tracking

Nuance SafeCom Smart Printing

Solution Design Guide

D10909-11
October 2013
 Trademarks: Nuance, the Nuance logo, SafeCom, SafeCom Go, SafeCom P:Go,
SafeCom ePay and the SafeCom logo are trademarks of Nuance
Communications, Inc. or its affiliates in the United States and/or other
countries. All other trademarks referred to herein are the property of their
respective owners. Nuance Communications, Inc. cannot be held responsible for
any technical or typographical errors and reserves the right to make changes to
products and documentation without prior notification.

Third Party Software: This software may contain third party software which
requires notices and/or additional terms and conditions. Such required third
party software notices and/or additional terms and conditions are located in
the SafeCom Third Party Notice document.

Patent: Nuance Communications, Inc. has received the following British patent
GB 2350 713 B, US patent US 6,952,780 B2 and Europe EUR EP1 120 701.

© Copyright 1995 - 2013 Nuance Communications, Inc. All rights reserved

Nuance Communications, Inc.

Lautrupvang 12
DK-2750 Ballerup
Denmark

Phone: +45 4436 0240

E-mail: safecom_info@nuance.com
Web: safecom.eu

D10909-11 2
 Table of contents
1 Introduction ............................................................................................5
1.1 Audience ..................................................................................... 5
1.2 Additional documentation ................................................................ 5
1.3 About this manual.......................................................................... 5
1.4 Document history .......................................................................... 6

2 Solution Architecture ................................................................................7

2.1 Single Server or multiserver installation? .............................................. 8
2.2 How many devices must be SafeCom enabled? ....................................... 8
2.2.1 Type of print jobs .......................................................... 8
2.2.2 Number of pages printed ................................................. 9
2.2.3 Concurrent connections ................................................... 9
2.3 What are the requirements to uptime? .............................................. 10
2.3.1 Failover .................................................................... 11
2.3.2 Clustering .................................................................. 11
2.3.3 Disaster Recovery ........................................................ 11
2.4 How is the organization situated geographically? .................................. 12
2.4.1 Locally stored documents versus server stored documents....... 12
2.4.2 Sample bandwidth calculation ......................................... 14
2.4.3 Print Client on Windows Print Servers ................................ 14
2.4.4 Install SafeCom Push Port on Print Server ........................... 14
2.4.5 Keep print jobs within a branch ....................................... 15

3 SafeCom Servers .................................................................................... 16

3.1 Server requirements ..................................................................... 16
3.2 Multiserver overview .................................................................... 16
3.3 SafeCom master server ................................................................. 17
3.4 SQL master server ........................................................................ 17
3.5 SafeCom slave server .................................................................... 17
3.6 SafeCom home server ................................................................... 18
3.7 Print server ................................................................................ 18
3.8 SafeCom Device Server.................................................................. 19
3.9 Virtualization ............................................................................. 19
3.9.1 VMware versus Microsoft Cluster ...................................... 20
3.10 What happens if servers or network connections are down? ..................... 20

4 SafeCom Databases ................................................................................. 21

4.1 Database requirements ................................................................. 21
4.2 Import users into SafeCom ............................................................. 22
4.3 The four databases ...................................................................... 23
4.3.1 SafeCom Server and SQL server details .............................. 25
4.4 Scripts to manually create the databases ........................................... 25
4.5 SQL replication ........................................................................... 26
4.5.1 SQL Replication ........................................................... 27
4.5.2 SQL users and rights ..................................................... 28
4.5.3 Security Role Requirements for Replication Setup ................. 28
4.5.4 The day to day basis operations (covered in Security Role
Requirements for Replication Maintenance) ........................ 30
4.5.5 Domain user ............................................................... 31
4.6 Database backup ......................................................................... 32
4.7 Database restore ......................................................................... 32
4.8 SQL database mirroring ................................................................. 33

5 Security ............................................................................................... 34
5.1 Network and firewall .................................................................... 34
5.2 Encryption ................................................................................. 34

D10909-11 3
 5.2.1 Prerequisites .............................................................. 34
5.2.2 RSA versus AES ............................................................ 34
5.2.3 Encryption of security sensitive fields ................................ 35
5.2.4 Device license and user encryption settings......................... 35

6 User accounts ........................................................................................ 37

6.1 Built-in user accounts ................................................................... 37
6.2 Administrator ............................................................................. 37
6.3 Technician ................................................................................. 37

7 Frequently asked questions ...................................................................... 38

7.1 Can we print from non-Windows solutions? ......................................... 38
7.2 Can we integrate SafeCom with other business systems? ......................... 38
7.3 Audit of changes ......................................................................... 38
7.4 Reporting with SafeCom Reports ...................................................... 38

8 Appendix A: Questions on service availability ............................................... 39

8.1 Device availability with Pull Print ..................................................... 39
8.2 Direct print as an alternative .......................................................... 40
8.3 Disable access control on MFPs ........................................................ 40
8.4 Tracking server is down ................................................................. 40
8.5 Device SLA ................................................................................. 40
8.6 Server SLA ................................................................................. 40

9 Appendix B: Support services .................................................................... 41

9.1 Windows event log ....................................................................... 41

D10909-11 4
1 Introduction

1 Introduction
1.1 Audience
This manual is intended for IT professionals involved in designing SafeCom
Smart Printing solutions. The manual supposes that the reader is a certified
SafeCom professional.

1.2 Additional documentation

 SafeCom G4 Administrator’s Manual D60650
 SafeCom G4 Cluster Administrator’s Manual D60652
 SafeCom Device Products Feature Set Overview D10940
 SafeCom Smart Printing Installation Completion Checklist D10911

1.3 About this manual

This manual applies to SafeCom G4 Server version S82 070.520*01.

This manual is organized as follows:

 Chapter 1 Introduction lists the supplied SafeCom documentation, how

the manual is organized, and the history of the document.
 Chapter 2 Solution Architecture helps the reader determine whether a
SafeCom solution should be based on a Single server or multiserver
installation.
 Chapter 3 SafeCom Servers lists the different SafeCom Servers and their
requirements.
 Chapter 4 SafeCom Databases describes the four databases, the
requirements, and the possibilities of backup.
 Chapter 5 Security lists the requirements for network and firewall as well
as describes how documents are encrypted with a SafeCom solution.
 Chapter 6 User accounts describes the Administrator and Technician
rights for users.
 Chapter 7 Frequently asked questions answers the most common
questions.
 Chapter 8 Appendix A: Questions on service availability answers the
most common questions on service availability.
 Chapter 9 Appendix B: Support services describes the Windows log

D10909-11 5
1 Introduction

1.4 Document history

Revision D10909-11

 Added section on Security Role Requirements (4.5.3 and 4.5.4).

Revision D10909-10

 Added the section Sample bandwidth calculation (2.4.2).

Revision D10909-09

 Updated to reflect SafeCom G4 Server version S82 070.510*01.

 Sizing information updated to reflect 64-bit support (2.2).
 Updated (4.6) to now state that backup of database on slave servers is
needed to prevent database transaction logs from growing endlessly.

Revision D10909-08

 Manual restructured into 6 new sections (Solution Architecture, SafeCom

Servers, SafeCom Databases, Security, User accounts, and Frequently
asked questions).

Revision D10909-07

 Updated to reflect SafeCom G4 Server version S82 070.500*01.

Revision D10909-06

 Updated to reflect SafeCom G3 Server version S82 070.440*03.

 Sizing information updated to reflect 64-bit support (2.2).

Revision D10909-05

 Update to section on Database backup (4.6).

Revision D10909-04

 Using SafeCom Print Client on a print server (2.4.3).

 Updated to reflect that SQL Server 2000 is not supported.

D10909-11 6
2 Solution Architecture

2 Solution Architecture
In this chapter you will learn to determine which customers can manage with a
SafeCom Single Server installation and which customers need a SafeCom
Multiserver installation.

Often a single server installation is enough:

A small size organization with 200 employees has realized that money can be
saved if they consolidate their dispersed mixed printer fleet to 10 new MFPs
and enforce print policies among the employees. The organization is a typical
organization where the majority of print jobs come from MS Office. This tells
you that the load on the SafeCom server is limited, which means that a
SafeCom single server solution will be enough.

Even with significantly more devices and users a single server solution can
be sufficient:

A medium size organization with 3000 employees sees a similar potential in

their print environment where the majority of print jobs also come from MS
Office. The organization invests in 150 new MFPs and they want to reuse 40 of
their existing printers.

Considering that a SafeCom Server can handle up to 200 devices and

approximately 3000 users you know that a SafeCom Single Server installation is
still sufficient for this customer. This is assuming that the users’ print jobs do
not involve graphics heavy documents or significant print peaks where a large
number of users print at the same time.

In response to an organization spread geographically a SafeCom multiserver

solution can be just the right thing:

An organization has offices in three countries. Because they often print

graphics heavy PDFs, you recommend placing a master and a slave server in the
head office and a slave server in each of the other countries in order to ease
the load on servers and network.

For an organization where printing is critical and availability is the highest

priority a SafeCom Multiserver installation required:

For a customer in the financial sector printing is business critical. To address

this requirement you suggest a SafeCom Multiserver installation (requires a
SafeCom Enterprise Server license) as it gives the customer immediate benefit
from the server failover functionality of the SafeCom solution. The highest
degree of resilience/availability can be achieved by running the SafeCom
Server software on a Microsoft Cluster (requires a SafeCom Cluster Server
License). If the customer has documented processes for disaster recovery you
can also consider a SafeCom Enterprise Disaster Recovery License.

D10909-11 7
2 Solution Architecture

Considering limited bandwidth issues, storing print jobs locally with

SafeCom Print Client can reduce up to 50% of the print related traffic:

A European organization has several small sales-divisions in Asia-Pacific where

bandwidth is known to be limited and where the IT policies support installation
of servers locally. In order to be less dependent on bandwidth you and the
customer consider if the print jobs should be stored locally with SafeCom Print
Client.

2.1 Single Server or multiserver installation?

When determining whether to go with a SafeCom single server or multiserver
installation you need to know the following about the customer:

 How many devices must be SafeCom enabled? (2.2)

 What are the requirements for uptime? (2.3)
 How is the organization located geographically? (2.4)

2.2 How many devices must be SafeCom enabled?

A single server can as a rule of thumb handle up to 200 devices and 3000 users,
so if the customer has more than 200 devices we recommend going with a
SafeCom Multiserver installation.

Server installation Devices Users

Single server <200 <3000

Multiserver >200 >3000

2.2.1 Type of print jobs

Furthermore, you need to consider if the customers standard type of print jobs
are regular office print jobs or for example graphics heavy PDFs which have a
considerable effect on the SafeCom Server. If the customer prints graphics
heavy print jobs, we recommend scaling the number of devices thereafter to
for example 150 devices per server.

If you have a ‘users per device’ ratio of for example 15, then you can use this
to convert number of users into number of devices (4500 users=300 devices).

D10909-11 8
2 Solution Architecture

2.2.2 Number of pages printed

Another way of determining the number of SafeCom servers required is by
looking at the number of printed pages a server can handle. This is further
dependent on whether the print jobs are stored locally with SafeCom Print
Client or directly on the SafeCom Server:

Locally stored Server stored

documents documents
Sizing 32-bit: Sizing 32-bit and 64-bit:

 8 M pages per month per server  3 M pages per month per server
 800 devices per server  300 Pull print devices per server

Sizing 64-bit:

 12 M pages per month per server

 1500 devices per server

The sizing information is only a rule of thumb and assumes use of contemporary
(anno 2012) computer hardware. Several factors influence the sizing, such as
CPU, I/O, RAM, network bandwidth, and user concurrency (how many users are
printing at the same time). On 32-bit systems the number of concurrent
connections is likely to be the limiting factor (2.2.3).

On identical computer hardware there is no performance increase in using 64-

bit instead of 32-bit. However, always use the 64-bit edition of SafeCom G4
Server on 64-bit Windows OS, as using the 32-bit edition somewhat decreases
performance.

2.2.3 Concurrent connections

The number of SafeCom components, concurrent users, and print jobs the
SafeCom server needs to manage has great impact on the requirements to the
servers and disk space.

A 32-bit SafeCom G4 server can handle about 2000 concurrent connections. By

using 64-bit the amount of concurrent connections that a server can handle
increases ten-fold to 20000. Each connection (or thread) occupies
approximately 1 MB RAM.

D10909-11 9
2 Solution Architecture

Below is an overview of connections used by a SafeCom server:

Connections used by
SafeCom server
Per Extra per Extra per
SafeCom components connected concurrent concurrent
component user login print job
SafeCom Slave Server 6 0 0
SafeCom Print Server1 6 0 1
SafeCom Print Client2 3 0 1
SafeCom-enabled MFP or printer 0 1 1
3
SafeCom Device Server 1 1 1
SafeCom Web Interface 3 1 0

When estimating the concurrent connections, be sure to base it on possible

print peaks (times when the maximum amount of concurrent users log in and
the maximum concurrent print jobs occurs) and not an average based on weeks
or months. The SafeCom servers and databases must be powerful enough to
handle all print jobs, also when it’s the most hectic.

2.3 What are the requirements to uptime?

In some organizations printing is business critical; server failover lists are
defined, print servers are clustered and there is managed print service with
well-defined SLAs (service level agreement). In other organizations print
servers are running on secondary hardware and there is no backup or disaster
recovery process in place and if a printer is out of toner or defect there is no
defined process for getting it up and running again.

In general one should apply the same measures taken to ensure availability of
Windows print servers and Windows domain controllers. Typical technologies
that can be applied to reduce risk of failure are:

 Hard disks use RAID or similar technology.

 Network connections are duplicated.
 Microsoft Cluster Service.
 Virtualization.

Further server uptime is offered with SafeCom, but it requires a SafeCom

Multiserver installation:

 Failover (2.3.1)
 Clustering (2.3.2)
 Disaster Recovery (2.3.3)

For more information on how to increase availability refer to section 8.

1
SafeCom Print Server. A computer with SafeCom Pull and/or SafeCom Push printers.
2
SafeCom Print Client. It is assumed that the SafeCom Pull Port is referencing localhost
(SafeCom Print Client) and not a SafeCom Server.
3
SafeCom Device Server uses multiplexing and will open one physical connection for
every 50 devices.

D10909-11 10
2 Solution Architecture

2.3.1 Failover
High level of availability can be achieved by specifying a prioritized list of
servers that users should be moved to in the event that their home server
becomes unavailable. Users with special rights are not moved as they always
have the SafeCom master server as their home server. It is a prerequisite that
the SafeCom master server and the SQL master server are available.

During failover, the user’s home server maintains a list of the user’s pending
print jobs, but the print jobs remain at their location. The user’s home server
will automatically be reset to the original home server when it becomes
available again. To avoid excess network load pending documents are not
moved when the user’s home server changes which means that users have to
submit their documents for printing again.

For more information on setting up failover refer to SafeCom G4

Administrator’s Manual D60650.

2.3.2 Clustering
The SafeCom server and the SafeCom printers on Windows 2008 and 2003 are
cluster-aware (requires a SafeCom Cluster Server license), and the SafeCom
server supports Active-Passive server.

If a node in a failover cluster stops working another one takes over. This gives
unprecedented high availability. Refer to microsoft.com for additional
information on hardware and software requirements.

2.3.3 Disaster Recovery

SafeCom Disaster Recovery is a way to secure minimum downtime on a SafeCom
installation. SafeCom Disaster Recovery is available for both single server
installations and multiserver installations.

Disaster Recovery covers the following situations:

 SafeCom master server is lost.

 SQL master server is lost and mirroring is used.
 SQL master server is lost.
 SafeCom slave server is lost.

Using disaster recovery requires purchase of SafeCom Disaster Recovery

License. Once purchased the customer is granted access to the following:

 An extra SafeCom Server License to be installed on the recovery server.

 A series of SQL scripts required for the recovery process.
 A disaster recovery manual that describes the disaster recovery process in
detail.

D10909-11 11
2 Solution Architecture

2.4 How is the organization situated

geographically?
Information on the customer’s available network and bandwidth is essential
when determining how many SafeCom Servers are necessary, as well as the
type and location of the servers.

Considering limited bandwidth issues, storing print jobs locally with SafeCom
Print Client can reduce up to 50% of the print related traffic as documents
travel on the network only once, and thereby influence the number of
necessary SafeCom Servers and print servers.

2.4.1 Locally stored documents versus server stored documents

SafeCom G4 server offers three ways of storing Pull Print documents. It is
recommended to store documents on the SafeCom Server unless the bandwidth
or network available is limited, in which case storing the documents on either
the users’ computers or on the Print Server is preferable:

 SafeCom server stored documents

The SafeCom server acts as a print server, authentication, and tracking
server and hosts shared printers. When the user prints, the document is
transferred to the user’s home server. Documents remain on the server
until collected or deleted.

 Local stored documents on users’ computers

The SafeCom Print Client software and local printer is installed on the
user’s computer. When a user prints, the document is stored on the hard
disk drive of the user’s computer. Since print processing is offloaded to
the user computer the SafeCom server does not act as print server, but as
authentication and tracking server.

 Print server stored documents

The SafeCom Print Client software is installed on the print server and
printers are shared. When the user prints, the document is transferred to
the print server and the user’s list of pending documents is updated on
the user’s home server. Documents remain on the print server until
collected or deleted.

D10909-11 12
2 Solution Architecture

Corporate Network Corporate Network

SafeCom Server SafeCom Server

DB DB

Branch network Branch network

Print Server

Control data Control data Control data Control data

SafeCom
Print Client

SafeCom SafeCom-enabled SafeCom-enabled

Print Client printer / MFP printer / MFP

Print data
Print data

Figure 1 Locally stored documents on Figure 2 Print server stored documents

users’ computers

The following table lists the things you need to consider when deciding on
storing documents locally with the SafeCom Print Client or on the SafeCom
Server:

Locally stored Server stored

documents documents
Network load  Documents are  Documents are
transferred once over the transferred twice over the
network. network.
 When a user collects his  When a user prints, his
document it is transferred document is transferred
to the device from the to the server hosting the
user’s computer. shared print queue.
 When the user collects his
document it is transferred
to the device from the
server.
Submit print,  SafeCom master server if  SafeCom master server if
online user has not printed user has not printed
dependency before before
 User’s home server  User’s home server
 Server with the shared
printer queue
Collect print,  User’s home server  User’s home server
online  User’s computer or print  Server where the
dependency server with print client document is stored
installed.

D10909-11 13
2 Solution Architecture

2.4.2 Sample bandwidth calculation

A branch that prints 30 jobs an hour would approximately consume between
200 – 250 KB per hour for control data. A branch with a bandwidth of 56 Kbps
can handle 7 KB per second (25.200 KB per hour). In this case SafeCom control
data consumes 1% of the bandwidth.

The expected bandwidth consumption in regards to control data is as follows:

Job submission:
Control data from the computer to the server (print data stored locally at
computer):

 3 KB.

Job collection at the device:

Control data from device to the server. Print data is transferred from computer
to device:

 3 KB per login session.

 0.2-0.3 KB per job.
 0.1 KB per scanned pages.
 0.1 KB per pull printed page if Post Tracking is enabled. Post tracking can
be enabled on selected devices and allows the tracking data to be
adjusted based on what was actually printed on the device.

Keep alive:
Control data between device and server (every 60 seconds)

0.5 KB per keep alive signal.

2.4.3 Print Client on Windows Print Servers

It is possible to distribute the print processing task to ordinary Windows print
servers by doing a SafeCom client installation on these. However, this will
increase the network load, as Pull Print jobs will have to go onto the network
an extra time (to get transferred from the Windows print server to the user’s
home server). This may slow performance if the resulting print jobs tend to be
big in terms of file size. One cannot assume that the print job will be small in
file size, just because the original document is small. We have seen examples
where a 1Mb (2-page) PDF file grew to +500Mb.

2.4.4 Install SafeCom Push Port on Print Server

The print processing task of SafeCom Push printers can be off-loaded to
ordinary Windows print servers by installing the SafeCom Push Port on the
print server and then creating the SafeCom Push printers and have them
reference one of the SafeCom slave servers.

D10909-11 14
2 Solution Architecture

2.4.5 Keep print jobs within a branch

In SafeCom Administrator it is possible to define branches and associate
devices and computers to these. Branches are used to ensure that devices
within the branch only allow collection of documents from computers that
belong to the same branch.

By keeping print jobs within the branch network and on users’ computers until
users log in at the device, bandwidth load is reduced.

Corporate Network

SafeCom Master SQL Master

Clustered

SQL

SafeCom Slave SafeCom Slave SafeCom Slave

DB DB DB

Branch network

Control data Control data

SafeCom SafeCom-enabled
Print Client printer / MFP

Print data

For more information on SafeCom Branches refer to SafeCom G4

Administrator’s Manual D60650.

D10909-11 15
3 SafeCom Servers

3 SafeCom Servers
This chapter describes the SafeCom multiserver concepts and the SafeCom
master server (3.3), SQL master server (3.4), SafeCom slave server (3.5),
SafeCom home server (3.6) and Print server (3.7).

3.1 Server requirements

For detailed information on server requirements, please refer to SafeCom G4
Administrator’s Manual D60650.

3.2 Multiserver overview

SafeCom Master SQL Master The entire configuration is
replicated (4.5) to the
SafeCom slave servers.
SQL
This way all the SafeCom
servers have the complete
configuration, including the
S1
SafeCom Slave
S2
SafeCom Slave
S3
SafeCom Slave
network details of each
other, and can communicate
directly rather than having to
rely on the SafeCom master
DB DB DB
server.

The SafeCom slave server

Figure 3 SafeCom multiserver solution uses the provided database
with SQL replication. SQL Server 2008 R2 Express.
Because the database
subscribes to the SQL master
server, no involvement of a
database administrator (DBA)
is required.

D10909-11 16
3 SafeCom Servers

3.3 SafeCom master server

The SafeCom master server is the administrative server and normally it does
not host any printers. The SafeCom master server MUST use an SQL master
server as it relies on the replication facilities of this. The SafeCom master
server deals with:

 Import of users: Users can be imported on a scheduled basis from Active

Directory (AD), Novel eDir, LDAP server, CSV file, or XML file.

 Collection of tracking data from the SafeCom slave servers.

 Home server (3.6) for Administrators, Technicians and Cashier users

within the SafeCom solution.

3.4 SQL master server

The SQL master server must run Microsoft SQL Server 2012, 2008 or 2005
(license from Microsoft is required). The SQL server can reside on the same
server as the SafeCom master server or on a separate server or in an SQL farm.
Tasks performed by the SQL master server:

 Master configuration; stores and replicates configuration data to all

SafeCom slave servers.

 Tracking data; stores the collected tracking data.

 Credit data; in a pay solution it stores user accounts (credits).

3.5 SafeCom slave server

The SafeCom slave server acts as:

 Print server: It hosts the shared SafeCom Pull Printers and SafeCom Push
Printers.

 Document storage: For Pull Print the users’ documents are stored and
encrypted on the slave server. With SafeCom G4 the documents can
instead be stored on users’ computers.

 Home server for standard users. It handles authentication, tracking,

storing, and printing of Pull Print documents.

D10909-11 17
3 SafeCom Servers

3.6 SafeCom home server

Each user is automatically assigned to a home server, typically one of the
SafeCom slave servers. The home server performs these tasks:

 Authentication. When a user logs in to one of the SafeCom components

the SafeCom system will redirect the user to the home server for
authentication.

 Tracking data (local). Whenever the user performs a job (print, copy or
scan) a tracking record is created. Tracking data is subsequently collected
on a scheduled basis by the SafeCom master server and thereafter
deleted from the home server.

 Document list. For Pull Print the list of the user’s documents is
maintained on the home server. Whenever the user submits or collects a
Pull Print document the list of documents is updated. The list contains
references to where the documents are stored.

 Document storage. For Pull Print the user’s documents are stored
encrypted on the SafeCom Server that the Pull Print queue points to.
With SafeCom Print Client the documents can instead be stored on users’
computers or on a print server.

3.7 Print server

The print processing task of SafeCom Push printers can be off-loaded to
ordinary Windows print servers by installing the SafeCom Push Port on the
print server and then creating the SafeCom Push printers and have them
reference one of the SafeCom slave servers.

D10909-11 18
3 SafeCom Servers

3.8 SafeCom Device Server

Looking ahead more and more printer vendors are offering a web server based
platform on their MFPs for integration of third party solutions, such as SafeCom
Go.

SafeCom Go for these devices will run on the SafeCom Device Server and no
SafeCom software needs to be installed on the devices. However, the computer
hosting the SafeCom Device Server must be running to allow users to use the
devices.

The user interface data flows between the device and the SafeCom Device
Server in connection with login, printing, logout, refreshing, status update
messages, etc. Latency is obviously a critical factor in any user interface
interaction and it may therefore become necessary to have the SafeCom Device
Server software run on a local computer within the local network instead of on
a server on the corporate network.

It is recommended to run SafeCom Device Server on a separate server. On a

dedicated server the Device Server can handle the load of twice as many
devices:

Device Server Number of devices

On dedicated server 200

On server with SafeCom

G4/G3 (2008 R2 64-bit on 100
dual core CPU with 4 GB
RAM)

3.9 Virtualization
The SafeCom products can successfully be deployed and run in a virtual
environment such as Microsoft Virtual Server and VMware as long as it supports
the operating system.

The underlying physical computer hardware and storage area network (SAN)
can be distributed across two or more data centers provided there is a fast and
resilient network connection (fiber) between the centers.

Achieving a high level of performance in the virtual environment relies on the

effective assignment of limited resource between multiple virtual servers.
Avoid installing two or more critical server roles on the same host virtual
server, especially if they require large amounts of the same resource at the
same time. Ensure that you have sufficient available resources (CPU, RAM,
Network, and I/O) on the host virtual server so as to not hinder the
performance of any single virtual server.

D10909-11 19
3 SafeCom Servers

3.9.1 VMware versus Microsoft Cluster

The differences between Microsoft Cluster and VMware are many, however
from SafeCom perspective there are crucial dissimilarities which may have a
great impact on redundancy of the solution.

The VMware with vmotion is a very powerful platform ensuring full redundancy
on the entire server level. However, the current public release of VMware
server cannot control each service as it is possible with Microsoft Cluster. When
using MS Cluster and a service fails within a defined threshold the server is
moved to another node for continues operation.

Furthermore virtualization, as it’s done through VMware, requires a powerful

SAN to provide the needed I/O performance, but it also is easier to scale a
VMware solution rather than an Microsoft Cluster solution.

3.10 What happens if servers or network

connections are down?
 If the SafeCom master server and/or SQL master server is down it is not
possible to make any configuration changes (Administrators cannot log in
to SafeCom Administrator). However, users with home server on one of
the SafeCom slaves will still be able to log in and print.

 If a SafeCom server is down, users who have the SafeCom server as their
home server (3.6) cannot log in. However, push printers that are
configured to allow printing at all times, can still be used on the servers
running.

Additional server availability can be achieved by specifying a prioritized

list of failover servers (2.3.1) that users should be moved to in the event
that their home server becomes unavailable.

 If the network is partly down, printing on and roaming between servers is

possible provided the servers can still communicate with each other
(meaning that they are not affected by the part of the network that is
down). If the network is completely down nothing is possible until the
network is up again.

D10909-11 20
4 SafeCom Databases

4 SafeCom Databases
A SafeCom server depends on the availability of its database. In most cases the
provided SQL Server 2008 R2 Express database can be used. In a solution with
multiple SafeCom servers the master SQL server must run Microsoft SQL Server
2012, 2008 or 2005.

The SafeCom server software uses Microsoft SQL databases to store

configuration data. The databases are typically installed on the SafeCom
server, but the databases can reside on a separate server or in a Microsoft SQL
farm.

In tracking solutions, the tracking database (4.3) will usually grow to a

significant size, whereas the job database (4.3) only grows slowly. The size of
the job database depends on the number of users and devices. For each job
tracked by SafeCom there is an equivalent record in the tracking database (2KB
/ tracking record).

When Offline tracking is enabled which by default it is, the tracking database
on the SafeCom slave is automatically emptied every time the SafeCom master
server has collected the tracking data.

However, the tracking database on the SQL master server is not emptied and
will continue to grow. It is therefore recommended to establish a procedure for
exporting and deleting old tracking data to keep the database size within the
defined limits.

This housekeeping process should handle the tables: scMoneyLoaderTracking,

scSanityTracking, and scTracking.

Tracking data can be exported and deleted directly using SQL tools.
Alternatively the SafeCom Administrator API’s ExportTracking or DeleteTracking
commands can be used.

In Pay solutions both the tracking and the money database (4.3) will continue
to grow. Even though a money database exists on each server only the money
database on the SQL master server is used. This is because there must only be
one single point to store and maintain users’ credits. The housekeeping process
should handle the table: scTransaction.

The SafeCom event database automatically deletes events that are more than
one year old.

4.1 Database requirements

For detailed information on database requirements, please refer to SafeCom G4
Administrator’s Manual D60650.

D10909-11 21
4 SafeCom Databases

4.2 Import users into SafeCom

The SafeCom solution can import user data from Active Directory or any other
LDAP-enabled directories. The import can be made secure by using SSL
(LDAPS).

The SafeCom solution uses the Microsoft ADSI interface when importing users.
ADSI is a set of extensible, easy-to-use programming interfaces based on
Microsoft's Component Object Model (COM).

The function ADsOpenObject is used to log in and bind to an IDirectorySearch

object. The ExecuteSearch method of the object is then used to actually do the
search for users.

Users can be imported from multiple sources, manually and/or on a scheduled

basis. Users can be imported from:

 Windows Active Directory

 Novell eDirectory (NDS eDirectory v.8.7.3 or later)
 LDAP server
 CSV file
 XML file

SafeCom Administrator is the application used to configure and administrate

the SafeCom solution. SafeCom Administrator can be installed on any Windows
computer and used to administrate all the SafeCom servers within TCP/IP range
of the computer.

D10909-11 22
4 SafeCom Databases

4.3 The four databases

SafeCom Job Database
Database: sccore
Backup file: sccore.bak
SQL ODBC DSN name: sccoremssql
Used by scJobServer.exe and scJobServer64.exe

Tables in sccore Replicated

scAliases R
scBillingCodes R
scBillingComb4 R
scBillingConfig5 R
scBillingFavorites R
scBillingLastUsed
scBillingUserInfo R
scBOPCInfo6 R
scBranchInfo7 R
scCardInfo8 R
scClientConfig9 R
scDatabaseInfo
scDelegates10 R
scDeviceInfo R
scDeviceServerInfo11 R
scDomainInfo R
scGroupInfo R
scGroupMembers R
scGroupRbpRule R
scJobInfo
scMainSettings R
scMasterServerVersion R
scPathInfo
scPriceScheme R
scPrinterInfo
scRbpAction R
scRbpCondition R
scRbpJobaction
scRbpRuleInfo R
scScheduleInfo12 R
scServerInfo R
scServerSettings R
scServerTemp
scStatisticsInfo

4
scBillingComb was introduced in SafeCom G3 Server version S82 070.410*01
5
scBillingConfig was introduced in SafeCom G3 Server version S82 070.410*01
6
scBOPCInfo was introduced in SafeCom G3 Server version S82 070.410*01
7
scBRanchInfo was introduced in SafeCom G3 Server version S82 070.410*01
8
scCardInfo was introduced in SafeCom G2 Server version S82 070.380*02
9
scClientConfig was introduced in SafeCom G3 Server version S82 070.420*01
10
scDelegates was introduced in SafeCom G3 Server version S82 070.440*01
11
scDeviceServerInfo was introduced in SafeCom G3 Server version S82 070.420*01
12
scScheduleInfo was introduced in SafeCom G2 Server version S82 070.380*03

D10909-11 23
4 SafeCom Databases

scTreeView R
scUserInfo R
scUserInfoLocal

SafeCom Event Log

Database: scevent
Backup file: scevent.bak
SQL ODBC DSN name: sceventmssql
Used by scEvent.dll

Tables in scevent
scDatabaseInfo
scEventLog

SafeCom Money Database

Database: scpurse
Backup file: scpurse.bak
SQL ODBC DSN name: scpursemssql
Used by scMoneyServer.exe and scMoneyServer64.exe

Tables in scpurse
scDatabaseInfo
scPayTicket
scTransaction
scTransactionCount

SafeCom Tracking Database

Database: sctracking
Backup file: sctracking.bak
SQL ODBC DSN name: sctrackingmssql
Used by scTrackingServer.exe and scTrackingServer64.exe

Tables in sctracking
scAggSavings
scBillingTracking
scMoneyLoaderTracking
scResourceTransform
scSanityTracking
scTracking
scTrackingCounters
scTrackingExport

D10909-11 24
4 SafeCom Databases

4.3.1 SafeCom Server and SQL server details

SafeCom Server Microsoft
SQL Server

component discover scBroadcastServer

user authentication
sccore
print job info scJobServer
database
print job storage

job tracking sctracking

scTrackingServer
database
tracking
data access

scpurse
user credit accounting scMoneyServer
database
credit
data access

scevent
event and audit logging scEventLog
database
event log
data access

Figure 4 SafeCom server and SQL server UML component diagram.

4.4 Scripts to manually create the databases

If required script files can be used to manually create the databases. The *.scs
files are included in the distribution and further instructions are available in
SafeCom G4 Administrator’s Manual D60650.

D10909-11 25
4 SafeCom Databases

4.5 SQL replication

A SafeCom multiserver solution consists of one SafeCom master server and one
or more SafeCom slave servers. The SafeCom master server relies on the
replication capabilities of its Microsoft SQL Server to ensure that all SafeCom
slave servers’ databases are up-to-date at all times.

The replication is transactional, meaning that only incremental changes are

replicated: The transactional replication will only involve what is changed
within the individual record and not the entire record.

When a SafeCom slave is added, a snapshot is generated and replicated to the

SafeCom slave database. The size of the snapshot depends on the number of
users (0.5Kb / user) and devices (0.5Kb / device).

The SafeCom slave servers can use the free Microsoft SQL Server 2008 R2
Express; it is not required to run a licensed Microsoft SQL Server.

Note: It is very IMPORTANT that SQL replication is working at all times and is
not set to expire. It is highly recommended to use the SQL 2012, 2008 and 2005
alerting capabilities to notify you when/if the replication stops.

The SafeCom event log will also log these two events:

 Abstract: Replication error

Severity: 2
Description: Replication possible stopped at yyyy-mm-dd hh:mm:ss

 Abstract: Replication running

Severity: 5
Description: Replication possible started at yyyy-mm-dd hh:mm:ss

D10909-11 26
4 SafeCom Databases

4.5.1 SQL Replication

The replication from the master server to the slave servers is transactional,
meaning that only incremental changes are replicated: The transactional
replication will only involve what is changed within the individual record and
not the entire record.

When a SafeCom slave is added, a snapshot is generated and replicated to the

SafeCom slave database. The size of the snapshot depends on the number of
users (0.5Kb / user) and devices (0.5Kb / device).

The SafeCom slave servers can use the free Microsoft SQL Server 2008 R2
Express; it is not required to run a licensed Microsoft SQL Server.

Note: It is very IMPORTANT that SQL replication is working at all times and is
not set to expire. It is highly recommended to use the SQL 2012, 2008 and 2005
alerting capabilities to notify you when/if the replication stops.

Note: If you are using SQL replication when adding a slave server, ensure that
you use the sp_changedistributor_password stored procedure, or the
Distributor Properties or Update Replication Passwords dialog boxes in SQL
Server Management Studio, as password changes are then applied to local
publications automatically. For more information, see here (for SQL Server
2012) or here (for SQL Server 2000).

SafeCom Master SQL Master This way all the SafeCom

servers have the complete
configuration, including the
SQL network details of each other,
and can communicate directly
rather than having to rely on
the SafeCom master server.
S1 S2 S3
SafeCom Slave SafeCom Slave SafeCom Slave
The SafeCom slave server uses
the provided database SQL
Server 2008 R2 Express.
Because the database
DB DB DB
subscribes to the SQL master
server, no involvement of a
Figure 5 SafeCom multiserver solution database administrator (DBA)
with SQL replication. is required.

D10909-11 27
4 SafeCom Databases

4.5.2 SQL users and rights

If you want to use another SQL database than the supplied SQL Server 2008 R2
Express database a temporary SQL safecominstall user must be created in
advance.

The SQL safecominstall user MUST have sysadmin rights, as it is required to

create the databases and the SQL safecom user with sysadmin rights that is
used for subsequent login.

The SafeCom software automatically gives the SQL safecom user a password
that is based on the SafeCom server name. The password complies with
Windows password complexity policies. Clear Enforce password policy as
forgetting to do this will prevent the solution from working when the password
is up for renewal.

The SafeCom Service will automatically create the SafeCom databases in the
Microsoft SQL Server the next time the SafeCom Service is restarted.

The SQL safecom user MUST have sysadmin rights to:

 Add or delete server

The SQL safecom user must have sysadmin rights to be able to modify the
SQL replication settings.

 Update software
The SQL safecom user must have sysadmin rights to be able to complete
the update in case new databases and/or tables need to be created.

Note: Though it is possible to limit the rights for the SQL safecom user for
day-to-day operation, we do not recommend reducing the rights of the SQL
safecom user to less than sysadmin rights.

4.5.3 Security Role Requirements for Replication Setup

The following table summarizes the authentication level necessary for common
replication setup tasks:

Setup Membership SafeCom

task requirement server usage
Enable a sysadmin server role on the Used only in multiserver
Distributor, Publisher. environments to enable
Publisher, or sharing of user, devices and
Subscriber. all other required fields
between SafeCom Servers.
This task is required on all
SafeCom servers.
Enable a sysadmin server role on the This is needed to enable the
database for Publisher. publisher role, as described in
replication. the above.

D10909-11 28
4 SafeCom Databases

Create a db_owner database role on the To share the information

publication. publication database at the required SafeCom needs this
Publisher or sysadmin server role to create publications which
on the Publisher. enable replication between
all SafeCom Servers.
View Member of the PAL at the This is not used by SafeCom
publication Publisher, db_owner database role Server, but only in
properties. on the publication database at the maintenance or in
Publisher, or sysadmin server role troubleshooting exercise,
on the Publisher. which is done through i.e. SQL
Studio Manager.
Create a db_owner database role on the This is used on all SafeCom
subscription. publication database at the Servers, as this is a part of
Publisher or sysadmin server role the handshake process when
on the Publisher. creating a replication
db_owner database role on the between SafeCom master
subscription database at the server and SafeCom slave
Subscriber or sysadmin server role server.
on the Subscriber.

Configure sysadmin server role on the This is used on the initial

agent Distributor. phase when creating
profiles. Distributor and Publisher on
the Master SQL server. This
can also be initialized during
maintenance or in
troubleshooting exercises.
This is used in SafeCom
upgrade scenarios

D10909-11 29
4 SafeCom Databases

4.5.4 The day to day basis operations (covered in Security Role

Requirements for Replication Maintenance)

The following table summarizes the authentication level necessary for common
replication maintenance tasks:

Maintenance Membership SafeCom

task requirement server usage
Modify or drop sysadmin server role on the This is used when deleting a
a Distributor, appropriate server. Slave server from the Master
Publisher, or server or modifying SafeCom
Subscriber. tracking settings, as these
needs to be reflected on the
replication. This is used in
SafeCom upgrade scenarios
Modify or drop db_owner database role on the This is used when removing /
a publication. publication database at the exchanging the SafeCom
Publisher or sysadmin server role Master Server. This is used in
on the Publisher. SafeCom upgrade scenarios
Modify or drop db_owner database role on the This is used when removing
a subscription publication database at the or adding a SafeCom slave
at the Publisher or sysadmin server role server from the Master
Publisher. on the Publisher. server. This is used in
SafeCom upgrade scenarios
Modify or drop db_owner database role on the This is only performed on
a subscription subscription database at the SafeCom slave server, when
at the Subscriber or sysadmin server changing tracking settings
Subscriber. role on the Subscriber. and when removing or adding
the Slave server to Master
server. This is used in
SafeCom upgrade scenarios
Mark a Push subscription: db_owner This is only used in
subscription database role in the publication maintenance or
for database at the Publisher or troubleshooting mode on
reinitialization. sysadmin server role on the both the SafeCom slave and
Publisher. master servers,
Pull subscription: db_owner i.e. SafeCom repairs
database role in the subscription replication which is done
database at the Subscriber or through SafeCom
sysadmin server role on the administrator GUI.
Subscriber.

D10909-11 30
4 SafeCom Databases

Maintenance Membership SafeCom

task requirement server usage
View replmonitor database role on This is used by SafeCom
replication the distribution database at the Server, but only in
activity, Distributor or sysadmin server maintenance or in
errors, and role on the Distributor. troubleshooting exercises,
history using which is done through i.e.
Replication SQL Studio Manager.
Monitor. A user
cannot modify
agent profiles,
schedules, and
so on, unless
the user is a
member of the
sysadmin
server role.
Maintain db_owner database role in the This is used in SafeCom
replication appropriate database or upgrade scenarios and by
agents. sysadmin server role on the SafeCom Server, but only in
appropriate server. maintenance or in
If the agent was created by a troubleshooting exercises,
user in the sysadmin role, and a which is done through i.e.
proxy account was not specified SQL Studio Manager.
for the agent, the agent runs
under the context of the SQL
Server Agent account. In this
case, a user in the db_owner
role cannot modify the job
associated with the agent.
Start or stop a Owner of the agent job or This is used by SafeCom
replication sysadmin server role on the Server, but only in
agent. appropriate server. maintenance or in
troubleshooting exercise,
which is done through i.e.
SQL Studio Manager.

4.5.5 Domain user

It is recommended to define a domain user on each server of the SafeCom
solution. The domain user is used to execute SQL scripts on the SafeCom
servers and must be a member of the local administrator group on each of the
servers.

D10909-11 31
4 SafeCom Databases

4.6 Database backup

Backup can be performed using Microsoft SQL Server Management Studio or
an SQL client tool that comes with the Microsoft SQL Server. Alternatively you
can use the Transact-SQL BACKUP DATABASE statement, and run the SQL
command line utility, osql.exe.

The SafeCom databases apply a full recovery model as opposed to a simple

recovery model. This may lead to large transaction logs if no scheduled backup
is put in place from the beginning. Performing a backup of the SQL master
server and the transaction log files is recommended to keep the size of the
transaction log files to a minimum. On the SafeCom slave servers a backup
should also be made in order to keep the transaction log files from growing.

Note: It is recommended to set up a scheduled, nightly, full backup with a

maintenance plan that shrinks the transaction logs accordingly.

The SafeCom distribution includes a command line utility scBackup to back up

the SafeCom databases. The scBackup can be integrated with a job-scheduler,
such as the Scheduled Task mechanism in Microsoft Windows. Please refer to
online help in Windows.

The SafeCom G4 Administrator’s Manual D60650 has additional information on

backup processes. And if the customer has purchased a SafeCom Disaster
Recovery license (2.3.3), they also have access to a number of scripts that are
used in the recovery process and that can be used for database backup.

4.7 Database restore

To successfully restore a database, the SafeCom server version must not change
from the time of the backup until the restore is performed. It is recommended
to restore all four databases. However, if the solution is not a Pay solution it
may be sufficient to restore the sccore (Job Server) database.

D10909-11 32
4 SafeCom Databases

4.8 SQL database mirroring

SafeCom Master
Principal
SQL Master
Mirror
SQL Master
SQL database mirroring
requires SQL Server
SQL Mirroring
2005 SP2 or later.
SQL SQL
Faster disaster recovery
is possible by mirroring
the SQL master server,
as no backed-up copies
S1
SafeCom Slave
S2
SafeCom Slave
S3
SafeCom Slave
would need to be
retrieved and restored.

DB DB DB

Figure 6 SQL database mirroring

D10909-11 33
5 Security

5 Security
5.1 Network and firewall
Network communication requires that no firewall is blocking the used TCP and
UDP ports. Refer to the Administrator’s Manual for the SafeCom product in
question.

5.2 Encryption
With SafeCom Encryption documents can be encrypted on the network; from
the moment the user clicks print on their computer and until the document is
collected at the device. This prevents anyone from reading the documents,
should they be intercepted on the network. Documents are always encrypted
when traveling from the SafeCom Pull Port to the SafeCom server and when
they are stored for later printing.

5.2.1 Prerequisites
 Encryption is included in the SafeCom license key code.
 The user has encryption enabled, that is, Encrypt documents is checked
on the Settings tab in the User properties dialog (in SafeCom
Administrator).
 The device has encryption enabled, that is, Encryption is checked on the
License tab in the Device properties dialog (in SafeCom Administrator).
 A local SafeCom Pull Printer is installed on the computer of the user
requiring encryption.
 The device is connected to the SafeCom Controller’s 2-port switch. On
devices with an internal SafeCom Go solution decryption is done inside
the device.

5.2.2 RSA versus AES

The SafeCom G4 server offers the following encryption options:

 RSA (512-bit, 1024-bit and 2048-bit)

Used to encrypt key exchange.

 AES (128-bit and 256-bit) or TwoFish (128-bit)

Used to encrypt data exchange.

The SafeCom G4 server uses RSA (512-bit) and TwoFish (128-bit) encryption
between the various components in the SafeCom solution and when storing
documents.

D10909-11 34
5 Security

RSA is a very slow encryption algorithm, but with RSA you can publish a public
key and therefore send the symmetric key encrypted with the public key. The
recipient can then decrypt it with his private key.

The AES and TwoFish algorithm are faster than RSA and are used to
encrypt/decrypt the bulk data more efficiently, even on limited hardware
processors like printers or SafeCom Controllers.

Refer to SafeCom G4 Administrator’s Manual D60650 for more information on

how to set up encryption.

5.2.3 Encryption of security sensitive fields

The SafeCom solution encrypts card numbers, PIN codes, PUK codes, and
SafeCom passwords in the sccore database. Encryption method is TwoFish 128-
bit. Users’ Windows passwords are NOT stored in the SafeCom database.

5.2.4 Device license and user encryption settings

The relation between device licenses and user encryption settings is described
in the table below.

No encryption of Encryption of
Device \ User
user’s documents user’s documents

No encryption by
No encryption No encryption
device

Encrypt and ignore

Encryption
No encryption High Speed Print if
by device
enabled.

D10909-11 35
5 Security

Workstation SafeCom G4 Server MS-SQL Server

SafeCom Database
Session keys
Key_1
Priv_1 Key_2
Pub_1 Key_3
Key_n
Connect Disk
encryption
Exchange Key key

Secure Connection

Job Server

Priv_2
Secure Connection

Pub_2
Exchange Key
Connect

Tracking Server

Connect
SafeCom Spool Priv_3
Exchange Key Pub_3
SafeCom Go
Secure Connection Decryption

Printed Output

Client Server Client

SafeCom G4 encryption

D10909-11 36
6 User accounts

6 User accounts
6.1 Built-in user accounts
The SafeCom solution features two built-in user accounts:

 ADMIN
Administrator account with the default password nimda.
 TECH
Technician account with the default password hcet, initial PUK code
12345678 and default PIN code 1234.

Once the SafeCom G4 server has been installed and successfully tested it is
recommended to:

 Create a new user with Administrator rights and if necessary a user with
Technician rights.
 Change the default password (nimda) for the built-in user account ADMIN.
 Change the default password (hcet) for the built-in user account TECH.
Check that the initial PUK code 12345678 is no longer present.

6.2 Administrator
Only users with administrator rights in the SafeCom Smart Printing solution can
access SafeCom Administrator. The users must supply their SafeCom password
to log in to SafeCom Administrator.

It is possible to individually configure the rights of different administrator

users. Administrators can have either full rights, limited rights or view-only
rights. The rights can further be individually configured for each of these items:
users, devices, servers, and reporting. Any changes are recorded in the event
log.

For more information on Administrator rights refer to SafeCom G4

Administrator’s Manual D60650.

6.3 Technician
A user with Technician rights can:

 Register device via card at the device.

 Register device with user name and password via the device web page or
controller web page.
 Configure port monitors with user name and password.

For more information on Technician rights refer to SafeCom G4 Administrator’s

Manual D60650.

D10909-11 37
7 Frequently asked questions

7 Frequently asked questions

7.1 Can we print from non-Windows solutions?
Yes, even though the SafeCom solution is a Windows-based printing solution, it
is possible to print from other systems, such as Apple, UNIX and mainframe. In
general this is done by defining an LPR/LPD printer that prints to the shared
SafeCom Pull or Push Printer on the Windows server.

If the user logon on Windows differs from the one on the other system, then
the user logon on the other system can be added as an alias for the user.

7.2 Can we integrate SafeCom with other business

systems?
In addition to being a modular solution, the SafeCom Smart Printing solution
also features a number of optional Application Programming Interfaces (APIs).

 SafeCom Administrator API (option) is an XML-based tool that makes it

possible to integrate your SafeCom Smart Printing solution with other
systems, manipulate multiple users in one go, and automate
administrative tasks.

 SafeCom Batch Print API (option) is an XML-based tool used to integrate

the SafeCom solution with other systems, such as document archiving
systems.

7.3 Audit of changes

Whenever users, devices, servers or charging schemes are added, modified or
deleted, the event log on the SafeCom master server records which special
rights user (Administrator, Technician or Cashier) logged in and performed such
tasks.

7.4 Reporting with SafeCom Reports

SafeCom Reports enables viewing of main tracking statistics, user statistics,
device statistics, client billing statistics and job list.

SafeCom Reports builds on Crystal Reports from SAP (acquired from Business
Objects in 2007). SafeCom Reports includes a number of predefined, but
parameterized reports. SafeCom can develop and supply additional reports
according to specification.

For more information on using SafeCom Reports refer to SafeCom Reports

Administrators Manual D60609.

D10909-11 38
8 Appendix A: Questions on service availability

8 Appendix A: Questions on service

availability
Use the below questions to identify what is understood in regards to service
availability. Refer to the section number in the column to the right for input to
a resolution.

No Question Ref.
Q1 If a user cannot use the MFP/printer he is normally using (8.1)
would it be ok for the user to use another MFP/printer during
the device downtime?

Q2 If a user cannot Pull Print would it be ok if as an alternative (8.2)

he could print directly to another printer during the server
downtime?

Q3 If a user needs to copy and scan at an MFP, but cannot log in (8.3)
at the MFP, would it be ok if the access control for these
functions would be disabled during the server downtime?

Q4 In a tracking solution would it be ok to allow a user to print (8.4)

and copy without being able to track the jobs during the
downtime of the tracking server?

Q5 What is the SLA for an MFP/printer if the problem is limited to (8.5)

that particular device?

Q6 What is the SLA for a centralized print solution if a single (8.6)

server is down and what is it if all servers are down?

8.1 Device availability with Pull Print

If a SafeCom-enabled device is out of toner or paper or otherwise broken, the
user can log in to another SafeCom-enabled device to collect his documents.
There is no need to return print the documents again to another printer.

The SafeCom-enabled device can reference multiple SafeCom servers and if the
first SafeCom server on the list is unavailable the device will try the next one.

D10909-11 39
8 Appendix A: Questions on service availability

8.2 Direct print as an alternative

To maintain availability of print service, perhaps on selected devices only,
direct print can be offered to users as an alternative. The print queues can use
the SafeCom Push Port, which by default will allow users to print even if it
cannot deliver tracking data to the server. The Standard TCP/IP port can also
be used instead of the SafeCom Push Port.

Both the SafeCom Pull Port and SafeCom Push Port can reference multiple
SafeCom servers and if the first SafeCom server on the list is unavailable it will
try the next one. This feature can be used to give extra availability when the
ports are installed on Print servers (2.4.4) or clients.

8.3 Disable access control on MFPs

In addition to applying the failover server concept (2.3.1) it is also possible on
selected MFPs to disable access control to allow users to copy and scan during
server downtime. The process for doing this is device dependent and should be
done using scripts if possible, so it can happen quickly when required.

8.4 Tracking server is down

Tracking users can be allowed to print and log in at devices even if it is not
possible to track the jobs produced by the user.

8.5 Device SLA

If a device requires SafeCom supplied hardware it is recommended to order
extra spares, to make replacements viable within the SLA.

8.6 Server SLA

If the SLA indicates that printing is mission critical it is a good idea to use
Microsoft Cluster Service (2.3.2) to further ensure printing service availability.

D10909-11 40
9 Appendix B: Support services

9 Appendix B: Support services

If requested by SafeCom support staff, trace facilities can be enabled on the
SafeCom server and devices.

9.1 Windows event log

Event log messages are written to the SafeCom event log database. However,
events can also be written to the Windows event log making it is possible to use
the Windows Event Viewer to view these and also to use Microsoft Operations
Manager (MOM) to monitor SafeCom event alert messages. The administrator
can receive service and error (event log) messages via e-mail.

D10909-11 41