PHS-Windows Server

 

1. Introduction

2. Two-Factor Authentication: Duo Mobile

  • Smartphone/Mobile phone registration

3. PHS-Win Server Access for Windows Machines

  • Installation of the Stanford VPN (Virtual Private Network)
  • Installation of Remote Desktop

4. PHS-Win Server Access for Mac Machines

  • Installation of the Stanford VPN (Virtual Private Network)
  • Installation of Remote Desktop

5. Logging out

6. How to get help

 

1. Introduction

 

What are the PHS-Windows Servers?

The PHS-Windows servers form a cluster of powerful computers where programs like SAS, Stata, R, Matlab, and other analysis tools are available to all users remotely. After connecting to a server in the cluster, users have access to licensed software tools and shared published data from other collaborators. The cluster serves as a central repository for all PHS-acquired research data, and it allows for more efficient data management as well as increased data security.  You access the cluster using the name phs-windows and are connected either to the system from which you disconnected and still have work running, or to the least loaded system at the time.

Why should I use it?

PHS-Windows allows all researchers to take advantage of significant computing capabilities currently unavailable on most personal computers. It also improves the security of the research datasets which is becoming more important to funders and organizations with which we have Data Use Agreements.

How to use PHS-Windows

You will access the server from your Windows or Mac machine by using a few new programs:

  1. Two-factor authentication program called Duo Mobile
  2. A security network connection (VPN) software package
  3. A remote desktop package.  

Basic Workflow:

Depending on your computer, you may need your IT department to install these programs or required updates if you do not have administrative rights. You need to configure Duo Mobile authentication using their auto-push, install the Stanford VPN and Remote Desktop Connection to connect to the system.  You may also use SSH to connect an SFTP client to transfer files, but this is optional.

 

PLEASE NOTE: As stated in the Data Use Agreement you signed and submitted to PHS, data and documentation must stay securely stored on PHS-approved machines. At this time, you are permitted to transfer aggregated data tables only from PHS-Win to your own computer.

 

2. Two-factor Authentication: Duo Mobile

 

Two-Factor Authentication: Configuring Duo-Autopush

 

Stanford uses Duo for two factor authentication.  In order to logon to the PHS-Win system, you must first configure autopush. Autopush automatically pushes a Duo prompt to your default device. We strongly recommend your default device to be a smartphone. If that is not possible, use a tablet. Barring those options, the best option will be a phone near your work area.

To configure:

1. Open a browser on your computer and visit the Stanford Accounts Application

2. Click Manage.

 

3. Click the Two-Step Auth tab.

 

4. If this is the first time you are setting up your two-step authentication, click Enable. If you already have a device set up, a page showing your two-step authentication devices displays. Click Device options and then Add a device. 

 

 

5. On the Setup a new device page, make a device selection. 

 

 

6. Enter your phone number, assign a name to this device, and click continue. If this is not your first device, you will be given the option to change your default device. If you are not using a Smart Phone with Duo, click Done and you are ready to test. Smart Phone users continue to step #9.  

 

PLEASE NOTE: If your phone has an international number, click the international number link to see whether two-step authentication supports phone calls and SMS text messages to that country. 

 

 

7. Next, you are presented with the opportunity to get Duo Mobile.

8. Recommended: Click Yes, I want to use Duo Mobile so you can activate push notifications.

 

 

9. If you choose to install Duo Mobile now, go to the app store on your device and search for Duo Mobile. (Clicking the icon for your platform takes you there.) After you have installed it, click I have the app.

 

 

10. Activate Duo mobile on your smartphone by choosing one of three options:

a. Open the Duo Mobile app on your smartphone and tap the “+” in the upper right corner. Then, point your camera at the QR code displayed and tap Scan Barcode.

b. Visit the URL at the bottom of the page with your smartphone. The URL opens inside the Duo Mobile app.

c. Click Send the activation URL above to your smartphone as an SMS  text message and then tap the link in the message or copy it to your browser.

PLEASE NOTE: Do NOT use the following sample barcode to set up your phone.  It will not work. You will get a unique barcode when you set up your Smartphone starting from the Accounts app.

 

 

11. Click continue when your account has been added to Duo Mobile.

12. If you  want to make your smartphone your default device, click Yes, make <my device> my default. If you do not want your smartphone to be your default device, click No, I’ll keep <my current default device> as my default. 

 

 

13. If you made your smartphone your default device, you need to choose a default method. All methods are available but the login page presents your default method first. 

PLEASE NOTE: If you did not install and activate Duo Mobile, the only methods available is phone call.

 

 

14. A message saying that you have successfully set up your device displays. Click Done to exit.

 

 

 

Authenticate

 

Since March 30 2018, the two-step authentication login has been updated. For more information, click here

  • Duo app – push notification (recommended) — a push notification is sent to the device, and you can review the request and tap Approve to authenticate. Internet or cellular access is required to use this method.
  • Phone call — you receive an automated phone call  that requires you to press any key to authenticate.

Visit the University IT site for the latest information around setting up your smartphone.

 
back to top

3. PHS-WIN SERVER ACCESS FOR WINDOWS MACHINES:

Install the VPN client

 

1. Go to su-vpn.stanford.edu to download the Cisco AnyConnect VPN client.

2. When the login screen is displayed, select the Group:

Default Stanford split-tunnel: access to anything at stanford.edu is via the VPN connection but non-Stanford traffic flows normally on an unencrypted internet connection. Full traffic non-split-tunnel: all internet traffic flows through the VPN connection.

3. Enter your SUNet ID and Password and then click Login. (You can ignore the Group field here; this is set when you connect to the VPN.)

 

 

4. Click Continue to connect to the Stanford Public VPN service.

 

 

5. The Cisco AnyConnect VPN client requires a Java or ActiveX plug-in, depending on your browser,  to  install automatically. If the web-based installation is unsuccessful, click the link provided in the window.

 

 

6. If you are doing a manual installation, download and run the installer file. 

 

 

7. When the Setup Wizard starts, click Next to continue.

 

 

8. Accept the terms in the license agreement and click Next.

 

 

9. Click Install to start the installation.

 

 

10. Click Finish to complete the installation and exit the Setup Wizard.

 

 

Connect to the Stanford VPN

 

1. Launch the VPN client:

  • Windows 7: Click the Start button. If you don’t see Cisco AnyConnect Secure Mobility Client in the list of programs,  navigate to All Programs >Cisco > Cisco AnyConnect Secure Mobility Client. Click Cisco AnyConnect Secure Mobility Client.
  • Windows 8.1/10:  On the Start screen, click the down arrow in the bottom-left corner of  the screen to access your installed apps. Double-click Cisco AnyConnect Secure Mobility Client.

2. When prompted for a VPN, enter su-vpn.stanford.edu and then click Connect.

 

 

3. Enter the following information and then click OK:

  • Group: select Default Stanford split- tunnel (non-Stanford traffic flows normally on an unencrypted internet connection) or Full Traffic non-split-tunnel (all internet traffic flows through the VPN connection)
  • Username: your SUNet ID
  • Password: your SUNet ID password

 

 

4. Next, the prompt for two-step authentication displays.

5. Enter a passcode or enter the number that corresponds to another option (in this example, enter 1 to authenticate using Duo Push).  You may have to scroll down the list to see all of your options. Then click Continue.

6. We recommend that you do not select phone call to your smartphone for your second factor. This method has not been consistently reliable during testing. You can, however, use a landline such as your office phone for authentication. 

 

 

7. If your only registered authentication method is printed list, hardware token, or Google Authenticator, the menu does not display. Enter a passcode in the Answer field and click Continue.

8. You may see a truncated menu if you  have multiple two-step devices enabled. Enter a passcode or choose a second factor from the options provided (in this example, enter push1 to authenticate using Duo Push).  Then click Continue.

PLEASE NOTE: It may take a bit of trial and error to associate secondary factors with devices. 

 

 

9. Click Accept to connect to the Stanford Public VPN service. 

 

 

10. Once the VPN connection is established, the Cisco Anyconnect icon with a small lock appears in the notification area in the lower-right corner of your screen. (You many need to click the arrow to show hidden icons to see it.)

 

Disconnect from the Stanford VPN

 

  1. In the notification area, click the Cisco AnyConnect icon with a small lock.
  2. At the prompt, click Disconnect.

 

Install Remote Desktop Windows

 

1. Windows comes with a Remote Desktop Connection client already installed! No need to install any additional software here.

2. To launch Remote Desktop open the start menu and in the search bar type ‘remote desktop’ and you should see the ‘Remote Desktop Connection’ program at the top of the list. 

 

 

3. Click on ‘Remote Desktop Connection’ to launch the program.

 

4. Enter ‘phs-windows.stanford.edu’ into the ‘Computer’ field, and click the Connect button. 

 

5. Enter ‘win\SUNetID’ for the ‘User Name’ and your SUNetID password then click ‘OK’ or press enter. 

 

 

6. Click ‘OK’ to agree that you understand the ‘Computer and Network Policy’. 

 

 

7. Next you will see the screen shown below while the system is waiting for your Two Factor Authentication to be sent and accepted.

8. Within a few seconds of accepting the Two Factor Authentication prompt on your default device, you will be connected to a phs-windows server.

9. Based on your data request application, you will have access to the specific datasets located in the S: drive. Launch your favorite program, and enjoy! 

 

Logging Out

 

When logging out and terminating your session, it is important to save your work, close all of your programs, and log off so that no old sessions get leftover on the server.

  1. Click the start menu in the bottom right corner of the desktop. 
  2. In the top right corner, click your login name and select “Sign Out” from the dropdown menu.

 

       

 

back to top
 

4. PHS-WIN SERVER ACCESS FOR MAC MACHINES:

 

Install the VPN Client

 

1.Go to su-vpn.stanford.edu to download the Cisco AnyConnect VPN client. Make sure to choose Cisco AnyConnect for Mac. Follow the instructions. 

 

 

Connect to the VPN

 

1. Launch the VPN client:

a. From the dock: click the Cisco icon. 

 

b. From the menu bar:  On the Start screen, click the Cisco icon in the top-right corner of the screen. Click connect. 

 

c. Open applications in the Finder, and click the Cisco icon.

 

2. When prompted for a VPN, enter su-vpn.stanford.edu and then click Connect. 

 

 

3. Enter the following information and then click OK:

  • Group: select Default Stanford split- tunnel (non-Stanford traffic flows normally on an unencrypted internet connection) or Full Traffic non-split-tunnel (all internet traffic flows through the VPN connection)
  • Username: your SUNet ID
  • Password: your SUNet ID password

 

 

4. Next, the prompt for two-step authentication displays. Complete 2-step authentication via one of 2 methods (you may have to scroll down the list to see all of your options):

a. Enter a passcode, or

b. Enter the number that corresponds to another option (in this example, enter 1 to authenticate using Duo Push). Then click Continue.

5. We recommend that you do not select phone call to your smartphone for your second factor. This method has not been consistently reliable during testing. You can, however, use a landline such as your office phone for authentication. 

 

 

6. If your only registered authentication method is printed list, hardware token, or Google Authenticator, the menu does not display. Enter a passcode in the Answer field and click Continue.

7. You may see a truncated menu if you  have multiple two-step devices enabled. Enter a passcode or choose a second factor from the options provided (in this example, enter push1 to authenticate using Duo Push).  Then click Continue.

PLEASE NOTE: It may take a bit of trial and error to associate secondary factors with devices.

8. Click Accept to connect to the Stanford Public VPN service. 

 

 

9. Once the VPN connection is established, the Cisco Anyconnect icon with a small lock appears in the notification area.

 

Disconnect from the Stanford VPN

 

  1. In the notification area, click the Cisco AnyConnect icon with a small lock.
  2. At the prompt, click Disconnect. 

 

Installing Remote Desktop

 

1. Open the App store on your Mac. Make sure to switch to the US Apple Store.

2. Search for the ‘Microsoft Remote Desktop 10’ program. And click install. 

 

 

3. Follow on-screen prompts, log in to your apple account if necessary, and open the program once the install is complete.

4. Open Microsoft Remote Desktop Connection. Select “New” and input the following information.

5. Enter ‘win\SUNetID’ for the ‘User Name’ and your SUNetID password then click ‘OK’ or press enter.

 

 

 

6. Close the window. You only need to fill it out the first time. Each additional time you open the application, click on the icon, and open the icon and open a new session.

7. Highlight ‘Windows Server’ and select “Start” from the top of the menu:

 

 

 

8. Select OK and you will receive an auto-authentication from Duo. Please approve on your smartphone or tablet.

 

 

 

 

9. The Duo application appears on the screen until the Duo Push is approved.

 

 

 

 

10. You should now be logged onto the server.

 

 

 

 

11. Based on your data request application, you will have access to the specific datasets located in the S: drive. Launch your favorite program, and enjoy!

 

 

 

5. Logging Out

 

When logging out and terminating your session, it is important to save your work, close all of your programs, and log off so that no old sessions get leftover on the server.

1. Click the start menu in the bottom left corner of the desktop.

2. In the top right corner, click your login name and select “Sign Out” from the dropdown menu.

 

6. How to get help

 

  • Technical assistance – email phs-computing@stanford.edu.  Please include as much information as possible (you desktop or laptop operating system, your version of Microsoft Remote Desktop software, a screenshot showing the problem you have encountered, etc).
  • Data access or anything else related to PHS policies – email phsdatacore@stanford.edu
  • SIGN UP HERE for PHS Data Core Office Hours

 

PHS Data Core Office Hours: Please check our website for the most up to date schedule and to ensure there are no cancellations. 

 


back to top