Private Cloud over Company Network

This document covers deployments of YSoft SafeQ in organizations with "downstream" connectivity, with VPN (or other network-bridging technology).

Quick Links:

  • For deployments over public internet and without VPN (or other network-bridging technology) see YSoft SafeQ in Private Cloud over Public Internet (work in progress, contact Y Soft support for more information).

  • For integrations with public cloud platforms (Azure SQL, Azure AD, AWS S3, Google Cloud Print, ...), regardless of VPN connectivity, see YSoft SafeQ with Public Cloud Providers.


This document describes how organizations are using YSoft SafeQ 6 in private cloud. The solution can be deployed in multiple ways:

  • Fully on their own infrastructure, i. e. company managed data center,

  • or fully utilizing infrastructure of a public cloud provider (Microsoft Azure, Amazon Web Services, Google Cloud or others),

  • or a combination, i.e. hybrid cloud,

  • or an edge device for server-light deployments, e.g. SafeQube .


images/download/attachments/185189525/image2020-2-27_11-22-40.png


It is important to note that in any of the scenarios below, users enjoy the full functionality of YSoft SafeQ 6 , including Automated Scan Workflows or Mobile Print capabilities . Users print from one print queue and Print Roaming ® – the ability to pull-print from any printer in the environmen t – is fully available . In each of the four options described below , YSoft SafeQ is deployed in public cloud utilizing hardware and software that is isolated for the customer.

Upstream Connection Initiation Principle

The Upstream Connection Initiation Principle has been used to eliminate the requirements for open ports on workstations, laptops, and even site servers. This principle dictates that any YSoft SafeQ components from lower tiers always open and initiate network communication on the Network/Transport Layer (TCP and UDP/IP) to the higher tiers (green arrows) and not vice versa (red arrow). For more information refer to YSoft SafeQ 6 Architecture Overview Whitepaper.

images/download/attachments/185189525/image2018-9-28_11-10-3.png


Especially when deploying Terminal Embedded into individual MFDs, it is required that the server (Upper Tier) can communicate to the MFD (Lower Tier) and can initiate the connection. As a result, it is required that, for full YSoft SafeQ functionality, the connectivity between Public Cloud and local network exists.

Combining the Concepts - Scalable Architecture

YSoft SafeQ architecture elements can be seamlessly combined within a single environment. Customers can then easily use a solution similar to this one, including locations printing over public Internet see YSoft SafeQ in Private Cloud over Public Internet (work in progress, contact Y Soft support for more information) :


images/download/attachments/185189525/image2020-2-6_15-29-56.png


See YSoft SafeQ 6 Architecture Overview whitepaper for more details.

Partner Managed YSoft SafeQ as a Service

When YSoft SafeQ 6 is deployed partially in public cloud and partially on-premise or entirely in the public cloud, the opportunity exists for partners to offer management of YSoft SafeQ 6 as a managed service. This affords a new business model for the service provider: a partner managed YSoft SafeQ service.

Workstation Print Queues

For most implementations, there are two major touch points, where users interact with the system:

  1. Submitting a print job, and

  2. authenticating at a terminal and releasing the print job.

The former is arguably a lot more complex to decide, as not one option is flaw-less. There will always be a trade off to consider, being it availability for ease of deployment, security for speed or serviceability for diversity. In each of the scenarios below, any option is available. More, any combination of print queues can be deployed, they are not mutually exclusive.

Pay attention to security of a solution. See YSoft SafeQ FlexiSpooler Security considerations.

Cloud First - Lean

YSoft SafeQ 6 in the public cloud is i deal for small to medium-sized businesses , typically with a single site location, whe n cost is the major factor . Depending on the the requirements, the entire system can be operated from a single server. Bandwidth preserved by taking advantage of Client Based Print Roaming. The full scope of the YSoft SafeQ functionality is available in this scenario.

While there is no application level clustering, failover or load balancing in this particular sample architecture, public cloud providers typically have many safe guards available to ensure VM's availability, and guarantee it in their SLAs.

images/download/attachments/185189525/Private_Cloud_-_Company_Network_-_SMB.png

Cloud First - Redundant

Larger organizations are typically concerned with high availability, redundancy/failover and the ability to scale print services as the company grows. In much the same way that YSoft SafeQ 6 can scale on-premise, it can also scale on public cloud infrastructure. This is accomplished by Active-Active application-level clustering of the Management Server tiers and/or Site Services tiers. On the schematics below, both Site Services and Management Servers are fully redundant. In this option, users can print using Client Based Print Roaming, server-based Print Roaming or both, for pull-printing to any printer in the YSoft SafeQ environment. Scan, print, copy and fax job metadata is collected for reporting and accounting purposes.

Full scope of YSoft SafeQ functionality is available in this scenario.

images/download/attachments/185189525/Private_Cloud_-_Company_Network_-_redundant.png

Hybrid Cloud

Some organizations may wish to utilize the cloud only for print job metadata collection and reporting/accounting purposes, keeping authentication and, most importantly, print job data onsite. In this hybrid option, the YSoft SafeQ Site Services tier is on-premise to handle the processing of the print job. Scan and print job meta data is collected for reporting and accounting purposes. Schematics below shows the YSoft SafeQ 6 architecture in this way. This option can also cluster Management servers and/or Site Services as needed, giving options for growth. Needless to add, that full scope of YSoft SafeQ functionality is available in this scenario.

If a connection to the cloud is lost, the local Site Services can go into offline mode where authentication and printing can still be available.

images/download/attachments/185189525/Private_Cloud_-_Company_Network_-_hybrid.png

Combination

The largest organizations usually require different approaches in different locations:

  • some locations taking advantage of highly redundant cloud environment with CBPR,

  • others printing to local Site Server cluster,

  • and lastly the smallest branches, where local infrastructure is not feasible and bandwidth is limited.

All those needs can be met by a single YSoft SafeQ environment, the architecture can be modified and expanded as the organization grows. Again, full scope of YSoft SafeQ functionality is available in this scenario.

images/download/attachments/185189525/Private_Cloud_-_Company_Network_-_combination.png