XClose

Information Services Division

Home
Menu

How to access RDS from outside UCL

This guide outlines options for accessing the Research Data Storage Service from outside of the UCL network.

To provide an additional layer of security, the UCL institutional firewall prevents access to the Research Data Storage service from outside of the UCL network. There are however multiple ways of getting past this restriction, outlined below.

This guide is aimed at...

  • Researchers

Instructions

Option 1: VPN

You can use the university’s institutional VPN (Virtual Private Network) and then use any of the regular methods for connecting to RDS.

Software on your computer (Cisco AnyConnect client) routes all of your internet traffic via a server inside UCL, so it as though you are on a computer at UCL.

Please contact the ISD service desk in the first instance for technical support when using the VPN.

Option 2: Desktop @ UCL

Desktop @ UCL operates inside of the UCL firewall and can make connections to our service. You can use WinSCP, which allows file transfers or PuTTY, which is a command line emulator. From there, if you are happy with the command line, you can copy data to a machine outside of UCL.

Option 3a: SSH tunnel via Socrates for GPFS

It is possible to create an SSH tunnel to send your data via a machine named Socrates, which is accessible from outside of the university firewall. This method requires the use of the Linux command line (Linux or OS X), or in Windows using Cygwin, which provides a Linux-like environment. In the examples below, variables appear as <variable> and should be replaced with the corresponding value.

If you are using the GPFS storage on RDS, enter the following from your computer terminal:

ssh -N -f -L3333:ssh.rd.ucl.ac.uk:22 <user_name>@socrates.ucl.ac.uk

This creates a connection to Socrates using your UCL credentials, it also puts in place an encrypted ‘tunnel’ that forwards traffic on a ‘port’ (3333) on your own machine to the normal port for SSH traffic (22) on RDS servers. This way, you can subsequently make an SSH connection to port 3333 on your own computer and the data will be forwarded over the newly formed connection to RDS.

You can now issue SCP commands to RDS by modifying them slightly as follows:

scp -P 3333 <local_file_to_send.zip> <user_name>@localhost:<path_to_project_space>

Localhost is a synonym for your own computer. You can rearrange the above command to copy data in the other direction if you wish. 

For certain versions of SSH client, it is possible to modify a configuration file and create an alias for the RDS live storage that automatically tunnels though Socrates. 

From your home directory, there should be a directory called .ssh (create it if there is not). Inside there should be a file called config (again create it if it isn’t there). At the top of the file you should make sure that the following appears:

ForwardAgent yes

Elsewhere in the file you need the following:

Host <alias name e.g. socrds>
Hostname ssh.rd.ucl.ac.uk
User <user name>
ProxyCommand ssh <user name>@socrates.ucl.ac.uk -W %h:%p

You can then save the config file.

When you try to make an ssh connection now use:

ssh <alias name e.g. socrds>

You will be prompted for your password twice if you don’t have passwordless ssh turned on.

Option 3b: SSH tunnel via Socrates for iRODS

iRODS uses port number 1247 to send traffic over the internet and you can use the following command on your terminal (e.g. Cygwin) to send this traffic to RDS via socrates:

ssh -L 1247:arthur.rd.ucl.ac.uk:1247 <user name>@socrates.ucl.ac.uk

With the shell left running in the background your iRODS client needs a little reconfiguring.

In the case of Cyberduck, you will need to generate a new bookmark based on a modified .cyberduckprofile file. Using a text editor, replace "arthur.rd.ucl.ac.uk" with "localhost", save the file with a new name and run it. You'll need to put in the path and username as you did the first time you created the bookmark for Cyberduck. When you try to run the bookmark, Cyberduck will warn you of a certificate error because the certificate is expecting the address of the service to be "arthur.rd.ucl.ac.uk" and not "localhost". You can happily click to accept.

If you are using the icommands, some similar changes will need making: using a separate terminal window (or tab), locate your irods_environment.json file in your ~/.irods directory. Using a text editor, replace the line:

"irods_host": "arthur.rd.ucl.ac.uk",

with

"irods_host": "localhost",
"irods_ssl_verify_server": "none",

Now you can run iinit.

Related guides & other info

Help & Support

For further help and assistance you can contact researchdata-support@ucl.ac.uk

Feedback

We are continually improving our site, so please provide us any feedback on this web page using the form below. It would also be really useful if we could discuss your feedback with you, so if you are happy to be contacted please include your UCL email address in 'Email' field below.

Please note: We can only respond to UCL email addresses

Help us improve this page