primos User Manual
Contents
1. v primos is defined as user with user name and password on a RADIUS server Start the primos Control Center Select SECURITY Authentication Select FAST from the Authentication method list From the list EAP root certificate choose the root CA certificate of the certification authority that has issued the certificate of the authentication server RADIUS Optional The certificate increases the security when establishing the connection The root CA certificate must have been installed in primos previously gt 2153 In the Anonymous name box enter the name for the unencrypted part of the EAP FAST authentication From the list Inner authentication choose the method intended to secure the com munication in the TLS channel From the FAST provisioning box choose the provisioning mechanism for PACs Enter the User name and Password that are used for the configuration of primos on PWN gt an M oo N 58 primos User Manual Security the RADIUS server 9 Install a WPA add on Optional 10 Click Save to confirm The settings are saved 59 primos User Manual Maintenance 7 Maintenance Various maintenance activities can be carried out for primos This chapter Cy gives a short overview What e How to Secure the Configuration Settings Backup gt 261 eee How to Reset primos to Its Default Settings Reset gt E61 e How to Perform an Update gt 263 e How to Restart primos gt2. L The settings are saved 5 7 Howto Maintain or Test a Printer via primos You can trigger certain actions for a queue i e printer Print test page Stop or restart printer If the printer is stopped print jobs are accepted but not printed As soon as the printer is started all print jobs that have accumulated meanwhile will be printed Reject or accept again all print jobs Delete all print jobs The actions help with testing and maintenance of the printer Examples Print a test page in order to check the printer connection or test a new driver v 1 Stop the printer if maintenance is briefly performed on the printer e g if toner is exchanged or paper added As soon as you restart the printer all print jobs that have accumulated meanwhile will be printed If a long downtime of the printer is foreseeable e g for repairs all print jobs should be rejected This way print jobs will not accumulate in the queue if they cannot be printed If a printer error causes a long downtime and many print jobs have accumulated in the queue which are not to be printed after the error has been fixed delete all print jobs This way you will not waste resources and the printer will not be occupied with printing for a long time A queue has been created on primos gt B22 Start the primos Control Center 33 primos User Manual Secure AirPrint Requirements Print Select PRINTING Queues Select the desired queue
3. Manufacturer and Contact SEH Computertechnik GmbH Phone 49 0 521 94226 29 Suedring 11 Fax 49 0 521 94226 99 33647 Bielefeld Support 49 0 521 94226 44 ching youremartphones Germany Email info seh de Web http www seh de Document Type User Manual Title primos Version 1 1 Legal Notices SEH Computertechnik GmbH has endeavored to ensure that the information in this documentation is correct If you detect any inaccuracies please inform us at the address indicated above SEH Computertechnik GmbH will not accept any liability for any error or omission The information in this manual is subject to change without notification All rights are reserved Copying other reproduction or translation without the prior written consent from SEH Computertechnik GmbH is prohibited 2015 SEH Computertechnik GmbH All trademarks registered trademarks logos and product names are property of their respective owners Contents A G n ral MMTOEMATION ssc sesicsisvcnisacissesasncdsncsiaccisavasnsnnissincaniuavarenanesnansvivinssssseelsesenisinaeaieineeiaenes 1 Mey Ea EEE E S cetstcetsatascedsqucucren AA E TAE 2 12 Documentatii sessnsaasastecescessustnsassatnscsadustusissws caxsoavuscssestevsssinasausancncvacvosuastenasainicuncvupetet san E Ea Eai 3 TS SUPPO AMG SEVICE iE E EA EE E A EE 5 E E S LES A A A iva ea N aa asa ade 6 lS First Ste pSeonsiinennin ia a EER A ONR E E AE E EEA E 6 L6 Find IP address Of prirm0 cssssssss
4. The port access control is activated until the device is restarted 7 Check the port access and configurability of primos gt WON anu Note If primos can no longer be reached using the primos Control Center restart the device gt 64 8 Clear Test mode 9 Click Save to confirm The settings are saved The port access control is active Access to the ports is restricted 48 primos User Manual What are Certificates Benefits and Purpose Which Certificates are available What Do You Want to Do Security 6 6 Howto Use Certificates Correctly primos has its own certificate management This section explains how certificates are used and when the use of certificates is recommended Certificates can be used in TCP IP based networks to encrypt data and to authenticate communication partners Certificates are electronic messages containing a key public key and a signature The use of certificates allows for various security mechanisms Use certificates in primos to check the identity of primos in the network gt E55 to authenticate the client if the connection to the primos Control Center is protected via HTTPS SSL TLS gt 244 to encrypt print data IPPS and Secure AirPrint gt 34 Both self signed certificates and CA certificates can be used with primos The following certificates can be distinguished Upon delivery a certificate the so called default certificate is stored in
5. 2164 e How to Shut Down primos gt 64 e How to Use the Service Function gt 2164 60 primos User Manual What Do You Want to Do Maintenance 7 1 Howto Secure the Configuration Settings Backup You can save the configuration settings including drivers and certificates as backup copy on your local client This allows you to get back to a stable configuration status at any time Afterwards the backup file can be loaded onto a primos The configuration settings in the file will then be taken over by the device O Saving a Backup gt 2161 O Loading a Backup onto a primos gt 2161 Saving a Backup 1 Start the primos Control Center 2 Select MAINTENANCE Backup 3 Click Save The backup file is saved to your client Loading a Backup onto a primos Start the primos Control Center Select MAINTENANCE Backup Click Browse Specify the primos backup file Click Install The configuration settings in the backup file will then be taken over by primos mM BWN gt 7 2 Howto Reset primos to Its Default Settings Reset You can reset primos to its default settings factory settings All previously configured settings will be deleted in this process Note If you do a reset the IP address of primos may change and the connection to the primos Control Center may be terminated You must reset the configuration settings for example if you have changed the location
6. Select SECURITY Authentication Select TTLS from the Authentication method list From the list EAP root certificate choose the root CA certificate of the certification authority that has issued the certificate of the authentication server RADIUS Optional The certificate increases the security when establishing the connection The root CA certificate must have been installed in primos previously gt 2153 5 Inthe Anonymous name box enter the name for the unencrypted part of the EAP TTLS authentication 6 From the list Inner authentication choose the method intended to secure the com munication in the TLS channel 7 Enter the User name and Password that are used for the configuration of primos on the RADIUS server 8 Install a WPA add on Optional 9 Click Save to confirm The settings are saved a Na 56 primos User Manual Benefits and Purpose Mode of Operation Requirements Security Configuring PEAP The PEAP Protected Extensible Authentication Protocol validates the identity of devices or users before they gain access to network resources You can configure primos for the PEAP network authentication This makes sure that primos gets access to protected networks In the case of PEAP an encrypted TLS Transport Layer Security channel is established between the print server and the RADIUS server as is the case for EAP TTLS see gt 2156 Only the RADIUS server authenticates itself to prim
7. of primos and thus want to use it in a different network Before this change of location you should reset primos to the default settings to install primos in another network 61 primos User Manual What Do You Want to Do Maintenance Note By means of the reset button of the device you can reset the configuration settings without entering the password O Resetting the Configuration Settings via the primos Control Center gt 262 O Resetting the Configuration Settings via the Reset Button 262 Resetting the Configuration Settings via the primos Control Center 1 Start the primos Control Center 2 Select MAINTENANCE Default settings 3 Click Default settings L gt The configuration settings are reset Resetting the Configuration Settings via the Reset Button LEDs various ports and the reset button can be found on primos These components are described in the Quick Installation Guide Using the reset button you can reset the primos the configuration settings to their default setting The reset process can be divided into two phases e During phase 1 primos is forced into the reset mode During the reset mode the configuration settings are reset e The second phase describes the restart of the device Warning AAA IMPORTANT The reset mode is indicated by the status and activity LED blinking alternatingly Afterwards both LEDs blink synchronously At this moment you must release the rese
8. queue for short for the respective printer in primos What Is a Queue Queues are used to communicate with printers and transmit print jobs The prints jobs are collected in the queue and processed one after another This way several persons can share a printer without conflict Note Up to 10 queues can be created in primos How to Create a There are 3 possibilities to create queues in primos Queue Smart Printer Setup Starts a search for network printers Subsequently up to 10 queues will be created automatically Expert Printer Setup Starts a search for network printers You will then get a list of printers found and queue proposals for those printers You can edit those and create up to 10 queues Knowledge of printer settings required Manually create a queue If you create a queue manually you need to configure all settings for one single queue When you are doing this the network is searched for printers in the background You either choose the printer for which you want to create the queue from the list of search results or define a printer connection manually This method of creating a queue is especially suited for when you only want to create a single queue or create a queue for a specific printer Note The Smart Printer Setup is only available if no queues are created in primos What Do You O Using the Smart Printer Setup gt 423 Sanio uoi O Using the Expert Printer Setup gt 23 O Creat
9. FAST 58 MD5 54 PEAP 57 TLS 55 TTLS 56 Encryption Level 43 Print data 34 Ethernet address 67 F Factory settings 61 Firmware 63 G Gateway 13 66 Glossary 66 H Hardware address 67 Host name 67 HTTP 44 HTTPS 44 l IEEE 802 1X 54 Improper Use 6 Intended Use 6 IP address 7 67 dynamic 13 primos User Manual IPv4 13 IPv6 14 static 13 J Job History Filter 29 Job history 29 L LDAP 17 List Allow 35 Deny 35 Logging 64 M MAC address 67 Maintenance 60 Mode of operation 2 N Network segment 37 0 Operational readiness 6 P Password 69 PPD 31 Prefix 30 primos 2 Shutdown 64 Switching off 64 primos Control Center 9 67 Default user profile 9 Logout 11 Security 9 Start 9 Structure 10 Print 21 36 Across subnets 37 Print authorization 35 Print center 36 73 Appendix Print Jobs 29 Print jobs Accept 33 Delete 33 Reject 33 Print queue See Queue Print settings 33 Printer Action 33 Name 30 Start 33 Stop 33 Protection 42 Purpose 2 Q Queue 21 22 Access 35 Delete 27 28 Edit 27 Manage 27 R RADIUS Remote Authentication Dial In User Service 54 Requirements 3 Reset 61 Button 62 Restart 64 S Safety regulations 6 Search domain 37 Secure AirPrint 34 Security 6 42 SEH primos App 12 67 Installation 12 Mode of operation 12 Start 12 Service 5 Service function primos User Manual Appendix SSH access 64 Service functions 64 Service file 64
10. IP addresses of the master servers enter in the field IP Address the IPv4 address of primos Windows server 2012 validates your input If the validation is successful a green check mark appears and you can click OK Click OK to confirm L gt The conditional forwarder is saved 38 primos User Manual Preparation Configuration Example Print Configuring the primos Subdomain as Search Domain on iOS Devices Automatically The primos subdomain can be defined as search domain automatically on all iOS devices using your DHCP server In order to do so the primos subdomain is entered on the DHCP server as option 119 As soon as an iOS sends a request to the DHCP server it will automatically receive the primos subdomain as search domain in the answer The iOS device will save this information automatically As an example the configuration procedure on Windows Server 2012 is described On the DHCP server on Windows 2012 subdomain must be entered in coded form according to RFC 3397 As this coding is difficult the primos Control Center provides a coding tool If you enter your IPv4 DHCP range and primos subdomain it will give you the command line command which contains your primos subdomain and IPv4 DHCP range in coded form 1 Start the primos Control Center 2 Select MAINTENANCE Service 3 Inthe DHCP option 119 area enter your IPv4 DHCP range in the DHCP range box 4 Inthe DHCP option 119 area enter your primos subdomain i
11. Session timeout 45 Shutdown 64 SNTP 19 Software 63 SSH access 64 SSL TLS 43 Subdomain 37 Subnet mask 13 67 Support 5 Switching Off 64 T TCP Port Access Control 47 Test mode 47 Test page 33 Time of the device 19 Time server 19 Time zone 19 Troubleshooting 68 U Update 63 URI Uniform Resource Identifier 26 User authentication 35 User Profiles 45 User profiles Administrator 45 UTC Universal Time Coordinated 19 Ww Warnings 6 Web access 44 Wide Area AirPrint 37 74
12. Upload Lb All drivers contained in the package are saved in primos Download Driver v PAWNS One or more user defined drivers have been saved in primos Start the primos Control Center Select PRINTING Drivers In the Download delete drivers area select the desired driver s from the list Click Download selected drivers L The drivers are saved to your client in a compressed file Delete Driver Note Drivers that are assigned to a queue cannot be deleted v ee WN One or more user defined drivers have been saved in primos gt 31 gt 32 Start the primos Control Center Select PRINTING Drivers In the Download delete drivers area select the desired driver s from the list Click Delete selected drivers Ly The driver s are deleted 32 primos User Manual Benefits and Purpose Requirements Print 5 6 How to Configure Advanced Print Settings You can define advanced print settings These settings are to be defined for each queue individually and depend on printer and driver The default print settings are preset You can change individual settings and if necessary reset them by querying the printer for the default settings gt U Na Start the primos Control Center Select PRINTING Queues Select the desired queue by clicking the icon P In the Advanced print settings area configure the settings Which settings can be configured depends on printer model and driver
13. for security reasons if there is no user activity during the defined period The logged in user will be logged out and has to log in again For security reasons always logout of the primos Control Center after having configured settings gt B9 O Changing the Administrator Password gt 246 O Configuring Active Directory User Login gt 246 O Configuring the Session Timeout gt 246 45 primos User Manual Requirements Security Changing the Administrator Password wm RWN gt Start the primos Control Center Select SECURITY Device access Into the Password box enter a password Repeat the password Click Save to confirm L The setting will be saved Configuring Active Directory User Login v There is an Active Directory in your network Note The settings for the Active Directory user login are independent of the general Active Directory settings gt 417 PWN gt 8 Start the primos Control Center Select SECURITY Device access Tick Active Directory user login Into the Active Directory server box enter the IP address or host name of the Active Directory server The host name can only be used if a DNS server was configured beforehand Into the Active Directory suffix box enter the suffix preceded by Example Domain Into the Users having access to this device box enter the Active Directory users which are to log into the primos Control Center Enable optional
14. if a DNS server was configured beforehand 5 Select the code for your local time zone from the Time zone list 6 Click Save to confirm The settings are saved 20 primos User Manual What Information Do You Need Print 5 Print N This chapter explains how you set up primos for printing and how you configure enhanced settings for printing In order to print from iOS devices via primos you have to create a print queue for the respective printer in primos For each queue you then define numerous settings driver print protocol access control and much more In addition you can define general print options e How to Configure Printers on primos Creating Queues gt 822 How to Manage Queues gt 2127 e How to View the Job History gt 29 How to Define the Printer Name That Is Displayed on the iOS Devices gt 1230 How to Manage Drivers in primos gt 231 e How to Maintain or Test a Printer via primos gt 233 e How to Configure Advanced Print Settings gt 433 e How to Encrypt Print Data Transmission gt 34 e How to Control Who Can Print 835 e How to Print from iOS Devices SE e How to Print Across Subnets Wide Area AirPrint gt 37 m mgp Ww 0 21 primos User Manual Print 5 1 How to Configure Printers on primos Creating Queues In order to print from iOS devices via primos you have to create a print queue
15. information units If you want to print this documentation we recommend using the printer setting Duplex or Booklet The explanation of technical terms used in this document is summarized in a glossary The glossary provides a quick overview of technical matters and background information gt B66 primos User Manual General Information Symbols and A variety of symbols are used within this document Their meaning is listed in the Conventions following table Warning A warning contains important information that must be heeded Non Warning observance may lead to malfunctions Note A notice contains information that should be heeded Note 1 Mark Numbers guide you through instructions L Confirmation v Requirements The arrow confirms the consequence of an action Hooks mark requirements that must be met before you can begin the action O Option A square marks procedures and options that you can choose Eye catchers mark lists This sign indicates the summary of a chapter gt The arrow marks a reference to a page within this document In the PDF file you can jump to this page by clicking the symbol The light bulb signals tips wW Bold Established terms of buttons or menu items for example are set in bold Courier Command lines are set in Courier font Proper names Proper names are put in inverted commas primos User Manual General Information 1 3 Support And Service Contact SEH Computertechni
16. installed Active jobs Printers rejecting jobs Copyright 2015 SEH Computertechnik GmbH Figure 2 primos Control Center 10 primos User Manual Logout Administration Methods You can choose your language by clicking the relevant flag The available menu items are located in the navigation bar top After selecting a menu item simple mouse click the available submenu items are displayed at the left After selecting a submenu item the corresponding page with its content is displayed at the right The manufacturer s contact details and additional information regarding the product are displayed under Product amp Company The Sitemap provides an overview of and direct access to all pages of the primos Control Center All other menu items refer to the configuration of primos They are described in the Online Help of the primos Control Center To start the Online Help click the icon For security reasons always logout of the primos Control Center after having configured settings 1 Click Logout The login page appears You have successfully logged out 11 primos User Manual Administration Methods 2 2 Administration via SEH primos App The SEH primos App has been developed by SEH Computertechnik GmbH for the administration of primos devices Mode of After the SEH primos App is started the network will be scanned for connected primos Operation devices The network range to be scanned is freely definable
17. is faulty This may happen in the case of an incorrect software update for example primos signalizes the BIOS mode if the activity LED blinks regularly Warning ARAB AAA primos is not operational in the BIOS mode If a primos is in the BIOS mode the device will be marked accordingly in the SEH primos App with an indicator To switch primos from BIOS to normal mode you have to first assign a temporary IP address to primos and then load software onto it After the software update primos switches to normal mode and will be assigned a new permanent IP address 1 Start the SEH primos App 2 Mark primos in the list 3 Select Actions Define IP address from the menu bar The Set IP Address dialog appears 4 Define the IP address subnet mask and gateway 5 Click OK to confirm primos has a temporary IP address 6 Download the current software file from the SEH Computertechnik GmbH website http www seh technology com services downloads download mobility solutions primos html 68 primos User Manual Appendix 7 Select Actions Load software software from the menu bar The dialog Load software appears 8 Specify the primos software file 9 Click Load The software update is executed This may take a few minutes 10 Confirm the success notification by clicking OK primos assigns itself a new IP address automatically and is displayed in the SEH pri mos App under this address primos assigns itself a new I
18. primos It is recommended that you replace the default certificate by a self signed certificate or a requested certificate as soon as possible Self signed certificates have a digital signature that has been created by primos A requested certificate is created by a certification authority CA for primos on the basis of a certificate request CA certificates are certificates that have been issued for a certification authority CA They are used for verifying certificates that have been issued by the respective certification authority The following certificates can be installed at the same time in primos 1 Self signed certificate 1 client certificate i e 1 requested certificate OR 1 PKCS 12 certificate 1to 32 CA certificates All certificates can be deleted separately O 0000 Displaying Certificates gt 50 Creating a Self Signed Certificate gt 250 Creating a Certificate Request for a Requested Certificate gt 51 Installing a Requested Certificate in primos gt 252 Installing a PKCS 12 Certificate in primos gt 252 49 primos User Manual Requirements Security O Installing a CA Certificate in primos gt 253 O Deleting Certificates gt 53 Displaying Certificates Certificates installed in primos and certificate requests can be displayed and viewed v Acertificate is installed in primos 1 Start the primos Control Center 2 Select SECURITY Certifi
19. primos comes with a driver management You can up or download one or more drivers When downloading the drivers are combined into a compressed file This file can then be loaded into another primos If the driver is no longer required it can be deleted Note Only user defined drivers can be managed The drivers that come with primos cannot be managed in the driver management After you have loaded a driver onto primos you can assign it to a queue This can be done when creating a queue or later on when editing a queue e How to Configure Printers on primos Creating Queues gt 22 e Edit Queue 9 527 Note Drivers loaded onto primos appear in the driver selection box under the filter Uploaded Load Driver into primos gt 31 Loading a Driver Package into primos gt 232 Download Driver gt 232 Oo Oo Oo O Delete Driver gt 232 Load Driver into primos v The driver must be in PPD format The PPD must not contain code compiled or binary parts 1 Start the primos Control Center 2 Select PRINTING Drivers 3 Click Browse 31 primos User Manual 4 5 Print Specify the driver Click Upload L gt The driver is saved in primos Loading a Driver Package into primos v See NS The driver package has been previously downloaded from a primos gt 432 Start the primos Control Center Select PRINTING Drivers Click Browse Specify the driver package Click
20. 22 e check the IP address assigned via ZeroConf gt B7 e announce its Bonjour services Bonjour is always active in primos You can configure the name that primos uses to announce its Bonjour services By default primos advertises under the name primos ICxxxxxx wherein ICxxxxxx is the default name gt 266 1 Start the primos Control Center 2 Select NETWORK Bonjour 3 Configure the Bonjour name 16 primos User Manual What Do You Want to Do Requirements Network Settings 4 Click Save to confirm The setting will be saved 3 5 Howto Configure Directory Services You can embed primos into a directory service Via the directory service user data is managed centrally and can be provided to primos You can use this to control who can print 9235 Note Settings for the Active Directory user login gt 245 are made independent of the settings for embedding primos into Active Directory described in this chapter primos supports the following directory service e Active Directory LDAP O Embedding primos into an Active Directory gt 17 O Embedding primos into an LDAP directory gt 18 Embedding primos into an Active Directory primos is embedded into an Active Directory by making it member of a domain v ADNS server is configured in primos gt 16 v primos was entered with a type A resource record IPv4 address of the host on the DNS server used v Atime server is configured
21. All primos devices found will be displayed in a list All devices found can be selected and administrated Installation In order to use the SEH primos App the program must be installed on a computer with a Windows or Mac OS X operating system Different installation files are available depending on the operating system System Windows 7 Windows 8 Windows 10 requirements OS X 10 7 x 10 11 x The installation can only be carried out by users with administrative rights 1 Download the SEH primos App for your operating system from the SEH Computer technik GmbH website http www seh technology com services downloads download mobility solutions primos html 2 Install the SEH primos App on your client The SEH primos App is installed on your client IE Start You can identify the SEH primos App by its icon Ae The SEH primos App can be started with the usual mechanisms of your operating system 12 primos User Manual What Information Do You Need Network Settings 3 Network Settings You can define various settings for an ideal integration of primos into a network This chapter describes which network settings are supported mg 13 14 e How to Configure IPv4 Parameters gt mg How to Configure IPv6 Parameters gt e How to Configure the DNS 91216 e How to Configure Bonjour 816 e How to Configure Directory Services gt 17 3 1 How to Configure
22. IPv4 Parameters You can define various IPv4 parameters for an ideal integration of primos into a TCP IP network By default the IP address is assigned dynamically to primos via DHCP However you can manually assign a static IP address to primos Start the primos Control Center Select NETWORK IPv4 Configure the IPv4 parameters table 1 gt 213 4 Click Save to confirm The settings are saved WN gt Table 1 IP parameters Parameters Description DHCP Enables disables the DHCP protocol TCP IP parameters can be assigned automatically to primos via DHCP Static Enables disables the manual assignment of static TCP IP parameters for primos Define the IP address subnet mask and gateway IP address Defines a manually assigned IPv4 address for primos Subnet mask Defines a manually assigned subnet mask for primos Gateway Defines a manually assigned gateway address for primos 13 primos User Manual What Are the Advantages of IPv6 What is the Structure of an IPv6 Address Which Types of IPv6 Addresses Are Available Network Settings 3 2 How to Configure IPv6 Parameters You can integrate primos into an IPv6 network IPv6 Internet Protocol version 6 is the successor of the more common IPv4 Both protocols are standards for the network layer of the OSI model and regulate the addressing and routing of data packets via a network The introduction of IPv6 has many benefits e IPv6 increases the IP add
23. LS network authentication This makes sure that primos gets access to protected networks EAP TLS describes a certificate based authentication method via a RADIUS server For this purpose certificates are exchanged between primos and the RADIUS server An encrypted TLS connection between primos and the RADIUS server is established in this process Both RADIUS server and primos need a valid digital certificate signed by a CA The RADIUS server and primos must validate the certificate After the mutual authentication was successful the access to the network will be freed Since each device needs a certificate a PKI Public Key Infrastructure must be available User passwords are not necessary If you want to use the EAP TLS authentication you must observe the instructions below in the indicated order If this procedure is not adhered to primos may not be addressable in the network In this case you have to reset the configuration settings of primos gt 161 e Create a certificate request in primos gt 51 e Create a certificate using the certificate request and the authentication server Install the requested certificate in primos gt 452 e Install the root CA certificate of the certification authority that has issued the certificate of the authentication server RADIUS in primos gt 253 e Enable the authentication method EAP TLS in primos Start the primos Control Center Select SECURITY Authentication Select TLS from
24. P address automatically and is displayed in the SEH primos App under this address If necessary refresh the SEH primos App list A connection to the primos Control Center cannot be established Eliminate possible error sources First of all check the cabling connections the primos IP address 187 and the proxy settings of your browser If you still cannot establish any connection the following safety mechanisms might be the cause O The access is protected via SSL TLS HTTPS gt 44 O The TCP port access control is enabled gt 547 O The cipher suites of the encryption level are not supported by the browser gt 843 O primos is in the BIOS mode gt 268 The password is no longer available The access to the primos is controlled by means of user accounts You will need a user name and a password to get access gt 144 If the password is no longer available you can reset the primos configuration settings to their default settings in order to get access to the primos Control Center gt 261 Previous settings will be deleted 69 primos User Manual Appendix The printer does not print In order to print from iOS devices via primos you have to create a print queue for the respective printer in primos For each queue you then define numerous settings driver print protocol access control and much more Check O all queue settings gt 27 Pay special attention to the printer driver chosen O all print setti
25. P authentication methods in order to authenticate itself in a protected network O Configuring EAP MD5 gt 1254 Configuring EAP TLS gt 255 Configuring EAP TTLS gt 256 Configuring PEAP gt 57 Configuring EAP FAST gt 258 O O m O Configuring EAP MD5 EAP MD5 validates the identity of devices or users before they gain access to network resources You can configure primos for the EAP MD5 network authentication This makes sure that primos gets access to protected networks EAP MD5 describes a user based authentication method via a RADIUS server primos must be defined as user with user name and password on a RADIUS server The authentication method EAP MD5 must then be enabled in primos and the user name and password need to be entered 54 primos User Manual Requirements Benefits and Purpose Mode of Operation Procedure Security v primos is defined as user with user name and password on a RADIUS server Start the primos Control Center Select SECURITY Authentication Select MD5 from the Authentication method list Enter the User name and Password that are used for the configuration of primos on the RADIUS server 5 Click Save to confirm The settings are saved no aie ae Configuring EAP TLS EAP TLS Transport Layer Security validates the identity of devices or users before they gain access to network resources You can configure primos for the EAP T
26. Print 9834 The encryption strength and thus the safety of the connection is defined via the encryption level Each encryption level is a collection of so called cipher suites A cipher suite is a standardized sequence of four cryptographic algorithms that are used to establish a secure connection Depending on their cipher strength in bit cipher suites are grouped to form an encryption level Which cipher suites are supported by primos i e are part of an encryption level depends on the SSL TLS protocol used When establishing a secure connection a list of supported cipher suites is sent to the communicating party A cipher suite is agreed upon that will be used later on The strongest cipher suite that is supported by both parties will be used by default If there is no cipher suite that is supported by both parties no SSL TLS connection will be established Warning _RAR i The communicating parties of primos e g browser must support the cipher suites of the selected encryption level in order to successfully establish a connection When problems occur select a different level or reset the primos configuration settings gt 61 The following encryption levels can be selected e Compatible Cipher suites with an encryption of 40 to 256 bit are used e Low Only cipher suites with a low encryption of 56 bit are used Fast connection e Medium Only cipher suites with an encryption of 128 bit are used e High Only ciphe
27. SSL TLS connection start with https Start the primos Control Center Select SECURITY Device access In the Connection area tick HTTP HTTPS or HTTPS only Click Save to confirm The setting will be saved eae eas 44 primos User Manual Administrator Directory service Session timeout Logout What Do You Want to Do Security 6 3 Howto Manage User Profiles Access Control The access to the primos is controlled by means of user accounts You will need a user name and a password to get access to the program Note When logging in the password is transmitted in plain text We recommend to encrypt the connection to the primos Control Center HTTPS 1244 By default the administrator user profile is configured User name admin Password admin The password for the administrator user profile can be modified the user name is unchangeable Note Change the default password as soon as possible You can embed primos into an Active Directory so that users defined in the Active Directory can log into primos The users defined can then authenticate themselves with their Active Directory user name and password to gain access to the primos Control Center Note Only system administrators should have access to the primos Control Center because this is where security related settings can be configured With the session timeout you can define that the connection to the primos Control Center is terminated
28. also be found via Bonjour primos is advertised under the name primos ICxxxxxx wherein ICxxxxxx is the default name gt 2166 All devices with iOS and OS X support Bonjour natively On devices with other operating systems such as Windows the Bonjour service must be installed manually primos User Manual What Information Do You Need What Is the primos Control Center Security Starting the primos Control Center Administration Methods 2 Administration Methods You can administer and configure primos in a number of ways The following chapter gives you an overview of the various administration options You will get information on when to use these methods and which functions these methods support e Administration via the primos Control Center gt B9 e Administration via SEH primos App gt 212 2 1 Administration via the primos Control Center primos can be configured and monitored via the primos Control Center The primos Control Center is stored in primos and can be displayed by means of a browser software Internet Explorer Mozilla Firefox Safari The access to the primos Control Center is protected gt 45 The default user profile is Username admin Password admin Note Change the default password as soon as possible gt 45 For further information on user profiles see gt 245 You can open the primos Control Center directly in the browser or via the SEH primos App O
29. ary to validate their certificates For this the root CA certificates of the certification authorities that have issued the certificates of said communicating parties are installed in primos Up to 32 CA certificates can be installed Thus multi level public key infrastructures PKIs are supported Example primos offers a number of authentication methods to verify its identity in a network If you use the authentication method EAP TLS gt 255 you must install the root CA certificate of the certification authority that has issued the certificate of the authentication server RADIUS in primos v The certificate must be in base64 format Start the primos Control Center Select SECURITY Certificates Click CA certificate Click Browse Specify the CA certificate Click Install L The CA certificate is installed in primos ae al Deleting Certificates Wa rning ae _ Do not delete the certificate CA self signed PKCS 12 if only HTTPS is defined as the permitted connection type for the web access to the primos Control Center If the corresponding certificate is deleted the primos Control Center can no longer be reached In this case you have to reset the configuration settings of primos gt 61 v Acertificate is installed in primos Start the primos Control Center Select SECURITY Certificates Select the certificate to be deleted via the icon Q The certificate is displayed Click Delete L The c
30. as been created on primos gt 4122 SSS Start the primos Control Center Select PRINTING Queues Select the desired queue by clicking the icon L Tick User authentication Decide on the restriction Access for all users All users defined in the directory can print after entering their user name and password Restricted access Print permissions are defined via a list 6 In case you have chosen restricted access choose the Type of list Allow list Only users on the list can print Deny list Users on the list cannot print All other users can print Into the Add users groups to list box then enter the desired users and groups and A Ns 35 primos User Manual Requirements Print confirm with Add Please note the conventions for entering users and groups The convention for entering users and groups depends on the directory service into which primos is embedded Active Directory DOMAIN User name and DOMAIN Group LDAP User respectively group Several users are to be separated by comma 7 Click Save to confirm The settings are saved 5 10 How to Print from iOS Devices Simply and flexibly print content such as documents and pictures from iOS devices iPhone iPad and so on To do so print jobs are sent from iOS apps with AirPrint support to primos via your network primos forwards the print job to the printer for printing Note If the print permissions have been restricted 135 a
31. ast addresses have the prefixes 2 or 3 Anycast addresses are assigned to more than one interface This means that a data packet that is sent to this address will arrive at various devices The syntax of anycast 14 primos User Manual Network Settings addresses is the same as the one of unicast addresses The difference is that anycast addresses choose one interface out of many e Apacket that is dedicated to an anycast address arrives at the nearest interface in line with the router metrics Anycast addresses are only used by routers e Multicast addresses allow you to send data packets to different interfaces at the same time without a proportional increase of the bandwidth A multicast address can be recognized by the prefix ff 1 Start the primos Control Center 2 Select NETWORK IPv6 3 Configure the IPv6 parameters table 2 gt H115 4 Click Save to confirm The settings are saved Table 2 IPv6 parameters Parameters Description IPv6 Enables disables the IPv6 functionality of primos Automatic configuration Enables disables the automatic assignment of the IPv6 address for primos IPv6 address Defines a manually assigned IPv6 unicast address in the n n n n n n n n format for primos Every n represents the hexadecimal value of one of the eight 16 bit elements of the address Router Defines the IPv6 unicast address of the router primos sends its Router Solicitations RS to this router P
32. bet This way you can ensure that the printers made available via primos appear at the beginning of the printing dialog on the iOS devices and the name of the Example You are using the default AirPrint identifier air department in which the printer is located 00000 Pietra dle S 12 03 Back Printer air Human_Resources_printer Kyocera FS 2000D air Marketing_printer ewlett Packard HP Color LaserJet MFP M680 air Sales_printer ewlett Packard HP LaserJet 500 color M551 air Support_printer EPSON WF 5690 Series Figure 3 Printer name in the printing dialog on the iOS device Start the primos Control Center Select PRINTING Settings Into the AirPrint identifier box enter a freely definable ID Click Save to confirm The setting will be saved Pw NS 30 primos User Manual PPD Driver Management Assign Drivers What Do You Want to Do Print 5 5 Howto Manage Drivers in primos In primos a suitable printer driver must be installed and assigned to the queue A big number of printer drivers for the most common printer models is alread installed in primos In case that the driver required for your printer is not available you can load and manage drivers on primos primos uses printer drivers in PPD PostScript Printer Description format PPDs are text files that describe printer properties Please ask your printer manufacturer for a PPD suitable for your printer
33. by clicking the icon F In the Device area select the desired printer action from the Action list Click Save to confirm The printer action is triggered new yN 5 8 How to Encrypt Print Data Transmission The print data is sent from the iOS device via primos to the printer The print data stream can be divided into two ways e Print data is sent from the iOS device to primos By default print data is transmitted unencrypted Die transmission can be encrypted by using Secure AirPrint See below e The print data is sent from primos to the printer The connection type that has been specified for the queue defines the protocol which is used to send the print data from primos to the printer Depending on the protocol chosen the print data is send with or without encryption See gt 22 You can encrypt the print data transmission from the iOS device to primos by using an SSL TLS encryption method The cipher strength is defined via the encryption level E143 The encryption is to be defined for each queue separately v A queue has been created on primos gt 222 v Acertificate has been installed on primos gt 249 Start the primos Control Center Select PRINTING Queues Select the desired queue by clicking the icon oO Tick clear Secure AirPrint Click Save to confirm The setting will be saved Oe WN eS Note To completely encrypt the print data transmission we recommend to encrypt the transmission fr
34. cates 3 Select the certificate via the icon Q L gt The certificate is displayed Creating a Self Signed Certificate Note If a self signed certificate has already been created in primos you must first delete the certificate gt B53 Start the primos Control Center Select SECURITY Certificates Click Self signed certificate an Enter the relevant parameters table 10 gt 50 Click Create Install The certificate will be created and installed This may take a few minutes mM BWN gt Table 10 Parameters for the Creation of Certificates Parameters Description Common name Is used to clearly identify the certificate It is advisable to use the IP address or the host name of primos to allow a clear assignment of the certificate to primos You can enter a maximum of 64 characters Email address Specifies an email address You can enter a maximum of 40 characters Optional entry Organization name Specifies the company that uses primos You can enter a maximum of 64 characters Organizational unit Specifies the department or subsection of a company You can enter a maximum of 64 characters Optional entry 50 primos User Manual Parameters Location State name Domain component Country Expires on RSA key length Security Description Specifies the locality where the company is based You can enter a maximum of 64 characters Specifies the state in which the company is based Yo
35. cccsscssssessssccsscssssscsccsscssssees 60 7 1 How to Secure the Configuration Settings BaACKUP ssscsscsssscsecsseesseesseecsesesseecsscsssecessecssssesseesseesnes 61 7 2 How to Reset primos to Its Default Settings Reset sssssssssssssesessssseseseseseeeesenesesssssesnsessrsreeseeeeeeseeesee 61 7 3 How to Perform an Update e sssssssssssssssssesssesesssrorerereeeererenenssssssssssesesesrsrererererereesenenenesssesestsesererereeeeeeesesenes 63 7 4 Howto Restart Prim uu essssssseeseessscsssssesecscesecssenscneessssecsesuscsssuseuecarensesnensssneseesucessesessuecsesuecsesusesseseeneesrensess 64 7 5 HOW to Sh t DOWN PriiMOS secs ccccsscascscescdecsccessesacesadscsccousecdecontcasseacasatoenc0bsacodusnsgandechagetduens sbcausesdocausacelgnncbeeaudeants 64 7 6 How to Use the Service FUNCtION ccsssecsssssssesssscsseecsscsssecsssessscsesscessccssccsnscessccsnccessecsnccssecesscsasecssccesceesaeesaes 64 8 ADDON oo csscssiscisecesss casedscsocsscesdsesssccscsssssssssseseecestsessesceesasecsesdeaseosssisesdescoaesscasesissscesesesedcowesosseses 66 e MLSS AI ascasi sate gnte catch aushcak eva cpbanb A A 66 8 22 TUBS SOONG m sssaaa iiinn aa aa EAEN RETIN EEs 68 BB VND E E EE EE AE cacesssnasbvsesesitostessbedetosees doce 72 primos User Manual What Information Do You Need 1 e General Information General Information This chapter contains information concerning the device and the device properly pri
36. ces available in your network Start the primos Control Center Select DEVICE Description Enter freely definable names for Host name Description and Contact person Click Save to confirm L gt The descriptions are saved RWN gt 4 2 How to Configure the Device Time You can control the device time of primos via a time server SNTP server in the network A time server synchronizes the time of devices within a network primos needs the device time to join directory services 15117 and to provide the print jobs in the job history 429 with time stamps amongst other things primos uses UTC Universal Time Coordinated as a basis UTC is a reference time and used as a time standard The time received by the time server does not necessarily correspond to your local time zone Deviations from your location and the resulting time difference including country specific particularities such as Daylight Saving Time can be handled by means of the Time zone parameter Note Time servers can be assigned automatically via DHCP A time server assigned via DHCP always takes priority over a manually defined time server 19 primos User Manual Device Settings Requirements Vv Atime server is integrated into the network 1 Start the primos Control Center 2 Select NETWORK Date Time 3 Tick Date Time 4 Into the Time server box enter the IP address or the host name of the time server The host name can only be used
37. cscssececess 19 4 1 How to Determine a Description 0 ssesssssessseeneeseeneesseneessecseeuccnseseenscsscsssenecusesecssescenseseesueeseescenseseensesnenes 19 4 2 How to Configure the Device THING isarciersnrsscssssnrcisivincrnncimnmancinienstereiinaiaiiiclandaiiecnmuamansids 19 A E T E E T TEE R E E T E T T 21 5 1 How to Configure Printers on primos Creating Queues sssssssssseserseseseseseeseessesesssesssssssesrsrorererereeree 22 52 HOWTO Manage QUEUES issasisscsiscsnascenssncs ctussssn anssssuaysasesneaiacersecgeosusssniadesseiennspiensqassiocas ddan sensteaisnassosnenendedagensnisis 27 5 3 How to View the Job History cdshaaeeecaicrerai cra iennis een nneaeanadncanniiannananmamunsa 29 5 4 How to Define the Printer Name That Is Displayed on the iOS Devices sssssssssrsssssssssrsssssssesrseee 30 5 5 How to Manage Drivers in PritM0S ssssssessesssssssessseesssessscsessssssseesessscsssssneesnseseesssesnsesssseessessnesseenssseneeseess 31 5 6 How to Configure Advanced Print SettingS s ssssssssssesssssssssesssssssestsessusnsssestesensussseeesensnsestoteeessnsstorneest 33 5 7 How to Maintain or Test a Printer via priMOS sssssssssessssssssssesessssessesessssssseesesssssnsesesssssnerersssssseesrssssssseseee 33 5 8 How to Encrypt Print Data Transmission ssssssssssssssscsessssessseseesssssssessssssensssssssnsessosssssneesnesseensssssesnsese 34 5 9 How to Control Who Can Print cessesssssscsssssssecstecsnecs
38. ct your Wi Fi from the list The Wi Fi settings are displayed 40 primos User Manual Print 4 Select the option Search Domains The keyboard appears 5 Add the primos subdomain Several search domains are to be separated comma 6 Let the key board fade out The primos subdomain has been configured as search domain on the iOS device The iOS device will search for and find printers in the primos subdomain 41 primos User Manual Security 6 Security N A number of security mechanisms are available to ensure optimum security for primos This chapter describes how to make use of these security mechanisms What e How to Define the Encryption Level for SSL TLS Connections gt 243 Information Do You Need How to Control the Access to the primos Control Center gt 544 e How to Manage User Profiles Access Control gt 2145 e How to Protect primos from Cross Site Scripting gt 47 e How to Control the Access to primos TCP Port Access Control gt 247 How to Use Certificates Correctly gt 49 e How to Use Authentication Methods gt 254 42 primos User Manual Encryption Level Cipher Suite Establishing Connections Security 6 1 How to Define the Encryption Level for SSL TLS Connections The following connections in primos can be encrypted via SSL TLS e Web access to the primos Control Center HTTPS gt 244 e print data transmission IPPS and Secure Air
39. ctive Directory Embedding primos into an LDAP directory Vv ADNS server is configured in primos gt 16 v primos was entered with a type A resource record IPv4 address of the host on the DNS server used v A time server is configured in primos gt 19 Start the primos Control Center Select NETWORK Directory services Configure the LDAP parameters table 5 gt 818 4 Click Save to confirm primos is embedded into the LDAP directory wh gt Table 5 LDAP parameters Parameters Description LDAP Enables disables the embedding of primos into an existing LDAP directory service LDAP server Defines the LDAP server via the IP address or the host name The host name can only be used if a DNS server was configured beforehand Base DN Defines the base DN distinguished name The base DN defines the starting point in the directory for the downwards search of users Domain components are to be separated by commas example dc mydomain dc com 18 primos User Manual What Information Do You Need Benefits and Purpose UTC Time Zone Device Settings 4 Device Settings You configure descriptions and the device time for primos This chapter describes these device settings e How to Determine a Description gt 19 e How to Configure the Device Time gt 1219 4 1 Howto Determine a Description You can assign freely definable descriptions to primos This gives you a better overview of the devi
40. e Function primos offer service functions These functions help the SEH support during troubleshooting Contact details can be found in the chapter Support And Service gt 55 The service file is a compressed file which contains diagnostic information In case of error save this file to you local client and send it to the SEH Support together with your request e g via email Per default only some information is stored in the service file If logging is enabled much more detailed information will be logged The SEH support can perform a more detailed error analysis with this information The Secure Shell SSH network protocol can be used to access primos remotely for support purposes If the remote access is required you will be asked by the SEH support to activate this function The SEH support will guide you through all measures necessary After all support action has been taken deactivate the SSH access 64 primos User Manual What Do You Want to Do Maintenance O Enable Logging gt 265 O Saving a Service File gt 65 O Configuring the SSH Access gt 65 Enable Logging Note Only activate this option after consultation with the SEH support team 1 Start the primos Control Center 2 Select MAINTENANCE Service 3 In the Logging area click Enable logging Logging is enabled Saving a Service File 1 Start the primos Control Center 2 Select MAINTENANCE Service 3 Inthe Ser
41. e that a DNS server is configured in primos and that primos can access it gt 16 Wide Area AirPrint does not work Check if O the desired printer is being published via wide Area AirPrint gt 37 O the primos subdomain is configured as search domain on the iOS devices Configuring the primos Subdomain as Search Domain on iOS Devices Automati cally gt 439 Configuring the primos Subdomain as Search Domain on iOS Devices Manually gt 240 O the conditional forwarder has been implemented correctly on the DNS server Requests which contain the primos subdomain must be forwarded to primos gt 38 71 primos User Manual 8 3 Index A Access control 45 Active Directory 17 45 User login 46 Administration 9 Administrator 45 AirPrint Identifier 30 Authentication Device 54 User 35 B Backup 61 Backup copy 61 BIOS mode 68 Bonjour 16 Name 16 C Certificate CA 49 Default 49 Requested 49 Selfsigned 49 Certificates 49 Management 49 Cipher Suite 43 Conditional forwarder 37 Configuration settings 61 Cross site scripting XSS 47 D Default name 66 Default settings 61 Description 19 Device settings 19 DHCP 13 Directory service 17 35 Active Directory 17 LDAP 17 72 Appendix DNS Domain Name Service 16 DNS server 38 Documentation 3 Downloads 5 Driver Delete 31 Download 31 Upload 31 User defined 31 Driver management 31 E EAP Extensible Authentication Protocol 54
42. ed released by SEH Computertechnik GmbH Check the installed software and firmware version in primos You will find the version number in the primos Control Center or in the list of the SEH primos App Where Do I Find Current firmware and software files can be downloaded from the homepage of SEH the Update Files Computertechnik GmbH http www seh technology com services downloads download mobility solutions primos html Note Every update file has its own readme file Take note of the information contained in the readme file 1 Start the primos Control Center 63 primos User Manual Service file Logging SSH Access Maintenance Select MAINTENANCE Update Click Browse Select the update file Click Install The update is executed This may take a few minutes Afterwards primos will restart wR WN 7 4 Howto Restart primos primos will restart automatically after an update If primos is in an undefined state it can also be rebooted manually 1 Start the primos Control Center 2 Select MAINTENANCE Restart 3 Click Restart primos is restarted 7 5 Howto Shut Down primos You can shut down primos e g over the weekend Shut down primos before you interrupt the power supply In doing so undefined states and data loss are avoided 1 Start the primos Control Center 2 Select MAINTENANCE Shutdown 3 Click Shutdown primos is shut down 7 6 Howto Use the Servic
43. ertificate is deleted Pw YS 53 primos User Manual What is IEEE 802 1X What is EAP What is RADIUS What Do You Want to Do Benefits and Purpose Mode of Operation Security 6 7 Howto Use Authentication Methods By means of authentication a network can be protected against unauthorized access primos can participate in various authentication procedures This section describes which procedures are supported and how these procedures are configured in primos The IEEE 802 1X standard provides a basic structure for various authentication and key management protocols IEEE 802 1X allows you to control the access to networks Before users gain access to a network via a network device they must authenticate themselves in the network After the authentication was successful the access to the network will be freed The standard IEEE 802 1X is based upon the EAP Extensible Authentication Protocol EAP is a universal protocol for many authentication procedures EAP allows for a standardized authentication procedure between the network device and an authentication server RADIUS First you must define the authentication procedure TLS PEAP TTLS etc to be used and configure it on all network devices involved RADIUS Remote Authentication Dial In User Service is an authentication and account management system that validates user login information and grants access to the desired resources primos supports various EA
44. es in an IP network TCP IP network protocols require the storing of the IP address in primos so that the device can be addressed within the network primos is shipped without IP address After primos has been connected to the network it receives an IP address via DHCP If this is not the case primos seeks a ZeroConf IP address from the ZeroConf address range 169 254 0 0 16 You can change the IP address settings later on 13 14 e How to Configure IPv4 Parameters gt e How to Configure IPv6 Parameters gt im mg The primos IP address can be determined using the SEH primos App System Requirements of the SEH primos App Windows 7 Windows 8 Windows 10 OS X 10 7 x 10 11 x The installation can only be carried out by users with administrative rights v primos is connected to your network see Quick Installation Guide 1 Write down the hardware address of you primos You can find the hardware address in the type plate at the bottom of primos 2 Download the SEH primos App for your operating system from the SEH Computer technik GmbH website http www seh technology com services downloads download mobility solutions primos html 3 Install the SEH primos App on your client 4 Start the SEH primos App All primos devices found in the network are displayed 5 Find your primos using the hardware address primos User Manual General Information Note The IP address can
45. escription Description Freely definable description of the queue You can enter a maximum of 50 ASCII characters Connection Defines the connection to a printer in the form of a device URI uniform resource identifier IPP IPPS In IPP Internet Printing Protocol the print data is transmitted via HTTP to the printer The connection between primos and the printer can be encrypted via SSL TLS IPPS Standard port IPP 631 Standard port IPPS 443 HISS A address or host name of the printer gt lt port number gt ipp ipp lt IP address or host name of the printer gt ipp ipps lt IP address or host name of the printer gt lt port number gt ipp ipps lt IP address or host name of the printer gt ipp LPR LPD protocol In Line Printer Daemon printing the print data is sent to the IP address of the printer by means of an LPD queue lpd lt IP address or host name of the printer gt lt queue gt Socket printing Jetdirect printing The data is transferred to the TCP IP port via a raw socket connection Standard port 9100 socket lt IP address or host name of the printer gt lt port number gt Make Defines the printer manufacturer Via make and model the printer driver is defined 27 primos User Manual Print Parameters Description Model Defines the printer model Via model and make the printer driver is defined Upload driver PPD Loads a printer driver onto primos and assigns it to the queue f the
46. eters Parameters Description Name Freely definable queue name The queue name and the AirPrint identifier 230 together make up the printer name that is displayed in the printer dialog of the iOS devices Up to 50 ASCII characters except for spaces slashes quotation marks and the pound sign can be entered The queue name cannot be changed afterwards Description Freely definable description of the queue You can enter a maximum of 50 ASCII characters Select Printer Defines the printer The list shows printers automatically discovered in the network You may also define a printer connection manually Connection Connection type Defines the printing protocol IPP socket and so on for the printer selected from the list You can only select printing protocol which the printer chosen supports 25 primos User Manual Print Parameters Description Connection Defines the connection to a printer in the form of a device URI uniform resource identifier IPP IPPS In IPP Internet Printing Protocol the print data is transmitted via HTTP to the printer The connection between primos and the printer can be encrypted via SSL TLS IPPS Standard port IPP 631 Standard port IPPS 443 ipp lt IP address or host name of the printer gt lt port number gt ipp ipp lt IP address or host name of the printer gt ipp ipps lt IP address or host name of the printer gt lt port number gt ipp ipps lt IP address o
47. etwork elements defined as exceptions Please note This also applies to iOS devices If the TCP port access control is enabled you can only print from iOS devices which have been defined as exceptions In order to exclude network elements e g iOS devices clients DNS server SNTP server from port locking they must be defined as exceptions To do so the IP addresses or MAC addresses hardware addresses of the network elements with access rights must be entered in the Exceptions area Please note MAC addresses are not delivered through routers Address ranges can be defined using CIDR notation printers for which a queue has been created in primos are automatically excluded from port locking The test mode allows you to check the configured access protection If the test mode is activated access protection remains active until primos is rebooted After restarting the protection is no longer effective The test mode option is activated by default After a successful test you must deactivate the test mode so that access protection remains permanently active 47 primos User Manual Security Start the primos Control Center Select SECURITY TCP port access Tick Port access control In the Exceptions area define the network elements which are excluded from port locking Enter the IP or MAC addresses and tick the options Make sure that the test mode is enabled Click Save to confirm The settings are saved
48. ficate has been received it must be saved in the device gt 452 51 primos User Manual Requirements Requirements Security Installing a Requested Certificate in primos v A certificate request has been created at an earlier date 9251 v The certificate must be in base64 format Note If a PKCS 12 certificate has already been installed in primos you must first delete the certificate gt 53 Start the primos Control Center Select SECURITY Certificates Click Requested certificate Click Browse Specify the requested certificate Click Install L gt The requested certificate is installed in primos AMP WN gt Installing a PKCS 12 Certificate in primos PKCS 12 certificates are used to save private keys and their respective certificates and to protect them by means of a password Note If a PKCS 12 or a requested certificate has already been installed in primos you must first delete the certificate gt B53 v The certificate must be in base64 format Start the primos Control Center Select SECURITY Certificates Click PKCS 12 certificate Click Browse Enter the PKCS 12 certificate Enter the password Click Install L gt The PKCS 12 certificate is installed in primos SO W No 52 primos User Manual Requirements Requirements Security Installing a CA Certificate in primos In order to check the identity of the network communicating parties of primos it is necess
49. gured in primos so that the date and time can be displayed correctly If no time server is configured the time stamp corresponds to the default time The print jobs displayed can be filtered alljobs completed jobs active jobs O Having a Look at the Job History 1229 O Filtering the Job History gt 29 Having a Look at the Job History 1 Start the primos Control Center 2 Select PRINTING Job history The job history is displayed Filtering the Job History 1 Start the primos Control Center 2 Select PRINTING Job history The job history is displayed 3 Click the filter button The job history entries are displayed according to the filter 29 primos User Manual Queue Name AirPrint Identifier Print 5 4 How to Define the Printer Name That Is Displayed on the iOS Devices In the print dialog on the iOS device the printer name is displayed according to the following make up lt AirPrint identifier gt lt queue name gt Both elements can be named according to your wishes The queue name is defined individually when the queue is created gt 22 and cannot be changed afterwards The AirPrint identifier is a prefix that marks printers made available via primos on iOS devices The AirPrint identifier is applied to all queues It can be changed at any time The default is air Chose an identifier that begins with a letter that from the beginning of the alpha
50. in primos gt 19 Start the primos Control Center Select NETWORK Directory services Configure the Active Directory parameters table 4 gt 417 4 Click Save to confirm primos is member of a domain and thus embedded into the Active Directory Woh Table 4 Active Directory parameters Parameters Description Active Directory Enables disables the embedding of primos into an existing Active Directory Active Directory name Defines the name of the Active Directory into which primos is embedded Enter the full name of the domain Fully Qualified Domain Name FQDN 17 primos User Manual Requirements Network Settings Parameters Description Workgroup Defines the name of the workgroup Enter the NetBIOS domain name Password server Defines the password server of the Active Directory via the IP address or the host name Optional The host name can only be used if a DNS server was configured beforehand WINS server Defines the WINS server of the Active Directory via the IP address or the host name A WINS server should be specified to allow the communication between participants of different network segments The host name can only be used if a DNS server was configured beforehand Administrator account Defines the name of the administrator account that was created for primos on the Domain Controller Password Password of the administrator account that was created for primos on the Domain Controller of the A
51. ing a Queue Manually 1225 22 primos User Manual Which Queues are Created Print Using the Smart Printer Setup If you open the primos Control Center START page and if no queues are created in primos e g when you install primos for the first time an automatic pop up that allows you to start the Smart Printer Setup appears Alternatively you can start the Smart Printer Setup manually In primos up to 10 queues are created automatically for printers If a USB printer is connected to the USB Port of primos a queue is created for this printer first of all No queue has been created in primos 1 Start the primos Control Center 2 Select PRINTING Printer Setup 3 Inthe Default settings for discovery results area define the default settings for creating queues on the basis of the discovery results 4 Click Smart Printer Setup L gt The Smart Printer Setup starts primos searches for network printers and automati cally creates queues for up to 10 printers found Then an overview of the queues cre ated is displayed Note Depending on the size of your network running the Smart Printer Setup may take a few minutes Note If a queue is marked with a yellow pencil icon check if the assigend manufacturer and model are correct Using the Expert Printer Setup v A maximum of 9 queues are created in primos 1 Start the primos Control Center 2 Select Printing Printer discovery 3 In the Default setti
52. k GmbH offers extensive support If you have any questions please contact our hotline Monday Thursday 8 00 a m 4 45 p m Friday 8 00 a m 15 15 p m J 49 0 521 94226 44 USA 1 610 943 3226 op support seh de http www seh de Downloads Downloads can be found on the SEH Computertechnik GmbH homepage http www seh technology com services downloads download mobility solutions primos html For primos you will find e current firmware software e current tools e current documentation e current product information product data sheets and much more primos User Manual Intended Use Improper Use Safety Regulations Warnings General Information 1 4 Your Safety Read and observe all safety regulations and warnings found in the documentation on the device and on the packaging This will avoid potential misuse and prevent damages to people and devices SEH Computertechnik GmbH will not accept any liability for personal injuries property damages and consequential damages resulting from the non observance of the mentioned safety regulations and warnings SEH Computertechnik GmbH will not accept any liability for loss of data property damages and consequential damages resulting from the non observance of the mentioned safety regulations and warnings primos is used in TCP IP networks and has been designed for use in office environments primos allows for printing from iOS devices on printers with o
53. lt name can be found in the primos Control Center Using a gateway you can address IP addresses from other networks If you want to use a gateway you can configure the relevant parameter via the primos Control Center gt 13 66 primos User Manual Hardware Address Host name IP Address Subnet Mask primos Control Center SEH primos App Appendix primos is addressable by means of its world wide unique hardware address This address is commonly referred to as the MAC or Ethernet address The manufacturer has defined this address in the hardware of the device The address consists of 12 hexadecimal numbers The first six numbers represent the manufacturer while the last six numbers identify the individual device The hardware address can be found on the housing or in the SEH primos App The use of separators within the hardware address depends on the platform Note the following conventions when entering the hardware address Operating system Representation Example Windows Hyphen 00 c0 eb 00 01 ff UNIX Colon or dot 00 c0 eb 00 01 ff respectively 00 c0 eb 00 01 ff The host name is an alias for an IP address The host name uniquely identifies primos in the network and makes it easier to remember The IP address is a unique address for every node in your network i e an IP address may appear only once in your local network The IP address must be saved in primos to make sure that it can be addressed within the netw
54. ly the encryption of the Active Directory connection Recommended Click Save to confirm The settings are saved Configuring the Session Timeout A W D a Start the primos Control Center Select SECURITY Device access Tick Session Timeout Into the Session duration box enter the time in Minutes after which the timeout is to be effective L The setting will be saved 46 primos User Manual What is Cross Site Scripting TCP Port Access Control Exceptions Test Mode Security 6 4 How to Protect primos from Cross Site Scripting Cross site scripting XSS is a form of attack which uses a security vulnerability in websites By default the user input entered on a website is submitted to the browser An attacker may use this to transmit malicious code e g scripts The objective is e g to steal user data such as user profiles To prevent cross site scripting attacks values can be checked and only trusted values accepted 1 Start the primos Control Center 2 Select SECURITY Device access 3 In theCross Site Scripting XSS area enable disable Value check The setting will be saved 6 5 Howto Control the Access to primos TCP Port Access Control You can control the access to primos To do so all TCP ports on primos can be blocked Network elements that are to have permission to access primos can be defined as exceptions and excluded from locking primos only accepts data packets from n
55. mos gt 82 Documentation gt 83 Support And Service gt 25 Your Safety gt E16 First Steps gt B6 Find IP address of primos gt 87 documentation as well as notes about your safety You will learn how to benefit from your primos and how to operate the primos User Manual Purpose Mode of Operation General Information 1 1 primos primos is a mobile printing solution for printing content such as documents and graphics from iOS devices iPhone iPad etc Print jobs that go through primos stay in the network they are processed locally and do not get transferred via the Internet or cloud mechanisms Up to 10 printers can be made available for iOS devices with primos primos has mainly been developed for professional business use enterprise environments primos is connected to your network by cable The iOS devices are connected to this network via WLAN Print jobs are sent from iOS apps with AirPrint support to primos via your network primos forwards the print job to wired or wireless printers with or without AirPrint support for printing In doing so primos is manufacturer independent Optionally a USB printer can be connected to the USB port of primos and thus be AirPrint enabled primos Figure 1 Topology In addition primos enhances AirPrint with various features Wide Area AirPrint directory services support and much more primos User Manual Requirement
56. n gt 439 Start the command prompt The box Administrator Command Prompt appears Execute the command line commands created in preparation one after another Example netsh dhcp server V4 delete optiondef 119 Deletes a preconfigured option 119 if applicable netsh dhcp server V4 add optiondef 119 DNS Search Path BYTE 1 Activates option 119 netsh dhcp server V4 scope 10 168 0 0 set optionvalue 119 BYTE 06 70 72 69 6d 6f 73 08 6d 79 64 6f 6d 61 69 6e 03 63 6f 6d 00 Configures option 119 After each execution the successful execution of the command is confirmed The primos subdomain is created on the DHCP server as option 119 The DHCP server will automatically set up the primos subdomain as search domain on all iOS devices Check if the entry appears on the DHCP server In order to do so start the DHCP server and check if the entry appears under lt your domain gt IPv4 lt range gt Scope Options If necessary refresh the display Configuring the primos Subdomain as Search Domain on iOS Devices Manually You can enter the primos subdomain as search domain directly on your iOS device v v v In primos Wide Area AirPrint has been configured gt 238 A DNS server is operated in your network On your DNS server a conditional forwarder to the primos subdomain has been set up gt 238 On your iOS devices open the menu Settings Select Wi Fi The Wi Fi menu is displayed Sele
57. n the primos subdo main box L The Command box will show the command line commands Save the command line commands e g as text file or in the clipboard The Windows Server graphical user interfaces do not offer a user friendly configuration interface for the DHCP option 119 Therefore the configuration on Windows Server 2012 is described below using the command line To illustrate the configuration the following example is used Your primos subdomain is primos mydomain com Your IPv4 DHCP range is 10 168 0 0 Command line commands REM entered DHCP range is 10 168 0 0 REM entered primos subdomain is primos mydomain com netsh dhcp server V4 delete optiondef 119 netsh dhcp server V4 add optiondef 119 DNS Search Path BYTE 1 netsh dhcp server V4 scope 10 168 0 0 set optionvalue 119 BYTE 06 70 72 69 6d 6f 73 08 6d 79 64 6f 6d 61 69 6e 03 63 6f 6d 00 Note The first two lines are for information only Therefore they are labeled as comment with REM and thus excluded from execution 39 primos User Manual Requirements Requirements SSS LSA _ Print In primos Wide Area AirPrint has been configured gt 238 A DNS server is operated in your network On your DNS server a conditional forwarder to the primos subdomain has been set up gt 238 A DHCP server is operated in your network You are logged on to Windows Server 2012 as administrator You have the command line commands see Preparatio
58. nable Wide Area AirPrint on primos Configuring Wide Area AirPrint on primos gt 238 Define a subdomain for primos e g primos mydomain com Configure this subdomain on primos Configuring Wide Area AirPrint on primos gt 2138 Warning The primos subdomain must not end with local This domain is reserved for multicast Bonjour mDNS On primos define the printer which are to be used with Wide Area AirPrint Configuring Wide Area AirPrint on primos gt 238 Optionally you can deactivate the standard mechanism multicast for publishing printers in the network Printers will then only be made available via Wide Area AirPrint See Configuring Wide Area AirPrint on primos gt 38 On your DNS server configure a conditional forwarder Request which contain the primos subdomain must be forwarded to primos gt 438 Tell the iOS devices which are to use Wide Area AirPrint how to search for and find printers in the primos subdomain To do this the primos subdomain must be defined as search domain on the iOS devices You can either set this up manually or automatically on all iOS devices in the domain Configuring the primos Subdomain as Search Domain on iOS Devices Automati cally gt 39 Configuring the primos Subdomain as Search Domain on iOS Devices Manually gt E40 37 primos User Manual Requirements Requirements Print Configuring Wide Area AirP
59. nal 11 Click Save to confirm The settings are saved PAUN 57 primos User Manual Benefits and Purpose Mode of Operation Requirements Security Configuring EAP FAST EAP FAST Flexible Authentication via Secure Tunneling validates the identity of devices or users before they gain access to network resources You can configure primos for the EAP FAST network authentication This makes sure that primos gets access to protected networks EAP FAST uses as in the case of EAP TTLS 1256 a channel in order to protect the data transfer The main difference is that EAP FAST does not require certificates for authentication purposes The use of certificates is optional PACs Protected Access Credentials are used to build the channel PACs are credentials that comprise up to three components A shared secret key that contains the preshared key between primos and the RADIUS server An opaque part that is provided to primos and presented to the RADIUS server when primos wishes to obtain access to network resources e Other information that may be useful to the client Optional EAP FAST uses two methods to generate PACs e The manual delivery mechanism can be every mechanism that the administrator configures and considers to be safe for the network e In the case of the automatic delivery an encrypted channel is established in order to protect the authentication of primos as well as the delivery of the PACs
60. necessecsnccessecsnecsnsesssccssecenscsssessscessseessecsacceneeesseesneesseessnees 35 5 10 How to Print from iOS Devices s sssssssssssssssssssesrsesrsrsrseseseseeeessesessssssssssssesererorereeeereeeeeereessssssssse senest ststret seret 36 5 11 How to Print Across Subnets Wide Area AirPrint ccccccssscsscsscssessscssessesssscsssssssessessesssssssessessssssesseses 37 SOCUPIEY TTET T E A ATT 42 6 1 How to Define the Encryption Level for SSL TLS Connections sssssssssssssssssrssrssssssrsrsressssssesrersessssese 43 6 2 How to Control the Access to the primos Control Center sssssssssssssesessssrorsrerseseeesssesssssssssesesesrsrereree 44 6 3 How to Manage User Profiles Access Control sssssssssssesesesessesesesesssssssssesesssrororererersesesenenesssssssssesesesreret 45 6 4 How to Protect primos from Cross Site Scripting ssssessssesesesesseessssssssssssssesessserseseseeeeesessssssssssssesesesrrersesee 47 6 5 How to Control the Access to primos TCP Port Access CONtIOl sessssssssessecsssssssssssesssesssssssesneesneess 47 6 6 How to Use Certificates Correctly ssssssssssesessssesssesesssssseseeessssseseeeessusnsseoeessssnsesteeonessseoteeesessssesteteresssesreet 49 6 7 How to Use Authentication Method5s c csssssssecssssssscsssessscsssscsecsnessnecsssesssccsssccssessscseseessscseaseeaeeesneesneessnees 54 7 Maintenarnce cccccccccccscscsccscrcccccssscsccccceccsscsccccsscesscsscscsccsecessssc
61. ngs gt 33 O the printer for errors paper empty toner empty paper jam etc O ifthe certificates exist and if they are valid Only if the print data transmission is encrypted gt 49 The print out is flawed Check the printer driver chosen gt 27 m O the connection to the printer chosen gt 827 O the paper size chosen gt 27 O all print settings gt B33 O the printer for errors toner empty etc cannot find a suitable printer driver A big number of printer drivers for the most common printer models is alread installed in primos In case that the driver required for your printer is not available you can upload and manage drivers gt 231 The following options are available O You can ask your printer manufacturer for a PPD suitable for your printer O You can use a similar driver froma preceding or later model of your printer fora printer from a different manufacturer that is similar to your printer model Example The HP LaserJet4 driver can be used for common laser printers that sup port PCL 4 oder PostScript Level 2 primos cannot be embedded into a directory service O Inallofthe directory service a synchronized time must be set The primos device time must not differ from that of the directory service We recommend to use the same time server SNTP server for primos and the directory service Check the primos time server configuration gt 519 70 primos User Manual Appendix O Make sur
62. ngs for discovery results area define the default settings for creating queues on the basis of the discovery results You can change queues individually when editing the discovery results 4 Click Expert Printer Setup The printer discovery starts After the printer discovery has finished a list of the print ers found is displayed 23 primos User Manual Print Note Depending on the size of your network the printer discovery may take a few minutes 5 Define the queue settings for the desired printers table 6 gt B24 Use the checkbox in front of the printer to select one or more printers for which a queue is to be created You can filter the search results according result type only newly discovered print ers all printers and printer connection IPP socket etc Note Do not filter the discovery results after you already have defined settings Hidden queues will automatically be reset to their default values 6 Click Save all or Save selected The queues are created in primos Note Only after the queue has been created you can define enhanced settings for the queue See Edit Queue gt 27 Tabelle 6 Queue parameters Parameters Description Driver primos tries to assign correct printer drivers to the printers discovered in the network color mark following the printer name indicates if a suitable driver was found for the respective printer green a suitable driver was assigned green
63. om primos to printer using an IPPS connection gt 222 34 primos User Manual Mode of operation Print Requirements Print 5 9 Howto Control Who Can Print You can restrict the access to queues and therefore printing on the corresponding printer In order to do this you define print authorizations for individual queues The authentication of users is done via a directory service In a first step you can limit the access to users defined in a directory service only Only users defined in the directory service are allowed to print If a stricter limitation is desired you can limit users further with the help of a list in a second step There are two types of list e Allow list Only users on the list can print Deny list Users on the list cannot print All other users can print You can add users or user groups to the list For a large number of users we recommend to create groups in the directory service Groups are more easy to enter on primos than single users Queues with limited access are marked with the icon e on the iOS device Before printing a user name and corresponding password as defined in the directory service must be entered on the iOS device Note iOS devices store this information automatically the authentication must only be done when printing via this queue for the first time primos is embedded into a directory service gt 417 Users and or groups are defined in a directory service A queue h
64. ork With the help of the subnet mask large networks can be split up into subnetworks In this case the user IDs of the IP addresses are assigned to the various subnetworks By default primos is configured for the use without subnetworks If you want to use a subnetwork you can configure the relevant parameter via the primos Control Center gt 213 primos can be configured and monitored via the primos Control Center The TPG Control Center is stored in the TPG and can be displayed by means of a browser software Internet Explorer Mozilla Firefox Safari The SEH primos App has been developed by SEH Computertechnik GmbH for finding primos devices within a predefined network Furthermore the SEH primos App can be used to execute simple administrative tasks 67 primos User Manual Problem Solution Appendix 8 2 Troubleshooting This chapter describes some problems and their solutions e primos is in the BIOS mode gt i68 e Aconnection to the primos Control Center cannot be established gt 69 The password is no longer available 1269 e The printer does not print gt 2170 The print out is flawed gt 70 e I cannot find a suitable printer driver gt 170 primos cannot be embedded into a directory service 1270 e Wide Area AirPrint does not work 92171 primos is in the BIOS mode primos switches to the BIOS mode if the firmware functions well but the software
65. os using a certificate that was signed by a CA The TLS channel is then used to establish another connection that can be protected by means of additional EAP authentication methods e g MSCHAPv2 The advantage of this procedure is that only the RADIUS server needs a certificate Therefore no PKI is needed PEAP uses the advantages of TLS and supports various authentication methods including user passwords and one time passwords v primos is defined as user with user name and password on a RADIUS server Start the primos Control Center Select SECURITY Authentication Select PEAP from the Authentication method list From the list EAP root certificate choose the root CA certificate of the certification authority that has issued the certificate of the authentication server RADIUS Optional The certificate increases the security when establishing the connection The root CA certificate must have been installed in primos previously gt 2153 5 Inthe Anonymous name box enter the name for the unencrypted part of the PEAP authentication 6 From the list Inner authentication choose the method intended to secure the com munication in the TLS channel 7 From the list PEAP version choose the PEAP protocol version to be used 8 From the list PEAP label choose the PEAP label version to be used 9 Enter the User name and Password that are used for the configuration of primos on the RADIUS server 10 Install a WPA add on Optio
66. pen primos Control Center in Browser gt 210 Open primos Control Center via SEH primos App gt 10 Note If the primos Control Center is not displayed check the proxy settings of your browser primos User Manual Requirements Requirements Structure of the primos Control Center Administration Methods Open primos Control Center in Browser v primos is connected to the network and the mains voltage v primos has a valid IP address 1 Open your browser 2 Enter the IP address of primos as the URL L gt The primos Control Center is displayed in the browser Open primos Control Center via SEH primos App v primos is connected to the network and the mains voltage v primos has a valid IP address v Your primos is displayed in the SEH primos App 212 1 Inthe list double click on your primos Your standard browser opens and the primos Control Center is displayed seh primos Control Center 10 168 1 139 index_en php Le NETWORK PRINTING SECURITY MAINTENANCE primos Server Network Default name ICOF45E3 IP address 10 168 1 139 ICOF4SE3 Serial number 28020150300009 Subnet mask 255 255 254 0 i rae Host name ICOF45E3 Gateway 10 168 0 220 SS english Software 17 0 14 AirPrint identifier air E Deutsch Firmware 355 9 Description Contact person Date Time 2015 05 27 16 32 09 Status standalone Domain Directory services Printers Printers
67. pre installed printer drivers do not suffice you can load a suitable driver onto primos The driver must be in PPD format For further information see How to Manage Drivers in primos gt B31 Paper size Defines the paper size for printouts Action See How to Maintain or Test a Printer via primos gt B33 Secure AirPrint See How to Encrypt Print Data Transmission gt 834 User authentication See How to Control Who Can Print gt 2135 Access See How to Control Who Can Print gt 2135 Advanced print settings See How to Configure Advanced Print Settings gt B33 Delete Queue Note Deleted queues might appear on the iOS devices for some time after a queue has been deleted The iOS device will update its information over time so that the deleted queues will no longer appear Start the primos Control Center Select PRINTING Queues Click the symbol for the file to be deleted Confirm the security query L The queue will be deleted Pw NS 28 primos User Manual Filter What Do You Want to Do Print 5 3 Howto View the Job History The Job History displays information on the print jobs that have been processed by primos A maximum of 100 print jobs are displayed From the 101rd print job onwards the FIFO method first in first out is applied The recorded print jobs will be deleted when primos is reset Note A time server gt 19 must be confi
68. r host name of the printer gt ipp LPR LPD protocol In Line Printer Daemon printing the print data is sent to the IP address of the printer by means of an LPD queue lpd lt IP address or host name of the printer gt lt queue gt Socket printing Jetdirect printing The data is transferred to the TCP IP port via a raw socket connection Standard port 9100 socket lt IP address or host name GE the printer gt lt port number gt Alternatively you can choose a printer automatically discovered in the network from the list and select a connection type Paper size Defines the paper size for printouts Select driver Defines the printer driver Upload driver PPD Loads a printer driver onto primos and assigns it to the queue If the pre installed printer drivers do not suffice you can load a suitable driver onto primos The driver must be in PPD format For further information see gt 31 26 primos User Manual Print 5 2 Howto Manage Queues After you have created queues for your network printer in primos you can edit or delete those queues What Do You O Edit Queue gt 227 Want toiDo O Delete Queue gt 28 Edit Queue Start the primos Control Center Select PRINTING Queues Select the queue to be edited by clicking the icon a Configure the queue parameters table 8 gt B27 Click Save to confirm The settings are saved D ede aa Table 8 Edit queue parameters Parameters D
69. r suites with a strong encryption of 128 to 256 bit are used Slow connection Warning RA Do not use the encryption level Low if only HTTPS is defined as the permitted connection type for the web access to the primos Control Center 1 Start the primos Control Center 2 Select SECURITY SSL connections 43 primos User Manual Security 3 From the Encryption area select the desired encryption level 4 Click Save to confirm The setting will be saved Note Detailed information about the individual SSL TLS connection status e g supported cipher suites can be found on the Details page at SSL connection status Details 6 2 How to Control the Access to the primos Control Center The web access to the primos Control Center can be secured by selecting the permitted types of connection HTTP HTTPS If HTTPS is exclusively chosen as the connection type the administrative web access to the primos Control Center is protected by SSL TLS The cipher strength is defined via the encryption level gt 2343 Note When logging into the primos Control Center 145 the password is transmitted in plain text We recommend to only use the HTTPS connection SSL TLS requires a certificate to check the identity of primos During a so called handshake the client asks for a certificate via a browser This certificate must be accepted by the browser Please refer to the documentation of your browser software URLs that require an
70. r without AirPrint support All uses of the device that do not comply with the primos functionalities described in the documentation are regarded as improper uses It is not allowed to make modifications to the hardware and software or to try to repair the device Before starting the initial operation procedure of primos read and follow the safety regulations in the document Important Product Information This document is enclosed in the packaging in printed form Read and observe all warnings mentioned in this document Warnings are found before any instructions known to be dangerous They are presented as follows Warning Warning 1 5 First Steps This section provides all the information that you need for a fast operational readiness 1 Read and observe the security regulations in order to avoid damages to people and devices gt 26 2 Carry out the hardware installation The hardware installation comprises the connec tion of primos to the network and the mains supply see Quick Installation Guide 3 Find the IP address of primos see gt B17 4 Configure print queues on primos gt 22 L gt primos is now operational You can print from iOS devices gt 236 mo mg primos User Manual Why IP Addresses How Does primos Obtain its IP Address How Do I Find the IP Address Requirements General Information 1 6 Find IP address of primos An IP address is used to address network devic
71. refix length Defines the length of the subnet prefix for the IPv6 address The value 64 is preset Address ranges are indicated by prefixes The prefix length number of bits used is added to the IPv6 address and specified as a decimal number The decimal number is separated by 7 15 primos User Manual Network Settings 3 3 How to Configure the DNS DNS is a service that translates domain names into IP addresses Using DNS names can be assigned to IP addresses and vice versa With the help of DNS some settings can be made more easily input of host names instead of IP addresses when specifying servers Note If your network in configured accordingly primos receives the DNS settings automatically via DHCP Start the primos Control Center Select NETWORK DNS Configure the DNS parameters table 3 gt 5116 4 Click Save to confirm The settings are saved WN gt Table 3 DNS parameters Parameters Description Primary DNS server Defines the IP address of the primary DNS server Secondary DNS server Defines the IP address of the secondary DNS server The secondary DNS server is used if the primary DNS server is not available Domain name suffix Defines the domain name of an existing DNS server 3 4 Howto Configure Bonjour Bonjour allows the automatic recognition of computers devices and network services in TCP IP based networks primos uses Bonjour to e search for printers in the network gt 12
72. ress space from 232 IPv4 to 2128 IPv6 IP addresses Auto Configuration and Renumbering e Efficiency increase during routing due to reduced header information e Integrated services such as IPSec QoS Multicast e Mobile IP An IPv6 address consists of 128 bits The normal format of an IPv6 address is eight fields Each field contains four hexadecimal digits representing 16 bits Each field is separated by a colon Example fe80 0000 0000 0000 0000 10 1000 1a4 Leading zeros in a field can be omitted Example fe80 Oa vcs 0 O 10 1000 1a4 An IPv6 address may be entered or displayed using a shortened version when successive fields contain all zeros 0 In this case two colons are used However the use of two colons can be used only once in an address Example fe80 10 1000 1a4 As a URL in a Web browser an IPv6 address must be enclosed in brackets This prevents port numbers from being mistakenly regarded as part of an IPv6 address Example http 2001 608 af 1 100 443 Note The URL will only be accepted by browsers that support IPv6 There are different types of IPv6 addresses The prefixes of the IPv6 addresses provide information about the IPv6 address types e Unicast addresses can be routed globally These addresses are unique and therefore unambiguous A packet that is sent to a unicast address will only arrive to the interface that is assigned to this address Unic
73. rint on primos v v WN gt 4 A DNS server is operated in your network A DNS server is configured in primos gt 416 Start the primos Control Center Select PRINTING Settings Configure the Wide Area AirPrint parameters table 9 gt 1838 Click Save to confirm The settings are saved Table 9 Wide Area AirPrint parameters Parameters Description Wide Area AirPrint Enables disables Wide Area AirPrint primos subdomain Wide area AirPrint domain name for which a conditional forwarder to primos is configured on the DNS server Printers to be published via Defines the printers that can be used via wide Area AirPrint wide Area AirPrint Multicast publishing Enables disables the standard mechanism for publishing queues in the network via multicast If you deactivate this option printers will only be made available via Wide Area AirPrint Configuring a Conditional Forwarder on the DNS Server As an example the configuration procedure on Windows Server 2012 is described v v v N 5 In primos Wide Area AirPrint has been configured gt 838 A DNS server is operated in your network You are logged on to Windows Server 2012 as administrator Start the DNS Manager Rightclick on Conditional Forwarders and from the context menu choose New Conditional Forwarder The dialog New Conditional Forwarder appears In the DNS Domain box enter the primos subdomain In the area
74. s Structure of the Documentation Document Features Terminology Used in this Document General Information Network Wired TCP IP network LAN with wireless access point WLAN Supported iOS Devices primos supports all iOS devices with AirPrint support All iOS devices with iOS 4 2 or later come with AirPrint The iOS devices are connected to the wired network via WLAN Supported Printers Network printers wired or wireless which support at least one of the following printing protocols IPP IPP Secure LPD or Socket Printing JetDirect Printing 1 2 Documentation Information about the features of your product can be found in the data sheet of your primos The primos documentation consists of the following documents User Manual PDF Detailed description of the primos configuration and administration Quick Installation Guide Printed Information about hardware installation and the initial PDF operation procedure Important Product Information Printed Information about security regulatory compliance and PDF disposal Online Help HTML The Online Help contains detailed information about how to primos Control Center use the primosControl Center This documentation has been designed as an electronic document for screen use Many programs e g Adobe Reader offer a bookmark navigation feature that allows you to view the entire document structure This document contains hyperlinks to the associated
75. ssssssecsseessscsnsecsnecsnscsssecssesssscessesesscesscesuecsuscesuecsuscssnecsuscessescaseessessseeeseessueeeaessess 7 2 Administration Meth dS ss ississiesicsceniscsssieaiusscsissioutasvusivicansssaisciapisadexisetsiiesiveiaaluss eevatiesivennalessance 9 2 1 Administration via the primos Control Center csssssssssssessssssssecssscssseessecsnccesnecsuscsnscsssecssesesseesseesseeesseesee 9 2 2 Administration via SEH primos App sscesssssssscsssecssscssssssssssccssssessccssecsnecssscesnecsusessncesnecssecsssecssceaeesneesneesseess 12 3 Network Settings iicissscessccssscrscstssesnsecsssccatactssccnsucsaansoussssnssnasscscncsssadesdsnsaaddaasssandeasssanecsanebsdaseeasen 13 3 1 How to Configure IPv4 ParameterS ssssesssesssssssssseessssssestseeessssestoeosessssoseoesesessestotoeessnsseteeesensstoeeeesssssseeteees 13 3 2 How to Configure IPv6 Parameters siaiwdnsinscemninrmdiniandarmnianniararanhanadiannmiarniedasotin 14 3 3 How to Configure the DNS ssssessssessssssssseseessssssseseessssnsestoeeesssseotoessssnseoteeonsssnsesteosssssseoteesssssestetonesesseteeerese 16 3 4 How to Config re BON OUNwictianduistenasaniniiacutuaiauimiaautaaniicadnedineniannaumanadamuanasias 16 3 5 How to Configure Directory Services sssssssessssssesssesssssssrseesessssssroessssnsesteresensssstotesensunsteessssnestetneessnsstereeese 17 A Device Settings ccsccccsccccscccsscscrccceccsssscsscsccesscsscscsccsccscsnscscesccesscsssssscssccscesecesccsss
76. t button otherwise primos switches to the BIOS mode If this happens try the reset again Turn primos off interrupt the power supply Remove the network cable RJ 45 from primos Press and hold the reset button Turn primos on establish the power supply Wait until the status and activity LED blink synchronously The reset mode has been activated Release the reset button for 2 seconds at most WM RWN gt a 62 primos User Manual Maintenance The status and activity LED blink alternatingly 7 Press and hold the reset button again The LEDs blink synchronously 8 After a few seconds only the activity LED will blink Then release the reset button 9 Turn primos off interrupt the power supply 10 Connect the network cable RJ 45 to primos 11 Turn primos on establish the power supply The configuration settings are reset 7 3 How to Perform an Update You can carry out software and firmware updates on primos in order to benefit from currently developed features What Happens In the course of an update the old firmware software will be overwritten and replaced by sung he the new firmware software The original configuration settings including drivers and pdate certificates of the device remain unchanged When Is an An update should be undertaken if functions do not work properly and if a new software Update or firmware version with new functions printer driver updates or bug fixes has been Recommend
77. the Authentication method list From the list EAP root certificate select the root CA certificate Enter the password that is used for the configuration of primos on the RADIUS server Vie SN 55 primos User Manual Benefits and Purpose Mode of Operation Requirements Security 6 Click Save to confirm The settings are saved Configuring EAP TTLS EAP TTLS Tunneled Transport Layer Security validates the identity of devices or users before they gain access to network resources You can configure primos for the EAP TTLS network authentication This makes sure that primos gets access to protected networks EAP TTLS consists of two phases In phase 1 a TLS encrypted channel between primos and the RADIUS server will be established Only the RADIUS server authenticates itself to primos using a certificate that was signed by a CA This process is also referred to as outer authentication In phase 2 an additional authentication method is used for the communication within the TLS channel EAP defined methods and older methods CHAP PAP MS CHAP and MS CHAPv2 are supported This process is also referred to as inner authentication The advantage of this procedure is that only the RADIUS server needs a certificate Therefore no PKI is needed Moreover TTLS supports most authentication protocols v primos is defined as user with user name and password on a RADIUS server Start the primos Control Center
78. u can enter a maximum of 64 characters Optional entry Allows you to enter additional attributes Optional entry Specifies the country in which the company is based Enter the two digit country code according to ISO 3166 Examples DE Germany GB Great Britain US USA Specifies the date from which on the certificate becomes invalid Defines the length of the RSA key used 512 bit fast encryption and decryption 768 bit 1024 bit standard encryption and decryption 2048 bit slow encryption and decryption Creating a Certificate Request for a Requested Certificate As preparation for using a certificate which is issued by a certification authority for primos a certificate request can be created in the primos The request must be sent to the certification authority which creates an certificate on the basis of this request The certificate must be in base64 format Note If a certificate request has already been created in primos you must first delete the certificate request gt 253 v ewa Start the primos Control Center Select SECURITY Certificates Click Certificate request Enter the required parameters table 10 gt 2150 Click Create a request The creation of the certificate request is in progress This may take a few minutes 6 Select Upload and save the requests in a text file 7 Click OK 8 Send the text file as certificate request to a certification authority When the certi
79. user name and password are queried on the iOS device before printing iOS devices store this information automatically the authentication must only be done when printing via this queue for the first time NOU In primos a queue has been created for the printer gt 522 Your iOS device is connected to the network via WLAN Your iOS device supports AirPrint The app selected supports AirPrint On your iOS device open the app you want to print from Choose the content you want to print Open the print menu Tap Printer All available printers are displayed Printers made available by primos are per default tagged with AirPrint Identifier gt 230 From the list select the desired printer Define the print options e g the number of copies Tap Print L You content is printed While printing you can check the printing status in the Print Center on your iOS device To open the Print Center double click the Home button and tap Print Center 36 primos User Manual Procedure Print 5 11 How to Print Across Subnets Wide Area AirPrint AirPrint uses the Bonjour protocol gt 16 to find printers and make them available in the network However Bonjour is limited to local network segments You have to set up primos in such a way that searching for and finding printers is possible across network segments Then you can print from the entire network Follow the instructions below in the indicated order E
80. vice file area click Save The service file is saved to your client Send the service file to the SEH support v Configuring the SSH Access Note The SSH connection may only be established and used after consultation with the SEH support Using SSH for purposes other than that remote maintenance etc is forbidden Start the primos Control Center Select MAINTENANCE Service Tick clear SSH access Click Save to confirm The setting will be saved PUNS 65 primos User Manual What Information Do You Need What Information Do You Need Default Name Gateway Appendix 8 Appendix The appendix contains a glossary trouble shooting information and the index of this document O Glossary gt 266 O Troubleshooting gt 268 O Index gt 72 8 1 Glossary This glossary contains information about manufacturer specific software solutions and terms from the world of network technology Manufacturer Specific Software Solutions primos Control Center gt 67 SEH primos App gt 267 Network Technology Default Name gt B66 Gateway gt B66 e Hardware Address gt 2167 Host name gt 167 IP Address gt 2167 e Subnet Mask gt 267 The primos default name is made up of the two letters IC and the device number The device number consists of the last six numbers of its hardware address Example C0001 ff The defau
81. with check mark the driver has been assigned to this printer type once before by the administrator yellow a driver was assigned but it must be checked if it is suitable red no suitable driver was found If a incorrect or no driver was assigned a driver can be chosen and assigned to printers via the button Apply the driver chosen above Name Freely definable queue name The queue name and the AirPrint identifier together make up the printer name that is displayed in the printer dialog of the iOS devices Up to 50 ASCII characters except for spaces slashes quotation marks and the pound sign can be entered The queue name cannot be changed afterwards Description Freely definable description of the queue You can enter a maximum of 50 ASCII characters Connection type Defines the printing protocol IPP socket and so on 24 primos User Manual Print Parameters Description Upload driver PPD Loads a printer driver onto primos and assigns it to the queue If the pre installed printer drivers do not suffice you can load a suitable driver onto primos The driver must be in PPD format For further information see gt 31 Paper size Defines the paper size for printouts Creating a Queue Manually Start the primos Control Center Select Printing Create queue Configure the queue parameters table 7 gt 25 4 Click Create queue L The queue is created in primos Who Tabelle 7 Create queue param
Download Pdf Manuals
Related Search