Remote Access Services—VPN and Citrix

Remote access to network files and administrative applications on the Columbia network via VPN and Citrix.

Also known as VPNCitrixRDP, or XenApp.

On this page:

CUIT provides two methods for faculty, researchers, and staff to connect to the Columbia network from a remote location: VPN and Citrix. Students, both domestic and international, are not eligible for VPN or Citrix through CUIT.

Please note: The Citrix software is also used by other groups at Columbia such as SIPA. The information on this page only applies to CUIT Citrix.

Most of Columbia’s systems can be accessed directly in your web browser, but certain restricted administrative applications require the CUIT VPN (virtual private network). VPN is also is used to connect remotely to shared files on the University network. If you are a CUIT customer that pays for access to the Columbia Central Server, you can use CUIT Citrix to access certain applications and resources on the server. Before utilizing either remote access service, review the Columbia University Remote Access Policy for specific requirements and guidelines.

Most of Columbia’s systems can be accessed directly in your web browser without using VPN or Citrix, freeing up licenses for other users. The best way to log in remotely is by navigating to the portal's URL and connecting with your UNI and password. The Columbia U Secure network eliminates the need to use VPN while on campus to access Columbia administrative resources.

If you are remote or on an insecure (unencrypted) wireless networks on the Columbia campus and you need to:

Please note that the R25 classroom scheduling application on the Morningside Campus is only accessible when you are physically on campus.

CUIT recommends that you use VPN in conjunction with logging into Remote Desktop Protocol (RDP) to connect to Columbia’s Windows servers or workstations.

...on your desktop/laptop computer (preferred)

Visit and log in to vpn.cc.columbia.edu to download the desktop client. Detailed installation instructions are provided below.

...on your mobile device
  • iOS: Visit the App Store, download and install the Cisco AnyConnect app. Enter vpn.cc.columbia.edu for the server name.
  • Android: Visit the Google Play Store, download and install the Cisco AnyConnect ICS+ app. Enter vpn.cc.columbia.edu for the server name.

How to connect with CUIT VPN using Duo MFA

As of August 16, 2018, accessing CUIT VPN services requires a CUIT Duo multifactor authentication (MFA) account. If you already use Duo at Columbia to access MyColumbia, then you can skip this step.

If you do not have an active Duo account, please configure Duo MFA for your UNI. For additional information, visit the MFA FAQ page.

If you need further assistance, submit a ticket to the CUIT Service Desk to ask questions or report an issue. You can also call the Service Desk at 212-854-1919.

Open the Cisco AnyConnect Secure Mobility Client on the computer or device you will be using with CUIT VPN, found in your Program Files on a Windows computer, or in your Applications folder on a Mac.

The first time you use the VPN with Duo MFA, you will have to manually enter vpn.cc.columbia.edu into the AnyConnect window (instead of Columbia VPN, the previous default) and click Connect

Change from Columbia VPN to vpn.cc.columbia.edu

You will receive an error if you do not enter vpn.cc.columbia.edu for your first Duo MFA connection attempt.

Type your UNI in the Username: field, and your UNI's password in the Password: field.

TIP: This is the same login that you use for myColumbia.

There are four methods of connecting to VPN using the Duo Action* field.

*Note: The first time you use VPN with Duo MFA, you will see a Second Password field instead of the Duo Action field. After you have successfully connected to Cisco AnyConnect once, the field will always display as Duo Action.

  • Method 1: Type push to get a notification sent to your mobile device (recommended), then click OK. Follow prompts from the Duo mobile app on your smartphone or tablet to Approve (or Accept and Confirm) the request.
     
  • Method 2: Type phone to receive an automated phone call, then click OK. Your enrolled landline or cell phone will receive an automated phone call from Duo, follow the instructions you hear to complete verification.
     
  • Method 3: Type sms to receive a batch of one-use passcodes via text and click OK. Your primary Duo device will receive a text message with 10 passcodes. Enter a passcode in the Duo Action*: field of the Cisco AnyConnect window (you may need to re-enter your UNI and password again as well), then click OK.
     
  • Method 4: Enter a pre-generated passcode by opening the Duo app on your smartphone, and tapping on your Columbia University account to reveal a 6-digit passcode (one-time use only). Type this code into the the Duo Action*: field of the Cisco AnyConnect window, then click OK.
One-time code via Duo Mobile app

Cisco AnyConnect will finish connecting after the Duo Action is processed and you will be connected to CUIT VPN.

TIP: If you enrolled more than one device you can type in push2sms2, or phone2 to send the passcode to your secondary Duo MFA device.

If you need further assistance, submit a ticket to the CUIT Service Desk to ask questions or report an issue. You can also call the Service Desk at 212-854-1919.

If you are remote and need fast access to:

Visit http://citrix.cuit.columbia.edu and click Install to download Citrix.

You must have an Active Directory account (ALPHA or ADCU domain) in order to use the CUIT Citrix service. You can check if you are on the ALPHA domain by looking at your login screen: it will display either ALPHA\yourUNI or ADCU\yourUNI. If you would like to join the ALPHA domain, please visit the Shared Drive Account Administration service page.

  1. Find and double click the Citrix application
  2. Log in using your Columbia UNI and password

No.

No. Students are not granted access to the CUIT VPN.

Cloud-based services provided by CUIT use the same strong encryption employed by banks and other high-security sites, which protects the privacy of your data. Please note that if you receive warning messages from your web browser stating that a site may not be secure, you should not proceed to the site.

Most countries allow open access to the Internet, allowing you to use applications in your browser directly, as well as VPN and Citrix, just like you would at home.

No. Under recommendation from CUIT Security and the Office of General Counsel, CUIT does not provide the VPN access that would allow CU affiliates to visit Western sites while in China. Although it's an inconvenience for Columbia users, CUIT does not want to knowingly help our community members break the laws of another country.

CU faculty and staff (but not students) can use the CUIT VPN service for encrypted access to Columbia resources that are operated on the Columbia Network (ARC, SAS, SDR, etc) while in China. However, using CUIT’s VPN service in China will not provide them with access to any off-campus resources (including web access to cloud services like LionMail).

As of 2018, the following websites and apps are known to be blocked by China’s firewall, using IP blocking, DNS tampering, keyword filtering, deep packet inspection, URL filtering, and manual enforcement. Note that this is not an exhaustive list.

  • All Google services (Gmail, Translate, Search, Drive, Play Store, etc)
  • Dropbox
  • Facebook
  • Flickr
  • Github
  • Instagram
  • Tinder
  • Twitter
  • Skype
  • Snapchat
  • Soundcloud
  • Vimeo
  • Western News media
  • WhatsApp

No. The VPN service only provides access to on-campus resources. Off-campus Library resources can be requested via the Libraries website using your UNI and password.

Take a screenshot of or write down the error message and submit a ticket to the CUIT Service Desk.

You cannot use the VPN service if your computer is connected via a wired Ethernet connection on campus. However you can use VPN if you're connecting via WiFi, or if you're using off-campus broadband Internet.

Yes.

Yes. This occurred because your computer was not restarted after the initial installation of Cisco AnyConnect. Restart your computer and try again.

The VPN Client settings (for reference only) are as follows:

Yes, however CUIT strongly suggests that you use VPN to access your shared files. Citrix is not preferred because it is not designed or recommended for connecting to the University servers.