The ISAAC Secure Enclave is a special resource for use by University researchers. To request access to the Secure Enclave one needs to obtain and fill out a Secure Enclave Intake Form and obtain approval from the Office of Research. In addition, the Office of Research needs to be aware of, review, and authorize all sponsored and unsponsored research that may involve sensitive information that uses the ISAAC Secure Enclave.
The current Secure Enclave intake form is available for download here (requires University authentication to obtain).
Questions? Contact Chris Howard <email@example.com>, Pankaj Kumar <firstname.lastname@example.org> or submit a Service Request (in the menu links to the left) to get any questions answered.
The steps to getting into the secure enclave is approximately like this:
Please note that the Secure Enclave Citrix environment is used to access the Secure Enclave.
|Login Node||Hostname for SSH|
Please note that the Secure Enclave Citrix environment is used to access the Secure Enclave. Please view the video below for instructions on how to access the UT Secure Enclave. For text-based instructions, please review the steps outlined below the video player.
In addition to a web browser, you will need the Duo app on your mobile device. For iOS users, download the app from the Apple App Store. For Android users, download it from the Google Play store. For more information on Duo, please visit the 2FA website.
Follow these steps to access the UT Secure Enclave. The video above demonstrates the login process.
Accounts that are not used for one year are disabled. If you believe your account has been disabled due to inactivity, please contact the OIT Help Desk.
If you know your current NetID password and desire to change it, navigate to the password management page and log in. Once you authenticate with your username, password, and Duo, continue through the account protection prompt. Specify a new password that complies with UT’s password policies and accept the AUP (acceptable use policy) to change your NetID password.
If you do not know your current NetID password and desire to change it, navigate to the password reset page. Provide the necessary information to authenticate, then continue through the account protection prompt. Provide a new password that complies with UT’s password policies and accept the AUP to change your NetID password.
If you continue to have issues with your NetID password, please submit a ticket to the OIT HelpDesk.
In some instances, after connecting to Citrix and attempting to launch a remote desktop or app, you may encounter an error of the form:
Unable to connect to the server. Contact your system administrator with the following error: SSL Error 70: The server sent an expired security certificate. The certificate "USERTrust RSA Certification Authority" is valid from 30 May 2000 to 30 May 2020.
This typically occurs because of certain broken SSL implementations that fail to ignore expired intermediate certificates in a cross-signed chain in which only one of the signatories has expired. You are more likely to encounter this error if you connected to the Secure Enclave prior to May 30, 2020, or if you have recently connected to another UTK machine or website presenting an outdated certificate chain.
To workaround this issue, you will need to remove any expired copies of the following certificates from the
Intermediate Certification Authorities section of your certificate store:
UserTrust RSA Certification Authority(Expired 5/30/2020)
AddTrust External CA Root(Expired 5/30/2020)
The procedure for modifying your client machine’s certificate store will vary by platform, but on Microsoft Windows can be performed by pressing the start button and typing
Do not delete any current versions of the above certificates. It is not necessary to delete any expired certs other than the two named above. Following this, you may need to close the citrix app and clear your browser cache before reconnecting.
If you require any assistance with the above procedure, please submit a ticket to the OIT HelpDesk.
At the time of this writing, the Secure Enclave does not support X11 forwarding.