In order for users to access LeoMed, the LeoMed support team must first add the required network(s) to the allowlist. This applies to both ETH internal and external Networks. This applies to the login node and the Customapps Client (Customapps Client).
Internal sources (from ETH internal Networks): for ETH-internals to get access to LeoMed
ETH Internal Networks (including VPN, docking stations and others) are not allowed by default, only Staffnet VPN is allowed by default for all new tenants.
Important
The Students VPN is not allowed to access LeoMed for security reasons. Students who require access to LeoMed must be added to the corresponding VPN for the project. For more information please contact the ISG for the project.
External sources: for ETH-externals to get access to LeoMed
Prerequisites at your institution's network
Outbound traffic
Your institution's network needs to allow:
- SSH traffic (if you want to access LeoMed via the command line and SSH) and/or
- HTTPS traffic (if you want to access LeoMed via the browser and remote desktop)
Important
It is recommended to you check with your local IT support that this traffic is allowed, and nothing is filtered as we have seen users experiencing issues with their institutional proxy service that prevented them from accessing LeoMed.
Network characteristics
The following criteria need to be met:
- No IP addresses from your private home are allowed.
- Only institutional IP addresses can be allowed.
- The IP address or address range needs to be fixed (i.e. static), dynamic IPs and domains cannot be allowed.
- When providing a range of addresses, it is preferred to have one restricted in scope to only users who will need to connect to LeoMed. For example, it is preferred to log in to LeoMed from a research group VPN that only is accessible by users required to access LeoMed vs logging in to LeoMed from a VPN accessible by the entire institution.
- Allowing any ETH-external addresses will have to be approved by the LeoMed IT security officers.
It is preferred that you access LeoMed via a workstation within an institutional network (resulting in you accessing LeoMed from a single fixed IP address). If that is not possible, there are several alternatives:
- Option A (preferred): you access LeoMed from a dedicated network or VPN that only includes other members of your institution that will need to access LeoMed. Please ask your local IT support whether this is in place or can be provided. In order to add the IP to the allowlist, the LeoMed support will need to be informed about who has access to this network.
- Option B: you access LeoMed via a jump host located within your institution's network and managed by your local IT support. This host should only be accessible by users that should have access to LeoMed. Note that this local jump host needs to be managed by your local IT support and the LeoMed support team will not manage this host. Please ask your local IT support whether this is in place or can be provided.