How to set up remote working
There are times when you unexpectedly find yourself having to work from home. Fear not: data analysis doesn’t need to stop when you’re away from the lab. Mascot Server has a client-server architecture, and the client PC can be located anywhere. Distiller and Daemon can also be used remotely, or they can be run on a remote client PC and connect to the Mascot Server via the Internet.
The only tricky bit is allowing inbound traffic through the firewall in a secure way. Some organisations allow access through a VPN, which greatly simplifies client-side configuration. Alternatively, if you have a Secure Shell (SSH) access to a Linux machine connected to the internal network, you can use SSH port forwarding and create a private tunnel. If neither method is available, the somewhat riskier option is adding a firewall rule to allow inbound traffic to specific ports on specific PCs in the internal network.
The table below summarises the inbound ports we’ll discuss.
Application | Inbound ports |
---|---|
Mascot Server | 80 (HTTP) or 443 (HTTPS) |
Mascot Distiller | use Microsoft Remote Desktop |
Mascot Daemon | use Microsoft Remote Desktop |
Microsoft Remote Desktop | 3389 (RDP) |
Secure Shell port forwarding | 22 (SSH) |
Mascot Server
The only ports required by Mascot Server are 80 (HTTP) or 443 (HTTPS), depending on how the web server is configured. The installation default on both Windows (IIS) and Linux (Apache) is port 80. You can tell which one is used by looking at the URL you normally use for accessing Mascot. If it starts with http://, you’re using port 80; if https://, port 443.
If you have a VPN set up, there’s very little to change. Most of the time, you just need to use a fully-qualified domain name. For example, suppose Mascot is installed on mascot-pc and the internal network domain is company.office. If the Mascot URL is usually http://mascot-pc/mascot/, just change it to http://mascot-pc.company.office/mascot/.
Alternatively, your organisation might have an SSH gateway that allows inbound connections from the Internet. The SSH client (like OpenSSH or PuTTY) has an option to forward a local port to a different port on a remote machine. For example, you could forward localhost:10080 to mascot-pc:80 through the SSH gateway. The Mascot URL would then be http://localhost:10080/mascot/ while the SSH tunnel is running. It’s best to ask your local IT support or systems administrator about whether an SSH gateway is available and how to connect to it, as the authentication details vary by organisation.
Finally, if neither VPN nor SSH is available, you’ll need to ask your IT support to open port 80 or 443 to mascot-pc, or configure the firewall yourself if you’re the network admin. This was discussed in a different context in Using Mascot Security to share search results.
Distiller and Daemon
With desktop applications like Distiller and Daemon, your options are different depending on where the application is installed. If it’s installed on a PC in the office or lab, you can use Microsoft Remote Desktop to control the PC and use the application as normal. If your home PC or laptop runs Windows, the client software is already installed. Otherwise, there are several free software or paid alternatives for macOS and Linux.
Remote Desktop has some restrictions depending on Windows version: Windows Server 2012/2016/2019 can handle any number of Remote Desktop connections, but it needs to be enabled in system settings; and Windows 10 only allows two simultaneous connections. Contact us if you need more that two simultaneous connections and you’d like to move Distiller or Daemon from a Windows 10 to a Windows Server machine.
If you have a VPN set up, start the Remote Desktop client and connect to the correct machine name. You should be able to log in and use Distiller or Daemon as usual. Remote Desktop can also be used through SSH port forwarding. For example, forward localhost:13389 to port 3389 on the Distiller PC, and then open a Remote Desktop session to localhost:13389. Lastly, if neither VPN nor SSH can be used, it’s possible to open port 3389 through the firewall, but we strongly advise against this due to the security risks.
If Distiller or Daemon is installed on a laptop that you’ve taken home, follow the instructions for accessing Mascot Server. You can then just change the Mascot URL in the application and submit searches from the laptop to the Mascot Server PC. Daemon may be configured to use a shared task database. The same VPN or SSH technique applies to connecting Daemon to the SQL server. Consult the SQL server documentation about which port or ports are used.
Keywords: Mascot Daemon, Mascot Distiller, sysadmin, VPN