Date Issued:
Date Revised:
Effective Until:
POC (ORG):
POC Phone:
2/1/2011
5/7/2015
Ongoing
Joseph Johnston (NMD)
202-633-2761
OCIO Request Form
Remote Access Request
Before completing this form you must FIRST save the form to your desktop using SAVE AS. Then,
open and complete the form.
1. All individuals requesting Citrix or VPN access must have a valid Smithsonian badge, associated
background check, and active Smithsonian network account prior to the submission of this form.
2. Complete this form on your desktop, print it, and then obtain the required signatures (see Part 7).
3. You must return this form within 2 weeks of your initial request or your Help Desk ticket may be
closed due to lack of customer response.
4. Send the signed form to the OCIO Help Desk using one of the following methods:


Scan and send the form to the OCIO Help Desk at OCIOHelpDesk@si.edu.
Fax the form to the OCIO Help Desk at 202-312-2828. It is not necessary to include a
coversheet with the fax.
To speak with the Help Desk, call x34000 (VoIP) or (202) 633-4000 (non-VoIP users).
PART 1 – Introduction
Smithsonian network account holders may request the ability to remotely connect to the Smithsonian
network. Note that you do not have to submit this form if you only want to remotely access your Exchange
e-mail account. Instead, you may access your Exchange e-mail account from any computer connected to
the Internet at http://webaccess.si.edu.
The Smithsonian provides 2 types of remote access:

Citrix access requires client software as well as an Internet connection and an Entrust token for
authentication. Citrix access will provide you with certain applications and access to certain
servers. It also provides a “virtual desktop.”

Virtual Private Network (VPN) access is a more complicated form of remote access than Citrix.
VPN also requires client software and an Internet connection. With VPN access, you will only
have access to select network resources (e.g. servers, appliances, and workstations) and you will
have to know how to remotely access devices on SInet through the VPN connection. Any
application that you use on your work computer should also be installed on your home computer.
Important Notes/Prerequisites:
Before submitting this request form:

You must have a valid Smithsonian network account. If you receive IT support from OCIO
and need a Smithsonian network account, complete and submit the OCIO Network/Email
Account Request – NEW/CHANGE form prior to submitting this remote access request.
Otherwise, contact your unit’s IT support staff for guidance on obtaining a Smithsonian network
account.

You must have an Internet Service Provider (ISP) account (at your own expense).

You must have antivirus software installed on the client computer. (Antivirus software is
available from the Smithsonian for use on non–Smithsonian issued computers. Contact the OCIO
Help Desk if you need assistance with obtaining anti-virus software.)

If you are requesting VPN access, you must present a business case to justify the use of
VPN and your business case must be accepted by OCIO’s Network Management Division
Security Operations Center (NMD/SOC) staff. Part 5 of this form includes a section for your
business case.
Page 1 of 6
OCIO Request Form
Remote Access Request
PART 2 – Person Needing Remote Access
Help Desk Ticket Number: <if you know it>
Date of Request:
Name:
Unit:
Location (Country/State/Bldg/Rm. No.):
Network Account:
E-mail address:
Phone Number:
I am a Smithsonian Institution:
Employee
Contractor
Intern
Volunteer
Other (Specify)
PART 3 –Types of Remote Access
I am requesting:
New Access
Modify Existing Access
Remove Existing Access
I am requesting the following type of remote access:
Citrix Access. You must also complete Part 4, Citrix Information.
VPN Access. Before you submit this form, you must first present a business case to justify the
use of VPN access. You can enter your business case in Part 5, VPN Setup Information, below.
VPN access to Smithsonian production network
VPN access to exhibit zone only
In order to install the VPN software, you will either need to download it from Prism or request a CD
containing the software. Would you like a CD containing these files?
Yes, provide a CD
No, I can create the CD (or the equivalent) myself
To access the Smithsonian network remotely via VPN or Citrix, I will be using a: (check all that
apply)
Personal Computer (PC)
Mac
Unix (Linux, SUN, BSD, etc.) – VPN only
Getting Started Instructions. Once you are notified that you have Remote Access, you will need to
follow the appropriate installation instructions to install the Citrix or VPN client software on your remote
computer, as provided by the Help Desk.
Page 2 of 6
OCIO Request Form
Remote Access Request
PART 4 – Citrix Information (If Applicable)
Citrix Setup
I would like to use the following applications from Citrix: (check all that apply)
Microsoft Office
(Outlook, Word, Excel, PowerPoint)
Windows (File) Explorer
(for accessing your files and folders 1)
Internet Explorer (for Prism, **ERP, etc.)
**HEAT (Help Desk Tracking Software2)
SIRIS
***Microsoft Visio
**Travel Manager
***Microsoft Project
Other (not listed) ____________________________________________
** Requires an Account. Before you can access these software applications you must have a valid
account for each of these systems. If you need help determining how to request an account, contact the
OCIO Help Desk.
*** Requires License. If you choose an application marked above as requiring a license, you must
submit proof that you have a license when you submit your request to the OCIO Help Desk. You may
send the original or fax a copy of the license to the OCIO Help Desk at 202-312-2828. We will return the
original. OCIO has the media and can install the software, but will not do so without valid proof of a
license on file with the request. We recommend that you always keep a copy of any software licenses that
you purchase.
Citrix Special Requirements
The primary purpose of the Citrix servers is to provide remote access to OCIO-supported
applications. If you need access to a non-OCIO-supported application, your request will be
examined on a case by case basis by OCIO’s Data Center Operations & Network Server
Administration Division Manager.
If approved, as in the vast majority of instances, the museum and/or group needing access to
unsupported applications will need to provide software licenses and funding for contractor assistance to
make the application available via the Citrix Farm. Additional details are provided in the “Getting Started
with Citrix Remote Access” guide. The cost for adding an application will range from $1500 for most
commercial-off-the-shelf (COTS) software to $15,000 or more for database dependent applications.
Other Non-OCIO-Supported Application (Specify):
Person to Contact for Details/Negotiations:
Phone Number:
Chartfield # (for contractor support costs):
Comments:
1
Windows Explorer will provide access to files and folders on your network drives. It will not provide
access to files and folders on your local computer drives (i.e. C:\ drive).
2 HEAT is the full client used by IT staff. Non-IT staff may access the self-service system by using IE and
going to http://si-heatweb.si.edu/heatselfservice/blueballoon/en-us/login.asp.
Page 3 of 6
OCIO Request Form
Remote Access Request
PART 5 - VPN Setup Information (If Applicable)
Before you submit this form, you must first enter a business case to justify the use of VPN
access.
Type the description of your business case. The field will expand as you type.
The following information is critical to properly configure your VPN access. If you do not know what
to enter here, contact your local IT services/support group or the OCIO Help Desk (if OCIO provides your
desktop support). We must have this information in order to create your VPN account.
User Profile. Is there someone else in your unit that currently has VPN access with the same
functionality that you will require? If so, provide his/her name to speed up your request turnaround time.
Set up my VPN access the same as the following: <name of the other VPN User>
MOST STAFF WILL BE PLACED INTO THE “VPNStaff3” CONTAINER
3
VPNStaff is for most SI employees and contractors and provides access to the majority of SInet in a
manner similar to what you would have if your workstation was internally connected so SInet. VPNStaff
users are prohibited from getting to certain subnets such as the Security Management Zone (SMZ),
Network Management Zone (NMZ), VoIP Zone, and other areas of SInet not regularly needed to
complete daily.
Page 4 of 6
OCIO Request Form
Remote Access Request
PART 6 – Responsibilities & Conditions (Check All Applicable Boxes)
I am requesting a remote access connection to the Smithsonian Institution network(s). I understand
that this connection is to be used only for Smithsonian work.
I understand that a remote access connection comes with a serious responsibility because it offers a
potential entry point for viruses and people trying to hack into the Smithsonian network.
I understand that that I am required to complete the online Computer Security Awareness Training
(CSAT) within 30 days of receiving this account, and annually thereafter during each fiscal year.
I understand that I am required to have current antivirus software running on any computer that I use
to make the remote connection and to keep its virus definitions up-to-date. If I do not already have
antivirus software on my computer, I will install the antivirus software provided by the Smithsonian.
The anti-virus software I am using is:
I understand that I must close the remote connection each time I am finished with my work, not simply
let the connection time out. I must not let others use the computer while connected to the
Smithsonian’s network. I must not leave the PC unattended while the connection is active unless I
invoke a password protected screensaver.
I understand that the Smithsonian and its staff are not responsible for any problems resulting from
installing the software required to setup and run remote access on a non-Smithsonian computer, that
the Smithsonian does not guarantee compatibility with my non-Smithsonian computer’s setup and
configuration, and that I am accepting sole personal responsibility for any problems that may occur.
I understand that during times of emergency and/or disasters, that OCIO and Smithsonian
Management may limit access to only essential personnel.
(Citrix only) I understand that I am responsible for installing the Citrix Web Client software that is
required to access the Citrix servers.
I understand that I am required to only use my computer for official work tasks while connected to the
Smithsonian’s remote access connection (Citrix and/or VPN). I also realize that it is my responsibility
to maintain a properly configured firewall to limit exposure and problems to the Smithsonian network.
I agree with all of the above conditions and responsibilities of remotely accessing the
Smithsonian network.
Name:
Signature:
Date:
Page 5 of 6
OCIO Request Form
Remote Access Request
PART 7 – Approval (Mandatory)
Name of person for whom the request is being made:
A. Recommended By:
Supervisor of Smithsonian Employee
Sponsor of Non-Smithsonian Employee
Name:
Signature:
Date:
AND
B. Approved By:
NOTE: Signature of the Head of your unit’s IT Services or your Unit Director is mandatory.
Name:
Signature:
Date:
For non-Smithsonian-employees only
Only for requests for people who are not Smithsonian employees (e.g., contractors, volunteers, interns).
The sponsor must approve the remote access request and a new form must be submitted on a yearly
basis. The sponsor must be a Smithsonian employee, and preferably the COTR in the case of a
contractor:
I understand that I am personally responsible for notifying the OCIO Help Desk as soon as this
person no longer needs remote access.
I understand that if I leave this unit, or the Smithsonian, I must notify the OCIO Help Desk of this
person’s new sponsor, and the new sponsor of his/her responsibility to re-submit this form with
updated information.
Sponsor Name:
Sponsor Signature:
Date:
Sponsor’s E-mail Address:
Sponsor’s Phone Number:
Page 6 of 6