Quick Start Instructions

  1. Launch the Cisco AnyConnect Secure Mobility Client software if you've previously downloaded the client, otherwise install it via our self service software options for Mac and Windows or visit vpn.broadinstitute.org in Chrome to download. If you plan to connect through the VPN from your mobile or tablet device, download Cisco Secure Client-AnyConnect app and follow these steps.
     
  2. Connect to vpn.broadinstitute.org.


     

  3. Log in with:
    • Group: Duo-Split-Tunnel-VPN
    • Username: Broad username.
    • Password: Broad password.
    • Second Password: Two-factor authentication method via Duo (push, sms, phone, or 6-digit passcode).


     

  4. AnyConnect will perform a posture check to ensure system compliance. Note that this can take up to 30 seconds.


     

  5. Click ok to finish connecting

 

General Information

The Broad Institute computing network is protected by a firewall and to access internal resources from a remote location or over the public internet the Broad Virtual Private Network (VPN) must be used. This requires the user to authenticate using their Broad username and password in order to make a connection.

Our VPN is the Cisco AnyConnect Secure Mobility Client. Cisco AnyConnect is a Web-based VPN which works with current versions of Chrome, Firefox, and Safari. It is designed to operate on Windows 10, Mac OS X version 10.13 or later, plus Red Hat Enterprise 6 and Ubuntu 11.0 and later distributions of Linux. Note that Linux and non Broad owned devices will be restricted to certain parts of the network. This client can be automatically downloaded and installed onto your computer when connecting, and it configures itself. No manual configuration is necessary.

 

Usage Instructions

The preferred method of connecting to the VPN is via the Duo-Split-Tunnel-VPN. This will route traffic destined for Broad on-prem resources over the VPN tunnel, while other traffic will route over your default connection. This keeps traffic such as Netflix or VOIP phone calls from congesting the Broad VPN. Please use this method unless directed otherwise.

The other option is to route ALL traffic over the VPN using Z-Duo-Broad-NonSplit-VPN. This will allow access to resources which require a Broad IP address, such as journal websites or cloud projects with restricted firewall rules. It is extremely important that you do not use any high bandwidth applications while connected to Z-Duo-Broad-NonSplit-VPN, such as streaming services (Netflix, Hulu, Spotify, etc) and data transfer (scp, gsutil, rsync, etc).

 

Acceptable Use Policy

Usage of the VPN is governed by the Broad Acceptable Use Policy. VPN sessions which compromise the availability of the VPN service, including excessive bandwidth usage, will be terminated without notice. BITS will attempt to provide clarification and instruction for any VPN session terminated.

 

General Installation Instructions

Installation of AnyConnect VPN on Windows and Mac OS X operating systems is pretty straightforward.

If you have trouble getting the client installed, detailed instructions for Windows and Mac OS X systems are available here.

VPN Not Necessary on the Broad-Internal wireless network

If you are using a "Broad Owned" computer, you should be able to connect to and use our Broad-Internal Wireless Network when on site at any of our buildings. This network is exclusively for Broad employees and their systems. When connected to Broad-Internal you are already "Inside" the network so VPN is NOT necessary. We encourage all employees to use this internal network whenever needed. Additional information about this internal wireless network can be found here: Broad-Internal

However if you are using your own personal laptop etc., you still need to use the VPN in order to access internal resources. In this case you would first connect to our "public" wireless network just called Broad.

 

split tunneling
vpn
Network
OSX
Linux
Windows XP

BITS

Networking