Advanced Research Computing


How to access RDSS from outside UCL

This guide outlines options for accessing the Research Data Storage Service from outside of the UCL network

To provide an additional layer of security, the UCL institutional firewall prevents access to the Research Data Storage service from outside of the UCL network. There are however multiple ways of getting past this restriction, outlined below.


Option 1: VPN

You can use the university’s institutional VPN (Virtual Private Network) and then use any of the regular methods for connecting to RDS.

Software on your computer (Cisco AnyConnect client) routes all of your internet traffic via a server inside UCL, so it as though you are on a computer at UCL.

Please contact the ISD IT Services in the first instance for technical support when using the VPN.

Option 2: Desktop @ UCL

Desktop @ UCL operates inside of the UCL firewall and can make connections to our service. You can use WinSCP, which allows file transfers or PuTTY, which is a command line emulator. From there, if you are happy with the command line, you can copy data to a machine outside of UCL.

Option 3: SSH tunnel via Socrates for GPFS

It is possible to create an SSH tunnel to send your data via a machine named Socrates, which is accessible from outside of the university firewall. This method requires the use of the Linux command line (Linux or OS X), or in Windows using Cygwin, which provides a Linux-like environment. In the examples below, variables appear as <variable> and should be replaced with the corresponding value.

If you are using the GPFS storage on RDS, enter the following from your computer terminal:

ssh -N -f -L3333:ssh.rd.ucl.ac.uk:22 <user_name>@socrates.ucl.ac.uk

This creates a connection to Socrates using your UCL credentials, it also puts in place an encrypted ‘tunnel’ that forwards traffic on a ‘port’ (3333) on your own machine to the normal port for SSH traffic (22) on RDS servers. This way, you can subsequently make an SSH connection to port 3333 on your own computer and the data will be forwarded over the newly formed connection to RDS.

You can now issue SCP commands to RDS by modifying them slightly as follows:

scp -P 3333 <local_file_to_send.zip> <user_name>@localhost:<path_to_project_space>

Localhost is a synonym for your own computer. You can rearrange the above command to copy data in the other direction if you wish. 

For certain versions of SSH client, it is possible to modify a configuration file and create an alias for the RDS live storage that automatically tunnels though Socrates. 

From your home directory, there should be a directory called .ssh (create it if there is not). Inside there should be a file called config (again create it if it isn’t there). At the top of the file you should make sure that the following appears:

ForwardAgent yes

Elsewhere in the file you need the following:

Host <alias name e.g. socrds>
Hostname ssh.rd.ucl.ac.uk
User <user name>
ProxyCommand ssh <user name>@socrates.ucl.ac.uk -W %h:%p

You can then save the config file.

When you try to make an ssh connection now use:

ssh <alias name e.g. socrds>

You will be prompted for your password twice if you don’t have passwordless ssh turned on.


Related guides & other info

RDSS Access Guide

Help & support

For further help and assistance, you can contact researchdata-support@ucl.ac.uk