Before you begin, you will need to wake your PC so that you are able to remote into it. 

Automatic setup

1. Download and save this file: ICRDGateway.zip
2. Double click on the .zip you have downloaded.
3. Copy the ICRDGateway.rdp file to your Desktop and click to run.
4. Enter the full name (e.g. cc-username.cc.ic.ac.uk) of your College machine and click Connect.
5. Enter your College username (ic\yourusername) and password when prompted and click OK.

Your session is now connected. Click on this file whenever you want to connect remotely to your desktop.

Manual setup

1. Click on the Start button in your desktop toolbar, type Remote Desktop in the search field and press the Return key on your keyboard.
2. Press the Options arrow in the bottom left-hand corner of the Remote Desktop window.
3. Select the Advanced tab and click the Settings button under Connect from anywhere.
4. Select the Use these RD Gateway server settings button.
5. Enter ictsgw.cc.ic.ac.uk in the Server name field.
6. Enter Ask for password (NTLM) in the Logon method field.
7. Ensure that Bypass RD Gateway server for local settings is ticked.
8. Tick Use my RD Gateway credentials for the remote computer.
9. Press the OK button and click Options to contract the screen and return to the connection area.
10. Enter the full name (e.g. cc-username.cc.ic.ac.uk) of your College machine and click Connect. Find out how to locate your PC name.
11. Enter your College username (ic\yourusername) and password when prompted and click OK.

Your session is now connected.

Before you begin, you will need to wake your PC so that you are able to remote into it. 

We recommend Mac OS users download and use Microsoft Remote Desktop 10 from the App store. 

To set up an RDG connection using your Mac, follow these steps:

1. Start the app and select Add desktop to add a new profile entry.
2. Enter a name for the remote desktop profile.
3. Enter the full name (e.g. cc-username.cc.ic.ac.uk) of your College machine. Find out how to locate your PC name.
4. Change the ‘User Account’ drop down to Add User Account
5. Enter ic\yourCollegeusername in the User name field.
6. Enter your College password in the Password field.
7. Enter a friendly name if desired (optional)
8. Click Save and Save again.
9. Click the Cog in the top right of the screen then Preferences.
10. Click Gateways.
11. Click on the + symbol on the bottom left of the window.
12. Enter ictsgw.cc.ic.ac.uk in the Server name field.
13. Select your username in the User name field.
14. Enter a name for the gateway in the Friendly Name field.
15. Click Save
16. Close the screen.
17. Now choose the gateway you created from the Gateway dropdown list.
18. Click the pencil icon.
19. Under General select the gateway name in the Gateway field.
20. Click Save.
21. The main screen will display your new profile. Double click this to start a remote desktop session.

Your session is now connected.

For legacy systems (pre OSX 10.11):  Microsoft Remote Desktop 8 (No longer available for new downloads)

1. Start the app and select New Remote Desktop to add a new profile entry.
2. Enter a name for the remote desktop profile.
3. Enter the full name (e.g. cc-username.cc.ic.ac.uk) of your College machine. Find out how to locate your PC name.
4. Enter ic\yourCollegeusername in the User name field.
5. Enter your College password in the Password field.
6. Select Add Gateway from the Gateway dropdown list. This will take you to another screen.
7. Click on the + symbol on the bottom left of the window.
8. Enter a name for the gateway.
9. Enter ictsgw.cc.ic.ac.uk in the Gateway name field.
10. Enter ictsgw.cc.ic.ac.uk in the Server name field.
11. Enter ic\yourCollegeusername in the User name field.
12. Enter your College password in the Password field.
13. Close the screen.
14. Now choose the gateway you created from the gateway dropdown list.
15. Close the screens. The main screen will display your new profile. Double click this to start a remote desktop session.

Your session is now connected.

Note: We offer limited support for this app.

Before you begin, you will need to wake your PC so that you are able to remote into it. 

To set up an RDG connection using your iOS device, follow these steps:

1. Download and install the free Microsoft Remote Desktop app from the App Store.
2. Start the app and ensure PC is highlighted. Select + from the top menu to add a new PC entry. This will open a new window.
   
3. Enter the hostname (e.g. cc-example.cc.ic.ac.uk) of College PC you wish to connect to in the name field and click the < arrow to save. Find out how to locate your PC name.
   
4. Select the User Account field and enter ic\yourCollegeusername and select Save.
5. Select No Gateway Configured and a new window will appear.
   
6. Tap Add gateway.
7. Select Gateway Name and enter ictsgw.cc.ic.ac.uk and tap < to save
   
8. Enter User Account and select your username listed as configured earlier.
   
9. Enter a Friendly name to identify the connection (E.G Imperial College PC), tap the back arrow < then tap Save
   
10. Select the gateway you've just configured on the main screen screen to initiate the connection. Enter your College password when prompted. 

Your session is now connected.

Note: We offer limited support for this app.

Before you begin, you will need to wake your PC so that you are able to remote into it. 

To set up an RDG connection using your Android device, follow these steps:

1. Download and install the free Microsoft Remote Desktop app from the Play Store.
2. Start the app and select the + icon in the bottom left hand side of the screen to create a new connection. The configuration page will appear.
3. Select Connection name and enter a relevant name like Imperial Work PC.
4. Enter the FQDN (e.g. cc-example.cc.ic.ac.uk) of the College PC to which you wish to connect in the PC name field. Find out how to locate your PC name.
5. Select the Gateway option.
6. Press Add Gateway.
7. Enter a relevant name such as TS Gateway into the Gateway Name field.
8. Enter ictsgw.cc.ic.ac.uk into the Server field.
9. Press the tick in the top right hand corner of the screen to confirm these settings and return to the previous screen.
10. Enter ic\yourCollegeusername in the User name field.
11. Enter your College password in the Password field.
12. Press the tick in the top right hand corner of the screen to confirm these settings. Your remote desktop connection has been saved.
13. Select the new connection listed in the All section of Remote Desktops to initiate a connection.

Your session is now connected.

Before you begin, you will need to wake your PC so that you are able to remote into it. 

The College Ubuntu 1804 build comes with Remmina, which is a graphical interface for remote desktop connections. Recent versions of this software can handle connections via a Remote Desktop Gateway. Remmina is not installed by default in Oracle or Centos Linux but It is possible to install it. Find out how to install Remmina.

The Imperial College Remote Desktop gateway is the recommended means of off-campus remote connection. It proxies the connection to your on-campus machine in a consistent and secure manner.

If this service is unavailable it may still be possible to connect to your Windows machine directly over the College VPN, however, this is slower and not as reliable.

1. Open Remmina
2. Click the “+” button to add a new configuration, and give it a meaningful name.
3. Protocol: RDP - Remote Desktop Protocol
4. Open Remmina and on the Basic tab fill in the following details: 

Server: The machine you want to connect to eventually.
User Name: Your IC username
Password: Your IC password
Domain: IC

5. Adjust colour depth to suit your machine. 15bit uses fewer resources than 32bit.
6. Go to to the Advanced Tab and set up the ICT RDP Gateway with the following details:

RDG Server: ictsgw.cc.ic.ac.uk
RDG username: Your IC username
RDG password: Your IC password
RDG domain: IC

7. Click Save and you will have a new configuration with the name you initially specified. 
8. Click on this new entry to connect to your server.
9. Accept the certificate warnings. These should only appear the very first time you connect.
10. Your Windows remote session should now be active.

Once you have connected to the VPN successfully, use the Online Home directory finder to find the location of your H: drive on the network, e.g. \\icnas2.cc.ic.ac.uk\yourusername.

Instructions

To map your H: drive on your Windows or Mac computer while using VPN, follow these steps:

Windows

• Click start and type This PC and click on the icon
• Click Computer at the top of the page
  
• Click Map Network drive
• Login to Home directory location to find the path name, e.g. \\icnas1.cc.ic.ac.uk\jbloggs.
• Select H in the box marked Drive
• Enter your Home directory location in the box marked Folder
• Select Connect using different credentials and enter your username in the format ic\yourusername and your College password, if you did not login to the computer with your College username and password

Mac

• Login to Home directory location to find the path name, e.g. smb://icnas1.cc.ic.ac.uk/jbloggs
• Select Go from the Finder menu
• Select Connect to server...
• Enter your Home directory location in the Server Address box
• Enter your College username and password to connect, if you did not login with your College username and password

Users of this service will need to have an Imperial College user account. 

1. Download Putty or another SSH v2 client 
2. To access this service place a request via the ICT Service Desk. 
3. You will need to first follow the instructions to "wake my PC". 
4. Enter sshgw.ic.ac.uk as Host Name 
5. Click Open 
6. Enter your college username 
7. Enter your college password 
8. You will get a warning about trusting this machine the first time, enter yes 
9. Type ssh ‘your computer hostname’ (without quotes) 
10. Enter the username you use on the Linux machine 
11. Enter the password you use on the Linux machine 

Note: 

• SSH Forwarding is not enabled 
• Generic access only to internal low-risk systems. 
• Auditing of user access is enabled. 
• Very restricted local writes on this service (which are monitored). 

Users of this service will need to have an Imperial College user account and will need to have an SSH client to connect to this service (this is inbuilt in Linux ).

1. To access this service place a request via the ICT Service Desk. 

2. You will need to first follow the instructions to "wake my PC". 

3. Open terminal 

4. Users will need to connect to the following location: sshgw.ic.ac.uk 

5. Users will connect with the following: ssh <username>@sshgw.ic.ac.uk For example: ssh joebloggs@sshgw.ic.ac.uk 

6. The host key fingerprint for this is   

Mac  SHA256:36erZyy3SBSr0L3adNwJlLNtC6xKtQecEKhMfx3yyTU. 

Linux: 9c:15:97:fd:71:80:1a:ae:fd:6b:1d:1e:f2:b7:89:a6 

7. Type ssh ‘your computer hostname’ (without quotes) 

8. Enter the username you use on the Linux machine 

9. Enter the password you use on the Linux machine 

 Note:

• SSH Forwarding is not enabled 
• Generic access only to internal low-risk systems. 
• Auditing of user access is enabled. 
• Very restricted local writes on this service (which are monitored).

1. Install xrdp package (this installs from the EPEL repository, which is configured as standard on Imperial-configured systems)

sudo yum install xrdp

2. Start xrdp services and enable for automatic startup with the system (this also starts the xrdp-sesman service)

sudo systemctl start xrdp

sudo systemctl enable xrdp

3. Add firewall rule to allow incoming RDP connections

sudo firewall-cmd --permanent --add-port=3389/tcp

sudo firewall-cmd --reload

4. Edit configuration to allow only defined users to connect to xrdp

4.1. Edit file /etc/xrdp/sesman.ini

4.2. Find line defining TerminalServerUsers and edit this value – it could be set to, for example, sshd so that users already set up for SSH access are also then set up to use xrdp. Alternatively, you could add a new group and maintain the membership of that group separately – this is outside the scope of these instructions

4.3. Find the line defining AlwaysGroupCheck and set this to true

4.4. Restart the xrdp-sesman service with

sudo systemctl restart xrdp-sesman

4.5. Add any required users to the sshd group (and therefore grant them both SSH and Remote Desktop access) with

sudo usermod <username> -a -G sshd

(note that the -a option is crucial as this ‘appends’ to any existing list of group memberships – without this option the existing memberships would be removed)

5. Connect from your client computer and login at the xrdp login screen – session type will be “Xvnc”. Do not include any IC\ prefix on your username

1. Install xrdp package (this installs from the universe repository, which is configured as standard on Imperial-configured systems)

sudo apt install xrdp

The xrdp service is started after installation and configured to automatically startup with the system so there is no need to set this manually.

There is no active firewall in the default configuration so nothing needs to be done there.

2. Edit configuration to allow only defined users to connect to xrdp

2.1. Edit file /etc/xrdp/sesman.ini

2.2. Find line defining “TerminalServerUsers” and edit this value – it could be set to, for example, “sshd” (without the quotes) so that users already set up for SSH access are also then set up to use xrdp. Alternatively, you could add a new group and maintain the membership of that group separately – this is outside the scope of these instructions

2.3. Find the line defining “AlwaysGroupCheck” and set this to “true” (without the quotes)

2.4. Restart the xrdp-sesman service with

sudo systemctl restart xrdp-sesman

2.5. Add any required users to the sshd group (and therefore grant them both SSH and Remote Desktop access) with

sudo usermod <username> -a -G sshd

(note that the “-a” option is crucial as this ‘appends’ to any existing list of group memberships – without this option the existing memberships would be removed)

3. Connect from your client computer and login at the xrdp login screen – session type will be “Xorg”. Do not include any “IC\” prefix on your username.

4. A pop-up will be observed stating “Authentication is required to create a color managed device”. Adjustments to Polkit configuration need to be made to prevent this message appearing:

4.1. Create a polkit configuration file:

sudo nano /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf

4.2. Add the following contents to it:

polkit.addRule(function(action, subject) {

if ((action.id == "org.freedesktop.color-manager.create-device" || action.id == "org.freedesktop.color-manager.create-profile" || action.id == "org.freedesktop.color-manager.delete-device" || action.id == "org.freedesktop.color-manager.delete-profile" || action.id == "org.freedesktop.color-manager.modify-device" || action.id == "org.freedesktop.color-manager.modify-profile") && subject.isInGroup("{group}"))

{

return polkit.Result.YES;

}

});

The message should then no longer be observed on future remote logins.

4.4. The first time you connect using xrdp the desktop session will not have the usual theme set and the dock will not be visible so settings controlling these will need to be manually adjusted (the settings should then persist for future xrdp sessions). The Gnome “Tweaks” program can be used to adjust the required settings – install this using

sudo apt install gnome-tweaks

5. Then launch the program set the following options to make things look more like a standard desktop:

Desktop > Show Icons – set to “ON”

Extensions > Ubuntu dock – set to “ON”

Appearance > Themes > Applications – set to “Ambiance”

Appearance > Themes > Icons – set to “Humanity”