Configuring Toshiba Device
Requirements
YSoft SafeQ currently supports models based on the eBX architecture. A list of compatible devices is available on the Partner Portal in the Hardware Compatibility List (HCL).
Auto-installation of YSoft SafeQ Terminal Embedded requires an MFD firmware version supporting SDK 2.4 or higher.
Limitations can be found on page Requirements and Known Limitations of YSoft SafeQ Embedded Terminal for Toshiba.
Authentication
Enabling property internalLdapAllowNonsecureProtocol allows sending user credentials (entered on Toshiba device) unencrypted which could be misused by an attacker for unauthorized access. Use it only when there is no other option.
Certificates
After the first installation of YSoft SafeQ Terminal Embedded, it is necessary to upload a CA certificate to the device to make sure that communication with Terminal Server is trusted.
If you do not mind security issues you can use SafeQTerminalServer.crt certificate from the Certificates folder in the installation directory of the Terminal Server.
In the case of updating from MU38 or lower, it is necessary to upload the safeqds.cer certificate from the product installation package.
How to with certificates
How to generate new specific certificate - System communication hardening
How to select a certificate on Terminal Server - Configuring secured connection between terminals and Terminal Server
How to convert from Personal Information Exchange to the common PEM files - Conversions between different keystores and certificate types
Uploading the CA certificate
Go to Administration > Security > Certificate Management.
In the section CA certificate, select the CA certificate (PEM) radio button.
Click Browse..., and choose the correct certificate file in PEM format.
Press Upload.
Toshiba uses strict security rules and generic certificates might not work. For devices based on e-BRIDGE NEXT or later architecture it is necessary to generate IP-specific certificate to suppress SSL/TLS warnings.
Allowing direct printing
If you want to use direct print, it is necessary to allow printing for unauthenticated jobs. Navigate to Administration > Security > Authentication. You need to configure the section User Authentication Setting.
Configure the option Authentication failed print job/Raw Print Job to Print.
With this setting, any print made directly to the printer would be printed. To prevent unwanted prints, set up IP filtering ( Administration > Setup > Network > Filtering).
Allowing card readers
If you do not see the configuration for card authentication, turn off the device and follow these steps:
Connect the USB card reader.
Turn on the device.
Enter the service menu.
On the next screen, enter 3500 and press the green start button.
Now enter 60001 and press OK.
Now enter 9398 and press the green start button again.
Enter eBMUserCard and restart the printer.
Now you should be able to continue configuring the LDAP server.
A list of Toshiba devices with the required FW versions that support USB card readers and the card reader registration procedure (needed when the Toshiba MFD FW version is a lower than the FW the YSoft USB card reader has already preregistered) can be found in the Configuring Toshiba to work with YSoft USB Card Reader.
Configuring the time
Time settings have to be configured for proper accounting of jobs and assignment of billing codes to these jobs.
Go to Administration > General and configure Daylight Saving Time Settings to comply with the configuration of your server where Terminal Server is running.
Next, there are two options possible, based on the availability of an SNTP (time) server in your network:
If an SNTP server is available, set all the necessary details in the section SNTP Service and set your timezone.
If an SNTP server is not available, in the section Date & Time, set the timezone, date, and time to the time of the Terminal Server. Also, disable SNTP server.
Be sure to set the time as precisely as possible (in means of seconds) to avoid errors in assigning billing codes to scan jobs and copy jobs. It is better for the MFD to have the clock set slightly ahead, than behind.
Displaying the YSoft SafeQ application screen after a successful login
To improve the experience with the Toshiba Embedded application, we recommend performing the following steps to display the YSoft SafeQ application as the initial screen after a successful login.
Enter the service menu.
Press 9955 to change the Extension label to SafeQ and click OK to save.
Press 9132 and insert value 99.
Configuring Accounting
If you are planning to install the accounting feature, you need to delete old job logs before installing the embedded terminal.
Go to Administration > Logs > Export Logs and click all the buttons that are highlighted below. Optionally, the logs can be exported using the Create New File buttons.
Configuring the HTTP and HTTPS ports
The MFD uses port numbers 40629 and 40630 for HTTP and HTTPS communication.
If you are planning to use different port numbers, you have to change the values of the configuration properties openPlatformHttpPort and openPlatformHttpsPort and change the port numbers on the MFD web.
Set the property openPlatformHttpPort (expert view) for HTTP communication .
Set the property openPlatformHttpsPort (expert view) for HTTPS communication .
Go to Administration > Setup> ODCA and change the values of the ports. Then click the Save button.
Additional requirements
YSoft SafeQ verifies the originating device against the list of active devices in the database. For this purpose, the translation of the MFD's IP address to the hostname/FQDN using standard Windows features (DNS/NetBIOS) is performed. Please make sure the MFD is properly registered in the DNS or WINS server as delays in translation may lead to timeouts or failures during authentication.