Date Issued: Date Revised: Effective Until: POC (ORG): POC Phone: 2/1/2011 5/7/2015 Ongoing Joseph Johnston (NMD) 202-633-2761 OCIO Request Form Remote Access Request Before completing this form you must FIRST save the form to your desktop using SAVE AS. Then, open and complete the form. 1. All individuals requesting Citrix or VPN access must have a valid Smithsonian badge, associated background check, and active Smithsonian network account prior to the submission of this form. 2. Complete this form on your desktop, print it, and then obtain the required signatures (see Part 7). 3. You must return this form within 2 weeks of your initial request or your Help Desk ticket may be closed due to lack of customer response. 4. Send the signed form to the OCIO Help Desk using one of the following methods: Scan and send the form to the OCIO Help Desk at OCIOHelpDesk@si.edu. Fax the form to the OCIO Help Desk at 202-312-2828. It is not necessary to include a coversheet with the fax. To speak with the Help Desk, call x34000 (VoIP) or (202) 633-4000 (non-VoIP users). PART 1 – Introduction Smithsonian network account holders may request the ability to remotely connect to the Smithsonian network. Note that you do not have to submit this form if you only want to remotely access your Exchange e-mail account. Instead, you may access your Exchange e-mail account from any computer connected to the Internet at http://webaccess.si.edu. The Smithsonian provides 2 types of remote access: Citrix access requires client software as well as an Internet connection and an Entrust token for authentication. Citrix access will provide you with certain applications and access to certain servers. It also provides a “virtual desktop.” Virtual Private Network (VPN) access is a more complicated form of remote access than Citrix. VPN also requires client software and an Internet connection. With VPN access, you will only have access to select network resources (e.g. servers, appliances, and workstations) and you will have to know how to remotely access devices on SInet through the VPN connection. Any application that you use on your work computer should also be installed on your home computer. Important Notes/Prerequisites: Before submitting this request form: You must have a valid Smithsonian network account. If you receive IT support from OCIO and need a Smithsonian network account, complete and submit the OCIO Network/Email Account Request – NEW/CHANGE form prior to submitting this remote access request. Otherwise, contact your unit’s IT support staff for guidance on obtaining a Smithsonian network account. You must have an Internet Service Provider (ISP) account (at your own expense). You must have antivirus software installed on the client computer. (Antivirus software is available from the Smithsonian for use on non–Smithsonian issued computers. Contact the OCIO Help Desk if you need assistance with obtaining anti-virus software.) If you are requesting VPN access, you must present a business case to justify the use of VPN and your business case must be accepted by OCIO’s Network Management Division Security Operations Center (NMD/SOC) staff. Part 5 of this form includes a section for your business case. Page 1 of 6 OCIO Request Form Remote Access Request PART 2 – Person Needing Remote Access Help Desk Ticket Number: <if you know it> Date of Request: Name: Unit: Location (Country/State/Bldg/Rm. No.): Network Account: E-mail address: Phone Number: I am a Smithsonian Institution: Employee Contractor Intern Volunteer Other (Specify) PART 3 –Types of Remote Access I am requesting: New Access Modify Existing Access Remove Existing Access I am requesting the following type of remote access: Citrix Access. You must also complete Part 4, Citrix Information. VPN Access. Before you submit this form, you must first present a business case to justify the use of VPN access. You can enter your business case in Part 5, VPN Setup Information, below. VPN access to Smithsonian production network VPN access to exhibit zone only In order to install the VPN software, you will either need to download it from Prism or request a CD containing the software. Would you like a CD containing these files? Yes, provide a CD No, I can create the CD (or the equivalent) myself To access the Smithsonian network remotely via VPN or Citrix, I will be using a: (check all that apply) Personal Computer (PC) Mac Unix (Linux, SUN, BSD, etc.) – VPN only Getting Started Instructions. Once you are notified that you have Remote Access, you will need to follow the appropriate installation instructions to install the Citrix or VPN client software on your remote computer, as provided by the Help Desk. Page 2 of 6 OCIO Request Form Remote Access Request PART 4 – Citrix Information (If Applicable) Citrix Setup I would like to use the following applications from Citrix: (check all that apply) Microsoft Office (Outlook, Word, Excel, PowerPoint) Windows (File) Explorer (for accessing your files and folders 1) Internet Explorer (for Prism, **ERP, etc.) **HEAT (Help Desk Tracking Software2) SIRIS ***Microsoft Visio **Travel Manager ***Microsoft Project Other (not listed) ____________________________________________ ** Requires an Account. Before you can access these software applications you must have a valid account for each of these systems. If you need help determining how to request an account, contact the OCIO Help Desk. *** Requires License. If you choose an application marked above as requiring a license, you must submit proof that you have a license when you submit your request to the OCIO Help Desk. You may send the original or fax a copy of the license to the OCIO Help Desk at 202-312-2828. We will return the original. OCIO has the media and can install the software, but will not do so without valid proof of a license on file with the request. We recommend that you always keep a copy of any software licenses that you purchase. Citrix Special Requirements The primary purpose of the Citrix servers is to provide remote access to OCIO-supported applications. If you need access to a non-OCIO-supported application, your request will be examined on a case by case basis by OCIO’s Data Center Operations & Network Server Administration Division Manager. If approved, as in the vast majority of instances, the museum and/or group needing access to unsupported applications will need to provide software licenses and funding for contractor assistance to make the application available via the Citrix Farm. Additional details are provided in the “Getting Started with Citrix Remote Access” guide. The cost for adding an application will range from $1500 for most commercial-off-the-shelf (COTS) software to $15,000 or more for database dependent applications. Other Non-OCIO-Supported Application (Specify): Person to Contact for Details/Negotiations: Phone Number: Chartfield # (for contractor support costs): Comments: 1 Windows Explorer will provide access to files and folders on your network drives. It will not provide access to files and folders on your local computer drives (i.e. C:\ drive). 2 HEAT is the full client used by IT staff. Non-IT staff may access the self-service system by using IE and going to http://si-heatweb.si.edu/heatselfservice/blueballoon/en-us/login.asp. Page 3 of 6 OCIO Request Form Remote Access Request PART 5 - VPN Setup Information (If Applicable) Before you submit this form, you must first enter a business case to justify the use of VPN access. Type the description of your business case. The field will expand as you type. The following information is critical to properly configure your VPN access. If you do not know what to enter here, contact your local IT services/support group or the OCIO Help Desk (if OCIO provides your desktop support). We must have this information in order to create your VPN account. User Profile. Is there someone else in your unit that currently has VPN access with the same functionality that you will require? If so, provide his/her name to speed up your request turnaround time. Set up my VPN access the same as the following: <name of the other VPN User> MOST STAFF WILL BE PLACED INTO THE “VPNStaff3” CONTAINER 3 VPNStaff is for most SI employees and contractors and provides access to the majority of SInet in a manner similar to what you would have if your workstation was internally connected so SInet. VPNStaff users are prohibited from getting to certain subnets such as the Security Management Zone (SMZ), Network Management Zone (NMZ), VoIP Zone, and other areas of SInet not regularly needed to complete daily. Page 4 of 6 OCIO Request Form Remote Access Request PART 6 – Responsibilities & Conditions (Check All Applicable Boxes) I am requesting a remote access connection to the Smithsonian Institution network(s). I understand that this connection is to be used only for Smithsonian work. I understand that a remote access connection comes with a serious responsibility because it offers a potential entry point for viruses and people trying to hack into the Smithsonian network. I understand that that I am required to complete the online Computer Security Awareness Training (CSAT) within 30 days of receiving this account, and annually thereafter during each fiscal year. I understand that I am required to have current antivirus software running on any computer that I use to make the remote connection and to keep its virus definitions up-to-date. If I do not already have antivirus software on my computer, I will install the antivirus software provided by the Smithsonian. The anti-virus software I am using is: I understand that I must close the remote connection each time I am finished with my work, not simply let the connection time out. I must not let others use the computer while connected to the Smithsonian’s network. I must not leave the PC unattended while the connection is active unless I invoke a password protected screensaver. I understand that the Smithsonian and its staff are not responsible for any problems resulting from installing the software required to setup and run remote access on a non-Smithsonian computer, that the Smithsonian does not guarantee compatibility with my non-Smithsonian computer’s setup and configuration, and that I am accepting sole personal responsibility for any problems that may occur. I understand that during times of emergency and/or disasters, that OCIO and Smithsonian Management may limit access to only essential personnel. (Citrix only) I understand that I am responsible for installing the Citrix Web Client software that is required to access the Citrix servers. I understand that I am required to only use my computer for official work tasks while connected to the Smithsonian’s remote access connection (Citrix and/or VPN). I also realize that it is my responsibility to maintain a properly configured firewall to limit exposure and problems to the Smithsonian network. I agree with all of the above conditions and responsibilities of remotely accessing the Smithsonian network. Name: Signature: Date: Page 5 of 6 OCIO Request Form Remote Access Request PART 7 – Approval (Mandatory) Name of person for whom the request is being made: A. Recommended By: Supervisor of Smithsonian Employee Sponsor of Non-Smithsonian Employee Name: Signature: Date: AND B. Approved By: NOTE: Signature of the Head of your unit’s IT Services or your Unit Director is mandatory. Name: Signature: Date: For non-Smithsonian-employees only Only for requests for people who are not Smithsonian employees (e.g., contractors, volunteers, interns). The sponsor must approve the remote access request and a new form must be submitted on a yearly basis. The sponsor must be a Smithsonian employee, and preferably the COTR in the case of a contractor: I understand that I am personally responsible for notifying the OCIO Help Desk as soon as this person no longer needs remote access. I understand that if I leave this unit, or the Smithsonian, I must notify the OCIO Help Desk of this person’s new sponsor, and the new sponsor of his/her responsibility to re-submit this form with updated information. Sponsor Name: Sponsor Signature: Date: Sponsor’s E-mail Address: Sponsor’s Phone Number: Page 6 of 6