Morgan Leecy

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-07-26
10:03
1466 views
Best Practice for Internal / External usage
We have the following infrastructure
- full VMWare platform (internal network only)
- Azure - internal / external - corproate account
- Android suite of phones and tablets, can only access internal network via VPN
- iPrint 2.0 already installed, internal usage only using AD credentials
- We do have an MDM (BES12 / UEM) but this does not allow 'corporate workspace' type usage, for all intents and purposes the phones, even though they are managed, are off the shelf machines with an identical build
WE want the ideal scenario
- Full internal access to printers via desktops, no restrictions
- Mobile printing ideally without having to sign onto ANYTHING other than the iPrint client (which will store info anyway)
- Random web users who find the page cant install printers on their desktops
So to me, the best scenario is putting iPrint appliance on Azure, somehow locking down the iPrint webpage as we don't want members of the public installing printers as the desktop client does not need authentication by default or only allowing internal desktop clients (all on the 10.x.x.x ip address).
Has anyone got this kind of scenario and how did you solve it?
- full VMWare platform (internal network only)
- Azure - internal / external - corproate account
- Android suite of phones and tablets, can only access internal network via VPN
- iPrint 2.0 already installed, internal usage only using AD credentials
- We do have an MDM (BES12 / UEM) but this does not allow 'corporate workspace' type usage, for all intents and purposes the phones, even though they are managed, are off the shelf machines with an identical build
WE want the ideal scenario
- Full internal access to printers via desktops, no restrictions
- Mobile printing ideally without having to sign onto ANYTHING other than the iPrint client (which will store info anyway)
- Random web users who find the page cant install printers on their desktops
So to me, the best scenario is putting iPrint appliance on Azure, somehow locking down the iPrint webpage as we don't want members of the public installing printers as the desktop client does not need authentication by default or only allowing internal desktop clients (all on the 10.x.x.x ip address).
Has anyone got this kind of scenario and how did you solve it?
3 Replies
lwegner

Micro Focus Frequent Contributor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-07-28
16:03
leecymj;2462656 wrote:
We have the following infrastructure
- full VMWare platform (internal network only)
- Azure - internal / external - corproate account
- Android suite of phones and tablets, can only access internal network via VPN
- iPrint 2.0 already installed, internal usage only using AD credentials
- We do have an MDM (BES12 / UEM) but this does not allow 'corporate workspace' type usage, for all intents and purposes the phones, even though they are managed, are off the shelf machines with an identical build
WE want the ideal scenario
- Full internal access to printers via desktops, no restrictions
- Mobile printing ideally without having to sign onto ANYTHING other than the iPrint client (which will store info anyway)
- Random web users who find the page cant install printers on their desktops
So to me, the best scenario is putting iPrint appliance on Azure, somehow locking down the iPrint webpage as we don't want members of the public installing printers as the desktop client does not need authentication by default or only allowing internal desktop clients (all on the 10.x.x.x ip address).
Has anyone got this kind of scenario and how did you solve it?
Hi Leecyml
A couple of comments for you:
-iPrint is not officially supported in Azure. That doesn't mean it won't work - and I don't know if it will either but if you ran into issues, any support would be best effort.
-Have you considered upgrading to iPrint 3? In iPrint 3 there is a Print portal - https://www.novell.com/documentation/iprint-appliance-3/iprintfeatures/data/iprintfeatures.html#b1oqi5um Users will need to authenticate to the portal in order to see any printers - if configured that way. Unfortunately the /ipp page is still available but perhaps you could block it or hack it to display a blank page. Note that we are looking at ways to remove this page in upcoming releases since it creates confusion.
-Another thought is to made your printers secure printers. That way people wouldn't be able to install them even if they did stumble across them. Your users would have to authenticate once but iPrint would store credentials for them after that.
-We are working on integrate the mobile app into the BES (formerly Good) - Blackberry Dynamics I believe it is called now. Most of the work is supposedly complete - we are completing paperwork and working on certification.
Lothar
easyridersk8

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-09-29
13:46
lwegner;2462962 wrote:
Hi Leecyml
A couple of comments for you:
-iPrint is not officially supported in Azure. That doesn't mean it won't work - and I don't know if it will either but if you ran into issues, any support would be best effort.
-Have you considered upgrading to iPrint 3? In iPrint 3 there is a Print portal - https://www.novell.com/documentation/iprint-appliance-3/iprintfeatures/data/iprintfeatures.html#b1oqi5um Users will need to authenticate to the portal in order to see any printers - if configured that way. Unfortunately the /ipp page is still available but perhaps you could block it or hack it to display a blank page. Note that we are looking at ways to remove this page in upcoming releases since it creates confusion.
-Another thought is to made your printers secure printers. That way people wouldn't be able to install them even if they did stumble across them. Your users would have to authenticate once but iPrint would store credentials for them after that.
-We are working on integrate the mobile app into the BES (formerly Good) - Blackberry Dynamics I believe it is called now. Most of the work is supposedly complete - we are completing paperwork and working on certification.
Lothar
HI Lothar, can you confirm if the Integration has been completed with BES ?
lwegner

Micro Focus Frequent Contributor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2017-10-24
20:57
It's not completed yet as far as I know but work is underway. We are officially signed up as a Blackberry partner and have all the info. I know the focus has been to get 3.1/iPrint for OES 2018 (almost) out the door. Finishing this is apparently the next priority.