Umpio storage space

The Umpio storage space is a secure network folder for sensitive data. It can only be used with a virtual computer using two-factor authentication.

Umpio was designed as the processing environment for materials requiring special protection, such as business secrets, inventions, labeled or identifiable special categories of personal data and authoritative information with categorised protection level, instead of the usual network drives and workstations.

It is not necessary to transfer all non-public materials to Umpio, but it may be advisable, depending on the working methods. The line is drawn case-by-case; should the materials have the potential to cause damage or considerable harm to the university or its reputation, to an external owner of the materials or to a person identifiable from the materials, if made public or accessed by unauthorised individuals, they belong in Umpio.

Tabs

Detailed help

Ordering the service

Storage space orders are run by solution consultants as the needs must be processed case-specifically.

  1. Place your order through Helpdesk.
  2. Access to the Umpio storage space is based on IAM group management as in the use of other group directories. Use this tool to check that the IAM group limiting the users of the folder exists or, if necessary, create a new group.
  3. Report the IAM group you are using and the desired storage space to the processor of the support request. The pricing of storage space corresponds to the price list of group directories. Please also confirm the order with your unit’s service coordinator (list in Flamma).

Implementation of the service

The service uses two-factor authentication that requires a username and a password as well as a RSA SecurID Software Token authenticated with a mobile device. The steps described in this chapter are only required when implementing the service for the first time.

  1. Install the required RSA SecurID Software Token application on your device.
    - Mac / iPhone: download the installation package from App Store
    - Android: download the installation package from Google Play
    - Windows: On a university computer, you can find the software in Software Center; on a personal computer, you can find the software at
    https://community.rsa.com/docs/DOC-73395
  2. Log in to the RSA Console using your UH username and password at https://2fa.it.helsinki.fi
    If the Console asks for your Authentication method, select Password and use your UH password.
    umpio_1.png
  3. Click Request a new token and, when prompted, select the operating system you are using for the RSA SecurID Software Token software mentioned in step 1.
    umpio_2b.png

    The Console will also ask you to set a PIN code for the token. Creating a token requires action from the administration, which means you will need to wait for a response from administration after this step.

    umpio_3.png
  4. Once you receive the e-mail notification New or additional Software Token request is approved, log in to the RSA Console again at https://2fa.it.helsinki.fi. Remember to check your junk mail folder!
    The next steps depend on the operating system used to run the Token software.
    - If you are using a mobile device to run the Token software, log in again to the RSA Console at https://2fa.it.helsinki.fi and go to step 5 of these instructions.
    - If you are using a workstation to run the Token software, you can find the link and activation code required to activate the software in the approval message. After activating the software, your Securedesk desktop will display the 8-digit code required for logging in and you can go to section “Using Securedesk and Umpio storage space” in these instructions.
     
  5. Select Activate Your Token and you will see the QR code required for logging in.
    umpio_4b.png
  6. Open the RSA SecurID Software Token application. Add a new token using the + icon and select the scanning of the QR code. Point the camera of your mobile device towards the QR code displayed by the RSA Console. If the scanning of the QR code is stopped and displays the error message “Invalid QR Code”, your Android phone is likely too old to support the application. In that case, you can run the Token software on your workstation or contact Helpdesk for more tips.
    umpio_5.png
  7. After scanning the QR code, your Securedesk desktop will display the 8-digit code required for logging in.

Now go to your VMware Horizon Client software

On your computer, open the VMWare Horizon Client application or the virtual environment in your web browser at securedesk.it.helsinki.fi.  
If you are using the VMWare Horizon Client application on a UH computer, add securedesk.it.helsinki.fi by clicking on the + New Server option to include it in the list of optional VDI servers. 

  • Start configuring the new server in the New Server menu of the Horizon Client. (1)
  • In the new window, enter the address of the connection server securedesk.it.helsinki.fi (2)
  • After clicking Connect, the securedesk target will appear in the Horizon start menu where you can click it to start connecting. (3)
umpio-kirjautuminen-01.png

Authentication process

Once the initial preparations are completed, you can start connecting to the securedesk connection server. Please note that the login process will include two consecutive authentication dialogues, the first of which is RDA-authenticated:

  1. In the User name section, enter your university username
  2. In the RSA Passcode section, enter the single-use passcode provided by the RSA app (see image below). Do not enter your PIN code or university password!

Open the RSA SecurID Software Token application on your mobile device and enter the PIN code you previously set for the application during setup.

  • When launching, the app will ask you to Enter PIN. Enter the PIN code you set up when activating the token. After entering the PIN code, you will see the token screen depicted below.
umpio-kirjautuminen-02.png

Please note that if you enter the wrong PIN code in the RSA app, it will not alert you of an incorrect PIN but generates an arbitrary number that will not work. This is an intentional security feature.

Using Securedesk and Umpio storage space

After accessing Securedesk, check the folder share settings between your computer and the virtual workstation if you plan to transfer or copy files:

  • If you are using VMWare Horizon Client in Windows workstation, select Sharing behind the cog icon in the top right corner and click the Add button to add the folders you want to share from a local drive. Also tick Share your local files and Allow access to removable storage.
  • If you are using VMWare Horizon Client in Mac workstation, select VMWare Horizon Client -> Preferences -> Sharing tab from the upper menu and click the Add button to add the folders you want to share from a local drive. Also tick Share your local files and Allow access to removable storage.
  1. In the list of virtual computers, select secure desktop. Once it opens, you should see the Umpio group directory in file management as a drive connected to the letter U and the folders shared from your computer as a Z drive. Use the Connect USB Device option in the top bar to connect and use USB devices.
    umpio7.png

 

Virtual desktops (virtual computers) VDI and VMware

More detailed instructions on virtual desktops are available here