Connecting to CERN from the Internet
CERN Single Sign-On
The remote access to a variety of restricted CERN web services and CERN web sites is protected by the CERN Single Sign-On portal (CERN SSO) and requires a valid CERN account and password. CERN SSO can be identified in the URL bar of your browser by starting with "https://login.cern.ch" (right image: the old SSO) or "https://auth.cern.ch" (right image: the new SSO):
Occasionally, a warning message is displayed on top of the grey "Sign in with your CERN account" box. If you see this pages hosted elsewhere than at https://login.cern.ch or https://auth.cern.ch, or if you happen to see a variation of this page, eventually with typos or missing images, please be careful. This might be a fake SSO page aimed to steal your CERN password. Please report those to us at Computer.Security@cern.ch.
In order to access your CERN mailbox use the Web based client, Outlook Web Access (OWA), or configure your email client to use IMAPS or POPS (IMAP/POP over SSL).
If your Internet Service Provider restricts email access to TCP port 25/SMTP then you can configure your email client to use the CERN SMTP servers on TCP port 2525 (with TLS, authentication required).
Configuration details for the CERN mail services are at http://mmm.cern.ch.
Interactive Sessions
For an interactive session on Windows (NICE) use the Windows Terminal Services. Users would just need the Windows Terminal Services client (coming with most Windows distributions), the Linux "Rdesktop" client or the MacOS Terminal Services client, respectively.
For an interactive Linux session use SSH to connect to LXPLUS.
The Terminal Servers and LXPLUS can also be used to access computers blocked by the CERN firewall, either by using the higher performance Remote Desktop Gateway service or by tunneling through LXPLUS. Note that Remote Desktop Service and SSH, respectively, must be enabled on the destination computer at CERN.
Internal Web Servers, Journals & Licensed Software
For access to internal CERN Web servers, to journals and publications requiring a CERN IP address, or to other special applications installed on dedicated servers, use either the Windows Terminal Services or open a browser on LXPLUS.
For licensed software, you must first ensure that you have a valid licence to use the software from outside CERN. Licences for specialized tools and products (e.g. Mathematica) are not generally valid off-site. For the most common desktop products however (e.g. Microsoft Office) CERN has negotiated licence conditions which permit the installation of these products on either a laptop or a home PC as well as on the CERN desktop. For more details on software licensing, see http://cern.ch/Software-Licences.
File Exchange
The standard remote access is through CERNbox. For dedicated access to the NICE DFS file system, use WebDAV (Web Distributed Authoring and Versioning) which provides a Web interface to DFS files and folders (see https://dfs.cern.ch). Alternatively, you can transfer files to a Windows Terminal Services session, e.g. by redirecting your local drive.
Linux users are recommended to use AFS or to connect to LXPLUS and use SFTP.
Printing
You can access printers at CERN from the Windows Terminal Services (WTS) or the LXPLUS Service.
Other Applications
Many other applications can be tunneled inside SSH from Windows, Linux and other platforms.
In particular, users of Virtual Network Computing (VNC) are strongly recommended to tunnel VNC inside SSH. VNC exposes sessions in clear on the network and the passwords are crackable. Break-ins have occurred on systems running VNC. Similar software such as Radmin is used by intruders for unauthorised access.
Further Reading
Please find further details in an article on "Connecting to CERN from home" in the CERN Computing Newsletter CNL 44/4 (2009/11/24).