Best Practice for Internal / External usage

Morgan Leecy · ‎2017-07-26

We have the following infrastructure

- full VMWare platform (internal network only)
- Azure - internal / external - corproate account
- Android suite of phones and tablets, can only access internal network via VPN
- iPrint 2.0 already installed, internal usage only using AD credentials
- We do have an MDM (BES12 / UEM) but this does not allow 'corporate workspace' type usage, for all intents and purposes the phones, even though they are managed, are off the shelf machines with an identical build

WE want the ideal scenario

- Full internal access to printers via desktops, no restrictions
- Mobile printing ideally without having to sign onto ANYTHING other than the iPrint client (which will store info anyway)
- Random web users who find the page cant install printers on their desktops

So to me, the best scenario is putting iPrint appliance on Azure, somehow locking down the iPrint webpage as we don't want members of the public installing printers as the desktop client does not need authentication by default or only allowing internal desktop clients (all on the 10.x.x.x ip address).

Has anyone got this kind of scenario and how did you solve it?

lwegner · ‎2017-07-28

leecymj;2462656 wrote:
We have the following infrastructure

- full VMWare platform (internal network only)
- Azure - internal / external - corproate account
- Android suite of phones and tablets, can only access internal network via VPN
- iPrint 2.0 already installed, internal usage only using AD credentials
- We do have an MDM (BES12 / UEM) but this does not allow 'corporate workspace' type usage, for all intents and purposes the phones, even though they are managed, are off the shelf machines with an identical build

WE want the ideal scenario

- Full internal access to printers via desktops, no restrictions
- Mobile printing ideally without having to sign onto ANYTHING other than the iPrint client (which will store info anyway)
- Random web users who find the page cant install printers on their desktops

So to me, the best scenario is putting iPrint appliance on Azure, somehow locking down the iPrint webpage as we don't want members of the public installing printers as the desktop client does not need authentication by default or only allowing internal desktop clients (all on the 10.x.x.x ip address).

Has anyone got this kind of scenario and how did you solve it?

Hi Leecyml
A couple of comments for you:
-iPrint is not officially supported in Azure. That doesn't mean it won't work - and I don't know if it will either but if you ran into issues, any support would be best effort.
-Have you considered upgrading to iPrint 3? In iPrint 3 there is a Print portal - https://www.novell.com/documentation/iprint-appliance-3/iprintfeatures/data/iprintfeatures.html#b1oqi5um Users will need to authenticate to the portal in order to see any printers - if configured that way. Unfortunately the /ipp page is still available but perhaps you could block it or hack it to display a blank page. Note that we are looking at ways to remove this page in upcoming releases since it creates confusion.
-Another thought is to made your printers secure printers. That way people wouldn't be able to install them even if they did stumble across them. Your users would have to authenticate once but iPrint would store credentials for them after that.
-We are working on integrate the mobile app into the BES (formerly Good) - Blackberry Dynamics I believe it is called now. Most of the work is supposedly complete - we are completing paperwork and working on certification.

Lothar

easyridersk8 · ‎2017-09-29

lwegner;2462962 wrote:
Hi Leecyml
A couple of comments for you:
-iPrint is not officially supported in Azure. That doesn't mean it won't work - and I don't know if it will either but if you ran into issues, any support would be best effort.
-Have you considered upgrading to iPrint 3? In iPrint 3 there is a Print portal - https://www.novell.com/documentation/iprint-appliance-3/iprintfeatures/data/iprintfeatures.html#b1oqi5um Users will need to authenticate to the portal in order to see any printers - if configured that way. Unfortunately the /ipp page is still available but perhaps you could block it or hack it to display a blank page. Note that we are looking at ways to remove this page in upcoming releases since it creates confusion.
-Another thought is to made your printers secure printers. That way people wouldn't be able to install them even if they did stumble across them. Your users would have to authenticate once but iPrint would store credentials for them after that.
-We are working on integrate the mobile app into the BES (formerly Good) - Blackberry Dynamics I believe it is called now. Most of the work is supposedly complete - we are completing paperwork and working on certification.

Lothar

HI Lothar, can you confirm if the Integration has been completed with BES ?

lwegner · ‎2017-10-24

It's not completed yet as far as I know but work is underway. We are officially signed up as a Blackberry partner and have all the info. I know the focus has been to get 3.1/iPrint for OES 2018 (almost) out the door. Finishing this is apparently the next priority.

Re: Best Practice for Internal / External usage

Re: Best Practice for Internal / External usage

Re: Best Practice for Internal / External usage