CCO Net

USER GUIDE

Prepared by the
Directorate of Enterprise Application Planning and Management 8
For the users of the Canadian Cadet Organizations Wide Area Network
(CCO Net)
2700-18 (CCO ITI Proj Mgr)

Preface

The User Guide for the Canadian Cadet Organizations Wide Area
Network (CCO Net) is issued under the authority of the Director Enterprise
Application Planning and Management (DEAPM 8).
This guide is intended to assist any user of the CCO Net with gaining access to
the electronic resources contained within. It also provides details of some of the
tools incorporated into the Common Software Configuration (CSC).

Suggestions for changes should be forwarded to the CSC Technician via the
PrairieServiceDesk@cadets.gc.ca

References

• DAOD 6000-0, Information Management

• DAOD 6001-0, Internet
• DAOD 6001-1, Acceptable Use of the Internet, Defence Intranet and
Other Electronic Networks, and Computers
• CATO 12-40, CCO Wide Area Network (CCO Net)
• CATO 12-40, Annex A, Fortress
• CATO 12-40, Annex B, Web Services
• CATO 12-41, Acceptable Internet Use Within the CCO
• CCO Net Security Orders
• Fortress Policy and Security Orders

Change History

Version Date Changes Author

Draft 15 Jan 08 Initial version Lt(N) MJJC Lacaille
1.0 23 Jun 09 Content Review / Removed DWAN Cpl Mckay-Crites
instructions.
1.1 15 Jul 09 Grammatical Changes / Page Cpl Mckay-Crites
Formatting
1.2 10 Aug 09 Review for Approval and distribution Maj JD Templeman
with first Beta copy of CSC
1.3 24 Aug 09 Added Current Screenshots / Matthew Mckay-
Updated connection instructions. Crites
1.4 1 Oct 09 Addition of SDA and PDF. Changes Maj JD Templeman
to order. Updates from regional
feedback
 Page 3 of 32

Table of contents

1. Introduction ....................................................................................................4
2. The CCO Wide Area (CCO Net) Network Overview ......................................4
2.1 Network Conceptual Diagram.................................................................5
2.2 How to use this guide .............................................................................6
3. Gaining access to the CCO Net.....................................................................8
3.1. User Support ..........................................................................................8
3.2. Operating without a network account .....................................................9
4. Connecting to the CCO Net .........................................................................10
4.1 VPN Client ............................................................................................10
4.1.1 Broadband.....................................................................................13
4.1.2 DSL or ADSL.................................................................................15
4.1.3 Dial-up ...........................................................................................17
4.2 Directly Connected ...............................................................................19
4.3 Logging in with cached credentials.......................................................20
4.4 SSL Portal - Web Access – Not Yet Available ......................................21
4.5 Access from the Defence Wide Area Network (DWAN) – Not Yet
Available..........................................................................................................21
5 Using the CCO Net ......................................................................................22
5.1 User Settings ........................................................................................22
5.2 Drives, Document Saving .....................................................................22
5.2.1 Removable media..........................................................................22
5.2.2 Network Drives – To Be Implemented Spring 2010.......................23
5.2.3 Local Drive(s) ................................................................................23
5.2.4 Data Loss and Recovery – Not Yet Available................................24
6. Troubleshooting ...........................................................................................25
6.1 Tips & Tricks................................................ Error! Bookmark not defined.
6.2 Service Desk Assistant Tool......................................................................27
6.2.1 S.D.A. overview and System Info. ......................................................27
6.2.2 Installing printers with the S.D.A. ........................................................29
6.2.3 Setting a Static IP ..............................................................................30
6.3 PDF Printing ..............................................................................................31
7. Acronyms.....................................................................................................32
 Page 4 of 32

1. Introduction

This guide is intended for users of the Canadian Cadet Organizations (CCO)
Wide Area Network (WAN) commonly referred to as the “CCO Net”. This guide
provides detailed instructions on the available methods of connections to the
CCO Net.

For the purpose of this document “Plain English 1 ” is utilized in order to allow easy
comprehension of the technical information covered. A glossary of all the
technical terms is included at the end of this guide.

In addition, the term “Remote users” defines those users who are away from a
location that has a direct connection to the CCO Net (e.g. a Local Cadet
Corps/Squadron). “Network users” are defined as users who work on a CCO
issued computer with direct connection to the CCO Net (e.g. Users, in most
locations, at the RCSU’s and/or CSTC’s). A “Local User” is anyone who logs
onto a CCO Net computer using the local account. (Note: this account is
restricted from connecting to any network or Internet provider. It is intended for
word processing only. See Figure 1 (5)

In certain instances, the method of access might be different based on the

location of the user. Those differences are detailed in this document. A single
user could find himself/herself connecting using more than one method if he/she
moves from one environment or computer to another. It is very important to
understand your environment and which method is appropriate at that time.

2. The CCO Wide Area (CCO Net) Network Overview

The CCO Net is an Integrated Technology Infrastructure (ITI) distributed across

Canada that provides members of the CCO with secure and reliable access to
key resources required for the performance of their duties.

This ITI houses all of the CCO specific corporate applications such as Fortress
and the Website Content Management System (CMS). These systems aim to
reduce the administrative burden on users by providing automation along with
access to IT support and service personnel.

1
http://en.wikipedia.org/wiki/Plain_English
 Page 5 of 32

2.1 Network Conceptual Diagram

The following diagram shows the difference between a private network

(represented with a solid line (1) in Figure 1) and a virtual private network (VPN)
(represented with dotted lines (2), (3) and (4) in Figure 1). The VPN uses
software (VPN client) running on the user’s computer to build a secure tunnel
from the issued CCO computer, over the open Internet (via Broadband, DSL or
dial-up) and into the CCO Net. Once connected the VPN acts like a very long
virtual cable that connects the issued computer to the CCO servers.

Figure 1

The diagram also shows how this is accomplished from a non-CCO issued
computer (e.g. a personal or public computer (4) or DWAN (3)). Using Internet
Explorer on a computer running windows (other browsers are not supported), the
software connects over a secure webpage, (HTTPS), similar to that used for
Internet banking. This will allow limited access for users to connect to CCO
corporate applications like Fortress and the Website CMS.
 Page 6 of 32

2.2 How to use this guide

The CCO Net is very versatile and has multiple connection methods for users.
The type of connection method is based upon the user environment. Since that
may change, it can be difficult to know which method to use. The following flow
charts (Figure 2 & 3) are designed to direct you to the appropriate section of the
manual where you can find directions to the type most appropriate for you.
Remember, when in doubt; contact your Regional IT Service Desk (See section
3.1 “User Support”).

Figure 2
 Page 7 of 32

Figure 3
 Page 8 of 32

3. Gaining access to the CCO Net

In order to obtain access to the CCO Net, members must have a valid enhanced
reliability clearance (ERC) 2 . In addition, members are required to read the
applicable policy and security orders pertaining to the use of this network. After
which a statement of compliance (SOC) is completed, signed and submitted to
the appropriate Regional IT Service Desk.

3.1. User Support

Users that require support with accessing the CCO Net can contact their
Regional IT Service Desk via the following website, email or telephone
information.

Atlantic
Website: www.cadets.ca/help
Phone: 1-877-494-8164 option 7

Central
Email: STG-RCSU-ISSupport@forces.gc.ca
Phone: 1-800-282-2049

Eastern
Email: 7119@forces.gc.ca
Phone: 1-800-681-8180 ext: 7119

Prairie
Email: PrairieServiceDesk@cadets.gc.ca
Phone: 1-800-842-1851 option 4

Pacific
Email: rcsupac.it@cadets.gc.ca
Phone: 1-877-363-7347

Northern
Email rcsunor.it@cadets.gc.ca
Phone: 1-877-363-7347

2
Contact your RCSU for assistance with getting an ERC. This applies to all personnel, including cadets and Civilian
Instructors.
 Page 9 of 32

3.2. Operating without a network account

For personnel who do not have a CCO Net Account but do require access to a
computer for word processing, research from local resources (i.e. CD-ROMs’,
DVDs, USB memory sticks, etc.), and/or printing may use the built-in local user
account.

Note: Personnel must hold a valid ERC to access the computer and compliance
with the CCO/DND/CF security orders is mandatory. The local user account
does not allow for connection to network resources or the Internet. All data must
be stored on removable media and not on the local computer.

The account details are as follows (see Figure 4):

Username = “offline”

Password = “CCO*OCC”

Log on to = “The Computer Name(this computer)”

i.e. “CEN-L2550003(this computer)”

Figure 4
 Page 10 of 32

4. Connecting to the CCO Net

This section is for personnel with a valid CCO Net account. It details each of the
methods of connecting to the CCO Net (see Figure 1). You may need to become
familiar with more than one method if you move from one environment to
another. For example, access using an issued CCO computer over the Internet
is different from using a personally owned computer.

4.1 VPN Client

The VPN Client is a small but powerful piece of software that is used to create a
secure link between your computer and the CCO Net servers over the Internet. It
is used by any issued CCO computer when it is not possible to connect directly
to the network in locations such as CSTCs or RCISs (depending on the location).
All of the communications are encrypted and the VPN acts just like a long
physical cable. There are 3 different methods of connecting to the CCO Net with
the VPN Client (Broadband – Section 4.1.1, DSL – Section 4.1.2, and Dialup –
Section 4.1.3).

During system startup, a window may appear “System Initialization In Progress”

(Figure 5). Please wait while this window starts the services necessary for the
VPN to function.

Figure 5
 Page 11 of 32

Figure 6 shows the Security Banner that will pop up prior to the logon screen. It
also shows the VPN Client. This is only required if a VPN connection is required.
If you are logging on using Cached Credentials (see Section 4.3) or if you are
Directly Connected (see Section 4.2) you do not need to use this control. Simply
ignore it or close the box by clicking the X.

Figure 6

If connecting over the VPN, click on the drop down box and choose your region –
connection type. (For example: If you are in Pacific Region using a High Speed
Internet Service Provider, then choose “PAC-HauteVitesse_HighSpeed” and click
connect.)

Note: If the connection does not work the first time, wait a minute and try another
time. If this persists call your Regional IT Service Desk.
 Page 12 of 32

Figure 7

You can also log in using Cached Credentials (see Section 4.3) and then when
required, start the VPN Client as shown in Figure 8.

Figure 8
 Page 13 of 32

4.1.1 Broadband

Broadband Internet is a method to connect to the CCO Net with the VPN client
where the connection to the Internet does not require a username and password
to access. This option involves using a high-speed modem to connect to the
Internet. This option does not require a username and password to connect to
the Internet. It may also include DSL or ADSL, if the username and password
are set in the modem or router. (see Section 6.1 “Tips & Tricks” for assistance)
The following instructions describe how to connect using this option.

At the Welcome to Windows screen, press Control-Alt-Delete simultaneously.

This will bring up the Security Banner and VPN Client windows;

In the VPN Client control (lower left side), select the connection for your region
and method (example: PRA-HauteVitesse_HighSpeed if your unit has cable
Internet);

Click the Connect button to initiate a connection.

The VPN Client | User Authentication window will open. Enter your Username
and Password in the spaces provided. Click OK;
(In this window ensure the Domain field is left blank)

Figure 9

Read through the and then click OK in the Security Banner window;

The Log On to Windows window will open:

 Page 14 of 32

Figure 10

Type in your User Name and Password into the fields provided;

Change the Log on to: menu item to match your region (Example: PRA for
Prairie);

Click OK
 Page 15 of 32

4.1.2 DSL or ADSL

Digital Subscriber Line (DSL) or Asymmetrical DSL (ADSL) are two other
methods available to connect to the CCO Net with the VPN client. This method
involves using a high-speed DSL modem connected to a regular phone line to
connect to the Internet (Note: not the same as dial-up, see section 5.1.3). Use
this method if your connection requires a username and password to gain access
to the Internet. The following instructions describe how to connect using this
method. (For DSL or ADSL where the username and password are managed in
the modem or router see Section 4.1.1)

At the Welcome to Windows screen, press Control-Alt-Delete simultaneously.

This will bring up the Security Banner and VPN Client windows;

In the VPN Client window (lower left side), select the connection for your region
and method (example: EST-HauteVitesse_Highspeed(ADSL) if your unit has
DSL internet);

Click the Connect button to initiate a connection.

The Blank PPPOE Connection window will open:

Enter your DSL User name and Password. (This will have come from the Phone
Company or RCSU that provides your Internet Service.)

Click Connect:

Figure 11

The VPN Client | User Authentication window will open. Enter your Username
and Password in the spaces provided. Click OK;
(In this window ensure the Domain field is left blank)
 Page 16 of 32

Figure 12

Read through the and then click OK in the Security Banner window;

The Log In to Windows window will open:

Figure 13

Type in your User Name and Password into the fields provided;

Change the Log on to: menu item to match your region (Example: PRA for
Prairie);

Click OK
 Page 17 of 32

4.1.3 Dial-up

Dial-up connection is used whenever high-speed internet connections such as

Broadband or DSL/ADSL are not available. Each Region provides a Toll-Free
Dial-Up connection to all users for use as required. Your Regional IT Service
Desk will provide the number and connection details. These details are not to be
used on non-CCO Net computers. Dial-up internet connects by using a phone
line, internal modem, and calling a phone number provided by an Internet
Service Provider (ISP). A username and password are required to connect to the
ISP. The dial-up connection option should be used as a last resort since it is the
slowest type of connection to the internet. The following instructions describe
how to connect using this method.

At the Welcome to Windows screen, press Control-Alt-Delete simultaneously.

This will bring up the Security Banner and VPN Client windows;

In the VPN Client window (lower left side) select the connection for your region
and method (example: PAC-ParTelephone_ByPhone)

Click the Connect button to initiate a connection

The Blank DialUp Connection window will open

Figure 14

In the Dial up Connection window enter your Dial up username, password, and
phone number. ((If you are using a telephone line that requires a prefix before
the telephone number, add it to the beginning of the number, followed by a
comma (e.g. 89,1-888-518-5555)

Click Dial:
 Page 18 of 32

The VPN Client | User Authentication window will open. Enter your Username
and Password in the spaces provided. Click OK;
(In this window ensure the Domain field is left blank)

Figure 15

Read through the and then click OK in the Security Banner window;

The Log In to Windows window will open:

Figure 16

Type in your User Name and Password into the fields provided;

Change the Log on to: menu item to match your region (Example: PRA for
Prairie);

Click OK
 Page 19 of 32

4.2 Directly Connected

This section is for those users who are in an environment where the computer is
directly connected to the CCO Net, such as at the Directorate of Cadets & Junior
Cadet Rangers in Ottawa, the Regional Cadet Support Units (RCSU), Cadet
Summer Training Centers (CSTC), Cadet Detachments, Regional Cadet
Instructor Schools (RCIS), and certain Corps and Squadrons across the country.
The following instructions describe how to connect using this method.

At the Welcome to Windows screen, press Control-Alt-Delete simultaneously.

This will bring up the Security Banner and VPN Client windows;

Read through the Security Banner and then click OK in the Security Banner
window;

The Log On to Windows window will open:

Figure 17

Type in your User Name and Password into the fields provided;

Change the Log on to: menu item to match your region (Example: PRA for
Prairie);

Click OK
 Page 20 of 32

4.3 Logging in with cached credentials

Users who have a network account and who have previously logged into the
specific computer in use, at least once before, can log into the computer using
their network username and password when they do not have a current network
connection. When the account is used on the network for the first time, a copy of
those credentials are cached (stored) locally on the computer. In this mode, your
desktop and other personal settings will be exactly the same as when you are
connected to the network except for access to network resources and the
Internet.

If you decide later during your session that you wish to connect to the VPN follow
these steps.

1. Click the VPN Client shortcut,

Either under Start menu/Programs/CCO Programs folder
Or on the quick launch bar

2. Select your region and connection method and click Connect.

3. Enter your user credentials, and leave the domain field blank.

Figure 18
 Page 21 of 32

4.4 SSL Portal - Web Access – Not Yet Available

Currently in development, this feature will allow access to CCO applications from
Non-CCO issued such as: personally owned computers, sponsor supplied
computers or public workstations, etc.

4.5 Access from the Defence Wide Area Network (DWAN) – Not Yet
Available

Currently in development, this feature will allow access to CCO applications from
DWAN computers.
 Page 22 of 32

5 Using the CCO Net

The CCO Net is a standardized, nation wide network created to allow a high level
of protection and security to both the users and corporate applications. All
Internet traffic within the Network is filtered and monitored. This allows the ability
to block prohibited sites and ensure proper use of the workstations and network.

Software patches and updates are managed via the network. The anti-virus
software is updated automatically via the network without user intervention.
Workstations may run slower when patches and updates are being applied.
Workstations could stop working if patches and updates are not applied regularly.

5.1 User Settings

The following section describes the user settings for the CCO Net. All settings
are in accordance with the current Network Technical Specification and
Information Security (IS) policy. Any required changes must be requested via
your Regional IT Service Desk and are subject to approval/denial based on
current IS polices and consideration for operational requirements.

Users have the ability to save files and create shortcuts on their desktop.
However, files on the desktop are not backed-up and could be lost if the
computer is stolen or becomes defective. For these reasons users should also
backup data to a DND issued removable storage medium such as a CD ROM,
USB memory stick, or to a Network drive when possible (note 5.2.1 below).

User passwords have a maximum validity period of 90 days and must meet
complexity requirements IAW Network Technical Specification. This means that
the password must by at least 8 characters long, include an upper and lower
case letter, a number and/or special character.

5.2 Drives, Document Saving

This section briefly explains the different drive letters as well as where users
should save their files and documents. For the purpose of this guide, documents
can be saved either on removable media, network drive(s) or local drive(s).

5.2.1 Removable media

Removable media (i.e. USB memory stick, CD ROM, USB Hard Drive) are not a
safe place for long term data storage as they can malfunction. Removable media
should be used when documents need to be accessed on multiple DND issued
 Page 23 of 32

workstations and where a backup exists. It is important to note that only DND
issued removable media is authorized to be used with DND issued workstations
IAW IT/IM policy.

5.2.2 Local Drive(s)

“Local Drive” refers to the physical storage inside of your PC. It is highly
recommended that you do not store any data on your local PC. The data on your
local drive is accessible to all users that log into the machine. Hard drives have a
comparably high rate of failure and data on them is non-recoverable by the
Regional IT Support Staff. Locations such as your desktop, C: Drive and “My
Documents” are all stored on the Local Drive.

a. “A:\” This drive is normally reserved for permanently attached Floppy

Drives;

b. “B:\” This drive is normally reserved for permanently attached Floppy

Drives;

c. “C:\” This drive is the main hard disk drive in the computer. This drive
contains the Operating System and all critical system files;

d. “D:\” This drive is normally reserved for permanently attached CD-

ROM or DVD-ROM drives; and

e. “E:\ and F:\” These drives are normally assigned to removable media
once attached to the computer.

5.2.3 Network Drives – To Be Implemented Spring 2010

Network drives are the preferred location for documents to be saved. Users may
have several network drives when connecting to the CCO Net. The main
network drives are described below.

f. “G:\”: This drive is the common drive for the user’s home unit. This
drive should be used to save documents relevant to Corps/Squadron
functions.

g. “M:\”: This drive is used for network applications. Users do not have
access to save documents to this drive.

h. “N:\”: This drive is the common drive for the users at the CSTC. This
drive should be used to save documents relevant to CSTC functions.
 Page 24 of 32

i. “Q:\”: This drive is the user’s personal drive. Only information

associated solely with the user and is not a business record should be
kept here. (Example: a personal contact list.)

5.2.4 Data Loss and Recovery – Not Yet Available

In order to prevent and alleviate the loss of data, data should be stored on
network drives. Data stored on network drives will be backed up on a weekly
basis.

If users delete a file by error or lose a file that was saved on a network drive, a
recovery may be possible. In this situation users should contact their Regional
Information Support Service Desk.
 Page 25 of 32

6. Troubleshooting

1. Things to check if you cannot connect.

a) Take a pause in between each click at the logon screen.

b) Try more than once
c) Reboot your PC
d) Call your regional Service desk

Ensure that you have chosen the correct connection method in the Cisco VPN
Client.

Figure 19

Ensure that the Domain field in the VPN client is left blank.

Figure 20
 Page 26 of 32

Ensure that you have chosen the correct domain at the Log On to Windows
screen.

Figure 21

When calling your Help Desk try and have as much information available as
possible.

For example, the Computer name, the Model and Serial number, the CSC
version, your unit information (number, UIC, location), the type of Internet being
used (DSL, Dialup, Broadband).
 Page 27 of 32

6.1 Service Desk Assistant Tool

6.1.1 Overview and System Information

The Service Desk Assistant (SDA) is a tool created specifically for the CCO Net
and is designed to help both users and your IT support staff perform tasks on the
local PC.

You can locate the SDA wrench icon in the lower right corner of the screen (see
figure 22). Some simple features that the SDA provide are:

Figure 22

1. Tools & Assistance – This group allows the user to perform simple
functions that are not normally allowed with basic user priveledges.
These fuctions include:

a. Add a Local Printer.

2. IP Settings – Used in the case where a user must enter a static IP

address into the local computer to access the Internet

3. Language - Allows you to change the computer interface easily

between English and French;
 Page 28 of 32

4. Presentation Mode – Temporarily disables the screen saver.

Intended for times that the computer is being used to present a
slideshow or PowerPoint;

5. Help… – A small help file for the SDA itself;

6. System Info… - This will pop-up a bubble that contains critical

information when communicating with your Regional IT Service
Desk;

7. About… - This pop-up contains the contact information for your

Regional IT Service Desk.

In the following subsections, some of the functions of the SDA are explained in
detail.

Right-clicking on the SDA icon and selecting System Info will display key
information that you or your IT Service Desk may need when troubleshooting
system errors, (see Figure 23)

.
Figure 23
 Page 29 of 32

6.1.2 Installing printers with the SDA

Normally, a basic user does not have sufficient privileges to install a printer.
Using the SDA, a basic user can install printers as required without the
intervention of the IT Service Desk staff.

Right click the SDA wrench icon, select Tools & Assistance and click Add local
printer (Figure 24). Follow the steps in the Add Printer Wizard until completed the
installation. If you experience difficulties or require assistance, call your Regional
IT Service Desk.

Figure 24
 Page 30 of 32

6.1.3 Setting a Static IP

It may be necessary, in a location that has a local network, (such as a school or

military facility with GPNet) to manually enter an IP address into the computer. It
may also be necessary to release this IP address when moving to a different
location (such as a home Internet connection).

This tool allows the basic user to assign a static IP address to the computer or
release a static IP address and use DHCP. To do so:

1. Right click on the SDA icon in the lower right corner of the screen;

2. Select IP Settings and click static;

3. Input your IP information into the window shown in Figure 25.

4. Ensure you select the correct network adapter from the list
before clicking OK.

Figure 25
 Page 31 of 32

6.2 PDF Printing

To convert any printable file to Portable Document Format (.PDF), simply choose
Print as you would to send the document to a physical printer, but select
“PDFCreator” as your printer (Figure 26) instead. Make selections, as
necessary, and click OK. The PDFCreator window will then open and allow you
to set the filename and save location (see Figure 27).

Figure 26

Enter the Document Title and additional information as desired. You may, at this
point, click on Wait – Collect if you wish to compile multiple pages/documents
into a single .pdf file. If not, click on Save and the Save as window will pop-up.
Choose a location for the file and click Save.

Figure 27
 Page 32 of 32

7. Acronyms

CCO Canadian Cadet Organization

CSC Common Software Configuration
CMS Content Management System
CSTC Cadet Summer Training Centre
DND Department of National Defence
CF Canadian Forces
ADM(IM) Assistant Deputy Minister (Information Management)
DSL Digital Line Subscriber
ADSL Asymmetrical Digital Line Subscriber
DVPNI Defense Virtual Private Network Infrastructure
DWAN Defense Wide Area Network
DHCP Dynamic Host Configuration Protocol
ERC Enhanced Reliability Clearance
IAW In accordance with
IP Internet Protocol
IPSec Internet Protocol Security
ISP Internet Service Provider
IT Information Technology
IS Information Security
LAN Local Area Network
LHQ Local Headquarters (same as Local Training Unit)
NIC Network Interface Card
PPPoE Point-to-Point over Ethernet
RCIS Regional Cadet Instructor School
RCSU Regional Cadet Support Unit
RJ-45 Registered Jack – Type 45 twisted pair Ethernet cable
SOC Statement of compliance
SOP Standard Operating Procedures
SSL Secure Sockets Layers
TCP/IP Transmission Control Protocol / Internet Protocol
VPN Virtual Private Network
VSS Vulnerability Sector Screening
WAN Wide Area Network
PDF Portable Document Format