Highlighted
Absent Member.
Absent Member.
1391 views

Best Practice for Internal / External usage

We have the following infrastructure

- full VMWare platform (internal network only)
- Azure - internal / external - corproate account
- Android suite of phones and tablets, can only access internal network via VPN
- iPrint 2.0 already installed, internal usage only using AD credentials
- We do have an MDM (BES12 / UEM) but this does not allow 'corporate workspace' type usage, for all intents and purposes the phones, even though they are managed, are off the shelf machines with an identical build


WE want the ideal scenario

- Full internal access to printers via desktops, no restrictions
- Mobile printing ideally without having to sign onto ANYTHING other than the iPrint client (which will store info anyway)
- Random web users who find the page cant install printers on their desktops

So to me, the best scenario is putting iPrint appliance on Azure, somehow locking down the iPrint webpage as we don't want members of the public installing printers as the desktop client does not need authentication by default or only allowing internal desktop clients (all on the 10.x.x.x ip address).

Has anyone got this kind of scenario and how did you solve it?
0 Likes
3 Replies
Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

leecymj;2462656 wrote:
We have the following infrastructure

- full VMWare platform (internal network only)
- Azure - internal / external - corproate account
- Android suite of phones and tablets, can only access internal network via VPN
- iPrint 2.0 already installed, internal usage only using AD credentials
- We do have an MDM (BES12 / UEM) but this does not allow 'corporate workspace' type usage, for all intents and purposes the phones, even though they are managed, are off the shelf machines with an identical build


WE want the ideal scenario

- Full internal access to printers via desktops, no restrictions
- Mobile printing ideally without having to sign onto ANYTHING other than the iPrint client (which will store info anyway)
- Random web users who find the page cant install printers on their desktops

So to me, the best scenario is putting iPrint appliance on Azure, somehow locking down the iPrint webpage as we don't want members of the public installing printers as the desktop client does not need authentication by default or only allowing internal desktop clients (all on the 10.x.x.x ip address).

Has anyone got this kind of scenario and how did you solve it?


Hi Leecyml
A couple of comments for you:
-iPrint is not officially supported in Azure. That doesn't mean it won't work - and I don't know if it will either but if you ran into issues, any support would be best effort.
-Have you considered upgrading to iPrint 3? In iPrint 3 there is a Print portal - https://www.novell.com/documentation/iprint-appliance-3/iprintfeatures/data/iprintfeatures.html#b1oqi5um Users will need to authenticate to the portal in order to see any printers - if configured that way. Unfortunately the /ipp page is still available but perhaps you could block it or hack it to display a blank page. Note that we are looking at ways to remove this page in upcoming releases since it creates confusion.
-Another thought is to made your printers secure printers. That way people wouldn't be able to install them even if they did stumble across them. Your users would have to authenticate once but iPrint would store credentials for them after that.
-We are working on integrate the mobile app into the BES (formerly Good) - Blackberry Dynamics I believe it is called now. Most of the work is supposedly complete - we are completing paperwork and working on certification.


Lothar
0 Likes
Highlighted
Absent Member.
Absent Member.

lwegner;2462962 wrote:
Hi Leecyml
A couple of comments for you:
-iPrint is not officially supported in Azure. That doesn't mean it won't work - and I don't know if it will either but if you ran into issues, any support would be best effort.
-Have you considered upgrading to iPrint 3? In iPrint 3 there is a Print portal - https://www.novell.com/documentation/iprint-appliance-3/iprintfeatures/data/iprintfeatures.html#b1oqi5um Users will need to authenticate to the portal in order to see any printers - if configured that way. Unfortunately the /ipp page is still available but perhaps you could block it or hack it to display a blank page. Note that we are looking at ways to remove this page in upcoming releases since it creates confusion.
-Another thought is to made your printers secure printers. That way people wouldn't be able to install them even if they did stumble across them. Your users would have to authenticate once but iPrint would store credentials for them after that.
-We are working on integrate the mobile app into the BES (formerly Good) - Blackberry Dynamics I believe it is called now. Most of the work is supposedly complete - we are completing paperwork and working on certification.


Lothar


HI Lothar, can you confirm if the Integration has been completed with BES ?
0 Likes
Highlighted
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

It's not completed yet as far as I know but work is underway. We are officially signed up as a Blackberry partner and have all the info. I know the focus has been to get 3.1/iPrint for OES 2018 (almost) out the door. Finishing this is apparently the next priority.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.