Please Test Your VPN Access

Prior to your observing night, please test your VPN access!  Our IT department occasionally makes changes to the VPN settings based on the current cybersecurity environment, so please check your ability to access the VPN a day or so ahead of your assigned remote observing time (even if you observe remotely at LDT regularly).  If you encounter difficulty, please contact LDT Staff.

Requesting Remote Observations

If you would like to observe remotely, you must request remote support in your observing proposal.  Please read this page, and get in touch with either your local partner LDT contact, or directly with Stephen Levine (sel at lowell) at Lowell.

Requirements for Remote Observing

To approve remote observing, we have two basic operational requirements.  These will be re-evaluated periodically to see how they might be updated to meet observers' and the facility's needs better.

  1. Anyone wishing to observe remotely must already have had a run where they were in residence at LDT for the run, working with the instrument(s) they propose to use.

    This requirement is waived for the duration of the COVID-19 outbreak.  A new user who is a member of a group that regularly uses LDT should observe with an experienced group member.  All other new users MUST contact LDT staff to ensure support on their first night. 

  2. On the night(s) in question, LDT is able to staff with 2 TOs.  One TO will be responsible for the facility, the other for interactions with the observer and the instrument(s).  This requirement is in place for two reasons: (a) safety for the TOs - this way we have two people on site, since any help is otherwise some time and distance away and (b) if something goes wrong, either on the facility side, or with the connection between the remote site and LDT, each TO is able to concentrate on fixing whatever the issue is without having to worry about either the facility, or the observer respectively.

Preparing for LDT Remote Observations

First and Foremost – Contact your TO

If you are observing remotely, contact your TO ahead of time (at least one day in advance) to let them know:

  1. Who will be connecting remotely (especially important if your project has more than one member or if an alternate observer will be present).
  2. When you will be connecting.
  3. Anything the TO needs to do for setup before you connect.

Contacting the LDT Site

There is an LDT Zoom default meeting which is now the default method for connecting to the TO and the site during observing. Contact your TO for connection information.

The LDT phone numbers are

  • (928) 233-3291
  • (928) 268-2914

  • (928) 354-2674

Test VPN & VNC Connections

If you have not observed remotely before, or have had troubles in the past, please get in touch and set up a time to test out your VPN and VNC connections before your observing run.  You can test your VPN connection at anytime.  When testing the VNC connection, contact the site first as you run the risk of interrupting someone already working on the machine.  (For details, see below.)

Contact LDT staff or your departmental contact for your departmental VPN account name and password.

VPN Change -- May 2024

If you last observed before May 2024 using IKE2 VPN, you must update your VPN settings to SSL Split Tunneling to connect to the Lowell network (see bellow)

Lowell has shifted to a new firewall appliance (2021-Sep), and all users should use the new VPN server. 

Instructions for setting up your computer to use the new VPN are at WatchGuard VPN SSL Split Tunneling (use your departmental VPN account name and password to access the confluence page)

  • Primary:  vpn3.lowell.edu  (IP address: 207.192.243.66 )

As a general rule, before connecting to ANY LDT computers remotely, please make a Skype or Zoom connection and check-in with your TO to make sure you don't collide with another observer.

Operations at the Telescope When Not the Current Observer

If there is another party observing, and you would like to access the telescope or instruments (even to do internal calibrations, or similar self contained operations), you MUST contact the people observing at that time as well as the TOs.  If you don't know the observers, start with the TOs, as they will know who is observing.  The observers have the right to decline any such operations if they feel that they might interfere with what they are doing.

From a safety perspective, we need to be aware of any operations taking place at the telescope.  From a science perspective, the observers of record may have concerns that other operations might have unanticipated impacts on their observations.

Prepare and Communicate Your Observing Plan

Remote observations have the disadvantage of not sharing the control room with your TO.  As such, it is necessary to proactively communicate.

There have been occasional reports of VNC dropouts from the observer computers (dct-obs1  / dct-obs2).  We are investigating the source of these issues, but plan accordingly.

  1. Have a backup plan written up and communicated to the TOs.  If the network connection to the LDT goes down, your TOs can attempt to continue your program while you reconnect.  Otherwise the time will be lost.  Backup observing plans should be very detailed and assume that the person observing does not know your science requirements.

  2. Communicate with your TOs ahead of time.  Let them know when you plan to connect in, who will be calling in, if you need twilight sky flats, etc.  Anything you would normally communicate to them if you were on site, please send to them ahead of time.  For example:

    1. Send them, or up load your target list to the observing machine ahead of time and check that it loads properly.

    2. Upload any automated function or pattern files ahead of time, and similarly check that they load properly.

    3. If you will be observing objects using ephemeris tracking, make sure that the ephemeris file(s) have been sent to the TOs to put onto the TCS computer ahead of time, and that you let them know what the equinox and epoch of the file is (e.g. FK5, date, etc.).


Connecting for Your Observing Session

  1. REQUIRED FIRST STEP. Make a Zoom or phone connection with your TO.  This will ensure they expect you, and also that they can confirm that the machine(s) you plan to connect to are free for your use.  

  2. Connect to Lowell's VPN server from your remote computer.  Connection specific instructions are given below for the various flavors of computers and protocols.  For each of the three major computer OS families, there are VPN clients known to work with the Lowell WatchGuard firewall (see the note about VPN above).  The default setup now splits your traffic, so only Lowell specific traffic goes to Lowell.

    1. Be aware: In some cases, institutional networks may restrict your ability to initiate a VPN connection to Lowell.

    2. When the VPN connection is first set up, add lowell.edu  to the Search Domains.

    3. Once the VPN has connected, you can confirm operation by pointing a browser to one of:

      1. http://nightwatch.lowell.edu
      2. http://dct-allsky.lowell.edu
      3. http://lux.lowell.edu

      One or all should work if the VPN is functioning properly (none of these sites is accessible outside the Lowell network).  If they do not load, then something is probably wrong with the VPN.  (A further test would be to ping dct-obs1.lowell.edu.)

  3. Once inside the Lowell firewall, you can connect to the observing user interface (UI) machine using a VNC client.  See the table below for the tested combinations of OS, VPN, and VNC clients.

  4. Site all-sky cameras (for LDT and Anderson Mesa) and the LDT weather are all accessible from a web browser, once you are connected to the internal Lowell network.  See the LDT All-Sky Cameras and Weather Information page for details.

OS

VPN

VNC

Comments

MacOSX

NB: the WatchGuard client requires macOS 10.14 (Mojave) or later.

WatchGuard SSL-VPN client


NB: the older VPN solutions are no longer supported (as of Sept 2021).

NB: For those using MacOS 13 (Ventura), there is a known issue with WatchGuard (see above).

Apple Screen Sharing Client

(Finder → Go → Connect to Server;   or ⌘K)

This setup is the most seamless, and works with both dct-obs1 displays in use.

NOTE: As of November 2020, there is only one display attached to dct-obs1.

Login using the observer account and password.

Screen size is 2 x (2560 x 1440).  It is operationally easiest to work with only one of the two screens at once.

Some observers have noted a significant lag when controlling dct-obs1 with both screens enabled.  Setting the display to mirror mode seems to resolve the lag.

MacOSX

NB: the WatchGuard client requires macOS 10.14 (Mojave) or later.

WatchGuard SSL-VPN client


NB: the older VPN solutions are no longer supported (as of Sept 2021).

NB: For those using MacOS 13 (Ventura), there is a known issue with WatchGuard (see above).

TightVNC

RealVNC

You may need to ask someone at LDT to set the dct-obs1 display to mirror mode before connecting (screen size will come through incorrectly and logging in may not be viable).

You will need the VNC access password, in addition to the observer account and password.

Linux

WatchGuard SSL-VPN client


NB: the older VPN solutions are no longer supported (as of Sept 2021).

ssVNC

TightVNC

Install ssVNC using apt-get (debian, ubuntu) or dnf (redhat, fedora) to make sure all dependencies are included. Do not download the client from their website.

You may need to ask someone at LDT to set the dct-obs1 display to mirror mode before connecting (screen size will come through incorrectly and logging in may not be viable).

You will need the VNC access password, in addition to the observer account and password.

Windows_7

Windows_10

Windows_11

WatchGuard SSL-VPN client


NB: the older VPN solutions are no longer supported (as of Sept 2021).

RealVNC

You may need to ask someone at LDT to set the dct-obs1 display to mirror mode before connecting (screen size will come through incorrectly and logging in may not be viable).

You will need the VNC access password, in addition to the observer account and password.


Remote desktop connection if VPN/VNC not working

In case you cant access dct-obs1 or dct-obs2 due to problems with your VPN/VNC setup, you can use a direct remote desktop connection to dct-obs2 using the software Anydesk (https://anydesk.com/en/downloads). To use Anydesk you will have to ask the TOs for the unique code of dct-obs2.  The TO will have to accept the connection request on dct-obs2 before you can access the machine. This procedure is very fast and straight forward, and it should allow you to observe remotely without issues, although not having a working VPN connection will probably prevent you from retrieving your science data while you observe.


  • No labels