KB Home | Mobility Print Pre-Installation Considerations
There are a number of different considerations which should be made when looking at implementing the PaperCut Mobility Print solution into your environment. By default the installation uses mDNS, which works straight out of the box. If however, your site is more complex, using multiple subnets, then you will need to consider using DNS-SD.
There are a few things that you should ensure you have looked at prior to commencing a DNS-SD configuration on your site. Some of these items are listed and explained briefly below:
1. Who will be using the mobility print solution? It is important to understand who the end clients will be, using the mobility solution. Is it restricted users, staff, internal users, members of the public, etc, and how can we identify them in PaperCut?
Understanding the end users will help you to determine what sort of experience, security and other provisions may be required when providing a complete solution to the customer.
2. What are the “search domains” for your site? When we setup Mobility print, we will need to understand the search domains required. If using DNS-SD each search domain to be used will require DNS entries to allow the printers to be discovered. A search domain is the domain in which the client’s’ device exists. For example, a University may have several different search domains in the form of:
3. Do you have any firewalls or VLANs on the network, and what are they in place for? Firewalls and VLANs are used to restrict and control the flow of traffic on a network. Ports will be required to be opened on Firewalls and VLANs to allow end users to be able to communicate with the DNS and Mobility Print servers. Therefore, it is important to understand if a site has Firewalls or VLANs in place and what restrictions have been imposed to limit or allow communications. This may determine where a mobility print server can be installed on a network.
For example, a site where the printers are in their own VLAN with a Firewall implemented between the backend servers and the rest of the network. Access has been allowed for all VLANs to connect to the Printer VLAN, but this is the only VLAN in which all other VLANs could connect.
Ports to the servers via the Firewall has been severely restricted, allowing limited access. Therefore, in this scenario the Mobility print server would need to be installed into the Printer VLAN, as if it was stored in the server VLAN, users would be unable to access it.
Further information on System Requirements, including network ports can be found here:
4. Are there multiple subnets and do you wish to limit printer access? Often with larger networks, multiple subnets have been configured to help with the management and flow of network communication. It is important to understand what subnets are being used, as these are required for DNS entries and can allow printer subnet filtering to be implemented. If you are not aware of the subnets configured and do not put reverse DNS lookups in all required subnets, then it is possible that iOS devices will be unable to locate printers. Subnet filtering can allow you to limit the printers displayed to users in a subnet. See more information here: (https://www.papercut.com/products/ng/mobility-print/manual/how-to-setup/step-2-configuration/advanced-configuration/restrict-printer-access-per-subnet/)
5. How will clients connect to the network? You may find that depending on the complexity of a site there may be multiple methods that are required for end users to connect and use the Mobility print service. Ensure that you have mapped out all the different scenarios on paper and received confirmation from the networking / server teams that you have identified and addressed all potential end user’s requirements.
This can help to solidify your options by ensuring that you have captured the needs, complexity and understanding of the proposed implementation.
6. Is it a NAT environment? Mobility print helps to solve the issue of clients behind NAT devices. Traditionally PaperCut would be unable to request an unauthenticated user for their credentials if they operated behind a NAT (as we would only see the NAT advertised IP address, not the actual client IP address). With Mobility Print we can overcome this issue, as authentication is conducted at the time of the print job. NAT environments can be very complex, as further networking rules may be required in these environments to allow communications.
We have some specific information around configuring a server behind a NAT here:
7. What are the Wi Fi configuration settings? Obtaining the details of the Wi Fi network settings upfront will aid in the understanding of the traffic flow. This will help to determine the best implementation plan to devise prior to installation. It is important to fully understand the Wi Fi configuration, as you need to ensure that clients connecting to the Wi Fi network will be able to resolve against the onsite DNS servers and have access to the VLAN in which the mobility print server is installed.
8. What DNS servers do the client devices use? If you are using DNS-SD it is important to ensure that the end clients will be directed to the DNS servers, where the Mobility Print DNS entries are located. If they are directed to use a different DNS service (such as google), then the mobility print server will be uncontactable, resulting in a failure to find the printers.
9. Who is responsible for printers/network/firewalls/DNS within the I.T Department? It is essential that you have the correct contacts within the company. In many larger companies, there are several different teams working within the I.T. Department. Ensure you have the correct staff contacts prior to starting an implementation. The last thing you need is to start to implement the solution, only to find out that the guy who can open the Firewall ports is currently on leave.