Remote Access Services—VPN and Citrix
Also known as VPN, Citrix, RDP, or XenApp.
CUIT provides two methods for faculty, researchers, and staff to connect to the Columbia network from a remote location: VPN and Citrix. Students, both domestic and international, are not eligible for VPN or Citrix through CUIT.
Please note: The Citrix software is also used by other groups at Columbia such as SIPA. The information on this page only applies to CUIT Citrix.
Most of Columbia’s systems can be accessed directly in your web browser, but certain restricted administrative applications require the CUIT VPN (virtual private network). VPN is also the solution for most users to connect remotely to your shared files on the University network. If you are one of CUIT’s customers that pays for access to the Columbia Central Server, you can use CUIT Citrix to access certain applications and resources on the server.
Before utilizing either remote access service, please refer to the Columbia University Remote Access Policy in the Administrative Policy Library for specific requirements and guidelines.
Please remember that most of Columbia’s systems can be accessed directly in your web browser without using VPN or Citrix, freeing up licenses for other users. If you have been authorized to access these systems, the best way to log in remotely is by navigating to the portal and simply using your UNI and password. The Columbia U Secure network eliminates the need to use VPN while on campus in order to access Columbia administrative resources.
When to use CUIT VPN
If you are remote or on an insecure (unencrypted) wireless networks on the Columbia campus and you need to:
- Access your shared drive files (e.g. “H drives”)
- Access restricted administrative applications:
Please note that the R25 classroom scheduling application on the Morningside Campus is only accessible when you are physically on campus.
CUIT recommends that you use VPN in conjunction with logging into Remote Desktop Protocol (RDP) to connect to Columbia’s Windows servers or workstations.
How to install Cisco AnyConnect to enable VPN
...on your desktop/laptop computer (preferred)
Visit and log in to vpn.cc.columbia.edu to download the desktop client. Detailed installation instructions are provided below.
- Windows installation instructions
- Mac installation instructions
...on your mobile device
- iOS: Visit the App Store, download and install the Cisco AnyConnect app. Enter vpn.cc.columbia.edu for the server name.
- Android: Visit the Google Play Store, download and install the Cisco AnyConnect ICS+ app. Enter vpn.cc.columbia.edu for the server name.
How to connect with VPN
- Navigate to the Cisco AnyConnect Secure Mobility Client software on your computer (found in your Program Files on a Windows computer, or in your Applications folder on a Mac computer)
- Click Connect for the Columbia_VPN group
- Establish a connection using your Columbia UNI and password
- Windows users: Navigate to Windows Remote Desktop to access your workstation’s desktop and files.
When to use CUIT Citrix
If you are remote and need fast access to:
- Connect to the Columbia Central Server for access to your shared files (“Workgroup Space”)
- For downloading certain Windows applications (only available if your department is eligible for the program):
How to install Citrix
Visit http://citrix.cuit.columbia.edu and click Install to download Citrix.
You must have an Active Directory account (ALPHA or ADCU domain) in order to use the CUIT Citrix service. You can check if you are on the ALPHA domain by looking at your login screen: it will display either ALPHA\yourUNI or ADCU\yourUNI. If you would like to join the ALPHA domain, please visit the Shared Drive Account Administration service page.
How to connect with Citrix
- Find and double click the Citrix application
- Log in using your Columbia UNI and password
No. Students are not granted access to the CUIT VPN.
Cloud-based services provided by CUIT use the same strong encryption employed by banks and other high-security sites, which protects the privacy of your data. Please note that if you receive warning messages from your web browser stating that a site may not be secure, you should not proceed to the site.
Most countries allow open access to the Internet, allowing you to use applications in your browser directly, as well as VPN and Citrix, just like you would at home.
No. Under recommendation from CUIT Security and the Office of General Counsel, CUIT does not provide the VPN access that would allow CU affiliates to visit Western sites while in China. Although it's an inconvenience for Columbia users, CUIT does not want to knowingly help our community members break the laws of another country.
CU faculty and staff (but not students) can use the CUIT VPN service for encrypted access to Columbia resources that are operated on the Columbia Network (ARC, SAS, SDR, etc) while in China. However, using CUIT’s VPN service in China will not provide them with access to any off-campus resources (including web access to cloud services like LionMail).
As of 2018, the following websites and apps are known to be blocked by China’s firewall, using IP blocking, DNS tampering, keyword filtering, deep packet inspection, URL filtering, and manual enforcement. Note that this is not an exhaustive list.
- All Google services (Gmail, Translate, Search, Drive, Play Store, etc)
- Western News media
You cannot use the VPN service if your computer is connected via a wired Ethernet connection on campus. However you can use VPN if you're connecting via WiFi, or if you're using off-campus broadband Internet.
Yes. This occurred because your computer was not restarted after the initial installation of Cisco AnyConnect. Restart your computer and try again.
The VPN Client settings (for reference only) are as follows:
- Connection Entry
- Columbia VPN
- Host Name
Enable Transparent Tunneling should be checked.
Choose Use IPSec over TCP
- TCP Port
- Peer Response Timeout
- 480 Seconds
- Choose Group Access Information
- Confirm Password
- Leave everything blank
- Stateful Firewall
- (Always On) - do not check
- Application Launcher
Used to preset an application or program to launch automatically once the VPN connection is established.
- Automatic VPN Initiation
Ensure the Enable box is checked.
Retry Interval set to 1 minute
Yes, however CUIT strongly suggests that you use VPN to access your shared files. Citrix is not preferred because it is not designed or recommended for connecting to the University servers.