Frequently Asked questions

(Latest update 13-11-2019 10:00)


INFN Organizational Unit of Cagliari
Computing and Networking service   
Head of Service Antonio Silvestri (0706754980/8) sysman@ca.infn.it

This is a collection of questions and answers, not exhaustive, regarding the use of IT resources in the INFN organizational unit in Cagliari. For briefness I refer to it with the term "Sezione di Cagliari" or more briefly with the term "Sezione". You can also find the acronym CCR which is the National INFN Computing & Networking Committee.

******** Due to lack of staff, this page has not been updated since November 13, 219. Updated Italian version  ******


Legal Notices:



How can I request access to the INFN Sezione di Cagliari computer resources?
In order to gain access to the Sezione di Cagliari computing services, first of all you must go to the INFN secretariat (Sig.ra Dessi) and register as a Guest or Associate. Guests are those who are not associated and use the IT infrastructures of the Institute. Then you have to fill in the appropriate online form on the website www.ca.infn.it (Tab Quick links->Account Request)  in ALL its parts. The printed form must be signed by you, your supervisor and by the Director.
Finally hand it over to the Computing and Networking service manager. 
By submitting this form all the obligations and conditions contained in the document Regulation for the use of IT resources in the INFN are accepted.
You will receive an email at the alternative address you specified to set your  password. Then, to finalize the account creation, you must connect to the public server lxca.ca.infn.it to verify your password. For example:

 ssh username@lxca.ca.infn.it ( you must provide the password you chose)

The computer lxca.ca.infn.it and most services are only visible from within the local network of the Institute. To access from outside (home, CERN, etc.) you have to first access the computer Mizar.ca.infn.it from this host you have complete visibility of all services.
What is SSH?
SSH stands for Secure Shell and identifies a communication protocol on an encrypted connection. In practice, a program that is used to connect to local or remote computers. For Linux, the command ssh is recognized by default, for Windows there are various packages with a graphical interface (for example: Putty). For Mac the command is available using application terminal.app.
How do I request an IP address ?
To obtain an IP number for any network device (desktop, printer, or any other object that is connected to the local network) that is not a handset, you must fill in the "Request for a IP Number" form and submit it to the Computing and networking service. Under no circumstances will it be possible to grant a standalone IP address without being authorized. ( As required by section 6, point 3 of the  Regulation for the use of IT resources in the INFN )
If you do not know what is an IP address you can consult Wikipedia. In this case, I would recommend reading the information regarding DNS and MAC Address.
Please note that all mobile devices (laptops, tablets, phones, etc.) must use the wireless network that is published on the network with the names:
 eduroam o INFN-dot1x.

This rule may be waived when wi-fi coverage is not sufficient, inefficient or absent. In this case you need to know the "MAC address " of your network interface. On Windows operating systems, you must type the command "ipconfig /all" in a command prompt window that opens by clicking in Start-->Accessories->Command Prompt.
The result of this command provides a list of network interfaces. For cable connection find the section Ethernet adapter [Local Area Connection o Ethernet] line, in the Physical Address line there are 6 alphanumeric characters divided by": ", this is the string to be transcribed in the module.
If a Linux distribution is installed on the laptop, the command to be done (in most distributions) from the terminal window is "/sbin/ifconfig -a" in the resulting list of network interfaces, you must look for (usually) an entry of the eth0 or ensxxx type at which you will find the entry HWaddr followed by the MAC Address.
How do I change my login password ?
You can change you credentials only through the link present on the right side of our website www.ca.infn.it. If you need a password RESET because you no longer remember it  send an email to sysman@ca.infn.it .
How do I use e-mail?
E-mail is one of the basic services of the Sezione di Cagliari and can be accessed in a variety of ways. There are several types of clients that can connect to our mail server: Outlook, Mozilla/Thunderbird, Pine/Alpine so much to mention the most used ones. In addition, one of the many web browsers ( Internet Explorer, Chrome, Firefox, Safari, Opera, etc.) can also be used by clicking on the webmail item on the horizontal bar on the home page of our site.
The (usually sufficient) configuration parameters for the aforementioned clients are as follows:
Protocol :IMAP
Incoming server : imapca.ca.infn.it Port : 143  Security : (START)TLS¹ ( Default SSL can be used )
Folder : mail  ( this is usually the folder name in your home directory where the mails reside )
Outgoing server : mbox.ca.infn.it   Port : 587   Security : (START)TLS¹( Default SSL can be used )
Also remember that in all "clients" (also called the Mail User Agent) the sender's address has to be defined otherwise there will be communication problems.
Please note that attachments that exceed 20MB and list of recipients greater than 100 are not allowed. It is recommended that you organize mails immediately after reading them in auto-explanatory folders and you are not advised to keep an abnormal number of messages in the Arrival area (INBOX).
(¹) For mobile devices, when possible, choose (START) TLS in the variant "accepts all certificates"
WARNING: It is strongly discouraged to enable automatic mail forwarding usually through the file .forward that is created in the user's home root. This practice generally involves the transfer of information to entities other than the INFN which is generally not permitted. It also poses problems of increasing spam. In the future this practice could be specifically prohibited.
How do I create mailing lists?
There is a national SYMPA ( mailing list server) shared management system available for all the OU of INFN to which you can access with the address lists.ca.infn.it. At this time only with a personal certificate. With this system, you can create moderate, closed or open list types (distribution, discussion).
Be careful that generally a mail destined to a given list is accepted only if the originating address of that mail is present in the list itself.
There is an on-line help available on the site that is important to read carefully.
How di I create a mail address alias as <...>@infn.it ?
At the address alias activation you can find instructions to create top domain mail address aliases (e.g: name@infn.it, name.lastname@infn.it, etc.).  Follow the instructions and pay attention to the conflicts that may arise.

How do I read mail via web ?
Web clients are provided on our horizontal bar site (webmail). They are SquirrelMail (not supported) and RoundCube, they provide access to mailboxes via WWW.
At first login, users must configure at least their own personal parameters. In Squirrelmail on the top of the page you will find the Options link that will take you to the configuration page. The part that is advisable to edit immediately is the one called Personal Information, in particular the Full Name and  E-mail Address  entries . The latter must contain the standard INFN address that you have been assigned to (usually in the form Name.Surname@ca.infn.it).
In RoundCube, you must define the default identity. After login at the top right there is the entry Settings that takes you to the configuration page where you can find the tab Identities. With a click on the address already present (most probably wrong) a box appears where you can enter the already mentioned standard INFN address.

How to transfer files from outside to our site ?
To copy files from the outside to our site (Sezione di Cagliari) there are various options:
1) You can use the port forwarding or tunneling method.
2) The Mizar computer visible on the outside has a volume called "/stage" which can be used as an exchange area. For example:
          scp <your_files> Mizar.ca.infn.it:/stage/ <your_destination_files>
the file can then be transferred from Mizar elsewhere.
CAUTION
The following restrictions apply to the volume /stage which has a capacity of 1TB:
  a) there may be files no older than 7 days, all the others will be automatically deleted.
  b) files larger than 200GB will be deleted within 24 hours.
  c) If the space is occupied at 90% for more than 24 hours, steps shall be applied a) by halving the maximum file size and alternatively by decreasing the number of days in point b).
3) You can use the Seafile fileharing system (similar to DropBox). Currently the quota associated with users is 10GB but can be increased depending on the needs and total availability.
Port forwarding (or tunneling)
This technique is used to establish a connection to a remote computer that we have access to and use it to access other computers that are otherwise unreachable.
The command ssh to get this type of connection is:
ssh -L <local_port>:<unreachable_host>:<remote_port>username@<reachable_host>
For example, we want to access the lxca.ca.infn.it not accessible computer outside the INFN site, but we can access the frontier computer mizar.ca.infn.it. We execute the command:
            ssh -L 2222:lxca.ca.infn.it:22 myusername@mizar.ca.infn.it
After logging in, the tunnel is created. This session should not be closed and should not be used. From this moment on we can connect with any of the Sezione computers. In this case: lxca, with the command:
            ssh -p 2222 myusername@localhost
you will be connected to computer lxca.ca.infn.it. To copy a file to lxca we use the command:

         
scp -P 2222 filename myusername@localhost:

In the example we used the port 2222 to be generic. We could use any other port also the same 22.
The tunnel will be deleted when the session that created the tunnel will be closed.
This technique can also be used in other areas. Many programs purchased by the INFN have network  licenses, which means that there is, somewhere in our organization, a server that dispenses licenses on demand if such a request comes from the networks assigned to INFN. An example is the Mathematica program . If we are at home and want to use the network license to use the program we have to make sure the request (looks) coming from the Sezione network. We must create a tunnel for the Mathematica program to access the license server:

                ssh -L 16286:mathlm.na.infn.it:16286 myusername@mizar.ca.infn.it

This command creates the tunnel with port 16286 (the port that uses Mathematica to obtain licenses) and the Naples computer that manages the licenses (mathlm.na.infn.it) when we log in mizar. From now on we can run the Mathematica program on our computer. The program must be given localhost  (or alternatively 127.0.0.1) as the license server address .
What is Netiquette?
The term is a fusion between the English word net and the French etiquette and is a set of rules and behaviors that all users in the network should follow for a correct use of all Internet features (a kind of Etiquette for the internet community). Obviously there is no authority obliging them to follow these rules but only good manners, common sense and respect for the neighbor. These rules can be found on the RFC's official website. The document number is 1855.
How do I retrieve a file I deleted by mistake?
In the Sezione di Cagliari there is a weekly (rotating) centralized backup system that saves the incremental daily backup of the users home directories at midnight about every business day. The following conditions must be met for the recovery of one or more files: the file must be present in the backup of one of the previous 5 days, or it must be present in one of the full backups that is done every Saturday night. One of these backups becomes the monthly one and is available for a few months. Who needs to retrieve a file send a mail to sysman@ca.infn.it.
In some cases it may be possible to retrieve deleted files on the same day and in some cases even on the previous day, just change the current directory to /home/.snapshot/ <userdir> where there are 6 directories (named hourly.x e nightly.x) with snapshots of the contents of the entire home directory . You can view the date and time of such snapshots with the command
[user@node ~]$ ls -lu /home/.snapshot/
total 96
drwxr-xr-x. 113 root root 12288 Jul 18 12:00 hourly.0
drwxr-xr-x. 114 root root 12288 Jul 18 08:00 hourly.1
drwxr-xr-x. 114 root root 12288 Jul 17 20:00 hourly.2
drwxr-xr-x. 114 root root 12288 Jul 17 16:00 hourly.3
drwxr-xr-x. 114 root root 12288 Jul 17 12:00 hourly.4
drwxr-xr-x. 114 root root 12288 Jul 17 08:00 hourly.5
drwxr-xr-x. 114 root root 12288 Jul 18 00:00 nightly.0
drwxr-xr-x. 114 root root 12288 Jul 17 00:00 nightly.1

You have to choose one of these areas and move to your directory.
For example: cd /home/.snapshot/hourly.0/<userdir>. At this point you can search for the file to retrieve.
How can I use printers of the Sezione di Cagliari from Linux?
This operating system uses CUPS (Common Unix Printing System), to have a list of available printers type the command: lpstat -a. To print a file type command: lpr -Pprinter_name file.
The "lpq -Pprinter_name" command provides information about print jobs queued to the printer.
The command "lprm job" deletes the print job. The job number can be deduced from the result of the previous command.
If you get such "Connection refused" or  "Unable to connect to server" message, this probably means that the cups server is unreachable or incorrect. To overcome this, you need to check the file /etc/cups/client.conf (if it does not exist, you can create it) that should contain the "ServerName cups.ca.infn.it" line . This file can only be edited if you have root permissions. Disable the local cups server with the following commands: systemctl stop cups e systemctl disable cups.
Alternatively, you can designate the CUPS server in the command line using the options " -H cups.ca.infn.it" or " -h cups.ca.infn.it" depending on the type of command. For more extensive documentation, you can use the "man lpr", " man lpq" command.
Other printing options can be found on the lpr standard options page . There is also a command a2ps with which you can make very articulated prints. For  instructions type  "man a2ps".
Accessible printers are:

Tail Printer model Position
xwc7830* WorkCentre 7830 (B/W) (Printer Room /1 floor)
ph7500 Xerox Phaser 7500DT   (color) (Printer Room /1 floor)
xrx45* Xerox Phaser 4510DX (Block A /1 floor)
ph5550* Xerox Phaser 5550DX  (Block A /2 floor)
Ph4510* Xerox Phaser 4510DX (Block C/2 floor)
P2055 HP LaserJet P2055DN (Block A Mezzanine)
In case there were printer configuration problems with the CUPS system, try installing printers on your local CUPS application on your computer, in which case you will need administrator privileges (root). The procedure to run is the same as that for the MAC operating system.
(*) CAUTION only these printers will accept PDF files in a direct way.
How can I use printers of the Sezione di Cagliari from Windows?
The way for direct printing was chosen to print from Windows systems. So every computer that wants to access printers must install their drivers for each printer .
This installation can be done by connecting via web to the printer. On the home page there is a link "install printer drivers" (alternatively there may be a tab named support ) that will take you to the page where drivers can be chosen for your operating system.
Each printer can be accessed through the respective link as shown in the following table:

Tail URL Printer model
xwc7830 
http://xwc7830.priv.ca.infn.it  Xerox WorkCentre 7830
ph7500 http://ph7500.priv.ca.infn.it Xerox phaser 7500DT
xrx45 http://xrx4500.priv.ca.infn.it Xerox phaser 4500 DT
ph5550 http://ph5550.priv.ca.infn.it Xerox phaser 5550
Ph4510 http://ph4510.priv.ca.infn.it  Xerox phaser 4510
P2055    http://p2055.priv.ca.infn.it HP laserJet 2055
 
Alternatively, you can connect to the manufacturer's printer site where the support area usually contains drivers. For Xerox printers after choosing the model go in Xerox Global Driver --> Install from the Web).
Also for the HP manufacturer the procedure is similar. Go to "support area" choose the printer model and operating system, and you will redirected to the download area. If the printer is not on the US website try using the Italian site. We recommend that you choose the "PCL5 / 6" or "Postscript " drivers .
How can I use printers of the Sezione di Cagliari from Mac?
For the configuration of printers, you generally can apply the same guidelines for Linux. In fact, Apple Macs use the same CUPS system for printer management. However, it is recommended to configure printers by runnning a shell program. Download the archive mac_printers.zip. This will create the directory mac_printers that contains the files "set_printers.sh" and "del_printers.sh". By running the first script (in a shell terminal window) you configure the printers, with the second one you delete them.
Where is the software area available at the INFN?
There is a public folder that can be accessed \\storey\public either by the Windows network (Network / Map Network or Network Neighborhood) or by Mac (from Finder using connect to server) where there are folders with SW both free and acquired INFN.
To access Linux from Samba you can use the following command:

    smbclient -N //storey/public

At " smb:/>" you can use the typical Linux commands "cd, ls, dir, pwd, etc." To have the command list type " help".
To download a file, use the " get nome_file"
Or you mount the remote filesystem via NFS (you must be root in this case) with the command:
 
                       mount -t nfs storey:/volume1/public /<mount_point>

Remember at the end of the session to do:  umount /<mount_point>
How can I connect from home (or usually from outside) to the computers in the Sezione?
For safety reasons, access to the local network of the Sezione must be made through the "computer mizar.ca.infn.it" to which you connect with the linux command:  ssh utente@mizar.ca.infn.it.
So all those who have to connect to other computers at the local INFN site must first login Mizar and then connect to the computer of their own interest.
Mizar is a frontier machine and limited resources (users directories are not present) it exist for the sole purpose of accessing the local INFN network. For no reason, the computer Mizar should be used for other purposes (long compilations, program runs, or any other activity that could degrade its functionality).
Alternatively you can use the VPN connection. Refer to the section: How do I link a VPN with the Sezione ?
Graphic link via X11
If you want to use Linux graphics features (X11), the connection must be made with the "-X" option
        ssh -X utente@mizar.ca.infn.it
You can concatenate the graphical display with other sessions to other hosts with multiple commands so "ssh -X" the last session sends the graphic output to the first server.
For users of the PUTTY program
Putty is a Windows application for ssh sessions . The equivalent -X option of ssh is accomplished by enabling " X11 forwarding " in the configuration (Connection / SSH / X11) and placing the following address " 127.0.0.1:0 " in the row next to " X Display location "
How do I use the Wi-Fi Trip / eduroam connection?
In some areas of the building where the Sezione di Cagliari is located, there is a wireless infrastructure (Wi-Fi) for all the affiliates at the INFN. Wi-Fi networks are announced  with the names called SSID (ServiceSetIDentifier): INFN-Web , INFN-dot1x and eduroam. This infrastructure is part of the TRIP (The Roaming INFN Physicist) project that is intended to provide any INFN employee access to GARR network in any INFN site.
By connecting to the INFN-Web network you are automatically directed (via Captive Portal) to a page where you can authenticate with an X.509 Personnel Certificate issued by the INFN Certification Authority (or any other valid Certification Authority) or with username and password but in this case ONLY for the local users of the Sezione.

By connecting to the INFN-dot1x network you will be authenticated with the username and password of the membership structure wherever you are. However, this kind of connection requires a particular configuration of the wireless network interface that you can find on the CCR site (or in the Windows group pages ).
For OS Windows (versions below 10) you may need to download the SecureW2 program to obtain from the Computer and Networking service. To ensure proper operation of this type of connection, it is advisable to check its operation before a trip. However, due to particular local needs, it may be possible for some sites to change both network names and some configuration parameters. When connection problems occur, you must contact a referral person for the network where you are located.
In the Physics Department building SSID eduroam is present in many areas, if you want to use the Wi-Fi eduroam network you have to select SSID eduroam (Education Roaming), the profile for that access is identical to that for INFN-dot1x .
We remind you that the credential you are requested to input are <ca-local-username>@ca.infn.it as user input and <ca-local-password> as password input.
If you want to configure the latest versions of MAC OS, you need to create your profile(s) with a special "iPhone Configuration Utility" program available on the Apple site or download the
eduroam_dot1x_configuration file . This is a compressed file to decompress.
There is also an on-line auto-configuration procedure on the CNAF site . A file is imported to the MAC or mobile devices with IOS
Eduroam on android : select SSID and enter Phase 1 PEAP / TTLS and Phase 2 PAP, then enter username@domain (domain=ca.infn.it) and password.

However, we recommend that you use the automatic configuration system for all operating systems through the cat.eduroam.org site.
Eduroam is the secure, world-wide roaming access service developed for the international research and education community. You can use your institution credentials to access any world wide eduroam hotspot. The Italian Eduroam  Federation is coordinated by the GARR. Here are some useful links for eduroam:
        Italian Institutes who adhere to eduroam.
        Hot-Spot international map. 
WARNING! There is a difference in treatment if a user is connected via INFN-dot1x (or INFN-Web) and eduroam. The first one can access the local network and INFN (computers and printers) resources, while the latter will have no access.

How do I request a personal certificate?
There are two ways to do this:
Use the official service purchased by INFN DigiCert . Only available if you already have access to the INFN central portal.
The procedure is simple to have to connect to the site http://www.digicert.com/sso choose your "Identity Provider" in our case "INFN" and then goto "start single sign-on". You will see the AAI INFN page where you can enter your credentials. Once you return to the Digicert page you can request the certificate, selecting it as "Product" Premium and "Request Certificate". After a few seconds the certificate will be ready for download.
The CA Digicert Certificate is available at this address.
Warning for this operation you can use only the following browsers: Safari, IE, Firefox ESR and Firefox Portable version.

ATTENTION use the same web browser with which the request was made. The validity of the certificate is one year, just before the deadline you will receive notices for renewal. If the certificate has expired  you need to repeat the entire procedure.
How do I publish one or more personal pages on the web?
If a user wants to publish their own pages, you can use the webca.ca.infn.it computer service. Log on and transfer files to your local home directory.
In practice, you create an HTML document with the name of  index.html. Make sure all of these documents are readable by everyone with the " chmod o+r nomefile" command.
The link to access this document will be http://webca.ca.infn.it/<userid> where userid is the username of the user. Notice that disk quotas are enabled each user has a 1GB soft limit and a hard (1.3GB) over which you will receive error alerts.
All those who use or will use this system or a similar one will accept all the rules contained in the  Regulation for Use of IT Resources in the INFN and implicitly the following limitation of liability:
" Content published must relate to their own professional activity and the activity carried out at INFN. The owner of the pages is solely responsible for their content and will be held liable for breach of applicable laws ."
How can I place a password for accessing my pages?
To password protect the contents of a web page (for example: pippo.html) follow these steps:
Copy simple-auth.tar file and untar it. In the created simple_auth directory there are three files (bootstrap.min.css, password_protect.php, style.css) modify, according to your needs, the lines of password_protect.php containing $username = xxxx and $password = yyyyy entries.
Change suffix to the name of the file containing the page in php (example: change pippo.html in  pippo.php) and place the following rows in the top of the file
<?php
include("simple_auth / password_protect.php");
?>
Thus, when you access  pippo.php page you will be asked username (xxxx) and password (yyyyy).
What is Spam? What can I do to not receive it? ( in REVIEW contact computing service )
Spam means sending a large amount of unwanted messages (usually commercial but not limited to). It can be implemented with various types of media but it has become a serious problem with the use of Internet mail.
To limit the impact on the user, there is a first filter on our mail server that blocks a number of known computers that are used to generate spam. Subsequently, users can further  use a message filtering program  (spamassassin) to block messages that have passed the first barrier. However, this system needs to be "trained" so that it can more accurately discern between "good" mails and "bad" mails. To do this, each user with a certain regularity should do the following:

1) Classify "good" mail in one or more folders
2) Create a folder where you put all the spam you receive, for example you can call it Spam (that folder must contain at least a thousand messages the first time you do this procedure)
3) Log in to helios computer. Change directory where you keep your mail folders (usually mail)
4) Enter the command:
           sa-learn --showdots --spam --mbox Spam
5) For each folder containing "good" mail, you must launch the command:
           sa-learn --showdots --ham --mbox folder1
        sa-learn --showdots --ham --mbox folder2
                ...
           sa-learn --showdots --ham --mbox folderN
6) If everything is fine you can delete the mails from the Spam folder.

For more information on the anti-spam program, type " man sa-learn".
How do I make a VPN connection with the "Sezione"
The VPN (Virtual Private Network) protocol allows you to connect to the LAN of the Sezione di Cagliari so that it is recognized as part of the LAN itself. This means having free access to almost all services present in Sezione. This is useful to avoid duplicate connections and access services as if you were on the local network. This also enhances the security of our LAN, as in this case interactive access (such as logins) to internal computers can be completely eliminated or greatly reduced.
The current configuration is called split-tunneling which means that from an external computer (outside the Sezione ) traffic to our networks will be hijacked through a special (virtual) connection while the rest of the traffic will be treated  normally.
Keep in mind that this type of connection is NOT EFFICIENT for intense traffic (the connection has an overhead), it is useful only in those cases where it is advantageous to have a preferential path for your activities.
To achieve this, you must install a client  that provides this type of connection.
Client for WINDOWS
You must download and install the OpenVPN GUI (Download stable Installation Package) program. To configure it, you must download the Win.zip file and unpack the files contained in it in the following directory:
 
  C:\Program files\OpenVPN\config\
 
At this point just launch the program from the button

 "start-> All programs-> OpenVPN GUI".

A red icon appears in the lower right of the system tray. By clicking on the right mouse button a menu appears; Two INFNCA1 and INFNCA2 alternatives are shown, select one of the them and click on "connect". You will be prompted for the username and password for your INFN account. If everything is successful, the bottom right icon from red will become green.
For Windows 7/8/10 Professional 64bit you must use the " OpenVpn Portable for Windows 64bit " package (you do not have to install it is a file that contains a directory that can be placed in any location). This directory contains the program to run OpenvpnPortable. It must be run as Administrator (select the program and press the right mouse button run / run as / as Administrator).
Client for LINUX
You must download and install OpenVPN. This and subsequent operations depend on the Linux distribution that is being used and must be made with root privileges (or sudo). First, install the "epel-release" package (the name should change depending on the version of linux) with "yum (or apt-get) install epel-release" and then "yum (or apt-get) install openvpn".
If you do not find the package " epel" with the above instructions you will need to search for your Linux distribution in use.
To configure you must download the linux.zip file and unpack ( unzip linux.zip) the files in the directory /etc/openvpn/. To launch the program, type (always as root or with the prefix sudo):

openvpn --config /etc/openvpn/INFN_lnx.ovpn    or alternatively
openvpn --config /etc/openvpn/INFN2_lnx.ovpn

You will be prompted for the username and password for your INFN account. Leave the window active for the duration of the VPN session.

Client for MAC
For MacOS, download and install the TunnelBlick package (follow the link, use this version only). Then download the Mac.zip file and unzip it. Launch Tunnelblick,  drag and drop the configuration files (INFN_Mac.ovpn,INFN2_Mac.ovpn) into the icon to the top right. 
After launching Tunnelblick the icon appears at the top right, clicking on it you can open one of the available connections, when the icon will turn from gray to black the connection has been successfully.

Mobile Devices
For Android mobile systems, you must download and install the OpenVPN for Android package and import the android.ovpn configuration file. For IOS (iPad / iPhone), you must install the program OpenVPN and import configurations with the file ios.ovpn and and ios2.ovpn , they specify the servers  that provide the service.
How do I synchronize the date and time with the NTP service?
The Network Time Protocol (NTP) service has the ability to keep time synchronized with servers that provide the exact date and time. This service is practically enabled for any device that has the ability to be connected to the network. For security reasons, the time servers (outside the local network) that you can connect to have been restricted to the following:
     ntp.ien.it
    ntp-1.infn.it
    ntp-2.infn.it
    ntp-3.infn.it
    pool.ntp.org
    time.windows.com
How to use the local file sharing service
This service (experimental) allows you to share files with various hardware objects (computers, tablets, smartphones, etc.) by using the "Seafile" product installed in our CED. All information can be found at http://www.seafile.com/en/home/. Seafile clients can be downloaded from the download area  http://www.seafile.com/en/download/. During the installation you will be asked to type in the server name: https://thor.ca.infn.it.
The user authentication is done via the official INFN mail address and password of the Sezione di Cagliari.

ATTENTION with new seafile versions it may happen that new "folders" are not synchronized in these cases, we recommend disabling server certificate verification. This option is accessed as follows: mouse click (right key) on the seafile icon, then settings->tab advanced and select "do not verify certificate..."
National Services INFN
At the CCR site you can find useful news and tips to manage your computers. There is also a page listing the services the INFN provides to its users. Some are oriented towards end-user computing services.
Activating Microsoft products
For the correct operation of the following procedures make sure that the date, time and TimeZone are those of Rome.
Windows :
The Windows 7, 8, 8.1, 10 OS that are installed using the downloaded ISO from the Microsoft Volume Licensing Service Center are enabled by following these steps:
    1. Open a Command Prompt as Administrator (Run as Administrator)
    2. Type the following commands:
        cscript \windows\system32\slmgr.vbs /skms kms.infn.it
                    cscript \windows\system32\slmgr.vbs /ato
    If another medium is used, the two commands above must be preceded by the following command:
       cscript \windows\system32\slmgr.vbs /ipk "code for SO"
Where the CODE FOR SO is available on the Microsoft page:
            http://technet.microsoft.com/en-us/library/jj612867.aspx
Office:
     cd  "%ProgramFiles%\Microsoft Office\OfficeXX"
   cscript ospp.vbs /sethst:kms.infn.it
   cscript ospp.vbs /act

In some Office 64-bit installations you might find it in the folder:
     "%ProgramFiles(x86)%\Microsoft Office\OfficeXX"
XX = 16 per Office 2016
XX = 15 per Office Professional Plus 2013
XX = 14 per Office Enterprise 2010
Check for any changes to the CCR site from where this information was duplicated.
Office 365:
INFN can also use the Microsoft Office 365 platform. CCR has provided instructions to use it.
Project/Visio:
For the Microsoft Project software, a campus license was purchased for all INFNs. For Microsoft Visio, licenses are available for sites that have requested it. Go to this page fro instructions.
How do I use the programs enabled only for INFN networks?
You can do it  in two ways: The first is to use a VPN connection with the Sezione headquarters, the second is the one that uses the port forwarding or tunneling technique .
How do I know how much disk space I can use?
Each user has a disk quota available, the default is 30GB. The Linux command
                  quota
verifies your quota its  output is
  Disk quotas for user xxxx (uid nnn):
    Filesystem blocks quota limit grace files quota limit grace
    nasca1:/vol/user
              9831828 31457280 33554432 4294967295 4294967295

The meaning of these numbers is as follows: the column blocks defines the current disk occupation (9831828 kb. 9.4GiB), the quota column soft limit (31457280 KB) is the allocated disk space (30GiB) while the column hard  Limit  (33554432KB = 32GiB) is the maximum allowed occupation beyond which no write operation is allowed. In this case, the user has 2GiB available before the restrictions apply. To change the allocated quota, you have to ask the authorization of the Director.
Please note that backing up account data that exceeds the 32GiB quota is excluded from the backup system even if the quota is authorized.
For those who often go to CERN
The division of computer science at CERN offers its users information and recommendations that all concerned should know. The site is safe and full of suggestions for solving various issues. Particularly interesting may be the file transfer page .

Active institutional distribution lists
List of distribution lists for the Sezione di Cagliari currently active:

1)     dipendenti@lists.ca.infn.it                     Employees
2)     ricercatori@lists.ca.infn.it                     Researchers & Technologist (employees only)
3)     ricercatori2@lists.ca.infn.it                   All researchers
4)     sezione@lists.ca.infn.it                          Employees, researchers & associates
5)     coordinators@lists.ca.infn.it                  Group Coordinators
6)     tta@lists.ca.infn.it                                  Technical, Technological & Administrative Personnel
7)     gruppo1@lists.ca.infn.it                         personnel belonging to Group I
8)     gruppo2@lists.ca.infn.it                         personnel belonging to Group II
9)     gruppo3@lists.ca.infn.it                         personnel belonging to Group III
10)   gruppo4@lists.ca.infn.it                         personnel belonging to Group IV
11)   gruppo5@lists.ca.infn.it                         personnel belonging to Group V
12)   utenti@ca.infn.it                                    All users who have an account at the Sezione
13)   team_emergenza@lists.ca.infn.it           Emergency Team

CAUTION!! These are closed lists so the lists accept mails to be distributed ONLY IF you are registered and the message comes from the registered email address.

How to install anti-Virus/anti-Malaware TrendMicro ?
The INFN National Computing Committee has purchased a new antivirus which according to the AgID directives  must be installed on every INFN's Windows and MacOS computer.

Windows version 64bit
Windows version 32bit
Mac OS  Install
Mac OS uninstall
Run the program. if all goes well you will be asked to restart.
If instead there were problems, the typical one is you cannot uninstall the antivirus already present, uninstall it manually, reboot and proceed with the installation again. If the existing antivirus is the old Sophos Antivirus this must be uninstalled with the following program: SophosZap.zip after unpacking, run the sophosremoval.bat file
WARNING:  This antivirus "TrendMicro" has a centralized management console meaning that the user has a limited number of permitted operations

What are the usable programs covered by the National Contract?
The INFN National Committee for Computing & Networking (CCR) has purchased licenses and has concluded  many contracts for general purpose SWs for the INFN. This is the list of licensed SW: ESACOMP, CAMPUS_ADOBE, ANSYS, NAG, NX-IDEAS, AUTODESK, ALFRES, MATHEMATICS, LABVIEW, TrendMicro antivirus, COMSOL, GPFS, JIRA, CLIOSOFT, MICROSOFT, AFS, SEEVOGH, SIMULINK, ADOBE_CONNECT, SECUREW2.
In Sezione we can use:
Mathematica to use it you need to instruct the program to use the network licenses provided by the server mathlm.na.infn.it (At the launch of the program choose: other ways to activate mathematica -->> network license, see also tunneling)
Microsoft Windows & Office, AutoDesk, Matlab, LSF, Adobe. The SW is found on pandora.infn.it some programs can also be found on our repository and on the site of the CCR development tools.
How do I use Matematica program ?
The Mathematica program is licensed by a central server residing in Naples so to work it must connect with this server. The following scenarios can be presented:

                       ssh -L 16286: mathlm.na.infn.it: 16286 myusername@mizar.ca.infn.it

this command creates a tunnel with port 16286 (the port Mathematica uses to obtain licenses) and the Naples computer that manages the licenses (mathlm.na.infn.it) when we log in to mizar. From this moment we can run the Mathematica program on our computer. The program must be given  local address localhost or 127.0.0.1 as license server.

How to make video / sound conferences?
There are various systems to do this kind of activity. There is a videoconferencing system in the meeting room,  you can consult A. Cardini's instructions to use it.  There are also various software tools (eg: eZuce/Vibe SRN), you can find more information on the Multimedia Group site.
 
What is the X11 system ?
X Window System (known in jargon as X Window, X11 or simply as X), in computer science, is a widespread graphic manager, de facto standard for many Unix-like systems (including Linux and FreeBSD). It was created by MIT in 1984. The latest version of the protocol, X11, was completed in September 1987. The X.Org Foundation implements the X version 11 protocol in XOrg (Wikipedia).
All Unix systems have a version of this manager and there are versions for Windows (X-Ming, X-Win32) and MacOS (Xquartz).
For MacOS using Xquartz program it may be necessary (if it does not work) to perform the following steps:
  1. Update XQuartz (Xquartz menu check for updates)
  2. At the command line, type: defaults write org.macosforge.xquartz.X11 enable_iglx -bool true
  3. reboot