version 5.1 - one q · terminals without installing a printer driver host printing host printing is...

One Q Technologies A/S

Bregnerødvej 133A

DK-3460 Birkerød

Phone: +45 7020 3284

One Q Server Version 5.1.8

Configuration Guide

Copyright © 2020 One Q Technologies A/S

December 2020

O n e Q T e c h n o l o g i e s A / S

2 One Q Server Configuration Guide

Contents

Chapter 1: Introduction ................................................................................... 12

One Q Server components overview ................................................................... 12

One Q vocabulary ...................................................................................................... 13

Solution deployment scenarios ............................................................................. 17

Chapter 2: Prerequisites and requirements ................................................ 21

Windows One Q Server requirements ................................................................. 21

Linux One Q Server requirements ......................................................................... 22

Partner test environment ......................................................................................... 22

Chapter 3: Required ports and protocols .................................................... 23

Minimum required ports and protocols for One Q Server ........................... 23

Optional ports and protocols ................................................................................. 25

Graphical drawing for ports to be opened ........................................................ 26

Detailed description of the communication scenarios .................................. 26

Chapter 4: Security and certificates .............................................................. 29

About certificates ....................................................................................................... 29

Adding a certificate for Web Client ...................................................................... 30

Certificate reinstallation ........................................................................................... 31

Security warning logon to One Q Server ............................................................ 32

Access without specifying port in the URL ......................................................... 35


No DNS changing server name/Using IP-address .......................................... 36

Export a certificate that can be installed in printers ........................................ 37

Import a "real" certificate using Keystore Explorer .......................................... 38

Security limitations in older devices ..................................................................... 42

Chapter 5: Installation ...................................................................................... 44

Installing One Q Server on Windows ................................................................... 44

Installing One Q Server on Linux ........................................................................... 47

Installing One Driver ................................................................................................. 49

How is PPD mapping done. ....................................................................... 51

Chapter 6: Updating One Q Server ............................................................... 52

Chapter 7: Launching One Q Server ............................................................. 52

Chapter 8: Getting started with One Q Server ........................................... 54

Chapter 9: Status ............................................................................................... 55

Chapter 10: My Profile ..................................................................................... 56

Chapter 11: Jobs ................................................................................................ 60

Chapter 12: Reports.......................................................................................... 61

Introduction............................................................................................................... 61

Standard reports ...................................................................................................... 62

Custom reports......................................................................................................... 63


Scheduled reports ................................................................................................... 65

Chapter 13: Administration ............................................................................ 66

Server config - Authentication ............................................................................ 67

Server Config - Jobs tab ........................................................................................ 70

Server Config - Network tab ................................................................................ 72

Server Config - Cluster tab ................................................................................... 73

Server down, manually failover setup .................................................. 74

Server Config - Payments tab .............................................................................. 75

Server Config - Guest Printing tab ..................................................................... 79

Server Config - Backups tab ................................................................................. 80

Server Config - UI tab ............................................................................................. 81

Server Config - Advanced tab .............................................................................. 84

Server Config - System Notifications tab....................................................... 87

Chapter 14: Domains, MS, eDirectory, IBM Domino and Okta .............. 89

If SSL is not enabled (in the domain settings):................................................ 92

If SSL is enabled (in the domain settings): ....................................................... 92

SSL requirements: .................................................................................................... 92

Chapter 15: Users .............................................................................................. 92

Enable user registration ......................................................................................... 93

Edit Configured policies tab ................................................................................. 94


Account (policies) ....................................................................................... 95

Quota (policies) ........................................................................................... 96

Permissions (policies) ................................................................................ 97

Other options (policies) ............................................................................ 99

Creating or editing a local user ........................................................................ 100

Authentication .......................................................................................... 101

Account ...................................................................................................... 102

Quota .......................................................................................................... 103

Other options ........................................................................................... 104

Creating or editing a domain user .................................................................. 104

Chapter 16: Domain users, Policy setup .................................................... 106

Chapter 17: Terminals and Groups ............................................................. 108

Setup Terminal and groups ............................................................................... 108

Introduction to terminals ................................................................................... 108

Group settings ....................................................................................................... 109

Adding new terminals ......................................................................................... 112

Terminal discovery tab ........................................................................... 112

Creating terminals (Windows version) .............................................. 113

IPP/IPPS printing ...................................................................................... 115

Location ...................................................................................................... 116


Creating terminals (Linux version)...................................................... 116

Configuring terminals ......................................................................................... 118

Refresh status tab ................................................................................................. 119

Discover tab ............................................................................................................ 120

Chapter 18: Queues ........................................................................................ 120

Preparing for creating queues (Windows version) ..................................... 121

Create queue in One Q server portal (Windows version)......................... 122

Push printing .......................................................................................................... 123

Create queue in ONE Q server portal (Linux version) ................................ 124

One Driver on One Q server or One Q SaaS ................................... 124

Chapter 19: Client Codes ............................................................................... 125

Chapter 20: Price profiles .............................................................................. 127

Chapter 21: Authentication devices ........................................................... 128

Chapter 22: Grid nodes .................................................................................. 129

Introduction............................................................................................................ 130

Configuration ......................................................................................................... 130

Usage example Grid printing ............................................................................ 132

Usage example sync between servers............................................................ 134

Chapter 23: Rules ............................................................................................ 134


Introduction............................................................................................................ 134

Rule event ............................................................................................................... 136

Conditions ............................................................................................................... 136

Actions ..................................................................................................................... 137

Rules' Applications ............................................................................................... 137

Test Any Queue event ............................................................................ 137

Test Job Release event ........................................................................... 138

Test Pull Queue event ............................................................................ 140

Test Push Queue event .......................................................................... 141

Test User Authentication event ........................................................... 142

Creating new rules ................................................................................................ 143

PJL Rules ..................................................................................................... 144

Regular expression rule ......................................................................... 145

Rule, capture the job title. ..................................................................... 146

Rule, remove program prefix like Microsoft ................................... 146

User authentication ................................................................................ 147

Multi selection .......................................................................................... 147

Chapter 24: Guest cards ................................................................................ 148

Guest cards ............................................................................................................. 149

Replacement cards ............................................................................................... 150


Chapter 25: Data sources .............................................................................. 151

Data source example ........................................................................................... 152

Example for Terminal import ............................................................................ 154

Example for Print Monitor profile import...................................................... 157

Chapter 26: Print Monitor ............................................................................. 157

Print Monitor Queue setup................................................................................ 159

Print Monitor User/Domain account setup .................................................. 160

ONE Q DIRECT and Offline print ...................................................................... 161

Print Monitor USB printing ................................................................................ 165

Solution one queue/workstation........................................................ 167

Solution one queue and many workstations .................................. 167

Security settings for USB printing ...................................................... 169

Print Monitor handling Server rules................................................................ 170

Troubleshooting ................................................................................................... 170

Chapter 27: Backups ....................................................................................... 171

Chapter 28: Licensing ..................................................................................... 173

Chapter 29: Log viewer .................................................................................. 174

Chapter 30: Templates ................................................................................... 176

Chapter 31: User interface, when users login via WEB ........................... 178


User web .................................................................................................................. 178

Enable user registration ...................................................................................... 181

Appendix A: Connecting to an external Database .............................. 183

External Microsoft MS-SQL Database ............................................................ 185

External PostgreSQL Database ......................................................................... 185

Connecting to Shared DB and JOB storage .................................................. 185

Change Job storage location ............................................................................ 187

Appendix B: Connect Server ..................................................................... 189

Introduction............................................................................................................ 189

Installation .............................................................................................................. 190

Configuration ......................................................................................................... 190

Print queue configuration on Connect server ................................ 191

Print Monitor configuration printing to Connect server ............. 193

Appendix C: Google Cloud printing ....................................................... 193

Setup Google Cloud printer .............................................................................. 194

Testing Google Cloud print ............................................................................... 201

Printing:.................................................................................................................... 204

Troubleshooting: .................................................................................................. 205

Appendix D: Console mode, for troubleshooting ............................... 206

Appendix E: Migrating from ver. 3 to ver. 5 ......................................... 206


Appendix F: Activate print, assign and preview for Admins ............ 207

Appendix G: How to setup Azure ............................................................ 208

Appendix H: How to dump job to file ..................................................... 209

Appendix I: Email2Print/Web upload on One Q server .................... 211

LibreOffice for Windows ..................................................................................... 212

LibreOffice for Linux ............................................................................................. 213

Queue setup on One Q server........................................................................ 214

Email2Print setup on One Q Server .............................................................. 215

User setup with 2 email addresses .................................................. 215

Usage ........................................................................................................ 216

Supported file formats ........................................................................ 216

Troubleshooting for Email2Print ...................................................... 216

Upload2Print setup ............................................................................................ 216

Supported file formats for Upload2print ....................................... 217

Appendix J: One Q Mobile Print Application ...................................... 218

Enabling mobile printing for existing customers ..................................... 218

Enabling mobile printing for new customers ............................................ 218

Appendix K: Scan2workflow setup on One Q server .......................... 219

Scan folders on One Q server, basic setup ................................................. 220


Scan2workflow for Epson: ............................................................................... 222

Windows Policy Management on server for Epson folder .................... 223

Group Policy Management ................................................................ 223

Local Security Policy ............................................................................. 224

Scan2workflow for HP:...................................................................................... 226

Scan2workflow for Ricoh: ................................................................................ 226

Appendix L: Linux hints ............................................................................. 226

Configuring Firewall in Ubuntu: ..................................................................... 226

Linux Stop/Start services .................................................................................. 228

Convert PS to PCL on devices not supporting PostScript ..................... 228

Disable Firewall ports ........................................................................................ 228


Chapter 1: Introduction

This document describes how to install, configure and manage the One Q Server printing

solution, which is the web application run in a web browser.

Upon installation, a preconfigured administration password is assigned to the administrator,

who should change this as the first action.

One Q Server components overview

The table below provides a short description of all One Q solution components:

VDMS Virtual Data Management System, One Q Server

HSPM High Volume Secure Print Management, One Q Server on IBM

mainframe. Old name rebranded to ONE Q

PSPM POWER Secure Print Management, One Q Server on IBM Power. Old

name rebranded to ONE Q

Print Monitor Software Client to be install on the end user’s computer, to track

and store print job in on-/offline mode. ONE Q Direct

WEB Client One Q solution for Samsung WEB, HP, Xerox, Konica Minolta,

Kyocera, Canon, Sharp, Epson and Brother

Embedded Client One Q solution for Ricoh, Samsung and Lexmark

GPS Global Print Solution/Public Print solution. Payment solution to:

Libraries, Airports, Hotels etc. Old name rebranded to Mobility

Printing

Connect Server One Q print server to be used in locations with low bandwidth

IP Bridge To be used where MFD does not support USB card readers or even

One Q Embedded/WEB client solution. Build on Raspberry Pi3

technology

Switch Bridge To be used where MFD does not support USB card readers or even

One Q Embedded/WEB client solution. Manufactory solution


ONE Q New name for HSPM and PSPM

One Q vocabulary

This section describes terms related to One Q solutions and environments:

Authentication

devices

One Q IP-card reader to be used for a release all devices if One Q do

not support it with pull print

Authentication A security option that requires user to log in by Short ID, card or

windows credentials before the user is able to print, copy or scan

Backups Backup systems or database

Client codes Allow users to select client codes with any print, copy and possibly

also fax, scan and e-mail jobs performed on MFDs. With client code,

it is possible to get a very detailed breakdown of both printer and

MFD usage and possibly recover these expenses by invoicing clients

or cost centers

Grid nodes Provide the possibility, to combine 2 or more Clusters in the same

network, so traveling users can collect printed jobs on their main

server and print it through another server/device in a different

location

Cluster Combine 2 servers in a failover safety relationship as a Primary and

Backup(failover) server

Database Facilitates writing scripts and automating tasks in the database. DB/2,

Oracle and PostgreSQL are supported

DocOut Conversion tool that enables the solution to handle Host Printing.

DocOut by MPI Tech is a standard optional part of One Q for IBM

System Z

Domain A group of computers that are part of a network and share a

common directory database

Driver name in

Windows

The driver name appears as a queue in One Q after installing the

driver and selecting One Q port


Encryption Selecting encryption, the solution can prevent anyone from reading

the documents, should they be intercepted on their way to the

printer

FQDN Fully qualified domain name

GPS Global Print Solution, 3. part software to be used in an environment

demanding print through WEB. Rebranded to Mobility Printing

Groups To be used to group Terminals group properties

Guest cards Provide the possibility to create cards to external users so they will be

able to print on internal terminals

Guest printing Requires Mobility Printing. Provide the possibility to WEB upload files

from e.g. Word, Excel and PDF, PPT and to be able to print on

terminals without installing a printer driver

Host Printing Host Printing is printing in AFP-format from the IBMi (AS/400) or

mainframe applications (running under z/OS) directly and securely to

office printers

IBM PowerVM

Hypervisor

Optional virtual machine operating system

IBMi The operating system on POWER

IFL Integrated Facility for Linux (IFL) is an IBM mainframe processor

dedicated to run the Linux operating system

Jobs The printed job, either stored on the One Q server ready for Pull print

or printed directly using a Push port

LDAP Lightweight Directory Access Protocol.

License key code The code provided by your One Q solution supplier.

Linux on POWER Linux on POWER is the collective term for the Linux operating system,

either RHEL or SLES, compiled to run on IBM POWER

Log viewer The log where all system info regarding the One Q solution is stored,

needed for support in case of an error occurring on the system


LPAR Logical partition: a subset of Mainframe’s hardware resources,

virtualized as a separate computer

MFD Multi-Functional Printer - a printer also capable of scanning and

copying (and faxing). Furthermore, it has a touch screen display

enabling it to run embedded or browser based GUI applications

MSCS Microsoft Cluster Service

Office printing Office Printing is the daily printing by users from workstation through

their office tools, e.g. Word, Excel etc.

Payments Used for customers where money transaction is needed, Public Print

solution: Libraries, Airports, Hotels etc.

PIN code PIN (Personal Identification Number) is a personal code consisting of

four (4) digits. To increase security users are requested to log in by

the personal card and the PIN code

Policy Provide rules/setup for users or terminals, preventing to copy in color

etc.

POWER IBM POWER8 platform

Price profiles In the price profiles, you define the cost of the different paper sizes,

use of color and duplex for print/copy/scan

Print Monitor Print Client allows documents to be stored on the hard disk drive of

the computer, which it is installed on

Printer A device capable of printing. Term often used as a printing device. A

MFD can also be a printer

Profile The WEB User interface on the One Q solution

PSPM POWER Secure Print Management. Solution from One Q A/S

developed for IBM POWER. Rebranded to One Q for Power

Pull Terminal Terminal where users log in to the submitting documents to be

printed

Pull printing Print jobs are located on a server until users pull the print-jobs from

printers or MFDs by identifying themselves on any chosen


MFD/printer. Also known as follow-me, follow you or follow U. An

important part of secure printing

Push printing When the user chooses a specific printer from the workstation, the

print-job starts automatically without waiting in queue

Push Terminal A printer defined in Windows that parses the printed document,

transfers the tracked data to the server, and forwards the printed

document either directly to the physical printer or to another

Windows print queue

Queue OS Spooler or Virtually existing on One Q server

RBP Rule Based Printing

Replacement cards To be used in a situation where user forgot his/her card at home and

need a temporary card (replacement card) for e.g. one day

Reports Reports enables viewing of main tracking statistics, user statistics,

terminal statistics, client code statistics and job list. Reports includes

a number of predefined reports and the possibility for custom made

reports (license based)

RHEL Red Hat Enterprise Linux

Rule Based

Printing

(RBP) Allows print cost savings by adding a method to the Print

Management solution for enforcing policies for printing. Rules can

be applied to groups of users, terminals or queue

SLES SuSE Linux Enterprise Server

Terminal Device, a printer or an MFD

Terminal Group A Group of Terminals

Users Either local users or AD users that are able to print and release jobs

on the One Q solution

Virtual server System like VMWare is the creation of virtual servers. Unlike a

physical server, a virtual server is not associated with a specific

computer and can failover from one node to another. Configurations

must reference the virtual server rather than the physical servers


Solution deployment scenarios

This section describes the most common application scenarios for different printing

environments and demands.

• A Windows server is used as both VDMS and Print server. User prints direct to the

server, where the print job is stored, until release on MFD.

• The solution shown below requires that the Print Monitor is installed on the

workstation and setup to print jobs to both Primary and Backup servers. Jobs and

tracking data will be stored on servers. This solution is suited to customers with users

not in Domain or for higher security.


• The setup shown below requires a Windows Print server with shared print queues and

jobs are stored locally. Installing the Connect server and configuring in Storage mode

ensure that the print jobs stay locally on the Print Server/Connect server. Metadata is

sent to Primary and Backup servers. This solution can be used when the customer has

low bandwidth.

• The setup shown below requires a Print server where The Connect server is installed

and configured in Relay mode. The solution sends the print-jobs with Metadata to

both Primary and Backup servers. Solution to be used for customers where failover is a

requirement.

• The above setup requires a Print server where it is possible to store print-jobs locally.

This is achieved by installing Connect Server and configuring in Storage mode.


Metadata is sent to both Primary and Backup servers. This solution should be

implemented for customers with low bandwidth or users not on the Domain.

• By using Grid Nodes, it is possible to connect to different sites. A peer-to-peer

connection allows users to collect their document from another server. Mostly used for

traveling users and needs to be enabled on a user/group level. Can also be used to

share tracking and other information between servers.


• Print Monitor and Printer Driver prints directly to a Push device. In the case of pull

printing, jobs are stored locally on the computer while tracking data is sent to server.

• The ONE driver sends the jobs to the server in PostScript format, and on server it is

reformatted at release time to match setup of the device. This will only work on a ONE

Q server (Linux).


Chapter 2: Prerequisites and requirements

The One Q print management server is deployed as a single executable installer.

Upgrading One Q Server from version 4 to version 5 for the 64-bit version is supported. The

downgrade option is not supported.

Windows One Q Server requirements

A server with the following minimum specifications is required:

• 64-bit operating systems:

o Windows Server 2008

o Windows Server 2008 R2


o Windows Server 2012 R2



• 4 GB RAM (need minimum x3 if Email2print and Upload2Print are enabled)

• 30 GB free disk space for the job storage area, database and application

• No anti-virus program monitoring or interrupting the One Q server directories

• No proxy server interrupting local communication on the server (localhost/127.0.0.1)

Using the Mobility server or the Convert2PFD server on the same Windows server as the

VDMS server, then the memory must be minimum 8 GB Ram. If Installing all 3 solutions on

the same server, then please consider adding even more memory and power to the server.

Windows has a Print Spooler limitation on 4GB, this limitation prevents users from printing a

job greater than 4GB in size to the One Q Server.

The Server can be added to domain. If this is not the case, then it is mandatary that the server

has been added correctly to your DNS, so the server name can be resolved by a command

prompt using the command ping "<servername>".


Following installation of the server, the installer builds the certificate bound to the server

name and domain name. If server name is changed later, the certificate is no longer valid. For

more information on security, refer to Security and certificates.

Linux One Q Server requirements

A server with the following minimum specifications is required:

• An Enterprise Linux server running RHEL 7 or SLES12 with 1 virtual CPU

• 4 GB RAM

• Minimum 30 GB free disk space for the job storage area, database and application. For

larger installations, it is necessary to analyze the customer base, printing habits etc. to

calculate the storage requirements.

• No anti-virus program monitoring or interrupting the ONE Q server directories

• No proxy server interrupting local communication on the server (localhost/127.0.0.1)

• The following libraries/tools are required: newt

• In order to be able to support a multivendor environment with a minimal set of print

queues and driver to support stapling, punch, booklet etc. It is a requirement that the

ONE Q driver is used as a printer driver on the workstations.

The Mobility server is supported on Linux but requires special settings on folder.

Scan2Workflow is not supported on Linux, but installing the Scan2Workflow on a windows

server and collect/pick up the scanned job on the Linux server and process on the Windows

server is possible.

Epson Scan2workflow is not supported on Linux.

Partner test environment

In order to run a successful test of the One Q software, our partners need to build the correct

test environment based on the below:

• The test server must be a 64 bit Windows Server 2008, 2012, 2016, 2019.


• The server must be new and clean server, fully updated and no other applications

installed beside standard Windows components.

• The server must be a member of a domain.

• Firewall and firewall in Antivirus must be disabled or the correct ports open

according to the test setup.

• Devices/terminals must be added to the DNS on the test network, it must be

possible to resolve the FQDN (Fully qualified domain name) of the devices partner

might have.

• Admin rights to test server to be able to install One Q software.

Please also see the document OneQ_setup_guide, which is available on the One Q download

site.

This document also states requirements for a POC.

Chapter 3: Required ports and protocols

This section lists the ports used for communication between One Q Server and other

elements of the IT environment. For more information, refer to the "Design your One

Solution" document available on the One Q webpage.

Minimum required ports and protocols for One Q Server

The following ports are used in communication:

Port Direction Details

389 TCP

636 TCP LDAP

SSL

3268 TCP LDAP

global catalog

VDMS -> LDAP (AD) Used for LDAP lookup to AD

(only one of the ports is required)


3269 TCP SSL

global catalog

8443 TCP PC + internet -> VDMS Web interface to VDMS Server

8443 TCP Payment -> VDMS Payment Communications to server

8700 TCP VDMS -> VDMS Grid Node to Grid Node

8700 TCP VDMS <- Grid Node Grid Node communications to server

8700 TCP VDMS <- Connect server Connect server communications to

server

8700 TCP VDMS <- Print Monitor Print Monitor communications to

server

8700 TCP VDMS <- Mobility Print (GPS) Mobility server communications to

server

8700 TCP VDMS <- IP Bridge IP Bridge communications to server

8703 TCP VDMS <-> Printer WEB client listens on this port

8704 TCP VDMS <- Printer Some WEB client communicates to

server on this port

8707 TCP VDMS <-> VDMS VDMS Cluster service

8709 UDP VDMS <-> Printer VDMS broadcast to Embedded client

for terminal discovery

8710 UDP VDMS -> Printer VDMS configuration for Embedded

client

8711 UDP VDMS -> IP Readers VDMS configuration for IP Readers

9100 TCP VDMS -> Printer For sending print jobs from server to

printer


Optional ports and protocols

Depending on the solution the following ports can also be in use and need to be opened for

communication:

Port Direction Details

161 UDP VDMS -> Printer SNMP monitoring

443 TCP VDMS -> internet secure.ogone.com or DIPS for online

payment

631 TCP VDMS -> Printer If Terminals are configured as IPP

1900 TCP VDMS -> Printer Older clients (Samsung, HW terminal)

5432 TCP VDMS <-> VDMS Access PostgreSQL database.

8700 TCP PC <-> VDMS Print Monitor installed on client PCs

communicates with server (SSL encrypted)

8700 TCP IP Bridge->VDMS Configuration and registration of IP bridge.

8700 TCP Connect Server <-> VDMS Main VDMS server API and client

communication (SSL-encrypted)

8712 TCP VDMS <-> VDMS Grid

Node Communication between Grid Node

8443 TCP

443 TCP

80 TCP

Printer -> VDMS

VDMS -> Printer

VDMS -> Printer

For running Web based clients (Xerox, HP,

Konica Minolta etc.)

7778 TCP VDMS <-> SB network

Reader

For sending/receiving card swipe data

8701 TCP PC -> VDMS If IPP printing is required


Graphical drawing for ports to be opened

This section provides graphical representation of the infrastructure and used ports.

The following ports and protocols needed to be open when using Print Monitor:

Detailed description of the communication scenarios

This section provides the graphical representation of various communication scenarios.

• Server communication for PUSH printing from PC with server shared driver to device.


• Server communication for PULL printing from PC with shared driver to an embedded

client.

• Server communication for PULL printing from PC with server shared driver to a

WEB client.


• Server communication for PULL printing with Main server and Cloud server to Client.


Chapter 4: Security and certificates

One Q can provide the following security-related features in the product:

• Transport security – the job can be encrypted on its way from PC to the server and

from the server to the printer

• SSL and PKI-based encryption – the customer can use their own trusted certificates

• Secure connection to LDAP/AD server using SSL

• Communication between the embedded client and the server is also encrypted using

SSL

• Optional: personal job encryption for extra protection (not implemented yet for

Samsung embedded or web-based clients)

o It requires the One Q workstation software Print Monitor. Job data is encrypted

using AES-256 algorithm with the user's passphrase and decrypted inside the

MFD when job release is requested and after user enters the correct passphrase

on the MFD panel. Nobody can read job data including the system

administrator.

• Optional: Smart card or "sticky" card solution. When the card is attached to the reader,

you can print, when you remove the card printing stops (available for selected

vendors).

Moreover, of course all the benefits from secure pull printing.

About certificates

What is the difference between the self-signed certificate on the devices (used in some

competitor solutions) compared to the self-signed certificate used in One Q server and

deployed to the device or a STAR certificate used in One Q Server/devices?

• Device self-signed certificate on device communicate with the server and gets

validated on a lower level of the server operating system. If the device gets a new

certificate built by a technician or hacker, you can still print but the system is

compromised.


• One Q self-signed certificate, built on the server and installed on the device, gets

validated for each request between One Q server and device. If the device gets a new

certificate built by a technician or hacker, you cannot log in anymore and the system is

not compromised.

• One Q can use a STAR certificate that gets validated against a 3rd party certificate

provider, like Verisign. The same certificate will be installed on the device. This is the

most secure certificate solution since the certificate at each login gets validated

against the 3rd party certificate provider.

The One Q server, when installed, will create a certificate store. The certificate store contains a

self-signed certificate.

When opening the Web UI, the certificate is validated, and you will get a security warning

message in your browser. The security warning appears because the certificate is self-signed.

By default, the certificate is created with a CN matching the Servers

<hostname.domainname>

The certificate is also used for validating communication between the One Q server and the

MFDs. Some MFD vendors require that the CN in the certificate matches the DNS name of the

One Q server.

There can be a configurable 'webclient' alias in the "keystore.jks" file to allow separate

certificates to be used for web clients and web UI.

As such, you can have one certificate CN for the web UI on the 'outside' and another CN for

the Web client communication matching the internal DNS name.

Adding a certificate for Web Client

To create self-signed certificate for the web client communication where the CN/DNS is

webclient.cert.local, enabling the Printer to call back to the VDMS server via DNS name

webclient.cert.local:

1. Open the Command Prompt.

2. Type:

"C:\Program Files\Ubiquitech\VDMS Server\jre\bin\keytool.exe" -genkeypair -keysize

2048 -validity 3650 -keyalg RSA -sigalg SHA1withRSA -alias webclient -keystore

"C:\Program Files\Ubiquitech\VDMS Server\conf\keystore.jks" -dname


[email protected], CN=webclient.cert.local, OU=Printing,

O=Ubiquitech A/S, L=Birkeroed, C=DK.

and hit ENTER.

3. When prompted for password use "password".

1. A new self-signed certificate with the 'webclient' alias has now been

added to the "keystore.jks" file.

4. Find the "network.ssl.alias.webclient" file and enter the name of the alias chosen for

internal webclient communication to the Webclient listener alias entry, e.g.:

network.ssl.alias.webclient = webclient

2. and save the file.

5. Restart the VDMS webclient service, then redeploy web clients.

If you do not want to see the security warning you must import a SSL certificate issued by a

trusted security provider.

The trusted SSL certificate should be issued to match the URL. Wildcard certificates are also

accepted (could be print.domain.com, *.domain.com etc.)

The Browser looks for the best match for the URL in the "keystore.jks" file and if no match is

found, then the certificate with the alias "web" will be used.

If you have a setup where the Web UI can be accessed by the users via different URL’s

(*.domain.con and *.domain.net) then you must import 2 certificates.

Certificate reinstallation

Under installation of the server, the installer builds the certificate on basis of server name and

domain name.

In case the server name is changed at a later point, the certificate becomes invalid and must

be reinstalled:

1. Delete the following files from the default "C:\Program Files\Ubiquitech\VDMS

Server\conf" folder:

• Keystore.jks

• truststore.jks.


2. Run the server install one more time, and server installer will build 2 new files

containing the correct certificate.

3. Delete old certificate on devices and reconfigure the Terminals via the One Q Server

Portal.

Security warning logon to One Q Server

Trying to access a server with the self-signed certificate displays the warning message in a

browser.

You can click "Advanced" and "Confirm Security Exception" to store the self-signed certificate

in the browser's local certificate store, but this may not be acceptable when a large number of

users are using the web-interface, e.g. at universities, hotels, etc.


To avoid getting this warning, you need to request an "official" certificate to replace the self-

signed certificate.

First you must verify or decide the name (url) the server is going to be accessed with.

If it is only an internally used server, it could be a name like https://server84.ubi.local , but if is

going to be used externally, it must be named and registered in DNS with an officially bought

domain name.

When the name has been determined and "fixed", next step is to generate a new base

certificate (only necessary if the name has changed).

In the following, you will need to use a command-line tool called keytool which is used to

admin the "keystore.jks" file.

To make it easier, open a command prompt on the server and navigate to:

For Windows:

• cd "\Program Files\Ubiquitech\VDMS Server\Conf"

For Linux:

• /opt/vdms/conf

Run the following command:

..\jre\bin\keytool -list -v -alias web -keystore keystore.jks -storepass password

It should produce output similar to:

Alias name: web

https://server84.ubi.local/


Creation date: Oct 27, 2017

Entry type: PrivateKeyEntry

Certificate chain length: 1

Certificate[1]:

Owner: [email protected], CN=server84.ubi.local,

OU=Printing, O=Ubiquitech A/S, L=Birkeroed, C=DK

Issuer: [email protected], CN=server84.ubi.local,

OU=Printing, O=Ubiquitech A/S, L=Birkeroed, C=DK

Serial number: 2d6eba50

Valid from: Fri Oct 27 12:18:24 CEST 2017 until: Mon Oct 25 12:18:24 CEST 2027

If the CN-name you see is correct, skip the next 2 steps, which will generate a certificate with

the correct name:

Run the following commands:

..\jre\bin\keytool -delete -alias web -keystore keystore.jks -storepass password

..\jre\bin\keytool -genkeypair -alias web -keyalg RSA -keysize 2048 -validity 3650 -

keystore keystore.jks -storepass password -dname "cn=new_servername.domain,

ou=Support, o=OneQ A/S, c=DK"

Now you must generate a certificate request to send / upload to a company selling

certificates:

..\jre\bin\keytool -alias web -certreq -file CertReq.crt -keystore keystore.jks -storepass

password

It should produce a file named CertReq.crt containing output similar to:

-----BEGIN NEW CERTIFICATE REQUEST-----

MIICxDCCAawCAQAwTzELMAkGA1UEBhMCREsxETAPBgNVBAoTCE9uZVEgQS9TMRAwDgY

DVQQLEwdT

dXBwb3J0MRswGQYDVQQDExJzZXJ2ZXI4NC51YmkubG9jYWwwggEiMA0GCSqGSIb3DQEBA

QUAA4IB

........ more lines here .......


jbMqav9gNhYX+xaq1i3IBa3k4l69haGLle8C3g==

-----END NEW CERTIFICATE REQUEST-----

When you receive the certificate(s) from the company, they must be added to the keystore as

a chain. The following picture illustrates a certificate chain:

In the below example, I have received the 3 files written in italics from external provider:

openssl pkcs12 -export -out certificate.pfx -inkey myprints.oneq.dk.key -in

myprints.oneq.dk.crt -certfile DigiCertCA.crt -name web

The above command builds a certificate (certificate.pfx) with the correct chain.

..\jre\bin\keytool -importkeystore -srckeystore certificate.pfx -destkeystore

keystore.jks -deststorepass password

The above command imports the certificate chain into the java keystore.

Access without specifying port in the URL

If you want to make it possible to access the web interface using just an URL like

https://server84.ubi.local

You can (on Windows) use the command NETSH to set up port forwarding. Open a command

prompt with administrator rights, and run the following command:

https://server84.ubi.local/


netsh interface portproxy add v4tov4 listenport=443 listenaddress=<serveraddress>

connectport=8443 connectaddress=<serveraddress>

<serveraddress> must be either the IP-address or hostname/FQDN of the VDMS server.

Note This assumes you have no other apps or processes that listens on port 443 (SSL)

No DNS changing server name/Using IP-address

If customer does not have a DNS and cannot resolve the FQDN, a certificate with alias name

must be built.

A section about changing server name or using ip-address instead of hostname (important

for HP clients)

Some client (HP printers) are automatically configured with a certificate from the VDMS

server being "pushed" to the printer when configuring it. This certificate is in use when the

printer needs to talk to the server, e.g. when a user signs in to pull print. If the server name is

changed, it no longer matches the name in the certificates, and the (HP) printers will no

longer talk to the server.

To solve this, you either rename the server OR if you want to have the server's network

address configured as an IP-address instead of hostname, you can generate a new certificate:

In the following, you will need to use a command-line tool called keytool which is used to

admin the keystore.jks.

To make it easier, open a command prompt on the server and кun the following commands:

• On Windows:

"\Program Files\Ubiquitech\VDMS Server\Conf"

..\jre\bin\keytool -delete -alias web -keystore keystore.jks -storepass password

..\jre\bin\keytool -genkeypair -alias web -keyalg RSA -keysize 2048 -validity 3650 -

keystore keystore.jks -storepass password -dname "cn=192.168.1.74, ou=Support,

o=OneQ A/S, c=DK"

Restart all VDMS services

• On Linux:

On Linux they are placed in /opt/vdms/conf and on IBM_Z in /opt/oneq/conf


../jre/bin/keytool -delete -alias web -keystore keystore.jks -storepass password

../jre/bin/keytool -genkeypair -alias web -keyalg RSA -keysize 2048 -validity 3650 -

keystore keystore.jks -storepass password -dname "cn=192.168.1.74, ou=Support,

o=OneQ A/S, c=DK"

Restart all VDMS services

Of course, you must enter your server's correct IP-address, or hostname/fully qualified

domain name above.

Now you must reconfigure the necessary terminals with this certificate.

Export a certificate that can be installed in printers

You can export a certificate from the keystore to a file to import to a printer:

..\jre\bin\keytool -exportcert -alias web -rfc -file web.crt -keystore keystore.jks -

storepass password

It can also be done from some browsers, here shown in Firefox: follow the yellow tabs.


Export certificate.

Import a "real" certificate using Keystore Explorer

You can download a GUI tool for Windows called "Keystore Explorer" from

https://keystore-explorer.org/

It requires Java runtime, e.g.: jre-8u181-windows-x64.exe, which can be downloaded from

https://www.java.com/en/download/manual.jsp

To import a "real" certificate do the following:

1. Start K.E. and click "Open an existing KeyStore:

https://keystore-explorer.org/

https://www.java.com/en/download/manual.jsp


Select the OneQ keystore file from either Windows or Linux version:

" C:\Program Files\Ubiquitech\VDMS Server\conf\keystore.jks" or

/opt/vdms/conf/keystore.jks

Unlock it using "password" and you should see:

Now select "open" and select the external certificate you have received. In this example we

assume it is in the format of a .pfx file, which is another type of keystore. Enter the password

(hopefully provided with the .pfx file !):


Right-click to export key pair:

You will need to enter the password again here. Then save it as a .p12 file:

You don't need to enter a password here but can choose to do so.


Go back to the One Q KeyStore and delete the "web" alias:

Finally, import the .p12 file from the other KeyStore saved in the last step:


If you entered a password before, you need it here:

Give it the alias "web":

Again, give it a password, if you are security sensitive...

Finally, restart the vdms-web service, and you are finished!

Security limitations in older devices

A way to get around this unfortunately requires an upgrade to VDMS 5.0.2 or later and some

additional manual work which are describe in below example:

1. Open a cmd-prompt.

2. Type '''"C:\Program Files\Ubiquitech\VDMS Server\jre\bin\keytool.exe" -genkeypair -

keysize 2048 -validity 3650 -keyalg RSA -sigalg SHA1withRSA -alias xerox -keystore

"C:\Program Files\Ubiquitech\VDMS Server\conf\keystore.jks" -dname


"[email protected], CN=webclient.cert.local, OU=Printing,

O=Ubiquitech A/S, L=Birkeroed, C=DK"'''.

3. When prompted for password use '''password'''

1. A new self signed certificate with alias 'xerox' has now been added to

the keystore.jks

4. Edit the ''C:\Program Files\Ubiquitech\VDMS Server\conf\server.properties'' file

5. Find ''network.ssl.alias.web''. Add a new line after this entry and add

'''network.ssl.alias.webclient = xerox''.

6. Save the file.

7. Restart the '''VDMS webclient''' service, then redeploy web clients.

Certificates are used in One Q for two purposes: To enable SSL-encryption of data travelling

over networks, typically HTTPS, and to enable "trusted end-points", e.g. the server says, "I am

One-Q-server1, and you can trust that".

When the VDMS server is installed the first time, two "Java certificate stores" are created:

• keystore.jks and truststore.jks (both placed in C:\Program Files\Ubiquitech\VDMS

Server\Conf).

• (on Linux they are placed in /opt/vdms/conf and on IBM_Z in /opt/oneq/conf)

The truststore contains certificates which the server trusts. It is used for outgoing connections

when the server connects to some host and needs to validate this host. The store contains a

lot of external CAs (Certificate Authorities), but also "special entries", like "xlet" (used for

Ricoh), "printmonitor", "pmconnect", "ubiquitech", "web", "web-sites".

The keystore contains private key chain(s) which are used by listening services (the ones that

listen on some TCP port, like web for example). When users use a browser to access the Web

Admin interface, they collect a certificate with the name web to enable the SSL-encryption.

When the VDMS server is installed the first time, the keystore.jks is populated with 3

certificates, with the names "ubiquitech", "web" and "web-sites". The server name is written in

the certificates (see later section about server name changes). These certificates are self-

signed, which means they are not part of a chain, and they say "I am who I say I am - you must

trust that, and you cannot ask anybody else to verify it".


Chapter 5: Installation

This chapter describes installation procedures for the One Q Server on Windows and Linux

environments.

Installing One Q Server on Windows

Installation requires local administrator permissions (domain admin rights are not needed) as

it writes to protected locations (e.g. Program Files), creates several registry entries, installs

Windows spooler system component and creates and starts/stops different system services.

It is not possible to perform software installation under normal account. The installer requires

elevated access.

Follow the steps bellow to install One Q Server on a Windows machine:

1. Download the newest VDMS server packet from the One Q website.

1. Only trained and certificated technicians are granted access to this

site.

2. Right click the VDMS server install packet and select "Run as Administrator".

3. In the wizard that opens, click Next.


4. Read the End User License Agreement and select "I Agree" to continue installation.

5. Make sure that that the GPL Ghostscript is selected. The server uses this for the

preview functionality, rules etc.


6. The "C:\Program Files\Ubiquitech\VDMS Server" is the standard folder where the

VDMS files are installed. Select another folder or drive if you like to change the folder.

7. The Start Menu Folder is "Ubiquitech VDMS Server". It can be changed if necessary.

8. Select install and VDMS server will be installed. Time frame 2-3 minutes.

9. Select Finish and VDMS server services will start up.


Installing One Q Server on Linux

Since the One Q software relies on CUPS printing system, make sure that CUPS is installed

and running on a Linux server before installing One Q Server.

• Install and configure CUPS:

1. Install CUPS by running:

SLES: zypper install cups

RHEL: yum install cups

2. Set it to auto start:

chkconfig cups on

3. Allow remote administration:

cupsctl --remote-admin --remote-any --share-printers

• Configure the "vi /etc/cups/cups-files.conf" configuration file:

1. Find "SystemGroup" and add "vdms-run": SystemGroup root vdms-run

2. Save the file

3. Restart CUPS with the "systemctl" command.

• Disable SELinux:

1. Open the "vi /etc/sysconfig/selinux" configuration file and change the first

entry of SELINUX which does not start with "#" and change it to

"SELINUX=disabled"

2. Restart the Linux server after changing SELinux settings.

Now you can proceed to installing the One Q Server:

1. Download the .bin installer.


2. Open a terminal window on the target machine. Installation should be performed

from the root account. To enter root shell type "sudo -s" or "su", then enter root

password.

chmod +x <filename of the .bin>

./<filename of the .bin>

o Example for the One Q server installation:

chmod +x vdms-server-5.1.4-setup-linux-x86_64.bin

./vdms-server-5.1.4-setup-linux-x86_64.bin

o Or for the Device Webclient installation:

- change file permissions chmod +x webclient-hp-x.x.x-

setup-linux.bin

- run the installer ./webclient-hp-x.x.x-setup-linux.bin

3. Press Next to start the installation.

4. Accept the license terms.


5. Enter the installation directory.

6. Make sure all three options are selected before pressing Install:

7. Press OK to start the services for the One Q server.

Installing One Driver

For any workstations, we offer our unique and patented One Driver technology whereby

users can print all document formats correctly including advanced finisher options such as

booklet, stapling or tray selection, regardless of printer manufacturer.

In order for users to be able to collect printjobs on any of the devices, they need to have the

One Driver installed. Please follow the instructions below:

1. Log into the user’s pc as administrator.

2. Go to Printers/add printer.

Note Do not use the auto search feature but add the printer manually!


3. Choose a shared printer by name and enter the name of the printer you have created

under Queues on the One Q Portal

(e.g.: http://<IP address or DNS name>:631/printers/ "Queue name").

4. When asked for a printer driver, select Have disk and browse to the location of the

One Driver.

Note It is also possible to use http://"Server address":8701/ipp/"Queue name"


Installation of the One Driver can be carried out using the method above or via the One Q

driver package containing the One Driver and an installation script. Please contact One Q

technical department for more information or download One Driver manual from One Q

partner zone.

To install the driver via a script, request the driver executable file from One Q. Here, the driver

"hspm-driver-1.8.11-2-setup-signed.exe" is used as a reference.

The file can be launched from a Command prompt (run as administrator) with the command

line:

hspm-driver-1.8.11-2-setup-signed /queue=Follow-Me

/address=192.168.1.77 /default=yes

where:

o queue is the name of the Queue defined on the One Q Portal.

o address is the IP Address of the One Q Server (192.168.1.77 in this case).

o default is set to "yes" to set the Printer as the Default Windows Printer.

The driver will communicate with server on IPP port 631.

How is PPD mapping done.

The Driver sends a Postscript job with a One Q header to the server.

When users then release the job on a device, the printjobs are reformatted according to the

PPD connected to the One Q terminal and the device will print the job.

More information on the One Driver configuration is available on the One Q Partner zone.


Chapter 6: Updating One Q Server

With new One Q Server release available, you may upgrade to a newer version.

IMPORTANT! Before upgrading to a newer version it is highly recommended to make full

backup of the system and configuration files. For detailed information on backups, refer to

Backups and Server Config - Backups tab sections.

To update your software, you need to get the latest installation package from the One Q

Partner Zone and run it. In the Setup Wizard that opens, select the Upgrade existing

installation (recommended) option and click Next to upgrade the One Q Server.

Chapter 7: Launching One Q Server

One Q Server is launched by clicking the One Q Server icon on the desktop.


One Q Server is accessed through a web browser. The correct link (URL) is documented in the

customer specific installations manual created by the One Q Partner. By default, the URL is set

to HTTPS://localhost:8443, however, it can be changed to HTTPS://localhost by doing the

following:

• For Windows

Use the following Powershell command on the server where One Q is installed:

netsh interface portproxy add v4tov4 listenport=443

listenaddress=x.x.x.x connectport=8443 connectaddress=x.x.x.x

where "x.x.x.x" is the Server IP Address.

• For Linux

1. enable IP forwarding using sysctl

/etc/sysctl.d/99-sysctl.conf (at the end there are the forwarding rules)

net.ipv4.conf.all.forwarding=1

net.ipv4.conf.default.forwarding=1

2. Add iptables rule (rc.local on RHEL!) (change eth0 to match network interface)

/etc/rc.d/after.local

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j

REDIRECT --to-port 8443

exit 0

By using the given Username and Password (from the installation), One Q Server can be

accessed using the following credentials:

Username: vdmsadmin Password: vdmsdemo

https://localhost:8443/

https://localhost/


Chapter 8: Getting started with One Q Server

The One Q Server user interface is built in a consistent way and its uniformity makes it

intuitive and easy-to-use for the administrator.

The main menu is located at the top of the screen giving the user the following options:

• Status—dashboard overview about system and server

• My profile—user details and own jobs

• Jobs—all pending jobs

• Reports—create/run reports

• Administration—all solution settings

• Log out—log out from the server

• Language—change language


Chapter 9: Status

A dashboard is available to show an overview of the server, including memory usage and

print statistics.

The server information like FQDN, IP-address, uptime, server ID and job count is also shown

here.

When applying for a license via [email protected] you always need to supply the following

information which can be taken from the Server Dashboard:

• Server ID

• Server Host name

• Customer name

Also, from the Server Dashboard, you can jump straight to the Terminal Tab or to the Jobs

Tab by clicking the correspondent links.

The Statistics pie chart shows a breakdown of jobs sent during the current month. It provides

information about printed monochrome/color and deleted monochrome/color pages.


Information is updated daily. Please note, that this section is not displayed if customer has no

Tracking option in his license.

The memory usage on the Dashboard shows the memory usage of the core and web services

over a period of 24 hours. Selecting the area on the screen will drill down to more specific

timelines, e.g. per hour.

Chapter 10: My Profile

The settings are controlled by the vdmsadmin user, either by rules or user permissions.

The User section allows users to change password (local users only), add second e-mail

address to be used with Google Cloud Printing and show/change Short ID and/or PIN. It is

also possible to pay for printing (if enabled) and view payment history from My Profile.

The user also has an overview of the prints jobs that are in queue. Users can either

print/delete or assign print jobs, but only if an Admin has enabled Web print and assign jobs

on server.


Payment options via Ineginco/Ogone. It is possible to customise the terms and conditions.


Payment history will show a list of transactions and the user will receive an email with the

Order ID:


Chapter 11: Jobs

This view is shown with the VDMSADMIN account

This section shows a list of waiting print jobs in the pull queues.

From here, jobs can be deleted.

Due to GDPR print job, assign job and preview job has been removed, please see appendix K

for manual enabling.

In the Archived tab, all printed jobs are stored, and they can be re-printed or assigned again,

but only if the Archive and Print function has been enabled on user. Clicking the Lob archive

is not configured link will open the Administration -> Server Config -> Jobs page, where

you can enable and configure jobs archiving.


Chapter 12: Reports

Introduction

Reporting is a very important part of the server, because it allows you to export and visualize

tracking and accounting information. The reporting module consists of three parts:

• Standard reports with manual previewing and exporting

• Custom reports created by the users (separate licensing option) with preview and

export functionality

• Scheduled reports sent with a given interval to the specified email addresses (either

built-in or custom)

The Reports table allows selecting the period for which you want to see the report and lets

you preview the report in the web browser or it export it to one of the following formats:

• PDF (Adobe PDF)

• XLS (Microsoft Excel format)

• ODS (Open document format)

• XLSX (OOXML format)

• CSV (comma-separated file)

• HTML


Standard reports

The standard reports are the preconfigured reports available on the Standard reports tab of

the Reports page. Every report can be previewed in the browser or downloaded in selected

format.

There are six standard reports available, sorted alphabetically:

• Client code totals

• Client code totals, summary

• Expired jobs, summary

• Job details

• User totals, daily

• User totals, summary

By default, every standard report has a predefined conditions, name, columns name, column

number and column width. You can edit the following fields by clicking on the reports name

and going to the Edit report dialog:

• Report name

• Report heading

• Column display name

• Column's width


The dialog lets you know if you exceed the available width (802 px) for the columns.

The standard reports are in English by default with a standard text, but all editable fields can

be changed/translated to another language.

Using the One Q backup module it is possible to back up the reports and reuse these on

other installations.

Custom reports

If the built-in reports are not sufficient, custom reports can be created by admin or report

admin. Custom reports can be created and viewed on the Custom Reports tab of the Reports

page.


Click Create report to create a new report.

By clicking the Add Column button you can add more columns to your custom report.

Once the column is added, click Name to select one of the predefined types. You can also

edit the Display Name, width of the column, set conditions and change columns' order. For

some columns you can set the Total and Exclusive checkboxes. By clicking the Add Sort

Column you can apply sorting conditions for the columns you added.


Example of report showing deleted jobs:

Scheduled reports

It is possible to create one or more automatic reports, which will be sent to given users at the

configured date and time. Before automatic reports can be created, SMTP settings must be

defined under the Administration > Network section:


Each automatic report can be scheduled and sent to multiple email addresses. In addition,

report format and scheduled period can be selected:

Chapter 13: Administration

The Administration section lets you configure the server settings and consists of the

following sections:

• Server config - Authentication


• Server Config - Jobs tab

• Server Config - Network tab

• Server Config - Cluster tab

• Server Config - Payments tab

• Server Config - Guest Printing tab

• Server Config - Backups tab

• Server Config - UI tab

• Server Config - Advanced tab

• Server Config - System Notifications tab

Server config - Authentication

The Authentication tab is accessed by choosing Server Config under the Administration

option.


The table below describes parameters of the Authentication tab:

Parameter Description

Enable user registration If enabled, the login page allows users to self-enroll

Enable web login for non-admin

users

Allow Non-admin users to login at the WEB URL.

Enabled by default.

Unqualified username search

policy

This option determines how to search for username

without the "@domain" part

Enable single sign-on External single-sign on server for WEB services

CAS Server URL Single-sign on server URL

Web session timeout, minutes Standard timeout for Web session. By default set to 30-

30-30 minutes

Enforce password policies The same as Windows password, mix of numbers and

letters. Enabled by default

Minimal password length Set to 6 by default

Minimal length of generated

short ID

When activated in the User permission, system generate

random Short ID. Set to 4 by default

Remove leading zeroes from

card ID

Remove 0 at the beginning of a card number

Minimal card ID length Used ID card number needs to be at least this length

Maximal card ID length Used ID card number needs to be maximum this length

Enable caching of LDAP search

results

Activating the possibility to cache existing LDAP users

LDAP cache expiration time,

minutes

Time out before new cache collection. Set to 60 minutes

by default

The Authentication page also provides a function to cleanup the Database for obsolete card

or Short ID numbers.


For example, there is a user account in LDAP that has been deleted or disabled, but value still

exists in the Database.

Click Cards/Short ID cleanup to open the cleanup dialog. In the example below there are no

cards eligible for removal. Click Analyze to refresh the results.


In case the system finds records that can be removed, you will be presented with the

possibility to delete them. Click Yes to remove obsolete cards and short IDs.

Server Config - Jobs tab

The Jobs tab allows you to configure the jobs-related parameters.

The table below describes parameters of the Jobs tab:


Job sort order The order in which the print jobs will appear on the

terminals (i.e. ascending or descending according to the

printing time). Set to Ascending by default


Job retention time, hours: The retention time in hours or days until a non-released

job in a pull queue will be deleted. Set to 32 by default

Notify users over expiring jobs Selected and system will send an e-mail

Expiry notification threshold,

hours

When the user will be notified for the expired jobs. Set to

1 by default

Enable async printing If checked the user interface on the terminal is released

when printing enabling the user to do other things (for

instance scanning). Enabled by default

Accept jobs only from known

users

Only authorized users can print, this function is not

working with Print Monitor. Enabled by default

Allow web print for non-admin

users

User can still print their job, not possible for Admin to

print users job

Allow job assignment for non-

admin users

User have the possibility to assign jobs to other users

Cast job size for tracking Track Letter jobs as A4 is set by default

Storage quota per user, bytes Prevent print if the storage quota is exceeded MB or GB

Maximum number of jobs per

user

Prevent users to print if quota is exceeded maximum

number of jobs

Notify user over exceeded job

quotas

Mail sent to user if Storage Quota or max numbers of job

exceeded the allowed settings

Enable custom job storage Standard is c:\DocumentData, hidden folder

Custom job storage location New storage area, locally or external

Enable job archive Yes/No, save all printed jobs from all users

Job archive location New archive area, locally or external

Archive retention time, days Job deleted after, standard 365 days


Server Config - Network tab

In this section, the server and information SMTP mail settings are defined.

The table below describes parameters of the Network tab:


Server address Is set automatically to FQDN, this address is sent to the

terminals doing Terminal configuration. Can be changed

to IP-address for some terminals

Webclient server address To be used with Public Grid solution as SAAS, May never

be empty must as minimum contain default value,

localhost.

Verify client SSL certificates Server will verify the certificates of any client connecting

to it. Untrusted clients will be denied. Trusted certificates

are stored in the truststore.jks file. This option allows to

control who can connect to One Q server and use

server's API and web UI.

Verify server SSL names When server connects to some web site (for example

SMTP to send email or LDAP server) it will verify the

certificate of the remote server. Again, this certificate

must be in the truststore.jks otherwise server will not

connect to that external site.

SMTP sender address If non-default SMTP port is used specify port number


SMTP server

SMTP port

SMTP username Username for SMTP sending

SMTP password Password for SMTP sending

SMTP SSL mode SSL Communication mode set to Plain, SSL/TLS or

STARTTLS

Server Config - Cluster tab

This section allows you to configure clustering options.

The table below describes parameters of the Cluster tab:


Server role A role for this server in the cluster: primary, backup or manual.

Enable database sync One server on each network is primary; the backup is secondary

to be used for failover. Primary and Backup have a heartbeat in

between and as soon as backup doesn´t get any reply from

primary, it becomes the primary until primary comes alive and

retain primary role.

Sync sources The Manual Backup setting is a server in sleeping mode, as

soon as the print admin is informed that primary is down, the

print admin can configure all active terminals, and the manual

server takes over responsibility for login at devices, until

primary comes alive and retain primary role.


Sync retry interval, min SYNC only to be used if system runs with local Database, DO

NOT USE IT WITH SHARED DATABASE

Cluster peer address Select between; Client codes, Domains, Policies, Price profiles,

Terminals, Terminal groups, Users, Print queues, Auth devices,

Rules, Reporting data, Payment history, Guest cards, Reports,

Scheduled reports, Data sources, Scheduled imports, Job

deletion, Print Monitor configuration

Email for notification If the peer is offline the server will attempt to re-sync for 10

minutes max. If set to interval 0 it will not attempt to re-sync.

NOTE On the Primary server, the IP Address points to the Backup server.

SYNC only to be used if system runs with local Database, DO NOT USE IT WITH SHARED

DATABASE

Server down, manually failover setup

It is possible to set up the One Q servers into a cluster, with a Primary/Backup server.

The idea behind this setup is to make sure that users always can log in at the devices and

perform print, copy and scan jobs.

Below steps need to be set up to run the cluster setup

Set up the Primary server with User, Terminals etc. so it is fully functional and working as

expected.

Then perform a total backup of the Primary server and import it on the Backup server.

Remember to check the cluster settings after import of backup and change it, to match the

Primary/Backup configuration.

Jobs are accessible from both servers, if one of the below conditions are fulfilled:

• Printing using Print Monitor and sending jobs to both servers, please see the Print

Monitor manual

• Printing using Connect server and sending jobs to both servers, see Appendix B

• Shared Database and spool area for both servers, see Appendix A and Advanced tab


Server Config - Payments tab

Ogone payment setup:

DIBS Payment setup:


One Q server provides the ability to enable payments for the end-users through the web

interface. There are two payment options available, both cannot be activated simultaneously

• Online web payment (Ogone or DIBS)

• Manual deposit payment

• Print receipt on: ONLY POSTSCRIPT printers are supported

If the printer does not show, please restart all VDMS services or restart server.

The payment system allows the users to deposit money to their account on the print server

and use it for printing or copying.

The table below describes the parameters of the Payments tab:


Enable manual deposit Makes it possible to deposit payment to your account

Enable payment receipts Makes it possible print payment receipts on below printer

Print receipt on Printer to print Payment receipts on, only Postscript

Guest invoice report Select the report where Guest card info will appear. Can be

used with Custom made reports.

Currency Only an ISO4217 currency code allowed

Notify users over low

account balance

Should user receive a mail regarding low balance?

Low balance threshold Level of low balance

Enable clicks conversion Conversion from currency to click price. To be used in

environment where users understand the terms better than

a price

Click price This refer to a price per click instead of standard price, e.g.

A4 one clicks and A3 2 click

Amounts type Fixed range by the system or range in between min. and

max amount

Amount choices: Only in the Fixed range


Web payment type Ogone and Dibs are supported; contact One Q Support for

additional information.

Online web payment provides an online payment option. This option requires a merchant

account opened and maintained by the administrator. Users can pay with credit or debit

cards and use a PayPal account (availability depends on the country). The amount that is paid,

will be transferred to the user’s profile automatically.

Manually deposited payment: allows a payment administrator to deposit an amount for a

user. The payment admin can collect the cash from the user and deposit the amount to the

user's account by using web interface. Permission to be payment administrator is given to

groups or individual users in ‘Administration, Users interface’.

Below is the setting for Local users.


When payment receipts are active, it is possible to select a printer where the receipts are

printed. It must be a locally installed printer.

The payment history is located under Users, Payment history

From here, it is possible to re-print receipts by pressing the print symbol.

Job get printed on the selected device under the Payment tab.


Server Config - Guest Printing tab

Guest printing is also called Mobility print.

Mobility Printing is a mobile printing option that allows users to print from any portable or

mobile device in addition to publicly available computers.

The table below describes the parameters of the Guest Printing tab:


Enable guest printing This allows users to send jobs to Mobility Printing server

Global Print server

address

Mobility Printing server IP-address or domain name

Global Print server port Communication port between One Q and Mobility Printing

server

LibreOffice path Windows: C:\Program Files\LibreOffice\program\soffice.exe

Linux: /opt/libreoffice6.3/program/soffice

Enable Email2Print Disabled by default


Email2Print queue

name

Select VDMS Queue to upload job to server

POP3 server Server

POP3 port 995

POP3 username

POP3 password

Email check period

(min, needs restart)

Standard 1 min, if change please restart all One Q services.

Enable Upload2Print Disabled by default.

Upload2Print queue

name

Select Queue to upload job to server

Refer to the Appendix I: Email2Print setup section for setup and more information.

Server Config - Backups tab

Backup of the database can be set up in this section.

The table below describes the parameters of the Backups tab:


Enable directory

transport

Enabled by default

Backup directory Location where backups are stored


Enable SMB transport Selected enables SMB

SMB destination URL New location for Backups

Max number of

automatic backups

Max numbers of automatic backups, standard 5 and max 100

Server Config - UI tab

The table below describes the parameters of the UI tab:


Number of decimal

digits to display

To be used for pricing. Standard: 2

Custom date format Activate date format, using the scroll bar or type in settings like

yyyyMMdd

Enable custom portal

title

Allow admin to change portal title

Custom portal title Makes it possible to customize title "VDMS Server Portal "


Custom portal logo Makes it possible to upload customer logo, must be in app.

100x100 pix (3.5 cm x3.5 cm)

Portal prompt (HTML) Possible to add more info under the Logo/title, e.g. link to external

web page.

Login UI Theme OEM or Public Print, activated the login site turns Orange

Hide card ID in user

settings

Selected, it is not possible to see card info or Short ID on the

interface

Allowed languages Selection to choose what language end users can select between.

Use terminal locations

for web print

Activate that user can select on the login page, location instead of

group.

Enable external link in

menu bar

If enabled, the new tab is placed as a last item in the menu bar.

The tab is visible for all users and opens the specified URL in a new

browser tab.

Caption for external

link in menu bar

Specify the caption for the external link in the menu bar. Limited to

25 characters, "Caption" is entered by default. Required if Enable

external link in menu bar is enabled

URL for external link in

menu bar

Specify the URL for the external link in the menu bar. Required if

Enable external link in menu bar is enabled


Below is the standard login page.

Below is the page modified with Logo, Title and some HTML commands for pointer to

external webpage where to download manuals and driver from.

The server imports the logo and sometimes it is needed to modify logo with an additional

white border around logo.

Enabling the Public UI theme:


Server Config - Advanced tab

Certain advanced options can be set up in this section. This section should only be changed,

when advised from One Q support.

The table below describes the parameters of the Advanced tab:


Enable color ink detection Enables page-level color detection so jobs with mixed color /

bw sides will be recognized correctly. This is useful for

correctly calculating the price. It can slow down the server

significantly when many print jobs are handled on the server.

Use standard conversion

tool (GhostPCL) for HP

print jobs conversion

To be enable if problem with rule conversion of HP jobs

SNMP wait printing,

minutes

Standard

SNMP wait idle, minutes Standard

SNMP community Public as standard

Security key for DN

authentication

Security key to be used with Print Monitor


Security key for terminal

configuration

Security key to be used with Terminals

Database connection Database location, below shown 4 settings. Setup with DB

specification described in Appendix A

Database pool size The number of simultaneous connections to the database.

The more connections the better performance under stress

conditions and more RAM is required.

Default max limit configured in the postgresql.conf file is 100

Scan2Workflow

configuration file

Location of configuration file for Scan2workflow, 3. Part tool

WebclientNG/Xerox Under development

Enable Watermarks If enabled, the default "Printed by <user login> on

<dd.mm.yyyy HH:mm>" watermark will be printed in the

bottom left corner of every A4 page of a document. Text is

customizable and can be set differently for PS jobs (see

below).

Please speak to One Q prior to enabling this option

Watermark text Enter the text to be printed as a watermark. The "user" and

"date" variables can be used.

Example: Printed by @user@ on @date@

Watermark layer on the

top for Postscript jobs

Enable, if watermark is not visible on postscript printers


For more information about Scan2workflow, refer to Scan2workflow setup on One Q server

The Database Connection parameter allows running a SQL script for the DB, e.g. delete user

tracking. Click Run SQL command to initiate the execution window.


Note Only admin can run this command.

Server Config - System Notifications tab

This section allows you to set up system notifications.

The table below describes the parameters of the System Notifications tab:


Allow system notifications This option will allow notifications to be

displayed on the One Q Portal or be sent via

email

Allow email notifications Enable email notifications

Email destinations Specify email recipients


License notification expired before, days License expiry notification

Certificate notification expired before, days SSL Certificate expiry notification

Portal Notification showing expired certificate:

Portal notification showing expired license:

Email notification example:


Chapter 14: Domains, MS, eDirectory, IBM Domino and Okta

In this section, the user authentication can be set up if users are validated up against the

domain.

In order to create a domain, all relevant information must be added. There is no limit in

numbers of domains.

For user authentication, domains are contacted in alphabetical order - unless authentication

information contains a specific domain name.


The table below describes the parameters of the Edit domain dialog:


Name Free name to identify the domain

Address the address of the LDAP server

User name User with credentials to perform LDAP

lookup

Password Password for above

LDAP scheme type Active Directory, IBM Domino, eDirectory

(LDAP x500) or Okta can be chosen

Port The following typical values can be used: 389

(normal access), 636 (SSL enabled), 3268

(Active Directory global catalog), 3269

(Active Directory global catalog via SSL)

Base DN The search base for the LDAP server

Search users in AD groups or OU

Bind type Security for communication to the LDAP

server

Group filters (comma-sep) Possible to sort by comma separation,

"support, sales, management" etc.

SSL To run by SSL

Active Activate the AD lookup

User name attribute Attribute to look for info,

"sAMAccountName" or simlar

Full name attribute Attribute to look for info, "cn" or similar

Alias name attribute Default empty

Email attribute Attribute to look for info, "mail" or similar

BCC attribute Default empty


Home folder attribute Attribute to look for info, "homeDirectory"

Card ID attribute Default empty

Short ID attribute Default empty

Client code Attribute Default empty

Client code attribute 2 Default empty

Client code attribute 3 Default empty

Once all the settings are configured, the Test LDAP button can be used to check the

connection to LDAP server.

Then go to Users and check the users can be found


If SSL is not enabled (in the domain settings):

If LDAP server address is a fully qualified DNS name, we try to authenticate first using DIGEST-

MD5 protocol. It prevents password from being sent in plain text over the network. However,

there is no encryption and the rest of the information can be sniffed from the network.

If this method fails or server address is an IP address, we use simple plain-text password.

If SSL is enabled (in the domain settings):

If port is 389 or 3268, StartTLS is used to negotiate a secure connection over this port.

If port is 636 or 3269 a direct TLS is used to connect to the LDAP server.

Both methods are equivalent in terms of security.

SSL requirements:

• Domain controller must be configured for SSL connectivity

• Server's certificate must be added to the One Q Server's truststore.jks file or it must be

globally signed with one of the trusted CA's like Symantec or Globalsign.

Chapter 15: Users

User configuration is necessary before the server accepts the print jobs. Every incoming job

has a username associated to it - this is normally the login name of the user without the

domain suffix.

One Q server supports two types of users:

• Local users - for small installations without the domain infrastructure

• Domain users - for integration with MS Active Directory or another LDAP server, IBM

Domino, eDirectory and Okta

Please refer to the Domain section for configuration details

Local users are configured in the server web management interface under the

"Administration, Users" section:

https://trac.ubiquitech.com/wiki/software/download/server/installguide/ldap


By default, the permissions and security settings for all users are governed by policies, which

can be edited by pressing the "Configured policies…" button. Policies can be overwritten for a

particular user with the "Overwrite group policy" option.

Enable user registration

If Administration, Server Config, Authentication, if "Enable user registration" is activated, it is

possible for new users to register via the following:

"Terms and conditions" can be customised by editing the templates below:

%VDMS%/conf/templates/eula.template or %VDMS%/conf/templates/eula_lang.template

(Where lang is 2-letter language code, e.g. en, da, es)

The user will receive an activation e-mail. If the user does not activate their account, they will

not be able to print or login to the web page.

Completing the registration will activate the account.


Edit Configured policies tab

Every group can have group policies assigned - users of that group will share those policies

unless they are overwritten in the user settings. If no group policies are defined for a

particular group, the global policies will be used.

By default, the permissions and security settings for all users are governed by policies, which

can be edited by pressing the "Configured policies …" button. Policies can be overwritten for

a particular user via the "Overwrite group policy" option.

In Configured policies, all policies are specified.

Below are shown the Domain users', Guest cards' and Local Users' Global Policies, with the

three default policies.

Selecting the policy, the popup below will appear, and settings can be edited and changed.


Account (policies)

The table below describes the parameters of the Account tab:


Unlimited Activated, user can print unlimited. If not, then the balance decides

whether it is possible or not, to use the terminal.

Balance

Free balance E.g. provided from University as a free usage pr. month

Low limit When the account gets below this limit, it is not possible to use the

terminal

Enforce Enforce the value to existing accounts


Quota (policies)

The table below describes the parameters of the Quota tab:


Enable quotas Yes, allows quota for user

Total pages quota Total

Color pages quota Total color

Free total pages quota Free quota that can be refilled within a given period

Free color pages quota Free quota that can be refilled within a given period

Enforce Enforce the quota to existing accounts

User will have (total + free) total pages to print or copy, from which at most (color + free

color) can be printed in color.

First the free quota is consumed, then the main quota.

The idea is that free quota is something that is given to the users for free. They must then

purchase credit themselves.


Permissions (policies)

Allows user to Copy (bw), Color Copy, Scan, Push print, Pull print, color print and share jobs.

The table below describes the parameters of the Permissions tab:


Admin Selected gives user full admin role, but can´t delete the VDMSADMIN

account

Color copy Select/deselect permission for user to color copy on terminal

Color print Select/deselect permission for user to color print on terminal

Copy Select/deselect permission for user to copy on terminal

Create short ID If selected, the system generates a random Short ID for user. The

generated Short ID can be viewed in My Profile > User Details pane

Create PIN If selected, the system generates a random PIN for user. The

generated PIN can be viewed in My Profile > User Details pane

Fax Select/deselect permission for user to fax on terminal

Guests admin Selected gives user full Guest admin role, great guest cards etc.

Jobs admin Selected gives user full Job admin role, move and delete job


Payment admin Selected gives user full Payment admin role, handle payment like add

or remove payment on user accounts

Pull print Select/deselect permission for user to pull print on terminal

Push print Select/deselect permission for user to push print on terminal

Reports admin Selected gives user full Reports admin role, create and run reports

Reports view Selected gives user Reports role, to run reports

Scan Select/deselect permission for user to scan on terminal

Share jobs Selected gives user permission to share jobs to other users, e.g.

teacher to student

Terminals adm If selected, allows the user to manage terminals. The Terminals tab is

added to the menu bar

USB port Track jobs printed on USB port

Users admin Selected gives user full User admin role, create/delete or

activate/deactivate users


Other options (policies)

The table below describes the parameters of the Other Options tab:


Price Profile Default price profile for the users

UI Theme Select the OEM or Public Print

Update free values at To be used with Quota to provide users free print/copies

Client code Code to be used for e.g. project accounting

Grid printing Please see section 24 for more info

Auto job release If selected, all jobs at the Pull queue for the user gets released

and printed at login at a terminal


Allowed terminal groups As a standard, the policy is for all terminal groups. Select or

unselect requested terminal groups.

Print Monitor

configuration

When selecting a PM configuration, this setting will be

deployed to the computer

Creating or editing a local user

When creating a new user, only the user name is required, all other settings are optional. The

user name must match the login name used to send the job. The following additional options

are useful when configuring for every user:

The table below describes the parameters of the Create User dialog:


Name Name or short name for the user


Full name User full name

Email address User e-mail address

Home folder User home folder on network where it would be possible to store

scan jobs

Address information Location where user can type personal address information

Active Possible to activate or deactivate the use

Overwrite group policy Selected, makes it possible to overwrite Group policy settings

The Address information can be typed in on the server when creating the user or user has the

possibility to do it when login at the server, with username/password login on the web.

Here you enter your information, that information being used in a payment environment

when adding credit to a user account using credit card provider such as DIBS.

Authentication


The table below describes the parameters of the Authentication dialog:


Short ID: Numbers or letters that makes login easier

Card #1: Show the card number for 1. card

Card #2: Show the card number for 2. card

Pin: Pin code, prompt user as an extra security

feature when login at terminal

New password: Create new password

Account

The table below describes the parameters of the Account dialog:


Unlimited If activated, user can print unlimited. If not, then the balance decides

whether it is possible or not, to use the terminal.

Balance What is left to be used?

Free balance E.g. provided from University as a free usage pr. month

Low limit When account get below this limit, it is not possible to use the

terminal


Quota

The table below describes the parameters of the Quota dialog:


Enable quotas Yes, allows quota for user

Total pages quota Total

Color pages quota Total color

Free total pages quota Free quota that can be refilled within a given period

Free color pages quota Free quota that can be refilled within a given period

User will have (total + free total) pages to print or copy, from which at most (color + free

color) can be printed in color.

First the free quota is consumed, then the main quota.

The idea is that free quota is something that is given free to the users. Then they must

purchase quota themselves.


Other options

The table below describes the parameters of the Other options dialog:


Email Address 2 Second email address, can be used for e.g. Google Cloud printing

with GPS

Aliases Alias name for login or can be used for delegation/secretary print by

using manager’s alias name.

Users created in the One Q server are local and independent from LDAP users.

Creating or editing a domain user

The Domain setup, as described in the Domains, MS, eDirectory, IBM Domino and Okta

section, must be set up before the below is possible.

Below is a domain user profile.


Please note some information are greyed out, not possible to change. That information is

retrieved from Domain.

The field Client code will only show if there is domain information assign to the Client code in

the Connect to domain profile.


Chapter 16: Domain users, Policy setup

The Domain setup, as described in the Domains, MS, eDirectory, IBM Domino and Okta

section, must be set up before the below is possible.

Setting up and enabling the policies can be configured on Active Directory Organizational

Unit (OU) or Active Directory Groups.

If not, policy is set, the OU or group inherit the Global Policy settings.

As shown below could be settings in Active Directory, OU (yellow) or Groups (blue):

On the One Q server, select Users:


In the Show users from select the domain.

Depending of the Domain setup, you will now see Groups or OU.

Selecting the Edit on the Group/OU will open the below policy.

For the Group priority, the highest is 100, the lowest is 1.

Then setting the policy required for the Group/OU.

If a user is in e.g. 3 groups, the highest value will set the standard setup for that user.


Chapter 17: Terminals and Groups

Setup Terminal and groups

In this section, the overall settings of the terminals are set up.

A terminal can inherit the settings from a Group. In this way it is possible to apply settings to

multiple terminals.

Introduction to terminals

A terminal is an authentication or printing unit. The following terminal types are defined on

the server:

• Undefined - when terminal with type Undefined is placed to the group with Vendor

set, terminal inherits Vendor value from group if "Overwrite group options" is not set.

• Embedded - an embedded application running on the target MFD

• Embedded (Android) - an embedded application running on the target MFD (Ricoh

client)

• Web client – a browser terminal running on the server and displayed on the MFD

• Push print - indicates that this terminal is used for direct push printing

• Release station - external hardware terminal with card reader attached to the network

and communicating with the server


Before users can authenticate themselves or perform push printing, at least one terminal

must be defined and configured. Terminals are managed under the Administration >

Terminals section of the server web interface:

Terminals can be added to groups and every group can have its own configuration. This way,

a group of devices can be changed and updated in an easy way.

Group settings

The table below describes the parameters of the Group options dialog:


Name Free form name


Accounting type Full for reporting and user billing, Log for reporting only, none

for no accounting

Vendor Mandatory to set, please set the correct vendor type. Used for

configuring extra config and in reporting and informing the

server how to communicate with device

Default Terminal Type Specify the default terminal type for a given Group. This

parameter will be automatically selected for the terminals

created within this group

Pricing profile A profile that defines prices for jobs and pages

Client code Assign a Client code for the terminal

Logout timeout The number of seconds where the terminal is not used until it

automatically logs the user out.

SNMP accounting Use SNMP for more accurate print accounting.

Some vendor support print.correction instead, please see vendor

manual

Status monitoring: Device status is shown in the Terminal list

Active Activate/deactivate the terminal


Please see the device manual for the individual extra configuration settings for each product.

The table below describes the parameters of the Advanced options tab:


Enable client deployment It is possible to deploy embedded code to terminals from

the One Q Server

Enable card enrolment The solution can be set up to identify new card (unknown)

and ask them to map their identification card (or another

credential) to their user account. Users must already exist in

LDAP (Active Directory) or local database

Enable scan2me If activated, the email addresses are collected from the One

Q server, and sent to the terminal

Enable client codes Client codes can be used on this terminal

Validate client codes If client codes are used, they can be validated against a

database

Auto job release When a user is identified, all waiting print-jobs at the Pull

queue is released at login

Message of the day A message appears on the terminal’s screen for the user

(it only works on some types of terminals). Messages can be

anything from ‘Remember midsummer kalas on Friday’

to ‘All emails will from now on be printed in black and

white’

Extra config Device setting dependant on the vendor selection. Special

configuration can be set up here, e.g. it can be a password

to devices if required in the client. Remember to set

terminal vendor first, to make extra config settings visible


Below are the settings from Ricoh.

Adding new terminals

This section takes you through the process of adding new terminals to the system.

Terminal discovery tab

To facilitate adding many terminals simultaneously, a discovery feature can be used. It only

works for embedded terminals and the embedded client must be installed on the target MFD

and be up and running. Discovery is based on IP multicast traffic (address 239.255.250.206,

UDP port 8709) and may be blocked on some corporate networks.


Creating terminals (Windows version)

Select the Group and select Add terminal.

When adding a new terminal manually, press the Add terminal button and enter the required

parameters:


Name Free form name

Address IP address or DNS name of Terminal where the server configuration is

sent to


Terminal type Choose according to the terminal role and type. By default, the system

automatically inserts the same type as specified in the Default terminal

type parameter of the Group creation dialog

Print protocol Either TCP/IP (port 9100) or IPP/IPPS. USB can only be used if Print

Monitor are install on that workstation where USB printer are connected

to. Dummy can be used for test purpose

MAC Address MAC address of the terminal can be added manually

Printer address For External and IP card reader it is where the job is sent to. With

Embedded and Web client IP is the same as the Address. For IPPS

protocol an extra parameter is required - printer URL, e.g.

https://printeraddress/ipp

Location To be used with Print Monitor configuration: where terminal is located.

Location can be typed in and selected or imported by the Data sources

module

Serial Number Terminal serial number, to be used in Reports

Description To be used in Reports

Print QR Code Requires installed LibreOffice 6.x on the server (see LibreOffice for

Windows or LibreOffice for Linux). Press this button if you need to

generate a QR code for identifying the terminal. After receiving a

confirmation in a pop up window, the terminal will print out the QR

code. Clicking the button again (when editing the terminal's properties)

will issue a new QR code and "forget" the old one.

Note The printed QR code is documented by the system as a print job

performed by the "vdmsadmin" user, even if the printing was initiated

by any other user.


Overwrite group

options

If marked, it is possible to configure these terminals in a different way

than the other terminals in the group

IPP/IPPS printing

For the Web Client, it is possible to print with IPPS (SSL over IPP)

To be able to print by IPPS, you need to add MFD´s certificate to the truststore.jks

Can be done like below:

"C:\Program Files\Ubiquitech\VDMS Server\jre\bin\keytool" -

importcert -noprompt -alias KMB92F59 -file KMB92F59.crt -

keystore "C:\Program Files\Ubiquitech\VDMS

Server\conf\truststore.jks"

The ""KMB92F59"" is the certificate

Please add the correct name to the script

Run it in a CMD prompt on the server and restart all VDMS services.

DNS must be running for proper validation for host name or FQDN for server and devices.


Location

An example of a Push terminal with location.

To be used together with Print Monitor to ease printing for end users.

Creating terminals (Linux version)

The Setup for Linux is almost the same as Windows, but due to CUPS within Linux, more

functions can be added to the print process and conversion.

In order to support a multivendor environment with a minimal set of print queues and drivers

to support stapling, punching, booklet etc. it is a requirement that the ONE driver is used as a

print driver on the workstations.


Selecting Universal print target and select <New target…>, gives the Admin the possibility to

create a printer with a PPD (PostScript Printer Description) that converts the print job to

match the specific printer/MFD.

Selecting upload, provides the possibility to select the PPD for the specific printer/MFD and

will create the printer within Linux Cups.


Select Save.

Note This PPD is located on the OS and cannot be backup, in case that One Q server need to

be moved to another Linux server.

Remember the Universal printing setting on the queue, if not set, the conversion will not take

place.

Configuring terminals

Once the terminals are added or modified, configuration must be sent so the embedded

application is aware of the server address and settings. This is done by pressing the

"Configure Terminals" button. Terminal configuration requires UDP port 8710 to be opened

on the network (direction server -> printer).


It is possible to configure: All active terminals - Selected only - Current Group and Deploy

embedded client to Lexmark, Ricoh (Android and Java) and Samsung XOA devices.

If "Enable client deployment" is enabled on the Terminal/Group, then the client will be

deployed to the device when Configure is selected.

Refresh status tab

It is possible to refresh All active, Selected only or Current group terminals.


Discover tab

Selecting Discover, the server will perform a multicast discovery and search for all units where

the One Q embedded clients are installed.

It will not work for Web Clients.

Chapter 18: Queues

In this section, queues for pull, push and secure print can be created, deleted and edited.

Virtual queue can be created/deleted in the One Q server.

OS spooler queue is created in the spooler of the operation system and cannot be deleted or

backed up on the One Q server.


Preparing for creating queues (Windows version)

To create a queue which is connected to the One Q server, start a new printer wizard and

choose ‘Local printer’. In the port settings, choose ‘Create new port’ and choose the

port type: ‘VDMS port monitor’:

Follow the steps to choose the queue name and printer driver. The created queue will be a

pull queue by default, e.g. all the incoming jobs will be stored on the server and not

forwarded to any printer. Push printing requires more configuration in the web

administration interface of the server (See below ‘Push printing’).

The original Win 2012/2016 Class 4 drivers cannot be used with port monitor, please use class

3 driver (download it from vendor web site).

https://trac.ubiquitech.com/wiki/software/download/server/installguide/pushprint


Name cannot be changed unless renamed on the Windows server.

Create queue in One Q server portal (Windows version)

The table below describes the parameters of the Create queue dialog:


Name Free form name

Queue type Pull queue, Push queue or Secure queue (Pin code solution, only for

Ricoh)

Target terminal Only available when Push queue is chosen


Domain A target domain need to be specified, otherwise only local users are

allowed to print to these queues

Print Monitor

configuration

Assign a PM configuration to a queue, this way the PM on the

workstation will be set to log in with the settings in the config file

Push printing

Push printing is similar to direct printing to the target device. The difference is that the job

still goes to the server, user permissions and account balance are checked, and the job is

directly forwarded to the printer, without being stored on the server. User authentication is

not necessary (although from the PC it can be enabled with Print Monitor client software

[Print Monitor is an add-on module]), but the accounting and tracking can still be used.

This kind of printing is useful for small network printers without the embedded client or in

cases when user authentication is not desired.

Push printing can be performed to either 'Embedded' (external terminals included) or 'Push

queue' terminal type. The difference is that 'Embedded' terminals can also be used for

authentication and pull printing. The Server license controls how many pull and push

terminals are enabled.

Push printing is controlled by setting a print queue to the 'Push' type and specifying the

target terminal (under ‘Administration, Queues’ section):


Create queue in ONE Q server portal (Linux version)

In the Linux version, it is possible to create either Virtual queues or OS Spooler queues.

The virtual queue is controlled by the One Q system and can only be used to print via Easy

Manager/Print Monitor.

The OS Spooler is created in the Linux Cups as an input queue for the Linux system and

should be used as it supports printing via Windows/Mac/Linux without the need for any client

software installed at the workstation.

Queues in Linux and Windows have the same functionality whether they are Pull or Push

queues.

Universal printing is needed if using the One Driver together with PPD on the terminal.

One Driver on One Q server or One Q SaaS

Activates universal printing functionality.

Can be used only on Linux or on One Q SaaS.

How does it work?

There is one normal input queue (pull queue) with a generic Postscript or PDF driver. PS/PDF

is a requirement for universal printing.

Multiple output queues (physical TCP/IP queues) are connected directly to printers. They are

managed using "Devices and Printers" within CUPS in Linux. This physical queue must be

selected in the terminal settings under "Universal print target". Output queues can have


different drivers - PS, PCL, whatever. It can be also local USB-connected printer - it does not

matter.

When you request to release a job marked for universal printing it will be sent to the specified

output queue (TCP/IP queue) and formatted to whatever output PDL is needed.

If you leave "Universal print target" option empty the job will be printed in a usual way,

directly to the printer.

Disadvantages:

Performance can be lower as the job must be converted to the output format.

Chapter 19: Client Codes

Client codes (also known as billing codes) are 'tags' that allow you to group job tracking and

reporting based on selected criteria - for instance department, faculty, building, class, area,

etc. Client codes can be used in several ways:

• Client code entered manually by the user when doing pull printing from the terminal

must be enabled first under the ‘Administration, Terminals’ section. This client code

has a highest priority and will be used whenever entered

• Default client code assigned to the user will be used if no manual code is provided

• Default client code assigned to the terminal will be used if no default code is provided

for the user

When the job tracking information is added to the database, a client code is also recorded.

Subsequently, a report can be generated based on the client code - for example a total

number of prints performed in a particular department.

Client codes are defined under the Administration > Client codes section:


It is possible to import client codes from a CSV file. The file format is:

name,description[,subcode1,...,subcodeN]

Every client code can have one or multiple subcodes (matter codes) defined. This is useful in

certain scenarios for example in law firms, where client code represents the case and subcode

refers to a particular case file.


Chapter 20: Price profiles

In this section, the pricing profile can be set up. A profile can be specified for each device type

and any job type. It is possible to select paper size, duplex/simplex color and B&W.

A new profile is created simply by giving it a name.

After creation, the profile can be edited:

There is no limit in numbers of profiles and they can be edited and deleted here.


Pricing is pr. Image, so above pricing will be correct for 2 color pages:

Example:

Simplex: 2 x 0.25 = 0.50

Duplex: 2 x 0.20 = 0.40

If Users select duplex (Double-sided) instead of simplex, then they will save some money.

Chapter 21: Authentication devices

Authentication devices is used to authenticate users in places where no reader can be

attached to MFD, or where "release all" functionality is required. Authentication devices can

be a biometric reader, numerical keyboard or a card reader.


To create a new device press Create auth device and fill out all fields or use the tool ipbridge-

config. (Provided by One Q Support).

Remember to Activate Auth. device.

Please see IP Cardreader Bridge Raspb.pdf or IP Cardreader SwitchBridge SB.pdf manual for

more information.

The table below describes the parameters of the Edit auth device dialog:


Name MAC address, added when unit gets connected and configured to

the system. Can be changed

Device type TCP/IP card reader

Address MAC address, added when unit gets connected and configured to

the system

Action Selected from drop down menu, release all jobs/Login at the

terminal/Login, and release all selector

Associated terminal Selected from drop down menu, the terminal

Active Activates device

Chapter 22: Grid nodes

Grid printing must be enabled in the server license.


Grid printing as a term is used here as cluster printing, i.e. bringing multiple One Q servers

together into one connected solution.

Introduction

Grid nodes allows you to do 2 things, Grid printing and synchronization between database

Grid printing allows you to organize multiple servers into a private Grid and perform pull

printing, regardless of the location the document was submitted to the server from. For

example, if the organization has multiple branches or offices, it is possible to print the

document in one office and collect the print-out at another.

Grid nodes also allows servers to synchronize between databases:

Select between; Client codes, Domains, Policies, Price profiles, Terminals, Terminal groups,

Users, Print queues, Auth devices, Rules, Reporting data, Payment history, Guest cards,

Reports, scheduled reports, Data sources, Scheduled imports, Job deletion, Print Monitor

configuration

SYNC only to be used if system runs with local Database, DO NOT USE IT WITH SHARED

DATABASE

Configuration

Grid nodes are configured under the Administration > Grid nodes section:


Every Grid node represents a server running in a different location. When a traveling user

authenticates at an MFD that do not point to user’s home server, a list of jobs is retrieved

from all configured nodes, so that the user can view and print jobs submitted to different

servers in the network.

Communication between Grid nodes is performed on TCP port 8712.

Each Grid server should have a list of terminals configured, which is local to this server.

Before Grid printing can be used, it must be activated either in the Domain, Guest or Local

Users group policy or per individual user:

The table below describes the parameters of the Create node dialog:

https://trac.ubiquitech.com/wiki/software/download/server/installguide/terminals



Enable database sync SYNC only to be used if system runs with local Database,

DO NOT USE IT WITH SHARED DATABASE

Sync sources Select between; Client codes, Domains, Policies, Price

profiles, Terminals, Terminal groups, Users, Print queues,

Auth devices, Rules, Reporting data, Payment history, Guest

cards, Reports, Scheduled reports, Data sources, Scheduled

imports, Job deletion, Print Monitor configuration

Sync retry interval, min If this peer is for example offline, and set for 10 min, the

server will attempt to re-sync for 10 minutes max. If set for

1440, it will try to re-sync for one day. If set to interval 0 it

will not attempt to re-sync.

More info next page.

If you set this interval to 0 it will not attempt to re-sync

Cluster peer address Set IP/FQDN for Backup/Primary server

Email for notification Information mail to the system administrator or other

responsible persons

Usage example Grid printing

There are two locations, HQ in Copenhagen and Oslo1. Each location has several MFDs

(terminals) connected to the server running on that location.

We define Grid nodes as follows:

• On HQ server we create a Grid node that points to Oslo1 server

• On Oslo1 server we create a Grid node that points to HQ server

• On HQ server we create and configure terminals that are located at HQ

• On Oslo1 server we create and configure terminals that are located at Oslo1


Next, we activate Grid printing in the global policy settings - from that moment users printing

to HQ server can get their jobs printed at any MFD in the BR1 location (and vice versa).


Usage example sync between servers

If the sync between servers fails, and has not been updated then your account on the 2

servers may have a different value.

As soon as your account has been updated on one of the servers, like printing a job, copy a

page or adding money, all servers are updated and the values will be the same across all

servers.

Chapter 23: Rules

Introduction

The One Q server supports rules-based printing. This facility allows you to create rules that

control the job workflow, access permissions and setup printing conditions.

There are some limitations:

• Some rules and conversions depend on vender device support that, e.g. conversion to

BW and simplex.

• Some rules and conversions depend on IPP protocol and PostScript.

• If the job is encrypted using passphrase from Print Monitor, conversion is not possible.

• Paper setup from MS-Word with selection from different trays eg page 1 from tray 1

and the rest of the document from tray 2, that information are under a Duplex

conversion converted to only select pages from standard tray.

Rules with user authentication will take place after the job has been validated and confirmed

that local user/AD account is present on system.

Rules and conversion are triggered by:

• Print Monitor (if the client software is used)

• Rules

• Clients (E.g. Ricoh, Lexmark)


For best performance, use IPP protocol and PostScript

To describe the rule-based printing the following special terms are used in this chapter:

• Rule – a named set of conditions and actions; rule is checked and applied in the scope

of a certain event;

• Event – a notification given to the rule management framework when something is

happening in the system;

• Condition – a logical expression that evaluates to true or false; condition consists of 3

parts:

<predicate><transition> <parameter>

• Subject – an entity that is a target for condition check;

• Predicate – a subject-specific logical clause;

• Parameter – is an optional parameter to the predicate;

• Transition – a logical transition to set the predicate or the condition to "not".

• Action – an action that is executed when all the conditions are evaluated to true.


There can be several conditions and actions defined for a given event. They can be used

sequentially in the defined order.

The rule consists of the conditions and actions. If all the conditions are fulfilled, the actions

are executed.

Rule event

Every rule is associated with a rule event that occurs when the server software runs.

For instance

• the "job in pull queue" event occurs when the document is submitted to a pull queue

• the "job release" event occurs when the document is submitted to the MFD or printer

• etc.

Conditions

Every condition consists of a predicate. A predicate is a logical clause, which applies to a

subject and checks it, e.g. "User name is".

Multiple conditions can be added to the same rule.

In the given example, there are two conditions defined which (when combined) will produce a

rule that checks if the incoming job has a total number of pages greater than 50 and its title

contains "Microsoft Word".


After the conditions are defined, the actions must be specified which are then executed when

the conditions are satisfied.

Actions

Actions can be re-ordered by pressing Up or Down link. The special action Deny stops all

further processing of the following actions.

To save the new rule press ‘Save’ button. To abandon changes press ’Cancel’ button. All

the changes are applied with immediate effect.

Rules' Applications

Below is the 5 different rules event, to show the possibilities with rules.

Test Any Queue event

Rule event Conditions Actions

Job in any queue User name is

User group is

User email is

Domain name is

User exists

System time between

Terminal name is

Deny

Print banner

Send email

Assign job to

Move job to

Filter job

Print job at


Terminal group is

Terminal address is

Terminal vendor is

Terminal location is

Terminal is offline

Terminal is busy printing

Job title contains

Queue name is

Job type is

Paper size is

Job is duplex

Total pages greater than

Color pages greater than

Job PJL value is

Job forced to B&W

Job forced to duplex

Job forced to simplex

Client code is

Client code exists

Client code has subcode

--- Logical OR separator ---

Set job title

Set job prompt

Force job to B&W

Force job to duplex

Mark job as favorite

Mark job as shared

Cut job title

Force job to simplex

Set job retention

Cut user name

Convert job to PDF

Set user permissions

Enable color ink detection

Stop

Assign job by email

Convert job to PCL XL

Test Job Release event


Job release User name is Deny


User group is

User email is

Domain name is

User exists

System time between

Terminal name is

Terminal group is

Terminal address is

Terminal vendor is


Terminal is offline

Terminal is busy printing Job title

contains

Queue name is

Job type is

Paper size is

Job is duplex



Job PJL value is

Job forced to B&W



Client code is

Client code exists


-- Logical OR separator --

Print banner

Send email

Assign job to

Move job to

Filter job

Print job at

Set job title

Set job prompt

Force job to B&W

Force job to double-sided


Mark job as shared

Cut job title


Set job retention

Cut user name

Convert job to PDF


Enable color ink detectio

Stop

Set client code

Assign job by email



Test Pull Queue event


Job in pull queue User name is

User group is

User email is

Domain name is

User exists

System time between

Job title contains

Queue name is

Job type is

Paper size is

Job is duplex



Job PJL value is

Job forced to B&W



Client code is

Client code exists


-- Logical OR separator --

Deny

Print banner

Send email

Assign job to

Move job to

Filter job

Print job at

Set job title

Set job prompt

Force job to B&W

Force job to duplex


Mark job as shared

Cut job title


Set job retention

Cut user name

Convert job to PDF



Stop

Assign job by email ***



Test Push Queue event


Job in push queue User name is

User group is

User email is

Domain name is

User exists

System time between

Terminal name is

Terminal group is

Terminal address is

Terminal vendor is


Terminal is offline


Job title contains

Queue name is

Job type is

Paper size is

Job is duplex



Job PJL value is

Job forced to B&W



Client code is

Deny

Print banner

Send email

Assign job to

Move job to

Filter job

Print job at

Set job title

Set job prompt

Force job to B&W

Force job to duplex


Mark job as shared

Cut job title

Mark job as pull


Set job retention

Cut user name

Convert job to PDF



Stop

Set client code

Assign job by email



Client code exists



Test User Authentication event


User authentication User name is

User group is

User email is

Domain name is

User exists

System time between

Terminal name is

Terminal group is

Terminal address is

Terminal vendor is


Terminal is offline


Job title contains

Queue name is

Job type is

Paper size is

Job is duplex



Deny

Send email

Set job title

Set job prompt

Cut user name


Stop


Job PJL value is

Job forced to B&W




Creating new rules

To create a new rule press the Create rule button and enter the required parameters: Name,

Rule event and the Active flag:

A rule will appear in the list of rules. To delete the rule, press the red X. To edit the rule and

define the rule contents, press the "Add" link in "Conditions" or "Actions":

To create a new condition press Add:

Enter the predicate parameter if required. Press "Save" button to add a new condition.


To create a new action press Add:

Choose the required action from the list. Enter the action parameter if required. Press "Save"

button to add a new action to the rule.

To change the action order, press the "Up" or "Down" link.

The rule is activated immediately on the server side when it is marked Active.

PJL Rules

The PJL Rules have many possibilities.

For rules, there are different template parameters and they must be entered in capital letters:

$(USERNAME)

$(FULLNAME)

$(DOMAIN)

$(EMAIL)

$(HOMEFOLDER)

$(TERMINALNAME) "only available in push printing or job release events."

$(TERMINALADDRESS) "only available in push printing or job release events."


$(TERMINALGROUP) "only available in push printing or job release events."

$(CLIENTCODE)

$(JOBTITLE)

$(TOTALPAGES)

$(COLORPAGES)

$(MONOPAGES)

$(QUEUENAME)

$(FILESIZE)

It is also possible to "capture" a custom variable from the job's PJL header using the following

syntax (in the rule condition "PJL value is"):

PJLVAR=$(CAPTURE)

It will extract the PJLVAR from the job file and assign it to $(CAPTURE) variable.

For example, if job file contains "@PJL SET USERNAME="john.doe" then it is possible to

extract the user name into $(PJLUSER) variable with the following condition:

USERNAME=$(PJLUSER)

Then this variable can be used in rule actions, for example to assign job or to send email.

Regular expression rule

A print printed from a LPR queue can arrive at the server like below

It can be solved like with a rule assigned to the correct queue

A regular expression. https://en.wikipedia.org/wiki/Regular_expression

This one means: whitespace repeated one or more times: \s+


Opening parenthesis: $

One or more non-whitespace characters: \S+

Closing parenthesis: $

The whole expression will change the user name received from LPR service in the form

"username (x.x.x.x)" to just "username" or

Rule, capture the job title.

Rule event=Job in Pull queue

Condition=Queue name is <name of the queue>

Action=job rule is set to: username=$(JOBTITLE), domain=<domain name>

Rule, remove program prefix like Microsoft

It is possible to remove prefix like Microsoft PowerPoint, Word etc. by a rule

The jobs marked with yellow is printed before activating the below rule.


Rule = \s*\S+\s*-

User authentication

It is possible to create a rule that sets some user permission on e.g. a vendor.

Below is showed how to set that only Pull print are allowed on all Xerox terminals for all users.

Multi selection

If you have for example a condition "terminal name is" - instead of selecting one terminal

from a drop-down list, you have now an option to specify multiple terminal names separated

with | sign

Example term1|term2|term3, please type in the correct terminal name


Chapter 24: Guest cards

Under Guest cards, you can create Guest cards for guest or Replacement cards for existing

users.


Guest cards

Above is an example on a default Guest card where user use a company/public computer

with Print Monitor to print.

User walk up to the computer, open the job and print. The Popup from Print Monitor show

and user type in user name and password to be able to print. Walk up to the device and

release the job.

The table below describes the parameters of the Create Guest Card dialog:


Card ID ID number of the card

Card type Guest or replacement card

User name User name

Email address Email address, to be used later if guest add more

money to account

Password User password

Unlimited Is the card an unlimited card, (free print/copy) or does

user need to pay

Balance Amount of currency on card

Retention time, hours Time limit on how long the card is active


Active Is the card active or not

Replacement cards

If user forgets/loses the access card, it is possible to create a replacement card that for a

period of time, to replace the existing card.

The table below describes the parameters of the Create Guest Card dialog with the card type

set to Replacement:


Card ID ID number for the card

Card type Guest or replacement card

Domain The domain selection where user exists

User name User name

Balance Amount of currency on card

Retention time, hours Time limit on when the card active

Active Is the card active or not


Chapter 25: Data sources

The Data Source can import data from a CSV file.

Please remember that the manual imported CSV file after first import is cached on the server

and if the contents of the CSV file are changed at a later date, the change will not be applied

to the server. You need to clear the CSV file and select it again.

Importing data from a CSV file containing special characters like Scandinavian could cause

some issues if the CSV is not in UTF-8 format.

Above file will look like this if not set for UTF-8 format.

After changing to UTF-8 format and save the CSV file


Data source example

Below is an example of a data source import, step by step on how to import terminals

Selecting will Preview the Data source

Selecting will Import the Data Source


Creating the data source.

Name the Data source and select the CSV file.


Remember to select the correct CSV separator.

Example for Terminal import

Save the setting and control the import on the preview.


Click "Headline to change" from <No import> to the requested parameter.

In this example, the CSV file contains header, which can be removed in the CSV import.


Select what to import, then run the import

If Vendor or client code are selected, then the Terminal will be imported, but status are "Not

Active"

Here I selected the import and the correct information but are not importing one column.

Select Import.

And in this case 59 terminals have been imported.


The import must contain correct Terminal type like below.

Example for Print Monitor profile import

Set up the file as a CSV like below

Set up an import like

Remember to remove the SCV separator

Now 2 Print Monitor profile has been imported.

Chapter 26: Print Monitor

From server version 5 it is possible to configure Easy Manager/Print Monitor server side.

Solution branded ONE Q DIRECT


The EM/PM must be installed on the Workstations and pointing to the server on the correct

IP/DNS name.

At first print the configuration will be sent from server to EM/PM.

There are 2 ways to configure PM from server side, either by the Queue settings or on the

User/Domain account.

• For the queue set the PM configuration, like below for the Copenhagen office/profile

• For the User/domain a default PM profile are needed on the queue where the user

print to, and on the user/domain policy set the needed profile for that specific

user/group/OU.

o Please see Print Monitor User/Domain account setup

The configuration in server 5 for a Print Monitor profile looks like below:

Setup: Set name and e.g. assign Location and more settings depending of the customer wish.


Location is created on the Terminal settings and should be set in the PM config.

The PM Config name, in this case Copenhagen must be applied to the Queue or User/Domain

account.Print Monitor Queue setup

Unger Queue settings, select correct profile needed for the location, in this case Copenhagen

and save it


Print Monitor User/Domain account setup

For the PM for User/Domain account setup creates a Queue with a default PM configuration.

Then on the User/Users, local or Domain set the needed profile, in this case the Copenhagen

profile again.

The Policy settings can be done on AD Group, AD OU or individual/local users.

On the Server Config / Authentication one of below need to be set before AD users can

receive the correct PM configuration.


ONE Q DIRECT and Offline print

Important: Offline print is not supported when selecting Job Target as Connect Server. It

requires direct access/communication to the One Q server.

With the setting for direct printing, in case of Push printing, the job is sent directly from the

workstation to the device.

For Pull printing, the jobs are stored locally on the workstation, and following authentication

on the device and selecting print jobs, the job is sent directly to the device.


In the Print Monitor config, Job Target must be set to VDMS Direct Print

Below is the setup step by step.

You need to create one Pull Queue and/or some Push Queues with assigned Terminals set up

as Push devices.

Above picture shows one Pull queue and 2 Push queues

On the workstation, the printer driver and Print Monitor must be installed.


Driver pointing to Print Monitor Port with the same printer name as the Pull Queue on the

server.

Print Monitor set up with Queue and server address, in below setup, server 81 (192.168.1.81)

Test setup by stopping services on the server.

After some time, the popup below will appear, and it is possible to print push jobs to any

devices in your setup.

Tracking data from jobs printed in offline mode will be sent to the server, when server is

online again.


It will take up to 10 min before the server DB is updated.

Depending of the time stamp in the local DB, the same job printed twice within a short

timeframe may be reported to the server as one job but with the correct number of tracked

pages matching the output on the device.

If you try to print for the first time to a server which is down, there will be no cached printers

and the below will be shown.

If the direct printing does not work, please check the DNS. It might be at DNS lookup

problem.

It is mandatary that the DNS is set up correct to get to allow offline printing.

Below is an example where the DNS does not work, but IP-address lookup does work


The server log shows the sending PC host name, in this case MPJ-PC.

Print Monitor USB printing

It is possible to use the Print Monitor for tracking of the USB printing performed on a

workstation. Some conditions must be met before that it is possible.

• The Workstation must be a part of the corporate network, DNS and under control of

the IT department

• User must not have local Admin rights to be able to change Security settings on the

local USB Printer

• One Q Print Monitor must be installed on the Workstation

• A queue like Follow-Me with a server profile must also be installed on the Workstation

• Check firewall rules if printing is not possible

On the One Q Server create a Terminal.


The IP address is the Workstation address where the USB printer is installed.

Naming of the Terminal: It is recommended to use a name that relates to the user for example

below is Lexmark USB MPJ.

Then create a Push Queue that points to this terminal.

Create a Print Monitor profile

Next step is to decide how users can print, as the below shows.


Solution one queue/workstation

Install a driver and Print Monitor on the workstation and point to the server IP and name the

driver with the same name as the Push Queue, here it is USB MPJ

Remember to assign the PM config to the Queue.

Do this for all users/workstations.

Solution one queue and many workstations

Install driver and Print Monitor on the workstation and point to server IP and name the printer

with the Queue name, in this setup like below USB Print

Create a new queue on the server, etc. USB Print and assign the Print Monitor profile to the

Queue.

Then create the required Terminals and Queue for users/workstations on the server


When printing, the below will appear:

Selecting USB Print and print, below popup will show

Select USB MPJ

Select OK and job will print on your USB printer.

Next time user prints, the selection, in this case USB MPJ, will be at top.


The Print Monitor remembers the last 5 printer selections.

Job is printed to the USB printer and tracked on server.

If Offline print has been enabled in the Print Monitor profile, the user can also print in offline

mode (server down or no network connection).

Security settings for USB printing

Please note that if no action has been performed on the workstation regarding security, the

User can bypass the Print Monitor setting and no tracking will be performed on the server.

The Workstation needs to be locked, to prevent the user to print by standard USB port.

Please remove all "Allow Print" for users except for the Administrators.


Print Monitor handling Server rules

• Jobs printed to server—Jobs send to server will be handled the same way as described

in Chapter 28

• Jobs printed locally, ONE Q DIRECT—Jobs are printed and stored locally on the

workstation. The impact of this feature is that some combinations of rules might not

work, because the job never passes through the server and some rules require his.

Below are examples of rules that work.

Troubleshooting

Print Monitor can´t connect to server or some error occur.

There are as standard no Print Monitor logs on the workstation.

Log can be started for trouble shooting.

Create a folder like PM

In a CMD prompt type (remember to ‘Run as Administrator’):

cd C:\Program Files (x86)\Ubiquitech\PrintMonitor

printmonitor.exe --kill

printmonitor.exe --log-to-file c:\PM\printmonitor.txt


Chapter 27: Backups

Backups are configured in this section. For immediate backup choose Manual Backup and for

repeated backups choose Scheduled Backups.

To run an ad hoc backup, simply press Create backup, give the backup file a name and select

what to backup. Click the backup Name and the backup will be saved in the directory chosen

for backup in the ‘Administration, Server config, Backups’ section. A Windows popup will

show where to save the file.

Under Sources it is possible to select one or more source to import


You can Merge the data or Delete existing data.

Repeated backups can be set up to occur at the same interval of minutes to annually.


Chapter 28: Licensing

The newly installed One Q Server applies the trial license and allows managing 5 terminals

and 5 Print Monitor clients for 30 days. Additional 30 days can be requested by contacting

One Q staff.

To extend the trial period, click Extend… and enter the code received from the One Q staff.

The trial version has a limited functionality. To apply for a custom license, send a request to

[email protected] providing the following required information:

• Server ID

• Server Host name

• Company name

Once you receive the licensing file, you can upgrade your license:

1. Click Browse and select your licensing file, received from One Q staff.

2. Click Upload and validate license.

3. Click Install after the file is validated.

mailto:[email protected]


The License Information page is reloaded and displays the information taken from the

license file. The parameters on the page cannot be edited.

Chapter 29: Log viewer

The log viewer can show the technical logging, not to be mistaken for the logging (tracking)

used for reporting for either the One Q server (Core) or Web (the administration tool). If web

clients are installed, there will be logs for those web applications too.

The logging from core is showing all events, like printing, copying, sign on (failure) etc. but

also changes in settings.


The logging from the Web will only be used if errors occur and consequently used for solving

problems.

Example, user "Administrator" not found locally on server or in AD

The log can be exported to a text file.

Info in logs can be shown in a verbosity order.


Chapter 30: Templates

Standard templates can be found in the folder C:\Program Files\Ubiquitech\VDMS

Server\conf\templates

It is possible to open and modify these files with the information that is to be sent out to

users.

If the server language is set, for example to "Danish", then file ** _ da will be selected and

sent. If this file does not exist, then the default file will be selected.

For example, the template for Terms and conditions on the "My Profile" portal:


Please open the template in Notepad, make the changes and remember to save file in UTF-8

format.

Supported languages:


Chapter 31: User interface, when users login via WEB

Login at the web interface https://server-adr:8443 will show the below window:

Left hand side shows standard login, right side shows login where user registration is enabled

(self-creation of a user account)

First section will show web interface with different settings, second section will show User

Self-creation process.

User web

Below is a web login as a standard user local user, in this picture mpj with no job in QUEUE

Here it is possible for the user to upload documents to server or change the user profile

• Full name

• E-mail address

• Additional e-mail address

https://server-adr:8443/


• Password

On the job it is possible to delete job or change status to Favorite (save job, system will not

delete it)

And check the printing history.

If the user is an Active Directory user (AD user) then some of the fields in the profile will be

locked.

Enabling below settings on the server, administrator/jobs, Permissions and WEB upload.


The view for the end users will change and show the new features for the user.

Users now have the additional features to select

• The Short ID is randomly created, can be shown, deleted and regenerated

• It is possible to upload documents to the system, such as Excel, Word or PDF files.

• It is possible to select a job and print it directly to a Terminal

• It is possible to assign your job to another user

• Change status from a normal job to a Favorite job (will not be deleted by system) or

share job with all users so they can print it (they can´t delete it). For example, a teacher

printing on behalf of students.


Enable user registration

When enabled, user registration allows users to create a local profile on the server.

When below settings are enabled by the Admin on the server, the users can create their own

profile.

Login at the web interface https://server-adr:8443 will show below window:

Selecting Sign up the below window will show:

Here, the user can fill in the required information and select Register.

https://server-adr:8443/


If below shows, then the mail cannot be sent from the One Q server to the mail server. The log

viewer will allow troubleshooting of such a problem.

An activation mail will be sent to user.

The user needs to follow link to activate their account..

Looking at the user profile on the server, the profile is not activated yet.


And if user tries to log in, the below error message will be shown.

After activation via the link in the mail, the below will be shown to inform the user that their

account has been activated.

The user will also receive a confirmation mail, regarding the activation of the account.

Now user can log in and print.

Appendix A: Connecting to an external Database

The Database connection can be changed to MS SQL or PostgreSQL following installation. It

is not possible to disable or remove the bundled PostgreSQL database - it is an integral part


of the solution and the other services depend on it. It is also used as a fall back database if

there is no connection to the external one.

Hikari DB pools allows setting up connection properties which can be entered into the

Properties field of the Database Configuration dialog. List of properties is available at

https://github.com/brettwooldridge/HikariCP.

Also, it is possible to fine tune datasource properties (the "dataSource." Prefix is required in

this case), for example:

dataSource.cachePrepStmts=true;

dataSource.prepStmtCacheSize=250;

dataSource.prepStmtCacheSqlLimit=2048;

It is possible to set several properties at time.

Completely removing properties from input and saving configuration restores initial

properties values. Partial replacement of properties does not produce restoring of initial

values.

https://github.com/brettwooldridge/HikariCP


So in case of usage of several properties at a time, like propA=A;propB=B; the partial

change of property B to property C should be performed in in the following way:

1. Clean properties input and save configuration (at this time all initail values will be

restored).

2. Set the needed properties propA=A;propC=C;

External Microsoft MS-SQL Database

The 'vdmsng' database must be created there; authentication of the MS-SQL server must be

set to 'mixed'.

Username and password are dependent on the MS-SQL server settings.

External PostgreSQL Database

Username and password are dependent on the PostgreSQL server settings.

Connecting to Shared DB and JOB storage

The following changes are needed for all the One Q servers which should connect to the

remote database and JOB storage.


Go to the web interface of One Q Server and log in as an administrator (vdmsadmin or

similar)

Go to Administration -> Advanced and go to Database connection URL and add the link to

the MS SQL or PostgreSQL

Change the IP address with the DNS name or IP address of the server where the database is

located!

Press Save.

If you get "Unable to modify config section!" check the log file for information.

Probably there are connection issues to the PostgreSQL server so check the pg_hba.conf file

for syntax errors and whether you have entered correct IP address!

To apply the changes and change the database, the services should be restarted.

Once the services are up and running you can log in to the web interface as user: vdmsadmin,

password: vdmsdemo


If there are more One Q servers then repeat steps for all One Q servers!

Change Job storage location

You should also remember to change the job storage location.

The One Q Server service in Windows Services must be logged on as a user with

administrative rights.

On the server where the jobs should be stored, you have to share the folder and set

permissions so the user with the administrative rights you set above has read/write access.


Go to the One Q web interface under Administration->Jobs and enable the following:

Remember, if you use custom storage with UNC paths then the vdms core service must be

running under some account with access rights to this shared folder (e.g. Administrator).


Appendix B: Connect Server

Introduction

VDMS Connect is a standalone server component that runs on a separate print server and is

responsible for job storage, on-demand job printing and job deletion. All the tracking,

accounting and permission checks are performed on the remote One Q server, which only

contains job information and a reference url.

Important note: VDMS Connect cannot be installed together with One Q software on the

same server.

System requirements are:

• VDMS Connect Server installation running on a separate server

• Supported servers include: Windows 2008 R2 Server, Windows 2012 and Windows

2012R2

• 2 GB RAM

• 20 GB free disk space for the job storage area, database and application

• Following port is use

• UDP 8700 (One Q Server <--> VDMS Connect)

• Raw TCP 9100 or IPP (Print protocol) TCP 631


Installation

VDMS Connect is delivered as a single executable installer file. Installation consists of running

the installer, accepting EULA and choosing the installation directory.

Configuration

VDMS Connect accepts jobs from two different sources:

• Printed through Windows print queue

• Printed through One Q Print Monitor or Easy Manager


Print queue configuration on Connect server

To create a print queue connected to VDMS Connect start a new printer wizard, choose "Local

Printer", choose "Create new port type", then select "VDMS Port Monitor" from the drop-

down list.

All the jobs printed to that queue, will be delivered to One Q Connect software.

The original Win 2012/2016 Class 4 drivers cannot be used with port monitor, please use class

3 driver (download it from vendor web site).

After the queue is created, it is necessary to specify the address of the One Q Server, where

VDMS Connect will send the incoming job information.

This address is specified in the configuration file:

INSTALLDIR\conf\connect.properties,

Where INSTALLDIR represents the target installation directory (default is

C:\Program Files\Ubiquitech\VDMS Connect).

This configuration file contains 2 mandatory settings that must be specified:

vdms.server.primary – the address of One Q primary server where the job information will be

sent


network.serveraddress – the address of this sever where VDMS Connect is currently running.

This address will be used by One Q Server to control the job (printing or deleting). It is auto

detected.

Optionally the vdms.server.backup can be specified in the failover installation. This option

contains the address of the backup server.

It is not necessary to restart VDMS Connect after configuration file change. The settings will

be applied immediately.

The Connect operational mode, storage or relay is:

1. storage, store print-jobs locally on the Connect server

2. relay, print-job is send to Primary and Backup server (ALWAYS to be used when

installing on a Mobility Printing server)

The failover policy must be defined in the field

Failover policy set to 'both' or 'single'

# cluster peer address to duplicate the job data.

cluster.peer =

Here a Cluster server (Another Connect server) can be typed in, jobs will be sent as a duplicate

to this server.


Print Monitor configuration printing to Connect server

Alternatively, Print Monitor can be used for printing to VDMS Connect. In this case, no extra

configuration is required on VDMS Connect side, only the Print Monitor needs be configured

to work with VDMS Connect software.

To configure Print Monitor on client PC, open the printing queue configuration (either using

printer properties/Ports/Configure button or by right-clicking on the 'Q' icon and choosing

the appropriate printer), in the opened configuration choose the job target as "VDMS

Connect" and enter VDMS Connect server address.

Below settings can also be controlled by a Print Monitor profile on server.

Print Monitor will send job data to VDMS Connect and job information to One Q Server.

Appendix C: Google Cloud printing

Only working on server version 5.0.5 or newer.

One Q can use the standard printing functionality in Google Cloud printing on mobile devices

and PC/Mac to print to Pull Queue or Push devices


To setup and get Google Cloud printing to work below prerequisites and requirements are

needed for a successful installation.

• A driver must be installed, and setup correct etc. paper size and color selection

• Google Chrome Browser must be installed on the same server as the VDMS server

• Google Cloud Print Services must be installed on the same server as the VDMS server

• A Special Google Cloud Print rule must be created on the VDMS server to extract the

users’ gmail information

Setup Google Cloud printer

On the server, install the required printer driver and setup per requirement like paper size,

color etc. and point to VDMS port monitor port.

Below description use the driver with the name "One Q Google Cloud print"

On the VDMS server install Google Chrome Browser

You have to install Google Chrome on the server where VDMS is running and perform the

initial setup via that browser. Remember, on top of this, some rules on the VDMS server

have to be created. This is also covered in chapter 39 under 'testing'.

For Linux, you also need to create the print queue in CUPS and assign a PPD file for it.

It can be done from a terminal session with the following command:

lpadmin -p google -v vdms-cups:// -P generic.ppd -E

Make sure the generic.ppd is present in the same directory where you run the command

from.


It will add a printer name 'google' so if you want to name it something else simply replace

'google' with something else in the command line.

Install Google Cloud Print services from https://tools.google.com/dlpage/cloudprintservice

https://tools.google.com/dlpage/cloudprintservice


Launch the Google Cloud Print Services on the server where VDMS is installed and log in. The

username used for logging in will be the one running the service, so make sure the user has

the required rights to run the service.


Log in with your Company Google account.

Select the printer or printers you would like to be used for Google Cloud Print.

Open the Google Chrome and log in at www.google.com/cloudprint

http://www.google.com/cloudprint


Select Printers

Select the printer, here One Q Google Cloud print and select Share


Select Change

Change it to "Anyone with the link has access to the printer"


Select 15 days and change it to ‘Unlimited quota’ settings

Select Save

Copy link and send it to the End users.

Or use the link as a QR Code


Testing Google Cloud print

Each user must activate the link or QR code and log in to their own Google account. This will

import the printer to their Google account.

Copy the link and open it in a Google Chrome browser

Select Add printer and printer is now added to your Google account.

When printing from Android, iOS, PCs etc. the user must be logged in to their Google

account.

Print a job from Google Cloud to the One Q Server.


Check the logs on the One Q Server.

This indicates that a user has printed a job:

[email protected]: 20170420_143351.jpg to the queue=One Q Google Grid

Print

This needs to be corrected with a rule so user MPJ can be the owner of this job.


For this user MPJ needs to be the owner of [email protected]

And a rule needs to be created.

Below example shows two rules, one for local and another for domain users

Remember, you need to create a rule with one Condition and two Actions

Conditions as text: \s*$(GMAIL)@gmail\.com:\s*$(GTITLE)$

Actions as text: $(GMAIL)@gmail.com

Actions as text: $(GTITLE)


Below example shows 2 jobs, one before rule was activated and one after activating the rule

which validates and assigns it to email [email protected] belonging to user MPJ

Printing:

When printing using the standard Google Cloud printer

• On mobile units, please use Google Cloud to print or download an APP that can do the

printing for you. This is a standard solution on the mobile device, in case of problems

please contact the vendor of the mobile device.

• On the browser, login with your Google account at www.google.com/cloudprint

http://www.google.com/cloudprint


Under Upload file to print, you can select e.g. Word and PowerPoint files to print.

Troubleshooting:

If you experience that the Google Cloud printing queue stops processing jobs, as in the

example below, it could be related to a server restart, network error or other problems.

If the queue is not resumed automatically after the problem has been resolved, then please

restart the Google Cloud Print services on the VDMS server.


Appendix D: Console mode, for troubleshooting

Looking in the "All programs" folder, under One Q VDMS Server 5.0 you will find below.

Normally VDMS Server core and VDMS Server web server are running as services.

You can start them in console mode, which can be useful for example if there are any start-up

issues - you might be able to see the errors dumped in the console window.

It is only for troubleshooting purposes.

Use command line for that

C:\Program Files\Ubiquitech\VDMS Server\bin\vdms-xxx.bat console

where xxx is server, web or web client.

Appendix E: Migrating from ver. 3 to ver. 5

The Migration Tool is for migrate VDMS server ver. 3 to existing ver. 5.

Please contact One Q support before migrating.

Please follow the steps. Remember to backup server before migrating.


Appendix F: Activate print, assign and preview for Admins

The possibility for the One Q server admin to be able to print, assign, preview and download

users jobs, has been removed from the server due to EU GDPR regulation.

Enabling this function is a breach of the EU GDPR regulation.

One Q disclaims all liability if One Q partner or customer using One Q server, change this

feature so that it is possible to use these print, view, assign or download features.

To enable this function, you need to modify the wrapper-vdms-web.conf file on the server.

The below line must be added

wrapper.java.additional.4=-Dpreview=true

Open the file from the conf folder

Edit and modify the file.


Add the line to the file.

Restart all VDMS services on the server.

Please check with an admin account.

Remember after an upgrade this wrapper-vdms-web.conf file is over written and above task

need to be performed one more time.

Appendix G: How to setup Azure

Please contact One Q personnel for Azure LDAP setup.

Appendix H: How to dump job to file

How to dump job to file after VDMS processing after applying e.g. rules.

Remember, enabling this function is a breach of the EU GDPR regulation.

Sometimes it's may appear necessary to investigate at print job that VDMS sends to devices

after all conversions.

VDMS has special protocol for it, but it's hidden by default. You can unhide it for testing

purposes

1) Uncomment item File in C:\ProgramData\Ubiquitech\VDMS

Server\data\temp\jetty………r\webapp\app\admin\inc\editterminal.xhtml

DON'T FORGET TO MAKE A BACKUP COPY OF THE FILE FOR THE CASE IF YOU MESS IT UP

The action needs to take place on the server and it is recommended to use an editing tool.

For this demo we use Notepad ++

The file must be edit.

Edit with Notepad++ and modify

Find 

Modify to

<f:selectItem itemLabel="#{res.file}" itemValue="FILE" />


On the Window/Linux server create a folder where to send printjob to, e.g. c:\temp.

One the One Q web interface create a push device like

Then create a Push Queue pointing to the Push terminal


Print the job and collect it in the c:\temp folder.

Appendix I: Email2Print/Web upload on One Q server

Note Email2Print Web upload features are only available with LibreOffice 6.3.1 or higher

installed on One Q Server (for more information, refer to LibreOffice for Windows or

LibreOffice for Linux).

Email2Print is an option for the users to send e-mail with attachment to a company e-mail

addresses and print from One Q solution.

Web upload provide the possibility to upload a document, e.g. Word file to server and server

convert into a format that can be printed on a device.

• Only support conversion of attachment to one Pull queue.

• Push queue/devices are not supported.

The One Q server Email2Print services will every 60 sec. make a request to the e-mail server

and collect the jobs (attachment only) send to the e-mail address.


Only attachments are converted and visible in the user interface. The mail itself is not printed.

Attachment is converted to PDF format and can only be printed on devices supporting PDF

print/Postscript or creating a Rule Convert job to PCL XL.

Create a rule that convert PDF job to PCL.

It is also possible to create a rule that denies the user to release a job on a device that do not

support Postscript.

Email2Print system is a part of central One Q VDMS server.

Configuration is done via One Q Server.

LibreOffice for Windows

1. Install LibreOffice

2. Create queue

3. Setup POP3 server in VDMSADMIN

4. Create user

5. Test user

In order for the system to operate on the machine where One Q Server is installed, the

partner should install LibreOffice 6.3.1 or higher for Windows 64 bit.

(https://www.libreoffice.org/download/download/). LibreOffice performs the conversion from

supported formats sent by users to PDF that are thereafter created as jobs in the configured

queue.

The LibreOffice will be installed into the following folder:

• c:\Program Files\libreoffice\program\soffice.exe


Please modify path in the Server Config > Guest printing tab.

LibreOffice for Linux


2. Create queue

3. Setup POP3 server in VDMSADMIN

4. Create user

5. Test user

In order for system to operate on a server with VDMS installed, it is recommended that

version of LibreOffice 6.3.1 or higher for Linux is installed.

(https://www.libreoffice.org/download/download/). LibreOffice performs the conversion from

supported formats sent by users to PDF that are thereafter created as jobs in the configured

queue.

Install libreoffice

Ubuntu: sudo apt install libreoffice

CentOS: / RedHat: sudo yum install libreoffice

Run these two commands (same in both):

sudo mkdir /home/vdms-run

sudo chown vdms-run /home/vdms-run

The LibreOffice must be installed into the following folder:

/opt/libreoffice6.3/program/soffice


Queue setup on One Q server

After you installed VDMS server and LibreOffice, you need to create the queue and a user

with email to test functionality. The system will check the user by his/her email address and

emails from unknown users are ignored.

Test with a local user first. Following this, a test with an AD account can be performed.


Email2Print setup on One Q Server

Now, when the correct information has been entered, users can start using the system.

User setup with 2 email addresses

User MPJ have 2 email addresses assign to the account, [email protected] (cooperate mail) and

a private mail. System can validate access to the system for two mail addresses.

Below tested with local an AD user.

Please make sure that the user validation on the queue is setup correct for e-mail validation.

If error, please see logs for more info.


Usage

In order to print job via email, a user should send an email from the email address, registered

for his/her user record, to the email that is entered as a POP3 username. In the case shown on

screenshots, we have sent an email from [email protected] to [email protected].

Any files you want to be printed should be attached to the email.

Supported file formats

• MS Word: doc, docx

• Libre/Open office Write: odt

• MS Excel: xls, xlsx

• Libre/Open office Calc: ods

• MS Powerpoint: ppt, pptx

• Libre/Open office Impress: odp

• Images: jpeg, png, gif, bmp, tif

• PDF, RTF

• txt, html

Limitations:

With Microsoft Excel Macro-Enabled Worksheets (.xlsm), the conversion can sometimes fail,

and no jobs will be shown on the user interface.

Troubleshooting for Email2Print

We have seen in some setup it is requirement of import mail server certificate into the

truststore.jks for the One Q server to be able to handle the Email2Print workflow.

Please see chapter 11 or Appendix D for more info how to install.

Upload2Print setup



2. Create queue

3. Select queue

4. Test upload

Supported file formats for Upload2print

• MS Word: doc, docx

• Libre/Open office Write: odt

• MS Excel: xls, xlsx

• Libre/Open office Calc: ods

• MS Powerpoint: ppt, pptx

• Libre/Open office Impress: odp

• Images: jpeg, png, gif, bmp, tif

• PDF, RTF

• txt, html

Limitations:

With Microsoft Excel Macro-Enabled Worksheets (.xlsm), the conversion can sometimes fail,

and no jobs will be shown on the user interface.


Appendix J: One Q Mobile Print Application

The One Q Mobile Print is the printing management solution intended for Android and iOS

mobile devices. It works with the print queue created in One Q Server and allows printing

documents using a mobile device while scanning the QR-code attached onto the terminal.

With One Q Mobile Print you can view your print jobs, add new documents to the job queue,

manage print options and send the documents to a printer.

Enabling mobile printing for existing customers

If you already have the One Q Server installed and want to enable the mobile app printing, do

the following:

1. Upgrade the One Q Server to version 5.1.6. Refer to the Updating One Q Server

section for more information.

2. Install (or upgrade) the LibreOffice suite to version 6.2.4 or higher for Windows or 6.3.1

or higher for Linux. For more information, refer to the sections below:

• LibreOffice for Windows.

• LibreOffice for Linux.

LibreOffice download page: https://www.libreoffice.org/download/download/

3. Create a queue called "W2P". For more information on queue creation, refer to

Queues.

4. Obtain a Company ID Code from One Q to be able to print using the app. Please

contact your local One Q sales responsible to request the Company ID code.

Enabling mobile printing for new customers

The new customers need to follow the following steps in order to enable the mobile app

printing:

1. Install the One Q Server of version 5.1.6 or higher. Refer to the Installation section for

more information.

2. Install the LibreOffice suite to version 6.2.4 or higher for Windows or 6.3.1 or higher for

Linux. For more information, refer to the sections below:


• LibreOffice for Windows.

• LibreOffice for Linux.

LibreOffice download page: https://www.libreoffice.org/download/download/

3. Create a queue called "W2P". For more information on queue creation, refer to

Queues.

4. Obtain a Company ID Code from One Q to be able to print using the app. Please

contact your local One Q sales responsible to request the Company ID code.

Appendix K: Scan2workflow setup on One Q server

Setup the Scan2workflow server and the workflow is not a part of this manual, only the

internal workflow from scan device to server and to the destination scan folder before it is

pickup by the Scan2workflow process and handle according to the customer wish.

One Q support can support the setup of the Scan2workflow, any error will be forwarded to it-

scom.com, the vendor of Scan2workflow. The configuration and fine-tuning of the workflow

is handled by partner together with customer.

Supported on Epson, HP and Ricoh vendors.


Scan folders on One Q server, basic setup

On the One Q server, you will need to create the required folders. This is where scan jobs

appear following scanning from a device and before the Scan2workflow server steps in and

the workflow process starts.

This section is the basic setup and are needed for all vendors.

As an example, please see the 8 folders created below for the scanning workflow

To handle this, you need to create a txt file containing the folder names.

This file can be place in any directory on the server and has been created in the scan folder

below

The file looks like this, naming must be without special characters, but it must be a txt file.


A folder like Rene will work but a folder like René will not work/show on device.

On the One Q server, under Advanced setup.

When scanning to the destination folders, 2 files arrive

A document file and a XML file, type are depending of scan selection.

The 5 other files are system files from the Scan2Workflow server.


The XML file contains info e.g. user, time stamp

The extra field, marked with yellow, can be typed in under the scan process on the devices.

This field can be used for additional workflow process.

Each vendor has its own layout, this related to what is possible via vendor development

platform.

Scan2workflow for Epson:

Install the webclient-Epson on the One Q server and verify that the folder Epsonshare has

been created in folder C:\ProgramData\Ubiquitech\VDMS Server\data\temp.


Please share folder and make sure that everyone has read/write access.

You also need to enable Guest account, this way the device can login and deliver job in above

folder.

Windows Policy Management on server for Epson folder

Group Policy Management

On server open Group Policy Management

1. In Group Policy Management (GPMC), double-click Group Policy Objects.

2. Click the GPO that you want to edit.

3. In Group Policy Management Editor, expand to Computer Configuration->Policies-

>Windows Settings->Security Settings->Local Policies->Security Options

4. In the right panel, please double the "Accounts: Guest account status" item and then

check "Define this policy setting"->Enabled.


Local Security Policy

1. In Local Security Policy,

2. Click on Local Policies

3. Select Security Options

4. In the right panel, please double the "Accounts: Guest account status" item and then

check "Define this policy setting"->Enabled.


1. In Control panel

2. Open the Network and Internet / Network and Sharing Center / Advanced sharing

settings

3. Turn on the file and printer sharing

On the One Q server, create a terminal or group with below settings, please refer to Epson

manual for more info.


On server, create the folders where to divert the scan job to.

Scan2workflow for HP:

Only supported on HP version 1.4.5 and newer.

No server setup except the standard Appendix J: Scan2workflow setup on One Q server

The HP Webclient handles the workflow from scan device to scan destination folders.

Scan2workflow for Ricoh:

Only supported on Ricoh version 3.5.0 and newer.

No server setup except the standard Appendix J: Scan2workflow setup on One Q server

The Ricoh client handles the workflow from scan device to scan destination folders.

Appendix L: Linux hints

Configuring Firewall in Ubuntu:

ufw status verbose

ufw enable or disable


echo y | ufw enable (automate "Yes")

ufw show raw (for debugging)

ufw allow 8443/tcp

ufw allow 8700/tcp

ufw allow 8701/tcp

ufw allow 8702/tcp

ufw allow 8703/tcp

ufw allow 8710/udp

ufw allow 8712/tcp

ufw allow 161/tcp

ufw allow 389/tcp

ufw allow 631/tcp

ufw allow 995/tcp

Deleting:

ufw delete allow 8443tcp etc.

Logging:

ufw logging on

ufw logging off

Good article for information:


https://help.ubuntu.com/community/UFW

Linux Stop/Start services

systemctl start vdms-pgsql

systemctl start vdms-web

systemctl start vdms-server

systemctl stop vdms-pgsql

systemctl stop vdms-web

systemctl stop vdms-server

systemctl restart vdms-pgsql

systemctl restart vdms-web

systemctl restart vdms-server

Convert PS to PCL on devices not supporting PostScript

Install the Foomatic on the server and later on the device use a PPD e.g. like

Generic-PCL_6_PCL_XL_Printer-pxlcolor.ppd

yum install foomatic

Disable Firewall ports

sudo iptables -I INPUT -p tcp -m tcp --dport 8710 -j ACCEPT


sudo iptables -I INPUT -p tcp -m tcp --dport 8700 -j ACCEPT

systemctl stop firewalld

----------oOo-----------

One Q is a registered trademark of One Q Technologies A/S. All rights reserved.

All other trademarks are the property of their respective owners.

version 5.1 - one q · terminals without installing a printer driver host printing host printing is...

Documents