PaperCut Pocket and Hive Deployment Scenarios
“PaperCut Pocket and PaperCut Hive are based on our innovative Edge Mesh technology that lends itself to a wide array of deployment options. The follow article is meant to be a guide for Administrators in describing small simple office implementations to complex, multi-facility business deployments with high security standards. The possibilities with Edge Mesh are many, and we’ll continue to evolve this article as more interesting scenarios unfold!”
- Small Business Office - 25 Employees, 5 SFP Devices
- Medium Size Business Office - 225 Employees in 3 Office Locations with 12 MFP’s
- Mid Size Energy Contractor Organization with high-security requirements - 350 Users in 2 Offices and 25 MFP’s
- Small Dental Practice Office - 3 Dentists and 3 Administrative Assistants with 1 MFP
Site Explanation/Business Needs
SMB’s in offices like this size are the largest sector of the economy. Their print management needs include print tracking and visibility of consumable usage on their single function and multifunction printers. The ability to allow in office and remote or flex workers the ability to submit jobs from any location and any network is desired. The Employees have a mix of Windows and macOS laptops and also need to submit print jobs from iOS or Android devices. Many companies of this size are moving to Cloud SaaS solutions for office productivity, CRM, Accounting, ERP and even specialized applications to reduce on-premise expenditures and prefer a serverless first strategy for any new application.
With business requirements for print tracking, consumables usage visibility, remote and mobile print job submission, PaperCut Pocket is a good fit here. The customer will not need to invest in any print infrastructure such as print or application servers and setup will be a breeze. PaperCut Pocket also extends to “work from home” users, allowing them to submit jobs and release them to their home remote printers with the same workflow as printing in the office. The PaperCut Cloud Node provides off-network print job submission for Windows, macOS, and Mobile devices. The Cloud Node also provides job replication for Work From Home users running Mac or Windows, allowing users to submit jobs at home and release them when they reach the office.
The PaperCut Pocket Job Log offers administrators the ability to report on printing across both the office and user’s work from home environments. And when the business is ready to take the next step, PaperCut Pocket offers a range of options to reduce print costs and environmental impact.
The PaperCut Pocket Mobile App provides a convenient way for employees to manage their print jobs, make any changes such as copies, duplex, and grayscale, and release to a printer of their choosing. The app can also offer users handy tips to reduce and improve their printing behavior, such as offering to convert the job to 2-sided.
In Figure 1, we illustrate the basic functions of PaperCut Pocket, from Printer Discovery to Cloud Print Job scenarios.
The Edge Mesh is essentially a group of Edge Nodes working together to create a resilient, auto-scaling print infrastructure. Edge Nodes are installed when users are invited to print to PaperCut Pocket. In Figure 1, we see the functionality of Edge Nodes working together in the office to create an Edge Mesh or on their own as Work from Home users. In either case, users can submit jobs from practically anywhere and release them when they are in the office later.
This company has taken the extra step to promote the receptionist’s PC to a Super Node. Super Nodes are promoted Edge Nodes elected by the PaperCut Pocket Admin to take the majority of the Edge Mesh workload. This can help a small office ensure reliable printing where the number of active Standard Nodes in the office can be unpredictable on a daily basis.
The Discovery of printers is automatic and happens via SNMP and IPP protocols regularly to ensure users have “up-to-date” information on the health and status of their printers. The Admin has configured discovery to be contained to their subnet in the office and from a Super Node only. This helps ensure the discovery process is efficient and effective.
With the Cloud Node enabled, employees working from home or in the field have ubiquitous access to the PaperCut Pocket Edge Mesh and printers. And whether they are in the field or working from home, they can release their jobs to any printer published in the Edge Mesh.
Medium Size Office - Medium Size Business Office - 225 Employees in 3 Office Locations with 12 MFP’s
Site Explanation/Business Needs
The Business is currently migrating its back-office systems to the Cloud and wants to eliminate on-premise print servers. Employees can have their choice of Windows or macOS laptops, and the business is looking to introduce a third choice of Chromebooks in the near future. The 3 locations have WAN connectivity between sites, and the customer would like to have the ability to submit jobs from outside the offices. Employees at each location use HID cards for building access and would like to use the same cards for authentication to release print jobs from their MFD’s. Security and wasteful printing are two significant concerns for the customer as employees tend to leave jobs on the MFD, potentially exposing sensitive data and wasting consumables.
PaperCut Hive checks all the boxes for this business! Plus, with the connectivity between sites, the Edge Mesh has the added benefit of 3 locations for full site redundancy, not to mention the ability to submit and release print jobs off-network with the Cloud Node. But since the customer is requesting off-network print submission, the Cloud Node provides an added benefit for off-network print submission for their Windows, macOS, and future Chromebook users.
The current complement of MFD’s is supported with the PaperCut Hive Full embedded application, where users can use their HID cards to authenticate.
In Figure 2, we see that an employee can submit jobs whether they are on or off the Edge Mesh network courtesy of the Cloud Node. When they are ready, users can release jobs via their mobile or embedded PaperCut Hive application on the MFP. This is possible as the WAN is creating a single Edge Mesh for all locations. The Edge Mesh solution intelligently routes the job via the most efficient route and to the Edge Node with the best access to the printer either via queue or IPP. We also illustrate the use of Passive Nodes. Passive Nodes are essentially demoted Edge Nodes that, while still able to submit print jobs to PaperCut Hive, will have no role in Edge Mesh duties such as receiving, replicating, or releasing jobs. Passive Nodes also do not perform printer discovery functions which can come in handy for Agents in the field who may come in contact with other printers on WiFI, for example.
Mid Size Energy Contractor Organization with high-security requirements - 350 Users in 2 Offices and 25 MFP’s
Site Explanation/Business Needs
This Business is a contractor for a group of Energy Companies. The business needs to comply with strict access to sensitive documents and data but wants to migrate many aspects of their business to Cloud. From the customer’s perspective, it has become increasingly difficult to control the security of printed documents and monitor wasteful output. The company wants to take the extra step of segmenting off SFP’s and MFP’s to their own VLANs in each of the 2 locations to prevent unauthenticated access to these devices via direct print queues.
The business wants to secure access to these devices by way of Card Authentication at the MFP’s. For the SFPs, the company wants a solution that can provide secure release and ensure that the user is at the device they intend to release the job to. The employee’s laptops are Windows 10 with limited access to internet sites that have not been “green-lighted” by their IT Security team.
The business would like to have an alternative way of authentication and access to their print devices than the traditional Domain Trusts currently in place. Off-network, print job submission is not a current requirement; however, it may be in the future if it “checks all the boxes” for security.
The customer is using Azure AD for authentication and InTune for software deployment. BYOD devices are strictly forbidden on the network.
With PaperCut Hive we can have a single Organizational ID with 2 separate Edge Meshes in place as there is no connectivity between locations. Management of users and printers for each of the 2 locations is automatically consolidated in the PaperCut Hive admin interface which gives the customer a single administrative “pane of glass” for their print environment. PaperCut Hive fits well into the strict security requirements for securing print jobs by using HTTPS in transit and a multi-part encryption key at rest. PaperCut Hive has enabled the customer to control access to print devices by phasing out native print drivers and installing a single PaperCut Print driver via InTune. With PaperCut Hive the user is assigned a secure token during onboarding which is used to validate the print job’s identity and authorization throughout the print job process. They no longer need to worry about group or individual access to print or the need to push out queues and drivers. We are happy to use existing queues if they are found by our discovery or we can support printers directly with IPP.
Guest print is solved by allowing the contractors to scan the QR code affixed to the SFPs via their mobiles and enter an email address. Once this action is completed, the admin can verify the request and approve it triggering an email invite to the contractor. Once this email invite is received then the contractor can submit and release jobs through PaperCut Hive. The Admin can also configure PaperCut Hive to “auto-approve” email domains for guests for fast and efficient onboarding of guests.
For Secure Print Release we have a solution for both MFPs and SFPs. For MFP’s, card swipe authentication is enabled for these devices as they support the PaperCut Hive Full Embedded client. For the SFPs, the admin has restricted mobile release to QR-code only and has printed labels for each device ensuring employees do not mistakenly release their job to the wrong device.
Sensitive documents including engineering plans that should not be printed, will be caught during the release on either the Mobile devices or MFP’s by enabling the “Catch Problem Documents” option under safety Net.
Network Environment - With this Business, we have a secure VLAN for SFP’s and MFP’s in each of the 2 locations which limits network access to the devices by way of HTTPS/IPPS Protocol, Port 443 only. With this security in place, we can provide this business and end-to-end encrypted print solution. The MFP’s are supported with the PaperCut Hive embedded application offering card authentication for job release while also tracking copy, scan and faxing. Furthermore the reseller in consultation with this customer’s IT and Security team has outlined the necessary ports, protocols and endpoint urls to our Cloud Service needed for PaperCut Hive to function.
Since we have 2 autonomous networks supporting our Edge Mesh, the print submission and release will work within each office. The Cloud Node will not be enabled for this customer as they are restricting data to the Cloud and have policies in place to ensure sensitive data stays within their firewalls, however, they plan to review this requirement in the future knowing the additional flexibility the Cloud Node can provide them while still being secure.
For User synchronization and software deployment, PaperCut Hive offers secure Azure Active Directory add-on. Once set up with a Secure Token, the Admin can add or remove users and/or groups at will and the changes are automatically updated in the PaperCut Hive Admin UI. When users or groups are added to the PaperCut Cloud Print Management Enterprise Application in Azure, invite emails are automatically sent during the synchronization and automatically going forward. Simple and efficient!
For end user deployment, the Microsoft InTune add-on is available for easy packaging of the PaperCut Hive installer for deployment to user devices. This solves the issue of end users not having the necessary rights to install software on their PCs. The Admin can deploy the PaperCut Hive package without a manual installation on each user’s device.
And finally, for the MFP’s, the “One-Click” installer makes life easy for the Admin to install the Full Embedded application right from the PaperCut Hive admin interface.
Figure 3 depicts the scenario with 2 separate Edge Meshes, each with a Super Node that acts to provide the secure delivery from the Main VLAN to the Secure Printer VLAN via IPPS/443.
Site Explanation/Business Needs
A small Dental Practice needing to protect patient information. 3 Dentists and 3 Administrative Assistants. The practice has no IT staff but uses a third party IT Services company to maintain the network. They have one MFD and 1 USB connected Inkjet printer connected to 1 of the 3 Mac workstations. The Dentists are using ChromeBooks to review patient records and update their information via their Web Based Electronic Health Records application.
The office needs to maintain HIPAA compliance for patient information and is concerned that printed information has mistakenly been left on the printers.
PaperCut Hive offers secure print release at the MFD and as well as Mobile release for the USB connected devices to help mitigate sensitive patient documents being left at devices. The 3 Mac workstations create our Edge Mesh with full replication intact. The Dentist’s Chromebooks are onboarded with the PaperCut Hive Extension for ChromeOS. With PaperCut Hive the Administrative Assistants now have an option to print and release quick one page patient summaries to their USB connected Inkjet or the MFP by way of the PaperCut Hive mobile app.
The Cloud Node is disabled as the practice will not allow off network print job submission and thumbnails are disabled completely to protect patient confidentiality.
The MFP is onboarded with the Full Embedded in order to track not only print, but copies, scans and faxes. Now enabled with secure print for all printers, the practice can better control patient information and keep track of who printed what and to where. Not to mention cost savings for consumables, something that is rather important for small businesses.
In Figure 4, we see 3 Macs making up our Edge Mesh. We also see that we can submit and release jobs to the InkJet tethered to a Mac with a queue installed.
When the Dentists submit their print jobs via the PaperCut Printer, the jobs are encrypted before they are sent via HTTP to the Edge Mesh. The Dentists can release their jobs by entering in their User Code via the embedded app on the MFP. The Administrative Assistants can release to either the MFP for multi-page documents or the Inkjet for one-page patient summaries balancing convenience and costs.
Still have questions?
Let us know! We love chatting about what’s going on under the hood. Feel free to leave a comment below or visit our Support Portal for further assistance.
For more information about PaperCut Pocket and Hive, check out the PaperCut Pocket and Hive Help Center.