In order to comply with the terms and conditions of the license agreements with our software vendors, we now require that all users who wish to use licensed software such as ArcInfo from home must authenticate that they are members of the UVa community authorized to use the software. In general, we recommend that users should make use of the Virtual Private Network (VPN) client UVa Anywhere. However, the VPN can complicate other network use of the machine while it is in operation. With ssh tunneling, the user authenticates through blue.unix, which then passes information to and from the license manager. Since authentication is via blue.unix, in order to use ssh tunneling you must have an account on blue.unix and you must know your password there, which in general is not the same as other passwords such as your mail password. Please see the ITC accounts Web page for information about getting a blue.unix account.
Most of the software available from our license server makes use of the license manager. This requires that two ports be specified. Ports are channels over which information is communicated between two machines; they are identified by numbers. The numbers of the ports used for ArcInfo software product are can be obtained from the ITC Software Licensing Database. Log in to the database, select the ArcInfo version you use, and then click on "access license codes and program files" to find the port numbers that must be tunneled. Usually these numbers will be at the top of the page that is revealed when the license codes are accessed.
Follow the instructions below for your operating system to create an ssh tunnel for a particular software package. Note to laptop users: if you have a laptop that is used both on and off grounds, it is probably simplest to use the ssh tunnel in both cases.
SecureCRT is an ssh client for Windows that is available under license to UVa students, faculty, and staff. To use SecureCRT to set up an ssh tunnel, first open SecureCRT. Create a new connection session to blue.unix.virginia.edu with a name such as ESRItunnel. The screenshot indicates the icon for a new connection.
Set up this connection with the hostname of blue.unix.virginia.edu as the connection host.
Select properties for the connection. Under Categories: -> Connection, select Port Forwarding. Do not select remote port forwarding. Clicking on Port Forwarding should bring up a form.
Click add. Give the port a name such as port1 and enter the first port number obtained from the ITC Software Licensing Database. These port numbers are on the page containing the license codes for the software you are trying to use. We will use 11111 for this example. Check Destination host is different from the SSH server and enter the name of the license manager (aix.license.virginia.edu) Enter the same port number as the example above as the destination port. Click OK to return to the form.
Select add again and repeat this process for the second port, giving it a different name such as port2 as shown in the next screenshot. We will use 22222 for this second port for purposes of illustration.
Finish the second port and return to the main connection screen.
Click OK to save the session.
If you wish to tunnel to multiple licensed products, you can continue to
stack
ports in this manner; just be sure to add the required two
ports per product exactly as in the example above with port1 and
port2. In this case you may not want to automatically start
an application upon connection. If you prefer, you can create separate
sessions for each product you wish to tunnel. Keep in mind that you cannot
mix lm1 and lm2 in the same session.
Now you must add the name of the license servers to your hosts file. In Windows 2000, this file is located in C:\Winnt\system32\drivers\etc whereas in Windows XP it is in the C:\Windows\system32\drivers\etc directory. Open the file in a text editor such as Notepad. (Do not use Word or another word processor.) The file should contain a line
127.0.0.1 localhost
Immediately below this line, add a new line containing:
127.0.0.1 localhost aix.license.virginia.edu
This tells your machine to send all connections toaix.license.virginia.edu through the local system. Thus when ArcInfo requests a connection to the license server, that request will be routed through the local host and sent over the ssh tunnel.
Return to the SecureCRT connection window. Click on the new tunnel connection. It will ask for your user id and password. Use your blue.unix/Home Directory user id and password. Once these have been entered, the connection is established and your tunnel is in operation. You can leave the connection open for as long as you wish to use the software product; it will not interfere with other uses of the network.
For any questions about or problems with using ssh tunneling, please contact the Research Computing Support Group at 243-8800, or email res-consult@virginia.edu.