[Ace] Two-Factor Email - Please Comment

Anthony Cuffe cuffe at jlab.org
Tue Sep 30 10:15:41 EDT 2014 

Colleagues,

I would like to send an email warning about the impending two-factor cut-over and wanted to send a first draft for comment.

=========================

Accelerator Users,

At the end of October, access to Accelerator computers (opsl00, devl00, etc..) and other accelerator subnets from the general Jlab network and from your home will
require two-factor authentication.  This is a cybersecurity requirement imposed not only on the Accelerator environment but also on other enclaves such as the Halls.

Two-factor authentication requires you to have a so-called crypto-token, i.e. a small physical device or a smartphone application that generates a temporary password for you. The temporary password, combined with a PIN you know, allows you to log into our gateway computer acclogin.jlab.org, from which you can directly access the accelerator networks.

This change only affects incoming connections to the accelerator networks (e.g. office/home -> opsll). If you on-site using one of the Accelerator systems
or connected to one of the Accelerator systems remotely, you do not need the token to connect to other accelerator computers or to destinations outside of the Accelerator
networks (e.g. opsll -> office). In other words, within the Accelerator Computing Environment everything will work exactly as before.

If you need to access Accelerator systems remotely and do not already have a crypto-token, please file an ACE-PR and select "ACE- CryptoCard" and request a CrytoCard token.  Please indicate
whether you would prefer to have a smartphone app or a hardware key for this function.  It might take several days to fulfill these requests, so plan ahead.  If you choose a hardware key, you will need to pick up the crypto key in person from one of the Accelerator computing group staff.  Alternately, if the help desk is more convient for your location you can file a CCPR with the same request.

If you would like to read more about crypto-cards, the smartphone app or would like to see the updated procedures for access Accelerator systems, please visit our remote access page.

How to Access Accelerator Systems Remotely:
-------------------------------------------
https://devweb.acc.jlab.org/twiki/bin/view/UserSupport/HowToRemoteAccess

In short, you need a crypto-card and you need to start using acclogin.jlab.org as a gateway to Accelerator systems (at home and from Jlab networks).

Thank you,

Anthony Cuffe
Accelerator Computing Group

=======================






-- 
+-------------------------+
| Anthony Cuffe           |
| voice  : 757 269-6213   |
| e-mail : cuffe at jlab.org |
+-------------------------+

More information about the Ace mailing list