Architecture
About
The UP Connector is a Windows service that handles communication with the Universal Print service on behalf of the YSoft SafeQ Spooler.
Universal print information and configuration can be found in Microsoft official documentation.
Prerequisites
YSoft SafeQ installation with a server print job spooler supporting IPP communication:
YSoft SafeQ Client v3
Mobile Integration Gateway (MIG)
A server with YSoft SafeQ (Windows Server OS)
.NET Core 3.1 runtime on the server
Azure Active Directory
Universal Print license
An account with Application Administrator and Printer Administrator roles in Azure Active Directory
Enabled communication:
HTTPS (443) - communication with the OMNI API to handle configuration and printer assignment
IPPS - basic protocol to transfer print jobs between the Universal Print service and the YSoft SafeQ Spooler
Basic architecture
Single YSoft SafeQ server environment would have to add the UP Connector service.
See how it is outlined in the diagram below.
Advanced architecture
When there are multiple Site Servers in the YSoft SafeQ environment, the UP Connector service is added to each Site Server, as outlined in the diagram below. To users, each UP Connector will be represented by its own print queue name registered with the Universal Print portal.
High Availability architecture
There is also the possibility to have the UP Connectors in High Availability mode. This means that multiple instances of the UP Connectors process the same user printer queue. In case of failure of the UP Connector itself, the site server instance or the infrastructure behind them, the other UP Connectors will process the jobs instead of the failed ones. The architecture diagram could very similar to the Advanced architecture, the only difference will be that the user can see only a single printer queue and both connectors will also serve the same one.
YSoft OMNI API
The YSoft OMNI API is a common backend part for both the YSoft OMNI UP365 connector and UP Connector for the integration with YSoft SafeQ. It makes it possible for Y Soft to connect the Microsoft 365 customer tenancy with YSoft tenancy, allowing both tenancies to interact in a secure manner. When the Universal Print connector is first installed it communicates with the YSoft OMNI API for the purpose of registration and identify what Microsoft 365 domain the customer is using, the secure printer is registered easily without any customer interaction or configuration. The only detail that needs to be provided to YSoft is the customer's administrator email address for the purpose of identifying and providing the customer tenancy and providing access to the YSoft OMNI API.
Security
The only piece of information retained by the YSoft OMNI API is the customer administrators email address for the purpose of identifying the customer tenancy. This is done at the time of installation of the UP Connector. The customer is signing in to Azure AD. The information is protected using Microsoft 365 security already implemented by Microsoft, the details can be found here https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide.
In Microsoft 365, encryption is turned on by default. Users do not have to take any action or enable any configuration; it is seamless encrypted using service-managed keys and AES-256 encryption. Universal Print, as a feature in Microsoft 365, uses this same proven encryption platform. YSoft OMNI API applies the same concept of security by default and leverages the encryption provided by Microsoft to secure both data in transit and data at rest. When data is in transit, it uses Transport Layer Security (TLS). For data at rest, it relies on the Microsoft 365 storage security where any sensitive data is being held.