Deploying YSoft SafeQ Client v3 in the Server Mode
YSoft SafeQ Client v3 in the Server Mode is a mode which receives print jobs and print job metadata from non-spooling clients and stores them locally on the server.
Requirements
TLS Certificate - you can use the same one as YSoft SafeQ Job Service uses
The certificate will be used for the HTTPS communication between YSoft SafeQ Client v3 in the Client Non-Spooling mode and YSoft SafeQ Client v3 in the Server mode
This certificate must be trusted by the workstation
YSoft SafeQ FlexiSpooler service must be disabled or YSoft SafeQ Client v3 must use different ports for print job reception.
YSoft SafeQ Client v3 in the Server Mode must be configured to connect to YSoft SafeQ Job Service via localhost, i.e. SiteServerHosts must be set to localhost (or 127.0.0.1). This means that the certificate validation has to also be disabled by using DisableCertificateValidation. This doesn’t have any security implications because the communication is only on localhost.
Installation
Example of script usage
Following is a command which will install YSoft SafeQ Client v3 in the Server Mode
.\install.ps1
-SiteServerHosts
localhost
-DisableCertificateValidation
-SpoolerMode
"Server"
-HttpsCertificateStoreLocation
"LocalMachine"
-HttpsCertificateStoreName
"My"
-HttpsCertificateThumbprint
"2E69C921F3F417C176A299F1CC9A163FC925C019"
Note that the communication between YSoft SafeQ Spooler and YSoft SafeQ Job Service is happening entirely over the loopback network interface. As it is very uncommon for the TLS certificate of YSoft SafeQ Job Service to be issued for the "localhost" DNS name, the validation of its certificate should be disabled.
Receiving print jobs over IPP
YSoft SafeQ Client v3 in the Server Mode will by default also listen on 631 port for print jobs sent over IPP.
YSoft SafeQ Client v3 will by default use IPPS with the TLS certificate configured during installation.
You can use following options to configure the IPP receiving in the `local.json` file
IPP Configuration{
...
"JobReceivingOptions"
: {
"IppReceivingEnabled"
:
true
,
// Enables/disables IPP receiving
"UseIpps"
:
true
,
// Enables/disables IPPS
"IppPort"
: 631
// Sets the port over which the client will receive IPP requests
}
...
}
Receiving print jobs over LPR
YSoft SafeQ Client v3 in the Server Mode will by default also listen on 515 port for print jobs sent over LPR.
The port 515 is the default port for LPR, and also YSoft FlexiSpooler will be listening to the same port in case it is installed on the same machine. One can either change the port for spooler or disable FlexiSpooler in order to use the 515 port, or disable LPR receiving for spooler.
You can use following options to configure the LPR receiving in the `local.json` file
{
...
"JobReceivingOptions"
: {
"LprReceivingEnabled"
:
true
,
// Enables/disables LPR receiving
"SQLPRPrt"
: 515
// Sets the port over which the server will receive LPR requests
}
...
}
Security Remark for print job reception over LPR
These are the consideration that Admins should keep in mind when activating the LPR interface
There is no authentication available to a user, so everyone is effectively anonymous
An attacker could make it look like a job is coming from a different user
An attacker could trick a user into print a modified document instead of his own
An attacker could access the user's data by impersonating the server