Requesting a New Secured Research Enclave
Check out this video to see a step-by-step guide for requesting a new secured government enclave instance for your research.
If your research contract contains references to CUI or Controlled Unclassified Information you may need to submit a Secured Research Enclave Request through the Help Center. Before submitting this request check with the Research and Technology Transfer office to verify. This type of environment contains increased restrictions to meet required government regulations.
Open a browser and navigate to https://helpcenter.mines.edu/TDClient/1946/Portal/Requests/ServiceDet?ID=52329.
On the right side click Request Service.
Fill in the details within the form and click submit.
Your request will be reviewed, and an interview scheduled with Information Technology Solutions to go over your research project to gain a deeper understanding before building an environment to support your research.
While your request is being reviewed, please check to be sure the software you would like to run in your enclave is approved by Software Acquisitions by going to the Mines Software Inventory page.
There are several pages of approved software. Check to confirm that the software you want to use in the enclave is listed.
If the software, you want to use is not listed you will need to submit a New Software Purchase or Acquisition Request. To do this navigate to https://helpcenter.mines.edu and search for New Software Purchase or Acquisition Request.
If the software, you want to use is not listed you will need to submit a New Software Purchase or Acquisition Request. To do visit this page: https://helpcenter.mines.edu/TDClient/1946/Portal/Requests/ServiceDet?ID=35898.
On the right side click Request Service.
Fill out the request and click submit. Be sure to mention in the description field that this software will be used in the Secure Government Enclave.
Additional review and approval will be performed by Information security to ensure this software meets required government regulations for your environment.
Building your environment can be complex and take time as we need to meet 110 government regulations under CMMC or the Cybersecurity Maturity model Certification to support your research. More information about CMMC can be found at https://dodcio.defense.gov/CMMC/About/.
Signing in to GlobalProtect VPN
Check out this video to see a step-by-step guide for connecting to Global Protect VPN so that you cand access your secured government enclave.
To sign into the Secure Government Enclave GlobalProtect VPN click on the Start button, search for GlobalProtect, and open the application.
Click Connect.
Enter your Secure Government Enclave credentials. These credentials are separate from your campus credentials.
Choose your preferred MFA option and click Sign In.
You will receive a second MFA prompt. This is due to required government security regulations for this environment. Choose your preferred MFA option and click Sign In.
GlobalProtect will show Connected once you’ve finished signing in.
Accessing Your EC2 Instance
Check out this video to see a step-by-step guide for accessing your secure government enclave instance.
To access your assigned EC2 instance make sure you are signed into the Secure Government Enclave GlobalProtect VPN. To verify you are signed in on the bottom right click on show hidden icons and click on GlobalProtect. It should show Connected.
Click on Start and type in Remote Desktop Connection. Click on Remote Desktop Connection.
Type in the full name of your EC2 instance and click Connect.
You will see the following warning unless you have checked Don’t ask me again for connections to this computer. Click Connect.
If this your first-time connecting check the username to be sure you see SGE\ your username, if it doesn’t click more choices and click Use a different account.
Enter your username and password and click OK.
Accept the authorized use policy.
Choose your preferred MFA authentication method.
You are now connected to your EC2 instance.
Due to required government security regulations for this environment there are several restrictions
- Accounts that have not logged in for 30 days are automatically disabled. An email notification will be sent after 25 days of inactivity as a reminder. (Here is an example email you might receive)
- Passwords expire after 90 days. An email notification will be sent 2 weeks and 1 week before your password expires. (Here is an example email you might receive)
- Copying and pasting between your hardened laptop and EC2 Instance is restricted.
- Only authorized applications such as Microsoft Office and other pre-authorized applications are allowed to run.
- Internet access is restricted except for authorized traffic.
- Remote desktop sessions will lock after 15 minutes of inactivity.
Accessing Your Shared Team and Personal Files
Check out this video to see a step-by-step guide for accessing your shared and personal files within your secure government enclave instance.
Your assigned EC2 instance has two mapped drives. To access these mapped drives, click on Start and type in File Explorer. Click on File Explorer.
Click on This PC on the left pane to view your mapped drives.
The project share is mapped as the Y drive. The Y drive can be accessed by other members of your research project so you can share files.
The personal drive is mapped as the Z drive. The Z drive can only be accessed by you. I recommend storing files that only you will access in the Z drive instead of the local C drive.
Resetting Your Password
Check out this video to see a step-by-step guide for changing your secure government enclave password.
This guide will show you how to change your password in the Secure Government Enclave before it expires. You will be notified by email before your password expires. If your password has already expired and you can’t log in, please contact the help center.
Make sure you are signed into the Secure Government Enclave GlobalProtect VPN. To verify you are signed in on the bottom right click on show hidden icons and click on GlobalProtect. It should show Connected.
Remote into your assigned EC2 instance.
Accept the authorized use policy.
Choose your preferred MFA authentication method.
Once your desktop is loaded. Press Ctrl + Alt + End and choose Change a password.
Enter your old password and new password twice. Click the right arrow submit button.
Once again, choose your preferred MFA authentication method.
Click OK.
Log out of your assigned EC2 instance and log back in with your new password to ensure it is working correctly.