version 5.1 - one q · terminals without installing a printer driver host printing host printing is...
TRANSCRIPT
One Q Technologies A/S
Bregnerødvej 133A
DK-3460 Birkerød
Phone: +45 7020 3284
One Q Server Version 5.1.8
Configuration Guide
Copyright © 2020 One Q Technologies A/S
December 2020
O n e Q T e c h n o l o g i e s A / S
2 One Q Server Configuration Guide
Contents
Chapter 1: Introduction ................................................................................... 12
One Q Server components overview ................................................................... 12
One Q vocabulary ...................................................................................................... 13
Solution deployment scenarios ............................................................................. 17
Chapter 2: Prerequisites and requirements ................................................ 21
Windows One Q Server requirements ................................................................. 21
Linux One Q Server requirements ......................................................................... 22
Partner test environment ......................................................................................... 22
Chapter 3: Required ports and protocols .................................................... 23
Minimum required ports and protocols for One Q Server ........................... 23
Optional ports and protocols ................................................................................. 25
Graphical drawing for ports to be opened ........................................................ 26
Detailed description of the communication scenarios .................................. 26
Chapter 4: Security and certificates .............................................................. 29
About certificates ....................................................................................................... 29
Adding a certificate for Web Client ...................................................................... 30
Certificate reinstallation ........................................................................................... 31
Security warning logon to One Q Server ............................................................ 32
Access without specifying port in the URL ......................................................... 35
3 One Q Server Configuration Guide
No DNS changing server name/Using IP-address .......................................... 36
Export a certificate that can be installed in printers ........................................ 37
Import a "real" certificate using Keystore Explorer .......................................... 38
Security limitations in older devices ..................................................................... 42
Chapter 5: Installation ...................................................................................... 44
Installing One Q Server on Windows ................................................................... 44
Installing One Q Server on Linux ........................................................................... 47
Installing One Driver ................................................................................................. 49
How is PPD mapping done. ....................................................................... 51
Chapter 6: Updating One Q Server ............................................................... 52
Chapter 7: Launching One Q Server ............................................................. 52
Chapter 8: Getting started with One Q Server ........................................... 54
Chapter 9: Status ............................................................................................... 55
Chapter 10: My Profile ..................................................................................... 56
Chapter 11: Jobs ................................................................................................ 60
Chapter 12: Reports.......................................................................................... 61
Introduction............................................................................................................... 61
Standard reports ...................................................................................................... 62
Custom reports......................................................................................................... 63
4 One Q Server Configuration Guide
Scheduled reports ................................................................................................... 65
Chapter 13: Administration ............................................................................ 66
Server config - Authentication ............................................................................ 67
Server Config - Jobs tab ........................................................................................ 70
Server Config - Network tab ................................................................................ 72
Server Config - Cluster tab ................................................................................... 73
Server down, manually failover setup .................................................. 74
Server Config - Payments tab .............................................................................. 75
Server Config - Guest Printing tab ..................................................................... 79
Server Config - Backups tab ................................................................................. 80
Server Config - UI tab ............................................................................................. 81
Server Config - Advanced tab .............................................................................. 84
Server Config - System Notifications tab....................................................... 87
Chapter 14: Domains, MS, eDirectory, IBM Domino and Okta .............. 89
If SSL is not enabled (in the domain settings):................................................ 92
If SSL is enabled (in the domain settings): ....................................................... 92
SSL requirements: .................................................................................................... 92
Chapter 15: Users .............................................................................................. 92
Enable user registration ......................................................................................... 93
Edit Configured policies tab ................................................................................. 94
5 One Q Server Configuration Guide
Account (policies) ....................................................................................... 95
Quota (policies) ........................................................................................... 96
Permissions (policies) ................................................................................ 97
Other options (policies) ............................................................................ 99
Creating or editing a local user ........................................................................ 100
Authentication .......................................................................................... 101
Account ...................................................................................................... 102
Quota .......................................................................................................... 103
Other options ........................................................................................... 104
Creating or editing a domain user .................................................................. 104
Chapter 16: Domain users, Policy setup .................................................... 106
Chapter 17: Terminals and Groups ............................................................. 108
Setup Terminal and groups ............................................................................... 108
Introduction to terminals ................................................................................... 108
Group settings ....................................................................................................... 109
Adding new terminals ......................................................................................... 112
Terminal discovery tab ........................................................................... 112
Creating terminals (Windows version) .............................................. 113
IPP/IPPS printing ...................................................................................... 115
Location ...................................................................................................... 116
6 One Q Server Configuration Guide
Creating terminals (Linux version)...................................................... 116
Configuring terminals ......................................................................................... 118
Refresh status tab ................................................................................................. 119
Discover tab ............................................................................................................ 120
Chapter 18: Queues ........................................................................................ 120
Preparing for creating queues (Windows version) ..................................... 121
Create queue in One Q server portal (Windows version)......................... 122
Push printing .......................................................................................................... 123
Create queue in ONE Q server portal (Linux version) ................................ 124
One Driver on One Q server or One Q SaaS ................................... 124
Chapter 19: Client Codes ............................................................................... 125
Chapter 20: Price profiles .............................................................................. 127
Chapter 21: Authentication devices ........................................................... 128
Chapter 22: Grid nodes .................................................................................. 129
Introduction............................................................................................................ 130
Configuration ......................................................................................................... 130
Usage example Grid printing ............................................................................ 132
Usage example sync between servers............................................................ 134
Chapter 23: Rules ............................................................................................ 134
7 One Q Server Configuration Guide
Introduction............................................................................................................ 134
Rule event ............................................................................................................... 136
Conditions ............................................................................................................... 136
Actions ..................................................................................................................... 137
Rules' Applications ............................................................................................... 137
Test Any Queue event ............................................................................ 137
Test Job Release event ........................................................................... 138
Test Pull Queue event ............................................................................ 140
Test Push Queue event .......................................................................... 141
Test User Authentication event ........................................................... 142
Creating new rules ................................................................................................ 143
PJL Rules ..................................................................................................... 144
Regular expression rule ......................................................................... 145
Rule, capture the job title. ..................................................................... 146
Rule, remove program prefix like Microsoft ................................... 146
User authentication ................................................................................ 147
Multi selection .......................................................................................... 147
Chapter 24: Guest cards ................................................................................ 148
Guest cards ............................................................................................................. 149
Replacement cards ............................................................................................... 150
8 One Q Server Configuration Guide
Chapter 25: Data sources .............................................................................. 151
Data source example ........................................................................................... 152
Example for Terminal import ............................................................................ 154
Example for Print Monitor profile import...................................................... 157
Chapter 26: Print Monitor ............................................................................. 157
Print Monitor Queue setup................................................................................ 159
Print Monitor User/Domain account setup .................................................. 160
ONE Q DIRECT and Offline print ...................................................................... 161
Print Monitor USB printing ................................................................................ 165
Solution one queue/workstation........................................................ 167
Solution one queue and many workstations .................................. 167
Security settings for USB printing ...................................................... 169
Print Monitor handling Server rules................................................................ 170
Troubleshooting ................................................................................................... 170
Chapter 27: Backups ....................................................................................... 171
Chapter 28: Licensing ..................................................................................... 173
Chapter 29: Log viewer .................................................................................. 174
Chapter 30: Templates ................................................................................... 176
Chapter 31: User interface, when users login via WEB ........................... 178
9 One Q Server Configuration Guide
User web .................................................................................................................. 178
Enable user registration ...................................................................................... 181
Appendix A: Connecting to an external Database .............................. 183
External Microsoft MS-SQL Database ............................................................ 185
External PostgreSQL Database ......................................................................... 185
Connecting to Shared DB and JOB storage .................................................. 185
Change Job storage location ............................................................................ 187
Appendix B: Connect Server ..................................................................... 189
Introduction............................................................................................................ 189
Installation .............................................................................................................. 190
Configuration ......................................................................................................... 190
Print queue configuration on Connect server ................................ 191
Print Monitor configuration printing to Connect server ............. 193
Appendix C: Google Cloud printing ....................................................... 193
Setup Google Cloud printer .............................................................................. 194
Testing Google Cloud print ............................................................................... 201
Printing:.................................................................................................................... 204
Troubleshooting: .................................................................................................. 205
Appendix D: Console mode, for troubleshooting ............................... 206
Appendix E: Migrating from ver. 3 to ver. 5 ......................................... 206
10 One Q Server Configuration Guide
Appendix F: Activate print, assign and preview for Admins ............ 207
Appendix G: How to setup Azure ............................................................ 208
Appendix H: How to dump job to file ..................................................... 209
Appendix I: Email2Print/Web upload on One Q server .................... 211
LibreOffice for Windows ..................................................................................... 212
LibreOffice for Linux ............................................................................................. 213
Queue setup on One Q server........................................................................ 214
Email2Print setup on One Q Server .............................................................. 215
User setup with 2 email addresses .................................................. 215
Usage ........................................................................................................ 216
Supported file formats ........................................................................ 216
Troubleshooting for Email2Print ...................................................... 216
Upload2Print setup ............................................................................................ 216
Supported file formats for Upload2print ....................................... 217
Appendix J: One Q Mobile Print Application ...................................... 218
Enabling mobile printing for existing customers ..................................... 218
Enabling mobile printing for new customers ............................................ 218
Appendix K: Scan2workflow setup on One Q server .......................... 219
Scan folders on One Q server, basic setup ................................................. 220
11 One Q Server Configuration Guide
Scan2workflow for Epson: ............................................................................... 222
Windows Policy Management on server for Epson folder .................... 223
Group Policy Management ................................................................ 223
Local Security Policy ............................................................................. 224
Scan2workflow for HP:...................................................................................... 226
Scan2workflow for Ricoh: ................................................................................ 226
Appendix L: Linux hints ............................................................................. 226
Configuring Firewall in Ubuntu: ..................................................................... 226
Linux Stop/Start services .................................................................................. 228
Convert PS to PCL on devices not supporting PostScript ..................... 228
Disable Firewall ports ........................................................................................ 228
12 One Q Server Configuration Guide
Chapter 1: Introduction
This document describes how to install, configure and manage the One Q Server printing
solution, which is the web application run in a web browser.
Upon installation, a preconfigured administration password is assigned to the administrator,
who should change this as the first action.
One Q Server components overview
The table below provides a short description of all One Q solution components:
VDMS Virtual Data Management System, One Q Server
HSPM High Volume Secure Print Management, One Q Server on IBM
mainframe. Old name rebranded to ONE Q
PSPM POWER Secure Print Management, One Q Server on IBM Power. Old
name rebranded to ONE Q
Print Monitor Software Client to be install on the end user’s computer, to track
and store print job in on-/offline mode. ONE Q Direct
WEB Client One Q solution for Samsung WEB, HP, Xerox, Konica Minolta,
Kyocera, Canon, Sharp, Epson and Brother
Embedded Client One Q solution for Ricoh, Samsung and Lexmark
GPS Global Print Solution/Public Print solution. Payment solution to:
Libraries, Airports, Hotels etc. Old name rebranded to Mobility
Printing
Connect Server One Q print server to be used in locations with low bandwidth
IP Bridge To be used where MFD does not support USB card readers or even
One Q Embedded/WEB client solution. Build on Raspberry Pi3
technology
Switch Bridge To be used where MFD does not support USB card readers or even
One Q Embedded/WEB client solution. Manufactory solution
13 One Q Server Configuration Guide
ONE Q New name for HSPM and PSPM
One Q vocabulary
This section describes terms related to One Q solutions and environments:
Authentication
devices
One Q IP-card reader to be used for a release all devices if One Q do
not support it with pull print
Authentication A security option that requires user to log in by Short ID, card or
windows credentials before the user is able to print, copy or scan
Backups Backup systems or database
Client codes Allow users to select client codes with any print, copy and possibly
also fax, scan and e-mail jobs performed on MFDs. With client code,
it is possible to get a very detailed breakdown of both printer and
MFD usage and possibly recover these expenses by invoicing clients
or cost centers
Grid nodes Provide the possibility, to combine 2 or more Clusters in the same
network, so traveling users can collect printed jobs on their main
server and print it through another server/device in a different
location
Cluster Combine 2 servers in a failover safety relationship as a Primary and
Backup(failover) server
Database Facilitates writing scripts and automating tasks in the database. DB/2,
Oracle and PostgreSQL are supported
DocOut Conversion tool that enables the solution to handle Host Printing.
DocOut by MPI Tech is a standard optional part of One Q for IBM
System Z
Domain A group of computers that are part of a network and share a
common directory database
Driver name in
Windows
The driver name appears as a queue in One Q after installing the
driver and selecting One Q port
14 One Q Server Configuration Guide
Encryption Selecting encryption, the solution can prevent anyone from reading
the documents, should they be intercepted on their way to the
printer
FQDN Fully qualified domain name
GPS Global Print Solution, 3. part software to be used in an environment
demanding print through WEB. Rebranded to Mobility Printing
Groups To be used to group Terminals group properties
Guest cards Provide the possibility to create cards to external users so they will be
able to print on internal terminals
Guest printing Requires Mobility Printing. Provide the possibility to WEB upload files
from e.g. Word, Excel and PDF, PPT and to be able to print on
terminals without installing a printer driver
Host Printing Host Printing is printing in AFP-format from the IBMi (AS/400) or
mainframe applications (running under z/OS) directly and securely to
office printers
IBM PowerVM
Hypervisor
Optional virtual machine operating system
IBMi The operating system on POWER
IFL Integrated Facility for Linux (IFL) is an IBM mainframe processor
dedicated to run the Linux operating system
Jobs The printed job, either stored on the One Q server ready for Pull print
or printed directly using a Push port
LDAP Lightweight Directory Access Protocol.
License key code The code provided by your One Q solution supplier.
Linux on POWER Linux on POWER is the collective term for the Linux operating system,
either RHEL or SLES, compiled to run on IBM POWER
Log viewer The log where all system info regarding the One Q solution is stored,
needed for support in case of an error occurring on the system
15 One Q Server Configuration Guide
LPAR Logical partition: a subset of Mainframe’s hardware resources,
virtualized as a separate computer
MFD Multi-Functional Printer - a printer also capable of scanning and
copying (and faxing). Furthermore, it has a touch screen display
enabling it to run embedded or browser based GUI applications
MSCS Microsoft Cluster Service
Office printing Office Printing is the daily printing by users from workstation through
their office tools, e.g. Word, Excel etc.
Payments Used for customers where money transaction is needed, Public Print
solution: Libraries, Airports, Hotels etc.
PIN code PIN (Personal Identification Number) is a personal code consisting of
four (4) digits. To increase security users are requested to log in by
the personal card and the PIN code
Policy Provide rules/setup for users or terminals, preventing to copy in color
etc.
POWER IBM POWER8 platform
Price profiles In the price profiles, you define the cost of the different paper sizes,
use of color and duplex for print/copy/scan
Print Monitor Print Client allows documents to be stored on the hard disk drive of
the computer, which it is installed on
Printer A device capable of printing. Term often used as a printing device. A
MFD can also be a printer
Profile The WEB User interface on the One Q solution
PSPM POWER Secure Print Management. Solution from One Q A/S
developed for IBM POWER. Rebranded to One Q for Power
Pull Terminal Terminal where users log in to the submitting documents to be
printed
Pull printing Print jobs are located on a server until users pull the print-jobs from
printers or MFDs by identifying themselves on any chosen
16 One Q Server Configuration Guide
MFD/printer. Also known as follow-me, follow you or follow U. An
important part of secure printing
Push printing When the user chooses a specific printer from the workstation, the
print-job starts automatically without waiting in queue
Push Terminal A printer defined in Windows that parses the printed document,
transfers the tracked data to the server, and forwards the printed
document either directly to the physical printer or to another
Windows print queue
Queue OS Spooler or Virtually existing on One Q server
RBP Rule Based Printing
Replacement cards To be used in a situation where user forgot his/her card at home and
need a temporary card (replacement card) for e.g. one day
Reports Reports enables viewing of main tracking statistics, user statistics,
terminal statistics, client code statistics and job list. Reports includes
a number of predefined reports and the possibility for custom made
reports (license based)
RHEL Red Hat Enterprise Linux
Rule Based
Printing
(RBP) Allows print cost savings by adding a method to the Print
Management solution for enforcing policies for printing. Rules can
be applied to groups of users, terminals or queue
SLES SuSE Linux Enterprise Server
Terminal Device, a printer or an MFD
Terminal Group A Group of Terminals
Users Either local users or AD users that are able to print and release jobs
on the One Q solution
Virtual server System like VMWare is the creation of virtual servers. Unlike a
physical server, a virtual server is not associated with a specific
computer and can failover from one node to another. Configurations
must reference the virtual server rather than the physical servers
17 One Q Server Configuration Guide
Solution deployment scenarios
This section describes the most common application scenarios for different printing
environments and demands.
• A Windows server is used as both VDMS and Print server. User prints direct to the
server, where the print job is stored, until release on MFD.
• The solution shown below requires that the Print Monitor is installed on the
workstation and setup to print jobs to both Primary and Backup servers. Jobs and
tracking data will be stored on servers. This solution is suited to customers with users
not in Domain or for higher security.
18 One Q Server Configuration Guide
• The setup shown below requires a Windows Print server with shared print queues and
jobs are stored locally. Installing the Connect server and configuring in Storage mode
ensure that the print jobs stay locally on the Print Server/Connect server. Metadata is
sent to Primary and Backup servers. This solution can be used when the customer has
low bandwidth.
• The setup shown below requires a Print server where The Connect server is installed
and configured in Relay mode. The solution sends the print-jobs with Metadata to
both Primary and Backup servers. Solution to be used for customers where failover is a
requirement.
• The above setup requires a Print server where it is possible to store print-jobs locally.
This is achieved by installing Connect Server and configuring in Storage mode.
19 One Q Server Configuration Guide
Metadata is sent to both Primary and Backup servers. This solution should be
implemented for customers with low bandwidth or users not on the Domain.
• By using Grid Nodes, it is possible to connect to different sites. A peer-to-peer
connection allows users to collect their document from another server. Mostly used for
traveling users and needs to be enabled on a user/group level. Can also be used to
share tracking and other information between servers.
20 One Q Server Configuration Guide
• Print Monitor and Printer Driver prints directly to a Push device. In the case of pull
printing, jobs are stored locally on the computer while tracking data is sent to server.
• The ONE driver sends the jobs to the server in PostScript format, and on server it is
reformatted at release time to match setup of the device. This will only work on a ONE
Q server (Linux).
21 One Q Server Configuration Guide
Chapter 2: Prerequisites and requirements
The One Q print management server is deployed as a single executable installer.
Upgrading One Q Server from version 4 to version 5 for the 64-bit version is supported. The
downgrade option is not supported.
Windows One Q Server requirements
A server with the following minimum specifications is required:
• 64-bit operating systems:
o Windows Server 2008
o Windows Server 2008 R2
o Windows Server 2012
o Windows Server 2012 R2
o Windows Server 2016
o Windows Server 2019
• 4 GB RAM (need minimum x3 if Email2print and Upload2Print are enabled)
• 30 GB free disk space for the job storage area, database and application
• No anti-virus program monitoring or interrupting the One Q server directories
• No proxy server interrupting local communication on the server (localhost/127.0.0.1)
Using the Mobility server or the Convert2PFD server on the same Windows server as the
VDMS server, then the memory must be minimum 8 GB Ram. If Installing all 3 solutions on
the same server, then please consider adding even more memory and power to the server.
Windows has a Print Spooler limitation on 4GB, this limitation prevents users from printing a
job greater than 4GB in size to the One Q Server.
The Server can be added to domain. If this is not the case, then it is mandatary that the server
has been added correctly to your DNS, so the server name can be resolved by a command
prompt using the command ping "<servername>".
22 One Q Server Configuration Guide
Following installation of the server, the installer builds the certificate bound to the server
name and domain name. If server name is changed later, the certificate is no longer valid. For
more information on security, refer to Security and certificates.
Linux One Q Server requirements
A server with the following minimum specifications is required:
• An Enterprise Linux server running RHEL 7 or SLES12 with 1 virtual CPU
• 4 GB RAM
• Minimum 30 GB free disk space for the job storage area, database and application. For
larger installations, it is necessary to analyze the customer base, printing habits etc. to
calculate the storage requirements.
• No anti-virus program monitoring or interrupting the ONE Q server directories
• No proxy server interrupting local communication on the server (localhost/127.0.0.1)
• The following libraries/tools are required: newt
• In order to be able to support a multivendor environment with a minimal set of print
queues and driver to support stapling, punch, booklet etc. It is a requirement that the
ONE Q driver is used as a printer driver on the workstations.
The Mobility server is supported on Linux but requires special settings on folder.
Scan2Workflow is not supported on Linux, but installing the Scan2Workflow on a windows
server and collect/pick up the scanned job on the Linux server and process on the Windows
server is possible.
Epson Scan2workflow is not supported on Linux.
Partner test environment
In order to run a successful test of the One Q software, our partners need to build the correct
test environment based on the below:
• The test server must be a 64 bit Windows Server 2008, 2012, 2016, 2019.
23 One Q Server Configuration Guide
• The server must be new and clean server, fully updated and no other applications
installed beside standard Windows components.
• The server must be a member of a domain.
• Firewall and firewall in Antivirus must be disabled or the correct ports open
according to the test setup.
• Devices/terminals must be added to the DNS on the test network, it must be
possible to resolve the FQDN (Fully qualified domain name) of the devices partner
might have.
• Admin rights to test server to be able to install One Q software.
Please also see the document OneQ_setup_guide, which is available on the One Q download
site.
This document also states requirements for a POC.
Chapter 3: Required ports and protocols
This section lists the ports used for communication between One Q Server and other
elements of the IT environment. For more information, refer to the "Design your One
Solution" document available on the One Q webpage.
Minimum required ports and protocols for One Q Server
The following ports are used in communication:
Port Direction Details
389 TCP
636 TCP LDAP
SSL
3268 TCP LDAP
global catalog
VDMS -> LDAP (AD) Used for LDAP lookup to AD
(only one of the ports is required)
24 One Q Server Configuration Guide
3269 TCP SSL
global catalog
8443 TCP PC + internet -> VDMS Web interface to VDMS Server
8443 TCP Payment -> VDMS Payment Communications to server
8700 TCP VDMS -> VDMS Grid Node to Grid Node
8700 TCP VDMS <- Grid Node Grid Node communications to server
8700 TCP VDMS <- Connect server Connect server communications to
server
8700 TCP VDMS <- Print Monitor Print Monitor communications to
server
8700 TCP VDMS <- Mobility Print (GPS) Mobility server communications to
server
8700 TCP VDMS <- IP Bridge IP Bridge communications to server
8703 TCP VDMS <-> Printer WEB client listens on this port
8704 TCP VDMS <- Printer Some WEB client communicates to
server on this port
8707 TCP VDMS <-> VDMS VDMS Cluster service
8709 UDP VDMS <-> Printer VDMS broadcast to Embedded client
for terminal discovery
8710 UDP VDMS -> Printer VDMS configuration for Embedded
client
8711 UDP VDMS -> IP Readers VDMS configuration for IP Readers
9100 TCP VDMS -> Printer For sending print jobs from server to
printer
25 One Q Server Configuration Guide
Optional ports and protocols
Depending on the solution the following ports can also be in use and need to be opened for
communication:
Port Direction Details
161 UDP VDMS -> Printer SNMP monitoring
443 TCP VDMS -> internet secure.ogone.com or DIPS for online
payment
631 TCP VDMS -> Printer If Terminals are configured as IPP
1900 TCP VDMS -> Printer Older clients (Samsung, HW terminal)
5432 TCP VDMS <-> VDMS Access PostgreSQL database.
8700 TCP PC <-> VDMS Print Monitor installed on client PCs
communicates with server (SSL encrypted)
8700 TCP IP Bridge->VDMS Configuration and registration of IP bridge.
8700 TCP Connect Server <-> VDMS Main VDMS server API and client
communication (SSL-encrypted)
8712 TCP VDMS <-> VDMS Grid
Node Communication between Grid Node
8443 TCP
443 TCP
80 TCP
Printer -> VDMS
VDMS -> Printer
VDMS -> Printer
For running Web based clients (Xerox, HP,
Konica Minolta etc.)
7778 TCP VDMS <-> SB network
Reader
For sending/receiving card swipe data
8701 TCP PC -> VDMS If IPP printing is required
26 One Q Server Configuration Guide
Graphical drawing for ports to be opened
This section provides graphical representation of the infrastructure and used ports.
The following ports and protocols needed to be open when using Print Monitor:
Detailed description of the communication scenarios
This section provides the graphical representation of various communication scenarios.
• Server communication for PUSH printing from PC with server shared driver to device.
27 One Q Server Configuration Guide
• Server communication for PULL printing from PC with shared driver to an embedded
client.
• Server communication for PULL printing from PC with server shared driver to a
WEB client.
28 One Q Server Configuration Guide
• Server communication for PULL printing with Main server and Cloud server to Client.
29 One Q Server Configuration Guide
Chapter 4: Security and certificates
One Q can provide the following security-related features in the product:
• Transport security – the job can be encrypted on its way from PC to the server and
from the server to the printer
• SSL and PKI-based encryption – the customer can use their own trusted certificates
• Secure connection to LDAP/AD server using SSL
• Communication between the embedded client and the server is also encrypted using
SSL
• Optional: personal job encryption for extra protection (not implemented yet for
Samsung embedded or web-based clients)
o It requires the One Q workstation software Print Monitor. Job data is encrypted
using AES-256 algorithm with the user's passphrase and decrypted inside the
MFD when job release is requested and after user enters the correct passphrase
on the MFD panel. Nobody can read job data including the system
administrator.
• Optional: Smart card or "sticky" card solution. When the card is attached to the reader,
you can print, when you remove the card printing stops (available for selected
vendors).
Moreover, of course all the benefits from secure pull printing.
About certificates
What is the difference between the self-signed certificate on the devices (used in some
competitor solutions) compared to the self-signed certificate used in One Q server and
deployed to the device or a STAR certificate used in One Q Server/devices?
• Device self-signed certificate on device communicate with the server and gets
validated on a lower level of the server operating system. If the device gets a new
certificate built by a technician or hacker, you can still print but the system is
compromised.
30 One Q Server Configuration Guide
• One Q self-signed certificate, built on the server and installed on the device, gets
validated for each request between One Q server and device. If the device gets a new
certificate built by a technician or hacker, you cannot log in anymore and the system is
not compromised.
• One Q can use a STAR certificate that gets validated against a 3rd party certificate
provider, like Verisign. The same certificate will be installed on the device. This is the
most secure certificate solution since the certificate at each login gets validated
against the 3rd party certificate provider.
The One Q server, when installed, will create a certificate store. The certificate store contains a
self-signed certificate.
When opening the Web UI, the certificate is validated, and you will get a security warning
message in your browser. The security warning appears because the certificate is self-signed.
By default, the certificate is created with a CN matching the Servers
<hostname.domainname>
The certificate is also used for validating communication between the One Q server and the
MFDs. Some MFD vendors require that the CN in the certificate matches the DNS name of the
One Q server.
There can be a configurable 'webclient' alias in the "keystore.jks" file to allow separate
certificates to be used for web clients and web UI.
As such, you can have one certificate CN for the web UI on the 'outside' and another CN for
the Web client communication matching the internal DNS name.
Adding a certificate for Web Client
To create self-signed certificate for the web client communication where the CN/DNS is
webclient.cert.local, enabling the Printer to call back to the VDMS server via DNS name
webclient.cert.local:
1. Open the Command Prompt.
2. Type:
"C:\Program Files\Ubiquitech\VDMS Server\jre\bin\keytool.exe" -genkeypair -keysize
2048 -validity 3650 -keyalg RSA -sigalg SHA1withRSA -alias webclient -keystore
"C:\Program Files\Ubiquitech\VDMS Server\conf\keystore.jks" -dname
31 One Q Server Configuration Guide
[email protected], CN=webclient.cert.local, OU=Printing,
O=Ubiquitech A/S, L=Birkeroed, C=DK.
and hit ENTER.
3. When prompted for password use "password".
1. A new self-signed certificate with the 'webclient' alias has now been
added to the "keystore.jks" file.
4. Find the "network.ssl.alias.webclient" file and enter the name of the alias chosen for
internal webclient communication to the Webclient listener alias entry, e.g.:
network.ssl.alias.webclient = webclient
2. and save the file.
5. Restart the VDMS webclient service, then redeploy web clients.
If you do not want to see the security warning you must import a SSL certificate issued by a
trusted security provider.
The trusted SSL certificate should be issued to match the URL. Wildcard certificates are also
accepted (could be print.domain.com, *.domain.com etc.)
The Browser looks for the best match for the URL in the "keystore.jks" file and if no match is
found, then the certificate with the alias "web" will be used.
If you have a setup where the Web UI can be accessed by the users via different URL’s
(*.domain.con and *.domain.net) then you must import 2 certificates.
Certificate reinstallation
Under installation of the server, the installer builds the certificate on basis of server name and
domain name.
In case the server name is changed at a later point, the certificate becomes invalid and must
be reinstalled:
1. Delete the following files from the default "C:\Program Files\Ubiquitech\VDMS
Server\conf" folder:
• Keystore.jks
• truststore.jks.
32 One Q Server Configuration Guide
2. Run the server install one more time, and server installer will build 2 new files
containing the correct certificate.
3. Delete old certificate on devices and reconfigure the Terminals via the One Q Server
Portal.
Security warning logon to One Q Server
Trying to access a server with the self-signed certificate displays the warning message in a
browser.
You can click "Advanced" and "Confirm Security Exception" to store the self-signed certificate
in the browser's local certificate store, but this may not be acceptable when a large number of
users are using the web-interface, e.g. at universities, hotels, etc.
33 One Q Server Configuration Guide
To avoid getting this warning, you need to request an "official" certificate to replace the self-
signed certificate.
First you must verify or decide the name (url) the server is going to be accessed with.
If it is only an internally used server, it could be a name like https://server84.ubi.local , but if is
going to be used externally, it must be named and registered in DNS with an officially bought
domain name.
When the name has been determined and "fixed", next step is to generate a new base
certificate (only necessary if the name has changed).
In the following, you will need to use a command-line tool called keytool which is used to
admin the "keystore.jks" file.
To make it easier, open a command prompt on the server and navigate to:
For Windows:
• cd "\Program Files\Ubiquitech\VDMS Server\Conf"
For Linux:
• /opt/vdms/conf
Run the following command:
..\jre\bin\keytool -list -v -alias web -keystore keystore.jks -storepass password
It should produce output similar to:
Alias name: web
34 One Q Server Configuration Guide
Creation date: Oct 27, 2017
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: [email protected], CN=server84.ubi.local,
OU=Printing, O=Ubiquitech A/S, L=Birkeroed, C=DK
Issuer: [email protected], CN=server84.ubi.local,
OU=Printing, O=Ubiquitech A/S, L=Birkeroed, C=DK
Serial number: 2d6eba50
Valid from: Fri Oct 27 12:18:24 CEST 2017 until: Mon Oct 25 12:18:24 CEST 2027
If the CN-name you see is correct, skip the next 2 steps, which will generate a certificate with
the correct name:
Run the following commands:
..\jre\bin\keytool -delete -alias web -keystore keystore.jks -storepass password
..\jre\bin\keytool -genkeypair -alias web -keyalg RSA -keysize 2048 -validity 3650 -
keystore keystore.jks -storepass password -dname "cn=new_servername.domain,
ou=Support, o=OneQ A/S, c=DK"
Now you must generate a certificate request to send / upload to a company selling
certificates:
..\jre\bin\keytool -alias web -certreq -file CertReq.crt -keystore keystore.jks -storepass
password
It should produce a file named CertReq.crt containing output similar to:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICxDCCAawCAQAwTzELMAkGA1UEBhMCREsxETAPBgNVBAoTCE9uZVEgQS9TMRAwDgY
DVQQLEwdT
dXBwb3J0MRswGQYDVQQDExJzZXJ2ZXI4NC51YmkubG9jYWwwggEiMA0GCSqGSIb3DQEBA
QUAA4IB
........ more lines here .......
35 One Q Server Configuration Guide
jbMqav9gNhYX+xaq1i3IBa3k4l69haGLle8C3g==
-----END NEW CERTIFICATE REQUEST-----
When you receive the certificate(s) from the company, they must be added to the keystore as
a chain. The following picture illustrates a certificate chain:
In the below example, I have received the 3 files written in italics from external provider:
openssl pkcs12 -export -out certificate.pfx -inkey myprints.oneq.dk.key -in
myprints.oneq.dk.crt -certfile DigiCertCA.crt -name web
The above command builds a certificate (certificate.pfx) with the correct chain.
..\jre\bin\keytool -importkeystore -srckeystore certificate.pfx -destkeystore
keystore.jks -deststorepass password
The above command imports the certificate chain into the java keystore.
Access without specifying port in the URL
If you want to make it possible to access the web interface using just an URL like
https://server84.ubi.local
You can (on Windows) use the command NETSH to set up port forwarding. Open a command
prompt with administrator rights, and run the following command:
36 One Q Server Configuration Guide
netsh interface portproxy add v4tov4 listenport=443 listenaddress=<serveraddress>
connectport=8443 connectaddress=<serveraddress>
<serveraddress> must be either the IP-address or hostname/FQDN of the VDMS server.
Note This assumes you have no other apps or processes that listens on port 443 (SSL)
No DNS changing server name/Using IP-address
If customer does not have a DNS and cannot resolve the FQDN, a certificate with alias name
must be built.
A section about changing server name or using ip-address instead of hostname (important
for HP clients)
Some client (HP printers) are automatically configured with a certificate from the VDMS
server being "pushed" to the printer when configuring it. This certificate is in use when the
printer needs to talk to the server, e.g. when a user signs in to pull print. If the server name is
changed, it no longer matches the name in the certificates, and the (HP) printers will no
longer talk to the server.
To solve this, you either rename the server OR if you want to have the server's network
address configured as an IP-address instead of hostname, you can generate a new certificate:
In the following, you will need to use a command-line tool called keytool which is used to
admin the keystore.jks.
To make it easier, open a command prompt on the server and кun the following commands:
• On Windows:
"\Program Files\Ubiquitech\VDMS Server\Conf"
..\jre\bin\keytool -delete -alias web -keystore keystore.jks -storepass password
..\jre\bin\keytool -genkeypair -alias web -keyalg RSA -keysize 2048 -validity 3650 -
keystore keystore.jks -storepass password -dname "cn=192.168.1.74, ou=Support,
o=OneQ A/S, c=DK"
Restart all VDMS services
• On Linux:
On Linux they are placed in /opt/vdms/conf and on IBM_Z in /opt/oneq/conf
37 One Q Server Configuration Guide
../jre/bin/keytool -delete -alias web -keystore keystore.jks -storepass password
../jre/bin/keytool -genkeypair -alias web -keyalg RSA -keysize 2048 -validity 3650 -
keystore keystore.jks -storepass password -dname "cn=192.168.1.74, ou=Support,
o=OneQ A/S, c=DK"
Restart all VDMS services
Of course, you must enter your server's correct IP-address, or hostname/fully qualified
domain name above.
Now you must reconfigure the necessary terminals with this certificate.
Export a certificate that can be installed in printers
You can export a certificate from the keystore to a file to import to a printer:
..\jre\bin\keytool -exportcert -alias web -rfc -file web.crt -keystore keystore.jks -
storepass password
It can also be done from some browsers, here shown in Firefox: follow the yellow tabs.
38 One Q Server Configuration Guide
Export certificate.
Import a "real" certificate using Keystore Explorer
You can download a GUI tool for Windows called "Keystore Explorer" from
https://keystore-explorer.org/
It requires Java runtime, e.g.: jre-8u181-windows-x64.exe, which can be downloaded from
https://www.java.com/en/download/manual.jsp
To import a "real" certificate do the following:
1. Start K.E. and click "Open an existing KeyStore:
39 One Q Server Configuration Guide
Select the OneQ keystore file from either Windows or Linux version:
" C:\Program Files\Ubiquitech\VDMS Server\conf\keystore.jks" or
/opt/vdms/conf/keystore.jks
Unlock it using "password" and you should see:
Now select "open" and select the external certificate you have received. In this example we
assume it is in the format of a .pfx file, which is another type of keystore. Enter the password
(hopefully provided with the .pfx file !):
40 One Q Server Configuration Guide
Right-click to export key pair:
You will need to enter the password again here. Then save it as a .p12 file:
You don't need to enter a password here but can choose to do so.
41 One Q Server Configuration Guide
Go back to the One Q KeyStore and delete the "web" alias:
Finally, import the .p12 file from the other KeyStore saved in the last step:
42 One Q Server Configuration Guide
If you entered a password before, you need it here:
Give it the alias "web":
Again, give it a password, if you are security sensitive...
Finally, restart the vdms-web service, and you are finished!
Security limitations in older devices
A way to get around this unfortunately requires an upgrade to VDMS 5.0.2 or later and some
additional manual work which are describe in below example:
1. Open a cmd-prompt.
2. Type '''"C:\Program Files\Ubiquitech\VDMS Server\jre\bin\keytool.exe" -genkeypair -
keysize 2048 -validity 3650 -keyalg RSA -sigalg SHA1withRSA -alias xerox -keystore
"C:\Program Files\Ubiquitech\VDMS Server\conf\keystore.jks" -dname
43 One Q Server Configuration Guide
"[email protected], CN=webclient.cert.local, OU=Printing,
O=Ubiquitech A/S, L=Birkeroed, C=DK"'''.
3. When prompted for password use '''password'''
1. A new self signed certificate with alias 'xerox' has now been added to
the keystore.jks
4. Edit the ''C:\Program Files\Ubiquitech\VDMS Server\conf\server.properties'' file
5. Find ''network.ssl.alias.web''. Add a new line after this entry and add
'''network.ssl.alias.webclient = xerox''.
6. Save the file.
7. Restart the '''VDMS webclient''' service, then redeploy web clients.
Certificates are used in One Q for two purposes: To enable SSL-encryption of data travelling
over networks, typically HTTPS, and to enable "trusted end-points", e.g. the server says, "I am
One-Q-server1, and you can trust that".
When the VDMS server is installed the first time, two "Java certificate stores" are created:
• keystore.jks and truststore.jks (both placed in C:\Program Files\Ubiquitech\VDMS
Server\Conf).
• (on Linux they are placed in /opt/vdms/conf and on IBM_Z in /opt/oneq/conf)
The truststore contains certificates which the server trusts. It is used for outgoing connections
when the server connects to some host and needs to validate this host. The store contains a
lot of external CAs (Certificate Authorities), but also "special entries", like "xlet" (used for
Ricoh), "printmonitor", "pmconnect", "ubiquitech", "web", "web-sites".
The keystore contains private key chain(s) which are used by listening services (the ones that
listen on some TCP port, like web for example). When users use a browser to access the Web
Admin interface, they collect a certificate with the name web to enable the SSL-encryption.
When the VDMS server is installed the first time, the keystore.jks is populated with 3
certificates, with the names "ubiquitech", "web" and "web-sites". The server name is written in
the certificates (see later section about server name changes). These certificates are self-
signed, which means they are not part of a chain, and they say "I am who I say I am - you must
trust that, and you cannot ask anybody else to verify it".
44 One Q Server Configuration Guide
Chapter 5: Installation
This chapter describes installation procedures for the One Q Server on Windows and Linux
environments.
Installing One Q Server on Windows
Installation requires local administrator permissions (domain admin rights are not needed) as
it writes to protected locations (e.g. Program Files), creates several registry entries, installs
Windows spooler system component and creates and starts/stops different system services.
It is not possible to perform software installation under normal account. The installer requires
elevated access.
Follow the steps bellow to install One Q Server on a Windows machine:
1. Download the newest VDMS server packet from the One Q website.
1. Only trained and certificated technicians are granted access to this
site.
2. Right click the VDMS server install packet and select "Run as Administrator".
3. In the wizard that opens, click Next.
45 One Q Server Configuration Guide
4. Read the End User License Agreement and select "I Agree" to continue installation.
5. Make sure that that the GPL Ghostscript is selected. The server uses this for the
preview functionality, rules etc.
46 One Q Server Configuration Guide
6. The "C:\Program Files\Ubiquitech\VDMS Server" is the standard folder where the
VDMS files are installed. Select another folder or drive if you like to change the folder.
7. The Start Menu Folder is "Ubiquitech VDMS Server". It can be changed if necessary.
8. Select install and VDMS server will be installed. Time frame 2-3 minutes.
9. Select Finish and VDMS server services will start up.
47 One Q Server Configuration Guide
Installing One Q Server on Linux
Since the One Q software relies on CUPS printing system, make sure that CUPS is installed
and running on a Linux server before installing One Q Server.
• Install and configure CUPS:
1. Install CUPS by running:
SLES: zypper install cups
RHEL: yum install cups
2. Set it to auto start:
chkconfig cups on
3. Allow remote administration:
cupsctl --remote-admin --remote-any --share-printers
• Configure the "vi /etc/cups/cups-files.conf" configuration file:
1. Find "SystemGroup" and add "vdms-run": SystemGroup root vdms-run
2. Save the file
3. Restart CUPS with the "systemctl" command.
• Disable SELinux:
1. Open the "vi /etc/sysconfig/selinux" configuration file and change the first
entry of SELINUX which does not start with "#" and change it to
"SELINUX=disabled"
2. Restart the Linux server after changing SELinux settings.
Now you can proceed to installing the One Q Server:
1. Download the .bin installer.
48 One Q Server Configuration Guide
2. Open a terminal window on the target machine. Installation should be performed
from the root account. To enter root shell type "sudo -s" or "su", then enter root
password.
chmod +x <filename of the .bin>
./<filename of the .bin>
o Example for the One Q server installation:
chmod +x vdms-server-5.1.4-setup-linux-x86_64.bin
./vdms-server-5.1.4-setup-linux-x86_64.bin
o Or for the Device Webclient installation:
- change file permissions chmod +x webclient-hp-x.x.x-
setup-linux.bin
- run the installer ./webclient-hp-x.x.x-setup-linux.bin
3. Press Next to start the installation.
4. Accept the license terms.
49 One Q Server Configuration Guide
5. Enter the installation directory.
6. Make sure all three options are selected before pressing Install:
7. Press OK to start the services for the One Q server.
Installing One Driver
For any workstations, we offer our unique and patented One Driver technology whereby
users can print all document formats correctly including advanced finisher options such as
booklet, stapling or tray selection, regardless of printer manufacturer.
In order for users to be able to collect printjobs on any of the devices, they need to have the
One Driver installed. Please follow the instructions below:
1. Log into the user’s pc as administrator.
2. Go to Printers/add printer.
Note Do not use the auto search feature but add the printer manually!
50 One Q Server Configuration Guide
3. Choose a shared printer by name and enter the name of the printer you have created
under Queues on the One Q Portal
(e.g.: http://<IP address or DNS name>:631/printers/ "Queue name").
4. When asked for a printer driver, select Have disk and browse to the location of the
One Driver.
Note It is also possible to use http://"Server address":8701/ipp/"Queue name"
51 One Q Server Configuration Guide
Installation of the One Driver can be carried out using the method above or via the One Q
driver package containing the One Driver and an installation script. Please contact One Q
technical department for more information or download One Driver manual from One Q
partner zone.
To install the driver via a script, request the driver executable file from One Q. Here, the driver
"hspm-driver-1.8.11-2-setup-signed.exe" is used as a reference.
The file can be launched from a Command prompt (run as administrator) with the command
line:
hspm-driver-1.8.11-2-setup-signed /queue=Follow-Me
/address=192.168.1.77 /default=yes
where:
o queue is the name of the Queue defined on the One Q Portal.
o address is the IP Address of the One Q Server (192.168.1.77 in this case).
o default is set to "yes" to set the Printer as the Default Windows Printer.
The driver will communicate with server on IPP port 631.
How is PPD mapping done.
The Driver sends a Postscript job with a One Q header to the server.
When users then release the job on a device, the printjobs are reformatted according to the
PPD connected to the One Q terminal and the device will print the job.
More information on the One Driver configuration is available on the One Q Partner zone.
52 One Q Server Configuration Guide
Chapter 6: Updating One Q Server
With new One Q Server release available, you may upgrade to a newer version.
IMPORTANT! Before upgrading to a newer version it is highly recommended to make full
backup of the system and configuration files. For detailed information on backups, refer to
Backups and Server Config - Backups tab sections.
To update your software, you need to get the latest installation package from the One Q
Partner Zone and run it. In the Setup Wizard that opens, select the Upgrade existing
installation (recommended) option and click Next to upgrade the One Q Server.
Chapter 7: Launching One Q Server
One Q Server is launched by clicking the One Q Server icon on the desktop.
53 One Q Server Configuration Guide
One Q Server is accessed through a web browser. The correct link (URL) is documented in the
customer specific installations manual created by the One Q Partner. By default, the URL is set
to HTTPS://localhost:8443, however, it can be changed to HTTPS://localhost by doing the
following:
• For Windows
Use the following Powershell command on the server where One Q is installed:
netsh interface portproxy add v4tov4 listenport=443
listenaddress=x.x.x.x connectport=8443 connectaddress=x.x.x.x
where "x.x.x.x" is the Server IP Address.
• For Linux
1. enable IP forwarding using sysctl
/etc/sysctl.d/99-sysctl.conf (at the end there are the forwarding rules)
net.ipv4.conf.all.forwarding=1
net.ipv4.conf.default.forwarding=1
2. Add iptables rule (rc.local on RHEL!) (change eth0 to match network interface)
/etc/rc.d/after.local
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j
REDIRECT --to-port 8443
exit 0
By using the given Username and Password (from the installation), One Q Server can be
accessed using the following credentials:
Username: vdmsadmin Password: vdmsdemo
54 One Q Server Configuration Guide
Chapter 8: Getting started with One Q Server
The One Q Server user interface is built in a consistent way and its uniformity makes it
intuitive and easy-to-use for the administrator.
The main menu is located at the top of the screen giving the user the following options:
• Status—dashboard overview about system and server
• My profile—user details and own jobs
• Jobs—all pending jobs
• Reports—create/run reports
• Administration—all solution settings
• Log out—log out from the server
• Language—change language
55 One Q Server Configuration Guide
Chapter 9: Status
A dashboard is available to show an overview of the server, including memory usage and
print statistics.
The server information like FQDN, IP-address, uptime, server ID and job count is also shown
here.
When applying for a license via [email protected] you always need to supply the following
information which can be taken from the Server Dashboard:
• Server ID
• Server Host name
• Customer name
Also, from the Server Dashboard, you can jump straight to the Terminal Tab or to the Jobs
Tab by clicking the correspondent links.
The Statistics pie chart shows a breakdown of jobs sent during the current month. It provides
information about printed monochrome/color and deleted monochrome/color pages.
56 One Q Server Configuration Guide
Information is updated daily. Please note, that this section is not displayed if customer has no
Tracking option in his license.
The memory usage on the Dashboard shows the memory usage of the core and web services
over a period of 24 hours. Selecting the area on the screen will drill down to more specific
timelines, e.g. per hour.
Chapter 10: My Profile
The settings are controlled by the vdmsadmin user, either by rules or user permissions.
The User section allows users to change password (local users only), add second e-mail
address to be used with Google Cloud Printing and show/change Short ID and/or PIN. It is
also possible to pay for printing (if enabled) and view payment history from My Profile.
The user also has an overview of the prints jobs that are in queue. Users can either
print/delete or assign print jobs, but only if an Admin has enabled Web print and assign jobs
on server.
57 One Q Server Configuration Guide
Payment options via Ineginco/Ogone. It is possible to customise the terms and conditions.
58 One Q Server Configuration Guide
59 One Q Server Configuration Guide
Payment history will show a list of transactions and the user will receive an email with the
Order ID:
60 One Q Server Configuration Guide
Chapter 11: Jobs
This view is shown with the VDMSADMIN account
This section shows a list of waiting print jobs in the pull queues.
From here, jobs can be deleted.
Due to GDPR print job, assign job and preview job has been removed, please see appendix K
for manual enabling.
In the Archived tab, all printed jobs are stored, and they can be re-printed or assigned again,
but only if the Archive and Print function has been enabled on user. Clicking the Lob archive
is not configured link will open the Administration -> Server Config -> Jobs page, where
you can enable and configure jobs archiving.
61 One Q Server Configuration Guide
Chapter 12: Reports
Introduction
Reporting is a very important part of the server, because it allows you to export and visualize
tracking and accounting information. The reporting module consists of three parts:
• Standard reports with manual previewing and exporting
• Custom reports created by the users (separate licensing option) with preview and
export functionality
• Scheduled reports sent with a given interval to the specified email addresses (either
built-in or custom)
The Reports table allows selecting the period for which you want to see the report and lets
you preview the report in the web browser or it export it to one of the following formats:
• PDF (Adobe PDF)
• XLS (Microsoft Excel format)
• ODS (Open document format)
• XLSX (OOXML format)
• CSV (comma-separated file)
• HTML
62 One Q Server Configuration Guide
Standard reports
The standard reports are the preconfigured reports available on the Standard reports tab of
the Reports page. Every report can be previewed in the browser or downloaded in selected
format.
There are six standard reports available, sorted alphabetically:
• Client code totals
• Client code totals, summary
• Expired jobs, summary
• Job details
• User totals, daily
• User totals, summary
By default, every standard report has a predefined conditions, name, columns name, column
number and column width. You can edit the following fields by clicking on the reports name
and going to the Edit report dialog:
• Report name
• Report heading
• Column display name
• Column's width
63 One Q Server Configuration Guide
The dialog lets you know if you exceed the available width (802 px) for the columns.
The standard reports are in English by default with a standard text, but all editable fields can
be changed/translated to another language.
Using the One Q backup module it is possible to back up the reports and reuse these on
other installations.
Custom reports
If the built-in reports are not sufficient, custom reports can be created by admin or report
admin. Custom reports can be created and viewed on the Custom Reports tab of the Reports
page.
64 One Q Server Configuration Guide
Click Create report to create a new report.
By clicking the Add Column button you can add more columns to your custom report.
Once the column is added, click Name to select one of the predefined types. You can also
edit the Display Name, width of the column, set conditions and change columns' order. For
some columns you can set the Total and Exclusive checkboxes. By clicking the Add Sort
Column you can apply sorting conditions for the columns you added.
65 One Q Server Configuration Guide
Example of report showing deleted jobs:
Scheduled reports
It is possible to create one or more automatic reports, which will be sent to given users at the
configured date and time. Before automatic reports can be created, SMTP settings must be
defined under the Administration > Network section:
66 One Q Server Configuration Guide
Each automatic report can be scheduled and sent to multiple email addresses. In addition,
report format and scheduled period can be selected:
Chapter 13: Administration
The Administration section lets you configure the server settings and consists of the
following sections:
• Server config - Authentication
67 One Q Server Configuration Guide
• Server Config - Jobs tab
• Server Config - Network tab
• Server Config - Cluster tab
• Server Config - Payments tab
• Server Config - Guest Printing tab
• Server Config - Backups tab
• Server Config - UI tab
• Server Config - Advanced tab
• Server Config - System Notifications tab
Server config - Authentication
The Authentication tab is accessed by choosing Server Config under the Administration
option.
68 One Q Server Configuration Guide
The table below describes parameters of the Authentication tab:
Parameter Description
Enable user registration If enabled, the login page allows users to self-enroll
Enable web login for non-admin
users
Allow Non-admin users to login at the WEB URL.
Enabled by default.
Unqualified username search
policy
This option determines how to search for username
without the "@domain" part
Enable single sign-on External single-sign on server for WEB services
CAS Server URL Single-sign on server URL
Web session timeout, minutes Standard timeout for Web session. By default set to 30-
30-30 minutes
Enforce password policies The same as Windows password, mix of numbers and
letters. Enabled by default
Minimal password length Set to 6 by default
Minimal length of generated
short ID
When activated in the User permission, system generate
random Short ID. Set to 4 by default
Remove leading zeroes from
card ID
Remove 0 at the beginning of a card number
Minimal card ID length Used ID card number needs to be at least this length
Maximal card ID length Used ID card number needs to be maximum this length
Enable caching of LDAP search
results
Activating the possibility to cache existing LDAP users
LDAP cache expiration time,
minutes
Time out before new cache collection. Set to 60 minutes
by default
The Authentication page also provides a function to cleanup the Database for obsolete card
or Short ID numbers.
69 One Q Server Configuration Guide
For example, there is a user account in LDAP that has been deleted or disabled, but value still
exists in the Database.
Click Cards/Short ID cleanup to open the cleanup dialog. In the example below there are no
cards eligible for removal. Click Analyze to refresh the results.
70 One Q Server Configuration Guide
In case the system finds records that can be removed, you will be presented with the
possibility to delete them. Click Yes to remove obsolete cards and short IDs.
Server Config - Jobs tab
The Jobs tab allows you to configure the jobs-related parameters.
The table below describes parameters of the Jobs tab:
Parameter Description
Job sort order The order in which the print jobs will appear on the
terminals (i.e. ascending or descending according to the
printing time). Set to Ascending by default
71 One Q Server Configuration Guide
Job retention time, hours: The retention time in hours or days until a non-released
job in a pull queue will be deleted. Set to 32 by default
Notify users over expiring jobs Selected and system will send an e-mail
Expiry notification threshold,
hours
When the user will be notified for the expired jobs. Set to
1 by default
Enable async printing If checked the user interface on the terminal is released
when printing enabling the user to do other things (for
instance scanning). Enabled by default
Accept jobs only from known
users
Only authorized users can print, this function is not
working with Print Monitor. Enabled by default
Allow web print for non-admin
users
User can still print their job, not possible for Admin to
print users job
Allow job assignment for non-
admin users
User have the possibility to assign jobs to other users
Cast job size for tracking Track Letter jobs as A4 is set by default
Storage quota per user, bytes Prevent print if the storage quota is exceeded MB or GB
Maximum number of jobs per
user
Prevent users to print if quota is exceeded maximum
number of jobs
Notify user over exceeded job
quotas
Mail sent to user if Storage Quota or max numbers of job
exceeded the allowed settings
Enable custom job storage Standard is c:\DocumentData, hidden folder
Custom job storage location New storage area, locally or external
Enable job archive Yes/No, save all printed jobs from all users
Job archive location New archive area, locally or external
Archive retention time, days Job deleted after, standard 365 days
72 One Q Server Configuration Guide
Server Config - Network tab
In this section, the server and information SMTP mail settings are defined.
The table below describes parameters of the Network tab:
Parameter Description
Server address Is set automatically to FQDN, this address is sent to the
terminals doing Terminal configuration. Can be changed
to IP-address for some terminals
Webclient server address To be used with Public Grid solution as SAAS, May never
be empty must as minimum contain default value,
localhost.
Verify client SSL certificates Server will verify the certificates of any client connecting
to it. Untrusted clients will be denied. Trusted certificates
are stored in the truststore.jks file. This option allows to
control who can connect to One Q server and use
server's API and web UI.
Verify server SSL names When server connects to some web site (for example
SMTP to send email or LDAP server) it will verify the
certificate of the remote server. Again, this certificate
must be in the truststore.jks otherwise server will not
connect to that external site.
SMTP sender address If non-default SMTP port is used specify port number
73 One Q Server Configuration Guide
SMTP server
SMTP port
SMTP username Username for SMTP sending
SMTP password Password for SMTP sending
SMTP SSL mode SSL Communication mode set to Plain, SSL/TLS or
STARTTLS
Server Config - Cluster tab
This section allows you to configure clustering options.
The table below describes parameters of the Cluster tab:
Parameter Description
Server role A role for this server in the cluster: primary, backup or manual.
Enable database sync One server on each network is primary; the backup is secondary
to be used for failover. Primary and Backup have a heartbeat in
between and as soon as backup doesn´t get any reply from
primary, it becomes the primary until primary comes alive and
retain primary role.
Sync sources The Manual Backup setting is a server in sleeping mode, as
soon as the print admin is informed that primary is down, the
print admin can configure all active terminals, and the manual
server takes over responsibility for login at devices, until
primary comes alive and retain primary role.
74 One Q Server Configuration Guide
Sync retry interval, min SYNC only to be used if system runs with local Database, DO
NOT USE IT WITH SHARED DATABASE
Cluster peer address Select between; Client codes, Domains, Policies, Price profiles,
Terminals, Terminal groups, Users, Print queues, Auth devices,
Rules, Reporting data, Payment history, Guest cards, Reports,
Scheduled reports, Data sources, Scheduled imports, Job
deletion, Print Monitor configuration
Email for notification If the peer is offline the server will attempt to re-sync for 10
minutes max. If set to interval 0 it will not attempt to re-sync.
NOTE On the Primary server, the IP Address points to the Backup server.
SYNC only to be used if system runs with local Database, DO NOT USE IT WITH SHARED
DATABASE
Server down, manually failover setup
It is possible to set up the One Q servers into a cluster, with a Primary/Backup server.
The idea behind this setup is to make sure that users always can log in at the devices and
perform print, copy and scan jobs.
Below steps need to be set up to run the cluster setup
Set up the Primary server with User, Terminals etc. so it is fully functional and working as
expected.
Then perform a total backup of the Primary server and import it on the Backup server.
Remember to check the cluster settings after import of backup and change it, to match the
Primary/Backup configuration.
Jobs are accessible from both servers, if one of the below conditions are fulfilled:
• Printing using Print Monitor and sending jobs to both servers, please see the Print
Monitor manual
• Printing using Connect server and sending jobs to both servers, see Appendix B
• Shared Database and spool area for both servers, see Appendix A and Advanced tab
75 One Q Server Configuration Guide
Server Config - Payments tab
Ogone payment setup:
DIBS Payment setup:
76 One Q Server Configuration Guide
One Q server provides the ability to enable payments for the end-users through the web
interface. There are two payment options available, both cannot be activated simultaneously
• Online web payment (Ogone or DIBS)
• Manual deposit payment
• Print receipt on: ONLY POSTSCRIPT printers are supported
If the printer does not show, please restart all VDMS services or restart server.
The payment system allows the users to deposit money to their account on the print server
and use it for printing or copying.
The table below describes the parameters of the Payments tab:
Parameter Description
Enable manual deposit Makes it possible to deposit payment to your account
Enable payment receipts Makes it possible print payment receipts on below printer
Print receipt on Printer to print Payment receipts on, only Postscript
Guest invoice report Select the report where Guest card info will appear. Can be
used with Custom made reports.
Currency Only an ISO4217 currency code allowed
Notify users over low
account balance
Should user receive a mail regarding low balance?
Low balance threshold Level of low balance
Enable clicks conversion Conversion from currency to click price. To be used in
environment where users understand the terms better than
a price
Click price This refer to a price per click instead of standard price, e.g.
A4 one clicks and A3 2 click
Amounts type Fixed range by the system or range in between min. and
max amount
Amount choices: Only in the Fixed range
77 One Q Server Configuration Guide
Web payment type Ogone and Dibs are supported; contact One Q Support for
additional information.
Online web payment provides an online payment option. This option requires a merchant
account opened and maintained by the administrator. Users can pay with credit or debit
cards and use a PayPal account (availability depends on the country). The amount that is paid,
will be transferred to the user’s profile automatically.
Manually deposited payment: allows a payment administrator to deposit an amount for a
user. The payment admin can collect the cash from the user and deposit the amount to the
user's account by using web interface. Permission to be payment administrator is given to
groups or individual users in ‘Administration, Users interface’.
Below is the setting for Local users.
78 One Q Server Configuration Guide
When payment receipts are active, it is possible to select a printer where the receipts are
printed. It must be a locally installed printer.
The payment history is located under Users, Payment history
From here, it is possible to re-print receipts by pressing the print symbol.
Job get printed on the selected device under the Payment tab.
79 One Q Server Configuration Guide
Server Config - Guest Printing tab
Guest printing is also called Mobility print.
Mobility Printing is a mobile printing option that allows users to print from any portable or
mobile device in addition to publicly available computers.
The table below describes the parameters of the Guest Printing tab:
Parameter Description
Enable guest printing This allows users to send jobs to Mobility Printing server
Global Print server
address
Mobility Printing server IP-address or domain name
Global Print server port Communication port between One Q and Mobility Printing
server
LibreOffice path Windows: C:\Program Files\LibreOffice\program\soffice.exe
Linux: /opt/libreoffice6.3/program/soffice
Enable Email2Print Disabled by default
80 One Q Server Configuration Guide
Email2Print queue
name
Select VDMS Queue to upload job to server
POP3 server Server
POP3 port 995
POP3 username
POP3 password
Email check period
(min, needs restart)
Standard 1 min, if change please restart all One Q services.
Enable Upload2Print Disabled by default.
Upload2Print queue
name
Select Queue to upload job to server
Refer to the Appendix I: Email2Print setup section for setup and more information.
Server Config - Backups tab
Backup of the database can be set up in this section.
The table below describes the parameters of the Backups tab:
Parameter Description
Enable directory
transport
Enabled by default
Backup directory Location where backups are stored
81 One Q Server Configuration Guide
Enable SMB transport Selected enables SMB
SMB destination URL New location for Backups
Max number of
automatic backups
Max numbers of automatic backups, standard 5 and max 100
Server Config - UI tab
The table below describes the parameters of the UI tab:
Parameter Description
Number of decimal
digits to display
To be used for pricing. Standard: 2
Custom date format Activate date format, using the scroll bar or type in settings like
yyyyMMdd
Enable custom portal
title
Allow admin to change portal title
Custom portal title Makes it possible to customize title "VDMS Server Portal "
82 One Q Server Configuration Guide
Custom portal logo Makes it possible to upload customer logo, must be in app.
100x100 pix (3.5 cm x3.5 cm)
Portal prompt (HTML) Possible to add more info under the Logo/title, e.g. link to external
web page.
Login UI Theme OEM or Public Print, activated the login site turns Orange
Hide card ID in user
settings
Selected, it is not possible to see card info or Short ID on the
interface
Allowed languages Selection to choose what language end users can select between.
Use terminal locations
for web print
Activate that user can select on the login page, location instead of
group.
Enable external link in
menu bar
If enabled, the new tab is placed as a last item in the menu bar.
The tab is visible for all users and opens the specified URL in a new
browser tab.
Caption for external
link in menu bar
Specify the caption for the external link in the menu bar. Limited to
25 characters, "Caption" is entered by default. Required if Enable
external link in menu bar is enabled
URL for external link in
menu bar
Specify the URL for the external link in the menu bar. Required if
Enable external link in menu bar is enabled
83 One Q Server Configuration Guide
Below is the standard login page.
Below is the page modified with Logo, Title and some HTML commands for pointer to
external webpage where to download manuals and driver from.
The server imports the logo and sometimes it is needed to modify logo with an additional
white border around logo.
Enabling the Public UI theme:
84 One Q Server Configuration Guide
Server Config - Advanced tab
Certain advanced options can be set up in this section. This section should only be changed,
when advised from One Q support.
The table below describes the parameters of the Advanced tab:
Parameter Description
Enable color ink detection Enables page-level color detection so jobs with mixed color /
bw sides will be recognized correctly. This is useful for
correctly calculating the price. It can slow down the server
significantly when many print jobs are handled on the server.
Use standard conversion
tool (GhostPCL) for HP
print jobs conversion
To be enable if problem with rule conversion of HP jobs
SNMP wait printing,
minutes
Standard
SNMP wait idle, minutes Standard
SNMP community Public as standard
Security key for DN
authentication
Security key to be used with Print Monitor
85 One Q Server Configuration Guide
Security key for terminal
configuration
Security key to be used with Terminals
Database connection Database location, below shown 4 settings. Setup with DB
specification described in Appendix A
Database pool size The number of simultaneous connections to the database.
The more connections the better performance under stress
conditions and more RAM is required.
Default max limit configured in the postgresql.conf file is 100
Scan2Workflow
configuration file
Location of configuration file for Scan2workflow, 3. Part tool
WebclientNG/Xerox Under development
Enable Watermarks If enabled, the default "Printed by <user login> on
<dd.mm.yyyy HH:mm>" watermark will be printed in the
bottom left corner of every A4 page of a document. Text is
customizable and can be set differently for PS jobs (see
below).
Please speak to One Q prior to enabling this option
Watermark text Enter the text to be printed as a watermark. The "user" and
"date" variables can be used.
Example: Printed by @user@ on @date@
Watermark layer on the
top for Postscript jobs
Enable, if watermark is not visible on postscript printers
86 One Q Server Configuration Guide
For more information about Scan2workflow, refer to Scan2workflow setup on One Q server
The Database Connection parameter allows running a SQL script for the DB, e.g. delete user
tracking. Click Run SQL command to initiate the execution window.
87 One Q Server Configuration Guide
Note Only admin can run this command.
Server Config - System Notifications tab
This section allows you to set up system notifications.
The table below describes the parameters of the System Notifications tab:
Parameter Description
Allow system notifications This option will allow notifications to be
displayed on the One Q Portal or be sent via
Allow email notifications Enable email notifications
Email destinations Specify email recipients
88 One Q Server Configuration Guide
License notification expired before, days License expiry notification
Certificate notification expired before, days SSL Certificate expiry notification
Portal Notification showing expired certificate:
Portal notification showing expired license:
Email notification example:
89 One Q Server Configuration Guide
Chapter 14: Domains, MS, eDirectory, IBM Domino and Okta
In this section, the user authentication can be set up if users are validated up against the
domain.
In order to create a domain, all relevant information must be added. There is no limit in
numbers of domains.
For user authentication, domains are contacted in alphabetical order - unless authentication
information contains a specific domain name.
90 One Q Server Configuration Guide
The table below describes the parameters of the Edit domain dialog:
Parameter Description
Name Free name to identify the domain
Address the address of the LDAP server
User name User with credentials to perform LDAP
lookup
Password Password for above
LDAP scheme type Active Directory, IBM Domino, eDirectory
(LDAP x500) or Okta can be chosen
Port The following typical values can be used: 389
(normal access), 636 (SSL enabled), 3268
(Active Directory global catalog), 3269
(Active Directory global catalog via SSL)
Base DN The search base for the LDAP server
Search users in AD groups or OU
Bind type Security for communication to the LDAP
server
Group filters (comma-sep) Possible to sort by comma separation,
"support, sales, management" etc.
SSL To run by SSL
Active Activate the AD lookup
User name attribute Attribute to look for info,
"sAMAccountName" or simlar
Full name attribute Attribute to look for info, "cn" or similar
Alias name attribute Default empty
Email attribute Attribute to look for info, "mail" or similar
BCC attribute Default empty
91 One Q Server Configuration Guide
Home folder attribute Attribute to look for info, "homeDirectory"
Card ID attribute Default empty
Short ID attribute Default empty
Client code Attribute Default empty
Client code attribute 2 Default empty
Client code attribute 3 Default empty
Once all the settings are configured, the Test LDAP button can be used to check the
connection to LDAP server.
Then go to Users and check the users can be found
92 One Q Server Configuration Guide
If SSL is not enabled (in the domain settings):
If LDAP server address is a fully qualified DNS name, we try to authenticate first using DIGEST-
MD5 protocol. It prevents password from being sent in plain text over the network. However,
there is no encryption and the rest of the information can be sniffed from the network.
If this method fails or server address is an IP address, we use simple plain-text password.
If SSL is enabled (in the domain settings):
If port is 389 or 3268, StartTLS is used to negotiate a secure connection over this port.
If port is 636 or 3269 a direct TLS is used to connect to the LDAP server.
Both methods are equivalent in terms of security.
SSL requirements:
• Domain controller must be configured for SSL connectivity
• Server's certificate must be added to the One Q Server's truststore.jks file or it must be
globally signed with one of the trusted CA's like Symantec or Globalsign.
Chapter 15: Users
User configuration is necessary before the server accepts the print jobs. Every incoming job
has a username associated to it - this is normally the login name of the user without the
domain suffix.
One Q server supports two types of users:
• Local users - for small installations without the domain infrastructure
• Domain users - for integration with MS Active Directory or another LDAP server, IBM
Domino, eDirectory and Okta
Please refer to the Domain section for configuration details
Local users are configured in the server web management interface under the
"Administration, Users" section:
93 One Q Server Configuration Guide
By default, the permissions and security settings for all users are governed by policies, which
can be edited by pressing the "Configured policies…" button. Policies can be overwritten for a
particular user with the "Overwrite group policy" option.
Enable user registration
If Administration, Server Config, Authentication, if "Enable user registration" is activated, it is
possible for new users to register via the following:
"Terms and conditions" can be customised by editing the templates below:
%VDMS%/conf/templates/eula.template or %VDMS%/conf/templates/eula_lang.template
(Where lang is 2-letter language code, e.g. en, da, es)
The user will receive an activation e-mail. If the user does not activate their account, they will
not be able to print or login to the web page.
Completing the registration will activate the account.
94 One Q Server Configuration Guide
Edit Configured policies tab
Every group can have group policies assigned - users of that group will share those policies
unless they are overwritten in the user settings. If no group policies are defined for a
particular group, the global policies will be used.
By default, the permissions and security settings for all users are governed by policies, which
can be edited by pressing the "Configured policies …" button. Policies can be overwritten for
a particular user via the "Overwrite group policy" option.
In Configured policies, all policies are specified.
Below are shown the Domain users', Guest cards' and Local Users' Global Policies, with the
three default policies.
Selecting the policy, the popup below will appear, and settings can be edited and changed.
95 One Q Server Configuration Guide
Account (policies)
The table below describes the parameters of the Account tab:
Parameter Description
Unlimited Activated, user can print unlimited. If not, then the balance decides
whether it is possible or not, to use the terminal.
Balance
Free balance E.g. provided from University as a free usage pr. month
Low limit When the account gets below this limit, it is not possible to use the
terminal
Enforce Enforce the value to existing accounts
96 One Q Server Configuration Guide
Quota (policies)
The table below describes the parameters of the Quota tab:
Parameter Description
Enable quotas Yes, allows quota for user
Total pages quota Total
Color pages quota Total color
Free total pages quota Free quota that can be refilled within a given period
Free color pages quota Free quota that can be refilled within a given period
Enforce Enforce the quota to existing accounts
User will have (total + free) total pages to print or copy, from which at most (color + free
color) can be printed in color.
First the free quota is consumed, then the main quota.
The idea is that free quota is something that is given to the users for free. They must then
purchase credit themselves.
97 One Q Server Configuration Guide
Permissions (policies)
Allows user to Copy (bw), Color Copy, Scan, Push print, Pull print, color print and share jobs.
The table below describes the parameters of the Permissions tab:
Parameter Description
Admin Selected gives user full admin role, but can´t delete the VDMSADMIN
account
Color copy Select/deselect permission for user to color copy on terminal
Color print Select/deselect permission for user to color print on terminal
Copy Select/deselect permission for user to copy on terminal
Create short ID If selected, the system generates a random Short ID for user. The
generated Short ID can be viewed in My Profile > User Details pane
Create PIN If selected, the system generates a random PIN for user. The
generated PIN can be viewed in My Profile > User Details pane
Fax Select/deselect permission for user to fax on terminal
Guests admin Selected gives user full Guest admin role, great guest cards etc.
Jobs admin Selected gives user full Job admin role, move and delete job
98 One Q Server Configuration Guide
Payment admin Selected gives user full Payment admin role, handle payment like add
or remove payment on user accounts
Pull print Select/deselect permission for user to pull print on terminal
Push print Select/deselect permission for user to push print on terminal
Reports admin Selected gives user full Reports admin role, create and run reports
Reports view Selected gives user Reports role, to run reports
Scan Select/deselect permission for user to scan on terminal
Share jobs Selected gives user permission to share jobs to other users, e.g.
teacher to student
Terminals adm If selected, allows the user to manage terminals. The Terminals tab is
added to the menu bar
USB port Track jobs printed on USB port
Users admin Selected gives user full User admin role, create/delete or
activate/deactivate users
99 One Q Server Configuration Guide
Other options (policies)
The table below describes the parameters of the Other Options tab:
Parameter Description
Price Profile Default price profile for the users
UI Theme Select the OEM or Public Print
Update free values at To be used with Quota to provide users free print/copies
Client code Code to be used for e.g. project accounting
Grid printing Please see section 24 for more info
Auto job release If selected, all jobs at the Pull queue for the user gets released
and printed at login at a terminal
100 One Q Server Configuration Guide
Allowed terminal groups As a standard, the policy is for all terminal groups. Select or
unselect requested terminal groups.
Print Monitor
configuration
When selecting a PM configuration, this setting will be
deployed to the computer
Creating or editing a local user
When creating a new user, only the user name is required, all other settings are optional. The
user name must match the login name used to send the job. The following additional options
are useful when configuring for every user:
The table below describes the parameters of the Create User dialog:
Parameter Description
Name Name or short name for the user
101 One Q Server Configuration Guide
Full name User full name
Email address User e-mail address
Home folder User home folder on network where it would be possible to store
scan jobs
Address information Location where user can type personal address information
Active Possible to activate or deactivate the use
Overwrite group policy Selected, makes it possible to overwrite Group policy settings
The Address information can be typed in on the server when creating the user or user has the
possibility to do it when login at the server, with username/password login on the web.
Here you enter your information, that information being used in a payment environment
when adding credit to a user account using credit card provider such as DIBS.
Authentication
102 One Q Server Configuration Guide
The table below describes the parameters of the Authentication dialog:
Parameter Description
Short ID: Numbers or letters that makes login easier
Card #1: Show the card number for 1. card
Card #2: Show the card number for 2. card
Pin: Pin code, prompt user as an extra security
feature when login at terminal
New password: Create new password
Account
The table below describes the parameters of the Account dialog:
Parameter Description
Unlimited If activated, user can print unlimited. If not, then the balance decides
whether it is possible or not, to use the terminal.
Balance What is left to be used?
Free balance E.g. provided from University as a free usage pr. month
Low limit When account get below this limit, it is not possible to use the
terminal
103 One Q Server Configuration Guide
Quota
The table below describes the parameters of the Quota dialog:
Parameter Description
Enable quotas Yes, allows quota for user
Total pages quota Total
Color pages quota Total color
Free total pages quota Free quota that can be refilled within a given period
Free color pages quota Free quota that can be refilled within a given period
User will have (total + free total) pages to print or copy, from which at most (color + free
color) can be printed in color.
First the free quota is consumed, then the main quota.
The idea is that free quota is something that is given free to the users. Then they must
purchase quota themselves.
104 One Q Server Configuration Guide
Other options
The table below describes the parameters of the Other options dialog:
Parameter Description
Email Address 2 Second email address, can be used for e.g. Google Cloud printing
with GPS
Aliases Alias name for login or can be used for delegation/secretary print by
using manager’s alias name.
Users created in the One Q server are local and independent from LDAP users.
Creating or editing a domain user
The Domain setup, as described in the Domains, MS, eDirectory, IBM Domino and Okta
section, must be set up before the below is possible.
Below is a domain user profile.
105 One Q Server Configuration Guide
Please note some information are greyed out, not possible to change. That information is
retrieved from Domain.
The field Client code will only show if there is domain information assign to the Client code in
the Connect to domain profile.
106 One Q Server Configuration Guide
Chapter 16: Domain users, Policy setup
The Domain setup, as described in the Domains, MS, eDirectory, IBM Domino and Okta
section, must be set up before the below is possible.
Setting up and enabling the policies can be configured on Active Directory Organizational
Unit (OU) or Active Directory Groups.
If not, policy is set, the OU or group inherit the Global Policy settings.
As shown below could be settings in Active Directory, OU (yellow) or Groups (blue):
On the One Q server, select Users:
107 One Q Server Configuration Guide
In the Show users from select the domain.
Depending of the Domain setup, you will now see Groups or OU.
Selecting the Edit on the Group/OU will open the below policy.
For the Group priority, the highest is 100, the lowest is 1.
Then setting the policy required for the Group/OU.
If a user is in e.g. 3 groups, the highest value will set the standard setup for that user.
108 One Q Server Configuration Guide
Chapter 17: Terminals and Groups
Setup Terminal and groups
In this section, the overall settings of the terminals are set up.
A terminal can inherit the settings from a Group. In this way it is possible to apply settings to
multiple terminals.
Introduction to terminals
A terminal is an authentication or printing unit. The following terminal types are defined on
the server:
• Undefined - when terminal with type Undefined is placed to the group with Vendor
set, terminal inherits Vendor value from group if "Overwrite group options" is not set.
• Embedded - an embedded application running on the target MFD
• Embedded (Android) - an embedded application running on the target MFD (Ricoh
client)
• Web client – a browser terminal running on the server and displayed on the MFD
• Push print - indicates that this terminal is used for direct push printing
• Release station - external hardware terminal with card reader attached to the network
and communicating with the server
109 One Q Server Configuration Guide
Before users can authenticate themselves or perform push printing, at least one terminal
must be defined and configured. Terminals are managed under the Administration >
Terminals section of the server web interface:
Terminals can be added to groups and every group can have its own configuration. This way,
a group of devices can be changed and updated in an easy way.
Group settings
The table below describes the parameters of the Group options dialog:
Parameter Description
Name Free form name
110 One Q Server Configuration Guide
Accounting type Full for reporting and user billing, Log for reporting only, none
for no accounting
Vendor Mandatory to set, please set the correct vendor type. Used for
configuring extra config and in reporting and informing the
server how to communicate with device
Default Terminal Type Specify the default terminal type for a given Group. This
parameter will be automatically selected for the terminals
created within this group
Pricing profile A profile that defines prices for jobs and pages
Client code Assign a Client code for the terminal
Logout timeout The number of seconds where the terminal is not used until it
automatically logs the user out.
SNMP accounting Use SNMP for more accurate print accounting.
Some vendor support print.correction instead, please see vendor
manual
Status monitoring: Device status is shown in the Terminal list
Active Activate/deactivate the terminal
111 One Q Server Configuration Guide
Please see the device manual for the individual extra configuration settings for each product.
The table below describes the parameters of the Advanced options tab:
Parameter Description
Enable client deployment It is possible to deploy embedded code to terminals from
the One Q Server
Enable card enrolment The solution can be set up to identify new card (unknown)
and ask them to map their identification card (or another
credential) to their user account. Users must already exist in
LDAP (Active Directory) or local database
Enable scan2me If activated, the email addresses are collected from the One
Q server, and sent to the terminal
Enable client codes Client codes can be used on this terminal
Validate client codes If client codes are used, they can be validated against a
database
Auto job release When a user is identified, all waiting print-jobs at the Pull
queue is released at login
Message of the day A message appears on the terminal’s screen for the user
(it only works on some types of terminals). Messages can be
anything from ‘Remember midsummer kalas on Friday’
to ‘All emails will from now on be printed in black and
white’
Extra config Device setting dependant on the vendor selection. Special
configuration can be set up here, e.g. it can be a password
to devices if required in the client. Remember to set
terminal vendor first, to make extra config settings visible
112 One Q Server Configuration Guide
Below are the settings from Ricoh.
Adding new terminals
This section takes you through the process of adding new terminals to the system.
Terminal discovery tab
To facilitate adding many terminals simultaneously, a discovery feature can be used. It only
works for embedded terminals and the embedded client must be installed on the target MFD
and be up and running. Discovery is based on IP multicast traffic (address 239.255.250.206,
UDP port 8709) and may be blocked on some corporate networks.
113 One Q Server Configuration Guide
Creating terminals (Windows version)
Select the Group and select Add terminal.
When adding a new terminal manually, press the Add terminal button and enter the required
parameters:
Parameter Description
Name Free form name
Address IP address or DNS name of Terminal where the server configuration is
sent to
114 One Q Server Configuration Guide
Terminal type Choose according to the terminal role and type. By default, the system
automatically inserts the same type as specified in the Default terminal
type parameter of the Group creation dialog
Print protocol Either TCP/IP (port 9100) or IPP/IPPS. USB can only be used if Print
Monitor are install on that workstation where USB printer are connected
to. Dummy can be used for test purpose
MAC Address MAC address of the terminal can be added manually
Printer address For External and IP card reader it is where the job is sent to. With
Embedded and Web client IP is the same as the Address. For IPPS
protocol an extra parameter is required - printer URL, e.g.
https://printeraddress/ipp
Location To be used with Print Monitor configuration: where terminal is located.
Location can be typed in and selected or imported by the Data sources
module
Serial Number Terminal serial number, to be used in Reports
Description To be used in Reports
Print QR Code Requires installed LibreOffice 6.x on the server (see LibreOffice for
Windows or LibreOffice for Linux). Press this button if you need to
generate a QR code for identifying the terminal. After receiving a
confirmation in a pop up window, the terminal will print out the QR
code. Clicking the button again (when editing the terminal's properties)
will issue a new QR code and "forget" the old one.
Note The printed QR code is documented by the system as a print job
performed by the "vdmsadmin" user, even if the printing was initiated
by any other user.
115 One Q Server Configuration Guide
Overwrite group
options
If marked, it is possible to configure these terminals in a different way
than the other terminals in the group
IPP/IPPS printing
For the Web Client, it is possible to print with IPPS (SSL over IPP)
To be able to print by IPPS, you need to add MFD´s certificate to the truststore.jks
Can be done like below:
"C:\Program Files\Ubiquitech\VDMS Server\jre\bin\keytool" -
importcert -noprompt -alias KMB92F59 -file KMB92F59.crt -
keystore "C:\Program Files\Ubiquitech\VDMS
Server\conf\truststore.jks"
The ""KMB92F59"" is the certificate
Please add the correct name to the script
Run it in a CMD prompt on the server and restart all VDMS services.
DNS must be running for proper validation for host name or FQDN for server and devices.
116 One Q Server Configuration Guide
Location
An example of a Push terminal with location.
To be used together with Print Monitor to ease printing for end users.
Creating terminals (Linux version)
The Setup for Linux is almost the same as Windows, but due to CUPS within Linux, more
functions can be added to the print process and conversion.
In order to support a multivendor environment with a minimal set of print queues and drivers
to support stapling, punching, booklet etc. it is a requirement that the ONE driver is used as a
print driver on the workstations.
117 One Q Server Configuration Guide
Selecting Universal print target and select <New target…>, gives the Admin the possibility to
create a printer with a PPD (PostScript Printer Description) that converts the print job to
match the specific printer/MFD.
Selecting upload, provides the possibility to select the PPD for the specific printer/MFD and
will create the printer within Linux Cups.
118 One Q Server Configuration Guide
Select Save.
Note This PPD is located on the OS and cannot be backup, in case that One Q server need to
be moved to another Linux server.
Remember the Universal printing setting on the queue, if not set, the conversion will not take
place.
Configuring terminals
Once the terminals are added or modified, configuration must be sent so the embedded
application is aware of the server address and settings. This is done by pressing the
"Configure Terminals" button. Terminal configuration requires UDP port 8710 to be opened
on the network (direction server -> printer).
119 One Q Server Configuration Guide
It is possible to configure: All active terminals - Selected only - Current Group and Deploy
embedded client to Lexmark, Ricoh (Android and Java) and Samsung XOA devices.
If "Enable client deployment" is enabled on the Terminal/Group, then the client will be
deployed to the device when Configure is selected.
Refresh status tab
It is possible to refresh All active, Selected only or Current group terminals.
120 One Q Server Configuration Guide
Discover tab
Selecting Discover, the server will perform a multicast discovery and search for all units where
the One Q embedded clients are installed.
It will not work for Web Clients.
Chapter 18: Queues
In this section, queues for pull, push and secure print can be created, deleted and edited.
Virtual queue can be created/deleted in the One Q server.
OS spooler queue is created in the spooler of the operation system and cannot be deleted or
backed up on the One Q server.
121 One Q Server Configuration Guide
Preparing for creating queues (Windows version)
To create a queue which is connected to the One Q server, start a new printer wizard and
choose ‘Local printer’. In the port settings, choose ‘Create new port’ and choose the
port type: ‘VDMS port monitor’:
Follow the steps to choose the queue name and printer driver. The created queue will be a
pull queue by default, e.g. all the incoming jobs will be stored on the server and not
forwarded to any printer. Push printing requires more configuration in the web
administration interface of the server (See below ‘Push printing’).
The original Win 2012/2016 Class 4 drivers cannot be used with port monitor, please use class
3 driver (download it from vendor web site).
122 One Q Server Configuration Guide
Name cannot be changed unless renamed on the Windows server.
Create queue in One Q server portal (Windows version)
The table below describes the parameters of the Create queue dialog:
Parameter Description
Name Free form name
Queue type Pull queue, Push queue or Secure queue (Pin code solution, only for
Ricoh)
Target terminal Only available when Push queue is chosen
123 One Q Server Configuration Guide
Domain A target domain need to be specified, otherwise only local users are
allowed to print to these queues
Print Monitor
configuration
Assign a PM configuration to a queue, this way the PM on the
workstation will be set to log in with the settings in the config file
Push printing
Push printing is similar to direct printing to the target device. The difference is that the job
still goes to the server, user permissions and account balance are checked, and the job is
directly forwarded to the printer, without being stored on the server. User authentication is
not necessary (although from the PC it can be enabled with Print Monitor client software
[Print Monitor is an add-on module]), but the accounting and tracking can still be used.
This kind of printing is useful for small network printers without the embedded client or in
cases when user authentication is not desired.
Push printing can be performed to either 'Embedded' (external terminals included) or 'Push
queue' terminal type. The difference is that 'Embedded' terminals can also be used for
authentication and pull printing. The Server license controls how many pull and push
terminals are enabled.
Push printing is controlled by setting a print queue to the 'Push' type and specifying the
target terminal (under ‘Administration, Queues’ section):
124 One Q Server Configuration Guide
Create queue in ONE Q server portal (Linux version)
In the Linux version, it is possible to create either Virtual queues or OS Spooler queues.
The virtual queue is controlled by the One Q system and can only be used to print via Easy
Manager/Print Monitor.
The OS Spooler is created in the Linux Cups as an input queue for the Linux system and
should be used as it supports printing via Windows/Mac/Linux without the need for any client
software installed at the workstation.
Queues in Linux and Windows have the same functionality whether they are Pull or Push
queues.
Universal printing is needed if using the One Driver together with PPD on the terminal.
One Driver on One Q server or One Q SaaS
Activates universal printing functionality.
Can be used only on Linux or on One Q SaaS.
How does it work?
There is one normal input queue (pull queue) with a generic Postscript or PDF driver. PS/PDF
is a requirement for universal printing.
Multiple output queues (physical TCP/IP queues) are connected directly to printers. They are
managed using "Devices and Printers" within CUPS in Linux. This physical queue must be
selected in the terminal settings under "Universal print target". Output queues can have
125 One Q Server Configuration Guide
different drivers - PS, PCL, whatever. It can be also local USB-connected printer - it does not
matter.
When you request to release a job marked for universal printing it will be sent to the specified
output queue (TCP/IP queue) and formatted to whatever output PDL is needed.
If you leave "Universal print target" option empty the job will be printed in a usual way,
directly to the printer.
Disadvantages:
Performance can be lower as the job must be converted to the output format.
Chapter 19: Client Codes
Client codes (also known as billing codes) are 'tags' that allow you to group job tracking and
reporting based on selected criteria - for instance department, faculty, building, class, area,
etc. Client codes can be used in several ways:
• Client code entered manually by the user when doing pull printing from the terminal
must be enabled first under the ‘Administration, Terminals’ section. This client code
has a highest priority and will be used whenever entered
• Default client code assigned to the user will be used if no manual code is provided
• Default client code assigned to the terminal will be used if no default code is provided
for the user
When the job tracking information is added to the database, a client code is also recorded.
Subsequently, a report can be generated based on the client code - for example a total
number of prints performed in a particular department.
Client codes are defined under the Administration > Client codes section:
126 One Q Server Configuration Guide
It is possible to import client codes from a CSV file. The file format is:
name,description[,subcode1,...,subcodeN]
Every client code can have one or multiple subcodes (matter codes) defined. This is useful in
certain scenarios for example in law firms, where client code represents the case and subcode
refers to a particular case file.
127 One Q Server Configuration Guide
Chapter 20: Price profiles
In this section, the pricing profile can be set up. A profile can be specified for each device type
and any job type. It is possible to select paper size, duplex/simplex color and B&W.
A new profile is created simply by giving it a name.
After creation, the profile can be edited:
There is no limit in numbers of profiles and they can be edited and deleted here.
128 One Q Server Configuration Guide
Pricing is pr. Image, so above pricing will be correct for 2 color pages:
Example:
Simplex: 2 x 0.25 = 0.50
Duplex: 2 x 0.20 = 0.40
If Users select duplex (Double-sided) instead of simplex, then they will save some money.
Chapter 21: Authentication devices
Authentication devices is used to authenticate users in places where no reader can be
attached to MFD, or where "release all" functionality is required. Authentication devices can
be a biometric reader, numerical keyboard or a card reader.
129 One Q Server Configuration Guide
To create a new device press Create auth device and fill out all fields or use the tool ipbridge-
config. (Provided by One Q Support).
Remember to Activate Auth. device.
Please see IP Cardreader Bridge Raspb.pdf or IP Cardreader SwitchBridge SB.pdf manual for
more information.
The table below describes the parameters of the Edit auth device dialog:
Parameter Description
Name MAC address, added when unit gets connected and configured to
the system. Can be changed
Device type TCP/IP card reader
Address MAC address, added when unit gets connected and configured to
the system
Action Selected from drop down menu, release all jobs/Login at the
terminal/Login, and release all selector
Associated terminal Selected from drop down menu, the terminal
Active Activates device
Chapter 22: Grid nodes
Grid printing must be enabled in the server license.
130 One Q Server Configuration Guide
Grid printing as a term is used here as cluster printing, i.e. bringing multiple One Q servers
together into one connected solution.
Introduction
Grid nodes allows you to do 2 things, Grid printing and synchronization between database
Grid printing allows you to organize multiple servers into a private Grid and perform pull
printing, regardless of the location the document was submitted to the server from. For
example, if the organization has multiple branches or offices, it is possible to print the
document in one office and collect the print-out at another.
Grid nodes also allows servers to synchronize between databases:
Select between; Client codes, Domains, Policies, Price profiles, Terminals, Terminal groups,
Users, Print queues, Auth devices, Rules, Reporting data, Payment history, Guest cards,
Reports, scheduled reports, Data sources, Scheduled imports, Job deletion, Print Monitor
configuration
SYNC only to be used if system runs with local Database, DO NOT USE IT WITH SHARED
DATABASE
Configuration
Grid nodes are configured under the Administration > Grid nodes section:
131 One Q Server Configuration Guide
Every Grid node represents a server running in a different location. When a traveling user
authenticates at an MFD that do not point to user’s home server, a list of jobs is retrieved
from all configured nodes, so that the user can view and print jobs submitted to different
servers in the network.
Communication between Grid nodes is performed on TCP port 8712.
Each Grid server should have a list of terminals configured, which is local to this server.
Before Grid printing can be used, it must be activated either in the Domain, Guest or Local
Users group policy or per individual user:
The table below describes the parameters of the Create node dialog:
132 One Q Server Configuration Guide
Parameter Description
Enable database sync SYNC only to be used if system runs with local Database,
DO NOT USE IT WITH SHARED DATABASE
Sync sources Select between; Client codes, Domains, Policies, Price
profiles, Terminals, Terminal groups, Users, Print queues,
Auth devices, Rules, Reporting data, Payment history, Guest
cards, Reports, Scheduled reports, Data sources, Scheduled
imports, Job deletion, Print Monitor configuration
Sync retry interval, min If this peer is for example offline, and set for 10 min, the
server will attempt to re-sync for 10 minutes max. If set for
1440, it will try to re-sync for one day. If set to interval 0 it
will not attempt to re-sync.
More info next page.
If you set this interval to 0 it will not attempt to re-sync
Cluster peer address Set IP/FQDN for Backup/Primary server
Email for notification Information mail to the system administrator or other
responsible persons
Usage example Grid printing
There are two locations, HQ in Copenhagen and Oslo1. Each location has several MFDs
(terminals) connected to the server running on that location.
We define Grid nodes as follows:
• On HQ server we create a Grid node that points to Oslo1 server
• On Oslo1 server we create a Grid node that points to HQ server
• On HQ server we create and configure terminals that are located at HQ
• On Oslo1 server we create and configure terminals that are located at Oslo1
133 One Q Server Configuration Guide
Next, we activate Grid printing in the global policy settings - from that moment users printing
to HQ server can get their jobs printed at any MFD in the BR1 location (and vice versa).
134 One Q Server Configuration Guide
Usage example sync between servers
If the sync between servers fails, and has not been updated then your account on the 2
servers may have a different value.
As soon as your account has been updated on one of the servers, like printing a job, copy a
page or adding money, all servers are updated and the values will be the same across all
servers.
Chapter 23: Rules
Introduction
The One Q server supports rules-based printing. This facility allows you to create rules that
control the job workflow, access permissions and setup printing conditions.
There are some limitations:
• Some rules and conversions depend on vender device support that, e.g. conversion to
BW and simplex.
• Some rules and conversions depend on IPP protocol and PostScript.
• If the job is encrypted using passphrase from Print Monitor, conversion is not possible.
• Paper setup from MS-Word with selection from different trays eg page 1 from tray 1
and the rest of the document from tray 2, that information are under a Duplex
conversion converted to only select pages from standard tray.
Rules with user authentication will take place after the job has been validated and confirmed
that local user/AD account is present on system.
Rules and conversion are triggered by:
• Print Monitor (if the client software is used)
• Rules
• Clients (E.g. Ricoh, Lexmark)
135 One Q Server Configuration Guide
For best performance, use IPP protocol and PostScript
To describe the rule-based printing the following special terms are used in this chapter:
• Rule – a named set of conditions and actions; rule is checked and applied in the scope
of a certain event;
• Event – a notification given to the rule management framework when something is
happening in the system;
• Condition – a logical expression that evaluates to true or false; condition consists of 3
parts:
<predicate><transition> <parameter>
• Subject – an entity that is a target for condition check;
• Predicate – a subject-specific logical clause;
• Parameter – is an optional parameter to the predicate;
• Transition – a logical transition to set the predicate or the condition to "not".
• Action – an action that is executed when all the conditions are evaluated to true.
136 One Q Server Configuration Guide
There can be several conditions and actions defined for a given event. They can be used
sequentially in the defined order.
The rule consists of the conditions and actions. If all the conditions are fulfilled, the actions
are executed.
Rule event
Every rule is associated with a rule event that occurs when the server software runs.
For instance
• the "job in pull queue" event occurs when the document is submitted to a pull queue
• the "job release" event occurs when the document is submitted to the MFD or printer
• etc.
Conditions
Every condition consists of a predicate. A predicate is a logical clause, which applies to a
subject and checks it, e.g. "User name is".
Multiple conditions can be added to the same rule.
In the given example, there are two conditions defined which (when combined) will produce a
rule that checks if the incoming job has a total number of pages greater than 50 and its title
contains "Microsoft Word".
137 One Q Server Configuration Guide
After the conditions are defined, the actions must be specified which are then executed when
the conditions are satisfied.
Actions
Actions can be re-ordered by pressing Up or Down link. The special action Deny stops all
further processing of the following actions.
To save the new rule press ‘Save’ button. To abandon changes press ’Cancel’ button. All
the changes are applied with immediate effect.
Rules' Applications
Below is the 5 different rules event, to show the possibilities with rules.
Test Any Queue event
Rule event Conditions Actions
Job in any queue User name is
User group is
User email is
Domain name is
User exists
System time between
Terminal name is
Deny
Print banner
Send email
Assign job to
Move job to
Filter job
Print job at
138 One Q Server Configuration Guide
Terminal group is
Terminal address is
Terminal vendor is
Terminal location is
Terminal is offline
Terminal is busy printing
Job title contains
Queue name is
Job type is
Paper size is
Job is duplex
Total pages greater than
Color pages greater than
Job PJL value is
Job forced to B&W
Job forced to duplex
Job forced to simplex
Client code is
Client code exists
Client code has subcode
--- Logical OR separator ---
Set job title
Set job prompt
Force job to B&W
Force job to duplex
Mark job as favorite
Mark job as shared
Cut job title
Force job to simplex
Set job retention
Cut user name
Convert job to PDF
Set user permissions
Enable color ink detection
Stop
Assign job by email
Convert job to PCL XL
Test Job Release event
Rule event Conditions Actions
Job release User name is Deny
139 One Q Server Configuration Guide
User group is
User email is
Domain name is
User exists
System time between
Terminal name is
Terminal group is
Terminal address is
Terminal vendor is
Terminal location is
Terminal is offline
Terminal is busy printing Job title
contains
Queue name is
Job type is
Paper size is
Job is duplex
Total pages greater than
Color pages greater than
Job PJL value is
Job forced to B&W
Job forced to duplex
Job forced to simplex
Client code is
Client code exists
Client code has subcode
-- Logical OR separator --
Print banner
Send email
Assign job to
Move job to
Filter job
Print job at
Set job title
Set job prompt
Force job to B&W
Force job to double-sided
Mark job as favorite
Mark job as shared
Cut job title
Force job to simplex
Set job retention
Cut user name
Convert job to PDF
Set user permissions
Enable color ink detectio
Stop
Set client code
Assign job by email
Convert job to PCL XL
140 One Q Server Configuration Guide
Test Pull Queue event
Rule event Conditions Actions
Job in pull queue User name is
User group is
User email is
Domain name is
User exists
System time between
Job title contains
Queue name is
Job type is
Paper size is
Job is duplex
Total pages greater than
Color pages greater than
Job PJL value is
Job forced to B&W
Job forced to duplex
Job forced to simplex
Client code is
Client code exists
Client code has subcode
-- Logical OR separator --
Deny
Print banner
Send email
Assign job to
Move job to
Filter job
Print job at
Set job title
Set job prompt
Force job to B&W
Force job to duplex
Mark job as favorite
Mark job as shared
Cut job title
Force job to simplex
Set job retention
Cut user name
Convert job to PDF
Set user permissions
Enable color ink detection
Stop
Assign job by email ***
Convert job to PCL XL
141 One Q Server Configuration Guide
Test Push Queue event
Rule event Conditions Actions
Job in push queue User name is
User group is
User email is
Domain name is
User exists
System time between
Terminal name is
Terminal group is
Terminal address is
Terminal vendor is
Terminal location is
Terminal is offline
Terminal is busy printing
Job title contains
Queue name is
Job type is
Paper size is
Job is duplex
Total pages greater than
Color pages greater than
Job PJL value is
Job forced to B&W
Job forced to duplex
Job forced to simplex
Client code is
Deny
Print banner
Send email
Assign job to
Move job to
Filter job
Print job at
Set job title
Set job prompt
Force job to B&W
Force job to duplex
Mark job as favorite
Mark job as shared
Cut job title
Mark job as pull
Force job to simplex
Set job retention
Cut user name
Convert job to PDF
Set user permissions
Enable color ink detection
Stop
Set client code
Assign job by email
Convert job to PCL XL
142 One Q Server Configuration Guide
Client code exists
Client code has subcode
--- Logical OR separator ---
Test User Authentication event
Rule event Conditions Actions
User authentication User name is
User group is
User email is
Domain name is
User exists
System time between
Terminal name is
Terminal group is
Terminal address is
Terminal vendor is
Terminal location is
Terminal is offline
Terminal is busy printing
Job title contains
Queue name is
Job type is
Paper size is
Job is duplex
Total pages greater than
Color pages greater than
Deny
Send email
Set job title
Set job prompt
Cut user name
Set user permissions
Stop
143 One Q Server Configuration Guide
Job PJL value is
Job forced to B&W
Job forced to duplex
Job forced to simplex
--- Logical OR separator ---
Creating new rules
To create a new rule press the Create rule button and enter the required parameters: Name,
Rule event and the Active flag:
A rule will appear in the list of rules. To delete the rule, press the red X. To edit the rule and
define the rule contents, press the "Add" link in "Conditions" or "Actions":
To create a new condition press Add:
Enter the predicate parameter if required. Press "Save" button to add a new condition.
144 One Q Server Configuration Guide
To create a new action press Add:
Choose the required action from the list. Enter the action parameter if required. Press "Save"
button to add a new action to the rule.
To change the action order, press the "Up" or "Down" link.
The rule is activated immediately on the server side when it is marked Active.
PJL Rules
The PJL Rules have many possibilities.
For rules, there are different template parameters and they must be entered in capital letters:
$(USERNAME)
$(FULLNAME)
$(DOMAIN)
$(EMAIL)
$(HOMEFOLDER)
$(TERMINALNAME) "only available in push printing or job release events."
$(TERMINALADDRESS) "only available in push printing or job release events."
145 One Q Server Configuration Guide
$(TERMINALGROUP) "only available in push printing or job release events."
$(CLIENTCODE)
$(JOBTITLE)
$(TOTALPAGES)
$(COLORPAGES)
$(MONOPAGES)
$(QUEUENAME)
$(FILESIZE)
It is also possible to "capture" a custom variable from the job's PJL header using the following
syntax (in the rule condition "PJL value is"):
PJLVAR=$(CAPTURE)
It will extract the PJLVAR from the job file and assign it to $(CAPTURE) variable.
For example, if job file contains "@PJL SET USERNAME="john.doe" then it is possible to
extract the user name into $(PJLUSER) variable with the following condition:
USERNAME=$(PJLUSER)
Then this variable can be used in rule actions, for example to assign job or to send email.
Regular expression rule
A print printed from a LPR queue can arrive at the server like below
It can be solved like with a rule assigned to the correct queue
A regular expression. https://en.wikipedia.org/wiki/Regular_expression
This one means: whitespace repeated one or more times: \s+
146 One Q Server Configuration Guide
Opening parenthesis: \(
One or more non-whitespace characters: \S+
Closing parenthesis: \)
The whole expression will change the user name received from LPR service in the form
"username (x.x.x.x)" to just "username" or
Rule, capture the job title.
Rule event=Job in Pull queue
Condition=Queue name is <name of the queue>
Action=job rule is set to: username=$(JOBTITLE), domain=<domain name>
Rule, remove program prefix like Microsoft
It is possible to remove prefix like Microsoft PowerPoint, Word etc. by a rule
The jobs marked with yellow is printed before activating the below rule.
147 One Q Server Configuration Guide
Rule = \s*\S+\s*-
User authentication
It is possible to create a rule that sets some user permission on e.g. a vendor.
Below is showed how to set that only Pull print are allowed on all Xerox terminals for all users.
Multi selection
If you have for example a condition "terminal name is" - instead of selecting one terminal
from a drop-down list, you have now an option to specify multiple terminal names separated
with | sign
Example term1|term2|term3, please type in the correct terminal name
148 One Q Server Configuration Guide
Chapter 24: Guest cards
Under Guest cards, you can create Guest cards for guest or Replacement cards for existing
users.
149 One Q Server Configuration Guide
Guest cards
Above is an example on a default Guest card where user use a company/public computer
with Print Monitor to print.
User walk up to the computer, open the job and print. The Popup from Print Monitor show
and user type in user name and password to be able to print. Walk up to the device and
release the job.
The table below describes the parameters of the Create Guest Card dialog:
Parameter Description
Card ID ID number of the card
Card type Guest or replacement card
User name User name
Email address Email address, to be used later if guest add more
money to account
Password User password
Unlimited Is the card an unlimited card, (free print/copy) or does
user need to pay
Balance Amount of currency on card
Retention time, hours Time limit on how long the card is active
150 One Q Server Configuration Guide
Active Is the card active or not
Replacement cards
If user forgets/loses the access card, it is possible to create a replacement card that for a
period of time, to replace the existing card.
The table below describes the parameters of the Create Guest Card dialog with the card type
set to Replacement:
Parameter Description
Card ID ID number for the card
Card type Guest or replacement card
Domain The domain selection where user exists
User name User name
Balance Amount of currency on card
Retention time, hours Time limit on when the card active
Active Is the card active or not
151 One Q Server Configuration Guide
Chapter 25: Data sources
The Data Source can import data from a CSV file.
Please remember that the manual imported CSV file after first import is cached on the server
and if the contents of the CSV file are changed at a later date, the change will not be applied
to the server. You need to clear the CSV file and select it again.
Importing data from a CSV file containing special characters like Scandinavian could cause
some issues if the CSV is not in UTF-8 format.
Above file will look like this if not set for UTF-8 format.
After changing to UTF-8 format and save the CSV file
152 One Q Server Configuration Guide
Data source example
Below is an example of a data source import, step by step on how to import terminals
Selecting will Preview the Data source
Selecting will Import the Data Source
153 One Q Server Configuration Guide
Creating the data source.
Name the Data source and select the CSV file.
154 One Q Server Configuration Guide
Remember to select the correct CSV separator.
Example for Terminal import
Save the setting and control the import on the preview.
155 One Q Server Configuration Guide
Click "Headline to change" from <No import> to the requested parameter.
In this example, the CSV file contains header, which can be removed in the CSV import.
156 One Q Server Configuration Guide
Select what to import, then run the import
If Vendor or client code are selected, then the Terminal will be imported, but status are "Not
Active"
Here I selected the import and the correct information but are not importing one column.
Select Import.
And in this case 59 terminals have been imported.
157 One Q Server Configuration Guide
The import must contain correct Terminal type like below.
Example for Print Monitor profile import
Set up the file as a CSV like below
Set up an import like
Remember to remove the SCV separator
Now 2 Print Monitor profile has been imported.
Chapter 26: Print Monitor
From server version 5 it is possible to configure Easy Manager/Print Monitor server side.
Solution branded ONE Q DIRECT
158 One Q Server Configuration Guide
The EM/PM must be installed on the Workstations and pointing to the server on the correct
IP/DNS name.
At first print the configuration will be sent from server to EM/PM.
There are 2 ways to configure PM from server side, either by the Queue settings or on the
User/Domain account.
• For the queue set the PM configuration, like below for the Copenhagen office/profile
• For the User/domain a default PM profile are needed on the queue where the user
print to, and on the user/domain policy set the needed profile for that specific
user/group/OU.
o Please see Print Monitor User/Domain account setup
The configuration in server 5 for a Print Monitor profile looks like below:
Setup: Set name and e.g. assign Location and more settings depending of the customer wish.
159 One Q Server Configuration Guide
Location is created on the Terminal settings and should be set in the PM config.
The PM Config name, in this case Copenhagen must be applied to the Queue or User/Domain
account.Print Monitor Queue setup
Unger Queue settings, select correct profile needed for the location, in this case Copenhagen
and save it
160 One Q Server Configuration Guide
Print Monitor User/Domain account setup
For the PM for User/Domain account setup creates a Queue with a default PM configuration.
Then on the User/Users, local or Domain set the needed profile, in this case the Copenhagen
profile again.
The Policy settings can be done on AD Group, AD OU or individual/local users.
On the Server Config / Authentication one of below need to be set before AD users can
receive the correct PM configuration.
161 One Q Server Configuration Guide
ONE Q DIRECT and Offline print
Important: Offline print is not supported when selecting Job Target as Connect Server. It
requires direct access/communication to the One Q server.
With the setting for direct printing, in case of Push printing, the job is sent directly from the
workstation to the device.
For Pull printing, the jobs are stored locally on the workstation, and following authentication
on the device and selecting print jobs, the job is sent directly to the device.
162 One Q Server Configuration Guide
In the Print Monitor config, Job Target must be set to VDMS Direct Print
Below is the setup step by step.
You need to create one Pull Queue and/or some Push Queues with assigned Terminals set up
as Push devices.
Above picture shows one Pull queue and 2 Push queues
On the workstation, the printer driver and Print Monitor must be installed.
163 One Q Server Configuration Guide
Driver pointing to Print Monitor Port with the same printer name as the Pull Queue on the
server.
Print Monitor set up with Queue and server address, in below setup, server 81 (192.168.1.81)
Test setup by stopping services on the server.
After some time, the popup below will appear, and it is possible to print push jobs to any
devices in your setup.
Tracking data from jobs printed in offline mode will be sent to the server, when server is
online again.
164 One Q Server Configuration Guide
It will take up to 10 min before the server DB is updated.
Depending of the time stamp in the local DB, the same job printed twice within a short
timeframe may be reported to the server as one job but with the correct number of tracked
pages matching the output on the device.
If you try to print for the first time to a server which is down, there will be no cached printers
and the below will be shown.
If the direct printing does not work, please check the DNS. It might be at DNS lookup
problem.
It is mandatary that the DNS is set up correct to get to allow offline printing.
Below is an example where the DNS does not work, but IP-address lookup does work
165 One Q Server Configuration Guide
The server log shows the sending PC host name, in this case MPJ-PC.
Print Monitor USB printing
It is possible to use the Print Monitor for tracking of the USB printing performed on a
workstation. Some conditions must be met before that it is possible.
• The Workstation must be a part of the corporate network, DNS and under control of
the IT department
• User must not have local Admin rights to be able to change Security settings on the
local USB Printer
• One Q Print Monitor must be installed on the Workstation
• A queue like Follow-Me with a server profile must also be installed on the Workstation
• Check firewall rules if printing is not possible
On the One Q Server create a Terminal.
166 One Q Server Configuration Guide
The IP address is the Workstation address where the USB printer is installed.
Naming of the Terminal: It is recommended to use a name that relates to the user for example
below is Lexmark USB MPJ.
Then create a Push Queue that points to this terminal.
Create a Print Monitor profile
Next step is to decide how users can print, as the below shows.
167 One Q Server Configuration Guide
Solution one queue/workstation
Install a driver and Print Monitor on the workstation and point to the server IP and name the
driver with the same name as the Push Queue, here it is USB MPJ
Remember to assign the PM config to the Queue.
Do this for all users/workstations.
Solution one queue and many workstations
Install driver and Print Monitor on the workstation and point to server IP and name the printer
with the Queue name, in this setup like below USB Print
Create a new queue on the server, etc. USB Print and assign the Print Monitor profile to the
Queue.
Then create the required Terminals and Queue for users/workstations on the server
168 One Q Server Configuration Guide
When printing, the below will appear:
Selecting USB Print and print, below popup will show
Select USB MPJ
Select OK and job will print on your USB printer.
Next time user prints, the selection, in this case USB MPJ, will be at top.
169 One Q Server Configuration Guide
The Print Monitor remembers the last 5 printer selections.
Job is printed to the USB printer and tracked on server.
If Offline print has been enabled in the Print Monitor profile, the user can also print in offline
mode (server down or no network connection).
Security settings for USB printing
Please note that if no action has been performed on the workstation regarding security, the
User can bypass the Print Monitor setting and no tracking will be performed on the server.
The Workstation needs to be locked, to prevent the user to print by standard USB port.
Please remove all "Allow Print" for users except for the Administrators.
170 One Q Server Configuration Guide
Print Monitor handling Server rules
• Jobs printed to server—Jobs send to server will be handled the same way as described
in Chapter 28
• Jobs printed locally, ONE Q DIRECT—Jobs are printed and stored locally on the
workstation. The impact of this feature is that some combinations of rules might not
work, because the job never passes through the server and some rules require his.
Below are examples of rules that work.
Troubleshooting
Print Monitor can´t connect to server or some error occur.
There are as standard no Print Monitor logs on the workstation.
Log can be started for trouble shooting.
Create a folder like PM
In a CMD prompt type (remember to ‘Run as Administrator’):
cd C:\Program Files (x86)\Ubiquitech\PrintMonitor
printmonitor.exe --kill
printmonitor.exe --log-to-file c:\PM\printmonitor.txt
171 One Q Server Configuration Guide
Chapter 27: Backups
Backups are configured in this section. For immediate backup choose Manual Backup and for
repeated backups choose Scheduled Backups.
To run an ad hoc backup, simply press Create backup, give the backup file a name and select
what to backup. Click the backup Name and the backup will be saved in the directory chosen
for backup in the ‘Administration, Server config, Backups’ section. A Windows popup will
show where to save the file.
Under Sources it is possible to select one or more source to import
172 One Q Server Configuration Guide
You can Merge the data or Delete existing data.
Repeated backups can be set up to occur at the same interval of minutes to annually.
173 One Q Server Configuration Guide
Chapter 28: Licensing
The newly installed One Q Server applies the trial license and allows managing 5 terminals
and 5 Print Monitor clients for 30 days. Additional 30 days can be requested by contacting
One Q staff.
To extend the trial period, click Extend… and enter the code received from the One Q staff.
The trial version has a limited functionality. To apply for a custom license, send a request to
[email protected] providing the following required information:
• Server ID
• Server Host name
• Company name
Once you receive the licensing file, you can upgrade your license:
1. Click Browse and select your licensing file, received from One Q staff.
2. Click Upload and validate license.
3. Click Install after the file is validated.
174 One Q Server Configuration Guide
The License Information page is reloaded and displays the information taken from the
license file. The parameters on the page cannot be edited.
Chapter 29: Log viewer
The log viewer can show the technical logging, not to be mistaken for the logging (tracking)
used for reporting for either the One Q server (Core) or Web (the administration tool). If web
clients are installed, there will be logs for those web applications too.
The logging from core is showing all events, like printing, copying, sign on (failure) etc. but
also changes in settings.
175 One Q Server Configuration Guide
The logging from the Web will only be used if errors occur and consequently used for solving
problems.
Example, user "Administrator" not found locally on server or in AD
The log can be exported to a text file.
Info in logs can be shown in a verbosity order.
176 One Q Server Configuration Guide
Chapter 30: Templates
Standard templates can be found in the folder C:\Program Files\Ubiquitech\VDMS
Server\conf\templates
It is possible to open and modify these files with the information that is to be sent out to
users.
If the server language is set, for example to "Danish", then file ** _ da will be selected and
sent. If this file does not exist, then the default file will be selected.
For example, the template for Terms and conditions on the "My Profile" portal:
177 One Q Server Configuration Guide
Please open the template in Notepad, make the changes and remember to save file in UTF-8
format.
Supported languages:
178 One Q Server Configuration Guide
Chapter 31: User interface, when users login via WEB
Login at the web interface https://server-adr:8443 will show the below window:
Left hand side shows standard login, right side shows login where user registration is enabled
(self-creation of a user account)
First section will show web interface with different settings, second section will show User
Self-creation process.
User web
Below is a web login as a standard user local user, in this picture mpj with no job in QUEUE
Here it is possible for the user to upload documents to server or change the user profile
• Full name
• E-mail address
• Additional e-mail address
179 One Q Server Configuration Guide
• Password
On the job it is possible to delete job or change status to Favorite (save job, system will not
delete it)
And check the printing history.
If the user is an Active Directory user (AD user) then some of the fields in the profile will be
locked.
Enabling below settings on the server, administrator/jobs, Permissions and WEB upload.
180 One Q Server Configuration Guide
The view for the end users will change and show the new features for the user.
Users now have the additional features to select
• The Short ID is randomly created, can be shown, deleted and regenerated
• It is possible to upload documents to the system, such as Excel, Word or PDF files.
• It is possible to select a job and print it directly to a Terminal
• It is possible to assign your job to another user
• Change status from a normal job to a Favorite job (will not be deleted by system) or
share job with all users so they can print it (they can´t delete it). For example, a teacher
printing on behalf of students.
181 One Q Server Configuration Guide
Enable user registration
When enabled, user registration allows users to create a local profile on the server.
When below settings are enabled by the Admin on the server, the users can create their own
profile.
Login at the web interface https://server-adr:8443 will show below window:
Selecting Sign up the below window will show:
Here, the user can fill in the required information and select Register.
182 One Q Server Configuration Guide
If below shows, then the mail cannot be sent from the One Q server to the mail server. The log
viewer will allow troubleshooting of such a problem.
An activation mail will be sent to user.
The user needs to follow link to activate their account..
Looking at the user profile on the server, the profile is not activated yet.
183 One Q Server Configuration Guide
And if user tries to log in, the below error message will be shown.
After activation via the link in the mail, the below will be shown to inform the user that their
account has been activated.
The user will also receive a confirmation mail, regarding the activation of the account.
Now user can log in and print.
Appendix A: Connecting to an external Database
The Database connection can be changed to MS SQL or PostgreSQL following installation. It
is not possible to disable or remove the bundled PostgreSQL database - it is an integral part
184 One Q Server Configuration Guide
of the solution and the other services depend on it. It is also used as a fall back database if
there is no connection to the external one.
Hikari DB pools allows setting up connection properties which can be entered into the
Properties field of the Database Configuration dialog. List of properties is available at
https://github.com/brettwooldridge/HikariCP.
Also, it is possible to fine tune datasource properties (the "dataSource." Prefix is required in
this case), for example:
dataSource.cachePrepStmts=true;
dataSource.prepStmtCacheSize=250;
dataSource.prepStmtCacheSqlLimit=2048;
It is possible to set several properties at time.
Completely removing properties from input and saving configuration restores initial
properties values. Partial replacement of properties does not produce restoring of initial
values.
185 One Q Server Configuration Guide
So in case of usage of several properties at a time, like propA=A;propB=B; the partial
change of property B to property C should be performed in in the following way:
1. Clean properties input and save configuration (at this time all initail values will be
restored).
2. Set the needed properties propA=A;propC=C;
External Microsoft MS-SQL Database
The 'vdmsng' database must be created there; authentication of the MS-SQL server must be
set to 'mixed'.
Username and password are dependent on the MS-SQL server settings.
External PostgreSQL Database
Username and password are dependent on the PostgreSQL server settings.
Connecting to Shared DB and JOB storage
The following changes are needed for all the One Q servers which should connect to the
remote database and JOB storage.
186 One Q Server Configuration Guide
Go to the web interface of One Q Server and log in as an administrator (vdmsadmin or
similar)
Go to Administration -> Advanced and go to Database connection URL and add the link to
the MS SQL or PostgreSQL
Change the IP address with the DNS name or IP address of the server where the database is
located!
Press Save.
If you get "Unable to modify config section!" check the log file for information.
Probably there are connection issues to the PostgreSQL server so check the pg_hba.conf file
for syntax errors and whether you have entered correct IP address!
To apply the changes and change the database, the services should be restarted.
Once the services are up and running you can log in to the web interface as user: vdmsadmin,
password: vdmsdemo
187 One Q Server Configuration Guide
If there are more One Q servers then repeat steps for all One Q servers!
Change Job storage location
You should also remember to change the job storage location.
The One Q Server service in Windows Services must be logged on as a user with
administrative rights.
On the server where the jobs should be stored, you have to share the folder and set
permissions so the user with the administrative rights you set above has read/write access.
188 One Q Server Configuration Guide
Go to the One Q web interface under Administration->Jobs and enable the following:
Remember, if you use custom storage with UNC paths then the vdms core service must be
running under some account with access rights to this shared folder (e.g. Administrator).
189 One Q Server Configuration Guide
Appendix B: Connect Server
Introduction
VDMS Connect is a standalone server component that runs on a separate print server and is
responsible for job storage, on-demand job printing and job deletion. All the tracking,
accounting and permission checks are performed on the remote One Q server, which only
contains job information and a reference url.
Important note: VDMS Connect cannot be installed together with One Q software on the
same server.
System requirements are:
• VDMS Connect Server installation running on a separate server
• Supported servers include: Windows 2008 R2 Server, Windows 2012 and Windows
2012R2
• 2 GB RAM
• 20 GB free disk space for the job storage area, database and application
• Following port is use
• UDP 8700 (One Q Server <--> VDMS Connect)
• Raw TCP 9100 or IPP (Print protocol) TCP 631
190 One Q Server Configuration Guide
Installation
VDMS Connect is delivered as a single executable installer file. Installation consists of running
the installer, accepting EULA and choosing the installation directory.
Configuration
VDMS Connect accepts jobs from two different sources:
• Printed through Windows print queue
• Printed through One Q Print Monitor or Easy Manager
191 One Q Server Configuration Guide
Print queue configuration on Connect server
To create a print queue connected to VDMS Connect start a new printer wizard, choose "Local
Printer", choose "Create new port type", then select "VDMS Port Monitor" from the drop-
down list.
All the jobs printed to that queue, will be delivered to One Q Connect software.
The original Win 2012/2016 Class 4 drivers cannot be used with port monitor, please use class
3 driver (download it from vendor web site).
After the queue is created, it is necessary to specify the address of the One Q Server, where
VDMS Connect will send the incoming job information.
This address is specified in the configuration file:
INSTALLDIR\conf\connect.properties,
Where INSTALLDIR represents the target installation directory (default is
C:\Program Files\Ubiquitech\VDMS Connect).
This configuration file contains 2 mandatory settings that must be specified:
vdms.server.primary – the address of One Q primary server where the job information will be
sent
192 One Q Server Configuration Guide
network.serveraddress – the address of this sever where VDMS Connect is currently running.
This address will be used by One Q Server to control the job (printing or deleting). It is auto
detected.
Optionally the vdms.server.backup can be specified in the failover installation. This option
contains the address of the backup server.
It is not necessary to restart VDMS Connect after configuration file change. The settings will
be applied immediately.
The Connect operational mode, storage or relay is:
1. storage, store print-jobs locally on the Connect server
2. relay, print-job is send to Primary and Backup server (ALWAYS to be used when
installing on a Mobility Printing server)
The failover policy must be defined in the field
Failover policy set to 'both' or 'single'
# cluster peer address to duplicate the job data.
cluster.peer =
Here a Cluster server (Another Connect server) can be typed in, jobs will be sent as a duplicate
to this server.
193 One Q Server Configuration Guide
Print Monitor configuration printing to Connect server
Alternatively, Print Monitor can be used for printing to VDMS Connect. In this case, no extra
configuration is required on VDMS Connect side, only the Print Monitor needs be configured
to work with VDMS Connect software.
To configure Print Monitor on client PC, open the printing queue configuration (either using
printer properties/Ports/Configure button or by right-clicking on the 'Q' icon and choosing
the appropriate printer), in the opened configuration choose the job target as "VDMS
Connect" and enter VDMS Connect server address.
Below settings can also be controlled by a Print Monitor profile on server.
Print Monitor will send job data to VDMS Connect and job information to One Q Server.
Appendix C: Google Cloud printing
Only working on server version 5.0.5 or newer.
One Q can use the standard printing functionality in Google Cloud printing on mobile devices
and PC/Mac to print to Pull Queue or Push devices
194 One Q Server Configuration Guide
To setup and get Google Cloud printing to work below prerequisites and requirements are
needed for a successful installation.
• A driver must be installed, and setup correct etc. paper size and color selection
• Google Chrome Browser must be installed on the same server as the VDMS server
• Google Cloud Print Services must be installed on the same server as the VDMS server
• A Special Google Cloud Print rule must be created on the VDMS server to extract the
users’ gmail information
Setup Google Cloud printer
On the server, install the required printer driver and setup per requirement like paper size,
color etc. and point to VDMS port monitor port.
Below description use the driver with the name "One Q Google Cloud print"
On the VDMS server install Google Chrome Browser
You have to install Google Chrome on the server where VDMS is running and perform the
initial setup via that browser. Remember, on top of this, some rules on the VDMS server
have to be created. This is also covered in chapter 39 under 'testing'.
For Linux, you also need to create the print queue in CUPS and assign a PPD file for it.
It can be done from a terminal session with the following command:
lpadmin -p google -v vdms-cups:// -P generic.ppd -E
Make sure the generic.ppd is present in the same directory where you run the command
from.
195 One Q Server Configuration Guide
It will add a printer name 'google' so if you want to name it something else simply replace
'google' with something else in the command line.
Install Google Cloud Print services from https://tools.google.com/dlpage/cloudprintservice
196 One Q Server Configuration Guide
Launch the Google Cloud Print Services on the server where VDMS is installed and log in. The
username used for logging in will be the one running the service, so make sure the user has
the required rights to run the service.
197 One Q Server Configuration Guide
Log in with your Company Google account.
Select the printer or printers you would like to be used for Google Cloud Print.
Open the Google Chrome and log in at www.google.com/cloudprint
198 One Q Server Configuration Guide
Select Printers
Select the printer, here One Q Google Cloud print and select Share
199 One Q Server Configuration Guide
Select Change
Change it to "Anyone with the link has access to the printer"
200 One Q Server Configuration Guide
Select 15 days and change it to ‘Unlimited quota’ settings
Select Save
Copy link and send it to the End users.
Or use the link as a QR Code
201 One Q Server Configuration Guide
Testing Google Cloud print
Each user must activate the link or QR code and log in to their own Google account. This will
import the printer to their Google account.
Copy the link and open it in a Google Chrome browser
Select Add printer and printer is now added to your Google account.
When printing from Android, iOS, PCs etc. the user must be logged in to their Google
account.
Print a job from Google Cloud to the One Q Server.
202 One Q Server Configuration Guide
Check the logs on the One Q Server.
This indicates that a user has printed a job:
[email protected]: 20170420_143351.jpg to the queue=One Q Google Grid
This needs to be corrected with a rule so user MPJ can be the owner of this job.
203 One Q Server Configuration Guide
For this user MPJ needs to be the owner of [email protected]
And a rule needs to be created.
Below example shows two rules, one for local and another for domain users
Remember, you need to create a rule with one Condition and two Actions
Conditions as text: \s*$(GMAIL)@gmail\.com:\s*$(GTITLE)$
Actions as text: $(GMAIL)@gmail.com
Actions as text: $(GTITLE)
204 One Q Server Configuration Guide
Below example shows 2 jobs, one before rule was activated and one after activating the rule
which validates and assigns it to email [email protected] belonging to user MPJ
Printing:
When printing using the standard Google Cloud printer
• On mobile units, please use Google Cloud to print or download an APP that can do the
printing for you. This is a standard solution on the mobile device, in case of problems
please contact the vendor of the mobile device.
• On the browser, login with your Google account at www.google.com/cloudprint
205 One Q Server Configuration Guide
Under Upload file to print, you can select e.g. Word and PowerPoint files to print.
Troubleshooting:
If you experience that the Google Cloud printing queue stops processing jobs, as in the
example below, it could be related to a server restart, network error or other problems.
If the queue is not resumed automatically after the problem has been resolved, then please
restart the Google Cloud Print services on the VDMS server.
206 One Q Server Configuration Guide
Appendix D: Console mode, for troubleshooting
Looking in the "All programs" folder, under One Q VDMS Server 5.0 you will find below.
Normally VDMS Server core and VDMS Server web server are running as services.
You can start them in console mode, which can be useful for example if there are any start-up
issues - you might be able to see the errors dumped in the console window.
It is only for troubleshooting purposes.
Use command line for that
C:\Program Files\Ubiquitech\VDMS Server\bin\vdms-xxx.bat console
where xxx is server, web or web client.
Appendix E: Migrating from ver. 3 to ver. 5
The Migration Tool is for migrate VDMS server ver. 3 to existing ver. 5.
Please contact One Q support before migrating.
Please follow the steps. Remember to backup server before migrating.
207 One Q Server Configuration Guide
Appendix F: Activate print, assign and preview for Admins
The possibility for the One Q server admin to be able to print, assign, preview and download
users jobs, has been removed from the server due to EU GDPR regulation.
Enabling this function is a breach of the EU GDPR regulation.
One Q disclaims all liability if One Q partner or customer using One Q server, change this
feature so that it is possible to use these print, view, assign or download features.
To enable this function, you need to modify the wrapper-vdms-web.conf file on the server.
The below line must be added
wrapper.java.additional.4=-Dpreview=true
Open the file from the conf folder
Edit and modify the file.
208 One Q Server Configuration Guide
Add the line to the file.
Restart all VDMS services on the server.
Please check with an admin account.
Remember after an upgrade this wrapper-vdms-web.conf file is over written and above task
need to be performed one more time.
Appendix G: How to setup Azure
Please contact One Q personnel for Azure LDAP setup.
209 One Q Server Configuration Guide
Appendix H: How to dump job to file
How to dump job to file after VDMS processing after applying e.g. rules.
Remember, enabling this function is a breach of the EU GDPR regulation.
Sometimes it's may appear necessary to investigate at print job that VDMS sends to devices
after all conversions.
VDMS has special protocol for it, but it's hidden by default. You can unhide it for testing
purposes
1) Uncomment item File in C:\ProgramData\Ubiquitech\VDMS
Server\data\temp\jetty………r\webapp\app\admin\inc\editterminal.xhtml
DON'T FORGET TO MAKE A BACKUP COPY OF THE FILE FOR THE CASE IF YOU MESS IT UP
The action needs to take place on the server and it is recommended to use an editing tool.
For this demo we use Notepad ++
The file must be edit.
Edit with Notepad++ and modify
Find <!-- f:selectItem itemLabel="#{res.file}" itemValue="FILE" /-->
Modify to
<f:selectItem itemLabel="#{res.file}" itemValue="FILE" />
210 One Q Server Configuration Guide
On the Window/Linux server create a folder where to send printjob to, e.g. c:\temp.
One the One Q web interface create a push device like
Then create a Push Queue pointing to the Push terminal
211 One Q Server Configuration Guide
Print the job and collect it in the c:\temp folder.
Appendix I: Email2Print/Web upload on One Q server
Note Email2Print Web upload features are only available with LibreOffice 6.3.1 or higher
installed on One Q Server (for more information, refer to LibreOffice for Windows or
LibreOffice for Linux).
Email2Print is an option for the users to send e-mail with attachment to a company e-mail
addresses and print from One Q solution.
Web upload provide the possibility to upload a document, e.g. Word file to server and server
convert into a format that can be printed on a device.
• Only support conversion of attachment to one Pull queue.
• Push queue/devices are not supported.
The One Q server Email2Print services will every 60 sec. make a request to the e-mail server
and collect the jobs (attachment only) send to the e-mail address.
212 One Q Server Configuration Guide
Only attachments are converted and visible in the user interface. The mail itself is not printed.
Attachment is converted to PDF format and can only be printed on devices supporting PDF
print/Postscript or creating a Rule Convert job to PCL XL.
Create a rule that convert PDF job to PCL.
It is also possible to create a rule that denies the user to release a job on a device that do not
support Postscript.
Email2Print system is a part of central One Q VDMS server.
Configuration is done via One Q Server.
LibreOffice for Windows
1. Install LibreOffice
2. Create queue
3. Setup POP3 server in VDMSADMIN
4. Create user
5. Test user
In order for the system to operate on the machine where One Q Server is installed, the
partner should install LibreOffice 6.3.1 or higher for Windows 64 bit.
(https://www.libreoffice.org/download/download/). LibreOffice performs the conversion from
supported formats sent by users to PDF that are thereafter created as jobs in the configured
queue.
The LibreOffice will be installed into the following folder:
• c:\Program Files\libreoffice\program\soffice.exe
213 One Q Server Configuration Guide
Please modify path in the Server Config > Guest printing tab.
LibreOffice for Linux
1. Install LibreOffice
2. Create queue
3. Setup POP3 server in VDMSADMIN
4. Create user
5. Test user
In order for system to operate on a server with VDMS installed, it is recommended that
version of LibreOffice 6.3.1 or higher for Linux is installed.
(https://www.libreoffice.org/download/download/). LibreOffice performs the conversion from
supported formats sent by users to PDF that are thereafter created as jobs in the configured
queue.
Install libreoffice
Ubuntu: sudo apt install libreoffice
CentOS: / RedHat: sudo yum install libreoffice
Run these two commands (same in both):
sudo mkdir /home/vdms-run
sudo chown vdms-run /home/vdms-run
The LibreOffice must be installed into the following folder:
/opt/libreoffice6.3/program/soffice
214 One Q Server Configuration Guide
Queue setup on One Q server
After you installed VDMS server and LibreOffice, you need to create the queue and a user
with email to test functionality. The system will check the user by his/her email address and
emails from unknown users are ignored.
Test with a local user first. Following this, a test with an AD account can be performed.
215 One Q Server Configuration Guide
Email2Print setup on One Q Server
Now, when the correct information has been entered, users can start using the system.
User setup with 2 email addresses
User MPJ have 2 email addresses assign to the account, [email protected] (cooperate mail) and
a private mail. System can validate access to the system for two mail addresses.
Below tested with local an AD user.
Please make sure that the user validation on the queue is setup correct for e-mail validation.
If error, please see logs for more info.
216 One Q Server Configuration Guide
Usage
In order to print job via email, a user should send an email from the email address, registered
for his/her user record, to the email that is entered as a POP3 username. In the case shown on
screenshots, we have sent an email from [email protected] to [email protected].
Any files you want to be printed should be attached to the email.
Supported file formats
• MS Word: doc, docx
• Libre/Open office Write: odt
• MS Excel: xls, xlsx
• Libre/Open office Calc: ods
• MS Powerpoint: ppt, pptx
• Libre/Open office Impress: odp
• Images: jpeg, png, gif, bmp, tif
• PDF, RTF
• txt, html
Limitations:
With Microsoft Excel Macro-Enabled Worksheets (.xlsm), the conversion can sometimes fail,
and no jobs will be shown on the user interface.
Troubleshooting for Email2Print
We have seen in some setup it is requirement of import mail server certificate into the
truststore.jks for the One Q server to be able to handle the Email2Print workflow.
Please see chapter 11 or Appendix D for more info how to install.
Upload2Print setup
1. Install LibreOffice
217 One Q Server Configuration Guide
2. Create queue
3. Select queue
4. Test upload
Supported file formats for Upload2print
• MS Word: doc, docx
• Libre/Open office Write: odt
• MS Excel: xls, xlsx
• Libre/Open office Calc: ods
• MS Powerpoint: ppt, pptx
• Libre/Open office Impress: odp
• Images: jpeg, png, gif, bmp, tif
• PDF, RTF
• txt, html
Limitations:
With Microsoft Excel Macro-Enabled Worksheets (.xlsm), the conversion can sometimes fail,
and no jobs will be shown on the user interface.
218 One Q Server Configuration Guide
Appendix J: One Q Mobile Print Application
The One Q Mobile Print is the printing management solution intended for Android and iOS
mobile devices. It works with the print queue created in One Q Server and allows printing
documents using a mobile device while scanning the QR-code attached onto the terminal.
With One Q Mobile Print you can view your print jobs, add new documents to the job queue,
manage print options and send the documents to a printer.
Enabling mobile printing for existing customers
If you already have the One Q Server installed and want to enable the mobile app printing, do
the following:
1. Upgrade the One Q Server to version 5.1.6. Refer to the Updating One Q Server
section for more information.
2. Install (or upgrade) the LibreOffice suite to version 6.2.4 or higher for Windows or 6.3.1
or higher for Linux. For more information, refer to the sections below:
• LibreOffice for Windows.
• LibreOffice for Linux.
LibreOffice download page: https://www.libreoffice.org/download/download/
3. Create a queue called "W2P". For more information on queue creation, refer to
Queues.
4. Obtain a Company ID Code from One Q to be able to print using the app. Please
contact your local One Q sales responsible to request the Company ID code.
Enabling mobile printing for new customers
The new customers need to follow the following steps in order to enable the mobile app
printing:
1. Install the One Q Server of version 5.1.6 or higher. Refer to the Installation section for
more information.
2. Install the LibreOffice suite to version 6.2.4 or higher for Windows or 6.3.1 or higher for
Linux. For more information, refer to the sections below:
219 One Q Server Configuration Guide
• LibreOffice for Windows.
• LibreOffice for Linux.
LibreOffice download page: https://www.libreoffice.org/download/download/
3. Create a queue called "W2P". For more information on queue creation, refer to
Queues.
4. Obtain a Company ID Code from One Q to be able to print using the app. Please
contact your local One Q sales responsible to request the Company ID code.
Appendix K: Scan2workflow setup on One Q server
Setup the Scan2workflow server and the workflow is not a part of this manual, only the
internal workflow from scan device to server and to the destination scan folder before it is
pickup by the Scan2workflow process and handle according to the customer wish.
One Q support can support the setup of the Scan2workflow, any error will be forwarded to it-
scom.com, the vendor of Scan2workflow. The configuration and fine-tuning of the workflow
is handled by partner together with customer.
Supported on Epson, HP and Ricoh vendors.
220 One Q Server Configuration Guide
Scan folders on One Q server, basic setup
On the One Q server, you will need to create the required folders. This is where scan jobs
appear following scanning from a device and before the Scan2workflow server steps in and
the workflow process starts.
This section is the basic setup and are needed for all vendors.
As an example, please see the 8 folders created below for the scanning workflow
To handle this, you need to create a txt file containing the folder names.
This file can be place in any directory on the server and has been created in the scan folder
below
The file looks like this, naming must be without special characters, but it must be a txt file.
221 One Q Server Configuration Guide
A folder like Rene will work but a folder like René will not work/show on device.
On the One Q server, under Advanced setup.
When scanning to the destination folders, 2 files arrive
A document file and a XML file, type are depending of scan selection.
The 5 other files are system files from the Scan2Workflow server.
222 One Q Server Configuration Guide
The XML file contains info e.g. user, time stamp
The extra field, marked with yellow, can be typed in under the scan process on the devices.
This field can be used for additional workflow process.
Each vendor has its own layout, this related to what is possible via vendor development
platform.
Scan2workflow for Epson:
Install the webclient-Epson on the One Q server and verify that the folder Epsonshare has
been created in folder C:\ProgramData\Ubiquitech\VDMS Server\data\temp.
223 One Q Server Configuration Guide
Please share folder and make sure that everyone has read/write access.
You also need to enable Guest account, this way the device can login and deliver job in above
folder.
Windows Policy Management on server for Epson folder
Group Policy Management
On server open Group Policy Management
1. In Group Policy Management (GPMC), double-click Group Policy Objects.
2. Click the GPO that you want to edit.
3. In Group Policy Management Editor, expand to Computer Configuration->Policies-
>Windows Settings->Security Settings->Local Policies->Security Options
4. In the right panel, please double the "Accounts: Guest account status" item and then
check "Define this policy setting"->Enabled.
224 One Q Server Configuration Guide
Local Security Policy
1. In Local Security Policy,
2. Click on Local Policies
3. Select Security Options
4. In the right panel, please double the "Accounts: Guest account status" item and then
check "Define this policy setting"->Enabled.
225 One Q Server Configuration Guide
1. In Control panel
2. Open the Network and Internet / Network and Sharing Center / Advanced sharing
settings
3. Turn on the file and printer sharing
On the One Q server, create a terminal or group with below settings, please refer to Epson
manual for more info.
226 One Q Server Configuration Guide
On server, create the folders where to divert the scan job to.
Scan2workflow for HP:
Only supported on HP version 1.4.5 and newer.
No server setup except the standard Appendix J: Scan2workflow setup on One Q server
The HP Webclient handles the workflow from scan device to scan destination folders.
Scan2workflow for Ricoh:
Only supported on Ricoh version 3.5.0 and newer.
No server setup except the standard Appendix J: Scan2workflow setup on One Q server
The Ricoh client handles the workflow from scan device to scan destination folders.
Appendix L: Linux hints
Configuring Firewall in Ubuntu:
ufw status verbose
ufw enable or disable
227 One Q Server Configuration Guide
echo y | ufw enable (automate "Yes")
ufw show raw (for debugging)
ufw allow 8443/tcp
ufw allow 8700/tcp
ufw allow 8701/tcp
ufw allow 8702/tcp
ufw allow 8703/tcp
ufw allow 8710/udp
ufw allow 8712/tcp
ufw allow 161/tcp
ufw allow 389/tcp
ufw allow 631/tcp
ufw allow 995/tcp
Deleting:
ufw delete allow 8443tcp etc.
Logging:
ufw logging on
ufw logging off
Good article for information:
228 One Q Server Configuration Guide
https://help.ubuntu.com/community/UFW
Linux Stop/Start services
systemctl start vdms-pgsql
systemctl start vdms-web
systemctl start vdms-server
systemctl stop vdms-pgsql
systemctl stop vdms-web
systemctl stop vdms-server
systemctl restart vdms-pgsql
systemctl restart vdms-web
systemctl restart vdms-server
Convert PS to PCL on devices not supporting PostScript
Install the Foomatic on the server and later on the device use a PPD e.g. like
Generic-PCL_6_PCL_XL_Printer-pxlcolor.ppd
yum install foomatic
Disable Firewall ports
sudo iptables -I INPUT -p tcp -m tcp --dport 8710 -j ACCEPT
229 One Q Server Configuration Guide
sudo iptables -I INPUT -p tcp -m tcp --dport 8700 -j ACCEPT
systemctl stop firewalld
----------oOo-----------
One Q is a registered trademark of One Q Technologies A/S. All rights reserved.
All other trademarks are the property of their respective owners.