHS uses the term “Pennmedicine” for its wifi network and for the penmedaccess domain to access UPHS services. I know, why couldn't the School of Medicine have just called their domain medschool or something else?

UPHS uses a tool called Duo to provide two-factor authentication for logging in to UPHS systems, whether it's VPN or other services. Generally you'll use your cell phone for this.

To register for Duo you can open a web browser and access https://pennmedaccess.uphs.upenn.edu Login with your UPHS network username and password and the registration process will kick off.

If the above link doesn't work to show you how to set up Duo, click on “Connect your UPHS device to the penn vpn” on this page: http://www.uphs.upenn.edu/network/

VPN (Virtual Private Connection) is a tool that let's you connect securely to a private network from outside the network. In this case, it means connecting to the UPHS Network from somewhere 'outside' the UPHS network, such as home or PennNet. You'll use your UPHS Network account name and password to connect via VPN (note that this is different than your CfN cluster username and password). Once you're connected, everything (except the speed!) will be like you're directly connected to the UPHS network on campus.

After you have your UPHS account with VPN privileges (see above), go here to download the client for Mac or Windows.

NOTE on connectivity issues

If the BIG-IP VPN client says you're connected but you can't get to chead, and/or can't get to the wider internet, try disconnecting the VPN client and connecting again. Also, try switching between a wired and wireless network connection, and then reconnect the VPN client. For me (Michael), the client works at home on my wifi, but not if I'm wired in to the router (even though the wifi goes through the same router - go figure).

1/3/2018 - The linux client does not support Duo for authentication. There's no expected availability date for that, although UPHS says it's on their list.

If you get the error code FD0001 when connecting with BIG-IP, it's an installation problem on Windows. Download the 0417.txt.zip file, RENAME IT TO REMOVE the .zip EXTENSION, and put it in your C:\Windows folder. Then restart BIG-IP.

If you want to use VPN from a machine that is not managed by UPHS, you must have your UPHS username added to the OS- appropriate “AD Security Group for Employee Exception VPN”. This tells the UPHS VPN system to allow your username to use the VPN clients from machines that are not managed by UPHS. Most machines used by CfN users, i.e. your own laptop or desktop, are not managed by UPHS.

Email the admins (admin@cfn.med.upenn.edu) with this info:

1. Your UPHS username (not your CfN Cluster username). This is the username you use for logging in to UPHS email and VPN clients.
2. Will you use Windows RDP (Remote Desktop) over VPN to access a Windows system on the network?
3. What OS is on your machine that you will you use VPN from? (Mac / Windows / Linux - more than one is allowed)

You may be able to login to UPHS email, but when you start the VPN client and make it through the Duo two-factor auth process, you then get an error saying you're not authorized for the service. This means you're not properly on the “Employee Exception VPN”, for example if you're running VPN on Windows when you initially signed up for VPN using Mac. Let the CfN admins know.

NOTE that with the VPN logins, you need to use full domain names to access servers. That means you need, for example:

ssh <username>@chead.uphs.upenn.edu

If you're having trouble, make sure your UPHS network account is enabled for VPN access. Especially if you've had your account already and didn't just set it up through Margaret. You can check with the UPHS service desk, see below.

CfN admin can't help you with issues directly related to your UPHS network account, e.g. if you can't connect or have forgotten your password.

NOTE that if you're able to login, but are told you're not authorized when you run a VPN client, see above under “Employee Exception VPN”

To get help:

UPHS Service Desk
215-662-7474

Support Ticket creation and management:
https://uphsnet.uphs.upenn.edu/athenaselfservice/#/services

UPHS Intranet:
http://uphsxnet.uphs.upenn.edu/home/

Connecting to VPN and UPHS apps:
http://www.uphs.upenn.edu/network/

Please see here.