As of Monday 16 December 2024, and in response to an increase in cyber threats to the higher education sector, the use of Unified Access is now a mandatory requirement for connecting to the Remote Desktop Gateway.
ICT requires that you use Unified Access in order to connect to the Remote Desktop Gateway service or to access university applications, which can be done from anywhere in the world, directly from your device. This replaces the need to use a VPN or remotely accessing a computer.
If you must remotely access your university computer, please follow the instructions on the page.
If your university computer is a Windows device, you can remotely connect to it from another location using Remote Desktop Gateway (RDG). Follow the instructions below to create a Remote Desktop connection. If you experience any difficulties when doing so please Contact the ICT Service Desk with the asset number of the computer you're trying to access.
Please take note of your PC name you will be remoting into before you follow the below instructions. Find out how to locate your PC name.
Instructions for using Remote Desktop Gateway
Set up RDG on your device
- Remote access your College Windows computer using a Windows device
- Remote access your College Windows computer using a Mac
- Remote access your College Windows computer using an iPhone or iPad (iOS)
- Remote access your College Windows computer using an Android device
- Remote access your College Windows computer using an Linux device
Before you begin, you will need to wake your PC so that you are able to remote into it.
Automatic setup
- Download and save this file: ICRDGateway.zip
- Double click on the .zip you have downloaded.
- Copy the ICRDGateway.rdp file to your Desktop and click to run.
- Enter the full name (e.g. cc-username.cc.ic.ac.uk) of your College machine and click Connect.
- Enter your College username (ic\yourusername) and password when prompted and click OK.
Your session is now connected. Click on this file whenever you want to connect remotely to your desktop.
Manual setup
- Click on the Start button in your desktop toolbar, type Remote Desktop in the search field and press the Return key on your keyboard.
- Press the Options arrow in the bottom left-hand corner of the Remote Desktop window.
- Select the Advanced tab and click the Settings button under Connect from anywhere.
- Select the Use these RD Gateway server settings button.
- Enter ictsgw.cc.ic.ac.uk in the Server name field.
- Enter Ask for password (NTLM) in the Logon method field.
- Ensure that Bypass RD Gateway server for local settings is ticked.
- Tick Use my RD Gateway credentials for the remote computer.
- Press the OK button and click Options to contract the screen and return to the connection area.
- Enter the full name (e.g. cc-username.cc.ic.ac.uk) of your College machine and click Connect. Find out how to locate your PC name.
- Enter your College username (ic\yourusername) and password when prompted and click OK.
Your session is now connected.
Before you begin, you will need to wake your PC so that you are able to remote into it.
We recommend Mac OS users download and use Microsoft Remote Desktop 10 from the App store.
To set up an RDG connection using your Mac, follow these steps:
- Start the app and select Add desktop to add a new profile entry.
- Enter a name for the remote desktop profile.
- Enter the full name (e.g. cc-username.cc.ic.ac.uk) of your College machine. Find out how to locate your PC name.
- Change the ‘User Account’ drop down to Add User Account
- Enter ic\yourCollegeusername in the User name field.
- Enter your College password in the Password field.
- Enter a friendly name if desired (optional)
- Click Save and Save again.
- Click the Cog in the top right of the screen then Preferences.
- Click Gateways.
- Click on the + symbol on the bottom left of the window.
- Enter ictsgw.cc.ic.ac.uk in the Server name field.
- Select your username in the User name field.
- Enter a name for the gateway in the Friendly Name field.
- Click Save
- Close the screen.
- Now choose the gateway you created from the Gateway dropdown list.
- Click the pencil icon.
- Under General select the gateway name in the Gateway field.
- Click Save.
- The main screen will display your new profile. Double click this to start a remote desktop session.
Your session is now connected.
For legacy systems (pre OSX 10.11): Microsoft Remote Desktop 8 (No longer available for new downloads)
- Start the app and select New Remote Desktop to add a new profile entry.
- Enter a name for the remote desktop profile.
- Enter the full name (e.g. cc-username.cc.ic.ac.uk) of your College machine. Find out how to locate your PC name.
- Enter ic\yourCollegeusername in the User name field.
- Enter your College password in the Password field.
- Select Add Gateway from the Gateway dropdown list. This will take you to another screen.
- Click on the + symbol on the bottom left of the window.
- Enter a name for the gateway.
- Enter ictsgw.cc.ic.ac.uk in the Gateway name field.
- Enter ictsgw.cc.ic.ac.uk in the Server name field.
- Enter ic\yourCollegeusername in the User name field.
- Enter your College password in the Password field.
- Close the screen.
- Now choose the gateway you created from the gateway dropdown list.
- Close the screens. The main screen will display your new profile. Double click this to start a remote desktop session.
Your session is now connected.
Note: We offer limited support for this app.
Before you begin, you will need to wake your PC so that you are able to remote into it.
To set up an RDG connection using your iOS device, follow these steps:
- Download and install the free Microsoft Remote Desktop app from the App Store.
- Start the app and ensure PC is highlighted. Select + from the top menu to add a new PC entry. This will open a new window.
- Enter the hostname (e.g. cc-example.cc.ic.ac.uk) of College PC you wish to connect to in the name field and click the < arrow to save. Find out how to locate your PC name.
- Select the User Account field and enter ic\yourCollegeusername and select Save.
- Select No Gateway Configured and a new window will appear.
- Tap Add gateway.
- Select Gateway Name and enter ictsgw.cc.ic.ac.uk and tap < to save
- Enter User Account and select your username listed as configured earlier.
- Enter a Friendly name to identify the connection (E.G Imperial College PC), tap the back arrow < then tap Save
- Select the gateway you've just configured on the main screen screen to initiate the connection. Enter your College password when prompted.
Your session is now connected.
Note: We offer limited support for this app.
Before you begin, you will need to wake your PC so that you are able to remote into it.
To set up an RDG connection using your Android device, follow these steps:
- Download and install the free Microsoft Remote Desktop app from the Play Store.
- Start the app and select the + icon in the bottom left hand side of the screen to create a new connection. The configuration page will appear.
- Select Connection name and enter a relevant name like Imperial Work PC.
- Enter the FQDN (e.g. cc-example.cc.ic.ac.uk) of the College PC to which you wish to connect in the PC name field. Find out how to locate your PC name.
- Select the Gateway option.
- Press Add Gateway.
- Enter a relevant name such as TS Gateway into the Gateway Name field.
- Enter ictsgw.cc.ic.ac.uk into the Server field.
- Press the tick in the top right hand corner of the screen to confirm these settings and return to the previous screen.
- Enter ic\yourCollegeusername in the User name field.
- Enter your College password in the Password field.
- Press the tick in the top right hand corner of the screen to confirm these settings. Your remote desktop connection has been saved.
- Select the new connection listed in the All section of Remote Desktops to initiate a connection.
Your session is now connected.
Before you begin, you will need to wake your PC so that you are able to remote into it.
The College Ubuntu 1804 build comes with Remmina, which is a graphical interface for remote desktop connections. Recent versions of this software can handle connections via a Remote Desktop Gateway. Remmina is not installed by default in Oracle or Centos Linux but It is possible to install it. Find out how to install Remmina.
The Imperial College Remote Desktop gateway is the recommended means of off-campus remote connection. It proxies the connection to your on-campus machine in a consistent and secure manner.
If this service is unavailable it may still be possible to connect to your Windows machine directly over the College VPN, however, this is slower and not as reliable.
- Open Remmina
- Click the “+” button to add a new configuration, and give it a meaningful name.
- Protocol: RDP - Remote Desktop Protocol
- Open Remmina and on the Basic tab fill in the following details:
Server: The machine you want to connect to eventually.
User Name: Your IC username
Password: Your IC password
Domain: IC
- Adjust colour depth to suit your machine. 15bit uses fewer resources than 32bit.
- Go to to the Advanced Tab and set up the ICT RDP Gateway with the following details:
RDG Server: ictsgw.cc.ic.ac.uk
RDG username: Your IC username
RDG password: Your IC password
RDG domain: IC
- Click Save and you will have a new configuration with the name you initially specified.
- Click on this new entry to connect to your server.
- Accept the certificate warnings. These should only appear the very first time you connect.
- Your Windows remote session should now be active.
Remotely access a Mac
You are able to access files stored on a College Mac, administrator accounts of the Mac can access their files by connecting to the Virtual private network (VPN)and then following the instructions below.
Technical details
- How to connect to your H:drive using VPN
- How to use SFTP to access files on a Mac not saved on your H: Drive
Once you have connected to the VPN successfully, use the Online Home directory finder to find the location of your H: drive on the network, e.g. \\icnas2.cc.ic.ac.uk\yourusername.
Instructions
To map your H: drive on your Windows or Mac computer while using VPN, follow these steps:
Windows
- Click start and type This PC and click on the icon
- Click Computer at the top of the page
- Click Map Network drive
- Login to Home directory location to find the path name, e.g. \\icnas1.cc.ic.ac.uk\jbloggs.
- Select H in the box marked Drive
- Enter your Home directory location in the box marked Folder
- Select Connect using different credentials and enter your username in the format ic\yourusername and your College password, if you did not login to the computer with your College username and password
Mac
- Login to Home directory location to find the path name, e.g. smb://icnas1.cc.ic.ac.uk/jbloggs
- Select Go from the Finder menu
- Select Connect to server...
- Enter your Home directory location in the Server Address box
- Enter your College username and password to connect, if you did not login with your College username and password
Cyberduck
Make sure you are connected to the VPN
- Open Cyberduck
- Click Open Connection
- Select SFTP (SSH File Transfer Protocol) in the dropdown menu
- Enter the IP address or full name of the machine you wish to connect to in the field Server.
- Enter the port number. (port 22 for SFTP)
- Make sure Anonymous Login is not selected.
- Enter your College username
- Enter your College password
- Click on Connect to connect to the server.
- Click Allow when you get a warning about an unknown host key.
Terminal (command line)
Make sure you are connected to the VPN
Example based on user jsmith connecting to cc-jsmith-mac
Remotely access a Linux machine
The SSH Gateway service allows external users to be able to connect to their internal SSH systems (typically Linux servers) from remote locations via SSH. This allows SSH connections to get general access to systems/servers, but not to our key secure services such as ICIS or Banner.
XRDP can be used on Linux systems to provide a graphical login to remote machines – this makes use of the Microsoft Remote Desktop Protocol (RDP) and connections can be made using numerous different RDP client programs, including the standard Microsoft Remote Desktop Client.
Limitations:
- Unlike in Windows, XRDP does not allow you to connect to an existing console/local graphical session – the graphical session you create when logging in using XRDP is used just for remote connections.
- Under OEL7 you can connect using XRDP even when already logged on to a graphical session locally. However, when using XRDP in Ubuntu this is not possible – if still logged on locally you would have to connect first using SSH and end the existing graphical session (by rebooting the computer, for example) and then you could connect remotely.
Technical details
- How to use SSH to access files on a Linux machine using a Windows PC
- How to use SSH to access files on a Linux machine using a Mac or Linux
- XRDP set up for OEL7
- XRDP set up for Ubuntu 18.04
Users of this service will need to have an Imperial College user account.
- Download Putty or another SSH v2 client
- To access this service place a request via the ICT Service Desk.
- You will need to first follow the instructions to "wake my PC".
- Enter sshgw.ic.ac.uk as Host Name
- Click Open
- Enter your college username
- Enter your college password
- You will get a warning about trusting this machine the first time, enter yes
- Type ssh ‘your computer hostname’ (without quotes)
- Enter the username you use on the Linux machine
- Enter the password you use on the Linux machine
Note:
- SSH Forwarding is not enabled
- Generic access only to internal low-risk systems.
- Auditing of user access is enabled.
- Very restricted local writes on this service (which are monitored).
Users of this service will need to have an Imperial College user account and will need to have an SSH client to connect to this service (this is inbuilt in Linux ).
- To access this service place a request via the ICT Service Desk.
- You will need to first follow the instructions to "wake my PC".
- Open terminal
- Users will need to connect to the following location: sshgw.ic.ac.uk
- Users will connect with the following: ssh <username>@sshgw.ic.ac.uk For example: ssh joebloggs@sshgw.ic.ac.uk
- The host key fingerprint for this is
Mac SHA256:36erZyy3SBSr0L3adNwJlLNtC6xKtQecEKhMfx3yyTU.
Linux: 9c:15:97:fd:71:80:1a:ae:fd:6b:1d:1e:f2:b7:89:a6
- Type ssh ‘your computer hostname’ (without quotes)
- Enter the username you use on the Linux machine
- Enter the password you use on the Linux machine
Note:
- SSH Forwarding is not enabled
- Generic access only to internal low-risk systems.
- Auditing of user access is enabled.
- Very restricted local writes on this service (which are monitored).
1. Install xrdp package (this installs from the EPEL repository, which is configured as standard on Imperial-configured systems)
sudo yum install xrdp
2. Start xrdp services and enable for automatic startup with the system (this also starts the xrdp-sesman service)
sudo systemctl start xrdp
sudo systemctl enable xrdp
3. Add firewall rule to allow incoming RDP connections
sudo firewall-cmd --permanent --add-port=3389/tcp
sudo firewall-cmd --reload
4. Edit configuration to allow only defined users to connect to xrdp
4.1. Edit file /etc/xrdp/sesman.ini
4.2. Find line defining TerminalServerUsers and edit this value – it could be set to, for example, sshd so that users already set up for SSH access are also then set up to use xrdp. Alternatively, you could add a new group and maintain the membership of that group separately – this is outside the scope of these instructions
4.3. Find the line defining AlwaysGroupCheck and set this to true
4.4. Restart the xrdp-sesman service with
sudo systemctl restart xrdp-sesman
4.5. Add any required users to the sshd group (and therefore grant them both SSH and Remote Desktop access) with
sudo usermod <username> -a -G sshd
(note that the -a option is crucial as this ‘appends’ to any existing list of group memberships – without this option the existing memberships would be removed)
5. Connect from your client computer and login at the xrdp login screen – session type will be “Xvnc”. Do not include any IC\ prefix on your username
1. Install xrdp package (this installs from the universe repository, which is configured as standard on Imperial-configured systems)
sudo apt install xrdp
The xrdp service is started after installation and configured to automatically startup with the system so there is no need to set this manually.
There is no active firewall in the default configuration so nothing needs to be done there.
2. Edit configuration to allow only defined users to connect to xrdp
2.1. Edit file /etc/xrdp/sesman.ini
2.2. Find line defining “TerminalServerUsers” and edit this value – it could be set to, for example, “sshd” (without the quotes) so that users already set up for SSH access are also then set up to use xrdp. Alternatively, you could add a new group and maintain the membership of that group separately – this is outside the scope of these instructions
2.3. Find the line defining “AlwaysGroupCheck” and set this to “true” (without the quotes)
2.4. Restart the xrdp-sesman service with
sudo systemctl restart xrdp-sesman
2.5. Add any required users to the sshd group (and therefore grant them both SSH and Remote Desktop access) with
sudo usermod <username> -a -G sshd
(note that the “-a” option is crucial as this ‘appends’ to any existing list of group memberships – without this option the existing memberships would be removed)
3. Connect from your client computer and login at the xrdp login screen – session type will be “Xorg”. Do not include any “IC\” prefix on your username.
4. A pop-up will be observed stating “Authentication is required to create a color managed device”. Adjustments to Polkit configuration need to be made to prevent this message appearing:
4.1. Create a polkit configuration file:
sudo nano /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
4.2. Add the following contents to it:
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.color-manager.create-device" || action.id == "org.freedesktop.color-manager.create-profile" || action.id == "org.freedesktop.color-manager.delete-device" || action.id == "org.freedesktop.color-manager.delete-profile" || action.id == "org.freedesktop.color-manager.modify-device" || action.id == "org.freedesktop.color-manager.modify-profile") && subject.isInGroup("{group}"))
{
return polkit.Result.YES;
}
});
The message should then no longer be observed on future remote logins.
4.4. The first time you connect using xrdp the desktop session will not have the usual theme set and the dock will not be visible so settings controlling these will need to be manually adjusted (the settings should then persist for future xrdp sessions). The Gnome “Tweaks” program can be used to adjust the required settings – install this using
sudo apt install gnome-tweaks
5. Then launch the program set the following options to make things look more like a standard desktop:
Desktop > Show Icons – set to “ON”
Extensions > Ubuntu dock – set to “ON”
Appearance > Themes > Applications – set to “Ambiance”
Appearance > Themes > Icons – set to “Humanity”