Remote Access Instructions

This document is an instructional guide to securely connect to the “HighTower Cloud” which includes all enterprise applications consisting of (P&L) Reporting, Bonaire, BMS, and more to come.

In order to provide secure access from PCs, laptops, and tablets to your data and sensitive applications, a private tunnel is created back to HighTower’s network through two applications:

  • Cisco AnyConnect (on your machine, ie PC/laptop/tablet from where you will view data)
  • Creates the private tunnel back to the network
  • Validates your login is authorized
  • This is a VPN connection software
  • Duo Mobile (on your phone to generate code or prompt for approval. Similar to RSA Token)
  • Generates an authorized passcode to access HT’s network
  • Or informs you of a connection request and prompts for an approval
  • This is a dual factor authentication mechanism

Version 1.5.0

2014

Table of Contents

First Time Setup: Registering Your Devices

On your remote Windows PC/Laptop:

On your Apple OSX:

Connecting from a Tablet (off of the Network)

Configure Your Remote PC/Laptop Remotely

Using Duo Mobile App to Generate "One Time Password"

Re-Connecting from Registered Machine

Laptop or PC

Tablet

______

1

First Time Setup: Registering Your Devices

Microsoft Windows System Requirements:

  • Internet Explorer 8 or higherwith java plug-in.

Apple OSX System Requirements

  • Firefox browser with java plug-in.

Step 1:Openweb browser and navigate to

Step 2:Enter your HT login credentials as "jsmith" and password. 2nd Username is "jsmith" as well.

NOTE:If this is your first login to HighTower SSL VPN - you will be required to enroll your mobile device(s) with Duo Security for dual factor authentication.

Step 3:Welcome Screen - Click "Start Setup" to get started.

Step 4:Choose Your Authenticator - We recommend using a smartphone.

Step 5:Select the operating system of your phone and click "Continue"

Step 6:Type Your Phone Number - Select your country and type your phone number. Use the number of your smartphone, landline, or cell phone that you'll have with you when you're logging in. You can enter an extension if you chose "Landline" in the previous step.

Double-check that you entered it correctly, check the box, and click "Continue"

Step 7:Launch the Apple Store app on your iPhone or Google Play Store app on your Android device or BlackBerry World market on your BlackBerry and search for "Duo Mobile" app, then tap "install"

Apple IOS App Installation / Android OS App Installation


Step 8:Once the Duo application is installed on your phone, open it and tap "Add Account".Click"Scan Barcode", which will allow you to scan the square barcode displayed on YOURCOMPUTER SCREEN.

Step 9:Once you've successfully scanned the barcode on your computer screen using your mobile device, you will see an enrollment notification on your computer screen.

If you wish to enroll a tablet device or a landline as an authenticator, you may click on "Enroll another device." If you have no other enrollments, you may click on "I'm done enrolling devices" and proceed to complete your login into HighTower systems.

Step 10:Upon successful enrollment, you will be presented with the second factor authentication screen as seen below. You may select Duo Push method, which will push a prompt notification to your smartphone with option to accept or reject the login. The phone call method will call your selected authenticator phone number and ask you to press any key to authenticate. You may also generate a passcode using your Duo mobile app or request an SMS text message with a valid passcode.

Step 11:Click "Log in" button to complete your authentication process.

Step 12:Your registered mobile device will receive a notification, clicking the Approve button on the will automatically advance your computer’s browser webpage forward, allowing you VPN access to the HighTower Network.

This completes the dual-factor authentication process on your phone.

Once you click approve, you will begin your remote PC/laptop setup.

On your remote Windows PC/Laptop:

Upon initial successful login - the VPN appliance will attempt to automatically install VPN client software to the computer. You may be prompted to "Allow" add-ons to run on your browser.

In the event auto install is not successful you will be asked to install the client manually by clicking on "Windows 7/Vista/64/XP" download link.

Click run to begin installation of AnyConnect client and accept all defaults to complete installation

On your Apple OSX:

Upon initial successful login - the VPN appliance will attempt to automatically install VPN client software to your computer. In the event auto install is not successful you will be prompted to install the client manually by clicking on Mac OSX 10.6+ (Intel) download link.

If prompted, select open with "DiskImageMounter" and click OK to begin download.

Once download is complete, double click vpn.pkg to install

AnyConnect client.

Accept all defaults during this installation.

Once you have the AnyConnect client installed, you can find it in the list of applications in the "Cisco" folder. You should drag the launch icon to your dock for quick launch. Use this application for future connections.

Connecting from a Tablet (off of the Network)

  1. Download Cisco AnyConnect from the App Store on your tablet.
  1. Once downloaded, open Cisco AnyConnect app
  2. Click OK on the prompt to enable software
  1. Toggle the AnyConnect VPN button to ON
  2. Type the following for the below fields:

Description: HighTower

Server Address: vpn.hightoweradvisors.com

Click Save

  1. Note HighTower is selected. Toggle AnyConnect VPN to ON
  1. The next screen will require entry of your credentials. Screenshots reference phone and tablet.
  1. At this point, you will be automatically connected once you have approved the connection from your phone. You can validate by opening the AnyConnect app again and note Status = Connected.
  1. You may access the P&L reports. Either click on this link or type –

Configure Your Remote PC/Laptop Remotely

Step 1: Launch Cisco AnyConnect Secure Mobility Client directly. It will be in

  • All Programs (Windows)
  • Applications (Mac)

Please consider making these shortcuts on your PC/laptop

Step 2: Fill out connection field: vpn.hightoweradvisors.com and click Connect

Step 3: Ensure selected Group is "HIGHTOWER"

Step 4: Fill in login details with your Active Directory username and password



Step 5: Fill in second factor security credentials with your Active Directory username and six digit code generated on your enrolled mobile device. Alternatively you may simply type "push" in the Second Password field to receive a prompt on your mobile device with option to Accept or Reject authentication.

Step 6: Once you are connected, a confirmation window will display in the right corner of your screen.

Using Duo Mobile App to Generate "OneTimePassword"

Step 1: Open Duo Mobile app on your mobile device

Step 2: Tap the key icon highlighted in red to generate your one time use password

Step 3: Use generated six digit code as your second factor authenticator in AnyConnect VPN client prompt in the field "Second Password". This will allow you to then connect to the HighTower applications on your PC.

Re-Connecting from RegisteredMachine

Laptop or PC

  1. Navigate directly to the installed application “Cisco AnyConnect”
  2. Launch the application
  3. Click Connect


Use your phone to generate passcode or approve push notification on Duo Mobile.

  1. Once connected, the logo will have a lock on it. Navigate to

for your P&L report

Tablet

  1. Open Cisco AnyConnect app
  2. Toggle the AnyConnect VPN button to ON

Note: HighTower is selected.

  1. The next screen will require entry of your credentials.Screenshots reference phone and tablet.
  1. At this point, you will be automatically connected once you have approved the connection from your phone. You can validate by opening the AnyConnect app again and note Status = Connected.
  1. You may access the P&L reports. Either click on this link or type –

1 / Help Desk Support: Extension 9999 on any HighTower Cisco phone OR 312-324-3490.