YSoft SafeQ 5 - Documentation

making the MFDs think™
YSoft SafeQ 5
February 03, 2016
February 03, 2016
TABLE OF CONTENTS
1 What is YSoft SafeQ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2 Introducing YSoft SafeQ 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.1 More high-level details about YSoft SafeQ 5 features follow: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.1 Maintenance Update 28 (04/02/2016) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.8 Cumulative Update 2 (04/08/2015) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.2.20 Cumulative Update 1 (20/11/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.2.21 Service Release 9 (16/10/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.2.22 Service Release 8 (25/09/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.2.23 Service Release 7 (04/09/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.2.24 Service Release 6 (14/08/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2.2.25 Service Release 5 (24/07/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.2.26 Service Release 4 (03/07/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.2.27 Service Release 3 (12/06/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
2.2.28 Service Release 2 (30/04/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.2.29 Service Release 1 (10/04/2014) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
2.3 Product Lifecycle Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.3.1 YSoft SafeQ Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.3.2 Additional SafeQ Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.3.3 SSL Certificate Expiration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
2.4 Early Access Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.4.1 What is Early Access Program? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.4.2 How can I join the Early Access Program? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.4.3 What if...? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.4.4 Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
YSoft SafeQ 5 2
February 03, 2016
2.4.5 Billing Code selection for Printing at the terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

2.4.6 Access rights for Fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
2.4.7 Display session summary at Ricoh printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
2.5 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
2.5.1 Changes in the licensing model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
2.5.2 Module overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
2.5.3 License use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
2.5.4 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
2.5.5 General license data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
2.5.6 Activating YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
2.5.7 Trial Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
2.5.8 Request license upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 . . . . . . . . . . . . . . . . . . . . . 80
2.6 Supported Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
2.6.1 Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
2.6.2 YSoft SafeQ web interface and YSoft Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
2.6.3 External and Embedded Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
2.6.4 YSoft SafeQ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
3 YSoft SafeQ 5 Feature Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
3.1 Feature list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
3.1.1 CRS (Central Reporting Services) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
3.1.2 Connector for AirPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
3.1.3 Delete jobs after printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
3.1.4 Device Counter Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
3.1.5 Distributed server system - Private Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
3.1.6 Free Money Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
3.1.7 Green Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
3.1.8 Identity management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
3.1.9 JDBC connection pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
3.1.10 Local Administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
3.1.11 Office Print Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
3.1.12 Price list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
3.1.13 Project Print Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
3.1.14 Rule-based Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
3.1.15 Scan to SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
3.1.16 Server failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
3.1.17 System Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
3.1.18 System and User tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
3.1.19 Usage and Cost reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
3.1.20 User Roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
3.1.21 YSoft Mobile Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
3.1.22 YSoft SafeQ Client features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
3.1.23 YSoft SafeQ Security Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
3.1.24 YSoft SafeQ Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
3.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
3.2.1 YSoft SafeQ 5 server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
3.2.2 Workstation software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
YSoft SafeQ 5 3
February 03, 2016
3.2.3 Hardware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

3.2.4 Software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
3.2.5 Network communication overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
3.2.6 Typical deployment scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
3.2.7 Pre-installation checklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
3.3 YSoft SafeQ Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
3.3.1 Embedded Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
3.3.2 External Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
3.4 Terminal features in detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
3.4.1 MFP Walkup Functions Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
3.4.2 Copy Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
3.4.3 Scan Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
3.4.4 Project Copy and Scan Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
3.4.5 Print Roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
3.4.6 Print job list management and re-print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
3.4.7 Delegation Print (VIP Shared Queues) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
3.4.8 Workgroup print sharing (Shared Queues) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
3.4.9 Workflow scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
3.4.10 Card self-assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
3.4.11 Print data transfer compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408
3.4.12 Terminal monitoring via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
3.4.13 Print data transfer encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
3.4.14 Credit handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
3.4.15 Showing personal and virtual balance on Embedded Terminals . . . . . . . . . . . . . . . . . . . . 434
3.4.16 Differences between shared queues and Delegation Print (VIP shared queues) . . . . . . . 435
3.4.17 Printing from USB on YSoft SafeQ Embedded Terminal for Konica Minolta . . . . . . . . . . . 436
3.4.18 Support for regional characters in job names - setup and usage . . . . . . . . . . . . . . . . . . . . 438
3.4.19 Support for regional characters in job names - Xerox and Ricoh . . . . . . . . . . . . . . . . . . . . 439
3.4.20 Terminal Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
3.4.21 Terminal Failover Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
3.4.22 USB reader overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
4 Administrative Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
4.1 YSoft SafeQ Server - Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
4.2 Using YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
4.3 YSoft SafeQ Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
4.4 Workstation Client - Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
4.5 Individual Sections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
4.6 Administrator Quick Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
4.6.1 What you get when you download YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
4.6.2 Installing YSoft SafeQ – Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
4.6.3 Installing YSoft SafeQ – Basic Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
4.6.4 Troubleshooting the installation process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
4.6.5 Logging into YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
4.6.6 Activating YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
4.6.7 Now you are ready! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
4.6.8 Adding users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
YSoft SafeQ 5 4
February 03, 2016
4.6.9 Adding a terminal and configuring Print roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

4.6.10 About direct printing and forced B/W printing from Windows workstations . . . . . . . . . . . . 460
4.6.11 Basic troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
4.7 Web Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
4.7.1 Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
4.7.2 Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
4.7.3 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
4.7.4 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
4.7.5 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
4.7.6 Web interface - Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
4.7.7 Web interface - Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
4.7.8 Web interface - Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
4.7.9 Web interface - Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
4.7.10 Web interface - Billing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
4.7.11 Web interface - Payments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692
4.7.12 Web interface - Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698
4.7.13 Web interface - Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751
4.7.14 Web interface - System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 783
4.8 YSoft SafeQ 5 installation procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809
4.8.1 Installing YSoft SafeQ CML server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 810
4.8.2 Installing YSoft SafeQ ORS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 855
4.8.3 Installing YSoft SafeQ CRS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867
4.8.4 Uninstalling YSoft SafeQ server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
4.8.5 Antivirus Settings for YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 921
4.8.6 Upgrade to YSoft SafeQ 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 922
4.8.7 Installing YSoft SafeQ using bundle installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1006
4.9 Installing and configuring YSoft SafeQ Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021
4.9.1 Embedded Terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1022
4.9.2 Terminal Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1410
4.9.3 Terminal Ultralight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1534
4.9.4 Network Card Reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1550
4.9.5 Remote configuration tool for hardware terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1559
4.9.6 How to connect blocking cable to MFP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1583
4.9.7 FCC statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1626
4.10 Installing and configuring YSoft Mobile print server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1627
4.10.1 Installing YSoft Mobile print server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1627
4.10.2 Configuring Mobile Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1639
4.11 Installing AirPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1656
4.11.1 Installation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1656
4.11.2 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1658
4.11.3 SSL Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1659
4.11.4 Troubleshooting AirPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1660
4.12 Printer configuration for Workstation and Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1661
4.12.1 Adding a printer to print via an LPR port from a Windows workstation or server - Win7 . 1661
4.12.2 Adding a printer to print via an LPR port from a Windows workstation or server - Win8 . 1666
4.12.3 Configuring a printer for LPR printing in Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1672
YSoft SafeQ 5 5
February 03, 2016
4.12.4 Installing YSoft SafeQ Client on a Windows workstation, server, or server cluster . . . . . 1678
4.12.5 Installing YSoft SafeQ Client 2.x and adding a printer on a Mac workstation . . . . . . . . . 1704
4.12.6 Installing YSoft SafeQ Client 4.x and adding a printer on a Mac workstation . . . . . . . . . 1712
4.12.7 Printing from a Windows workstation or server using SafeQ Command Line Client . . . . 1724
4.12.8 Printing from SAP on Windows (SAPSprint) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1725
4.12.9 Print pooling on MS Windows Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1729
4.12.10Shared Print from Windows Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1734
4.12.11Configuring a printer for LPR printing on a Mac workstation . . . . . . . . . . . . . . . . . . . . . . 1735
4.12.12Adding a shared "Print Roaming" printer to print via an LPR port from a Windows Server
2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1739
4.12.13Adding a shared "Print Roaming" printer to print via an LPR port from a Windows Server
2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1758
4.13 Local Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1774
4.13.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1775
4.13.2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1776
4.13.3 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1778
4.13.4 Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1781
4.13.5 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1782
4.14 External scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1782
4.14.1 Using the CSV File Device Replicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1782
4.14.2 Using the CSV File User Replicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1785
4.15 How To Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787
4.15.1 List of 'how to ...' guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787
4.15.2 Configuring and using Rule-based Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1788
4.15.3 Configuring and using Shared Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1789
4.15.4 Configuring Authorized Copying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1801
4.15.5 Configuring Copy Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1802
4.15.6 Configuring Terminal Server web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1803
4.15.7 Configuring File backend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1814
4.15.8 Configuring Green reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1816
4.15.9 Configuring SSL for Web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1819
4.15.10Configuring ID card self assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1836
4.15.11Configuring IPP backend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1839
4.15.12Configuring IPPSSL backend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1840
4.15.13Configuring Office Print Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1844
4.15.14Configuring Print Data Transfer Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1846
4.15.15Configuring Print Data Transfer Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1848
4.15.16Configuring Print job list management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1850
4.15.17Configuring Print job preview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1854
4.15.18Configuring Print Roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1856
4.15.19Configuring Project Copy Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1863
4.15.20Configuring Project Print Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1865
4.15.21Configure Scan Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1869
4.15.22Configure secure printing and Print roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1870
4.15.23Configuring Server Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1873
4.15.24Configuring Terminal monitoring via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1892
YSoft SafeQ 5 6
February 03, 2016
Configuring Terminal monitoring via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1892
4.15.25Configuring WebDav . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1892

4.15.26Configuring Workflow Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1893
4.15.27Enabling and using print price estimation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1902
4.15.28How to disable secured communication between Terminal Server and embedded terminals
1905
4.15.29How to update Terminal Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1906
4.15.30Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1912
4.15.31Selecting certificate of Terminal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1914
4.15.32Use Card Number Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1921
4.15.33Configuring Subscription Model reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1931
4.15.34Configuring etcd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1933
4.15.35Single Sign-On for SafeQ Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1934
4.16 Backup and Recovery Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1948
4.16.1 CML Recovery Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1948
4.16.2 ORS Recovery Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2019
4.16.3 CRS Recovery Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2035
4.16.4 System Sanity Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2053
4.17 Server Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2069
4.17.1 ORS cache recovery guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2069
4.17.2 SafeQ configuration files - CRONTRIGGER Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 2072
4.17.3 YSoft SafeQ configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2076
4.17.4 YSoft SafeQ log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2077
4.17.5 YSoft SafeQ services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2081
5 User Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2083
5.1 Quick Start Guide for End Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2083
5.1.1 Logging into YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2084
5.1.2 Logging out of YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2085
5.1.3 Using your print job list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2085
5.1.4 Changing your password and generating a new PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2090
5.2 Using Mobile Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2092
5.2.1 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2092
5.2.2 Mobile Print web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2092
5.2.3 Guest / Anonymous printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2099
5.3 Using AirPrint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2105
5.3.1 Configuring devices with Mac OS X operating system . . . . . . . . . . . . . . . . . . . . . . . . . . 2106
5.3.2 Send print job to secure queue on devices with Mac OS X operating system . . . . . . . . . 2108
5.3.3 Use finishing options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2113
5.4 Using Delegation Print (VIP shared queues) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2114
5.4.1 Selecting Private Print or Shared Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2115
5.4.2 Viewing information about jobs submitted to Delegation Print (VIP shared queues) -
administrators only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2117
5.5 Using SafeQ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2117
5.5.1 Using SafeQ Client on Windows workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2118
5.5.2 Using SafeQ Client on MacOS 2.x workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2124
5.5.3 Using SafeQ Client 4.x on MacOS workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2130
5.5.4 Selecting billing codes in SafeQ Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2135
YSoft SafeQ 5 7
February 03, 2016
5.6 User Guides - Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2143

5.6.1 Using YSoft SafeQ Embedded Terminal for Xerox (EIP) . . . . . . . . . . . . . . . . . . . . . . . . . 2143
5.6.2 Using YSoft SafeQ Embedded Terminal for Konica Minolta (OpenAPI) . . . . . . . . . . . . . 2237
5.6.3 Using YSoft SafeQ Embedded Terminal for Ricoh (ESA) . . . . . . . . . . . . . . . . . . . . . . . . 2463
5.6.4 Using YSoft SafeQ Embedded Terminal for Fuji Xerox Apeos . . . . . . . . . . . . . . . . . . . . 2545
5.6.5 Using YSoft SafeQ Embedded Terminal for Fuji Xerox with XCP . . . . . . . . . . . . . . . . . . 2630
5.6.6 Using YSoft SafeQ Embedded Terminal for Sharp (OSA) . . . . . . . . . . . . . . . . . . . . . . . . 2710
5.6.7 Using Terminal Professional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2809
5.6.8 Using Terminal UltraLight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2880
5.6.9 Using YSoft Payment Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2896
5.6.10 Using YSoft SafeQ Embedded Terminal for Toshiba . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2899
5.6.11 Using YSoft SafeQ Embedded Terminal for OKI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2965
5.6.12 Using YSoft SafeQ Embedded Terminal for Samsung . . . . . . . . . . . . . . . . . . . . . . . . . . 3032
6 YSoft Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3097
6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3097
6.2 YSoft Payment System and YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3097
6.3 Web browser compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3097
6.4 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3097
6.4.1 Installing YSoft Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3097
6.4.2 Updating YSoft Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3107
6.4.3 Integration of YSoft Payment System with YSoft SafeQ . . . . . . . . . . . . . . . . . . . . . . . . . 3114
6.4.4 Installing Payment Gateway Plugins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3117
6.4.5 PayPal API signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3123
6.5 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3125
6.5.1 Configuring Certificates for YSoft Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3125
6.5.2 Configuring Credit-based Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3128
6.5.3 Configuring SSO for YSoft Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3129
6.5.4 Advanced configuration of YSoft Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3132
6.5.5 Advanced configuration of PayPal Gateway Plugin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3139
6.5.6 Advanced configuration of DIBS Gateway Plugin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3141
6.6 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3144
6.6.1 Administration web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3144
6.6.2 Cashdesk web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3156
6.6.3 Working with Payment System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3176
6.6.4 Account recharging options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3181
6.7 Payment System APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3223
6.7.1 Audit YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3224
6.7.2 Cash Desk YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3227
6.7.3 Customer YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3243
6.7.4 Entitlement System YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3257
6.7.5 Entitlement YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3257
6.7.6 Micro Transaction YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3257
6.7.7 One Step Transaction YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3263
6.7.8 Open Transaction Administration YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3265
6.7.9 Payment Gateway YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3274
6.7.10 Payment System YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3276
YSoft SafeQ 5 8
February 03, 2016
6.7.11 Periodic Recharge Administration YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3280

6.7.12 Reservation YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3298
6.7.13 Transaction YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3299
6.7.14 Two Step Transaction YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3302
6.7.15 Voucher YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3307
6.8 User Management YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3309
6.8.1 Provided endpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3309
6.8.2 Usage examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3309
6.8.3 GetUserByUsername . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3311
6.8.4 AuthenticateByUsernameAndPassword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3311
6.8.5 AuthenticateByCard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3312
6.8.6 AuthenticateByPin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3313
6.8.7 Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3314
6.9 YSoft Payment Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3315
6.9.1 Configuring Payment Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3315
6.9.2 Operating the Payment Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3324
6.9.3 Payment Machine Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3330
6.9.4 YSoft Payment Machine Data Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3331
6.9.5 YSoft Payment Machine Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3335
YSoft SafeQ 5 9
February 03, 2016
DOCUMENT DESCRIPTION
YSoft SafeQ 5 10
February 03, 2016
1 WHAT IS YSOFT SAFEQ?
1.0.1 YSOFT SAFEQ
is a solution which helps organizations wherever their electronic information meets paper –
printing, copying, and scanning.
changes the way organizations print by advancing productivity and security.
protects the environment and reduces costs by controlling print volumes and reducing
unnecessary prints.
YSoft SafeQ delivers comprehensive management and administrative control of all printing, copying
and scanning operations. It provides high levels of security for all documents, cost savings,
conservation of environmental resources, and greater convenience for users.
1.0.1 SAVE COSTS, TIME AND THE ENVIRONMENT
With YSoft SafeQ, your company enjoys complete control over printing, copying and scanning. YSoft
SafeQ enables the administrator to define fixed rules and allocate roles to specific employees within
the company. How a user can print is defined by their role—for example, those with accounting roles
may only be allowed to print in black-and-white, while those with marketing roles may be allowed to
print in color. This helps enforce responsible behavior and leads to lower costs and fewer wasted
resources.
1.0.1 MAKE PRINTING EASIER AND MORE CONVENIENT
With the YSoft SafeQ print solution, users print and scan faster and more easily, saving them time that
they can spend on other tasks. Exciting new features such as Mobile Printing, Job Roaming and
Private Cloud give you total independence—you can print from the airport, from a restaurant or from
home. You can pick up the print job wherever you are within your corporate network—on another floor
in your building, at a location across the city, or even in another country. Central administration lets the
administrator control an unlimited number of locations from a single place, and settings are
automatically applied to other locations and subsidiaries. In addition, scanning is simpler than ever.
With one touch of a button, your document is sent to your email inbox or to a folder you have specified.
As YSoft SafeQ increases convenience and boosts productivity, many of the problems you may have
experienced in the past are eliminated.
1.0.1 PROTECT YOUR DATA AND ACCESS TO MULTIFUNCTION PRINTERS!
Protecting sensitive data and controlling user access to multifunction printers is critical. That’s why
YSoft SafeQ ensures that users of MFPs are always identified through ID cards, passwords or PINs—
and the system controls their access and rights. Users can pick up their print jobs at the printer of their
choice, because YSoft SafeQ makes it possible to print safely, anywhere. The YSoft SafeQ solution
can also precisely account and report the details of all jobs for each printer. Educational institutions and
other organizations can use YSoft SafeQ to charge for printing.
YSoft SafeQ 5 11
February 03, 2016
Learn more about features and benefits
Learn more about typical deployment scenarios
Deployment, Integration and System configuration
'How to' guides
YSoft SafeQ 5 12
February 03, 2016
2 INTRODUCING YSOFT SAFEQ 5
2.1 MORE HIGH-LEVEL DETAILS ABOUT YSOFT SAFEQ 5 FEATURES FOLLOW:
YSoft SafeQ 5 13
February 03, 2016
YSoft Payment System - Allow users to pay for print, copy or scan services in your environment. Users
are charged based on prices defined in YSoft SafeQ, using pre-charged money on their accounts. Users are
able to recharge their account using YSoft Payment Machine (recharging station) and manually-operated
Cash Desk. Integration with third-party systems is possible thanks to robust set of APIs.
Mobile Print Server - Allow your end users to print from devices on the go. No need to teach your users
anything complex or install drivers; the solution is as simple as sending an e-mail or uploading a document
via designated web page.
YSoft SafeQ Embedded Terminal - New browser-based terminal with updated graphical and
interaction design lowers the amount of time your users need to spend with multifunction devices.
Management Reports - Obtain visually beautiful and structured report with one click. Report provides a
complete picture of the print environment, including information about paper consumption, printer utilization,
prints per user for specified period.
Private Cloud Technology - Large deployments are generally supported using distributed architecture
model (central management and local spoolers). YSoft SafeQ 5 brings an improved High-Performance
Offline Remote Spoolers, which are able to handle up to 200 connected devices. With server-level Print
roaming, users can pick up jobs anywhere in the print environment.
Rule-based engine - Apply rules over print jobs. Force monochrome instead of color, double-sided
instead of single-side print. Apply more rules based on different events and options. Simple wizard is
available even for unexperienced administrators.
Collaboration - Multiple users working on a same project, admin picking up jobs for the manager. User
Print sharing - VIP Shared Queues allows sharing print jobs among working groups.
Assignable price lists - Create one price list or custom price list for every user, device or cost center.
Multi-level Billing Codes - Monitor costs for different customers, projects or even departments using
multi-level billing codes (also known as project codes). Users can change the billing code using external or
embedded terminal, or at the workstation.
Reporting - Automatic or manual reports available in web administration, including Green reports and
Central Reporting Services support. Check spent and saved money and allow your users to see their
statistics.
Administration and User web interface - Easy-to-use web interface, which includes Admin Dashboard
and User Dashboard. Admin dashboard provides tools for managing users, devices, print queues, scan
workflows and other parts of the system.
Integrated installation - Basic server installation and deployment wizard. Advanced or large
deployments can be satisfied with set of standalone packages for different parts of YSoft SafeQ.
Licensing System - Flexible licensing model. Product can be quickly activated online or offline. New
license information is automatically distributed within the entire system.
YSoft SafeQ 5 14
February 03, 2016
Information about latest releases is always included in product documentation. See Change Log
for changes in individual service releases.
2.2 CHANGE LOG
2.2.1 MAINTENANCE UPDATE 28 (04/02/2016)
What's new
In Mobile Print Server e-mail notifications, the text of footer can be configured.
Released the last firmware update for YSoft Recharging Station. It also contains support for the new
€20 banknote and other currency updates.
Fixes
Scan workflows can be used multiple times in one session on Toshiba Embedded Terminal.
Currently the second attempt triggered "Scanning error".
YSoft Payment System can now be used with USB print of Fax on Fuji Xerox XCP Embedded
Terminal.
The fax feature is now accessible for users of Konica Minolta Embedded Terminal.
In YSoft Payment System, text of Terms & Conditions in Payment Gateway is no longer required to
be filled, when the Terms & Conditions are not used.
The authentication on Xerox Embedded Terminal used to fail if machine did not respond in time. The
timeout is now configurable.
YSoft SafeQ Client for Mac has the client icon no longer missing in launchpad.
Early Access
Extended accounting of colors - it is possible to account wider range of colors (1 color, 2 color, Full
Color) on Konica Minolta.
It is possible to track all prints, copies and scans that were performed by Public User on Konica
Minolta devices.
New browser based authentication for Toshiba/OKI devices has been added. New authentication
brings several improvements:
New authentication screen with Y Soft branding,
New authentication options including two factor authentication such as PIN and Card,
Support for card self-registration.
YSoft SafeQ 5 15
February 03, 2016
What's new
New firmware 3.15.1 for Terminal Professional and for Payment Machine is available.The new
firmware
Adds support for various special characters to username & password login method and card
registration. We focused on special characters widely used in customer environments which
rely on strong passwords.
Adds "Full keyboard" layout to username & password login method and to card registration as
well. It makes it easier for users to type their username and password than on the legacy 12-
button number pad. The new "login keyboard" settings in service menu allows to select the
default keyboard layout for all users. More information available in the article Terminal
Professional Service Menu Items.
Payment Machine banknote support has been updated. This update brings support for the new €20
banknote and some updates in British Pounds, Singapore Dollars and Israeli Sheqalim.
Improvements in card reading capabilities and support for easier customization for USB card reader,
Terminal Professional and Payment Machine.
AirPrint version 2.3 has been added. This version brings minor fixes and improvements and
also newly adds support for simple print output options - color/bw and simplex/duplex setting.
Fixes
Fixed issue that prevented user who sent a job to shared print queue to release it.
The LDAP replicator service port configuration has been moved from Connect to LDAP screen to the
System Settings to the new configuration property "Y Soft SafeQ LDAP replicator service port".
Early Access
YSoft Payment System allows easier definition of quotas.

Quotas for total number of pages (covering both print and copy pages) are now supported on YSoft
SafeQ embedded terminals for Fuji Xerox, Konica Minolta, Ricoh and Xerox.
What's new
New YSoft SafeQ Client for Windows 2.26 has been released. This version adds adds compatibility
with Microsoft Windows 10.
It is now possible to display user's personal and virtual balance separately on the embedded
terminals. More details are available on Showing personal and virtual balance on embedded terminals
.
YSoft Payment System now downloads e.g. SMTP configuration and currency from YSoft SafeQ by
itself during service start or during periodical checks.
YSoft SafeQ 5 16
February 03, 2016
YSoft Payment System has new default value of timeout for transaction operations sets to 5 seconds.
The limit can be changed in the environment-configuration.properties through "database.
transactionTimeout" property (value is in seconds), in case the infrastructure is slower or is
connected to external payment provider. We do not recommend to set the value higher than 60
seconds.
It is now possible to authenticate to the YSoft SafeQ, YSoft Mobile Print and YSoft Payment System
web interfaces using SAML2. More details available on Configuring Security Assertion Markup
Language 2.0 (SAML 2.0) single sign-on.
It is now possible to set automatic correction of page size for MS Powerpoint presentations sent to
YSoft SafeQ Mobile Print. More details on Configuring Mobile Print Server
Fixes
YSoft SafeQ Embedded Terminal for Toshiba/OKI: Access with unknown cards is now correctly
displayed in the Terminal Access page.
YSoft SafeQ Embedded Terminal for Ricoh now acounts jobs to billing code selected on terminal, not
to default one.
Early Access
It is possible to select Billing Codes for print jobs directly on the embedded terminal. More details are
available on Billing Code selection for Printing at the terminal.
It is possible to restrict the access rights also for fax operations. This allows to prevent unauthorized
access More details available on Access rights for fax.
Improvements in Quotas. More details in Quotas.
It is now possible to define Soft Quotas. When soft quotas are exceeded, user is notified,
however MFD functions are not affected, so user is still able to print, copy or scan on the MFD.
It is now possible to define quota accounts for the entire Cost center.
Users can let their PayEx account be charged directly for services.
What's new
New YSoft SafeQ Client for Mac v4.5 has been added. This version adds compatibility with the newly
released Mac OS X El Capitan (10.11).
YSoft SafeQ now supports Microsoft Exchange Online services. This can be enabled using the " Mail
server TLS support" configuration property in order to upgrade plain text socket connection to
encryption if offered by the server, usually on port 25 or 587
YSoft Payment System installer is now checking connectivity to YSoft SafeQ User Management
during installation. When updating, it is required update the YSoft SafeQ installation before updating
YSoft Payment System.
YSoft SafeQ Client now shows user's money balance on Price Estimate screen (available for secure
print).
Fixes
YSoft SafeQ 5 17
February 03, 2016
Web dashboard widget for encryption now now supports also encryption of additional characters
such as "%", "&" and "+".
Fixed issue with Embedded Terminal mass reinstallation in combination with devices filter based on
terminal type and status.
Early Access
Page quotas can now be set up in YSoft Payment System administration UI.
Minimal balance, Initial balance and assignment of Periodic recharges can be set during Payment
entitlement creation.
It is possible to have users charged for personal prints only on Konica Minolta Embedded Terminal
(Browser).
When Two-factor authentication is used, users can define their own PIN on YSoft SafeQ web
administration.
What's new
New YSoft SafeQ Client for Windows 2.25 has been added. This versions fixes issue with crashing
client, when multiple jobs are sent quickly in a row.
New log file "cmlweb-audit-log.log" has been introduced that contains all audit log messages. The log
file is located in <SAFEQ_HOME>\logs\ directory. More information can be found in the YSoft SafeQ
log Files article.
Only one Terminal Server instance is part of YSoft SafeQ. The path to Terminal Server directory is
<SafeQ5>\terminalserver\.
Terminal Server can now utilize ETCD technology to store data necessary for synchronization
when failover using WNLB is implemented. More information about the configuration can found in the
article Configuring WNLB Server Failover .
Documentation is no longer in provided in .chm format, instead HTML documentation is attached.
Fixes
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issue with web authentication to A4
devices using PIN.
Fixed issue when occasionally Terminal Ultralight failed to decrypt the secure communication with
SafeQ server which caused print jobs deletion by MFD.
What's new
Support for Swedish localization has been added to YSoft SafeQ Embedded Terminals.
Fixes
Incompatible jobs are no longer switched to "Cancelled" state after "Print all" action and remain in
the accepted state.
YSoft SafeQ 5 18
February 03, 2016
YSoft SafeQ Embedded Terminal for Konica Minolta: It is now possible to set Quick copy an the
initial screen displayed after user authentication (which is defined using the initial-screen
configuration property).
YSoft SafeQ Embedded Terminal for Ricoh: maxPrintAllJobs configuration property works correctly
when "Print all" is triggered.
YSoft SafeQ Embedded Terminal for Ricoh: The jobs are now released correctly according the
jobsAllSortOrder configuration property when "Print all" is triggered.
Early Access Program
Support for page quotas has been improved:

It is possible to define quota specific user as an exception. The user is identified by user
name.
Quotas are supported on YSoft SafeQ Embedded Terminal for FujiXerox with XCP.
What's new
New firmware 3.14.15 for Terminal Professional is available.This firmware introduces larger keyboard
displayed on the billing code selection screen and brings additional improvements in localization.
New YSoft SafeQ Client for Windows version 2.24 has been added. This versions brings updated
Portuguese ( Brazil ) localization.
YSoft SafeQ Embedded Terminal for Toshiba/OKI: Automatic user logout has been implemented.
Fixes
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issue with occasional incorrect
accounting of duplex print and copy jobs.
Device with online accounting is successfully moved to a different ORS group, even when it's turned
off or it's offline for any specific reason.
Improved tracking of Rule Based Engine rules execution in the log files.
Support for page quotas has been improved:

Improved behavior on YSoft SafeQ Embedded Terminal for Sharp (e.g. Print all after
authentication is also validating user quotas).
Quotas configuration can be done via user interface instead of configuration file.
It is possible to define quota also for specific user, not only whole group.
Quota interface now allows see the user names.
2.2.8 CUMULATIVE UPDATE 2 (04/08/2015)
About Cumulative Update
Cumulative Update contains additional stability and quality improvements. Y Soft recommends to
update existing YSoft SafeQ 5 customers to this latest release. Additionally, Cumulative Update
provides many new features under standard licenses.
YSoft SafeQ 5 19
February 03, 2016
What's new
New version of SafeQ demo is available on the Partner Portal. SafeQ Demo is a tool, that allows to
update SafeQ database to specific state, when the YSoft SafeQ looks like it has been used by a real
company for specific time period. The new version brings new graphical user interface that allows
quick and easy configuration of the environment.
New features (moving from Early Access Program to general availability)
YSoft SafeQ allows to delegate the administration of the print environment. Local administrators can
be defined and assigned to one or more ORS servers. This administrators then have the rights to
manage only the devices, jobs and related reports for the given ORS servers. More information can
be found in the following article.
YSoft SafeQ allows to print seamlessly from the iOS (version 4.2 and newer) and MacOS devices
using the AirPrint connector. The connector utilizes the zero-configuration Bonjour protocol. Printing
service presented by printer is registered via this protocol and any iOS or Mac client is able to
discover it and use it. More information can be found in the following article.
Payment System allows to defined virtual credit which can be assigned to users periodically. Users
have the “available balance” which is the sum of users personal and virtual credit. New options were
added to the web administration allowing to recharge credit to an entire role or cost center or to
define periodic recharge initial balance for a cost center (also via LDAP replicator). More information
can be found in the following article.
Payment System does not require manual Java installation anymore. From this update, it will start to
use only Java bundled in Payment System installer.
The YSoft SafeQ Embedded Terminal for Samsung has been added. The terminal is supported on
devices based on the XOA-E platform. and supports the standard embedded terminal feature set
including various authentication methods, print job management, support for scanning via scanning
workflows, billing code selection and credit operations in connection with YSoft Payment System.
More information can be found in the following article.
New YSoft SafeQ Embedded Terminal for Fuji Xerox has been introduced. The terminal brings
additional authentication options (PIN and Card, PIN or Card etc.), support for USB card readers and
also improves the behavior in connection with Payment System. The new terminal requires the
device to support the eXtensible Customizing Platform (XCP). M ore information about the terminal
New features in Early Access Program
Support for page quotas has been added. Quotas allow to limit user's consumption of print and copy
services. Quotas are defined for specific time period (e.g. monthly). Once they are consumed, the
user is prevented from additional operations until the quotas are refreshed. Quotas are available on
all embedded terminals for Konica Minolta, Xerox, Sharp, Ricoh, Samsung.
What's new
YSoft SafeQ 5 20
February 03, 2016
TLS secured connection has been implemented to YSoft SafeQ subsystems (LDAP replicator,
Spooler for Client and IPPSSL Backend), the configuration is set to true by default. To change the
protocol settings, please do so in configuration option with prefix customCipherSuites,
filterExportedCipherSuites, cryptographicProtocol and allowCustomCipherSuites for particular
subsystem.
Fixes
Filtering of accounts by personal balance in the YSoft SafeQ web administration has been fixed.
Personal and virtual balances are separated into two values.
List of billing codes is now displayed in the same order in the YSoft SafeQ Client an in the embedded
terminals.
Scanning workflow parameters entered on the embedded terminal are validated before scan is
started.
Rule Based Engine action "Deny authentication at terminal" is working correctly.
Price defined for locally monitored devices is correctly synchronized to ORS.
YSoft SafeQ Embedded Terminal for Toshiba/OKI: User access rights defined in the Access
Definition are correctly applied.
What's new
YSoft SafeQ Embedded Terminal for OKI/Toshiba: Authentication by PIN is now supported. It is
configured during embedded terminal installation.
The LDAP replicator additionally allows to import and convert PIN number from single-value attribute.
User Roaming for Virtual Desktops: When YSoft SafeQ Client is used on virtual desktop, it is possible
to print using ORS that is physically nearest to the user. This is available as new ServerDeliveryMode
option in YSoft SafeQ Client.
Fixes
YSoft SafeQ Embedded Terminal for Ricoh: The enterprise mode, which allows the terminal to
automatically connect to different SafeQ node in case the first node fails, was improved. The speed
of connection to different node has been improved and it is also possible to select server selection
strategy. More information about configuration is available in the article the following article.
User name is correctly displayed in RTL (Right-to-left) languages on Terminal Professional when
Payment System is used.
Fixed an issue in money withdrawal procedure in recharging stations when using with SafeQ 5
Payment System.
Fixed a few issues with scanning folders and scan-to-folder document delivery.
YSoft SafeQ Embedded Terminal for Konica Minolta: Kiosk mode support has been added allowing
the embedded terminal to be installed in a Kiosk mode.
YSoft SafeQ 5 21
February 03, 2016
YSoft SafeQ now supports AirPrint integration allowing seamless printing from iOS (version 4.2 and
newer) and MacOS devices. Apple’s zero-configuration Bonjour protocol is used. Printing service
presented by printer is registered via this protocol and any iOS or Mac client is able to discover it and
use it.
What's new
YSoft SafeQ Embedded Terminal for Ricoh: Button for PIN confirmation has been added to the
authentication screen.
YSoft SafeQ Embedded Terminal for Ricoh: Embedded terminal installation speed has been
improved.
Fixes
Mobile Print Server: Notifications are merged in case multiple attachments are send as part of one
email.
LDAP replicator no longer fails during replication in case straight double quotes (") are used in the
directory structure.
Jobs waiting in the shared queue are correctly released using in case the Print All option is
enabled on the authentication screen.
YSoft SafeQ Embedded Terminal for OKI: Duplex scanning from feeder is working correctly.
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issue when Terminal Server rejected
card authentication in case the card information contained non hexadecimal character (0-9a-fA-F).
YSoft SafeQ is now able to correctly display the list of money accounts, in case the YSoft Payment
System connects to an external purse (credit handled outside of YSoft Payment System).
YSoft SafeQ Embedded Terminal for Fuji Xerox with XCP:

Fixed issue preventing the users to navigate through the billing code list displayed after
authentication.
What's new
YSoft SafeQ client 2.22 has been released. The new version contains the following changes:
Fixed issue preventing the YSoft SafeQ Client from being installed on Microsoft Windows XP.
Fixed issue allowing to switch off encryption during a man-in-the-middle attack.
YSoft SafeQ Embedded Terminal for Ricoh:
The print logic has been reworked.
Support for USB card readers has been improved on most devices. This should solve issues
when entering sleep mode, plug and play issues after multiple pull-outs and some issues
when the card was only partially read. Log files were also modified and should be more clear
and readable.
YSoft SafeQ 5 22
February 03, 2016
YSoft SafeQ Embedded Terminal for Sharp:

Authentication speed has been improved.
Support for failover using WNLB had been added. For more information about the
configuration see the article configuring WNLB server failover.
YSoft SafeQ Embedded Terminal for Xerox:
It is now possible to scan to Searchable PDF in case the device supports it (EIP 2.5 or higher
is required).
The position of the YSoft SafeQ icon is preserved after the embedded terminal reinstallation.
The print queue and printer status are no longer locked during the embedded terminal
installation.
YSoft Payment System allows to set up mailing directly in the Payment System Administration. After
upgrade, it is necessary to set up mailing as described in the article configuring credit-based
notifications.
The Terminal Config tool has been removed from the installation package. To configure hardware
terminals, please use the command-line Remote configuration tool for hardware terminals (termtool)
instead. More information can be found in Remote configuration tool for hardware terminals.
There is a new option in Mobile Print to allow excluding certain types of automatically generated
email attachments when email print job submission is used.
Fixes
Fixed issue with incorrect rounding when calculating price for duplex jobs.
YSoft SafeQ Embedded Terminal for Ricoh:
Multiple jobs printed at once are now printed in the correct order.
Fixed issue causing user access to be reported twice.

Improved accounting of non standard media types and jobs of mixed sizes.
Fixed an issue that caused the "Recharge credit" button to appear after user self-registration even
when no payment gateway was set up in YSoft Payment System.
What's new
YSoft SafeQ Embedded Terminal for Xerox: The configuration of accounting is now automated
during the embedded terminal installation process.
Fixes
When updating CML, it is necessary to manually update the server.xml file to get rid of the SSL
FREAK vulnerability (CVE-2015-0204): For https connector, update protocol and add
SSLCipherSuite as described in the article Configuring SSL for Web interface.
YSoft Mobile Print Server: Fixed issue with converting images in the main html body.
YSoft SafeQ: Fixed issue with replication of terminal accesses by unassigned card from ORS server
to CML server
YSoft SafeQ 5 23
February 03, 2016
YSoft SafeQ: Fixed issue with migration of Pricelists when upgrading from YSoft SafeQ 4 to YSoft
SafeQ 5 on MSSQL database.
YSoft SafeQ Embedded Terminal for Xerox: Fixed issue with correct color mode output of "auto"
color mode in scanning workflow.
What's new
YSoft SafeQ Embedded Terminal for Konica Minolta: It is possible to access the KM device using
web access again.
YSoft SafeQ Embedded Terminal for Sharp: The authentication process was reworked which brings
improvement in the authentication speed.
YSoft Payment System now contains timeout that logs out users after period of inactivity.
YSoft Payment System now shows customer balance and debt in YSoft Wallet and Payment
Gateway deposits.
YSoft Payment System allows to export administrative reports to CSV file.
Fixes
YSoft SafeQ Embedded Terminal for Ricoh: Fixed issue preventing users with disabled money
accounts from using devices without payments.
YSoft SafeQ Embedded Terminal for Toshiba: Fixed issue preventing users to scan more pages on
glass in one scanning session.
YSoft Payment System: Fixed issue that balance notifications reacted to personal balance only and
ignored possible virtual balances of user.
YSoft SafeQ installer: Fixed issue that prevented to use custom installation path when upgrading
from YSoft SafeQ 4.
YSoft SafeQ: Fixed issue with duplication of cost centers when using LDAP replicator full replication
and specific conditions are met.
YSoft SafeQ: Fixed issue with Single Sign-on functionality preventing internal users from logging in
after manual log out.
What's new
YSoft SafeQ Payment System: It is now possible to export generated vouchers into a word template
that allows to print all generated vouchers at once. More information can be found in the following
article.
YSoft SafeQ Embedded Terminal for Xerox: The embedded terminal installation process has been
improved. During the installation the SSL is now automatically set, security certificate is created (if
missing) and the device features can be locked depending on the selected Authentication mode (To
each application/To device).
Support for Turkish language has been added to the YSoft SafeQ installers.
Fixes
YSoft SafeQ Embedded Terminal for OKI: Fixed issues with accounting.
YSoft SafeQ 5 24
February 03, 2016
YSoft SafeQ Embedded Terminal for Ricoh: Fixed issue preventing the users from scanning when
the price for scanning is set to 0.
YSoft SafeQ Embedded Terminal for Ricoh: Fixed issue preventing the users from accessing copy
menu in case the the price for B/W copies is set to 0.
YSoft SafeQ Embedded Terminal for Ricoh: Issue with incorrect page rotation of pages scanned from
the glass has been fixed. Limitations are mentioned in the article embedded terminals
YSoft SafeQ Embedded Terminal for Toshiba: Successful access to the embedded terminal are
correctly recorded in the Terminal Access list.
YSoft Payment System: The speed of mass periodic recharge unassignment has been improved.
YSoft Payment System: Notifications are now sent even though the authentication on the SMTP
server is disabled.

Improved language resources and localization.
Improved authentication speed in combination with Payment System.
What's new
An informative message about restricted permissions is displayed in case a user with access
restrictions for printing navigates to the Print tab on the browser based YSoft SafeQ Embedded
Terminals.
Fixes
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issue that prevented the job list to be
correctly displayed in case hundreds of print jobs are waiting in the print queue.
YSoft SafeQ Embedded Terminal for Ricoh: Fixed issue when the card swipe was ignored in other
application than YSoft SafeQ.
YSoft SafeQ Embedded Terminal for Toshiba: Details about authentication process were added to
the log files.
YSoft SafeQ Embedded Terminal for Xerox: Fixed issue that prevented the embedded terminal to be
installed in case the devices address was specified as fully qualified domain name.
New YSoft SafeQ Embedded Terminal for Fuji Xerox has been introduced. The new terminal allows
to use additional authentication options (PIN and Card, PIN or Card etc.), supports USB card readers
and improves the behavior in connection with Payment System. The new terminal requires support of
eXtensible Customizing Platform. M ore information about the terminal can be found in the following
article.
YSoft SafeQ Embedded Terminal for Samsung: Fixed issue when log out by a card swipe
occasionally lead to unexpected behavior.
YSoft SafeQ 5 25
February 03, 2016
What's new
In YSoft Payment System, following changes and features were introduced:

Major performance improvements.
New stable API v2 for connection with other systems and business processes was introduced.
It is possible to add virtual credit to single user as a free entitlement to print.
It is possible to have multiple merchants (not only YSoft SafeQ) connected to use the YSoft
Payment System.
In YSoft SafeQ, the following related features were introduced:
It is possible to create money account based on cost center settings in the LDAP replicator.
It is possible to set up periodic recharge for cost center.
It is possible to perform an ad-hoc virtual credit recharge for the whole cost center or role.
YSoft SafeQ Embedded Terminal for OKI/Toshiba: The installation procedure has been improved
and the amount of necessary manually steps before the installation has been significantly reduced.
Detailed information can be found in the configuration guide for Toshiba or OKI.
YSoft SafeQ Embedded Terminal for Ricoh: RXOP libraries has been updated to version 3.5.
Fixes
YSoft SafeQ Embedded Terminal for Konica Minolta: An error message is correctly displayed when
user with insufficient credit prints a print job using the Print All functionality.
YSoft SafeQ Embedded Terminal for Ricoh: The fields "Administrator username" and "Administrator
password" on the Printer setting / Terminal tab were fixed. This fields allow to enter credentials used
for the installation of the embedded terminal.
YSoft SafeQ Embedded Terminal for Xerox: The "Print-all-button-default-value" configuration option
sets whether the waiting print jobs will be released after authentication or not (regardless on the
value of "Print-all-button" configuration option).
YSoft SafeQ Embedded Terminal for Xerox: The message informing about insufficient funds at copy
session is correctly translated.
YSoft SafeQ Embedded Terminal for Samsung:

The behavior of the terminal in connection with Payment System was significantly improved.
Fixed card assignment issues.
Fixes
Terminal Professional correctly displays preview of a job from ORS.

Mobil Print Server web interface no longer generates different MD5 hash of the password for the
newly registered users than the SafeQ web. This caused the users to be unable to log in.
Devices created from a template via CSV replicator now have a correct price lists define (from the
template).
YSoft SafeQ 5 26
February 03, 2016
Fixed issue that on specific conditions prevented the Terminal tab to be displayed when editing a
device, even thought the license was sufficient.
Fixed issue causing the licenses for devices with Reporting were not displayed correctly on the web
interface for some license module combinations.
YSoft SafeQ Embedded Terminal for Xerox: Fixed prevented the Embedded Terminal from being
correctly installed in case Accounting was not selected for the installation.
YSoft SafeQ Embedded Terminal for OKI: Scanning from feeder has been fixed.
The YSoft SafeQ Embedded Terminal for Samsung devices has been introduced. Terminal supports
devices based on the XOA-E platform and offers all standard YSoft SafeQ features such as user
authentication, print roaming, print job management and scanning workflows. The Payment System
is operations such as charging for prints/scans/copies are supported as well. More details can be
found on the page Embedded Terminals.
What's new
The YSoft Payment System allows to define Terms & Conditions displayed to the end users by the
Payment Gateway during the recharging flow. This allows our customers to match Payment Gateway
compliance requirements that usually require user to sign Terms & Conditions before payment is
processed.
SafeQ Client v 2.20 has been released. The new version adds the option to disable the price
estimation popup window. Information about the configuration can be found here.
Newest OpenSSL libraries containing fix for the so called Poodlebleed vulnerability has been
implemented.
Fixes
The characters supported in Billing Codes created via web administration are also supported in
Billing Codes imported via CSV import.
Results of Embedded Terminal mass re-installation are displayed correctly in the YSoft SafeQ web
interface.
Fixed issue that prevented the embedded terminal to be reinstalled from an ORS that was previously
restarted.
Fixed issue with device re-installation after the IP address of the device has been changed.
Fixed issue that allowed to release a print job to the printer and print it even though the Rule Based
Engine rule is defined to reject the job.
YSoft SafeQ Embedded Terminal for OKI/Toshiba: Scanning from the native application works even
thought the Scan Management module is not in licensed.
YSoft SafeQ Embedded Terminal for Sharp: User access rights for Print, Copy and Color operations
are correctly applied.
2.2.20 CUMULATIVE UPDATE 1 (20/11/2014)
About Cumulative update
YSoft SafeQ 5 27
February 03, 2016
Cumulative Update contains additional stability and quality improvements. Y Soft recommends to
update existing YSoft SafeQ 5 customers to this latest release. Additionally, Cumulative Update
provides many new features under standard licenses.
Please note that Service Release has been renamed to Maintenance Update to avoid existing
confusion among our partners and customers about its purpose and contents.
What's new
New installer has been introduced. The installer allows deployment of YSoft SafeQ CML Server,
YSoft Payment System and YSoft Mobile Print Server together using one file and also eliminates
the necessary additional steps to interconnect the installed components. This allows fast and easy
deployment of YSoft SafeQ. More information about the installer can be found in the following article.
The YSoft SafeQ Embedded Terminal for Ricoh fully certified by Ricoh Developer Program is part of
the installation package.
New features (moving from Early Access Program to general availability)
Guest user registration allows the visitors to create their own accounts directly on the Mobile Print
Server web interface. Users can create a permanent or a temporary account (which will be deleted
after specified time period). Once the user creates the account, the user can submit the jobs to print
via email or Mobile Print web interface and print them on any printer in the YSoft SafeQ environment.
More information about the visitor registration can be found in the following article.
The Payment System allows the administrators to define and redeem vouchers. A voucher is an
alphanumeric code that represents specific amount of money. These vouchers can be sold
offline and redeemed via Cash Desk or student self-service page. When redeemed, the specified
amount of money is added to money account and the voucher cannot be used anymore. More
information can be found in the following article.
Scanning support has been added to the YSoft SafeQ Embedded Terminal for Toshiba. The users
are allowed to scan the documents using the predefined scanning workflows (scan to folder, scan to
mail, scan to script) and modify the scanning workflow parameters or scanning options such as
Format, Quality, Color and Sides setting directly on the embedded terminal. The required
configuration can be found in the following article.
Option to define notifications via popup message in SafeQ client has been added to the Rule Based
Engine. The notification can be displayed in the SafeQ client right after a rule is triggered which helps
to further improve the user experience of the end users. More information about the setup and usage
Support the double byte characters in job names has been introduced. This feature allows the
specific embedded terminals to display the job names in national characters not supported by the
MFP (for example Hebrew or Arabic). More information and limitations can be found in the following
article.
The YSoft SafeQ Embedded Terminal for Develop and Olivetti has been added. As the Develop
/Olivetti are re-branded Konica Minolta devices, the embedded terminal supports the standard Konica
Minolta feature set including two versions of the embedded terminal (browser based and native),
various authentication methods, print job management, support for scanning via scanning workflows,
billing code selection and credit operations in connection with YSoft Payment System. More
YSoft SafeQ 5 28
February 03, 2016
The YSoft SafeQ Embedded Terminal for OKI has been added. The embedded terminal supports
authentication, print job management, scanning via scanning workflows and support for billing codes.
More information about can be found in the following article.
2.2.21 SERVICE RELEASE 9 (16/10/2014)
What's new
SafeQ Client for Mac v 4.2 has been released. This version adds support for Arabic, Hebrew and
Swedish language and also supports for the latest Mac OS 10.10 Yosemite.
The MPS server is now able to run even if the SMTP server is not defined in the SafeQ configuration.
It is possible to access the SafeQ web interface without re-entering login details using Central
Authentication Service (CAS).
Fixes
Incompatible jobs are no longer displayed when the "showIncompatibleJobs" configuration property
is disabled.
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issues related with printing from USB,
prints from USB drive are correctly accounted and charged.
YSoft Payment System: Pending deposits are correctly displayed for the selected payment gateway.
Fixed issue with Scan-to-script scanning workflows where most of external script command
parameter is cut off
Support for local admins has been added. The local admins are only able to see jobs for their service
organization and manage devices in service organization.
Warning
This Service Release requires re-installation of the YSoft SafeQ Embedded Terminals for Konica
Minolta. In case the terminals are not re-installed, the users might not be able to authenticate.
2.2.22 SERVICE RELEASE 8 (25/09/2014)
What's new
When user selects job(s) to be printed on the Embedded Terminal, the price for the job(s) is
estimated and the print request is sent to SafeQ server only if the user has sufficient balance.
Otherwise the print is rejected and the user is informed. This applies to YSoft SafeQ Embedded
Terminal for FujiXerox, Konica Minolta, Sharp and Xerox.
Note: This feature requires Print job parser to be enabled, so that the number of pages in the
document can be correctly parsed.
YSoft Payment System: When the “Initial account balance“ configuration option is defined and a new
Payment System account is created and charged by this amount, the information about the
transaction is saved in transaction history.
Fixes
YSoft SafeQ 5 29
February 03, 2016
Print job preview on the Embedded Terminal is correctly working also for roaming print jobs.
In case the Billing Codes are disabled, the Billing Code defined for the user is no longer displayed on
the Embedded Terminal.
The Job list folders configuration is correctly propagated to the Embedded Terminals during
installation.
Print job is correctly removed from the Waiting folder once it has been printed on the Embedded
Terminal.
Searching for Billing Codes on YSoft SafeQ Client connected to ORS has been fixed.
YSoft Payment System: Fixed issue when some of the periodic recharges were only visible in the
YSoft SafeQ web interface.
YSoft SafeQ Embedded Terminal for Fuji Xerox: The user's credit balance displayed on the
Embedded Terminal is no longer reduced by the reservation. User is able to see his exact current
credit balance.
YSoft SafeQ Embedded Terminal for Xerox: Fixed defect that prevented the Embedded Terminal to
be properly installed in case a host name was defined in the "networkAddress" parameter in the
Terminal Server configuration file.
The YSoft SafeQ Embedded Terminal for Olivetti devices has been introduced. The embedded
terminal supports all standard features and functions such as user authentication, print job
management and support for scanning workflows and Payment System.
2.2.23 SERVICE RELEASE 7 (04/09/2014)
What's new
SafeQ Client for Mac 4.1 has been released allowing the DHCP user roaming. The SafeQ Client for
Mac is able to obtain the YSoft SafeQ CML or ORS server IP address(es) automatically from a
particular DHCP option.
The Payment System web interface allows to define the layout template used for credit based
notification emails and reports. A WYSIWYG editor can be used for the template definition allowing to
easily define the formatting with the option to simply insert tables or images.
New firmware for banknote acceptors in YSoft Recharging Station v2 is available. This firmware
contains updated information about CAD, EUR, GBP, ILS, PLN, RON, USD currencies. Please
contact our Customer Support Service for further assistance with the update of the firmware.
New configuration option “Enable faster print on Ricoh devices” was introduced on the YSoft SafeQ
embedded Terminal for Ricoh. Enabling this option allows faster processing of print jobs on Ricoh
devices in case multiple documents are printed at once.
Note: This method may eventually cause incorrect accounting of print jobs in case of hardware
issues (like paper jam) therefore it is recommended to keep it disabled when YSoft SafeQ is
used in combination with Payment System
Fixes
Print jobs in the job list folders are sorted correctly according the " jobsSortOrder" configuration
property.
Print all button releases print jobs in correct order.
YSoft SafeQ 5 30
February 03, 2016
Fixed several issues with favorite jobs on a device connected to an ORS in Near/Far Roaming group.
The job cans be correctly marked as favorite and it is possible to correctly print/delete it.
The repeat option "At the end of the month" for periodic recharge is available also on the YSoft
SafeQ web interface.
YSoft SafeQ Embedded Terminal for Fuji Xerox: Fixed defect that prevented the user to log into the
terminal in case one of the services was free of charge.
YSoft SafeQ Embedded Terminal for Konica Minolta: Users are allowed to search for email address
when using Scan-to-email scanning workflow also on a device connected to an ORS.
YSoft SafeQ Embedded Terminal for Konica Minolta: Printing a direct print job with insufficient credit
no longer causes the device to be blocked for all following print jobs. Such job is correctly rejected by
machine and job state is set to Canceled.
Note: Print job parser needs to be enabled for this functionality.
YSoft SafeQ Embedded Terminal for Ricoh: Fixed defect with wrong encoding of national characters
that were displayed incorrectly.
YSoft SafeQ Embedded Terminal for Xerox: Fixed issues with embedded terminal installation of
Accounting on Xerox TE cannot be installed with accounting on WorkCentre 7242 and
WorkCentre 74xx.
New authentication method for native YSoft SafeQ Embedded Terminal for Konica Minolta has been
added. This authentication method allows to use “Card and PIN” authentication in combination with
“Username and password”. This feature allows the users who lose their card to be able to
authenticate using their credentials. More information can be found in the following article.
Support for advanced scanning options has been added to the native YSoft SafeQ Embedded
Terminal for Konica Minolta. The advanced scanning options include support for defining
parameters Simplex/Duplex, Scan Size, Separate Scan, Page Setting and Original Type. More
Note: Special firmware is required on the devices.
2.2.24 SERVICE RELEASE 6 (14/08/2014)
What's new
Credit based notifications were added to the YSoft Payment System allowing the administrators to
define automatic e-mail notifications and reports. Notification can be sent or regular basis or in case
specific conditions are met.
YSoft SafeQ Embedded Terminal for Ricoh: Support for print job preview has been added. Please
not that the Print job preview function is not available on the devices with uWVGA displays.
Fixes
YSoft SafeQ Embedded Terminal for Fuji Xerox: Fixed issue with unsuccessful registration of the
YSoft SafeQ application on older devices caused by long reboot duration.
YSoft SafeQ Embedded Terminal for Ricoh: Language is switched correctly even when the user is
logged in the YSoft SafeQ application.
YSoft SafeQ Embedded Terminal for Sharp: Fixed several layout issues on the Authentication screen
and Job list screen on the devices with small display.
YSoft SafeQ 5 31
February 03, 2016
YSoft SafeQ Embedded Terminal for Sharp: Accounting of operations performed by a user without
Payment System account works correctly.
Print job preview on the Embedded Terminals is properly displayed for a jobs that were marked as
favorite.
New functionality has been added to the Payment System which allows the administrators to define
and redeem vouchers (alphanumeric codes that represent certain amount of money). These
vouchers can be sold offline and redeemed via Cash Desk or student self-service page. When
redeemed, specified amount of money is added to money account and the voucher cannot be used
anymore.
The YSoft SafeQ Embedded Terminal for Develop devices has been introduced. As the Develop
MFPs are rebranded Konica Minolta MFPs, the embedded terminal supports all standard features
and functions such as user authentication, print job management and support for scanning workflows
and Payment System.
2.2.25 SERVICE RELEASE 5 (24/07/2014)
What's new
SafeQ Payment Machine supports Croatian Kuna, South African Rand and Bahrain Dinar. For
detailed information about supported currencies see the list of supported currencies.
Fixes
Fixed defect that prevented unknown cards swiped on the YSoft SafeQ Embedded Terminal for
Konica Minolta from being displayed in the Terminal Access screen.
Users without money account are able to release a direct print jobs on the YSoft SafeQ Embedded
Terminal for Ricoh and browser-based YSoft SafeQ Embedded Terminal for Konica Minolta.
It is now possible to delete jobs from favorite folder on the YSoft SafeQ Embedded Terminal for
Ricoh.
The "Color" restrictions are correctly applied on the YSoft SafeQ Embedded Terminal for Ricoh.
The exit button on the YSoft SafeQ Embedded Terminal for Sharp works correctly also on the
devices equipped with only AMX3 module.
User printing a direct print job on the YSoft SafeQ Embedded Terminal for Sharp is no longer logged
into the SafeQ application in case he/she runs out of credit during the print.
Convenience Authentication is automatically configured in case the YSoft SafeQ Embedded Terminal
for Xerox is installed on the Xerox device built on the ConnectKey firmware.
The estimated price in SafeQ Client is now displayed correctly according to the price list hierarchy.
For more information about the price lists see the following article.
Billing code menu is also displayed when the embedded terminal is installed only with the Print
application (this applies for all browser-based terminals).
Embedded IIS web server is correctly configured during ORS installation.
Fixed defect that prevented SafeQ CML installed without Terminal Server to be able to update to a
newer Service Release.
YSoft SafeQ 5 32
February 03, 2016
Support for double byte characters in the job names has been introduced. This features allows the
embedded terminals to show the job names in national characters which are not supported by the
MFP (for example Hebrew or Arabic). More information can be found in the following article.
2.2.26 SERVICE RELEASE 4 (03/07/2014)
What's new
The credit handling on YSoft SafeQ Embedded Terminal for Sharp has been improved. The terminal
is able to interrupt print/copy operation in case the user's minimal balance is reached. More
The YSoft Payment System allows to define the initial balance when creating new money account.
Also it is possible to define the maximum balance for periodic recharge, above which the periodic
recharge will not add any new credit.
Few improvements in the web administration have been done:
Favorite jobs are now distinguished in the job list.
It is possible to filter the jobs with unidentified job owner.
It is possible to sort the list of automatic e-mail/file reports.
Fixes
Copy and scan jobs are correctly accounted to the selected billing code on YSoft SafeQ Embedded
Terminal for Sharp.
Fixed defect that caused the card registration screen to be displayed even if the configuration
property assign-new-card-enabled was set to disabled.
Fixed defect that prevented users with disabled rights for color to print in black and white on the
browser based YSoft SafeQ Embedded Terminal for Konica Minolta.
Fixed defect that caused an exception to be thrown on the YSoft SafeQ Embedded Terminal for
Ricoh in case the pagination arrows were used before page was refreshed after print.
Automatic log out is working on the YSoft SafeQ Embedded Terminal for FujiXerox.
Fixed defect that prevented to assign card to a user using HID card with HID USB card reader.
Double quotations (") are handled correctly in the Scan-to-script scanning workflows parameters.
Previously the script was not executed if the script parameter contained double quotations.
The jobs from a shared queue are visible also on an ORS in far roaming group where the owner of
the shared queue was never logged before.
Mobile print for visitors: Fixed defect that prevented visitors to self-register via Internet Explorer.
Warning
Because of the change in classes used for logging, update of the CRS server to SR4 or higher will
overwrite the log4j.xml file.
2.2.27 SERVICE RELEASE 3 (12/06/2014)
What's new
YSoft SafeQ 5 33
February 03, 2016
Language selection has been added to the Mobile Print Server web interface allowing the users to
change the default language.
The number of document formats accepted by the Mobile Print Server has been more than doubled.
See the documentation for the complete list of 44 supported file formats.
Support for new currencies has beend adde to the SafeQ Payment Machine. Detailed information
can be found in the list of supported currencies.
The YSoft SafeQ Embedded Terminal for Toshiba allows the selection of billing codes. Different
billing codes can be selected for different copy and scan jobs in one session.
New watermark variables (such as job name, file name etc.) are available in the Rule Based Engine.
Complete list can be found in this article.
Single sign-on functionality has been implemented to the YSoft Payment System allowing the users
to log in seamlessly without having to type the password.
Possibility to search through all transactions with advanced filtering options has been added to YSoft
Payment System.
Cancelling of open reservations is possible directly in the Payment System web interface. The open
reservations can be also automatically closed after defined time period in order to allow customers to
use their credit again.
YSoft SafeQ CML server and YSoft SafeQ Payment System supports Microsoft SQL Server 2014.
More information can be found in the article software requirements.
Fixes
It is possible to install the YSoft SafeQ Embedded Terminal for Ricoh also on devices Ricoh MP
C2003SP and Ricoh MP C2553.
JobLimits are now only utilized when the Payment System is used on YSoftSafeQ Embedded
Terminal for Xerox.
Messages on the authentication screen on the YSoftSafeQ Embedded Terminal for Xerox are
correctly localized.
Fixed issue that prevented the copy and scan jobs to be accounted to the selected billing code on
YSoftSafeQ Embedded Terminal for Sharp.
Fixed defect that prevented the PIN numbers to be overwritten in case the PIN-overwrite is enabled
and users are imported from LDAP
Jobs sent to the VIP shared queue are now visible also to the other members of the VIP shared
queue.
Favorite job operations on the embedded terminals are now correctly reflected.
Mobile print for visitors has been introduced. This feature allows the visitors to self-register directly on
the Mobile Print Server web interface. User can choose to create a permanent or a temporary
account that will be deleted after a set time. Once the account is created, the user can send jobs to
Mobile Print via email or web and print them on any printer in the YSoft SafeQ environment using just
their account username and password.
The YSoft SafeQ Embedded Terminal for OKI allows the selection of billing codes. Different billing
codes can be selected for different copy and scan jobs in one session.
YSoft SafeQ 5 34
February 03, 2016
The YSoft SafeQ Embedded Terminal for Toshiba and OKI now supports the Scan Management
features. Users are able to scan documents using the predefined scanning workflows (scan to folder,
scan to mail, scan to script) and modify the scanning workflow parameters or scanning options such
as Format, Quality, Color and Sides setting directly on the embedded terminal.
The Rule Based Engine now supports new notification option – popup in SafeQ client. More
information can be found in following article.
2.2.28 SERVICE RELEASE 2 (30/04/2014)
What's new
The YSoft SafeQ Embedded Terminal for OKI is available.

Supported devices must be based on Toshiba OpenPlatform (Toshiba devices rebranded for
OKI).
Embedded terminal for OKI devices can be installed remotely using YSoft SafeQ web
administration.
The embedded terminal allows users to authenticate at the device, release print jobs, access
the native copy application. Both copy and print job accounting is supported.
YSoft SafeQ embedded terminal for Ricoh is now able to display session summary (list of print, copy
jobs with prices) upon user logout. More information can be found in the following article.
Mobile Print Server supports additional file formats - . epub , . xlsm , . xlsb , . xltx , . xltm , . pps , .
ppsx , .pot, . potx , . fo , . pcl , . svg , . xps , . emf , . ico , . wmf , . dxf. The complete list of supported
file formats can be found here.
For better mobile printing results, LibreOffice and OpenOffice fonts are now distributed together with
the Mobile Print Server.
Support for semi-automated upgrade from SafeQ 4 installations with external PostgreSQL/Microsoft
SQL server has been added. More information about the upgrade procedure can be found here
(PostgreSQL) or here (MicrosoftSQL).
Added help to configuration options in payment system administration.
It is possible to install the embedded terminal with accounting on Xerox devices with EIP 1.5 without
JobLimits.
Fixes
YSoft SafeQ components contain the newest version of the OpenSSL library with the Heartbleed
vulnerability fixed.
YSoft SafeQ now provides two-factor authentication method (similar to Card and PIN authentication
method), where the user always has only one specific Card and PIN combination (each card has
always one PIN). More information can be found in the following article, the feature is available for
Konica Minolta and Terminal Professional only.
YSoft SafeQ 5 35
February 03, 2016
In university environment, where students migrate between different study programs (study program
is a cost center in domain controller), it is possible to add initial free credit for each cost center once
the user joins the program (is included in the cost center). This way, user is entitled to receive free
credit (e.g. based on legal requirements in some countries).
Students may migrate between different study programs (cost centers). Therefore this custom
feature additionally handles situation when given credit is removed and replaced with another
one (each study program/cost center may have different initial free credit).
Students also may receive in some study programs (cost centers) regular free credit from the
university. Each study program (cost center) can be then configured to include its users into
regular account recharge.
More details are available upon request.
Please consult use of this early access feature with Y Soft as it might not be suitable for every
environment.
2.2.29 SERVICE RELEASE 1 (10/04/2014)
What's new
SafeQ 5 SR1 includes the embedded terminal for Toshiba devices.

Supported devices are based on Toshiba OpenPlatform.
Embedded terminal for Toshiba devices can be installed remotely using YSoft SafeQ web
administration.
The embedded terminal allows users to authenticate at the device, release print jobs, access
the native copy application. Both copy and print job accounting is supported.
Billing code can be added to the scan to script scanning workflows via the %billingCode% property.
More information can be found in the Scanning workflow definition article.
Upgrade from SafeQ 4 to SafeQ 5 is now supported for embedded Microsoft SQL Server database.
More information can be found in the Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 (MS-SQL
Embedded database) article.
YSoft SafeQ can now be configured to automatically create money accounts for users from particular
LDAP server, during LDAP replication process.
Ricoh embedded terminal improvements:
Added support for direct printing, jobs printed via direct queue are correctly printed,
accounted and charged (if Payment System is used).
Minor changes to the terminal graphics have been included (new icons on the
authentication screen).
Credit balance of logged in user is displayed with the corresponding currency.
Number of steps performed in the installation is displayed correctly.
Embedded terminal has been localized to the following languages: Czech, German,
Spanish, French, Hungarian, Japanese, Polish, Portuguese, Portuguese Brazil,
Russian, Slovak, Chinese.
Fixes
Fixed installation issues on multiple Xerox devices (such as Xerox WC7845 and Xerox WC3315).
The installation fails with proper error message in case XSA is disabled on Xerox machines
YSoft SafeQ 5 36
February 03, 2016
Fixed defect that caused the installation to take 30 minutes on Windows Server 2012 due to the
installation of the web role features.
License activation can be performed only on the first node of the cluster.
Fixed error on Sharp embedded terminal that caused Unexpected error to be thrown. This error
occured in case the user swiped an unregistered card or entered incorrect Card Activation Code
or login and password during card activation.
<SAFEQ_HOME>\logs\cmlweb-audit-log. Main Web interface audit log. Contains all audit log
log messages.
2.3 PRODUCT LIFECYCLE INFORMATION
This bulletin serves as official notice about sales and support of Y Soft products.
Unsupported - Product is no longer supported. Y Soft recommends to upgrade to newer version of

YSoft SafeQ.
Maintained - Product is supported in terms of Incident management and fixing critical defects only.
No custom modifications, new features or support of new devices are provided.
Supported - Officially supported and maintained product. Includes regular service releases,
customizations, new device support and new feature updates.
2.3.1 YSOFT SAFEQ SERVER
Component Current Version Status End of Comment

life
YSoft SafeQ 2 2.1 unsupported 31-Dec- Deployment of latest version is

2007 recommended.
YSoft SafeQ 3 3.0 unsupported 31-Jul- Deployment of latest version is

2008 recommended.
YSoft SafeQ 3.1 3.1.5-p17 unsupported 31-Jul- Deployment of latest version is

2012 recommended.
YSoft SafeQ 3.2 3.2.44f (selected unsupported 31-Dec- Deployment of latest version is
projects only) 2010 recommended.
YSoft SafeQ 3.3 3.3.5 (selected unsupported 31-Dec- Deployment of latest version is
YSoft SafeQ 3.5 3.5.2 unsupported 31-Jul- Deployment of latest version is

Instant Edition 2014 recommended.
YSoft SafeQ 5 37
February 03, 2016
Component Current Version Status End of Comment

life
YSoft SafeQ 3.6 3.6.2 maintained 17-Mar-

2016
YSoft SafeQ 3.7 3.7.4 (selected unsupported 31-Dec- Deployment of latest version is
YSoft SafeQ 4 4.0 maintained 31-Dec-

2016
YSoft SafeQ 5 5.0 supported Not

specified
2.3.2 ADDITIONAL SAFEQ COMPONENTS
Component Version Status End-of- YSoft YSoft YSoft Comment

life SafeQ SafeQ SafeQ
3.x 4.x 5.x
SafeQ Central 3.1 unsupported 31-Jul- 3.1.5- Replaced with

Reporting System 2012 p17 Central Reporting
Professional Services
SafeQ FAX Server 2.0 unsupported 31-Jul-

2008
SafeQ Recharging n/a unsupported 31-Jul- 3.1+

Station v1 2012
SafeQ Recharging n/a maintained 31-Dec- 3.6+ * *Requires

Station v2 2015 firmware 3.14.0 or
newer.
SafeQ Payment n/a supported later than 3.5+ * *Requires

Machine 31-Dec- firmware 3.14.0 or
2016 newer.
SafeQ Recharging n/a unsupported 31-Jul- 3.5+

Point - Serial port 2012
SafeQ Recharging n/a maintained later than 3.5+

Point - USB 31-Dec-
2016
SafeQ Workstation 1.x maintained 31-Jul- 3.5+ Replaced by

Client for Windows 2014 SafeQ Client for
Windows.
YSoft SafeQ 5 38
February 03, 2016

3.x 4.x 5.x
SafeQ Server 2.x maintained not 3.6+ (v2. V1.x is supported

Client for Windows scheduled (v1.x x) only with YSoft
only) SafeQ 3.6+. V2.x
is supported from
YSoft SafeQ 4.
SafeQ Client for 2.x supported not

Windows scheduled
SafeQ Client for 2.x maintained not Supported OS:

Mac OS X scheduled 10.6.3. up to 10.9.
Requires Apple
Java 1.6.
SafeQ Client for 4.x supported not Supported OS:

Mac OS X scheduled 10.8. up to 10.10.
SafeQ Client for 1.0 supported not 3.x * * Request script

Linux (CUPS) scheduled from Y Soft
representative.
SafeQ Local 3.15 supported not 3.x

Monitor for scheduled
Windows
SafeQ Branch n/a unsupported 31-Jul- 3.6.2 Replaced by ORS

Microserver 2014 architecture.
Fingerprint n/a unsupported 31-Jul-

Manager for SafeQ 2008
Terminal Lite v1 1.0 unsupported 31-Jul-

2008
Terminal Lite v2 2.0 unsupported 31-Jul-

2008
Terminal Ultralight 1.0 supported later than 3.x

31-Dec-
2016
Terminal 2.0 unsupported 31-Jul- 3.x

Professional v2 2012
YSoft SafeQ 5 39
February 03, 2016

3.x 4.x 5.x
Terminal 3.0 maintained later than 3.x * * *Requires

Professional v3 17-Mar- firmware 3.11.1 or
(Monochrome 2016 newer.
Display)
Terminal 3.5 supported later than 3.x * * *Requires

Professional v3 31-Dec- firmware 3.11.1 or
(Color Display) 2016 newer.
SafeQube n/a supported not

scheduled
FX Terminal 3.21 supported not

Embedded scheduled
(ApeOS)
KM Terminal 3.21 supported not 3.6.2

Embedded scheduled
(OpenAPI)
Ricoh Terminal 1.3 maintained not 3.6.2 * Requires

Embedded (ESA, scheduled Embedded
SDK/J1 / SDK/J2) Terminal v1.3 (not
included with
YSoft SafeQ 4).
YSoft SafeQ 4
does not support:
Billing Codes,
Workflow
Scanning, Vendor
Provided
Accounting.
YSoft SafeQ 5 40
February 03, 2016

3.x 4.x 5.x
Ricoh Terminal 1.5 supported not 3.6.2 YSoft SafeQ 5

Embedded (ESA, 1.7 scheduled includes new
SDK/J4 / SDK/J7) A.x version (A.x) of
embedded
terminal.
Embedded
Terminal v 1.7 is
only compatible
with SafeQ 3.7.
Embedded
Terminal v 1.5 is
only compatible
with SafeQ 3.5
and 3.6.
Ricoh Terminal 1.5 supported not 3.6.2

Embedded (ESA, A.x scheduled
SDK/J10)
Sharp Terminal 3.21 supported not 3.6.2 * *Only via Early

Embedded (OSA) scheduled Access Program
Xerox Terminal 3.21 supported not 3.6.2

Embedded (EIP) scheduled
Toshiba Terminal supported not * *Only via Early

Embedded scheduled Access Program
2.3.3 SSL CERTIFICATE EXPIRATION
SSL Version Valid Expiration Signed by Comment

Certificates Since
YSoft 1.0.0+ 1-Jul- 28-Jun- Y Soft certification Used for secure communication
AirPrint 2015 2025 authority (not between AirPrint Connector and iOS
trusted) devices.
YSoft SafeQ 5 41
February 03, 2016
2.4 EARLY ACCESS PROGRAM
2.4.1 WHAT IS EARLY ACCESS PROGRAM?
Early Access Program allows Y Soft to expose fresh exciting new features to select partners in advance
before official release. This allows us to collect feedback from around the world, fix any imminent issues or
enhance new features before general availability. Although fully functional, features may not be fully
localized and are provided in English language only. Unless confirmed otherwise, these features are not
covered by SLA. Also, for some of the features in early Access Program, Y Soft reserves the right to request
official statement of work to be created before considering use of a feature in customer's project. This is in
order to avoid any possible misunderstanding among any of the involved stakeholders.
2.4.2 HOW CAN I JOIN THE EARLY ACCESS PROGRAM?
Early Access Program is available only for selected partners. Should you wish to join our community, please
contact your responsible account manager. After your request gets approved, we will update your license
and new features become available immediately after product reactivation.
2.4.3 WHAT IF...?
... I find an issue or a bug? Report it back to us through our Customer Services team! Unless confirmed
otherwise, EAP features are not covered by SLA agreement.
... I have some comments or ideas? We're thrilled to hear from your experience with new features. Please
do send us the feedback through your account manager or directly to eap@ysoft.com.
... I would like to use some of the feature with customer/prospect? Y Soft reserves the right to request
official statement of work to be created before considering use of a feature in customer's project. This is in
order to avoid any possible misunderstanding among any of the involved stakeholders. Please contact your
account manager if you have a prospect or existing customer.
2.4.4 QUOTAS
WHAT ARE QUOTAS?

Quotas allow to limit user's consumption of print & copy services. Every user has limit and system prevents
user from higher than allowed consumption. The quota is defined for specific period (e.g. monthly) and then
is automatically refreshed.
YSoft SafeQ 5 42
February 03, 2016
HOW DO QUOTAS WORK?
Administrator defines Quotas that have to apply for different groups of users. It is possible to define:
Maximum number of pages in defined period (e.g. max 100 pages)

Period quota is defined for (e.g. monthly). Quota is automatically refreshed after this period.
Specifics (e.g. applies for color pages only or applies for print services only)
Administrator assigns specific quotas to cost-centers. For example:
Cost center "Japan HQ employees" is limited by quota "Color Copy" and by quota "Print BW"
Cost center "Germany TOP management" is limited by different quota "Color Print"
All users in affected cost center are bound by the quota. In case user's action (print or copy) on Embedded
Terminal would exceed the quota, action is rejected and user is informed about the reason.
It is possible to combine limiting users by Quotas and by Payment. For example:
Cost center "Professors" are limited by quota

Cost center "Students" are limited by credit and have to recharge when printing
It is possible to have certain users limited by Quotas and others by Payment. The differentiation is done on
cost-center level.
YSoft SafeQ 5 43
February 03, 2016
BENEFIT
Primary benefit of Quotas is the possibility to save costs by preventing misuse of print & copy services
by employees. Consumption is limited in understandable form - in number of pages.
Specific environments, like Universities, benefit from opportunity to combine quotas and payment.
Typically employees are limited by page quotas and students or visitors have to purchase their own credit.
CONFIGURATION OF QUOTAS
NOTE:
This feature is currently available only under Early Access Program and therefore requires special
license.
PREREQUISITES
YSoft SafeQ version 5 and YSoft Payment System installed from Maintenance Update 27 or newer
License with Early Access feature "Quotas"
LIMITATIONS
Quotas do not take into consideration Finishing options - when job is changed directly on terminal, it
is still blocked according to initial state of job.
Quotas do not take into consideration Rule-based engine - when job is changed in RBE, it is still
blocked according to initial state of job.
Refunding functionality in YSoft SafeQ web administration is decommissioned. It works through YSoft
Payment System - Cash desk only.
When user's entitlement is changed (user is moved to different cost center), changes can be
reflected with delay.
Do not use Quotas or Entitlements together with creation of money accounts in YSoft SafeQ
(manually or via LDAP). Entitlements will make the manual / LDAP creation obsolete in the future.
Terminal Professional v3 is not supported.
Toshiba (OKI) Embedded Terminal is not supported.
For more limitations see page Vendor-specific limitations and known issues.
YSoft SafeQ 5 44
February 03, 2016
SETTING UP QUOTAS
1 Install YSoft Payment System
2 Enter YSoft Payment System administration
3 In section Quotas, create new quota definition(s) (page limit, recurrence, etc.).
Please note: Define only valid combinations, according to Quota types for specific vendors
(3a) (Optional) When creating or editing quota, check "Enable threshold notification" in order to turn on
soft quotas.
Set up Threshold as % of limit when end user will receive e-mail notification.
Set up "quota owner" - e.g. manager or IT representative, that receives the notifications too.
In section Notifications you can optionally update template of e-mails - tab "Quota
notification" and "Quota notification owner"
(3b) (Optional) In section Periodic recharges, create new periodic recharge definition(s)
4 In section Entitlements, click Create Entitlement
5 Define your entitlement.
Field Mandatory Description
Summary Yes The name of the Entitlement for the references in YSoft Payment
System
Entitlement Yes Options:

for
Users in group - all users from group have separated
quotas or accounts created. Users consume own quotas /
accounts.
Group - the entitlement (quota or account) is created for
whole group. Users consume one common quota / account.
YSoft SafeQ 5 45
February 03, 2016
Group IDs Conditional The number of cost center from YSoft SafeQ (see below where to
find this information). Either this field or "Usernames" should contain
a valid value. More group IDs should be comma separated.
Related features:
All users from specific group (cost center) will be charged according
to entitlement with the related cost center number
Saving of entitlement triggers automatic customer update/creation

for the users assigned to the used cost centers (feature is turned on
by default based on option "feature.entitlement.create-accounts-
when-entitlement-changes").
YSoft SafeQ - cost center ID
Usernames Conditional Accepts only YSoft SafeQ usernames. Either this field or "Group
IDs" should contain a valid value. More usernames should be
comma separated.
When any Entitlement is linked to username, the Entitlement will be

used regardless of group settings. The Entitlement assigned to
specific user will always take precedence from group settings.
Related features are the same like with Group IDs.
Type Yes Accepts these values:
PAYMENT - limiting of users via credit (personal or virtual)

QUOTA - limiting of users via page quotas
NONE - no entitlement for users at all (users will not be able
to log in on Embedded Terminal)
Initial No Displayed only for PAYMENT type. Works only for new
balance automatically created customers.
YSoft SafeQ 5 46
February 03, 2016
Minimum No Displayed only for PAYMENT type.

Balance
Periodic No Displayed only for PAYMENT type. Related recharges can be linked
Recharges by their name.
Quotas Yes Displayed only for QUOTA type. Related quotas can be linked by
their name.
6 Click Create Entitlement
7 (Optional) In YSoft SafeQ system settings, set or keep On-demand payment account creation
on Enabled.
ADDITIONAL SYSTEM CONFIGURATION

These configurations can be used when necessary for specific customer - to ensure backward compatibility
against existing customization or specific workflow with disabled users.
Location Option Description
YSoft SafeQ 5 47
February 03, 2016
YSoft SafeQ system On-demand payment account YSoft Payment System creates
settings creation missing accounts of users
(onDemandPaymentAccountCreation) automatically before transaction,
based on Entitlement settings. This
configuration ensures users are
always charged according to their
group settings, but removes the
possibility to not charge users based
on their missing money account.
Values:
Enabled (default for SQ5)

Disabled (default for SQ6)
When enabled, YSoft Payment

System will automatically create
payment customer account for
unknown user GUID used in YES
REST API. This option ensures user
without money account (e.g. not
created by error) will be charged
according to valid Entitlement
definition.
When disabled, it ensures the

behavior towards users without money
account will remain the same like
without Entitlements - do not charge at
all.
YSoft SafeQ 5 48
February 03, 2016
YSoft Payment system feature.entitlement.create-accounts- Accepts two values:

environment- when-entitlement-changes
configuration.properties true (default) - Editing or saving
of new entitlement will trigger
synchronization, which will
create or update customers
found in cost centers or
usernames defined by current
entitlement.
false - Disable previous
behavior (no automatic
payment customer account
creation or update of existing
accounts)
QUOTA TYPES FOR SPECIFIC VENDORS
Total Print Print Print Copy Copy Copy BW Color
pages + + + +
Color BW Color BW
Konica Minolta
Xerox
Ricoh
Samsung
Sharp
Fuji Xerox with XCP
Legend:
- the quota identifier or combination can be used with the specific vendor
- the quota identifier, combination or whole vendor can have specifics in behavior or limitations. Please
refer to Vendor-specific limitations and known issues
- the quota identifier or combination cannot be used with the specific vendor.
VENDOR-SPECIFIC LIMITATIONS AND KNOWN ISSUES
RICOH
Limitations:
YSoft SafeQ 5 49
February 03, 2016
It is possible to reach negative quota balance. It is mainly caused by slow connection between the
device and the server.
If user has less balance then is needed to perform 5 copies. The user is restricted to perform any
copy job. To allow copying, quota balance must satisfy the following conditions:
BW COPY, COLOR COPY, COLOR, BW - if defined, balance of each of them must be at least
5
COPY - must be at least BW COPY + COLOR COPY or BW + COLOR (if they are defined),
depending on which of the two sums is bigger
Similarly, if user has quota for all pages enabled, he must have at least 5 pages available to be
allowed to copy. If user quota balance gets under 5 pages during copy job, his access to copy
operation will be restricted.
SAMSUNG
Limitations:
Device is able to make reservation per 10 pages. Therefore, any remaining quota below 10 is not
usable.
It may occasionally happen, that device stops requesting reservations of quotas. In this case, users
are not limited in their actions, although operations are accounted by SafeQ. To fix that, it is
necessary to clear the main memory of the device and install the device's firmware again.
Known issues:
When user prints a mixed job (containing both color and BW pages), the printing stops right after one
color and one BW page has been printed (or vice versa).
SHARP
Limitations:
It is not possible to use quota defined as PRINT or COPY (without color specification). Only
definitions like PRINT COLOR or COPY BW are allowed.
Print all or print more jobs - it is possible that not all jobs are printed. It depends on balance of
quotas. The strategy for reservation is the same as for credit handling.
Balance < 100 - whole quota is reserved (jobs have to be printed one by one)
Balance >= 100 - half of quota is reserved (jobs can be printed in batches)
Known issues:
Print all functionality is available also to users with insufficient quotas. All jobs are printed and users
ends up with negative balance.
If user starts copying with 0 quotas of type COLOR COPY and BW COPY, all remaining quotas are
reserved and not returned in reasonable time.
Quotas for copying are decreased when user prints with no quotas for printing defined.
KONICA MINOLTA
Limitations:
YSoft SafeQ 5 50
February 03, 2016
Stop-on-zero works only with a single quota defined for user. Reason: With Konica Minolta, we can
only restrict number of operations and some functions of the device. This can be done only at the
authentication.
If multiple quotas are defined, in the most cases, the number of possible operations is a sum
of all the quotas. (e.g. PRINT 1 and COPY 1 makes 2 possible operations)
In detail, the number of operations is the maximum of all complete subsets found. A
complete subset is PRINT, COPY or COPY, BW or PRINT BW, PRINT COLOR, COPY
BW, COPY COLOR...
Operations (functions) related to quotas with zero or negative remaining balance are restricted
upon login. (e.g. COLOR 0 restricts user from performing any color jobs)
Operations (functions) related to quotas, that are not defined, are unlimited for user. (e.g.
quotas PRINT COLOR, PRINT BW make copying unlimited)
If quota balance reaches exactly 0 during printing, warning screen is displayed with a button "Start"
on it. User must log out.
Possible scenarios:
User has COPY 1, PRINT 1, BW1. Upon login, no function is disabled and the user gets 2
operations. User can now perform any two operations in one session.
Example 1: The user performs 2 BW prints. Resulting quotas are COPY 1, PRINT -1, BW -1.
Upon next login, the user is restricted to perform any BW jobs and any print jobs with 1 action
left. Thus the user can perform only 1 color copy.
Example 2: The user performs 1 BW print and 1 color copy. Resulting quotas are COPY 0,
PRINT 0, BW 0. User can now not perform any further operations.
Example 3: The user performs 1BW print and 1 BW copy. Resulting quotas are COPY 0,
PRINT 0, BW -1. User can now not perform any further operations.
Example 4: The user performs 2 color prints. Resulting quotas are COPY 1, PRINT -1, BW 1.
Upon next login, the user is restricted to perform any print jobs with 1 action left. Thus the user
can perform only 1 copy.
FUJIXEROX WITH XCP
Limitations:
Users are not restricted in printing using direct queue or the Print all functionality, even with negative
quotas amount. It is recommended to disable these features while using print quotas.
It is not possible to use quotas PRINT, COPY, COLOR, BW (but it is possible to use their
combinations, e.g. PRINT COLOR)
With fujiXeroxEnableDefaultQuotaTogglingStrategy enabled, only half of Quota for all pages can be
used for printing, the other half is divided between BW and color copy jobs. If user has quota for all
pages = x, then
BW Copy = x/4
Color Copy = x/4
Print = x - x/4 - x/4
YSoft SafeQ 5 51
February 03, 2016
With fujiXeroxEnableDefaultQuotaTogglingStrategy disabled, when user chooses Copy operation,

the quota balance is divided between BW and color copy jobs. If user has quota for all pages = x,
then
BW Copy = x/2
Color Copy = x - x/2
2.4.5 BILLING CODE SELECTION FOR PRINTING AT THE TERMINAL
NOTE:
license.
Overview
Prerequisites
Setup of Billing Code selection for Printing at the terminal
Behavior with different settings
Limitations for setting "Terminal"
OVERVIEW
Before implementing this feature, users were able to choose Billing Code directly on terminal only for scan
and copy jobs. Print jobs were accounted under the Billing Code, chosen at the YSoft SafeQ Client
application, when sending the job to the YSoft SafeQ server.
Now administrator can enable Billing Code selection on terminal also for print jobs. So users will be able to
change the Billing Code previously selected at the YSoft SafeQ Client application, right before printing the
job on Embedded Terminal. This feature is not supported on hardware terminals like Terminal Professional
or Terminal Ultralight.
For example:
A user sends a frequently printed form to a YSoft SafeQ and marks it as favorite, so that it can be
printed anytime. However, this form is used in many different projects. By selecting the Billing Code
at the terminal, the releases of the form will be each accounted under correct Billing Codes.
A user always sends his print jobs with the default Billing Code selected, not to be bothered by it's
selection. But this time he needs to print something for a special project. Instead of having to resend
the job, the user can change the Billing Code at the terminal.
Jobs sent by Mobile Print can now also be accounted under a Billing Code.
PREREQUISITES
YSoft SafeQ Embedded Terminal

YSoft SafeQ version 5 Maintenance Update 26 or newer
YSoft SafeQ 5 52
February 03, 2016
License with Early Access feature "Billing Code selection for Printing at the terminal"
SETUP OF BILLING CODE SELECTION FOR PRINTING AT THE TERMINAL
1 Activate the license with the feature "Billing Code selection for Printing at the terminal" under Early
Access License
2 In System settings under Spooler tab, set configuration option "billingCodePrecedence" to

Terminal
3 Restart the required services.
BEHAVIOR WITH DIFFERENT SETTINGS
When billingCodePrecedence is set to "Job reception" (default setting)
When user selects a Billing Code in the YSoft SafeQ Client, every print and reprint of that job will
always be accounted under the selected Billing Code.
If the Billing Code in YSoft SafeQ Client is not selected, the job won't be accounted under any Billing
Code when it is printed and reprinted. This applies regardless of the Billing Code selected on the
terminal (e.g. when job is sent by LPR or user had no Billing Code at the time of sending the job).
When billingCodePrecedence is set to "Terminal"
When user selects a Billing Code on the terminal (or has a default Billing Code assigned), each
printed job will be accounted under given Billing Code (until the billing code is changed).
When user selects a Billing Code for a job in the YSoft SafeQ Client, and no Billing Code is selected
on the terminal, the job will be accounted under the Billing Code selected in YSoft SafeQ Client.
If the Billing Code is selected neither on the terminal nor in the YSoft SafeQ Client, the reprints will be
accounted under no Billing Code.
Print All from authentication screen behaves the same way as secure print.
Direct print jobs will be accounted under the Billing Code selected in the YSoft SafeQ Client.
Result of changing the Billing Code while releasing a batch of print jobs will be different on each
vendor (based on accounting strategy).
Default Billing Code has the same effect as choosing a Billing Code right upon log in to a terminal.
NOTE: On terminals, where BC selection is forced right after login (or users has assigned default
BC), users will always be forced to change BC assigned on job reception to YSoft SafeQ server.
NOTE: Billing code which job was accounted to, does not change value of assigned billing code,
which can be found in job details on SafeQ web interface. Billing code selected on terminal is saved
only to job accounting information.
LIMITATIONS FOR SETTING "TERMINAL"

Konica Minolta
Users always have to select the Billing Code when logging in, forcing them to change it for print jobs.
YSoft SafeQ 5 53
February 03, 2016
When changing the Billing Code while printing multiple documents, the documents will be accounted
under the Billing Code chosen at the time of their actual release to the printer. This does not apply to
Direct Print and Print All.
Note, that on the native type of the Embedded Terminal, it is not possible to change Billing Codes
during user session.
Xerox
It is not possible to change Billing Code for jobs printed by Print All functionality if there was a Billing
Code selected on the YSoft SafeQ Client application
Direct Print.
Ricoh
When changing the Billing Code while printing multiple documents has no affect on the documents.
Sharp
Direct Print and Print All.
Fuji Xerox with XCP
Direct Print.
Samsung, Lexmark
under the Billing Code chosen at the time of their actual release to the printer.
OKI, Toshiba
Direct Print.
Terminal Professional, Terminal Ultralight
This feature is not supported on hardware terminals. Original billing code will be used for accounting
regardless of value set in billingCodePrecedence property.
YSoft SafeQ 5 54
February 03, 2016
2.4.6 ACCESS RIGHTS FOR FAX
NOTE:
license.
Overview
Prerequisites
Defining access rights on web
Access restriction on YSoft SafeQ Embedded Terminals
OVERVIEW
As an extension to Fax accounting support, YSoft SafeQ now provides options to restrict access to Fax
feature based on roles, device groups or specific devices. In case Fax access is restricted, user cannot
enter Fax menu on device with Embedded Terminal.
Administrator can configure fax access restriction, in SafeQ Web interface under the Rules > Access
definition. Fax access is enabled by default, after update from releases where this feature was not
available.
PREREQUISITES
YSoft SafeQ version 5 Maintenance Update 25 or newer

License with Early Access feature: "Fax access right definition"
DEFINING ACCESS RIGHTS ON WEB

Administrator can configure fax access restriction, in SafeQ Web interface
1 Log in SafeQ Web interface and go to Rules > Access definition
YSoft SafeQ 5 55
February 03, 2016
Click Add new item, and access record definition window will be opened.
Define following values:
User role
Device group
Device
grant or deny access rights for fax feature
Click Add to save new access record
Modify Fax access rights for already created access records in the list. Click / icons to grant
/deny access.
- access is granted
- access is denied
Click icon to save changes.
To delete access record click icon.
YSoft SafeQ 5 56
February 03, 2016
ACCESS RESTRICTION ON YSOFT SAFEQ EMBEDDED TERMINALS
FujiXerox It is not possible to restrict Fax operation (similarly as the copy restrictions)
FujiXerox The Fax application is visible in the menu, but user is not allowed to enter it and an
XCP insufficient access rights message is displayed, if the user doesn't have Fax access
rights granted.
KonicaMinolta The Fax icon in the menu is not displayed, if the user doesn't have Fax access rights
granted.
Lexmark The Fax icon in the menu is not displayed, if the user doesn't have Fax access rights
granted.
Ricoh The Fax application is visible in the menu, but user is not allowed to enter it and an
insufficient access rights message is displayed, if the user doesn't have Fax access
rights granted.
Samsung The Fax application is visible in the menu, but user is not allowed to enter it and an
insufficient access rights message is displayed, if the user doesn't have Fax access
rights granted.
Sharp User can enter the Fax application, but is not allowed to perform any Fax operation
and an insufficient access rights message is displayed, if the user doesn't have Fax
access rights granted.
Toshiba/OKI User can enter the Fax application, but is not allowed to perform any Fax operation, if
the user doesn't have Fax access rights granted.
Xerox All Fax applications (Fax, Server Fax, and Email Fax) icons in the menu are not
displayed, if the user doesn't have Fax access rights granted. Authentication mode must
be "To device". It is necessary to enable enableXeroxAccessDefinition property in
System settings.
Access definition needs to be supported on the device.
Supported devices: WC 58xx, WC 59xx, WC 78xx, WC 79xx, WC 8700, WC 6655, CQ

930x
Unsupported devices: Phaser 3635
The result of detection whether installed device supports access definition or not is
shown in Embedded Terminals installation overview window:
YSoft SafeQ 5 57
February 03, 2016
2.4.7 DISPLAY SESSION SUMMARY AT RICOH PRINTER
NOTE:
license.
The session summary window displays the total amount of print/copy/scan jobs performed in user's session.
Together with this also the number of pages and price for each job category is displayed. The total price
displays the sum of prices for each category.
NOTE: Job summary can be enabled by a configuration property "Enable YSoft SafeQ embedded
terminal for Ricoh to show session summary before the user logs out " ( srteShowSessionSummary )
that can be found in System Settings / Terminal UI.
1 Log out of the Terminal Embedded: Log in and log out at the Ricoh printer.
2 The session summary appears.
YSoft SafeQ 5 58
February 03, 2016
3 Tap on OK to close the session summary window and logout from the terminal. The session
summary window is also closed automatically after 20 seconds.
2.5 LICENSING
Changes in the licensing model

Module overview
License use
Architecture
General license data
2.5.1 CHANGES IN THE LICENSING MODEL
YSoft SafeQ 5 introduces important changes in the license model. The product is licensed per device with
two simple options:
License with embedded terminal (per device)

License without embedded terminal (per device)
The per-device license with embedded terminal applies to all supported vendors, therefore it is not required
to get separate license for each vendor in customer's environment (see list of supported terminals).
YSoft SafeQ 5 Suite license offers all features available and supported. Therefore customers can enjoy
most of what YSoft SafeQ 5 has to offer at highly competitive price.
Editions (Instant, Professional, Enterprise) are no longer available. Instead, YSoft SafeQ 5 can be
purchased in separate (or combined) modules:
Authentication
Print Roaming
Reporting
Credit and Billing
Rule Based Print
Scan Management
Mobile Print
Each module is described in more detail in the Module overview section.
YSoft SafeQ 5 59
February 03, 2016
Authentication, Reporting, Credit and Billing, Rule Based Print and Mobile Print modules
can be licensed standalone. Print Roaming and Scan Management modules must be
licensed together with Authentication module.
For each per device license (with embedded terminal or without embedded terminal) either
the whole SafeQ Suite with all modules can be licensed, or just individual modules or their
combination, however the licensed modules has to match.
It is not allowed eg. to license 10 devices with embedded terminal with
Authentication and Print roaming module and 10 devices with embedded terminal
with Authentication and Scan Management module.
Only exception is the Reporting module that can be licensed standalone in addition
to the other licensed modules (for example for monitoring of prints on the older
devices).
Up-to-date information about available licenses, packages and combinations is always available
from your Y Soft representative.
2.5.2 MODULE OVERVIEW
YSoft SafeQ 5 can be licensed by individual modules. Features in every module are limited, the list of
features available in each module follows:
Please note that the list of available features contains only the most important ones, for
further information please see the licensing guide on the Partner Portal or contact your Y
Soft representative.
Available features may depend on the type of terminal (Terminal Professional/Ultralight,
Embedded Terminal).
Module name Can be used Can be Included functions Other information

standalone? installed
on ET
as a
feature?
YSoft SafeQ 5 60
February 03, 2016

on ET
as a
feature?
Authentication
direct queue authentication
authentication module is required
application on the for modules Scan
embedded terminal Management and
/terminal professional Print Roaming
various authentication
authentication module is
methods (PIN, card, recommended for
username and modules Credit and
password, billing module and
combination) Reporting and Mobile
card self-registration Print
Print Roaming , requires

Authentication secure queue Reporting or Credit
module direct queue and Billing module is
print application on required for
the embedded accounting of the
terminal/terminal print jobs
professional Authentication
management and module must be
administration of the installed on the
print queue embedded in order to
shared and VIP have this module
shared queues functional.
print roaming
(including near and
far roaming)
YSoft SafeQ 5 61
February 03, 2016

on ET
as a
feature?
Reporting
direct queue license for Reporting
online, offline and module can be
embedded offered standalone in
accounting addition to the rest of
predefined automatic the licensed modules
reports in various recommended
formats module:
management reports Authentication
customizable reports Authentication
local printer module is
monitoring REQUIRED for the
CRS connector embedded
default definable accounting on:
price list FujiXerox
OKI
Ricoh
Sharp
Toshiba
only one price list
is available
YSoft SafeQ 5 62
February 03, 2016

on ET
as a
feature?
Credit and
billing module direct queue recommended with
YSoft Payment module:
System (including Authentication
Payment System Authentication
administration module is
interface and Cash REQUIRED for the
Desk interface) embedded
SafeQ Payment accounting on:
Machine support FujiXerox
(credit charging via OKI
SPM) Ricoh
support for credit Sharp
operations on Toshiba
terminals (payments support not
for prints/scans available for Toshiba
/copies) and OKI embedded
online, offline and terminal
embedded
accounting
definable price lists
multilevel billing
codes
YSoft SafeQ 5 63
February 03, 2016

on ET
as a
feature?
Rule Based
Print direct queue recommended with
RBE conditions, Authentication and
actions and Print Roaming
notifications modules
standalone Rule
Based Print module
provides the same
benefits when
obtained with license
for device with
/without embedded
terminal.
it will be not
possible to use
certain rules and
conditions without
additional modules:
conditions
"Outcome of
authentication
on terminal"
requires the
Authentication
module
action "Queue
the job to user’
s VIP Shared
queue"
requires the
Print Roaming
module
YSoft SafeQ 5 64
February 03, 2016

on ET
as a
feature?
Scan , requires
Management Authentication scan application on Reporting or Credit
module the embedded and Billing module is
terminal required for
scan to email/scan to accounting of the
folder/ scan to script scan jobs
workflows
Mobile Print
mobile print via email recommended with
mobile print via Authentication and
mobile print web Print Roaming
interface modules
conversion of standalone
multiple formats Mobile Print module
(PDF, DOC, XLS, provides the same
PPT, JPEG, PNG) benefits when
AirPrint obtained with license
for device with
/without embedded
terminal.
2.5.3 LICENSE USE
When a new printer is being added:
when the Embedded terminal is installed, after saving the device, the license for the device with
embedded terminal is applied
when the Reporting device is being created, after saving the device, the license for standalone
Reporting module is applied
when the Hardware terminal option or no option is selected, after saving the device, the license for
device without embedded terminal is applied
YSoft SafeQ 5 65
February 03, 2016
2.5.4 ARCHITECTURE
Due to the changes in licensing, every YSoft SafeQ 5 license allows the installation of multiple CML nodes
and multiple ORS servers.
2.5.5 GENERAL LICENSE DATA
YSoft SafeQ uses encrypted XML license file (license.xml) stored in %SAFEQ_HOME%/conf/license
/license.xml. Every license has expiration date(s) and is limited to a specific YSoft SafeQ version. Existing
YSoft SafeQ 4 license cannot be used with YSoft SafeQ 5.
Data in a license
Date of expiration
Support ID
Require online product

authentication
Extension of existing license
License owner
YSoft SafeQ 5 66
February 03, 2016
2.5.6 ACTIVATING YSOFT SAFEQ
OVERVIEW
YSoft SafeQ license file is generated by the YSoft SafeQ Activation Portal. YSoft SafeQ requires only an
activation key, which is part of the license agreement received after product purchase. After entering the
activation key, the license file is available for download from the portal.
The YSoft SafeQ system provides the following information to the YSoft SafeQ Activation Portal during the
activation process:
Computer ID (an identifier of the host operating system)

YSoft SafeQ build number
Activation key
The activation process can be either online, if the YSoft SafeQ server has a direct internet connection to
the Activation Portal, or offline, by following the instructions provided on the YSoft SafeQ Web Interface.
Offline activation can also be used for obtaining the 30-day trial license.
The result of the activation is that YSoft SafeQ is activated with all available features and the web interface
no longer prompts for activation. When the license is activated properly:
Activation portal generates the support ID.

The license is automatically distributed across the entire system (all CML and ORS components).
Activation information is included in the downloaded license in the form of a computer ID and
build number used for activation. Each generated license is associated with the computer ID and
build used for activation. License re-activation is necessary with every system update.
ACTIVATION METHODS
ONLINE ACTIVATION
A YSoft SafeQ administrator logs in to the YSoft SafeQ web interface enters the activation key received
after purchase and selects the Activate online activation method. After the administrator clicks on the
Activate button, the YSoft SafeQ server contacts the activation portal (http://portal.ysoft.com) and tries to
activate YSoft SafeQ. If an activation key matches an existing license, the license is encoded and sent to
the server. YSoft SafeQ server stores the license and YSoft SafeQ is activated. No restart is required. For
further information see the Using the online activation method.
Online activation requires direct connection to the Internet.
OFFLINE ACTIVATION
A YSoft SafeQ administrator logs in to the YSoft SafeQ Web Interface enters the activation key received
after purchase and selects the Activate offline activation method. YSoft SafeQ generates an encoded
integrity key containing information for activation. The next step required for successful activation is to
manually generate the license key at http://portal.ysoft.com/activate. The previously generated integrity
needs to be entered in the corresponding field on the Web page. The license key is returned if the integrity
key contains a valid activation key. The returned license key can be entered via the YSoft SafeQ web
interface which activates the YSoft SafeQ copy. For further information see the Using the offline activation
method.
YSoft SafeQ 5 67
February 03, 2016
LICENSE ACTIVATION AND DISTRIBUTION IN YSOFT SAFEQ CLUSTER

If you are going to install YSoft SafeQ cluster, we recommend that you use the following procedure for
smooth and successful activation:
Prepare your deployment configuration for the entire cluster environment.

Install the first node and activate it by using online or offline activation.
All nodes in cluster are automatically considered to be activated if one of nodes is activated.
LICENSE UPGRADE
License upgrade is a process where the currently activated license receives additional devices, features or
extended duration of the support. Once the extension has been purchased, new activation key shall be
obtained. The new key has to be activated on the YSoft SafeQ web interface so that the key is bound to the
existing license. For more information see chapter Upgrade license.
TROUBLESHOOTING
YSoft SafeQ is deactivated on following occasions:
on Computer ID change (e.g. sysprep or operating system re-installation) - in such a case

follow the description from chapter Transferring license to the new HW
on version change (e.g. update to 4.0.x version) - in such a case perform online or offline
reactivation. License will be updated to newer build number. For more information see article
License reactivation.
on date expiration (some licenses are time limited) - in such a case all devices will be switched
to no-accounting status. Please contact our sales department to obtain license without time
limitation.
In case of issues with the license activation, the first troubleshooting step is using the Offline activation
method. This method displays error messages returned by the activation server. The information from offline
activation are required by Y Soft customer support services when an incident via Service Desk is reported.
Each incident needs to contain screenshot of the error message, generated integrity key and description of
the steps that were performed prior the activation (e.g. old server has failed and we are trying to activate
license on a new server).
USING THE OFFLINE ACTIVATION METHOD
NEW OFFLINE ACTIVATION
1. On the Dashboard, click on Activate new license.
YSoft SafeQ 5 68
February 03, 2016
2. On the Activation key screen enter the activation key and click on Next.
3. On the Activation method screen select the Activate offline option and click on Next.
4. The integrity key is generated automatically. Copy the integrity key and click on Next.
YSoft SafeQ 5 69
February 03, 2016
5. From a computer with Internet access, visit the website http://portal.ysoft.com/activate, enter your
integrity key and generate the license key. On the License key screen enter the license key
generated on the activation portal and click on Activate to finish the activation process.
YSoft SafeQ is always activated or reactivated from the first node of the cluster only.
YSoft SafeQ stores the license in the file %SAFEQ_HOME%/conf/license/license.xml.
USING THE ONLINE ACTIVATION METHOD
NEW ONLINE ACTIVATION
1. On the Dashboard, click on the Activate new license.
2. On the Activation key screen enter the activation key and click on Next.
YSoft SafeQ 5 70
February 03, 2016
3. On the Activation method screen select the Activate online option and click on Activate. YSoft
SafeQ server contacts http://portal.ysoft.com and downloads the license.
YSoft SafeQ is always activated or reactivated from the first node of the cluster only. YSoft SafeQ
stores the license in the file %SAFEQ_HOME%/conf/license/license.xml.
LICENSE REACTIVATION
After upgrading to new Service Release or restoring the installation on the same hardware and the same
operating system (without the OS being reinstalled), YSoft SafeQ must be reactivated again. When the
license reactivation is performed, all orders that have been previously used on this server will be
automatically activated.
LICENSE REACTIVATION
1. On the Dashboard, click on Reactivate new license button
YSoft SafeQ 5 71
February 03, 2016
2. Then select one of the activation methods (Online activation or Offline activation) and perform the
corresponding following steps.
YSoft SafeQ is always activated or reactivated from the first node of the cluster only. YSoft SafeQ
stores the license in the file %SAFEQ_HOME%/conf/license/license.xml.
SUPPORT ID
Support ID is a unique identifier of every YSoft SafeQ installation. All orders related to the installation are
associated with one Support ID. Every Support ID is bound to the computer where the first activation has
been done. In case the customer orders additional features or devices, the activation code from the new
order needs to be used at the same server as before, otherwise the new features or devices will not be
successfully added. In case of server cluster, all activation codes need to be applied at the Master server.
Support ID can be found by following means:
1. In the YSoft SafeQ web interface on dashboard.
2. In the YSoft SafeQ web interface in the System Information tab / License information section.
3. Y Soft partners can find the support ID in the Service Desk in the list of registered installations.
YSoft SafeQ 5 72
February 03, 2016
TRIAL LICENSE ACTIVATION

Y Soft Partners can activate YSoft SafeQ 5 with a free 30-day trial license. Trial license provides the
complete YSoft SafeQ 5 Suite with the license for 25 devices with embedded terminal and 25 devices
without embedded terminal.
NEW TRIAL LICENSE ACTIVATION
1. On the Dashboard, click on the Start a trial button.
2. The integrity key is generated automatically. Copy the integrity key and click on Next.
3. Visit the website http://portal.ysoft.com/activate from a computer with Internet access, enter your
integrity key and generate the license key. On the License key screen enter the license key
generated on the activation portal and click on Activate to finish the activation process.
YSoft SafeQ stores the license in the file %SAFEQ_HOME%/conf/license/license.xml.
YSoft SafeQ 5 73
February 03, 2016
LICENSE UPGRADE
License upgrade allows extending the existing license with additional devices, features or support (after
purchase has been done).
Prerequisites
Make sure that you have:
Access to the YSoft SafeQ web interface of the first installed CML server (master)
New activation key
LICENSE UPGRADE
1. Log in as administrator to YSoft SafeQ web administration on the first installed CML server (master
node) and open the license information.
2. Click on the Update license.
YSoft SafeQ 5 74
February 03, 2016
3. Select Upgrade existing license.
4. Enter the new activation key received from Y Soft or Y Soft representative.
5. Select one of the activation methods (Online activation or Offline activation) and walk through the
next steps to finish the license upgrade.
TRANSFERRING LICENSE TO NEW SYSTEM (HARDWARE OR OPERATING SYSTEM CHANGE)

Before transferring the license to new server (e.g. when original hardware fails), it is necessary to enable
reactivation on new hardware. If the reactivation is not allowed, license server will determine that the
activation has happenned on different computer and the activation will fail with one of the following
messages:
YSoft SafeQ 5 75
February 03, 2016
This PO # Pxxxxxx has been already activated on a different computer!

Trying to reactivate on new HW, but this is NOT ALLOWED! The license on this computer is
connected to MAxxxxxxx
PLEASE FOLLOW THESE STEPS TO ENABLE REACTIVATION:
Make sure there has been no YSoft SafeQ license (not even a Demo or Trial license) activated on
the computer you are going to use. If this condition is not met, the following error message will be
displayed when trying to activate the product:
The license on this computer is connected to MAxxxxxx but the related SLA record is
MAyyyyyy! Manual intervention in Y Soft HELIOS IS is required. Please contact our
Service Desk. We apologize for inconvenience!
CUSTOMERS WITH VALID SLA (PLATINUM, GOLD, SILVER)
The license can be transferred to new hardware without any assistance from Y Soft Corporation. Please
follow the steps below:
You will need:
the existing Support ID

the Activation key that was provided with the order of YSoft SafeQ
the company name of the customer
Internet connection (access to http://activate.ysoft.com)
1. Log in as administrator to YSoft SafeQ Web administration of the new server installation.
2. Select Reactivate existing license.
YSoft SafeQ 5 76
February 03, 2016
3. Select Activate offline and click on Next.
4. Copy the generated integrity key to clipboard.
5. On a computer connected to the internet, open the web browser and navigate to http://activate.ysoft.
com
6. Click the Transfer license to new hardware link.
7. Enter the integrity key, Support ID and Customer Name. Values will be verified automatically.
8. Press the button “Generate”.
YSoft SafeQ 5 77
February 03, 2016
9. Copy the generated string and paste it to License key field on the YSoft SafeQ web interface. Then
click on the Activate button to finish the reactivation.
CUSTOMERS WITHOUT VALID SLA (PLATINUM, GOLD, SILVER)
The partner responsible for the installation needs to send a request to allow reactivation on new
hardware to orders@ysoft.com.
The request must contain
the reason why the transfer is needed
support ID or the customer company name
Please note that the approval process may take several days to complete.
If you urgently need the license, you can activate the trial license instead. This will require additional support
from Y Soft Customer Support team after the license transfer is approved. The SafeQ 5 Trial Licenses
also limits the volume of supported devices.
2.5.7 TRIAL LICENSES
YSoft SafeQ 5 can be activated with a free 30-day trial license. For more information see the article trial
license activation. Trial licenses provide access to the entire YSoft SafeQ 5 Suite, with the license for 25
devices with embedded terminal and 25 devices without embedded terminal.
The following table outlines which features are included in each trial license.
Architecture SafeQ 5
Suite
Number of CML nodes 5
Local printers Unlimited
Offline Remote Spooler 5
MFPs with embedded terminal 25
MFPs without embedded 25

terminal
YSoft SafeQ 5 78
February 03, 2016
Architecture SafeQ 5
Suite
Features SafeQ 5
Suite
Smart Card support
Card assignment
Print roaming
Print tracking
Copy and scan tracking
Print compression
Print encryption
Offline accounting
Online accounting
Vendor provided accounting
Device counter monitoring
Predefined reports
Custom reports
Purge reports
Management reports
Automated reports
Report exports
CRS connector
Rule based engine
Projects tracking
Mobile print server
Scan management
Payment system
Shared queues
VIP shared queues
YSoft SafeQ 5 79
February 03, 2016
2.5.8 REQUEST LICENSE UPGRADE FROM YSOFT SAFEQ 4 TO YSOFT SAFEQ 5
The requester allows upgrading the existing YSoft SafeQ 4 license key to the license valid for YSoft SafeQ
5. We recommend that license upgrade is requested 3 weeks before the actual upgrade.
Prerequisites
Verify that:
You have an access to Y Soft Partner Portal

The license has valid Software Support
LICENSE UPGRADE YSOFT
1. Navigate to YSoft SafeQ Activation Portal (https://activate.ysoft.com) and log in to the YSoft Partner
portal for advanced functions.
YSoft SafeQ 5 80
February 03, 2016
2. Select Request SafeQ 4.0 license Upgrade to SafeQ5 >>
3. Enter the YSoft SafeQ 4 support ID to the available column and click Generate to sent the request.
NOTE: If the provided support ID has no valid Software Support, an error message occurs. In this
case, please send your request directly to your dedicated Account Manager who will provide you with
a possible solution.
4. The request is is sent for validation to orders. Normally the request is processed within a few days
but in peak periods it make take even a few weeks. That is why we recommend to plan the upgrade
and request the licence upgrade 3 weeks prior to the actual upgrade.
NOTE: After the license upgrade is confirmed YSoft SafeQ 4 remains operational. However, do not
re-activate SafeQ 4 installation. For updating to the latest Service Release of YSoft SafeQ 4 it is not
required that the installation is re-activated instead after the installation of update is finish proceed
with the upgrade to Y Soft SafeQ 5.
5. Once the request is processed it is possible to proceed with the upgrade.
NOTE: We strongly recommend NOT to install Y Soft SafeQ 5 aside and activate a TRIAL license
while waiting for the validation of the request. Such servers (read: servers with pre-installed YSoft
SafeQ 5 that has TRIAL licence activated.) are not authorized to use "Activation key" for upgrades.
YSoft SafeQ 5 81
February 03, 2016
2.6 SUPPORTED LANGUAGES
Installer
YSoft SafeQ web interface and YSoft Payment System
External and Embedded Terminals
YSoft SafeQ Client
2.6.1 INSTALLER
Language SafeQ 5 installer

support
English
Chinese Simplified
Czech
Danish
French
German
Hungarian
Brazilian
Portuguese
Japanese
Polish
Portuguese
Russian
Slovak
Spanish
2.6.2 YSOFT SAFEQ WEB INTERFACE AND YSOFT PAYMENT SYSTEM
Language SafeQ 5 web interface and Payment System

support
English
Chinese Simplified
YSoft SafeQ 5 82
February 03, 2016
Language SafeQ 5 web interface and Payment System

support
Czech
Danish
French
German
Hungarian
Japanese
Polish
Brazilian
Portuguese
Portuguese
Russian
Slovak
Spanish
2.6.3 EXTERNAL AND EMBEDDED TERMINALS
Language Terminal Fuji Xerox Fuji Xerox Konica Ricoh Sharp Toshiba
Professional Embedded XCP Minolta Embedded Embedded Embedded
Embedded Embedded
(terminal
application
supports
same
localizations
as Fuji
Xerox
Embedded)
English
Czech
Arabic not not not not not

supported supported supported supported supported
YSoft SafeQ 5 83
February 03, 2016
Embedded Embedded
(terminal
application
supports
same
localizations
as Fuji
Xerox
Embedded)
Bulgarian
Chinese localized,
Simplified not
supported
Chinese
Traditional
Croatian
Danish
Dutch
Estonian
Finnish
French
Georgian
German
Greek
Hebrew not not not not not

supported supported supported supported supported
YSoft SafeQ 5 84
February 03, 2016
Embedded Embedded
(terminal
application
supports
same
localizations
as Fuji
Xerox
Embedded)
Hungarian
Italian
Japanese
Kazakh
Korean
Latvian
Lithuanian
Norwegian
Polish
Portuguese
(Brazil)
Portuguese
(Portugal)
Romanian
Russian
Serbian
(Cyrillic)
YSoft SafeQ 5 85
February 03, 2016
Embedded Embedded
(terminal
application
supports
same
localizations
as Fuji
Xerox
Embedded)
Serbian
(Latin)
Slovak localized,
not
supported
Slovenian
Spanish
Thai
Turkish
Ukrainian
2.6.4 YSOFT SAFEQ CLIENT
Language Windows Client MacOS/Linux Client
English
Czech
Arabic
Bulgarian
Chinese Simplified
Chinese Traditional
Croatian
YSoft SafeQ 5 86
February 03, 2016
Danish
Dutch
Estonian
Finnish
French
German
Greek
Hebrew
Hungarian
Italian
Japanese
Kazakh
Korean
Latvian
Lithuanian
Norwegian
Polish
Portuguese (Brazil)
Portuguese
(Portugal)
Romanian
Russian
Serbian (Cyrillic)
Serbian (Latin)
Slovak
Slovenian
YSoft SafeQ 5 87
February 03, 2016
Spanish
Swedish
Thai
Turkish
Ukrainian
YSoft SafeQ 5 88
February 03, 2016
3 YSOFT SAFEQ 5 FEATURE SET
YSoft SafeQ offers various features for the customer benefit when using multifunction devices. The
following table describes which components are required (servers, terminals, clients).
PRINT, COPY, AND SCAN TRACKING

Ability to track costs for print, copy and scan operations done by users. This feature helps business
owners understand users behavior in print environment and serves as an entry point for making
printing, copying and scanning much more secure and efficient.
Office Print Tracking with several Print tracking methods
Copy Tracking
Scan Tracking
Project Print Tracking
Project Copy and Scan Tracking
REPORTING
Reporting gives the ability to use information from print, copy, scan tracking and provide both high-level
and detailed overview to IT managers. Reporting provides details about device usage, costs, users and
impact on the environment (also known as "Green Reporting"). The information can be then used to
further optimize the print environment.
YSoft SafeQ 5 89
February 03, 2016
Usage and Cost reports
Green Reporting
Device Counter Reporting
PRINT AND COPY MANAGEMENT

Managing printing and copying behavior is possible through several means - Rule-Based Printing
(administrator defines rules which are applied to print jobs), Print Roaming (allow end-users to pick up
their print jobs anywhere in the YSoft SafeQ environment, managing print jobs at the terminal (e.g.
reprinting, choosing favorite jobs to be kept), sharing or delegating print jobs with other users.
Rule-based Engine with number of Rule-based Engine: rule definition
Print Roaming (also known as "follow me")
Print queue management and re-print
Workgroup print sharing (Shared Queues)
Delegation Print (VIP Shared Queues)
MFP Walkup Functions Control
SCAN MANAGEMENT
YSoft SafeQ allows users to choose one of the default scan workflows right after installation - sending
scanned documents to user's email address or home folder. To simplify internal business workflows,
scan-to-script capability can be used together with custom scripts to e.g. send the scanned data into
another system for further processing or archiving.
YSoft SafeQ 5 90
February 03, 2016
Workflow scanning
YSOFT PAYMENT SYSTEM

Allow users to pay for printing services. Users are immediately charged, based on their account
balance in YSoft Payment System. Recharging the account is possible through several means - using
staffed Cash desk, automated recharging (giving free credit to your users) or using 3rd party payment
gateway such as PayPal. YSoft Payment System also allows integration with existing credit system,
point-of-sale applications, payment gateways and many more.
Pay For Print (YSoft Payment System)
Pay For Copy (YSoft Payment System)
Pay For Scan (YSoft Payment System)
Account recharging options
MOBILE PRINTING
With BYOD (bring your own device) trend going up, the ability to print from mobile devices is needed
more than ever. Users can send their data via e-mail or upload them using dedicated website. In
combination with Print Roaming, the printouts are available almost at all times.
YSoft Mobile Print Server
Email Printing
User Roaming
SYSTEM DEPLOYMENT AND ADMINISTRATION

Adding another system to the responsibility of administrator is made easy with simple deployment,
integration and administration.
YSoft SafeQ 5 91
February 03, 2016
Identity management
Card self-assignment
Web Administration Interface
Deployment
Licensing
Localizations
ADVANCED ENTERPRISE FEATURES

Large corporations and Enterprises need features such as distributed environment support (multiple
branches connected to headquarters), security and reliability. These needs are covered by enterprise-
level features, offered by YSoft SafeQ.
Distributed Server System - Private Cloud
Server failover
System monitoring (System Information)
Print data transfer encryption
Print data transfer compression
YSoft SafeQ 5 92
February 03, 2016
DEVICE MONITORING
Whether you are only interested in the print volumes or are collecting data to compare with other
systems, meter collection is included and offers access to device counters.
Page meter collection
Explanations:
Terminal is required
YSoft SafeQ Client is required
Distributed Server System is required (see Distributed Server System - Private Cloud
)
Terminals provide user interface which allows interaction with multifunction or other printers. The key
features allow user authentication, print job management and access to other YSoft SafeQ features for end
users.
YSoft SafeQ supports two types of terminals:
Embedded (software) Terminals - software, installed on the multifunction printer.
External (hardware) Terminals - hardware, mounted on multifunction or other printers.
YSoft SafeQ 5 93
February 03, 2016
Terminal
YSoft SafeQ® Terminal

Professional (HW)

UltraLight (HW)
YSoft SafeQ® Fuji Xerox Apeos

Terminal Embedded
YSoft SafeQ® Konica Minolta

OpenAPI Terminal Embedded
YSoft SafeQ® Ricoh ESA

Terminal Embedded
YSoft SafeQ® Sharp OSA

Terminal Embedded
YSoft SafeQ® Xerox EIP

Terminal Embedded
YSoft SafeQ® Toshiba

OpenPlatform Terminal
Embedded
YSoft SafeQ® OKI OpenPlatform

Terminal Embedded
Important note: Please always refer to the Hardware Compatibility List for up-to-date information about
supported vendors and devices.
Note: This document is the sole source for descriptions of all YSoft SafeQ functionality; any functionality
provided by the YSoft SafeQ solution (incidentally or intentionally) that is not described in this document
shall not be considered as officially available and supported. Intellectual property held in this document is an
asset of Y SOFT and its affiliated companies. Nothing in this document is intended to grant any rights under
any patent, copyright or other intellectual property right to any party other than Y SOFT. Specifications are
subject to change without prior notice.
The information contained within this document is for the intended reader, bound by a signed NDA, is
confidential, and is supplied to the reader solely for his/her internal use. The reader agrees that he/she will
disclose this information only within his/her organization and then only to those employees who have a
direct need for such information. The reader further agrees that this information in any part or in its entirety
will not be disclosed by him/her to any other party without the express, written consent of Y SOFT.
YSoft SafeQ 5 94
February 03, 2016
YSoft SafeQ 5 95
February 03, 2016
3.1 FEATURE LIST
YSoft SafeQ offers various features for the customer benefit when using multifunction devices. The
following table describes which components are required (servers, terminals, clients).
PRINT, COPY, AND SCAN TRACKING

Ability to track costs for print, copy and scan operations done by users. This feature helps business
owners understand users behavior in print environment and serves as an entry point for making
printing, copying and scanning much more secure and efficient.
Office Print Tracking with several Print tracking methods
Copy Tracking
Scan Tracking
Project Copy and Scan Tracking
REPORTING
Reporting gives the ability to use information from print, copy, scan tracking and provide both high-level
and detailed overview to IT managers. Reporting provides details about device usage, costs, users and
impact on the environment (also known as "Green Reporting"). The information can be then used to
further optimize the print environment.
Usage and Cost reports
Green Reporting
Device Counter Reporting
YSoft SafeQ 5 96
February 03, 2016
PRINT AND COPY MANAGEMENT

Managing printing and copying behavior is possible through several means - Rule-Based Printing
(administrator defines rules which are applied to print jobs), Print Roaming (allow end-users to pick up
their print jobs anywhere in the YSoft SafeQ environment, managing print jobs at the terminal (e.g.
reprinting, choosing favorite jobs to be kept), sharing or delegating print jobs with other users.
Rule-based Engine with number of Rule-based Engine: rule definition
Print Roaming (also known as "follow me")
Workgroup print sharing (Shared Queues)
Delegation Print (VIP Shared Queues)
SCAN MANAGEMENT
YSoft SafeQ allows users to choose one of the default scan workflows right after installation - sending
scanned documents to user's email address or home folder. To simplify internal business workflows,
scan-to-script capability can be used together with custom scripts to e.g. send the scanned data into
another system for further processing or archiving.
Workflow scanning

Allow users to pay for printing services. Users are immediately charged, based on their account
balance in YSoft Payment System. Recharging the account is possible through several means - using
staffed Cash desk, automated recharging (giving free credit to your users) or using 3rd party payment
gateway such as PayPal. YSoft Payment System also allows integration with existing credit system,
point-of-sale applications, payment gateways and many more.
YSoft SafeQ 5 97
February 03, 2016
Pay For Print (YSoft Payment System)
Pay For Copy (YSoft Payment System)
Pay For Scan (YSoft Payment System)
Account recharging options
MOBILE PRINTING
With BYOD (bring your own device) trend going up, the ability to print from mobile devices is needed
more than ever. Users can send their data via e-mail or upload them using dedicated website. In
combination with Print Roaming, the printouts are available almost at all times.
Email Printing
User Roaming
SYSTEM DEPLOYMENT AND ADMINISTRATION

Adding another system to the responsibility of administrator is made easy with simple deployment,
integration and administration.
YSoft SafeQ 5 98
February 03, 2016
Identity management
Web Administration Interface
Deployment
Licensing
Localizations
ADVANCED ENTERPRISE FEATURES

Large corporations and Enterprises need features such as distributed environment support (multiple
branches connected to headquarters), security and reliability. These needs are covered by enterprise-
level features, offered by YSoft SafeQ.
Distributed Server System - Private Cloud
Server failover
System monitoring (System Information)
DEVICE MONITORING
Whether you are only interested in the print volumes or are collecting data to compare with other
systems, meter collection is included and offers access to device counters.
YSoft SafeQ 5 99
February 03, 2016
Page meter collection
Explanations:
Terminal is required
YSoft SafeQ Client is required
Distributed Server System is required (see Distributed Server System - Private Cloud
)
3.1.1 CRS (CENTRAL REPORTING SERVICES)
YSoft SafeQ supports Usage and Costs Reporting interface integration with MS SQL OLAP Data
Warehouse.
OVERVIEW
YSoft SafeQ captures information about the print environment, devices and users. The data are accesible
for large print environments by integration with Microsoft SQL OLAP Data Warehouse and can be included
in company's business intelligence systems.
PRE-REQUISITES
MS SQL 2008/2008R2/2012 Standard or Enterprise Server with Analysis Services. Several features
may be limited when using Standard Edition. see http://www.microsoft.com/sqlserver/en/us/product-
info/compare.aspx for more information.
YSoft SafeQ 5 100

February 03, 2016
AVAILABLE REPORTING DATA IN CRS
Scale - countable data, such as the number of

pages, price, etc.: Print Stats = print detail
Accounting Cost Center Distinct Count =
number of different cost centers
Device Distinct Count = number of different
devices
Device Group Distinct Count = number of
different device groups
User Distinct Count = number of different
users
Smartq Cdc Counters = counter value
(Counter stats only)
Safeq Last Counters Log = dates of the last
updated counters (only Last completed data)
Safeq Last Stats Log = dates of the last
updated statistics (only Last completed data)
Dimension -- descriptive information for Scale

data (such as who printed, the device they Accounting Cost Center = name/number of
used, etc.) the accounting cost center
Accounting Type = paper type and job colour
Datetime = period of time – rounded up to the
time (only Base Stats)
Device Cost Center = name of the device's
cost center
Device = name of the device
Device Group = names of the device's groups
File Type = file type used
Job Type = job type used
Job Title = title of the job
Project = projects
Server = server name
Time = period of time (only Full stats)
Counter Date= date/time at which the counter
changed
User = user name
Forced = type of forced print rule used
Date= date (only Real Volume)
YSoft SafeQ 5 101

February 03, 2016
Detailed description of *Distinct Count* scales:

Accounting Cost Center Distinct Count:
number of cost centers using a service. For
example, the number of cost centers printing
to the current device can be displayed.
Device Distinct Count: number of devices.
For example, you can see how many devices
are handling the current job type (print/copy
/...)
Device Group Distinct Count: number of
device groups (see above).
User Distinct Count: number of users using
a service. For example, the number of users
who are printing colour jobs.
Detailed description of Print Stats scales: Scales used on the MS-SQL ENT and MS-SQL STD
platform:
Jobs Cnt: number of jobs

Pages: number of outputs, without printer type
distinguishing
Pages Normalized: number of outputs
normalized to small pages (1x large page = 2x
small page)
Papers: quantity of paper used, without printer
type distinguishing
Papers Normalized: quantity of paper used,
normalized to small pages (1x large page = 2x
small page)
Price: output price (amount)
Meters: percent of meters in stats (only Real
Volume)
Scales used on the MS-SQL ENT platform:

Avg Cvg: average coverage – not used
Avg Toner Cmy: average coverage of colour
toner – not used
Avg Toner K: average coverage of black
toner – not used
Price Per Page: output price (average per
page)
Detailed description of SmartQ CRS counters

scales: Value: value counters
YSoft SafeQ 5 102

February 03, 2016
Detailed description of SafeQ Last Counters log

scales: CRS Counter Last Date: Last date counters
from CRS
Detailed description of SafeQ Last Stats Log

dimension: CML Last Counters Date: Last date of CML
counters
CML Last Jobaccs Date: Last date of
accounted job from CML
CML Last Joblogs Date: Last date of logged
job from CML
CML Last Jobs Date: Last date of job from
CML
CRS Stats Last Date: : Last date from CRS
statistics
CRS Stats Counters Date: : Last date of
CRS counters
Detailed description of *Last Completed Data

*scales: Data Completeness Date: Last date of CRS
counters
Detailed description of the Accounting Cost Specific cost center of accounted job. Use this value
Center dimension: to determine the current cost centers (for example, in
the users report):
Accounting Cost Center - Number: the

number of the accounting cost center
Accounting Cost Center - Name: the name
of the accounting cost center
Detailed description of Accounting Type

dimension: Accounting Type: output type (b/w copy, b/w
print, colour copy, colour print large (A3/legal
/tabloid), scan, etc...). Can be used to learn
the output type of each user or device center.
Detailed description of Counter Description

dimension: Counter Description: counter description
YSoft SafeQ 5 103

February 03, 2016
Detailed description of Datetime dimension:

Datetime: Date-time rounded to the hour
Day: Day
Day Of Week: day of week
Hour: Hour
Month: Month
Time: Time
Week Number: Week number
Year: Year
Date: Date
Date Hour: Hierarchy date-time rounded to a
whole hour
YSoft SafeQ 5 104

February 03, 2016
Detailed description of Device dimension (copier,

device, MFP): Device - Activation Date: activation date of
the device (date of the first device use via
SafeQ)
Device - Backend: print backend (according
to SafeQ web interface)
Device - Contact Person: contact person
(according to SafeQ web interface)
Device - Cost Center Name: name of the
device's cost center (according to SafeQ web
interface). For the current cost center, use the
dimension "Accounting Costs Center".
Device - Cost Center Number: the device's
cost center number (according to SafeQ web
interface). For the current cost center, use the
dimension "Accounting Costs Center".
Device - Deactivation Date: activation date of
device (date of the first device use via SafeQ)
Device - Description: device description
Device - Device Group: device group
Device - Name: device name (according to
SafeQ web interface)
Device - Driver: device's accounting driver
Device - Equipment Id: device's equipment
ID (according to SafeQ web interface)
Device - IP Address: device's IP address or
DNS name (according to SafeQ web interface)
Device - Location: device's location
Device - Service Agreement Id: device's
service agreement identification number
Device - Accounting Driver: device's
accounting drive
Device - Device Id: device's ID
Device - Printer Type Name: device's printer
type name
YSoft SafeQ 5 105

February 03, 2016
Detailed description of Device Group dimension: Device's group. For example: the number of jobs
printed for a specific device group.
Device Group - Name: device group name

Device Group - Type: device group type (RS,
ORS, CML)
Detailed descriptions of File Type dimension: Job file type. For example, which jobs users printed,
or how many jobs of a certain job type were printed.
Filetype - Name: job filetype name (according

to SafeQ web interface)
Filetype - Extension: job filetype name
extension (according to SafeQ web interface)
Filetype - Prefix: job filetype name prefix
Detailed description of Job Type dimension:

Job Type: job type (print, copy, scan)
Detailed description of Job Origin dimension:

Job Origin: origin of printed job – the name of
the station (server), from which the job was
printed
Detailed description of Job Title dimension:

Job Title: title of each job as it will appear in
the list of all printed jobs. For example:
relation to the user or device.
Detailed description of Printer Type dimension: Device model (according to SafeQ web interface):
Printer Type - Driver: Windows print driver

Printer Type - Name: device model name
Detailed description of Project dimension:

Project - Description: project description
Project - Code: project code
Detailed description of Server dimension:

Server - Cluster name: cluster node name
Server - IP: server IP address
Server - Name: server name
YSoft SafeQ 5 106

February 03, 2016
Detailed description of Counter Date dimension:

Modification Date: modification date rounded
to days
Modification Date And Hour: modification
date rounded to a whole hour
Retrieval Date: retrieval date rounded to day
Retrieval Date And Hour: retrieval date
rounded to a whole hour
Detailed description of Time dimension: Can be used when defining reports or for viewing
device usage over a period of time:
Day: day of the month when the job was

printed – sequential number in month
Day Of Week: day of the week when the job
was printed – sequential number in week
Hour: hour that the job was printed
Month: month when the job was printed
Time: complete time data, including the
printing process jobs
Week Number: week when the job was
printed – sequential number in year
Year: year when the job was printed
Date: date when the job was printed
Date Hour: date and time when the job was
printed (time is rounded to a whole hour )
Small Time: date and time when the job was
printed (time is rounded to seconds)
Detailed description of User dimension:

User - Cost Center Name: name of user's
cost center
User - Cost Center Number: number of
user's cost center
User - Email: user's e-mail
User - Full Name: user's full name (surname
and name)
User - Login: user's login (user's primary
login)
User - Name: user's name
User - Surname: user's surname
User - Number: user's personal ID (according
to SafeQ)
YSoft SafeQ 5 107

February 03, 2016
Detailed description of Forced dimension:

Forced: Forced type (Not Forced, Forced BW,
Forced Duplex, Forced BW&Duplex)
CREATION AND ACCOUNTING OF ANONYMOUS AND PURGE JOBS
ANONYMOUS PRINT/COPY JOB ACCOUNTING
WHEN ANONYMOUS JOBS ARE CREATED

An anonymous job is created when the MFP counter is increased without the job being recognized by
the YSoft SafeQ system; for example, when a print or copy is made without YSoft SafeQ (a non-YSoft
SafeQ print/copy). YSoft SafeQ creates the anonymous job when it accounts the next job on the same
MFP (because YSoft SafeQ checks MFP counters both before and after it performs any job).
An anonymous job is accounted according to the cost center of the MFP where the job was printed. In
this situation, the job owner is a special user called "counter difference", which can be seen only after
final processing of statistical data in the CRS database.
Anonymous jobs can be enabled in SafeQ Web interface -> System -> System settings -> Expert
options:
enableInvalidJobs = true
disable-CNAJ = false
cntrCheckDiff = true
Options are enabled by default.
PURGE JOB ACCOUNTING
WHEN PURGE JOBS ARE CREATED

A purge job is created when a print job is not printed by an MFP or if it is accounted as 0 pages (ie. if
offline accounting is used and the job has not been parsed correctly). In this situation, a job is created
based on parser information, with prices configurable via the YSoft SafeQ Web Interface. If parser is
disabled, the job is created from default information in the YSoft SafeQ Web Interface as black-and-
white A4.
Purge jobs can be enabled in SafeQ Web interface -> System -> System settings -> Expert options:
enable-purge_reports = true
Option is disabled by default.
YSoft SafeQ 5 108

February 03, 2016
DATA MANAGEMENT AND BACKUP
DATA WAREHOUSE
The data warehouse is used for permanent storage of statistical and descriptive data. There is a possibility
to manage how old data will be stored in data warehouse and if database backup should be created during
cleanup procedure. System creates partition for each new year to manage data effectively and delete old
partitions.
Data warehouse cleanup and backup procedures use following configuration:
This settings can be changed later in <SAFEQ_DIR>\conf\modules\crs.conf
enableDBCleanup = true
Used for enabling data warehouse cleanup. Cleanup removes data older than specified in
archiveDataYears from the warehouse.
enableDBBackup = true
Used for enabling data warehouse backup
archiveDataYears = 1
Used for defining period, how old data will be kept in data warehouse. The value is specified in
calendar years (e.g. all data since 1.1.2013 will be held in cube in case the current date is
1.1.2014 or 12.12.2014).
cdcDbBackupPath = c:/SafeQCRS/backup/
Path used for storing backups (data warehouse, cubes)
OLAP CUBE
OLAP cubes use data from data warehouse as its direct source. There is possibility to manage how old
information will be stored in base OLAP cube. There is also possibility of creating cubes backup during
cleanup procedure. System creates partition for each month to manage data effectively and delete old
partitions.
Cubes cleanup and backup procedures use following configuration:
This settings cannot be changed later. To change these options YSoft SafeQ CRS has to be
reinstalled with newly defined settings.
YSoft SafeQ 5 109

February 03, 2016
enableBaseCubeCleanup = 1
Used for enabling base cube cleanup. Cleanup removes data older than specified in
cdcArchiveCubePeriod from the Base cube.
cdcEnableBackupCubeBase = 1
Used for enabling base cube backup
cdcEnableBackupCubeFull = 1
Used for enabling full cube backup; if enabled, each month the full cubes older than specified in
cdcArchiveCubeMonths property will be moved to backup directory.
cdcArchiveCubePeriod = 1
Used for defining period, how old data will be stored in base cube. The value is specified in
calendar years (e.g. all data since 1.1.2013 will be held in cube in case the current date is
1.1.2014 or 12.12.2014).
Path used for storing backups (data warehouse, cubes)
WEB REPORTS (SSRS)

Web reports database uses data mirrored from data warehouse. User can specify how old data will be
stored in web reports database.
Web reports database cleanup procedure use following configuration:
This settings can be changed later in <SAFEQ_DIR>\conf\modules\crs.conf
enableReportsCleanup = true
Used for enabling web reports database cleanup. Cleanup removes data older than specified in
archiveReportsYears from the web reports database.
archiveReportsYears = 1
Used for defining period, how old data will be stored in web reports database. The value is
specified in calendar years (e.g. all data since 1.1.2013 will be held in cube in case the current
date is 1.1.2014 or 12.12.2014).
YSoft SafeQ 5 110

February 03, 2016
INITIAL BACKUP
When update of YSoft SafeQ CRS is performed, an initial backup of data warehouse and / or base cube is
created (depends on settings of enableDBBackup, cdcEnableBackupCubeBase properties). This backup
contains all data in data warehouse / base cube before YSoft SafeQ CRS update. To avoid creating an
empty partitions, dataYearStart property should be used. No initial backup is created when clean installation
of YSoft SafeQ CRS is performed.
WORKING WITH YSOFT SAFEQ CRS OLAP CUBES
YSOFT SAFEQ CRS OLAP CUBES – OVERVIEW

YSoft SafeQ CRS cubes are OLAP applications of Microsoft SQL Server 2008, 2008 R2 or 2012,
Standard or higher edition, which enable the efficient viewing and browsing of data. In YSoft SafeQ CRS,
the following basic cubes are included:
Base stats: Basic statistics; data are aggregated to the hour.

Counter stats: Device counter (page meter) values.
Last completed data: Up-to-dateness of data in the data cubes per device group.
SafeQ_FULL Cube is an OLAP application of MS-SQL 2008, 2008 R2 or 2012, Standard or higher edition,
which enables efficient viewing and browsing of data for one month. In YSoft SafeQ CRS, the following
cube is included:
YSoft SafeQ 5 111

February 03, 2016
Full stats: Full statistics; data are not aggregated. Drill-down to the level of individual jobs is
possible.
SafeQ_RV Cube is an OLAP application of MS-SQL 2008, 2008 R2 or 2012, Standard or higher edition,
which enables efficient viewing and browsing of data. In YSoft SafeQ CRS, the following cube is included:
Real Volume: Statistical data derived from device counters grouped by device, cost center, and
accounting type. Distribution of data is derived from base statistical data, optional cube.
BASIC OVERVIEW OF ALL AVAILABLE DATA FOR PIVOT TABLE
For CRS Enterprise, the following Measure and Dimension data are available:
Measure – countable data, such as the number of pages, price, etc.:
Print Stats = print detail

Accounting Cost Centre Distinct Count = number of different cost centers
Device Distinct Count = number of different devices
Device Group Distinct Count = number of different device groups
User Distinct Count = number of different users
Smartq Cdc Counters = counter value (Counter stats only)
Safeq Last Counters Log = dates of the last actual counters (only Last completed data)
Safeq Last Stats Log = dates of the last actual statistics (only Last completed data)
Dimension – descriptive information for Measure data (such as who printed, the printer they used,
etc.)
Accounting Cost Center = name/number of the accounting cost center

Accounting Type = paper type and job color
Datetime = period of time – rounded up to the time (only Base Stats)
Device Cost Centre = name of the device's cost center
Device = name of the device
Device Group = names of the device's groups
File Type = file type used
Job Type = job type used
Job Title = title of the job
Project = projects
Server = server name
Time = period of time (only Full stats)
Counter Date = date/time at which the counter changed
User = user name
Forced = type of forced print rule used
Date = date (only Real Volume)
Detailed description of Distinct Count measures:
Accounting Cost Centre Distinct Count: number of cost centers using a service. For example, the
number of cost centers printing to the current printer can be displayed.
Device Distinct Count: number of printers. For example, you can see how many printers are
handling the current job type (print/copy/...)
YSoft SafeQ 5 112

February 03, 2016
Device Group Distinct Count: number of device groups (see above).

User Distinct Count: number of users using a service. For example, the number of users who are
printing color jobs.
Detailed description of Print Stats measures:

Measures used on the MS-SQL ENT and MS-SQL STD platform:
Jobs Cnt: number of jobs

Pages: number of outputs, without distinguishing of paper format
Pages Normalized: number of outputs normalized to small pages (1x large page = 2x small page)
Papers: quantity of paper sheets used, without distinguishing of paper format
Papers Normalized: quantity of paper sheets used, normalized to small pages (1x large page = 2x
small page)
Price: output price (amount)
Meters: percent of meters in stats (only Real Volume)
Measures used on the MS-SQL ENT platform:
Avg Cvg: average coverage – not used

Avg Toner Cmy: average coverage of color toner – not used
Avg Toner K: average coverage of black toner – not used
Price Per Page: output price (average per page)
Detailed description of SmartQ CRS counters measures:
Value: value of the page counter readout
Detailed description of SafeQ Last Counters log measures:
CRS Counter Last Date: Last date counters from CRS
Detailed description of SafeQ Last Stats Log dimension:
CML Last Counters Date: Last date of CML counters

CML Last Jobaccs Date: Last date of accounted job from CML
CML Last Joblogs Date: Last date of logged job from CML
CML Last Jobs Date: Last date of job from CML
CRS Stats Last Date: : Last date from CRS statistics
CRS Stats Counters Date: : Last date of CRS counters
Detailed description of Last Completed Data measures:
Data Completeness Date: Last date of CRS counters
Detailed description of the Accounting Cost Centre dimension:

Specific cost center of accounted job. Use this value for determining the actual cost centers (for example, in
the users report):
Accounting Cost Center - Number: the number of the accounting cost center
YSoft SafeQ 5 113

February 03, 2016
Accounting Cost Center - Name: the name of the accounting cost center
Detailed description of Accounting Type dimension:
Accounting Type: output type (B/W copy, B/W print, color copy, color print large (A3/legal/tabloid),
scan, purged (not printed) jobs, etc...). Can be used to learn the output type of each user or device
center.
Detailed description of Counter Description dimension:
Counter Description: counter description
Detailed description of Datetime dimension:
Datetime: Date-time rounded to the hour

Day: Day
Day Of Week: day of week
Hour: Hour
Month: Month
Time: Time
Week Number: Week number
Year: Year
Date: Date
Date Hour: Hierarchy date-time rounded to a whole hour
Detailed description of Device dimension (copier,printer, MFP):
Device - Activation Date: activation date of the device (date of the first device use via SafeQ)
Device - Backend: print backend (according to YSoft SafeQ Web Interfacee)
Device - Contact Person: contact person (according to YSoft SafeQ Web Interface)
Device - Cost Centre Name: name of the device's cost center (according to YSoft SafeQ Web
Interface). For the actual cost center, use the dimension "Accounting Costs Centre".
Device - Cost Centre Number: the device's cost center number (according to YSoft SafeQ Web
Interface). For the actual cost center, use the dimension "Accounting Costs Centre".
Device - Deactivation Date: activation date of device (date of the first device use via SafeQ)
Device - Description: device description (according to YSoft SafeQ Web Interface)
Device - Device Group: device group (according to YSoft SafeQ Web Interface)
Device - Name: device name (according to YSoft SafeQ Web Interface)
Device - Driver: device's accounting driver (according to YSoft SafeQ Web Interface)
Device - Equipment Id: device's equipment ID (according to YSoft SafeQ Web Interface)
Device - IP Address: device's IP address or DNS name (according to YSoft SafeQ Web Interface)
Device - Location: device's location (according to YSoft SafeQ Web Interface)
Device - Service Agreement Id: device's service agreement identification number (according to
YSoft SafeQ Web Interface)
Device - Accounting Driver: device's accounting drive
Device - Device Id: device's ID
Device - Printer Type Name: device's printer type name
YSoft SafeQ 5 114

February 03, 2016
Detailed description of Device Group dimension:

Device's group. For example: the number of jobs printed for a specific device group.
Device Group - Name: device group name (according to YSoft SafeQ Web Interface)
Device Group - Type: device group type (RS, ORS, CML)
Detailed descriptions of File Type dimension:

Job file type. For example, which jobs users printed, or how many jobs of a certain job type were printed.
Filetype - Name: job filetype name (according to YSoft SafeQ Web Interface)
Filetype - Extension: job filetype name extension (according to YSoft SafeQ Web Interface)
Filetype - Prefix: job filetype name prefix (according to YSoft SafeQ Web Interface)
Detailed description of Job Type dimension:
Job Type: job type (print, copy, scan)
Detailed description of Job Origin dimension:
Job Origin: origin of printed job – the name of the station (server), from which the job was printed
Detailed description of Job Title dimension:
Job Title: title of each job as it will appear in the list of all printed jobs. For example: relation to the
user or device.
Detailed description of Printer Type dimension:

Device model (according to YSoft SafeQ Web Interface):
Printer Type - Driver: Windows print driver

Printer Type - Name: device model name
Detailed description of Project dimension:
Project - Description: project description

Project - Code: project code
Detailed description of Server dimension:
Server - Cluster name: cluster node name

Server - IP: server IP address
Server - Name: server name
Detailed description of Counter Date dimension:
Modification Date: modification date rounded to days

Modification Date And Hour: modification date rounded to a whole hour
Retrieval Date: retrieval date rounded to day
Retrieval Date And Hour: retrieval date rounded to a whole hour
YSoft SafeQ 5 115

February 03, 2016
Detailed description of Time dimension:

Can be used when defining reports or for viewing device usage over a period of time:
Day: day of the month when the job was printed – sequential number in month
Day Of Week: day of the week when the job was printed – sequential number in week
Hour: hour that the job was printed
Month: month when the job was printed
Time: complete time data, including the printing process jobs
Week Number: week when the job was printed – sequential number in year
Year: year when the job was printed
Date: date when the job was printed
Date Hour: date and time when the job was printed (time is rounded to a whole hour )
Small Time: date and time when the job was printed (time is rounded to seconds)
Detailed description of User dimension:
User - Cost Centre Name: name of the user's current cost center. To see the cost center to which a
job was accounted at the time of its accounting, please use the dimension Accounting Cost Center.
User - Cost Centre Number: number of the user's current cost center. To see the cost center to
which a job was accounted at the time of its accounting, please use the dimension Accounting Cost
Center.
User - Email: user's e-mail
User - Full Name: user's full name (surname and name)
User - Login: user's login (user's primary login)
User - Name: user's name
User - Surname: user's surname
User - Number: user's personal ID (according to YSoft SafeQ Web Interface)
Detailed description of Forced dimension:
Forced: Forced type (Not Forced, Forced B/W, Forced Duplex, Forced B/W&Duplex)
CONNECTING TO AN OLAP CUBE AND DISPLAYING DATA
There are two ways to connect to an OLAP cube:
Microsoft SQL Server Management Studio

Microsoft Office Excel 2007 or higher
Connection via Microsoft Excel 2003 is possible as well (after downloading a missing component from
the official Microsoft website), but Y Soft does not support this method of connection.
If you cannot connect to OLAP cube, contact your administrator.
Microsoft SQL Server Management Studio
YSoft SafeQ 5 116

February 03, 2016
1 Open the Microsoft SQL Server Management Studio application (referred to as Management
Studio); then select connection to Analysis Services.
A pop-up window opens.
2 In the Server name field, select the database server you want to connect to. (The database name
can be the IP address or the hostname.)
3 Click Connect.
YSoft SafeQ 5 117

February 03, 2016
4 In the left panel is a tree structure of the Analysis services. As shown in the picture below, find the
required OLAP cube; then right-click it and select Browse.
Cube Browser opens, with dimensions shown in the right panel.
YSoft SafeQ 5 118

February 03, 2016
5 Drag-and-drop items to the Dimension panel.
Example: Select Pages and drag-and-drop it to the right panel.
We just selected a measurable value (Measure). Continue, using descriptive data or dimensions.
Example: Drag-and-drop the dimension Devices - Device Name to the Drop Row Fields Here
area.
The basic spreadsheet listing in the OLAP cube is displayed.
6 Continue with the pivot table. This example shows Date from the Time dimension.
You can also work with many more measures and dimensions not shown in the pictures above.
Microsoft Office Excel 2007 (or newer)

1 Open Microsoft Office Excel (referred to as Excel).
YSoft SafeQ 5 119

February 03, 2016
2 In the Data tab, select From Other Sources > From Analysis Services.
3 In the Data Connection Wizard, enter the database Server name and select Windows, or enter a
specific User Name and Password; then click Next.
4 Choose an OLAP cube that you want to display.
YSoft SafeQ 5 120

February 03, 2016
YSoft SafeQ 5 121

February 03, 2016
If you want to display Full Stats, select the database and month that you require; then click Next.
YSoft SafeQ 5 122

February 03, 2016
5 Check the checkbox Save password in file and click Finish.
6 Select a display type: pivot table, chart, or both; then click OK.
YSoft SafeQ 5 123

February 03, 2016
After successful connection, you will see a window exactly as shown in picture below.
YSoft SafeQ 5 124

February 03, 2016
7 Select dimensions or measures as described above. The picture below shows an example of a
simple pivot table.
Working with a YSoft SafeQ pivot table is the same as with any other pivot table.
Microsoft Office Excel 2003

Connection from Microsoft Excel 2003 is possible (after downloading the missing component from the
official Microsoft website), but Y Soft does not support this connection method.
WORKING WITH YSOFT SAFEQ CRS REPORTS
YSoft SafeQ CRS Reports allows you to view the basic reports via the web interface using
the reporting services.
See the article YSoft SafeQ CRS Report Builder for information about generating a
customized report.
This article consists of:
How to display basic reports

MS SQL Server 2008 - How to schedule an automated report via e-mail
YSoft SafeQ 5 125

February 03, 2016
Predefined attributes for basic reports
HOW TO DISPLAY BASIC REPORTS

Follow these steps to connect to the Reports server and display any predefined YSoft SafeQ report:
1 Use any Web browser (for example, Microsoft Internet Explorer) to connect to the Reports server.
Enter: http://SERVER_NAME/reports/
SERVER_NAME = CRS Server IP address or server name
2 In the pop-up window, type the user name and password to access the Reports server. (This
authorization is verified using domain accounts.)
YSoft SafeQ 5 126

February 03, 2016
3 A new basic Reports menu window opens. Click SafeQ Reports to display a list of reports.
4 Click any Report link to display a new window with filters.
YSoft SafeQ 5 127

February 03, 2016
5 In this window, you can define additional filter parameters (year, month, day, etc.). Click the View
Report button to display the required data.
MS SQL SERVER 2008 - HOW TO SCHEDULE AN AUTOMATED REPORT VIA E-MAIL

Follow these steps to schedule an automated sending of a specific report via e-mail:
This step requires that Reporting Services are configured for an e-mail delivery. This is not
configured by default. Omitting this step will cause that e-mail will not be offered as one of the
delivery options. For more information kindly refer to the Microsoft documentation at http://technet.
microsoft.com/en-us/library/ms345234(v=SQL.105).aspx
1 Find the report you wish to send via email. Hover the mouse over the report, open the drop-down
menu and click Manage.
YSoft SafeQ 5 128

February 03, 2016
2 Select the Processing Options, then select Cache a temporary copy of the report. Expire copy
of report after a number of minutes: 30.
Confirm the configuration by pressing Apply.
3 Select the Subscriptions tab and click New Subscription. The new window Report Delivery
Options will be opened.
YSoft SafeQ 5 129

February 03, 2016
4 Fill in the e-mail recipient in To field, fill in the e-mail Subject and set the other parameters per your
needs. The content of the window will differ according to the attributes of your report.
Once finished, click the Select Schedule button. The new window Schedule details will be opened
YSoft SafeQ 5 130

February 03, 2016
5 Configure how often the e-mail report shall be sent (Hour, Day, Week, Month, Once). Once finished,
confirm the configuration by clicking OK.
Please bear in mind that it may take around one day to synchronize and process all the data from
the CML servers (depending on the configuration of the CML and the environment) - thus when
setting up a monthly schedule, it is recommended to set it up to the beginning of the second day in
the month.
YSoft SafeQ 5 131

February 03, 2016
6 Confirm also the Reports Delivery Options window by clicking OK. The new subscription is now
displayed on the Subscriptions tab. Your e-mail schedule is created and it will send an email with
reports according to the configuration.
PREDEFINED ATTRIBUTES FOR BASIC REPORTS

This chapter describes the attributes that are available in the reports:
YSoft SafeQ 5 132

February 03, 2016
1 THE FOLLOWING PREDEFINED ATTRIBUTES ARE AVAILABLE FOR BOTH BASE AND FULL REPORTS:
year - year
month - month
day - day
hour - hour
date - date/hour/minute (only in Full report)
jobs cnt – jobs count
pages – number of pages
price - price
costs per page – cost per page
price per page – price per page
avg cvg – average job coverage
Avg Toner K: average coverage of black toner
Avg Toner Cmy: average coverage of color toner
papers – quantity of paper
YSoft SafeQ 5 133

February 03, 2016
2 BASE REPORT ATTRIBUTES:
Report Base - base report

Report Base - Cost Centers report: Basic report per cost center
name – cost center name
Report Base - Device Cost Centers report: basic report per device's cost center
name – Cost center name
Report Base - Device Groups report: basic report per device's groups
name – device group name
Report Base - Devices report: basic report per device
name – device name
description – device description
ip address – device IP address
ou name – device cost center name
group name – device group name
activation date – device activation date
deactivation date – device deactivation date
contact person – device's contact person
equipment id – device's equipment ID
service agreement id – device service agreement ID
location-- device location
printer type flag – device flag type
printer type name – device driver type name
printer type driver – device driver type
Report Base - Projects report: base report per project
name – project name
Report Base - Servers report: base report per server
name – server name
Report Base - Users report: base report per user
name – full user name
login – user login
name – user's cost center name
YSoft SafeQ 5 134

February 03, 2016
3 FULL REPORT ATTRIBUTES
These are identical to the Base report attributes, but additionally there is a Date attribute in
every report.
Report Full - Base report
Report Full - Cost Centers report
Report Full - Device Cost Centers report
Report Full - Devices Groups report
Report Full - Devices report
Report Full - Filetypes report
Report Full - Projects report
Report Full - Servers report
Report Full - Users report
4 COUNTERS REPORT ATTRIBUTES:
Report Counters – device's report

name – device name
description – device description
ip address – device IP address
ou name – device's cost center name
group name – device group name
activation date – device activation date
deactivation date – device deactivation date
contact person – contact person
equipment id – device equipment ID
service agreement id – device service agreement ID
location – device location
printer type flag-- device flag type
printer type name – device type name
printer type driver – device printer type driver name
year – year
month – month
day – day
hour – hour
value – counter value
YSoft SafeQ 5 135

February 03, 2016
YSOFT SAFEQ CRS REPORT BUILDER
Microsoft Report Builder is an application which allows you to define your own reports.
Such reports can be interactively displayed, accessed later using web browser or can be
used as a template for an automatic e-mail reports . It is a "ClickOnce WinForms" application,
which means that it can be installed from any Web browser (it is not a Web Browser application).
However running it from Internet Explorer is recommended.
For more information about Report Builder see the documentation that is included with
every version of the application.
How to run the Report Builder

How to create your own report
MS SQL SERVER 2008 example
HOW TO RUN THE REPORT BUILDER
Follow these steps to launch the Report Builder.
1 Open Reporting services home page at http://<SERVER_NAME>/reports in your Web browser

(preferably Microsoft Internet Explorer). <SERVER_NAME> has to be replaced by the CRS Server IP
address or server name.
When using Internet Explorer, make sure that the compatibility view is enabled, otherwise prompt
to install .NET 3.5 will be shown repeatedly.
2 Click the Report Builder link. Report Builder starts.
If the Report Builder icon is not displayed, display it via the following link:
http://<SERVERNAME>/ReportServer/ReportBuilder/ReportBuilder.application
YSoft SafeQ 5 136

February 03, 2016
HOW TO CREATE YOUR OWN REPORT
Follow these steps to generate a report.
MS SQL SERVER 2008 example

1 In the first window of Report Builder click the Table or Matrix Wizard option.
2 Select Create a dataset and click Next.
YSoft SafeQ 5 137

February 03, 2016
3 Select CDC Full Stats Model and press Test Connection button. The information about successful
connection must be shown. Continue to the next window by pressing OK and Next.
4 The configurable report is displayed. On the left side of the window, the Entities panel lists all
available tables in the selected model. The Fields panel lists all individual items that may appear in
the report. There is the Assembly output in the center of the window, which is a graphical
representation of the report being created.
YSoft SafeQ 5 138

February 03, 2016
5 Move individual items into the Assembly output to built up your desired report (e.g. select Device in
the left upper menu, then drag Name in the bottom menu and drop it in the window on the right side.
This will add you the device names to the report. Then you can add another fields such as Acc for
counter type and Total pages from the Smartq Stats Fulls entity).
YSoft SafeQ 5 139

February 03, 2016
6 You can set your report to include only certain data. For example, you can create a report for a
specific cost center, report related to print only or create the report that is limited to a certain period
of time (predefined static date or relative date containing only data from the last month)
6a. Click the Filter button (the blue funnel icon). A new window with filter options opens.
6b. Select the items you would like to use as a filtering condition by dragging them on the left side
and dropping them on the right side. Then specify the filtering conditions (example demonstrates
only the print jobs for the last month; not including the current month). Once finished, click OK.
YSoft SafeQ 5 140

February 03, 2016
7 Once you have added all required fields for the report and applied the filters, click Next. New window
with available columns will be shown. Drag the fields you wish to see in the report from the left menu
to the appropriate windows on the right side according to your needs. Then click Next.
8 Select the type of layout you prefer and press Next.
YSoft SafeQ 5 141

February 03, 2016
9 Select the preferred style of report and press Finish.
YSoft SafeQ 5 142

February 03, 2016
10 The final design of the report is shown. The design is still editable.
Click Run button in the left upper menu to see the output including the data. Please note that it may
take several minutes generate the report. Some of the fields are expandable.
YSoft SafeQ 5 143

February 03, 2016
11 In case you would to like slightly modify the look of the output, you can go back to the design view by
pressing Design button in the upper left menu. Then you can edit the values by double-click. For
more information about available options kindly refer to the Report Builder documentation.
YSoft SafeQ 5 144

February 03, 2016
12 If you wish to make the report available also for the other users, use the Save as option in the menu.
You can use the default location for saving reports or you can create a custom location.
WARN: Do not save the report to "SafeQ Reports Builder" or "SafeQ Reports"
location, these locations are erased with every update of the CRS server.
Enter the report's name; then click Save. The report you saved will be available on the
Reports server.
You can use this method to create a report that can be used by others users. A simple
example of a saved report is shown in the picture.
YSOFT SAFEQ CRS ENTERPRISE ARCHITECTURE
This page describes the architecture of YSoft SafeQ CRS (Central Reporting Services) and
includes a diagram of central data collection.
YSoft SafeQ 5 145

February 03, 2016
ARCHITECTURE DESCRIPTION
The YSoft SafeQ CML (Central Management Layer) (configured as the CRS sender) is a client that
sends data to YSoft SafeQ Data Collector (a component of the CRS server). YSoft SafeQ Data
Collector processes data from the CML server and temporarily stores it in a database. There are two
types of data: Statistical data and Descriptive data.
Statistical data is mapped to Descriptive data according to the selected key. All Statistical data are sent
every time, while Descriptive data are sent only when required by Statistical data.
YSoft SafeQ Data Collector stores all data into the Data Warehouse in predefined intervals. Data are
already structured and ready to be processed by client tools. The Data Warehouse provides data for
the OLAP cube, Microsoft Reporting Services, and Microsoft Report Builder. To optimize performance,
data are mirrored in separate databases for MS Reporting Services and MS Report Builder.
A standalone database server is recommended.
YSoft SafeQ 5 146

February 03, 2016
YSOFT SAFEQ CRS CLIENT
In terms of communication, the YSoft SafeQ CML that sends data to the CRS is a client, while the
YSoft SafeQ CRS is a server. The YSoft SafeQ CML must be properly configured and connected to
YSoft SafeQ Data Collector. The data sending period and other configuration settings of the CML client
are configured in the appropriate configuration file. (For data sending period information and for other
settings, see the chapter "Central Reporting System" in your YSoft SafeQ administration guide. Also
see detailed information in Installing YSoft SafeQ CRS server.)
YSOFT SAFEQ DATA COLLECTOR
YSoft SafeQ Data Collector is basically a specially configured YSoft SafeQ server that is able to
receive and process data from YSoft SafeQ CML servers that are configured as clients.
Data Collector uses the Microsoft SQL Server 2008, 2008 R2 or 2012 database for data storage. Data
Collector receives new Statistical data from YSoft SafeQ CMLs (clients) and temporarily stores it in the
database. After all Statistical data are collected, Data Collector asks the specific YSoft SafeQ CML
(client) for the Descriptive data needed for mapping Statistical data.
The last data that Data Collector receives from the YSoft SafeQ client represents the current values of
counters from devices (MFPs, printers, copiers) that are collected by the YSoft SafeQ CML and YSoft
SafeQ ORS.
Data are synchronized from Data Collector to the Data Warehouse every hour (all mapped Statistical
data and all counters from devices).
If any Statistical data received cannot be mapped correctly, Data Collector will try to map it during the
next synchronization.
Data Collector settings are stored in the appropriate configuration file. (See detailed descriptions in
Installing YSoft SafeQ CRS server.)
DATA WAREHOUSE
The Data Warehouse is implemented as relational databases in MS SQL 2008, 2008 R2 or 2012
server. The Data Warehouse is used for permanent storage of Statistical and Descriptive data from
YSoft SafeQ Data Collector. Data are already structured in non-aggregated form and ready to be
processed by client tools. These data are a direct source for OLAP cube, Microsoft Reporting Services,
and Microsoft Report Builder. To optimize performance, data are mirrored in separate databases for
MS Reporting Services and MS Report Builder.
YSoft SafeQ 5 147

February 03, 2016
DATA SENT TO THE DATA WAREHOUSE
YSoft SafeQ 5 148

February 03, 2016
The following data are sent to the Data Warehouse:
[dow] – job's day of the week

[hour] – hour the job was performed
[day] – day the job was performed
[month] – month the job was performed
[year] – year the job was performed
[week] – number of week the job was performed
[date] – date the job was performed
[jobs_cnt] – number of released print jobs
[pages] – job pages
[price] – job price
[costs_per_page] – costs per page of printed job
[price_per_page] – price per page of printed job
[avg_cvg] – average job coverage
[avg_toner_k] – average consumption of black toner
[avg_toner_cmy] – average consumption of color toner
[papers] – quantity of paper used
[accid] – job counter
[_dph] – job VAT rate
[dph] – job VAT price
[duplex] – duplex job
[simplex] – simplex job
[credit] – if job is accounted with credit
[paper_type] – paper type simplex/duplex
[job_type] – job type
[jobs_title] – job title
[origin] – job origin
[jobs_size] – job size
[forced] – forced type of job
Counters status
The following Descriptive data are sent to the Data Warehouse:
Information about MFPs

Information about MFPs' groups
Information about MFPs' cost centers
Information about users
Information about users' cost centers
Information about servers
Information about projects
Information about job types
YSoft SafeQ 5 149

February 03, 2016
DATA MAPPING
Descriptive data which goes into YSoft SafeQ Data Collector are re-mapped to Statistical data due to a
possible conflict of identifiers. Three identifiers are created: the original identifier, a new identifier, and
source identifier. The set of these three identifiers is referred to as the mapping descriptor. Statistical
data are adjusted according to this descriptor, to include the new identifier with the correct relation to
the original ID.
AVAILABLE DATA IN THE DATA WAREHOUSE
You can access all data in the Data Warehouse by using Microsoft Report Server. You can use
predefined reports or you can use Microsoft Report Builder to create reports (both are part of MS SQL
2008, 2008 R2 and 2012.)
3.1.2 CONNECTOR FOR AIRPRINT
HOW CONNECTOR FOR AIRPRINT WORKS

AirPrint enables to iOS (version 4.2 and newer) and Mac users to print seamlessly. It uses Apple’s Bonjour
protocol as a network layer. It is zero-configuration protocol that enables registering and discovering
services on network without any user configuration. Printing service itself presented by printer is registered
via this protocol and any iOS or Mac client could discover it and use it.
Y Soft SafeQ connector for AP is using protocol IPPS.
YSOFT SAFEQ INTEGRATION

Integration of AirPrint with YSoft SafeQ is achieved via two services:
YSoft SafeQ Announcer for AP

YSoft SafeQ Connector for AP
Responsibility of YSoft SafeQ Announcer for AP is to broadcast information about available printing server
to iOS devices and Mac.
YSoft SafeQ Announcer for AP must have IP address from the subnet with iOS or Mac devices.
Otherwise users won't see announced service.
Responsibility of YSoft SafeQ Connector for AP is to receive requests from iOS device or Mac via IPPS and
translate them to SafeQ Protocol Level 4 which is used to deliver job to YSoft SafeQ.
Make sure that your CML has license for Mobile Print. Without license the service won't start.
YSoft SafeQ 5 150

February 03, 2016
REQUIREMENTS
Operating system with YSoft SafeQ Connector should be Microsoft Windows (tested on Windows
Server 2008, Windows 8.1)
The server with the YSoft SafeQ Connector has to be in the same subnet as the devices which will
use AirPrint feature - the required Wi-Fi subnet.
YSoft SafeQ must have Mobile Print license with AirPrint feature.
Exceptions at firewall are set for the ports used by the integration.
Target printers have to support plain PDF (PostScript print language) to be able to release print
jobs queued on devices with iOS operating system. For some MFPs the PostScript option is not
available by default and could be added additionally.
LIMITATIONS
Billing codes can't be selected when submitting a job to SafeQ via AirPrint.
On Mac OS X the "Generic PostScript Driver" has to be selected to print Color jobs
Some of the vendors might not support PostScript Driver, in such cases it is recommended to
choose vendor-specific driver.
On Mac OS X when a user enters wrong credentials, the prompt to enter credentials is not displayed
again and the job stays in "Hold for authentication" status.
When the user requeues a job, the prompt for credentials is correctly displayed.
On iDevices (iPhone, iPad, etc.) when a user prints a photo, the default paper size is not A4 but it
matches default Photo printing sizes.
Once a user submits a job and provides credentials, credentials are saved and used for all
subsequent print jobs.
Sequence number is prepended to print jobs sent from Mac OS X.
This bug is in Mac OS X and will be fixed in El Capitan (10.11).
INSTALLATION
Installation instructions are available in Installing AirPrint.
DELIVERING JOBS TO YSOFT SAFEQ

Instructions for iOS and Mac users how to deal with AirPrint is available in Using AirPrint.
SSL CERTIFICATE
SSL Certificate is used for encrypted connection between YSoft SafeQ Connector for AP and User
Workstation (Mac OS X, iPhone, iPad, ...), it was generated July 1st 2015 and will be valid until June 28th
2025.
3.1.3 DELETE JOBS AFTER PRINTING
OVERVIEW
YSoft SafeQ keeps all jobs by default in its spooler for a certain period of time. This allows users to run re-
print of favorite jobs or recently printed jobs. Some customers may be interested in enhanced security when
it comes to retaining print jobs, for example banks or other institutions, where print jobs contain sensitive or
private data. In order to address this need, YSoft SafeQ can be configured to Delete jobs after printing,
which removes the data from server immediately after print job is released at the printer.
YSoft SafeQ 5 151

February 03, 2016
This obviously means, that such jobs cannot be re-printed in the future. Please note that this option does
not apply to favorite jobs, only to the jobs which were recently printed.
CONFIGURATION
There are several options to configure this feature:
All jobs are deleted right after they are released when Delete print jobs as soon as they are
printed ( deleteAllJobsAfterPrint) is set to ENABLED in System settings > Spooler
Only certain jobs are deleted. Note, that deleteAllJobsAfterPrint overrides those options
Can be configured for selected devices on the Terminal tab
Enable the feature - by check the checkbox
Disable the feature - by uncheck checkbox.
Can be configured per cost centre on the cost centre detail
Can be configured per user on the user detail
3.1.4 DEVICE COUNTER REPORTING
DESCRIPTION
Counter reporting extends YSoft SafeQ solution with the ability to collect device page meters.
Administrators can set the system to automatically collect device counters (sometime known as "page
meters") from all registered devices and use the information to provide invoicing data to the supplier
while verifying reporting accuracy.
CONFIGURATION AND USE

In order to use this feature, a device must be configured to use an appropriate online accounting driver
(this applies even to situation, when Embedded Terminal is installed), otherwise the data will not be
available.
Reports in web administration display the information about counter readouts in a separate page,
where the data can be filtered by date, device and device group. The data are also automatically
available in Central Reporting Services (if used in your YSoft SafeQ deployment).
The system can be configured for manual or scheduled export into one of the supported formats (CSV,
XML or XLS) for more convenience.
More information about the web administration and export options, please read Tools - Counter reports
.
AVAILABILITY
This feature is generally available in YSoft SafeQ 5 Suite license, as a part of Reporting module.
YSoft SafeQ 5 152

February 03, 2016
3.1.5 DISTRIBUTED SERVER SYSTEM - PRIVATE CLOUD
YSoft SafeQ 5 153

February 03, 2016
YSOFT SAFEQ PRIVATE CLOUD
PRIVATE CLOUD – DESCRIPTION

The SafeQ Private Cloud Architecture enables simple, completely central management of the entire
print environment across multiple locations all from a single web interface. Print administrators spend
significantly less time configuring and managing the whole infrastructure.
Private Cloud technology enables smart agent distribution and deployment on remote locations,
optimizes network usage, and provides job continuity if communication fails between a remote location
and the central YSoft SafeQ CML location. At each remote site, an Offline Remote Spooler (ORS) can
be installed on an existing print server or on any other available server that the office allocates for that
purpose. The ORS agent is deployed from the central location and can be customized to be deployed
unattended, with parameters configured in advance.
YSoft SafeQ Offline Remote Spooler (ORS) is a proxy application that can run on a local print server
or on a YSoft SafeQ Appliance - SafeQube. An ORS provides all the functions of YSoft SafeQ (as
described in these Wiki pages) with the exception of system administration. The ORS contains the
YSoft SafeQ core component with spooling capabilities, the terminal server component for embedded
terminal support (YSoft SafeQ 5 only), and a data/configuration cache.
YSoft SafeQ 5 154

February 03, 2016
The ORS does not include a database. Data are stored in the persistent cache in the application
folder. (The application must have Write access to the folder.) Data are stored unencrypted.
The ORS has no configuration/administrative interface; management is centralized via the CML.
ORS deployment is fully automated via an MSI package. The only configuration option is the IP
address of the CML server.
The ORS is a stateless component; in case of failure, a simple restart is sufficient.
Data synchronization is handled in "best-effort-mode," which means that whenever the ORS has
an online connection, it exchanges job tickets and user authentication tickets with the CML
server.
ORS data caches are loaded automatically along with the relevant configuration after the first
connection to the CML or whenever the data cache has been deleted by the administrator
(recovery).
For more information, see Typical deployment scenarios document.

For configuration and deployment information, see YSoft SafeQ 5 installation procedure
document.
For functionality limitations and caveats for remote locations, see ORS limitations.
Based on analysis of Private Cloud use by real customers, the data traffic between ORS and CML
components is less than 5% of the print volume managed by each individual ORS.
REQUIREMENTS / TYPICAL ARCHITECTURE OVERVIEW

The architecture of the YSoft SafeQ solution as implemented in the print environment is as follows:
Customer print servers manage all printing and copying locally and are equipped with an
installed YSoft SafeQ Offline Remote Services(ORS) service.
This service is stateless and does not include an interface for configuration, database, or
management. It is used to handle print jobs and MFP sessions and for exchanging
authentication and reporting data with the central data center.
The ORS contains a data cache so that if connection to the data center fails, the ORS
can operate autonomously for a limited time (configurable).
The ORS server can directly handle a maximum of 50 connected devices.
Distributed data center with YSoft SafeQ Enterprise Central Management Layer (CML)
cluster (2-4 servers).
The CML provides central administration, accounting, and print job security for the head
office and for branch offices.
The CML cluster can directly handle printing services for locations directly connected to
the data center (maximum of 200 devices directly connected to one CML server).
The data center also includes YSoft SafeQ Central Reporting Services (CRS Enterprise)
installed on a separate server at headquarters.
The CRS server receives and processes reporting data from all connected YSoft SafeQ
CML clusters and provides access to Usage and Cost reports via MS SQL OLAP and
Analysis Services.
YSoft SafeQ 5 155

February 03, 2016
USER STORIES
1. ORS – As an administrator, I want to use the YSoft SafeQ system at many of our company
locations and manage all the locations from a single point.
DEPENDENCIES / NONFUNCTIONAL REQUIREMENTS
Online TCP/IP network connection (64kbps+) between CML and ORS components
CAVEATS
Each ORS server must be connected to one CML cluster [1-4 servers].
The CML system serves as an independent management and integration point and supports up
to 500 connected ORS servers per one CML server. NOTE: It is not recommended to connect
more than 10 ORS servers to a SINGLE (not clustered) CML server.
Each CRS can collect data from up to 100 CML systems. However, every CML with connected
ORS servers is considered to be an independent installation of YSoft SafeQ, with separate
configuration and management.
If an ORS is in offline mode (that is, without connection to the CML), new users cannot register.
See Offline Mode ORS limitations for more details.
ORS LIMITATIONS
ORS OFFLINE MODE

If an ORS cannot connect to any parent CML server, it automatically goes into Offline mode. Typically this
situation occurs if all CML nodes are shut down or if there is no network connection between the ORS and
CML servers. The ORS tries to provide users as much functionality as possible in this mode, however there
are some limitations. When the ORS is in Offline mode, it periodically tries to connect to all CML servers. At
the moment the ORS connects to (at least) one CML, it automatically switches back to Online mode. As
soon as it is connected to any CML, it uploads all the information it has collected while in Offline mode
(typically accounting information to be available for reports on the CML/CRS).
YSoft SafeQ 5 156

February 03, 2016
LIMITATIONS OF OFFLINE MODE
Users are not synchronized from the CML to the ORS.

The ORS stores user information in its cache for a defined time period (7 days by default).
Because the ORS cannot download information from the CML when the ORS is in Offline
mode, only users stored in the cache can send new print jobs and log in to terminals while the
ORS is in Offline mode.
New users (regardless of whether they have been added via the CML Web Interface or via
LDAP/CSV replication) are not known on the ORS, therefore they cannot log into terminals.
The print jobs they send to the ORS are not matched to any user and cannot be printed.
Deleted users are still valid on the ORS, therefore they can send and print new jobs, log in to
terminals, and perform any operations they have access rights to.
Added, edited, or deleted card numbers or PIN codes are not synchronized to the ORS,
therefore such cards/PINs are not changed on the ORS.
Changes to access rights are not synchronized to the ORS, so the access rights that were
valid before the ORS was switched into Offline mode are used.
NOTE: If an ORS is running in High-security mode, it does not store passwords, card
numbers, or PINs in any persistant storage. Such information is held only in memory.
Therefore if the ORS in Offline mode is restarted, it does not know any password, card
number, or PIN and it is unable to download them from the CML. This means no user can log
in to a terminal or send any new print job to the ORS (if authorization for sending job is
required by YSoft SafeQ Client).
All these changes are downloaded from the CML as soon as the ORS switches back into
Online mode.
Several user management features are not available.
Card self-assignment via login/password authentication does not work.
If LDAP or Kerberos authentication is used, authentication to terminals via login/password is
not available.
Job metadata are not uploaded to the CML.
Any job accounted on the ORS while in Offline mode is not accounted on the CML, therefore
such jobs are not present in statistical reports (neither on the CML nor on the CRS).
The CML is not notified about any changes to jobs made on the ORS, so information
displayed in the Job List in the YSoft SafeQ Web Interface about jobs on the ORS in Offline
mode is NOT up-to-date. (The last known status before the ORS switched into Offline mode is
displayed.)
When the ORS is in Offline mode, the ORS is not notified about any changes to jobs made on
the CML (typically if an owner or title of a job is changed or if a job is re-queued or deleted in
the CML Web Interface). Such changes are not transferred to the ORS until it switches back
into Online mode.
The Job Roaming feature is not available if a user pulls a job on an ORS that is in Offline
mode, or if the job has been pushed to an ORS that is in Offline mode.
All information is transferred as soon as the ORS switches back to Online mode.
When ORS is in offline mode and online-accounted MFP is moved to CML, then jobs that
were printed or copied while ORS was in offline mode, could be accounted twice (When ORS
is back in online mode and as a counter-difference on CML).
YSoft SafeQ 5 157

February 03, 2016
Device and terminal management.

Device counter data stored in the database cannot be reset if the device is connected to an
ORS in Offline mode.
A device connected to an ORS in Offline mode can be replaced with another device, but such
an operation takes about 5 minutes more and the new state is present only in the CML
database. The ORS still uses the original information until it switches back to Online mode.
Embedded devices cannot be reinstalled or configured via the CML Web Interface if the CML
is connected to an ORS that is in Offline mode.
Scheduled updates of firmware cannot be executed for terminals connected to an ORS in
Offline mode.
Overall, we recommend that administrators not make any changes to devices connected to an
ORS that is in Offline mode.
Credit with Offline mode
In case users are limited by YSoft Payment System (users have price quota or have to pay for
services), it is not possible to print in Offline mode because connection to YSoft Payment
System is required.
OTHER ORS LIMITATIONS
Configuration is automatically synchronized with ORS every 15 minutes.

When new configuration for Terminal server is retrieved, Terminal server must be restarted
manually
ORSWeb Service must not be restarted.
Restart will cause permanent data loss and leftover jobs on spooler. In case it is required to
restart the ORSWeb service (eg. due to the maintenance), please follow this tutorial. In case
the ORSWeb Service is restarted, also the main ORS Service has to be restarted in order to
prevent the data loss.
Job extinction from terminal in near roaming.
When user deletes job on one terminal and logins quickly on second terminal on device in
same near roaming group, he/she can see this job as not deleted. Afterwhile (defined by far
roaming cron rule) the job will be marked as deleted also on this terminal.
(VIP) Shared Queues.
It is not possible for users to manage list of privileged persons for VIP queue through ORS. To
do so, users must either manage the list during printing using SafeQ client connected to CML
or through dedicated web application available on http(s)://<safequrl>/client.jsp, where
<safequrl> is the address of CML server.
Printed job extinction by spool cleaner in near roaming when deleteAllJobsAfterPrint is
disabled.
Jobs, that were printed on different ORS that they were originally sent to, can be in special
cases deleted not in maxSpoolerJobTimePrinted interval, but in maxSpoolerJobTime interval.
ORS on a server with several network interfaces.
For a proper functionality server must be configured as described in: SafeQ ORS on a server
with two or more network interfaces.
ORS with KM or Sharp embedded terminals re-installation.
It is required to reinstall given embedded terminals after ORS update.
YSoft SafeQ 5 158

February 03, 2016
3.1.6 FREE MONEY ACCOUNTS
FREE MONEY ACCOUNTS
DESCRIPTION
YSoft Payment System introduced concept of "virtual credit". It represents free entitlement of customer,
which can be used as payment for services. For better usability, YSoft SafeQ introduced a way to
manage it through cost centers or user roles:
It is possible to assign periodic recharge to specific customer. Periodic recharge recharges

virtual credit by specific value (e.g. adds additional $5) or to specific value (e.g. sets virtual credit
to $5).
It is possible to set up cost-center settings via LDAP replicator and have all users created with
specific initial balance assigned.
It is possible to recharge user (stand-alone, or whole cost-center or role) by specific value of
virtual credit
It is possible to set up periodic recharge to all users under cost-center.
LICENSING
Free Money Accounts is a standard feature included in YSoft SafeQ 5 Suite, module Credit and Billing.
FREE MONEY ACCOUNTS - CONFIGURATION AND USAGE
LIMITATIONS
Adding users and their modification are supported only with LDAP.
Do not add users in YSoft Payment System directly, nor create / update them directly via
YSoft SafeQ UI or via CSV import.
Existing users (replicated without this set to enabled) are not affected by " Create money
account when creating user account in LDAP " property.
Periodic recharge assigned to all users that belonged to a cost center is not automatically assigned
to users newly added to the cost center and is not automatically removed from users removed from
the cost center.
YSoft SafeQ 5 159

February 03, 2016
SETTING UP OF ACCOUNT AND ITS USAGE
1 Enable property initialCreditAndRechargesForCostCenters in system settings.
Enable property "Create money account when creating user account" in LDAP settings on "Schema"
tab for those LDAP sources that will use credit management.
2 Go to Users > Cost Center menu, tab Credit.
You may set virtual credit to users belonging to specific Cost Center.
You can and also assign periodic recharges.
YSoft SafeQ 5 160

February 03, 2016
3 Go to Users > Role menu, tab Credit.
You may set virtual credit to users belonging to specific Role.
\ Free Money Accounts
YSoft SafeQ 5 161

February 03, 2016
3.1.7 GREEN REPORTING
OVERVIEW
Green reporting tracks pages which have not been released, i.e. physically printed out. Sometimes, it is
referred to as "purged print jobs". Green report can be displayed in web administration of YSoft SafeQ,
tab Reports. Green report shows the number of print job pages that were received by YSoft SafeQ but
never printed, represent volume of costs saved by Rule-based Engine and printing impact to the
environment.
Green reporting is presented via Usage and Cost reports interface.

See Configuring Green reports for configuration and deployment description.
See Creation and accounting of anonymous and purge jobs for information when purged pages
are generated.
SafeQ tracks and reports number of "purged" pages: pages that has been sent to print, but not
physically released at the device (based on defined rules or secured print). The reported data are
shown as a number of trees used for consumed paper, volume of CO2 produced by creating
consumed paper (information is only approximate, based on publicly available algorithms).
SafeQ tracks and reports total volume of printed pages of an individual user prior his/her printing using
YSoft SafeQ Client. SafeQ additionally tracks and reports total volume of printed pages for an
individual user prior after his/her authentication at the device using YSoft SafeQ terminal. SafeQ also
tracks and reports related costs for pages that has been forced to be printed in monochrome or duplex.
DEPENDENCIES
SafeQ Server must be installed and available within LAN.

Print roaming or Rule-based Engine must be configured.
Parser is required for full functionality of Green reporting.
LICENSING
Green Reporting is a standard feature included in YSoft SafeQ 5 Suite, module Reporting.
YSoft SafeQ 5 162

February 03, 2016
3.1.8 IDENTITY MANAGEMENT
OVERVIEW
YSoft SafeQ has its own identity database in order to provide authentication, authorization and
accounting features. The data can be populated from different sources - manually via web interface, or
automatically replicated from LDAP or imported using CSV file format from a third-party system. Each
user must have a unique record in YSoft SafeQ, data are stored in the main database (CML server).
Each user record includes the following information:
Attribute Status Note
Unique username Mandatory At least one username or alias must be defined in order to
(s) identify print job owner. Case sensitive.
Alias Optional At least one username or alias must be defined in order to

identify print job owner. Case sensitive.
First and last name Mandatory
Password Optional NOTE: The password is NOT synchronized from LDAP sources
to the YSoft SafeQ database.
Unique user ID Mandatory Mandatory only for LDAP replication.
Card number(s), Optional

PIN code(s)
Email address Optional
Home directory Optional Mandatory for use with Scan to home folder feature.
Department Mandatory
number
Default billing code Optional
User role(s) Optional LDAP (scheduled replication) as record attribute.

Active Directory (scheduled replication) as LDAP group.
Some of the steps can be carried out automatically during user workflow. For example users can
assign cards to their account using Card self-assignment at the terminal.
YSoft SafeQ 5 163

February 03, 2016
ADDING IDENTITIES (USERS) TO YSOFT SAFEQ

YSoft SafeQ offers multiple ways of adding identities (users) for use in print environment. Information are
stored in the main YSoft SafeQ database (table "users"). Tools that can be used for adding identity (user)
information are: YSoft SafeQ Web administration, LDAP User Replicator, CSV File User Replicator, CSV
import and (customization required) third-party systems.
ADD USERS WITH WEB ADMINISTRATION
One of the most common methods for adding users via YSoft SafeQ Web administration. Since all
users are created manually, this process can be lengthy, depending on the amount of users that will be
using YSoft SafeQ for printing services.
The administrator can add, edit or remove users from the internal database (see Web Interface - Users
).
IMPORT USERS WITH LDAP USER REPLICATOR
The LDAP User Replicator downloads users and their attributes from an LDAP server. When you run
the LDAP User Replicator, all user attributes are automatically replicated into the YSoft SafeQ
database. The only exception is the password attribute, which is not replicated.
This import process is mostly used in companies with higher volume of users and company having
Active Directory identity management.
More information about the LDAP User Replicator, including configuration tips, can be found at Tools -
LDAP Integration.
This process requires connection to an LDAP server.

Multiple LDAP domains and domain forests are supported.
The administrator can schedule either complete or differential data synchronization.
See LDAP Integration Security overview for security information.
YSoft SafeQ can verify user credentials using LDAPS or Kerberos v5 (Windows, MIT)
authentication.
The connected data source must contain all information as described in Available attributes in
User Database.
The GUID attribute and the User ID attribute for individual user records must be unchangeable
and unique across all connected domains.
YSoft SafeQ 5 164

February 03, 2016
IMPORT USERS VIA THE CSV FILE USER REPLICATOR
The CSV File User Replicator imports users, roles, and cost centers from specially formatted CSV file
to the YSoft SafeQ database. This enables you to use any source of data with YSoft SafeQ. The only
requirement is that the source must allow data export to CSV file or through custom developed scripts.
This import can be performed periodically; the operating system scheduler can be set to
periodically run the CSV File User Replicator.
More information about the CSV File User Replicator, including examples of the CSV file structure, can
be found at Using the CSV File User Replicator.
YSoft SafeQ 5 165

February 03, 2016
IMPORT USERS FROM A CSV FILE
Importing information from a CSV file is similar to using the CSV File Use Replicator, except for two
differences: you can import the CSV file information directly from the YSoft SafeQ Web Interface, and
the import cannot be set to run periodically. To import data from a CSV file:
1. Prepare the CSV file.
The structure of a CSV file is almost identical to the CSV file used by the CSV File User Replicator, as
shown here:
2. In the YSoft SafeQ Web Interface, select the CSV file.

Select the Users tab; then the Actions option and the file to import. NOTE: Select the correct type of
CSV file encoding to avoid issues with special characters.
3. Import data.
Click Import data. The import proceeds immediately.
All user attributes from the CSV file are saved to the internal YSoft SafeQ database.
IMPORT USERS FROM THIRD-PARTY SYSTEMS
Import from other systems is not directly supported by YSoft SafeQ. However, Y Soft offers additional,
separately priced option to develop custom integration with third-party systems. Please consult with
your Y Soft representative the necessary details prior installing YSoft SafeQ.
YSoft SafeQ 5 166

February 03, 2016
INHERITANCE AND COMPETITION AMONG ROLES
THE PRINCIPLE
To understand rights inheritance, it is important to know how the roles structure works.
Every YSoft SafeQ installation includes the role everyone by default. This role cannot be deleted.
Every YSoft SafeQ user has this role automatically assigned — that is, every user is a member of the
role everyone and this cannot be changed. This role is superior to all roles you create.
If you set access rights for the role everyone, these rights will be applied to all users. You can set
detailed rights by defining a new role, setting its rights, and assigning it to a user. The new role inherits
rights from its superior group everyone, but the settings made in the new role override its parent
role settings.
If you set access rights for an individual device, these rights take priority over the settings of the
entire device group.
If a user is assigned multiple roles of the same level at the same time, prohibition has priority.
Example: user1 login is member of the role everyone, role1, and role2. The role everyone has print
access rights set for a device group named Default. For role1, device group Default is prohibited and
for role2 this group is permitted. As a result, user1 is prohibited from printing to all devices included in
the Default group, because the permission in the everyone role is ignored. user1 is also a member of
other roles which are permitted to print to this Default device group, but the role everyone is
subordinate to other roles and ignored --- the only settings that matter for user1 are the settings
made for role1 and role2. Printing is prohibited to the Default group for role1 and permitted for role2.
Because prohibition has priority (see above), prohibition is applied.
Unlike function rights, assigning device access rights has one extra feature – the ability to assign
default rights to a role. A role's default device rights will apply to all device groups that do not have
rights explicitly set for the particular role. A role's default device rights settings have priority over the
access right settings of a device group, both for the role everyone and for any other roles.
YSoft SafeQ 5 167

February 03, 2016
Example: A user is member of the role everyone and role1. The role everyone has printing rights set
for a device group devices1 and role1 has default rights set for copying. If the user accesses a
device that is not part of device group devices1, printing is permitted to a user because it is permitted
to the everyone role. If a user accesses a device that is not part of device group devices1, copying is
permitted to the user because the default rights for copying have been set for his/her role in relation to
all device groups which have not been explicitly set. This means that if a user's role1 has printing rights
set for device group devices2, the default settings are ignored and printing is permitted to the user only
according to role1's device rights set explicitly for the group devices2.
3.1.9 JDBC CONNECTION POOL
YSoft SafeQ 5 supports JDBC connection pool for database connection pooling. JDBC connection pool
saves system and database resources. JDBC connection pool main benefits are: reuse connections, set
minimal pool size, set maximal pool size, close idle connection after expiry, close idle connection not
properly closed after expiry, close long running queries after expiry, statement caching.
JDBC connection pool is enabled by configuration property enableDBPool placed in configuration file
startup.conf. Possible values are true, false [default is true].
DATABASE CONFIG FILES DOCUMENTATION
CMLDB.CONF
key description database
dbId Database identification; required. It has to be unique within PGSQL &

JVM for every database. Two applications connected to the MSSQL
same database should have the same dbId.
dbClass Database type identification; required. Values are PGSQL, PGSQL &
MSSQL MSSQL
dbDriver JDBC driver class; required PGSQL &

for MSSQL net.sourceforge.jtds.jdbc.Driver MSSQL
for PGSQL org.postgresql.Driver
dbURL required; for PGSQL it's jdbc: PGSQL &

postgresql://$dbServer:$dbPort/$dbName? MSSQL
charSet=$dbEncoding
for MSSQL it's jdbc:jtds:sqlserver://$dbServer:$dbPort
/$dbName;instance=$sqlInstanceName where part ;
instance=$sqlInstanceName is optional and is set up
acording to $dbName value
dbUser Database user login; required PGSQL &

MSSQL
YSoft SafeQ 5 168

February 03, 2016
dbPass Database user password; required PGSQL &

MSSQL
dbEncoding Database encoding; required PGSQL &

MSSQL
dbIp Database server ip or server name; required PGSQL &

MSSQL
dbPort Database server port; required PGSQL &

MSSQL
dbName Database name; required PGSQL &

MSSQL
sqdb-ds-applicationName Application name. No practical use, it's displayed by PGSQL &

Enterprise Manager or Profiler associated with the MSSQL
connection
sqdb-ds-instance Named instance to connect to MSSQL
sqdb-ds-domain Specifies the Windows domain to authenticate in MSSQL
sqdb-ds-namedPipe When set to true, named pipe communication is used to MSSQL

connect to the database instead of TCP/IP sockets;
required
sqdb-ds-ssl Specifies if and how to use SSL for secure communication PGSQL &
MSSQL
cdcDbName Name of the CDC database (needed for the OLAP cube) MSSQL
cdcDbOwner Owner of the CDC DB objects (default: dbo) MSSQL
dbValidator If dbValidator property is set to true then every connection PGSQL &
is validated by SQL call "SELECT 1". In case of database MSSQL
disconnection (e.g. database reset) connection is
automatically refreshed.
validator-enabled Database structure validator settings - if enabled, SafeQ PGSQL &

check structure of database schema after start based on MSSQL
version defined in definition files.
It is strongly recommended to let it enabled otherwise some
functionalities may not start correctly.
validator-makearchive archives an old definition of views while replacing with a PGSQL &
new definition MSSQL
YSoft SafeQ 5 169

February 03, 2016
validator-deletearchive clears definition in archives before running a new database PGSQL &
validation cycle MSSQL
dbDefaultConnectionTimeout max duration of stale connection; default is 20 sec PGSQL &

MSSQL
dbValidatorConnectionTimeout max duration of stale connection for dbValidator; default is PGSQL &
20 sec, 0 means use non-expirable connection MSSQL
dbConnectionCleanerPeriod connection are cleaned up after the specified time period; PGSQL &
default is 10 sec MSSQL
dbMaxConnections-SQDB maximum connections hold by pool PGSQL &

MSSQL
dbMinConnections-SQDB minimum connections hold by pool PGSQL &

MSSQL
sqdb-srvname database server name MSSQL
sqdb-dbowner database owner MSSQL
sqdb-dwsrvname database server name MSSQL
sqdb-dwdbowner database owner for MSSQL sever for DWH database MSSQL
dbConnTestCount total number of database connection test attempts PGSQL &

MSSQL
dbConnTestDelayInSec delay in seconds between connection test attempts PGSQL &

MSSQL
CMLDB-CLUSTER.CONF

MSSQL MSSQL

YSoft SafeQ 5 170

February 03, 2016

postgresql://$dbServer:$dbPort/$dbName? MSSQL
charSet=$dbEncoding
for MSSQL it's jdbc:jtds:sqlserver://$dbServer:$dbPort
/$dbName;instance=$sqlInstanceName where part ;
acording to $dbName value

MSSQL

MSSQL

MSSQL

MSSQL

MSSQL

MSSQL

connection

required
MSSQL

MSSQL
YSoft SafeQ 5 171

February 03, 2016
dbMaxConnections- maximum connections hold by pool PGSQL &

SQDBCLUSTER MSSQL
dbMinConnections- minimum connections hold by pool PGSQL &

SQDBCLUSTER MSSQL
CMLDB-SQDW.CONF

MSSQL MSSQL


postgresql://$dbDwhServer:$dbDwhPort/$dbDwhName? MSSQL
charSet=$dbEncoding
for MSSQL it's jdbc:jtds:
sqlserver://$dbDwhServer:$dbDwhPort/$dbDwhName;
acording to $dbDwhName value

MSSQL

MSSQL

MSSQL

MSSQL
YSoft SafeQ 5 172

February 03, 2016

MSSQL

MSSQL

connection

required
MSSQL
validator-enabled Database structure validator settings - if enabled, SafeQ PGSQL &

check structure of database schema after start based on MSSQL
version defined in definition files.
It is strongly recommended to let it enabled otherwise some
functionalities may not start correctly.
validator-makearchive archives an old definition of views while replacing with a PGSQL &
new definition MSSQL
validator-deletearchive clears definition in archives before running a new database PGSQL &
validation cycle MSSQL
MSSQL
dbMaxConnections-SQDB maximum connections hold by pool PGSQL &

MSSQL
YSoft SafeQ 5 173

February 03, 2016
dbMinConnections-SQDB minimum connections hold by pool PGSQL &

MSSQL
sqdb-srvname database server name for MSSQL sever MSSQL
sqdb-dbowner database owner for MSSQL sever MSSQL
sqdb-dwsrvname database server name for MSSQL sever for DWH database MSSQL
sqdb-dwdbowner database owner for MSSQL sever for DWH database MSSQL
dbConnTestCount total number of database connection test attempts PGSQL &

MSSQL
dbConnTestDelayInSec delay in seconds between connection test attempts PGSQL &

MSSQL
CONFIGURATION EXAMPLES
CONNECT TO MSSQL USING WINDOWS CREDENTIALS
User and sync must both have same domain. If you are not using domain use PC name instead.
Remember that when you are setting domain name to change dbURL also.
cmldb.conf
YSoft SafeQ 5 174

February 03, 2016
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5;appName=SafeQ;ssl=request;domain=MYPC
dbUser = dbuser
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance =
sqdb-ds-domain = MYPC
sqdb-ds-namedPipe =
sqdb-ds-ssl =
cdcDbName =
cdcDbOwner =
dbValidator = false
validator-enabled = true
validator-makearchive = true
validator-deletearchive = false
dbDefaultConnectionTimeout = 20
dbValidatorConnectionTimeout = 20
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDB = 100
dbMinConnections-SQDB = 10
sqdb-srvname=MYPC
sqdb-dbowner=dbo
sqdb-dwsrvname=MYPC
sqdb-dwdbowner=dbo
dbConnTestCount = 3
dbConnTestDelayInSec = 15
cmldb-cluster.conf
YSoft SafeQ 5 175

February 03, 2016
dbId = SQDBCLUSTER
dbClass = MSSQL
dbDriver = net.sourceforge.jtds.jdbc.Driver
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5;appName=SafeQ;ssl=request;domain=MYPC
dbUser = sync
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5
sqdb-ds-instance =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
validator-enabled = false
dbMaxConnections-SQDBCLUSTER = 20
dbMinConnections-SQDBCLUSTER = 0
cmldb-sqdw.conf
dbId = SQDBDW
dbClass = MSSQL
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5_SQDW;appName=SafeQ;ssl=request;domain=MYPC
dbUser = sa
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5_SQDW
sqdb-ds-instance =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
#dbValidator = true
dbMaxConnections-SQDBDW = 20
dbMinConnections-SQDBDW = 0
YSoft SafeQ 5 176

February 03, 2016
CONNECT TO MSSQL INSTANCE
cmldb.conf
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5;appName=SafeQ;ssl=request;;
instance=$sqlInstanceName
dbUser = dbuser
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5
sqdb-ds-instance = myInstance
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
cdcDbName =
cdcDbOwner =
dbValidator = false
sqdb-srvname=
sqdb-dbowner=dbo
sqdb-dwsrvname=
sqdb-dwdbowner=dbo
dbConnTestCount = 3
cmldb-cluster.conf
YSoft SafeQ 5 177

February 03, 2016
dbId = SQDBCLUSTER
dbClass = MSSQL
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5;appName=SafeQ;ssl=request;
dbUser = sync
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
cmldb-sqdw.conf
YSoft SafeQ 5 178

February 03, 2016
dbId = SQDBDW
dbClass = MSSQL
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5_SQDW;appName=SafeQ;ssl=request;;
dbUser = sa
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5_SQDW
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
#dbValidator = true
CONNECT TO POSTGRESQL
cmldb.conf
YSoft SafeQ 5 179

February 03, 2016
dbId = SQDB
dbClass = PGSQL
dbDriver = org.postgresql.Driver
dbURL = jdbc:postgresql://localhost:5432/SQDB5?charSet=UTF-8
dbUser = dbuser
dbEncoding = UTF-8
dbIp = localhost
dbPort = 5432
dbName = SQDB5
sqdb-ds-instance =
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
cdcDbName =
cdcDbOwner =
dbValidator = false
sqdb-srvname=
sqdb-dbowner=dbo
sqdb-dwsrvname=
sqdb-dwdbowner=dbo
dbConnTestCount = 3
cmldb-cluster.conf
YSoft SafeQ 5 180

February 03, 2016
dbId = SQDBCLUSTER
dbClass = PGSQL
dbURL = jdbc:postgresql://localhost:5432/SQDB5?charSet=UTF-8
dbUser = sync
dbEncoding = UTF-8
dbIp = localhost
dbPort = 5432
dbName = SQDB5
sqdb-ds-instance =
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
cmldb-sqdw.conf
dbId = SQDBDW
dbClass = PGSQL
dbURL = jdbc:postgresql://localhost:5432/SQDB5_SQDW?charSet=UTF-8
dbUser = dbuser
dbEncoding = UTF-8
dbIp = localhost
dbPort = 5432
dbName = SQDB5_SQDW
sqdb-ds-instance =
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
YSoft SafeQ 5 181

February 03, 2016
3.1.10 LOCAL ADMINISTRATORS
LOCAL ADMINISTRATORS
DESCRIPTION
Service organizations are used in large YSoft SafeQ environments. They are used for creation of local
administrators and to grant them access to see and manage only parts of the system, for example local
branch of the company where they are located.
Each service organization is defined by list of YSoft SafeQ users which are called local administrators
and list of ORS servers. When local administrator logs in into the system he can only see and manage
data related to the assigned ORS servers, for example printers registered on these servers or print jobs
sent to them.
See more details in Managing Service organizations (Local Administrators).
LICENSING
Local Administrators is a standard feature included in YSoft SafeQ 5 Suite, module Reporting.
YSoft SafeQ 5 182

February 03, 2016
3.1.11 OFFICE PRINT TRACKING
YSoft SafeQ 5 183

February 03, 2016
OVERVIEW
Office Print Tracking feature provides the benefit of collecting information about all print jobs in the
environment using multiple different options. Print jobs may travel from workstation to the printer
directly (via serial or parallel ports of a computer) - where YSoft SafeQ offers the ability to track the
accounting information. For network printers and print servers, where print job travels through YSoft
SafeQ, additional capabilities are available above common print tracking. All gathered job information
including accounting is then used for usage and cost reports.
YSoft SafeQ uses office print tracking in order to:
collect information for each job, device, and user.

collect detailed information for each job: number of pages per paper size (in two sizes: large and
normal), number of color/middle color (if supported by a device)/monochrome pages, duplex
usage, job title, and originating computer.
collect coverage information for each job: percent coverage of the page (not white area / total
page area), estimated usage of C,M,Y,K toners.
Not all information may be available with every print job or deployment scenario. YSoft SafeQ is
typically able to address about 95-98% of tracked pages to individual users or departments. This is
most commonly caused by various maintenance print jobs, system status print jobs, direct IP printing,
server reboots and limitations of the page meter tracking (vendor-specific limitations). Please review
Print tracking methods for more details.
In order to use print tracking capabilities:
YSoft SafeQ 5 184

February 03, 2016
The client workstation must be able to deliver data to the YSoft SafeQ server:
Using LPR (supported by most modern operating systems)
Using installed and configured YSoft SafeQ Client or Local Monitor
By sending an e-mail or uploading a document using YSoft Mobile Print Server feature
The client workstation must be able to provide the information about the user's identity in order
to authorize the print job using:
LPR user identification - user identification is logged by the client system or connected
shared printer (see RFC 1179, chapter 7.8).
YSoft SafeQ protocol for user identification – user is defined in the YSoft SafeQ Client
(see SafeQ Workstation Client Protocol Specification).
Print job title – retrieved via LPR RFC 1179, 7.4 or via YSoft SafeQ Client, using a
specific format (see RFC 1179, chapter 7.4).
The feature is enabled via the configuration option parseUserFromTitle =
<user_names>, which is disabled by default. The <user_names> value can
contain multiple users, separated by "comma" symbol ( , ).
The user name must be provided as a part of the job title, delimited by sign
defined in configuration property parseUserFromTitleDelimiter (default values:
"dot" or "colon" or "underscore" or "slash" or "backslash" – e.g. USER.title or
USER:title or USER/title or USER_title.
Position of user name could be specified by configuration property
parseUserFromTitleIndex (default value: 1 for USER.title, other possibilites: 2 for
something.USER.title etc.).
There is also possible to keep original job title by setting configuration property
parseUserFromTitlePreserverTitle (default behavior is removing user name).
Print job title (filename) is by default detected by N, T, J commands of the RFC
1179 (whichever command comes first in the data stream).
Only jobs that arrive with a specific owner identity (that is, a configured user
login name) are processed by YSoft SafeQ.
PJL command in print job data stream – PJL header in the following form can be used to
detect user identity directly from the data stream, for example:
@PJL USER = username
YSoft SafeQ identifies the owner from the header by matching the header to a
(configurable) regular expression, therefore the key and the value may contain any string
but there must be a way to match them to one regular expression pattern common for all
jobs received by YSoft SafeQ. The row must be placed within the PJL header in the print
job.
This feature is enabled via the configuration option parseUserFromJob (enabled
by default) and ParserPJLUser (default pattern)
YSoft SafeQ 5 185

February 03, 2016
For configuration and deployment information, see Configuring Office Print Tracking.
Local monitor uses the information from Windows Print spooler. This however requires initial
configuration.
In order to understand limitation of different tracking options, please have a look at the available
Print tracking methods.
LICENSING
Office Print Tracking is included in every YSoft SafeQ 5 Suite license. Additionally, print tracking is
available as a part of the Reporting module.
LOCAL PRINT MONITORING DIAGRAM
This workflow is typically used for Office Print Tracking on locally (USB) connected printers.
1. (Optional) User information is typically replicated from an LDAP server using a secured (server-
authenticated) LDAP/S connection. See Identity management for additional details.
2. The user prints directly to the printer.
3. The YSoft SafeQ Local Monitor application (installed on the workstation) collects the data from
Windows Print Spooler and sends it to the YSoft SafeQ server (plain text protocol).
YSoft SafeQ 5 186

February 03, 2016
DIRECT PRINTING DIAGRAM
This workflow is typically used for Office Print Tracking, Project Print Tracking, or in several cases of
Rule-based Engine.
1. (Optional) User information is typically replicated from an LDAP server using a secured (server-
authenticated) LDAP/S connection. See Identity management for additional details.
2. The user prints the data from the workstation using a standard print mechanism. By default, the
data are transferred via plain LPR protocol. Optionally, plain or encrypted (TLS-based, server-
authenticated) data transfer is possible using YSoft SafeQ Client. The server stores the data in
plain form in the disk folder. For details, see Security overview.
3. If the user is authorized to print the job, YSoft SafeQ releases the job immediately to the network
printer (by default, the data is transferred via plain LPR protocol or RAW TCP screen). IPP or
IPP over SSL with MFP certificate verification is also possible.
a. Note: In the current version of YSoft SafeQ, there is no simple mechanism for
uploading a printer certificate to YSoft SafeQ and managing printer certificates. This is
going to be changed soon.
4. YSoft SafeQ uses several methods to gather accounting data (see Print tracking methods). If
the Online Accounting method is used, SNMP protocol is used to gather the current page
meter information from the printer.
5. If the Vendor-provided Accounting method is used, accounting information is transferred to
YSoft SafeQ from the printer via SOAP or HTTPS POST message.
YSoft SafeQ 5 187

February 03, 2016
PASS-THROUGH PRINT FOR ANONYMOUS USERS
OVERVIEW
DESCRIPTION
With the optional Pass-through print feature, YSoft SafeQ is able to automatically create new users as
soon as they send first print job to SafeQ. Since the created user will not have any ID card assigned
and SafeQ does not know user's e-mail address to provide PIN or Card Activation Code, this feature is
enabled only for jobs sent to a direct queue. Once SafeQ receives a job for any direct queue from
unknown user, new user account is created from template. Only login attribute is set correctly, other
attributes are generated automatically. If the user account with same login is added into LDAP later on,
and SafeQ is configured to replicate user accounts from this LDAP, the user attributes are updated in
SafeQ according the values in LDAP.
USER STORIES
1. As an Administrator of legacy systems, I want to configure the systems to print via SafeQ with a
direct release and keep track of the account that print (even if these are unauthenticated) so that
I have audit log of the pritns from my systems and can use it for print optimization.
REQUIREMENTS
System shall auto-register new user in the system, if:
it receives a print job from a user not available in SafeQ identity database,
if the print job is designated to a direct queue,
there is a 'template user' configured (template user is any user defined in system setting which
assigned roles and settings are used for creating new autoregistered user),
if the 'template user' has right to print to the target direct queue.
System shall replace the 'auto registered' user record with a real LDAP user record if such a
record is created in LDAP.
SETTINGS
1. The new user accounts are based on template user, so the template user must be set first - see
templateUserLogin configuration option in SafeQ System settings to enter a login name of any
existing user, the new user will have same access rights and so as the template user defined.
2. Administrator can choose (not) to receive notification emails each time a new user is created
automatically - see notifyAdminAutoRegisteredUserCreated configuration option in SafeQ
System settings
CAVEATS
Pass-through print for anonymous users is available only if
YSoft SafeQ 5 188

February 03, 2016
template user is set correctly in SafeQ configuration,

template user is active (not deleted),
anonymous user is sending a job to existing direct queue,
template user has access to use the direct queue anonymous user is sending his job to.
If there is already existing deleted user with same login in SafeQ database, no user is created neither
re-activated. The incoming job is rejected, and warning email is sent to administrator (if sending
notification emails is enabled). Please note this email is also sent if the job was sent to non-direct
queue.
PRINT TRACKING METHODS
PRINT TRACKING METHODS

This section is related to Office Print Tracking. See the Hardware Compatibility List (HCL) for supported
devices.
Method Comments / Limitations
YSoft SafeQ 5 189

February 03, 2016
Windows Print Spooler

monitoring At scheduled intervals, monitors every print sent directly from a
workstation to a printer via IP address, USB, or any other
[pages sent to print] connection type.
Only reports data from Windows spooler actively monitored by
the agent!
Requires YSoft SafeQ Local Monitor service installed on the
workstation / print server, available for Microsoft Windows NT4,
2000, XP, Vista, 7, 8, 2003/2003R2/2008/2008R2/2012 Server (all
editions). Supports both 32bit and 64bit Windows platforms.
The YSoft SafeQ license must include Local Monitor type device.
Tracks the number of pages sent to print for any print job.
Tracks BW and simplex per print job.
Number of pages, BW/color, and simplex/duplex are read from
Microsoft Windows Print Spooler without any changes made by the
YSoft SafeQ Local Monitor service or by YSoft SafeQ. Properly
functioning and configured Microsoft Windows Print Spooler service
is required.
Each job is accounted as A4 paper size regardless of the size of the
paper currently used.
Optionally, YSoft PCL parser integrated to YSoft SafeQ Local
Monitor service can be switched on to increase print tracking
accuracy for PCL5/PCLXL/HPGL2 print jobs. Enabling the YSoft
PCL parser is recommended when YSoft SafeQ Local Monitor
service runs on Windows Print server. With this configuration Local
Monitor tracks BW/color and simplex/duplex per print job.
If the job was printed to a file, information about BW/color and
simplex/duplex is not available due to limitations of Microsoft
Windows Print Spooler. All pages in that type of job are accounted
as BW and simplex.
This method will not provide fully accurate report about all
printed pages, due to the technology limitation and the fact that it
only measures pages that has been released from particular
workstation, not taking into account neither status of the device, its
real output, nor other un-monitored prints.
YSoft SafeQ 5 190

February 03, 2016
YSoft SafeQ
offline print accounting Monitors every print routed from a workstation to a networked
printer via the YSoft SafeQ server in real-time, prior to printing.
[pages sent to print] Only reports print jobs routed via YSoft SafeQ server!
With YSoft SafeQ, the YSoft SafeQ license must include the Offline
Accounting option. If the license does not include Offline
Accounting, it is not possible to select the Offline Accounting
method for a device and all devices configured for offline accounting
will be switched to no accounting as soon as the expiration of the
license is detected.
Available for any LPR capable system.
Uses PCL [Y Soft] and/or PostScript [GhostScript] data analyzers.
Tracks the number of A4/letter BW/color pages and A3/legal/tabloid
BW/color pages and duplex usage for all pages sent to print for
any PCL5+, PostScript, and HPGL2 print jobs.
Optionally tracks per-page print area coverage and estimated usage
of C,M,Y,K toners (based on job analysis).
Monitoring printed pages, and especially their quality and color use,
may slightly differ from the current output and information accounted
by the printer, because printers can use different processing
algorithms. The print job is always accounted completely, even if
only part of it has been printed (for example if the user aborts the
printing on the MFP panel).
This method will not provide fully accurate report about all
printed pages, due to the technology limitation and the fact that it
only measures pages that has been released from particular
workstation, not taking into account neither status of the device, its
real output, nor other un-monitored prints . Example: A color page
printed on a BW printer is printed as BW but accounted as a color
page.
YSoft SafeQ 5 191

February 03, 2016
YSoft SafeQ online print

accounting Monitors every print routed from a workstation to a networked
printer via YSoft SafeQ in real-time, after printing is complete.
[pages really printed] Only reports print jobs routed via YSoft SafeQ server!
Documents routed directly to the printer may be reported as
"anonymous prints"
With YSoft SafeQ, the YSoft SafeQ license must include the Online
Accounting option. If the license does not include Online
Accounting, it is not possible to select the Online Accounting
method for a device and all devices configured for online accounting
Available for any printer listed in the Hardware Compatibility List
(HCL).
Tracks the number of pages that have been really printed by
the network printer. Using this method, the tracking accuracy is
typically 95-98 per cent. Even with this method, YSoft SafeQ is
unable to identify origin of various printed pages, such as: service
pages, printer status pages, pages originated from printer web or
USB drive, pages printed directly to the printer IP address, incoming
FAX pages and pages copied without authentication. In order to
achieve greater accuracy, it is important to follow the change
management procedures when adding, moving or changing
individual tracked devices and limit outputs without identifiable
source. Tracked information varies per printer, but can include total
number of impressions, total number of BW/color impressions (3-
tiers where supported), total number of small (A5/A4/letter) and
large (A3/11x17/tabloid) pages, duplex usage.
Online accounting disables the MFP's multitasking capabilities
(because with this accounting method, only one user at a time can
operate the MFP).
With online accounting, there is a delay of a few seconds between
every printed document because of the accounting mechanism.
The average network response speed from the printer to the server
on SNMP query must be less than 200ms.
Limitation: When printing duplex job with blank pages, for example
1BW page + 1 blank page + 1BW page, blank pages could be
unconsidered and job could be accounted as BW duplex despite the
fact that there are really two simplex BW pages. This depends on
current MFP counters behaviour and how it handles blank pages, so
it varies by MFP model and vendor.
YSoft SafeQ 5 192

February 03, 2016
YSoft SafeQ online print

batch accounting Equivalent to standard online accounting.
With YSoft SafeQ, the YSoft SafeQ license must include the Online
[pages really printed] Accounting option. If the license does not include Online
Accounting, it is not possible to select the Online Accounting
method for a device and all devices configured for online accounting
The YSoft SafeQ system sends all queued documents to the
network printer and provides output tracking/accounting for the
entire batch instead of per individual document.
This method is significantly faster when printing multiple print jobs
for the same user and project; however it is not supported if per-
document billing (based on credit/quotas) is required.
One limitation is that for mixed (simplex/duplex) jobs, YSoft SafeQ is
unable to correctly recognize usage of duplex.
YSoft SafeQ 5 193

February 03, 2016
Device dependent
accounting At scheduled intervals, monitors every print routed from a
workstation to a networked printer via the YSoft SafeQ server.
[pages really printed] With YSoft SafeQ, the YSoft SafeQ license must include the Device
dependent accounting option. If the license does not include Device
dependent accounting, it is not possible to select the Device
dependent accounting method for a device and all devices
configured for device dependent accounting will be switched to no
accounting as soon as the expiration of the license is detected.
(Some embedded terminals will be automatically reinstalled.) All
accounting information received from MFPs is ignored.
Works only with PCL jobs with PJL headers and PostScript 2/3 jobs.
Available only for the following devices (verify by checking the YSoft
SafeQ HCL):
Fuji Xerox MFPs with Accounting Logs option.
Konica Minolta MFPs with OpenAPI3 account maps.
Ricoh ESA with SDK4, 7 or 10.
Sharp MFPs with OSA (MX-AMX3) module.
Toshiba MFPs with Open Platform SDK.
Xerox MFPs with Network Accounting (JBA) kit including 3-
tier billing.
Incompatible with YSoft SafeQ external (hardware) terminals.
Tracks the number of pages that have been really printed by
the network printer. Using this method, the tracking accuracy is
typically 95-98 per cent. Even with this method, YSoft SafeQ is
unable to identify origin of various printed pages, such as: service
pages, printer status pages, pages originated from printer web or
USB drive, pages printed directly to the printer IP address, incoming
FAX pages and pages copied without authentication. In order to
achieve greater accuracy, it is important to follow the change
management procedures when adding, moving or changing
individual tracked devices and limit outputs without identifiable
source. Tracked information varies per printer, but can include total
number of impressions, total number of BW/color impressions (3
tiers where supported), total number of small (A5/A4/letter/legal)
and large (A3/11x17/tabloid/ledger) pages, duplex usage.
You may have also seen the older term, "vendor-provided
accounting".
YSoft SafeQ 5 194

February 03, 2016
3.1.12 PRICE LIST
OVERVIEW
YSoft SafeQ 5 introduces new way to define prices for print operations. Prices are newly defined in separate
Price lists, which can be later assigned to individual users, cost centers or devices. In order to ensure
proper accounting of print operations, devices must have assigned at minimum the Default Price List. Price
list can be shared by multiple users, cost centers or devices. Therefore in homogenous environment where
all devices run at the same cost, only one price list must be configured and can be applied to all devices,
users or cost centers quickly.
Price lists assigned to individual users have the highest priority. If no price list is defined for a user, cost
center price list is used. If no price list is defined for a cost center, device price list is used (note: device
must always have a price list, if accounting is to be enabled).
SETTING PRICES FOR MFP
For proper accounting of all type jobs on device, prices for this device must be set in Devices > Printers >
Edit device > Price list tab.
Here you can define prices for all available printer functions.
YSoft SafeQ 5 195

February 03, 2016
NOTE: For more information about "Detailed fixed costs" and "Detailed scan" check Advanced
Detail Accounting page.
YSoft SafeQ 5 196

February 03, 2016
If entered value has more digits than set in decimal_precision configuration property it is automatically
rounded.
Example: Number of decimal places is set to 1, administrator enters number 1.18 and number si
automatically saved as 1.2
COUNTING PRICE FOR JOBS

Prices for jobs are counted based on these formulas:
For scanning:
Scan cost x number of scan pages
For copying and printing:
(Cost per click x number of printed pages) + (paper cost x number of used papers) + (page cost x
number of printed pages)
YSoft SafeQ 5 197

February 03, 2016
EXAMPLES:
Print of 1x A4 page in B/W simplex mode
(Cost per click x 1 page) + (paper cost x 1 paper) + (B/W page cost x 1 page)
NOTE: You can see print job prices estimation in SafeQ Client window as displayed on
image.
Print of 2x A4 page in Color duplex mode
(Cost per click x 2 pages) + (paper cost x 1 paper) + (Color page cost x 2 pages)
NOTE: You can see print job prices estimation in SafeQ Client window as displayed on image.
YSoft SafeQ 5 198

February 03, 2016
Copy of 1x A4 page in B/W simplex mode
(Cost per click x 1 page) + (paper cost x 1 paper) + (B/W page cost x 1 page)
Copy of 1x A4 page in Color duplex mode
(Cost per click x 2 pages) + (paper cost x 1 paper) + (Color page cost x 2 pages)
Scan of 2x A4 page in B/W simplex mode
Scan cost x 2 pages
ADVANCED DETAIL ACCOUNTING
OVERVIEW
There are two additional features in YSoft SafeQ 5 that can be used to account job in more detail:
Detail Scan Accounting - allows the administrator to specify prices for scan jobs based on their size
(normal / large) and color (B&W / color).
Detail Media Accounting - allows the administrator to specify prices for standard plain paper and
non standard media used for copying or printing.
Both of these features can be used only with some embedded terminals, depending on their accounting
/reporting capabilities (more details in Limitations below).
SETTINGS
1. To enable these features navigate in YSoft SafeQ web GUI to System settings (log into the web as
admin, then navigate thru menu System -> System settings).
2. Switch to Advanced or Expert view.
3. To enable Detail Scan Accounting - search for " scanJobsDetailAccounting" (without quotes) and
choose the option called Enabled.
4. To enable Detail Media Accounting - search for " detailMediaTypeAccounting " (without quotes)
and choose the option called Enabled.
5. After you change one or both of the options Save changes.
PRICE LIST
Once either of the features is enabled, the Price List configuration will display new items.
YSoft SafeQ 5 199

February 03, 2016
There are four items for Detail Scan Accounting: B&W scan (normal), B&W scan (large), Color scan
(normal) and Color scan (large). If the device used for scanning supports detailed accounting, the values
entered in particular fields will be used.
There are two new items for Detail Media Accounting: Non standard media type (normal), Non standard
media type (large). If the device used for printing/copying supports detailed accounting, the values entered
in particular fields will be used to account paper costs. Standard Paper cost is used otherwise.
LIMITATIONS
Not all vendors provide support for detail scan job accounting (e.g. B&W vs.color, normal vs. large
paper size). Please consult the use of this feature in your environment with Y Soft representatives.
Not all vendors provide support for media type based job accounting (whether plain paper or
another media type has been used). Please consult the use of this feature in your environment with Y
Soft representatives.
By design, external Y Soft terminals and the Ricoh embedded terminal do not support this level of
advanced accounting.
Both price estimation and final accounting is able to distinguish only 2 types of colorfulness for detail
scan job accounting - B&W and Color. All other possible types (one color, two color and similar) are
accounted as Color. This applies also for devices that are able to report only the size but not the
colorfullness of a scan job - on such a devices all scan jobs are accounted as Color when detail
scan job acounting is enabled (ie. Konica Minolta MFPs without payment support enabled).
Only Normal (ie. A4) and Large (ie. A3) paper size is distinguished when detail scan job accounting
is used.
All information about scan job accounting is stored as "common" scan job - it is not possible to
distinguish neither paper size nor colorfullness in YSoft SafeQ reports (web reports, Manager reports,
CRS, etc.).
It is not possible to distinguish media type used YSoft SafeQ reports (web reports, Manager reports,
CRS, etc.) even if media type based job accounting is enabled.
3.1.13 PROJECT PRINT TRACKING
PROJECT PRINT TRACKING – OVERVIEW
DESCRIPTION
The Project Print Tracking feature allows users to select and assign a target project for every print
initiated from their workstation in order to track per-project costs. Billing codes (project codes) are
provided in a hierarchical structure that can represent different business models (for example, a list of
customers and their individual projects).
For configuration and deployment information, see Configuring Project Print Tracking.
For managing billing codes in the YSoft SafeQ Web Interface, see Managing billing codes.
For an overview of importing/exporting billing codes, see Billing Code Import CSV Format
Specification.
For an overview of the user workflow relating to billing codes, see Selecting billing codes in
SafeQ Client.
YSoft SafeQ 5 200

February 03, 2016
USER STORIES
As a user, I want to print a document and select a billing code (project code) for the produced
output so that I can exactly track and later charge costs related to the various projects I'm
working on.
REQUIREMENTS
YSoft SafeQ shall provide a project list (tree) from which the user can select a project prior to
making every print.
Every project contains the following attributes: unique code, name, access permissions.
YSoft SafeQ shall provide reports of outputs/prints generated for every project.
YSoft SafeQ shall allow the administrator to manage the project list and also to use import and
export tools to automate management of the project list.
This feature shall be supported by all Office and Production Print Tracking methods.
YSoft SafeQ Client shall support smart search for billing (project) codes (that is, the user types
letters/numbers and the list is automatically filtered for matching projects only).
YSoft SafeQ shall support definition of a "default billing code (project code)" as an attribute of
the user. This information shall also be replicated from an external data source (where possible).
DEPENDENCIES/NON-FUNCTIONAL REQUIREMENTS
YSoft SafeQ Terminals must be installed and available on the LAN.

Print drivers and print clients must be installed locally on every workstation.
YSoft SafeQ Client must be configured for project accounting.
Identity management must be established.
Every user has to have assigned at least 1 Billing Code (e.g. "0 Default Project" is assigned to
everyone) in order to be able to copy.
LIMITATIONS
The list of available billing codes (project codes) for each new user is synchronized to ORS
servers at the next periodic synchronization – which means that the user may see only the
default billing code upon first access, and all other billing codes after the next periodic sync.
YSoft SafeQ5 supports a maximum of 1000 billing codes per one level (with no technical
limitation on the number of nested levels). If you have more billing codes, use (or
request) the import script that can import data into the logical tree structure.
Available for network printers connected via the YSoft SafeQ server only! Does not work on
print queues shared by a print server.
The user must select a billing code prior to making every print. Only projects assigned to the
user are visible; tiered billing code selection (i.e. the user first limits the selection, then selects
the code) is available.
If no project is defined or assigned to the user, the project selection dialog is not displayed and
prints are accounted to a default project (if defined) or no project (otherwise).
If the project selection dialog is canceled the prints are accounted to a default project (if defined)
or no project (otherwise).
YSoft SafeQ 5 201

February 03, 2016
When billing code is changed during copying larger amount of pages, copy job is accounted to
the billing code chosen at the moment copy job was finished, not to the one chosen when
copying started.
DIFFERENCES BETWEEN YSOFT SAFEQ VERSIONS
Supported features 5.0
Multilevel billing codes – unlimited project "tree" structure.
Access permissions are defined for the tree and related sub-tree
Import of project list from CSV file
Project code and project name must be defined

See Billing Code Import CSV Format Specification
Administrator can define default project per user or cost center (not role)
Assignment of projects to users/cost centers based on import from CSV file
CSV file contains at least unique project code/project folder name
Assignment of a default project to a user from LDAP based on LDAP attribute
Administrator can define (enable/disable) budget (assign costs) for project
Administrator can define budget per project (with costs per page as defined per device
in YSoft SafeQ)
When the budget limit is reached, users are unable to print to this project unless
administrator adds some value to the project account
When the budget limit is reached, project administrator (assigned to a respective project
folder) is notified by e-mail
Administrator can define soft quota – in number of pages – for project
When quota is exceeded, users and project managers are notified

Users are notified before jobs are processed; however the print job is printed
Administrator can define hard quota – in number of pages – for project
When quota is exceeded, users and project managers are notified

Users are notified before jobs are processed and the print is denied
YSoft SafeQ 5 202

February 03, 2016
LICENSING
The Project Print Tracking feature is a standalone licensed feature. To use Project Print Tracking, this
feature must be included in the license and the license for this feature must not have expired. Without
valid license,
There is no option to configure projects in the YSoft SafeQ Web Interface.

Dialogs for selecting and changing projects are not available on terminals.
Dialog with project selection is not available in YSoft SafeQ Client.
Configuration option for allowing billing codes (billing-codes-enabled) is ignored.
Predefined report for project printing is not available from the Web Reports menu.
BILLING CODE IMPORT CSV FORMAT SPECIFICATION

YSoft SafeQ supports the batch import of billing codes from a CSV file. The file must conform to the format
described here.
Recommendation
It is recommended to use a maximum of 1000 billing codes per one level (without technical
limitation on the number of nested levels).
If you have more billing codes, use (or request) the import script that can import data into the
logical tree structure.
CSV FORMAT
Billing codes are stored in a comma-separated values file.
Delimiter: semicolon ;
Quote character (if needed): double quote "
IMPORTER CONFIGURATION
You can modify the behavior of the importer by configuring the first row.
FORMAT SELECTION
Several formats are supported for import. The format MUST be specified in the first line in first column.
Available formats: prefix, parent
Format specification string: format:parent
LEVEL DELIMITER
When you use the prefix format, you can change the default delimiter from '.' to another single character.
Delimiter specification string: levelDelimiter:/
Default level delimiter is '.'
Default prefix importer will read 1.2.3.. When you change levelDelimiter to / then it will read data in
format 1/2/3.
YSoft SafeQ 5 203

February 03, 2016
SUPPORTED FORMATS
FORMAT PREFIX
1. Billing code in tree format – MANDATORY; String – e.g.: 1.2.14 - parent is in this case 1.2 and billing
code for this item is 14
2. Billing code description – MANDATORY; String – e.g.: Primary code
3. Extension string. From the 3rd position, you can specify extension strings. Each column contains one
and only one extension. Extensions are applied from the first left record to the right.
FORMAT PARENT
Record contains the following columns:
1. Billing code – MANDATORY; String – e.g.: 100, 200, 1.1.1

2. Billing code description – MANDATORY; String – e.g.: Primary code
3. Parent billing code (first-level billing code) -- OPTIONAL; String – e.g.: 100, can be empty
4. Extension string. From the 4th position, you can specify extension strings. Each column contains
ONE and only one extension. Extensions are applied from the first left record to the right.
Parent billing code (first-level billing code) is optional. When it is not specified, the billing code is considered
to be directly under the root element.
The uniqueness of a billing code is defined by its path. The same billing codes can appear under different
parents.
EXTENSION STRING
Format: extension_name:value
Allowed extensions: user, center, action

Extension string is case insensitive.
Extension user
This extension contains user's login. Current billing code with entire subtree will be assigned to specified
user.
Example: user:georgik
Extension center
Extension contains number of cost center. Current billing code with entire subtree will be assigned to
specified cost center.
Example: center:118999881
Extension action
Available actions:
remove - This deletes the individual code and its entire subtree
Example: action:remove
GUIDELINES FOR WORKING WITH A LARGE NUMBER OF BILLING CODES
It is possible to handle a large volume of billing codes, but you should follow certain rules.
YSoft SafeQ 5 204

February 03, 2016
Some useful guidelines:
1. If you need to assign a large number of billing codes, group them under one parent and assign only this
parent.
2. If you need to assign the same set of billing codes to a large number of users, create a role and assign
billing codes to the role according to guideline 1.
3. Make as few deletions as possible. Billing codes are still in the database even when they are deleted.
3.1. If you already deleted a large number of billing codes from the database, ask a database expert to
clean up and VACUUM the database. Billing codes are necessary for statistics; incorrect deletions can harm
statistics.
4. Do not create more than 1000 children at the first level of billing code tree. Divide billing codes into
groups.
Note for guideline 3: Use SQ4 SR2. Importer is able to synchronize the CSV file with the database. It
performs as few delete/insert operations as possible. (Prior versions did not check the database.)
SAMPLE CSV DATA
FORMAT PREFIX
Content of CSV file:
format:prefix;
1;Czech republic;user:barbora;user:richard
1.1;Brno;
1.2;Lomna;
1.2.1;Dolni Lomna;
1.2.3;Horni Lomna;
1.3;Milikov;
2;Slovakia;center:118999881
2.1;Kosice
2.2;Povazska Bystrica;
2.2.1;Vrtizer;
2.2.2;Milochov;
1.9;Trencin;
2.2.3;Marikova;
Sample in Excel:
YSoft SafeQ 5 205

February 03, 2016
Result in YSoft SafeQ:
FORMAT PREFIX WITH LEVEL DELIMITER /
format:prefix;levelDelimiter:/;
1;Czech republic;user:barbora;user:richard
1/1;Brno;
1/2;Lomna;
1/2/1;Dolni Lomna;
1/2/3;Horni Lomna;
1/3;Milikov;
REMOVE AND INSERT NEW
This feature is not available in YSoft SafeQ 5 beta.
YSoft SafeQ 5 206

February 03, 2016
format:prefix
1;Large forest;;action:remove
1;Desert;;
1.1;Sahara;;user:georgik;118999881;user:arnost
1.1.1;Sand;
1.1.2;Dust;
FORMAT PARENT
format:parent
100;Large forest;;center:118999881
10;Giant Sequoia;100;user:mary;user:james
11;Coast Redwood;100
12;Western Redcedar;100
13;Australian Oak;100
14;Inheritance;100;center:118999881
200;Old forest;
8;Bristlecone Pine;200
9;Alerce;200
10;Giant Sequoia;200
11;Sugi;200
12;Huon-pine;200
Sample in Excel:
YSoft SafeQ 5 207

February 03, 2016
SPECIAL CHARACTERS
You can use LiberOffice Calc to generate proper CSV file in UTF-8 from Excel table. Use semicolon as field
delimiter and no character as text delimiter.
format:prefix;levelDelimiter:*
1;Tiskárna
1*1;
1*1*1;
2;
2*1;
2*2;tölvufræði
Sample in Excel:
YSoft SafeQ 5 208

February 03, 2016
RECOMMENDATION
max 1,000 sub-levels per one first-level

max 100,000 lines per CSV file
LIMITATION
max 1,000 sub-levels per one first-level for a one import procedure
max 3 MB CSV file size
the following characters are restricted: ?&’”<>
if you need to enter the character backslash '\' you must escape it, i.e. type '\\'
BILLING CODE TROUBLESHOOTING
COMMON PROBLEMS WITH BILLING CODES
"PROJECT" TAB IS NOT VISIBLE IN ADMIN INTERFACE
You do not have licence with "Project tracking" feature.

BILLING CODES ARE NOT VISIBLE WHEN PRINTING FROM WORKSTATION CLIENT
1. Check that billing codes are enabled. In System settings you should see "Enabling billing codes" set
to "enabled".
2. User must have at least two billing codes. When user has just one billing code it will become
automatically the default billing code and Billing code selection won't be displayed.
LISTING AND DISPLAYING BILLING CODES IS TOO SLOW
1. Check whether you follow Guideline for creating billing codes
YSoft SafeQ 5 209

February 03, 2016
TOO MUCH "ORPHANED" BILLING CODES
File which define billing codes must contain also all billing codes up to the root. If there is no such path then
importer won't be able to put billing code into tree.
Wrong scenario - 600.7000 us unreachable:
format:prefix
500;Master
600.7000;Child
Correction:
format:prefix
500;Master
600;Second master
600.7000;Child
RECENT BILLING CODES EXTENSION
HOW IT WORKS
Recent Billing Codes is extension of Billing codes Workstation Client functionality. User can choose billing
code from the list with recently used billing codes. This saves time, because it is not necessary to browse all
available billing codes.
List of billing codes is limited to 10 recent billing codes. When user sends job to print then this billing codes
is moved to the top of recent billing code list.
YSoft SafeQ 5 210

February 03, 2016
When billing code is not in list of recently used billing codes then user can browse in the full list of billing
codes available to him. In order to display list of assigned billing codes just click on button Show assigned
billing codes. Follow instructions in Selecting billing codes in SafeQ Client.
YSoft SafeQ 5 211

February 03, 2016
List of recent billing codes displays only billing codes that are assigned to user or cost center. Deleted or
unassigned billing codes won't be displayed.
CONFIGURATION
Recent billing codes extension is turned on by default. It is possible to turn it off via System configuration -
option Display Recently Selected Billing Codes.
When Recent billing codes extension is turned off then user can see only list of billing codes.
YSoft SafeQ 5 212

February 03, 2016
3.1.14 RULE-BASED ENGINE
PURPOSE
YSoft SafeQ provides added value to customer via fulfilling various business needs. Rule-based Engine
allows fulfillment of following:
Reduce direct costs of material

Reduce indirect costs of solution ownership
Educate employees about costs hidden behind their actions
Support enforcement of business processes
OVERVIEW
Rule-based Engine acts based on rules defined by administrator. Rules can be combined in order to fit the
environment customer works in.
Business needs can be fulfilled by rules such as:
Convert jobs to monochrome and duplex - for reducing costs of material

Reject big jobs and inform employee - for education and process enforcement
Please see examples of settings here: RBE - Examples of usage.
For detailed overview, please see list of rules here.
For configuration and deployment information, see Configuring and using Rule-based Engine and Using the
Rule Definition wizard.
DEPENDENCIES / NON-FUNCTIONAL REQUIREMENTS
YSoft SafeQ Server must be installed and available on the LAN.

Print drivers must send print data to the YSoft SafeQ server.
Identity management must be established [see Identity management].
Available for network printers connected to the YSoft SafeQ server only!
CAVEATS
Some transformations may work only under specific conditions (see Rule-based Engine: rule
definition for more info).
Rules management on SafeQ web interface is allowed only on master CML node.
Rules management on slave node is possible only in case master node is down and slave node
takes over master role. If you change rules on slave node, do not make any changes on master node
for at least 5 minutes after it is fully started again.
RULE-BASED ENGINE: RULE DEFINITION
RULE-BASED ENGINE: GLOSSARY
YSoft SafeQ 5 213

February 03, 2016
Term Definition
Rule Set of associated triggers, conditions, actions and notifications
Trigger Defines action that triggers the execution of rule - when the conditions are evaluated.
Condition Is reviewed when rule is triggered. Evaluates whether action should be performed. When
more conditions are defined for specific rule, all of them must be met in order for rule to do
action.
Action Action is something the system does, typically with a print job. Happens when rule is
triggered and conditions are met.
Notification Information to end user, manager, administrator or external system about successful
execution of rule - it was triggered and conditions were met.
RULE BASED ENGINE: TRIGGERS
Trigger Description
On reception of job by Print Job Reception from user workstation or print server.
YSoft SafeQ server This is where you can affect how the job will be processed by the
system, e.g., redirect the job to a different queue.
The SafeQ Client Notifications can only be triggered by this trigger.
Before job is released to Before print job is released to a device managed by SafeQ.
the printer This is where you can reject the job.
On job's delivery to the Print job delivery to a device managed by SafeQ

printer This is where you can apply changes to the job, such as conversion to
black&white.
On user's login at terminal When user authenticates at a SafeQ Terminal.
On user's logout at terminal When user logout at a SafeQ Terminal
Rule containing this trigger cannot have any actions, only

notifications.
On job status change When status of user print job has changed
Rule containing this trigger cannot have any actions, only

notifications.
RULE BASED ENGINE: CONDITIONS
Job Conditions
Job belongs to <user> Triggers:
YSoft SafeQ 5 214

February 03, 2016
Job Conditions
On
reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job belongs to user with <role> Triggers:
On
reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
YSoft SafeQ 5 215

February 03, 2016
Job Conditions
Job belongs to user from <cost Triggers:

center>
On
reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job is printed on <device> Triggers:
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
Job is printed on printer with type Triggers:
YSoft SafeQ 5 216

February 03, 2016
Job Conditions
Before job At least one type needs to be

is released specified (Devices > Tools > Printer
to the types), otherwise this condition is
printer disabled.
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job is printed on device from <group Triggers: At least one group must be specified
/ ORS> (Devices -> Items -> Add new group),
Before job otherwise this condition is disabled.
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
Job title <contains / matches> <text> Triggers: Text can be in the form of a regular
expression to detect various patterns.
On See Regular Expressions for pattern
reception of building information.
job by
YSoft
SafeQ
server
YSoft SafeQ 5 217

February 03, 2016
Job Conditions
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job has been sent to named queue Triggers: Text can be in the form of a regular
<contains / matches> <queue_name> expression to detect various patterns.
On See Regular Expressions for pattern
reception of building information.
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job has been sent to queue type Triggers:

<direct / secured / shared>
On
reception of
job by
YSoft
SafeQ
server
YSoft SafeQ 5 218

February 03, 2016
Job Conditions
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job <has / has not> set a <system Triggers: Setting a system tag (using the "Mark
tag> job with tag" action) in one rule doesn't
On affect other rules because all conditions
reception of are evaluated at the beginning.
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job <has / has not> set a <user tag> Triggers: Setting a user tag (using the "Mark
job with tag" action) in one rule doesn't
On affect other rules because all conditions
reception of are evaluated at the beginning.
job by
YSoft
SafeQ
server
YSoft SafeQ 5 219

February 03, 2016
Job Conditions
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job file size <equal to / not equal to / Triggers:

greater than / lesser than / greater or
equal to / lesser than or equal to> On
<number> <B / KB / MB / GB / TB> reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job has <status> Triggers: Only notification can be executed on

this condition.
On
reception of
job by
YSoft
SafeQ
server
YSoft SafeQ 5 220

February 03, 2016
Job Conditions
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job Page Conditions
If Job contains <more than, equal to, The rule requires enabled job parser.
less than, between> <x> [<all,b/w,color>]
pages [with paper size <large, small>]
User Status Conditions
Total amount of <all pages per month Triggers: This rule is not applied before first
/ BW pages per year / etc.> by job owner statistics are processed (processing of
is <equal to / not equal to / greater than / On statistics is run approximately every
less than / greater or equal to / less than reception of hour)
or equal to> <number>. job by
YSoft This rule requires the following
SafeQ property to be enabled:
server displayPrintedPagesPricesOnTerminal
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
YSoft SafeQ 5 221

February 03, 2016
Job Conditions
On job
status
change
Outcome of authentication on Triggers:

terminal <equal to / not equal to>
success On
reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
Time Conditions
Current <day of week / day of Triggers:

month> is <equal to / not equal to /
greater than / lesser than / greater or On
equal to / lesser than or equal to> <day reception of
in week / day in month> job by
YSoft
SafeQ
server
Before job
is released
to the
printer
YSoft SafeQ 5 222

February 03, 2016
Job Conditions
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
Current time is <equal to / not equal Triggers:

to / greater than / lesser than / greater or
equal to / lesser than or equal to> On
<time> reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
RULE BASED ENGINE: ACTIONS
Transform Job Operations
Add watermark <text> to each page. Triggers: Watermarking feature is available for
Add it to <position> of the page, rotate it PCL and PostScript jobs only.
YSoft SafeQ 5 223

February 03, 2016
by <number>° and use font with <size> On job's Only ISO Latin-1 and Latin-2
and <color> delivery to character set is supported.
the printer
Variables can be used, see below for
their definition.
Find <text> in PJL header and Triggers:

replace with <text> (or append when
On job's Replaces text in PJL header with
searched text is not found)
delivery to given text. If not found, it is added
the printer instead.
<Convert / Do not convert> job to Triggers:

grayscale
On job's
delivery to
the printer

duplex
On job's
delivery to
the printer

simplex
On job's
delivery to
the printer
Print job <number> times Triggers:
On job's
delivery to
the printer
Mark job with <tag> Triggers: This action will not affect the
evaluation of tag conditions in
On subsequent rules because all conditions
reception of are evaluated before any rules are
job by executed.
YSoft
SafeQ
server
YSoft SafeQ 5 224

February 03, 2016
Change processing workflow
Re-queue the job to <queue> Triggers: Valid for direct queue only.
On
reception of
job by
YSoft
SafeQ
server
Reject print job Triggers:
Before job
is released
to the
printer
Delete print job Triggers:
On
reception of
job by
YSoft
SafeQ
server
Deny authentication on terminal Triggers: User authentication is denied (after

successful authentication).
On user's
login at
terminal
Queue the job to user's VIP Shared Triggers: Valid only for users with existing VIP
queue shared queues.
On
reception of
job by
YSoft
SafeQ
server
YSoft SafeQ 5 225

February 03, 2016
RULE BASED ENGINE: NOTIFICATIONS
General Notification
Information
Send e-mail with Triggers: Variables can be used, see below for their
<subject> and content of definition.
<text> to job owner all
Send e-mail with Triggers: Variables can be used, see below for their
<subject> and content of definition.
<text> to <user> all
Run external <script> Triggers: Executes any application, optionally passing

some information as parameters. See Using the
all Rule Definition wizard for more details.
Example of input: C:\script.bat [USER_EMAIL]

[JOB_STATUS] (This will execute a script.bat
located on a C drive with 2 parameters).
Variables can be used, see below for their

definition.
Send YSoft SafeQ Client Triggers: Requires job to be submitted by YSoft SafeQ
notification to job owner Client
On reception of
job by YSoft Shows popup to user
SafeQ server
Notification is defined in HTML, therefore
hyperlinks can be used.
Variables can be used, see below for their

definition.
Please see Rule based engine Client

notification - setup and usage for more details.
RULE BASED ENGINE: VARIABLES
Variable Description
[DEVICE_ID] Internal SafeQ unique ID of the involved device (printer, mfp)
[DEVICE_IP] IP Address of the device
[DEVICE_NAME] Device Name as configured in SafeQ
YSoft SafeQ 5 226

February 03, 2016
Variable Description
[DEVICE_BACKEND] Data Delivery Method as configured in SafeQ (e.g., TCP/IP Raw, LPR,
IPP)
[USER] Owner of the job in the format "Name Surname (login)"
[USER_NAME] User's first name from the Identity Database
[USER_SURNAME] User's surname from the Identity Database
[USER_LOGIN] User's login from the Identity Database
[USER_EMAIL] User's email address from the Identity Database
[USER_ID] Internal SafeQ unique ID of the user from the Identity Database
[JOB_ID] Internal SafeQ job unique ID
[JOB_TITLE] Job Title
[JOB_SIZE] Size of the print job
[JOB_QUEUE] Target print queue name
[JOB_STATUS] Current job status
[JOB_NOTE] Internal note generated by system
[JOB_FILENAME] Subdirectory and filename where the job is spooled
[DATE] Current date
[TIME] Current time
Please note that notifications "Send e-mail" send messages in plain text. Microsoft Outlook by
default removes line breaks in plain text e-mails. If this issue occurs in your environment, please
disable this feature in Microsoft Outlook:
YSoft SafeQ 5 227

February 03, 2016
RULE-BASED ENGINE: EXAMPLES OF USAGE
Case: Solution: Context:
Customer is working in strict Convert all jobs into Many printers need to have also color
environment where control of black&white toners filled in order to function even
employee activity is necessary. if only black&white printing is needed.
Customer is sensitive to costs of Avoid usage of expensive color toner
printing solution. in environment where users do not
need the color printing.
Delete large jobs above Employees have alternatives when

X pages working with documents - to print
them or to use them in electronic
Notify user via SafeQ
form. Employer can set up policy that
Client popup
will not allow printing of jobs above
defined size in order to force
employees to not print them out of
habit.
YSoft SafeQ 5 228

February 03, 2016
Case: Solution: Context:
Employee is confronted with SafeQ

Client popup informing him about
employer's policy.
Reject jobs if total Set up weekly / montly limit on

amount of pages per printing to avoid misuse by
period is higher than X employees used to unnecessary print
pages large amounts of paper. The quota is
useful to cut costs of most spending
employees.
Client popup
Employee is confronted with SafeQ
Client popup informing him about
quota being exceeded.
Customer's environment contains Redirect all jobs above X Redirect all large jobs to low-cost
lots of MFPs with high cost of print pages to low-cost printer printer in order to maximize its
and one central printer with low- benefit.
cost printing. Customer wants to
Client popup Inform employees with SafeQ Client
optimize low-cost printer usage.
popup that job was redirected so
employee does not waste time by
going to wrong device to pick up
prints.
RULE BASED ENGINE CLIENT NOTIFICATION - SETUP AND USAGE
PREREQUISITES
SafeQ5 CU1 and higher.

Licensed Rule-Based Print module.
SafeQ Client installed and running on user's workstation
LIMITATIONS
Client notifications are not supported when using direct print.
YSoft SafeQ 5 229

February 03, 2016
CREATING RULE WITH ACTION DELETE AND CLIENT NOTIFICATION
1 Log in to the Web administration, with sufficient rights.
Go to Rules tab from the menu and create new rule or edit some existing rule.
Set trigger to On reception by YSoft SafeQ server.
Set action Delete print job.
2 Go to notification tab.
Set notification to Send YSoft SafeQ Client notification to job owner.
Set text for notification. You can use also HTML tags, to format text or display graphics in notification.
Save rule.
YSoft SafeQ 5 230

February 03, 2016
3 When a print job is sent by YSoft SafeQ Client and job is accepted by server, notification will be
display within client window.
Behavior of button close could be different:
In case that job is deleted from spooler, when clicking button Close, client window is
closed.
In other cases - if job is accepted on server and saved on spooler, only notification
window is closed.
YSoft SafeQ 5 231

February 03, 2016
3.1.15 SCAN TO SMTP
Scanning to SMTP is an optional way of using SafeQ internal SMTP server, which receives data directly
from the printer (on port 25, thus SMTP).
ABOUT
Scan job created by MFP is sent via SMTP to SafeQ, where it is processed. In order to identify the
originating user (and because MFP cannot provide the user identification data), SafeQ looks up its database
or cache to discover the user who was logged in to the particular terminal or device based on the
information attached to the scan job (time is parsed from the file name).
If not such user is found, the scan job is ignored and not delivered to any user.
SMTP SETTINGS
To enable or disable SMTP server check the"SMTP" value from scanServerType property on System ->
System settings page.
YSoft SafeQ 5 232

February 03, 2016
Specific port for SMTP server: MailServer-serverPort.
FORMAT OF PARSED DATA (SCAN JOB FILE NAME FORMAT)

In order to support this method of Scan job delivery, each scan job file name must contain time and date
when user created the scan job on the device (not the time when the device sends the file through SMTP!).
The time and date included in the file name must be in one of the following formats:
a) YYYYMMDDHHmmss
e.g. 20130401143358 (that means 2013-04-01 14:33:58)
[1-2][0-9][0-9][0-9][0-1][0-9][0-3][0-9][0-2][0-9][0-5][0-9][0-5][0-9]
b) YYMMDDHHmmss
e.g. 130401143358 (that means 13-04-01, 14:33:58)
[0-9][0-9][0-1][0-9][0-3][0-9][0-2][0-9][0-5][0-9][0-5][0-9]
In both cases 24-hour time format must be used and the seconds must be included.
SUPPORTED DEVICES
Scan to SMTP is supported only with devices that set file names of scan jobs with date and time included in
format mentioned above.
By default only HW terminal Professional is supported. Do not enable just the SMTP server in
scanServerType system settings property if Terminal Server is used (at least one more type must
be enabled) otherwise Terminal Server will not run correctly.
For scanning from embedded terminals, it is strictly recommended to use Scan via workflows.
YSoft SafeQ 5 233

February 03, 2016
3.1.16 SERVER FAILOVER
YSoft SafeQ 5 234

February 03, 2016
YSOFT SAFEQ SERVER FAILOVER SYSTEM
As a System Administrator, I would like to configure my printing environment in the way there is
not a single point of failure, so that I can significantly increase high availability of printing services.
System readiness (especially 3rd party technologies, like NLB) must be consulted with Y Soft
before using with customer.
FAILOVER - OVERVIEW
Note: Failover works only within high-speed and low-latency networks (preferably 1Gb
ethernet networks). Based on experience from our existing customers, printing via slow
networks is generally unacceptable for end-users even for a short period of time. The failover
currently works only with SafeQ CML "cluster". Although ORS servers can also form "clusters
/near roaming groups", automated failover isn't fully supported at the moment.
ASSUMPTIONS
SafeQ System offers application-level failover and load balancing which encompasses all system
components. This failover and load balancing is however subject to limitations imposed by components
beyond SafeQ CML System supplier control.
Solution is based on the YSoft SafeQ Application level clustering technology. This technology is based
on the inter-server communication, message exchange and metadata synchronization among
individual YSoft SafeQ CML Servers.
There are two pre-requisites:
to have the CML servers available on high-speed and low-latency network (preferably fiber
optics).
to have all YSoft SafeQ components (CML Server Core, Terminal Server) installed at the same
server and to have database instance for every system in the cluster.
To enable full failover and load balancing for MFPs connected with YSoft SafeQ system, there are
three options to be used:
1. For some devices and technologies, client-based failover mechanism can be used
2. Microsoft Cluster Services (MSCS)
3. Microsoft Windows Network Load Balancing (NLB) technology can be leveraged
Failover options
YSoft SafeQ 5 235

February 03, 2016
Option Pros Cons
Client based server

real-time failover doesn't require any requires application support
mechanism infrastructure requires client software to be
changes installed at workstations
device for embedded (WS-based)
are equity divided technologies, it requires re-
among the nodes installation of the device and
may confuse users
Server OS based
real-time server state of the art requires complex infrastructure
failover mechanism solution configuration
(MSCS) expensive initial investments
expensive maintenance
virtual IP must be used for
administration (Terminal Server
connected with local server
only)
Server OS based
real-time server included in requires extra infrastructure
failover mechanism Standard Windows configuration
(WNLB) server version network multicasting among
fully transparent to servers shall be configured to
the end users get the best performance
fast and reliable
solution that covers
both load balancing
and fail over
3.1.17 CLIENT BASED SERVER REAL-TIME FAILOVER MECHANISM
Client based failover system expects that there is a smart component installed at the client system
that checks for server availability. Such system is fully active providing both server failover and
load-balancing.
YSoft SafeQ 5 236

February 03, 2016
( blue line - print from workstation , green line - print to the printer , black line - authentication from
terminal )
YSoft SafeQ Hardware Terminal for Printers/MFPs
Hardware terminal checks the server availability upon every authentication requests and
initialize the session with responding server.
YSoft SafeQ Workstation Client for Print Servers and User Workstations
The client component verifies availability of individual servers and re-directs print job to available
print server.
If the server fails, the client automatically prints the document to the other server
Print Job Data is not synchronized among servers, to ensure availability of stored print
jobs, it is recommended to use shared SAN storage.
This option is by default available for External Terminals and any workstation or print server with
installed YSoft SafeQ Client and print driver (system print queue).
3.1.18 SERVER OS BASED REAL-TIME SERVER FAILOVER MECHANISM
OS based failover system works with assumption there is an operating system level mechanism that
can
1. provide single IP address / host name to external systems (so that print servers, user
workstations and multi-functional printers don't need to verify server availability or switch among
multiple servers and
2. provide mechanism to re-direct traffic to the secondary server(s) in case of primary server's
outage.
YSoft SafeQ 5 237

February 03, 2016
( blue line - print from workstation , green line - print to the printer , black line - authentication from
terminal )
Currently supported mechanisms are MSCS and NLB:
MSCS ( MICROSOFT CLUSTER SERVER ) - WINDOWS SERVER ENTERPRISE EDITION
Windows Shared Print Queues (print drivers + Enterprise version of YSoft SafeQ Client) and
SafeQ components are deployed as a clustered services.
In this case redundancy requires that applications be installed on multiple servers within the
cluster. However, an application is online on only one node at any point in time.
There are two possible ways to install clustered system:
1. Clustering all SafeQ services (Active-Passive)

Example of Active-Passive cluster:
YSoft SafeQ 5 238

February 03, 2016
Caveats:
SafeQ can have only one active CML node
such environment requires independent license for each cluster node
in case of failure, user has to wait to system restart (up to 5 minutes)
some pull accounting logs can be lost or duplicated in case of server failure
2. Clustering of Terminal Server service (Active-Passive) and having two SafeQ CML services
running (Active-Active)
Example of Terminal Server cluster:
YSoft SafeQ 5 239

February 03, 2016
Caveats:
System can run up to 4 SafeQ CML nodes, however only one Terminal Server can
be running in system (as TS do not have unique identifier for communication with
CML)
Limitations:
this solution is not working with pull accounting (e.g. Xerox with EIP version lesser
than 2)
MICROSOFT WINDOW NETWORK LOAD BALANCING (NLB)

The NLB operates as a cluster which shall be formed over all servers running SafeQ Cluster nodes. All
other SafeQ system operations are handled by SafeQ application-level clustering and load balancing.
The NLB technology provides single, virtual IP address. Multicast operation model of the NLB
technology is required.
The Terminal Server shall use the NLB virtual IP address for registering all sub-API applications on
MFPs. This IP address (or FQDN name as the case may be) shall be specified in SafeQ configuration
settings by the system administrator.
Terminal Server Component is registered to a network load balancing virtual IP/Hostname

New node (CML+TS) can be added to system any time (up 4 CML nodes)
see Configuring WNLB Server Failover for more information
The SafeQ System is extended with NLB support in the following way:
When the SafeQ System detects a failure of a particular server node, the newly elected master
node shall temporarily remove such failed node by using Microsoft-supported tools, such as
PowerShell or NLB.EXE.
Reasonably after the previously-failed node is operational again, the current master node shall
re-add the previously failed node to the NLB cluster. A timeout mechanism shall prevent the
cluster from removing and re-adding the nodes in a quick succession in case of short-term
failures (such as temporary lack of network connectivity which only spans few seconds) which
would result in decreased system performance due to thrashing.
Example of NLB cluster:
YSoft SafeQ 5 240

February 03, 2016
Limitations:
Y Soft supports using NLB for introducing failover and load balancing only on Microsoft
Windows servers.
NLB needs to be configured in multicast mode to span SafeQ cluster nodes running
in different data centers or connected to different networks. Network multicast is ONLY
required to be supported among servers, but the cluster virtual IP address has to be
network-reachable from the MFPs or workstations.
Network Pros Cons

Configuration
Network uni-cast No extra network All data is transferred to all servers in the cluster,
configuration needed increasing load on the network.
Network multicast Recommended solution Requires infrastructure support.

(among servers) by Microsoft
Faster, more reliable
with less data traffic.
The NLB shall be configured with port rules and affinity to maintain short term affinity of MFPs
with individual Tevice Server services to preserve user sessions. User sessions are not shared
among Terminal Server services.
All limitations of the NLB technology apply with the following exception(s):
The NLB technology alone does not support application failover and provides only load
balancing functionality – this limitation is lifted by adding NLB support to SafeQ for failing
over to correctly running SafeQ cluster nodes.
Status of services is monitored internally by SafeQ and in case of shutdown the node is
disconnected from NLB. SafeQ services must be set to un-register from NLB via services.
msc in case of crash.
manual re-balancing is needed in case of failure to restore pull accounting functionality.
New re-balancing cycle is needed after failback.
RE-BALANCING
To restore full accounting functionality in case of failure, master node provides option to automatically
/manually re-balance devices among all running DS.
REQUIREMENTS / TYPICAL ARCHITECTURE OVERVIEW
System shall be capable of deployment of group of servers providing redundant solution (both
servers shall be able to accept sessions from workstations and terminals)
System shall be capable of operation regardless to which server in group the printing client or
terminal connects.
Servers in the group shall be able to share print job list and request print data from any other
server.
Servers in the group shall be able to access print job data on shared SAN storage.
System shall provide automated means for the system or client components to detect outage of
one server and re-direct incoming traffic to another server.
YSoft SafeQ 5 241

February 03, 2016
System shall alert SafeQ administrator about server outage via email.
For server-originated actions (e.g.job based accounting log collection, ...), the system shall hand-
over the operation to secondary server automatically or upon administrator's confirmation.
System shall provide cluster visual health overview via Administrative interface Dashboard
Widget
Servers in a YSoft SafeQ failover cluster must be installed and available on a high-speed, low-
latency LAN.
Load balancing is only supported if print drives and YSoft SafeQ clients are installed locally on
every workstation or on a print server
Server based real-time server failover system works only on single sub-net and vLAN
NLB server based real-time server failover system requires Windows server operating system
3.1.19 GLOBAL CAVEATS
If one server fails, all operations (copy/scan) processing at that moment will be terminated and
user must start them again (e.g. re-authenticate at the terminal).
Web reports are only available on first node. If first node fails, web reports will not be available
until first node is recovered.
Print Job Data are not synchronized among servers, to ensure availability of stored print jobs, it
is recommended to use external shared SAN storage.
YSoft SafeQ CML cluster can be build from up to 4 servers ( In extreme cases, when connecting
more than 800 devices in one location and Print roaming is not possible to configure, a 5th
server can be connected to the system. Please consult your Y Soft specialist ).
Error rendering macro 'excerpt-include' : No link could be created for 'YSoft SafeQ Multi-server
Technology'.
YSoft SafeQ 5 242

February 03, 2016
3.1.20 SYSTEM ADMINISTRATION
OVERVIEW
YSOFT SAFEQ 5 PROVIDES WEB ADMINISTRATION AS AN INTERFACE FOR MANAGING MAJORITY OF

FEATURES AND FUNCTIONS OF THE SOLUTION. CENTRALIZED WEB ADMINISTRATION ALLOWS
AUTHORIZED USERS TO ACCESS AND MANAGE THE SYSTEM IN PART OR ITS ENTIRETY.
The default administrator access credentials are (username/password): admin/admin
THE WEB ADMINISTRATION REQUIRES USER AUTHENTICATION AND AUTHORIZATION WITH

COMBINATION OF USERNAME AND PASSWORD. SINGLE SIGN-ON IS AVAILABLE TO SIMPLIFY THE
ACCESS (MORE INFORMATION AT SINGLE SIGN ON FOR WEB INTERFACE ).
3.1.21 SYSTEM AND USER TAGS
OVERVIEW
YSoft SafeQ tags specify compatibility between print jobs and printers. If print document contains a tag,
which is not enabled for a device, job is marked as Incompatible and cannot be printed on this device.
Incompatible jobs can be displayed at the terminal, depending how YSoft SafeQ is configured
(administrators can choose to display them in case of heterogenous environment, where such jobs may
appear). For more details, please read Configuring displaying incompatible jobs.
SYSTEM TAGS
System tags refer to print language(s) used by a printer. System tags must be set according to the features
and capabilities available at the printer.
System tags can be enabled, but no new tags can be added or removed. To enable or disable tag, click the
tag name or icon.
YSoft SafeQ 5 243

February 03, 2016
Tags can be automatically added to print jobs using Rule-based printing, Mobile Print Server features or
using YSoft SafeQ Client (example: ForceDuplex tag, ForceBW tag, etc.).
If device has embedded terminal, it must be reinstalled when system tags are changed. Device wizard will
ask for reinstallation when device changes are saved.
USER TAGS
User tags are used to extend options of Rule-based printing.
User tags can be configured under Devices > Tools > User tags. Then, when the administrator wants to
set up a print queue that submits print jobs into YSoft SafeQ with user tags, using the SafeQ Client, the user
tag(s) should be appended to the queue name after the colon character. For example, the queue name in
the SafeQ Client configuration would be entered as "secure:UserTag1" (without the double-quotes).
3.1.22 USAGE AND COST REPORTS
USAGE AND COST REPORTS – OVERVIEW
DESCRIPTION
YSoft SafeQ gathers data for outputs produced by monitored printers, copiers and MFPs and presents
them via a centralized Web interface. For large print environments, the system also supports
integration with MS SQL OLAP Data Warehouse.
see Web Interface - Reports for reporting system overview
YSoft SafeQ 5 244

February 03, 2016
For various reasons YSoft SafeQ is typically able to address about 95-98 per cent of tracked
pages to individual users or departments, the difference is caused by various service prints,
system status prints, direct IP printing, server restarts, and limitations on the page meter
handling by devices. for details, please see Print tracking methods and Available Copy Tracking
Methods.
USER STORIES
1. Reporting - As a manager, I want to receive reports for the activity on controlled printers /
MFPs so that I have information to optimize our printing environment.
2. CRS - As a manager, I want to be able to centrally store reporting data into data warehouse so
that I can use business analysis tools to integrate the reporting data with our internal process
tools.
REQUIREMENTS
YSoft SafeQ shall provide pre-defined addressed reports available via the YSoft SafeQ Web
Interface:
User (name, login, ID), user department (if available in the Identity Database)
Originating workstation/server name
Output Device (name, location, evidence number, IP), device group, device cost center
Project code (if Project Print Tracking is enabled)
Output type (print, copy, scan)
Number of pages as per tracking method: total number of impressions, total number of
BW/color impressions, total number of small (A5/A4/letter) and large (A3/legal/tabloid)
pages, duplex usage
Estimated Page Coverage, and Estimated Toner Consumption Only available by print
job data stream analysis, where configured and for Offline Print tracking methods
Calculated Job price based on Administrator-defined price list
Print Job file type (e.g. PDF, Outlook, Image, .... based on the print job title)
Date and time (tracking of whole hours), time interval
YSoft SafeQ shall provide user definable addressed reports available via the YSoft SafeQ Web
Interface.
YSoft SafeQ shall provide user definable addressed reports via MS SQL Analysis Services
(OLAP).
YSoft SafeQ shall provide detailed job information and it's history via the YSoft SafeQ Web
Interface** Job date and time (in case of batch accounting several jobs can be accounted as a
single job)
Job name
User (name, login, ID)
Document name and type (depending on substring search, e.g. suffix)
Job list (history of operations with a job)
YSoft SafeQ shall provide export data to XML, CSV, XLS, HTML, PDF from SafeQ web
interface
YSoft SafeQ shall provide scheduled data export to XML, CSV, XLS, HTML, PDF to specified
folder or specified email addresses with periodicity: daily, weekly (for previous calendar week),
monthly (for previous calendar month), monthly (for past monthly period)
YSoft SafeQ 5 245

February 03, 2016
YSoft SafeQ shall support access restrictions based on YSoft SafeQ roles.
YSoft SafeQ Web administration interface (4.0) shall displas information whether the report is up-
to-data (e.g that all data has been collected and processed)
YSoft SafeQ Web reports shall support configurable restrictions on display of user identity
information (name, surname, login)
Print, copy or scan tracking must be configured (see details for tracking methods and tracked
information in Print/copy/scan tracking feature description).
Reporting interface has to be configured via YSoft SafeQ server deployment
THE PROCCESS OF GENERATING REPORTS
CSDMagerCML task generated all data for reports. This task run one hour after finish of
previous one.
CSDMagerCML task base steps:
Generate data for green reports (propertyenable-purge_reports).
Copy jobs into DWH.
Generate data for CRS reports (property cdc-sender or web-stats-enable).
Generate data for Web reports (property web-stats-enable). We recomended to use this
in non CRS environment. For huge amount of pages, more then 2 milions per month, we
strictly recomended to use CRS instead Web reports.
Generate data for user terminal reports (property displayPrintedPagesPricesOnTerminal
and "CRS reports").
Generate data for dashboard (property web-stats-enable).
Delete old data from reports.
Update data in DWH based on late send data to YSoft SafeQ.
CSDMagerCML task maintenance steps (run once per day):
Delete old data from database.
Run database optimalization.
Properties cdc-sender and web-stats-enable should be enabled just at leading node.
Generate data for CRS reports: newest data for reports are used after specified interval after
saving this data into database. Data which was actualy printed will be in reports after specified
interval, configuration property: printJobAgeForStats [minutes], default value 60, allow range 10
- 120. In one node environment is printJobAgeForStats property irelevant, interval is set to 0
minutes by aplication.
Generate data for Web reports: for generate web reports are used data prepared for CRS
reports.
CAVEATS
Web reports can only handle millions of print job information, after reaching about 2 000 000
records (1 record ~= 1 user x one day x one device), the old data are being automatically
deleted. For data storage over longer periods it is necessary to use OLAP data warehouse.
Detailed job information are stored only for a pre-defined time (one month by default, max 3
months)
YSoft SafeQ 5 246

February 03, 2016
Role based access is available for web reports only; OLAP reporting access is limited by SQL
server access permissions
LICENSING
Usage and Cost Reporting feature is separated in a license where each license has specific limitation if
license for the feature expires or is not available in a license. Without valid licence,
Pre-defined addressed reports - None pre-defined report is available on web interface.

Custom report definition - Web interface does not allow to create custom report. If also
pre-defined reports are disabled, menu for web reports is not available on web interface.
Export - Web interface does not allow export report to file.
Automatic reporting - Web interface does not display menu for definition of automatic
export and existing automatic report are disabled.
CRS connector - Data is not reported in Central reporting system and menu with CRS
reporting overview is not available.
3.1.23 USER ROAMING
USER ROAMING OVERVIEW
DESCRIPTION
User Roaming is a complementary feature to the Print roaming. It enables roaming users within the
customer infrastructure and provide autoconfiguration capabilities to their working environment. A user
with a portable computer is able to print via the nearest ORS or CML server so that travelling user
doesn't need to do any manual re-configuration of print queues.
Travelling users can benefit from this feature by automatically having their print jobs sent to local
SafeQ server, wherever they are. Users do not require any additional configuration in order to print in
any branch office of their company.
SafeQ Client automatically identifies the local SafeQ ORS server (or the local near-roaming-group of
ORS servers, or the local node of a CML cluster, as the case may be) based on current network
environment. It uses the selected detection algorithm. In case of failure, follows static configuration.
SafeQ Client shall support the following detection algorithms:
DHCP option
Obtains the YSoft SafeQ CML or ORS server IP address(es) from a particular DHCP
option. The DHCP option code is statically configured (LPR being defined by code 9) in
customer environment by local network administrator.
If multiple IP addresses are configured by DHCP option 9, the random one is used for job
delivery.
If the YSoft SafeQ Client gets no valid IP address from the local DHCP server, "Static
configuration" method is used instead .
Supported by YSoft SafeQ Client 2.12 and higher
YSoft SafeQ 5 247

February 03, 2016
Static configuration
Default configuration
The way of configuring a list of specific IP addresses or hostnames, useful for simple
single-location situations or as a fallback for the case of failed autodiscovery of every
other method (e.g. "DHCP option" method does not return any valid response - no IP
address, "Static configuration" method is used instead).
Autodiscovery - Based on IP subnet lookup (terminal session / workstation IP)

This feature allows SafeQ Client to deliver print jobs to different SafeQ servers, choosing
the destination server automatically.
Whole behavior is based on rules described in server_subnet.csv file.
SafeQ Client then delivers print jobs to a SafeQ server based on the IP subnet of the user
or the Client.
DEPENDENCIES
Print roaming must be configured.

SafeQ multi-server environment with single central CML system must be established, with
server in every location required for Print roaming.
YSoft SafeQ Client and print driver must be installed locally at any workstation / notebook
required for Print roaming
Global Identity management (common for all SafeQ servers in the network) must be established.
LIMITATIONS / CAVEATS
The "DHCP option" autodiscovery method requires that DHCP option 9 is manually configured in
the respective DHCP servers for each subnet where clients are expected to connect.
3.1.24 YSOFT MOBILE PRINT SERVER
Mobile Print Server Overview

Description
User stories
Requirements
Supported platforms, deployment options and dependencies.
YSoft SafeQ 5 248

February 03, 2016
MOBILE PRINT SERVER OVERVIEW
DESCRIPTION
YSoft Mobile Print Server that allows users to print documents from mobile devices such as smart
phones and tablets. The solution is based on commonly known experience - sending an e-mail with
attachment or uploading document via dedicated web page. Such document gets retrieved from Mobile
Print Server by SafeQ, processed and stored in the print queue. Users can release their jobs at any
printer in SafeQ environment.
1. User sends an email to defined mail server with attached document to be printed.
a. Alternatively, user can upload a document via Mobile Print Server web interface.
2. Mobile Print Server checks the incoming email folder (or upload folder), converts documents to
PDF format and delivers it to SafeQ secured print queue.
3. User receives confirmation email with option to access the document via web browser.
a. User can upload a new document.
b. User can list through already processed documents.
c. User can see a preview and documents pages information.
d. User can delete a document.
e. User can define the output print to be simplex/duplex and/or gray scale/color.
f. User can print a document via selected direct queue.
4. User authenticates at the terminals and releases the document.
Mobile Print Server is second generation of YSoft SafeQ Mobile Print solution, independent of previous
one.
List of main changes:
Support for Windows 2008, 2012 server

Support for both CML and ORS
Possibility to install on separate server to increase performance of Mobile Print Server and
SafeQ
YSoft SafeQ 5 249

February 03, 2016
Removed support of auto-registration of email address

New simplified mobile web interface
New improved messaging system
Improved performance of IMAP protocol
All major document formats are supported. These supported formats can be divided into several
groups according to their types:
MS Office document doc, docx, docm, dot, dotx, dotm, rtf, xls, xlsx, xlsm, xlsb, xltx, xltm, csv,
family ppt, pptx, pps, ppsx, pot, potx
Open Office document odp, ods, odt, ott

family
HTML and Mime HTML html, htm, mhtml, xhtml

documents
Images jpg, jpeg, png, bmp, gif, tiff, ico, wmf, emf, svg
Others txt, pdf, xml, fo, xps, epub
See Configuring Mobile Print Server for the configuration and deployment information.
See Using Mobile Print Server for the user workflow overview.
USER STORIES
1. EmailPrint As a User I want to print my documents by sending them to email and then
selecting finishing options at the web or terminal, so that I can print from any mobile device or
any computer without installing print drivers.
2. WebPrint As a User I want to print my documents by uploading them via secured web page
and then selecting finishing options, so that I can print from any mobile device or any computer
without installing print drivers.
REQUIREMENTS
Print job reception:
User shall be able to send a document to print via email.

User (authenticated to Mobile Print Server web interface) shall be able to upload document for
print.
Received email shall be converted and queued to SafeQ based on sender's email address (
EmailPrint) or identity of the user logged to the Mobile Print Server web interface ( WebPrint
):
email body shall be converted to PDF and queued as a print job (based on system
settings),
all attachments in supported file formats shall be converted to PDF and queued as print
jobs.
YSoft SafeQ 5 250

February 03, 2016
User shall be informed via reply to the email about success or failure of the acceptance and
conversion of "printed" data.
User shall be able to log into secured web page and perform following settings:
upload a new document,
delete a document,
release a document to a direct queue to be printed,
list through processed documents,
define duplex/simplex mode,
define color/gray scale mode,
see preview of a document and it's page information.
User authentication:
System shall be able to authenticate user based on following conditions:

login/password authentication to Mobile Print Server web interface (WebPrint),
system compares FROM: email address with the email addresses registered with SafeQ
Users.
System shall be able to inform unknown user (EmailPrint) via email, that the print job was
rejected.
Administration:
Administrator shall be able to define IMAP(s) or POP3(s) account for email printing.
Administrator shall be able to enable/disable direct printing from Mobile Print Server web
interface.
Administrator shall be able to customize/localize the e-mail notification messages.
SUPPORTED PLATFORMS, DEPLOYMENT OPTIONS AND DEPENDENCIES.
Mobile Printing Server requires online connection to a CML node or an ORS.

Microsoft .NET framework 4.5
Proper configuration of e-mail server and related settings in SafeQ CML or ORS.
E-mail account with IMAP(s) or POP3(s) for monitoring incoming jobs is required.
E-mail addresses and mailboxes must be provided by the customer. Mobile Printing may
increase load on the e-mail server, depending on environment sizing.
E-mail addresses (alias) defined for users using Mobile Print Server must be unique in the whole
SafeQ environment.
Target printer has to support plain PDF (PostScript print language) to be able to release the
converted job. For some MFPs the PostScript option is not available by default and could be
added additionally.
Recommendations and known issues
Every Mobile Print Server installation must use dedicated mailbox (e-mail address) for retrieving
print jobs.
YSoft SafeQ 5 251

February 03, 2016
Guest and anonymous printing is currently supported only with special license. For more
information see the article guest printing.
Use of Exchange IMAP is recommended.
Refreshing job list in Mobile Print web interface doesn't work on iOS devices.
Roamed jobs sent to a printer from Mobile Print web interface on ORS are not printed.
Job previews might not be displayed for some jobs in cluster environment.
When Mobile Print Server fails to process a job, the job is not being processed anymore and
could be lost.
Mobile web page is not reading and writing BW / duplex information properly.
iOS devices cannot be used for document upload at web interface.
Jobs are processed one at a time. Please consult sizing based on your environment with Y Soft
representative.
When uninstalling the Mobile Print Server, it is recommended to reboot the operating system to
ensure proper removal of Mobile Print service.
3.1.25 YSOFT SAFEQ CLIENT FEATURES
OVERVIEW
YSoft SafeQ Client is an optional component that delivers print jobs to YSoft SafeQ (CML and ORS)
servers. It can be used in place of the standard LPR protocol client (called "Standard TCP/IP Port" in
Microsoft Windows) to provide additional features, especially ones specific to YSoft SafeQ. It is typically
installed on end-user workstations or print servers (wherever printers are defined in the operating system),
and is a part of the printer definition. In Windows, it is implemented as a Windows Print Spooler Port Monitor
and an optional user interface application. In Linux and Mac OS X, it is a CUPS backend. In addition, a
command-line version, independent from the operating system's printing subsystem, is also available for
use in automated processes with a need to submit ready-made print jobs to a queue.
SUPPORTED PLATFORMS
YSoft SafeQ Client supports the following operating systems:
Microsoft Windows 32 bit (XP/Vista/7/8/8.1/10)

Microsoft Windows 64 bit (XP SP3/Vista/7/8/8.1/10)
Microsoft Windows Server 2003/2003R2/2008/2008R2/2012 (32bit/64bit) including Remote Desktop
Services (a.k.a. Terminal Server) and Citrix
Mac OS X Mountain Lion (10.8) / Mavericks (10.9) / Yosemite (10.10) / El Capitan (10.11)
Linux kernel 2.6 and CUPS, Python 2.4/2.5/2.6
Notes:
YSoft SafeQ Client does not support Microsoft Windows 8 and newer with v4 (bundled) printer
drivers. Vendors' v3 drivers must be used.
YSoft SafeQ Client for Mac OS X version 4 or higher is assumed (a native Mac OS X application).
YSoft SafeQ 5 252

February 03, 2016
Information Windows Linux Mac OS X
Approximate distribution package 13 MB 40 kB 3 MB

size
Installer type MSI/EXE shell DMG

script /MPKG
FEATURE AVAILABILITY ON SUPPORTED OPERATING SYSTEMS
Feature description Windows Linux Mac

OS
X
Identify user based on local user login
Identity user with a popup request to specify credentials (must be installed on

the local workstation, including print driver)
Store credentials for next print job (for more details see SafeQ Client
configuration options)
Specify billing/project code (available only when print driver is installed locally
on the workstation)
Display list of billing/project codes including search filter
Selecting a billing/project code can be mandatory or optional
Failover / loadbalancing support (Client can deliver print job to any available
YSoft SafeQ server in multi-server environment. The client must be installed
on the same workstation/server as the print driver and thus the failover works
from this location onwards.)
Geographical cluster support (Client delivers print job to a locally installed

YSoft SafeQ server. If the local server is unavailable, print job is automatically
delivered to another YSoft SafeQ server from the server list.)
Compress print job before it leaves the workstation
Encrypt print job before it leaves the workstation
Display estimated price of a print job, allow conversion from color to black and
white, display available money account balance (available only when print
driver is installed locally on the workstation)
Delegation Print (VIP Shared Queues) (available only when print driver is
installed locally on the workstation, but a solution using a rule in the Rule-
Based Engine is available as an alternative)
User roaming – Travelling users can print via the nearest ORS or CML server
without any manual re-configuration of print queues.
YSoft SafeQ 5 253

February 03, 2016
LICENSING
YSoft SafeQ Client does not require any extra license: it is licensed as part of YSoft SafeQ. As long as a
customer has a license for YSoft SafeQ (any modules and any number of devices), they can use YSoft
SafeQ Client on any number of computers, for any number of users.
SAFEQ WORKSTATION CLIENT PROTOCOL SPECIFICATION
Protocol Level 4
Generic
Communication
Getting values from server
Supported Get-* requests
Encryption
Authentication
Trusted client
Queue specification
Tags
Document
Finishing options
Values
Examples
Simple job with "testuser" account
Some comments on .NET implementation
Protocol Level 3 and older
PROTOCOL LEVEL 4
GENERIC
Protocol is message oriented. Client opens connection to server. Client sends request and server returns
response.
Each request from client MUST contain prefix %%%SafeQ-.
Each request from client MUST be terminated by '\n'.
Request MAY continue on next line only in defined cases, like sending block of data with defined length.
All requests MUST be encoded in UTF-8.
Request header is CASE INSENSITIVE. E.g. %%%SafeQ-Get-SomethingFancy equals to %%%safeq-

get-somethingfancy, but it is recommended to use CammelCase syntax which you can see in this
document.
Extra spaces in value part of request are NOT ignored and they're considered as part of value. E.g.: '%%%
SafeQ-Something: hello \n' will produce value ' hello '
COMMUNICATION
Client MUST initiate communication with following header:
%%%SafeQ-Check:\n
YSoft SafeQ 5 254

February 03, 2016
Server just ignore this message and it keeps connection alive. This command serves client to determine
which server is available for printing.
Client MUST send following request to initiate communication by protocol level 4.
%%%SafeQ-ProtocolLevel:4\n
This is necessary, because it allows SafeQ to determine proper processor for protocol.
Client MAY request encrypted communication - see section Encryption.
Client MAY send information about its version:
%%%SafeQ-Version:Windows 2.0\n
Client MAY send information that communication will be compressed in ZIP:
%%%SafeQ-Compression:ZIP\n
Client MUST send data in chunks. Each chunk must begin with header:
%%%SafeQ-Data:<length in bytes>\n
Then client MUST send amount of data declared in header.
Client MUST send length 0 when it finishes sending data:
%%%SafeQ-Data:0\n
Client MAY send information about job (only in case job parsing is enabled):
%%%SafeQ-JobInfo:<number of pages> [info about page 1] [info about page 2] ...\n
Where information about each page is in the following format:
<Page Number>|<Number of copies>|<Duplex>|<Paper size>|<DPI>|<Width in pixels>x<Height in

pixels>|<Color information availability>[|<Color/Mono>]
Getting values from server

Client MAY ask server for specific values with Get request. Where <VARIABLE> is replaced by name of
variable
YSoft SafeQ 5 255

February 03, 2016
%%%SafeQ-Get-<VARIABLE>:\n
When server does not support requested value it MUST send:
%%%SafeQ-Unknown:\n
When server supports value it MUST send reponse with:
%%%SafeQ-<VARIABLE>:<VALUE>\n
Supported Get-* requests

Retrieve job status - request:
%%%SafeQ-Get-JobStatus:\n
Response:
%%%SafeQ-JobStatus:[OK|Abort]\n
Retrieve job size - request:
%%%SafeQ-Get-JobSize:\n
Response:
%%%SafeQ-JobSize:<SIZE>\n
Retrieve link for browser - request:
%%%SafeQ-Get-BrowserLink:\n
Response:
%%%SafeQ-BrowserLink:<LINK-URL_ENCODED>\n
Note: Size of browser window should be determined on client side from the HTML element body.
Retrieve permission for job parsing on client side:
%%%SafeQ-Get-JobParsing:\n
YSoft SafeQ 5 256

February 03, 2016
Response in case client is allowed to parse job:
%%%SafeQ-JobParsing:1\n
Request for license feature:
%%%SafeQ-Get-License:[Compression|Encryption]\n
Response:
%%%SafeQ-License:[Enabled|Disabled]\n
Request for graceful disconnect:
%%%SafeQ-Get-ConnectionClose:\n
Response:
%%%SafeQ-ConnectionClose:OK\n
Encryption
Client MAY request encryption - via TLS - STARTTLS. (Further info about STARTTLS - http://en.wikipedia.
org/wiki/STARTTLS)
%%%SafeQ-Get-Encryption:TLS\n
Server MUST respond:
in case of success %%%SafeQ-Encryption:OK\n
in case of failure %%%SafeQ-Encryption:FAILED\n
After acknowledging encryption from server side client MUST initiate TLS handshake.
Authentication
It is possible to authenticate user. The Client MUST send at least one of the following headers:
%%%SafeQ-Login:<LOGIN>\n
%%%SafeQ-Password:<PASSWORD>\n
%%%SafeQ-Card:<CARD>\n
Client MUST send request for verification of above user credentials:
%%%SafeQ-Get-Authentication:<METHOD>\n
YSoft SafeQ 5 257

February 03, 2016
Methods: LOGIN, PASSWORD, CARD
Server MUST respond:
in case of success %%%SafeQ-Authentication:OK\n

in case of failure %%%SafeQ-Authentication:FAILED\n
in case of email duplicity %%%SafeQ-Authentication:FAILED DUPLICATE EMAIL\n
Trusted client
The simplest way how to authenticate user is to send his SafeQ login in header.
%%%SafeQ-For:<LOGIN>\n
Queue specification
Client MAY specify printing queue (e.g.: Secure):
%%%SafeQ-LP:<QUEUE-NAME>\n
Tags
It is possible to set tags to job by sending following command.
It is possible to add user tag to queue name. Add tag name after queue name, delimiter is semicolon:
%%%SafeQ-LP:<QUEUE-NAME>:<TAG-NAME>\n
You can specify more tags, delimiter is comma. Do not add any extra spaces:
%%%SafeQ-LP:<QUEUE-NAME>:<TAG-NAME>,<TAG-NAME>,<TAG-NAME>\n
Tags are case sensitive.

Document
It is possible to set further information to document by following headers.
Set document title:
%%%SafeQ-Title:<TITLE>\n
Set note to document. Note MUST not contain EOL:
%%%SafeQ-Note:<TEXT>\n
Set name of sender's machine to the job:
YSoft SafeQ 5 258

February 03, 2016
%%%Safeq-MachineName:<TEXT>\n
In case job is cancelled by user (job may be incomplete), the following header is sent (before end of job
data header - %%%SafeQ-Data:0\n):
%%%SafeQ-JobStatus:Cancelled\n
Client MUST NOT send any further SafeQ-Data block with non-zero size of data block. If such a block
occurs then server terminates connection because of protocol violation.
FINISHING OPTIONS
It is possible to set finishing options by sending following commands before sending last block of data.
Set number of copies:
%%%SafeQ-Finishing-Copies:<NUMBER>\n
Set job as duplex:
%%%SafeQ-Finishing-Duplex:<DUPLEX-VALUE>\n
Where <DUPLEX-VALUE> is one of: None, ShortEdge, LongEdge
Set job as black and white:
%%%SafeQ-Finishing-BW:<BOOLEAN>\n
Set job to use stapler:
%%%SafeQ-Finishing-Stapler:<BOOLEAN>\n
VALUES
STRING - any string, it must not contain \n character

NUMBER - long number in Java, not float
BOOLEAN - true or false
EXAMPLES
It is possible to send job from command line. You can use netcat tool. Just store data into file in Unix format
(\n as line delimiter).
Netcat command:
nc localhost 9100 < job-file.txt
YSoft SafeQ 5 259

February 03, 2016
Netcat with timeout 2 seconds (Win):
nc \-w 2 localhost 9100 < job-file.txt
Simple job with "testuser" account
%%%SafeQ-Check:
%%%SafeQ-ProtocolLevel:4
%%%SafeQ-For:testuser
%%%SafeQ-Title:Test Page
%%%SafeQ-Version:Windows 2.0
%%%SafeQ-Note:Note
%%%SafeQ-Domain:YSOFT
%%%SafeQ-MachineName:PC054
%%%SafeQ-Get-BrowserLink:
%%%SafeQ-JobID:2
%%%SafeQ-Data:3
abc%%%SafeQ-Data:0
Some comments on .NET implementation

The protocol works wit sessions, one session = one TCP connection. The best way to send
// all commands of the session encoded in UTF-8

byte [][] commands;
// The memory stream capacity must be exactly the total size of input buffers (no trailing '\0'
characters)
using (var stream = new MemoryStream(commands.Select(c => c.Length).Sum()))
{
foreach (var cmd in commands)
{
stream.Write(cmd);
}
}
// Everything must be inside one TCP connection

var connection = new TcpClient(address, port).GetStream();
var buffer = stream.GetBuffer();
connection.Write(buffer, 0, buffer.Length);
connection.Close();
PROTOCOL LEVEL 3 AND OLDER

YSoft SafeQ is able to receive data using TCP data stream. This stream, sent by YSoft SafeQ Client,
contains some text fields (metadata), followed by raw print job data. Here is an example of data stream
including most frequently used metadata:
%%%SmartQ-CodePage: codepage
%%%SmartQ-For: username
%%%SmartQ-Title: title%%%SmartQ-LP: queue
%%%SmartQ-Sec: secureid
YSoft SafeQ 5 260

February 03, 2016
%%%SmartQ-Domain: domain
%%%SmartQ-JobID: jobid
%%%SmartQ-Zip: zip
<raw print job data>
Legend:
codepage: encoding mode for subsequent text fields - value "65001" means UTF-8.
username: login name of the user.
queue: queue on YSoft SafeQ server, where job will be stored (note: queue must match queue on YSoft
SafeQ).
title: print job title.
secureid: unique security identifier obtained by user authentication (replaces username).
domain: specifies domain of workstation, which is sending the print job to SafeQ.
jobid: local job identifier.
zip: indicates that following print job data is compressed.
YSoft SafeQ 5 261

February 03, 2016
RBE CLIENT NOTIFICATIONS
YSoft SafeQ 5 262

February 03, 2016
RULE BASED ENGINE CLIENT NOTIFICATIONS
DESCRIPTION
For better user experience a new type of options were added to Rule based engine:
Send YSoft SafeQ Client notification to job owner - upon job reception SafeQ Client will display
notification message
Action Delete print job - upon job reception to SafeQ this job is deleted from spooler
SEND NOTIFICATION TO SAFEQ CLIENT

There is new notification possibility in Rule Based Engine that allows to send popup into job owners
SafeQ Client. Text of popup can be defined by administrator using RBE variables and HTML tags.
DELETE JOB FROM SPOOLER

There is new action in Rule Based Engine allowing to delete job from spooler on reception. The file is
physically removed, we only keep information about the job in database.
YSoft SafeQ 5 263

February 03, 2016
USER STORIES
1. As an Administrator I want to set up rules which will notify the user's SafeQ Client when a job is
received by SafeQ in case the job is deleted - this is only one of many other cases.
2. As a SafeQ Client user I want to see the notification that administrator set to inform me about
job modification.
REQUIREMENTS
1. Administrator shall configure rules in Rule based engines with newly introduced options.
2. User shall install and configure SafeQ Client on his workstation.
LIMITATIONS
RBE Client notifications need to be configured together with one of following features: Billing Codes,
Price Estimations or Shared Queues.
LICENSING
Rule based engine Client notification is a feature licensed together with Rule-based engine.
3.1.26 YSOFT SAFEQ SECURITY OVERVIEW
This whitepaper describes the different configuration options for data security within YSoft SafeQ, required
configuration and related demands on customer infrastructure.
YSoft SafeQ 5 264

February 03, 2016
Print data security, also provided by YSoft SafeQ, is described in the Print roaming feature description.
COMMUNICATION PATHS
YSoft SafeQ, on very abstract level, is comprised of several network communication paths described in this
article. A general overview of the communication is as follows:
There are eight major paths available in YSoft SafeQ:
1. Communication from client workstation to SafeQ server – for printing.

2. Communication from terminal/reader to SafeQ server – for MFP level authentication
3. Communication from server to network printer / MFP, covering the following:
a. printing
b. AAA services - authentication, authorization and accounting
4. Integration with identity management database or identity / authentication provider or Certification
authority.
5. Connection from SafeQ server to SMTP mail server or shared network folder for data delivery.
6. Integration with 3rd party applications or systems
7. Inter-server communication in Distributed SafeQ Server system.
8. Administrator access to SafeQ web interface
DATA SECURITY OPTIONS

There are several data transfers realized over the described communication paths. Those data can be
secured by following means. Authentication and encryption details will be described further. See Data
Encryption Options for additional options.
Transferred Data Unencrypted Encrypted End-to-end

Encrypted
(1) Print from client computer By default
YSoft SafeQ 5 265

February 03, 2016
Transferred Data Unencrypted Encrypted End-to-end

Encrypted
Optional TLS Optional PKI-

(proprietary) based
(1) Print data storage at SafeQ By default Optional AES. Optional PKI-
server based
(2) Authentication data from terminal n/a Optional TLS n/a

to server (proprietary or SOAP)
(2) Copy / scan session data from n/a Optional TLS n/a
terminal to server (proprietary or SOAP)
(3a) Print from server to network By default Optional TLS (IPP over n/a
printer SSL)
(3b) Scan data delivery from MFP to By default Optional TLS (WebDAV n/a
server /S)
(4) SafeQ integration with identity By default (LDAP Optional TLS (LDAPS) n/a
database provider or JDBC)
(5) Scan data delivery from server to By default Protocol dependent n/a
destinations
(5) SafeQ integration with mail By default Optional TLS 1.0 n/a
server (SMTP)
(6) SafeQ integration with 3rd party Protocol Protocol dependent n/a
provider dependent
(7) SafeQ Inter server By default n/a n/a

communication
(8) Administrator access to SafeQ By default Optional TLS (HTTPS) n/a

web interface
Items marked with this symbol may not be available in SafeQ 5.
TLS BASED DATA ENCRYPTION

Authentication
By default, SafeQ supports unauthenticated TLS communication for data paths 1,2,3,4,5,7,8.
3rd Party communication model is based on individual applications and/or protocols.
Server Authentication is supported by default for data paths:
4 (SafeQ server verifies LDAP certificate & domain name)
8 (Administrator web browser verifies SafeQ server certificate & server hostname).
Server Authentication is supported (using extended key management) for data paths:
YSoft SafeQ 5 266

February 03, 2016
1 (Client computer verifies SafeQ server certificate & server hostname. YSoft SafeQ Client
and printer drivers must be installed at the workstation, printer sharing from central server is
not possible)
2 (SafeQ terminal verifies SafeQ certificate & server IP address)
3a (SafeQ server verifies printer certificate & printer hostname)
3b (MFP verifies server certificate - this depends on MFP capabilities and requires trusted CA)
5 (SafeQ server verifies mail server certificate)
7 (ORS server verifies CML server certificate)
Client authentication is supported for:
2 (SafeQ server verifies SafeQ Terminal; this is valid for terminal professional only)
Key management (trusted CA):
Administrator uploads trusted issuer (CA) certificate to SafeQ.

SafeQ Server Certificate(s) - for Terminals, Workstation Clients and administrator workstation(s).
Administrator creates certificates for all servers using Trusted CA.
Server certificates (private keys) are stored in password protected key store on the SafeQ
server disk. Password is hard-coded to the application.
Client can verify the server identity using certificate trust and server host name / ip address.
MFP Certificates
MFPs are verified using trusted certificate and hostname.
LDAP Certificate
LDAP server is verified using trusted certificate and hostname.
Key management (without trusted CA):
SafeQ Server Certificate(s) - for Terminals, Workstation Clients and administrator workstation(s).
Administrator creates self-signed certificates for all servers.
Server certificates (private keys) are stored in password protected key store on the SafeQ
server disk. Password is hard-coded to the application.
SafeQ Client displays "accept certificate" dialogue upon first print and stores the certificate to
Workstation store.
MFP Certificates
SafeQ retrieves X509 certificate on first connection to the MFP.
LDAP Certificate
SafeQ retrieves X509 certificate on first connection to the MFP.
AES ENCRYPTION FOR PRINT DATA STORAGE AT SAFEQ SERVER (DATA AT REST)
In case of not using PKI Based end-to-end encryption, unique AES session key generated by SafeQ client
and exchanged with SafeQ server using authenticated TLS session (1).
Key is stored with every job in SafeQ job database (SQL). Data are stored on hard drive encrypted
as received from client (1) and decrypted only into temporary memory only before delivery to the
printer (2).
Note that this functionality is currently not available.
YSoft SafeQ 5 267

February 03, 2016
USER PKI BASED DATA ENCRYPTION

SafeQ can provide end-to-end encryption using smart card based PKI. SafeQ Workstation client would
encrypt the data using authenticated user's public key on before communication to the SafeQ server (1).
The data would be decrypted by SafeQ Terminal Professional using communication path (2). Decryption is
managed by user's private key stored on his/her smart card inserted to the terminal. Unencrypted data
Note: this feature is currently not available in SafeQ and would have to be developed on request.
TERMINAL AUTHENTICATION
SafeQ 5 support user authentication to the terminal in various modes (see Terminal Authentication Matrix).
Terminal always communicates authentication data (PIN codes, Card Numbers or User Credentials) via
secured TCP/IP communication to SafeQ server.
Authentication data are verified by following means:
For ORS - data are ALWAYS verified with Local Data Cache and (only if not found locally) with CML.
For CML - PIN codes and Card Numbers are verified by sub-string match in SafeQ SQL database.
(see Identity management). PIN codes are typically stored in form of one-way hash. Data are
replicated to ORS data caches in scheduled intervals or on demand (by Administrator or 1st User
Access).
User Credentials (Login/Password) on CML are verified either by sub-string match in SafeQ SQL
database (if manually assigned to the user), with Kerberos 5 (see next chapter) or with LDAP - using
LDAP/S authentication mechanism. Locally stored passwords (hashes; if available) are replicated to
ORS data cache. If the password is found in ORS data cache, CML server (and further LDAP server
is not used)
KERBEROS V5 BASED USER AUTHENTICATION

SafeQ 5 supports user authentication using Kerberos v5 for following communication paths:
Administrator authentication from web browser(8)

To access the Web Administration, users are authenticated with a name and password. The
internal SafeQ database and Active Directory / LDAP or Kerberos v5 (SafeQ 5) serve as the
authentication and authorization data storage. Users are authorized by verifying their names
and passwords for the internal database only [Passwords are stored only hashed using secure
hash function], and, in case of an unsuccessful verification, for the Active Directory/Kerberos
as well. Each user with a valid name and password has access to the system with credentials
level defined by master administrator (internal user: admin, password can be changed).
Single sign on (SSO) to the web interface is supported if a user is logged in a domain and
uses a browser that supports Integrated Windows Authentication (IWA). SafeQ uses Windows
Authentication Framework (WAFFLE) to ensure the Access.
Login to SafeQ Terminal Professional via Smart Card that contains user private key and
certificate.
Kerberos query is made by SafeQ server (4)
Encrypted data path (2) is used by SafeQ server to access the smart card (inserted to
terminal) and sign/decrypt communication to/from Kerberos v5.
YSoft SafeQ 5 268

February 03, 2016
Login to SafeQ Terminal Professional via username and password.

Kerberos query is made by SafeQ server (4)
Encrypted data path (2) is used by SafeQ server to acquire username and password from
terminal (where entered by user)
AUTHORIZATION MODEL
YSoft SafeQ is managed via a centralized web interface.
It uses Role-based access control (RBAC) with Capability model for certain system operations. The
administrator can create multiple roles and delegate selected administrative and managerial permissions
and operations to these roles. It is also possible to define personal user accounts with full administrative
privileges, and disable the default, anonymous administrative account.
SafeQ supports replication of roles from external sources (e.g., Active Directory/LDAPS or CSV file) with
additional administration within SafeQ.
With Active Directory and eDirectory, the SafeQ system takes advantage of advanced Active Directory
specific replication information to optimize the replication process.
IMPACT TO SYSTEM RESPONSE SPEED

This chapter is only related to data paths (1, 2 and 3a). For other communication paths the delay doesn't
have any measurable impact to end user experience.
Data delivery throughput for PKI-based encryption via Terminal Professional is about 512 kbps.
Data delivery throughput for TLS based encryption (SSL over IPP) depends on the speed of the target
printer.
YSoft SafeQ 5 269

February 03, 2016
INTERNAL SYSTEM AUDIT LOG

SafeQ logs all CRUD operations to log file(s) on the file system using standard Log4j logging library. Manual
administrative operations are tracked by the system in dedicated audit logs, which are accessible to
delegated users in the web interface.
Passwords and authentication data are not logged. Access to the log files is not controlled and must be
managed on operating system level.
DATA STORAGE METHODS AND ACCESS TO THE SYSTEM

All data within the operation of the system is stored in the following ways:
Internal SQL database. In case of embedded PGSQL/MSSQL Express, the database is accessible
only via the local host interface. In case of an external DB, the security model is the responsibility of
the database administrator. The database is accessible only with the name and password stored in
the configuration file.
Internal Configuration Files. Are stored in the SafeQ operation directory in a text format. The data
is secured on the same level of access as relevant directories and OS.
External Data sources. Configuration dependent. For LDAP integration security, please see LDAP
Integration Security document.
All passwords and user codes are stored in the configuration files and database in an encoded form
(one-way encryption is used). Access data to external systems (including access to the SQL DB
SafeQ itself) is stored as encoded by an AES-256 encryption (using hardcoded key).
Print job data is stored temporarily on the file system in the plain unencrypted form as received from
the source workstation, or optionally encrypted as specified in previous chapters. Using system
configuration, this data can be automatically deleted (not wiped) after print or administrator defined
expiration time.
USED TECHNOLOGIES
The whole solution is proprietary. Oracle Java 7 is used for System Core, MS .NET 4.5 Framework for MFP
integration and Apache Tomcat, MS SQL or PostgreSQL Database Engines are among standard 3rd party
components used in the solution.
DATA PROXY SUPPORT

All communication paths defined in first chapter of this document can be routed via SOCKS 4 proxy. HTTP
proxy or authenticated SOCKS5 proxy is not supported.
ADDITIONAL NOTES
Some print drivers support print job data encryption for particular printer. This feature can only be used for
direct print to the specified device.
Authentication data are not stored in any caches.
All session timeouts in the system (administrative console or terminal access) are administrator definable
using centralized web interface.
There are not practical limitations regarding character sets and length for usernames and passwords.
Certain MFPs may impose additional limitations on their own.
YSoft SafeQ 5 270

February 03, 2016
DATA ENCRYPTION OPTIONS
APPLICATION COMMUNICATION
By default SafeQ uses SSL based, authenticated encryption for all application level data transfers (server-
terminal, inter-server) based on built-in RSA keys and X509 certificates. Keys and certificates can be
replaced by customer certificates and are stored on the file system in encrypted file (using built-in, non-trivial
password).
PRINT DATA ENCRYPTION OPTIONS
Option Description Pros & Cons
No Encryption Data are transferred over network in This is default configuration

plain form
Network data transfers are not
secured by any means other than
network security
IPsec Encrypted Print Data from Doesn't need any software at the
Workstation to SafeQ (Print) Server workstation or special configuration of
and from Server to Printer SafeQ application
Requires IPsec support on all

Workstations, Printers and Print Servers
Data on the print server are not

encrypted and requires Security setup at
the Server
Application based Encrypted Print Data From SafeQ Doesn't need support on infrastructure
SSL encryption (Print) Server (shared printer) and /network level
(Server-Printer) from Server to Printer
the Server
Key management: SafeQ server

retrieves Printer Certificate at first
connection and uses the certificate until
administrator removes the certificate via
web interface
Printers must support IPP over SSL

communication.
Application based Encrypted Print Data from Doesn't need support on infrastructure
SSL encryption Workstation to SafeQ (Print) Server /network level
(Workstation-Printer) and from Server to Printer
Requires print drivers and SafeQ
client to be installed on all workstations.
YSoft SafeQ 5 271

February 03, 2016
SafeQ provides unattended deployment,

however it needs to be configured PER
LOCATION (SafeQ server address)

the Server
Key management: Windows Client

uses standard system key store to get
server certificates. SafeQ server
administrator removes the certificate via
web interface

communication.
Application based Encrypted Print Data from Print data are encrypted all the way,
PKI encryption Workstation to Printer including data-at-rest on the server.

Requires Smart Card Based PKI and

SafeQ Hardware at every Printer

communication.
By default, SafeQ doesn't use any type of print data encryption. Print data encryption can significantly
(5x) slow down the print speed.
DATA-AT-REST (PRINT SERVER) ENCRYPTION OPTIONS
BitLocker/EFS System-based encryption of print data at Doesn't need any software

server and data access limited to SafeQ modifications/configuration of SafeQ
service only application
Domain administrator is able to

access and copy data from the server
YSoft SafeQ 5 272

February 03, 2016
Application Encryption of print data at server using Requires software modifications

based hard-coded encryption key /configuration of SafeQ application =
encryption on currently not supported
server
It is non-trivial for Domain
administrator to access and copy data
from the server, however not impossible
(via decryption of hard-coded key)
Application Encryption of print data at server using Requires software modifications

based random key, generated with every print /configuration of SafeQ application =
encryption at job and stored to SafeQ database, currently not supported
workstation encrypted by hard-coded key
It is non-trivial for Domain

administrator to access and copy data
from the server, however not impossible
(via decryption of hard-coded key)
By default, SafeQ doesn't encrypt the data at the server.
SCAN DATA ENCRYPTION OPTIONS
No Encryption Data are transferred over This is default configuration, MFPs scan
network in plain form using email, FTP or SMB protocols
(authenticated, un-encrypted)
Network data transfers are not secured

by any means other than network security
IPsec Encrypted Scan Data from Requires IPsec support on MFPs and
MFP to SafeQ (Print) Server Print Servers

encrypted and requires Security setup at the
Server
Doesn't have any additional

requirements to MFPs, SafeQ Server and
Mail/File Servers
YSoft SafeQ 5 273

February 03, 2016
Application based SSL Encrypted Scan Data From Doesn't need support on infrastructure
encryption (MFP- MFP to SafeQ (Print) Server /network level
Server)
encrypted and requires Security setup at the
Server
MFP must be able to send data via

WebDAV/S - and modification at SafeQ level
is required

administrator removes the certificate via web
interface
Application based SSL Encrypted Scan Data From Doesn't need support on infrastructure
encryption (MFP- MFP to SafeQ (Print) Server /network level
Server-Email) and Mail Server
Data are not stored on the server, but
removed immediately after delivery
MFP must be able to send data via

WebDAV/S - and modification at SafeQ level
is required
SMTP server must support SSL

communication - and modification at SafeQ
level is required

administrator removes the certificate via web
interface
By default, SafeQ doesn't use any type of print data encryption. Print data encryption can significantly
(5x) slow down the print speed.
Printers must support IPP over SSL communication.
LDAP INTEGRATION SECURITY
INTRODUCTION TO LDAP DIRECTORY SERVICES

The acronym LDAP stands for Lightweight Directory Access Protocol, a protocol invented to access
directory services and intended as a simplification of DAP (Directory Access Protocol) family of protocols
YSoft SafeQ 5 274

February 03, 2016
which are defined in the X.500 family of standards. Today, LDAP is widely used mainly thank to the strong
support of the protocol in OpenLDAP (Open Source Directory Service), Novell eDirectory (formerly Novell
Directory Services) and Microsoft Active Directory.
For more information about LDAP, please refer to the following documents:
http://tools.ietf.org/rfc/rfc4510.txt
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
How to view and set LDAP policy in Active Directory http://support.microsoft.com/kb/315071
From the SafeQ perspective, LDAP support is essential because it is now one of the major ways how to
access corporate user account information. SafeQ uses such information for seamless authentication of
users.
SafeQ may retrieve the following information from a directory service (depends on configuration):
User account information (name, e-mail address, login name and any aliases, assigned cost center).
Password is not retrieved.
Card number and PIN.
Group membership (translated to SafeQ roles).
Groups (translated to SafeQ Roles for Role-based Access Control)
YSOFT SAFEQ LDAP REPLICATION

LDAP Replication is a technology for integrating SafeQ with LDAP-based directory services. Instead of
querying data of individual users, it periodically replicates data from selected directory trees directly to
SafeQ.
Traditional approaches to replication usually provide a challenge in designing and configuring the system
integration with directory service or multiple directory services, however SafeQ LDAP Replication
technology is designed to be deployable in small and big environments.
Replication is a process where data are copied from one data source to another. We only need to discuss
the one-way replication where one source acts as master, where modifications happen and the other acts
as subordinate, which stores data in read only manner. In our case, the master is the directory service and
the subordinate in SafeQ. During the replication, new data are copied from directory service to SafeQ,
existing data are updated and deleted data are marked as deleted.
The SafeQ LDAP Replication technology comes with the following features:
Integration with multiple directory services. SafeQ can also handle situations where single user
account exists in multiple directory trees or services or when user is a member of a group, which
exists in different tree or service.
Security awareness. SafeQ never replicates user passwords, even if it is technically possible or
permitted by the directory service.
Performance. SafeQ LDAP Replication operates in two modes: differential and full replication.
Differential replication replicates only changes occurred since the last (differential) replication. Full
replication replicates the entire directory tree(s) according to configuration.
By default, SafeQ replicates the following attributes (applies to Microsoft Active Directory configuration):
YSoft SafeQ 5 275

February 03, 2016
User: GUID, sAMAccountName, cn, sn, mail, memberOf; optional attributes: homeDirectory,
department, custom attribute with card ID such as otherPager
Group: GUID, sAMAccountName, description
User membership in a group is determined using the memberOf attribute. All replicated groups are
translated into SafeQ roles.
SAFEQ 5.0 LDAP REPLICATION CONCERNS

Using data replication may rise concerns about the integrity of the data stored in the system. Here we list
typical problems into which the IT Administrator may run and their solutions. Here we list typical concerns
and explain why the LDAP Replication is a solid and viable solution. The explanation is provided as pairs of
concerns and explanations.
Area Concern Explanation
Data SafeQ stores a redundant copy of my SafeQ stores a read only copy of the
Redundancy data which may get invalid by local replicated data and correctly propagates all
changes. changes to the system. This way, data are
only provided in a way which generates less
overhead - data are replicated more
efficiently in batches.
Data It is not feasible to make local SafeQ maintains local and replicated data
Redundancy modifications as they will be overriden separately. For example if a user account
when replication occurs. has two ID cards, one replicated and one
added manually, the system will never
automatically delete the manually added
card.
Replication SafeQ leaks out potentially sensitive data All data stored in the system would be
of Sensitive by using replication. available to SafeQ even by using online
Data connection anyway. all the replicated data
would be available to SafeQ anyway and
stored in-memory, visible in reports, log files,
web interface and other parts of the system
which tracks and displays information.
Leaking Replication leaks out user passwords or SafeQ never replicates user passwords, even
Passwords at least stores them in less secure way. if it is technically possible. Password-based
authentication is handled using online
connection to the directory service.
Invalidation It is impossible to quickly invalidate user Differential replication (which also propagates
of User credentials. user credentials) has a very low overhead
Credentials (depending on the amount of changes in your
directory service) and can be run every few
minutes without raising the load imposed on
the directory service agents. This way, the
credential change is propagated very quickly.
YSoft SafeQ 5 276

February 03, 2016
How does Differential Replication work?
Differential Replication mode requires a mean of tracking changes in the directory service to operate
correctly. When connected to the active directory, USN (Universal Sequence Numbers) are used to track
changes. When connected to Novell eDirectory, modification timestamps are used to track changes.
Differential Replication has currently one limitation: it is not possible to replicate deletion of objects. This is
based on the limitation of the most common directory services (Microsoft Active Directory and Novell
eDirectory) which provide no reliable way to track object deletion. Full Replication however replicates even
object deletion correctly.
RECOMMENDED CONFIGURATION
Regardless of the number of directory service you are going to use, you shall follow some basic guidelines
when configuring the LDAP Replication.
Schedule Differential Replication to run several times a day (even as often as every couple of minutes) and
Full Replication to run once a day, out of office hours. If you have 24/7 environment, schedule the full
replication to run off-peak hours.
If you have a complex rule structure, do not forget to correctly configure maximum page size in SafeQ.
Otherwise, only portion of the data will be replicated to SafeQ.
SCAN MANAGEMENT SECURITY OVERVIEW

YSoft Workflow scanning allows user seamlessly transfer data from MFP/scanner to defined destination.
The scan process is divided into several parts.
Scanning Overview
WORKFLOW SCANNING (SCAN TO HOME) DIAGRAM

This workflow is typically used for Workflow scanning or Scan Tracking.
YSoft SafeQ 5 277

February 03, 2016
CARD / PIN BASED AUTHENTICATION AND SCAN TO NETWORK FOLDER
PKI (SMARTCARD BASED) OR LOGIN/PASSWORD BASED AUTHENTICATION AND SCAN TO NETWORK FOLDER
YSoft SafeQ 5 278

February 03, 2016
SCAN TO OWN EMAIL
1. User information is typically replicated from LDAP server using secured (server-authenticated) LDAP
/S connection. This step is however purely optional. See Identity management for additional details.
2. User swipes/inserts the card and/or enters the PIN code. The information is transferred to SafeQ
using TLS based secure protocol (with client only authentication - server verifies identity of terminal).
Sever looks up the internal SQL database to find the user record connected with the entered PIN
code or card ID.
a. if Smart Card authentication or login/password authentication is used SafeQ server uses
Kerberos v5 protocol to get the Ticket Granting Ticket information (TGT) form Kerberos server.
b. Kerberos sends encrypted information back to the server
c. Server uses the secured connection to decipher the data
d. Server gets the deciphered data and looks up the internal database for respective user record
3. If the user is authorized to scan, the device panel is unlocked (either using serial smart blocking
cable from terminal or internal mechanism in case of MFP panel integrated (embedded) terminal.
4. User scans the data. MFP transfers the data using configured protocol (differs per MFP capabilities).
a. The most common option is data transfer via unsecured SMB of FTP protocol. (Target IP
address and folder is pre-configured at the MFP during initial MFP configuration).
b. Some devices allows data transfer using secured WebDAV protocol with server
authentication.
5. SafeQ gathers the accounting data using several mechanisms (see Print tracking methods). If the
online accounting method is used, SNMP protocol is used to gather the current page meter
information from the printer.
6. In case of vender provided accounting, the accounting information is transferred to SafeQ from
printer using SOAP or HTTPS POST message.
7. SafeQ server transfers the data using administrator-configured protocol.
In case of scanning to owner's email, data are transferred as email attachment. SafeQ server
accesses the email server using configured account with secured password authentication.
Data are transferred in plain form.
YSoft SafeQ 5 279

7.
February 03, 2016
In case of scanning to the network folder, the scan is delivered to the home folder specified in
user record (inside SafeQ SQL database). Authentication to the network folder is based on
privileges of the system account that runs SafeQ to access the folder. The system account
MUST have the write access to all network home folders.
(7.a) In case of PKI based or login/password authentication used with:
Terminal Professional, SafeQ users Kerberos Ticket Granting Ticket (TGT) service and
impersonates the user to access the home folder. In such a case, no special privileges
for the system account that runs SafeQ are needed. Configuration can be done by
following description at Smart Card support
Terminal Embedded, SafeQ service must have full access to write to the home folders
of the users. Kerberos Ticket Granting Ticket (TGT) cannot be used.
NOTE: When a user is a member of the Administrators group and this workflow is used,
the job will be stored under the Administrators context, not the original user.
SESSION AUTHENTICATION
Both scan collection and scan delivery processes require authenticated user session to be established prior
the operation starts. User authenticates at terminal and selects scanning mode. Server receives the
authentication request (i.e. card swipe, SmartCard certificate verification, user credentials) via secured
network connection and verifies with configured data source (i.e. Active Directory) . If the verification is
successful SafeQ establishes a session, including all user information (i.e. user email, login name, home
folder, ...) . These information are used as a metadata for data delivery process.
DATA COLLECTION
SafeQ can be configured to receive data from source MFP in many ways. There is no special or additional
security level for the data collection part. The most common methods are data reception via email (SMTP)
or hot folder (SMB or FTP). The data flow is following:
1. User scans the document at the MFP.

2. MFP stores the document to the configured destination (repository).
3. SafeQ server service monitors the configured repository for new data.
4. SafeQ server service collects the data, verifies if there is related user session available and transfers
the data to Data Delivery process.
a. if the user session is not established, the data is dropped and deleted.
DATA DELIVERY
SafeQ collects the data from the hot folder and delivers it to ONE defined destination. The delivery process
is limited by several items:
1. The delivery is only executed, if there is an authentication user session associated with the collected
document (i.e. the creator of the document is known).
2. For scan to email workflow, SafeQ server uses configured SMTP server to deliver the email.
Connection to SMTP server can be authenticated using service account defined in SafeQ
configuration file.
3. For scan to folder / home folder, SafeQ server tries to access to the destination folder using Windows
file access or SMB protocol.
a. By default, service account used for running SafeQ service at the server (or SafeQ daemon for
Linux environments) must have write access to the target directory - Authentication to the
YSoft SafeQ 5 280

3.
a.
February 03, 2016
target directory is managed on the Operating System Level. For scan to home feature, this
means, the service account must have the write access to ALL user home directories. Home
directory information is associated with the authenticated user's record in SafeQ Identity
Database.
b. In case of configured Kerberos5 authentication (and login by Domain Credentials or Smart
Card) SafeQ uses Kerberos TGT to access the network folder (using SMB/CIFS protocol)
4. For scan to script feature, the command line script is executed for every scanned (collected) file.
SafeQ passes several parameters to the script - authenticated user's name, user's home directory,
path to collected file, source device information. The script is executed with the credentials of the
Service account used for running SafeQ service at the servers.
PERSONAL USER INFORMATION IN SAFEQ
PERSONAL USER INFORMATION IN SAFEQ
Personal User Information in SafeQ

Abstract
Definition of Personal User Information
Examples of Structured and Unstructured Data
Personal User Information in Unstructured Data
Personal User Information in Print Jobs
Who has access to such information?
Personal User Information in Scanned Documents
Personal User Information in Structured Data
User Account Information and Credentials
Personal Information in other system entities
ABSTRACT
This document deals with how personal information about users in processed in SafeQ with respect to
different data sources, the lifecycle of data processing and potential legal implications, such as Act No. 101
/2000 Coll., on the protection of personal data in the Czech Republic.
DEFINITION OF PERSONAL USER INFORMATION
For the purpose of this document, the data which might be containing personal user information are referred
to as entities. We make an intentional distinction between Corporate Entities where all information
contained therein is coming from, related to and possibly owned by the legal body operating the SafeQ
system and Mixed Entities which may contain personal user information.
In this document, we also refer to data structure and make important distinction between unstructured data,
where the SafeQ system does not work with the data in a structured way (i.e. identifying elements of
information in the data and relationships between such elements) and structured data where the data
structure is taken into account.
Examples of Structured and Unstructured Data
1. Structured Data
a. Data exchanged between SafeQ and Identity Management Systems (e.g., Active Directory,
OpenLDAP)
b.
YSoft SafeQ 5 281

1.
February 03, 2016
b. Device information describing connected Printers and/or Multifunction Devices managed by

SafeQ
c. Cost Centers or Billing Codes managed by SafeQ system depicting corporate or management
cost structure of the organisation using the SafeQ system
2. Unstructured Data
a. Print Jobs received and managed by the SafeQ system
b. Scanned Documents received and managed by the SafeQ system
PERSONAL USER INFORMATION IN UNSTRUCTURED DATA
SafeQ system processes the following kinds of unstructured data which may contain Personal User
Information:
1. Print Jobs
2. Scanned Documents (also referred to as Scans)
Personal User Information in Print Jobs

SafeQ system extracts information from Print Jobs constituting a Print Job Entity. This entity is stored in
SafeQ system for archiving and reporting purposes.
The relevant extracted information is:
1. (Optional) Job Title which may be specified as part of the print job data stream by means of
appropriate PCL commands. Such job title contain and refer to the contents of the print job or the
original document which was printed by a user resulting in the print job. Job Title may also be linking
the document to a particular person(s).
2. (Optional) Job Owner which is specified either as part of the print job data stream or as part of the
communication protocol used for receiving the print job by the system. The Job Owner links the print
job to a particular user account, which may or may not correspond to a real person(s).
This information is tracked for the purpose of reporting printed volumes on a per-user basis.

This information is accessible to particular users, who can view only Print Jobs which have this particular
user identified as Job owner.
The SafeQ system usually defines one or more administrator user accounts (by default, the user account is
called “admin”). Such user accounts have permissions to view the Job Title and Job Owner information of all
print jobs.
The visibility of Job Title CAN BE DISABLED by using the configuration property:
Display title of print job on the Web
If this configuration property is set to disabled, than no user accounts have permissions to view the titles of
print jobs in the SafeQ system Web Interface. Not even the user accounts identified as Job Owner can view
the Job Title(s) of appropriate Print Jobs. This means that the Job Title of any Print Job cannot be retrieved
from the system by any standard means.
The visibility and traceability of Job Owner CAN BE DISABLED by using the configuration property:
Display user identity information in YSoft SafeQ Web reports
YSoft SafeQ 5 282

February 03, 2016
If this configuration property is set to disabled, than Job Owner information is never displayed in SafeQ Web
Interface or in SafeQ Reports. This means that there is than no standard way, how to connect particular
Print Job(s) or print volumes with particular user account(s).
Personal User Information in Scanned Documents

SafeQ system associates Job Owner information with each Scanned Document by various technical
means, which depend on the type of connected multifunction device, system configuration, etc.

This information is accessible to particular users, who can view only Scanned Documents which have this
particular user idetified as Job owner.
The SafeQ system usually defines one or more administrator user accounts (by default, the user account is
called “admin”). Such user accounts have permissions to view the Job Owner information of all Scanned
Documents.
The visibility and traceability of Job Owner CAN BE DISABLED by using the configuration property:
Display user identity information in YSoft SafeQ Web reports
If this configuration property is set to disabled, than Job Owner information is never displayed in SafeQ Web
Interface or in SafeQ Reports. This means that there is than no standard way, how to connect particular
Scanned Document(s) or print volumes with particular user account(s).
PERSONAL USER INFORMATION IN STRUCTURED DATA
User Account Information and Credentials

The SafeQ system stores information about user accounts and related credentials. The following
information is stored with the User Mixed Entity:
Login Name
First (Given) Name
Surname
Password
Card IDs and PIN Numbers
E-Mail
Home Directory (*)
Cost Center associated with the User Account (*)
Default Billing Code for the User (*)
Elements marked with (*) are system-related settings and are not relevant for storing Personal Information.
All other elements may, but not necessarily must potentially contains personal information, however it is
crucial to define, how are these elements maintained.
YSoft SafeQ 5 283

February 03, 2016
User Accounts are created and managed in one of the following ways:
1. The User Account(s) are created and managed using the SafeQ web interface. By default, users can
access information related to their User Accounts only if and only if they can authenticate with the
system using their password. Administrator user accounts can manage any User account in the
system.
2. The User Account(s) are “imported” or “replicated” to SafeQ system using technical means from
another systems. Corporations usually employ systems for managing user identities and credentials,
usually referred to as Identity Management systems. SafeQ, if properly configured, can retrieve user
information from such systems.
Whether User Entity in SafeQ contains Personal Information depend on the policy governing what
data are entered to the system (above mentioned 1) or policy governing corporate identity
management (above mentioned 2).
SafeQ is using User entities for authentication and reporting, where the traceability of particular print
jobs / scanned documents to particular User Account(s) can be disabled by configuration (defined
above).
For more information refer to Adding and configuring users and Identity management in SafeQ
documentation.
Personal Information in other system entities
Besides the User mixed entity, the SafeQ system operates with the following entities:
1. Device (sometimes referred to as MFP)

2. Cost Center
3. Role
4. Billing Code
All these entities are Corporate Entities. They are created by the corporation using the SafeQ system
to manage the printing environment.
These entities usually model corporation organisation structure, structure of departments and cost
allocation policies. Cost Centers, Roles and Billing Codes are associated with particular User entities,
but on M:N basis, i.e. many User entities may be associated with a particular Cost Center / Role or
Billing Code, but many Cost Centers / Roles or Billing Codes are also associated with a particular
User account.
For more information refer to Web interface - Devices.
3.1.27 YSOFT SAFEQ SERVER
OVERVIEW
Deployment of YSoft SafeQ solution requires installation of YSoft SafeQ server, which puts user
management, device management and additional system integrations at one place. Additional features may
require additional systems to be installed and configured.
YSoft SafeQ 5 284

February 03, 2016
Name Description
YSoft SafeQ YSoft SafeQ Central Management Layer

CML
This is the core component of YSoft SafeQ solution, which handles user authentication
from the terminals/readers and manages user print queues. Simple web administration
interface allows system configuration, including Active Directory integration, device
management, web reporting and connectivity with other parts of YSoft SafeQ solution (e.
g. Central Reporting Services, Offline Remote Spooler, Mobile Print Server and other).
CML requires an SQL database with real-time and configuration data.
YSoft SafeQ YSoft SafeQ Central Reporting Services [optional]

CRS
Statistical and accounting data from all connected devices are centrally collected and
evaluated in the SafeQ Central Reporting System, based on MS SQL OLAP Analytics
Services. The CRS server receives and processes data from any number of SafeQ
CML clusters.
Typically is used in large enterprise installations as a data reporting tool.
YSoft SafeQ Offline Remote Spooler [optional]

ORS
Serves as a proxy application that can run on a local print server. It does not require
configuration, database nor provides any management interface. This system is used
spooling and managing print jobs, devices, users and reports data back to the main
YSoft SafeQ Server (CML). Offline Remote Spooler contains internal data cache and is
therefore able to work autonomously for limited time should the connection with main
server be interrupted.
Most typical use is in multi-location deployments.
REQUIREMENTS
Hardware requirements
Software requirements
Network requirements
Identity management system (e.g. Active Directory) is recommended
NOTES
YSoft SafeQ CML must be properly installed and configured. It is a critical point, which - in case of
failure - may result in the inability of end user printing, copying, scanning and other related tasks.
Server failover is managed via application or operating system level redundancy, more details
available in Server failover.
Multi-location deployments are supported using distributed server system - Private Cloud.
By default YSoft SafeQ server is running under Local System. If it is necessary to run it under
another account (e.g. because of permissions for scanning hotfolders), such account must have
granted local administrator, run as service (and permissions to given hotfolders).
YSoft SafeQ 5 285

February 03, 2016
3.2 SYSTEM REQUIREMENTS
3.2.1 YSOFT SAFEQ 5 SERVER
Please refer to Hardware requirements and Software requirements for server specific prerequisites.
Before deploying YSoft SafeQ in your environment, we always recommend to understand the environment
from the perspective of network communication, review the information about typical deployments and run
pre-installation checks.
Network communication overview

Typical deployment scenarios
Pre-installation checklists
3.2.2 WORKSTATION SOFTWARE
Workstation requirements
3.2.3 HARDWARE REQUIREMENTS
MINIMUM / RECOMMENDED HARDWARE REQUIREMENTS

Hardware requirements are always highly dependent on customer environment. The number of devices,
remote sites, users, print job sizes, output volumes, usage frequency. If you are not certain about the
customer environment, please consult with Y Soft representative the appropriate hardware sizing for your
customer.
There are several considerations in every deployment:
1. Windows print queue – the input/output print queue inside operating system. The print queue is a
mechanism that provides print driver to a client software (e.g. to create a PCL/PS file, receive data
stream over a network, store it on the hard drive and serialize it to the printer).
2. YSoft SafeQ print queue – print queue inside YSoft SafeQ which can be connected to a specific
printer, terminal (reader) or group of users. From the perspective of Windows print queue, this
represents (LPR) queue name in the print queue backend. YSoft SafeQ server has an internal
mechanism to balance the load by partially serializing the incoming traffic; in theory there is no limit
on how many Windows print queues can be connected to the YSoft SafeQ server.
3. Network Device – physical printing device (single or multifunction printer) with terminal and card
reader. YSoft SafeQ server sends print jobs to the device. One network device typically represents
one or multiple Windows print queues.
4. YSoft SafeQ CML Server – main YSoft SafeQ server on a physical or virtual server. CML server
uses SQL database to retain print job data, LPR subsystem that receives prints from print server or
client workstations, web administration interface, system for managing requests from terminals and
readers and LDAP integration subsystem.
A single CML server can handle up to 200 network devices.
A 4-node CML cluster can handle up to 1600 network devices (note that reasonable hardware or
virtual platform is required).
5.
YSoft SafeQ 5 286

February 03, 2016
5. YSoft SafeQ ORS Server – spooler server on a physical or virtual server. Multiple ORSes can build
a roaming group which is able to handle up to 2000 devices in a 25-node system.
Each YSoft SafeQ ORS server can handle up to 200 network devices.
JVM is very memory intensive. When using virtual machines, servers shall have configured
memory reservation based on the maximum heap size of YSoft SafeQ CML/ORS server.
See hardware requirements for Windows Servers at http://technet.microsoft.com/en-us/windowsserver

/bb414778
See best practices for sizing Windows Print Servers at http://blogs.technet.com/b/yongrhee/archive/2009/09

/14/best-practices-on-deploying-a-microsoft-windows-server-2008-windows-server-2008-r2-print-server.aspx
See Network communication overview for more details on YSoft SafeQ communication.
CML’s used with ORS’s Recommended hardware
Standalone CML/CML Cluster Recommended hardware
Up to 50 devices per YSoft SafeQ server

or server cluster Dual Core 2GHz or faster processor
2GB free RAM
1Gbps network connection (LAN)
20GB free disk space
Connection to storage with a throughput of at least
120MB/s and 100 IOPS (for 50 devices; no parser
used)
Up to 200 devices per server (100

devices if only a single server is used) Dual Core 2GHz or faster processor
4GB free RAM
YSoft SafeQ server or 1Gbps network connection (LAN)
server cluster 100GB free disk space
YSoft SafeQ Central Extra space 100GB (or more, depending on the
Reporting Services storage strategy) for YSoft SafeQ Central Reporting
Server data objects.
150MB/s and 300 IOPS
Up to 100 remote sites and total of 500 One CML server.

devices
Up to 500 remote sites and total of 1000 Two-nodes CML server cluster, each with 6GB RAM.
devices
Additional remote sites (up to 2000 For every 500 remote sites, there is one node in a CML
remote sites) server cluster.
YSoft SafeQ 5 287

February 03, 2016
CML’s used with ORS’s Recommended hardware
Make sure to add 500MB RAM for every 100 connected

sites.
ORS (remote sites) Recommended hardware
Up to 200 devices/server
Dual Core 2GHz or faster processor
YSoft SafeQ ORS (requires 2GB free RAM (4 GB RAM recommended), 1GB
connection to a central server) Network
Equal VM with at least 2 cores
20GB available disk space (disk size highly depends
on job size, print spooler and parser settings)
150MB/s and 300 IOPS
disk performance is highly affected by
replication buffer persistence settings
(cacheReplicationBufferPersistent)
if the expected load is higher than 2000jobs
/hour, it is recommended to disable
cacheReplicationBufferPersistent option to
lower disk load and keep ORS and CML in the
same data center.
CRS (reporting services) Recommended hardware
Up to 2000 devices
8-core 2.6Ghz (for example Intel X5355)
100 millions pages yearly (half printed, 16GB RAM recommended
half scan and copy) 200GB HDD (four years of statistics; default
configuration when keeping cubes with detailed
statistics for last three months and all basic statistics;
enabled reporting services)
Note: One-time cube processing in this configuration takes

approx. three hours.
3.2.4 SOFTWARE REQUIREMENTS
SUPPORTED OPERATING SYSTEMS
Operating System CML ORS Mobile CRS Payment

Print
System
Server
Microsoft Windows Server 2008 SP2 32bit/64bit all editions
YSoft SafeQ 5 288

February 03, 2016
Operating System CML ORS Mobile CRS Payment

Print
System
Server
Microsoft Windows Server 2008 R2 SP1 64bit all editions
Microsoft Windows Server 2012 64bit all editions
Microsoft Windows Server 2012 R2 64bit (Standard

/Datacenter edition)
Microsoft Windows Small Business Server 2011 Standard
Microsoft Windows 7 SP1 32bit/64bit*
Microsoft Windows 8 32bit/64bit
* Workstation operating system has limited number of incoming connections
Notes
When installing on Windows 2008 32bit, please install standalone PostgreSQL 9.2 32bit.
Installation of CML with embedded MS SQL database is not supported on server core editions.
YSoft SafeQ CML supports Microsoft Server Cluster (MSCS).
Using embedded terminals on YSoft SafeQ CML (embedded terminals connected to CML) always
requires Microsoft .NET 4.5.1.
Note: If you do not install Terminal Server component, Microsoft .NET 4.5.1 is not required;
embedded features will not be available.
Using embedded terminals on YSoft SafeQ ORS (embedded terminals connected to ORS) always
requires Microsoft .NET 4.5.1.
See Installing YSoft SafeQ CRS for additional requirements of the YSoft SafeQ CRS.
YSoft SafeQ 5 Server does not support Linux.
SUPPORTED DATABASES
Component Supported data engine
YSoft SafeQ 5.0 ORS No database required (internal persistent cache).
YSoft SafeQ 5.0 CML PostgreSQL 9.2 embedded* or standalone

Server
Microsoft SQL Server 2008/2012 Express edition (up to 10 devices per server)
**
Microsoft SQL Server 2008/2008 R2/2012/2014 Standard or Enterprise Edition,

32-bit or 64-bit
YSoft SafeQ 5 289

February 03, 2016
Component Supported data engine
*When using Windows 2008 32bit, install standalone PostgreSQL instead of

embedded.
**Not recommended for use with CML server cluster.
YSoft SafeQ 5.0 CRS see CRS - Supported databases
YSoft Payment System PostgreSQL 9.2 embedded* or standalone
Microsoft SQL Server 2008/2012 Express edition
Microsoft SQL Server 2008/2008 R2/2012/2014 Standard or Enterprise Edition,

32-bit or 64-bit
*When using Windows 2008 32bit, install standalone PostgreSQL instead of

embedded.
Microsoft SQL Server 2012/2014 offers AlwaysOn Availability Group. This functionality is not
supported by SafeQ.
DATABASE INSTANCES AND CONNECTION
YSoft SafeQ CML requires a stable connection to the database server for its proper functionality.
YSoft SafeQ CML server requires two databases:
one is used for real-time access, configuration and active job data
second is used as data archive, primarily for reporting and data audit
YSoft SafeQ application level cluster requires two databases for each CML server. All databases can
be on the same database server (highly available SQL server is mandatory in this case)
Connection to the SQL server is realized on the Java level using secured JDBC connection (integral
part of the application)
YSoft SafeQ will not work if the connection to the database server and its databases is not
available, even in the case of short, intermittent outages.
DATABASE SIZING
Example based on real customer data (10 million pages per month):
CML Database: 16 GB per SafeQ server

CRS Database SQL: 100 GB aggregated DB (after 3 years)
CRS Database OLAP: 100 GB aggregated DB (after 3 years)
YSoft SafeQ 5 290

February 03, 2016
DATABASE SETTINGS AND CONFIGURATION

YSoft SafeQ provides automated database maintenance tools. Scheduled database maintenance is
strongly recommended. The following configuration is required for different database types.
Common settings:
Login credentials for YSoft SafeQ access, with ownership rights to its database
Collation case-insensitive
Reliable low-latency network connection (if the DB server is on another server)
Microsoft SQL Server configuration:
Correct collation: Case-Insensitive and Accent-Sensitive (language_CI_AS) where applicable

The user that YSoft SafeQ uses to connect to the databases must have the default language set to
English (but not British English) in the SQL Server
Enabled TCP/IP connection or named pipes
Enable Simple recovery model
Connecting to SQL server that requires encrypted connection is supported, however requires several
manual steps (see comments).
To install YSoft SafeQ 5.0 the following database role is required: db_owner.
To update/upgrade YSoft SafeQ 5.0 the following database role is required: db_owner.
To run YSoft SafeQ 5.0 the following database roles are required: db_datareader, db_datawriter,
db_ddladmin.
For the installation to an MS SQL server, there must be two accounts created. One can be named in
any way, name of second account is "sync" and this name is mandatory.
The two accounts must either both be domain accounts or both SQL accounts (mixing both
types is not supported).
In case of installation to a named instance of the external MS SQL server, the service "SQL Server
Browser" must be configured and running on the SQL Server.
In case that you are going to use the external MS SQL server with named instance, you will need
following to be allowed between SafeQ server and MS SQL server:
a) UDP, both directions, local port on MS SQL server is 1434. This communication is used to
query the SQL server (its SQL Browser service). The SQL Browser service will respond and inform
the requester about the port it shall connect to via TCP.
b) TCP communication, direction from SafeQ to SQL, port "random". The port number is
dynamically assigned by the SQL Browser service (http://technet.microsoft.com/en-us/library
/cc646023.aspx).
PostgreSQL configuration:
UTF-8 collation
9.2 version only
Non-local-admin account for running PostgreSQL system service (Windows OS)
To install, update or run YSoft SafeQ 5.0 CML Server database user postgres and sync must have
superadmin role.
YSoft SafeQ 5 291

February 03, 2016
3.2.5 NETWORK COMMUNICATION OVERVIEW
This page provides a complete list of ports and protocols that must be enabled on firewalls in order to
ensure YSoft SafeQ system functionality.
NETWORK COMMUNICATION OVERVIEW
WORKSTATION TO SERVER COMMUNICATION (SERVER INBOUND RULES)
Required? Type Port Communication Description (communication from the

type user)
data volume
Mandatory TCP 80 HTTP/HTTPS for access to YSoft SafeQ administration

/443 /reporting web interface
Optional TCP 8005 server shutdown port listener for tomcat
Optional TCP 9100 proprietary job reception from client workstations

compressed (YSoft SafeQ Client Protocol)
(if using workstation
10kB - 1GB per
client)
print job
Optional TCP 515 LPR job reception from client workstations (LPR)
10kB - 1GB per
print job
client)
Optional TCP 4097 proprietary SSL Access verification with job print from client
(if using workstation 100kB per print workstations (YSoft SafeQ Port Protocol)
client) job
Optional TCP 2382 OLAP for access to Central Reporting Services

/2383 100kB-10MB per OLAP interface (MS SQL Analysis service)
(if using central
access
reporting)
Optional / TCP 19898 JMX CML system health monitoring via

Recommended from JConsole.
Localhost
Configurable by cmlJmxServerPort
(monitoring only) property in SafeQ system settings.
Optional / TCP 9797 JMX CML DBSync system health monitoring via
Localhost
(monitoring only)
Optional / TCP 9696 JMX CML LDAPreplicator system health

Recommended from monitoring via JConsole.
Localhost
YSoft SafeQ 5 292

February 03, 2016

type user)
data volume
(monitoring only)
Optional / TCP 9898 JMX ORS, CRS system health monitoring via
Localhost
ORS only: Configurable by
(monitoring only) orsJmxServerPort property in
SafeQ system settings.
Optional / TCP 9999 JMX ORS Web (distributed layer) system health
Localhost
(monitoring only)
Optional / TCP 9000 JMX CML, CRS auxiliary internal port used by
Recommended from JMX server.
Localhost
CML only: Configurable by
jmxRmiServerPort property in
Optional / TCP 9005 JMX CML DBSync auxiliary internal port used by
Localhost
Optional / TCP 19044 JMX ORS Web auxiliary internal port used by
Recommended from JMX server .
Localhost
Optional TCP 4096 proprietary 1kB - Information regarding queues for

per request YSoft SafeQ Client configuration
client)
Mandatory TCP 4110 Ricoh Embedded Terminal - accounting
SERVER TO PRINTER COMMUNICATION (SERVER OUTBOUND RULES)
Required? Type Port Communication Description (communication

type from the user)
data volume
Mandatory TCP 9100 proprietary Job data delivery to printer

10kB - 1GB per (Raw TCP)
print job
YSoft SafeQ 5 293

February 03, 2016

type from the user)
data volume
Mandatory TCP 515 LPR Job data delivery to printer

10kB - 1GB per (LPR)
print job
Optional TCP 80/443 IPP/SSL Job data delivery to printer (IPP

(if using print data encryption) 10kB - 1GB per over SSL)
print job
Optional TCP 9100 proprietary SSL Job data delivery to printer

(if using print data encryption) 10kB - 1GB per (compressed via Terminal
print job Professional)
Optional UDP 64099 proprietary Terminal Professional

broadcast /UltraLight discovery
(only within one
subnet)
Optional TCP 4095 proprietary Terminal Professional

/UltraLight remote configuration
Mandatory for embedded TCP 50001 proprietary WS Embedded (KM, Xerox, Sharp)
terminals /50003 SSL remote configuration
Mandatory with YSoft SafeQ TCP 80, proprietary Ricoh Terminal Embedded
Embedded Terminal for Ricoh 443, installation and automatic
ESA 8080, configuration used by RXOP
51443 libraries
64098 Ricoh Terminal Embedded

configuration
Mandatory for online print UDP 161 SNMP Online accounting of network
/copy tracking printer MFP
Mandatory with YSoft SafeQ TCP 49629, HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for 49630 Terminal for Toshiba
Toshiba installation
Mandatory with YSoft SafeQ TCP 80, 443 HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for Xerox Terminal for Xerox/Fuji-Xerox
/Fuji-Xerox installation
Mandatory with YSoft SafeQ TCP 80, HTTP, YSoft SafeQ Embedded
Embedded Terminal for Konica 50003 proprietary WS Terminal for Konica Minolta
Minolta SSL installation
TCP 80 HTTP
YSoft SafeQ 5 294

February 03, 2016

type from the user)
data volume
Mandatory with YSoft SafeQ YSoft SafeQ Embedded

Embedded Terminal for Sharp Terminal for Sharp installation
Mandatory with YSoft SafeQ TCP 80 HTTP YSoft SafeQ Embedded

Embedded Terminal for Terminal for Samsung
Samsung installation
Mandatory for YSoft SafeQ UDP 161 SNMP YSoft SafeQ Embedded
Embedded Terminal installation Terminal installation MFP
check
PRINTER TO SERVER COMMUNICATION (SERVER INBOUND RULES)
Required? Type Port Communication Description

type (communication from the
data volume user)
Mandatory with Terminal TCP 4096 Proprietary SSL Terminal Professional

Professional /UltraLight authentication and
low volume, low
session control
latency
Optional UDP 37 Time protocol Time synchronization

between Terminal
(if using time synchronization with
Professional / Payment
Terminal Professional or Payment
machine and the server.
machine)
When the system parameter
timeServerEnable is enabled,
server is listening on UDP
port 37. Terminal connects to
this port upon restart.
Mandatory with YSoft SafeQ TCP 4096, Proprietary YSoft SafeQ Embedded
Embedded Terminal for Ricoh 5012 Terminal (Ricoh
low volume, low
authentication and session
latency
control)
YSoft SafeQ Embedded
Terminal (Accounting and
charging)
Embedded Terminal for Browser 5012, Terminal browser
5013 communication
TCP 5021, HTTP/HTTPS YSoft SafeQ Terminal

5022 Application communication
YSoft SafeQ 5 295

February 03, 2016

data volume user)
Mandatory with YSoft SQTA or

YSoft SafeQ Embedded Terminal
for Browser (Sharp)
Mandatory with YSoft SafeQ TCP 5014- WS SSL YSoft SafeQ Embedded
Embedded Terminal for KM 5019 Terminal (KM) authentication
low volume, low
and session control
latency
Mandatory with YSoft SafeQ TCP 389 LDAP Internal LDAP for YSoft
Embedded Terminal for Toshiba SafeQ Embedded Terminal
for Toshiba
When 389 is blocked (by

already running AD on a
domain controller), SafeQ 5
GUI installer will display
warning and use 390 port
instead
Mandatory with Network Card TCP 5011 Proprietary SSL Network Card Reader
Reader /5012 authentication
Optional TCP 5020 Proprietary Preview provider for Terminal

(if using preview on Terminal Professional (optional,
Professional) depending on SafeQ setting,
configurable by preview-
provider-port)
Optional TCP 25 SMTP Scanning from MFPs via e-

(if using scan via SMTP) mail (optional, depending on
MFP capabilities)
Mandatory for WebDAV scanning TCP 443 Secured Scanning from MFPs via scan
WebDAV workflow (optional, depending
/HTTPS on MFP capabilities)
Optional TCP 139 SMB Scanning from MFPs via scan

(if using scan via SMB) to folder (optional, depending
on MFP capabilities)
Mandatory for embedded terminal TCP 21 FTP Scanning from MFPs via scan
scanning to folder (optional, depending
Optional - Passive FTP transfers TCP >1023 FTP
YSoft SafeQ 5 296

February 03, 2016

data volume user)
(for embedded terminal scanning) Range of ports for passive

FTP transfers (optional,
depending on SafeQ setting,
configurable by
ftpPassivePorts)
INTER-SERVER COMMUNICATION (INBOUND AND OUTBOUND RULES)

type user)
data path
Mandatory for TCP 4099 CML > CML Application-level cluster synchronization
cluster
proprietary
~1kB per print

job
Mandatory for TCP 4111, CML > CML Application-level cluster DB

cluster 4101 synchronization
proprietary
~1kB per print

job
Mandatory for TCP 6010 ORS > CML ORS-to-CML communication and
ORS synchronization
proprietary
~40 - 60 kB per
print job
Mandatory for TCP 4139 CML > CRS Reporting data collection
Central
proprietary
Reporting
~1kB per print
job
Mandatory TCP 5556 TS > server Terminalserver (TS) component

(CML/ORS) (required for YSoft SafeQ embedded
(localhost) terminal support), communication with
server application
proprietary
Mandatory for job TCP 8000 ORS > ORS Job data transfer for roaming jobs
roaming (uncompressed)
YSoft SafeQ 5 297

February 03, 2016

type user)
data path
Mandatory for TCP 6020 CML > CML Internal communication between CMLs
load balancing
Mandatory for UDP configurable ORS > ORS Near Roaming Group synchronization.
near job roaming Multicast Mandatory for roaming groups with
10+ ORS servers.
Mandatory for TCP 7800 ORS > ORS Near Roaming Group synchronization.
near job roaming Required for roaming groups up to 10
ORS servers.
Mandatory for TCP 20222 CML/MPS > RMI registry port used by web for
web status CML SafeQRemote listening and binding
information
web status CML incoming connections
information
web status CML UserManagerRemote binding and
information listening
web status CML PaymentManagerRemote binding and
Mandatory for TCP 9100 AP > CML, ORS AirPrint to CML/ORS via client protocol
AirPrint
Mandatory for TCP 5556 AP > CML, ORS AirPrint (AP) component,
AirPrint communication with server application
Optional for etcd TCP 2380 etcd > etcd Default value of port for communication
between etcd nodes (either between
CML nodes in the cluster or between on
ORS nodes in near roaming group)
Optional for etcd TCP 2379 TS > etcd Default value of port used by the
Terminal Server to communicate with
the local etcd
YSoft SafeQ 5 298

February 03, 2016
OTHER COMMUNICATION
Required? Type Port Communication Description (communication from

type the user)
data path
Mandatory for LDAP TCP 686 CML > LDAP LDAP integration (server > LDAP
synchronization controller) secured over SSL
Optional TCP 389 CML > LDAP LDAP integration (server > LDAP
controller)
controller)
(global catalogue)
Optional TCP 4096 Rech. Station > Emergency firmware update

(if using Payment CML
system)
Optional TCP 4100 Terminal > SafeQ Port where the terminal update
(if using firmware service is running (configurable by rs-
updates of HW terminal-update-port)
terminals)
Optional TCP 4444 Rech. Station > YSoft SafeQ Payment Machine
(if using Payment CML (QuickChip); not supported by YSoft
system) SafeQ5
Optional TCP 4196 YSoft SafeQ Management connection

(if using Payment Payment Machine >
system) YSoft Payment
System
Optional TCP 4197 YSoft SafeQ Management connection over SSL -

(if using Payment Payment Machine > this port is needed to setup in SPM
system) YSoft Payment service menu during configuring of
System Payment System server address
Optional TCP 4198 YSoft SafeQ Main connection

System
Optional TCP 4199 YSoft SafeQ Main connection over SSL

System
TCP 8080 CML/TS > YSoft web, rest services (APIs)

Payment System
YSoft SafeQ 5 299

February 03, 2016

type the user)
data path
Optional
(if using Payment
system)
Optional TCP 8443 CML/TS > YSoft web, rest services (APIs)
(if using Payment Payment System
system)
Optional TCP 25 SMTP SMTP (Scan job delivery,

(as per scan size) notifications to administrator and
users)
Optional TCP 80 SafeQ Client -> ORS web communication with client
(if using workstation ORS web (billing codes etc.)
client)
Mandatory UDP 1434 CML > DB This communication is used to query

(if using external MS the SQL server browser service.
SQL server with SQL browser service will respond
named instance) with the TCP port number that shall
be used for the rest of
communication.
Mandatory TCP see CML > DB The port number is dynamically

(if using external MS description assigned by SQL browser service,
SQL server with see http://technet.microsoft.com/en-
named instance) us/library/cc646023.aspx for more
information.
Mandatory for AirPrint UDP 5353 AirPrint > subnet AirPrint (AP) component multicast to
subnet using Bonjour
Mandatory for AirPrint TCP 8050 client > AirPrint Job delivery from iOS or MAC client
to AirPrint (AP) over IPPS. 8050 is
default but configurable port.
CLUSTER INSTALLATION
Required Type Port Communication type Description (communication from the

data path user)
Mandatory TCP 4111 CML > CML Proprietary DB Sync
Mandatory TCP 6020 CML > CML Inter node communication
TYPICAL COMMUNICATION OVERVIEW
YSoft SafeQ 5 300

February 03, 2016
The following diagram is for reference only and does not show all possible options.
TERMINAL COMMUNICATION OVERVIEW

The HW terminals communicate with the YSoft SafeQ server over an Ethernet network (default
communication port 4096). RJ45 connectors connect the terminal to the network. MFPs and printers
communicate with the SafeQ server via the terminal. Each terminal has a MAC address allocated by Y Soft.
YSoft SafeQ 5 301

February 03, 2016
DHCP SUPPORT
Terminals can be configured in static IP or dynamic IP (DHCP) mode.
TERMINAL PROFESSIONAL
Uses UDHCP Client ver. 1.2.1. If DHCP server is not available then DHCP client keeps running in
background.Terminal boots normally but no connection to network is available.
TERMINAL ULTRALIGHT
Uses DHCP client according to RFC 2131 and RFC 1533.If DHCP server is not available then zero network
configuration according to RFC 3927 is started within 2 seconds. (Terminal stays in the "initializing" dialog
(green leds animated around).Terminal TCP server (TCP port 4095) and UDP locator (UDP port 64099) are
available during zero network configuration.The DHCP client continues operating in the background. As
soon as the DHCP client gets a valid DHCP lease, the zero network configuration is shut down and the
terminal continues in standard operation.)
SERVER CONNECTION TIMEOUTS
Multi-threaded connection to SafeQ servers: 500ms before next deploy, maximum number of servers in
cluster: 10, total connection timeout: 15-22s depending on node count. Timeout for established SafeQ
server connection: 20s-2min depending on protocol state.Closing connection causes immediate user
session end.
TERMINAL ULTRALIGHT
Timeout for connecting per SafeQ server: 2s, number of connection attempts per server: 3, maximum
number of servers in cluster: 5. Timeout for established SafeQ server connection: 30s. Timeout for
established SafeQ server connection, before sending user authentication data: 1s. Closing connection
causes immediate user session end.
IPV6 SUPPORT
External hardware terminals support IPv4. If IPv6 is required, customization of Terminal Professional
firmware is possible.
JOB DELIVERY PROCESS
WORKSTATION TO SAFEQ JOB DELIVERY
LPR according to RFC 1179

SafeQ Port Protocol according to SafeQ Workstation Client Protocol Specification
SAFEQ TO MFP JOB DELIVERY

Regardless of CML/ORS, the job is delivered to MFP by means of delivery backends. Backends are used
for encapsulating delivery protocol. Currently supported protocols for job delivery are:
LPR
JetDirect
TCP RAW/9000
New versions may bring support for new delivery protocols (e.g. IPP/IPP over SSL).
YSoft SafeQ 5 302

February 03, 2016
In SafeQ 5, backends are also augmented with Decorators. Backend Decorators act as filters which are
applied in sequence to the delivered jobs. These filters are used for many things, like injecting PJL headers
into a job, removing or changing PJL headers, modifying contents of the print job
3.2.6 TYPICAL DEPLOYMENT SCENARIOS
SINGLE LOCATION
The most basic deployment, typically small

company or an office.
YSoft SafeQ can be installed on dedicated or print server. Print jobs are routed through YSoft SafeQ,
which additionally controls access to multifunction devices and printers. Each location has its own
individual YSoft SafeQ installation and is managed independently. YSoft SafeQ server offers failover
based on synchronized application-level redundancy or operating system clustering. ( learn more)
For detailed sizing information, please see Hardware requirements.
SMALL BUSINESS
Basic deployment with multiple interconnected

locations (several locations, slow WAN connection between locations).
ORS servers, centralized administration and reporting is required. In this situation, printing and MFP
access at the largest location are managed by a YSoft SafeQ CML server, with other locations handled
by independent ORS server(s). The entire system is managed from one central location.
NOTES: Each ORS can handle only a limited number of printers. It is highly recommended that a
failover system be established by means of server virtualization, clustering, or daily backup
procedures.
For detailed distributed system information, please see Distributed Server System - Private Cloud.
YSoft SafeQ 5 303

February 03, 2016
REGIONAL GOVERNMENT
For customers with multiple locations that are all about the same size, we recommend the use of a fully
distributed environment with a centralized administrative location.
Print servers for individual buildings should be equipped with a YSoft SafeQ ORS application, which
manages printing and MFP access within the local building. The YSoft SafeQ CML system is used only
as a centralized management, integration, and reporting point. Online connection between the CML
server and ORS servers is required, even if the connection is slow.
NOTES: Each ORS can handle only a limited number of printers. It is highly recommended that a
failover system be established by means of server virtualization, clustering, or daily backup
procedures.
This architecture cannot be used in situations where the Payment System is required.
For detailed information about distributed server system, please read Distributed Server System -
Private Cloud.
YSoft SafeQ 5 304

February 03, 2016
RETAIL BANK
For organizations with an extensive network of

branches (connected by a relatively slow WAN) and a large central headquarters (several buildings on
a high-speed MAN), the following architecture is recommended:
Every customer site with more than 20 users has a print server. This print server can be virtual,
dedicated, or shared with other applications. Although many of the remote site locations may not have
a constant connection to the main data center, some connection to the main data center is required,
even if slow. The print server at each location manages all printing and copy locally and is equipped
with an installed YSoft SafeQ Offline Remote Spooler (ORS) service. Each ORS can handle only a
limited number of printers. It is highly recommended that a failover system be established by means of
server virtualization, clustering, or daily backup procedures.
A data center with a YSoft SafeQ Enterprise Central Management Layer (CML) cluster (2-4 servers) is
distributed across headquarters locations and provides central administration and integration services.
The CML cluster also directly handles printing services in the locations directly connected to the data
center (a maximum of 100 devices can be connected to each CML server).
The data center also includes YSoft SafeQ Central Reporting Services (CRS Enterprise), which
provides access to all required reports via MS SQL OLAP and Analysis Services.
YSoft SafeQ 5 305

February 03, 2016
Private Cloud.
YSoft SafeQ 5 306

February 03, 2016
GLOBAL PRODUCTION COMPANY
For the largest global organizations with a large number of devices and multiple locations across large
metropolitan areas or campuses, ORS server farms or clusters should be used.
With this type of company, the vast majority of users usually print at their home location. However,
some users frequently travel among buildings throughout the metropolitan area. In that case, fully
transparent Print roaming is required. To enable Print roaming, clustered ORS servers are used. Each
cluster manages its own location, or is part of a larger high-speed network that covers a metropolitan
area "within walking distance." Single ORS servers are used only for smaller remote offices. Printing
via an ORS cluster is fully transparent to the user. The system can be configured so that meta data are
synchronized between ORS clusters (with a defined delay) so there is fully transparent Print roaming
among ORS clusters as well. However, because the print job data remain at the original location, print
speed can be affected by network bandwidth and latency.
Typically with this type of large organization, some users also frequently travel among remote locations
or different areas. These users require the ability to release the print job at any location, wherever they
are. To meet those needs, additional steps (manual selection or pre-roaming in the background) are
required to release the jobs at any location. To achieve that, this architecture utilizes a"super CML"
system, which is not dedicated for printing, but which coordinates Print Roaming between CML clusters
and ORS systems.
Private Cloud.
YSoft SafeQ 5 307

February 03, 2016
SPECIAL
YSoft SafeQ can be deployed in additional environments. However, each case must be considered and
analyzed individually.
Please consult any special uses of YSoft SafeQ with YSoft representatives.
3.2.7 PRE-INSTALLATION CHECKLISTS
Pre-installation checklist is available on Partner's Portal - https://portal.ysoft.com/technical-support/protocols-

download/pre-installation-checklist
SAFEQ CML SERVER PRE-INSTALLATION CHECK LIST
SAFEQ CML SERVER PRE-INSTALLATION CHECK LIST
FOLLOWING FEATURES HAS TO BE INSTALLED AND AVAILABLE ON THE SERVER FOR SAFEQ CML SERVER INSTALLATION
To see list of supported platforms, please visit Software requirements page.
No Web server may be installed on the computer. (If installed, it must not listen on TCP port 80).
Windows Installer 4.5 must be installed in order to use embedded MS SQL 2008 Express installation.
The latest version of web browser shall be installed (IE, Chrome or Firefox).
No other software shall be installed, except as agreed by YSOFT.

IP addresses for the local SafeQ CML servers are prepared before the installation of MFPs and
terminals.
Dedicated shared folder accessible from all SafeQ CML nodes is set up and reachable from all
SafeQ CML server nodes (necessary for installation from network folder).
CML servers (all nodes of the clusters) meets minimum requirements. See Hardware requirements
for details.
Latest security patches installed on operating system.

See Antivirus Settings page to make sure system performance is not affected by Antivirus software.
There is no other software that can interfere with SafeQ installed on the servers, especially database
(unless it's intended for SafeQ), or other print solution, except as specified in this document.
In case of external database server SafeQ uses 2 service accounts (mandatory name for one of the
accounts is: sync) and 2 databases to run for each CML node.
Administrator rights are required in order to perform the installation.
"LPD service" not installed in case "Print Server" role is used.
YSoft SafeQ 5 308

February 03, 2016
EXTERNAL USER SOURCE FOR REPLICATION (LDAP) REQUIREMENTS
Primary LDAP server IP address

Domain name(s)
DN of container(s) with users
LDAP contains user login information
LDAP contains user name and surname information
Department number is available in following attribute
Card numbers are available in following attribute
Unique user ID is available in following attribute
User email addresses are available in LDAP
Data replication from LDAP to SafeQ is preferred. Frequency of replication is configurable (for
example: full replication is executed once a day, and differential replication is executed each hour).
Administrator will be available to provide LDAP server access credentials. User account with 'list all
records' and 'read attributes' credentials must be available as integration account for SafeQ.

For proper functionality of the SafeQ environment following ports have to be opened on the server side.

type user)
data volume


10kB - 1GB per
client)
print job
10kB - 1GB per
print job
client)
client) job

(if using central
access
reporting)
TCP 19898 JMX
YSoft SafeQ 5 309

February 03, 2016

type user)
data volume
Optional / CML system health monitoring via

Localhost
Localhost
(monitoring only)
Optional / TCP 9696 JMX CML LDAPreplicator system health

Localhost
(monitoring only)
Localhost
Localhost
(monitoring only)
Localhost
Localhost
Localhost
YSoft SafeQ 5 310

February 03, 2016

type user)
data volume

client)

type from the user)
data volume

print job

print job

print job


(only within one
subnet)

51443 libraries

configuration
YSoft SafeQ 5 311

February 03, 2016

type from the user)
data volume


check

data volume user)

low volume, low
session control
latency

between Terminal
machine)
YSoft SafeQ 5 312

February 03, 2016

data volume user)
low volume, low
latency
control)
charging)
5013 communication
Mandatory with YSoft SQTA or TCP 5021, HTTP/HTTPS YSoft SafeQ Terminal
YSoft SafeQ Embedded Terminal 5022 Application communication
for Browser (Sharp)
low volume, low
and session control
latency
for Toshiba

instead

provider-port)

MFP capabilities)
Mandatory for WebDAV scanning TCP 443
YSoft SafeQ 5 313

February 03, 2016

data volume user)
Secured Scanning from MFPs via scan


Mandatory for embedded terminal TCP 21 FTP Scanning from MFPs via scan
Optional - Passive FTP transfers TCP >1023 FTP Range of ports for passive
(for embedded terminal scanning) depending on SafeQ setting,
configurable by
ftpPassivePorts)

type user)
data path
cluster
proprietary
~1kB per print

job

proprietary
~1kB per print

job
ORS synchronization
proprietary
~40 - 60 kB per
print job
Central
proprietary
Reporting
YSoft SafeQ 5 314

February 03, 2016

type user)
data path
~1kB per print

job

server application
proprietary
load balancing
10+ ORS servers.
ORS servers.
information
information
AirPrint
YSoft SafeQ 5 315

February 03, 2016

type user)
data path

the local etcd
OTHER COMMUNICATION

type the user)
data path
controller)
controller)
(global catalogue)

system)
terminals)
system) SafeQ5

System

TCP 4198 Main connection
YSoft SafeQ 5 316

February 03, 2016

type the user)
data path
Optional YSoft SafeQ

System

System
system)
system)

users)
client)

communication.

information.
YSoft SafeQ 5 317

February 03, 2016

data path user)
SAFEQ CRS SERVER PRE-INSTALLATION CHECK LIST
SAFEQ CRS SERVER PRE-INSTALLATION CHECK LIST

The following has to be prepared on the clean server for SafeQ CRS installation.
A static IP address must be set on the server before the installation of SafeQ CRS.
Computer with supported platform installed.
Server hardware and storage space is according to specification; the estimated DB capacity is
approx. 5 GB for one month of data storing.
No other software installed, except as agreed by YSOFT
Physical server dedicated only for SafeQ CRS server.
.NET Framework 4.0 Full Profile installed
IIS enabled, ASP.NET support set up
Latest security patches installed on operating systems
Antivirus Settings
There is no other software that can interfere with SafeQ installed on the server, especially another
database (unless it's intended for SafeQ), or Other Print Solution, except as specified in this
document.
YSoft SafeQ CRS Enterprise must be installed on a dedicated server – not where another instance of YSoft
SafeQ is running.
As a prerequisite for YSoft SafeQ CRS installation, Microsoft SQL Server must be installed and running on
the same server with the following minimum components:
Database Engine
SQL Server Agent
Analysis Services
Reporting Services
Integration Services
Workstation components (including SQL Server Management Studio)
In order to install YSoft SafeQ CRS, before beginning installation of MS SQL Server, MS IIS (a
component of the Microsoft Windows Server operating system) must be installed.
YSoft SafeQ 5 318

February 03, 2016
MS SQL SERVER CONFIGURATION

When installing Microsoft SQL Server, the following settings must be configured:
The SQL Server instance must not be case-sensitive.

A CI_AS_* collation is recommended.
TCP protocol must be enabled.
The authentication mode must be Mixed, i.e.: SQL Server Authentication and Windows
Authentication must both be supported.
Microsoft SQL Server Enterprise Edition is recommended, although Standard Edition may be sufficient for
smaller installations.
MS SQL SERVER USER PERMISSIONS LEVEL FOR INSTALLATION

To install, upgrade YSoft SafeQ 5.0 CRS Server the following database roles are required: db_owner OR
db_datareader, db_datawriter, db_ddladmin.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles are
required: SQL Server Analysis Services "Server administrators" group.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are
required: db_ssisadmin.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Reporting Services roles are
required: SQL Server Reporting Services "System administrator" role.
MS SQL SERVER USER PERMISSIONS LEVEL FOR RUNTIME

To run YSoft SafeQ 5.0 at CRS Server the following database roles are required: db_datareader,
db_datawriter.
To run YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles are required: SQL
Server Analysis Services "Server administrators" group.
To run YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are required:
db_ssisoperator.
MS SQL SERVER USER PERMISSIONS LEVEL FOR OPERATIONS

To open/manage cube at YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles
are required: SQL Server Analysis Services Database "Full control ( Administrator )" role .
To run package at YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are
required: db_ssisoperator.
To browse reports at YSoft SafeQ 5.0 CRS Server the following SQL Server Reporting Services roles are
required: SQL Server Reporting Services "Browser" role.
MS SQL SERVER ANALYSIS SERVICES SERVICE USER ACCOUNT PERMISSIONS

"SQL Server Analysis Services" service user account must have access (db_owner OR db_datareader,
db_datawriter, db_ddladmin) to CRS databases (yBoxDB, yBoxDBCDC). The best option is to give him
Server Role sysadmin.
YSoft SafeQ CRS supports the following versions of MS-SQL Server:
YSoft SafeQ 5 319

February 03, 2016
MS SQL Server 2008 Standard 32/64 bit

MS SQL Server 2008 Enterprise 32/64 bit
MS SQL Server 2008 R2 Standard 64 bit
MS SQL Server 2008 R2 Enterprise 64 bit
See the MS SQL Server 2008 installation procedure and MS SQL Server 2012 installation
procedure for information how to install MS SQL Server for YSoft SafeQ CRS.
MICROSOFT SQL SERVER – REQUIRED SERVICE PACKS
MS SQL Server Required Service

Pack
Microsoft SQL Server 2008 Service Pack 3 or

higher

R2 higher
Microsoft SQL Server 2012 Service Pack 1
SAFEQ ORS SERVER PRE-INSTALLATION CHECK LIST
SAFEQ ORS SERVER PRE-INSTALLATION CHECK LIST
FOLLOWING FEATURES HAS TO BE INSTALLED AND AVAILABLE ON THE SERVER FOR ORS SERVER INSTALLATION
To see list of supported platforms, please visit Software requirements page.
Microsoft .NET 4.5.1 and Windows Installer 4.5 shall be installed.

No other software installed, except as agreed by YSOFT.
IP addresses for the local SafeQ ORS server are prepared before the installation of MFPs and
terminals.
ORS servers (all nodes of the clusters) meets minimum requirements. See Hardware requirements
for details.
Latest security patches shall be installed on operating systems.

See Antivirus Settings page to make sure system performance is not affected by Antivirus software.
There is no other software that can interfere with SafeQ installed on the servers or Other Print
Solution, except as specified in this document.
"LPD service" not installed in case "Print Server" role is used.
Following criteria shall be met in order to install ORS in near roaming group (NRG):
Multicast IP address for discovery

1 Gbit stable LAN connection
YSoft SafeQ 5 320

February 03, 2016
Following criteria shall be met in order to install ORS on a server with several network interfaces
Server is configured as described in: SafeQ ORS on a server with two or more network interfaces

For proper functionality of the SafeQ environment following ports have to be opened on the server side.

type user)
data volume


10kB - 1GB per
client)
print job
10kB - 1GB per
print job
client)
client) job

(if using central
access
reporting)
Optional / TCP 19898 JMX CML system health monitoring via

Localhost
Localhost
(monitoring only)
TCP 9696 JMX CML LDAPreplicator system health

monitoring via JConsole.
YSoft SafeQ 5 321

February 03, 2016

type user)
data volume
Optional /
Recommended from
Localhost
(monitoring only)
Localhost
Localhost
(monitoring only)
Localhost
Localhost
Localhost

client)
YSoft SafeQ 5 322

February 03, 2016

type from the user)
data volume

print job

print job

print job


(only within one
subnet)

51443 libraries

configuration
YSoft SafeQ 5 323

February 03, 2016

type from the user)
data volume


check

data volume user)

low volume, low
session control
latency

between Terminal
machine)
low volume, low
latency
control)
charging)
TCP HTTP/HTTPS
YSoft SafeQ 5 324

February 03, 2016

data volume user)
Mandatory with YSoft SafeQ 5011, YSoft SafeQ Embedded

5013 communication
Mandatory with YSoft SQTA or TCP 5021, HTTP/HTTPS YSoft SafeQ Terminal
YSoft SafeQ Embedded Terminal 5022 Application communication
for Browser (Sharp)
low volume, low
and session control
latency
for Toshiba

instead

provider-port)

MFP capabilities)
Mandatory for WebDAV scanning TCP 443 Secured Scanning from MFPs via scan

TCP 21 FTP
YSoft SafeQ 5 325

February 03, 2016

data volume user)
Mandatory for embedded terminal Scanning from MFPs via scan

Optional - Passive FTP transfers TCP >1023 FTP Range of ports for passive
(for embedded terminal scanning) depending on SafeQ setting,
configurable by
ftpPassivePorts)

type user)
data path
cluster
proprietary
~1kB per print

job

proprietary
~1kB per print

job
ORS synchronization
proprietary
~40 - 60 kB per
print job
Central
proprietary
Reporting
~1kB per print
job

server application
YSoft SafeQ 5 326

February 03, 2016

type user)
data path
proprietary
load balancing
10+ ORS servers.
ORS servers.
information
information
AirPrint
the local etcd
YSoft SafeQ 5 327

February 03, 2016
OTHER COMMUNICATION

type the user)
data path
controller)
controller)
(global catalogue)

system)
terminals)
system) SafeQ5

System

Optional TCP 4198 YSoft SafeQ Main connection

System

System
TCP 8080 CML/TS > YSoft web, rest services (APIs)

Payment System
YSoft SafeQ 5 328

February 03, 2016

type the user)
data path
Optional
(if using Payment
system)
system)

users)
client)

communication.

information.

data path user)
YSoft SafeQ 5 329

February 03, 2016
SAFEQ ORS ON A SERVER WITH TWO OR MORE NETWORK INTERFACES

This article describes the steps that have to be performed prior the installation of the ORS on a server with
several network cards.
PREREQUISITES
Please make sure that the following criteria are met before the installation of ORS is started:
1. Hostname of the server with more network interfaces is resolved as the IP address dedicated for
the ORS (i.e. hostname is mapped to the correct NIC).
2. All CML nodes where this ORS will be connected to must be able to resolve this hostname
correctly.
3. All ORSes which are/will be members of near roaming group needs to be able to resolve this
hostname correctly.
4. The interface bound to the IP address dedicated for ORS must be configured as the first active
network interface in the list of available adapters and bindings.
see the description below for the basic instructions how to verify this step
additional information about this step can be found at http://technet.microsoft.com/en-us/library
/cc732472.aspx if needed
HOW TO VERIFY THAT ADAPTER WITH IP ADDRESS DEDICATED FOR ORS IS FIRST IN THE LIST OF AVAILABLE ADAPTERS
Step 1 - Find the adapter that uses IP address dedicated for ORS
This section describes the way how to identify the network adapter which uses the IP address dedicated for
ORS.
1 Log in to server and Open command prompt (e.g. Start => Run => services.msc)
2 Enter ipconfig command in the command prompt and press Enter.
3 Find which adapter is configured to use the IP address dedicated for ORS.
YSoft SafeQ 5 330

February 03, 2016
Example: If the needed IP address is mentioned in "Ethernet adapter Local Area Connection "
section, the Local Area Connection is the connection we need.
Step 2 - Verify the order of network interfaces and modify it if needed

This section describes steps for verification and modification of order in which the network interfaces are
configured.
1 Open Control Panel -> Network and Sharing Center -> Change adapter settings
2 Press the Alt key on your keyboard and choose Advanced -> Advanced Settings...
3 Verify that the connection with the IP address dedicated for ORS is set as the first one in the
Connections section
YSoft SafeQ 5 331

February 03, 2016
4 If the connection with the IP address dedicated for ORS is not listed as the first on the top of the list,
use the arrow up or arrow down buttons to change the order and save the settings using OK button.
3.3 YSOFT SAFEQ TERMINALS
Terminals provide user interface which allows interaction with multifunction or other printers. The key
features allow user authentication, print job management and access to other YSoft SafeQ features for end
users.
YSoft SafeQ supports two types of terminals:
Embedded (software) Terminals - software, installed on the multifunction printer.
External (hardware) Terminals - hardware, mounted on multifunction or other printers.
YSoft SafeQ 5 332

February 03, 2016
Terminal

Professional (HW)

UltraLight (HW)
YSoft SafeQ® Fuji Xerox Apeos

Terminal Embedded
YSoft SafeQ® Konica Minolta

OpenAPI Terminal Embedded
YSoft SafeQ® Ricoh ESA

Terminal Embedded
YSoft SafeQ® Sharp OSA

Terminal Embedded
YSoft SafeQ® Xerox EIP

Terminal Embedded
YSoft SafeQ® Toshiba

OpenPlatform Terminal
Embedded
YSoft SafeQ® OKI OpenPlatform

Terminal Embedded
Important note: Please always refer to the Hardware Compatibility List for up-to-date information about
supported vendors and devices.
3.3.1 EMBEDDED TERMINALS
EMBEDDED TERMINALS (MFP PANEL INTEGRATED)
List of compatible devices is always available in Hardware Compatibility List (HCL).
Vendor Comments Authentication
All authentication options (

Embedded Terminal is Terminal Authentication Matrix).
software extension of the Fuji
Xerox devices.
YSoft SafeQ 5 333

February 03, 2016
eXtensible Customizing
Card authentication with optional
Platform versions 1.2+ needs
USB card reader.
to be installed on the device.
with XCP User interface walkthrough is
available at Using YSoft
SafeQ Embedded Terminal
for Fuji Xerox with XCP.
Username & password, PIN.

Embedded Terminal is
software extension of the Fuji Card authentication with optional
Xerox devices. EPA card reader.
Embedded Terminal requires
Card self-registration possible
licensed and configured Fuji
using Card Activation Code.
Xerox ApeOS Connection IV
at the device.
User interface walkthrough is
for Fuji Xerox Apeos.
Direct printing in combination
with Authentication module
works, however (any) user
must authenticate in order for
the jobs to be released by the
printer (technology limitation).

software extension of Konica
Minolta devices. Card authentication with optional
Embedded Terminal requires USB card reader.
licensed and configured
Konica Minolta OpenAPI
platform at the device
(OpenAPI version 3.6 or
higher).
Konica Minolta OpenAPI3
Account Map is
recommended option for
accounting.
Konica Minolta MyPanel
application or web-browser
support requires OpenAPI
YSoft SafeQ 5 334

February 03, 2016
version 3.6 or higher and an

iOption license.
Most of the printers require
extended memory and hard
drive for full functionality
(more details in Hardware
Compatibility List).
for Konica Minolta (OpenAPI).

Terminal is software
extension to the OKI MFP Card authentication with optional
interface. USB card reader.
Terminal requires properly
licensed and configured Open
Platform.
see HCL - OKI for compatible
devices.
YSoft Payment System
features are not supported.

software extension of Ricoh
devices. Card authentication with optional
Terminal requires licensed USB card reader.
and configured Ricoh ESA™
Platform at the MFP (SDK/J
version 4+).
Java Card (is already
delivered with newer types of
Ricoh devices).
for Ricoh (ESA).

software extension of
Samsung devices.
YSoft SafeQ 5 335

February 03, 2016
Devices built on XOA-E

Card authentication with optional
platform are supported only.
USB card reader.
See HCL - Samsung for
compatible devices.
Terminal for Samsung
requires XOA framework
version 1.21 or higher.

software extension of Sharp
Embedded Terminal requires USB card reader or network card
licensed and configured reader (which requires its own IP
Sharp OSA Platform (ACM address).
and EAM module) at the
device (OSA version 3.5 and
higher).
Without EAM module,
Scan management is not
available and a print job list is
not refreshed after print.
YSoft Payment System is
supported only on the devices
with AMX 3 license.
for Sharp (OSA).

Terminal is software
extension to the Toshiba MFP Card authentication with optional
interface. USB card reader.
Terminal requires properly
licensed and configured
Toshiba Embedded Platform.
see HCL - Toshiba for
compatible devices.
features are not supported.
YSoft SafeQ 5 336

February 03, 2016

Embedded Terminal is Terminal Authentication Matrix)
software extension of Xerox
Embedded Terminal requires network card reader (requires its
licensed and configured own IP address) or optional
Xerox EIP Platform and Xerox generic USB card reader
XSA/CA at the device (EIP (available at selected devices only
version 1.5 and higher). - see HCL for more details).
supported only on the devices
with EIP version 2 and higher.
Xerox Network Accounting
(JBA) kit is recommended for
accounting.
for Xerox (EIP).
Scan to searchable PDF is
available only on devices with
EIP 2.5 and higher
KNOWN LIMITATIONS
Embedded Terminal cannot be uninstalled or reinstalled when users are logged in.
Xerox EIP, Fuji Xerox Apeos: It is not possible to restrict copying.
Xerox EIP: It is not possible to restrict user access rights of native applications per user by default.
On most devices, the support can be enabled by enabling property enableXeroxAccessDefinition in
System settings. On the not supported devices, this option can be configured for each device by
administrator manually.
Xerox EIP: It is not possible to restrict user access rights for color operations per user, this option can
be configured for each device by administrator manually.
Xerox EIP: If incorrect device credentials are used three times, device locks out access from the
particular IP address for an hour. It is possible to erase the device lockout table manually.
Xerox EIP: Automatic log out does not work from the native copy menu.
Xerox EIP: Terminal inactivity timeout set in advanced tab of user's edit dialog (or in settings of Cost
center, if this value is inherited from the Cost center) has to be different and ideally higher than the
inactivity timeout set on device. If the timeout set per user is lower and a it expires, users will still be
able to perform copies until the timeout set on device expires.
Xerox EIP: When actual Billing code is changed while a copy job is being performed, the copy job will
be assigned the new Billing code.
Xerox EIP: Automatic color detection when scanning using YSoft SafeQ scanning application is
supported only on devices with EIP 3.0 and higher.
YSoft SafeQ 5 337

February 03, 2016
Fuji Xerox Apeos: After automatic log out from SafeQ Application user is navigated to device main
menu. After given time (based on device settings) user is also automatically logged out from device
main menu.
Fuji Xerox Apeos: Only ASCII characters can be used when entering scanning workflow parameters
on the embedded terminal.
Fuji Xerox Apeos: SSMI 1.4 or higher is required for the proper function of Payment System. In case
the SSMI version is lower, the quota system is not applied and user can reach negative balance.
Fuji Xerox Apeos: Only card self-registration using card activation code is supported.
Fuji Xerox Apeos: When the card activation feature is enabled and there is card swipe with registered
card, the user must always navigate through the Card Activation Code screen.
Fuji Xerox Apeos: Blank pages are accounted as BW print.
Fuji Xerox Apeos: It can take up to 15 minutes for device to return blocked money back to money
account (if Payment System is used for print/copy/scan charging).
Fuji Xerox Apeos: Terminal inactivity timeout set in advanced tab of user's edit dialog (or in settings
of Cost center, if this value is inherited from the Cost center) does not work. The session will be
ended as soon as timeout set on device expires.
Fuji Xerox Apeos: When actual Billing code is changed while a copy job is being performed, the copy
job will be assigned the new Billing code.
Fuji Xerox Apeos: Enable etcd to avoid duplicate accounting records on CML cluster.
Fuji Xerox with XCP: Direct printing works, but the print jobs are performed even when the user has
insufficient credit.
Fuji Xerox with XCP: Print All works, but if the user is out of credit, the printing continues and a debt
record is created.
Fuji Xerox with XCP: When swiping a card at the card reader when the device is in a sleep mode, the
user is not authenticated.
Fuji Xerox with XCP: Scan feature can not be blocked on some firmwares of devices.
Fuji Xerox with XCP: Enable etcd to avoid duplicate accounting records on CML cluster.
Konica Minolta: Jobs performed by Public user and jobs sent directly to printer are not accounted.
Konica Minolta: Scan jobs performed by a user with insufficient credit are accounted. This may cause
discrepancy between SafeQ reports and the information in Payment System
Konica Minolta OpenAPI 4.0: Name attribute of Scan workflow parameter has not to be longer than
16 characters and has to contain alphanumeric characters only.
Konica Minolta: native interface: Simplex/duplex option for scan is not propagated from scan
workflow template, so following settings has to be set manually on device's panel.
Konica Minolta: native interface: It is not possible to mark jobs as favorite.
Konica Minolta: Searchable PDF – searchable PDF (OCR) cannot be defaulted in Scanning
Workflow - standard PDF is used instead.
Konica Minolta: With browser-based embedded terminal, Waiting folder is not refreshed after print.
The user must navigate to another folder in order to refresh the list.
Konica Minolta: With browser-based embedded terminal, scanning via WebDav is not supported.
Konica Minolta: User with login name admin is not supported with YSoft SafeQ Embedded Terminal
for Konica Minolta.
Konica Minolta: From Service Release 9 it is not possible to authenticate as an user via the web
interface of the device.
Konica Minolta: For limitations related to printing from USB see the article printing from USB on YSoft
SafeQ Embedded Terminal for Konica Minolta.
YSoft SafeQ 5 338

February 03, 2016
Konica Minolta C35: Logout before all jobs are printed causes that only the first job is accounted.
Konica Minolta C35: Swipe with card immediately when authentication screen is displayed causes
that user is not logged in.
Konica Minolta C284, C654: Card registration and billing code selection in the same authentication
causes terminal to stay in main authentication screen.
Konica Minolta C364 PCL driver: Jobs with resolution of 1200 DPI generated by this print driver have
blank preview and are not printed. Only one page of error report is released from printer.
Ricoh: When accounting is not licensed (Reporting or Credit and billing modules), only the print
application is available on the terminal (users are unable to access the scanning application and the
native copy application).
Ricoh: When a previously disconnected USB card reader is connected again to the device (or device
is woken up from the sleep mode), it takes up to one minute (device dependent) untill USB card
reader is responsive again. Ricoh C3002 has to be restarted for USB card reader to be responsive
again.
Ricoh: Print from USB is not supported with Payment System. Jobs would not be accounted.
Ricoh: Credit balance is not displayed on devices with small displays (e.g. MP301SPF).
Ricoh: Accounting for scanning via native scanning application is not supported.
Ricoh Aficio MP 171, Aficio MP 171 SPF, Aficio MP C400 Series, Aficio MP 201, Aficio MP 201 SPF,
Aficio MP 301 Series, Aficio MP C300 Series, Aficio SP 5200S + Aficio SP 5210SF + Aficio SP
5210SR, MP C305 SP, Aficio MP C305 Series, MP C401 Series: On these models there are two
limitations related to duplex scanning:
Every even page may be rotated by 180 degrees in the resulting file when scanning from
automatic document feeder (ADF) to JPEG format.
Every even page may be rotated by 180 degrees in the resulting file when scanning manually
from glass to multiple TIFF files or to a single TIFF file. Note that duplex option for scanning
from glass makes no sense.
Sharp: See article about licensing details.

Sharp: Print is not supported for users with username "admin", "blankuser", "service", "users",
"other", "other2", "system", "invalid", "vendor", "vendor2" and "servicefss" as these are internally
reserved words.
Toshiba/OKI: Embedded terminal accounting does not account blank pages.
Toshiba/OKI: Scanning multiple sheets (simplex or duplex) in one scan job is supported only when
scanning using automatic document feeder (ADF).
Toshiba/OKI: Authentication method Username and Password is not supported for users
containing @ character. More details in the article configuring OKI for YSoft SafeQ Embedded
Terminal with @ character in username.
Toshiba/OKI: Card self-registration is not available.
YSoft SafeQ 5 339

February 03, 2016
3.3.2 EXTERNAL TERMINALS
HARDWARE TERMINALS
Terminal Comments Dimensions
16.5x10x5cm
Terminal interaction is accomplished via a 900g
graphical touchscreen display (480 x 272 pixels,
color).
Terminal includes an integrated card reader for
authentication with various types of cards (see
Terminal Authentication Matrix).
Terminal contains 4-port 10/100 Mbit switch with
fully configurable sockets.
Configuration of a terminal is done via the
Professional graphical touchscreen display or remotely via a
secured TCP/IP connection from the YSoft SafeQ
central management interface.
Network/power cables are hidden under the cover.
See Using Terminal Professional for user interface
details and Installing and configuring YSoft SafeQ
Terminals for installation guides.
Professional Terminal Supports Terminal
monitoring via SNMP tools.
15x3.7x7.
Terminal interaction is accomplished via numeric 5cm
capacitive keyboard, print/copy buttons, status 500g
LEDs and/or sound signals.
Terminal includes an integrated card reader for
authentication by various types of cards (see
Terminal Authentication Matrix).
Terminal includes 2-port 10/100 Mbit switch.
Configuration of a terminal is done remotely from a
configuration utility on any workstation via secured
TCP/IP or UDP connection
Network/power cables are connected from the top
UltraLight of the terminal.
See Using Terminal UltraLight for user interface
details and Installing and configuring YSoft SafeQ
Terminals for installation guides.
COMMENTS AND LIMITATIONS
Terminal cannot work without connection to the YSoft SafeQ server.
YSoft SafeQ 5 340

February 03, 2016
Terminal is capable of restricting access to the device via a third-party interface (FDI/FIH/KC/VI).
Terminal must be connected to TCP/IP network with its own IP address (DHCP ready).
If the terminal fails, copying and scanning are no longer available.
Mounting kit and interface cable are required to connect the terminal to the MFP/printer (terminal
mounted to wall/table/MFP uses 1 or 2 screws or double-sided Velcro tape).
Power socket is required within 2m / 6ft distance.
Operating conditions: office environment, 5°C - 35°C , max 20% - 80% air humidity without
condensation.
3.4 TERMINAL FEATURES IN DETAIL
Features available from YSoft SafeQ server with terminals only
Copy tracking
As a manager, I want to receive reports for all copy activity on controlled copiers / MFPs so that I
have information to optimize our printing environment.
Scan tracking
As a manager, I want to receive reports for all scan activity on controlled network scanners / MFPs so
that I have an audit log in case of any security issues.
Project copy and scan tracking

As a user, when I make copies, I want to authenticate; then select a billing code (project code) for the
copies so that I can exactly track costs related to each of the various projects I'm working on.
Print roaming
As a user, I want to print a document from my workstation and then release it at the printer only after
I authenticate there, so that I'm sure my documents remain confidential.
As a user, I want to print a document from my workstation; then authenticate and release the job at
any printer in my office (LAN), so I don't need to rely on the availability of only one printer.
As a user traveling around company offices, I want to print a document from my notebook; then
authenticate and release the job at any printer in any office (WAN or VPN network), so I don't need to
rely on the availability of only one printer and am not limited to a single print server or my default
printer.

As a user, I want to see a list of my print jobs at the printer before I print them so that I can make last-
minute decisions about what and how to print.
User print sharing (VIP shared queues)

As a user, when I send my documents to print, I want selected colleagues to be able to release those
print jobs at printers (via Print roaming).
Workgroup print sharing (shared queues)

As a user, when I send my documents to print, I want my colleagues in my department to be able to
release those print jobs at printers (via Print roaming).
YSoft SafeQ 5 341

February 03, 2016
Features available from YSoft SafeQ server with terminals only

As a user, I want to authenticate at the MFP so that the MFP knows my identity and can provide
personalized workflows based on my needs.
Workflow scanning
As a user, I want to authenticate once at the MFP and select the appropriate scan workflow so that
my documents are automatically delivered to my desired destination(s) without my having to enter
unnecessary information.

As a user, I want to print my documents by sending them via e-mail or uploading them to a Web
page; then select finishing options at the Web so that I can print from any mobile device or any
computer — without having to install print drivers.
As a user, I want to use my ID card to authenticate at the MFP. If I have a new card, I want to
authenticate at the MFP by using other credentials; then swipe the card and have it be assigned as
my future identification method — so that the next time I authenticate, I only need to use that card.

As an administrator, I want to configure data compression (from the workstation to the MFP) so that I
can reduce network traffic.

As an administrator, I want to configure data encryption (from the workstation to the MFP) so that I
can make our print environment really secure.
Terminal monitoring via SNMP

As a administrator of SNMP management server, I want to be informed about terminal status so I can
check terminals from central management software.
3.4.1 MFP WALKUP FUNCTIONS CONTROL
MFP WALKUP FUNCTIONS CONTROL
DESCRIPTION
SafeQ Terminal blocks access to the MFP panel options so only authenticated and authorized user can
operate it.
see Configuring Authorized Copying for configuration and deployment information.
USER STORIES
1. AuthCopy - As a User I want to authenticate at the MFP so that the MFP knows my identity and
can provide personalized workflow based on my needs.
YSoft SafeQ 5 342

February 03, 2016
REQUIREMENTS
SafeQ shall block copy access when user doesn't have proper permissions.
SafeQ shall block colour copy if user doesn't have proper permissions to print in colour.
SafeQ shall stop hard copy after first detected colour copy if user doesn't have proper
permissions to print in colour.
Administrator shall be able to define timeout for user's session (after what time is user logged off
at the device when idle).
SPECIAL REQUIREMENTS
In addition to the standard terminal access control, SafeQ shall control copy access to any Xerox
Network Accounting JBA enabled networked printer via Network Accounting Kit (JBA):
Copy jobs must be authenticated via JBA on-box (On-Box mode is not supported on ORS
servers and must be configured centrally) or off-box mode by: Login/PIN, Login only, PIN only.
Special license might be required.
When using JBA on-box mode, all PIN codes must be stored in DB in unencrypted form, so it
can be transferred to the device. Number of users account that can be stored to the device
differs depends on device available memory.
Both HTTP and HTTPS communication protocols are supported for JBA.
DEPENDENCIES/NON-FUNCTIONAL REQUIREMENTS
YSoft SafeQ Server must be installed and available within LAN proximity.
Identity management must be established.
MFP must be equipped with terminal with correctly configured authentication and support panel
access control.
CAVEATS
Due to the technical limitations, color copy blocking and Real-Time hard copy stop is only
supported by Terminal Professional/Ultralight using Xerox FDI,KM Vender2 interfaces,KM
OpenAPI, Ricoh ESA and Xerox EIP 2.0 capable devices.
TERMINAL AUTHENTICATION AND ACCESS CONTROL OVERVIEW
Authentication Function Terminal Terminal Terminal

Professional UltraLight Embedded
PIN code (see YSoft SafeQ Security Overview for more see
details) Embedded
Terminals
Login / password credentials (see YSoft SafeQ see

Security Overview for more details) Embedded
Terminals
YSoft SafeQ 5 343

February 03, 2016

Proximity cards with support for Use Card Number see

Conversion (Please contact Y Soft customer support for Embedded
details about supported technologies) Terminals
Contact cards (Please contact Y Soft customer support see

for details about supported technologies) Embedded
Terminals
Magnetic swipe-thru cards (with PIN code
confirmation and support for Use Card
Number Conversion)
Barcodes via laser beam not
supported on most of the Embedded
Terminals
iButton (Dallas)
Contact smart cards with PIN code confirmation and

User (certificate-based) authentication via Kerberos v5
PKINIT
Due to very loose interpretation of the standard,
YSoft internal testing, re-configuration or customization
is necessary. See Smart Card support for configuration
details
Please contact Y Soft customer support for details about
supported technologies
FIPS 201 PIV Card / PIV II CAC Card - see http://csrc.

nist.gov/groups/SNS/piv/index.html
with PIN code confirmation, Challenge

/Response mechanism with on-card
certificate validation with trusted certificate
and User (certificate-based) authentication
via Kerberos v5 PKINIT
see YSoft SafeQ Security Overview for
workflow / sequence diagrams
Card self-assignment via Card Activation Code (see see

Card self-assignment) Embedded
Terminals
Card self-assignment via user credentials (see Card self- see

assignment) Embedded
Terminals
YSoft SafeQ 5 344

February 03, 2016
TERMINAL AUTHENTICATION MATRIX

PIN code (see YSoft SafeQ Security Overview for more see
details) Embedded
Terminals
Login / password credentials (see YSoft SafeQ Security see

Overview for more details) Embedded
Terminals
Proximity cards with support for Use Card Number see

Conversion (Please contact Y Soft customer support for Embedded
details about supported technologies) Terminals
Contact cards (Please contact Y Soft customer support see

for details about supported technologies) Embedded
Terminals
Magnetic swipe-thru cards (with PIN code
confirmation and support for Use Card
Number Conversion)
Barcodes via laser beam not supported
on most of the Embedded Terminals
iButton (Dallas)
Contact smart cards with PIN code confirmation and User

(certificate-based) authentication via Kerberos v5 PKINIT
Due to very loose interpretation of the standard, YSoft
internal testing, re-configuration or customization is
necessary. See Smart Card support for configuration details
Please contact Y Soft customer support for details about
supported technologies
FIPS 201 PIV Card / PIV II CAC Card - see http://csrc.nist.

gov/groups/SNS/piv/index.html
with PIN code confirmation, Challenge

/Response mechanism with on-card
certificate validation with trusted certificate
and User (certificate-based) authentication
via Kerberos v5 PKINIT
see YSoft SafeQ Security Overview for
workflow / sequence diagrams
YSoft SafeQ 5 345

February 03, 2016

Card self-assignment via Card Activation Code (see Card see

self-assignment) Embedded
Terminals
Card self-assignment via user credentials (see Card self- see

assignment) Embedded
Terminals
YSoft SafeQ 5 346

February 03, 2016
3.4.2 COPY TRACKING
COPY TRACKING OVERVIEW
DESCRIPTION
YSoft SafeQ tracks all produced copies and provides addressed reporting per device and user
see Configuring Copy Tracking for configuration and deployment information.

see Available Copy Tracking Methods for more information and limitations
handling by devices.
USER STORIES
CopyTracking - As a Manager I want to receive reports for the copy activity on controlled copiers /
MFPs so that I have information to optimize our printing environment.
REQUIREMENTS
SafeQ system shall collect information per each copy, device and user.
SafeQ system shall collect detailed information for each copy job: amount of pages per paper
size (in two sizes: large and normal), amount of color/monochrome pages and duplex usage.
DEPENDENCIES / NON FUNCTIONAL REQUIREMENTS
SafeQ Server must be installed and available within LAN with Identity management established
MFD Walkup Functions Control must be established
CAVEATS
handling by devices.
see Available Copy Tracking Methods for more information and limitations
LICENSING
Copy tracking feature is a standalone licensed feature since YSoft SafeQ 5.0 with following limitation if
license for the feature expires or is not available in a license. Please see License content per version to
review all SafeQ version and availability of a feature.
User's rights for copying are ignored.

User does not have option to select copying on a terminal.
All received accounting data from MFPs are ignored
YSoft SafeQ 5 347

February 03, 2016
YSoft SafeQ 5 348

February 03, 2016
AUTHENTICATED COPYING DIAGRAM
This workflow is typically used for MFD Walkup Functions Control, Copy Tracking, Project Copy and
Scan Tracking or Scan Tracking
CARD / PIN BASED AUTHENTICATION
PKI (SMARTCARD BASED) OR LOGIN/PASSWORD BASED AUTHENTICATION
1. User information is typically replicated from LDAP server using secured (server-authenticated)
LDAP/S connection. This step is however purely optional. See Identity management for
additional details.
using TLS based secure protocol (with client only authentication - server verifies identity of
YSoft SafeQ 5 349

2. February 03, 2016
terminal). Sever looks up the internal SQL database to find the user record connected with the
entered PIN code or card ID.
Kerberos v5 protocol to get the Ticket Granting Ticket information (TGT) form Kerberos
server.
d. Server gets the deciphered data and looks up the internal database for respective user
record
3. If the user is authorized to copy, the device panel is unlocked (either using serial smart blocking
cable from terminal or internal mechanism in case of MFP panel integrated (embedded)
terminal.
4. SafeQ gathers the accounting data using several mechanisms (see Available Copy Tracking
Methods). If the online accounting method is used, SNMP protocol is used to gather the current
page meter information from the printer.
AVAILABLE COPY TRACKING METHODS
AVAILABLE COPY TRACKING METHODS:
Off-line copy
accounting Monitors any copy produced at the copier/MFP in real-time.
Tracking works with devices actively checked by YSoft SafeQ terminal.
Realized by physical connection to the copy device via vender provided
interface (see YSoft SafeQ HCL (portal.ysoft.com)
Tracks number of pages actually copied at the device. Tracked information
varies as per device of total number of impressions, total number of BW/color
impressions, total number of small (A5/A4/letter) and large (A3/legal/tabloid)
pages, duplex usage.
On-line copy
accounting Monitors any copy produced at the copier via LAN connection in real-time
Copies made outside the control of YSoft SafeQ (such as public access,
admin, etc.) may be reported as "Anonymous copies"
Available for any copier/MFP listed in YSoft SafeQ HCL (portal.ysoft.com)
Tracks number of pages actually copied by the network device. Tracked
information varies as per devices of total number of impressions, total number
of BW/color impressions (3-tiers where available), total number of small (A5/A4
/letter) and large (A3/legal/tabloid) pages, duplex usage.
YSoft SafeQ 5 350

February 03, 2016
Online accounting disables multitasking capabilities for MFPs (only one user
at a time can operate the MFP to enable this tracking)
Average network response speed from the printer to server on SNMP query
must be less than 200ms.
Native copy
accounting Monitors any copy produced at the copier/MFP via network connection
Copies made outside the control of YSoft SafeQ (such as public access,
admin, etc.) are not reported.
Incompatible with external (hardware) terminals
Gathers data in scheduled intervals; Available only for the following devices
(verify by checking the YSoft SafeQ HCL):
Fuji Xerox MFPs with Accounting Logs option.
Konica Minolta MFPs with OpenAPI3 account maps
Ricoh ESA with SDK4,7 or 10
Sharp MFPs with OSA (MX-AMX3) module.
Toshiba MFPs with Open Platform SDK.
Xerox MFPs with Network Accounting (JBA) kit including 3-tier billing.
Copy jobs must contain information about user.
Tracks number of pages actually copied by the network device. Tracked
information varies as per devices of total number of impressions, total number
of BW/color impressions, total number of small (A5/A4/letter) and large (A3
/legal/tabloid) pages, duplex usage.
3.4.3 SCAN TRACKING
SCAN TRACKING OVERVIEW
DESCRIPTION
YSoft SafeQ tracks all produced scan and provides addressed reporting per device and user. The scan
tracking is only supported for scan jobs routed via SafeQ server or for devices with Vendor Provided
Accounting Mechanism (Konica Minolta OpenAPI, Sharp OSA, Xerox JBA, Ricoh ESA).
see Configure Scan Tracking for configuration and deployment information.
USER STORIES
1. ScanTracking - As a Manager I want to receive reports for the scan activity on controlled
network scanners / MFPs so that I have audit log in case of any security issues.
YSoft SafeQ 5 351

February 03, 2016
REQUIREMENTS
SafeQ system shall collect information per each scan routed via SafeQ, device and user.
SafeQ system shall collect detailed information for each scan routed via SafeQ job: amount of
pages, amount of color/monochrome pages and duplex usage.
SafeQ system shall collect information per each scan reported via device Vendor Provided
Mechanism.
YSoft SafeQ Server must be installed and available within LAN with Identity management
established
MFP must be equipped with terminal with correctly configured authentication (panel blocking)
Scanners must transfer data via SafeQ (see Workflow scanning)
CAVEATS
Vendor Provided Accounting Mechanism works only in conjunction of Embedded Terminals.

Cancelled scan might be accounted
LICENSING
Scan tracking feature is a standalone licensed feature of YSoft SafeQ with following limitation if license
for the feature expires or is not available in a license. Without valid licence,
User's rights for scanning are ignored.

User does not have option to select scanning on a terminal.
All received accounting data from MFPs are ignored.
3.4.4 PROJECT COPY AND SCAN TRACKING
PROJECT COPY AND SCAN TRACKING OVERVIEW
DESCRIPTION
Project Copy tracking allows users to select and assign target project for every copy made in order to
track per-project costs. Project codes are provided in the hierarchical structure that can represent
different business models (e.g. List of the customers and their individual projects).
see Configuring Project Copy Tracking for configuration and deployment information.
see Billing Code Import CSV Format Specification for import/export overview.
USER STORIES
1. ProjectCopyTrack - As a User I want to authenticate for copy and select project / billing code
for the produced output so that I can exactly track costs related with various projects I'm working
on.
YSoft SafeQ 5 352

February 03, 2016
REQUIREMENTS
User shall select project code prior copy [see table below] from multi-tiered, hierarchical list (i.e.
user first limits the selection, then selects code). This selection shall be Mandatory, if the project
billing feature is enabled on the device by the administrator.
User shall be able to skip Project selection if he/she has assigned the Default Billing code
Project code selection shall be completely skipped for users with only one assigned billing code
User shall be able to search for billing code using sub-string search; result of this search shall
be list of matching billing codes with complete path
CAVEATS
Available for networked copiers/mfps connected via SafeQ server only!

SafeQ 3.1/3.6: List of available project codes for new user is synchronized to ORS servers
on next regular synchronization - which means that user may not see project list on first access.
(user session is rejected with error message and user must authenticate again)
Maximum project within ONE level of project codes is 1000.
SafeQ 3.1/3.6: Terminal Professional cannot handle (i.e. the authentication can take minutes
) situations, where there are hundreds or thousands project codes available for a user.
Multilevel (tiered) project billing selection is not available for SafeQ versions 3.x
User without assigned billing codes is able to copy/scan without limitation.
Supported SafeQ versions : 3.1/3.6/4.0
KNOWN TECHNOLOGY LIMITATIONS
Billing codes cannot be enabled / disabled per devices, this feature can be enabled / disabled
only for whole SafeQ system.
On Konica Minolta and Sharp terminal embedded native application it is impossible to change
selected billing code (The user has to logout and login again to change selected billing code).
For list search results on KM C35 you must confirm input dialog after search term direct input.
After that you can return in to the input dialog and press 'List results' button to see searched
billing codes.
On Sharp devices default billing code is marked with an asterisk.
It is not possible to force user to select billing code immediately after login on Xerox and
FujiXerox devices.
When billing code selection is not successful on KM then error message is displayed and user is
logged out. Due to technology limitation we are not able to implement different behavior after the
error message confirmation.
On FujiXerox devices Billing codes are not fully supported
Behavior and project definition related to the Project Print Tracking feature;
YSoft SafeQ Server must be installed and available within LAN proximity
Identity management must be established
MFP must be equipped with terminal with graphical user interface and properly configured
authentication (panel blocking)
YSoft SafeQ 5 353

February 03, 2016
Default billing code is also suitable with Terminal UltraLight (terminal without graphical user
interface)
TERMINAL PROJECT TRACKING FEATURES MATRIX
Project Billing Function SafeQ Terminal Terminal Terminal

Version Professional UltraLight Embedded
Assign produced copy/scan with default billing All

code
Mandatory selection of billing code from the All

list after authentication (before copy panel is
enabled)
Change of billing code selection from the list All

after authentication (after copy panel is Browser-
enabled) based and
Ricoh
native only
Smart search for project code (i.e. user types 5.0

letters/numbers and list is automatically
filtered on matching projects only). System
allows to globally define search strategy as
one of following:
0 - substring match - Wildcard

match 'ree'
1 - prefix match - Wildcard match
'gree*
2 - suffix match - Wildcard match
'*een'
3 - exact match - Wildcard math
'green'
4 - non-exact match - Wildcard
match 'green' without 'green'
5 - exact match first (default) -
Composed strategy: Wildcard
match 'green' append non-exact
('green')
Tiered project code selection (i.e. user first 5.0

limits the selection, then selects code)
YSoft SafeQ 5 354

February 03, 2016
3.4.5 PRINT ROAMING
YSoft SafeQ 5 355

February 03, 2016
PRINT ROAMING – OVERVIEW
DESCRIPTION
Print Roaming is an extension of pull-printing (print job after authentication at the MFD). With pull-
printing, after user sends a job to a printer, user "pulls" the job to the printer — user goes to a printer,
authenticates and prints the job. This feature brings several important advantages:
Flexibility: Users can send a print job and choose any MFD for pick up
Costs and environment: Reduced paper waste which results from printouts left at printers
uncollected
Security: Users have to authenticate at the printer before documents are printed out
With both Print Roaming and pull-printing, users can release their print jobs at any printer which is
connected to YSoft SafeQ system.
Print Roaming is one of the key needs of companies with multiple locations - users who move between
the locations frequently need the ability to manage their print, copy and scan jobs without any
additional changes in their habits. In practical terms - wherever the user is and needs to print, copy or
scan, they can do so using combination of Print Roaming and Pull-Printing features of YSoft SafeQ.
Job roaming in the YSoft SafeQ Enterprise Distributed Server System - Private Cloud is built on top of
ORS technology. Roaming is established among two or more ORS servers, acting as peers. Additional
types of roaming, such as the transfer of print jobs to and from the CML server are not considered.
YSoft SafeQ 5 356

February 03, 2016
Job roaming is designed to meet the following requirements:
1. The user can pick up submitted print jobs at any device connected to YSoft SafeQ without any
significant impact on the wait times.
2. The system administrator has an option to decrease system overhead by increasing waiting
times before jobs are available in more distant locations.
Two print roaming modes are available: near roaming and far roaming. Because peers need to share
certain types of information (in a group), an ORS can belong only to one roaming group (members of
which have access to all jobs in the group much faster), configured by the system administrator. The
system provide multiple near-roaming and far-roaming groups in order to support variety of
environments.
PRINT ROAMING WITHIN SINGLE SERVER (LAN)

In organizations with one server, no additional configuration is needed. YSoft SafeQ provides print
roaming, the ability to release the jobs, with all connected devices.
YSoft SafeQ does not modify print job data, so PDL-level compatibility between printers must be
ensured by other means.
To configure this feature, see Configure secure printing and Print roaming.
PRINT ROAMING WITH MULTIPLE SERVERS WITHIN LAN (NEAR-ROAMING MODE)

In organizations with multiple servers, each being hosted in its own location, near-roaming groups can
be set up among the servers. This requires additional CPU power and network resources in order to
allow fast synchronization of print jobs among the group peers without noticeable delays to end users.
This roaming mode uses synchronization protocols which efficiently distribute job metadata among all
members of the roaming group. Print job data are retrieved from the originating ORS on demand and
are delivered to the device where user is standing (using ORS managing that particular device). This
requires availability of the ORS servers, so that the information can be shared and delivered.
This is typically required in case of hundreds/thousands of users in a relatively small area on a high-
speed, low-latency network (such as LAN or sometimes even buildings co-located in one city).
Read Configuring Print Roaming about more details on how to configure the system to allow this
behavior.
PRINT ROAMING WITH MULTIPLE SERVERS WITHIN WAN (FAR-ROAMING MODE)

When company operates with several subsidiaries, even across mutliple continents, the users need the
print/copy/scan services to be available at all times. Users may need to (re)print a job sent to the YSoft
SafeQ after travelling a longer distance. Because of that, system administrators may consider
decreasing network and CPU load, where users may notice delays (seconds to minutes, depending on
the network and system configuration) before their jobs are available at devices connected to the
destination ORS.
This roaming mode sends job metadata over main CML server and support for UDP multicasting is not
required for standard operation. However, the infrastructure will still provide high-performance
networking to minimize the delay to job availability. This mode of operation is more robust, but is useful
in situations where only a fraction of the users requires roaming for their operations (such as travelling
salesmen, etc.).
YSoft SafeQ 5 357

February 03, 2016
USER STORIES
1. Pull-print -- As a user, I want to print a document from my workstation and release it at the
printer only after I authenticate there, so that I'm sure my documents remain confident.
2. Roaming-print (LAN) -- As a user, I want to print a document from my workstation and
release it at any printer in my office (LAN proximity) after I authenticate there, so that I don't
need to rely on the availability of only one printer.
3. Roaming-print (WAN) -- As a user travelling around company offices, I want to print a
document from my notebook and release it at any printer in any office (WAN or VPN network)
after I authenticate, so that I don't need to rely on the availability of only one printer and without
needing to know the location of my print server or my default printer.
REQUIREMENTS
The user can print a document from a workstation by using default printing methods; the system
must keep the document on hold and not release it to the printer.
The user will be able to authenticate at the printer and request release of held print jobs to the
printer.
The system will release only print jobs that are compatible with the target printer. see
example in the comments section.
Incompatible print jobs will not be available to the user (or the user will be informed about
the incompatibility issue); this option will be configurable by the system administrator.
The user will be able to use secure print (pull-print) at every printer connected to the system
network.
With a high-speed network, the user will be able to send a document to print from any
workstation and release it at any printer, exactly as if using standard Print roaming, regardless of
the number of involved servers or underlying architecture.
With a low-speed / low-latency network, the user will be able to send a document to print from
any workstation and release it at any printer; however, if the originating system is "far" from the
target printer, the system will synchronize data in the background and request that the user wait
(for synchronization) or release the document later.
The YSoft SafeQ Web Interface will be modified so that the system administrator can create and
modify roaming groups for near or far job roaming. The administrator will be able to completely
disable roaming by setting an ORS to operate in standalone mode only.
YSoft SafeQ Server must be installed and available within LAN proximity. Secured-print works
only in a LAN.
Each printer must be equipped with a terminal.
Print drivers must send print data to YSoft SafeQ server.
Identity management must be established (see User Identity management).
Distributed Server System - Private Cloud with a single central CML system must be
established, with a server in every location required for near- or far- print roaming.
Global identity management (common for all YSoft SafeQ servers in the network) must be
established.
YSoft SafeQ 5 358

February 03, 2016
No extensions in YSoft SafeQ Client or any other client tool is necessary. Job roaming may
introduce additional pop-up messages to be handled by the default YSoft SafeQ Client facility
for such messages.
The origin ORS and the destination ORS in a near-roaming group must be visible to each other
on the network. The network must also provide the necessary bandwidth and low latency to
eliminate any impact of the network on the availability of print jobs at destination ORSs. Without
network visibility and performance, near-roaming mode does not produce correct results and
cannot be used.
For near-roaming groups with more than 10 ORS servers, UDP Multicast must be enabled
among servers!
CAVEATS
When using job roaming, note that you CANNOT roam jobs between CML and ORS.
For a near-roaming mode, it is recommended to to use fiber optics network.
When using an application-based failover system, if a server fails, all print jobs stored on the
failed server are unavailable for release at terminals and users must re-submit the jobs from
their workstations.
Shared network storage can solve this problem.
Pull-print may affect the speed of the print process (measured as time-to-print) under the
following conditions:
YSoft SafeQ server is available on a 100MB LAN, complies with specifications, and CPU
utilization is <10%.
User authenticates at the terminal, opens a job list, selects a print job, and selects Print.
Time is measured from that moment to the moment the printer starts to receive data.
With far-roaming mode,

When using the Job Roaming feature (enabled by the license), all ORS servers are
automatically configured to FAR-roaming group. Far roaming also works among near-
roaming groups and among near-roaming group and standalone ORS servers. It is not
possible to limit job roaming to only selected ORS servers.
The following components of the YSoft SafeQ system must be online, configured (both
mentioned ORSes are not in the same near-roaming group) and working properly: the
CML, the ORS the prints will be sent to, the ORS the printer/MFD is connected to, the
printer/MFD where the print job will be printed.
Users may notice delays (seconds to minutes, depending on the system configuration) in
job availability at the terminals connected to the remote (other than origin of
print) destination ORS, because ORS downloads information (metadata) about user's
print jobs every 5 minutes (by default). When user logs on terminal connected to remote
ORS for the first time, there is no delay in job availability.
Users may notice delays (depending on the size of the print job and a network speed) in
printing (i.e. time from pressing print button on terminal to time when the first paper
comes out from the printer/MFD), because print job data are downloaded from remote
ORS on demand. Print job data are not synchronized. Only print job metadata are
synchronized.
(NOTE: The User Roaming feature is usually required for Far/Global roaming features.
YSoft SafeQ 5 359

February 03, 2016
Comments
Time implications on print speed:
Configured options SafeQ Time to

server Print
HW Terminal Professional/UltraLight CML ~1 sec
HW Terminal Professional/UltraLight ORS <10 sec
Embedded terminal CML ~1-3 sec

with offline accounting or vendor provided
accounting
Embedded terminal ORS <5 sec

with offline accounting or vendor provided
accounting
Printer compatibility is defined based on the System Tags in YSoft SafeQ Administrative web interface.
The tag represents the capability of the printer, such as PDL-compatibility (PCL, PostScript, ...) or
feature such as Color, Duplex, Paper Size (Large/Small).
Example:
A3(Tabloid) Color Printer ... will display all A4(letter), A3(Tabloid), Monochrome and Color print
jobs in the list.
A3(Tabloid) Mono Printer ... will display all A4(letter), A3(Tabloid), Monochrome and Color print
jobs in the list, but will only allow release of Mono Print jobs.
A4(Tabloid) Color Printer ... will display all A4(letter), A3(Tabloid), Monochrome and Color print
jobs in the list, but will only allow release of A4(Letter) Print jobs.
A4(Tabloid) Mono Printer ... will display all A4(letter), A3(Tabloid), Monochrome and Color print
jobs in the list, but will only allow release of Mono A4(Letter) Print jobs.
YSoft SafeQ 5 360

February 03, 2016
SECURED PRINTING / PRINT ROAMING – DIAGRAM
This workflow is typically used for secured printing (pull-printing), Print roaming, YSoft Mobile Print
Server.
1. User information is typically replicated from an LDAP server using a secured (server-
authenticated) LDAP/S connection. This step is, however, purely optional. See Identity
management for additional details.
2. The user prints the data from the workstation using the standard print mechanism. By default,
the data are transferred via plain LPR protocol. Optional plain or encrypted data transfer is
possible using YSoft SafeQ Client for Windows, OS X or Linux. The server stores the data in
plain form on the disk folder. For more details, see YSoft SafeQ Security Overview document.
3. The user places/inserts the card and/or enters a PIN.
If PIN only or card ID verification is used, the information is transferred to YSoft SafeQ
using the TLS-based secure protocol (with client-only authentication — the server verifies
the identity of the terminal). The server looks up the internal SQL database to find the
user record associated with the entered PIN or card ID.
If Smart Card Authentication via Terminal Professional is used, following communication
occurs to YSoft SafeQ server using the TLS-based secure protocol (with client-only
authentication — the server verifies the identity of the terminal).
(A) YSoft SafeQ server uses the Kerberos v5 protocol to get the Ticket Granting
Ticket information (TGT) from the Kerberos server.
(B) Kerberos sends encrypted information back to the server.
(C) The server uses the secured connection with Smart Card to decipher the data.
(D) The Server gets the deciphered data and looks up the internal database for the
respective user record.
If Smart Card Authentication occurs at MFD directly, than:
(A,B) The MFD verifies smart card directly with Active Directory using Kerberos
protocol
(H) The MFD request a user session with SafeQ server based
on Authenticated User's Subject ID.
4. YSoft SafeQ uses several methods to gather the accounting data (see Print tracking methods).
If the online accounting method is used, the SNMP protocol is used to gather the current page
5. With vender-provided accounting, the accounting information is transferred to YSoft SafeQ from
the printer via SOAP or HTTPS POST message.
CARD / PIN BASED AUTHENTICATION
YSoft SafeQ 5 361

February 03, 2016
PKI (SMART CARD-BASED) OR LOGIN/PASSWORD-BASED AUTHENTICATION VIA TERMINAL PROFESSIONAL
PKI (SMART CARD-BASED) OR LOGIN/PASSWORD-BASED AUTHENTICATION VIA PIV USB READER
Please note that this feature requires device to be equipped with PIV compliant smart card reader
and provide user information via embedded terminal session.
YSoft SafeQ 5 362

February 03, 2016
MOBILE PRINTING
If mobile printing (YSoft Mobile Print Server) is used, only Print method (2) on the previous diagrams is
different. The user does not deliver the data using described protocols; instead, the user sends the
data via e-mail or uploads the data to the YSoft SafeQ Web.
If the e-mail method is used, the owner of the document is recognized by the FROM: email
header. No further special security is enforced. If the user e-mail address is not known to the
system, depending on the configuration, the server can send a registration link to the user. The
user then uses his YSoft SafeQ credentials to log in to the page. Typically
Kerberos authentication (3.a/3.b) is used.
If the Web upload method is used, the user must access the secured (server authentication
only) Web page, log in using the same method as described in the previous point, and upload
the document using the standard HTTP(S) upload form. Kerberos-based single-sign-on (SSO)
is also available. YSoft SafeQ uses Windows Authentication Framework (http://waffle.
codeplex.com/documentation) for the SSO process.
3.4.6 PRINT JOB LIST MANAGEMENT AND RE-PRINT
PRINT JOB LIST MANAGEMENT AND RE-PRINT OVERVIEW
DESCRIPTION
SafeQ Terminals provides
YSoft SafeQ 5 363

February 03, 2016
see Configuring Print job list management for configuration and deployment information.
USER STORIES
1. JobList - As a User I want to list my print jobs at the printer before I print them so that I can do
a last time decisions about what and how to print.
REQUIREMENTS
Terminal shall provide list of queued print jobs, with information about job title, print date, owner,
number of pages and status (new, already printed, favourite)
Terminal shall provide list of already printed jobs with option to re-print or delete
Terminal shall allow release all waiting print jobs
Terminal shall allow release only selected print jobs
Terminal shall support print all jobs after authentication (if configured)
Terminal shall display preview of first page
Terminal shall allow marking / unmarking a document as a favourite
Terminal shall allow deletion of selected document from the print queue
Terminal shall allow change job properties: number of copies, duplex, usage of colour [if
applicable] This feature is not yet supported.
Terminal shall support configurable sorting of print jobs list
Terminal shall support configurable limit of print jobs to be displayed in the list
SafeQ shall enable administrators to configure job expiration after how long the jobs will be
removed from the printed queue
Excluding weekends (SafeQ 5.0)
Terminal shall support use of all MFP function after authentication (print / copy / scan)

Printers must be equipped with terminal with graphical user interface (Professional or
Embedded)
CAVEATS
Information about Number of pages is available for PCL5+ and PS print jobs only with enabled
print job analyser at SafeQ server
Terminal professional only allows one operation at the device after authentication (either copy
/scan or print, but not combination)
Printers must be equipped with terminal with graphical user interface (Professional or
Embedded)
KNOWN TECHNOLOGY LIMITATIONS
There can be 'Internal error' message displayed on KM C35 after pressing 'Status' button on any
print job folder. After error message confirmation proper screen is displayed. This behavior can
YSoft SafeQ 5 364

February 03, 2016
be suppressed by setting suppressJobHistoryPollingForSmallPanelDevice configuration property

to true. After that status message is not refreshed anymore (originally every 5 sec). Described
workaround affects small panel KM devices only.
3.4.7 DELEGATION PRINT (VIP SHARED QUEUES)
OVERVIEW
DESCRIPTION
This feature allows managers to share their prints with their assistants without asking IT support. Users
can decide with whom to share the print.
See Configuring and using Shared Queues for configuration and deployment information.
Delegation Print is based on Workgroup print sharing (Shared Queues) and use that same
techniques.
See Using Delegation Print (VIP shared queues) for user workflow description.
USER STORIES
1. VIPQueue - As a User I want to print my documents in the way so that colleagues I select can
release them on the printers (using Print roaming story).
REQUIREMENTS
Administrator shall be able to define group of users that can share print jobs with another users.
User shall be able to decide prior print whether the print job will be designated to secured (Print
roaming or shared queue).
User shall be able to select users (from the SafeQ Identity Database) and add them to private
shared queue.
Print roaming with print queue management and re-print must be configured.
Both YSoft SafeQ Client and respective print driver have to be installed locally on any
workstation required for print sharing.
Print drivers must send print data to SafeQ server via SafeQ Client [see Workstation Client].
CAVEATS
Shared print jobs are not available on "print all" user action of print queue management, but only
on specific selection.
Shared queues are defined in the "current availability" mode. That means that whoever is
eligible to access the shared queue can see all available print jobs, regardless of when and for
whom these have been intended.
Released print job changes owner to person who released it and thus is being accounted to
this person, not the originating author!
YSoft SafeQ 5 365

February 03, 2016
Delegation Print is supported on ORS server. However, it is not possible for users to manage
list of privileged persons through ORS, or even to create the queue. To do so, users must either
manage the list during printing using SafeQ client connected to CML or through dedicated web
application available on http(s)://<safequrl>/client.jsp, where <safequrl> is the address of CML
server. This must be done at least once for each user, to create the queue.
Delegation print shared queues have reserved name in form "shared_<username>". Avoid
creating non-VIP shared queue with such name. If non-VIP shared queue with such name
already exists and user tries to create VIP shared queue, this VIP shared queue will replace the
old non-VIP one.
Document is removed from the Shared queue after it has been released to the printer.
Marking shared job as favorite is not supported at the moment.
If printing via ORS, this configuration value has to be Disabled: localJobsFilteringEnabled
3.4.8 WORKGROUP PRINT SHARING (SHARED QUEUES)
SHARED QUEUES OVERVIEW
DESCRIPTION
Shared queues are specific version of secured queues. They enable multiple users to access selected
documents (in accordance with the users' rights). All jobs sent to the shared queue are automatically
accessible to all users with access rights to that queue.
See Configuring and using Shared Queues for configuration and deployment information.
USER STORIES
1. Shared Queues - As a User I want to print my documents in the way so that my colleagues working
in the same workgroup can release them on the printers (using Print roaming story)
REQUIREMENTS
User shall be able to print the document and share it automatically by administrator-defined group of
users.
Defined users should be able to list and release print jobs shared by another user via Terminal
User shall be able to see the author of the print job at the job list (Print job list management and re-
print)
Print roaming with print queue management and re-print must be configured.
Print drivers must send print data to SafeQ server using YSoft SafeQ Client
Printers must be equipped by terminal with graphical display (Professional or Embedded)
CAVEATS
Shared print jobs are also available on "print all" user action of print queue management.
Released print job changes owner to person who released it and thus is being accounted to this
person, not the originating author!
YSoft SafeQ 5 366

February 03, 2016
Document is removed from the Shared queue after it has been released to the printer. The name
of document's job-queue is changed by adding prefix "shared-".
Marking shared job as favorite is not supported at the moment.
LICENSING
Workgroup print sharing feature is a standalone licensed feature since YSoft SafeQ 5.0 with following
limitation if license for the feature expires or is not available in a license. Please see License content per
version to review all SafeQ version and availability of a feature.
There are no menus and option to configure shared queues on web interface.
Terminal does not display jobs sent to shared queue which has been created in a system while
license was valid.
3.4.9 WORKFLOW SCANNING
WORKFLOW SCANNING OVERVIEW

Description
Workflow scanning is a mechanism that provides users with simplified scanning mechanism (e.g. automated
routing to their home folder or email) and allows administrators to integrate scanning processes with
document management applications.
see Workflow Scanning - Administrative Tasks for configuration and deployment information.
see Scanning workflow definition for more information.
USER STORIES
1. WorkflowScanning - As a User I want to authenticate once at the MFP and use appropriate
scanning workflow function at the MFP so that my documents are automatically delivered to desired
destination(s) without requesting me to enter unnecessary information.
2. SecuredScanning - As an Administrator I want to configure devices to deliver scanned documents
to SafeQ via WebDAV/S so that the document won't travel over the network unsecured.
REQUIREMENTS
SafeQ shall support following repositories for collecting incoming scans.

For Embedded Terminals (EIP, OSA, OpenAPI) SafeQ automatically configures scan data
collection via standard FTP. (FTP server is embedded in YSoft SafeQ)
Device scans to the shared folder, accessible also by SafeQ. SafeQ monitors this hot folder
and executes the workflow on incomming data.
Please note that UNIQUE folder has to exist for every combination of MFP and
WORKFLOW
Device stores data to WebDAV/S or HTTPS server available on SafeQ.
Following workflows shall be available for the users

Scan (automated) to email of authenticated user
Defined attributes can be passed to email subject or body (as a variables in email
template defined by administrator – see available workflow attributes section)
YSoft SafeQ 5 367

February 03, 2016
Scans are delivered via SMTP. Basic authentication including secure password
verification is available.
Sender address (FROM:) is replaced by the authenticated user's email (if available).
Additional options:
If the job size exceeds defined size, Document is stored to defined folder or
rejected with notification to the user's email.
Defined attributes (see Available Workflow Attributes) can be used as a variable
in the folder name placeholder
Scan to email, entered or selected at the MFP panel
Sender address (FROM:) is replaced by the authenticated user's email (if available).
For Xerox Embedded, Konica Minolta Embedded and Sharp Embedded Terminal, user
email is passed to the MFP after successful authentication of the user.
Scan to home folder of authenticated user, default group folder or

administrator- defined network folder
Service account (one that is used to run SafeQ server service) credentials are used to
write the target directory. See Scan Management security overview for additional
details.
Store to folder at the server and execute external script
Defined attributes can be passed to the script -- see available workflow attributes
section)
Service account running SafeQ server service must have access to the target directory
and rights to execute the script.
There are several scripts available with the software:
Integration with RightFax / FerariFax / FaxChange / StreemFax server
(see workflow overview ) and providing user information to enable FAX
confirmation email.
Scan to pre-defined list of network folders
Following Workflow Attributes shall be available for workflow definition on all terminals
Attributes defined by system. every attribute %ATTR% will be replaced by respective value.
Available attributes are:

%devicename% - name of the scan device, as defined in SafeQ
%userhome% - home directory of user (typically imported value from AD);
%groupfolder% - groupdirectory of user (typically imported value from AD)
%login%, %name%, %surname%, %email% - attributes of a logged user
%costcentre% - name of the logged user's costscentre/department
YSoft SafeQ 5 368

February 03, 2016
List of file types that are processed by the workflow script. By default only Images (JPG, TIF, PDF)
are delivered to defined destination.
Following Workflow Attributes shall be available for workflow definition on Embedded Terminals
ONLY
Define default settings for scan:
DPI resolution (low,normal,fine,high,super)

sides (1,2)
color usage (monochrome, color, grayscale, bicolor, monocolor, automatic)
file type (pdf, compact pdf, tiff, jpeg, xps)
Define list of attributes that user should/must select/complete at the MFP with the scan
document
editable string with optionally pre-defined default value

list of selectable items
System shall allow administrator to define target file name for the scanned document (document file
will be renamed on the way thru SafeQ). Several variables are available to be used in the name
placeholder.
Defined attributes (see Available Workflow Attributes)
Date (Date format is YYYY-MM-DD)
Whenever the target file already exists in the destination folder, the new file with numbered
postfix (e.g _1, _2, _3) will be created.
Administrator shall configure the Embedded Terminal so that the device uses either FTP repository
or WebDAV (WebDAV/S)
Administrator shall create a workflow scanning template that delivers the data to a defined repository
(eg. Smb/webdav/ftp folder defined by path and system variables (plus variables from LDAP such as
home directory or webDav home page) directly, rather that passing the data thru SafeQ server
System shall check the compatibility of the device with selected repository and restrain administrator
to configure unsupported repository
YSoft SafeQ Server must be installed and available within LAN

Identity management must be established, including all required information for particular workflow,
such as user's home directory (full path) or email address.
MFP must be equipped with terminal with graphical user interface and with correctly configured
authentication (panel blocking)
The MFP must support the target repository type (EIP is required for Xerox devices, Scan API 2.2 is
required for KM devices)
YSoft SafeQ 5 369

February 03, 2016
CAVEATS
SafeQ can only run limited number of scanning scripts (Store to folder at the server and execute
external script workflow; default 5) in parallel. Additional workflow are being serialized and executed
after successful termination of active scripts.
LICENSING
Workflow scanning feature is a standalone licensed feature since YSoft SafeQwith following limitation if
license for the feature expires or is not available in a license. Please see License content per version to
review all SafeQ version and availability of a feature.
WORKFLOW SCANNING (SCAN TO HOME) DIAGRAM

This workflow is typically used for Workflow scanning or Scan Tracking.
CARD / PIN BASED AUTHENTICATION AND SCAN TO NETWORK FOLDER
YSoft SafeQ 5 370

February 03, 2016
PKI (SMARTCARD BASED) OR LOGIN/PASSWORD BASED AUTHENTICATION AND SCAN TO NETWORK FOLDER
SCAN TO OWN EMAIL
1. User information is typically replicated from LDAP server using secured (server-authenticated) LDAP
/S connection. This step is however purely optional. See Identity management for additional details.
using TLS based secure protocol (with client only authentication - server verifies identity of terminal).
Sever looks up the internal SQL database to find the user record connected with the entered PIN
code or card ID.
a.
YSoft SafeQ 5 371

2.
February 03, 2016

Kerberos v5 protocol to get the Ticket Granting Ticket information (TGT) form Kerberos server.
d. Server gets the deciphered data and looks up the internal database for respective user record
3. If the user is authorized to scan, the device panel is unlocked (either using serial smart blocking
cable from terminal or internal mechanism in case of MFP panel integrated (embedded) terminal.
4. User scans the data. MFP transfers the data using configured protocol (differs per MFP capabilities).
a. The most common option is data transfer via unsecured SMB of FTP protocol. (Target IP
address and folder is pre-configured at the MFP during initial MFP configuration).
b. Some devices allows data transfer using secured WebDAV protocol with server
authentication.
5. SafeQ gathers the accounting data using several mechanisms (see Print tracking methods). If the
online accounting method is used, SNMP protocol is used to gather the current page
7. SafeQ server transfers the data using administrator-configured protocol.
In case of scanning to owner's email, data are transferred as email attachment. SafeQ server
accesses the email server using configured account with secured password authentication.
Data are transferred in plain form.
In case of scanning to the network folder, the scan is delivered to the home folder specified in
user record (inside SafeQ SQL database). Authentication to the network folder is based
on privileges of the system account that runs SafeQ to access the folder. The system account
MUST have the write access to all network home folders.
(7.a) In case of PKI based or login/password authentication used with:
Terminal Professional, SafeQ users Kerberos Ticket Granting Ticket (TGT) service and
impersonates the user to access the home folder. In such a case, no
special privileges for the system account that runs SafeQ are needed. Configuration
can be done by following description at Smart Card support
Terminal Embedded, SafeQ service must have full access to write to the home folders
of the users. Kerberos Ticket Granting Ticket (TGT) cannot be used.
NOTE: When a user is a member of the Administrators group and this workflow is used,
the job will be stored under the Administrators context, not the original user.
LAN FAX INTEGRATION
OUTBOUND FAX
YSoft SafeQ 5 372

February 03, 2016
INBOUND FAX
YSoft SafeQ 5 373

February 03, 2016
SCAN TO RIGHTFAX
SafeQ is able to integrate with RightFax solution using the Scan to Script scanning workflow. The script
whose path is provided in the administrator workflow parameter script is called for each scanned file with
parameter dial whose value is provided by users while scanning on the terminal.
RIGHTFAX SCANNING VIA HOT FOLDER
HOW TO SET IT UP:
1. Enable scanning with terminal embedded and use predefined scanning workflows that will be used with
the MFP (see help for more information about "Workflow scanning").
2. Copy "scanToRightFax.cmd" into "C:\SafeQ5\Scan"
3. Edit parameters WF_LOGIN, WF_PASSWORD, RIGHTFAX_PATH in "scanToRightFax.cmd"
4. Make sure that the path RIGHTFAX_PATH exists and the credentials provided to it (WF_LOGIN,
WF_PASSWORD) have full permissions for read/write/delete.
5. Set up RightFax server to periodically check "RIGHTFAX_PATH" folder for new *.pdf and *.hpf files. The
*.hpf file will contain information about user and Fax number provided in the scan workflow. Make sure that
YSoft SafeQ 5 374

February 03, 2016
RightFax deletes the files that were already processed. Kindly consult RightFax documentation on the setup
details.
HOW TO USE:
1. Authenticate at YSoft SafeQ terminal embedded

2. Choose Scan in the YSoft SafeQ application
3. Press "Scan" button on the MFP and select your RightFax workflow
4. Edit scan parameters for selected workflow and fill in destination fax number in the field "Fax number"
and then start the scan
5. Log off the embedded terminal
TROUBLESHOOTING:
See cml.log in <SafeQ_HOME>\logs folder

SCANNING WORKFLOW CONTENT:
<?xml version="1.0" encoding="UTF-8"?>

<scan>
<name>Fax</name>
<destination>script</destination>
<description>Scan and fax via RightFax</description>
<options>
<resolution>normal</resolution>
<sides>1</sides>
<color>auto</color>
<fileType>pdf</fileType>
</options>
<admin>
<parameter>
<pname>script</pname>
<type>string</type>
<label>Script command call</label>
<required>true</required>
<default>C:/SafeQ5/Scan/scanToRightFax.cmd %file% %login% %dial%</default>
</parameter>
<parameter>
<pname>targetDir</pname>
<type>string</type>
<label>Target directory</label>
<default>C:/SafeQ5/Scan</default>
</parameter>
</admin>
<user>

<parameter>
<type>string</type>
<pname>dial</pname>
<label>Fax number</label>
<default></default>
</parameter>
</user>
</scan>
YSoft SafeQ 5 375

February 03, 2016
SCANTORIGHTFAX.CMD CONTENT:
rem @echo off

@echo on
rem Credentials to access to the RightFax INBOX.

set WF_LOGIN=<USER_NAME>
set WF_PASSWORD=<SECRET_PASSWORD>
rem Path to the RIGHTFAX scan folder (the path should not be ending by backslash).
rem Create the directory if it does not exist.
set RIGHTFAX_PATH=\\<IP>\<folder>
mkdir %RIGHTFAX_PATH%
rem Set the following variable to 1 if the RIGHTFAX_PATH is UNC.

set RIGHTFAX_PATH_CONNECT=1
rem Command line arguments.

set FILE=%1
set LOGIN=%2
set DIAL=%3
rem Move only .pdf files, ignore the other files.

rem If additional file types should processed, add additional if statements bellow.
if /I (%FILE:~-5,-1%)==(.pdf) goto PROCEED
goto IGNORE
:PROCEED
set NEW_NAME=%RANDOM%%RANDOM%%RANDOM%
set DST_FILE=%RIGHTFAX_PATH%\%NEW_NAME%.pdf
set HPF_FILE=%RIGHTFAX_PATH%\%NEW_NAME%.hpf
rem Move the scanned file and rename it.

if (%RIGHTFAX_PATH_CONNECT%)==(1) net use %RIGHTFAX_PATH% /user:%WF_LOGIN% %WF_PASSWORD%
move /y %FILE% %DST_FILE%
if (%RIGHTFAX_PATH_CONNECT%)==(1) net use %RIGHTFAX_PATH% /del
rem Delete hpf if exists.

if exist %HPF_FILE% del /q %HPF_FILE%
echo ##fine >> %HPF_FILE%

echo ##nodelay >> %HPF_FILE%
echo ##b9600 >> %HPF_FILE%
echo ##ecm >> %HPF_FILE%
echo ##description SafeQ Scan to Fax Workflow >> %HPF_FILE%
echo ##pcl >> %HPF_FILE%
echo ##nocover >> %HPF_FILE%
echo ##ScannerName SafeQ >> %HPF_FILE%
echo ##UserName %LOGIN% >> %HPF_FILE%
echo ##Creation >> %HPF_FILE%
echo ##Retry-limit 3 5 >> %HPF_FILE%
echo ##Filename %NEW_NAME%.pdf >> %HPF_FILE%
echo ##dial %DIAL% >> %HPF_FILE%
rem Deleting temporary file

del "%1"
YSoft SafeQ 5 376

February 03, 2016
goto END
:IGNORE
rem Do nothing.
:END
Scan and fax via RightFax
RIGHTFAX SCANNING VIA SMTP
HOW TO SET IT UP:
1. Enable scanning with terminal embedded and use predefined scanning workflows that will be used with
the MFP (see help for more information about "Workflow scanning").
2. Copy "scanToRightFax.cmd" into "C:\SafeQ5\Scan"
3. Copy folder "blat262" from "blat262.full.zip" to "C:\SafeQ5\"
4. Set up customer's SMTP server to deliver all incoming e-mails coming from SafeQ server to
<number>@fax.com to a specific POP3 mailbox.
5. Set up RightFax server to periodically check POP3 mailbox as specified in step 4) and send all e-mails
from it as faxes (consult RightFax documentation on the setup details).
6. Make sure that users have email defined in YSoft SafeQ
HOW TO USE:

2. Choose Scan in the YSoft SafeQ application
3. Press "Scan" button on the MFP and select your RightFax workflow
4. Edit scan parameters for selected workflow and fill in destination fax number in the field "Fax number"
and then start the scan
TROUBLESHOOTING:
See cml.log and fax.log in <SafeQ>\logs folder

SCANNING WORKFLOW CONTENT:
<scan>
<name>Fax</name>
<description>Scan and fax via RightFax</description>
<options>
<sides> 1 </sides>
<color>auto</color>
</options>
<admin>
<parameter>
<type>string</type>
<required> true </required>
< default >C:/SafeQ5/Scan/scanToRightFax.cmd %dial% %file% %email%</ default >
</parameter>
<parameter>
YSoft SafeQ 5 377

February 03, 2016
<type>string</type>
< default >C:/SafeQ5/scan</ default >
</parameter>
</admin>
<user>

<parameter>
<type>string</type>
<pname>dial</pname>
< default ></ default >
</parameter>
</user>
</scan>
SCANTORIGHTFAX.CMD CONTENT:
rem Change the value in SMTPserverIP to the IP address of your e-mail server
set SMTPserverIP=<IP>
@echo off
echo --- >> C:\SafeQ5\logs\fax.log
echo %DATE% %TIME% Sending % 2 to fax % 1 , user: % 3 >> C:\SafeQ5\logs\fax.log
echo C:\SafeQ5\blat262\full\blat.exe -server %SMTPserverIP% -f % 3 -to % 1 @fax .com -subject
"Fax from %3 to %1" -body "This is Fax" -base64 -attach "%2" >> C:\SafeQ5\logs\fax.log
C:\SafeQ5\blat262\full\blat.exe -server %SMTPserverIP% -f % 3 -to % 1 @fax .com -subject "Fax
from %3 to %1" -body "This is Fax" -base64 -attach "%2" >> C:\SafeQ5\logs\fax.log 2 >& 1
if errorlevel 1 goto error
:ok
echo Deleting the file >> C:\SafeQ5\logs\fax.log
del "%2" >> C:\SafeQ5\logs\fax.log 2 >& 1
goto end
:error
echo Errorlevel: %ERRORLEVEL% - not deleting >> C:\SafeQ5\logs\fax.log
:end
Rotation of the logs is missing.
BLAT - TOOL USED IN A FAX.CMD SCRIPT TO TRANSMIT SCAN VIA SMTP
To obtain blat262.full.zip please contact Customer Support Services.
SCANNING WORKFLOW DEFINITION
This page describes options and all information necessary to create a scanning workflow in XML
file used for processing incoming scans from MFPs. These workflows can be used for both
scanning with embedded terminal and scanning with hardware terminal.
YSoft SafeQ 5 378

February 03, 2016
see Workflow scanning for more information.
At A Glance
Scanning Workflow definition

Basic workflow settings
Workflow parameters
Variables
Scan options
Supported scanning workflows
Known MFP limitations
YSoft SafeQ 5 379

February 03, 2016
SCANNING WORKFLOW DEFINITION
Basically, the scanning workflow in SafeQ is a tool for describing process of handling scans created by
MFP and uploaded to SafeQ. That means it does not describe the way the scans are uploaded to
SafeQ rather than way they are processed and delivered to the end user.
The scanning workflows are defined in XML. The XML definition is called a scanning template. This
template describes a scanning workflow and can be changed by the SafeQ administrator by opening it
in a text editor, modifying the XML structure as described hereafter, and importing to SafeQ. A very
basic knowledge of XML is therefore needed.
STRUCTURE OF THE SCANNING TEMPLATE

Each XML template has to start with a tag <scan> and end with the tag </scan>. Inside these tags
are defined descriptive data of the workflow which can be logically divided into three sections:
Basic workflow settings

Workflow parameters
Output file settings
VALIDATION
Before the scanning workflow is uploaded to the SafeQ and activated in, an XML validation is executed
to prevent occurrence of any malicious content in the provided workflow. The scanning workflow is
validated against the XML schema.
The XML schema file name is a configurable parameter in the System Settings configuration. The
name of this parameter is scanTemplateSchema.
The value of this parameter contains the path of the XML schema file. If this parameter is empty or
even omitted, then XML validation would not be performed. Following table summarizes default
contents of the scanTemplateSchema parameter in the CML configuration file.
YSoft SafeQ 5 380

February 03, 2016
BASIC WORKFLOW SETTINGS
Basic workflow settings section is usually entered on the beginning of the workflow after the <scan>
tag. All these definitions are mandatory.
WORKFLOW NAME
The name of the workflow is visible on SafeQ web interface and in case of scanning with embedded
terminal also on a panel of MFP where user selects from available workflows.
Name of the workflow is enclosed in tags name.
Example of name of scanning to email workflow:
<name>Scan to e-mail</name>
SCAN DESTINATION
The destination of scanned documents defines where the scanned document shall be stored. There
are three possible values:
email – SafeQ sends documents as an e-mail attachment via e-mail.

home – SafeQ stores documents to a directory in a local or a remote file system. Typically
home folder of a user is used.
script – SafeQ stores documents to a directory in a local or a remote file system and for each of
the documents it runs a defined script.
Scan destination is enclosed in tags destination.
Example of destination of scanning to home folder workflow:
<destination>home</destination>
WORKFLOW DESCRIPTION
The description can be an arbitrary string which describes the scanning workflow in a natural language.
It is shown for example in the embedded terminal application when user selects a workflow. It may
contain a message for a user to enter parameter values (see section about workflow parameters). The
description string may be shown wrapped according to display proportions.
The workflow description is enclosed in tags description.
Example of description of scanning to email workflow:
<description>
Scanning to e-mail. Please enter e-mail of a scan recipient in Parameters list.
</description>
YSoft SafeQ 5 381

February 03, 2016
Please do not use any special characters, including diacritics and apostrophes.
KEEP METADATA
Scanned metadata will not be deleted from delivery.
Default Value: false
<keepmetadata> true </keepmetadata>
YSoft SafeQ 5 382

February 03, 2016
WORKFLOW PARAMETERS
Workflow parameters may be used to customize a standard behaviour of a scanning workflow which is
defined by the destination element. A parameter is declared as follows:
....
<parameter>
<pname>filename</pname>
<type>string</type>
<label>Output name of the file</label>
<required> false </required>
< default >file</ default >
</parameter>
...
Values of parameters are taken from element default and in case of scanning with embedded terminals
they can be provided by a logged user via Parameters menu in the terminal applications. For this
purpose, parameters are placed in parameter spaces (see next section for information on parameter
spaces).
There is a list of predefined parameters for each supported scan destination with a special purpose
which may be included in the scanning template.
Moreover, a variable with the same name as parameter can be used in parameter values. This variable
is then replaced by the real value (entered by user on the terminal) of the parameter. This enables the
administrator to include other than a predefined parameter.
Each parameter starts with a tag <parameter> and ends with </parameter>.
SPACES
In the XML scanning template, a parameter must be placed into either parameter space. The presence
of a parameter in a parameter space determines who can assign a value to the parameter. There are
two parameter spaces:
admin – only the administrator can assign a value to the parameter. This can be done using
element default.
user – user (with access rights to the scanning workflow) can assign a value to the parameter.
This can be done via terminal panel interface – currently only embedded terminals allow users
to enter parameter values.
To put it simply, users cannot assign a value to a parameter inside the admin parameter space. The
administrator has to define such parameter with a default value using variables if necessary.
Parameters in user parameter space can also have a default value but this can be changed from the
panel interface.
YSoft SafeQ 5 383

February 03, 2016
Currently, only embedded terminals allow user to enter parameter values. Therefore, a template for
scanning with hardware terminals must have all parameters in the admin parameter space (those in
the user parameter space are ignored).
A parameter can be put into a parameter space by enclosing it in tags <user> and </user>, or <admin>
and </admin>. Example of one parameter in user space and one parameter in admin space:
<scan>
...
<user>
...
<parameter>
<type>string</type>
< default >file</ default >
</parameter>
...
</user>
<admin>
...
<parameter>
<type>string</type>
< default >\\server\share%login%</ default >
</parameter>
...
</admin>
</scan>
PARAMETER NAME
The parameter name is an alphanumeric identifier of the parameter. There is a set of special
parameters for each scanning workflow whose names are reserved.
A value of the parameter name must be enclosed in tags pname.
Example of definition of a parameter name:
<pname>to</pname>
PARAMETER DATA TYPE

The parameter data type is used as a constraint for values of the parameter. For example, the
embedded terminal application uses the data type to display a specific input component or check
values entered by the user.
Data types are:
string – any text
YSoft SafeQ 5 384

February 03, 2016
numeric – any real number

boolean – values true/false
date – date without time
email – string field with auto-completing of e-mails
A value of the data type must be enclosed in tags type. Dynamic "email" type is currently available only
on Konica Minolta Terminal Embedded with the native user interface.
Example of definition of a parameter data type:
<pname>to</pname>
<type>email</type>
PARAMETER DESCRIPTION LABEL

The parameter description label is an alphanumeric description of the parameter. It should contain a
short description of the parameter in a natural language. For example, the embedded terminal
application shows the label next to the input field of the parameter.
A value of the description label must be enclosed in tags label.
Example of definition of a parameter label:
<pname>to</pname>
<label>E-mail recipient</label>
MANDATORY PARAMETER FLAG

A parameter may be defined as mandatory and a user has to enter a value for it. This flag can only be
used if the parameter is defined in the user parameter space.
A value of the flag must be enclosed in tags required. Use values true or false, and if tag is omitted,
the default value is false.
Example of definition of a mandatory parameter (user has to enter e-mail of the recipient prior
scanning):
<pname>to</pname>
<type>email</type>
DEFAULT VALUE
A parameter may have a default value which must respect data type. This value is used unless
changed either way, typically from the embedded terminal application. As for the scanning with
hardware terminal, the default value field is the only way to provide a value for the parameter.
The default value may contain variables.
The default value of the parameter must be enclosed in tags default.
YSoft SafeQ 5 385

February 03, 2016
Example of definition of a default value with a variable:
< default >Scan from %email%</ default >
3.4.10 VARIABLES
Variables provide a mechanism to resolve a parameter value according to a context of a scan job. The
variables can be used in default field of the parameter or when entering parameter value from the
scanning application of an embedded terminal. Basically, there are two types of variables:
Predefined variables – statically defined variables with a special meaning.

Template variables – dynamic variables defined in the XML scanning template.
PREDEFINED VARIABLES
The predefined variables have reserved name and a special meaning. According to the subsystem
where the variable is replaced by a real value, there are two sets of predefined variables:
Scan server variables

Terminal Server variables
A Scan server predefined variable is specified as text starting and ending with character "%". Such
variable is substituted with a real value in time the SafeQ server starts processing of scans uploaded
by the MFP. Therefore they may be used on the embedded terminal by a user providing a value for the
parameter. The SafeQ server recognizes the following variables in scanning templates:
%login% - username of a user who created a scan

%name% - name of a user who created a scan
%surname% - surname of a user who created a scan
%email% - e-mail of a user who created a scan
%userhome% - whole path to home folder of a user who created a scan
%devicename% - name of the device where the scan has been made.
%file% - original name of the file from the MFP (in case of filename parameter) or full path to the
processed file (in case of script parameter)
%filename% - Name of the scanned file defined in scan workflow (under this name the scanned
file is delivered).
%job_id% - job ID of the scan job (this variable is available only when
createScanJobWithWorkflow = enable)
%safeqhome% - the full path to where SafeQ is installed on this server (typically C:\SafeQ5)
%devicesGroupId% - ID of a group the device where scan has been made belongs to
%devicesGroupName% - name of a group the device where scan has been made belongs to
%devicesGroupIP% - IP address of a group the device where scan has been made belongs to
%deviceId% - ID of the device where scan has been made
%deviceDescription% - description of the device where scan has been
%deviceLocation% - location of the device where scan has been made
%deviceIP% - IP address of the device where scan has been made
%deviceActivationDate% - activation date of the device where scan has been made
YSoft SafeQ 5 386

February 03, 2016
%deviceEquipmentID% - equipment ID of the device where scan has been made

%deviceServiceAgreementID% - device service agreement ID
%deviceContactPerson% - contact person for the device where scan has been made
%devicePrinterType% - type of the device where scan has been made
%deviceCostCenter% - cost center ID of the device where scan has been made
%deviceCostCenterName% - cost center name of the device where scan has been made
%userCostCenter% - cost center ID of the user who has made scan
%userCostCenterName% - cost center name of the user who has made scan
%billingCode% - billing code number used for this scan job
Example: Parameter targetDir is a special parameter which defines directory in a file system, where the
scans are stored. Suppose each user in SafeQ has a home directory on the company server galileo
whose name is the same as the username of the user. Then the targetDir parameter may be defined
as follows:
<parameter>
<type>string</type>
< default >galileo%userhome%</ default >
</parameter>
A Terminal Server predefined variable is specified as text starting and ending with character "%" and
can be used only when scanning with an embedded terminal. Such variable is substituted with a real
value in time the user opens the scanning application in the embedded terminal and is shown as
default values in input fields of parameter values. The following variables are recognized:
(date) - current date in format set by SafeQ property scanDateFormat in expert options, for
example use yyyy-MM-dd in order to get `2012-12-21` for 21st December 2012.
(time) - current time in format set by SafeQ property scanTimeFormat, for example use HH-
mm-ss-fff in order to get `12-15-00-000` for quarter past twelve .
(username) - username of a currently logged user
The Terminal Server predefined variables are currently not supported by Ricoh ESA
Terminal Embedded.
The Terminal Server predefined variables are not resolved when scanning with Terminal
Professional or Terminal Ultralight.
The Terminal Server predefined variables can also be specified with character "@", but this
possibility is deprecated and is kept only for backward compatibility.
Example: Parameter filename is a special parameter which defines name of the output file. To include
the current time, date and username of the user in the name of the file, the parameter may be defined
as follows:
<parameter>
<type>string</type>
YSoft SafeQ 5 387

February 03, 2016

< default >%date%-%time%-%username%< default >
</parameter>
(date)-(time)-(username) in the default value generates 20091224-120101001-demo for the user

with a username "demo" and time 2009-12-24 12:01:01.000 on the panel.
TEMPLATE VARIABLES
Template variables don't generally have any special meaning. They are defined in the scanning
template by a parameter definition and are then used typically in default values of other parameters.
They only have meaning when scanning with an embedded terminal, since they're used to carry values
provided by user. Such variable has the same naming convention as a scan server predefined variable,
i.e. it is in form %parameterName%, where parameterName is a name of the parameter
corresponding to this variable.
Example: A typical usage of a template variable is in scanning to fax (scan to script workflow with a fax
script). In default value of parameter script you can see there is variable %faxNum%. When SafeQ
processes the uploaded scan it substitutes this variable with the real value of parameter faxNum
entered by user on the terminal.
<admin>
<parameter>
<type>string</type>
< default >\\faxserver\script\fax.cmd %faxNum% %file%</ default >
</parameter>
...
</admin>
<user>
<parameter>
<pname>faxNum</pname>
<type>string</type>
</parameter>
</user>
...
YSoft SafeQ 5 388

February 03, 2016
SCAN OPTIONS
Scan options allows predefining settings for a resulting scan document such as resolution, file format or
color. The scan options section starts with tag <options> and ends with tag </options>.
Scan options feature is available only for scanning with embedded terminal, since vendor technologies
are leveraged to setup a scan job according to the settings. When a template with scan options is used
for scanning with hardware terminal, the scan options are ignored.
<options>
<resolution locked= "true" >normal</resolution>
<sides locked= "true" > 1 </sides>
<color locked= "true" >color</color>
<fileType locked= "true" >pdf</fileType>
</options>
It is possible to define that any particular scan option is locked, i.e. it can not be modified by logged
user on terminal. This feature can be set by specifying an attribute locked="true" in starting tag of an
option entity.
RESOLUTION
This option specifies resolution of scanning. There are five possible values sorted from the lowest
resolution to the highest resolution:
low
normal
fine
high
super
The value of resolution option must be enclosed in tags resolution.
Not all technologies and MFP models support all five levels of the resolution. If an unsupported level is
chosen, it is approximated to the nearest possible value.
Resolution KM, Sharp [DPI] Xerox, Ricoh [DPI] FX, FX with XCP [DPI]
low 200*100 72*72 200*200
normal 200*200 200*100 200*200
fine 300*300 300*300 300*300
high 400*400 400*400 400*400
super 600*600 600*600 600*600
Example of defining the highest possible resolution:
YSoft SafeQ 5 389

February 03, 2016
<resolution> super </resolution>
COLOR
This option specifies color scheme of a scan. There are following values:
bw – black and white

color – full colour
gray – greyscale
bicolor – two colours
monocolor – single color
auto – color scheme is detected automatically by the scanning device
The value of color scheme option must be enclosed in tags color.
Not all technologies and MFP models support all six color schemes. If an unsupported color scheme is
chosen, it is substituted with the nearest possible value.
Example of defining the automatic color scheme detection:
<color>auto</color>
OUTPUT FILE FORMAT

This option specifies file format of the output file. There are following values:
pdf - a standard multi-page PDF (Portable Document Format) document

cpdf - compact PDF document with reduced size
spdf - searchable PDF (OCR)
jpeg - standard JPEG (Joint Photographic Experts Group standard)
tiff - single page TIFF (Tagged Image File Format)
mtiff - multi-page TIFF
xps - OpenXPS document (XML Paper Specification)
The value of output file format option must be enclosed in tags fileType.
Not all technologies and MFP models support all output file formats. If an unsupported file format is
chosen, it is substituted with any other similar file format.
Example of defining the TIFF as an output file format:
<fileType>tiff</fileType>
DUPLEX AND SIMPLEX

This option specifies whether the scan shall be scanned as duplex or simplex. There are following
values:
1 – simples
YSoft SafeQ 5 390

February 03, 2016
2 – duplex
Simplex or duplex must be enclosed in tags sides.
Some technologies and models do not support forcing duplex settings and user has to set it manually.
Example of defining duplex scanning:
<sides> 2 </sides>
YSoft SafeQ 5 391

February 03, 2016
SUPPORTED SCANNING WORKFLOWS
Despite the scanning templates can be used for both scanning with hardware and embedded terminal,
not all features declared by the template definition are supported by hardware terminals. Therefore,
some features declared by template are ignored when scanning with a hardware terminal:
User parameter space – hardware terminals does not allow user to enter values of parameters,
therefore all parameters in user parameter space are ignored in such templates.
Scan options – hardware terminal does not communicate with vendor technology, therefore
scan options are ignored in such templates.
Terminal Server predefined variables – hardware terminals does not substitute this kind of
variables.
However, you can still use the same template for the both types of scanning; some parts of template
are ignored when scanning with hardware terminal.
SCANNING TO E-MAIL
Default behavior - Scanned documents are delivered to the logged user's e-mail as an
attachment.
Supported parameters:
from – sender of the e-mail. if the value is blank or the parameter is omitted, the sender is
the logged user.
to – recipient of the e-mail. Parameter may be used only once. If the value is blank or the
parameter is omitted, the recipient is the logged user.
filename – name of the files in the e-mail attachment. If the value is blank or omitted, the
file produced by the MFP is not renamed. If there is more files, their names are suffixed
with a value from a numeric sequence.
failoverDir – path to a directory in local or a remote file system, where the scan is stored if
the default delivery via e-mail failed for any reason. UNC paths are allowed.
maxFilesPerMessage – number of scanned documents sent in one e-mail.
Related SafeQ configuration
scan-job-max-size-to-mail – Maximum size of attachments. If the attachment exceeds the
maximum size, the files are stored in directory specified by failoverDir.
scan-email-undeliverable-attempts – Number of attempts to submit the e-mail.
scan-email-undeliverable-timeout – Interval between two submit attempts
email-with-scan-subject – Subject of the e-mail with the attachment
email-with-scan-body – Body of the e-mail with the attachment.
scan-job-too-big-message – Body of the e-mail which is sent to the user who created the
scan if the size of the attachment exceeded the maximum allowed size.
scan-job-changed-destination – Body of the e-mail which is sent when the files couldn't
be sent via email neither moved to the failover directory.
default-scan-folder – path to a directory in local or a remote file system, where the scan is
stored if it couldn't be saved to the failover directory (usually system temp).
Note that old files are deleted from this folder based on name pattern (variables are
YSoft SafeQ 5 392

February 03, 2016
replaced by wildcards). Therefore do not set default-scan-folder to a folder that may

contain other files that shall be preserved.
ScanServer-maxFolderTime - A period after which scan jobs that could not be processed
in the requested manner are removed from a failover folder (the failoverDir parameter of
scan to email workflows or the property default-scan-folder).
Please make sure that filename parameter will not contain characters which can not be used in file,
folder, or shortcut names. For example: \ / : * ? " < > |
<scan>
<name>Scan to e-mail</name>
<destination>email</destination>
<description>Template for scanning to user's email</description>
<options>
<resolution>low</resolution>
<sides> 2 </sides>
<color>bicolor</color>
<fileType>jpeg</fileType>
</options>
<user>
<parameter>
<type>email</type>
<pname>from</pname>
<label>Sender</label>
< default >john.doe @ysoft .com</ default >
</parameter>
<parameter>
<type>email</type>
<pname>to</pname>
<label>Recipient</label>
</parameter>
<parameter>
<type>string</type>
< default >Scan from device %devicename% by %name% %surname%</ default >
</parameter>
</user>
<admin>
<parameter>
<type>string</type>
<pname>failoverDir</pname>
<label>Failover directory</label>
< default >%userhome%</ default >
</parameter>
<parameter>
<type>string</type>
<pname>maxFilesPerMessage</pname>
<label>Max number of files per email</label>
YSoft SafeQ 5 393

February 03, 2016
< default > 1 </ default >

</parameter>
</admin>
</scan>
SCANNING TO FOLDER
Default behavior – Scanned documents are moved to the logged user's home directory.
Supported parameters
targetDir – a path to a directory in local or a remote file system, where the files are stored.
If the value is blank or the parameter is omitted, the target directory is the logged user's
home directory.
filename – name of the moved files. If the value is blank or omitted, the file produced by
the MFP is not renamed. If a file with the same name is already present in the target
directory, the file name suffixed with a value from a numeric sequence.
default-scan-folder - path to a directory in local or a remote file system, where the scan is
stored if it couldn't be saved to the target directory (usually system temp).
scan-job-changed-destination – Body of the e-mail which is sent when the files couldn't
be saved to the target directory.
Please note that files are stored to the target folder under identity of the service account that
is used to run SafeQ service. The service account must have write access to the target folder.
The only exception is where Kerberos5 authentication (via user credentials or PKI is used). in
this case, whenever the targetDir parameter starts with smb:, system first tries to copy the file
under identity of the authenticated user (using Kerberos TGT).
<scan>
<name>Scan to home folder</name>
<destination>home</destination>
<description>
This is a scan to home scanning workflow with locked options.
</description>
<options>
</options>
<user>
<parameter>
<type>string</type>
< default >File %file%</ default >
YSoft SafeQ 5 394

February 03, 2016
</parameter>
</user>
<admin>
<parameter>
<type>string</type>
</parameter>
</admin>
</scan>
SCANNING TO SCRIPT
Default behavior – Scanned documents are moved to the directory specified by parameter
targetDir and a script call from parameter script is executed. There is one script execution per
each scanned document. This behavior can be changed to process all scanned documents in
single script execution by placing special parameters to script command call.
Supported parameters
filename – name of the moved files. If the value is blank or omitted, the file produced by
the MFP is not renamed. If a file with the same name is already present in the target
directory, the file name suffixed with a value from a numeric sequence.
targetDir – a path to a directory in local or a remote file system, where the files are stored
prior executing the script. This parameter is mandatory for this type of workflow. If the
value is not specified, all files are moved to the default directory.
script – a script command call (includes full path to script and arguments) which is
executed upon each file uploaded from the MFP. This parameter is mandatory for this
type of workflow. If the value is not specified, all files are moved to the default directory.
default-scan-folder - path to a directory in local or a remote file system, where the scan is
stored if parameters targetDir or script is undefined or the script returns a non-zero exit
code.
scan-job-changed-destination – Body of the e-mail which is sent when the files are saved
to the default directory.
Processing all scanned documents in single script execution
Alternative behavior to the default, it is triggered by placing %fileList% parameter among
script parameters. Filesystem paths to all scanned documents are then dumped to text
file located in targetDir and %fileList% parameter in script command call gets replaced by
absolute path to this text file. Replaced path to text file then effectively becomes one of
the script parameters. SafeQ then invokes script only one time, it is the responsibility of
the external script to resolve all scanned documents from text file and process
them within single script execution.
Similarly to %fileList%, you can put %metadata% parameter to script parameters. SafeQ
will dump all predefined scan variables into text file and replace %metadata% parameter
with absolute path to this text file. External script can read all predefined scan variables
from this file.
%metadata% parameter is not supported in default behavior.
YSoft SafeQ 5 395

February 03, 2016
Also keep in mind that in case your script is on path containing spaces, it has to be enclosed in
double quotes - e.g.:
<default>"\\faxserver\spaced path\script.cmd" %faxNum% %file%</default>
<scan>
<name>Scan to fax</name>
<description>
This is a scan to fax workflow. Please enter fax number in the parameters menu prior
scanning
</description>
<keepmetadata> true </keepmetadata>
<options>
</options>
<admin>
<parameter>
<type>string</type>
< default >\\faxserver\workdir\script.cmd %faxNum% %file%</ default >
</parameter>
<parameter>
<type>string</type>
</parameter>
</admin>
<user>
<parameter>
<pname>faxNum</pname>
<type>string</type>
</parameter>
</user>
</scan>
SCAN TO VISUALBASIC SCRIPT
It is possible to invoke VisualBasic script. It is necessary to define parameter as:
YSoft SafeQ 5 396

February 03, 2016
<parameter>
<type>string</type>
< default >c:\Windows\System32\cscript.exe c:\test\script\vbs.vbs</ default >
</parameter>
KNOWN MFP LIMITATIONS
Some of XML scanning parameters are not supported by all MFPs

So far the scanning template configuration on the SafeQ website allows to set up the full range of
options even though that various machines may not be able to support all of them (file format, duplex,
etc). On the embedded terminal user interface we try to hide these disabled options as much as the
technology allows it. KM native is such an example where we cannot fully handle and hide the scan
options workflow configuration so some options may have different default value than expected.
SCAN TO SHAREPOINT
YSoft SafeQ is able to upload document into Microsoft Sharepoint using the Scan to Script
scanning workflow. The script whose path is provided in the administrator workflow parameter
script is called for each scanned file done by user while scanning on the terminal.
HOW TO SETUP:
1. Enable scanning with terminal embedded and use predefined scanning workflows that will be used
with the MFP (see help for more information about "Workflow scanning").
2. Create and than copy "ScanToSharepoint.cmd" into "C:\SafeQ5\Scan\"
3. Download Curl (http://curl.haxx.se/), unzip and copy content into folder "C:\SafeQ5\scan\". Another
option is ask Customer Support Services to provide it.
4. Import scanning workflow with this content:
<scan>
<name>Sharepoint</name>
<description>Scan to Sharepoint with fixed path</description>
<options>
<sides> 1 </sides>
<color>auto</color>
</options>
<admin>
<parameter>
<type>string</type>
YSoft SafeQ 5 397

February 03, 2016

< default >C:/SafeQ5/Scan/ScanToSharepoint.cmd %file% %sharepointpath% %subfolder%
</ default >
</parameter>
<parameter>
<type>string</type>
< default >C:/SafeQ5/scan</ default >
</parameter>
<parameter>
<pname>sharepointpath</pname>
<type>string</type>
<label>Sharepoint path</label>
< default >http: //sharepoint/test/</default>
</parameter>
</admin>
<user>

<parameter>
<type>string</type>
<pname>subfolder</pname>
<label>Sub-folder name</label>
< default >Scan_From_SafeQ</ default >
</parameter>
</user>
</scan>
5. Create ScanToSharepoint.cmd in SafeQ5\scan\
rem Optional change of username and password

set username=user @domain .local
set password=sercret_password
@echo off
C:/SafeQ5/Scan/curl --ntlm -u : -X MKCOL % 2 /% 3 /
C:/SafeQ5/Scan/curl -T % 1 --ntlm -u %username%:%password% % 2 /% 3 /
6. Make sure that:

a. sharepoint path in xml definition is valid.
b. user used for files upload has write access right into MS Sharepoint site.
HOW TO USE:

2. Choose YSoft SafeQ application and press "YSoft Scan" button on the MFP panel
3. Select your Sharepoint workflow
4. Optional:
a. Edit a Subfolder name where scan will be stored
5.
YSoft SafeQ 5 398

February 03, 2016
5. Start your scan

TROUBLESHOOTING:
See cml.log and sharepoint.log in <SafeQ_HOME>\logs folder.
Log to file missing.
LIMITATIONS
Scans are stored in defined Sharepoint address and also in directory C:/SafeQ5/Scan/
For deleting jobs in directory C:/SafeQ5/Scan/ additional script is needed
Script ScanToSharepoint.cmd stores username and password and it can be easily read
To hide user credentials use .exe file which cannot be read

Using .exe file needs additional changes in scanworkflow template
QUICK AND EXPERT SCANNING WORKFLOWS
OVERVIEW
Scanning application is divided into two separate tabs - Quick workflows and Expert workflows.
The Quick workflows tab will display only the scanning workflows that don't have any customizable
parameters (Scan settings is locked and no editable User parameters exist). All other scanning workflows
will be displayed in the Expert workflows tab.
This feature apply for all browser based embedded terminals.
QUICK WORKFLOWS
The scanning workflows in the Quick workflows tab will enable the one click scanning. This means that once
the user selects the scanning workflow, the scanning procedure begins immediately.
YSoft SafeQ 5 399

February 03, 2016
EXPERT WORKFLOWS
The scanning workflows in the Expert workflows tab will behave similar as standard scanning application.
This means that selecting a scanning workflow will display page with scan workflow settings before the scan
begins.
In the scan workflow settings page user can adjust workflow parameters or scanning settings before start of
the scanning.
YSoft SafeQ 5 400

February 03, 2016
CONFIGURATION
The option to display the scanning workflows in separate tabs or in one tab is configurable in the system
setting by system property separatedScanWorkflows
scan workflows are displayed in one tab when the property is disabled
scan workflows are displayed in two tabs when the property is enabled
3.4.11 CARD SELF-ASSIGNMENT
DESCRIPTION
This feature allows users to automatically register their ID card to the system based on alternative
authentication mechanism.
see Configuring ID Card Self-assignment for configuration and deployment information.

see Card Self assignment process for individual terminals:
Card and PIN management
USER STORIES
1. CardAssignment - As a User I want to use my ID card to authenticate at the MFP. If I have

new card, I want to identify at the MFP using another credentials I know and then present card
to be assigned as future identification media so that next time I can authenticate only by this
card.
YSoft SafeQ 5 401

February 03, 2016
REQUIREMENTS
Users shall be able to self-register ID card (unknown to system) based on Card Activation Code,
generated by administrator on demand or automatically by the system after first registered print.
Users shall receive Card Activation Code via email.
Users shall be able to self-register ID card (unknown to system) based on SafeQ or LDAP/AD
credentials (user name/password) please note that available keyboard charsets might be
different device per device. SafeQ terminal professional uses touchscreen to emulate mobile-
phone-like keyboard (with no special characters). External keyboard is available on request .
Users shall be able to generate Card Activation Code after login to YSoft SafeQ web interface
and later use it for registering the card at the terminal (if this method is approved by
administrator).
Administrator shall be able to generate Card Activation Code for an individual user.
Identity management must be established
MFP must be equipped with terminal with graphical display (Terminal Professional or
Embedded)
CAVEATS
When using Distributed Server System - Private Cloud, there must be an online connection
available to the Central Datacenter (CML)
This feature is not supported for Smart Cards or Fingerprints.
Due to the security reasons it is not possible to set less then 6 digits Card Activation Code
LICENSING
ID card self-assignment feature is a standalone licensed feature in YSoft SafeQ with following limitation
if license for the feature expires or is not available in a license. Please see License content per version
to review all SafeQ version and availability of a feature.
Configuration puk-enabled and assign-new-card-enabled is ignored if set to true.

Terminals does not open dialog for ID card self-assignment.
Users do not have option to create Card Activation Code on web interface
A new Card Activation Code is not created for a user if the user does not have any.
CARD AND PIN MANAGEMENT
OVERVIEW
Every user in SafeQ can have any number (usually one) of assigned card numbers. Typically, these
correspond to the ID badges of employees with RFID and/or similar contactless identification chips. There
are many different standards of identification chips, most of which are, however, incompatible between
themselves. SafeQ is able to work with virtually any of them provided that the terminals are equipped with
the right card scanners.
YSoft SafeQ 5 402

February 03, 2016
Instead of and/or besides cards, users may also use numeric PIN codes for authentication at SafeQ
terminals. This PIN code is treated as a virtual card number: it is stored in the same place and managed in
the same way. However, for security reasons, a cryptographic hash of the PIN code is stored instead of the
current PIN, so that it is not easy, even for an administrator, to find out the PIN of a user.
REQUIRED ACCESS RIGHTS FOR MANAGING PIN AND CARD ACTIVATION CODES AND CARDS
The administrator needs to have access rights for View list of users and for Add, edit, and delete users.
For assigning a card from web interface, admin needs also rights for List of accesses to terminals.
YSoft SafeQ 5 403

February 03, 2016
PIN (PERSONAL IDENTIFICATION NUMBER)

Users may use numeric PIN codes for authentication at SafeQ terminals.
YSoft SafeQ 5 404

February 03, 2016
The PIN code is treated as a virtual card number: it is stored in the same place and managed in the same
way.
ADDING/REMOVING PIN FOR USER
Write down PIN to Card ID/PIN field and press save button or green + button.
You can remove currently PIN clicking to it and clicking to red - button.
CARD ACTIVATION CODE

YSoft SafeQ Card Activation Code is a module used for allocating unregistered cards to users.
CARD ACTIVATION CODE GENERATION
1. AUTOMATICALLY -- Card Activation Code is generated after receiving first print job from the user.
YSoft SafeQ generates subsequently the Card Activation Code for the user.
2. MANUALLY -- Card Activation Code is generated by the administrator by clicking to Generate Card
Activation Code button.
You can see more information Configuring ID card self assignment

CARD ASSIGNMENT METHODS
1. Card assignment on terminals
YSoft SafeQ 5 405

February 03, 2016
Register a new card at the KM printer

Register a new card at Ricoh printer
Register a new card at the Sharp printer
Registering a new card at Terminal Professional
Register a new card at the Xerox printer
2. Card assignment from web interface:
In case of status Unknown card, PIN, or password, administrator can create new user or assign PIN,
card number to existing user.
Icon Name Description
Assign card/PIN to Dialog for new user definition is opened and card/PIN is filled in card
new user field. Administrator must fill rest of the required field and save user to
complete action. See Adding and configuring users.
Assign card/PIN to List of existing users is opened and administrator can choose one of
exiting user them. Dialog with selected user definition is opened. Administrator
must save changes to complete action. See Adding and configuring
users.
ADVANCED PIN MANAGEMENT
This feature enables to add or generate PIN with time expiration to users. When the PIN expires, the
user cannot login with this PIN and has to generate a new PIN. New PINs can also be generated by an
administrator. The administrator can set PIN expiration or generate a PIN with the default expiration.
When a user or an administrator generates a new PIN a notification e-mail with PIN and its expiration date
is sent to the user. Another notification email is sent before user's PIN is going to expire.
NOTE: When a user has some PIN(s) defined and a new PIN is generated, all previous PINs are
deleted.
YSoft SafeQ 5 406

February 03, 2016
Set PIN expiration and press the Generate PIN button. An e-mail is sent to the user's mailbox, an example
follows:
When PIN is going to expire an information e-mail is sent to user's mailbox:
Configuration
There are several properties related to PIN code generation.
YSoft SafeQ 5 407

February 03, 2016
Feature can be enabled by

PIN-generator = true
This property enables to set length of the variable part of PIN (without digits in login name) in digits.
PIN-size = 6
PIN expiration time in days.

PIN-default-expiration = 60
Time in days, when the notification e-mail is sent to user before his PIN expires.
PIN-expiration-notification = 7
This property enables overriding old PINs with new PINs.

PIN-override = true
The following two properties handle the archivation of old PINs. When enabled, the old PINs are written to a
history table. When a PIN is stored in the history table, it cannot be used as an active PIN. After PIN
archivation period expires, PINs are deleted and could be reused.
PIN-history-enabled = false
PIN-archivation-period = 365
The following properties set the notifications for the users.

PIN-enable-email-notifications = true
Specifies, whether e-mail notifications are sent to the user after a new PIN is generated.
PIN-enable-display-for-user = true
Specifies, whether a newly generated PIN is displayed to the user in a browser popup window.
PIN-enable-display-for-admin = false
3.4.12 PRINT DATA TRANSFER COMPRESSION
PRINT DATA TRANSFER COMPRESSION OVERVIEW
DESCRIPTION
SafeQ can manage print data compression using standard ZLIB mechanisms, reaching about 60%
compression rate over standard office prints in PCL or PostScript format
see Configuring Print Data Transfer Compression for configuration and deployment information.
USER STORIES
1. CompressPrint - As an Administrator, I want to configure data compression (from workstation

to the MFP) so that I can save network traffic.
REQUIREMENTS
SafeQ compress print data from workstation client to server.

SafeQ compress print data from server to the MFP.
YSoft SafeQ 5 408

February 03, 2016

If compression from the server to the terminal is required, MFPs must be connected via
Terminal Professional. Administrator also has to configure print via SafeQ terminal.
If compressing from a workstation to a server is required print drivers and YSoft SafeQ Client
must be installed locally at every workstation
CAVEATS
Supported SafeQ versions: SafeQ 5.0
LICENSING
Print data transfer compression feature is a standalone licensed feature since YSoft SafeQ 5.0 with
following limitation if license for the feature expires or is not available in a license. Please see License
content per version to review all SafeQ version and availability of a feature.
Data sent from YSoft SafeQ Client are not compressed and all client configuration is ignored
regarding the data compression.
Data sent from SafeQ server to Terminal Professional is not compressed and data is sent
directly to printer uncompressed.
ADDITIONAL NOTES
following table and represents real-time measurement of data compressions and comparison to thinPrint
(please note that quality reduction has not been enabled on thinPrint)
File Type Size Printer Job No Time YSoft Time ThinPrint

(KB) driver size compression to Compression to (KB)
(MB) (KB) print (KB) print
insurance PDF 143 RICOH 22,00 23 890,89 7:40 6 984,01 2:12 6 997,12
agreement. Aficio min min
pdf MP161
PCL 5e
HP 6,70 7 268,48 2:49 2 749,61 1:02 2 762,42

LaserJet min min
4350
PCL 5e
RICOH 8,60 9 322,40 3:45 1 535,08 0:39 1 563,11

Aficio min min
MP161
PCL 6
1,08 1 180,40 1 178,39 1 181,34
YSoft SafeQ 5 409

February 03, 2016
File Type Size Printer Job No Time YSoft Time ThinPrint

(KB) driver size compression to Compression to (KB)
(MB) (KB) print (KB) print
HP 0:38 0:32
LaserJet min min
1505N
offer.rtf RTF 82 RICOH 0,21 227,37 0:22 118,41 0:12 120,16

Aficio min min
MP161
PCL 5e
HP 0,23 252,23 0.18 129,03 0:14 131,32

LaserJet min min
4350
PCL 5e
POV-TIA. PDF 66 RICOH 5,12 5 552,89 2:07 1 412,98 0:35 1 406,28

pdf Aficio min min
MP161
PCL 5e
HP 1,81 1 971,78 0:54 750,09 0:24 752,86

LaserJet min min
4350
PCL 5e
DACP.pdf PDF 44 RICOH 3,73 4 047,93 1:30 1 148,55 0:32 1 150,86

Aficio min min
MP161
PCL 5e
HP 1,12 1 215,27 0:41 454,43 0:22 456,59

LaserJet min min
4350
PCL 5e
Total 54 929,64 16 460,58 16 522,06

volume
Volume savings no 0% YSoft 70,03% ThinPrint

compression
YSoft SafeQ 5 410

February 03, 2016
3.4.13 TERMINAL MONITORING VIA SNMP
TERMINAL PROFESSIONAL MONITORING VIA SNMP
DESCRIPTION
Goal of this feature is to be able to monitor the SafeQ hardware Terminal Professional via SNMP.
Customer is able to see a problem on the terminal immediately after it occurs to be able to respond and
hopefully solve the problem before users start experiencing it.
USER STORIES
1. As a administrator of SNMP management server, I want to be informed about terminal status so

I can check terminals from central management software.
2. As a administrator, I want be able to configure which events will be sent from terminal so that I
can optimize number of SNMP packets on network.
FUNCTIONAL REQUIREMENTS
1) The terminal sends SNMP traps (UDP packet) to the management server when the following
conditions are met (according to configuration):
connection to the SafeQ server is lost

connection to the SafeQ server is established
connection to the SafeQ server could not be established
user logs in using PIN
user logs in using ID card
user logs in using login
User was not authenticated
Relevant MIB (OID prefix: .1.3.6.1.4.1.20519)
.500.2.1.1.1.1 - Connection to SQ server established

.500.2.1.1.1.2 - Connection to SQ server could not be established
.500.2.1.1.1.3 - Connection to SQ server closed
.500.2.1.2.1.1 - User not authenticated (data: .100.2.1.2.1.3)
.500.2.1.2.1.2 - User authenticated (data: .100.2.1.2.1.3)
2) The terminal also support SNMP polling and respond to SNMP requests sent from a management
server. The following information are available in the terminal's MIB:
Status of the connection to the SafeQ server

Type of last user authentication (pin,card,login)
Last server connection IP
Last server connection port
Last server connection time stamp of connection create
Last server connection time stamp of connection close
YSoft SafeQ 5 411

February 03, 2016
Last user authentication time stamp

Last user authentication result
Relevant MIB (OID prefix: .1.3.6.1.4.1.20519)(i=integer32,s=octet string,c=counter32)
.100.2.1.1.1.1 i - Connected to SQ server (1/2)=(disconnected/connected)

.100.2.1.1.1.2 s - Last connected SQ server IP
.100.2.1.1.1.3 i - Last connected SQ server port
.100.2.1.1.1.4 c - Timestamp of last established connection to SQ server
.100.2.1.1.1.5 c - Timestamp of last closed connection to SQ server
.100.2.1.1.1.6 c - Timestamp of last connection to SQ server which fails (could not connect)
.100.2.1.2.1.1 i - Last authentication state (1/2)=(unsucessfull/sucessfull)
.100.2.1.2.1.2 c - Last authentication timestamp
.100.2.1.2.1.3 i - Last authentication type (1,2,3,4,5,6,7,8)=(pin,card,card&pin,login,digital signat
3) The terminal allows user to enable / disable and set SNMP support in its service menu. It should be
possible to switch on/off sending individual traps in the service menu.
Service menu options (Item name in remote configuration):
Enable/disable SNMP service (SNMP)

Set SNMP community name (SNMP_COMMUNITY)
Set SNMP location (SNMP_LOCATION)
Set SNMP contact (SNMP_CONTACT)
Enable/disable SNMP traps (SNMP_TRAP)
Set SNMP trap server IP (SNMP_TRAP_SERVER)
Set SNMP trap server port (SNMP_TRAP_PORT)
Set SNMP trap server community name (SNMP_TRAP_COMMUNITY)
Individually enable/disable each trap (SNMP_ENABLED_TRAPS)

Please note that it is not guaranteed that the SNMP trap is delivered to the management server.
Supported will be only SNMP v2c (with community name set)
CAVEATS
SNMP is supported only on Terminal Professional

SNMP support in terminal allows only read only polling
Terminal also contain following items which are not relevant to user interaction with terminal.
Rest of terminal MIB (text IODs)
SNMPv2-MIB::sysDescr.0 = STRING: Terminal_professional

SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.20519.2.1.4
SNMPv2-MIB::sysUpTime.0 = Timeticks
SNMPv2-MIB::sysContact.0 = STRING: - defined in service menu - contact
SNMPv2-MIB::sysName.0 = STRING: - defined in service menu - hostname
YSoft SafeQ 5 412

February 03, 2016
SNMPv2-MIB::sysLocation.0 = STRING: - defined in service menu - location

HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks
UCD-SNMP-MIB::memTotalReal.0 = INTEGER: 62916
UCD-SNMP-MIB::memAvailReal.0 = INTEGER: 56008
UCD-SNMP-MIB::memShared.0 = INTEGER: 0
UCD-SNMP-MIB::memBuffer.0 = INTEGER: 0
UCD-SNMP-MIB::memCached.0 = INTEGER: 3548
UCD-SNMP-MIB::laIndex.1 = INTEGER: 1
UCD-SNMP-MIB::laNames.1 = STRING: Load-1
UCD-SNMP-MIB::laLoad.1 = STRING: 0.00
UCD-SNMP-MIB::laConfig.1 = STRING: 1
UCD-SNMP-MIB::laLoadInt.1 = INTEGER: 0
UCD-SNMP-MIB::ssCpuRawUser.0 = Counter32: 68639
UCD-SNMP-MIB::ssCpuRawNice.0 = Counter32: 0
UCD-SNMP-MIB::ssCpuRawSystem.0 = Counter32: 113753
UCD-SNMP-MIB::ssCpuRawIdle.0 = Counter32: 44088979
UCD-SNMP-MIB::ssRawInterrupts.0 = Counter32: 46094044
UCD-SNMP-MIB::ssRawContexts.0 = Counter32: 2800981
Rest of terminal MIB (numeric IODs)
.1.3.6.1.2.1.1.1.0 = STRING: Terminal_professional

.1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.20519.2.1.4
.1.3.6.1.2.1.1.3.0 = Timeticks
.1.3.6.1.2.1.1.4.0 = STRING: - defined in service menu - contact
.1.3.6.1.2.1.1.5.0 = STRING: - defined in service menu - hostname
.1.3.6.1.2.1.1.6.0 = STRING: - defined in service menu - location
.1.3.6.1.2.1.25.1.1.0 = Timeticks
.1.3.6.1.4.1.2021.4.5.0 = INTEGER: 62916
.1.3.6.1.4.1.2021.4.6.0 = INTEGER: 56008
.1.3.6.1.4.1.2021.4.13.0 = INTEGER: 0
.1.3.6.1.4.1.2021.4.14.0 = INTEGER: 0
.1.3.6.1.4.1.2021.4.15.0 = INTEGER: 3548
.1.3.6.1.4.1.2021.10.1.1.1 = INTEGER: 1
.1.3.6.1.4.1.2021.10.1.1.2 = INTEGER: 2
.1.3.6.1.4.1.2021.10.1.1.3 = INTEGER: 3
.1.3.6.1.4.1.2021.10.1.2.1 = STRING: Load-1
.1.3.6.1.4.1.2021.10.1.2.2 = STRING: Load-5
.1.3.6.1.4.1.2021.10.1.2.3 = STRING: Load-15
.1.3.6.1.4.1.2021.10.1.3.1 = STRING: 0.00
.1.3.6.1.4.1.2021.10.1.3.2 = STRING: 0.03
.1.3.6.1.4.1.2021.10.1.3.3 = STRING: 0.00
.1.3.6.1.4.1.2021.10.1.4.1 = STRING: 1
.1.3.6.1.4.1.2021.10.1.4.2 = STRING: 5
.1.3.6.1.4.1.2021.10.1.4.3 = STRING: 15
YSoft SafeQ 5 413

February 03, 2016
.1.3.6.1.4.1.2021.10.1.5.1 = INTEGER: 0
.1.3.6.1.4.1.2021.10.1.5.2 = INTEGER: 3
.1.3.6.1.4.1.2021.10.1.5.3 = INTEGER: 0
.1.3.6.1.4.1.2021.11.50.0 = Counter32: 68634
.1.3.6.1.4.1.2021.11.51.0 = Counter32: 0
.1.3.6.1.4.1.2021.11.52.0 = Counter32: 113747
.1.3.6.1.4.1.2021.11.53.0 = Counter32: 44088492
.1.3.6.1.4.1.2021.11.59.0 = Counter32: 46093471
.1.3.6.1.4.1.2021.11.60.0 = Counter32: 2800901
LICENSING
License coverage of the feature
The feature is not covered by a license which equals to freely available feature in any
installation.
3.4.14 PRINT DATA TRANSFER ENCRYPTION
PRINT DATA TRANSFER ENCRYPTION OVERVIEW
DESCRIPTION
SafeQ supports encryption of print data transfers allowing to print confidential data over insecure
network.
see Configuring Print Data Transfer Encryption for configuration and deployment information.
see YSoft SafeQ Security Overview for detailed information on key management and data
transfer workflow
USER STORIES
1. EncryptData - As an Administrator, I want to configure data encryption (from workstation to

the MFP) so that I can make our environment really secure.
REQUIREMENTS
1. All network communication related to the print data from workstation to the network printer shall
be encrypted and authenticated
2. SafeQ Client shall transfer the data to SafeQ Server using SSL/TLS data stream or using AES
cipher (unique session key exchanged via authenticated SSL stream).
3. Client on Windows shall verify server certificate using Windows Certificate store.
4. SafeQ server shall transfer the data to MFP using IPP over SSL data stream.
5. SafeQ server shall verify MFP certificate. SafeQ server shall accept the MFP certificate on first
connection and use this certificate in future.
6. Administrator shall be able to remove the MFP certificate from individual device or all devices
via web interface.
YSoft SafeQ 5 414

February 03, 2016

MFPs must be connected thru Terminal Professional or support IPP over SSL printing.
Administrator also has to configure proper print delivery method (IPP/SSL).
If encryption from a workstation to a server is required print drivers and YSoft SafeQ Client must
be installed locally at every workstation.
CAVEATS
Server key is stored in password protected key store on server disk. The password is Hard-
coded in SafeQ.
Data are stored unencrypted on the server's hard drive. For server data encryption we
recommend to use Microsoft Windows EFS.
Supported SafeQ versions: SafeQ 5.0
LICENSING
Print data transfer encryption feature is licensed as a part of YSoft SafeQ Client license
3.4.15 CREDIT HANDLING
CREDIT HANDLING
YSoft SafeQ allows to limit consumption of print, copy and scan services using credit. This is done via
integration with YSoft Payment System.
CREDIT HANDLING PER VENDOR

The following pages describe the how the credit operations are handled on different vendors:
Credit handling on Fuji Xerox MFP's
Credit handling on Fuji Xerox XCP terminal
Credit handling on Konica Minolta MFP's
Credit handling on Ricoh MFP's
Credit handling on Samsung MFP's
Credit handling on Sharp MFP's
Credit handling on Xerox MFP's
Credit handling on hardware terminals
LIMITATIONS
YSoft SafeQ has minor inaccuracies (far beyond decimal point) in calculated price.
YSoft SafeQ 5 415

February 03, 2016
CREDIT HANDLING ON HARDWARE TERMINALS
3.4.16 CREDIT HANDLING
PRINTING
Before the print job is released, YSoft SafeQ reserves the estimated price for the job.
If the reservation fails (e.g. because the user's available balance is lower than the
estimated price for the job) the print job is not released.
When the print job is accounted, the reservation is settled with the final price of the job.
NOTE : Print job parser needs to be set to at least to the option "Render jobs as low resolution (36
DPI) images" in order to use the YSoft Payment System with Y Soft hardware terminals.
COPYING/SCANNING
When user requests copying or scanning the initial reservation is created.

The reservation is calculated as the number of pages blocked in advance * the price for the
page.
the number of pages blocked in advance can be specified by the configuration property
pagesCountReservationForCopyOnHwTerminal
the configuration property pricePerPageReservationStrategyForCopyOnHwTerminal
determines whether the cheapest or the most expensive page will be used for the
reservation
User cannot enter Copy/Scan menu, in case his balance is lower, than reservation amount.
This reservation can be performed multiple times when the reservation is depleted and
additional money needs to be reserved from user's account.
NOTE : Prepaid copying and scanning is only available with Terminal Professional and Terminal
UltraLight Print&Copy.
3.4.17 STOP ON ZERO SUPPORT
This table described ability of hardware terminals prevent users to reach balance value under defined
minimal balance threshold by performing printing/copying/scanning job with higher price, than user's
available balance.
Legend:
- job not even started or interrupted, when there is not enough balance on user's account. Only
printed pages are accounted and charged.
- same as for previous case. But there can are few edge cases, when print job is printed, accounted
and debt is registered on user's account.
- whole job is printed, accounted and charged. Debt is registered on user's account. See more
about debts in Working with Payment System.
YSoft SafeQ 5 416

February 03, 2016
Assumption for this behavior is setting "Overdrawn transactions" property to "Allow and register debt if
necessary" in Y Soft Payment System configuration.
Online accounting Online accounting Offline accounting Offline accounting

without blocking with blocking cable without blocking with blocking cable
cable cable
Print Does not work in Does not work in

case print job price is case print job price is
increased by Rule- increased by Rule-
based engine or based engine or
Finishing options Finishing options
directly on printer. directly on printer.
Solution: Deny Solution: Deny

finishing options and finishing options and
rules that can affect rules that can affect
job after sending it to job after sending it to
printer. printer.
Copy User is logged User is logged User is logged User is logged

out when his balance out and printing is out when his balance out and printing is
reaches value below interrupted when his reaches value below interrupted when his
reservation amount. balance reaches reservation amount. balance reaches
He cannot perform value below He cannot perform value below
other jobs. reservation amount. other jobs. reservation amount.
Interruption of print Interruption of print
Solution: Not may lead to paper
Solution: Not may lead to paper
available. Impact can jam. Number of
available. Impact can jam. Number of
be minimized by pages printed after
be minimized by pages printed after
setting minimum log out depends on
setting minimum log out depends on
balance and specific device
balance and specific device
reservation amount behavior.
reservation amount behavior.
to appropriate values to appropriate values
based on job prices. Only printed pages based on job prices. Solution: Setting
are accounted and minimum balance
charged and reservation
amount to
Solution: Impact can appropriate values
be minimized by based on job prices.
setting minimum
balance and
reservation amount
to appropriate values
based on job prices.
Scan User is logged User is logged User is not User is not

out when his balance out when his balance logged out when his logged out when his
YSoft SafeQ 5 417

February 03, 2016
Online accounting Online accounting Offline accounting Offline accounting

without blocking with blocking cable without blocking with blocking cable
cable cable
reaches value below reaches value below balance reaches balance reaches
reservation amount. reservation amount. value below value below
He cannot perform He cannot perform reservation amount. reservation amount.
other jobs. other jobs. He can perform He can perform
unlimited number of unlimited number of
Solution: Not Solution: Not scan jobs in the scan jobs in the
available. Impact can available. Impact can current session. current session.
be minimized by be minimized by
setting minimum setting minimum Solution: Not Solution: Not
balance and balance and available. Impact can available. Impact can
reservation amount reservation amount be minimized by be minimized by
to appropriate values to appropriate values setting minimum setting minimum
based on job prices. based on job prices. balance and balance and
reservation amount reservation amount
Some devices can
to appropriate values to appropriate values
interrupt scanning,
based on job prices. based on job prices.
so behavior only
scanned pages are
accounted and
charged.
CREDIT HANDLING ON FUJI XEROX
Fuji Xerox
Default Strategy
Example
Limitations
Requirements
3.4.18 FUJI XEROX
DEFAULT STRATEGY
If the user has an account in the Payment System a credit reservation is created for the user
(user without Payment System account has set quotas to unlimited for all operations).
If not zero prices are set for the user.
The amount to be reserved depends on the user's current credit balance and on the price for A4
color page.
YSoft SafeQ 5 418

February 03, 2016
If price for A4 color page is 0, then one quarter of the user's current credit is reserved.
If the user's current credit is higher than the price for 100 A4 color pages, then one
quarter of the user's current credit is reserved.
If the user's current credit is lower than the price for 100 A4 color pages, but is higher or
equal to price for 50 A4 color pages, the price for 25 A4 color pages is reserved.
If the user's credit is lower than the price for 50 A4 color pages, then the half of user's
credit is reserved.
Then the quotas are defined according the reserved amount.
Separate quotas are defined for individual operations: color scan, b&w scan, color copy
and b&w copy
Each of quotas (color scan, b&w scan, color copy and b&w copy) is computed from
amount to be reserved. In corner cases debt can be created.
Once the job is finished the accounting information is sent to YSoft SafeQ.
One settlement is generated for all transactions in the given session.
In case the connection to the Payment System is not available, the settlement is sent
once the connection is available again.
For each print job credit reservation is created before print based on price provided by parser.
Once the job is finished accounting info is sent to SafeQ which settles the transaction. When it is
not possible to create reservation the job is not printed.
When the connection to Payment System is lost, it is not possible to create the credit reservation
in the Payment System, therefore the operation is forbidden. In case the connection to the
Payment System is lost during settlement, the settlement is sent later when the connection is
available again.
The initial reservation has a specific time to live, once this time runs out, the reservation is
cancelled.
EXAMPLE
User credit balance in Payment System is 10 €, price for A4 color page is 2 €.

Price list is configured the following way:
Operation Price
A4 color 2€
page
A4 B/W 1€
page
A4 color 2.5 €
copy
A4 B/W copy 1€
Scan 3€
Available A4 pages: User credit balance in Payment System / price for A4 color page 10 € / 2 €
=5
YSoft SafeQ 5 419

February 03, 2016
User has credit for 5 A4 pages (user's credit is lower than the price for 50 A4 color pages), then
half of credit is reserved 10 € / 2 = 5 €
The quotas are calculated the following way
Quota Quota Maximal price available for

Name Value Quota
A4 color 5 € / 2.5 € = 2.5 € * 2 = 5 €

copy 2
A4 B/W 5€/1€=5 1€*5=5€

copy
Scan 5€/3€=1 3€*1=3€
Corner case: User performs all operations allowed by quota's setting ( Maximal price available for
Quota = 3 € + 5 € + 5 € = 13 € ), but user has balance 10 € in Payment System, so debt 3 € will be
created.
3.4.19 LIMITATIONS
Quotas are applied separately for color and bw copy or scan jobs.
Different quotas are defined for color/bw pages. Those quotas are consumed
independently which means that if the user depletes the quotas for color pages, he/she
is still allowed to copy/scan in bw because the quotas for bw pages remained
untouched.
Quotas are applied only on the beginning of the scan session.
Users can be prevented to from scanning only in case they do not have enough credit
before the scanning actually starts. It is not possible to interrupt the scanning operation
that is in progress in case the quotas are depleted.
Payment System with direct print doesn't work.
Print all will print all waiting jobs regardless of user actual credit. Direct prints are not charged
A debt can be registered for the user.
The initial reservation can be canceled:
In case the MFP is busy after the defined time to live runs out.
Prints performed from SafeQ are handled individually by YSoft SafeQ subsystems according
to prices estimated by print job parser. For other types of print (e.g. print from USB), there are
quotas set by SafeQ and handled by the device itself.
YSoft SafeQ 5 420

February 03, 2016
The print quotas are set during log in and are not consumed when printing from SafeQ.
Therefor, when using both print from SafeQ and other types of print in a single session,
user can go into dept.
3.4.20 REQUIREMENTS
Payment System operations require devices with SSMI 1.4 or higher.
For proper function the print job parser needs to be enabled and set to render jobs.
CREDIT HANDLING ON FUJI XEROX XCP TERMINAL
Fuji Xerox XCP terminal

Behavior with "Use default quota toggling strategy for FujiXerox" enabled
Reservation strategy
Example
Behavior with "Use default quota toggling strategy for FujiXerox" disabled
Example
Diagram
Limitations
Requirements
FUJI XEROX XCP TERMINAL
Two different quota reservation strategies can be used, the selected strategy is configured by the
configuration option "Use default quota toggling strategy for FujiXerox " (
fujiXeroxEnableDefaultQuotaTogglingStrategy ) in the System Settings.
If the configuration option is set to enabled, the quotas on YSoft SafeQ Embedded Terminal for Fuji
Xerox are calculated from for all operations (color scan, bw scan, color copy and bw copy). This
allows the user to perform all operations but with smaller quotas for each operation.
Enabled is the default setting.
If the configuration option is set to disabled, the user is forced to select the desired operation after
authentication, the quotas are then calculated only for the operation the user selected.
BEHAVIOR WITH "USE DEFAULT QUOTA TOGGLING STRATEGY FOR FUJIXEROX " ENABLED
If the user has an account in the Payment System a credit reservation is created for the user (user
without Payment System account has set quotas to unlimited for all operations).
If not zero prices are set for the user.
The amount to be reserved depends on the user's current credit balance and on the price for A4
color page.
YSoft SafeQ 5 421

February 03, 2016
If price for A4 color page is 0, then one quarter of the user's current credit is reserved.
If the user's current credit is higher than the price for 100 A4 color pages, then one quarter of
the user's current credit is reserved.
If the user's current credit is lower than the price for 100 A4 color pages, but is higher or equal
to price for 50 A4 color pages, the price for 25 A4 color pages is reserved.
If the user's credit is lower than the price for 50 A4 color pages, then the half of user's credit is
reserved.
Then the quotas are defined according the reserved amount.
Separate quotas are defined for individual operations:
color scan
bw scan
color copy
bw copy
Each of quotas (color scan, bw scan, color copy and bw copy) is computed from amount to be
reserved. In corner cases debt can be created.
Once the job is finished the accounting information is sent to YSoft SafeQ.
One settlement is generated for all transactions in the given session.
In case the connection to the Payment System is not available, the settlement is sent once the
connection is available again.
For each print job credit reservation is created before print based on price provided by parser. Once
the job is finished accounting info is sent to YSoft SafeQ which settles the transaction. When it is not
possible to create reservation the job is not printed.
When the connection to Payment System is lost, it is not possible to create the credit reservation in
the Payment System, therefore the operation is forbidden. In case the connection to the Payment
System is lost during settlement, the settlement is sent later when the connection is available again.
Example
User credit balance in Payment System is 10 €, price for A4 color page is 2 €.

Operation Price
A4 color 2€
page
A4 bw page 1€
A4 color 2.5 €
copy
A4 bw copy 1€
Scan 3€
Available A4 pages: User credit balance in Payment System / price for A4 color page 10 € / 2 € = 5
User has credit for 5 A4 pages (user's credit is lower than the price for 50 A4 color pages), then half
of credit is reserved 10 € / 2 = 5 €
The quotas are calculated the following way:
YSoft SafeQ 5 422

February 03, 2016
Quota Quota Maximal price available for

Name Value Quota
A4 color 5 € / 2.5 € = 2.5 € * 2 = 5 €

copy 2
A4 bw copy 5€/1€=5 1€*5=5€
Scan 5€/3€=1 3€*1=3€
Corner case: User performs all operations allowed by quota's setting ( Maximal price available for Quota
= 3 € + 5 € + 5 € = 13 € ), but users balance in the Payment System is 10 €, this means that that the debt of
3 € will be registered for the user .
BEHAVIOR WITH "USE DEFAULT QUOTA TOGGLING STRATEGY FOR FUJIXEROX " DISABLED
User authenticates on the terminal and the terminal checks whether the user has an account in the
Payment System.
If so the user is forced to select the action for which the quotas will be defined, the options are:
Print
Scan
Copy
All available credit is used to calculate quota for the selected operation (apart from Print), quotas for
other operations are set to 0.
Separate quotas are defined for color / bw operations
Print quotas are not set as print is handled by YSoft SafeQ subsystems according the prices
estimated by print job parser
User is allowed to perform only the selected operation (either print, copy or scan)
Example
User credit balance in Payment System is 10 €, price for A4 color page is 2 €

Operation Price
A4 color 2€
page
A4 B/W 1€
page
A4 color 2.5 €
copy
A4 B/W copy 1€
YSoft SafeQ 5 423

February 03, 2016
Operation Price
Scan 3€
Whole user credit will be reserved 10 €. Suppose user will select Copy operation.
The quotas are calculated the following way:
Quota Quota Value Maximal price available for

Name Quota
A4 color 10 € / 2 € = 5 2 € * 5 = 10 €
copy
A4 B/W 10 € / 1 € = 10 1 € * 10 = 10 €
copy
Corner case: User performs all operations allowed by quota's setting ( Maximal price available for Quota
= 10 € + 10 € = 20 € ), but user has balance 10 € in Payment System, this means that that the debt of 10 €
will be registered for the user .
YSoft SafeQ 5 424

February 03, 2016
DIAGRAM
YSoft SafeQ 5 425

February 03, 2016
YSoft SafeQ 5 426

February 03, 2016
LIMITATIONS
Print quotas are not set (print is handled by SafeQ subsystems according the prices estimated by
print job parser).
Print jobs are handle by SafeQ because Fuji Xerox devices do not have working "stop on
zero" feature for print.
Quotas are applied separately for color and bw copy or scan jobs.
Different quotas are defined for color/bw pages. Those quotas are consumed independently
which means that if the user depletes the quotas for color pages, he/she is still allowed to
copy/scan in bw because the quotas for bw pages remained untouched.
Payment System with direct print doesn't work, users are not charged for the direct prints.
Print all will print all waiting jobs regardless of user actual credit.
A debt can be registered for the user.
The initial reservation can be canceled:
In case the MFP is idle after user logs out.

In case the MFP is busy after the defined time to live runs out.
YSoft SafeQ 5 427

February 03, 2016
REQUIREMENTS
Payment System operations require devices with SSMI 1.4 or higher.
For proper function the print job parser needs to be enabled and set to render jobs (because of
handling print jobs by SafeQ - Fuji Xerox "stop on zero" limitation).
CREDIT HANDLING ON KONICA MINOLTA MFPS
Info
All transactions in a user's session on a terminal are settled only after user logs out.
When the connection to YSoft Payment System is lost, the terminal holds the transactions
that need to be settled and repeats the attempt every 5 minutes (this value can be
configured).
The following information also applies to Develop and Olivetti MFP's.
When MFP receives balance = 0 from SafeQ server during print/copy/scan operation and
negative credit not allowed, possible operation at MFP is logout by ID button, confirm job
only. Even if some job type has cost = 0, MFP does not accept execution of jobs from the
MFP panel. Job execution other than from the pannel is possible (eg. Print job = cost 0 and
direct print is used when credit balance is 0).
PRINTING WITH CREDIT
1. User logs into YSoft SafeQ Embedded Terminal for Konica Minolta.
2. The Embedded Terminal checks if user has a Payment System account.
If not, zero prices are set for the user.
3. YSoft SafeQ creates a initial reservation for 10 large color duplex pages from the user’s balance. The
reserved amount is rented to the MFP. Initial reservation is mandatory due to specific handling of
charging by Konica Minolta devices.
If the user does not have enough credit to create a reservation for 10 large color duplex
pages, then the entire remaining user's credit is rented.
If user has no credit, reservation of 0 is created.
If price for large color page is zero, reservation is 10 times sum of maximum paper price and
maximum operation price. Note, that large One Color print is counted as 2 times normal One
Color print, which is defined in price list.
If all prices are zero, reservation of 1 is created (and later settled as zero).
4. User releases a print job from the secure queue.
5.
YSoft SafeQ 5 428

February 03, 2016
5. a) If the parser is enabled and if the price for the job is correctly estimated, SafeQ checks if the user's
balance (including the reserved amount) is equal to or greater than the estimated cost of the job. If
not, the print job is not released to the MFP and the user is informed.
b) If the parser is disabled or set to option "Only analyze jobs", it might not be possible to reprint
a print job for which the user does not have sufficient balance. Depending on the version of firmware
of the MFP, the MFP shows one of the following messages:
Insufficient funds.
Touch [Continue] to continue the job.
touch [Job End] to cancel the job.
[Continue][Job Finished]
Due to insufficient funds, the job could not be processed.
The job was deleted.
[OK]
Upon tapping on Job finished or OK, the job is removed from print queue and its state is either
Canceled (in case a configuration option "Delete after print" is disabled) or Deleted (in case
the "Delete after print" is enabled).
6. If the user's balance is sufficient, SafeQ releases the print job to the MFP.
7. Job is printed.
8. In case the rented amount is depleted during print, the MFP asks for next rental.
SafeQ reserves the cost of 10 A3 color pages from the user’s balance and rents the amount to
the MFP.
The original reservation amount increased.
If the user has no more balance available, the current job is stopped or rejected.
9. Print job is accounted by SafeQ.
10. User logs out from the terminal.
11.
YSoft SafeQ 5 429

February 03, 2016
11. MFP computes the total amount of not used rentals and returns it to SafeQ.
12. SafeQ computes the real cost as follows: real costs = total rentals – not used total rentals.
13. SafeQ charges the real costs from user’s account (the reservation is settled with the real cost and the
reservation is closed).
Warning
In case the user has insufficient credit to print the entire print job, it may happen that the job gets
stuck. The MFP is in the state Printing error which causes all the following print jobs to be blocked.
To unblock the MFP, either the job needs to be deleted on the MFP using standard administrator's
credentials or the Terminal Server needs to be restarted.
COPYING/SCANNING WITH CREDIT
1. User logs into YSoft SafeQ Embedded Terminal for Konica Minolta.
2. The Embedded Terminal checks if user has a Payment System account
If not, zero prices are set for the user
3. YSoft SafeQ creates a initial reservation for 10 A3 color pages from the user’s balance. The reserved
amount is rented to the MFP. Initial reservation is mandatory due to specific handling of charging by
Konica Minolta devices.
If the user does not have enough credit to create a reservation for 10 large color duplex
pages, then the entire remaining user's credit is rented.
If user has no credit, reservation of 0 is created.
If price for large color page is zero, reservation is 10 times sum of maximum paper price and
maximum operation price. Note, that large One Color print is counted as 2 times normal One
Color print, which is defined in price list.
If all prices are zero, reservation of 1 is created (and later settled as zero).
4. User asks SafeQ for starting a copy/scan job.
5. User makes copies/scans as long as the balance is sufficient.
6. SafeQ accounts the copy/scan jobs.
7. User logs out from the terminal.
8. MFP computes the total amount of not used rentals and returns it to SafeQ.
9. SafeQ computes the real cost as follows: real costs = total rentals – not used total rentals.
10. SafeQ charges the real costs from user’s account (the reservation is settled with the real cost and the
reservation is closed).
CREDIT HANDLING ON RICOH MFP'S
Known issues and limitation
Print job parser needs to be set to at least to the option "Render jobs as low resolution (36
DPI) images" in order to use the Payment System with Ricoh Embedded Terminal.
YSoft SafeQ 5 430

February 03, 2016
The copy operation may not stop immediately once the minimal balance is reached.
Depending on the device, there can be a small delay that allows the users to overrun their
balance. For example MP C305 price for 2 A4 copies but stopped after 6.
COPYING
When user requests copying, initial reservation is created. Reservation is driven by SafeQ
pricePerPageReservationStrategyForCopyOnHwTerminal and
pagesCountReservationForCopyOnHwTerminal properties available in SafeQ system settings.
Formula for creating reservation is: MIN|MAX from user price list where Price != 0 *
pagesCountReservationForCopyOnHwTerminal.
If the user does not have enough credit for the initial reservation, he is not allowed to copy.
When all prices are equal 0 user has no restriction and can copy for free.
Reservation can be modified during copy session as the number of copies increases and
additional money needs to be reserved from user's account, but till there is enough money on
user's account.
PRINTING
The estimated price of the job received from SafeQ is reserved in Payment System.
If the reservation is successful, the job can be printed. After the job is printed, the actual price of
the job is calculated and settled.
SCANNING
Once the document is scanned, the actual price for the job is computed and the terminal tries to
allocate this amount in the Payment System.
If allocation is successful, the allocated amount is immediately reserved amount is immediately
settled in Payment System. If the reservation is unsuccessful, the whole scan job is discarded.
CREDIT HANDLING ON SAMSUNG MFP'S
3.5 PRINTING
Samsung quota mechanism is designed to asks for closest highest 10 pages. E.g. if 3 pages should be
printed, then money for 10 pages must be reserved. If 11 pages should be printed, then money for 20
pages must be reserved. Once job is done the rest of money is returned immediately to user's account.
Stop on Zero: Works on closest highest 10 only.
3.6 COPYING
There is the same behavior as described in print above. Samsung asks for closest highest 10 pages.
YSoft SafeQ 5 431

February 03, 2016
Stop on Zero: Works on closest highest 10 only.
3.7 SCANNING
Samsung asks for 1 quota per single page. If 3 pages are scanned, then 3 pages will be reserved. If 11
pages should be scanned, then 11 pages will be reserved.
Stop on Zero: Works on zero.
CREDIT HANDLING ON SHARP MFPS
Quota calculation
Printing
Secure print
Direct print
Copying
Scanning
Limitations and known issues
The print/copy operation may not stop immediately once the minimal balance is
reached. Depending on the device, there can be a small delay that allows the users to
overrun their balance by about 4 pages.
When the job is suspended due to insufficient funds, the following behaviour differs
depending on the supported OSA version.
OSA version < 4.0 It is not possible to print, copy or scan on the device, unless the
suspended job is manually deleted.
OSA version >= 4.0 Suspended scan and copy jobs are automatically deleted; Print
jobs are stopped and waiting for user input (retry / delete).
If more jobs are printed in one batch, it might happen that the following jobs are suspended
even though the user has enough credit.
The reason for this is that the quota calculation for the next job is done before the
accounting information from the previous is sent.
The suspended jobs can be released by on the "Limits" native screen, here it is
possible to select the suspended job and re-check the limits. After confirmation the
job is released.
3.8 QUOTA CALCULATION
After user authenticates on the terminal, the terminal checks whether the user has an account in
the Payment System. If not, zero prices are set for the user.
YSoft SafeQ 5 432

February 03, 2016
Quotas are calculated before every job.

Quotas are calculated according the reserved amount.
The reserved amount depends on the user's current credit balance and the price for A4 color
page:
In case the user's current credit is higher than price for 100 A4 color pages, half of the
user's current credit is reserved.
In case the user's current credit is lower than price for 100 A4 color pages but higher or
equal to the price for 50 A4 color pages, the price for 50 A4 color pages is reserved.
In case the user's credit is lower than price for 50 A4 color pages, entire user's credit is
reserved.
Separate quotas are defined for color/black and white prints, color/black and white copies.
3.9 PRINTING
3.9.1 SECURE PRINT
In case the user does not have enough balance to print the selected job or in case the user
reaches the minimum balance when printing, a warning message appears on the terminal
informing the user that the job has been suspended.
The "Limits" button appears on the screen, this button navigates the user to the native screen,
where the suspended job will be displayed. From this screen it is possible to delete the
suspended job.
3.9.2 DIRECT PRINT
In case the user does not have enough balance to print the direct print job, the SafeQ
application appears with a warning message informing the user that the job has been
suspended.
3.10 COPYING
In case the user does not have enough balance to begin copying a warning message is
displayed informing the user that the limit of pages has been reached and the copy job is
denied.
In case the user reaches minimal balance while copying, the behaviour differs depending on the
OSA version
OSA version < 4.0
In case the user reaches minimal balance while copying, the copy job is
suspended.
The "Limits" button appears on the screen, this button navigates the user to the
native screen, where the suspended job will be displayed. From this screen it is
possible to deleted the suspended job.
OSA version >= 4.0
In case the user reaches minimal balance while copying, the copy job is deleted
and only pages which were already copied are accounted.
YSoft SafeQ 5 433

February 03, 2016
3.11 SCANNING
In case the user does not have enough credit to begin with the scanning, the scan operation is
stopped.
Sharp devices currently do not allow the ongoing scan operation to be stopped in case the
minimal balance is reached.
CREDIT HANDLING ON XEROX MFPS
Xerox's job limits feature is used to process the job.

Job limits determines the number of black and white/color pages and sends the information to
SafeQ where the price for the job is estimated.
The estimated price is then reserved in the Payment System.
After the job is finished the transaction is settled.
When the connection to PS is lost, it is not possible to create the reservation in the Payment
System, therefore the operation is restricted.
3.11.21 SHOWING PERSONAL AND VIRTUAL BALANCE ON EMBEDDED TERMINALS
DESCRIPTION
This feature allows users to see various representations of their balance, including their personal and
virtual balance separately.
USER STORIES
1. As a User I want to see my personal and virtual balance separately, so that I can see which
balance I am using.
2. As a User I want to see all my available balance, so that I can see how much I have left to be
used. (This is useful for cases when minimal balance is not zero.)
3. As a User I want to see my actual account balance to clearly see when I am in debt.
REQUIREMENTS
Users should understand that personal balance is their real money they deposited to their
accounts.
Users should understand that virtual (bonus) balance is the balance they received without
spending their real money, usually by automatic recharges.
Users should understand that available balance is the balance they can use and that they will be
restricted to do any charged actions when this balance reaches zero.
YSoft SafeQ 5 434

February 03, 2016
YSoft Payment System must be installed and configured
YSoft SafeQ Embedded Terminal must be installed on the MFP(s)
LICENSING
"Showing personal and virtual balance" feature is under a standard license.
CONFIGURATION
To configure "Showing personal and virtual balance" feature, go to YSoft SafeQ web interface and
authenticate with an account with administrative rights. In Views menu switch to Advanced options,
then go to System > System settings. Under YSoft Payment System tab search for property
preferredBalanceType. There are three possible values:
Available balance - The balance shown on the terminal represents the user’s total balance. The
displayed balance represents formula (personal + virtual - minimal) balance.
Separated balances - The terminal shows the user’s personal and virtual balances separately.
An example of a representation would be "EUR 20.52 (+ 13.04) ", where the virtual balance is in
the green font. This is except to the native type of YSoft SafeQ Embedded Terminal for Konica
Minolta, where the representation would be "EUR 20.52 (+ 13.04 bonus)".
Available balance without minimal balance - The balance shown on the terminal represents how
much credit is available on the user’s account without including their minimal balance. The user
may have a negative value if their minimal balance is negative. The displayed balance
represents formula (personal + virtual) balance.
3.11.22 DIFFERENCES BETWEEN SHARED QUEUES AND DELEGATION PRINT (VIP SHARED
QUEUES)
OVERVIEW
This article describes differences between shared queues and Delegation Print (aka VIP shared queues).
ACCOUNTING DIFFERENCES
There are no accounting differences between terminal types. Shared job is always accounted to user,
who released the job. No matter if shared queue is VIP or not.
DISPLAYING ON TERMINAL DIFFERENCES
This behavior is controlled by printSharedJobs SafeQ property which is disabled by default.
a) printSharedJobs=Disabled
If job owner sign in, everything is normal.
If some another member of shared queue (no matter if VIP or not) sign in, behavior depends on terminal:
YSoft SafeQ 5 435

February 03, 2016
Terminal professional and SRET: Shared job is not visible in main menu. Job is shown only in
waiting jobs list.
Terminal embedded: Shared job is shown in main menu (for example Print(1)) but it is not
possible to print it from main menu. This job can be released only from waiting jobs tab.
b) PrintSharedJobs=Enabled
If some another member of shared queue (no matter if VIP or not) sign in:
Terminal professional and SRET: Shared job is visible in main menu.

Terminal embedded: Shared job is shown in main menu (for example Print(1)) and it is
possible to print it. Even KM Print all will print both private and shared jobs.
USING OF BILLING CODES

SafeQ client allows user to select billing code for print job. Job is accounted to this selected BC (BC of user,
who sent job).
In case, that job is accounted to user, who released the job, BC of user who sent the job is used.
3.11.23 PRINTING FROM USB ON YSOFT SAFEQ EMBEDDED TERMINAL FOR KONICA MINOLTA
OVERVIEW:
USB print behaves differently on devices with different OpenAPI versions. Based on the selected
authentication method and OpenAPI version, the print from USB might be:
not supported
supported
supported with additional authentication screen shown on the panel
The additional authentication screen is an empty screen with title User authentication and two
buttons OK and Cancel. The screen appears after a document from USB is chosen. To continue,
click OK.
When using a combination of OpenAPI and authentication option for which the USB print is not
supported, the additional authentication screen is displayed too, but the OK button is not enabled
(it is greyed out and cannot be activated).
OpenAPI differences:
Authentication method OpenAPI 3.7 or OpenAPI 4.0 OpenAPI

lower 4.1 or
higher
Card with
additional
authentication
YSoft SafeQ 5 436

February 03, 2016
Card and PIN with

additional
authentication
Card and PIN or username/password - with additional

card and pin authentication authentication (since SQ5
MU15)
Card and PIN or username/password - with additional (since

username/password authentication authentication (since SQ5 SQ5 MU15)
MU15)
Card and username/password with

additional
authentication
Card or PIN - card authentication
Card or PIN - pin authentication with (since

additional SQ5 MU27)
authentication
Card or PIN or username/password - with (since SQ5 MU27) (since

card authentication additional SQ5 MU27)
authentication
Card or PIN or username/password - pin (since SQ5 MU27) (since

authentication SQ5 MU27)
with additional
authentication
Card or PIN or username/password - (since SQ5 MU27) (since

username/password authentication SQ5 MU27)
with additional
authentication
Card or username/password - card

authentication
Card or username/password - username with (since SQ5 MU27) (since

/password authentication additional SQ5 MU27)
authentication
PIN with (since SQ5 MU27) (since

authentication
Two-factor with
additional
authentication
YSoft SafeQ 5 437

February 03, 2016
Username/password with (since SQ5 MU27) (since

authentication
- print from USB supported
with additional authentication - print from USB requires additional authentication (user needs to confirm
the credentials or provide some other type of credentials)
- print from USB not supported
3.11.24 SUPPORT FOR REGIONAL CHARACTERS IN JOB NAMES - SETUP AND USAGE
PREREQUISITES
Ricoh or Xerox Browser Embedded Terminal installed on MFP

or
Terminal with implicit character support (e.g. Konica Minolta native with local settings)
LIMITATIONS
Trimming of long job names.

On Xerox MFPs all long job names are trimmed from right side without consideration whether
characters are in Latin, Hebrew, Arabic, Cyrillic etc.
On Ricoh MFPs the long job names may not be visible at all.
Performance of the job list is slower compared to non double-byte job names.
On Ricoh MFPs the background of double-byte job names is not inverted if the item is selected.
The colors of background behind letters can be unclean due to compression.
Hebrew characters are supported by Konica Minolta native in general. However, the language has to
be supported by regional settings of specific device.
Arabic characters are supported by Konica Minolta native with exception of C35. However, the
language has to be supported by regional settings of specific device.
YSoft SafeQ 5 438

February 03, 2016
SETTING UP FOR DOUBLE-BYTE CHARACTERS SUPPORT AND ITS USAGE
1 Enable property enableDoubleByteSupport in system settings.
2 Log into Embedded Terminal and navigate to job list. Double-byte job names are shown
correctly.
3 Open job detail. Double-byte job name is shown correctly.
3.11.25 SUPPORT FOR REGIONAL CHARACTERS IN JOB NAMES - XEROX AND RICOH
SUPPORT FOR REGIONAL CHARACTERS IN JOB NAMES - XEROX AND RICOH
DESCRIPTION
This feature solves need of countries where non-latin alphabets are being used (such as Hebrew,
Arabic) to use Embedded Terminal. It makes it possible to display characters that are not supported by
the MFP in the Job list as images.
When an MFP does not support regional characters in job names, it used to be nearly impossible to
use the Embedded Terminal as users couldn't determine which job should be printed from the job list.
The support allows users in various regions to enjoy Embedded Terminal experience even if MFP does
not support their characters by default.
Please see Support for regional characters in job names - setup and usage for details of usage.
YSoft SafeQ 5 439

February 03, 2016
3.11.26 TERMINAL COMPARISON
Following page show major differences among individual terminals.
SUPPORTED FEATURES
Feature Terminal Professional Terminal Terminal

UltraLight Embedded
Copy Tracking
Scan Tracking
Project Copy and Scan

Tracking
Print Roaming
Print job list management

and re-print
Job preview, move job to

/from favorites
Delegation Print (VIP

Shared Queues)
Workgroup print sharing

(Shared Queues)
Workflow scanning doesn't support parameter input
Print data transfer special firmware required

compression
Print data transfer if the device supports IPP/SSL if the device if the device
encryption (or special firmware required) supports IPP/SSL supports IPP/SSL
Terminal management (symmetric encryption via AES) (symmetric (SSL in .Net

communication encryption encryption via remoting)
AES)
Single IP address for special firmware required

terminal and MFP
Terminal localization
YOU CAN CHECK MORE INFORMATION HERE:

Terminal Failover Support
YSoft SafeQ 5 440

February 03, 2016
Terminal Authentication Matrix
3.11.27 TERMINAL FAILOVER SUPPORT
TERMINAL FAILOVER LIMITATIONS
Function Terminal Terminal Terminal

Real time failover with SafeQ Server failover
Real time failover with MS Windows Cluster based server

failover support (CML -> CML failover)
Real time failover with SafeQ Server failover using

Microsoft Windows NLB Technology
When using application-based failover system without shared spooler, in case of server failure all
print jobs stored on failed server become unavailable for release on SafeQ terminal and user has to
print them again from the workstation. Print jobs may be available again after server recovery.
All currently running operations on failed server are cancelled and user has to start operation again (i.
e. re-authenticate to the terminal and release jobs again or re-start copy/scan session).
Copy or scan job might be not accounted (depends on tracking technology).
Connection recovery function might take few minutes, terminals are not available during this time.
Find more about failover setting and limitations in Server failover.
3.11.28 USB READER OVERVIEW
The YSoft SafeQ USB Card Reader v2 can be connected simply to a multi-functional printer (MFP) and
serves for user authentication using a card. The card must be assigned to a user in the YSoft SafeQ
system. After successful authentication the user can use the device and perform his/her print, copy or scan
jobs (depending on the device).
The YSoft SafeQ USB Card Reader v2 can also be connected to workstations and used with YSoft
Payment System cash desk application or with the YSoft SafeQ client for authentication.
SYSTEM OVERVIEW
The YSoft SafeQ USB Card Reader v2 has the following characteristics:
Connection and power supply of the card reader via the USB host interface.
Compatibility with some other MFP applications
YSoft SafeQ 5 441

February 03, 2016
HARDWARE COMPONENTS
USB CARD READER SPECIFICATION
Parameter Value
Identification Using a card reader
Voltage 5V DC
Maximum current input 0.5A
Working temperature +5°C to +35°C
Storage temperature 0°C to +50°C
Working air humidity 20% to 85% without

condensation
Storage air humidity 8% to 85% without condensation
Resistance to magnetic no added resistance

fields
Cable length 2m
CERTIFICATES / VALIDITY APPROVAL FOR THE USB CARD READER
YSoft SafeQ 5 442

February 03, 2016
NOTE: List of shown certificates is not complete and may depend on exact product part number.
YSoft SafeQ 5 443

February 03, 2016
USB CARD READER CERTIFICATES
YSoft SafeQ 5 444

February 03, 2016
4 ADMINISTRATIVE GUIDES
At A Glance
YSoft SafeQ Server - Installation and Configuration

Using YSoft SafeQ
YSoft SafeQ Terminals
Workstation Client - Installation and Configuration
Individual Sections
4.1 YSOFT SAFEQ SERVER - INSTALLATION AND CONFIGURATION
Administrator Quick Guide

Installing SafeQ server: Installing YSoft SafeQ CML server
Web Administration, Web interface - Basics
Pre-installation checklists
Hardware requirements
Software requirements
Network communication overview
YSoft SafeQ Security Overview
Remote Spoolers: Installing YSoft SafeQ ORS
Enterprise Reporting: Installing YSoft SafeQ CRS server
4.2 USING YSOFT SAFEQ
This page contains procedures and tutorials describing how to use SafeQ.
Deployment & Administration
How to Manage users in YSoft SafeQ

Using LDAP Replication, CSV File User Replicator
Reference guide for Web Administration
How to setup ID card self-assignment (Configuring ID Card Self-assignment)
Print, Copy & Scan Tracking
How to setup Office Print Tracking (Configuring Office Print Tracking)

How to setup Copy Tracking (Configuring Copy Tracking)
How to setup Scan Tracking (Configure Scan Tracking)
How to setup Project Print Tracking (Configuring Project Print Tracking) and Selecting billing codes in
SafeQ Client.
How to setup Project Copy Tracking (Configuring Project Copy Tracking)
YSoft SafeQ 5 445

February 03, 2016
Reporting
How to use Usage and Costs Reporting (Using Web reports)

How to use Green Reporting and how to configure green reports (Configuring Green reports)
Print & Copy Management
How to setup Rule based printing (Configuring and using Rule-based Engine)
How to setup Secured print / Print roaming (Configure secure printing and Print roaming)
How to setup Print roaming (Configuring Print Roaming)
How to use Print queue management and re-print (Configuring Print job list management)
How to setup User Print sharing (Configuring and using Shared Queues)
How to setup Workgroup print sharing (Configuring and using Shared Queues)
How to setup Authorized copying (Configuring Authorized Copying)
Scan Management
How to setup Workflow scanning (Configuring Workflow Scanning)
Mobile Printing
How to setup Web Printing and Email Printing for Mobile Devices (Configuring Mobile Print Server)
How to setup User Print Roaming (Configuring User Roaming)
Advanced Enterprise Functions
Typical deployment scenarios

How to setup Server Failover (Configuring Server Failover)
How to setup Print data transfer Encryption (Configuring Print Data Transfer Encryption)
How to setup Print data transfer compression (Configuring Print Data Transfer Compression)
4.3 YSOFT SAFEQ TERMINALS
General YSoft SafeQ Terminals overview

Installing Terminal Professional
Terminal Ultralight
Embedded Terminals
Install Embedded Terminals
Configuring Ricoh ESA for YSoft SafeQ Embedded Terminal
Configuring Konica Minolta OpenAPI (older models) for YSoft SafeQ Embedded Terminal
Configuring Xerox EIP for YSoft SafeQ Embedded Terminal
Configuring Fuji Xerox Apeos for YSoft SafeQ Embedded Terminal
Configuring Sharp OSA for YSoft SafeQ Embedded Terminal
Network Card Reader
YSoft SafeQ 5 446

February 03, 2016
4.4 WORKSTATION CLIENT - INSTALLATION AND CONFIGURATION
Printer configuration for Workstation and Server directory

Adding a printer to print via an LPR port from a Windows workstation or server - Win7
Installing YSoft SafeQ Client on a Windows workstation, server, or server cluster
Printing from a Windows workstation or server using SafeQ Command Line Client
Configuring a printer for LPR printing on a Mac workstation
Configuring a printer for LPR printing in Linux
Installing YSoft SafeQ Client 2.x and adding a printer on a Mac workstation
Installing and using Local Monitor
4.5 INDIVIDUAL SECTIONS
Administrator Quick Guide

Web Administration
YSoft SafeQ 5 installation procedure
Installing and configuring YSoft SafeQ Terminals
Installing and configuring YSoft Mobile print server
Installing AirPrint
Printer configuration for Workstation and Server
Local Monitor
External scripts
How To Guides
Backup and Recovery Scenarios
Server Maintenance
4.6 ADMINISTRATOR QUICK GUIDE
This Quick Start Guide enables you to quickly and easily install YSoft SafeQ and set it up for direct printing.
In addition, this guide includes links to pages where you can find more information about installing and
setting up YSoft SafeQ, such as detailed installation instructions and how to add printers to the YSoft SafeQ
system.
4.6.1 WHAT YOU GET WHEN YOU DOWNLOAD YSOFT SAFEQ
When you download the YSoft SafeQ package, you get everything you need to install the system. The
package also includes important tools and standalone applications that can help you configure and
troubleshoot YSoft SafeQ, as well as documentation that provides basic and detailed information about
various aspects of the system.
YSoft SafeQ 5 447

February 03, 2016
4.6.2 INSTALLING YSOFT SAFEQ – PREREQUISITES
Once you have the YSoft SafeQ installation package, you can begin the installation. However, to make sure
your installation is successful, before you begin, consider the following important preliminary requirements:
A physical or virtual server must be available, dedicated for the YSoft SafeQ system and which
meets the requirements to support YSoft SafeQ functions.
MFPs and other printers that will be used with YSoft SafeQ must be configured and connected to the
network, and the associated required print drivers and hardware components (for example, terminals
or network readers) must be available.
If you plan to integrate YSoft SafeQ with a User Domain such as Active Directory, Novell, or
OpenLDAP, make sure you have all required information, especially domain controller access
/connection information and user directory FDQN.
If you plan to connect embedded, browser-based terminals (FX, KM, Sharp, Xerox) with Windows
2008 R2 or Windows 7, make sure that in "Server Role Manager - Features" or "Programs and
Features", ".NET WCF Activation" feature(s) are enabled.
Make sure you have a valid, new activation key.
NOTE: The activation key is hardware-bound and once used cannot be re-used by a different
computer.
When you are sure your system meets all the prerequisites, you can begin the YSoft SafeQ installation.
With the interactive installer, all you need to do is to run the installation file and follow the steps in the
installation wizard. You can choose between the default installation or a customized installation. The
default installation will install YSoft SafeQ with the recommended settings, but with a customized
installation, you can set all the settings yourself.
4.6.3 INSTALLING YSOFT SAFEQ – BASIC INSTALLER
1 Obtain and run installation file ysf-sq5-install.exe from YSoft Partner Portal. Once you have the file
and the server is ready for installation, you can begin YSoft SafeQ installation.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything necessary for
installing a fully functional YSoft SafeQ server.
2 Select a language that will be used for the installation process. This language will also be used as
the default language for the YSoft SafeQ system.
NOTE: You can change the language for YSoft SafeQ at any time after installation is done.
YSoft SafeQ 5 448

February 03, 2016
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree,
click Cancel to quit the installation.
YSoft SafeQ 5 449

February 03, 2016
5 After you accept the license agreement, the installer runs a preinstallation check. This procedure
checks several conditions and determines if the server meets all requirements for YSoft SafeQ
installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, installation can continue. If there
are problems, installation cannot continue. If any warnings or problems are indicated, review the
warnings and resolve the problems, then continue.
The conditions the installer checks are:
Correct version of Windows

User installing YSoft SafeQ has administrator rights
Version of .NET (must be .NET 4.5.1)
Version of Windows Installer (must be 4.5 to install MS SQL)
All required ports are open and free
Enough available disk space
Enough available system memory
Presence of a previous version of YSoft SafeQ
YSoft SafeQ 5 450

February 03, 2016
6 The installer now displays YSoft SafeQ installation settings.
To use the default installation settings:
Accept the default YSoft SafeQ server installation folder, database engine, and IP
address.
To use values other than the default ones:
Check I want to customize my YSoft SafeQ installation; then go to Customized

Installation for more information.
YSoft SafeQ 5 451

February 03, 2016
7 If you chose the default installation, the installer displays the account name and password for the
database. The password is automatically copied to the clipboard. Save this password to a safe
place so that you can either use it when you need it or change it if you want.
Click OK.
8 The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server. In case you wish to see detailed installation
progress, press Show details button (or D key).
YSoft SafeQ 5 452

February 03, 2016
9 The last page of the wizard informs you about the results of the installation process and gives you
the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to close the
installation wizard.
YSoft SafeQ 5 453

February 03, 2016
10 Installation is now complete.
4.6.4 TROUBLESHOOTING THE INSTALLATION PROCESS
If an error occurred during the installation process, please check the following log files that were created
during the process. All the installation log files are located in the YSoft SafeQ installation folder.
pginstall.log - contains information about PostgreSQL installation (if you selected PostgreSQL as
the database to install).
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
Additional logs can be obtained from AppData\local\Temp\1\ of currently logged user.
NOTE: On servers with a firewall, it may be necessary to enable several network ports. See YSoft
SafeQ Network communication overview for more information.
At the end of the installation, you can set up the YSoft SafeQ system for use.
4.6.5 LOGGING INTO YSOFT SAFEQ
To use YSoft SafeQ, log into the YSoft SafeQ Administrative Web Interface. The default login credentials
are:
user: admin
password: admin
For the best experience, use Microsoft Internet Explorer v9 or Google Chrome.
If you use a web browser and your YSoft SafeQ web interface is configured to use a different port
than the standard port 80, you must enter the complete URL, including the prefix "http", in your Web
interface (e.g.: http://safeq_ip:8080/).
Use your default credentials to start working with YSoft SafeQ.
You can choose the language of YSoft SafeQ web interface by clicking a national flag.
YSoft SafeQ 5 454

February 03, 2016
4.6.6 ACTIVATING YSOFT SAFEQ
After installation is complete, SafeQ must be activated. YSoft SafeQ supports two types of activation:
online and offline. The system requires an activation key, which is a part of the license agreement you
received after the product was purchased.
(See Activating YSoft SafeQ for a detailed description of the activation process.)
Using the online activation method - Log into the YSoft SafeQ Web Interface as administrator and, on the
Dashboard, enter the activation key. YSoft SafeQ automatically contacts the YSoft Partners Portal and
downloads the license.
If the YSoft SafeQ server is not connected to the Internet, perform the Using the offline activation method
procedure.
YSoft SafeQ 5 455

February 03, 2016
4.6.7 NOW YOU ARE READY!
You can now start working with YSoft SafeQ. On the Dashboard, follow the Welcome to YSoft
SafeQ wizard to begin. Additional help and instructions are available in the YSoft SafeQ Web
Interface --- click the help icon located in the top right corner of the page.
After you log in, the YSoft SafeQ Dashboard page opens. A list of widgets is available that you can
use to get information about various YSoft SafeQ functions.
The most important first step is to use the Welcome to YSoft SafeQ widget. This widget shows you
the steps you need to perform before the YSoft SafeQ system is ready to use.
If you need more information about the initial YSoft SafeQ settings, see Widgets - Welcome to YSoft
SafeQ in the Help pages.
YSoft SafeQ 5 456

February 03, 2016
4.6.8 ADDING USERS
If you use Active Directory and want to integrate YSoft SafeQ with your AD domain, follow these steps.
Otherwise, add users manually using User list.The following steps will guide you through the default Active
directory integration setup. For advanced and expert options please refer to LDAP Integration - Advanced
and Expert settings.
1 Open the LDAP integration wizard through the Welcome to YSoft SafeQ Widget at the main screen.
NOTE: The settings for LDAP replication can be also found on the web interface: Users ->
Actions... -> Connect to LDAP
2 Open the Connection section.
On the Connection tab, you can setup the integration setting with LDAP.
Available settings are:
LDAP server type (AD, NDS, OpenLDAP)

Load users on demand - This type of replication mode is sometimes referred as semi-
online. When enabled, users are created only during job reception or when logging into
the terminal.
Full and differential replication updates only users already registered within YSoft
SafeQ.
Replication of Roles and Cost centers is unaffected.
Note: User's card when is removed from LDAP is not synchronized to the
database with configuration option removeCardsInDiffLdapReplication .
URL of LDAP server

Searched LDAP subtree
Service account
There is a possibility to use either an anonymous account or authorized account to

log into the LDAP server to search for users. The selected account has to have at least r
ead access to reach the users and their attributes. Please note that YSoft SafeQ
supports only the Simple bind authentication mechanism for authorized connection to
LDAP server.
YSoft SafeQ 5 457

February 03, 2016
Please ask your domain administrator for this information.
3 Open the Scheduling section.
The Scheduling tab gives you the possibility to schedule the run of replication. All settings are
revealed after you check the Enable regular synchronizations checkbox. The options are:
Start full replication - Here you can select the days and times for full replication, by
clicking checkboxes.
Start differential replication - Here you can specify the hours or time interval from the
last replication to start differential replication. This type of replication will be started every
day.
NOTE: You have to restart YSoft SafeQ CML services to apply these changes.
YSoft SafeQ 5 458

February 03, 2016
YSoft SafeQ 5 459

February 03, 2016
Run the synchronization using the "Sync now" button.
5 Check the result.
The Status tab contains only information about the last synchronization with the LDAP server (date,
duration and result) and the count of added/updated/deleted users, cost centers and roles.
In case of an error, this error will be displayed here.
4.6.9 ADDING A TERMINAL AND CONFIGURING PRINT ROAMING
Many YSoft SafeQ features require a terminal that controls the associated printer/MFP. For information
about installing and configuring terminals, see Installing and configuring YSoft SafeQ Terminals. (You can
also access this information in the YSoft SafeQ Web Interface Help pages.)
4.6.10 ABOUT DIRECT PRINTING AND FORCED B/W PRINTING FROM WINDOWS WORKSTATIONS
Direct printing tracks prints without interfering with the standard workflow for users. At the workstation, the
user sends a print job and it is delivered through YSoft SafeQ directly to the printer without any
additional delay in processing. Direct printing is the method of printing in YSoft SafeQ that most closely
resembles printing in a traditional network printing environment.
In order to implement direct printing, you must first add a printer to YSoft SafeQ and then add it to the
Windows workstation.
ADDING A PRINTER TO YSOFT SAFEQ

After you install YSoft SafeQ, add a printer to the YSoft SafeQ system as follows:
1. In the YSoft SafeQ Web Interface, select the Devices tab.

2. On the top right part of the page, hover your mouse over the Items option; then select Add new
device manually.
3.
YSoft SafeQ 5 460

February 03, 2016
3. Proceed through all the device setup pages, selecting settings according to your needs. (Skip the
Terminal page settings unless you want to connect a terminal to the system; a terminal is not
required for direct printing.)
4. On the Direct printing page, click Add queue and enter a unique name for the direct printing queue.
We recommend a name such as direct-<name of the machine>, for example direct-printer1.
5. Click Save Device to save the printer.
ADDING THE PRINTER TO A WINDOWS WORKSTATION

After you add the printer to YSoft SafeQ, you must also add it to each workstation that will use the printer.
Follow these steps to add the printer to a Windows workstation:
In the Windows Add Printer wizard, set the printer port to send print jobs to YSoft SafeQ. This enables you
to use YSoft SafeQ to track prints.
LPR is a network protocol for submitting print jobs to a remote printer (the YSoft SafeQ server in this case).
This page explains how to configure a printer in Windows to use LPR for printing.
1 Open the Devices and Printers and select Add a printer.
2 Select the printer you want to install from the list or press The printer that I want isn't listed.
In the case you have directly selected printer to install from the list, the printer will be
automatically installed.
In the case you have selected The printer that I want isn't listed, continue with
following steps.
YSoft SafeQ 5 461

February 03, 2016
3 Choose Add a printer using TCP/IP address or hostname
YSoft SafeQ 5 462

February 03, 2016
4 For Hostname or IP address, enter the address of the printer; then enter a name for the port.
YSoft SafeQ 5 463

February 03, 2016
5 Skip Additional port information required by pressing Next button (optional step)
6 From the list of printer drivers, select the appropriate driver (or select a driver from the disk).
YSoft SafeQ 5 464

February 03, 2016
7 Enter a name for the new printer; then wait for the installation process to finish. Select other options
according to your needs (sharing, setting the printer as default, test page printing); then finish the
wizard.
8 Right-click the new printer; then select the Printer properties option. Select the Ports tab.
The port you created should already be selected and highlighted. Click Configure Port.
YSoft SafeQ 5 465

February 03, 2016
9 Change the Printer Name or IP Address to the IP address of the YSoft SafeQ server.
In the Protocol section, select LPR.

On the LPR Settings page, enter the name of the queue that will be used for the printer
(for example my-print-queue).
If necessary, change other settings on the page (LPR Byte Counting, SNMP status).
Note: In the case, you won't be able to edit Port settings, select the printer in Devices and Printers
tab > click Print server properties > Ports > Change Port Settings > select the port you created in step
4 and click Configure Port
YSoft SafeQ 5 466

February 03, 2016
10 Click OK to save the changes.
Now the workstation is configured to send print jobs to the YSoft SafeQ server.
CONFIGURING ROLES
The last thing you need to do is to set up access rights and/or restrictions. These rights and restrictions
are determined by Roles you define in the YSoft SafeQ system. YSoft SafeQ includes some predefined
roles. If you want to create your own role:
1. In the YSoft SafeQ Web Interface, select Users > Role list > Add new item.
2. Each user can be assigned one or more roles. To assign a role to a user, edit the user and assign a
role to him or her on the Roles page.
3. After you create a role and assign it to users, select Rules > Access definition.
4. Create an access definition for the new role: Click Add new item; then select the role and the
group of devices where the printer is installed (group Default by default).
5.
YSoft SafeQ 5 467

February 03, 2016
5. Allow or restrict use of the printers in this group by clicking the icons below the print, copy and color
options. A green check means that users the role is assigned to are permitted to perform the
operation; a red cross means they are not permitted to perform the operation. By default, users
are permitted to perform all operations. To force black-and-white printing for all users the role is
assigned to, change the color icon to a red cross.
6. After the settings are complete, click Add.
4.6.11 BASIC TROUBLESHOOTING
YSoft SafeQ installation cannot proceed - Check to make sure the server meets all the
prerequisites for YSoft SafeQ installation. If you use the graphical YSoft SafeQ installer, after the
preinstallation check is performed, the Warnings and Problems sections provide information about
conditions that have not been met.
YSoft SafeQ installation fail - If the installation proceeds but fails, look in the installation log files to
see if you can find the possible cause of the failure. All installation log files are in the YSoft SafeQ
program folder. The files are:
pginstall.log - contains information about PostgreSQL installation
sqinstall.log - contains information about the entire YSoft SafeQ installation process
Activation issues - If you encounter any issues during the activation process (online/offline), first
make sure you are using the correct activation code. Both online and offline activation processes tell
you exactly where the fault is, so troubleshooting should be easy.
A print job sent to the printer was not printed - If you sent a job to YSoft SafeQ but it did not print,
there can be several causes:
1. In the YSoft SafeQ Web Interface, go to the Job list and check to see if the job is listed there.
If the job is not listed in the Job list, the printer's settings on the Windows workstation
may not be correct. Verify that the printer and its port are configured exactly as described in
this guide and that the queue to which you send the print job has been created in YSoft
SafeQ.
If the job is in the Job list, check the job's details to see why the job was not printed.
2. Other causes of this problem can be incorrect printer settings in YSoft SafeQ (IP address,
queue name, etc.) or incorrect access settings for the printer. You can usually find these causes in
the details about the job in the Job list.
3. If you cannot find the cause of the issue, contact Y Soft Customer Support Services, who will
be glad to help you.
YSoft SafeQ 5 468

February 03, 2016
4.7 WEB ADMINISTRATION
Table of Contents
Reports
Devices
Users
Rules
System
Note: Some of the descriptions may vary based on your configuration or license.
Web browser compatibility
Mozilla Firefox
Google Chrome
Internet Explorer 9 or higher
Internet Explorer 8 is supported, but may be slow in some cases
Compatibility view is not supported
Note: Web administration is compatible with any ACID3 compatible website browser.
Error rendering macro 'excerpt-include' : No link could be created for 'Web interface – Overview'.Error
rendering macro 'excerpt-include' : No link could be created for 'Web interface – Dashboard'.
4.7.1 REPORTS
In the YSoft SafeQ Web Interface, select Reports
On the Reports tab, you can access the following functions:
Job list – List and audit log of all print, copy, and scan jobs tracked by YSoft SafeQ (see Managing
jobs in the Job list).
Web reports – Centralized interface for accessing Usage and Costs Reports and Green Reports (see
Using Web reports).
CRS reports – Management interface for data transfers to Central Reporting Services (see Using
CRS reports).
YSoft SafeQ 5 469

February 03, 2016
ORS overview -- Status overview and audit log for ORS connectivity in a distributed server system
(see Distributed Server System - Private Cloud and Viewing ORS status information).
NOTE: This option is not available when no ORS is installed.
Terminal accesses -- Audit log of all access attempts from YSoft SafeQ Terminals (see Terminal
accesses).
Reporting tools:
Automatic file reports -- Schedule regular exports of reports to a file (see Tools - automatic file
reports).
Automatic e-mail reports – Schedule regular exports of reports to defined e-mail addresses
(see Tools - automatic e-mail reports).
Data repair operations log – (see Tools - data repair - operations log).
Data repair (see Data repair).
Data repair manual counters readout (see Data repair manual counters readout).
YSoft SafeQ 5 470

February 03, 2016
4.7.2 DEVICES
In the YSoft SafeQ Web Interface, select Devices.
The Devices tab enables you to access the following functions:
Printers list – Lists all devices managed by YSoft SafeQ (see Using the Printers list).
Terminals list – Lists all terminals connected to devices (see Terminals ) .
Device templates – Templates for automating the process of adding devices to YSoft
SafeQ (see Device Templates).
Shared queues for user shared printing (Delegation Print (VIP Shared Queues) and
workgroup shared printing (Workgroup print sharing (Shared Queues) (see Shared
Queues).
Device management tools
Tools - Batch editing
Tools - Printer types
Tools - User tags
Error rendering macro 'excerpt-include' : No link could be created for 'Web Interface - Projects'.
4.7.3 USERS
In the YSoft SafeQ Web interface, select Users.
YSoft SafeQ 5 471

February 03, 2016
On the Users tab, you can access the following functions:
Users list -- List of users registered in the YSoft SafeQ system (in the Identity management
database) (see Managing users in the Users list).
Roles list – List of available user roles (see Managing roles in the Roles list).
Cost centers -- List of cost centers (usually based on departments) (see Managing cost centers).
User management tools
Data import – Import users, roles, and cost centers from a CSV file (see Tools - Data Import).
Data export – Export users, roles, and cost centers to a CSV file (see Tools - Data Export).
LDAP integration – See Tools - LDAP Integration.
4.7.4 RULES
In the YSoft SafeQ Web Interface, select Rules.
On the Rules tab, you can access the following functions:
Define rules – See Using the Rule Definition wizard.

Define access rights – Define access rights for users (according to their roles) and for device groups
(see Defining access rights).
Define scan workflows – See Managing scan workflows.
Assign access rights to scan workflows (see Setting access rights to scan workflows).
Use data repair tools (see Tools - Data repair User delegating).
YSoft SafeQ 5 472

February 03, 2016
4.7.5 SYSTEM
In the YSoft SafeQ Web Interface, select System.
On the System tab, you can access the following functions:
System information – Diagnostics overview of the YSoft SafeQ system (see System Information).
System settings – Basic and expert configuration of various system settings (see System Settings).
System tools:
Card Number Conversion Tool
Diagnostics export
exported data structure
Event viewer
Export settings for YSoft SafeQ Client
Print Job Parser Configuration
System Information
System logs
System Settings
4.7.6 WEB INTERFACE - OVERVIEW
OVERVIEW
Overview consists of following functions:
Login screen - Overview of the Login page.

Web interface - Basics - Descriptions of the key components and structure of the YSoft SafeQ Web
Interface.
LOGIN SCREEN
Login Screen is a basic authentication screen for YSoft SafeQ web interface.
YSoft SafeQ 5 473

February 03, 2016
LOGGING INTO THE SYSTEM

If you use a web browser and your YSoft SafeQ web interface is configured to use a different port than the
standard port 80, you must enter the complete URL, including the prefix "http", in your Web interface (e.g.:
http://safeq_ip:8080/).
Use your default credentials to start working with YSoft SafeQ.
You can choose the language of YSoft SafeQ web interface by clicking a national flag.
WRONG CREDENTIALS
If user enters wrong credentials and tries to log in, the following error is displayed.
AUTOMATIC LOGOUT
If user has been inactive for a set time period, he is logged out automatically and redirected to Login Screen
where following notice appears. The time period can be specified in system settings.
YSoft SafeQ 5 474

February 03, 2016
YSOFT SAFEQ SERVER IS NOT RUNNING

In the case that YSoft SafeQ server is not running, following picture will be displayed instead of Login
Screen.
Check your YSoft SafeQ Service status. If Service cannot be started, please contact YSoft Customer
Service Support using http://portal.ysoft.com.
WEB INTERFACE - BASICS
Menus
Main menu
Sub-menu
Quick menu
General page functions
Header
Footer
Page action buttons
Using Search filters
Page tables
Table sorting
Show / Hide table columns
Table pages
Pop-up windows
Tablet panels
UI settings
User interface compact mode
Modal alert messages
Quick menu
Tables pagination
Alerts and confirmation messages
YSoft SafeQ 5 475

February 03, 2016
Others
Progress bars
Tooltips
MENUS
MAIN MENU
Main menu items (tabs) available at the top of the page, represents basic thematic groups of pages in
SafeQ Web Interface to make navigating and searching for the right information as easy as possible.
To access tab (Reports, Devices, Projects, etc.), click its name in the main menu located at the top of the
page. Selected tab is always bold and highlighted.
SUB-MENU
Almost each main menu tab as a thematic group of pages includes also sub-menu with these pages. You
can see this sub-menu directly below the main menu tabs.
Links to the most important pages are shown directly in the sub-menu; less important ones are accessible
via a Tools menu. The currently displayed sub-menu page has always bold font.
QUICK MENU
There is also possibility to activate Quick menu instead of classic Main and Sub-menu. If Quick menu is
activated, s ub pages of each item in the main menu will be available in the rollover menu for quick access
from any page.
To enable/disable Quick menu use UI Settings down on each page and select/deselect Quick menu. For
more info see UI settings below on this page.
GENERAL PAGE FUNCTIONS

Each page has some general functions available in the page header or footer.
YSoft SafeQ 5 476

February 03, 2016
HEADER
Here you can see available page functions located at the right top corner of the each page. Availability of
these functions can vary based on the displayed page. Detailed info about each icon is described in the
table below.
Function Description
Search Click icon to show or hide search the Search panel on the page when it's available.
panel
This setting applies to all the Web interface pages, so when you show/hide the Search
panel on one page, it will be showed/hidden on all pages.
Favorites Click icon to mark or unmark page as favorite pages.
When page is marked as favorite you can access it from any other page by hovering
favorite icon and selecting page from a list of favorite pages.
Refresh Click icon to refresh data displayed on the page.
Help Click icon to display help for the currently displayed page.
FOOTER
Here you can see available page functions located at the bottom of the each page. Detailed info about each
icon is described in the table below.
Date and time Current day in the week, date and time of SafeQ server.
Client IP address IP address of machine from which is user connected to SafeQ Web
Interface.
User info Full name and login of currently logged in user.
UI settings UI settings menu includes quick settings related to SafeQ web

interface.
For more info see UI settings below on this page.
YSoft SafeQ 5 477

February 03, 2016
Logout Click icon to logout and terminate current user session.
Languages Click the flag to change language. To add/remove languages go to

System settings > Regional settings and edit " serverLanguages" and "
int_languages" properties.
Flag of currently selected language is brighter then others. The

language you select will be used from now on, each time you log in to
the Web interface from the same computer.
PAGE ACTION BUTTONS

On the right side of each sub-menu are links for action buttons available for the currently displayed page,
grouped by type. (Not all types of actions are available for all pages, and some pages do not include any
actions). If a page supports only one action of any type, button is linked directly to this action. If a page
supports more than one action of the same type, these actions are available from a pop-up menu that
appears when you hover your mouse over an action option.
Detailed info about each action type is described in the table below.
Action Description
Add item Create a new item on the page. For example a new device, user, rule, etc.
Actions Display list of actions you not frequently need to use. For example delete all items on
the page, export items to an Excel file, etc.
These actions are usually sorted in groups based on the type of action.
Views Change the page view, usually the type of data listed on page.
Save changes Save changes you made on the page. Usually it is related to changes in table lists.
USING SEARCH FILTERS

Some pages includes also search filters to make access to specific data easier. The search panel is located
directly below the sub-menu and includes options for filtering data for the currently displayed page. You can
show search filter by clicking icon at the right top corner of the page. To hide it use icon. If icon is
not available, this page doesn't have search filter.
YSoft SafeQ 5 478

February 03, 2016
Detailed info about all items of search filter are described in the table below.
Search field Description
Enter search text in the text box.
Click the arrow to display a drop-down list with options you can select.
Click the calendar icon to display a calendar; then select a date from the
calendar.
Click icon to browse list of items. Then navigate to an item and

select it. If you want to cancel content of this field click
Click to apply current search filter. You can also user Enter key instead of
this button.
Click to discard current filter and display all items.
Click to show advanced filter options (available only at Reports tab)
PAGE TABLES
The information on each page is contained in the Content panel. The type of information on each page
varies, but is usually in table format. Tables comprise of columns (with headers at the top) and rows of data.
Many tables include page numbers at the bottom.
Each table contains top blue panel with the name of columns. Some of the tables also enables
sorting and settings for displaying columns. For more info see Table sorting below.
At the left of each row is an icon that represents the data in the row. To the right of the icon are text
columns that describe the listed record.
To manipulate a record, click an icon on the right side of the row. These icons vary based on record
type. You can find more info about icons at the help related to specific page.
Some of the icons are standardized throughout the Web interface (for example, the edit and delete
icons).
YSoft SafeQ 5 479

February 03, 2016
To select multiple records and apply the same operations to all of them, check the check boxes on
the right side of the rows (if available).
To display details about a record, double-click the record's row.
TABLE SORTING
Some tables includes sorting option. To sort data in the table from descending to ascending, click the
column heading. To change the order from ascending to descending, click again.
You can see icon next to column heading selected for sorting. It indicates descending to ascending order. In
example displayed here ascending sorting according Login column is selected.
SHOW / HIDE TABLE COLUMNS
Some tables includes option to customize displayed table columns.
Click icon at top left corner of the table, and select/deselect columns which you want to show/hide. You can
also change order of columns by dragging and dropping lines using icon. Then save changes using Set
button.
Alternatively you can disable data loading of table when you first enter the page. In this case green
message is displayed and you need to refresh data on page or use search feature. This option can be used
for enterprise customers with large databases that uses web interface only for searching and load of
information that is not important put unnecessary strain on database and user must wait before whole page
full of data is loaded.
TABLE PAGES
Some of the tables includes also table pagination at the right bottom of the table. There is two options for
setting table pagination:
Without pagination (default): record are displayed on the one. To display more records, click Load
more records.
YSoft SafeQ 5 480

February 03, 2016
With pagination: records are split into more pages. To see display more records, click arrows to
move on the first/previous/next/last page.
To specify the number of items to display on each page, click icon (highlighted on the image below),
enter the number in the text box and click Save. This setting applies to all tables in the SafeQ Web
interface.
POP-UP WINDOWS
Pop-up windows in SafeQ are used for creating new records, editing existing ones, or to displaying detailed
information about record. Most pop-up windows in the Web interface include Tablet panels ( see Tablet
panels below ). Click the options in the Tablet panel to navigate through the pop-up window's pages. To
save the record and to perform other operations, click the buttons located at the bottom of the window.
YSoft SafeQ 5 481

February 03, 2016
There is also several actions related to pop-up windows:
move pop-up window by clicking the top title bar; then drag and drop the pop-up window to a new
location.
move to the next record by clicking (arrows) at the right top corner of window.
show help related to current pop-up window by clicking (question mark) icon at the right top
corner of window.
close pop-up by clicking (close) icon at the right top corner of window.
TABLET PANELS
Some of the pages, but mostly pop-up windows have Tablet panels on the right side of the window. They
are representing different types of settings or options. To access these categories, just click their name in
tablet menu.
YSoft SafeQ 5 482

February 03, 2016
UI SETTINGS
Each page of SafeQ Web Interface includes quick settings for user interface. All available options in UI
settings window are described below.
USER INTERFACE COMPACT MODE
Mode recommended for devices with smaller display resolutions. Size of the fonts is smaller and usage of
available space of the display is optimized. You can see difference when this function is disabled or enabled
on the picture below.
YSoft SafeQ 5 483

February 03, 2016
MODAL ALERT MESSAGES
Messages with actions` results, warnings and errors will be displayed in the bottom right corner and they will
not require confirmation. Otherwise messages dialogs will be displayed modally - i.e. in the middle of the
screen and they will require confirmation before you can continue.
QUICK MENU
Sub pages of each item in the main menu will be available in the rollover menu for quick access from any
page.
TABLES PAGINATION
Tables that have more records then the set limit per page can be viewed page by page via clicking on
arrows icons. Otherwise link that will load more records and attach them at the end of the table will be
displayed.
YSoft SafeQ 5 484

February 03, 2016
ALERTS AND CONFIRMATION MESSAGES

Alert messages giving you feedback on the action you have dome and contain information you need to
know before you continue.
Web interface can display alert messages in two modes:
Soft alerts (enabled by default): Don't requires user to interact with to dismiss them. Soft dialog are
dismissed automatically after some time (error messages stay on screen for longer time). If
messages stacks high or they are blocking you when you want to interact with the page, you can
dismiss them manually by clicking on them.
Soft alerts are displayed in bottom right corner of the page.
Modal alerts: Modal alerts requires to be interacted with before they are dismissed. In order to
continue, click the button at the bottom of the message to dismiss it. You can not interact with the
rest of the page until then. Modal alerts are displayed in the center of the page.
To switch between this modes at:
Dashboard > Actions and click Enable/Disable modal alerts

UI Settings down on each page and select/deselect Modal alert messages. For more info see UI
settings above on this page.
There are various types of messages:
Alert type Soft alert Modal Alert

description
Information
messages
display
information
about the
results of
operations.
Warning
messages
indicate that
information
you entered
is not in the
correct
YSoft SafeQ 5 485

February 03, 2016
Alert type Soft alert Modal Alert

description
format or
that
information is
missing.
Error
messages
appear if an
operation
fails, for
example if a
record has
not been
saved.
Confirmation
messages
require you
to make a
decision and
select an
option. You
can often
choose if you
want to
proceed with
an operation
or cancel it.
OTHERS
PROGRESS BARS
Progress bars and the associated text appear when data are being updated or loaded. The time required for
loading varies, but you can decrease load times by using the latest versions of the supported Web
browsers. (Internet Explorer 7 and 8 perform poorly, so avoid using them if possible).
YSoft SafeQ 5 486

February 03, 2016
TOOLTIPS
Hover your cursor over an icon to display a tooltip.
4.7.7 WEB INTERFACE - DASHBOARD
DASHBOARD
Dashboard will be displayed directly after logging in Y Soft SafeQ Web Interface. You can also select
Dashboard in top menu to display it.
On the Dashboard tab, you can use the following functions:
User Dashboard - Information about the user Dashboard, the first page the users see.
Admin Dashboard - Information about the administrator Dashboard, which displays basic information
about system health and usage.
Available dashboard widgets - Overview and description of widgets available on the
administrator Dashboard.
Widgets - Welcome to YSoft SafeQ - Detail explanation of the Welcome to YSoft
SafeQ widget.
YSoft SafeQ 5 487

February 03, 2016
ADMIN DASHBOARD
Overview
Functions
Add widget
Actions
Views
SLA warnings
OVERVIEW
Dashboard is first page administrator sees when he successfully log in to the SafeQ web interface.
Dashboard contains numerous widgets that can be moved around and interact with. Widgets are displayed
based on user's access rights and offers various information about system, user's activity in system and
shortcuts to frequently performed operations.
On this page, the SafeQ administrator or user with administrators right can view important information about
the SafeQ system using widgets.
YSoft SafeQ 5 488

February 03, 2016
FUNCTIONS
In the top right corner there is few functions available for this page. For general page functions see: Web
interface - Basics
ADD WIDGET
This function allows you to add more widgets to the Dashboard. After clicking Add widget list of available
will be displayed. You can add widgets by clicking icon next to it.
For more info see: Available dashboard widgets
NOTE: Add widget button is not available when all available widgets are displayed.
ACTIONS
User interface
Enable compact mode Mode recommended for devices with smaller display resolutions. Size of the
fonts is smaller and usage of available space of the display is optimized.
YSoft SafeQ 5 489

February 03, 2016
User interface
This mode can be activated on every page by clicking Settings in page footer
and selecting User interface compact mode.
Enable modal alert Messages with actions` results, warnings and errors will be displayed modally - i.
messages e. in the middle of the screen and they will require confirmation before you can
continue. By default they are displaying as a popup windows in the bottom right
corner and they not require confirmation.
and selecting Modal alert messages.
Users
Export data to CSV Import user data from a CSV file. For more info see: Tools - Data Import.
Import data from CSV Export user data to a CSV file For more info see: Tools - Data Export.
Connect to LDAP Set up connection for users, cost centers and roles from Active Directory. For
more info see: Tools - LDAP Integration.
VIEWS
You can display widgets in different number of columns. After clicking View you can select one of these
options:
Display widgets in two columns

Display widgets in three columns
Display widgets in four columns
SLA WARNINGS
When SLA is purchased you can encounter various warnings in form of yellow ribbon at the top of the
admin's dashboard. Warning is displayed in following cases:
Purchased SLA will expire in less then two months.

Purchased SLA expired.
There are more devices registered in the system that are covered by purchased SLA.
Purchased SLA is invalid because software support expiration date happens before SLA expiration
date.
You have two choices whenever one of these warnings is displayed. Either dismiss it or you choose to be
reminded later. Dismiss will hide warning for all administrator users and will not be displayed until same
event occurs again, i.e. when you upgrade your SLA and then it expires again in the future. Remind later
function will hide warning for your active session. Warning will be displayed again when you relogin to the
application.
YSoft SafeQ 5 490

February 03, 2016
AVAILABLE DASHBOARD WIDGETS
ABOUT
Following page describes a basic information about available widgets that can be placed on Dashboard
page.
for administrator Admin Dashboard

for user User Dashboard
Only administrator can see all widgets. The user can not
At A Glance
About
SafeQ Version
System Services
Active objects in SafeQ
Printed/Failed jobs
System Information
My last jobs
My saving
Access credentials
Text encryption
Canceled jobs by system restart
Locks on Devices
Welcome to YSoft SafeQ
My links
Cluster server status
DB integrity
SAFEQ VERSION
This widget contains a basic information about SafeQ.
YSoft SafeQ 5 491

February 03, 2016
Attribute Description
Internal version Internal version of currently installed SafeQ server and date of release
(YYYYMMDD)
Activation and support ID Activation number and support identifier
Customer Licensed customer name
Cluster Cluster type
Edition Edition name
License expiration When the license will expire. You can display detailed information about
license in tooltip by placing mouse cursor over icon next to the expiration
date. Items marked with red color are expired or depleted.
Support expiration Date of expiration of the product's software support
SLA details Information about currently purchased SLA. Name of the SLA, expiration date
and number of devices that is covered by it.
Support information Detailed system information in the case of any trouble. You can display and
download support information in order to provide customer support with
detailed system information and configuration. For more info see: Support
information
About the YSoft SafeQ About YSoft SafeQ

application
SYSTEM SERVICES
Widget shows SafeQ system services and their statuses.
YSoft SafeQ 5 492

February 03, 2016
Attribute Description of status
TCP/IP Print Server on CML Y Soft SafeQ server is ready to accept jobs from SafeQ Client (listening
(SafeQ Port) on 9100 port by default)
TCP/IP Print Server on CML Y Soft SafeQ server is ready to accept jobs using LPR protocol (listening
(LPD) on 515 port by default).
Server Terminal UDP Auto discovery of Y Soft SafeQ server by terminal professional is active
Identificator
SafeQ Terminal Listener Y Soft SafeQ server is ready to accept connection from external terminals
(listening on 4096 port by default)
SSL Listener (CSD) N/A
Enterprise Server Balance Y Soft SafeQ server is ready to synchronize data in a cluster
Communicator Y Soft SafeQ server is ready to communicate with ORS
Enterprise Server Y Soft SafeQ server is ready to synchronize data in a cluster

Synchronization
CSD Synchronization N/A
ACTIVE OBJECTS IN SAFEQ
Basic overview of created objects in SafeQ system.
Devices Total amount of installed devices
YSoft SafeQ 5 493

February 03, 2016
Hardware terminals Total amount of installed HW terminals
Embedded Total amount of installed Embedded

terminals terminals
ORS Total amount of installed ORS servers
Users Total amount of created users
Cost centre Total amount of created Cosr Centres
Roles Total amount of created Roles
Billing codes Total amount of created Billing codes
PRINTED/FAILED JOBS
Widgets whows basic statistics data of printed/failed jobs via SafeQ.
Successful print jobs are displayed in blue color, failed ones in red.
Print jobs are summed per hour and data are listed from last SafeQ restart time.
Blue Line Printed jobs
Red line Failed jobs
SYSTEM INFORMATION
Basic information about system.
YSoft SafeQ 5 494

February 03, 2016
Server uptime Total time - how log the server is

running
CML GUID GUID of CML node
Operating system and configuration Operating system information
Free disk (with spooler) space Total amount of free disk space
Server load (ONLY from ORS Load generated by ORS servers

servers)
Database structure Database structure check
.NET version Installed versions of .NET
More details provides link to System Information where detailed information can be found.
MY LAST JOBS
Widget shows last jobs that you worked with.
Title Job title
Last status Time when was performed last change of this

change job
YSoft SafeQ 5 495

February 03, 2016
State Current job status
MY SAVING
This widget described how many trees, energy, water and CO2 you saved.
Every non-accounted job (but only in deleted status) is counted as purged.
Data are listed for current month and also for current calendar year.
Trees Total amount of trees that you saved
Energy Total amount of enegry (in kWh) that you saved
Water Total amount of water(in l) that you saved
CO2 Total amount of CO2(in kg) that you saved
Money Total amount of money that you saved (in currently set
currency)
ACCESS CREDENTIALS
Old password may be changed on this widget.
YSoft SafeQ 5 496

February 03, 2016
Change pasword Change your password that can be used to login to web administration
interface or to the terminal or printer.
Old Password Enter old password
New password Specify new password
Password check Confirm new password
Generate PIN code This code can be used for authentication on the terminal on the printer.
Generate PIN Click to generate PIN code
Generate Card This code can be used to assign a new card on the terminal on the printer.
Activation Code Swipe your card over the terminal and when you are asked, type this Card
Activation Code. Next time you will use your card you will be automatically
authenticated.
Generate Card Click to generate new Card Activation Code

Activation Code
TEXT ENCRYPTION
Through this widget you can encryp any text. This type of encryption is used by various SafeQ tools,
application and settings for securing sensitive information for system's users (passwords, PINs, etc.).
CANCELED JOBS BY SYSTEM RESTART
Through this widget you can find all jobs that were canceled by system restart. All jobs may be re-queued or
canceled.
YSoft SafeQ 5 497

February 03, 2016
Find automatically canceled Find all jobs that were canceled during SafeQ
jobs restart
YES Re-queue all found jobs
NO (canceled jobs) Cancel all foung jobs
LOCKS ON DEVICES
Widget lists all device's locks currently hold by system.
Number of locks held by CML Total amount of locks that are holding by CML server (All CML
nodes together)
Number of locks held on ORS Total amount of locks that are holding by ORS server (All ORS
servers servers together)
Number od CML groups that are Total amount of CML groups that are holding locks
holding locks
Number od ORS servers that are Total amount of ORS servers that are holding locks
holding locks
Lockson cluster nodes (CML) Total amount of lock holding by each CML server
WELCOME TO YSOFT SAFEQ
This widget should be used for basic SafeQ setup before first system use.
Uncompleted tasks are marked by red color, partially completed ones by orange and completed tasks by
green. If any task is marked with red color, whole widget area has red background.
YSoft SafeQ 5 498

February 03, 2016
Company information Basic settings with information about company that uses this YSoft SafeQ
server. This section is available only when Management report feature is
licensed.
E-mail settings Basic e-mail settings may be setup here
Language settings This section contains localization settings - languages that are available for
users on administration web and terminals.
Regional settings Basic regional settings may be setup here
Users, cost centres Basic operaions with Users, cost centres and roles
and roles
Devices Basic operations with devices
YSoft Payment Basic configuration of YSoft Payment System

System
Print job parser Basic settings of print job parser (see Print Job Parser Configuration for more
information about this section)
System is ready Basic system ready check
Description of Welcome to YSoft SafeQ widget can be found here: Widgets - Welcome to YSoft SafeQ.
MY LINKS
Through this widget user may add custom hyperlinks to other web pages or applications.
YSoft SafeQ 5 499

February 03, 2016
Add a new link to my

widget
web page
FTP
E-mail
Other
Edit existing links
CLUSTER SERVER STATUS
On this widget you can see statuses of all CML cluster nodes.
Cluster information Information about specific node
Hostname
IP address
Service status Service status for current server
Status of cluster node service

Information whether server is master or indicator to the server
you are logged in
DB INTEGRITY
Through this widget administrator can see if YSoft SafeQ database integrity is intact and no record that
should be unique is duplicated (this situation can occur for example if replication in cluster server starts
acting erroneously).
YSoft SafeQ 5 500

February 03, 2016
Green OK is displayed if everything is all right for particular type of record. Red FAIL with information with
wrong records is displayed if one or more particular records are duplicated.
Last The time when the update was performed for last
update time
Next Specific time when will be next update performed

update
WIDGETS - WELCOME TO YSOFT SAFEQ
About
Following page describes a basic information about Welcome At A Glance
YSoft SafeQ widget.
This widget is accesssible from Admin Dashboard page. All About
available widgets are described Available dashboard widgets. Company
Only administrator can see this widget - User NOT information
E-mail settings
Language
settings
Regional
settings
Users, cost
centre and roles
Devices
Print job parser
System is ready
Company information
This section is available only if Management report feature is licensed.
YSoft SafeQ 5 501

February 03, 2016
Attributes Description
Company Name of company that uses this YSoft SafeQ server. Information is used to personalize
name exported Management report.
Fiscal year Month that starts new fiscal year in the company that uses this YSoft SafeQ server.
start Settings is used to correctly display data for affected time periods (fiscal year, fiscal
quarter) in Management report.
E-mail settings
SMTP server host IP address of SMTP server
SMTP login Login for SMTP user
SMTP password Password for SMTP user
Notification's E-mail that will be used as notification sender

sender e-mail
Administrator e- Administrator email

mail
Test current Performs quick test of attribute:

value
YSoft SafeQ 5 502

February 03, 2016
SMTP server host - performs attempt to connect to SMTP server host

In case of unsuccessful attempt, advanced SMTP server options are
displayed (SMTP server port and SSL/TLS support)
Administrator e-mail - sends e-mail to entered e-mail address
Language settings
Supported Language localizations that should be available for YSoft SafeQ users.
languages
You can set languages that are avilable for the web interface and for the connected
terminals on server. These settings are separated because some localization
packages contains only texts for terminals.
YSoft SafeQ 5 503

February 03, 2016
Language that is set as supported on web interface must be also enabled on server.
One of the supported web interface languages must be set as default.
Regional settings
Currency Currency used in SafeQ system
Currency symbol Currency symbol
Currency formater Currency formater
Currency ISO Currency ISO
Minimal fraction digits: Value controls formatting of currency.
When you set it e.g. to 4 and Maximal fraction digits is equal or greater than
this value, then you can get result: 0.0001.
Maximal fraction digits: Value controls formatting of currency.
YSoft SafeQ 5 504

February 03, 2016
When you set it e.g. to 4 you can get results like: 0.0001. When Maximal
fraction digits is set to 4 and Minimal fraction digits is set to 2, then you`ll get
numbers: 0.01 and 0.0001.
Minimal places of Value controls number of places of integer value

integer value:
When you set it e.g. to 3, then you`ll get three digits before decimal point. E.
g.: 007
Supported VAT values Click on the field to modify VAT (Value-Add Tax) values that are available for
the users in various price related settings. You can remove existing values, add
a new ones and enable or disable ability to select 'VAT free' option in price
settings.
Small paper format Format of a small paper
Number of decimal Number of decimal places that will be used in SafeQ system
places
Display zeros in Enable/Disable of displaying Zeros in decimal number 1.30 -> 1.3
decimal places
Users, cost centre and roles
Go to Users list link to the user list: Managing users in the Users list
Add new user a new user can be created Adding and configuring users
YSoft SafeQ 5 505

February 03, 2016
Add new cost a new cost centre can be created Creating and editing cost centers
centre
Add new role a new role can be created Role Wizard
Connect to LDAP Import data from LDAP Tools - LDAP Integration
Import users from Import data from CSV Tools - Data Import
CSV
Minimum password This property enforces minimum password length for passwords entered by system
length users via this web interface (CSV imports and other external tools are not covered
intentionally). If password has less characters then value of this property, password
will be rejected and user will be informed about proper password length. Set value
to 0 to allow passwords of any length.
Enforce strong This property enforces certain rules that passwords entered by system users via
passwords this web interface (CSV imports and other external tools are not covered
intentionally) must comply with, otherwise the password will be rejected and user
will be informed about necessary requirements for a new password.
Strong passwords must match three of following criteria:
contains at least one lower case character (a-z)

contains at least one upper case (A-Z)
contains at least one number (0-9)
contains at least one non alphanumerical character (~!@#$%^&*_-+=`|\(){}[]:;
"'<>,.?/)
Devices
Go to Device link to the device list: Using the Printers list

list
Add new a new device can be created Adding and editing printers
device
YSoft SafeQ 5 506

February 03, 2016
Print job parser
Disable all parsers Print jobs will not be parsed, analyzed and no print preview will be
rendered. This option does not affect system performance.
Only analyse jobs Print jobs are not rendered as images but are only analyzed. No job
preview is available. This option is not suitable for coverage
(same parser for PS and PCL
accounting. It is recommended for offline accounting. Internal analyzer
jobs)
(YSoft Parser) will be used both for PCL and PS print jobs.
Additionally this option enables parser of the XCPT print job headers
to detect certain kinds of color jobs. This option has minimum impact
on system performance.
Only analyse jobs Print jobs are not rendered as images but are only analyzed. No job
preview is available. This option is not suitable for coverage
(different parsers for PS and
accounting. It is suitable for offline accounting. Internal analyzer is
PCL jobs)
only for PCL jobs, in case of PS jobs GhostScript will be used if
available. This option has minimum impact on system performance.
YSoft SafeQ 5 507

February 03, 2016
Render jobs as low resolution Print jobs are rendered as images and converted to CMYK. Previews
(36 DPI) images of jobs are also generated. The generated images are at a low
resolution (36 DPI) to conserve system resources. This option is
suitable for offline accounting and job preview. This option may
reduce the system performance.
Render jobs as high-resolution Print jobs are rendered as images and converted to CMYK. Previews
(150 DPI) images of jobs are also generated. The generated images are at a high
resolution (150 DPI). This option is suitable for offline accounting, job
preview, and coverage accounting. This option may significantly
reduce the system performance.
System is ready
Go to job list link to the job list Managing jobs in the Job list
Send test A test page will be send in to SafeQ

page Windows printer must be pre-configured
SUPPORT INFORMATION
At A Glance
Support information
System information
List of system information
Support information download
SUPPORT INFORMATION
Support information dialog can be found on web interface: YSoft SafeQ version widget > Support
information. This dialog contains information for customer support in the case of any trouble .
A custom support information can be added to this page by editing value of customSupportInformation
configuration property in system settings.
YSoft SafeQ 5 508

February 03, 2016
SYSTEM INFORMATION
System information tab contains up-to-date detailed information about installed YSoft SafeQ.
YSoft SafeQ 5 509

February 03, 2016
List of system information

Version Information about SafeQ version
Components Section contains information about each system component - its current version and
install date and also its update history.
Information is parsed from the SAFEQ_DIREDTORY/conf/version.conf file that is

managed by YSoft SafeQ installer package.
License Information about SafeQ license
SLA Information about SLA
Licenced Information about licenced feature, expiration status and validity

features
Licenced items Information about licenced items, amount of licenced and currently used items
System Information about OS, disk space and SafeQ installation directory
Database Information about SafeQ database
Cluster Information about SafeQ cluster
Services Information about SafeQ service status
Devices Information about devices, terminals, drivers and queues
YSoft SafeQ 5 510

February 03, 2016
Devices Information abou devices groups

groups
JVM settings Information about JAVA memory, etc.
SUPPORT INFORMATION DOWNLOAD
Information for customer support can be downloaded by clicking button Download support information.
Downloaded zip file contains CML configuration files and file with system information.
USER DASHBOARD
Overview
Functions
Add widget
Actions
Views
OVERVIEW
Dashboard is the first page a user sees when they successfully log in to the SafeQ web interface.
Dashboard contains numerous widgets that can be moved around and interacted with. Widgets are
displayed based on user's access rights and they offer various information about the user's activity in the
system and shortcuts to frequently performed operations.
On this page, a user can view important information about the SafeQ system via widgets.
YSoft SafeQ 5 511

February 03, 2016
FUNCTIONS
interface - Basics
ADD WIDGET
This function allows you to add more widgets to the Dashboard. After clicking Add widget list of available
will be displayed. You can add widgets by clicking icon next to it.
For more info see: Available dashboard widgets
NOTE: Add widget button is not available when all available widgets are displayed.
ACTIONS
User interface
Enable compact mode Mode recommended for devices with smaller display resolutions. Size of the
fonts is smaller and usage of available space of the display is optimized.
and selecting User interface compact mode.
Enable modal alert Messages with actions` results, warnings and errors will be displayed modally - i.
messages e. in the middle of the screen and they will require confirmation before you can
continue. By default they are displaying as a popup windows in the bottom right
corner and they not require confirmation.
and selecting Modal alert messages.
VIEWS
You can display widgets in different number of columns. After clicking View you can select one of these
options:
Display widgets in two columns

Display widgets in three columns
Display widgets in four columns
4.7.8 WEB INTERFACE - REPORTS
REPORTS
In the YSoft SafeQ Web Interface, select Reports
On the Reports tab, you can access the following functions:
YSoft SafeQ 5 512

February 03, 2016
Job list – List and audit log of all print, copy, and scan jobs tracked by YSoft SafeQ (see Managing
jobs in the Job list).
Web reports – Centralized interface for accessing Usage and Costs Reports and Green Reports (see
Using Web reports).
CRS reports – Management interface for data transfers to Central Reporting Services (see Using
CRS reports).
ORS overview -- Status overview and audit log for ORS connectivity in a distributed server system
(see Distributed Server System - Private Cloud and Viewing ORS status information).
NOTE: This option is not available when no ORS is installed.
Terminal accesses -- Audit log of all access attempts from YSoft SafeQ Terminals (see Terminal
accesses).
Reporting tools:
Automatic file reports -- Schedule regular exports of reports to a file (see Tools - automatic file
reports).
Automatic e-mail reports – Schedule regular exports of reports to defined e-mail addresses
(see Tools - automatic e-mail reports).
Data repair operations log – (see Tools - data repair - operations log).
Data repair (see Data repair).
Data repair manual counters readout (see Data repair manual counters readout).
DATA REPAIR
ABOUT
The statistical data repair tool enables you to move print jobs among individual printers. If you replace a
device with another one, you can move print jobs from the old device to the new one. SafeQ will identify
these jobs as having been printed by the new device.
Data repair is available only for persons with Data Repair rights. This rights can be managed through
Tools - Data repair User delegating page.
At Glance
About
General overview
Repair process and requirements
Data repair synchronization for statistics
YSoft SafeQ 5 513

February 03, 2016
GENERAL OVERVIEW
Data repair can be found on web interface: Reports -> Tools ... -> Data repair
Through you can replace a device with another one.
Attributes:
Field Description
Old device This printer will be deactivated and replaced with a new one.
Only deleted/deactivated printers are displayed
New device New printer that is replacing the old one. Printer must not have been
activated, otherwise the repair process fails.
Not activated printer means that no jobs have been processed via SafeQ)
Date of device's From this date jobs printed on the old device will be identified with the new
replacement one.
Repair statistical After clicking on this button - statistical data will be repaired
data
YSoft SafeQ 5 514

February 03, 2016
REPAIR PROCESS AND REQUIREMENTS
In order to successfully run data repair, you must select both the old device that is to be replaced
(which may have been deactivated and deleted) and the new device that is replacing the old one.
The new device must not have been activated (i.e., no jobs have been processed via SafeQ),
otherwise the repair process fails.
You must also select a time period within which the jobs printed on an old device will be replaced with
new ones.
After successful data repair, the old device is deactivated and deleted and the new one is activated.
Both actions are run immediately. Set the deactivation date for the deactivated device for a date on
which the job identification is to be changed. The activation of the new device will be set at the same
date.
DATA REPAIR SYNCHRONIZATION FOR STATISTICS
The repair itself is reflected in CRS statistics with a delay. The delay depends on the set CRS
synchronization times. A repair will be synchronized during each new synchronization. The date and
time values and a list of repairs waiting for synchronization are displayed, both in the window header
and also in the synchronization settings window.
You can set synchronization times via the cdc-time-windows parameter in the configuration (e.g.: cdc-
time-windows = 3:00;12:00;21:00).
DATA REPAIR MANUAL COUNTERS READOUT
ABOUT
Manual counters readout is used for manually increasing counters for a selected device. It can only be run
by a delegated user Tools - Data repair User delegating.
At Glance
About
YSoft SafeQ 5 515

February 03, 2016
General overview
Manual counters readout
GENERAL OVERVIEW
Data repair: Manual counters readout be found on web interface: Reports -> Tools... -> Data
repair: Manual counters readout
On this page SafeQ administrator can modify role's data.
YSoft SafeQ 5 516

February 03, 2016
MANUAL COUNTERS READOUT
1. Click the Browse icon (...) to select the device whose counters are to be changed manually
2. Select a device.
Attributes:
1 - Device search by a selected string.
2 - Complete list of ORS servers.
3 - List of all available MFPs in the selected Device group (ORS list) (2).
After you click Search device, a list of devices that meet the search string conditions is
displayed.
4 - ORS servers search.
3.
YSoft SafeQ 5 517

February 03, 2016
A list of counter values is displayed (1). To activate manual counters readout, click the
button.
4. In the following window, reset counter values for a selected printer; then click Save to save your
settings.
1 - Help for values calculation for a selected printer.

2 - List of individual counters for a selected printer.
You cannot decrease counter values.
If you save counter values for a printer (that is, manual counters were increased), the system
generates an anonymous job with the number of pages necessary to account for the
YSoft SafeQ 5 518

February 03, 2016
difference between the currently entered counter values and the counter values previously
saved.
MANAGEMENT REPORTS
Access Management Reports

Management Reports configuration
Report views
Company overview
Department overview
Device overview
User overview
Configure report timeframe
Exporting report
Export report to the file
Scheduled reports export
Data included in the report
Management Reports provide convenient way of disclosing information about SafeQ environment via
reports for entire company, departments, devices and users. Management reports provide enhanced
overview about print environment, based on data collected by YSoft SafeQ 5.
ACCESS MANAGEMENT REPORTS

Management reports are accessible via SafeQ Web interface > Reports > Management reports.
If the page is unavailable, please check the following system settings (System > System settings) and
configure:
web-stats-enable = enable
enableManagementReport = enable
NOTE: For clustered SafeQ deployment, Web reports are show only at the master node.
YSoft SafeQ 5 519

February 03, 2016
MANAGEMENT REPORTS CONFIGURATION

The only prerequisite for Management reports is configuration of Company name and Fiscal year start. You
can easily configure this via YSoft SafeQ Web Interface > Dashboard > Welcome to YSoft SafeQ widget.
Configuration is also accessible via System > System settings:
firstMonthOfFiscalYear
companyName
REPORT VIEWS
Management reports provide several different overviews. By clicking the Views option in the top right
corner, you can access company, department, device and user-focused views.
YSoft SafeQ 5 520

February 03, 2016
COMPANY OVERVIEW
Company overview displays information for all deparments, users and devices. Records in the Top five
departments, Top five users and Most used devices are sorted according to spending (Price).
YSoft SafeQ 5 521

February 03, 2016
YSoft SafeQ 5 522

February 03, 2016
DEPARTMENT OVERVIEW
With department overview, you can display information about one particular department, listing all users and
devices which belong there. Records in the Top five users and Most used devices are sorted according to
spending (Price).
DEVICE OVERVIEW
Device overview displays reports for devices within entire company (note: only devices connected so SafeQ
environment are displayed). Records are shown based on total spending (Total price).
YSoft SafeQ 5 523

February 03, 2016
USER OVERVIEW
The last view shows records for all users across the company. Records are shown based on total spending
(Total price).
CONFIGURE REPORT TIMEFRAME

Each view and data export allows configuration of whole fiscal year, quarter or month. To select the desired
timeframe, click the Year drop-down menu, select the appropriate fiscal year. In the left menu bar, you can
then choose entire year, one of the four quarters or one of the twelve months.
YSoft SafeQ 5 524

February 03, 2016
Unless data are available for a particular year, the year will not be listed in the drop-down menu.
EXPORTING REPORT
All of the available data can be exported into single consolidated document. Reports are generated for one
month, however include also year, current quarter and selected month overview.
Export options are available from the Actions menu, both on-demand and scheduled.
YSoft SafeQ 5 525

February 03, 2016
EXPORT REPORT TO THE FILE
By selecting the desired period, you can run on-demand export.
SCHEDULED REPORTS EXPORT
Based on predefined schedule (every first day of the new month), you can automatically receive reports to
selected e-mail address.
DATA INCLUDED IN THE REPORT

Following print job types are included in the reports:
Black and white print normal

Black and white print large
Black and white copy normal
YSoft SafeQ 5 526

February 03, 2016
Black and white copy large

Black and white local print normal
Color print normal
Color print large
Color copy normal
Color copy large
Color local print normal
Monocolor print normal
Monocolor copy normal
Paper size information: Large format includes A3/legal/tabloid and larger. Normal format includes A4/A5
/letter and smaller.
MANAGING JOBS IN THE JOB LIST
Displaying the Job list

Filtering the Job list
Default job list filters
Advanced job list filter
Working with the Job list
Working with selected jobs
The Job list enables you to view and manage YSoft SafeQ print, copy, and scan jobs. This page is related
to Usage and Cost reports and can also be useful for troubleshooting and diagnostic purposes.
For more detailed information about individual print jobs, see:
Using detailed job information section.

Print job list management and re-print and Office Print Tracking and Usage and Cost reports
This page provides an overview of managing jobs in the YSoft SafeQ 5.0 Web Interface.
Information and screen descriptions vary according to your YSoft SafeQ configuration and/or license.
DISPLAYING THE JOB LIST

The Job list page provides an overview of print, copy, and scan jobs in the system, to view the job
list, select Reports > Job list in the YSoft SafeQ Web Interface.
The Job list page includes default filters, action and view buttons, and the list of jobs.
YSoft SafeQ 5 527

February 03, 2016
Favorite jobs are marked with favorite job icon .
You can disable displaying of the name of the job's owner by disabling system configuration
property show-job-user and of the print job title by showJobTitle property.
FILTERING THE JOB LIST
DEFAULT JOB LIST FILTERS
Use the default filter options to display only specific jobs:
Date from – exact time, in 24-hour format

Date to – exact time, in 24-hour format
Device group – filter by device group
When Device group filter is set to any ORS server, informative label about job synchronization
is displayed
User/cost center – filter by user/cost center
Device – filter by device
Queue – filter by queue name
ADVANCED JOB LIST FILTER
To filter jobs according to job status, click .
Select job status filters as follows:
Printing – The job is being sent to the printer or is being printed. You can view detailed information
about the job process. Typically, the job is sending data, waiting for the print to start, waiting for the
print to be completed, or waiting for accounting.
Pending – The job is ready to be delivered to a printer. The job will be printed when previous jobs
have been printed or it will wait for another printer to change to the "ready" status.
Accepted – The job was accepted by the spooler and has been added to the secured queue and is
waiting for the secure release.
Printed – The job was successfully delivered to the printer and accounted.
Local Print – The print job is registered via local monitoring.
Scan – A registered and accounted scanned document.
Copied – A registered and accounted copy.
ReQueued – The job was queued for printing again.
Cancelled – The job was cancelled by the user (for example, the user selected "delete" at the
terminal).
YSoft SafeQ 5 528

February 03, 2016
Cancelled at start – The job was cancelled during server restart.

Rejected – The job was denied due to insufficient credit or rights.
Printer error – The printer is not receiving jobs or an error occurred during printing that YSoft SafeQ
cannot resolve. In most cases, the exact reason for the error is provided.
Spooler error – Server spooler error (for instance, connection to the database failed or the job could
not be read from the hard drive).
Security violation – The spooler detected an unauthorized job modification.
Deleted – The job was deleted from the spooler and cannot be restored or worked with.
Batch accounting – The job is part of a batch print.
Non-SafeQ copy/print – YSoft SafeQ detected a print job that is not part of the YSoft SafeQ system.
The YSoft SafeQ system files such an event, marks it, and accounts it. (A non-SafeQ copy/print
should not happen, but because of the complexity of certain printing environments, it does
occasionally occur.)
WORKING WITH THE JOB LIST

Use the action buttons to work with the Job list.
To configure and apply filters and see the filtered data, click (located on the left side of the page).
To use different Job list view options, click and then select the desired view.
My jobs – Only jobs of the authorized user

Job list – The entire Job list
To be printed – Only jobs waiting to be printed
Favorites – Only Favorite jobs
Unidentified owner – Only jobs not belonging to any user in system
To work with selected jobs, check the checkbox next to the job and then click on and
select the option you need.
YSoft SafeQ 5 529

February 03, 2016
WORKING WITH SELECTED JOBS

After you select a job or multiple jobs, click the appropriate icon as follows:
Icon Name Availability Description
Detail Always Display detailed information about the

job. (You can also double-click the job's
row to do this.) For more information
about the information that appears, see
Using detailed job information.
Requeue Only if job is not deleted and is not Requeue the job to print if the print failed
currently being printed or the job has already been printed.
Preview Only if Preview feature is enabled, Preview the job.

printing parser is installed and enabled,
and job has not been deleted
Note Only if job contains note Hover your mouse over this icon to see
note text.
Assign to Only if job is not assigned to any user in Assign jobs that have an unidentified
user system owner to a new or existing user. All
current and future jobs from the
unidentified owner will now be assigned
to the user you selected.
Delete Only if job is queued to be printed in a Remove the job from the queue and
direct queue cancel its planned print operation.
Checkbox Only if job is not deleted Check the box to mark jobs for bulk
action. Available actions are located in
the top right Action menu.
YSoft SafeQ 5 530

February 03, 2016
USING DETAILED JOB INFORMATION
DISPLAYING DETAILED INFORMATION ABOUT A PRINT JOB
In the YSoft SafeQ Web Interface, go to the Job list, find the job; then click on icon or double click on
the table record (row) .
YSoft SafeQ 5 531

February 03, 2016
Basic
Job name Name of the print job - name of the job is not visible if configuration property
showJobTitle is disabled
Owner Information about the job's owner - information is not visible if configuration
property show-job-user is disabled
Favorite If job is marked as favorite (yes) or is not marked as favorite (no)
Billing code Name and description of assigned billing code
Pages
Type Information about duplex prints (This data is collected only if the internal parser is
enabled.)
Number of pages Number of normal (A5/A4/letter) pages (This data is collected only if the internal
(normal) parser is enabled.)
YSoft SafeQ 5 532

February 03, 2016
Number of pages Number of large (A3/legal/tabloid) pages (This data is collected only if the internal
(large) parser is enabled.)
Average coverage Average coverage percentage (This data is collected only if the internal parser is
enabled.)
Status
Current state Current print job status
Last state change Last date and time time that status changed
Note Provides additional information about job
Print
Assigned to queue Name of the assigned print queue
Device group Name of the device group which accpeted job
Device Name of the assigned printer and description
YSoft SafeQ spooler IP address of the YSoft SafeQ spooler where the job is saved
Server Name and IP address of the YSoft SafeQ server where the job is stored or created
Sender Sender's IP address; date and time the job was accepted by the YSoft SafeQ
server
Tags
Allowed system tags Enabled system tags for the job
Denied system tags Disabled system tags for the job
Allowed user tags Enabled user tags for the job
Denied user tags Disabled user tags for the job
Advanced
File Name of the job file stored on the spooler
File size Size of the file on spooler
Job ID Generic and unique ID number of the job in the database
This tab can contain different attributes according to the type of the job (print, copy or scan)
VIEWING A PRINT JOB'S HISTORY
job .
YSoft SafeQ 5 533

February 03, 2016
On the Print job page, click History of job.
Date, State, Date, status, and other information about the job. You can set history order by
Message clicking on the Date column header.
TOOLS
job .
At the bottom of the page is tab Tools.
YSoft SafeQ 5 534

February 03, 2016
Requeue
Select the target queue from the list Select a print queue from the list of available queues.
Type the name of target queue manually Type the name of the target print queue.
Perform action requeue according to options selected

above
Owner
This tool allows you to change owner of the job by selecting another user from list.
Favorite
This tool allows you to mark and unmark job as favorite.
Assign
Assign jobs that have an unidentified owner to a new or existing user. All current and future jobs from the
unidentified owner will now be assigned to the user you selected.
YSoft SafeQ 5 535

February 03, 2016
TOOLS - AUTOMATIC E-MAIL REPORTS
ABOUT
This section describes how to schedule a web report export that sends the report as an email attachment.
The look of the user interface may differ based on currently selected values and licensed features.
At Glance
About
General Overview
Working with Automatic Email Reports
Creating New Automatic Email Report
GENERAL OVERVIEW
The automatic email reports can be found under the Reports module in the section Tools.
You can sort reports by Name or Email.
YSoft SafeQ 5 536

February 03, 2016
WORKING WITH AUTOMATIC EMAIL REPORTS
Administrator can create a new automatic email report with the button . A new pop-
up window will be opened (see below).
Administrator can modify an existing automatic email report using the button .
Administrator can delete an existing automatic email report using the button .
YSoft SafeQ 5 537

February 03, 2016
CREATING NEW AUTOMATIC EMAIL REPORT
The pop-up window for creating a new automatic email report.
Configuration:
Name – A name of the new automatic report.

Interval – Interval that determines how often and for what period the report will be exported:
Previous day – The report will be created daily. The report will include data for the
previous day.
Previous 7 days – The report will be created weekly. The report will include data for the
previous 7 days.
Calendar month – The report will be created monthly at a selected day of the month. The
report will include data starting from the selected day of the previous month until (but not
including) the same day of the current month.
Monthly – The report will be created monthly at a selected day of the month. The report
will include data from the first to the last day (inclusive) of the previous month.
Day of month – The day of month when the report will be generated. This field is available only
for intervals monthly and calendar month.
Send time – The time of day when the report will be exported.
Export type – Format of the report. Supported formats are CSV, HTML, PDF, XLS, XLSX, and
XML.
YSoft SafeQ 5 538

February 03, 2016
Email addresses – A list of recipients of the report.

Selected filters – A list of saved web report filters used to generate the report. The email will
contain reports for all filters selected. The filters determine the report structure (fields, grouping
etc.).
The Save settings button saves and activates the new automatic email report.
TOOLS - AUTOMATIC FILE REPORTS
ABOUT
This section describes how to schedule a web report export that saves the report into a file in a specific
folder. The look of the user interface may differ based on currently selected values and licensed features.
At Glance
About
General Overview
Working with Automatic File Reports
Creating New Automatic File Report
GENERAL OVERVIEW
The automatic file reports can be found under Reports module in the section Tools.
You can sort reports by Name, Path or File name.
YSoft SafeQ 5 539

February 03, 2016
WORKING WITH AUTOMATIC FILE REPORTS
Administrator can create a new automatic file report with the button . A new pop-up
window will be opened (see below).
Administrator can modify an existing automatic file report using the button .
Administrator can delete an existing automatic file report using the button .
YSoft SafeQ 5 540

February 03, 2016
CREATING NEW AUTOMATIC FILE REPORT
The pop-up window for creating a new automatic file report.
Configuration:
Name – A name of the new automatic report.

Interval – Interval that determines how often and for what period the report will be exported:
Previous day – The report will be created daily. The report will include data for the
previous day.
Previous 7 days – The report will be created weekly. The report will include data for the
previous 7 days.
Calendar month – The report will be created monthly at a selected day of the month. The
report will include data starting from the selected day of the previous month until (but not
including) the same day of the current month.
Monthly – The report will be created monthly at a selected day of the month. The report
will include data from the first to the last day (inclusive) of the previous month.
Day of month – The day of month when the report will be generated. This field is available only
for intervals monthly and calendar month.
Send time – The time of day when the report will be exported.
Export type – Format of the report. Supported formats are CSV, HTML, PDF, XLS, XLSX, and
XML.
File path – Path to a folder into which the report will be saved. Both local and UNC paths are
supported.
YSoft SafeQ 5 541

February 03, 2016
File name – File name prefix for the report. The full file name is constructed based on the prefix,
interval, export type, and the Overwrite file switch.
Overwrite file – If enabled, the report is always saved into the same file, possibly overwriting the
previous report. If disabled, a time stamp is added into the file name so that older reports are not
overwritten.
Filter – Saved web report filter used to generate the report. The filter determines the report
structure (fields, grouping etc.).
The Save settings button saves and activates the new automatic file report.
TOOLS - COUNTER REPORTS
About
Access Counter reports
Counter reports
Report exporting
Start and end counters
Daily counters
Scheduled reports
ABOUT
YSoft SafeQ can be configured to monitor counters (sometimes known as page meters) with devices that
use online counter monitoring. Web administration allows access to the readouts and reports.
ACCESS COUNTER REPORTS
In the YSoft SafeQ Web Interface, select Reports > Tools > Counter reports.
YSoft SafeQ 5 542

February 03, 2016
COUNTER REPORTS
Page displays two types of reports in its basic mode and offers filter for page content.
Additional columns can be added to the table via columns menu which is available after clicking on
gear icon in table's top left corner.
Type of report - this option switches two main types of report - Start and end counters and
Daily counter history (see next chapter for detailed description).
Device group / ORS - this field is used to filter report based on group or ORS. If you select CML
group (for example predefined Default), counters of all devices from all CML groups are listed,
not just from selected group.
From date - Start period of report - date from which are data in the report included.
To date - End period of report - date to which are data in the report included.
REPORT EXPORTING
You can export current report to file by using one of the export action located in page's Actions...
menu.
Available formats are: HTML, XML, XLS, CSV and PDF.
YSoft SafeQ 5 543

February 03, 2016
START AND END COUNTERS
This is the default type of a report. It lists counters value at the start of displayed report period, it's
ending values and difference.
Most columns contains three values. First value describes counter's value in start of report period,
second value is end of report period and third value is the difference between first and second value.
Exact times when listed values has been read from device could be found in Readout date column
(there is a date for starting reading the counter's value and also a date for ending reading the counter's
value).
DAILY COUNTERS
This is the second report that could be displayed by switching Type of report option in filter. Report
lists all devices in the system and a history of daily counters readout operations. You can easily
observe how counters values changed for each device day by day.
YSoft SafeQ 5 544

February 03, 2016
SCHEDULED REPORTS
Reports does not have to been exported to file manually and this operation can be scheduled. You can
setup what kind of report and for what time period should be automatically send to defined e-mail
addresses. Report is always send right after measured period of time ends. For example right after
midnight of first day of new month for previous month or right after midnight of first day of new week for
previous week.
You can see list of scheduled report by changing page's view (use top right Views... menu).
These reports could be edited or deleted.
To schedule new automatic report use Schedule automatic report action in top menu.
Report name - Name of a report that is used in e-mail and on the web interface for better
management.
Type of report - Type of a report you want to schedule - Start and end counters or Daily
counters history
Sending interval - Interval defines how often should be report sent. The report is always sent
around midnight in the last day of selected period. Available options are monthly and weekly.
Format - Format of report file attached to e-mail.
Devices group / ORS - Only counters from devices located in selected devices group or ORS
are included in report. If a CML group is selected, all CML devices are used. You can leave it
empty to include all devices.
E-mails - E-mail addresses that will receive scheduled report.
YSoft SafeQ 5 545

February 03, 2016
TOOLS - DATA REPAIR - OPERATIONS LOG
ABOUT
In the operations log, you can retrospectively view all logged events that may affect statistical data. Each
logged event shows the SafeQ user who ran the operation, the workstation IP address from which he/she
logged in, the time, and also data relating to the individual logged event types.
The operations log is accessible to the SafeQ system administrator (login admin) and to users delegated for
statistical data repair (Tools - Delegating users to perform data repair).
This tool describes possibility to operation log reports with user behavior in SafeQ 5.0 web interface.
Some information and screen descriptions may differ based on available configuration and/or license
At Glance
About
General overview
Operation log list
Working with Operation log
YSoft SafeQ 5 546

February 03, 2016
Table of logged events and event types
GENERAL OVERVIEW
The Operation log reports can be found under Reports module in the section Tools...
Administrator is able to see and monitor changes of the YSoft SafeQ environment done through the
web interface. With this list Administrator is able to search users, event dates, types of changes and
changed objects.
OPERATION LOG LIST
Administrator using selected filter can see specific operation actions in the list.
Administrator is able to see
Author of the action - user of the system, which does the action via YSoft SafeQ web interface
Event date - exact date and time when action was processed
Event type - description of the event and behavior with the YSoft SafeQ system
Event object/user which did the action - attribute and object related with this action, or object
which was used during action
YSoft SafeQ 5 547

February 03, 2016
WORKING WITH OPERATION LOG
Administrator can enable Operation log filter using button .

When filter is activated administrator can see the filter.
After that advanced operation log is activated.
Available filter buttons:
Event author - User account who did the change

Event object / user - user which was modified
Event object / device - device which was modified
From date - date and exact time used in time filter
To date - date and exact time used in time filter
IP address - IP address of the station where was user logged when he triggered event
- activate filter view
- cancel modified filter
If administrator wants to see and check detail filter, there needs to be enabled button
here administrator can specify only actions he needs to see from the list.
YSoft SafeQ 5 548

February 03, 2016
TABLE OF LOGGED EVENTS AND EVENT TYPES
Each event is one of the event types shown in table below:
Event type Icon Description
Log in to system Information about login process of a delegated SafeQ Web

Interface user.
Log out of system Information about logout process of a delegated SafeQ Web
Interface user.
Statistical data repair Administrator delegated another statistical data repair user.
user delegating
Statistical data repair Administrator removed rights for statistical data repair from the
user removing user.
Running statistical data This user executed statistical data repair for particular devices.
repair
Cancelling statistical The user cancelled the statistical data repair.

data repair
Adding a new device Information about an added device and the user responsible.
Deleting a device Information about a deleted device and the user responsible.
Activating a device Information about activation of a device (caused either by a first

print job processed via SafeQ or by running statistical data repair).
Deactivating a device Information about deactivation of a device (manually by the user or

by running statistical data repair).
Device definition The user changed device definition in SafeQ system.

change
USING CRS REPORTS
YSoft SafeQ 5 549

February 03, 2016
ABOUT
This page describes how to use CRS reports. At a Glance

CRS reports provide overviews of data
transferred to the CRS (Central Reporting About
Services) server. Accessing CRS reports
Specifying a date range for a CRS
For general information about reports, report
see Web interface – Reports. Viewing ORS data transfer history
See also Usage and Cost reports and and the date of the next scheduled
YSoft SafeQ CRS enterprise architecture transfer
for more information. Displaying a CRS report
To see how to access the actual reporting Recalculating statistics, sending
data inside YSoft SafeQ CRS, see statistics to the CRS, and sending
Working with YSoft SafeQ CRS OLAP counters to the CRS
cubes and Working with YSoft SafeQ
CRS reports
ACCESSING CRS REPORTS
In the YSoft SafeQ Web Interface, select Reports > CRS reports.
SPECIFYING A DATE RANGE FOR A CRS REPORT
On the CRS reports page, specify the date range for data transfers to include in your CRS report.
Manually enter dates in the Transfers from and Transfers to boxes, or click the calendar icons and
select the dates.
VIEWING ORS DATA TRANSFER HISTORY AND THE DATE OF THE NEXT SCHEDULED TRANSFER
On the CRS reports page, you can see which ORS (Offline Remote Spooler) has the least recent
transfer of statistics and counter data, and the date of the next scheduled data transfer.
YSoft SafeQ 5 550

February 03, 2016
DISPLAYING A CRS REPORT
To generate and view a CRS report: in the YSoft SafeQ Web Interface, select Reports > CRS reports;
then enter a date range and click .
The CRS report is displayed, and includes the following columns:
Transfer date – Date and time of the transfer

Transferred rows – Count of transferred rows
Statistics date range – Date range for the transferred statistics
Counters date range – Date range for the transferred counters
Notice – Information about the current status of the transfer
Possible error – If the transfer ended with an error, an error message is displayed in this
column
RECALCULATING STATISTICS, SENDING STATISTICS TO THE CRS, AND SENDING COUNTERS TO THE CRS
To recalculate statistics or to send statistics or counters to the CRS: on the CRS reports page, click
; then select the appropriate option:
Recalculate statistics – Deletes statistical data from the database and regenerates data from
information about jobs.
Send statistics to CRS – Forces statistics to be sent to the CRS.
Send counters to CRS -- Forces counters to be sent to the CRS.
YSoft SafeQ 5 551

February 03, 2016
USING THE TERMINAL ACCESS PAGE
ABOUT
On the Terminal access page, you can view all At a Glance

terminal access attempts. On this page, you can also
assign unknown terminals to devices and assign About
unknown cards and PINs to users. Displaying and using the
Terminal access page
This page is related to the Terminal Filtering information to
Authentication Matrix. display on the Terminal
The information displayed on the Terminal access page
access page may be affected by the current Understanding terminal
Defining access rights. access attempt status
information
Assigning terminals to
devices and unknown cards
or PINs to users
YSoft SafeQ 5 552

February 03, 2016
DISPLAYING AND USING THE TERMINAL ACCESS PAGE
In the YSoft SafeQ Web Interface, select Reports > Terminal access.
The Terminal access page displays information about all attempts that were made to access terminals
in your YSoft SafeQ system.
The page shows the current filters used for the information displayed on the page, the status of access
attempts, Action and View buttons, and a detailed list of access attempts.
The list of access attempts includes the following Information:
SN / name – Terminal's serial number/name

IP – Terminal's IP
Type – Type of terminal: LITE (embedded), Professional, UltraLight)
Firmware – Version of firmware the terminal is currently using
User – Name, surname, and login of an authorized user
Card / PIN – Validation method: PIN or card number (expand PIN... to see the complete
number)
Date – Date and time of the access attempt. Note the time is displayed according to time zone
of the CML for cases it differs from time zone of the ORS.
Duration – Length of the user's session at the terminal (how long he/she was logged in)
Status – Result of the access attempt
Device – Name of the device the terminal is connected to
YSoft SafeQ 5 553

February 03, 2016
FILTERING INFORMATION TO DISPLAY ON THE TERMINAL ACCESS PAGE
You can use the following filters to display only the information you need:
Date from and exact time – Start date/time (24-hour format)

Date to and exact time – End date/time (24-hour format)
Card number – User's ID card number
User – User's login, name, and surname
Server – Name of the CML or ORS server
Firmware version – Version of firmware used by the terminal
Terminal IP address – Terminal's IP address
Terminal serial number – Terminal's serial number
Access status – Status of the access attempt
Device group (ORS) -- ORS or group of devices
YSoft SafeQ 5 554

February 03, 2016
UNDERSTANDING TERMINAL ACCESS ATTEMPT STATUS INFORMATION
The Terminal access page includes graphical charts of terminal access attempt status information.
Successful – Access attempts that were successful

Bad settings – Incorrectly configured terminals
Wrong password – Access attempts in which the user typed an incorrect PIN number or used an
unknown card. (You can assign unknown PINs and cards to users directly from the Terminal
access page.)
Device was locked – Access attempts that were blocked because the device was locked by the
actions of a previous user
Device is not ready – Access attempts when the device was offline
Network error – Access attempts when the terminal was unable to connect to YSoft SafeQ
Permission problem – Access attempts made by users who did not have permission to use the
device
Other – Any other type of access attempt
YSoft SafeQ 5 555

February 03, 2016
ASSIGNING TERMINALS TO DEVICES AND UNKNOWN CARDS OR PINS TO USERS
If the status indicates that the user entered an incorrect password:
You can create a new user and assign the PIN or card to that new user.
or
You can assign the PIN or card number to an existing user.
If the status indicates that the terminal is incorrectly configured:
You can create a new device and assign the unregistered terminal to it.
or
You can add the terminal to an existing device.
Icon Action Description
Assign terminal to a Click the icon. The Add device page opens, with the terminal's
new device serial number automatically entered on the Terminal tab. Enter the
rest of the information required; then save the device.
Assign terminal to an Click the icon. In the list of devices that appears, select a device that
existing device does not already have a terminal (hardware or embedded)
assigned. Save the changes.
Assign card/PIN to a Click the icon. The Add user page opens. Enter the required
new user information; then save the user. When user is saved, you will be
asked if you want to continue with user edit or if you want to assign
user to card. Click on Yes to assign card. See Adding and
configuring users.
Assign card/PIN to an Click the icon. In the list of users that appears, select a user. The
existing user Edit user page opens. Save the changes. See Adding and
configuring users.
YSoft SafeQ 5 556

February 03, 2016
USING WEB REPORTS
Overview
Displaying the Web reports page
Selecting a report to view
Selecting specific information to include in the report
Displaying and working with a report
Action options
Saving the changes you made as a new customized report
OVERVIEW
This page describes the Web reports page, which is a central interface for accessing and managing Usage
and Costs reports and Green reports.
For general information about reports, see Web interface – Reports.

See Usage and Cost reports and Green Reporting for detailed information.
See Print tracking methods and Available Copy Tracking Methods for data source information.
Web reports consists of two kinds of statistical data: basic statistics and detailed statistics. Detailed
statistics contain details about each individual job accounted by the YSoft SafeQ. Basic statistics are
created from detailed statistic by grouping similar jobs in one hour intervals. Basic statistics preserve key
dimensions (print/copy/scan, user name, cost center, device, billing code…) but drop job-specific ones (job
title, job origin, exact time).
Detailed statistics keep data for the last 2,000,000 jobs or the last 31 days, whichever comes first. Basic
statistics keep data for last 2,000,000 aggregated records. Older records are removed. Please consider the
installation of the CRS if longer history of accounting data is required. Another option to preserve older data
is to set up regular automatic exports.
DISPLAYING THE WEB REPORTS PAGE

To display Web reports page:
1. Login into YSoft SafeQ Web Interface with sufficient rights to administer printers (for example,
"admin")
2. Go to Reports > Web reports
SELECTING A REPORT TO VIEW

On the Web reports page, use the filters to select the report you want to view.
YSoft SafeQ 5 557

February 03, 2016
Type of report – Standard or weekly averages

Report – Standard, per device, per device cost center, per device group, ...
From date – Start date of the report
To date – End date of the report
SELECTING SPECIFIC INFORMATION TO INCLUDE IN THE REPORT

Click Show advanced filter (located on the right side of the filter panel).
The Advanced filters give you many options for information to include in the selected report:
Advanced filter
Limit to users – Include only data for the selected users

Limit to cost centers of users – Include only data for the selected user cost centers
Limit to cost center s of devices - Include only data for the selected device cost centers
Limit to device - Include only data for the selected devices
Limit to group of devices - Include only data for the selected group of devices
Limit to billing code – Include only data for the selected billing codes
Available Columns
To specify which columns will be visible in the generated report, click the column name and it will be
automatically added to the Columns included in report section.
NOTE: Four columns with the prefix Savings are for Green reports (see Green Reporting). Green
reports provide information about specific savings to the environment that result from the use of YSoft
SafeQ.
Savings – CO2
Savings – energy
YSoft SafeQ 5 558

February 03, 2016
Savings – trees
Savings – water
Order Column
In this section, select which counter types (for example B/W print, color print, B/W print large, ...) will be
displayed in the report overview and the order in which the columns will be displayed. To include a counter
type, leave the green check next to it. If you do not want to see that type of counter in your report, click the
green check to change it to a red cross. To change the order of counter types, click the associated arrow
icons.
Columns written in bold font are summary columns that displays the sum of counters (for example BW
pages contains sum of all Black and White type of print, copy, etc.).
Please note that Average coverage information is available only for jobs accounted using
Coverage accounting.
DISPLAYING AND WORKING WITH A REPORT

After you select a predefined report or a report that you have customized by setting filter options, click
Search to display the report.
On the left side of the report, you can see counter types: Total, B/W print, B/W copy, Color pages and so
on. To display only selected counter types, click the counter types you want to include. For example, to
display only B/W prints, click B/W print.
The reports will display:
bar, line or pie graph (if hidden, click on the graph icon in the top left corner of report)
general report for selected time interval
report according advanced filter settings (depends on the length, report can be displayed on more
pages - to move between pages use arrows in the bottom right corner)
YSoft SafeQ 5 559

February 03, 2016
Here you can see different graph types (bar, line, pie)
YSoft SafeQ 5 560

February 03, 2016
ACTION OPTIONS
To display Action options, click . The following options appear:
Include latest processed data – Report will be recalculated to include the latest processed data
(data that is saved in database more than one hour but had not been added to report by hourly
executed statistics generator task).
Delete current custom filter – Delete the current customized filter (if you have selected filter
options).
Export report to... -- These 4 options let you export the displayed report to a file with the selected
extension. You can choose between three types of Microsoft Excel files (CSV, XLS or XLSX), a PDF
file, or an HTML and XML file.
SAVING THE CHANGES YOU MADE AS A NEW CUSTOMIZED REPORT

To save all the changes you made on the Web reports page (visible columns, order of columns, and other
changes), click Save changes; then* enter a name for your new customized report. YSoft SafeQ saves
the report and you will be able to select it directly from the *Report filter drop-down menu the next time
you need it.
USING GREEN REPORTS
ABOUT
The Web reports page enables you to display and configure Green reports. Green reports include
information about purged jobs and can also include information about savings in terms of energy, trees,
water, etc.
YSoft SafeQ 5 561

February 03, 2016
For more information about Green (Purge) reports, see Green reports.
For information about settings, see Configuring Green reports.
At a Glance
About
Displaying information about purged prints
Example of a Green report with the parser disabled
Example of a Green report with the parser enabled
Including Savings information in Green reports
YSoft SafeQ 5 562

February 03, 2016
DISPLAYING INFORMATION ABOUT PURGED PRINTS
In the YSoft SafeQ Web Interface, select Reports > Web reports.
Purged prints are listed in the Counter type column. The number of purged pages is shown in the
Pages - count column.
EXAMPLE OF A GREEN REPORT WITH THE PARSER DISABLED

In the example shown here, the parser has been disabled, so only purged B/W jobs are included in
statistical data and displayed on the Web reports page.
EXAMPLE OF A GREEN REPORT WITH THE PARSER ENABLED

In the example shown here, the parser is enabled, so all types of pages are included in statistical data
and displayed on the Web reports page..
YSoft SafeQ 5 563

February 03, 2016
INCLUDING SAVINGS INFORMATION IN GREEN REPORTS
Click ; then use the filters to select the Savings information you want Green
reports to include.
The report now includes the types of Savings information you selected.
VIEWING ORS STATUS INFORMATION
ABOUT
This page describes how to use the ORS overview page in the YSoft SafeQ Web Interface to view status
information about ORSs (Offline Remote Spoolers). (See also Distributed Server System - Private Cloud.)
At a Glance
About
Displaying the ORS overview page
Using the ORS overview page
Filtering ORS overview information
DISPLAYING THE ORS OVERVIEW PAGE
In the YSoft SafeQ Web Interface, select Reports > ORS overview.
On this page, you can see an overview of connected and disconnected ORS servers.
YSoft SafeQ 5 564

February 03, 2016
USING THE ORS OVERVIEW PAGE

The ORS status page displays the status of installed ORS servers. The page includes several tables.
The first table shows the ORS servers that are connected to each CML server node.
Server name (IP address) CML server name and IP address
Status CML server status
ONLINE
OFFLINE
Connected ORS servers Number of ORS servers connected to the CML server
Disconnected ORS server (including Number of ORS servers disconnected from the CML server
partially connected) (including partially connected — that is, where one service is
disconnected)
The second table shows ORS status information relating to the selected filter option.
ORS name ORS server name and IP address
Network address Hostname or IP address
GUID Unique identifier of the ORS
Last statistics data The most recent time that statistics were sent from this ORS server to the
synchronization CML server
Version Current ORS version
ORS / Web Status of ORS and its Web service
YSoft SafeQ 5 565

February 03, 2016
Status of the ORS's web service is monitored each five minutes by default - this means that when
you see information about service status on this page, it could be maximum of five minutes old.
You can modify checking frequency via system configuration property
webServiceStatusCheckJobCronRule (CRON rule).
Communication between YSoft SafeQ server and its Terminal Server is stateless, therefore
information about current Terminal server status cannot be displayed on this page.
FILTERING ORS OVERVIEW INFORMATION

To display only the specific information you need, use the filter options on the ORS overview page.
Attribute Properties
ORS name Name of the ORS server
Hostname ORS server hostname or IP address (depends how ORS is registered in the system)
GUID Specific ORS GUID
Services ORS service status:
Any status - Show all ORS servers regardless of service status

All services all connected - Show only ORS servers whose services are all
connected
Some services are disconnected - Show only ORS servers that have any
disconnected services
Click Search to apply the filters and perform the search.
Click Clear to clear filter options.
Click to show or hide advanced filter options.
YSoft SafeQ 5 566

February 03, 2016
4.7.9 WEB INTERFACE - DEVICES
DEVICES
In the YSoft SafeQ Web Interface, select Devices.
The Devices tab enables you to access the following functions:
Printers list – Lists all devices managed by YSoft SafeQ (see Using the Printers list).
Terminals list – Lists all terminals connected to devices (see Terminals ) .
Device templates – Templates for automating the process of adding devices to YSoft
SafeQ (see Device Templates).
Shared queues for user shared printing (Delegation Print (VIP Shared Queues) and
workgroup shared printing (Workgroup print sharing (Shared Queues) (see Shared
Queues).
Device management tools
Tools - Batch editing
Tools - Printer types
Tools - User tags
YSoft SafeQ 5 567

February 03, 2016
DEVICE TEMPLATES
ABOUT
This page describes the device template in SafeQ 5.0 web At Glance
interface. Some attributes may differ based on available
configuration and/or license. Device templates is the tool to create About
/configure one template device type, which will be used for the General overview
installation of many other devices of the same type and same Working with
settings. This can be useful, when customer have got a lot of Device Templates
devices of the same vendor and version.
GENERAL OVERVIEW
Device templates can be found on web interface: Devices -> Templates
On this panel a user can administrate device templates.
Name device template name
Description device template description
Backend deviceTemplates Backend type
Type device templates Accounting

driver
YSoft SafeQ 5 568

February 03, 2016
WORKING WITH DEVICE TEMPLATES
Creates new device template - see Device Templates Editor; for more
information.
Edit existing device tempalate, using Device Templates Editor.
Remove device template from the database.
DEVICE TEMPLATES EDITOR
This page describes the device template editor in SafeQ 5.0 web interface. Some attributes may
differ based on available configuration and/or license.
Device templates is the tool to create/configure one template device type, which will be used for
the installation of many others devices of the same type and same settings. This can be useful
when customer has got a lot of devices of the same vendor and version.
At Glance
Creating of the Devices Templates

Basic Settings
Terminal
Advanced
SNMP
Price list
Tags
Saving device template
CREATING OF THE DEVICES TEMPLATES
This picture shows how to create a template for devices.
YSoft SafeQ 5 569

February 03, 2016
BASIC SETTINGS
Within new pop up window you can create device template exactly the same way as create device
manually. (see Adding and editing printers)
Name Represents unique name of the device template. Use any information that will
simplify recognition of the device template in the system.
Description Represents any additional identifier that helps better orientation in device
(optional) templates list.
Location (optional) Represents optional information about device location.
Group Virtual group or ORS server. The group must be configured correctly in order
to achieve desired functionality of SafeQ.
This attribute may not be available in all configurations.
Cost center Default device costs center for reporting purposes.
Page tracking Page tracking mechanism for selected device template - in the case of
mechanism selecting "Online" mechanism, accounting driver for the device must be
selected.
Terminal
YSoft SafeQ 5 570

February 03, 2016
This page represents information whether the device is equipped with on of available YSoft SafeQ
Terminals embedded. If you want to use any functionality that requires terminal embedded, this page
has to be correctly completed.
WARNING
Only terminal Embedded can be pre-defined in device templates.
Integration type Embedded terminal type for this MFP. This list strictly depends on the
embedded terminals available in the SafeQ license file. Terminal types
without the proper license are not displayed.
Administrator login Administration login to MFP – Default settings for this type of technology
can be set in System Settings.
Administrator password Administration password to MFP – Default settings for this type of
technology can be set in System Settings.
Delete jobs after All jobs will be deleted immediately after printing.
printing
Authentication Mode
YSoft SafeQ 5 571

February 03, 2016
Settings determine if users must authenticate only to use the MFP or for
every application on the MFP.
Authentication Method Authentication methods available to user for identity confirmation at MFP:
-PIN
-Card
-Username and password
-PIN or card
-PIN and card
-Username and password, or card
-Username and password and card
-Login (other methods)
Authentication Method depends on selected Integration type
Authentication - Allow Allowed / disabled public user.

public user
Application - Type Application integration with the device's panel.

-Native
-Browser
Application - Job list Job folder which will be available for user at MFP:
folder -Waiting
-Waiting and Printed
-Waiting, printed and favourites
-All jobs in one folder
-No job list
Scan Enable / disable YSoft Scan feature
Payments Enable / disable YSoft Payment system
Advanced
Advanced data about device templates can be defined on this page.
YSoft SafeQ 5 572

February 03, 2016
Contact person Name of the contact person responsible for the device in case of
breakdowns, malfunction, etc.
ZIP code Device location ZIP code.
Scan job default Default scanning email address for this device.
addressee
Printer type Specific device type for csv export: see Tools - Printer types
Backend Determines the way in which the device communicates. If the option
"Change port value to default" is selected, the port will be changed to the
default value of the particular backend together with the change of the
backend.
Port The port number that the device will communicate through.
Print job encoding Encoding of print job printed on this device.
Online accounting Configuring of accounting mechanism.
Offline print Configuring of accounting mechanism.

accounting
Offline copy Configuring of accounting mechanism.

accounting
Configuring encoding of messages produced by this device.
YSoft SafeQ 5 573

February 03, 2016
Alert message
encoding
Batch Accounting Batch accounting is an extension of standard online print accounting and it
represents a quicker and more efficient use of printers accounted online.
Settings available only for MFP without embedded terminal.
SNMP
SNMP data about device templates can be defined on this page.
YSoft SafeQ 5 574

February 03, 2016
SNMP v2 read-only SNMP read-only community for remotely accessing the device states
community (standard settings is public)
SNMP v2 read-write SNMP read-write community for remotely reading and writing to device
community properties (standard settings is private)
SNMP v3 Username
SNMP v3 Context name
SNMP v3 Authentication algorithm
SNMP v3 Authentication password
SNMP v3 Privacy algorithm
SNMP v3 Privacy password
Price list
On this page you can set accounting values for devices and for particular print types, copies, etc.
The contents of the tab are different for each device driver (and the tab might not even be available
for some drivers).
YSoft SafeQ 5 575

February 03, 2016
Cost per click Price for every printed page. (If the duplex function has been used one
sheet of paper has two sides.)
Paper costs (normal) Blank sheet price (normal (A5/A4/letter)).
YSoft SafeQ 5 576

February 03, 2016
Paper costs (large) Blank sheet price (large (A3/legal/tabloid)).
Non standard media Blank sheet price for non standard media type.
type (normal)
Non standard media Blank sheet price for non standard media type.
type (large)
B/W print Price of toner consumption for one page (normal) of black and white print.
B/W print print large Price of toner consumption for one page (large) of black and white print.
Monocolor print Price of toner consumption for one page (normal) of monocolor print.
Color print Price of toner consumption for one page (normal) of color print.
Color print large Price of toner consumption for one page (large) of color print.
B/W print copy Price of toner consumption for one page (normal) of black and white copy.
B/W print copy large Price of toner consumption for one page (large) of black and white copy.
Monocolor copy Price of toner consumption for one page (normal) of monocolor copy.
Color copy Price of toner consumption for one page (normal) of color copy.
Color copy large Price of toner consumption for one page (large) of color copy.
Online accounting Print from this device will be accounted online.
Offline print accounting Print from this device will be accounted offline.
Offline copy accounting Copy from this device will be accounted offline.
Scan Price settings for scan via HW/Embedded terminal.
B/W Scan (normal) Price settings for BW A4 scan via Embedded terminal.
B/W Scan (large) Price settings for BW A3 scan via Embedded terminal.
Color Scan (normal) Price settings for COLOR A4 scan via Embedded terminal.
Color Scan (large) Price settings for COLOR A3 scan via Embedded terminal.
VAT Price for scan send via SafeQ SMTP server.
Coverage cost If the percentage of toner/ink coverage is the same as selected, 100% of
the amount will be accounted. Otherwise the billed amounts will be
calculated by coverage.
Parser must be enabled for proper functionality
Coverage accounting - If this option is selected, color printouts will be billed based on toner or ink
color prints coverage.
YSoft SafeQ 5 577

February 03, 2016
Coverage accounting - If this option is selected, black printouts will be billed based on toner or ink
black prints coverage.
Alert messages Encoding in which printer status is saved and displayed in the SafeQ
encoding system.
Tags
Tags are used for sorting jobs to printer queues. They work the same way as print properties.
Attributes
The green icon indicates that this option must be stated in the print job in order for the job to be
printed.
The red icon cannot be stated in the job in order for the job to be printed.
To change a property setting, click the icon.
Saving device template
YSoft SafeQ 5 578

February 03, 2016
When template is created and saved using "Save template" button, pop up window is closed and
template is displayed in the template list.
MANAGING TERMINALS
About
Displaying and using the Terminals page
Working with hardware terminals
Filtering information to display on the Terminals page
Scheduling terminal firmware updates
Actions available on the Terminals page
ABOUT
On the Terminals page, you can manage YSoft SafeQ terminals that are connected to devices.
See Adding and editing printers for more information.

YSoft SafeQ terminals (YSoft SafeQ Terminals) are essential for several key features in YSoft
SafeQ. See Terminal features in detail.
YSoft SafeQ 5 579

February 03, 2016
DISPLAYING AND USING THE TERMINALS PAGE
Go to Devices > Terminals.
The Terminals page contains a list of terminals that have been added to your YSoft SafeQ system,
along with a description of each terminal and the version of the firmware installed on the terminal.
Server groups
Group/ORS name – A list of groups (virtual or physical remote servers). NOTE:

Your *Terminals *page may not include the list of groups, depending on your YSoft
SafeQ system.
Items – Total number of terminals of the selected type.
Name, description, and firmware version of each terminal (according to the filter
options you choose).
Filter options
Filter options appear at the top of the page.
Action buttons
Action buttons are on the right side of the page.
NOTE: Terminal firmware is stored in <SAFEQ_DIR>\SERVER\UPDATE
YSoft SafeQ 5 580

February 03, 2016
WORKING WITH HARDWARE TERMINALS
Update firmware log. (See Update firmware log)
Edit terminal settings.
Check the box to schedule a firmware update for the terminal.
Change Terminal settings via the Web interface.
FILTERING INFORMATION TO DISPLAY ON THE TERMINALS PAGE

To display only the information you need, use the Terminals page filter options.
Filter Name Filter Description
Device Restrict the list of terminals to a specific device based on:

properties
Name
Description
IP address
Location
Equipment number
Maintenance contract number
Accounting driver
Accounting driver for counters collection
Group or ORS Restrict the list of terminals to a specific Group/ORS name based on:
name
Name
Spooler IP address
YSoft SafeQ 5 581

February 03, 2016
Spooler GUID
Terminal type Restrict the list of terminals to a specific terminal type with following states:
Embedded: In any state

Embedded: Sucessfully installed
Embedded: Required reinstallation
Embedded: Not enabled
Hardware: Professional
Hardware: Ultralight
Queue Restrict the list of terminals to a device which used queues or terminals based on:
Direct queue name

Terminal Professional serial number
Terminal Ultralight serial number
Search in group If field is checked all search results will be sorted via their parent group and you can
browse through them.
All results will be listed on one page regardless of group if field is unchecked.
In this case group information will be at the start of each record and it can be used to
display rest of the group content.
Clear button Cancels any selected filter and refreshes page with devices.
SCHEDULING TERMINAL FIRMWARE UPDATES

To schedule a firmware update, click Schedule firmware update.
NOTE: You can select to update an entire Device Group or only one terminal.
Field name Description
YSoft SafeQ 5 582

February 03, 2016
Date and time of Select the date and time the terminal update will be performed.
update
Update firmware to Select the terminal firmware to update.

version
NOTE: The terminal firmware that appears in the list is for the selected
terminal type only.
Only lesser versions If you want to update a later version of terminal firmware to an earlier version,
clear the Only lesser versions checkbox.
Schadule update Save the terminal update settings.
ACTIONS AVAILABLE ON THE TERMINALS PAGE

To open action options, click Actions.
NOTE: If only hardware terminals are selected options for embedded terminals are not available in
Actions bar.
Actions you perform by selecting an Actions option will be applied to all terminals.
Embeded terminals
YSoft SafeQ 5 583

February 03, 2016
Open embedded terminals Displays an overview of any pending embedded terminal

installation monitor deployment activity.
Reinstall embedded terminal for Select devices (via checkbox next to the device's record) and use
selected devices this action to reinstall embedded terminal for these devices. This
action can be used for example when reinstallation of multiple
devices is required by change in the system configuration or after
application of the new embedded terminal settings via Tools - Batch
editing page.
Embedded terminals are reinstalled in small batches. You can set

how big this batch is in System settings (expert option
"bulkEmbeddedReinstallationBatchSize", default batch size is set to
five devices).
Hardware terminals
Schedule firmware update An windows for scheduling updates will be opened, same as
Schedule firmware update button.
Groups/ORS
Select all groups Selects all device groups.
NOTE: This action is not available in all YSoft SafeQ

configurations.
Move ORS to another job Moves the selected ORS device group to a defined job roaming
roaming group group.

configurations.
Export group list to CSV Exports the list of groups to the file DevicesGroupsList.csv. The
CSV file contains: Group Name, Group Type (ORS, CML), ORS
version if available, ORS IP address if available, Number of devices
registered to the group, ORS server GUID if available, spooler limit
for ORS if available. You can select the character set encoding for
the exported file.

configurations.
Devices
Select all devices Selects all the printers in the opened group.
Delete selected devices Removes the selected printer(s) (after confirmation).
Move devices to new group Creates a new device group (virtual or ORS) and moves all selected
printers to this group.
YSoft SafeQ 5 584

February 03, 2016
NOTE: Any registered embedded terminals must be

redeployed after you perform this action. NOTE: This action is
not available in all SafeQ configurations.
Move devices to another group Moves all selected printers to another device group (virtual or ORS).
NOTE: Any registered embedded terminals must be redeployed

after you perform this action. NOTE: This action is not available
in all YSoft SafeQ configurations.
Move devices to new monitor Creates a new Local Device Monitor and groups selected printers
into it. This applies only to printers added automatically via the YSoft
SafeQ Local Spooler Monitor.
Move devices to another monitor Groups selected printers into a new Local Device Monitor. This
applies only to printers added automatically via the YSoft SafeQ
Local Spooler Monitor.
TERMINAL SETTINGS
BASIC
Terminal configuration can edited over web interface with basic settings.
YSoft SafeQ 5 585

February 03, 2016
Load current terminal settings from terminal.
Load default terminal settings.
Load terminal settings from existing template.
Current modified settings can be saved as the terminal settings

template.
BASIC TERMINAL SETTINGS
SN Terminal Serial number
IP Terminal IP address
Job list settings Job list settings that will be displayed on terminal after
authentication:
YSoft SafeQ 5 586

February 03, 2016
Only not printed

To print/printed
To print/printed/favourites
No joblist
Temporary disabled
Validation method User validation method for terminal authentication:
Card
PIN
Card and PIN
Card or PIN
Login
Card or Login
PIN or Login
(Card and PIN) or Login
(Card or PIN) or Login
Interaction type The specific type of interaction:
Normal
Simplified
Show P/C summary Summary that will be shown on terminal after print/copy:
Pages only
Pages and prices
Disabled
Sound settings Terminal sound settings:
Enable
Disable
Copier locking mode Terminal locking mode:
Immediate
from server
Language selector Specific language settings for terminal:
Globe
Direct for 2 language
YSoft SafeQ 5 587

February 03, 2016
Enter project ID Enable/Disable projects on terminal:
enable
disable
Debug mode Terminal debug level:
no log
log errors
log all messages
Default language Select default language for selected terminal
Other languages List of languages that will be available on terminal screen
NETWORK SETTINGS
Administrator can set up also network settings for the terminal.
YSoft SafeQ 5 588

February 03, 2016
Server IP IP address and port of SafeQ (IP:PORT)
Other cluster IP address of cluster nodes separed by

nodes space
Terminal Terminal hostname sent in DHCP request

hostname
Cluster mode Mode od selection of cluster nodes
YSoft SafeQ 5 589

February 03, 2016
OTHER TERMINAL SETTINGS
Copy timeout sound Make sound after copy dialog timeout:
Disabled
Enabled
Copy dialog timeout Additional timeout to first copy (Primary driven by server
settings):
60s
20s
None
Pin dialog text Pin dialog text settings:
YSoft SafeQ 5 590

February 03, 2016
Complete
Without character count
Show P/C alert messages Show alert message in print/copy dialogs:
Enable
Disable
Only in print dialog
Only in copy dialog
Default backlight Default backlight settings
Minimal backlight Minimal backlight settings
PM timeout Power management timeout (in sec)
SHARED QUEUES
OVERVIEW
Shared queues are secured queues. They enable multiple users to access selected documents (in
accordance with the users' rights). All jobs sent to the shared queue are automatically accessible to all
users with access rights to that queue.
There are also special type of shared queues: VIP shared queue, which have assigned one SafeQ user as
an owner. Then the owner can add or remove users or roles in shared queue via web link or via SafeQ
Client. For more info please see: Configuring and using Shared Queues
This page provides management interface for Workgroup print sharing (Shared Queues) functionality.
USING SHARED QUEUES PAGE

You can see Shared queue preview on the image below.
On the left side there is list of shared queues. You can see name of the shared queue, type (VIP or
non VIP queue) and number of members.
To edit settings of queues (name, owner, queue type) click icon.
To delete queue click icon.
On the right is list of members (users and roles) for selected shared queue
To delete member of shared queue click icon.
There is also filter available on the page. You can search for shared queues by:
queue name
users which are member of the queue(s)
owners of the VIP shared queues
YSoft SafeQ 5 591

February 03, 2016
CREATING SHARED QUEUE

To add shared queue or VIP shared queue follow these steps:
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Go to Devices > Shared queues.
2 Select Items > Add new shared queue
3 To create regular shared queue:
1. Type name of the queue

2. Click Save
YSoft SafeQ 5 592

February 03, 2016
OR
To create VIP shared queue:

2. Check "VIP shared queue" checkbox
3. Click icon and select owner from displayed users list
4. Click Save
Note: You must enable the VIP shared queues in the system settings at first to see the checkbox.
Please refer to documentation related to Configuration of VIP Shared Queues.
5 Now you can see created shared queue(s) in the list. There is names, type and number of users for
each shared queue in the list.
To add user, select queue and click Items > Add user to selected queue
6 Select users and roles form the displayed list and close list.
YSoft SafeQ 5 593

February 03, 2016
7 Now click Save settings.
Now all added users and users which are members of added roles, will see all jobs print jobs sent to
this queue.
SYNCHRONIZING DEVICE COUNTERS IN SAFEQ
OVERVIEW
This page describes how to configure use device counters and use their current values when eg. moving
devices.
Device counter is for counting all kind of jobs (print, copy, scan, etc,) and all different types of these jobs
(color, black&white, large, etc.) provided by device (it cannot be changed in any way). SafeQ is using this
counters for comparing values to identify Anonymous or Non-SafeQ jobs (Creation and accounting of
"anonymous" and "purge" jobs).
SafeQ is using device counters only on devices with online accounting.
YSoft SafeQ 5 594

February 03, 2016
CONFIGURATION
1 Log in to the SafeQ Web administration with sufficient rights to manage devices.
2 Go to Devices > Printers selection and click the edit icon next to the device or double click on the
device with online accounting.
3 Click Test selected tracking mechanism to see the Current and Saved values for device counters.
4 Now you can see job type, Current counter value on device and Saved counter value in SafeQ.
NOTE: To see counters for all devices see: Tools - Counter reports
The difference between Current and Saved values can be caused by for example:
performing jobs on current SafeQ installation without logging in
YSoft SafeQ 5 595

February 03, 2016
if you are using device in one SafeQ environment, then move device into another SafeQ
environment (eg. demo installation), performing jobs there and then, moving back to the
first environment.
Counter values are synced with SafeQ every time, when job is performed by registered user in SafeQ
on the device. If SafeQ found out, there is difference, Non-SafeQ print/copy/scan jobs will be added
to the job list. This process is right, in first example. If you are using device like in second example,
you have to sync statistics before performing any by registered user in SafeQ. Otherwise job reports
and statistics will inaccurate, because of data from other SafeQ evironment will be used in this one.
To aviod these problems click Set to current counters value and Current values will be synced to
SafeQ.
5 An Warning windows will be displayed. Please read this warning carefully. This action is
recommended only in specific cases (see previous step for more info) and can lead to inaccurate
statistic reports. It affects only devices with online accounting or device depended accounting with a
ccounting driver for counters collection. Then anonymous jobs will be created to cover this counter
difference and these jobs will be included into statistics for period, when this feature has been used.
Click Yes to use Current device counter values in SafeQ.
YSoft SafeQ 5 596

February 03, 2016
6 Now you can see, counters was synchronized, and Current (in device) and Saved (in SafeQ)
counters are equal.
YSoft SafeQ 5 597

February 03, 2016
MOVING DEVICE FROM STOPPED ORS
In case that administrator wants to move device to CML from ORS node which is currently down he
can choose the way of device's counters preservation.
There are two options:
Create counter difference print job - after the device is moved, its counters will be set to
values from CML database. If this option is chosen, it is possible that counter difference
print job will be created.
Reset device's counter values - after the device is moved, its counters are reset to zero.
Counter difference print job will not be created.
YSoft SafeQ 5 598

February 03, 2016
TOOLS - BATCH EDITING
ABOUT
Batch editor is the option for the mass operation with devices, which are connected with SafeQ (see
Using the Printers list).
This page describes Device management in SafeQ 5.0 web interface. Some information and screen
descriptions may differ based on available configuration and/or license.
At Glance
About
General Overview
Working with Batch editing
Available Operations
GENERAL OVERVIEW
Batch editing can be found on web interface: Devices -> Tools -> Batch editing
On this page you can perform multiple edits for several devices at once.
Edit operations: List of requested operations that shall be performed

Selected devices and groups for performing edit operations: List of devices that are selected for
edit operations
YSoft SafeQ 5 599

February 03, 2016
WORKING WITH BATCH EDITING
Select operation thah should be performed
Add a new device group to select
Add a new device to select
Add anew device according to selected filter Batch

Editing - Add devices from filter
Apply changes
Add created operation
delete created operation / delete selected device and/or

devices group
YSoft SafeQ 5 600

February 03, 2016
AVAILABLE OPERATIONS
change description this option can change description for devices
move to group this option can specify the affinity of the devices to groups
set cost center can specify cost centers for multiple devices
change online accounting with this option administrator can change online accounting
driver driver for multiple devices
change accounting driver for with this option administrator can change driver used for
counters collection counters collection for multiple devices
change port with this option administrator can change TCP/IP port for multiple
devices (9100 or 515)
change backend with this option administrator can change backend data delivery
for multiple devices (LPR, LPR PJL copies,TCP/IP Raw and TCP
/IP Raw NoMap)
set accounting data with this option administrator can change online accounting
driver for multiple devices
change system tags settings with this option administrator can change and configure system
tags for multiple devices
change system tags settings with this option administrator can change and configure user tags
for multiple devices
batch accounting administrator can enable/disable batch accounting for multiple

devices
default addressee for scan jobs with this option administrator can specify default address name
for scanning
embedded terminal settings administrator can change settings for the terminal embedded - to
apply the settings, devices' embedded terminals must be
reinstalled - you can use action "Reinstall embedded terminal for
selected devices" on page Devices > Printers
YSoft SafeQ 5 601

February 03, 2016
BATCH EDITING - ADD DEVICES FROM FILTER
YSoft SafeQ 5 602

February 03, 2016
GENERAL OVERVIEW
Through this page you can find requested device/devices according to specific advanced filter settings.
Main Attribute name Attribute Description
Test Attribute choose Default confition type settings

confition specific Device Group filter
type... specific cost centre filter
group specific driver filter
cost center specific port filter
driver specific backend filter
port batch accounting enabed/disabled filter settings
backend specific printer type filter
batch
accounting
printer
type
Connection == Test attribute MUST has a value of xxx

(equals) Test attribute MUST NOT has a value of xxx
!= (not
equals)
YSoft SafeQ 5 603

February 03, 2016
Main Attribute name Attribute Description
Value Specific value for selected attribute
Condition`s connection AND Condition`s connection set to AND

OR Condition`s connection set to OR
Add created condition to list
Add listed devices from filter to selected devices

and groups for performing edit operations Tools -
Batch editing
Search devices according to created filter
TOOLS - PRINTER TYPES
ABOUT
Printer type module is always used in cooperation with feature called Export settings for YSoft SafeQ Client.
The printer types will be part of CSV export that can be later used for the installation of SafeQ client.
Under the printer types you can set up the type of the device with specified type of accounting. This can be
later used also in the Advanced settings of devices in SafeQ (see Using the Printers list). In SafeQ, you can
define printer types and assign them to individual devices.
A device type consists of a printer name (type name) and a driver name used in the Windows operating
system as the device driver.
DO NOT CONFUSE THIS WITH THE ACCOUNTING DEVICE DRIVER USED IN SAFEQ
One of the defined types always has to be marked as default. It should never happen that either no driver
(device type) or more than one driver is set as the default. This is done by marking the first defined type
automatically as default. The system does not allow you to delete any default type before setting another
one in its place.
At Glance
About
General Overview
Working with Printer types
Creating a new Printer type
YSoft SafeQ 5 604

February 03, 2016
GENERAL OVERVIEW
Printer types can be found on web interface: Devices -> Tools ->Printer types
Each line with a printer type includes a printer name displayed in the first column (this name represents
the printer type shown in a drop-down menu of the device edit dialogue window), a driver name
displayed in the second column, and an accounting device type listed in the third column. Next to it,
there is an icon for editing the particular printer type data and an icon for removing the printer type data
from the list. The check box at the end of the line is used for setting a default printer type. By checking
the check box, the printer type is set as the default. As stated above, only one printer type can be
checked as default at a time (it is monitored by SafeQ).
You can find the driver name in the SafeQPort-CSV.txt file. It includes a list that must correspond to
"Printer type" on safeq web interface (see Adding and editing printers or Device Templates Editor).
WORKING WITH PRINTER TYPES
Creates new printer types
Modifies printer type settings
Removes the printer type an all its

settings
Default Printer type
YSoft SafeQ 5 605

February 03, 2016
CREATING A NEW PRINTER TYPE
To add a new printer type, click the button in the right-hand upper corner of the
printer type list. To save a new or edited type, enter both the printer name and the driver.
Printer type Enter Printer type (name will be available in drop-down menu in device edit
dialog)
Printer driver Enter exact name of the printer driver used in the windows operating system
Type of Choose type of accounting which will be used for accounting of anonymous jobs
accounting on CRS
TOOLS - USERS TAGS
ABOUT
User tags are used for sorting jobs to printer queues. They work the At Glance
same way as print properties set via device drivers.
About
see Adding and editing printers for detailed information. General
see Tags wizard for practical usage overview. overview
Filter
options
Working
with Tags
YSoft SafeQ 5 606

February 03, 2016
GENERAL OVERVIEW
Device templates can be found on web interface: Devices -> Tools ->Users tags
On this panel a user can administrate device tags.
Using of TAGS
New tags can be Created/Edited or Deleted .
FILTER OPTIONS
Filter options/buttons Descriptions
Enter in to this filed the Tags name
After clicking on this button the filter will be

applied
Clean filter options
YSoft SafeQ 5 607

February 03, 2016
WORKING WITH TAGS
Using of tags as well as tags configuration is described: Tags wizard
TAGS WIZARD
ABOUT
User tags are used for sorting jobs to printer queues. They work the same way as print properties set via
device drivers.
This page is divided to several parts. The first part describes SafeQ configuration on web interface. The
second part describes how to configure safeq client (on client workstation) and how the device tags works.
At Glance
About
Creating TAGs
Allow or Disable tags
SafeQ Client settings
Displaying of TAGs in job information on web interface
YSoft SafeQ 5 608

February 03, 2016
CREATING TAGS
Device templates can be found on web interface: Devices -> Tools ->Users tags
On the users Tags page click on the button, enter the tag name and save it by "Save tag" button.
Tag name correct format: Name must not contain spaces, must be 3-10 characters long, and can
consist of only alphanumeric characters.
YSoft SafeQ 5 609

February 03, 2016
ALLOW OR DISABLE TAGS
Once a tags are created you can define which of them allow or disable. Open any existing (or you can
create a new one) device and go to the Tags tab.
On this page you can select tag that will be allowed or disabled.
If device has embedded terminal, it must be reinstalled when system tags are changed. Device wizard
will ask for reinstallation when device changes are saved.
Attributes:
The green icon indicates that this option is allowed in the print job in order for the job to be printed.
The red icon indicates that this tag cannot be in the job in order for the job to be printed.
YSoft SafeQ 5 610

February 03, 2016
SAFEQ CLIENT SETTINGS
Once a tag is created you can simply define it in SafeQ Client. Edit the Queue name in SafeQ client as
described below:
%QUEUE_NAME%:%TAG1%,%TAG2%,%TAG3%
You can also negate TAG by %QUEUE_NAME%:!%TAG_NAME%
Or combine both:
%QUEUE_NAME%:!%TAG1%,!%TAG2%
Example
Secure:SALES,!RnD
Job will be send to secure queue with allowed TAG SALES and denied TAG RnD.
YSoft SafeQ 5 611

February 03, 2016
WARNING: TAGS must be named in SafeQ Client exactly as in SafeQ. IF NOT tag will be not
displayed on SafeQ web IF or used in a print job.
DISPLAYING OF TAGS IN JOB INFORMATION ON WEB INTERFACE
When you send a job with TAGS, you can display them on web interface in job info page.
In the case we used an previous example - It will looks like picture above (allowed SALES TAG and
denied TAG RnD ).
USING THE PRINTERS LIST
About the Printers list

Displaying the Printers list
Using the list of printers
Using the list of device groups
Searching for specific device groups or printers
Actions available on the Printers page
YSoft SafeQ 5 612

February 03, 2016
ABOUT THE PRINTERS LIST

Use the Printers list to define and manage multifunction printers (MFPs) and other printers and
copiers that are tracked and controlled by YSoft SafeQ. Every printer/copier for use with YSoft SafeQ must
be listed in the Printers list before it can work with YSoft SafeQ.
Devices can be sorted into groups – either logical, in a desired structure, or physical – by individual print
spoolers.
The Printers list is a key requirement for all YSoft SafeQ features.
For more information about individual device settings, see Adding and editing printers.
For information about sorting devices into groups, see Creating device groups.
Information and screen descriptions vary according to your YSoft SafeQ configuration and/or license.
DISPLAYING THE PRINTERS LIST

In the YSoft SafeQ Web Interface, select Devices > Printers.
The page is divided into three parts. (Each part is described in detail below.)
The left area displays device groups (virtual or physical remote servers). NOTE: This list is not
available in all YSoft SafeQ configurations.
The right area displays all connected printers. Every printer/copier for use with YSoft SafeQ must
be included here.
The top area allows to apply search filters, and perform additional Actions.
NOTE: You can change size of left and right panel by re positioning the divider between them via mouse
drag and drop. Divider position setting is saved for each user separately.
USING THE LIST OF PRINTERS

On the Printers page, the list of printers provides a quick overview of all printers/copiers registered in the
YSoft SafeQ system.
YSoft SafeQ 5 613

February 03, 2016
NOTE: Descriptions of individual items (for example, the meanings of the Description, Backend, and
Type headings) are available in Adding and editing printers.
Available actions:
Action Description
Device not activated This device has not been used and was not activated yet. Device
name is in gray color.
Correctly installed Embedded terminal is correctly installed.Clicking on icon opens

embedded terminal window with device's embedded terminal. Device name is in black
color.
Problem with terminal There is a problem with terminal embedded settings. Clicking on icon
embedded settings opens window with device's embedded terminal. Device name is in
red color.
Open device interface Opens the printer's Web interface, by means of http://<device_ip>/
Test accounting driver Tests the accounting driver responsible for Office Print Tracking.
Accounting drivers are described in Adding and editing printers.
Last 10 print jobs Displays a list of the last 10 print jobs produced on the printer. This
information serves only as a quick reference to the latest activity
managed by YSoft SafeQ on the selected printer.
Adding and editing printers Opens a page where you can edit YSoft SafeQ settings for the
printer.
Remove device Removes the device from the system.

NOTE: The device is not physically removed from the database;
it is simply flagged as "deleted". This means that the device is
available for reporting purposes but not for any other YSoft SafeQ
functions. However, you cannot undo device removal.
Batch actions Check this box for every device you want to apply a selected action
to.
YSoft SafeQ 5 614

February 03, 2016
USING THE LIST OF DEVICE GROUPS

On the *Printers *page, the device group list provides a quick overview of device groups, and options to
structure devices into physical or logical groups for better orientation.
Several types of device groups are available, each indicated by a different symbol.
NOTE: Depending on your YSoft SafeQ configuration and license, some (or all) types may not be
available.
CML server or The central YSoft SafeQ server (the CML server) (see YSoft SafeQ Server).
cluster
Virtual group A virtual group to organize printers directly connected to the YSoft SafeQ CML
server. You can create any number of virtual groups to logically sort printers
directly connected to the YSoft SafeQ CML server. For example, you could
create a different virtual group for each floor of your building.
ORS An Offline Remote Spooler (see Distributed Server System - Private Cloud). This
group is automatically created the first time an ORS connects to the YSoft SafeQ
CML server (if there are available licenses). All printers registered to this group
are managed by the respective ORS server.
Job roaming A group of remote spoolers used for Near Roaming (YSoft SafeQ ORS
group clustering), a feature of Print roaming.
Available actions:
YSoft SafeQ 5 615

February 03, 2016
Action Description
ORS status Displays connection information about the ORS server:
IP address, ORS version

Connection status (connected, disconnected)
Time of last availability (when the ORS server has been connected)
Group Opens a page where you can edit and change settings for the selected group.
editor
Remove Removes the group from the system.

group Only groups without registered printers can be removed. You must either delete
the group's printers or move them to another group (see Available Actions) before
you can remove the group.
Batch Enables batch actions for the group. See "Available actions", below.
actions
YSoft SafeQ 5 616

February 03, 2016
SEARCHING FOR SPECIFIC DEVICE GROUPS OR PRINTERS

On the Printers page, you can use search filters to quickly access device groups and printers.
Device Restrict the list of terminals to a specific device based on:

properties
Name
Description
IP address
Location
Equipment number
Maintenance contract number
Accounting driver
Accounting driver for counters collection
Group or ORS Restrict the list of terminals to a specific Group/ORS name based on:
name
Name
Spooler IP address
Spooler GUID
Terminal type Restrict the list of terminals to a specific terminal type with following states:
Regardless of terminal
Embedded: In any state
Embedded: Sucessfully installed
Embedded: Required reinstallation
Embedded: Not enabled
Hardware: Professional
Hardware: Ultralight
Queue Restrict the list of terminals to a device which used queues or terminals based on:
Direct queue name

Terminal Professional serial number
Terminal Ultralight serial number
Search in group If field is checked all search results will be sorted via their parent group and you can
browse through them.
All results will be listed on one page regardless of group if field is unchecked.
YSoft SafeQ 5 617

February 03, 2016
In this case group information will be at the start of each record and it can be used to
display rest of the group content.
Clear button Cancels any selected filter and refreshes page with devices.
ACTIONS AVAILABLE ON THE PRINTERS PAGE

To display options for adding a new printer or device group, on the top right side of the page, click Items.
Available actions in the Items section:
Action Description of the action
Add new device Add a new printer to YSoft SafeQ. For details, see Adding and editing printers.
Add new device from Add a new printer to YSoft SafeQ based on an existing template. For details,
template see Adding and editing printers and Device Templates.
Add new group Add a new virtual device group. For details, see Creating device groups.
To display other options, on the top right side of the page, click Actions.
Embeded terminals
Open embedded terminals Displays an overview of any pending embedded terminal deployment
installation monitor activity.
Reinstall embedded terminal for Select devices (via checkbox next to the device's record) and use
selected devices this action to reinstall embedded terminal for these devices. This
action can be used for example when reinstallation of multiple
devices is required by change in the system configuration or after
application of the new embedded terminal settings via Tools - Batch
editing page. Only devices in selected device group will be
reinstalled.
YSoft SafeQ 5 618

February 03, 2016
Embeded terminals
Embedded terminals are reinstalled in small batches. You can set

how big this batch is in System settings (expert option
"bulkEmbeddedReinstallationBatchSize", default batch size is set to
five devices).
NOTE: To reinstall all embedded terminals in all device groups,

follow these steps:
1. In select box Terminal select Embedded: In any state

2. Uncheck Search in groups
3. In Actions ... menu, select Select all devices
4. In Actions ... menu, select Reinstall embedded terminal for
selected devices
Uninstall embedded terminal from This action works exactly the same as Reinstall embedded terminal
selected devices for selected devices (see above). Only difference is that this action
does not reinstall embedded terminals but remove them from the
devices. Same order of steps and principles applies.
Hardware terminals
Schedule firmware update An windows for scheduling updates will be opened.
Groups/ORS
Select all groups Selects all device groups.

configurations.
Move ORS to another job Moves the selected ORS device group to a defined job roaming
roaming group group.

configurations.
Export group list to CSV Exports the list of groups to the file DevicesGroupsList.csv. The
CSV file contains: Group Name, Group Type (ORS, CML), ORS
version if available, ORS IP address if available, Number of devices
registered to the group, ORS server GUID if available, spooler limit
for ORS if available. You can select the character set encoding for
the exported file.

configurations.
Device
YSoft SafeQ 5 619

February 03, 2016
Embeded terminals
Duplicate selected device Duplicates selected device with all settings, except unique ones (e.g.
IP address, HW terminal serial number, direct queues, etc.)
Exchange selected device Deletes selected device, and creates new one with same settings,
except unique ones (e.g. e quipment number, m aintenance contract
number ). You will have to repair data, and the new device will
appear in statistics. For more info about data repair see: Data Repair
Devices
Select all devices Selects all the printers in the opened group.
Delete selected devices Removes the selected printer(s) (after confirmation).
Move devices to new group Creates a new device group (virtual or ORS) and moves all selected
printers to this group.
NOTE: Any registered embedded terminals must be

redeployed after you perform this action. NOTE: This action is
not available in all SafeQ configurations.
Move devices to another group Moves all selected printers to another device group (virtual or ORS).
NOTE: Any registered embedded terminals must be redeployed

after you perform this action. NOTE: This action is not available
in all YSoft SafeQ configurations.
Move devices to new monitor Creates a new Local Device Monitor and groups selected printers
into it. This applies only to printers added automatically via the YSoft
SafeQ Local Spooler Monitor.
Move devices to another monitor Groups selected printers into a new Local Device Monitor. This
applies only to printers added automatically via the YSoft SafeQ
Local Spooler Monitor.
YSoft SafeQ 5 620

February 03, 2016
ADDING AND EDITING PRINTERS
ABOUT ADDING AND EDITING PRINTERS
This page describes how to add and edit devices (printers) in At a Glance
the YSoft SafeQ Web Interface. Attributes vary according to
your YSoft SafeQ configuration and/or license. About adding and
Printer configuration interface serves as a primary tool for editing printers
configuring new or existing devices. Basic settings
Specifying that the
See Print tracking methods and Available Copy printer uses a
Tracking Methods for various tracking mechanisms. terminal
See Office Print Tracking for major limitations and Embedded
caveats. terminal
See Print roaming for basic information about using settings
terminals. Hardware
See YSoft SafeQ Terminals for information about terminal
supported terminals. settings
Reporting
device
Adding and editing
direct print queues
Advanced printer
settings
SNMP settings
Prices settings
Printer property
settings
Scan
YSoft SafeQ 5 621

February 03, 2016
BASIC SETTINGS
On the Printer page select Basic to display the essential required settings for a printer.
Name Unique name of the printer. Use any information that will make it easy to
identify the printer throughout the YSoft SafeQ system.
Description Any additional information that will help identify the printer in reports and in
the Device list.
Location Optional information about the printer's location.
Group Virtual group or ORS server. The group must be configured correctly in order
to work with YSoft SafeQ.
Cost center Default cost center for the printer, for reporting purposes.
IP address IP address of the printer.

Supports IPv4 address or hostname.
The IP address or hostname must be unique in the system.
Page tracking Device tracking mechanism.

mechanism
Accounting driver Accounting driver for the printer.

Displayed only if Online tracking mechanism is selected.
YSoft SafeQ 5 622

February 03, 2016
Accounting driver Accounting driver for the printer for counters collection.
for
counters collection Displayed only if Device dependent tracking mechanism is selected.
YSoft SafeQ 5 623

February 03, 2016
SPECIFYING THAT THE PRINTER USES A TERMINAL
On the Printer page select Terminal tab.
EMBEDDED TERMINAL SETTINGS

If an embedded terminal (a software terminal integrated with the MFP's panel) is installed on the MFP,
select Embedded terminal.
Select terminal type corresponding to your device.
Embedded terminal tab is always set by default to Basic mode, which hides some of advanced
settings.
YSoft SafeQ 5 624

February 03, 2016
To access all available options for embedded terminal change mode to Advanced.
Vendor Embedded terminal type for this MFP. The listed options vary according to the
embedded terminals available in the YSoft SafeQ license file. Terminal types
not included in the license are not displayed.
YSoft SafeQ 5 625

February 03, 2016
Administrator Administration login to MFP – You can specify login for the administrator if it
login vary from globally configured.
Administrator Administration password to MFP – You can specify password for the
password administrator if it vary from globally configured.
Delete jobs after If checked, all print jobs released by this terminal will be deleted after they are
printing printed and therefore will not be available for reprinting. Can be configured
globally via deleteAllJobsAfterPrint property.
Authentication Determines if authentication application shall be enabled for the device
Mode Determines if users must authenticate only to use the MFP or for each
application on the MFP.
Method Authentication methods available to the user for identity confirmation at the
MFP:
-Card
-PIN
-PIN and card
-PIN or card
-Username and password
-Username and password, and card
-Username and password or card
Authentication Method depends on the selected Integration type.
Network Card In case device is equipped with Network Card reader, enter its serial number
reader (SN).
Application Determines if YSoft SafeQ application shall be enabled for the device
Type Method used for integrating the embedded terminal application with the MFP's
panel.
-Native
-Browser
Job list folders Job folder(s) that will be available for users at the MFP:
-All jobs in one folder
-Waiting
-Waiting, printed
-Waiting, printed, favorites
Scan Determines if YSoft SafeQ scan application shall be enabled for the device.
Accounting If selected, the MFP will use vendor provided accounting.
Payments If selected, YSoft SafeQ payment feature will be enabled for the device.
YSoft SafeQ 5 626

February 03, 2016
HARDWARE TERMINAL SETTINGS

If a hardware terminal (YSoft SafeQ Terminal Professional or YSoft SafeQ Terminal UltraLight) is
connected to the printer, select Hardware terminal.
Terminal serial Serial number of the terminal. The serial number is usually located on the
number back of the terminal and begins with SN (see the blue box).
Switch the terminal Switches terminal with another device. Device (terminal) must be activated
to use this feature.
Edit terminal's Opens dialog for modifying the setting of the terminal. Device (terminal)
must be activated to use this feature.
settings
Delete jobs after If checked, all print jobs released by this terminal will be deleted after they
printing are printed and therefore will not be available for reprinting. Can be
configured globally via deleteAllJobsAfterPrint property.
YSoft SafeQ 5 627

February 03, 2016
Terminal Information about the terminal (e.g. version of firmware installed on the
onformation terminal). This information is updated every time the terminal connects to
the server.
REPORTING DEVICE
If you want to have device added in YSoft SafeQ system just for reporting purposes (print tracking via
direct print) and do not consume licence for devices with either embedded or hardware terminal, select
Reporting device.
YSoft SafeQ 5 628

February 03, 2016
ADDING AND EDITING DIRECT PRINT QUEUES
The Direct printing page displays names of direct queues. Direct queues ensure direct release of any
print job to the printer. Direct print queues are used for enabling YSoft SafeQ Office Print Tracking
without interfering with the standard user workflow. The user releases the print job from her
workstation and it is delivered via YSoft SafeQ directly to the printer without any delay in processing.
To set up or edit direct print queues:
On the Printer page select Direct printing.
Name Name of the queue as it appears in the source print system. For printing with
Windows this is either the LPR print queue name or the YSoft SafeQ Client queue
name as configured in Windows Print Queue. For other systems this is the LPR
queue name. For details see Printer configuration for Workstation and Server.
Delete after If checked, all print jobs released by this terminal will be deleted after they are
printing printed and therefore will not be available for reprinting. Can be configured
globally via deleteAllJobsAfterPrint property.
Edit an existing direct queue.
Remove a direct queue from the database.
YSoft SafeQ 5 629

February 03, 2016
YSoft SafeQ 5 630

February 03, 2016
ADVANCED PRINTER SETTINGS
To edit advanced settings:
On the Printer page select Advanced.
Activation of device Date and time of the first activity (print, copy, scan) recognized by
YSoft SafeQ.
Equipment no. Printer equipment number
Maintenance contract no. Maintenance contract number of the printer
Contact person Name of the contact person responsible for the printer in case of
breakdowns, malfunctions, etc.
ZIP code Device location ZIP code
Scan job default Default scanning email address for this printer
addressee
Printer type Specific printer type for CSV export: see Tools - Printer types
Backend Determines the way in which the printer communicates. If you

select change port to default, the port will be changed to the
YSoft SafeQ 5 631

February 03, 2016
default value of the particular backend together with the change of

the backend.
Port Port number that the printer will communicate through
Print job encoding Encoding of print job printed on this device.
Batch Accounting Batch accounting is an extension of standard online print

accounting and it represents a quicker and more efficient use of
printers accounted online.
Settings available only for MFP without embedded terminal.
Online accounting Enables online tracking mechanism.
Offline print/copy Enables extended options for offline tracking mechanism for print
accounting /copy jobs. If one of offline accounting options is enabled, more
options for coverage accounting are displayed.
Settings available only if device Page tracking mechanism is

set to Online or Offline. This can be done on Basic device tab.
Coverage accounting - Enables to use coverage accounting for black or color prints when
black/color prints copying or printing, based on setting above.
Settings available only if Offline print/copy accounting is

enabled
Coverage accounting - Setting the percentage of page coverage, which is basic value for
percentage calculating page price in coverage accounting. Coverage page
price = page coverage / " Coverage accounting - percentage"
value x page price defined in price list.
Example: Color page price = 1, BW page price = 0.5, Coverage

accounting - percentage = 10
- BW page with coverage of 50% will be 50 / 10 * 0.5 = 2.5
- Color page with coverage 150% (sum of coverage of three colors
in RGB model) will be 150 / 10 * 1 = 15
For more info see tooltip ( ) next to this option on SafeQ web
interface.
Settings available only if Offline print/copy accounting is

enabled
Alert messages encoding Encoding for alert message reported by the device.
YSoft SafeQ 5 632

February 03, 2016
SNMP SETTINGS
To edit SNMP settings:
On the Printer page select SNMP.
SNMPv2 Configures SafeQ to communicate with the device using SNMP version 2 using selected
community.
SNMPv3 Configures SafeQ to communicate with the device using SNMP version 3.
YSoft SafeQ 5 633

February 03, 2016
PRICES SETTINGS
In the Prices you can set accounting values for printers and for particular types of prints, copies, etc.
The contents of the page vary according to the printer driver and the selected price list.
To access Prices settings:
On the Printer page select Prices.
See Managing assignable price lists for the instruction how to edit and assign price list to the device.
YSoft SafeQ 5 634

February 03, 2016
PRINTER PROPERTY SETTINGS
On the Tags page you can define printer and user properties. By default all properties are enabled.
Each property has an icon with a specific color that indicates the way the YSoft SafeQ server will
handle the printer during job processing.
To access printer property settings:
On the Printer page select Tags.
Attributes
The green icon indicates that this option is allowed in the print job in order for the job to be printed.
The red icon indicates that this tag cannot be in the job in order for the job to be printed.
Tag description:
Tags that mark the language of print job:

PS1, PS2, PS3, PCL5, PCL5c, PCL5e, PCL6, PCLXL, Prescribe, PJL, HPGL, RPCS,
Other, CPCA, PDF, QPDL, LAWAFLOW, PCL3GUI, PS-Xerox, XCPT-Xerox
Tags that mark the properties of page:
A3, Duplex, Ecomode, Colour
Tags that are used with Rule based engine (RBE)
DeleteJob - if enabled then job with this tag is deleted after print (equivalent to property
deleteAllJobsAfterPrint)
YSoft SafeQ 5 635

February 03, 2016
DoNotForce - if enabled then job with ForceXY tag won`t be forced

ForceBW - if enabled then jobs with ForceBW tag will be forced to be printed in BW
ForceDuplex - if enabled then jobs with tag ForceDuplex will be printed as duplex
ForceSimplex - if enabled then duplex jobs with tag ForceSimplex will be printed as
simplex
Mobile - if enabled then job with tag Mobile will be printed
You can find information about creating tags here: Tools - Users tags
You can find information about using tags here: Tags wizard
SCAN
In the Scan you can scanning workflows for the device with hardware terminal.
To access Scan settings:
On the Printer page select Scan.
See Scanning with Terminal Professional for the instruction how to set scanning with hardware
terminal.
For devices with embedded terminal, refer to Configure scanning for Embedded Terminal instead.
YSoft SafeQ 5 636

February 03, 2016
CREATING AN EMBEDDED TERMINAL WITH DEVICE COUNTERS COLLECTION
ABOUT
For some business reports it is required to collect At a Glance

counters from all devices. This page describes
settings for such feature for embedded terminals. About
Counters are collected in regular intervals, same as Creating an Embedded
for devices with hardware terminals. YSoft SafeQ terminal with device counters
keeps values of device counters per calendar day and collection
for each device separately. The report with counters is Device monitor settings
available on YSoft SafeQ CRS in standalone data
cube.
YSoft SafeQ 5 637

February 03, 2016
CREATING AN EMBEDDED TERMINAL WITH DEVICE COUNTERS COLLECTION
1. From YSoft SafeQ administration web interface Add new device manually.
2. On Basic tab enter the name and IP address.
3. On Terminal tab select Embedded terminal and enter all necessary.
YSoft SafeQ 5 638

February 03, 2016
4. Back on the terminal check Tracking mechanism "Device dependent" and select Accounting driver
from device driver list.
5. Now you can Test selected tracking mechanism.
YSoft SafeQ 5 639

February 03, 2016
6. Finish device configuration.
7. Save a device.
DEVICE MONITOR SETTINGS
Following settings can be set for device monitoring (on System Settings page)
device-monitor-terminals- Procedure to check devices with terminals will be executed in a period

check-interval defined. Only devices that were checked before device-monitor-no-
terminals-interval minutes for the last time will be checked and updated
in SafeQ database.
Used only if configuration property checkmanager-enabled is enabled.
Value is set in minutes.
device-monitor-terminals- Regular device check (getting current counters of device) will be

interval performed if the device was checked last time before the number of
minutes entered.
Used only if configuration property checkmanager-enabled is enabled.
Values is set in minutes, default value is 1440 (=1 day).
YSoft SafeQ 5 640

February 03, 2016
CREATING DEVICE GROUPS
ABOUT CREATING DEVICE GROUPS
This page describes how to use the device group editor in the At a Glance
YSoft SafeQ 5.0 Web Interface to create groups of devices.
Attributes vary according to your YSoft SafeQ configuration About creating device
and/or license. groups
Use the device group editor to create groups of devices for Creating a new device
support of YSoft SafeQ features. group – Overview
Creating a new
For additional information about ORS servers, see common
Distributed server system – Private Cloud and Print device group
roaming. Creating a new
Offline Remote
Spooler
Creating a new
job-roaming
group
YSoft SafeQ 5 641

February 03, 2016
CREATING A NEW DEVICE GROUP – OVERVIEW
To create a group of devices:
Select Devices > Items > Add new group.
The Group page opens. On the Group page, select the type of the group:
Common device group on the YSoft SafeQ CML server

Device group specified for the YSoft SafeQ ORS server
Job-roaming group
After you save the new group, YSoft SafeQ displays it in the Web interface.
Creating a new common device group
A common device group is a group of devices for a YSoft SafeQ CML cluster. To create a common
device group:
On the Group page, select Common device group.
YSoft SafeQ 5 642

February 03, 2016
Group type Common device

group
Device group name Unique name of

group
Creating a new Offline Remote Spooler
To create a new Offline Remote Spooler:
On the Group page, select Offline remote spooler.
YSoft SafeQ 5 643

February 03, 2016
Group type Offline remote spooler
Device group Unique name of the Offline Remote Spooler

name
Spooler IP Offline Remote Spooler IP address

address
Spooler GUID Unique identifier of the Offline Remote Spooler

The ORS GUID must be exactly the same as the GUID defined on the
ORS server (guid.conf).
Maximum Maximum size of the spooler on the ORS server. There are two options:
spooler size 1) Same size as the spooler on the CML server.
2) Enter a size for the ORS spooler.
Creating a new job-roaming group
To create a new job-roaming group:
On the Group page, select Job roaming group.
Group type Job-roaming group
Device group Unique name of the job-roaming group

name
Multicast Multicast IP address of this ORS cluster (job-roaming group)

address Multicast addresses are from 224.0.0.0 to 239.255.255.255.
YSoft SafeQ 5 644

February 03, 2016
To use TCP/IP connection instead of multicast use 0.0.0.0 in Multicast

address field.
Multicast port Multicast TCP port of this ORS cluster (job-roaming group)
4.7.10 WEB INTERFACE - BILLING
PROJECTS
In the YSoft SafeQ Web Interface, select Billing
On the Billing tab, you can access the following functions:
Billing codes list – Lists all the billing codes (project codes) used for Project Print Tracking and
Project Copy and Scan Tracking (see Managing billing codes).
Project tools
Importing billing codes
YSoft SafeQ 5 645

February 03, 2016
MANAGING BILLING CODES
ABOUT
You use the Billing Codes list to create and manage At Glance
a list of billing codes (also called project codes), their
structure, and their assignment to individual users, About
cost centers, or user roles. In order to track outputs Displaying the Billing
per project, after you create billing codes, the user Codes list
must select a billing code from the Billing Codes list Working with billing
each time he/she makes any prints or copies. codes
Searching for and
This page is related to Project Print Tracking and displaying only
Project Copy and Scan Tracking. For more specific billing codes
information about related configuration settings, see: Assigning a billing
code to a user
Project Print Tracking overview About billing code
Configuring Project Print Tracking inheritance
Configuring Project Copy Tracking Assigning default
Billing Code Import CSV Format Specification billing codes
and Importing billing codes Automatically
Selecting billing codes in SafeQ Client and applying default
YSoft SafeQ Terminals billing codes at
devices
This page provides an overview of how to
manage billing (project) codes via the YSoft
SafeQ 5.0 Web Interface. Information and
screen descriptions vary according to your
YSoft SafeQ configuration and/or license.
DISPLAYING THE BILLING CODES LIST
In the YSoft SafeQ Web Interface, select Projects > Billing codes.
YSoft SafeQ 5 646

February 03, 2016
WORKING WITH BILLING CODES
To add a first-level billing code, click .
To add sub-level billing codes, click . To edit an existing billing code, click . To delete
an existing billing code, click .
When you add or change multiple billing codes, to save all the changes you made in the Billing
Code list, click .
When you change only one billing code, to save the changes for only that billing code, click
.
To cancel changes, click .
To view billing code information or to assign billing codes to users, roles, or cost centers, click
For more information about creating new billing codes, see Creating and assigning billing codes.
YSoft SafeQ 5 647

February 03, 2016
SEARCHING FOR AND DISPLAYING ONLY SPECIFIC BILLING CODES
You can use filters to search for and display specific billing codes. To activate a filter, click .
Enter the complete billing code number, the partial number, or the billing code's description; then click
Search to search all the existing codes.
ASSIGNING A BILLING CODE TO A USER
To edit a user's billing codes, select User > Billing codes; then click Assign billing code to user.
To assign a billing code to a user, click the billing code (for example, 1 Desert).
YSoft SafeQ 5 648

February 03, 2016
ABOUT BILLING CODE INHERITANCE
You can assign billing codes to users, roles, or cost centers. Users inherit billing codes from roles and cost
centers.
If you do not assign a specific billing code to a user, the user inherits the default billing code from a role or a
cost center.
ASSIGNING DEFAULT BILLING CODES
You can assign a default billing code to users or cost centers.
You can also assign a default billing code directly to a specific user:
To assign at least one billing code to a user, edit the user and use the Billing codes option (User
> Billing codes).
When the user has no default billing code assigned, she can inherits the default billing code from a cost
center if assigned.
YSoft SafeQ 5 649

February 03, 2016
To assign a specific default billing code to a user:
Select a billing code from the Billing Code list. (This list includes billing codes assigned to users, cost
centers, and roles.) Once you select a specific default billing code for the user, that billing code overrides
the cost center's default billing code.
To assign a cost center's default billing code to all members of the cost center:
When you change the cost center's default billing code, check the option Set as default value for all cost
center members. This causes specific default billing codes set for users to be deleted from user settings
and users' default billing codes will be inherited from the current cost center.
Automatically applying default billing codes at devices

If a user has only one billing code assigned or inherited, this billing code is automatically the billing code by
default. In this case, the device does not display a billing code selection option and automatically uses this
default billing code.
CREATING AND ASSIGNING BILLING CODES
At a Glance
Adding billing codes in the Billing Codes list
YSoft SafeQ 5 650

February 03, 2016
Adding access rights to users, cost centers, and roles for selected billing codes in the Billing
Codes list
Adding billing codes to users in the Users list
Adding default billing code to users in the Users list
Adding billing codes to cost centers in the Cost Centers list
Adding a default billing code to a cost center in the Cost Centers list
Adding billing codes to roles in the Roles list
YSoft SafeQ 5 651

February 03, 2016
ADDING BILLING CODES IN THE BILLING CODES LIST
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
2 Select Projects > Billing codes.
3 To add a first-level billing code, click Add new item.
4 Enter a billing code name and description (both are required); then click the save icon.
NOTE: Billing code name must be unique for each billing codes level.
5 To add sub-level billing codes to a first-level billing code, click the add icon on the same line as the
first-level billing code.
YSoft SafeQ 5 652

February 03, 2016
6 Enter names and descriptions; then click the save icon to save the billing codes.
7 Repeat steps 5 and 6 to create the billing code structure you require.
YSoft SafeQ 5 653

February 03, 2016
ADDING ACCESS RIGHTS TO USERS, COST CENTERS, AND ROLES FOR SELECTED BILLING CODES IN THE BILLING CODES LIST
NOTE: When you assign a first-level billing code for users, cost centers, or roles, all sub-levels of
that first-level billing code are also automatically assigned.
example, admin).
2 Select Projects > Billing codes.
3 Click the icon to Show and edit users, cost centers and roles.
YSoft SafeQ 5 654

February 03, 2016
4 Click Assign user, cost center or role.
5 Click users, cost centers, and roles in the lists to assign a billing code to them.
6 A confirmation message is displayed. Click Close.
YSoft SafeQ 5 655

February 03, 2016
7 The Assigned objects page provides an overview.
8 You can also assign another users, cost centers, or roles to selected sub-level billing code.
YSoft SafeQ 5 656

February 03, 2016
ADDING BILLING CODES TO USERS IN THE USERS LIST
example, admin).
2 Select Users > Users list.
3 To edit a user, double-click the user or click the edit user icon.
4 On the User page, click Billing codes.
YSoft SafeQ 5 657

February 03, 2016
5 Click Assign billing code to user.
6 Select the billing codes you want to assign to the user.
YSoft SafeQ 5 658

February 03, 2016
NOTE: When you assign a first-level billing code for the user all sub-levels of that first-level billing
code are also automatically assigned.
8 The User page now shows the billing codes assigned to the user. Click Save.
YSoft SafeQ 5 659

February 03, 2016
ADDING DEFAULT BILLING CODE TO USERS IN THE USERS LIST
NOTE: To assign a default billing code to a user, at least one billing code must already have been
assigned to the user, a cost centre where the user belongs or a role where the user belongs.
example, admin).
2 Select Users > Users list.
3 To edit a user, double-click the user or click the edit user icon.
YSoft SafeQ 5 660

February 03, 2016
4 To the right of Default billing code, click the browse button.
5 Select the billing code you want to assign to the user.
YSoft SafeQ 5 661

February 03, 2016
6 The User page now displays the default billing code. Click Save.
YSoft SafeQ 5 662

February 03, 2016
7 When you are using ORS servers, don't forget to Update data on ORS server.
YSoft SafeQ 5 663

February 03, 2016
ADDING BILLING CODES TO COST CENTERS IN THE COST CENTERS LIST
NOTE: When you assign billing codes for the cost centre, all cost centre memebers will have
automatically assigned all these billing codes.
example, admin).
2 Select Users > Cost centers list.
3 To edit a cost center, double-click the cost center or click the edit cost center icon.
4 Click Billing codes.
5 Click Assign billing code to cost center.
YSoft SafeQ 5 664

February 03, 2016
6 Select the billing codes you want to assign to the cost center.
YSoft SafeQ 5 665

February 03, 2016
NOTE: When you assign a first-level billing code for the cost center all sub-levels of that first-level billing code are
also automatically assigned.
8 The Cost center page now shows the billing codes assigned to the cost center. Click Save changes.
YSoft SafeQ 5 666

February 03, 2016
ADDING A DEFAULT BILLING CODE TO A COST CENTER IN THE COST CENTERS LIST
NOTE: To assign a default billing code to a cost center, at least one billing code must already have been
assigned to the cost center.
example, admin).
2 Select Users > Cost centers list.
3 To edit the cost center, double-click the cost center or click the edit cost center icon.
4 To the right of Default billing code, click the ... button.
YSoft SafeQ 5 667

February 03, 2016
5 Select the billing code you want to assign to the cost center.
YSoft SafeQ 5 668

February 03, 2016
6 The Cost center page now shows the default billing code assigned to the cost center.
YSoft SafeQ 5 669

February 03, 2016
7 If you want the cost center default billing code to apply to all users who belong to this cost center:
check Set as default values for all cost center members. (Any other default billing codes
assigned to users will be overwritten.)
If you do not want the cost center default billing code to apply to all users:
leave the checkbox clear.
YSoft SafeQ 5 670

February 03, 2016
8 Click Save changes.
9 If you are using ORS servers, don't forget to Update data on ORS server.
YSoft SafeQ 5 671

February 03, 2016
ADDING BILLING CODES TO ROLES IN THE ROLES LIST
NOTE: When you assign billing codes for the role, all role memebers will have automatically assigned all
these billing codes.
example, admin).
2 Select Users > Roles list.
3 To edit a role, double-click the role or click the edit role icon.
4 Click Billing codes.
5 Click Assign billing code to role.
YSoft SafeQ 5 672

February 03, 2016
6 Select the billing codes you want to assign to the role.
YSoft SafeQ 5 673

February 03, 2016
NOTE: When you assign a first-level billing code for the role all sub-levels of that first-level billing
code are also automatically assigned.
YSoft SafeQ 5 674

February 03, 2016
8 The Role page now shows the billing codes assigned to the role. Click Save.
example, admin).
IMPORTING BILLING CODES
ABOUT
To import billing codes from a CSV file, use the import utility, At a Glance
which you can access from the Billing codes page.
About
See Billing Code Import CSV Format Specification for General overview
more details. Creating a CSV file
See Project Print Tracking for limitations. that includes billing
codes
YSoft SafeQ 5 675

February 03, 2016
GENERAL OVERVIEW
To display the Billing codes import page: in the YSoft SafeQ Web Interface, select Projects >
Billing codes > Actions ... > Billing codes import.
Select the CSV file; then click Import data to start the import.
When the import starts, a progress bar is displayed.
When the import is complete, a confirmation message is displayed.
YSoft SafeQ 5 676

February 03, 2016
If a problem occurred during import, the message Error detected during the last import appears. To
download a CSV file that includes descriptions of errors, click Download CSV file with errors.
Delete codes that does not occur in CSV - All Biling Codes that are not listed in imported CSV
files will be deleted.
CREATING A CSV FILE THAT INCLUDES BILLING CODES
See Billing Code Import CSV Format Specification
YSoft SafeQ 5 677

February 03, 2016
MANAGING ASSIGNABLE PRICE LISTS
Overview
Displaying price lists
Managing price lists
Adding price lists
Assigning price lists
Assigning price list from Price list dialog
Assigning from User dialog
Assigning from Cost center dialog
Assigning from Device dialog
Unassigning price lists
Unassigning from Price list dialog - Devices tab
Unassigning from Price list dialog - Cost centers tab
Unassigning from Price list dialog - Users tab
Unassigning multiple price lists
Deleting price list
OVERVIEW
This page describes how to manage assignable price lists.
Assignable price lists enables administrator to define prices of printing, copying or scanning. These price
lists can be assigned to:
users
cost centers
devices
Also note that there are some rules and dependencies which could not be obvious at first sight.
Devices must always have some price list assigned.

When both device and cost center have different price lists assigned, the one assigned to cost
center is used.
When both cost center and user have different price lists assigned, the one assigned to user is
used.
When both device and user have different price lists assigned, the one assigned to user is used.
DISPLAYING PRICE LISTS

In the YSoft SafeQ Web interface, select Billing > Price lists. Price list page contains list of price lists
which can be assigned to users, cost centers or devices.
YSoft SafeQ 5 678

February 03, 2016
MANAGING PRICE LISTS
Adding price lists

Assigning price lists
Unassigning price lists
Unassigning multiple price lists
Deleting price list
ADDING PRICE LISTS
To add price list follow these steps:
1. Select Add new item button.

2. Price list dialog is displayed and you can set price list name, prices and VAT value.
3. Select Save changes button to save your price list.
YSoft SafeQ 5 679

February 03, 2016
ASSIGNING PRICE LISTS
Since price lists can be assigned to devices, cost centers or users, there are more ways to assign them.
Assigning price list from Price list dialog

After price list is saved there are new tabs in Price list dialog displayed.
Select according tab. Dependent on what is target of your assignment.
Assigning through Price list dialog - Devices tab

In case you select Devices tab you will see list of devices which are using current price list or in case you
are assigning currently created price list, list will be empty as you can see on the picture below.
To assign price list select Assign to another device button.
YSoft SafeQ 5 680

February 03, 2016
Select devices you want to assign by clicking on them. When you have selected all target devices, use
close button.
Now you can see list of devices assigned to current price list. Save price list by selecting Save changes
button.
Assigning through Price list dialog - Cost centers tab

In case you select Cost centers tab you will see list of cost centers which are using current price list or in
case you are assigning currently created price list, list will be empty as you can see on the picture below.
To assign price list select Assign to another cost center button.
Select cost centers you want to assign by clicking on them. When you have selected all target cost centers,
use close button.
YSoft SafeQ 5 681

February 03, 2016
Now you can see list of cost centers assigned to current price list. Save price list by selecting Save changes
button.
Assigning through Price list dialog - Users tab

In case you select Users tab you will see list of users which are using current price list or in case you are
assigning currently created price list, list will be empty as you can see on the picture below.
To assign price list select Assign to another user button.
Select users you want to assign by clicking on them. When you have selected all target devices, use close
button.
YSoft SafeQ 5 682

February 03, 2016
Now you can see list of users assigned to current price list. Save price list by selecting Save changes
button.
Assigning from User dialog

In the YSoft SafeQ Web interface, select Users > User list and edit target user.
In Prices tab select option Select price list for this user.
YSoft SafeQ 5 683

February 03, 2016
Select browse button to browse available price lists or you can use new button to assign
completely new price list.
Select target price list.
Now you can see assigned price list with its prices. Save user by selecting Save button.
Additionally you can edit the current price list by selecting edit button.
WARN: By editing price list, you'll change prices for all users, cost centers or devices which is price list
assigned to.
YSoft SafeQ 5 684

February 03, 2016
Assigning from Cost center dialog

In the YSoft SafeQ Web interface, select Users > Cost centers and edit target cost center.
In Prices tab select option Select price list for this cost center.
Select browse button to browse available price lists or you can use new button to assign
completely new price list.
YSoft SafeQ 5 685

February 03, 2016
Now you can see assigned price list with its prices. Save cost center by selecting Save button.
assigned to.
Assigning from Device dialog
YSoft SafeQ 5 686

February 03, 2016
In the YSoft SafeQ Web interface, select Devices > Printers and edit target device.
In Prices tab there is always in default Default Price list selected. Select browse button to browse
available price lists or you can use new button to assign completely new price list.
Now you can see assigned price list with its prices. Save device by selecting Save button.
YSoft SafeQ 5 687

February 03, 2016
assigned to.
UNASSIGNING PRICE LISTS
In the YSoft SafeQ Web interface, select Billing > Price lists and edit target price list.
Unassigning from Price list dialog - Devices tab

Select Devices tab.
There are three option to unassign devices:
Use stop sign button to unassign one device.

Select devices you want to unassign by checking its checkboxes, then enter Actions ... > Unassign
from selected devices.
Enter Actions ... > Unassign all devices.
YSoft SafeQ 5 688

February 03, 2016
In all cases, dialog is displayed and administrator is asked to choose another price list to replace the
previous one.
Unassigning price lists from devices is different from cost centers or users, because device must always
have at least one price list assigned, usually Default Price list.
Unassigning from Price list dialog - Cost centers tab

Select Cost centers tab.
There are three option to unassign cost centers:
Use stop sign button to unassign one cost center.

Select cost centers you want to unassign by checking its checkboxes, then enter Actions ... >
Unassign from selected cost centers.
Enter Actions ... > Unassign all cost centers.
Unassigning from Price list dialog - Users tab

Select Users tab.
YSoft SafeQ 5 689

February 03, 2016
There are three option to unassign users:
Use stop sign button to unassign one user.

Select users you want to unassign by checking its checkboxes, then enter Actions ... > Unassign
from selected users.
Enter Actions ... > Unassign all users.
UNASSIGNING MULTIPLE PRICE LISTS
In the YSoft SafeQ Web interface, select Billing > Price lists check price list that you want to unassign,
then enter Actions ... > Unassign selected price lists.
In case some of the price lists are assigned to device, administrator is asked to choose price list to replace
the old one. Users and cost centers will not be affected with the price list selected for devices.
DELETING PRICE LIST
In the YSoft SafeQ Web interface, select Billing > Price lists.
Use stop sign button to delete one price list or you can use checkboxes to select multiple price lists and
then enter Actions ... > Delete selected price lists.
YSoft SafeQ 5 690

February 03, 2016
In case some of the price lists are assigned to device, administrator is asked to choose price list to replace
the old one. Users and cost centers will not be affected with the price list selected for devices.
YSoft SafeQ 5 691

February 03, 2016
4.7.11 WEB INTERFACE - PAYMENTS
PAYMENTS
In the YSoft SafeQ Web Interface, select Payments.
NOTE: This section is available only if YSoft Payment System is installed and properly integrated
with SafeQ. For more info see: Integration of YSoft Payment System with YSoft SafeQ
The Payments tab enables you to access the following functions:
Managing money accounts

Managing periodic recharges
MANAGING MONEY ACCOUNTS
Page content
Create single money account

Create multiple money accounts
Managing money accounts via User dialog
Available actions
YSoft SafeQ 5 692

February 03, 2016
CREATE SINGLE MONEY ACCOUNT
Navigate to Payments > Accounts
Click on Items > Add a new account in the top right corner.
Enter required details of the new money account and click Save changes.
NOTE: You can hover your cursor over the
(tooltip) icon for more details about each field.

NOTE: You can specify Minimal account balance to negative values. In this case, the negative
account balance will be enabled for the user.
YSoft SafeQ 5 693

February 03, 2016
CREATE MULTIPLE MONEY ACCOUNTS
Navigate to Payments > Accounts
Click on Items > Add multiple new accounts in the top right corner.
Click Add a user, cost center or role. New window with list of users, cost centers or roles will
appear.
Click on individual user, cost center or role to select it. When finished, close the dialog window.
Click Next or switch to Properties tab.
3 Enter details for new money accounts (same configuration will be applied for all selected users in this
wizard).
Click Next or switch to Periodic recharges tab.
YSoft SafeQ 5 694

February 03, 2016
4 As an optional step, you can assign existing periodic recharges to all newly created money accounts.
NOTE: If you don't have any existing periodic recharge, you can create one by following the steps
described in Managing periodic recharges guide.
5 Click Save. Notification will be displayed in bottom right corner once the operation is finished. You
can close the dialog window or continue adding another accounts.
WARNING: Adding accounts in bulk can take few hours depends on the number of users and
periodic recharges selected. Session on YSoft SafeQ web interface cannot be interrupted until all
accounts are created in YSoft Payment System.
MANAGING MONEY ACCOUNTS VIA USER DIALOG
You can create and enable/disable money accounts for users also in Users details window.
Navigate to Users, double-click the line with username who you wish to assign money account to, or
click the icon.
Display Account tab and perform any available actions with users money account.
AVAILABLE ACTIONS
Transaction history List of all performed transactions for the selected money account
/ Disable / Enable Disable / Enable money accounts. User with disabled money
account is not able to user his money accounting for any
transaction.
Account details where you can also edit few values
YSoft SafeQ 5 695

February 03, 2016
Account details /
Edit account
Delete account Removes the money account including credit balance, debts,
transactions, reservations, etc. from YSoft Payment System
Batch actions Check this box for every money account you want to apply a
selected action to
View enabled / Switching between list of enabled and disabled money accounts
disabled accounts
MANAGING PERIODIC RECHARGES
Page content
Create new periodic recharge

Available actions
YSoft SafeQ 5 696

February 03, 2016
CREATE NEW PERIODIC RECHARGE
Navigate to Payments > Periodic recharges
Click on Add new item in the top right corner.
Enter required details of the new periodic recharge. Optionally, you can select which accounts are
going to be recharged by this periodic recharge.
Click Save changes and close the dialog window.
NOTE: You can hover your cursor over the (tooltip) icon for more details about each field.
AVAILABLE ACTIONS
/ Disable / Enable Disable / Enable periodic recharge. Disabled periodic

recharge will not be used for recharging money accounts.
YSoft SafeQ 5 697

February 03, 2016
Periodic recharge details / Periodic recharge details where you can also edit few
Edit periodic recharge values
Delete periodic recharge Removes the periodic recharge from YSoft Payment
System
Batch actions Check this box for every periodic recharge you want to
apply a selected action to
View active / disabled Switching between list of active and disabled periodic
periodic recharges recharges
4.7.12 WEB INTERFACE - USERS
USERS
In the YSoft SafeQ Web interface, select Users.
On the Users tab, you can access the following functions:
Users list -- List of users registered in the YSoft SafeQ system (in the Identity management
database) (see Managing users in the Users list).
Roles list – List of available user roles (see Managing roles in the Roles list).
Cost centers -- List of cost centers (usually based on departments) (see Managing cost centers).
User management tools
Data import – Import users, roles, and cost centers from a CSV file (see Tools - Data Import).
Data export – Export users, roles, and cost centers to a CSV file (see Tools - Data Export).
LDAP integration – See Tools - LDAP Integration.
YSoft SafeQ 5 698

February 03, 2016
CARD NUMBER CONVERSION TOOL
ABOUT
Through this tool you can find conversion method and At Glance
setup YSoft SafeQ to convert card numbers read by
terminals to match value stored in database. About
General overview
Enter expression
manually (Expert
mode)
Disabling logging
of card numbers
GENERAL OVERVIEW
Card Conversion tool can be found on web interface: Users -> Users list -> Actions -> Card conversion
settings
Another option is locate property conversion in System Settings and pres ... button.
Card conversion tool is divided to few parts described below:
YSoft SafeQ 5 699

February 03, 2016
For proper functionality of Card number conversion tool is required to enter at least three card number pairs
to get as accurate result as possible.
Card reader output Card number how it is read by used card reader.
Enter at least three card number pairs to get as accurate result
as possible
Card number in database Card number how it is stored in user database (LDAP, AD, SafeQ, etc.).
Card manager is used to convert reader output to this desire format.
Card readed type Used card reader type. Each line can use different card reader type
because you could need to find card manager that works for all used card
readers. If you don't know the reader type select Arbitrary
Arbitrary - regardless to terminal type

Embedded - Embedded Terminal type
Terminal Professional - Terminal Professional type
Add a new pair (new card numbers) that should be evaluated
YSoft SafeQ 5 700

February 03, 2016
Remove an existing row from evaluation
Find matching card manager According to the entered rows, the database will be searched for known
card managers. Results of this search will be displayed in Exact result
panel.
Enter expression manually This options can be used by experts. Enter requested expression
manually. You can find syntax description in YSoft SafeQ documentation
(use dialog's help).
Exact results Search results are displayed here. In the case when more than one card
manager had been found during the search there will be displayed more
than one result. Add additional card number pairs to make result more
exact or choose one of them.
Partial results Results that are matching only part of entered card number pairs. These
card manager can not be used. You can use link next to them to find out
which pairs are matching to them and which are not.
Evaluate entered card manager pairs against the database for known
card managers.
Selected card manager will be chosen and saved in SafeQ system.

System restart can be mandatory for settings to be applied in same
cases.
ENTER EXPRESSION MANUALLY (EXPERT MODE)
You can create an custom expression for card matching through Enter expression manually option.
For more information about these mechanism see Use Card Number Conversion.
DISABLING LOGGING OF CARD NUMBERS
If it is necessary (e.g. for security reason) hide card numbers from log, add following snipped to log4j.xml.
<category name="com.ysoft.safeq.terminal.protocol.SecureEncoding" additivity="false">
<level value="warn" />

<appender-ref ref="log_app"/>
</category>
YSoft SafeQ 5 701

February 03, 2016
MANAGING COST CENTERS
ABOUT COST CENTERS
Cost centers usually correspond to particular At a Glance

departments in an organization. One cost center
represents one accounting unit. Every user is a About cost centers
member of only one cost center. New users are Displaying the Cost
always placed in a virtual cost center named 0 (zero) by Center list
default. Working with the Cost
Center list
Costs centers are used for Usage and Cost reports Searching for and
purposes and for assigning the same cost-related displaying only specific
settings to multiple users, when it is important for a group cost centers
of users to to have the same cost settings (for example, Additional filter
the same way of applying costs, or the need to use credit options
/payment accounts for printing and copying). Updating, importing, and
exporting cost center data
NOTE: To assign access permissions to the YSoft
SafeQ Web Interface and to individual features, use roles
(see Managing roles in the Roles list).
DISPLAYING THE COST CENTER LIST
To display the Cost Center list: in the YSoft SafeQ Web Interface, select Users > Cost centers.
On this page, you can edit cost centers.
YSoft SafeQ 5 702

February 03, 2016
WORKING WITH THE COST CENTER LIST
Create a new cost center.
Edit cost center settings.
Delete a cost center and all its

settings.
To edit multiple cost centers, check all the cost centers you want to edit and select Actions ... > Edit
selected cost centers.
To select or deselect all Cost centers displayed on the page, select Actions ... > Select all listed
records.
YSoft SafeQ 5 703

February 03, 2016
SEARCHING FOR AND DISPLAYING ONLY SPECIFIC COST CENTERS
Use filters to search for and display only specific cost centers.
Enter the number or description of the cost center you want to display.
ADDITIONAL FILTER OPTIONS
Button/Icon Action Description
Apply filter Search for an existing cost center according to the filter you
entered.
Cancel Cancel the filter you entered.

filter
Show filter Show filter options.
Hide filter Hide filter options.
UPDATING, IMPORTING, AND EXPORTING COST CENTER DATA
To access options for updating, importing, or exporting cost center data, click .
Update data to ORS Upload data to an ORS - forces immediate

replication of all changes to connected
remote spoolers. Applies only when
Distributed Server System - Private Cloud is
in use. See Updating data on ORS servers
for more information.
Import data Use the Tools - Data Import function.
Export data Use the Tools - Data Export function.
Import data from Import data via the Tools - LDAP Integration
Active Directory / NDS function.
/ Open LDAP
YSoft SafeQ 5 704

February 03, 2016
CREATING AND EDITING COST CENTERS
ABOUT CREATING AND EDITING COST CENTERS
This page describes how to create and edit cost centers in the YSoft SafeQ Web Interface. Attributes vary
depending on your YSoft SafeQ configuration and/or license.
To display the Cost center page, go to Managing cost centers.
At a Glance
About creating and editing cost centers

Editing basic cost center settings
Assigning a billing code to a cost center
Assigning a price list a cost center
YSoft SafeQ 5 705

February 03, 2016
EDITING BASIC COST CENTER SETTINGS
On the Cost center page, select Basic to display cost center settings.
Attributes:
Number Cost center number
Name Cost center name
Default billing code Default billing code number
Terminal inactivity timeout This figure defines a time limit after which the user is logged out of
the terminal. This value is set for situations when the user forgets
to log out and thus is blocking the device for another user. This
option also serves as protection against possible misuse of user
accounts.
Delete jobs after printing To delete jobs after printing, select Yes. To keep and save jobs
after printing, select No.
Use default values for all cost If you want to use the values set on this page as the default
center members values for all users in this cost center, check the checkbox.
YSoft SafeQ 5 706

February 03, 2016
ASSIGNING A BILLING CODE TO A COST CENTER
On the Cost center page, select Billing codes to assign a billing code to the cost center.
Attributes:
Add a billing code to the cost center.
Remove a billing code from the cost

center.
YSoft SafeQ 5 707

February 03, 2016
ASSIGNING A PRICE LIST A COST CENTER
On the Cost center page, select Prices to assign a price list to the cost center.
Attributes:
Price list is inherited Prices are inherited from the device

from the device
Select price list for this Select this option if you want to specify price list for the cost center.
cost center See Managing assignable price lists for detailed usage instruction
Percentage of the Percentage of device costs that will be accounted to the users in cost
device's price list center. 100% is set as the default.
YSoft SafeQ 5 708

February 03, 2016
MANAGING ROLES IN THE ROLES LIST
ABOUT ROLES
Roles are used for assigning access permissions and usually At a Glance
correspond to responsibilities within an organization. For
example, there could be a role for the print administrator and a About roles
separate role for cashiers. Roles are equivalent to groups in Displaying the Roles
the Active Directory service. (AD service groups can be list
displayed the same way as roles in the YSoft SafeQ system.) Working with the
Each role has a name and a description. Roles list
Filtering roles to
Roles are used for defining access permissions to the display in the Roles
YSoft SafeQ Web Interface and for permissions to use list
individual YSoft SafeQ operations/actions/features. Additional
Each user can be a member of multiple roles. For more filter options
information about how using multiple roles for a single Updating, importing,
user works, see Inheritance and competition among and exporting role
roles. data
DISPLAYING THE ROLES LIST
In the YSoft SafeQ Web Interface, select Users > Roles list.
On this page, you can view, add, edit, and delete roles, and perform other role-related actions.
YSoft SafeQ 5 709

February 03, 2016
WORKING WITH THE ROLES LIST
Create a new role.
Edit a role.
Delete the role from the system.
Define permissions for accessing the YSoft SafeQ Administrative Web

Interface.
FILTERING ROLES TO DISPLAY IN THE ROLES LIST
On the Roles list page, use filters to display only the roles you need.
You can search and filter by role name or role description.
Apply filter Apply the selected filter to the Roles

list.
Cancel Cancel the selected filter.

filter
YSoft SafeQ 5 710

February 03, 2016
UPDATING, IMPORTING, AND EXPORTING ROLE DATA
To access options for updating, importing, and exporting role data, click .
Update data on Forces immediate replication of all changes you

ORS made on the Roles list page to connected remote
spoolers. Applies only when Distributed Server
System - Private Cloud is in use. See Updating data
on ORS servers for more information.
Import data See Tools - Data Import.
Export data See Tools - Data Export.
Import data See Tools - LDAP Integration.

from LDAP/AD
/OPEN
ROLE WIZARD
ABOUT
This page describes the Role wizard in YSoft SafeQ web interface. Some attributes may differ based on
available configuration and/or license.
Role wizard is the main tool to create and configure role. It is accessible from Role list.
At Glance
About
Basic
Billing Codes
YSoft SafeQ 5 711

February 03, 2016
BASIC
Basic information about role is described on this page.
Name Role name
Description Role
description
YSoft SafeQ 5 712

February 03, 2016
BILLING CODES
Billing codes management for Role is described on this page.
Attributes:
Add Billing Code to role
Remove Billing Code from current

role
YSoft SafeQ 5 713

February 03, 2016
MANAGING USERS IN THE USERS LIST
ABOUT
YSoft SafeQ requires an identity database in order to At a Glance

provide access control and/or accounting functions. The
identity database can be internal, or can be an external About
database synchronized from LDAP, SQL DB, or a third- Displaying the Users list
party system. The User list provides a basic overview of Working with users
information contained in the YSoft SafeQ Identity Filtering information to
management database. display in the Users list
See also: Additional filter
options
Identity Management for more information about Updating, importing,
users. and exporting user data
Card self-assignment for information about the card
self-assignment process.
DISPLAYING THE USERS LIST

In the YSoft SafeQ Web Interface, select Users > Users list.
On the Users list page, you can add and edit users.
Additionally you can add some optional columns to table or hide one of the default ones by clicking on
gearbox button.
YSoft SafeQ 5 714

February 03, 2016
Following columns can be add or hidden:
Login
Surname, Name
Name
Surname
E-mail
Cost center
PIN, Cards - number of PINs user have assigned and assigned cards
Home directory - user's home directory
WORKING WITH USERS
Create a new user in the YSoft SafeQ database (see Adding and configuring users
for more information).
Edit an existing user's settings (see Adding and configuring users).
Delete a user from the database. The user will be marked as deleted, but will still be
included in reports. You can later restore a deleted user (limitation: the list of PIN and
card values is emptied when the user is deleted) .
Assign access rights for the selected user.
FILTERING INFORMATION TO DISPLAY IN THE USERS LIST

The Users list includes filters that let you search for and display only specific data in the list.
Filter name Restrict to...
Login Users with the selected Login
Name Users with the selected Name
YSoft SafeQ 5 715

February 03, 2016
Filter name Restrict to...
Surname Users with the selected Surname
Card Users with the selected card only
Active users You can lists only Active users (default option) via page View action (top right
corner)
Deleted users You can lists only Deleted users via page View action (top right corner)
Role Users with the selected role (see Managing roles in the Roles list)
Cost center Users with the selected cost center (see Managing cost centers list)
Apply filter Apply the selected filter to the Users

list.

filter
Show filter Show advanced filter options.
Hide filter Hide advanced filter options.
UPDATING, IMPORTING, AND EXPORTING USER DATA
To access update, import, and export options, click .
Update Upload data to an ORS server. Forces the immediate

data on replication of all changes to all or selected remote spoolers.
ORS Applies only to distributed server systems (see Distributed
Server System - Private Cloud). See Updating data on ORS
servers for more information.
Data import Import user data from a CSV file. For more info see: Tools -
Data Import.
Data export Export user data to a CSV file For more info see: Tools - Data
Export.
LDAP Set up connection for users, cost centers and roles from
import Active Directory. For more info see: Tools - LDAP Integration
YSoft SafeQ 5 716

February 03, 2016
ADDING AND CONFIGURING USERS
ABOUT
This page describe how to add and edit users in the YSoft SafeQ Web Interface. (Information and options
vary according to your YSoft SafeQ configuration and/or license.)
To display the User page where you can add and edit a user: in the YSoft SafeQ Web Interface, select
Users > User list. See Managing users in the Users list.
For more information about users, see also Identity Management.
At a Glance
About
Entering basic information about the user
Entering additional information about the user
Assigning roles to the user
Adding an alias to the user
Assigning billing codes to the user
Assigning price list to the user
Assign PIN to the user
Assign Card Activation Code to the user
Assign Card to the user
ENTERING BASIC INFORMATION ABOUT THE USER
Click Basic; then enter basic information about the user.
YSoft SafeQ 5 717

February 03, 2016
Attributes:
Username Unique login (username) that identifies the user in the system for access rights to the
YSoft SafeQ Web Interface and for print job identification. Y Soft recommends that
you choose a login that is identical to the user's login for the company network.
Name and User's name and surname.

Surname
Password The password is securely saved in the database. The text of the password cannot be
displayed. If a user forgets his/her password, a new password must be generated.
Password complexity is affected by two system settings properties:
Minimum password length: minimumPasswordLength
This property enforces minimum password length for passwords entered by system
users via this web interface (CSV imports and other external tools are not covered
intentionally). If password has less characters then value of this property, password
YSoft SafeQ 5 718

February 03, 2016
will be rejected and user will be informed about proper password length. Set value to 0
to allow passwords of any length.
Enforce strong passwords: enforceStrongPasswords
This property enforces certain rules that passwords entered by system users via this
web interface (CSV imports and other external tools are not covered intentionally)
must comply with, otherwise the password will be rejected and user will be informed
about necessary requirements for a new password.
Strong passwords must match three of following criteria:
contains at least one lower case character (a-z)

contains at least one upper case (A-Z)
contains at least one number (0-9)
contains at least one non alphanumerical character (~!@#$%^&*_-+=`|\(){}[]:;"
<>',.\?/)
Card ID/PIN List of ID cards and PINs. Each user can have one or more ID cards. ID cards and
PINs are used for user authentication at YSoft SafeQ terminals.
E-mail Enter an e-mail that will be used for sending messages to the user from the YSoft
SafeQ system.
Home directory User's home directory (used for scanning to home folder).
To support network scanning, the home directory must contain the complete path on
the YSoft SafeQ server or the complete UNC path. The home folder must be
accessible by YSoft SafeQ — see Scan Management security overview for more
details.
Cost center A number that identifies the cost center assigned to the user. Each user must be
assigned only one cost center (see Managing cost centers).
Default billing Default billing code for the user (see Project Print Tracking).
code
ENTERING ADDITIONAL INFORMATION ABOUT THE USER
Click Additional; then enter information.
You can choose if user have additional information inherited from assigned cost center (default option) or
you want to set them for the edited user differently.
YSoft SafeQ 5 719

February 03, 2016
Attributes:
Terminal inactivity This figure defines a time limit after which the user is logged out of the terminal.
timeout This value is set for situations when the user forgets to log out and is thus is
blocking the device for another user. This option also serves as protection
against possible misuse of user accounts.
Delete jobs after To delete jobs after printing, select Yes. To keep and save jobs after printing,
printing select No.
ASSIGNING ROLES TO THE USER
Click Roles.
The user's access rights to printers and printer features are determined by the roles you assign to him/her.
Assign a role (or multiple roles) to the user. For more information, see Managing roles in the Roles list.
YSoft SafeQ 5 720

February 03, 2016
Attributes:
Add a role to the user.
Delete a role from the

user.
ADDING AN ALIAS TO THE USER
Click Aliases.
The user's aliases can be managed on this page. Aliases are user's alternative usernames. An alias must
be unique within the set of all active usernames and all aliases.
They are best used when a user has several accounts and the usernames aren't identical, for example in
Windows or SAP. Authentication in YSoft SafeQ is possible using alias and the spooler recognizes aliases
as well. Aliases are a good way to tell YSoft SafeQ that two or more usernames belong to the same user.
Aliases are useful for detecting the user's identity during printing.
YSoft SafeQ 5 721

February 03, 2016
NOTE: Please note that user aliases are not recognized in YSoft Payment System, if connected to YSoft
SafeQ.
Attributes:
Add an alias to the user.
Delete an alias from the

user.
ASSIGNING BILLING CODES TO THE USER
Click Billing codes.
Assign a billing code (or codes) to the user.
YSoft SafeQ 5 722

February 03, 2016
Attributes:
Add a billing code to the user.
Delete a billing code from the

user.
ASSIGNING PRICE LIST TO THE USER
Click Prices.
Assign a price list to the user.
YSoft SafeQ 5 723

February 03, 2016
Attributes:
Use common price Prices are inherited from the cost center or device
list
Select price list for Select this option if you want to specify price list for the user. See Managing
this user assignable price lists for detailed usage instruction
ASSIGN PIN TO THE USER
YSoft SafeQ 5 724

February 03, 2016
Alternatively, you can generate PIN for user.
To enable PIN generator in the system, go to System > System settings and set following property to
enabled:
PIN-generator - The option enables feature for generating a PIN code for oneself on the YSoft
SafeQ web GUI.
If you choose to generate a new PIN you can choose if you want to generate code with unlimited validity or
with expiration date.
Default expiration time is 60 days. You can change default value in System settings.
YSoft SafeQ 5 725

February 03, 2016
Remaining expiration of the generated PIN code is displayed next to it in the user's Card ID/PIN list.
Display of the PIN may vary based on setting of conversionPIN property.

ASSIGN CARD ACTIVATION CODE TO THE USER
Opposite to PINs, Card Activation Codes cannot be added manually to the user. Users can generate Card
Activation Code for themselves, see Configuring ID card self assignment for configuration guide.
Alternatively, you can generate Card Activation Code for user.
Go to System > System settings and set following property to enabled:
puk-enabled - If enabled users are able to self-assign an unknown card using a generated Card
Activation Code from the terminal interface.
User will receive the new code via e-mail if enabled in System settings.
ASSIGN CARD TO THE USER
YSoft SafeQ 5 726

February 03, 2016
The required form of entered Card may vary based on setting of conversion property.
YSoft SafeQ 5 727

February 03, 2016
PIN CONVERSION TOOL
GENERAL OVERVIEW
eThrough this tool you can setup YSoft SafeQ to convert and store PIN codes in user database.
To set PIN conversion tool go to System settings and set conversionPIN property. Property defines
how YSoft SafeQ expects PIN codes to be stored in source database (this can be internal database
with or without LDAP Replicator, AD, ...). Allowed values are:
Value Description Compatibility with Support

previous versions for JBA
Onbox
MD5 PIN 1234 is stored in format compatible with No

PIN81dc9bdb52d04dc20036dbd8313ed055 YSoft SafeQ 3.1
and 3.6
MD5WithoutPrefix PIN 1234 is stored in format compatible with No

81dc9bdb52d04dc20036dbd8313ed055 YSoft SafeQ 3.1
and 3.6
DES PIN 1234 is stored in format compatible with Yes

PINAzRapSymPps= YSoft SafeQ 3.5
SwipeBytes PIN 1234 is stored in format 07090B0D - Yes
Plain PIN 1234 is stored in format 1234 - No
PrefixPIN PIN 1234 is stored in format PIN1234 - Yes
PrefixPN PIN 1234 is stored in format PN1234 compatible with Yes

YSoft SafeQ 3.6
If MD5WithoutPrefix, SwipeBytes or Plain values are used, PIN codes are displayed as card
numbers in the YSoft SafeQ web interface. The PIN-override, puk-ignore-pin and PIN-history-
enabled properties are not applicable to these PIN codes.
All already existing PIN codes are NOT converted. To convert PIN codes to new format for existing
users, it is necessary to enter them manually again.
YSoft SafeQ 5 728

February 03, 2016
TOOLS - DATA EXPORT
ABOUT
Data export is simple utility for exporting Users and/or Cost Centers to csv file. It is accessible from
Managing users in the Users list.
Data Export page is accessible from all pages under Users section on web interface: Users ->
Actions... -> Export data to CSV
GENERAL OVERVIEW
On the left side of Data Export page administrator can select character encoding, on the right side of Data
Export page user can select scope of data to export.
Export will be save in csv file format.
CSV CHARACTER ENCODING

CSV file will be created according to selected encoding listed below.
Action Description
UTF-8 Data will be exported in UTF-8 encoding
Windows- Data will be exported in Windows-1250

1250 encoding
YSoft SafeQ 5 729

February 03, 2016
Action Description

1252 encoding
ISO-8859-1 Data will be exported in ISO-8859-1 encoding
Other Administrator can select another encoding type
SCOPE OF DATA TO EXPORT

CSV data will be exported according to selected sources listed below
Action Description
Export all users to csv.file
Export all cost centres to csv.file
Export cost centres and users to csv.

file
Data that are exported encrypted are marked with prefix do_not_convert@@. When YSoft SafeQ
imports data from CSV file via Tools - Data Import it looks for this prefix when it tries to decide if
input value must be converted via currently set conversion method or not.
TOOLS - DATA IMPORT
ABOUT
Data import is a utility for Importing Users and/or Cost Centres from csv file. It is accessible from Managing
users in the Users list.
Data Import page is accessible from all following pages on web interface: Users -> Users list/Role list/
Cost Centres -> Actions... -> Data Import
YSoft SafeQ 5 730

February 03, 2016
GENERAL OVERVIEW
On the upper of the Data import page there is a basic file scructure for csv files. In bottom part there is a
CSF file character encoding and path to CSV file with data to import.
CSV CHARACTER ENCODING

CSV file will be created according to selected encoding listed below.
Action Description
UTF-8 Data will be exported in UTF-8 encoding

1250 encoding

1252 encoding
Other Administrator can select another encoding type
YSoft SafeQ 5 731

February 03, 2016
CSV FILES FORMAT
Add/update/delete users –[100;add|del;username[,alias,...];name;surname;[card number];cost center

number;email;[home directory];[password]]
Add/update/delete users with PIN code –[100;add|del;username[,alias,...];name;surname;PIN%
pin_code%;cost center number;email;[home directory];[password]]
Add/delete card numbers –[200;add|del|clear;username[;card number]]
Add/delete PINs –[200;add|del|clear;username[;PIN%pin_code%]]
Add, update/delete cost centers –[300;add|del;cost center number[;cost center name]]
Set email address for user – [201;username;email address]
Set cost center for user – [202;username;cost center number]
Data that are exported encrypted (for example PIN codes or passwords) are marked with prefix
do_not_convert@@. When YSoft SafeQ imports data from CSV file it looks for this prefix when it
tries to decide if input value must be converted via currently set conversion method or not.
CSV FILES EXAMPLES
300;add;5;Communication
300;add;7;Enterprise and Industry
100;add;villevirtanen;Ville;Virtanen;PIN5555;5;villevirtanen@test.cz;;4MV0b
100;add;jeandupont;Jean;Dupont;268742;7;jeandupont@test.cz;\\share\users\jeandupont;B27Kf
200;add;villevirtanen;268743
200;add;jeandupont;PIN7777
200;add;johndoe;do_not_convert@@PINb59c67bf196a4758191e42f76670ceba
TOOLS - LDAP INTEGRATION

.
About
Basic mode
Test settings tab
Log tab
Advanced and Expert mode
Running the replication
YSoft SafeQ 5 732

February 03, 2016
ABOUT
SafeQ 5 has LDAP replicator tool integrated in the SafeQ web interface.
To understand required attributes, see Identity management

See also LDAP Integration Security for data security overview.
The following steps will guide you through the default Active directory integration setup. For advanced and
expert options please refer to LDAP Integration - Advanced and Expert settings.
1 Open the LDAP integration wizard through the Welcome to YSoft SafeQ Widget at the main screen.
NOTE: The settings for LDAP replication can be also found on the web interface: Users ->
Actions... -> Connect to LDAP
2 Open the Connection section.
On the Connection tab, you can setup the integration setting with LDAP.
Available settings are:
LDAP server type (AD, NDS, OpenLDAP)

Load users on demand - This type of replication mode is sometimes referred as semi-
online. When enabled, users are created only during job reception or when logging into
the terminal.
Full and differential replication updates only users already registered within YSoft
SafeQ.
Replication of Roles and Cost centers is unaffected.
Note: User's card when is removed from LDAP is not synchronized to the
database with configuration option removeCardsInDiffLdapReplication .
URL of LDAP server

Searched LDAP subtree
Service account
There is a possibility to use either an anonymous account or authorized account to

log into the LDAP server to search for users. The selected account has to have at least r
ead access to reach the users and their attributes. Please note that YSoft SafeQ
supports only the Simple bind authentication mechanism for authorized connection to
YSoft SafeQ 5 733

February 03, 2016
LDAP server.
Please ask your domain administrator for this information.
3 Open the Scheduling section.
The Scheduling tab gives you the possibility to schedule the run of replication. All settings are
revealed after you check the Enable regular synchronizations checkbox. The options are:
Start full replication - Here you can select the days and times for full replication, by
clicking checkboxes.
Start differential replication - Here you can specify the hours or time interval from the
last replication to start differential replication. This type of replication will be started every
day.
NOTE: You have to restart YSoft SafeQ CML services to apply these changes.
YSoft SafeQ 5 734

February 03, 2016
YSoft SafeQ 5 735

February 03, 2016
Run the synchronization using the "Sync now" button.
5 Check the result.
The Status tab contains only information about the last synchronization with the LDAP server (date,
duration and result) and the count of added/updated/deleted users, cost centers and roles.
In case of an error, this error will be displayed here.
BASIC MODE
In Basic mode there are additional tabs:
TEST SETTINGS TAB
The Test Settings tab enables you to test the connection to the LDAP server. Please note that the settings
have to be saved before the test can start. If the settings are correct, the test will return first 5 users, cost
centers and roles matching entered settings and filters.
There is a summary table in the top if more than one LDAP connection (domain) is set. You can see if
domain settings are correct (all icons are green) or something is setup wrongly (red icons). If test returned
less then 5 results, icon is orange. This does not necessary means that setting is wrong (there could be only
three object of that type in the LDAP) but warning is raised so administrator can check if for example filter
settings is correct.
You can list returned items for each domain by clicking on domain name in the summary table.
Summary table is not displayed if only one domain is set.
YSoft SafeQ 5 736

February 03, 2016
LOG TAB
On the last tab called Log, you can see information that were logged by the running LDAP replicator. This is
a good place for troubleshooting if there is any issue with the replication process.
ADVANCED AND EXPERT MODE

You can set up the replication process in 3 modes:
YSoft SafeQ 5 737

February 03, 2016
Basic
Advanced
Expert
Each mode "unlocks" new tabs for the replicator settings. However, for majority of installations, the basic
mode will be sufficient.
For advanced and expert options please refer to LDAP Integration - Advanced and Expert settings.
RUNNING THE REPLICATION

Once you are finished with settings, you can save the LDAP replicator settings by pressing the Save button.
Also, if you want to run the replication immediately, you can do so by pressing the Sync now button.
Replication is always run by the cluster node designated by the ldapReplicatorClusterNodeId

configuration option. The configuration option can be set to the ID of a cluster node that should run the
replication. The default value is '-1' which means the replication is run by the first cluster node (the node
with the lowest ID among all nodes in the cluster, running or not). LDAP replication is not executed if the
designated node is not operational.
LDAP INTEGRATION - ADVANCED AND EXPERT SETTINGS
Advanced mode
Replicator tab
Schema tab
Expert mode
Connection tab
Mapping tab
Filters tab
Domains
ADVANCED MODE
Replicator tab
LDAP service port - The port on which LDAP listens to YSoft SafeQ.
Number of objects in search request - Maximum number of objects requested in one response page
during search. Set to -1 for unlimited response.
List of binary attributes - List of attributes that contain binary (non-string) values. Attributes are separated
by commas. No spaces are allowed.
YSoft SafeQ 5 738

February 03, 2016
Maximum number of reconnection attempts - Maximum number of reconnection attempts when

connection with LDAP fails during critical operations.
Delete imported objects in case of an error - Parameter affects only the Full replication (not the
Differential replication). YSoft SafeQ launches the procedure for deletion of outdated objects at the end of
every full LDAP replication. For example when some user is deleted on the Active Directory side, this user is
deleted on YSoft SafeQ side at the end of LDAP replication by the procedure for deletion of outdated
objects.
If this parameter is set to "disable" and there is any error during the replication (connection error,
unexpected values...), procedure for deletion of outdated objects is not launched - this way it is
prevented the deletion of valid objects. It is strongly recommended to leave it with default value
"disable".
If this parameter is set to "enable" and any error during replication occurs, procedure for deletion of
outdated objects is launched - this may cause that even valid objects will be deleted during
replication and users will be unable to authenticate. "Enable" shall be selected only in case when
requested by Y Soft Corporation (for example as a temporary workaround for issues where LDAP
contains incorrect values).
Terminate replication if an error occurs - Enable this feature to terminate replication if any error occurs
during synchronizing user roles or cost centers (these objects are synchronized before any user account).
Schema tab
The Schema tab enables you to specify your own attributes that contain important user data like attribute
containing aliases, login, cards numbers and other data.
Import users - If disabled, only cost centers and groups are imported – not users.
Attribute containing username - Do not include domain in username - Determines how domain will be
separated from login:
Option none - domain will not be separated from the login and string will be used as it is
Option at sign or backslash (@, \) - domain will be separated by (@, \)
Option dot (.) - domain will be separated by (.)
Login Alias
Do not include domain in username none at sign or backslash (@, \) dot (.)
john.doe@ysoft.com --- john.doe john
martin@ysoft --- martin ---
ysoft.cz\bailey --- bailey ysoft
jfreeman.ysoft --- --- jfreeman
john.doe.ysoft.com --- --- john
Check username uniqueness - if this option is disabled duplicated users can be created. If both this option
and the option Overwrite user if already exists in database from Filters tab in Expert mode are enabled
YSoft SafeQ 5 739

February 03, 2016
the duplicity is excluded, i.e. the original user created in SafeQ Web interface is deleted and the user
from the Active Directory is created.
Attributes containing aliases - Attributes containing user aliases. Use commas to separate multiple
attributes.
Attribute containing user first name
Attribute containing user surname
Attribute containing user email
Attribute containing user role (membership) - Attribute containing user role (membership). This multi-
valued attribute is a collection of the Distinguished Names of all groups the user is a direct member of.
Attributes containing cards/PINs - Attributes containing cards and PINs. Use commas to separate
multiple attributes. Multiple values can be replicated from this attribute.
Card number conversions - Function for conversion of card numbers stored in LDAP to values stored in
database. For more info about syntax and function examples see Use Card Number Conversion.
Card separator - If multiple card numbers are stored in a single-value attribute in LDAP, the card numbers
are separated by the defined separator.
Note: The separator must not contain apostrophe character (ASCII code 039).
Note: If LDAP replicator is used in On-demand (semi-online) mode, this feature is not supported –
only one card number may be stored in each single-value attribute.
Delete all the user’s cards when a user’s account is deactivated - When user's account is deactivated
in LDAP, all user's cards will be deleted in database.
Note: If this option is enabled, the user’s cards that were added via the YSoft SafeQ web interface or
card self-assignment will also be deleted from the database. Because this operation cannot be
undone, the recommended value is disabled.
Note: Do not enable this option if multiple LDAP accounts are merged into one YSoft SafeQ user
account (that is, if multiple LDAP accounts have the same employeeID attribute). Deleting or
disabling one of the accounts on the LDAP server causes all cards from the merged user account to
be deleted from the YSoft SafeQ database.
Attribute containing PIN code - Attribute containing PIN, which can be converted in case PIN code
conversion value is defined. Only single value is replicated from this attribute.
PIN code conversion - Function for conversion of PIN code stored in LDAP attributed defined in Attribute
containing PIN code to value stored in database. For more info about syntax and function examples see
Use Card Number Conversion .
Create money account when creating user account
If this option is enabled, SafeQ will automatically create YSoft Payment System account for new
users.
YSoft SafeQ 5 740

February 03, 2016
If user's account is deactivated in LDAP, YSoft Payment System account will be disabled for such
user.
If user's account is moved to LDAP source where this option is disabled, YSoft Payment System
account will be disabled for such user.
If user's account is moved to LDAP source where this option is enabled, YSoft Payment System
account will be created or enabled for such user.
Note: If YSoft Payment System is unavailable, the money account will not be created.
Note: There is no way to import initial account balance from LDAP.
EXPERT MODE
The Expert mode unlocks the following tabs and features.
Connection tab
The Connection tab has new option called Mode of LDAP server certificate check which defines how the
LDAP server certificate is validated (applies to LDAPS protocol only).
Possible values are:
hash - Hash of the certificate is stored in conf\ldap-keystore during first connection. If the certificate
of LDAP server is changed, the connection is refused. Delete conf\ldap-keystore file in you changed
certificate. This is default behavior.
secure - Certificate of LDAP server is verified by Certificate Authority public key. To use this feature
you have to import your CA`s public key into YSoft SafeQ truststore.
Here is example how to import CA certificate to YSoft SafeQ (to obtain keystore password, please contact
customer support services):
java\bin\keytool.exe -server -import -alias YourCompanyCA -file YourCertificate.cer -keyst
Timeout - Number of milliseconds after which connection to the LDAP server times out if there was no
response. If several reconnection attempts are configured in Replicator tab, LDAP replication will retry the
connection after delay specified by ldapReconnectionDelay System settings configuration property.
The On demand mode has two expert options:
Number of threads - Number of concurrently running threads. Number of threads should not exceed
number of LDAP connections. Database should have sufficient number of open connections.
Maximum response time - Maximum response time in seconds. Requests that take longer than
given time are prematurely canceled.
YSoft SafeQ 5 741

February 03, 2016
Mapping tab
The Mapping tab allows you to configure options and conversion for user unique mapping, option for
extracting external ID and several options for user´s organizational unit mapping.
Options for unique mapping of users - Options for user unique mapping:
ID-GUID - for mapping user to GUID

ID-[attribute-name] - for mapping user to attribute
[name-of-numeric-attribute] - for ID equivalency mapping
Conversion for unique mapping of users - Turn on conversion of user unique mapping Options for user
unique mapping, e.g. for ”GUID” (=value ”ID-GUID”) is converted to ”objectGUID” (used for Active
Directory).
Usually for existing installations value ”true” should be set for backward configuration compatibility.
For new installations it is recommended that you use ”false” and specified item Options for user unique
mapping properly, e.g ”Options for user unique mapping = ID-objectGUID” for Active Directory. Typically,
false is used for non-AD servers.
YSoft SafeQ 5 742

February 03, 2016
Option for extracting external ID - Option for extracting ext-id from attribute Options for user unique
mapping. Matching parts are used for output. Unmatching input is not processed. For example: regex (d+)-
adm-(d+)|adm-(d+) for inputs 12345-adm-6789, 123-adm-456789, adm-123456789, 123456789 will have
same output 12345678.
Options for user cost center mapping
DN:[attribute-name] Cost centers are searched by query in LDAP, cost center is assigned according
to LDAP setting (by DN prefix). [attribute-name] determines user ext-id. Example: DN:GUID
NUMBER:[attribute-name] Cost center creation during user replication. Number is stored in user’s
[attribute-name]. Name is created as ”OU-”[attribute-name], example: NUMBER:department
NAME:[attribute-name] Cost center creation during user replication. Name is stored in user’s
[attribute-name]. Number is identical to the ID (initialized by sequence). Example: NAME:department
NN1:[attribute-name-with-number]:[attribute-name-with-name] Cost center creation during user
replication. [attribute-name-with-number] contains cost center number and [attribute-name-with-
name] contains its name. Example: NN1:department:company
NN2:[attribute-name]:[groups-order]:[pattern] Cost center creation during user replication. The
user’s [attribute-name] must include content that matches reg-ex [pattern]. Value must contain at
least two reg-ex groups: the first for OU name, the second for OU number. [groups-order] is string ”
name,number”, or ”number,name” depending on the mapping order of regex-groups to OU number
and OU name in [pattern]. Example: NN2:department:number,name:([^:]*):(.*)
Conversion of user cost center mapping - Turn on conversion of user’s cost center unit mapping (
Options for user’s cost center mapping). For example, ”GUID” (=value ”DN:GUID”) is converted to ”
objectGUID” (used for Active Directory).
Usually for existing installations, set this value to ”enable” (true) for backward configuration compatibility.
For new installations it is recommended that you use ”disable” (false) and the specified item Options for user’
s cost center mapping, for example, ”Options for user’s cost center mapping = DN:objectGUID” for Active
Directory. Typically, false is used for non-AD servers.
Map cost center only when value exists - When enabled, user’s cost center information is updated only if
cost center exists. If disabled, user is saved without cost center information.
Attribute containing unique identifier for groups - Name of LDAP attribute containing unique identifier
for groups.
Bind user to ancestor groups - Option that specifies to map user not just to its superior roles but also to
roles superior to these roles.
YSoft SafeQ 5 743

February 03, 2016
Filters tab
In the Filters tab you can specify additional filters for users, groups or cost centers searching and some
other filters according to your needs.
Additional filter for user searches - You can use this filter if the standard built-in filter includes unwanted
objects in the search result. For example, filter for users that have not been disabled (&
(objectCategory=Person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Additional filter for group searches - Use this filter if the standard built-in filter includes unwanted objects
in the search result.
Additional filter for cost center searches - You can use this filter if the standard built-in filter includes
unwanted objects in the search result. This setting is in effect only when Mapping -> Options for user’s cost
center mapping is set to DN:keyword (for example DN:GUID). With other options (like NAME, NUMBER,...)
this option is not used.
Ignore distinguished name when searching for users - Domain name branches to ignore during
searches of users. Separate multiple values with a pipe.
Ignore distinguished name when searching for groups - Domain name branches to ignore during
Ignore distinguished name when searching for cost centers - Domain name branches to ignore during
Overwrite user if already exists in database - Enable this option if you have created internal users prior
synchronization from LDAP.
Merge automatically generated accounts in YSoft SafeQ database - If multiple user accounts are
automatically generated in the YSoft SafeQ database, they can be automatically merged once accounts are
created in LDAP with aliases that are the same as the generated accounts. This should be enabled only
when using the anonymous print feature.
YSoft SafeQ 5 744

February 03, 2016
Domains
The last option added is the Domains section located under all mentioned configuration tabs. If there are
more LDAP servers, you can add each one to this section. Then you can either use the same settings for
both (or more) domains, or you can specify different settings for each domain.
This can be done by clickng the icon next to each setting. If the icon is green, the settings is valid for all
domains. If the icon is red then the domains are differentiated by the color of text fields:
White text field - Shared value for all domains

Colored fields - Each colored field represents setting for one domain. By filling the colored text field,
you can override the shared value in the white text field.
YSoft SafeQ 5 745

February 03, 2016
UPDATING DATA ON ORS SERVERS
ABOUT
Use the Update data on ORS server function to At a Glance

immediately replicate all changes to all remote spooler
servers or to only selected remote spoolers. (This function About
is for use only with a Distributed server system – Private Accessing the "Update
Cloud.) data on ORS server"
option
You can access the Update data on ORS server function Syncing data to ORS
from the following pages: servers
Users list (see Managing users in the Users list)

Cost centers (see Managing cost centers)
Roles list (see Managing roles in the Roles list and
Defining access rights)
NOTE: THIS FUNCTION IS NOT AVALIABLE WHEN

NO ORS IS INSTALLED.
ACCESSING THE "UPDATE DATA ON ORS SERVER" OPTION

In the YSoft SafeQ Web Interface, select Users; then select one of the following options: Users list (see
Managing users in the Users list), Cost centers (see Managing cost centers), or Roles list (see Managing
roles in the Roles list and Defining access rights).
If a user's settings (name, surname, PIN, alias...) or access right settings have been changed and you want
to transfer the changes to the ORS immediately, after you select Update data on ORS server, click the
Run synchronization button as described below.
SYNCING DATA TO ORS SERVERS

There are two ways to sync data to ORS servers.
To sync data to all ORS servers at once, select Update data on all ORS servers.
YSoft SafeQ 5 746

February 03, 2016
To sync data to only a specific, connected ORS server, select Update data only on selected connected
ORS.
YSoft SafeQ 5 747

February 03, 2016
Button Description
Data will be refreshed on all

ORS servers.
Data will be refreshed only on

the active ORS servers you
specify in the search box.
Enter a search string for ORS

servers.
Refresh the list of all active

ORS servers.
Mark or unmark all ORS servers

in the list.
List of all available active ORS

servers.
Inactive ORS servers are
not listed here.
YSoft SafeQ 5 748

February 03, 2016
Button Description
Synchronize the selected ORS

servers.
MANAGING SERVICE ORGANIZATIONS (LOCAL ADMINISTRATORS)
Service organizations are used in large YSoft SafeQ At a Glance

environments. They are used for creation of local
administrators and to grant them access to see and manage
Enable feature
only parts of the system, for example local branch of the
Displaying the Service
company where they are located.
organizations list
Each service organization is defined by list of YSoft SafeQ Add or edit Service
users which are called local administrators and list of ORS Organization
servers. When local administrator logs in into the system he Local administrator
can only see and manage data related to the assigned ORS user access rights
servers, for example printers registered on these servers or settings
print jobs sent to them.
ENABLE FEATURE
In the YSoft SafeQ Web Interface, select System > System settings.
Find property enableLocalAdministratorSupport and set it to Enabled. Logout and login from the YSoft
SafeQ web interface is required in order to see newly enabled page in the menu.
DISPLAYING THE SERVICE ORGANIZATIONS LIST

In the YSoft SafeQ Web Interface, select Users > Service organizations. Page is accessible to any super
administrator user or user with access right Users > Manage service organizations (for such users the
additional right to view users is needed as well).
On this page, you can view, add, edit, and delete service organization.
YSoft SafeQ 5 749

February 03, 2016
ADD OR EDIT SERVICE ORGANIZATION

In the YSoft SafeQ Web Interface, select Users > Service organizations.
Use Add new item link to add new service organization or use wrench icon to edit existing one.
LOCAL ADMINISTRATOR USER ACCESS RIGHTS SETTINGS

In the YSoft SafeQ Web Interface, select Users > User list or Users > Role list and click on key icon next
to any user or role.
When Local administrator support is licensed, some rights are highlighted in the blue color. Only these
rights are safe to be assigned to the local administrator users or to the roles that these users are members
of. In case when some other user right is assigned user can access pages that does not limit access based
on service organization and user can see or manage data that does not belong to his organization.
YSoft SafeQ 5 750

February 03, 2016
4.7.13 WEB INTERFACE - RULES
RULES
In the YSoft SafeQ Web Interface, select Rules.
On the Rules tab, you can access the following functions:
Define rules – See Using the Rule Definition wizard.

Define access rights – Define access rights for users (according to their roles) and for device groups
(see Defining access rights).
Define scan workflows – See Managing scan workflows.
Assign access rights to scan workflows (see Setting access rights to scan workflows).
Use data repair tools (see Tools - Data repair User delegating).
YSoft SafeQ 5 751

February 03, 2016
DEFINING ACCESS RIGHTS
ABOUT
In order for users to be able to use devices to print or perform At a Glance

other operations, you must assign roles to users, with access
rights set for such operations. About
General Overview
You set access definitions for user roles and for device Add new access
groups. For example, by giving printing rights to a role record
named role1 and to a device group RemoteServer1 Access Definition
, users assigned to role1 will be able to print to devices Filter
belonging to the device group RemoteServer1. Each Additional
device can be in only one group at a time, whereas each filter options
user can be assigned several roles. See Managing roles in Actions
the Roles list for an overview of roles. Access
See Inheritance and competition among roles for more rights
information. display
See Identity management for data source information. settings
Access rights restriction for device native applications (e.g. Copy) on YSoft SafeQ Embedded
Terminal for Xerox, requires following settings:
Set enableXeroxAccessDefinition property to enable in Y Soft SafeQ System settings

Set authentication mode to To device in device terminal settings. For more info see
Installing YSoft SafeQ Embedded Terminal for Xerox EIP
Color restriction is not supported at all, for native applications on Xerox machines.
YSoft SafeQ 5 752

February 03, 2016
GENERAL OVERVIEW
To set access rules, in the Web interface, go to Rules > Access definition.
The access definition list includes the following columns:
role - role name
device group - device group name
Device - device name
Three columns on the right show the access settings:
print – access to printing. If ENABLED, the user can print.

copy – access to copying. If ENABLED, the user can make copies.
color -- access to color. If ENABLED, the user can perform COLOR print/copy jobs.
Access settings are described as follows:
Option Description
Enable - Access right is enabled.
Disable - Access right is disabled.
Save changes for the current role.
Delete the role from the list.
Revert to unsaved changes made for this

entry.
All users may print/copy color jobs.
All users may copy.
All users may print.
Save all changes.
YSoft SafeQ 5 753

February 03, 2016
Option Description
Revert to all unsaved settings.
ADD NEW ACCESS RECORD
To add a new access record, click the button.
The following rules apply to access settings:
Restriction always has priority over permission.

Settings for the role everyone are used only if settings for another role does not exist.
Settings for a specific device have priority over settings for the entire device group.
Option Description
User role Defined user roles. To set up access rights for all users, select everyone
.
Device group Device group (ORS) to set up access to. To enable the selected role to
access all devices, select ALL DEVICES GROUP.
Device Device to set up access to. To enable the selected role to access all the
devices in the group, select ALL DEVICES IN GROUP.
Rights settings for the currently selected role.
Click Add to save the access rights record.
YSoft SafeQ 5 754

February 03, 2016
ACCESS DEFINITION FILTER
Use these filters to further restrict access:
Restrict to specific user role

Restrict to a specific device group
Restrict to a specific device
Apply filter Apply the selected filter to the access

definition.

filter
YSoft SafeQ 5 755

February 03, 2016
ACTIONS
To update data on ORS servers or to set access rights display options, click . The
following menu opens:
Update data on ORS - Select this option to upload changes to ORS servers: Update Data on ORS
Access right view behavior settings - Select this option to open access rights display options.
ACCESS RIGHTS DISPLAY SETTINGS
First option: Check this if you do not want YSoft SafeQ to display notifications when you save
access rights changes. You may want to use this option if you add or edit a large number of
access rights. (If there is an error, messages appear anyway.)
Second option: Check this; if you want YSoft SafeQ to automatically save newly added access
rights. If you select this, you will not need to click the Save icon next to each access rights
definition.
Third option - Check this if you do not want YSoft SafeQ to display pop-up dialogs that require
confirmation for deleting particular access rights.
YSoft SafeQ 5 756

February 03, 2016
MANAGING SCAN WORKFLOWS
Overview
Displaying the Scan workflows list
Adding new workflow by importing XML file
Adding new workflow using workflow wizard
OVERVIEW
Before user can scan via Y Soft SafeQ, scan workflows must be defined first.
There is two ways how to create scan workflows: by importing XML file or using workflow wizard. Both ways
will be described on this page.
For an overview, see Workflow scanning.

For examples and descriptions of source XML templates, see Scanning workflow definition.
Do not forget to set up access rights on the Setting access rights to scan workflows page.
DISPLAYING THE SCAN WORKFLOWS LIST
Go to Rules > Scan workflows. On this page, you can add/edit/delete/order scan workflows.
2 To change order of existing workflows, just drag icon and drop scan workflow. Then click Save
changes. Workflows will be displayed in the same order on scanning devices.
To edit scan workflow double-click on workflow or click icon.
To delete scan workflow by click icon.
YSoft SafeQ 5 757

February 03, 2016
ADDING NEW WORKFLOW BY IMPORTING XML FILE
1 Click Import from XML, click "..." button and select XML file for the scan workflow. See Scanning
workflow definition for further instructions how to build XML file.
Then click Upload file. The workflow now appears on the Scan workflows page.
YSoft SafeQ 5 758

February 03, 2016
ADDING NEW WORKFLOW USING WORKFLOW WIZARD
1 Click Add new item, and scan workflow definition wizard window will be opened.
2 Scan workflow tab contains basic info about workflow as follows:
WORKFLOW NAME (MANDATORY FIELD)
TYPE
E-mail – SafeQ sends documents as an e-mail attachment via e-mail.

Folder – SafeQ stores documents to a directory in a local or a remote file system.
Script – SafeQ stores documents to a directory in a local or a remote file system and it
runs a defined script for each of the documents.
DESCRIPTION (MANDATORY FIELD)
The description can be an arbitrary string which describes the scanning workflow in a natural
language. It is shown for example in the embedded terminal application when user selects a
workflow. It may for example contain a message for a user to enter parameter values. The description
string may be shown wrapped according to display proportions.
YSoft SafeQ 5 759

February 03, 2016
3 Scan settings tab contains predefined settings for a resulting scan document as follows:
RESOLUTION
resolution to the highest resolution.
NOTE: Not all technologies and MFP models support all five levels of the resolution. If an
unsupported level is chosen, the scanning will not start or the resolution is approximated to the
nearest possible value (differs for each vendor).
Resolution Konica Minolta, Sharp Xerox, Fuji Xerox, Ricoh
Low 200*100 72*72
Normal 200*200 200*100
Fine 300*300 300*300
High 400*400 400*400
Super 600*600 600*600
YSoft SafeQ 5 760

February 03, 2016
SIDES
values:
Simplex – only one page of every sheet will be scanned

Duplex – both sides of every sheet will be scanned. NOTE: Some technologies and
models do not support forcing duplex settings and user has to set it manually.
COLOR
Full color
Black and white
Bicolor
Grayscale
Monocolor
Auto – color scheme is detected automatically by the scanning device
NOTE: Not all technologies and MFP models support all six color schemes. If an unsupported
color scheme is chosen, the scanning will not start or the color scheme is approximated to the
OUTPUT FILE FORMAT
PDF – a standard multi-page PDF (Portable Document Format) document

Compact PDF – compact PDF document with reduced size
Searchable PDF – searchable PDF (OCR)
JPEG – standard JPEG (Joint Photographic Experts Group standard)
TIFF – single page TIFF (Tagged Image File Format)
Multipage TIFF – multi-page TIFF
XPS – OpenXPS document (XML Paper Specification)
XDW
NOTE: Not all technologies and MFP models support all output file formats. If an unsupported file
format is chosen, it is substituted with any other similar file format.
LOCKED PARAMETERS
It is possible to lock parameters: Resolution, Color, Output file format ad Sides. Locked parameter
can not be modified by logged user on terminal.
To lock/unlock parameter click / icon.
- Parameter is locked. It can not be modified by a user logged on a Terminal. Click

the lock icon to unlock this parameter.
- Parameter is unlocked. It can be modified by a user logged on a Terminal. Click the
lock icon to lock this parameter.
YSoft SafeQ 5 761

February 03, 2016
4 On User parameters tab you can define User parameter - so user will able to enter / change a value
of the parameter. This can be done via terminal panel interface – currently only embedded terminals
allow users to enter parameter values.
NOTE: You can change order of parameters by dragging icon and dropping. Parameters will
be displayed in the same order on scanning devices.
YSoft SafeQ 5 762

February 03, 2016
5 Click Add parameter and new window with following options will be displayed:
PARAMETER NAME
parameters for each scanning workflow whose names are reserved. You can choose name from list
of pre-defined names from drop-down menu. This list is dependent on type of scan workflow. In
section User parameter you can see only subset of pre-defined names which are relevant for user.
You can also select Custom value from drop down for creating custom type parameter. You'll see
new field under drop-down menu for custom name.
PARAMETER LABEL
The parameter label is an alphanumeric description of the parameter. It should contain a short
description of the parameter in a natural language. For example, the embedded terminal application
shows the label next to the input field of the parameter.
PARAMETER TYPE
The parameter type is used as a constraint for values of the parameter. For example, the embedded
terminal application uses the data type to display a specific input component or check values entered
by the user.
Data types are:
String - any text

Numeric - any real number
Boolean - values true/false
Date - date without time in format YYYYMMDD
YSoft SafeQ 5 763

February 03, 2016
E-mail - string field with auto-completing of e-mails

NOTE: Dynamic "email" type is currently available only on Konica Minolta Terminal
Embedded with the native user interface.
REQUIRED PARAMETER FLAG
A parameter may be defined as mandatory and a user has to enter a value for it. In this case
operation cannot continue unless the value is set. In the opposite case, value can be set voluntarily
and it will not affect user's work.
DEFAULT VALUE
The default value may contain %variables%. See Scanning workflow definition for details.
6 Administrator parameters tab is same like User parameters. The only difference is that Required
parameter flag is not available for Administrator parameters and that in the section Administrator
parameters you can see all (not only relevant to user) pre-defined names in drop-down menu relevant
for the type of scan workflow. These parameters cannot be seen by user on MFP panel and therefore
cannot be change by him.
NOTE: You can change order of parameters by dragging icon and dropping.
YSoft SafeQ 5 764

February 03, 2016
SETTING ACCESS RIGHTS TO SCAN WORKFLOWS
OVERVIEW
In order for scan workflows to appear on embedded terminal screens, you must set access rights to the
workflows - users cannot use scan workflows that you have not set access rights for.
Access rights do not apply in conjunction with hardware terminals.
YSoft SafeQ 5 765

February 03, 2016
CONFIGURATION
Go to Rules > Scan workflows access. On this page, you can create and modify access rights to
scan workflows that you have defined. (See Managing scan workflows.) Access rights can be sorted
based on Scan workflow name and by User role.
2 Click Add new item to grant access rights for scan workflows.
Allow or deny access rights (3) for selected user role (1) and workflow (2). Then click Add.
3 New access for scan workflows was added. Create more scan workflows if needed.
NOTE: When you have installed devices on ORS, you have to restart ORS service to propagate
scan workflows to ORS.
4 To enabled / disabled scan workflows click / icons. Then click Save changes.
- workflow is enabled
- workflow is disabled
To delete scan workflow access click icon.
YSoft SafeQ 5 766

February 03, 2016
TOOLS - DELEGATING USERS TO PERFORM DATA REPAIR
ABOUT
Statistical data repair can be performed only by users that the YSoft SafeQ administrator (login: admin) has
specifically delegated. These delegated users will then have the "Data repair" tool in their menu.
At a Glance
About
Displaying the user delegation option
Delegating and undelegating a user
Pages in the Web interface that delegated users will be able to see
YSoft SafeQ 5 767

February 03, 2016
DISPLAYING THE USER DELEGATION OPTION
In the YSoft SafeQ Web Interface, select Roles > Tools > Data repair: user delegating.
DELEGATING AND UNDELEGATING A USER

On the User delegating page, you can see a list of delegated users. To add a new user, click
(in the upper right corner). A list of YSoft SafeQ users opens. Select the user you
want to delegate. YSoft SafeQ immediately delegates the user.
To remove a user's right to perform statistical data repair:
In the list of delegated users, select the user; then click the icon and confirm your selection.
The YSoft SafeQ administrator (login: admin) cannot be delegated for statistical data repair actions.
PAGES IN THE WEB INTERFACE THAT DELEGATED USERS WILL BE ABLE TO SEE
Delegated users will be able to see these pages:
Data Repair
Data repair Manual counters readout
YSoft SafeQ 5 768

February 03, 2016
USING THE RULE DEFINITION WIZARD
ABOUT
The Rule Definition wizard is used for At a Glance

creating RBE rules.
About
You use the wizard to specify triggers (when Displaying and using the Rules list
rule is executed), conditions (validating whether Rule Definition wizard panel
action is made), actions (what to be done) and Add condition, action or
notifications (who and how should be informed notification
about execution of rule). Please see available Set Conditions, Actions or
items in Rule-based Engine: rule definition. Notification attributes that
accepts multiple values
Remove condition/action
This page describes the Rule Definition Creating a printing rule
wizard in the YSoft SafeQ 5.0 Web Interface. Setting conditions for the rule
Information and screen descriptions may vary Setting actions of the rule
depending on your YSoft SafeQ configuration Setting notification options for the
and/or license. rule
More Information
YSoft SafeQ 5 769

February 03, 2016
DISPLAYING AND USING THE RULES LIST
In the YSoft SafeQ Web Interface, select Rules > Rules.
On this page, you can manage print job rules and access the Rules Definition wizard.
The Rules page includes the following information:
Name – Name of the rule

Conditions – Conditions print jobs must meet in order for YSoft SafeQ to apply the rule
Action – Action that will be applied if conditions are met
Icons in the Rules list:
- Drag and move the rule in the list. Multiple rules can apply to the same print job.
- Enable the rule.
- Disable / deactivate the rule.
- Delete the rule.
RULE DEFINITION WIZARD PANEL
Wizard dialog is divided to the two basic panels:
Panel (1) lists available Conditions, Actions and Notifications that can be used to create new
rule.
You can use links in header (3) or buttons in toolbar (4) to switch between available
Conditions, Actions or Notifications.
YSoft SafeQ 5 770

February 03, 2016
Panel (2) describes your rule.
To create new rule, first enter name of the rule, then click on Conditions, Actions or Notification to add
them to Rule panel. Trigger option limits which Actions, Conditions and Notifications can be added to
the rule because they need specific triggers to work. When you have finished defining your rule, click
on Save button (5) to save rule.
ADD CONDITION, ACTION OR NOTIFICATION

Click on Conditions, Actions or Notification name in first panel to add it to your rule. Some items can be
added to rule multiple times (it remains in left panel when added to rule), some of them only once (it is
removed from left panel when added to rule).
If item is grayed (6) out, it means that specific item (Condition, Action or Notification) is not available for
currently selected Trigger (7) or could not work with some of the selected Conditions, Actions or
Notification.
In order to perform Actions, ALL defined conditions must be met.
YSoft SafeQ 5 771

February 03, 2016
SET CONDITIONS, ACTIONS OR NOTIFICATION ATTRIBUTES THAT ACCEPTS MULTIPLE VALUES

Some attributes accepts multiple values. These attributes are displayed in purple color (4). You can
add another value by clicking on purple text. List with all values is displayed in popup dialog and you
can add another item by clicking on the Add link (2) or remove one of the items by clicking on it (8).
All values in multiple attribute are linked with OR logical conjunction. This means that one of the
values must apply to Condition to be evaluated as successful.
REMOVE CONDITION/ACTION
To remove Conditions, Actions or Notification from rule, hover your mouse about unwanted item. Cross
icon (1) will be displayed on the left side of the item. Click on this icon to remove item from rule.
For example of Rule Definition wizard usage, please see Example of Rule Definition Wizard usage.
For definition of specific conditions, please see Rule-based Engine: rule definition.
YSoft SafeQ 5 772

February 03, 2016
CREATING A PRINTING RULE
To create a new rule, click .

The Rule Definition wizard opens.
Fill in unique name of rule.
Define trigger - when rule will be executed. For list of triggers and their options, please see Rule-based
Engine: rule definition.
YSoft SafeQ 5 773

February 03, 2016
SETTING CONDITIONS FOR THE RULE
On the Rule Definition wizard Conditions tab, specify the conditions print jobs must meet in order for
YSoft SafeQ to apply the rule.
In the Job Conditions list, click a condition to select it.
The condition appears on right side of wizard and might need additional information to be defined.
For definition of specific conditions, please see Rule-based Engine: rule definition.
YSoft SafeQ 5 774

February 03, 2016
SETTING ACTIONS OF THE RULE
On the Rule Definition wizard Actions tab, specify the actions the rule will do if defined conditions are
met.
For more detailed information about actions, see Rule-based Engine: rule definition.
YSoft SafeQ 5 775

February 03, 2016
SETTING NOTIFICATION OPTIONS FOR THE RULE
On the Rule Definition wizard Notifications tab:
If you want YSoft SafeQ to send a notification after it modifies a print job because of a rule, specify the
type of notification.
If you do not want YSoft SafeQ to send notifications, do not do anything on this tab.
For more detailed information about actions, see Rule-based Engine: rule definition.
Click Save to save the rule and add it to the Rules list.
MORE INFORMATION
See Rule-based Engine: rule definition.
YSoft SafeQ 5 776

February 03, 2016
EXAMPLE OF RULE DEFINITION WIZARD USAGE
ABOUT
The Rule Definition wizard is used for creating RBE rules. At a Glance
You use the wizard to specify triggers (when rule is executed), About
conditions (validating whether action is made), actions (what to be Example of
done) and notifications (who and how should be informed about creating a new
execution of rule). Please see available items in Rule-based rule
Engine: rule definition.
This page describes the Rule Definition wizard in the YSoft

SafeQ 5.0 Web Interface. Information and screen descriptions may
vary depending on your YSoft SafeQ configuration and/or license.
EXAMPLE OF CREATING A NEW RULE
1 To create a new rule, click on the .

The new pop up window with rule wizard will be opened.
2 On Conditions page select the requested conditions.
Example:
Job belongs to user
Job is printed on device
Selected conditions are put to the right panel.
YSoft SafeQ 5 777

February 03, 2016
3 Select specific user and device
4 Switch to the Actions page and select an action.
Example:
YSoft SafeQ 5 778

February 03, 2016
Convert job to grayscale

Convert job to duplex
As you can see all selected actions has been added to the rule.
YSoft SafeQ 5 779

February 03, 2016
Select the action: All jobs will be converted to BW/DUPLEX.
YSoft SafeQ 5 780

February 03, 2016
5 Now select notification that will be sent to user.
6 Create an subject and text of email that will be sent to user.
YSoft SafeQ 5 781

February 03, 2016
7 Enter the notification name and save it.
YSoft SafeQ 5 782

February 03, 2016
8 A new Rule has been successfully created.
4.7.14 WEB INTERFACE - SYSTEM
SYSTEM
In the YSoft SafeQ Web Interface, select System.
On the System tab, you can access the following functions:
System information – Diagnostics overview of the YSoft SafeQ system (see System Information).
System settings – Basic and expert configuration of various system settings (see System Settings).
System tools:
Card Number Conversion Tool
Diagnostics export
exported data structure
Event viewer
Export settings for YSoft SafeQ Client
Print Job Parser Configuration
System Information
System logs
System Settings
YSoft SafeQ 5 783

February 03, 2016
DIAGNOSTICS EXPORT
EABOUT
The main goal is to enable you to identify and diagnose system At Glance
problems in the following three areas:
eAbout
Unsuccessful user terminal access General overview
Disconnecting ORS Automatic
Monitoring print job error states export
You can export files either at once or in intervals settings:
Manual
export
settings
Last
finished
export
About
diagnostics
exports
YSoft SafeQ 5 784

February 03, 2016
GENERAL OVERVIEW
Diagnostics export can be found on web interface: System > Tools... > Diagnostics export
The system enables a regular (automatic) and/or single data export in CSV format for further
processing in the MS Excel application. Three files can be exported, and each one contains data for
one of the areas stated above.
YSoft SafeQ 5 785

February 03, 2016
AUTOMATIC EXPORT SETTINGS:
Location where exported files are

saved. Where to save files can be
set to UNC path or to relative path
of the default export directory
(SafeQ4/server/export)
Defines a limit: which data is to be

exported (how many days back)
Parameter for regular automatic

exports (when to start export)
Parameters for regular automatic

exports (in what frequency export is
run)
Automatic settings will be saved
MANUAL EXPORT SETTINGS
Location where exported files are

saved. Where to save files can be
set to UNC path or to relative path of
the default export directory (SafeQ4
/server/export)
Defines a limit: which data is to be

exported (how many days back)
Unsuccessful user terminal access

statistics
Disconnecting ORS statistics
Monitoring print job error states
Button for running a single data

export for particular areas – export
cannot start until the previous export
(regular or single one) has finished
YSoft SafeQ 5 786

February 03, 2016
LAST FINISHED EXPORT
This field
shows
last
performed
manual or
automatic
export
with date
and time
and path
where
export is
stored
ABOUT DIAGNOSTICS EXPORTS

Export is run only on the master node (for example, local disk C:-- diagnostic export will be saved on
master node).
Exported files have fixed, unchanging names so that their further processing in MS Excel is run
automatically if possible (i.e. loading data source after opening a particular contingency table).
Previously exported files will rotate, a timestamp in yyyy-MM-dd format will be added to the names of
the files , and in SafeQ configuration, there will be a new parameter for setting up a maximum number
of rotated files.
More info about exported data structure can be found exported data structure.
EXPORTED DATA STRUCTURE
ABOUT
This page describes Exported data structure from Diagnostics export page.
At Glance
About
Exported data structure
Unsuccessful user access to terminal
Disconnecting ORS
EXPORTED DATA STRUCTURE
Data is exported to a CSV file:
YSoft SafeQ 5 787

February 03, 2016
Semicolon (;)
Windows -1250 coding
Unsuccessful user access to terminal

File name: UnsuccessfulTerminalAccess.csv
Structure:
Terminal serial number

Terminal IP address
Terminal FW version
Device name
ORS name
User ID
User login (blank value in case incorrect access data is entered)
Access date and time – "dd.MM.yyyy HH:mm" format
Error codes, values:
1 – incorrect terminal configuration (terminal is probably not assigned to a device)
2 – incorrect access data (incorrect PIN or unidentified card number)
3 – device is locked
4 – device is not ready
5 – network error
6 – insufficient rights
7 – other error
Error description
Disconnecting ORS
File name: RSDisconnections.csv
Structure:
Event type, values:

OnOpenPortEvent – connecting ORS to CML server
OnClosedPortEvent – disconnecting ORS from CML server
GUID ORS – branch identification
ORS name
Event date and time --"dd.MM.yyyy HH:mm" format
Attribute defining whether it is the first ORS connection to CML server after CML server restart,
values:
1 – first ORS connection to CML after CML restart
2 – ORS reconnection to CML
4 – ORS disconnection
Event description

File name: PrintJobErrors.csv
Structure:
YSoft SafeQ 5 788

February 03, 2016
Job ID
Job Log ID
Device ID
Device name
Device group ID
GUID ORS – branch identification
ORS name
User ID
User login
Cost centre number
Job status (code)
Job status (text)
Job name
Error code, values:
0 – Other error
1 – Device error
2 – SafeQ error
3 – Network error
4 – Accounting error
Error code (text)
Error date and time --"dd.MM.yyyy HH:mm" format
Error description
EVENT VIEWER
ABOUT
This page is used by administrator for viewing events on SafeQ system.
At Glance
About
General overview
Filters
YSoft SafeQ 5 789

February 03, 2016
GENERAL OVERVIEW
Event viewer can be found on web interface: System -> Tools -> Event Viewer
On this page SafeQ administrator is able to see events that happend on SafeQ system.
Page contains following columns:
Event Event name
Description Description of current event
Author Author of the event
Date Date when this event occured
Show all records with this event's

GUID
YSoft SafeQ 5 790

February 03, 2016
FILTERS
Filer Description
Start date for listed logged events
End date for listed logged events
Show/hide information events
Show/hide warning events
Show/hide error events
Enter the Name of event

If you want to include only a fragment of
the event name, you must add the special
character %
Author of event
the author name, you must add the special
character %
Description of event
the event description, you must add the
special character %
Apply curent filter
Clear used filer
YSoft SafeQ 5 791

February 03, 2016
EXPORT SETTINGS FOR YSOFT SAFEQ CLIENT
ABOUT
CSV export for a SafeQ Client is used for exporting a CVS file containing At Glance
all information about printers, GUIDs, and ORS servers, which is needed
for SafeQ Enterprise Port installation for RS. About
General
Please note that individual package containing print drivers is overview
usually required in order to fully use this feature!
This feature is typically used for extra large deployment in
cooperation with YSoft
GENERAL OVERVIEW
Export settings for YSoft client must be enabled: system > system settings > displayClientExportAction
= true
NOTE: Export settings for YSoft Client can be found on web interface: System > System
information. By default the export is hidden (see configuration parameter displayClientExportAction
)
Initiate export by clicking Export settings for SafeQ Client and printer drivers installation.
PRINT JOB PARSER CONFIGURATION
At a Glance
About
General Parser Configuration
How to download and install GhostScript
ABOUT
This page contains detailed description of print job parser.
Print job parser is used by YSoft SafeQ to determine number of print job pages and for image preview
rendering.
YSoft SafeQ comes with build in parser for PCL and HPGL print jobs. If you want to parse PostScript (PS)
jobs, you need to download and install GhostScript parser on your own because due to licensing limitation it
can not be included in YSoft SafeQ installation package.
YSoft SafeQ 5 792

February 03, 2016
GENERAL PARSER CONFIGURATION

There are two ways how can parser be configured.
TOP LEVEL
Navigate to the Settings page and choose Spooler category.

You can see panel with basic parser settings. This panel is visible only if your view is set to Basic or
Advanced options. For more parser related configuration properties set view mode to Expert options.
Option Description
Disable all parsers Print jobs will not be parsed, analyzed and no print preview would
be rendered. This option provides the best system performance.
Only analyse jobs This option will not render the print jobs. It would just analyze them
and will not create job previews. Internal analyzer is highly
(same parser for PS and PCL jobs)
accurate in number of pages estimations, less accurate in
color detection and size detection (therefore suitable for offline
accounting where mentioned limitations do not interfere). It
consumes only few of system resources. Internal analyzer (YSoft
Parser) will be used both for PCL and PS print jobs. Additionally
this option enables parser of the XCPT print job headers to detect
certain kinds of color jobs.
Not suitable for coverage accounting
Not suitable for price estimation
YSoft SafeQ 5 793

February 03, 2016
Internal analyzer is able to analyze PCL, HPGL and PS jobs

only
PS jobs: all pages are considered as B/W and normal paper

size
PS jobs must contain %%Page: comments. (Note that these

comments should be not be confuse with overall %%Pages:
comment which is often not filled and therefore not used)
In rare cases analyzer may fail to provide accurate results. For

high accuracy use one of the options below
Only analyse jobs This option will not render the print jobs. It would just analyze them
and will not create job previews. Internal analyzer is highly
(different parsers for PS and PCL
accurate in number of pages estimations, less accurate in
jobs)
color detection and size detection (therefore suitable for offline
accounting where mentioned limitations do not interfere). It
consumes only few of system resources.
Not suitable for coverage accounting
Not suitable for price estimation
Internal analyzer is able to analyze PCL, HPGL and PS jobs

only
In rare cases analyzer may fail to provide accurate results. For

high accuracy use one of the options below
Render low-resolution images This option will render an image from every job, transform it to
from jobs (36 DPI) CMYK, and generate a preview. The image will be low-res (36 DPI)
in order to conserve system resources. Suitable for offline
accounting, and job preview. This option can worsen system
performance.
Render high-resolution images This option will render an image from every job, transform it to
from jobs (150 DPI) CMYK, and generate a preview. The image will be hi-res (150 DPI).
Suitable for offline accounting, job preview, and coverage
accounting. This option has significant impact on system
performance.
XCPT header analysis

If job contains Xerox Common Print Ticket (XCPT) header and XPCT header analysis is enabled, print job
information present in XCPT header are prioritized over information obtained by Print Job Parser (does not
YSoft SafeQ 5 794

February 03, 2016
aply for job analysis) and thus information gathered by Print Job Parser are overridden by information
present in XCPT header. Also XCPT header analysis can be configured regardless enabled parser to obtain
basic job information without affecting system performance, see XCPT Header Analysis Configuration.
LOW LEVEL
Navigate to the Settings page and choose Spooler category.

You can see panel with basic parser settings. Switch your view to Expert options. Panel with basic parser
settings will be replaced with detailed settings.
Please consult any modifications of expert options with YSoft Support!
HOW TO DOWNLOAD AND INSTALL GHOSTSCRIPT

If you want to parse PostScript (PS) jobs, you need to download and install GhostScript parser.
1 Download GhostScript 8.61 installation package from http://pages.cs.wisc.edu/~ghost/. Do not

download 9+ versions because they are currently not supported.
Mirror link for 32 bits version: http://sourceforge.net/projects/ghostscript/files/GPL%

20Ghostscript/8.61/gs861w32.exe/download?use_mirror=surfnet
Mirror link for 64 bits version: http://sourceforge.net/projects/ghostscript/files/GPL%
20Ghostscript/8.61/gs861w64.exe/download?use_mirror=surfnet
2 Execute downloaded install package (for example gs861w32.exe) and click on Setup button.
3 Set installation directory to SAFEQ_DIRECTORY\bin\parser (for example c:\SafeQ5\bin\parser or c:

\SafeQORS\bin\parser ) and click Install button.
YSoft SafeQ 5 795

February 03, 2016
4 When installation finishes everything is ready. Try to send PostScript print job to YSoft SafeQ server
and check number of pages in job info details (page Reports > Job list). Number of pages should
not be zero.
If you decide to experiment with newer version of GhostScript, installation workflow can differ and you
need to also update all references to GhostScript version in configuration options ParserPS and
ParserPSWorkDir (located in Expert options view on Settings > Printing parser page) so location
of gswin32.exe file in file system matches value of configuration options mentioned above.
XCPT HEADER ANALYSIS CONFIGURATION
ABOUT
This page contains detailed description of XCPT header analysis.

XCPT header analysis is used by YSoft SafeQ to determine color, duplex and paper size information.
XCPT HEADER ANALYSIS CONFIGURATION
To enable XCPT header analysis, navigate to the Settings Settings page and choose Spooler category.
YSoft SafeQ 5 796

February 03, 2016
CAVEAT
Color information within XCPT job is not representing real color quality of the job itself but it reflects only
whether Xerox Black and White Conversion is ticked in Image Options tab of the Printer Properties
dialog. Therefore B/W print job with this option un-ticked is recognized as color job.
Because XCPT header analysis is prioritized over parser output (does not affect Only analyse jobs
mode), B/W job will be marked as color even if output of parser without enabled XCPT header analyser is
correct.
SYSTEM INFORMATION
AT GLANCE
YSoft SafeQ 5 797

February 03, 2016
At Glance
General overview
Services
Service
All locks are listed
Cluster server info
DBSync database and system pools
License information
System
Locks
Locks on CML (by node)
Locks on ORS
Locsk on CML (by group)
Database
GENERAL OVERVIEW
System information can be found on web interface: System-> System information
YSoft SafeQ 5 798

February 03, 2016
SERVICES
This is a main panel which you can see when you enter on the System information page. Page is
divided to several parts.
SERVICE
On this page you can see statuses of all SafeQ Internal Services. Some stopped services may be
started.
ALL LOCKS ARE LISTED

You can see total count of locks created in SafeQ System.
All locks are displayed only on Master Server. Other servers displays one "own" locks (locks
created on current servers).
Number of locks held by CML Total count of locks held by all CML servers
together
Number of locks held on ORS servers Total count of locks held by all ORS servers
together
Number of CML groups that are holding Total count of CML groups that are holding locks
locks
Number or ORS servers that are holding Total count of ORS servers that are holding locksr
locks
Locks on cluster nodes (CML) Total count of locks held by each CML server
CLUSTER SERVER INFO

This table shows the status of the CML servers. You can find out if all of them are online any or if any
of them is offline.
YSoft SafeQ 5 799

February 03, 2016
DBSYNC DATABASE AND SYSTEM POOLS

Table shows DB synchronization pool between CML servers.
if 0 is displayed - all data is synchronized on all servers.
LICENSE INFORMATION
License information shows the available information about the license.
Detailed information about licensed elements is available after expanding Show licensed features.
YSoft SafeQ 5 800

February 03, 2016
SYSTEM
System page shows various information about YSoft SafeQ system.
You can find more information about tab content on Support information page.
YSoft SafeQ 5 801

February 03, 2016
LOCKS
Locks page is divided to a three parts. Locks page shows the list of printers that are currently using for
print.
About Locks
When a lock is created? Once a user is authenticated on terminal - Lock is created.

When the lock is disappeared? When user is log out from terminal screen.
Why a locks are created? - Lock is created for user security. Once the lock is created
no other user may perform print/scan/copy job on current printer.
LOCKS ON CML (BY NODE)
LOCKS ON ORS
LOCSK ON CML (BY GROUP)
YSoft SafeQ 5 802

February 03, 2016
DATABASE
SYSTEM LOGS
ABOUT
Through this page you can simply download logs from CML At Glance
server.
Y Soft Hepldesk may ask you for this information. Log files are About
typically located in <SafeQ_DIR>\logs (e.g. C:\SafeQ5\logs) folder General overview
on YSoft SafeQ server. Working
with
system
logs
YSoft SafeQ 5 803

February 03, 2016
GENERAL OVERVIEW
System logs can be found on web interface: System -> Tools -> System logs
WORKING WITH SYSTEM LOGS
File File name
Size Log file size
Date Log file last

modification
Download log file
SYSTEM SETTINGS
About
General overview
Working with System settings
Search filter
Tablet panels
Property details
Saving new settings
Functions
Add new item
Actions
Views
Save settings
Settings in Dashboard widget
Delivering configuration to the customer
YSoft SafeQ 5 804

February 03, 2016
ABOUT
Through this system settings page, authorized administrator can manage SafeQ configuration.
YSoft SafeQ 5 has no user-configurable hard text or xml configuration files on the file system. All
configuration settings is saved in database. There may be some configuration files in SafeQ installation
directory, however these are considered as a part of application, required for its start up and shall not be
modified any time.
There are following rules in updating configuration in cluster:
all nodes have to be up and running when changing settings

it is highly recommended to update configuration on the master node
GENERAL OVERVIEW
System settings can be found on web interface: System > System settings
Please note that settings of LDAP replicator are in separate page in user management, see Tools - LDAP
Integration.
WORKING WITH SYSTEM SETTINGS
SEARCH FILTER
In System settings page you can search for properties:
by entering text phase into text filed. This phase must be part of property name, description or
internal name.
by marking/unmarking SafeQ components which are using this property
To apply current search filter click Search button. To cancel current serach filter click Clear buton.
YSoft SafeQ 5 805

February 03, 2016
TABLET PANELS
Tablet panel on the left side of the page are representing different categories of system settings. Number of
displayed categories depends on the currently selected view and search filter.
To change category just click its name. Currently selected category is always highlighted with white color.
PROPERTY DETAILS
Each property listed in System settings contains some attributes which are described below. All attributes
marked with asterisk are always display for each property.
1. Property name* - you can search properties based on name

2. Property description* - short description how property affects SafeQ system; possible to search
properties based on description
3. Configuration level - green = basic, yellow = advanced, red = expert
4. Internal name and "Revert to default value" button* - internal name of property; possible
to search properties based on internal name; by clicking
5. List of components where is this property applied* - possible values: CML (central managing
layer), ORS (offline remote spooler), TS (terminal server), MPS (mobile print server)
6. List of components which requires restart to apply changes - possible values: CML (central
managing layer), ORS (offline remote spooler), TS (terminal server server), MPS (mobile print server)
7. List of embedded terminals which requires reinstallation to apply changes - only installed
vendors are listed
8. Currently saved value* - possible ways of selecting value are: selecting from drop-down list, editing
text field, adding/removing line with value
SAVING NEW SETTINGS
After changing settings values you have to save changes to apply new settings. It is possible to change
more values on different pages and then save settings
YSoft SafeQ 5 806

February 03, 2016
After clicking button, there is displayed a window with summary of changes, list of
components to be restarted and list of terminals to be reinstalled. To confirm these changes click Yes.
FUNCTIONS
interface - Basics
ADD NEW ITEM
This function is available only in Expert options view and allows you to add custom properties into System
settings. After clicking pop-up window will be displayed. Fill in all necessary field and
click Add property.
YSoft SafeQ 5 807

February 03, 2016
ACTIONS
Name Description
Import settings Imports previously exported file with differential settings with following conditions:
from file
Differential system settings in the import file has to exist in existing
YSoft SafeQ settings and only value is updated. If system setting does
not exist in YSoft SafeQ, an error is reported.
Setting has to be contain valid values which can be imported.
Setting in YSoft SafeQ which should be overwritten by value from the
import file cannot be read-only otherwise an error is reported.
Setting which exists as user settings in YSoft SafeQ cannot be
overwritten by any setting from the import file. Such setting has to be
modified only from web interface.
Imported user defined setting cannot overwrite existing system setting
in the YSoft SafeQ.
If your import fails, remove invalid setting from the import file according these
conditions and try to load it again.
Export settings to Exports settings difference between default value and set value. Only key and a
file current value is exported. All user defined settings are exported as full record which
means with information about used subsystems, all flags, default value and its
assignment in category to be able to restore it again in the import. Settings which are
not changes are not exported.
VIEWS
SafeQ system settings are divided into three levels, based on impact to SafeQ system. After clicking
you can select:
Basic options - small impact to SafeQ system

Advanced options - medium impact to SafeQ system
Expert options - high impact to SafeQ system. Do not change Expert options without prior permission
from Y Soft.
SAVE SETTINGS
To save new settings you have to click button before leaving system settings page. For
more info see Saving new settings.
SETTINGS IN DASHBOARD WIDGET

Some basic settings can be also edited from Welcome to YSoft SafeQ widget on Dashboard. For changes
of the setting using the widget same rules as for System Settings apply.
YSoft SafeQ 5 808

February 03, 2016
DELIVERING CONFIGURATION TO THE CUSTOMER

As a CSS technician or Y Soft partner, I want to deliver changes in configuration to the customer so that
customer environment can be set properly even without skilled person on site.
To prepare changes in configuration, create XML file for import with following structure:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
<property>
<key>property name</key>
<value>value</value>
</property>
<property>
<key>property name 2</key>
<value>value 2</value>
</property>
...
</configuration>
Any user with right to change system settings can than import the XML file.
Please note that you have to follow rules for importing setting. Also SafeQ services must be restarted for
applying settings where required.
4.8 YSOFT SAFEQ 5 INSTALLATION PROCEDURE
The following information is the main directory for YSoft SafeQ server installation, update and
uninstallation instructions.
YSoft SafeQ 5 809

February 03, 2016
For YSoft SafeQ 5 central components (the CML) or a single server, the following guides are available:
INSTALLING YSOFT SAFEQ 5
Installing YSoft SafeQ CML server

Installing YSoft SafeQ ORS
Installing YSoft SafeQ CRS server
Installing YSoft SafeQ using bundle installer
UPDATING YSOFT SAFEQ 5
Updating YSoft SafeQ CML

Updating YSoft SafeQ ORS with cache recovery
Updating YSoft SafeQ CRS
UNINSTALLING YSOFT SAFEQ 5
Uninstalling YSoft SafeQ CML and database

Uninstalling YSoft SafeQ ORS
Uninstalling YSoft SafeQ CRS
UPGRADE TO YSOFT SAFEQ 5
Manual upgrade - YSoft SafeQ 4 CML to YSoft SafeQ 5 CML

Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 (PostgreSQL Embedded database)
Upgrade from YSoft SafeQ 4 SR34 to YSoft SafeQ 5 (MS-SQL Embedded database)
Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 (PostgreSQL External database)
Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 (MS-SQL External database)
4.8.1 INSTALLING YSOFT SAFEQ CML SERVER
The following information is the main directory for YSoft SafeQ CML server installation instructions.
Installing YSoft SafeQ CML

Creating sync user for external MS SQL server
Installing SafeQ on external MSSQL using domain users
Installing SafeQ on server with specific database collation for MS-SQL database
External PostgreSQL installation
Installing SafeQ with database and data warehouse on separate servers
Updating YSoft SafeQ CML
Updating YSoft CML cluster
INSTALLING YSOFT SAFEQ CML
This page describes how to use the interactive installer to perform a basic YSoft SafeQ server
installation.
YSoft SafeQ 5 810

February 03, 2016
Standard installation
Troubleshooting the installation process
Customized installation or adding / replacing node
Using the file update.conf
All nodes of the CML cluster have to be in the same timezone
STANDARD INSTALLATION
1 Obtain and run installation file ysf-sq5-install.exe from YSoft Partner Portal. Once you have the file
and the server is ready for installation, you can begin YSoft SafeQ installation.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything necessary for
installing a fully functional YSoft SafeQ server.
2 Select a language that will be used for the installation process. This language will also be used as
NOTE: You can change the language for YSoft SafeQ at any time after installation is done.
YSoft SafeQ 5 811

February 03, 2016
YSoft SafeQ 5 812

February 03, 2016
After you accept the license agreement, the installer runs a preinstallation check. This procedure
installation.

Accept the default YSoft SafeQ server installation folder, database engine, and IP
address.
YSoft SafeQ 5 813

February 03, 2016

7 If you chose the default installation, the installer displays the account name and password for the
database. The password is automatically copied to the clipboard. Save this password to a safe
place so that you can either use it when you need it or change it if you want.
Click OK.
chose to the selected destination folder on the server. In case you wish to see detailed installation
progress, press Show details button (or D key).
YSoft SafeQ 5 814

February 03, 2016
9 The last page of the wizard informs you about the results of the installation process and gives you
the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to close the
installation wizard.
YSoft SafeQ 5 815

February 03, 2016
TROUBLESHOOTING THE INSTALLATION PROCESS

YSoft SafeQ 5 816

February 03, 2016
CUSTOMIZED INSTALLATION OR ADDING / REPLACING NODE
6a If you wish to use values other than the default settings, check I want to customize my YSoft
SafeQ installation.
6b You can select witch node you want to install.
If you want to install master node select Install a new YSoft SafeQ server (or the first node
of a YSoft SafeQ cluster) and continue by click "Next"
If you want to add node to existing cluster, select Add or replace a node in an existing
YSoft SafeQ cluster, enter Cluster master node IP address and after clicking Retrieve node
list select Add new node option.
NOTE: When you add new node to cluster in environment with ORS servers, configuration
of ORS servers must be adjusted to communicate with new CML server too.
YSoft SafeQ 5 817

February 03, 2016
6c You now have the option to select your own installation location. You can install YSoft
SafeQ anywhere other than a UNC path or the root folder of the drive.
6d Choose the database that will be used by YSoft SafeQ:
YSoft SafeQ 5 818

February 03, 2016
the default Embedded PostgreSQL 9.2.x

Bundled Microsoft SQL Server 2012 Express Edition (if Windows Installer
version 4.5 or higher is present)
Use an existing external database server which you can choose if you already
have MS SQL 2008 or 2012 or PostgreSQL 9.2.x database with enough
capacity to hold the YSoft SafeQ database.
Same database type must be installed on all CML nodes. In the case that 1st
node is installed on PostgreSQL DB, installation of second node (and all others)
is allowed only for PostgreSQL (MS SQL installation is disabled).
NOTE: For database synchronization the user named sync must exist. Users
sync rights settings: sysadmin or Read/write rights for SQDB5 and
SQDB5_SQDW. See how to create sync user on external MS SQL server.
6d1 In case of Embedded PostgreSQL or Bundled Microsoft SQL Server you must specify
password for database user and sync user. Passwords must be entered twice to avoid
problem with potential typo.
You can use Generate password buttons to generate passwords for database user and sync
user. On button click, password is generated and copied into the clipboard.
YSoft SafeQ 5 819

February 03, 2016
In case you selected embedded Microsoft SQL Server 2012 Express edition, password must
meet minimum password strength as described here:
Strong passwords cannot use prohibited conditions or terms, including:
A blank or NULL condition

"Password"
"Admin"
"Administrator"
"sa"
"sysadmin"
A strong password cannot be the following terms associated with the installation computer:
The name of the user currently logged onto the machine.
The computer name.
Password must not contain =;"<>:@%&`\'\\
6d2 In case of External database you must specify information about connection.
YSoft SafeQ 5 820

February 03, 2016
6d3 Enter names for YSoft SafeQ databases.
NOTE: Database names should not contain special characters or white spaces.
YSoft SafeQ 5 821

February 03, 2016
6e1 If you are installing additional node you have to enter master node IP address, retrieve node
list information and click "add new node".
6e2 Enter YSoft SafeQ admin credentials from master node to perform database dump during
installation process.
This step is skipped in case of using external database.
YSoft SafeQ 5 822

February 03, 2016
6f The last page of the wizard presents you with the following settings:
Local GUID for currently installing CML server (node).

TCP port that the YSoft SafeQ Web Interface will use.
HTTPS TCP port for YSoft SafeQ Web Interface.
Install the Terminal Server: To install Terminal Server, check the checkbox. To
not install it, leave the checkbox empty.
Start YSoft SafeQ services after the installation is finished: To start services
after installation, check the checkbox. To not start services, leave the checkbox
empty.
Enable support for embedded IIS web server: To install IIS web server, check
the checkbox. To not install IIS web server, leave the checkbox empty.
IIS web server is required to use embedded hostable web core (HWC) web
server inside Terminal Server. HWC web server is suitable for environments with
a lot of devices on one node (e.g. up to 400) or for customers that experience
problems with the legacy web server mainly for stability reasons (unexpected
crashes). It provides best performance and stability, that is not achievable with
any other embedded web server solution. This option is also required for the
YSoft SafeQ Embedded Terminal for Ricoh.
NOTE: Checkbox for web role installation appear, only on systems which
supports IIS 7 or higher (Windows Server 2008, 2008 R2 and 2012)
YSoft SafeQ 5 823

February 03, 2016
7 When installation is finished, please restart YSoft SafeQ CML and YSoft SafeQ CML DBS
services on all previously installed nodes.
USING THE FILE UPDATE.CONF

When installation is complete, a <SAFEQ_DIR> \conf\update.conf is created with preconfigured database
configuration options. The file update.conf is deleted after the options it contains are updated. You can
create this file anytime you want to change multiple configuration options stored in a database. Restart the
YSoft SafeQ CML service to process the file. When you use update.conf, keep in mind the following rules:
The file cannot contain configuration options that are stored in the files startup.conf, cmldb.conf,
cmldb-sqdw.conf, and cmldb-cluster.conf (otherwise the service will not start).
You can create the file whenever you need it; you can also use it for preconfiguring your installation,
but changes are applied only after the YSoft SafeQ CML service is restarted.
The file cannot contain a new configuration. If you want to add a new configuration option: in the
YSoft SafeQ Web Interface, use System Settings > Add new item.
The file updates only values. To change any other setting, such as a required restart or applying an
update on a subsystem, you must use the YSoft SafeQ Web Interface.
Listed configuration options are referenced by their internal name. The format in the file is internal
name = value. You can find internal names on the System Settings page.
If update.conf is used in clustered environment, all other CML nodes have to run and be available to
CML node where update.conf is applied.
YSoft SafeQ 5 824

February 03, 2016
CREATING SYNC USER FOR EXTERNAL MS SQL SERVER

This page describes how to create sync user in MS SQL server with appropriate rights for YSoft SafeQ CML
installation.
1 Open SQL Server Management Studio and connect to the Database Engine
2 Expand Security, right-click Logins and select New Login...
YSoft SafeQ 5 825

February 03, 2016
Enter Login name sync, switch to SQL Server authentication and insert password and untick
Enforce password policy
YSoft SafeQ 5 826

February 03, 2016
Switch to the Server Roles tab and tick sysadmin role. Finish the sync user creation by pressing OK
button
INSTALLING SAFEQ ON EXTERNAL MSSQL USING DOMAIN USERS

This page described installation of YSoft SafeQ CML server on Microsoft SQL database with usage of
domain users for authentication to database engine.
PREREQUISITES
Workstation where CML server will be installed is registered in domain

Two users for database connection are available in domain. One of the users has username 'sync'
Microsoft SQL database engine is installed
YSoft SafeQ CML installer is available
YSoft SafeQ 5 827

February 03, 2016
INSTALLATION OF CML SERVER USING DOMAIN USERS
1 Open SQL Server Management Studio and connect to the Database Engine.
2 Expand Security, right-click Logins and select New Login...
3 Add 2 domain users, who will be used for communication between SafeQ installer and database. One
of users must have username 'sync'.
Enter Login name in following format 'domain\username' and select Windows authentication as
authentication method.
YSoft SafeQ 5 828

February 03, 2016
4 Switch to the Server Roles tab and select sysadmin role.
YSoft SafeQ 5 829

February 03, 2016
Confirm user creation by clicking OK button.
5 Run YSoft SafeQ CML installer. On installation settings screen check I want to customize my YSoft
SafeQ installation and click Next.
YSoft SafeQ 5 830

February 03, 2016
6 Select Use and existing external database server in database type selection step.
7 Check Use Windows Authentication (instead of SQL) checkbox and fill in Domain textbox.
Fill in connection details for both users. Use users and password registered n domain.
YSoft SafeQ 5 831

February 03, 2016
NOTE: Domain name have to match one, used during users creation in database engine:
user created in database is in format testdomain.test\user, fill in testdomain.test to

Domain field
user created in database is in format testdomain\user, fill in testdomain to Domain field
8 Continue to further steps and start installation of CML server
INSTALLING SAFEQ ON SERVER WITH SPECIFIC DATABASE COLLATION FOR MS-SQL DATABASE
If you are installing SafeQ on server with Turkish locale using external MS SQL server 2012, you have to
create database with specific colation settings first.
1 Following steps required already installed MS-SQL server.
Before SafeQ installation described in article Installing YSoft SafeQ CML, following steps are required
to create database with specific collation.
2 Open SQL Server Management Studio and create new database.
YSoft SafeQ 5 832

February 03, 2016
3 On General tab enter SQDB5 as a Database name.
4 Switch to Options tab and set specific Collation
Example: For Turkish locale set SQL_Latin1_General_CP1250_CI_AS .
YSoft SafeQ 5 833

February 03, 2016
Then click OK and new database will be created.
5 Create another database by repeating these steps. Name it SQDB5_SQDW.
Then you can see both databases in SQL Server Management Studio.
6 Now you can install SafeQ according to Installing YSoft SafeQ CML.
In step 6d2 enter connection for external MS-SQL server.
In step 6d3 enter database names of already created databases (SQDB5 and SQDB5_SQDW).
Install wizard will connect to created databases and confirm connection.
YSoft SafeQ 5 834

February 03, 2016
YSoft SafeQ 5 835

February 03, 2016
EXTERNAL POSTGRESQL INSTALLATION
1 Download installation files of PostgreSQL Only PostgreSQL 9.2 is supported for SafeQ 5
2 Run installation package.
YSoft SafeQ 5 836

February 03, 2016
Enter instllation folder for PostgreSQL
4 Enter folder fo storing database data
YSoft SafeQ 5 837

February 03, 2016
Enter password for user postgres
6 Select port (default port value: 5432)
7 Select the locale to be used by the new database.
YSoft SafeQ 5 838

February 03, 2016
8 Finish installation process of Postgres 9.2.
YSoft SafeQ 5 839

February 03, 2016
INSTALLING SAFEQ WITH DATABASE AND DATA WAREHOUSE ON SEPARATE SERVERS

This page contains a description of the settings needed for running the main database and the data
warehouse on separate servers.
PGSQL SETTINGS
SQ DATABASE
Perform the following change in postgresql.conf:
listen_addresses = '*'
In the file pg_hba.conf, add a row as such:
host all all %SQ_IP%/32 md5
where %SQ_IP% = ip address of SQ database server
SQ DW DATABASE
Perform the following change in postgresql.conf:
listen_addresses = '*'
In the file pg_hba.conf, add a row as such:
host all all %SQ_DW_IP%/32 md5
where %SQ_DW_IP% = ip address of SQ DW database server
YSoft SafeQ 5 840

February 03, 2016
MSSQL SETTINGS
SQ Database server and SQ DW Database server must be linked as servers via MSSQL server
(Management Studio -> Database Engine -> Server Objects -> Linked Servers).
After administrator of MSSQL servers links the servers you must properly specify values in SafeQ config
files (srvnames must be same as in Linked Servers part):
sqdb-srvname
sqdb-dwsrvname
Server must be linked from both sides, SQ DW Database to SQ Database and SQ Database to SQ DW
Database.
UPDATING YSOFT SAFEQ CML

This page describes how to use the YSoft SafeQ Setup Wizard to perform a basic YSoft SafeQ server
update.
You can use the wizard to update all version of YSoft SafeQ 5 that was previously installed via any
installer (GUI or script).
When updating to a new release, all installed components (YSoft SafeQ CML/ORS/CRS servers, Mobile
Print Server, YSoft Payment System and YSoft Payment System plugins) have to be updated.
In case one or more YSoft SafeQ services has been disabled, enable them before you start.
Minimum free space required for update is 600MB.
If you want to update YSoft SafeQ installed via enterprise (script) installer - Be sure that safeq_home
property is already exists in environment variables. Create this variable (safeq_home=<SafeQ_dir>) if it
does not exist already.
If you want to enable JDBC connection pool feature when updating from YSoft SafeQ 5 SR 5 or 6, you
should set configuration property enableDBPool in configuration file startup.conf to true.
Upgrade from Service Release 8 and earlier requires re-installation of the YSoft SafeQ Embedded
Terminals for Konica Minolta. In case the terminals are not re-installed, users might not be able to
authenticate.
1 a. Download the installation package ysf-sq5-install.exe from the YSoft Partner Portal. Once you
have the package and the server is ready for installation, you can begin the YSoft SafeQ installation.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything required to install a
fully functional YSoft SafeQ server.
b. Run the file ysf-sq5-install.exe.
YSoft SafeQ 5 841

February 03, 2016
2 Select the language that will be used for the installation process. This language will also be used as
NOTE: You can change the language later at any time.
3 Continue to next page from Welcome screen.
NOTE: Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree, click
Cancel to quit the installation.
YSoft SafeQ 5 842

February 03, 2016
installation.
6 To use the displayed settings:

Click Install.
or
To configure custom settings:

Check the I want to customize my SafeQ installation checkbox and proceed to step 7.
YSoft SafeQ 5 843

February 03, 2016
7 Choose the database that will be used by YSoft SafeQ:
the default embedded PostgreSQL 9.2.x

the bundled Microsoft SQL Server 2008 Express Edition (if Windows Installer version 4.5 or
higher is present)
Use an existing external database server which you can choose if you already have MS
SQL 2008 or 2012 or PostgreSQL 9.2.x database with enough capacity to hold the YSoft
SafeQ database.
NOTE: For database synchronization, a user named sync must exist.
Click Next.
YSoft SafeQ 5 844

February 03, 2016
8 Enter names for YSoft SafeQ databases and click Next.
9 The last page of the wizard indicates that the update is complete. Click Finish.
UPDATING YSOFT CML CLUSTER
1. UPDATE PROCEDURE AT GLANCE
Step No Action to perform Comment User

impact
1 Shut down the whole environment. Follow chapter: Stop all ORS and Outage
CML services on all servers
YSoft SafeQ 5 845

February 03, 2016

impact
All ORS, CML as well as

CRS, MPS and YPS
services.
2 Update CML 2: Follow chapter: Update CML Outage
Use the time of CML update The reason for starting with node
for next steps 2 is to mitigate a risk of slow
validation. The database on node 2 is
quite small compared to CML 1 which
makes it likely to validate faster. Time
of validation defines duration of the
outage.
3 While step 2 is in progress, update Follow chapter: Update ORS Outage

one ORS in Near Roaming Group
(NRG)
Perform per each NRG

Stop services of updated and
configured ORS

standalone ORS servers
Perform per each location

configured ORS

ORS in every business critical
location

configured ORS
6 After CML 2 is fully operational: None or

partial
Start services on updated
ORS servers from steps 3-5
YSoft SafeQ 5 846

February 03, 2016

impact
Reinstall all Terminal

Embedded devices that are
connected to CML
subsystem (not ORS)
7 Verify functionality: None or

partial
All updated ORS servers are
connected to CML
Roaming print in each
location works as expected
(send/release job)
No exceptions in the logs
MILESTONE GO/NOGO DECISION Decide whether proceed or roll back. None or

1 Follow chapter "Rollback procedure partial
for Milestone 1" for recovery
procedure.
8 Update CML 1 and all other CML Follow chapter: Update CML None
nodes
9 Perform CML configuration changes Follow chapter: Additional steps Intermittent

in System Settings (if any) service
interruption
10 Update the rest of the ORS servers Follow chapter: Update ORS Intermittent
service
interruption
2. BEFORE THE INSTALLATION
2.2. EXPECTED SYSTEM OUTAGE
Between steps 1 and 6, the printing is unavailable. It is expected to take up to ..... hours to restore it
2.3. EXPECTED DATA LOSS
If executed as documented, no data loss is expected.

In case of rollback, data between step 1 (database backup) and rollback are lost. Users will need to
reprint their jobs once the system is operational again.
3. UPDATING THE ENVIRONMENT
The steps show manual changes. In real update procedure we suggest to have pre-configured files as
suggested above.
3.1. UPDATE CML
1) Backup the following as soon as services are stopped:
YSoft SafeQ 5 847

February 03, 2016
License.xml file from <CML>\conf folder

Both CML databases on both CML nodes
SQDB5
SQDB5_SQDW
2) Run the installer.
3) Wait for the validation to finish, do not interrupt! Click "retry" as many times as needed. It can
take up to several hours if the database grew big.
4) Stop all services on updated CML 2 to perform all changes below (keep the database server service
running, if it is local)
3.1.1. Set recovery for all Y Soft services
3.1.2. Start all CML Services

Start CML Service first; all other services in no particular order.
3.1.3. Activate the CML
Open Web browser and activate the system using offline activation (option on the right). Follow the
instructions on the screen.
CML update is finished

3.1.4. Update YPS
Follow YPS specific documentation.
YSoft SafeQ 5 848

February 03, 2016
3.2. UPDATE ORS
3.2.1. Backup
You can perform the ORS backups while CML is being installed
On each ORS run a backup script run.cmd
run.cmd
set SOURCE=C:\SafeQORSset DESTINATION=C:\SafeQORS-backupset EXCLUDE=C:

\excl.txtxcopy %SOURCE%\* %DESTINATION%\* /s /q /y /EXCLUDE:%EXCLUDE%
excl.txt
logs\terminalserver\logs\terminalserver\AccountedJobsserver\temp\
server\cache\server\spool\
3.2.2. Perform the update
(should be done in advance) Configure the safeq-ors.ini configuration file. The CML Server GUIDs
can be found on the SafeQ Web Interface of the CML Servers
Run the installORSv2-exe.cmd command file
Check the Install-ORS.log to make sure the installation has completed
Stop all ORS services
3.2.3. Set recovery for all services

Set this on all services on both CML as well as all ORS servers:
YSoft SafeQ 5 849

February 03, 2016
3.2.4. Start ORS services
Start ORS Service

Start Terminal Server Service
Wait for Web Service to start by itself in case of NRG. Otherwise start manually
Before starting other ORS:
Ensure there are no exceptions in logs of this one

Ensure they are connected using jConsole (or logs)
ORS update is finished

3.2.5. Update MPS
Follow MPS specific documentation.
3.3. ADDITIONAL STEPS
At this point both CML servers are updated so configuration can be adjusted in System Settings.
3.3.1. Capture changes and update the Solution Reference Guide
1. Collect <cml>\conf.jsp and update the Solution Reference Guide

2. Export settings and update respective settings in Solution Reference Guide:
YSoft SafeQ Dashboard: System -> Actions -> Export settings to file
3.4. UPDATE CRS
3.4.1. Requirements
YSoft SafeQ 5 850

February 03, 2016
Encryption enforced option on the SQL server is set to No
Somebody with the following permissions on their Windows account:
The following SQL Server Analysis Services roles are required: SQL Server Analysis Services
"Server administrators" group
Y Soft service account has to be temporarily granted the following permissions. Permissions can be
removed after the update is finished:
The following SQL Server Integration Services roles are required: db_ssisadmin
YSoft SafeQ 5 851

February 03, 2016
3.4.2. Backup
Run backup.bat for database dump

Replace <ENV>with respective environment name and run the command:
backup.bat -env crs\<ENV>\node1
Stop the CRS service

Back the whole <CRS> directory up
3.4.3. Configure
In most of the cases it is possible to use the "old" DeploymentConfig package as the parameters do not
change.
3.4.4. Run update script
Replace <ENV>with respective environment name and run the command:
update.bat -env crs\<ENV>\node1
This is the output of the installation:
YSoft SafeQ 5 852

February 03, 2016
Stop CRS service after the installation is done.

3.4.5. Post update steps
Start the CRS service
Send statistics from CML
Wait for synchronization to finish (check this in CRS log)
Restart CRS service to force OLAP cubes processing
Check in crs.log if there are errors:
2014-03-28 08:04:35,641 INFO mpleThreadPoolWorker-1| CSDManagerCRS|

Obtaining CDC Lock to generate statistics data...2014-03-28 08:04:35,643
INFO mpleThreadPoolWorker-1| CSDManagerCRS| CDC Lock obtained correctly2014
-03-28 08:04:35,653 INFO mpleThreadPoolWorker-1| CSDManagerCRS| Running CSD
optimization query #1 [csd_add_stats]2014-03-28 08:04:45,579 INFO
mpleThreadPoolWorker-1| CSDManagerCRS| CSD Optimization query #1: 9921ms.
2014-03-28 08:04:45,580 INFO mpleThreadPoolWorker-1| CSDManagerCRS| Running
CSD optimization query #2 [build cube]2014-03-28 08:04:46,590 WARN
mpleThreadPoolWorker-1| ConfigurationImpl| Requested property not
available in cache. Key = 'cdc-proccess-limit'. Returning default: 'null'
2014-03-28 08:11:00,668 DEBUG Thread-2| CSDManagerCRS| Microsoft (R) SQL
Server Execute Package Utility2014-03-28 08:11:00,669 DEBUG Thread-2|
CSDManagerCRS| Version 10.50.4270.0 for 64-bit2014-03-28 08:11:00,669 DEBUG
YSoft SafeQ 5 853

February 03, 2016
Thread-2| CSDManagerCRS| Copyright (C) Microsoft Corporation 2010. All

rights reserved.2014-03-28 08:11:00,670 DEBUG Thread-2| CSDManagerCRS| 2014-
03-28 08:11:00,670 DEBUG Thread-2| CSDManagerCRS| Started: 8:04:45 AM2014-03
-28 08:11:00,670 INFO mpleThreadPoolWorker-1| CSDManagerCRS| Command
succeeded [command="dtexec.exe" /SQL "\PackageBuildCubeSafeq"
/MAXCONCURRENT " -1 " /CHECKPOINTING OFF /REPORTING E]2014-03-28 08:11:00,
670 DEBUG Thread-2| CSDManagerCRS| DTExec: The package execution returned
DTSER_SUCCESS (0).2014-03-28 08:11:00,670 INFO mpleThreadPoolWorker-1|
CSDManagerCRS| CSD Optimization query #2: 375090ms.2014-03-28 08:11:00,670
DEBUG Thread-2| CSDManagerCRS| Started: 8:04:45 AM2014-03-28 08:11:00,671
DEBUG Thread-2| CSDManagerCRS| Finished: 8:11:00 AM2014-03-28 08:11:00,671
DEBUG Thread-2| CSDManagerCRS| Elapsed: 374.948 seconds2014-03-28 08:11:00,
686 DEBUG mpleThreadPoolWorker-1| CSDManagerCRS| CSD (MSSQL) optimization
DONE in 385075
3.4.6. Troubleshooting
Connect to Analysis services -> open cube -> Data Sources -> Properties:
set safeqdb user for connection in "connection string" (test to confirm)
Changes in <CRS>\scripts\CUBE\4_\ in order to build the cube manually:
rename "full_cube_template_2008_std_sqlcred.xmla" to "full_cube_template.xmla" replacing the

existing file
add pass and user, update server
<ConnectionString>Provider=SQLOLEDB.1;Data Source=SQL-SWDS-SFQ-P1;Persist Security
Info=True;Password=*******;User ID=safeqdb;Initial Catalog=yBoxDBCDC</ConnectionString>
If the installation fails, verify the required permissions and run the update again
YSoft SafeQ 5 854

February 03, 2016
4. ROLLBACK PROCEDURE
4.1. ROLLBACK PROCEDURE FOR MILESTONE 1
As a first step, collect data for analysis:
<CML/ORS>\*.log
<CML/ORS>\logs\*.log
<CML/ORS>\terminalserver\logs\*.log
Event viewer export from CML/ORS
CML 2 database backup
4.1.1. Recover printing availability where possible
1. Stop all updated components

a. All updated ORS servers
b. Updated CML 2 server
2. Start CML 1
3. Start all not-yet-updated ORS servers
At this point the system is partially operational

4.1.2. Restore ORS
1. Restore ORS files from backup (do not un/reinstall)

2. Start services:
Start ORS Service
Start Terminal Server Service
Wait for Web Service to start by itself
4.1.3. Restore CML
1. Restore database on CML1 from backup performed

2. Restore all binary files from backup created automatically during the installation
3. Start CML Services
4. Verify that the database is synchronizing
4.1.4. Restore CRS
Follow standard recovery procedures as documented
5 UPDATING CLUSTER WITH NETWORK LOAD BALACING OR MICROSOFT CLUSTER SERVICES

Please get in touch with Customer support in order to get instructions specific for your environment.
4.8.2 INSTALLING YSOFT SAFEQ ORS
This document consists of:
Configuring settings in the Safeq-ors.ini file
YSoft SafeQ 5 855

February 03, 2016
YSoft SafeQ ORS installation

YSoft SafeQ ORS service check
Troubleshooting the ORS installation
To install YSoft SafeQ ORS (Offline Remote Spooler), use the installORSv2-exe.cmd installation script. By
default the installer installs YSoft SafeQ ORS in the C:\SafeQORS directory. The installer generates the
global identifier (GUID) for the ORS server and places it in the configuration file guid.conf. If this file already
exists in the target location, the existing GUID is preserved and will be used.
You can use the MSI package to install YSoft SafeQ ORS.
For the correct system settings, see SafeQ ORS Server pre-installation check list.
Do not install YSoft SafeQ ORS on the same server where YSoft SafeQ CML is running.
CONFIGURING SETTINGS IN THE SAFEQ-ORS.INI FILE
Before beginning the installation, edit the file safeq-ors.ini (included in the installation package). Below is a
description of most important configuration attributes.
1 For a new YSoft SafeQ ORS installation with an already assigned GUID, enter the GUID in the
parameter localGUID: Use this parameter only if you want to install YSoft SafeQ ORS on a
server with a specific GUID, typically for a server crash recovery, in which case it is necessary to
keep the original GUID that was on the ORS server before the accident. The detailed instructions for
the recovery of the ORS can be found in ORS - Recovery procedure.
localGUID= <NEW_ORS_GUID>
2 Set the GUIDs, IP addresses, and ports for communication with YSoft SafeQ CML servers.
CML server GUIDs were created during YSoft SafeQ CML installation. They can be
found on respective web interface of each CML server in System info widget.
YSoft SafeQ 5 856

February 03, 2016
Another option to locate GUID of the CML server is in the value of the property
localGUID which can be found in <SafeQ_DIR>\conf\startup.conf configuration file of
respective CML server.
Do not change the port for communicating — keep it as 6010.
Add the IP address or DNS name of the YSoft SafeQ CML server.
It is always necessary to fill in details for all CML servers in your CML cluster.
If you do not have all four CML servers in your environment, delete redundant rows (e.g.
serverGUID4, serverPORT4, serverIP4) or comment them by putting ";" mark in front of them.
serverGUID1= <FIRST_NODE_GUID>
serverPORT1= 6010
serverIP1= <FIRST_SERVER_IP>
serverGUID2= <SECOND_NODE_GUID>
serverPORT2= 6010
serverIP2= <SECOND_SERVER_IP>
Example
serverGUID1=BB6FBF1- 8388 -47C9- 8679 -47D846E4AA2

serverPORT1= 6010
serverIP1= 10.0 . 10.50
serverGUID2=1EC0A9D8- 5488 -4B05-B7B1-52B8C829437B
serverPORT2= 6010
serverIP2= 10.0 . 10.51
;serverGUID3=
;serverPORT3=
;serverIP3=
;serverGUID4=
;serverPORT4=
;serverIP4=
3 Define directory for the installation of YSoft SafeQ ORS by setting the following parameters:
targetDir = <PATH>
YSoft SafeQ 5 857

February 03, 2016
Example
targetDir=C:\SafeQORS
Use backslash as directory divider.
4 You can also set the location of these directories:
spoolDir = The folder where print jobs are stored.

parserTemp = The folder where every print job is temporarily stored during the receive
process.
cacheDir = Cache folder on the ORS.
If you do not enter these directories, the default values will be used: <targetDir>/server/spool,
<targetDir>/server/temp, <targetDir>/server/cache.
5 Another parameters in the SafeQ-ors.ini file are for configuring the SMTP server. The SMTP server
is used for sending scanned documents to users and for sending notifications to users. In the
configuration file, enter the IP address or DNS name of the SMTP server, IP address or DNS name
of the backup SMTP server, sender's e-mail, and login to SMTP server (if required).
smtpServer= <SMTP_SERVER_IP_ADDRESS>
smtpServerBackup= <BACKUP_SMTP_SERVER_IP_ADDRESS>
emailSender= <EMAIL_SENDER>
smtpUser= <SMTP_USER>
smtpPassword= <SMTP_PASSWORD>
If you do not enter these settings, values will be obtained from CML server setting.
Example
smtpServer= 10.0 . 0.1

smtpServerBackup= 10.0 . 1.1
emailSender= sender @safeq .com
smtpUser= smtp_user
smtpPassword= secret_password
YSoft SafeQ 5 858

February 03, 2016
6 ORS Web Server serves several functions: interface for desktop client, scanning using webdav,
Mobile Print Server services. It is possible to change port for HTTP and HTTPS communication
(These two ports are mandatory). YSoft ORS Web server service won't start if either one of these
ports is blocked.
webServerPort= 80
webServerPortHTTPS= 443
7 Optionally, the base URL of YSoft SafeQ Web interface can be entered. If set, it is used to access
YSoft SafeQ web interface from YSoft SafeQ Client.
Trailing slash is not allowed here. Valid examples: http://hostname.example.com, http://10.10.20.20:

8080, https://secure.example.com.
safeqWebBaseUrl = https: //secure.example.com
It is recommended to leave this value empty (default) for most installations.
It may be used to configure custom host name for YSoft SafeQ Client to match the SSL
certificate of YSoft SafeQ ORS server (see Configuring SSL for Web interface).
8 In case you prefer to use Hostname instead of IP address for the local machine address, modify
configuration of parameter useHostname. If set to 1, variable "smartQ-server-ip" in file "ors.conf" is
set to local host name instead of local IP address
useHostname= 0
The DNS name resolution and the reverse lookup for the ORS server must be functional.
If the ORS server is part of a domain, FQDN will be used instead of the host name . The DNS
suffix must be configured properly in your network.
The FQDN hostname address is used only for purposes of ORS. Internal communication
between SafeQ subsystems (for example ORS<->CML) is always based on IP addresses (even
when useHostname=1).
YSoft SafeQ 5 859

February 03, 2016
9 Terminal server is required for communication between YSoft SafeQ and embedded terminals. If you
are not using embedded terminals at all, you can disable installation of Terminal server by
configuration parameter installTerminalServer. Default value is to have Terminal server installed.
installTerminalServer= 1
10 Terminal server leverages Hostable web core of the IIS. By modifying pf parameter
enableHwcSupport you can set whether all necessary system components shall be set
automatically or you want to do so manually according to Configuring Terminal Server web server.
enableHwcSupport= 1
Installation of web role for embedded IIS web server may take several minutes depending on
system usage and configuration.
Warning
If port 80 is selected in the installer for ORS web interface, then IIS site called "Default Web Site" is
deleted from IIS after installation as the site overrides system settings and uses port 80 instead of
SafeQ web interface. If IIS was already installed before and you select this option, please make sure
that no important site named "Default Web Site" is configured in external IIS otherwise it will be
deleted.
YSOFT SAFEQ ORS INSTALLATION
Before you begin, make sure you have modified the safeq-ors.ini file for your local conditions in the
currently installed environment, even when performing an update.
Start the installation by running installORSv2-exe.cmd
YSoft SafeQ 5 860

February 03, 2016
To install YSoft SafeQ ORS with specific configuration for HW terminal updates, copy your modified safeq.
fwupdate.conf into the directory containing the YSoft SafeQ ORS installation files and run the setup file
with an additional parameter:
installORSv2-exe.cmd safeq.fwupdate.conf.
YSOFT SAFEQ ORS SERVICE CHECK

When you complete the configuration and installation procedures, check to be sure the YSoft SafeQ ORS
server service is running. On the YSoft SafeQ ORS server, open Services (for example: Start > Run >
services.msc) and check the following services:
YSoft SafeQ ORS

YSoft SafeQ ORS Web Service
YSoft SafeQ Terminal Server (only if installed)
For more intensive check, proceed with YSoft SafeQ ORS Health Check.
TROUBLESHOOTING THE ORS INSTALLATION

In case that ORS installation is failing, search the following places for more information about the failure:
1. Install-ORS.log
log is created in the directory with ORS installation packages
2. application event log
see the log on a computer where ORS installation has failed. Some MSI Installer related
messages may be logged here
3. cml.log
log is stored in folder <SafeQ_dir>\logs that can be located on the CML server, which was
specified in safeq-ors.ini ServerIP field
4. ors.log
log is stored in folder <SafeQ_dir>\logs that can be located on the ORS server. Check this
log if installation was successful but ORS server is can not start
UPDATING YSOFT SAFEQ ORS WITH CACHE RECOVERY
IN THIS DOCUMENT
ORS update
About ORS update
ORS update procedure
Verify that the YSoft SafeQ ORS is functional
Cache Recovery
How to enable cache recovery during upgrade
YSoft SafeQ 5 861

February 03, 2016
Cache recovery mechanism overview

How to run recovery
Performance aspects to consider
Number of jobs per ORS
HW configuration
Number of ORSs per CML
CML cluster vs single node
Spooler deletion
When to run cache recovery
Possible problems and consequences
ORS UPDATE
ABOUT ORS UPDATE
To update a version of YSoft SafeQ ORS, use the installORSv2-exe.cmd installation script (the same
script you use for the initial installation).
The installer automatically uninstalls YSoft SafeQ ORS and saves the file guid.conf (with the specific GUID
of this particular ORS) to disk.
The installer then installs the latest version of YSoft SafeQ ORS to the specified folder, using the same
GUID as the previous version.
WARNING
Updating hundreds of ORS servers with Cache Recovery feature enabled
In productions with hundreds of ORS servers, update should not be run "at once". Instead,
updates for ORSs should be split into batches containing ~200 ORS.
In case of upgrading 600 ORSs, administrators should run updates for 200 ORS at first, and once
update is done, proceed to next 200 ORSs and so on.
This process ensures, that CML will not get overloaded and it will be still able to handle other
requests during recovery.
ORS UPDATE PROCEDURE
This section describes the way how to update ORS server.
1 Enable Cache Recovery
Before you start update, verify the ORS cache recovery settings.
Go to System settings and set orsCacheRecovery property to enabled

In case of ORS cache data corruption, cache can be manually deleted and all job-related
metadata will be recovered from CML. If this option is enabled, job consolidation will not be run during
ORS startup.
YSoft SafeQ 5 862

February 03, 2016
NOTE: If you omit this step, all jobs stored on the ORS will lost after the end of procedure.
2 Configuring the safeq-ors.ini file
Prepare safeq-ors.ini according to Installing YSoft SafeQ ORS description with following exceptions:
1. Parameters for safeq-ors.ini can be taken from backup-ed configuration files of ORS server.
2. Set attribute deleteCacheAfterUpdate=1
3 Launching the YSoft SafeQ ORS installer
Make sure you have modified the file safeq-ors.ini for the local conditions in the currently
installed environment, even when performing an update.
a) To start the installation, run the installORSv2-exe.cmd.
or
b) To install YSoft SafeQ ORS with a specific safeq.fwupdate.conf file:
Copy the file safeq.fwupdate.conf to the folder that contains the YSoft SafeQ ORS installation files
and run the installation script with this additional parameter:
installORSv2-exe.cmd <safeq.fwupdate.conf>
4 Updating of hundreds ORS servers
For productions with hundreds of ORSs, and Cache Recovery feature enabled, update should not be
run "at once". Instead, updates for ORSs should be split into batches containing ~200 ORS.
In case of upgrading 600 ORSs, administrators should run updates for 200 ORS at first, and once
update is done, proceed to next 200 ORSs and so on.
This process ensures, that CML won't get overloaded and it will be still able to handle other requests
during cache recovery.
5 Make sure the YSoft SafeQ ORS service is running
Once the update of YSoft SafeQ ORS is finished, make sure the YSoft SafeQ ORS service is
running:
Open Services on the YSoft SafeQ ORS server (Start > Run > services.msc) and check the
following services:
YSoft SafeQ ORS
YSoft SafeQ 5 863

February 03, 2016
YSoft SafeQ Terminal Server

YSoft SafeQ Web Interface
If necessary, start these services.
6 Post-installation step
If scan to home/folder is used, you have to set up once again the account which is used to run the
YSoft SafeQ ORS service.
VERIFY THAT THE YSOFT SAFEQ ORS IS FUNCTIONAL
1 Open the YSoft SafeQ Web Interface and log in as an user with the right to administer printers (e.g.
admin).
2 Select Devices > Printers. The group list (on the left) shows the connected YSoft SafeQ ORS
server. (A new, additional ORS server should not have been created.)
3 Click the ORS icon or ORS server to and verify:
the ORS status indicates that it is connected to the YSoft SafeQ CML
the ORS version shown is the same as the version of the update you installed
CACHE RECOVERY
SafeQ 5 supports recovery of ORS cache after it's deletion. This greatly simplifies upgrade process to
newer versions. In case of cache deletion, ORS will trigger cache recovery process during startup, and all
job-related data lost due to deletion will be re-downloaded from CML again. This document describes
procedure how to use cache recovery (further referenced as "CR") mechanism in production environments.
ORS cache recovery cannot be used to restore data which are unknown to the CML (e.g. statistics which
were not yet synchronized to the CML) and job-related data for print jobs with status DELETED..
CONTENTS

How to run recovery
HW configuration
YSoft SafeQ 5 864

February 03, 2016

Spooler deletion
HOW TO ENABLE CACHE RECOVERY DURING UPGRADE

By default, CR is enabled. CR will be automatically run when upgrading ORS to newer version. This
behavior is ensured by property orsCacheRecovery=true in system settings of SafeQ CML interface (this
requires deleting of ORS cache after update which is assured by deleteCacheAfterUpdate=1 from file
safeq-ors.ini).
By default, both these properties are enabled.
PLEASE NOTE:
Before you choose to upgrade ORS using cache recovery, make sure that CML has property
orsCacheRecovery set to true. If you run ORS upgrade without upgrading CML at first, this property might
be disabled. This would cause that after the ORS upgrade the cache is deleted, but since CML has
orsCacheRecovery=false, CR would not be run. If you encounter such situation, you can proceed with
following steps:
stop ORS node services

set property orsCacheRecovery=true on CML web interface (or upgrading whole CML node)
restart CML services
restart ORS node (CR will be re-run)
CACHE RECOVERY MECHANISM OVERVIEW

CR mechanism is based on message communication between CML and ORS. CR request messages are
sent from ORS to CML, where they're processed, and data is returned back
to ORS. Keep in mind, that CR mechanism is based on transmitting ORS's job-related data from CML.
Each ORS running recovery will send multiple messages to CML as CR requests. CML will load data from
database and sends them back to ORS as response. Please note, that loading data from database
might be expensive operation. If several ORS nodes are running recovery simultaneously, they might
overload CML node. We introduced mechanism for loadbalancing CR
requests on CML, but in case the only one node in the CML cluster is active and hunderds of ORSes are
connected, running a CR might still lead to poor performance of CML.
HOW TO RUN RECOVERY

When performance is concerned, many things must be taken into consideration. One of the most important
one is number of jobs being recovered and number of ORSs connected to CML.
In productions with hundreds of ORS per single CML, CR should not be run "at once". Instead, CR for
ORSs should be split into batches containing ~200 ORS.
In case of upgrading 600 ORSs, administrators should run CR for 200 ORS at first, and once CR is done,
proceed to next 200 ORSs and so on.
YSoft SafeQ 5 865

February 03, 2016
This process should ensure, that CML won't get overloaded and it will be still able to handle other requests
during recovery.
(You can see whether CR phase is done by monitoring CPU/hdd activity on CML)
PERFORMANCE ASPECTS TO CONSIDER

Following aspect directly influence CR performance
NUMBER OF JOBS PER ORS
Number of jobs which are being recovered is important aspect of CR. All job-related metadata (lost during
cache deletion, or possibly by upgrade) will be downloaded from CML to ORS.
According to number of jobs, amount of transferred metadata differs in size and might affect overall duration
of CR. We also need to take in consideration time and resources needed
for loading metadata from database, which is slowest element in whole CR process.
HW CONFIGURATION
HW setup is important mainly from DB(hdd/ssd) and CPU speed. Handling several hundreds of CR
messages on CML side utilizes CPU, while loading CR metadata from DB utilizes HDD/SSD.
Performance of these elements must be taken into consideration.
NUMBER OF ORSS PER CML
Number of ORSs connected to CML is related to overall performance of CML during CR. More ORSs
requesting recovery will consume more resources on CML side. Sudden onslaught of hundreds
of ORSs on single CML node might overload that node, and it would become unresponsive. This scenario
should be avoided as described in section 3) How to run recovery.
Please note, that even that we have load balancing on CML, it would not be able to serve such amount of
sudden CR requests, and load would not be balanced out among other nodes.
CML CLUSTER VS SINGLE NODE
In case of running CR in single CML node environment, extra precaution should be taken. CR (or upgrading
of ORS nodes) should always be run sequentially, and not at once on all ORS nodes!
SPOOLER DELETION
In case of ORS spooler deletion, all jobs belonging to this ORS will be marked on CML as DELETED. This
adds additional overhead to CML node, since it'll need to update database records
for these jobs. This operation might be time consuming and must be taken into account when running CR.
(if spoolers are deleted, number of ORSs in single CR batch should be further decreased)
WHEN TO RUN CACHE RECOVERY

Since CR consumes high amount of resources, it's not recommended to run CR during high-traffic period.
Please note, that ORS needs some time to replicate metadata of received jobs to CML. Only after this step
is done, job metadata becomes available for CR. If ORS node is shut down immediately after job is
received, it's highly probable, that ORS-generated metadata will not be transmitted to CML, and CR
mechanism will remove it from ORS spooler.
POSSIBLE PROBLEMS AND CONSEQUENCES

In case of CML getting "frozen" during CR process, it's recommended to wait until it becomes responsive
again. If you get into such situation, CML is not able to handle such thrust from ORS
nodes. You need to decrease number of ORSs being recovered/upgraded. YOU ALSO NEED TO DELETE
CACHES ON THESE ORS NODES. This will trigger CR process from scratch once you start these nodes.
CR process is safe in context of repetition. At any time during CR process, data are consistent between
ORS and CML.
YSoft SafeQ 5 866

February 03, 2016
4.8.3 INSTALLING YSOFT SAFEQ CRS SERVER
MS SQL SERVER INSTALLATION PROCEDURES:
MS SQL Server 2008 installation procedure

MS SQL Server 2012 installation procedure
INSTALLING AND UPDATING YSOFT SAFEQ CRS
CRS - Prerequisites for installation

CRS configuration
Installing YSoft SafeQ CRS
Installing YSoft SafeQ CRS on instance
Updating YSoft SafeQ CRS
Troubleshooting CRS Enterprise installation
SAFEQ CML SETTINGS
Setting the CML server to be the CRS client
The YSoft SafeQ CRS version must match the YSoft SafeQ CML version.
INSTALLING YSOFT SAFEQ CRS
SUPPORTED DATABASES

YSoft SafeQ 5 867

February 03, 2016

Pack

higher

R2 higher
INSTALLATION PREREQUISITES
SafeQ is running.
Database Engine
SQL Server Agent
Analysis Services
Reporting Services

YSoft SafeQ 5 868

February 03, 2016
db_datawriter.
db_ssisoperator.
INSTALLATION PROCEDURE
This section describes how to install YSoft SafeQ CRS Enterprise, OLAP cubes, and reports in MS SQL
Reporting Services.
1 Open the Reporting Services Configuration utility (Start > Programs > Microsoft SQL Server
20xx > Configuration tools):
2 Configure CRS server according to CRS configuration page
3 Run the install.bat program to begin the installation: InstallPackages\install.bat.
The command prompt opens. Enter the environment name, including the path to the currently
installed node:
YSoft SafeQ 5 869

February 03, 2016
Example: crs\TEST\node1
4 You can see the installation progress in the command prompt.
5 Check step
When installation is finished, YSoft SafeQ CRS is ready to use.
Go to the website http://hostname/reports (hostname = SafeQ CRS server name). You should see
the Reporting Services Web interface.
NOTE: The Reporting Services Web interface appears only if reporting services are installed
(installReportingServices = true).
YSoft SafeQ 5 870

February 03, 2016
CRS CONFIGURATION
This page describes configuration for CRS installation. See also the page Data management and backup for
further information.
We highly advise you that you make a backup of "DeploymentConfig" folder once the
configuration is finished. The backup of your original settings will be very useful in case of
CRS recovery or update and it shall be stored in the safe location.
GLOBAL CONFIGURATION
DeploymentConfig\env.ini:
//Enables services startup at the end of installation.

startupServicesAfterInstall= true
//SMTP configuration
mailServer=<SMTP_IP_ADDRESS>
mailServerBackup=<SMTP_BACKUP_IP_ADDRESS>
mailFrom=<MAIL_FROM>
mailUser=<USER>
mailPass=<USER_PASSWORD>
// If SSL or TSL is enabled, it is used for communication with the SMTP mail server. SSL or TLS
must be enabled also on your mail server.
// Both properties mailSmtpSsl and mailSmtpTls should not be enabled at once.
mailSmtpSsl = false
mailSmtpTls = false
//Administrator e-mail address where system will send alerts (eg. if a printer fails).
adminEmail=<ADMIN_EMAIL>
//If send-email-after-startup is enabled, an e-mail will be sent to adminEmail each time the
SafeQ service starts.
//Do not enable this feature unless you are sure that adminEmail and mailserver options are
configured correctly.
send-email-after-startup=true
// Localization
// supported languages: cs,en,sk,es
int_languages= en
int_defaultLanguage= en
// currency - USD($ %) 840, EUR(â‚¬ %) 978, CZK(% KÄ) 203, GBP(Â %) 826, HUF(% Ft) 348
// character Â¤ will be replaced by int_currency variable
int_currency_fmt=¤%
int_currency=$
int_currency_name = USD
Note: If a mail server does not require authentication, do not specify mailUser and mailPass properties.
Otherwise an authentication error from mailserver appears and sending fails.
YSoft SafeQ 5 871

February 03, 2016
Open DeploymentConfig\crs\env.ini and enter all necessary configurations.

WARNING: In paths, use a single slash ( / ) or double backslash ( \ \ ). DO NOT USE a single
backslash ( \ ).
//Internal sybsystem identification parameter (Do not edit this parameter.)

subsystem = CRS
//Database engine installation type

//(Do not edit this parameter because only the external MSSQL database engine is supported
for the CRS subsystem.)
embeddedDBInstall = false
//Database instance creation type (For the first installation, use the *clean-full-cluster*
value.)
databaseInstanceType = clean-full-cluster
//clean-full-cluster:
// Creates empty database instances yBoxDB and yBoxDBCDC.
// Executes initial SQL scripts. After installation, performs database validation.
//existing-db:
//Connects to existing database instances yBoxDB and yBoxDBCDC with no changes;
//yboxDBRep will be created from scratch.
// MSSQL DB version (For the first installation, use the *autodetect* value.)
dbVersion = autodetect
//Allowed values: \\
// MSSQL 2008 = 10.0
// MSSQL 2008 R2 = 10.50
// MSSQL 2012 = 11
//MSSQL DB edition (required for correct cube installation/upgrade)

dbEdition = autodetect
//Allowed values:
// standard = 2*
// enterprise = 3*
//Enables installation of reporting services (database

//repDbName, replication, reports & builder components in MSSQL)
//default false
installReportingServices = true
//path to binn directory of installed MS SQL Server

//for x64 bit platforms this path must be set
//to 32bit version, e.g. c:\\Program Files (x86)\\Microsoft SQL Server\\100\\DTS\\Binn\\
//use \\ instead of single / as a directory separator
//default "" (Binn directory is by default in PATH variable)
crs-database-path =
//Target (installation) directory of CRS node

//Required field
targetDir = C:/SafeQCRS
//if branch is not known for CDC server, should it create one? [default=true]
cdc-register-new-branch = true
YSoft SafeQ 5 872

February 03, 2016
//year from we have data in DWH [yBoxDBCDC]

dataYearStart = 2011
In the same env.ini file, enter all required values in the Database connection settings sections:
//Database type identification (The only allowed value for the CRS subsystem is *MSSQL*.)
dbClass=MSSQL
//JDBC driver class (Do not edit this parameter.)

dbDriver=net.sourceforge.jtds.jdbc.Driver
//relation database server for CRS (IP address or hostname of server with MSSQL database)
sqlDbServer = 127.0.0.1
//SQL server instance

//if default instance is used, leave this string empty.
//if a custom server instance is used, set the parameter to instance=<INSTANCE_NAME>, e.
g.
//sqlDbInstance = instance=MYINSTANCE
//the whole value becomes part of the DB connection URL
sqlDbInstance =
//relation database server name for CRS

sqlDbServerName = test
//Database port (Use the default port: *1433*.)

dbPort=1433
//Database encoding (Use *UTF-8*.)

dbEncoding=UTF-8
//Database account name for CRS service (default: *sa*)

dbUser=
//Database account password for CRS service

// (If empty, the password will be set during the installation process.)
dbPass=
//Operational database instance name (Use the default values.)

dbName=yBoxDB
//CDC database instance name(Use the default values.)

cdcDbName=yBoxDBCDC
//CDC database owner (If the username is sa, enter dbo.)

cdcDbOwner=dbo
//how many calendar years will be in DWH [yBoxDBCDC]

//default is 1
archiveDataYears = 1
//is DWH [yBoxDBCDC] backup enabled

//default is true
YSoft SafeQ 5 873

February 03, 2016
enableDBBackup = true
//backup path db + cube

//is DWH [yBoxDBCDC] cleanup enabled

//default is true
enableDBCleanup = true
In the same env.ini file, enter all required values in the Cube & package settings
sections:
//olap database server

olapDbServer = 127.0.0.1
//relation database user for CRS (empty = dbUser)

olapSqlUser =
//relation database password for CRS (empty = dbPasswd

olapSqlPasswd =
//olap database domain user for CRS (empty value = current user)
olapDomainUser =
//olap database domain password for CRS

olapDomainPasswd =
//olap full cube template path

//cdcCubeTplPath = @targetDir@\scripts\CUBE\4_cubecreate\
//see Utils.setupEnv4CRS
//CDC cube name

cdcCubeName = SafeQCDC
//Job name
//needed for 'cdc-build-cube = spstartjob' option
//default: BuildCubeSafeq
cdc-jobname = BuildCubeSafeq
//CDC server domain

cdcServerDomain =
//how old full cube is archived, number of monthes, default 3

cdcArchiveCubeMonths = 3
//if we delete old full cubes, 0/1, default 1

cdcDeleteOldCubes = 1
//enables installation and processing of Cube RV

enableCubeRV = false
//how many calendar years will be in cube

//default is 1
YSoft SafeQ 5 874

February 03, 2016
cdcArchiveCubePeriod = 1
//is base cube backup enabled

//default is 1
cdcEnableBackupCubeBase = 1
//is full cube backup enabled

//default is 1
cdcEnableBackupCubeFull = 1
//is base cube cleanup enabled [1 - yes, 0 no]

//default is 1
enableBaseCubeCleanup = 1
In the same env.ini file, enter all required values in the Integration services settings
sections:
//integration database server

intDbServer = 127.0.0.1
//relation database user for CRS (empty = dbUser)

intSqlUser =
//relation database password for CRS (empty = dbPasswd)

intSqlPasswd =
//Type of cube processing

//allowed values: safeq (local MSSQL), spstartjob (external MSSQL), none (other)
//default: safeq
cdc-build-cube = safeq
//CDC package name

//needed for 'cdc-build-cube = safeq' option
//default: PackageBuildCubeSafeq
cdcPackageName = PackageBuildCubeSafeq
In the same env.ini file, enter all required values in the Reporting services settings sections:
//reporting database server

repDbServer = 127.0.0.1
//relation domain user for reports (empty = dbUser)

repDomainUser =
//relation domain user for reports (empty = dbPasswd)

repDomainPasswd =
//relation database user for reports (empty = repDomainUser)

repSqlUser =
//relation database password for reports (empty = repDomainPasswd)
YSoft SafeQ 5 875

February 03, 2016
repSqlPasswd =
//replication folder, publisher-subscriber

//repFolder = @targetDir@\replication\
//see Utils.setupEnv4CRS
//database name for reporting services

repDbName=yBoxDBREP
//publisher name used for replication

repPubName=SafeQREP
//Name of report builder

//default is "SafeQ Report Builder"
repBuildName=SafeQ Report Builder
//Name of reports
//default is "SafeQ Reports"
repReportsName=SafeQ Reports
//domain name of report server

//default is localhost
repServerDomain = localhost
//virtual dir of report server

//default is ReportServer
repVirtualDir = ReportServer
//if branch is not known for CDC server, should it create one? [default=true]
cdc-register-new-branch = true
//number of decimal places displayed in web reports

cdcPricePrecision = 2
//enable/disable DB optimization on CRS, default false

//should nbe enabled for external DB engines
disableCRSDBOptimization = false
//Each of these properties will list the email addresses that will receive an email
//notification once the data reception / data processing after reception is finished
//successfully / with an error. (When the property is empty, the notification will not be sent.)
//notify-receive-success-recipients = example@email.com
notify-receive-success-recipients =
//notify-receive-failure-recipients = example@email.com
notify-receive-failure-recipients =
//notify-process-success-recipients = example@email.com
notify-process-success-recipients =
//notify-process-failure-recipients = example@email.com
notify-process-failure-recipients =
//CDC ENT type (true/false)

cdc_enable_enterprise = true
YSoft SafeQ 5 876

February 03, 2016
//Mappings setting - these tables would be mapped in ent CDC

cdc-mappings-ent = users_user;smartq_devices;smartq_devices_groups;safeq_projects;
smartq_stats_filetype;users_ou;smartq_servers;smartq_cdc_counters;safeq_data_repair_cdcstats;
safeq_stats_bad_safeq_projects;safeq_stats_bad_smartq_devices_groups;
safeq_stats_bad_smartq_devices;safeq_stats_bad_smartq_stats_filetype;safeq_stats_bad_users_ou;
safeq_stats_bad_users_user;safeq_subdata_bad_smartq_devices;safeq_subdata_bad_users_user;
cdc-mapping-ent-users_user = 3;login
cdc-mapping-ent-smartq_devices = 3;ip_address
cdc-mapping-ent-smartq_devices_groups = 3;name
cdc-mapping-ent-safeq_projects = 3;code
cdc-mapping-ent-smartq_stats_filetype = 3;prefix
cdc-mapping-ent-users_ou = 3;name
cdc-mapping-ent-smartq_servers = 3;code
cdc-mapping-ent-smartq_cdc_counters = 3;id
cdc-mapping-ent-safeq_data_repair_cdcstats = 3;id
cdc-mapping-ent-safeq_stats_bad_safeq_projects = 3;id
cdc-mapping-ent-safeq_stats_bad_smartq_devices_groups = 3;id
cdc-mapping-ent-safeq_stats_bad_smartq_devices = 3;id
cdc-mapping-ent-safeq_stats_bad_smartq_stats_filetype = 3;id
cdc-mapping-ent-safeq_stats_bad_users_ou = 3;id
cdc-mapping-ent-safeq_stats_bad_users_user = 3;id
cdc-mapping-ent-safeq_subdata_bad_smartq_devices = 3;id
cdc-mapping-ent-safeq_subdata_bad_users_user = 3;id
//enable/disable generating basic reports in CRS

enable-reporting-services = false
//how many calendar years will be in web reports

//default is 1
archiveReportsYears = 1
//is web reports cleanup enabled

//default is true
enableReportsCleanup = true
Open DeploymentConfig\crs\TEST\node1\env.ini and edit all required

attributes.
//unique CRS GUID

GUID = TEST-CRS
//IP address of installed CRS server

smartQ-server-ip =
//CRS server name

smartQ-server-name =
//Additional CRS server info (Keep this setting's default.)

smartQ-server-id = 1
smartQ-server-dbflag = 2
Save and close the env.ini file and continue to the next step.
YSoft SafeQ 5 877

February 03, 2016
CRS - PREREQUISITES FOR INSTALLATION

SafeQ is running.
Database Engine
SQL Server Agent
Analysis Services
Reporting Services

db_datawriter.
YSoft SafeQ 5 878

February 03, 2016
db_ssisoperator.
CRS - SUPPORTED DATABASES



Pack

higher

R2 higher
INSTALLING YSOFT SAFEQ CRS ON INSTANCE
ABOUT
This page contains basic informations for SafeQ CRS installation on MS-SQL instance.
MS-SQL TCP PORT CONFIGURATION

MS-SQL instance TCP port configuration
YSoft SafeQ 5 879

February 03, 2016
1 Open SQL Server Configuration manager (start ->Microsoft SQL Server -> Configuration Tools
-> SQL Configuration manager).
2 Select installed instance and open Properties for TCP/IP (enable TCP/IP if is disabled).
3 Set TCP Port to 1489 (or any non-occupied TCP port).
Avoid using 1434. This port is used by MSSQL - DAC. Use higher port number, e.g.: 1489
YSoft SafeQ 5 880

February 03, 2016
4 Apply changes and restart MS-SQL instance services.
CRS INSTANCE CONFIGURATION
1 Enter instance name in to DeploymentConfig\crs\env.ini
Original line in configuration:
sqlDbInstance =
# Example: sqlDbInstance =Instance1
Updated config:
sqlDbInstance = Instance1
2 In the same env.ini configure TCP port for connection to Instance server
Original line in configuration:
dbPort=
# NOTE: Important: avoid using 1434 . This port is used by
MSSQL - DAC. Use higher port number, e.g.: 1481 .
Updated configuration:
dbPort= 1489
3 Continue with installation according to Installing YSoft SafeQ CRS
MS SQL SERVER 2008 INSTALLATION PROCEDURE
ABOUT
This Document provides step by step instruction for installation of MS SQL Server 2008 for YSoft SafeQ
CRS server. Document is divided in to several parts:
Installing MS SQL Server 2008

Verifying correct installation of MS SQL Server 2008 Reporting Services
Setting the location of the database for MS SQL Server
YSoft SafeQ 5 881

February 03, 2016
Images in this section are illustrative only, and may be different according to the Windows service
pack you are using.
YSoft SafeQ 5 882

February 03, 2016
INSTALLING MS SQL SERVER 2008
1 Insert the installation medium into the computer. When the SQL Server Installation Center window
appears, select New installation or add features to an existing installation.
2 The SQL Server installer copies all required files to the server. Click OK to continue.
3 Enter the SQL Server product key; then click Next.
4 Accept the license agreement; then click Next.
YSoft SafeQ 5 883

February 03, 2016
5 Click Install to begin copying the supported files.
6 Click Next to continue.
YSoft SafeQ 5 884

February 03, 2016
7 Select SQL Server Feature Installation; then click Next.
8 On the Feature Selection page:
1. a. Select the features to install.

For YSoft SafeQ CRS, the following features are required:
- Database Engine Services
- SQL Server Replication
- Analysis Services
- Reporting Services
- Integration Services
- Management Tool
b. Select the Shared feature directory for the installation.
c. Click Next.
YSoft SafeQ 5 885

February 03, 2016
9 Keep Default Instance selected and click Next.
10 Check disk space requirements. If enough free space is available, click Next.
YSoft SafeQ 5 886

February 03, 2016
11 On the Server Configuration page:
1. a. Specify the service accounts.

b. For the SQL Server Agent service, change the Startup Type to Automatic.
c. Click Next.
12
1. a. Select Mixed Mode.
b. Enter the password.
c. Specify the SQL Server Administrator account.
d. Click Next.
YSoft SafeQ 5 887

February 03, 2016
13 Specify users with administrative permissions for Analysis Services; then click Next.
14 Select the Install the native mode default configuration option; then click Next.
YSoft SafeQ 5 888

February 03, 2016
15 Click Next.
16 Click Next.
YSoft SafeQ 5 889

February 03, 2016
17 SQL Server is ready to install. Click Next.
18 When installation is complete, click Next.
YSoft SafeQ 5 890

February 03, 2016
19 Click Close.
20 Enable replication as follows:

Start Microsoft SQL Management Studio and connect to the Database Engine as the user sa.
Right-click Replication to display the context menu; then select Configure Distribution. (If this
menu is not available and you see Publisher properties instead, this step has probably already
been done and you can proceed to next step).
In the window that opens, click Next; then Finish; then Finish again.
Replication is now enabled.
21 Set permissions for Reporting Services (if they were installed)
1.
a.
YSoft SafeQ 5 891

February 03, 2016
1.
a. Open http://<CRSServerIP>/reports in your Internet browser

b. Log in using administrative account for reporting services
c. Press Site Settings in the upper right corner
d. Select Security tab on the left side of the window
e. Press New Role assignment -> in the Group or user name field type in
BUILTIN\Users
f. Place a checkbox next to "System User"
g. Click OK
VERIFYING CORRECT INSTALLATION OF MS SQL SERVER 2008 REPORTING SERVICES

On the server where you just installed MS SQL Server 2008, verify that the service "SQL Server Reporting
Services" is correctly installed:
Open your Web browser and enter http://%IPADDRESS%/reports.
%IPADDRESS% = IP address of the installed MS-SQL server
If the page shown here opens, "Reporting Services" is correctly installed.
If the SQL Server Reporting Services page does not appear as shown here, see Troubleshooting
CRS Enterprise installation
SETTING THE LOCATION OF THE DATABASE FOR MS SQL SERVER

This section describes how to set the location of database files in Microsoft SQL Server 2008 to another
database server disk.
Images are for illustration purposes only. Your screens may look a little different.
1 Run Microsoft SQL Server Management Studio and connect to Database Engine. Use the sa login.
YSoft SafeQ 5 892

February 03, 2016
2 Right-click the database server and select Properties.
3 Select Database Settings.
YSoft SafeQ 5 893

February 03, 2016
4 Enter the new location for databases by clicking the browse ( ... ) button and selecting the location, or
by entering the path in the text box.
5 Click OK (located at the bottom of the page) to save the new location.
YSoft SafeQ 5 894

February 03, 2016
MS SQL SERVER 2012 INSTALLATION PROCEDURE
ABOUT
This Document provides step by step instruction for installation of MS SQL Server 2012 for YSoft SafeQ
CRS server. Document is divided in to several parts:
Installing MS SQL Server 2012

Verifying correct installation of MS SQL Server 2012 Reporting Services
Setting the location of the database for MS SQL Server
Images in this section are illustrative only, and may be different according to the Windows service
pack you are using.
YSoft SafeQ 5 895

February 03, 2016
INSTALLING MS SQL SERVER 2012
1 Insert the installation medium into the computer. When the SQL Server Installation Center window
appears, select New installation or add features to an existing installation.
2 The SQL Server installer copies all required files to the server. Click OK to continue.
3 Enter the SQL Server product key; then click Next.
YSoft SafeQ 5 896

February 03, 2016
4 Accept the license agreement; then click Next.
5 Click Install to begin copying the supported files.
YSoft SafeQ 5 897

February 03, 2016
6 Click Next to continue.
7 Select SQL Server Feature Installation; then click Next.
YSoft SafeQ 5 898

February 03, 2016
8 On the Feature Selection page:
Select the features to install.
1. a. For YSoft SafeQ CRS, the following features are required:

- Database Engine Services
- SQL Server Replication
- Analysis Services
- Reporting Services
- Integration Services
- Management Tool
b.
YSoft SafeQ 5 899

February 03, 2016
b. Select the Shared feature directory for the installation.

c. Click Next.
9 Keep Default Instance selected and click Next.
10 Check disk space requirements. If enough free space is available, click Next.
11 On the Server Configuration page:
1. a. Specify the service accounts.

b. For the SQL Server Agent service, change the Startup Type to Automatic.
c. Click Next.
YSoft SafeQ 5 900

February 03, 2016
12
1. a. Select Mixed Mode.
b. Enter the password.
c. Specify the SQL Server Administrator account.
d. Click Next.
13 Specify users with administrative permissions for Analysis Services; then click Next.
YSoft SafeQ 5 901

February 03, 2016
14 Select the Install the native mode default configuration option (Reporting Service configuration);
then click Next.
15 Click Next.
YSoft SafeQ 5 902

February 03, 2016
16 Click Next.
17 SQL Server is ready to install. Click Next.
YSoft SafeQ 5 903

February 03, 2016
18 When installation is complete, click Next.
19 Click Close.
YSoft SafeQ 5 904

February 03, 2016

Start Microsoft SQL Management Studio and connect to the Database Engine as the user sa.
Right-click Replication to display the context menu; then select Configure Distribution. (If this
menu is not available and you see Publisher properties instead, this step has probably already
been done and you can proceed to next step).
In the window that opens, click Next; then Finish; then Finish again.
Replication is now enabled.
21 Set permissions for Reporting Services (if they were installed)
1. a. Open http://<CRSServerIP>/reports in your Internet browser

b. Log in using administrative account for reporting services
c. Press Site Settings in the upper right corner
d.
YSoft SafeQ 5 905

1.
February 03, 2016
d. Select Security tab on the left side of the window

e. Press New Role assignment -> in the Group or user name field type in
BUILTIN\Users
f. Place a checkbox next to "System User"
g. Click OK
VERIFYING CORRECT INSTALLATION OF MS SQL SERVER 2012 REPORTING SERVICES

On the server where you just installed MS SQL Server 2012, verify that the service "SQL Server Reporting
Services" is correctly installed:
Open your Web browser and enter http://%IPADDRESS%/reports.
%IPADDRESS% = IP address of the installed MS-SQL server
If the page shown here opens, "Reporting Services" is correctly installed.
If the SQL Server Reporting Services page does not appear as shown here, see Troubleshooting
CRS Enterprise installation
SETTING THE LOCATION OF THE DATABASE FOR MS SQL SERVER

This section describes how to set the location of database files in Microsoft SQL Server 2012 to another
database server disk.
Images are for illustration purposes only. Your screens may look a little different.
1 Run Microsoft SQL Server Management Studio and connect to Database Engine. Use the sa login.
YSoft SafeQ 5 906

February 03, 2016
2 Right-click the database server and select Properties.
3 Select Database Settings.
YSoft SafeQ 5 907

February 03, 2016
4 Enter the new location for databases by clicking the browse ( ... ) button and selecting the location, or
by entering the path in the text box.
5 Click OK (located at the bottom of the page) to save the new location.
YSoft SafeQ 5 908

February 03, 2016
SETTING THE CML SERVER TO BE THE CRS CLIENT
PERFORM THIS PROCEDURE ONLY ON THE CML MASTER SERVER (ON THE FIRST CLUSTER NODE).
SET THE FOLLOWING VALUES IN THE CONFIGURATION FILE <SAFEQDIR>\CONF\STARTUP.CONF
If the values already exist, update them as follows. If they do not exist, create them:
cdc_enable_enterprise = true
cdc-sender = true
SET THE FOLLOWING VALUES IN THE CONFIGURATION VIA THE WEB INTERFACE:
cdc-branch = the unique identification of this client. The value is combination of „smartQ-server-name“ from
„startup.conf“ file from the first cluster node and „cdc-branch-locality“ from the system settings
cdc-server-IP = Fill in the IP address of the CRS server
YSoft SafeQ 5 909

February 03, 2016
cdc-time-windows = Time when statistics data are sent to CRS server
Remember that when the service starts up, recalculations occur only every hour. For testing purposes, if
you want the data to appear in the statistics without having to wait for an hour, you can set the sending time
(for example, to every minute) by selecting cdc-time-intervals=60000 (and commenting choice cdc-time-
windows). After configuration, restart both servers gradually (CRS and CML sender). cdc-time-intervals
has higher priority than configuration in cdc-time-windows.
TROUBLESHOOTING CRS ENTERPRISE INSTALLATION
This section describes basic problems that may occur, their possible causes, and suggestions for solutions.
This section will be continually updated as necessary. This section does not include all possible failures and
their solutions.
1 If MS SQL server cannot be installed or if the following error appears when you try to access the
Reporting Service:
Description: An unhandled exception occurred during the execution of the current Web request.
Review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.HttpException: The current identity (NT AUTHORITY\NETWORK

SERVICE) does not have write access to 'C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727
\Temporary ASP.NET Files'.
Source Error: An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can be identified using the
exception stack trace below.
Stack Trace:
[HttpException (0x80004005): The current identity (NT AUTHORITY\NETWORK SERVICE) does not
have write access to
'C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files'.]
System.Web.HttpRuntime.SetUpCodegenDirectory(CompilationSection
compilationSection) \+11329385
   System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags) \+35
6
\[HttpException (0x80004005): The current identity (NT AUTHORITY\NETWORK SERVICE) does
not have write access to
'C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files'.\]
   System.Web.HttpRuntime.FirstRequestInit(HttpContext context) \+11294470
   System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) \+88
YSoft SafeQ 5 910

February 03, 2016
   System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) \+1116816

8
*Version Information:* Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.
0.50727.3082
Possible solutions to the problem:
1. Open a command prompt.

2. Navigate to: C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727
3. Run this command: aspnet_regiis.exe -i
2 If you export reports to MS Excel for accounting print costs, it is necessary to have a user named
safeq_reporter in the relational database. This user must have a password and access rights to the
CRS database yBoxDBCDC).
3 If CRS installation or update fails, you can set up log files to include detailed log messages. Using a
text editor with UTF-8 support, open the file InstallPackages\deployer\scripts\log4j-deployment.
xml. In the section shown here, change the value debug to trace:
<root>
<level value="debug" />
<appender-ref ref="console_app"/>
</root>
Save the file and run the installation procedure again. The log file now includes detailed log
messages (for example, output resulting from executing third-party tools and programs for installation
of cube, reporting services, etc.).
YSoft SafeQ 5 911

February 03, 2016
INSTALLATION SCRIPTS
ABOUT
This chapter describes all scripts in YSoft SafeQ CRS installer.
These scripts are available only for CRS installer.
All installation scripts are available in the installation package (InstallPackages folder).
To see the list of supported parameters for each script, run the script with the parameter -help
. For example, to get help for the backup script, issue the command:
InstallPackages\backup.bat -help
INSTALL.BAT
Script for installing YSoft SafeQ CRS Server. For more information see chapter Installing YSoft SafeQ
CRS.
UPDATE.BAT
Script for updating of YSoft SafeQ CRS Server. For more information see chapter Updating YSoft
SafeQ CRS.
YSoft SafeQ 5 912

February 03, 2016
BACKUP.BAT
This script performs a backup of your currently installed YSoft SafeQ CRS server.
1) Configure YSoft SafeQ CRS installer according to CRS configuration.
2) Begin the backup by running the backup.bat program: InstallPackages\backup.bat.
Enter environment name (Example: crs\TEST\node1)
Backup will perform following operations:

dump_yBoxDB_201310220817.backup - YSoft SafeQ CRS database backup with timestamp
dump_yBoxDBCDC_201310220817.backup - YSoft SafeQ CRS datawarehouse backup with
timestamp
SafeQCRSBackup.zip that contains:
bin\
build\
conf\
3) SafeQ CML will be backed up into the folder according to installer

settings:
# Backup directory ( for storing CRS files backup and database

dumps)
# Default: C:/SafeQCRS-Backups
backupDir=C:/SafeQCRS-Backups
# Max roll count of created backups of CRS files

# Default value: 3
backupFilesMaxRollFileCount = 3
YSoft SafeQ 5 913

February 03, 2016
4) When the backup is finished, close the command prompt window.
To make it possible to schedule a regular unattended backup, some command-line parameters must
be used to avoid the backup script pausing and waiting for user input. The minimum set of parameters
needed to achieve this is:
-env <EnvironmentName>
-nopause
For example, the complete command line could be:
InstallPackages\backup.bat -nopause -env crs\TEST\node1
UNINSTALL.BAT
Using this script you can uninstall existing YSoft SafeQ CRS server. For more information see chapter
Uninstalling YSoft SafeQ CRS.
STATUS.BAT
This script performs check of status of your currently installed YSoft SafeQ CRS server.
1) Use the configured YSoft SafeQ CRS installer according to CRS configuration and run status.bat
(InstallPackages\status.bat.)
2) Enter environment name (Example: crs\TEST\node1)
3)
YSoft SafeQ 5 914

February 03, 2016
Status.bat will check your current configuration and write it in to InstallPackages\logs\status.

log.
Following properties will be checked:
Input parameters
System properties
SafeQ Services
Configuration
Free disk space
logs size
UPDATING YSOFT SAFEQ CRS
ABOUT
This section describes how to update an older (already installed) version of YSoft SafeQ Central Reporting
Services (CRS).
If you are installing YSoft SafeQ CRS for the first time (that is, a clean installation), go to Installing YSoft
SafeQ CRS.
YSoft SafeQ 5 915

February 03, 2016
CRS SERVER UPDATE PROCESS
1 Skip this step in the case that you have already pre-configured installation files of CRS server.
Configure CRS installator according to CRS configuration page
2 Begin the update by running the update.bat as an administrator. Program is stored in

InstallPackages\update.bat. The command prompt will be opened.
NOTE: File log4j.xml located in conf folder will be overwritten by new one, when updating to
Service Release 4 or higher. That means, custom log settings will be lost.
3 Enter the environment name, including the version and the path of the currently installed node:
4 The CRS installer performs backup according to CRS configuration settings.
NOTE: Database backup time depends on the size of the databases.
5 The CRS installer checks all available information about the currently installed CRS and updates it
with the latest version.
6 When the update is finished, close the command prompt window.
YSoft SafeQ 5 916

February 03, 2016
4.8.4 UNINSTALLING YSOFT SAFEQ SERVER
This page is a directory for Server Uninstallation Guides
Uninstalling instructions about SafeQ CML can be found:Uninstalling YSoft SafeQ CML and database
Uninstalling instructions about SafeQ ORS can be found:Uninstalling YSoft SafeQ ORS
Uninstalling instructions about SafeQ CRS can be found:Uninstalling YSoft SafeQ CRS
UNINSTALLING YSOFT SAFEQ CML AND DATABASE
This chapter describes how to uninstall the CML server.
SAFEQ SERVER UNINSTALL

You can uninstall SafeQ server through uninst.exe placed in SafeQ5 folder, or using "Add and remove
programs"
YSoft SafeQ 5 917

February 03, 2016
YSoft SafeQ 5 918

February 03, 2016
If you installed SafeQ Server on External database, database will not be un-installed and remains
on server.
UNINSTALLING YSOFT SAFEQ ORS

You can use either of the methods described below to uninstall SafeQ ORS.
UNINSTALLING YSOFT SAFEQ ORS MANUALLY

To uninstall SafeQ ORS from your computer, open Add or Remove Programs (Start->Setting-> Control
Panel->Add or Remove Programs)
Select SafeQ ORS; then click Remove. Uninstallation begins.
If the original SafeQORS directory remains after uninstallation and you do not need to keep any print
jobs, delete the directory.
UNINSTALLING YSOFT SAFEQ ORS VIA THE COMMAND LINE (AUTOMATICALLY)

In the installation source directory, run the following script to uninstall YSoft SafeQ ORS form your server:
uninstallORS.cmd
If the original SafeQORS directory remains after uninstallation and you do not need to keep any
print jobs, delete the directory.
UNINSTALLING YSOFT SAFEQ CRS

This chapter describes how to uninstall the YSoft SafeQ CRS server.
YSoft SafeQ 5 919

February 03, 2016
To uninstall CRS, please follow these steps:
1 This chapter describes how to uninstall the YSoft SafeQ CRS server.
Begin the uninstallation by running the uninstall.bat script from: InstallPackages\uninstall.bat.
The command prompt opens. Enter the environment name to installed node:
Example for first node: crs\TEST\node1
2 The installer will uninstall YSoft SafeQ CRS from your server as follows:
Stops/uninstalls services. (Even if the target directory is deleted/corrupted, services are removed from
the Windows registry.)
Uninstalls database YBOXDBREP.

Uninstalls BASIC CUBES.
Uninstalls PACKAGES.
Uninstalls replication.
Removes installed files
NOTES:
If deleteTargetDir parameter is set, the entire content of targetDir is removed, including
configuration, scripts and logs files.
If deleteTargetDir parameter is NOT set, directories conf, server, logs and scripts are preserved.
If dropDBInstances parameter is set, database instances YBOXDB and YBOXDBCDC are
uninstalled
3 Close the command prompt when the uninstallation is finished.
YSoft SafeQ 5 920

February 03, 2016
4.8.5 ANTIVIRUS SETTINGS FOR YSOFT SAFEQ
ANTIVIRUS SETTINGS FOR YSOFT SAFEQ
Exclude all SafeQ folders from antivirus checks, including SafeQ spooler (the folder the physical jobs data
are stored in) and SafeQ database files (if embedded database is used, no matter it is PostgreSQL or
Microsoft SQL server).
If antivirus protection is installed on the SafeQ server, the entire SafeQ directory, SafeQ system services,
data storage for incoming jobs (spooler) on CRS server MS-SQL DB, and the entire SafeQCRS folder must
be removed from the regular (runtime) antivirus test.
These settings primarily protect the print subsystem and log files from becoming locked, damaged, and/or
from "freezing" or slowing down. A typical symptom caused by antivirus protection is "zero-byte" files. File
system Indexing must be disabled at all the following directories.
The same settings apply for central components (CML) and remote spooler (ORS).
Folder CML Value Example ORS Value Example CRS Value Extensions
content Example Example
SafeQ \SafeQ5 \SafeQORS \SafeQCRS\ *.* (*.jar)

installation
folder
including
sub-folders
Folder for \SafeQ5\logs | \SafeQORS\logs | \SafeQCRS\logs *.log | *.[0-9]

log files \SafeQ5\terminalserver\logs\ \SafeQORS\terminalserver\logs [0-9]
Folder for \SafeQ5\server\temp \SafeQORS\temp not applicable *.sqjob | *.

temporary parser | *.
files png
Folder for \SafeQ5\server\spool \SafeQORS\server\spool not applicable *.sqjob | *.jfi

print job | *.pre
data
storage
Folder for \SafeQ5\terminalserver \SafeQORS\terminalserver not applicable *.*

YSoft
SafeQ
Terminal
Server
(Embedded
terminals)
\SafeQ5\PGSQL | not applicable not applicable *.*

\SafeQ5\PGSQL-data
YSoft SafeQ 5 921

February 03, 2016
Folder CML Value Example ORS Value Example CRS Value Extensions
content Example Example
Installation
directory of
dedicated
database
SafeQ wrapper.exe, tomcat5.exe wrapper.exe, java.exe, wrapper.exe *.exe

Services (for versions prior to MU13), TerminalServer.exe
tomcat7.exe (for MU13 or
later), java.exe,
TerminalServer.exe,
postgres.exe, pg_ctl.exe,
etcd32.exe, etcd64.exe
Windows \Windows\system32\spool \Windows\system32\spool not applicable *.*

spooler
ORS cache not applicable \SafeQORS\Server\Cache not applicable *.*
SafeQ not applicable not applicable \SafeQCRS *.*

CRS
installation
folder
including
sub-folders
MS-SQL \MSSQLServer not applicable \MSSQLServer *.*

database
The directories and executable files listed above must be removed from real-time tests. Regular off-line
tests (outside print peak, e.g. 3:00 a.m.) are recommended.
4.8.6 UPGRADE TO YSOFT SAFEQ 5
Before upgrading to YSoft SafeQ 5 it is necessary to request an upgrade for the license first. For
more information on requesting a license upgrade please pay attention to all information available
on the link below.
Request license upgrade from YSoft SafeQ 4 to YSoft SafeQ 5
Migration to YSoft SafeQ 5 is supported only for YSoft SafeQ 4 SR46. Please update your version
before migration.
Manual upgrade - YSoft SafeQ 4 CML to YSoft SafeQ 5 CML

Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 (MS-SQL Embedded database)
Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 (MS-SQL External database)
Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 (PostgreSQL Embedded database)
Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 (PostgreSQL External database)
YSoft SafeQ 5 922

February 03, 2016
Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 - CRS

Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 notes
Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 - ORS
MANUAL UPGRADE - YSOFT SAFEQ 4 CML TO YSOFT SAFEQ 5 CML
Please, read Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 notes before migration.
YSOFT SAFEQ 4 CML WITH MSSQL DATABASE

Environment: YSoft SafeQ 4 SR43 is running, master node
SAFEQ4
1. Write down GUID of the master CML node. You can obtain it from the web interface of YSoft SafeQ
or from <SafeQ4>\conf\startup.conf (parameter localGUID) on the master node.
2. Stop all SafeQ4 services (both CML and ORS)
3. Backup SQDB4 and SQDB4_SQDW databases
4. Backup SafeQ4 files and folders:
a. c:\SafeQ4\conf
b. c:\SafeQ4\server\spool (if you want to keep jobs)
c. c:\SafeQ4\server\update (if you want to keep custom FW update files)
d. c:\SafeQ4\ds\Conf\config.ini
e. c:\SafeQ4\tomcat\conf\server.xml
5. Uninstall SafeQ4
SAFEQ5
1. Install SafeQ5 with the same GUID which was used for SafeQ4
2. Stop all SafeQ5 services
3. Delete SQDB5 and SQDB5_SQDW databases - check "Close existing connections" option before
proceeding
4. Restore SQDB4, SQDB4_SQDW as SQDB5, SQDB5_SQDW from backup files
a. Databases -> Restore Database... -> To database: SQDB5 -> From device: choose backup
file -> tick Restore and finish the wizard
b. Repeat similar procedure for SQDB5_SQDW
5. Run migration scripts on SQDB5 database (available in the YSoft SafeQ 5 installation package,
folder "_support\Manual upgrade from SafeQ 4"):
a. 01_drop_columns.sql
b. 02_migrate_pricelists.sql
c. 03_update_terminals.sql
d. 04_migrate_users_8.sql
i. If you use a different name for SQDB5_SQDW database, update the script
correspondingly (all "update SQDB5_SQDW.dbo.*" records)
e. 05_migrate_globalauth.sql
6. Update table cluster_server if necessary
7. Restore configuration files regarding backup:
a. Copy rools.drl file from SafeQ4 backup into SafeQ5 (overwrite existing one)
b. If you want to keep jobs, copy content from SafeQ4 spool folder into SafeQ5
c.
YSoft SafeQ 5 923

7.
February 03, 2016
c. If you want to keep custom FW update files, copy content from SafeQ update folder into
SafeQ5
d. Verify terminalserver configuration and update it regarding c:\SafeQ4\ds\Conf\config.ini if
needed
i. in c:\SafeQ5\terminalserver\\TerminalServer.exe.config - change "networkAddress" if
needed
ii. in c:\SafeQ5\terminalserver\WebServer.config - change bindings if needed
e. Verify configuration of tomcat and update it regarding c:\SafeQ4\tomcat\conf\server.xml if
needed
i. in c:\SafeQ5\tomcat\conf\server.xml - change settings if needed
8. Start SafeQ5, check DB validation
9. Verify scan to script settings (paths might be wrong after upgrade to SafeQ5)
10. Verify global authentication properties in SafeQ5 system settings - make sure that the default
administrator login/password suits your needs and change it if needed.
a. Go to System > System settings and search for global-authentication-
11. Reinstall SafeQ embedded terminals on all printers
a. Note: Support of embedded terminal types was unified in SafeQ5. Terminal type will be
automatically migrated to proper type by migration scripts.
YSOFT SAFEQ 4 CML WITH POSTGRESQL DATABASE

Environment: Ysoft SafeQ 4 SR43 is running, master node
SAFEQ4
1. Write down GUID of the master CML node. You can obtain it from the web interface of YSoft SafeQ
or from <SafeQ4>\conf\startup.conf (parameter localGUID) on the master node.
2. Stop all SafeQ4 services (both CML and ORS)
3. Backup SQDB4 and SQDB4_SQDW databases (choose Format TAR + appropriate file names, leave
rest of options in default state)
4. Backup SafeQ4 files and folders:
a. c:\SafeQ4\conf
b. c:\SafeQ4\server\spool (if you want to keep jobs)
c. c:\SafeQ4\server\update (if you want to keep custom FW update files)
d. c:\SafeQ4\ds\Conf\config.ini
e. c:\SafeQ4\tomcat\conf\server.xml
5. Uninstall SafeQ4
SAFEQ5
1. Install SafeQ5 with the same GUID which was used for SafeQ4
2. Stop all SafeQ5 services
3. Drop SQDB5 and SQDB5_SQDW databases
4. Create new empty SQDB5 and SQDB5_SQDW databases
5. Restore SQDB4, SQDB4_SQDW as SQDB5, SQDB5_SQDW - ignore errors and returned exit code -
close the dialog using X button
6. Run script on SQDB5_SQDW database (available in the YSoft SafeQ 5 installation package, folder
"_support\Manual upgrade from SafeQ 4"):
a. 02_drop_dblink_func.sql
7.
YSoft SafeQ 5 924

February 03, 2016
7. Run migration scripts on SQDB5 database:

a. 01_mig4_5_rmv_obj.sql
b. 02_drop_dblink_func.sql
c. 03_mig4_5_prc_lsts.sql
d. 04_mig4_5_trm_mng.sql
e. 05_mig4_5_usrs.sql
i. this script must be run with following parameters in defined order:
1. hostname: i.e. '127.0.0.1'
2. port: i.e. '5433'
3. name of DB with datawarehouse: i.e. 'SQDB5_SQDW'
4. user: i.e. 'postgres'
5. password: i.e. 'your_password'
ii. or into the script body following lines must be placed:
1. i_host = '127.0.0.1';
2. i_port = '5433';
3. i_dbname = 'SQDB5_SQDW';
4. i_user = 'postgres';
5. i_pwd = 'your_password';
f. 06_mig4_5_globalauth.sql
8. Update table cluster_server if necessary
9. Restore configuration files regarding backup:
a. Copy rools.drl file from SafeQ4 backup into SafeQ5 (overwrite existing one)
b. If you want to keep jobs, copy content from SafeQ4 spool folder into SafeQ5
c. If you want to keep custom FW update files, copy content from SafeQ update folder into
SafeQ5
d. Verify terminalserver configuration and update it regarding c:\SafeQ4\ds\Conf\config.ini if
needed
i. in c:\SafeQ5\terminalserver\\TerminalServer.exe.config - change "networkAddress" if
needed
ii. in c:\SafeQ5\terminalserver\WebServer.config - change bindings if needed
e. Verify configuration of tomcat and update it regarding c:\SafeQ4\tomcat\conf\server.xml if
needed
i. in c:\SafeQ5\tomcat\conf\server.xml - change settings if needed
10. Start SafeQ5, check DB validation
11. Verify scan to script settings (paths might be wrong after upgrade to SafeQ5)
12. Verify global authentication properties in SafeQ5 system settings - make sure that the default
administrator login/password suits your needs and change it if needed.
a. Go to System > System settings and search for global-authentication-
13. Reinstall SafeQ embedded terminals on all printers
a. Note: Support of embedded terminal types was unified in SafeQ5. Terminal type will be
automatically migrated to proper type by migration scripts.
UPGRADE FROM YSOFT SAFEQ 4 TO YSOFT SAFEQ 5 (MS-SQL EMBEDDED DATABASE)
YSoft SafeQ 5 925

February 03, 2016
OVERVIEW
This page describes step-by-step migration process to upgrade existing YSoft SafeQ 4 installation to YSoft
SafeQ 5.
Overview
Before upgrade
Migration steps for master CML node
Custom installation
Additonal steps
BEFORE UPGRADE
Stop all YSoft SafeQ services on ORSs.

Backup YSoft SafeQ 4 configuration and databases.
MIGRATION STEPS FOR MASTER CML NODE

Perform following steps on the server where master of YSoft SafeQ 4 CML is installed
1 Download and run the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once
you have the file and the server is ready for installation, you can begin YSoft SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to
install a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be
used as the default language for the YSoft SafeQ system.
YSoft SafeQ 5 926

February 03, 2016
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not
agree, click Cancel to quit the installation.
YSoft SafeQ 5 927

February 03, 2016
After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines if the server meets all requirements for
YSoft SafeQ installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Sh
ow problems area, depending on their severity. If there are warnings, installation can
continue. If there are problems, installation cannot continue. If any warnings or problems are
indicated, review the warnings and resolve the problems, then continue.

Version of .NET (must be .NET 4.5)
SafeQ 5 will be installed in to C:\SafeQ5 folder

Web server role feature will be enabled
YSoft SafeQ 5 928

February 03, 2016

7 All settings including MS-SQL password will be used from SafeQ 4 configuration
chose to the selected destination folder on the server.
YSoft SafeQ 5 929

February 03, 2016
9 The last page of the wizard informs you about the results of the installation process and gives
you the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to
close the installation wizard.
YSoft SafeQ 5 930

February 03, 2016
NOTE: SafeQ installer will disable MS-SQL 2008 from SafeQ 4 and install a new MS-SQL
2012
If an error occurred during the installation process, the best way to troubleshoot it is to check the several log
files that were created during the process. All installation log files are located in the YSoft SafeQ installation
folder.
YSoft SafeQ 5 931

February 03, 2016
CUSTOM INSTALLATION
SafeQ installation.
6b Select Upgrade from YSoft SafeQ 4.0.34.2 option. Name of this option may differ, it depends
on version of SafeQ that was installed before upgrade.
YSoft SafeQ 5 932

February 03, 2016
YSoft SafeQ 5 933

February 03, 2016
6d User's credentials for user sa and sync are migrated from YSoft SafeQ 4. Continue to next
step (Next >).
7 Local GUID and ports are migrated from YSoft SafeQ configuration. Click to "Install".
YSoft SafeQ 5 934

February 03, 2016
YSoft SafeQ 5 935

February 03, 2016
NOTE: SafeQ installer will disable MS-SQL 2008 from SafeQ 4 and install a new MS-SQL
2012
ADDITONAL STEPS
Reinstall all embedded devices

Upgrade Terminal professional FW if necessary
Run LDAPReplicator (optional)
UPGRADE FROM YSOFT SAFEQ 4 TO YSOFT SAFEQ 5 (MS-SQL EXTERNAL DATABASE)
OVERVIEW
SafeQ 5.
Overview
YSoft SafeQ 5 936

February 03, 2016
Before upgrade
Custom installation
Migration steps for second and every other node of CML
Additional steps
BEFORE UPGRADE

Uninstall all YSoft SafeQ 4 CML server(s) except the first (master).
Existing YSoft SafeQ 4 with external MS-SQL database.
All nodes of the YSoft SafeQ CML cluster have to be in the same timezone.
Make sure that DB user has got rights to create new databases otherwise the upgrade fail.

YSoft SafeQ 5 937

February 03, 2016
YSoft SafeQ 5 938

February 03, 2016
5 After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines whether the server meets all necessary
requirements for YSoft SafeQ installation.
If any of these requirements are not met, they will be displayed in either the Show warnings or
Show problems area, depending on their severity. If there are warnings, installation can cont
inue. If there are problems, installation cannot continue. If any warnings or problems are
The requirement that are being checked by the installer are:

User installing YSoft SafeQ has to have administrator rights
YSoft SafeQ 5 939

February 03, 2016


7 Enter the names of the YSoft SafeQ databases.
YSoft SafeQ 5 940

February 03, 2016
8 If you want to perform database backup, select YES, otherwise click "NO"
YSoft SafeQ 5 941

February 03, 2016
YSoft SafeQ 5 942

February 03, 2016
folder.
YSoft SafeQ 5 943

February 03, 2016
CUSTOM INSTALLATION
SafeQ installation.
YSoft SafeQ 5 944

February 03, 2016
YSoft SafeQ 5 945

February 03, 2016
6d Configure the connection to your external Microsoft SQL database.
YSoft SafeQ 5 946

February 03, 2016
7 Local Guid and ports are migrated from YSoft SafeQ configuration. Click on Install to begin
the instlallation.
After you accept the license agreement, the installer runs a preinstallation check. This procedure checks
several conditions and determines whether the server meets all necessary requirements for YSoft SafeQ
installation.
If any of these requirements are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, installation can continue. If there are
problems, installation cannot continue. If any warnings or problems are indicated, review the warnings and
resolve the problems, then continue.
MIGRATION STEPS FOR SECOND AND EVERY OTHER NODE OF CML

Perform the following steps on every server where the additional YSoft SafeQ 4 node was installed.
YSoft SafeQ 5 947

February 03, 2016
Installation requires the exactly the same IP addresses used with YSoft SafeQ 4 (second node of
YSoft SafeQ 5 has to have the same IP address that was used used for YSoft SafeQ 4).
1 Obtain and run the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once you have
the file and the server is ready for installation, you can begin YSoft SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to install
a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be used as
YSoft SafeQ 5 948

February 03, 2016
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree, click
Cancel to quit the installation.
YSoft SafeQ 5 949

February 03, 2016
checks several conditions and determines whether the server meets all necessary requirements for
If any of these requirements are not met, they will be displayed in either the Show warnings or Show

6 Select I want to customize my YSoft SafeQ installation and continue to next step.
YSoft SafeQ 5 950

February 03, 2016
7 Select Add or replace a node in existing YSoft SafeQ cluster and continue to next step.
YSoft SafeQ 5 951

February 03, 2016
8 Enter the IP address of the current master node (1st node) and click Retreive node list. Then select
the IP address of the node that you want to replace and continue to next step.
Example: In this case the second node with IP address 10.0.11.19 is selected.
9 You now have the option to select your own installation location. You can install YSoft SafeQ
anywhere other than a UNC path or the root folder of the drive.
YSoft SafeQ 5 952

February 03, 2016
1 Select Use an existing external database server.

0
YSoft SafeQ 5 953

February 03, 2016
1 Configure connections to the external MS-SQL server.

1
1 Enter the names of the YSoft SafeQ databases.

2
YSoft SafeQ 5 954

February 03, 2016
1 The last page of the wizard presents you with the following settings:
3
Local GUID for currently installing CML server (node). Please use exactly the same GUID as
was used in YSoft SafeQ 4. You can obtain it from the web interface of YSoft SafeQ or from <
SafeQ4>\conf\startup.conf (parameter localGUID) on the node you are upgrading.
Install the Terminal Server: To install Terminal Server, check the checkbox. To not install it,
leave the checkbox empty.
Start YSoft SafeQ services after the installation is finished: To start services after
installation, check the checkbox. To not start services, leave the checkbox empty.
Enable support for embedded IIS we server: To install IIS web server, check the checkbox.
To not install IIS web server, leave the checkbox empty.
IIS web server is required to use embedded hostable web core (HWC) web server inside Terminal
Server. HWC web server is suitable for environments with a lot of devices on one node (e.g. up to
400) or for customers that experience problems with the legacy web server mainly for stability
reasons (unexpected crashes). It provides best performance and stability, that is not achievable with
any other embedded web server solution. NOTE: Checkbox for web role installation appear, only
on systems which supports IIS 7 or higher (Windows Server 2008, 2008 R2 and 2012)
YSoft SafeQ 5 955

February 03, 2016
1 The installer begins to copy all the files required by YSoft SafeQ and the database system you chose
4 to the selected destination folder on the server.
Installation will be paused. Follow the displayed steps and perform a backup from master node and
restore it to the currently installed slave node.
YSoft SafeQ 5 956

February 03, 2016

5
YSoft SafeQ 5 957

February 03, 2016
1 If required, repeat this procedure for other node.

6
In case an error occurred during the installation process, the best way to troubleshoot it is to check the
several log files that were created during the process. All installation log files are located in the YSoft SafeQ
installation folder.
ADDITIONAL STEPS
Reinstall all embedded devices.

Upgrade Terminal professional FW if necessary.
Run LDAPReplicator (optional).
UPGRADE FROM YSOFT SAFEQ 4 TO YSOFT SAFEQ 5 (POSTGRESQL EMBEDDED DATABASE)
OVERVIEW
SafeQ 5.
Overview
Before upgrade
Custom installation
Additional steps
BEFORE UPGRADE

Uninstall all YSoft SafeQ 4 CML server(s) except the first (master).
YSoft SafeQ 4 with embedded postgres database installed on the first node (master).
All nodes of the CML cluster have to be in the same timezone

YSoft SafeQ 5 958

February 03, 2016
YSoft SafeQ 5 959

February 03, 2016

YSoft SafeQ 5 960

February 03, 2016


YSoft SafeQ 5 961

February 03, 2016
7 All settings including postres password will be used from SafeQ 4 configuration
YSoft SafeQ 5 962

February 03, 2016
YSoft SafeQ 5 963

February 03, 2016
folder.
YSoft SafeQ 5 964

February 03, 2016
CUSTOM INSTALLATION
SafeQ installation.
YSoft SafeQ 5 965

February 03, 2016
6d
User's credentials for user postgres and sync are migrated from YSoft SafeQ 4. Continue to
next step (Next >).
YSoft SafeQ 5 966

February 03, 2016
7 Local Guid and ports are migrated from YSoft SafeQ configuration. Click to "Install".
YSoft SafeQ 5 967

February 03, 2016

Perform following steps on the server where used to be installed YSoft SafeQ 4 second (and any other
node).
Installation requires exactly the same IP addresses as were used in YSoft SafeQ 4 (Second node of YSoft
SafeQ 5 must has the same IP address as was used for YSoft SafeQ 4)
1 Obtain and run the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once
YSoft SafeQ 5 968

February 03, 2016
YSoft SafeQ 5 969

February 03, 2016

6 Select "I want to customize my YSoft SafeQ installation" and continue to next step.
YSoft SafeQ 5 970

February 03, 2016
7 Select "Add or replace a node in existing YSoft SafeQ cluster" and continue to next step.
YSoft SafeQ 5 971

February 03, 2016
8 Enter current master node IP address (1st node) and click to Retreive node list. Then select IP
address of node that you wants to replace and continue to next step.
Example: In this case is selected 2ND node with IP address 10.0.11.7
9 You now have the option to select your own installation location. You can install YSoft
YSoft SafeQ 5 972

February 03, 2016
10 Select Embedded PostgreSQL 9.2.
11 Enter passwords for users postgres and sync.
YSoft SafeQ 5 973

February 03, 2016
Passwords must be entered twice to avoid problem with potential typo.
12 Enter YSoft SafeQ admin credentials from master node to perform database dump during
installation process.
YSoft SafeQ 5 974

February 03, 2016
13 The last page of the wizard presents you with the following settings:
Local GUID for currently installing CML server (node). Please use exactly the same
GUID as was used in YSoft SafeQ 4. You can obtain it from the web interface of YSoft
SafeQ or from <SafeQ4>\conf\startup.conf (parameter localGUID) on the node you are
upgrading.
Install the Terminal Server: To install Terminal Server, check the checkbox. To not
install it, leave the checkbox empty.
Enable support for embedded IIS we server: To install IIS web server, check the
checkbox. To not install IIS web server, leave the checkbox empty.
IIS web server is required to use embedded hostable web core (HWC) web server inside
Terminal Server. HWC web server is suitable for environments with a lot of devices on one
node (e.g. up to 400) or for customers that experience problems with the legacy web server
mainly for stability reasons (unexpected crashes). It provides best performance and stability,
that is not achievable with any other embedded web server solution. NOTE: Checkbox for
web role installation appear, only on systems which supports IIS 7 or higher (Windows Server
2008, 2008 R2 and 2012)
YSoft SafeQ 5 975

February 03, 2016
YSoft SafeQ 5 976

February 03, 2016
16 Repeat this procedure for other node if required.
folder.
ADDITIONAL STEPS
Reinstall all embedded devices

Upgrade Terminal professional FW if necessary
Run LDAPReplicator (optional)
UPGRADE FROM YSOFT SAFEQ 4 TO YSOFT SAFEQ 5 (POSTGRESQL EXTERNAL DATABASE)
YSoft SafeQ 5 977

February 03, 2016
OVERVIEW
SafeQ 5.
Overview
Before upgrade
Postgre SQL 9.2 installation
Restore SafeQ databases from SafeQ 4
Custom installation
Additional steps
BEFORE UPGRADE

Backup existing YSoft SafeQ 4 configuration and databases.
Uninstall all YSoft SafeQ 4 CML server(s) except the first (master node).
All nodes of the CML cluster have to be in the same timezone.
POSTGRE SQL 9.2 INSTALLATION

Please follow the instructions and install external PostgreSQL 9.2 database.
RESTORE SAFEQ DATABASES FROM SAFEQ 4
1 Backup existing PostgreSQL 8.4 SafeQ 4 databases.
2 Create new PostgreSQL 9.2 databases SafeQ5 and SafeQ5_SQDW.
3 Restore databases from SafeQ 4 to SafeQ 5:
Backup the database SafeQ 4 and restore it to SafeQ5 database

Backup the database SafeQ 4_SQDW and restore it to SafeQ5_SQDW database
4 Create new database user called "sync" with the identical password as in SafeQ 4
(PostgreSQL 8.4).
YSoft SafeQ 5 978

February 03, 2016

Perform the following steps on the server where the master node of YSoft SafeQ 4 CML is installed
1 Download the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once you
have the file and the server is ready for installation, start the installation in order to begin YSoft
SafeQ migration.
YSoft SafeQ 5 979

February 03, 2016
YSoft SafeQ 5 980

February 03, 2016
Show problems area, depending on their severity. If there are warnings, installation can

SafeQ 5 will be installed in to C:\SafeQ5 folder.
YSoft SafeQ 5 981

February 03, 2016
Web server role feature will be enabled.

7 Configure the connection to your external PostgreSQL 9.2 databases.
YSoft SafeQ 5 982

February 03, 2016
8 Enter the YSoft SafeQ 5 databases names for (where the existing YSoft SafeQ 4 databases
were migrated).
YSoft SafeQ 5 983

February 03, 2016
9 The installer begins to copy all the files required files to the selected destination folder on the
server.
YSoft SafeQ 5 984

February 03, 2016
In case any error occurs during the installation process, the best way to troubleshoot it is to check the log
files that created during the process. All log files created during installation are located in the YSoft SafeQ
YSoft SafeQ 5 985

February 03, 2016
CUSTOM INSTALLATION
SafeQ migration. NOTE: In order to install YSoft SafeQ, this file is required. It contains
everything needed to install a fully functional YSoft SafeQ server.
YSoft SafeQ 5 986

February 03, 2016

YSoft SafeQ 5 987

February 03, 2016
Check I want to customize my YSoft SafeQ installation
YSoft SafeQ 5 988

February 03, 2016
7 Select the Upgrade from YSoft SafeQ 4.0.34.2 option. Name of this option may differ, it
depends on version of SafeQ that was installed before upgrade.
8 Enter the folder where YSoft SafeQ 5 will be installed.
YSoft SafeQ 5 989

February 03, 2016
9 Configure the connection to your external PostgreSQL databases 9.2.
10
YSoft SafeQ 5 990

February 03, 2016
Enter the databases names for YSoft SafeQ 5 (where the existing YSoft SafeQ 4 databases
were migrated).
11 Change the additional settings if necessary.
YSoft SafeQ 5 991

February 03, 2016
12 The installer begins to copy all the files required files to the selected destination folder on the
server.
YSoft SafeQ 5 992

February 03, 2016
folder.

Perform the following steps on every server where the additional YSoft SafeQ 4 node was installed.
YSoft SafeQ 5 993

February 03, 2016
Installation requires the exactly the same IP addresses used with YSoft SafeQ 4 (second node of
YSoft SafeQ 5 has to have the same IP address that was used used for YSoft SafeQ 4).
Installation requires the installed PostgreSQL database server.
SafeQ migration.
YSoft SafeQ 5 994

February 03, 2016
YSoft SafeQ 5 995

February 03, 2016

6 Select I want to customize my YSoft SafeQ installation and continue to next step.
YSoft SafeQ 5 996

February 03, 2016
7 Select Add or replace a node in existing YSoft SafeQ cluster and continue to next step.
YSoft SafeQ 5 997

February 03, 2016
8 Enter the IP address of the current master node (1st node) and click Retreive node list. Then
select the IP address of the node that you want to replace and continue to next step.
Example: In this case the second node with IP address 10.0.11.19 is selected.
9 You now have the option to select your own installation location. You can install YSoft
YSoft SafeQ 5 998

February 03, 2016
10 Select Use an existing external database server.
YSoft SafeQ 5 999

February 03, 2016
11 Configure the connection to the external database server.
12 Enter the name of the YSoft SafeQ databases.
YSoft SafeQ 5 1000

February 03, 2016
13 The last page of the wizard allows you to change the following settings:
Local GUID for currently installing CML server (node). Please use exactly the same
GUID as was used in YSoft SafeQ 4. You can obtain it from the web interface of YSoft
SafeQ or from <SafeQ4>\conf\startup.conf (parameter localGUID) on the node you are
upgrading.
Install the Terminal Server: To install Terminal Server, check the checkbox. To not
install it, leave the checkbox empty.
Enable support for embedded IIS we server: To install IIS web server, check the
checkbox. To not install IIS web server, leave the checkbox empty.
IIS web server is required to use embedded hostable web core (HWC) web server inside
Terminal Server. HWC web server is suitable for environments with a lot of devices on one
node (e.g. up to 400) or for customers that experience problems with the legacy web server
mainly for stability reasons (unexpected crashes). It provides best performance and stability,
that is not achievable with any other embedded web server solution. NOTE: Checkbox for
web role installation appear, only on systems which supports IIS 7 or higher (Windows Server
2008, 2008 R2 and 2012)
14
YSoft SafeQ 5 1001

February 03, 2016
The installer begins to copy all the files required by YSoft SafeQ and the database system you
15 Installation will be paused. Follow the displayed steps and restore SQDB5 database from the
master node to slave node.
YSoft SafeQ 5 1002

February 03, 2016
YSoft SafeQ 5 1003

February 03, 2016
17 If required, repeat this procedure for other node.
In case an error occurred during the installation process, the best way to troubleshoot it is to check the
several log files that were created during the process. All installation log files are located in the YSoft SafeQ
ADDITIONAL STEPS
Reinstall all embedded devices.

Upgrade Terminal Professional FW if necessary.
Run LDAPReplicator (optional).
UPGRADE FROM YSOFT SAFEQ 4 TO YSOFT SAFEQ 5 - CRS
CRS MIGRATION PROCEDURE

For each YSoft SafeQ 4 CRS that you want to migrate perform following steps:
1 Download CRS installation package from Y Soft Partner Portal.
2 Configure CRS installator according to CRS configuration page
3 Begin the update by running the update.bat as an administrator. Program is stored in Install
Packages\update.bat. The command prompt will be opened.
4 Enter the environment name, including the version and the path of the currently installed node:
5 The CRS installer performs backup according to CRS configuration settings.
Note that backup time depends on the size of the databases.
6 The CRS installer checks all available information about the currently installed CRS and
updates it with the latest version.
7 When the update is finished, close the command prompt window.
YSoft SafeQ 5 1004

February 03, 2016
8 Open <SAFEQ_DIR>\conf\startup.conf on CML master node and make sure the parameter cdc
-sender = true . In case the parameter was not configured this way, restart YSoft SafeQ CML
service.
UPGRADE FROM YSOFT SAFEQ 4 TO YSOFT SAFEQ 5 NOTES
UPGRADE TO YSOFT SAFE5 NOTES
Toshiba devices have to be deleted before upgrade and created again after upgrade is done.
Check, if settings of embedded terminals are correct. If necessary, correct these settings before use.
All embedded devices have to be reinstalled.
Upgrade Terminal professional FW, if necessary.
Rules for RBE are not automatically migrated, they have to created again or rools.drl file should be
copied from SafeQ4 directory (e.g.: c:\SafeQ4\conf\) into SafeQ5 (e.g.: c:\SafeQ5\conf\).
If you want to keep print jobs, copy content from SafeQ4 spool folder (e.g.: c:\SafeQ4\server\spool\)
into SafeQ5 (e.g.: c:\SafeQ5\server\spool\).
If you want to keep custom FW update files, copy content from SafeQ update folder (e.g.: c:
\SafeQ4\server\update\) into SafeQ5 (e.g.: c:\SafeQ5\server\update\).
UPGRADE FROM YSOFT SAFEQ 4 TO YSOFT SAFEQ 5 - ORS
ORS MIGRATION PROCEDURE

For each YSoft SafeQ 4 ORS that you wants to migrate perform following steps:
1 Download ORS installation package from Y Soft Partner Portal.
2 Configuring the safeq-ors.ini file
Prepare safeq-ors.ini according to Installing YSoft SafeQ ORS description with following
exceptions:
1. Parameters for safeq-ors.ini can be taken from backup-ed configuration files of ORS
server.
2. Set attribute deleteCacheAfterUpdate=1
3. Leave localGUID= attribute empty (will be used the same guid as for YSoft
SafeQ4)
3 Start the installation by running installORSv2-exe.cmd
YSoft SafeQ 5 1005

February 03, 2016
When you complete the configuration and installation procedures, check to be sure the YSoft
SafeQ ORS server service is running. On the YSoft SafeQ ORS server, open Services (for
example: Start > Run > services.msc) and check the following services:
YSoft SafeQ ORS

For more intensive check, proceed with YSoft SafeQ ORS Health Check.
In case that ORS installation is failing, search the following places for more information about the failure:
1. Install-ORS.log
log is created in the directory with ORS installation packages
2. application event log
see the log on a computer where ORS installation has failed. Some MSI Installer related
messages may be logged here
3. cml.log
log is stored in folder <SafeQ_dir>\logs that can be located on the CML server, which was
specified in safeq-ors.ini ServerIP field
4. ors.log
log is stored in folder <SafeQ_dir>\logs that can be located on the ORS server. Check this
log if installation was successful but ORS server is can not start
4.8.7 INSTALLING YSOFT SAFEQ USING BUNDLE INSTALLER
This page describes how to use the interactive installer to perform a basic YSoft SafeQ server installation
using bundle installer.
Once the SafeQ license is activated, all SafeQ services needs to be restarted.
Bundle installer allows you to install YSoft SafeQ CML, YSoft Payment System and YSoft
Mobile Print Server at once without need of further steps to interconnect the installed
components. Therefore, some of advanced installation options are not available in the
bundle installer. The installer is dedicated for installations of single CML node environments
with all components installed on one server.
YSoft SafeQ 5 1006

February 03, 2016
The bundle installer does not support upgrade from YSoft SafeQ 4.
YSoft SafeQ 5 1007

February 03, 2016
1 Obtain and run installation file ysf-sq5-bundle-installer.exe from YSoft Partner Portal. Once you
have the file and the server is ready for installation, you can begin YSoft SafeQ installation.
NOTE: This file contains everything necessary for installing a fully functional YSoft SafeQ server,
YSoft Payment System and YSoft Mobile Print Server.
2 Select a language that will be used for the installation process. This language will also be used as the
default language for all installed components.
NOTE: You can change the language for all installed components at any time after installation is
done.
3 Close all other applications to avoid issues with updating relevant system files.
YSoft SafeQ 5 1008

February 03, 2016
YSoft SafeQ 5 1009

February 03, 2016
5 Please choose destination folder where YSoft SafeQ and other components will be installed. You
can choose any destination other than a UNC path or a root folder of a disk drive.
YSoft SafeQ 5 1010

February 03, 2016
6 Now you can select which components will be installed together with YSoft SafeQ which installation
is mandatory. The options are:

NOTE: To get all components fully working, you have to obtain license which will contain support
for these components. Otherwise, you will not be able to use these components.
YSoft SafeQ 5 1011

February 03, 2016
7 After selecting the components to install, the installer runs a system readiness check. This
procedure checks several conditions and determines if the server meets all requirements for YSoft
SafeQ installation.

Administrator rights for user account under which installer is running
Presence of a previous version of components that were selected to be installed
YSoft SafeQ 5 1012

February 03, 2016
8 Choose the database that will be used by YSoft SafeQ and also YSoft Payment System, if the latter
was selected to be installed.
If selecting Embedded database server type continue to step 9a. Based on database
vendor selection PostgreSQL 9.2 or Microsoft SQL Server 2012 Express Edition
database engine will be installed.
NOTE: Installation of embedded Microsoft SQL Server 2012 Express Edition
database engine is possible only if Windows Installer version 4.5 or higher is present
If selecting External database server type continue to step 9b. Based on the database
vendor selection, a connection can be set up to an existing PostgreSQL 9.2.x or
Microsoft SQL Server 2008, 2012 or 2014 database engine. Chosen engine have to
have enough capacity to hold the YSoft SafeQ and YSoft Payment System database.
YSoft SafeQ 5 1013

February 03, 2016
9a If you have selected Embedded database server type in step 8, now you have to specify password
for database user and sync user. Passwords must be entered twice to avoid problem with potential
typo.
You can use Generate password buttons to generate passwords for database user and sync user.
On button click, password is generated and copied into the clipboard.
YSoft SafeQ 5 1014

February 03, 2016
In case you selected embedded Microsoft SQL Server, password must meet minimum password
strength as described here:
Strong passwords cannot use prohibited conditions or terms, including:
A blank or NULL condition

"Password"
"Admin"
"Administrator"
"sa"
"sysadmin"
A strong password cannot be the following terms associated with the installation computer:
The name of the user currently logged onto the machine.

The computer name.
Password must not contain =;"<>:@%&`\'\\
YSoft SafeQ 5 1015

February 03, 2016
9b If you have selected External database server type in step 8, now you can set up connection to an
existing PostgreSQL 9.2.x or Microsoft SQL Server 2008, 2012 or 2014 database engine by
specifying following values (image below describes connection to Microsoft SQL Server):
Server hostname or IP address where one of the supported database engines are
installed and running
Port number or Instance name on which the database engine is running
Database username and password. This user have to be the database administrator.
Domain users are not supported by bundle installer.
To verify connection to external database, use Test connection button.
10 If you have also selected the YSoft Mobile Print Server to be installed, set up connection to an
external email server by specifying following values:
Server hostname or IP address where email server is installed and running

Email account and password, where jobs to print will be sent
Email protocol and port which will be used for connection of the YSoft SafeQ to the
NOTE: When using a server hostname instead of an IP address (e.g. "mail.domain.com"), do not
use domain name again in Email account username field (use "user", not "user@domain.com").
YSoft SafeQ 5 1016

February 03, 2016
Example 1
Server hostname = mail.domain.com

Email account username = user
Example 2
Server IP address = 10.0.0.1

Email account username = user@domain.com
11 Installation options page presents you with the following settings:
Local GUID for currently installing CML server (node).

You can also select Network interface which will be used for communication for all
installed components.
At last you can create exceptions in Windows Firewall for all ports which are used for
incoming and outgoing communication by all installed components
NOTE: Firewall exceptions will be created only in default Windows Firewall. No
changes are applied to third party firewalls.
YSoft SafeQ 5 1017

February 03, 2016
12 Summary page informs you about the selected:
components to be installed and their version

database engine which will be used
destination folder where all components will be installed
If all parameters meet your requirements, you can start installation by clicking Install button.
YSoft SafeQ 5 1018

February 03, 2016
13 The installer starts to install all selected components and the database engine (in case of embedded
database type was selected) to the selected destination folder on the server.
In case you wish to see detailed installation progress, press Show details button (or user Alt+D
shortcut).
YSoft SafeQ 5 1019

February 03, 2016
14 The last page of the wizard informs you about results of the installation process. Click Finish when
you are ready to close the installation wizard.
Installation is complete. Now you can start using all the installed components of YSoft SafeQ.
YSoft SafeQ 5 1020

February 03, 2016
15
ONCE THE SAFEQ LICENSE IS ACTIVATED, ALL SAFEQ SERVICES NEEDS TO BE RESTARTED.
aio-install.log - contains information about steps performed during installation readiness check
sqinstall.log - contains information about YSoft SafeQ installation process
payment-install.log - contains information about YSoft Payment System installation process
mps-install.log - contains information about YSoft Mobile Print Server installation process
4.9 INSTALLING AND CONFIGURING YSOFT SAFEQ TERMINALS
YSoft SafeQ 5 1021

February 03, 2016

Terminal Ultralight
Embedded Terminal
4.9.1 EMBEDDED TERMINAL
Install Embedded Terminals

Configure USB reader
Configure scanning for Embedded Terminal
Configure simple layout for browser-based terminals
Uninstall Embedded Terminal
INSTALL EMBEDDED TERMINALS

The following guides provide step-by-step instructions on how to deploy Embedded Terminals from SafeQ
Web administration.
In order to install Embedded Terminals, please follow these steps.
1 Configure network and operating system settings.
You can skip this step if you are using Workstation OS or you've configured this via centralized
domain policy. These settings is important for proper working of Terminal Server and YSoft Payment
System.
Make sure TCP ports 5010 – 5020 are not used by other programs. (SafeQ Terminal Server
requires that these ports be free.)
Turn off Automatic Root Certificates Update as follows:
NOTE: To perform this procedure, you must be a member of the local Administrators
group, or you must have been delegated the appropriate authority.
On the Windows Desktop, click Start > Run.
Type gpedit.msc; then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is
what you want; then click Continue.
Then go to: Computer Configuration > Administrative Templates > System >
Internet Communication Management > Internet Communication settings.
Double-click Turn off Automatic Root Certificates Update; then click Enabled, Apply
, and OK.
Close the Local Group Policy Editor window.
Apply the new policy settings by running gpupdate /force in the command line
YSoft SafeQ 5 1022

February 03, 2016
2 Make sure the SafeQ license supports the embedded terminal.
1. Log in to the SafeQ Web Interface as administrator.

2. Navigate to dashboard and click License icon next to license expiration date.
3. Make sure vendor you want to install appears in the Licensed features list.
3 Configure global system settings
Configure Print all feature after login

Configuring displaying incompatible jobs
YSoft SafeQ 5 1023

February 03, 2016
4 Configure your MFPs
Configuring Konica Minolta OpenAPI for YSoft SafeQ Embedded Terminal

Configuring Fuji Xerox Apeos
Configuring Fuji Xerox with XCP for YSoft SafeQ Embedded Terminal
Configuring Toshiba for YSoft SafeQ Embedded Terminal
Configuring OKI for YSoft SafeQ Embedded Terminal
Configuring Samsung for YSoft SafeQ Embedded Terminal
5 Install Embedded Terminals
Installing YSoft SafeQ Embedded Terminal for Konica Minolta OpenAPI

Installing YSoft SafeQ Embedded Terminal for Olivetti OpenAPI
Installing YSoft SafeQ Embedded Terminal for Develop OpenAPI
Installing YSoft SafeQ Embedded Terminal for Xerox EIP
Installing YSoft SafeQ Embedded Terminal for Fuji Xerox Apeos
Installing YSoft SafeQ Embedded Terminal for Fuji Xerox with XCP
Installing YSoft SafeQ Embedded Terminal for Ricoh ESA
Installing YSoft SafeQ Embedded Terminal for Sharp OSA
Installing YSoft SafeQ Embedded Terminal for Toshiba
Installing YSoft SafeQ Embedded Terminal for OKI
Installing YSoft SafeQ Embedded Terminal for Samsung
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR KONICA MINOLTA OPENAPI
BEFORE INSTALLATION
1 Make sure that all steps from Install Embedded Terminals are carried out before the installation.
2 Configure the device. For more information, see Configuring Konica Minolta OpenAPI for YSoft
SafeQ Embedded Terminal.
YSoft SafeQ 5 1024

February 03, 2016
ADD A DEVICE WITH TERMINAL TO YSOFT SAFEQ
1 Log in to the Web administration, use account authorized to manage the system.
2 Open Devices > Printers from the menu.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
YSoft SafeQ 5 1025

February 03, 2016
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Konica Minolta from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
(Advanced only) Allow public user – Enable if you want to allow access for the
public user.
YSoft SafeQ 5 1026

February 03, 2016
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that this
application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Native – Application will use native Konica Minolta look and feel.
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
NOTE: It is recommended to set Print job parser at least to the option "Render jobs
as low resolution (36 DPI) images" to enhance user experience and to minimize credit
overdrafts.
NOTE:
Some options are available for editting only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
Installation of ET on older platforms (Thames, Mosel, Donau, GangesM, Amur, Taiga, Citrine series)
requires manually entering login details on the Terminal tab.
YSoft SafeQ 5 1027

February 03, 2016
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
YSoft SafeQ 5 1028

February 03, 2016
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
YSoft SafeQ 5 1029

February 03, 2016
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
YSoft SafeQ 5 1030

February 03, 2016
9 Prices tab configures the costs of using device features.
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
YSoft SafeQ 5 1031

February 03, 2016
10 Tags tab enables different print languages or user tags for the device.
YSoft SafeQ 5 1032

February 03, 2016
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
YSoft SafeQ 5 1033

February 03, 2016
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
13 After installation is completed, message "Installation finished successfully" is displayed.
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
YSoft SafeQ 5 1034

February 03, 2016
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
KONICA MINOLTA TERMINAL EMBEDDED SPECIFIC SETTINGS
System settings
Additional features are available via System settings. Some of these settings may require reinstallation of
the terminal or reboot of YSoft SafeQ server.
1 Devices have option to configure myPanel screen with desired application icons only. The idea is to
display only the most common options used in user's daily routine.
To configure this screen Go to System > System settings and set shortcuts-references to
following values: sq, copy, scan, storage
This configuration de fines ordered list of applications displayed on the embedded terminal
shortcut panel. Possible options are: sq, sqprint, sqscan, copy, scan, storage, imgpanel, browser.
2 To enable legacy USB readers conversion set usb-card-reader-conversion property to enabled.
YSoft SafeQ 5 1035

February 03, 2016
If enabled, card numbers from legacy card readers on Konica Minolta are converted to follow
standard string format of card numbers.
3 To enable shortcut displaying in main menu set initial-screen property to shortcuts.
Defines what MFP application is displayed to the user when they logs into the terminal. Possible
options are: shortcuts, sq, sqprint, sqscan, copy, scan, storage, imgpanel, browser, ecopyscan,
scanflow, datapoint.
4 In case only Reporting or Credit and Billing modules are included in the license without
Authentication, the embedded terminal can be installed only with Accounting or Payment features.
In such case a generic user needs to exist in SafeQ to whom all the data from MFP will be reported.
The login button on the MFP authentication screen then authenticates every user as this generic user
(see the picture bellow).
By default, you need to create user "General" in SafeQ.
In case it is not possible to use such user, you can change generic user name in
TerminalServer.exe.config file where the configuration configuration property
'KMPublicUserLogin' needs to be added. Example: <add key="KMPublicUserLogin" value="
generic" />
the corresponding username has to be also defined in the SafeQ web administration
please note that it is not allowed to use strings 'public', 'admin' and 'boxadmin'
YSoft SafeQ 5 1036

February 03, 2016
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR DEVELOP OPENAPI
BEFORE INSTALLATION
SafeQ Embedded Terminal (applicable also for Develop devices).
YSoft SafeQ 5 1037

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1038

February 03, 2016
Vendor
Select Develop from the list.
login and password
Authentication
public user.
YSoft SafeQ 5 1039

February 03, 2016
Application
interface.
the users.
Scan
Accounting
Payments
overdrafts.
NOTE:
Some options are available for editing only in the Advanced view. You can choose between Basic
YSoft SafeQ 5 1040

February 03, 2016
SafeQ).
YSoft SafeQ 5 1041

February 03, 2016
device.
manually.
servers.
YSoft SafeQ 5 1042

February 03, 2016
transport provider.
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1043

February 03, 2016
YSoft SafeQ 5 1044

February 03, 2016
YSoft SafeQ 5 1045

February 03, 2016
YSoft SafeQ 5 1046

February 03, 2016
YSoft SafeQ 5 1047

February 03, 2016
SPECIFIC SETTINGS OF DEVELOP MFPS
System settings
the terminal or reboot of the YSoft SafeQ server.
If enabled, card numbers from legacy card readers on Develop are converted to follow standard
string format of card numbers.
YSoft SafeQ 5 1048

February 03, 2016
generic" />
please note that it is not allowed to use strings 'public ' , ' admin ' and ' boxadmin '
YSoft SafeQ 5 1049

February 03, 2016
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR OLIVETTI OPENAPI
BEFORE INSTALLATION
SafeQ Embedded Terminal (applicable also for Olivetti devices).
YSoft SafeQ 5 1050

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1051

February 03, 2016
Vendor
Select Olivetti from the list.
login and password
Authentication
public user.
YSoft SafeQ 5 1052

February 03, 2016
Application
interface.
the users.
Scan
Accounting
Payments
overdrafts.
NOTE:
YSoft SafeQ 5 1053

February 03, 2016
SafeQ).
YSoft SafeQ 5 1054

February 03, 2016
device.
manually.
servers.
YSoft SafeQ 5 1055

February 03, 2016
transport provider.
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1056

February 03, 2016
YSoft SafeQ 5 1057

February 03, 2016
YSoft SafeQ 5 1058

February 03, 2016
YSoft SafeQ 5 1059

February 03, 2016
YSoft SafeQ 5 1060

February 03, 2016
OLIVETTI SPECIFIC SETTINGS
System settings
the terminal or reboot of YSoft SafeQ server.
YSoft SafeQ 5 1061

February 03, 2016
If enabled, card numbers from legacy card readers on Olivetti are converted to follow standard
string format of card numbers.
generic" />
please note that it is not allowed to use strings 'public', 'admin' and 'boxadmin'
YSoft SafeQ 5 1062

February 03, 2016
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR XEROX EIP

Before installation
2 Configure the device. See Configuring Xerox EIP for YSoft SafeQ Embedded Terminal for more
information.
YSoft SafeQ 5 1063

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1064

February 03, 2016
Vendor
Select Xerox from the list.
login and password
Authentication
(Advanced only) Mode
To device - the device is locked. User must authenticate to unlock the
device and access any of the features. This is the recommended option.
YSoft SafeQ 5 1065

February 03, 2016
To each application - the user must authenticate only to access the YSoft
SafeQ or any other application specified by administrator.
If you have previously manually configured any application or feature to
authenticate via YSoft SafeQ, the reinstallation of the YSoft SafeQ
Embedded Terminal will cause such configuration to be deleted. In this
case, you can manually export security settings of the printer before
terminal reinstallation and then recover the device to its original state. For
more information see Configuring Xerox EIP for YSoft SafeQ Embedded
Terminal.
Access definition control of native applications (e.g. copy) is not
supported with this mode of authentication.
(Advanced only) Network Card reader – Enter a serial number of a network card
reader for this device. Note: The serial number must be unique for each
device.
Application
interface.
the users.
Scan
Accounting
WARNING: Make sure that your device supports JBA / Network Accounting.
Otherwise the installation will fail.
Payments
WARNING: Make sure that your device supports Job Limits. Otherwise the
installation will fail.
NOTE: Some options are available for editting only in the Advanced view. You can choose
between Basic and Advanced in the lower left corner. If any Advanced option is changed from its
YSoft SafeQ 5 1066

February 03, 2016
default value it will become editable also in the Basic view until its value is changed again to default.
SafeQ).
YSoft SafeQ 5 1067

February 03, 2016
device.
manually.
servers.
YSoft SafeQ 5 1068

February 03, 2016
transport provider.
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1069

February 03, 2016
YSoft SafeQ 5 1070

February 03, 2016
YSoft SafeQ 5 1071

February 03, 2016
YSoft SafeQ 5 1072

February 03, 2016
YSoft SafeQ 5 1073

February 03, 2016
If the installation finished with warning (yellow icon), check the installation steps to see the necessary
additional settings, that were not successfully set automatically. In Configuring Xerox EIP for YSoft SafeQ
Embedded Terminal select a sub-page according your particular device model. There you can find a part
named "After installation of YSoft SafeQ Embedded Terminal" that contains all the necessary instructions.
In case you change title of your application (property application-title in configuration) and reinstall the
Embedded Terminal, the YSoft SafeQ application on the device can get unlocked and the application icon
may change its screen position. In that case, please lock the application again and move the icon to the
original place manually. (See documentation of your Xerox device for more information.)
ADDITIONAL NOTES
Language selection
On some Xerox devices (e.g. Phaser 3635) the currently selected language on device cannot be detected.
Therefor the Blocking, Login and Card Assignment screens are not displayed in this language. In such case,
you can enable forceLanguageOnXsaAuthentication property. This will make all screens to be displayed in
one language, the first one in supported-lang-priority property list.
Access rights definition
For access rights control of native applications (e.g. copy) on YSoft SafeQ Embedded Terminal for Xerox, it
is necessary to enable property enableXeroxAccessDefinition in System settings in YSoft SafeQ Web
administration. The access rights control is only supported with authentication mode To device.
Access rights control of native applications is not supported on some models. To see, whether your model is
supported, check the installation overview window. You can find there one of the two messages:
This device supports access definition for copy and fax.

This device does not support access definition for copy and fax
Access right control of color is not supported in native applications. This can be only configured individually
per device by administrator. For more information see Configuring Xerox EIP for YSoft SafeQ Embedded
Terminal.
XEROX EIP WITH ACCOUNTING/PAYMENT MODULES ONLY
Description
YSoft SafeQ 5 1074

February 03, 2016
According to the obtained license, it may happen that it will be possible to install the Xerox EIP devices only
with Accounting or Payment modules. This configuration requires the user to authenticate locally on the
device. This authentication is however not checked with SafeQ server. Detailed behavior is explained
below.
Accounting module only
If only the Accounting module is installed, before the user is allowed to perform any operation on the device,
he/she is forced to enter User ID and Account ID on the device. User ID is mapped as user's login to SafeQ.
All jobs performed on the device are then accounted.
If user enters correct login as User ID, jobs will be accounted to user.
If user enters incorrect login as User ID, jobs will be accounted to unknown user.
Accounting and payment modules only

If only the Payment and Accounting modules are installed, before the user is allowed to perform any
operation on the device, he/she is forced to enter User ID and Account ID on the device. User ID is mapped
as user's login to SafeQ. All jobs performed on the device are then accounted and charged.
If user enters correct login as User ID, jobs will be accounted and charged to user.
If user enters incorrect login as User ID, error message will be displayed on device screen
Note: This option is not supported on devices with EIP 1.5 and lower.
Limitations
Hardware button for logout may not work as expected on certain types of devices. Therefore the user
has to use the software logout button in order to logout.
User is allowed to enter any string as the Account ID, the Account ID is not verified or mapped by
SafeQ server.
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR SHARP OSA
BEFORE INSTALLATION
1 Make sure all general properties as defined in Install Embedded Terminals document are completed.
2 Configure the MFP properly. See Configuring Sharp OSA for YSoft SafeQ Embedded Terminal for
more information.
YSoft SafeQ 5 1075

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1076

February 03, 2016
Vendor
Select Sharp from the list.
login and password
Authentication
device.
YSoft SafeQ 5 1077

February 03, 2016
Application
interface.
the users.
Scan
Accounting
Payments
overdrafts.
NOTE:
YSoft SafeQ 5 1078

February 03, 2016
SafeQ).
YSoft SafeQ 5 1079

February 03, 2016
device.
manually.
servers.
YSoft SafeQ 5 1080

February 03, 2016
transport provider.
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1081

February 03, 2016
YSoft SafeQ 5 1082

February 03, 2016
YSoft SafeQ 5 1083

February 03, 2016
YSoft SafeQ 5 1084

February 03, 2016
YSoft SafeQ 5 1085

February 03, 2016
CONFIGURATION OF INITIAL SCREEN WITH SHARP OSA DEVICES
Terminal requires both AMX2 and AMX3 licenses to be installed and enabled.
About
Initial screen feature allows administrator to configure which application or screen will be displayed directly
after user authentication on printer.
Configuration
1. Log in as administrator into YSoft SafeQ web interface

2. Go to System > System settings and set initial-screen property (list of supported values can be
found below in Behaviour matrix)
NOTE: initial-screen property is under Advanced options, so make sure you have chosen the right
view.
Behaviour matrix
Describes which application is displayed for which initial-screen property values based on type of installed
Embedded Terminal.
initial-screen property value
shortcuts Sharp OSA applications

screen
sq YSoft SafeQ application
sqprint YSoft SafeQ print application
sqscan YSoft SafeQ scan application
copy Sharp OSA copy application
scan Sharp OSA scan application
YSOFT SAFEQ EMBEDDED TERMINAL FOR SHARP OSA
Overview
YSoft SafeQ 5 1086

February 03, 2016
Sharp devices provide the ability to install YSoft SafeQ Embedded Terminal, browser-based software
application. Specific licensing policy requires each device to be configured before installing the embedded
terminal.
Differences between AMX2 and AMX3 licensing
AMX2 license only
Authentication is not required for copying.

Authentication screen is displayed after pressing Sharp OSA button.
Copy and scan jobs are not visible in SafeQ web interface.
Copy, scan and print jobs are not visible in history screen.
Accouting is not available.
After installation, logout and after cancelling card assignment or authentication, user is navigated to
screen “Select external application”.
AMX3 license only
After authentication user is navigated directly to the embedded terminal application.

Return to embedded terminal from Sharp native screen is not possible.
Scanning is not available.
Limitations of browser-based Embedded Terminal on Sharp devices
On devices supporting lower OSA version, in the case that both licenses are enabled (AMX2, AMX3)
and the user login, he is taken to the Sharp OSA native panel (not directly to YSoft application).
On devices supporting OSA 4 and higher, the initial-screen property defines where the user is
taken after authentication.
Logout with card is not possible when card reader is in keyboard mode.
Logout with card is not possible when device is not fully unlocked (user didn´t enter to copy or scan
application after log in).
In IC Card Mode enabled on device and Sharp mode set on USB card reader swiping card causes
occasional blinking of display.
In case of changing AMX2/3 license keys, Terminal Server must be restarted before installation of
ET.
If the MFP device is asleep, user must start the device manually before swiping the card at USB card
reader.
When the user credential (i.e. user name, password) are not filled in, the Login button is active, but it
does not make any action.
In the case that AMX2 license is enabled only and the Authentication Mode is configured "To each
application", the USB IC Card mode is not working (the USB keyboard mode must be configured).
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR FUJI XEROX APEOS

Before installation
YSoft SafeQ 5 1087

February 03, 2016
Configure the device. See Configuring Fuji Xerox Apeos for YSoft SafeQ Embedded Terminal for
more information.
YSoft SafeQ 5 1088

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1089

February 03, 2016
Vendor
Select FujiXerox from the list.
login and password
Authentication
device.
YSoft SafeQ 5 1090

February 03, 2016
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that
this application may be required by some other features.
interface.
the users.
Scan
Accounting
Payments
Print job parser needs to be set at least to the option "Render jobs as low resolution
(36 DPI) images" in order to use the Payment System with the YSoft SafeQ Embedded
Terminal for Fuji Xerox.
NOTE:
YSoft SafeQ 5 1091

February 03, 2016
SafeQ).
device.
YSoft SafeQ 5 1092

February 03, 2016
manually.
servers.
transport provider.
YSoft SafeQ 5 1093

February 03, 2016
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1094

February 03, 2016
YSoft SafeQ 5 1095

February 03, 2016
YSoft SafeQ 5 1096

February 03, 2016
YSoft SafeQ 5 1097

February 03, 2016
YSoft SafeQ 5 1098

February 03, 2016
CHANGE PLACEMENT OF YSOFT SAFEQ SHORTCUT AT THE TERMINAL
1 Set YSoft SafeQ application button in Home panel of ApeosPort IV.

Log in to Apeos as system administrator = 11111.
2 Press the Tools menu.
3 Go to System Settings > Common Service Settings > Screen / Button Settings...
YSoft SafeQ 5 1099

February 03, 2016
4 Select Services Home and press the Change Settings option.
5 You can select position, where YSoft SafeQ application shortcut should be placed. After changing the
position, press Save.
(If another application is already registered to the selected position, it will be replaced by YSoft
SafeQ.)
YSoft SafeQ 5 1100

February 03, 2016
6 Select Web Application Server 1 where YSoft SafeQ is registered. Press Save.
By pressing the Details option, you can view underlying configuration (see next screenshot).
YSoft SafeQ 5 1101

February 03, 2016
7 YSoft SafeQ shortcut is now placed in the home location.
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR FUJI XEROX WITH XCP
Before installation
2 Configure the device. See Configuring Fuji Xerox with XCP for YSoft SafeQ Embedded Terminal for
more information.
YSoft SafeQ 5 1102

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1103

February 03, 2016
Vendor
Select FujiXerox XCP from the list.
login and password
Authentication
device.
YSoft SafeQ 5 1104

February 03, 2016
Application
interface.
the users.
Scan
Accounting
Payments
Print job parser needs to be set at least to the option "Render jobs as low resolution
(36 DPI) images" in order to use the Payment System with the YSoft SafeQ Embedded
Terminal for Fuji Xerox with XCP.
NOTE:
YSoft SafeQ 5 1105

February 03, 2016
SafeQ).
device.
YSoft SafeQ 5 1106

February 03, 2016
manually.
servers.
transport provider.
YSoft SafeQ 5 1107

February 03, 2016
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1108

February 03, 2016
YSoft SafeQ 5 1109

February 03, 2016
YSoft SafeQ 5 1110

February 03, 2016
YSoft SafeQ 5 1111

February 03, 2016
ENABLE CUSTOM QUOTA TOGGLING STRATEGY
When custom quota toggling strategy is enabled, right after authenticating at the Embedded
Terminal users will be prompted to choose, whether they want to print, copy or scan. SafeQ will
thus be able to set reservations of credit accordingly, which will reduce many limitations of the
default quota toggling strategy. For more information see Credit handling on Fuji Xerox.
To enable custom quota toggling strategy, in System settings set

fujiXeroxEnableDefaultQuotaTogglingStrategy to Disabled.
SET LOGIN SCREEN TO BE DISPLAYED AUTOMATICALLY
1 Go to Tools >> System Settings >> Common Service Settings >> Screen / Button Settings
2 Select option 3 - Auto Display of Login Screen
3 Tap Change Settings and choose On
4 Tap Save
YSoft SafeQ 5 1112

February 03, 2016
CHANGE PLACEMENT OF YSOFT SAFEQ SHORTCUT AT THE TERMINAL
1 Log in to Apeos as system administrator = 11111.
NOTE: If the YSoft SafeQ authentication screen is diplayed, press the Log In / Out button and tap
Log in as Administrator
2 Press the Tools menu.
3 Go to System Settings > Common Service Settings > Screen / Button Settings...
YSoft SafeQ 5 1113

February 03, 2016
4 Select Services Home and press the Change Settings option.
5 You can select position, where YSoft SafeQ application shortcut should be placed. After changing the
position, press Save.
(If another application is already registered to the selected position, it will be replaced by YSoft
SafeQ.)
YSoft SafeQ 5 1114

February 03, 2016
6 Select Web Application Server 1 where YSoft SafeQ is registered. Press Save.
By pressing the Details option, you can view underlying configuration (see next screenshot).
YSoft SafeQ 5 1115

February 03, 2016
7 YSoft SafeQ shortcut is now placed in the home location.
BEHAVIOUR AND CONFIGURATION OF FUJI XEROX XCP INITIAL SCREEN
About
Initial screen feature allows administrator to configure which application or screen will be displayed directly
after user authentication on printer.
Configuration
1. Log in as administrator into YSoft SafeQ web interface

2. Go to System > System settings and set initial-screen property (list of supported values can be
found below in Behaviour matrix)
NOTE: initial-screen property is under Advanced options, so make sure you have chosen the right
view.
Behaviour matrix
YSoft SafeQ 5 1116

February 03, 2016
Describes which application is displayed for which initial-screen property values based on type of installed
Embedded Terminal.
initial-screen property value
shortcuts Fuji Xerox All Services

window
sq YSoft SafeQ application
copy Fuji Xerox Copy Service
scan Fuji Xerox Scan to PC

Service
NOTE: Unsupported initial-screen values ( sqprint, sqscan, etc.) will be replaced by shortcuts value.
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR RICOH ESA
YSoft SafeQ Embedded Terminal for Ricoh ESA is supported only on Ricoh devices with SDK/J 4.
x and higher.
BEFORE INSTALLATION
2 Configure the device. See Configuring Ricoh ESA for YSoft SafeQ Embedded Terminal for more
information.
YSoft SafeQ 5 1117

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1118

February 03, 2016
Vendor
Select Ricoh from the list.
(Advanced only) Administrator login – this feature is described in
(Advanced only) Delete jobs after printing – enables / disables delete after
print feature. For more details please see: Delete jobs after printing
Authentication
YSoft SafeQ 5 1119

February 03, 2016
Application
Native – Application will use terminal with YSoft SafeQ interface.
the users.
Scan
Accounting
Payments
users with money accounts will be charged for print, copy and scan activity according
to the appropriate price list.
Print job parser needs to be set at least to the option "Render jobs as low resolution (36 DPI)
images" in order to use the Payment System with Ricoh embedded terminal.
NOTE:
YSoft SafeQ 5 1120

February 03, 2016
Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
SafeQ).
Maintenance contract number - typically used to identify specific contract linked to
the device.
Contact person - use this value to specify person responsible for the device (in case
of failure, errors, maintenance, etc.)
therefore does not apply to installation of Embedded Terminal.
Backend - option refers to network protocol used for communication with the device
and used for printing at the device. After selecting another printing backend, use the
wrench icon to automatically adjust the Port number. Otherwise, you will need to
change it manually.
YSoft SafeQ 5 1121

February 03, 2016
servers.
transport provider.
driver used by the users at the time of creating print job. which user is using for
printing. This change can affect job accounting for users with diacritics in the login
name. Default value is UTF-8.
SNMP v2
properties.
SNMP v3
Username
YSoft SafeQ 5 1122

February 03, 2016
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1123

February 03, 2016
11 Scan tab offers alternative to embedded terminal scanning allowing the users to scan documents
using native scanning application of the device instead. To enable this feature the scanning has to
be configured according to the article Scanning with Ricoh device native scanning application.
12 Click Save device button. After confirmation, the device will be automatically reinstalled with
updated configuration and embedded terminal.
YSoft SafeQ 5 1124

February 03, 2016
YSoft SafeQ 5 1125

February 03, 2016
HOW TO VERIFY THAT FAILOVER SUPPORT WORKS CORRECTLY
NOTE: The failover feature works only with devices connected to CML. Failover feature must be enabled
by system configuration srte-enterprise-mode.
1 Authenticate at YSoft SafeQ Embedded Terminal for Ricoh ESA with the valid account.
Authentication must not fail.
2 Log in to the YSoft SafeQ Embedded Terminal for Ricoh ESA web configuration at 'http://MFP_IP:
8080/sqet/Login' (where MFP_IP is the MFP's IP address). Enter the login code. (The default is 14569
.)
3 Verify that you see the IP address of all your CML servers in the list.
YSoft SafeQ 5 1126

February 03, 2016
Optionally you can stop the CML which is listed as the first and try to authenticate at the device.
Authentication must be working. In the YSoft SafeQ Embedded Terminal for Ricoh ESA web
configuration you will see that the order of the servers has been changed.
YSOFT SAFEQ EMBEDDED TERMINAL FOR RICOH ESA - ADDITIONAL SPECIFIC SETTINGS
System settings
You can configure additional options related to YSoft SafeQ Embedded Terminal for Ricoh ESA in System
settings:
Logout time (srte-logout-timeout) - When users do not perform any action for defined period of time,
they will be logged out automatically from the terminal. Value is set in seconds.
Multiple server mode (srte-enterprise-mode) - If enabled, Ricoh Embedded Terminal is running in
the enterprise mode, i.e. the terminal application connects to multiple CML servers.
Secured connection (srte-ssl-configuration) - If enabled, YSoft SafeQ uses SSL connection to
configure SRTE.
Maximum job file size (srte-size-for-server-print) - This option limits size of a print job being stored
locally on the device HDD before printing. Jobs which are larger than the defined limit will be printed
directly from the server. Value is set in bytes.
Enable faster print on Ricoh devices ( srteEnableFasterPrint ) - This option enables faster
processing of print jobs on Ricoh devices. This method may eventually cause incorrect accounting of
print jobs in case of hardware issues (like paper jam) therefore it is recommended to keep it disabled
when YSoft SafeQ is used in combination with Payment System.
Scan rotation
Devices with SRTE (ver. A.) installed can be configured to rotate color pdf scans. This option is
configurable for each device at the SRTE web configuration.
After login with level 2 password, the following screen will appear. Here you can change the option to
rotate scans.
YSoft SafeQ 5 1127

February 03, 2016
Function key configuration

On devices similar to Ricoh Aficio MP C3002, you can define your own key shortcut to quickly access
YSoft SafeQ application by clicking function key button and specify YSoft SafeQ application for as a
default function/application displayed after a successful authentication. For more details please see
Function key settings.
ENABLING FAILOVER SUPPORT FOR YSOFT SAFEQ EMBEDDED TERMINAL FOR RICOH ESA
YSoft SafeQ Embedded Terminal for Ricoh ESA is communicating directly to the "YSoft SafeQ CML" with
some exceptions when support from "YSoft SafeQ Terminal Server" service is required. Therefore, standard
procedures for the loadbalancing and failover via Microsoft Cluster Server or Failover using Windows
Network Load Balancing Services (NLB) does not apply for this type of embedded terminal.
If you have the failover enabled, MFP will obtain the list of IP addresses for all the CML nodes after the first
successful authentication. If the primary CML becomes unavailable, embedded terminal will automatically
find another CML according to strategy selected in configuration. Then the embedded terminal will use the
resolved CML as the primary until it becomes unavailable or until some preconfigured time interval passes.
Then another server is found and selected as primary in dependency on selected failover strategy. With
some strategies the MFP may automatically switch back to a preferred CML if you restore its functionality.
The server can be resolved as active only if both YSoft SafeQ CML and YSoft SafeQ Terminal Server are
responding to MFP requests.
YSoft SafeQ 5 1128

February 03, 2016
Limitations
1 This failover configuration does not provide Load-
balancing.
2 This failover is applicable only on the CML (not on ORS).
Enabling failover support for YSoft SafeQ Embedded Terminal for Ricoh ESA
Go to System > System settings and set srte-enterprise-mode property to enabled.

If enabled, Ricoh Embedded Terminal is running in the enterprise mode, i.e. the terminal
application connects to multiple server nodes in the YSoft SafeQ cluster.
2 Save the configuration and restart the CML service on all the nodes and reinstall all the devices with
YSoft SafeQ Embedded Terminal for Ricoh ESA.
Configuring failover on YSoft SafeQ Embedded Terminal for Ricoh ESA

2 Go to System > System settings from the menu
3 Set srteFailoverStrategy property to required strategy. The option determines how the primary
server is resolved in case when the current server becomes unavailable. The strategies are described
in following section.
4 Set srteFailoverCheckInterval property to required value. It sets the maximal time (in minutes) after
which the primary CML server is resolved according to selected strategy. The minimal allowed value
of this property is one.
5 Save the configuration and reinstall all the devices with YSoft SafeQ Embedded Terminal for Ricoh
ESA.
Strategies for server selection in YSoft SafeQ Embedded Terminal for Ricoh ESA
1
DEFAULT STRATEGY
With this strategy the MFP will always check for the CML server with fastest response. The servers
are checked for their availability in parallel and the first CML server which responses is taken as the
primary for all ongoing communication.
2
PRIMARY NODE PREFERRED
With this strategy the "primary node" is always preferred. In this scenario, the "primary node" is the
CML from which the MFP was originally installed. If the "primary node" is not available, another
server is selected using the default strategy described above. If the "primary node" becomes
available, the MFP will connect to it when the current one becomes unavailable or after the
preconfigured time interval passes.
YSoft SafeQ 5 1129

February 03, 2016
How to verify the correct functionality

1 Authenticate at the YSoft SafeQ Embedded Terminal for Ricoh ESA with the valid account.
Authentication must not fail.
2 Log in to the YSoft SafeQ Embedded Terminal for Ricoh ESA Web Configuration Interface at '
http://MFP_IP:8080/sqet/Login' (where MFP_IP is the MFP's IP address). Please note the HTTP
address is case-sensitive. Enter the login code. (The default is 14569.)
3 Verify that you see the IP address of all your CMLs in the list.
4 Optionally you can stop the CML which is listed as the first. Then verify that authentication is still
working. In the YSoft SafeQ Embedded Terminal for Ricoh ESA Web Configuration Interface you will
see that the order of the servers has switched.
FUNCTION KEY SETTINGS
Overview
Function Key
Function Priority
Overview
This feature allows you to define your own key shortcut to quickly access YSoft SafeQ application by
clicking function key button.
Function Key
Specify YSoft SafeQ application for a key accessible via MFP panel.
YSoft SafeQ 5 1130

February 03, 2016
Setting Function Key in MFP web interface

1 Log in to the MFP web interface with administrator rights.
2 Go to Device Management > Configuration > Function Key Allocation/Function Priority
Set Function Key 5 to SafeQ by clicking Change button.
3 Select SafeQ and touch OK.
YSoft SafeQ 5 1131

February 03, 2016
4 Now your Function key is set.
Setting Function Key on MFP panel

1 Go to System Settings > General Features > Function Key Allocation > Function Key 5 >
Extended Feature > SafeQ
Function Priority
Specify YSoft SafeQ application for as a default function/application displayed after a successful
authentication.
Setting Function Priority in MFP web interface

1 Log in to the MFP web interface with administrator rights.
YSoft SafeQ 5 1132

February 03, 2016
2 Go to Device Management > Configuration > Function Key Allocation/Function Priority
Set Function Priority to SafeQ by clicking Change button.
3 Select SafeQ and touch OK.
YSoft SafeQ 5 1133

February 03, 2016
4 Now your Function priority is set.
Setting Function Priority on MFP panel

1 Go to System Settings > General Features > Function Priority > Extended Feature > SafeQ
YSOFT SAFEQ EMBEDDED TERMINAL FOR RICOH ESA - WEB CONFIGURATION INTERFACE
Accessing Web Configuration Interface
1. Log in to the YSoft SafeQ Embedded Terminal for Ricoh ESA (SRET) Web Configuration Interface at
'http://MFP_IP:8080/sqet/Login' (where MFP_IP is the MFP's IP address) through your web browser.
2. Enter the login code. (The default is 14569.)
YSoft SafeQ 5 1134

February 03, 2016
Web Configuration Interface description

YSoft SafeQ Embedded Terminal for Ricoh ESA Web Configuration Interface provides number of
information and configuration settings as shown on image below.
Information
Version - Exact version of SRET installed on device

Serial Number - Serial number of SRET installed on device
USB card reader state - Current state of USB card reader (connected/disconnected)
Configuration settings
SafeQ server IP - IP adress(es) of SQ server(s) communicating with SRET. SRET can communicate
with multiple SQ servers. SQ server currently communicating with SRET, is listed first. Order of
servers reflects priority of communication attempts in case of terminal failover.
SafeQ server port - Port on which SRET is communicating with SafeQ server.
Debug Memory - Settings turns ON/OFF logging of memory consumption. In case this setting is
turned on, SRET logs will contain detailed information about consumption of device's memory (Stack
size).
Enable color pdf scans rotation - Settings turns ON/OFF pdf rotation. In case this setting is turned
on, SRET will rotate all scanned PDF files.
Automatic user logout - Time (in seconds) after which user will be logged out from SRET.
Print jobs from SafeQ server if language is unknown - Settings turns ON/OFF print of jobs with
unknown language.
Logs obtainment
YSoft SafeQ Embedded Terminal for Ricoh ESA logs and additional information about SRET are available
via Web Configuration Interface.
On Web Configuration Interface main page click on Logs button and following status page will appear:
YSoft SafeQ 5 1135

February 03, 2016
To download logs, click on file you wish to download.
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR TOSHIBA

Before installation
1 Make sure all general properties as defined in Installing Embedded Terminals document are
completed
2 Configure the MFP properly. See Configuring Toshiba for YSoft SafeQ Embedded Terminal for more
information.
3 Go to SafeQ Web Interface > System Settings and set forceStartInternalLdap to enabled. This option
will ensure that internal LDAP server (required for authentication on Toshiba Embedded Terminal) will
be initialized during CML/ORS service start.
YSoft SafeQ 5 1136

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1137

February 03, 2016
Vendor
Select Toshiba from the list.
login and password
Authentication
Method – Select the authentication method. Username and password or PIN
are supported authentication methods. With this option, authentication with Card
via YSoft USB card reader is also possible but additional configuration might be
required, for more information see the article supported Toshiba MFP FW for
YSoft USB card reader.
YSoft SafeQ 5 1138

February 03, 2016
When any users username contains @ character, additional configuration is
required, for more information see the article Configuring Toshiba for YSoft SafeQ
Embedded Terminal with @ character in username.
Application
interface.
the users.
Scan
Accounting
NOTE: Some options are available for editing only in the Advanced view. You can choose
YSoft SafeQ 5 1139

February 03, 2016
YSoft SafeQ 5 1140

February 03, 2016
SafeQ).
device.
YSoft SafeQ 5 1141

February 03, 2016
manually.
servers.
transport provider.
YSoft SafeQ 5 1142

February 03, 2016
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1143

February 03, 2016
YSoft SafeQ 5 1144

February 03, 2016
YSoft SafeQ 5 1145

February 03, 2016
YSoft SafeQ 5 1146

February 03, 2016
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR OKI

Before installation
1 Make sure all general properties as defined in Installing Embedded Terminals document are
completed
2 Configure the MFP properly. See Configuring OKI for YSoft SafeQ Embedded Terminal for more
information.
3 Go to SafeQ Web Interface > System Settings and set forceStartInternalLdap to enabled. This option
will ensure that internal LDAP server (required for authentication on OKI Embedded Terminal) will be
initialized during CML/ORS service start.
YSoft SafeQ 5 1147

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1148

February 03, 2016
Vendor
Select OKI from the list.
login and password
Authentication
Method – Select the authentication method. Username and password or PIN
are supported authentication methods.
YSoft SafeQ 5 1149

February 03, 2016
When any users username contains @ character, additional configuration is

required, for more information see the article Configuring OKI for YSoft SafeQ
Embedded Terminal with @ character in username.
Application
interface.
the users.
Scan
Accounting
NOTE: Some options are available for editing only in the Advanced view. You can choose
YSoft SafeQ 5 1150

February 03, 2016
SafeQ).
device.
YSoft SafeQ 5 1151

February 03, 2016
manually.
servers.
transport provider.
YSoft SafeQ 5 1152

February 03, 2016
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1153

February 03, 2016
YSoft SafeQ 5 1154

February 03, 2016
YSoft SafeQ 5 1155

February 03, 2016
YSoft SafeQ 5 1156

February 03, 2016
YSoft SafeQ 5 1157

February 03, 2016
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR SAMSUNG
BEFORE INSTALLATION
1 Make sure all general properties as defined in Install Embedded Terminals document are completed.
2 Configure the MFP properly. See Configuring Samsung for YSoft SafeQ Embedded Terminal for
more information.
YSoft SafeQ 5 1158

February 03, 2016
for each device.
troubleshooting.
centers.
YSoft SafeQ 5 1159

February 03, 2016
Vendor
Select Samsung from the list.
login and password
Authentication
device.
YSoft SafeQ 5 1160

February 03, 2016
Application
interface.
the users.
Scan
Accounting
Payments
overdrafts.
NOTE:
YSoft SafeQ 5 1161

February 03, 2016
SafeQ).
YSoft SafeQ 5 1162

February 03, 2016
device.
manually.
servers.
YSoft SafeQ 5 1163

February 03, 2016
transport provider.
SNMP v2
properties.
SNMP v3
Username
Context name
Privacy algorithm
Privacy password
YSoft SafeQ 5 1164

February 03, 2016
YSoft SafeQ 5 1165

February 03, 2016
YSoft SafeQ 5 1166

February 03, 2016
YSoft SafeQ 5 1167

February 03, 2016
YSoft SafeQ 5 1168

February 03, 2016
GLOBAL SETTINGS
Configure Print all feature after login

Configuring displaying incompatible jobs
CONFIGURE PRINT ALL FEATURE AFTER LOGIN
Overview
With "Print all" user can print all jobs in Waiting folder after logging in on Terminal Embedded.
"Print all" value can be set:
by user on Terminal Embedded

login screen (Konica Minolta, Sharp, Ricoh, Toshiba)
after logging in (Xerox, Fuji Xerox)
by administrator in System Settings
by setting print-all-button-default-value
Configuration
Go to System > System settings and set print-all-button property to enabled .

This option enables `Print all` button on authentication screen of embedded terminal. Default
value is enabled.
2 After saving the settings and restarting Terminal server, "Print all" buttons will be displayed on the
terminal's login screen or displayed after login based on type of terminal.
YSoft SafeQ 5 1169

February 03, 2016
NOTE: Reinstallation of embedded terminal is required for some terminal types. You will be
informed if this is your case based on embedded terminals in your environment when saving the
settings.
Related properties
There are few another properties related to "Print all" function:
print-all-button-default-value - This option set initial state of `Print all` button on authentication
screen of embedded terminal. Default value is false.
printSharedJobs - If enabled, all normal and shared jobs are printed on `print all` command.
jobsAllSortOrder - Order of printed jobs after "Print all" based on delivery date to YSoft SafeQ. You
can set either print newest jobs first or last.
maxPrintAllJobs - Maximum number of jobs printed with "Print all".
CONFIGURING DISPLAYING INCOMPATIBLE JOBS
This feature is for displaying of all jobs (even with incompatible language) on terminal job list.
This feature works with all Embedded Terminals and Terminal Professional.
Configuration
1 Go to System > System settings > Terminal UI (Expert mode view) and set
showIncompatibleJobs property to enabled.
Property description: If enabled, all jobs (even with incompatible language) are shown on terminal.
2 Enable print job parser (described here)
3 Configure (or check) printer tags on page Devices > Edit printer > Tags
Printer tags should correspond with real printer capabilities.
NOTE: In this case, all jobs with Colour tag will be marked as incompatible jobs and it won't
be possible to print them.
YSoft SafeQ 5 1170

February 03, 2016
4 Send a job to SafeQ and check it is properly parsed. You can check the job on the Reports >
Display detailed job information > Information page.
NOTE: This job will be marked as a incompatible job, because it contains Colour tag, which is not
allowed in the step 3.
How incompatible jobs look on terminals:
YSoft SafeQ 5 1171

February 03, 2016
Incompatible jobs at the Xerox printer

Incompatible jobs at the Fuji Xerox printer
Incompatible jobs at the KM printer
Incompatible jobs at the KM printer - KM interface
Incompatible jobs at the Ricoh printer
Incompatible jobs at the Terminal Professional
CONFIGURE MFPS
Configuring Konica Minolta OpenAPI (Zeus/Minerva) for YSoft SafeQ Embedded Terminal
Configuring Konica Minolta OpenAPI (older models) for YSoft SafeQ Embedded Terminal
Configuring Fuji Xerox Apeos for YSoft SafeQ Embedded Terminal
Configuring Fuji Xerox with XCP for YSoft SafeQ Embedded Terminal
Configuring Toshiba for YSoft SafeQ Embedded Terminal
Configuring OKI for YSoft SafeQ Embedded Terminal
Configuring Samsung for YSoft SafeQ Embedded Terminal
Configuring Lexmark for YSoft SafeQ Embedded Terminal
Configuring HP for YSoft SafeQ Embedded Terminal
CONFIGURING KONICA MINOLTA OPENAPI (ZEUS/MINERVA) FOR YSOFT SAFEQ EMBEDDED TERMINAL
This manual is applicable also for Develop and Olivetti devices.
Requirements:
Correct firmware is installed on MFP (for more details see HCL - Konica Minolta)
MFP is OpenAPI 3.5 - 4.0 compatible if embedded accounting / application shortcuts / web browser
terminal functionality is required.
Models that support OpenAPI 3.5 - 4.0 may need HDD and/or additional memory installed (for more
details see HCL - Konica Minolta)
At Glance:
1. Configure and enable SSL

2. Disable the Certificate Verification Settings option
3. Enable OpenAPI on a device
4. Configure SSL for OpenAPI and TCP Socket communication
5. Configure region (Develop only)
6. Disable all other authentications (User Account Track, ID & Print, key counter, Vender2 cable etc.)
7.
YSoft SafeQ 5 1172

February 03, 2016
7. Add domain DNS suffix in Network settings - Default DNS domain name (in case a host name for
ORS is used)
8. Configure the Windows print driver
9. Install loadable driver (if authentication by CARD is required)
10. Configure USB card reader settings (if authentication by CARD is required)
Configure and enable SSL
1. Open your Web browser and enter the MFP's IP address. The MFP Web interface,"PageScope®,"
opens.
2. On the PageScope Web Connection Login screen, select Administrator; then click Login. (If you
are automatically logged in as a guest, log out and then log in again using the administrator account).
NOTE: The PageScope Web interface varies according to the specific MFP.
3. Enter the Administrator password for the MFP; then click OK.
NOTE: The default password is 1234567812345678.
4. Select the Security tab ; then select Device Certificate Setting; Continue with selecting New
registration.
NOTE: If the device already has a factory default settings certificate, delete it first and then create a
new one.
YSoft SafeQ 5 1173

February 03, 2016
5. Select Create and install a self-signed Certificate and click OK.
6. Enter information for the SSL certificate; then click OK.

NOTE: The information you enter does not have to be valid (for example, the Admin E-mail Address
does not have to be valid), except the Validity Period, recommend is 3650 days. The Mode using
YSoft SafeQ 5 1174

February 03, 2016
SSL/TLS setting applies only to PageScope Web Connection; you can set it to None without
affecting OpenAPI's SSL capabilities.
Ensure that Encryption Key Type value RSA-1024_MD5 is selected for newer Konica
Minolta devices
7. When the message "Certificate has been successfully created" appears, click OK.
8. Log out of PageScope® Web Connection. If a message appears saying that it is necessary to reboot,
reboot the MFP.
NOTE: If the MFP does not request a reboot, you must log out of the Web interface before continuing
the terminal installation.
Disable the "Certificate Verification Settings" option
1. Log in to the MFP's Web interface as administrator

2. Select Security (see page).
3. From the menu, select Certificate Verification Settings.
4.
YSoft SafeQ 5 1175

February 03, 2016
4. For the Certificate Verification Settings option, select Off and save settings with OK
It is also recommended to turn off validation of certificate period. This prevents a situation when user
authenticates with invalid credentials (invalid card, invalid PIN) and it takes 1 minute to display the
information about invalid credentials.
1. Log in to the MFP's Web interface as administrator.

2. Navigate to Network > OpenAPI setting.
3.
YSoft SafeQ 5 1176

February 03, 2016
3. Under Certificate Verification Level Settings c onfigure Validity Period to Do not confirm.
Enable the "OpenAPI" option

Enable OpenAPI function on at the MFP panel as follows:
1. Make sure the MFP is idle — not copying, printing, scanning, or otherwise busy.
YSoft SafeQ 5 1177

February 03, 2016
2. Open the Utility menu.
3. Touch Administrator Settings.
YSoft SafeQ 5 1178

February 03, 2016
4. Enter the Administrator password for the MFP; then touch OK.
Note: The default password is 1234567812345678
5. Touch System Connection.
YSoft SafeQ 5 1179

February 03, 2016
6. Touch option OpenAPI Settings.
NOTE: If SSL and port number options appear, continue to chapter Konica Minolta - Configure SSL
via MFP panel
7. Touch Access Setting; then set it to Allow.
YSoft SafeQ 5 1180

February 03, 2016
Configure SSL for OpenAPI and TCP Socket communication

NOTE: The following settings can also be done on the MFP panel. This might be necessary if OpenAPI was
disabled manually (for example if Terminal Professional was used before on the MFP).
See the Konica Minolta - Configure SSL via MFP panel article for details on the manual procedure.
1. Log In the MFP's Web interface as administrator.

2. Select the Network tab, then select OpenAPI Setting and choose the SSL Only option; Then Click
OK.
YSoft SafeQ 5 1181

February 03, 2016
3.
YSoft SafeQ 5 1182

February 03, 2016
3. With the Network tab still selected, from the menu, select TCP Socket Setting and check the Use
SSL/TLS check box. Than Click OK.
4. Turn the main switch OFF and then ON again to apply changes to TCP Socket settings.
For remote reset use the web interface of the MFP, menu Maintenance > Reset > Reset.
Configure region
For Develop, only Europe region and Others2 region are supported. To change setting of a region of your
device, please see the Develop - Configure region page.
Configure User Authentication and Account Track
1.
YSoft SafeQ 5 1183

February 03, 2016
1. Right-click the Konica Minolta MFP driver; then select Printer properties > Configure.
2. On the Configure tab, click Acquire Settings or Obtain settings.

Note: Depends on your printers driver
3. Uncheck Auto checkbox
4.
YSoft SafeQ 5 1184

February 03, 2016
4. Click OK
5. Back on the Configure tab, set ID&Print, User Authentication and Account Track to disable.
6. Click OK.
Install loadable driver

This operation should be done by authorized Konica Minolta technician. Please see the Konica Minolta -
Install loadable driver article for details regarding this process.
Configure USB card reader settings
Follow these steps to implement authentication via USB card reader. If a card reader will not be used,skip
this step..
1. Enter the Service Mode menu on MFP.

NOTE: For instructions on opening Service Mode and for your specific MFP, see Service manual
available on InfoHub or contact your Konica Minolta distributor.
2.
YSoft SafeQ 5 1185

February 03, 2016
2. Enter the Billing Setting menu.

NOTE: For instructions on opening the Billing Setting menu, see Service manual available on
InfoHub or contact your Konica Minolta distributor.
3. Touch Management Function Choice.
4. Touch Authentication Device 2.

5. Touch Card.
6. On the ID Card Type screen, touch CARD2 (to specify the USB reader). Then touch OK.
NOTE: If CARD2 does not work and come up with an internal error, you have to use CARD1.
7. Turn OFF the main power switch for at least 10 seconds.

8. Connect USB card reader.
9. Turn ON main power switch.
Konica Minolta - Configure and enable SSL
1.
YSoft SafeQ 5 1186

February 03, 2016
1. Open your Web browser and enter the MFP's IP address. The MFP Web interface,"PageScope®,"
opens.
2. On the PageScope Web Connection Login screen, select Administrator; then click Login. (If you
are automatically logged in as a guest, log out and then log in again using the administrator account).
3. Enter the Administrator password for the MFP; then click OK.
4. Select the Security tab ; then select Device Certificate Setting; Continue with selecting New
registration.
NOTE: If the device already has a factory default settings certificate, delete it first and then create a
new one.
YSoft SafeQ 5 1187

February 03, 2016
5. Select Create and install a self-signed Certificate and click OK.
6. Enter information for the SSL certificate; then click OK.

NOTE: The information you enter does not have to be valid (for example, the Admin E-mail Address
does not have to be valid), except the Validity Period, recommend is 3650 days. The Mode using
YSoft SafeQ 5 1188

February 03, 2016
SSL/TLS setting applies only to PageScope Web Connection; you can set it to None without
affecting OpenAPI's SSL capabilities.
Ensure that Encryption Key Type value RSA-1024_MD5 is selected for newer Konica
Minolta devices
7. When the message "Certificate has been successfully created" appears, click OK.
8. Log out of PageScope® Web Connection. If a message appears saying that it is necessary to reboot,
reboot the MFP.
NOTE: If the MFP does not request a reboot, you must log out of the Web interface before continuing
the terminal installation.
Konica Minolta - Configure IPP and IPPSSL

Configuration of IPP and IPPSSL
This configuration is required for using IPP and IPPSSL.
1. Login MFP's web interface as administrator

2. Navigate to the Network tab
3. Continue to IPP Setting
4. Change the settings as shown below:
YSoft SafeQ 5 1189

4.
February 03, 2016
Enable IPP Setting option

Enable Accept IPP job option
Configuration of IPP over SSL
This configuration is required for using IPPSSL.
1. Navigate to the Security tab

2. Continue to PKI Settings > Device Certificate Setting
3. Use the New Registration button
4. Select the Request a Certificate option > OK
5. Insert details of your organization > OK
6. A message: Certificate Request was successful is displayed > OK
7. Copy or Save a Certificate Signing Request Data and submit them to your certification authority
8. Create a certificate with your certification authority
9. Continue on Security tab > PKI Settings > Device Certificate Setting
10. Select your Requesting Certificate and press the Setting button
11. Use Install a Certificate option > OK
12.
YSoft SafeQ 5 1190

February 03, 2016
12. Add certificate from your certification authority (the certificate you have created in step 8) > Press the
Install button
13. A message with the result of installation will be displayed
14. Continue to PKI Settings > SSL Setting
15. Set Mode using SSL/TLS to Admin. Mode and User Mode
16. Set Encryption Strenght to encryption which you use (if you are not sure which encryption use, set
attribute to AES-256, 3DES-168, RC4-128, DES-56, RC4-40)
Konica Minolta - Configure SSL for OpenAPI and TCP Socket communication
Configure additional required SSL settings as described here.
You can configure the settings by using either the MFP's Web interface or the MFP panel.
Konica Minolta - Configure SSL via MFP panel

If you did not set OpenAPI and TCP Socket settings via the MFP's Web interface, use the MFP's panel to
set them as follows:
YSoft SafeQ 5 1191

February 03, 2016
3.
YSoft SafeQ 5 1192

February 03, 2016
YSoft SafeQ 5 1193

February 03, 2016
6. Touch OpenAPI Settings.
7. Touch SSL/Port Settings.
YSoft SafeQ 5 1194

February 03, 2016
8. Select settings as shown below; then touch OK.
SSL Setting – SSL Only

Port No. – 50001
Port Number (SSL) – 50003
9. Return to Administrator Settings as follows: Touch Close twice or select Administrator Settings
from the menu on the left.
10. Touch Network Settings.
YSoft SafeQ 5 1195

February 03, 2016
11. Touch TCP Socket Settings (on second page of the Network Settings menu).
12. Touch TCP Socket.
YSoft SafeQ 5 1196

February 03, 2016
13. Change the settings for Use SSL/TLS to ON; then touch OK.
Konica Minolta - Configure SSL via MFP Web
1. Log In the MFP's Web interface as administrator.

2. Select the Network tab, then select OpenAPI Setting and choose the SSL Only option; Then Click
OK.
YSoft SafeQ 5 1197

February 03, 2016
3.
YSoft SafeQ 5 1198

February 03, 2016
3. With the Network tab still selected, from the menu, select TCP Socket Setting and check the Use
SSL/TLS check box. Than Click OK.
4. Turn the main switch OFF and then ON again to apply changes to TCP Socket settings.
For remote reset use the web interface of the MFP, menu Maintenance > Reset > Reset.
Develop - Configure region
For Develop, only Europe region and Others2 region are supported. It is recommended to use the
Europe region.
Follow these steps to set a supported region
1. Touch Service Mode > System 1 > Marketing Area

NOTE: For instructions for opening Service Mode with the Management Function Choice option for
your specific MFP, contact your Develop distributor.
2. Touch Europe (or possibly Others2)
3. Touch End
4. Touch Exit
YSoft SafeQ 5 1199

February 03, 2016
Konica Minolta - Configure USB card reader settings
1. Enter the Service Mode menu on MFP.

NOTE: For instructions on opening Service Mode and for your specific MFP, see Service manual
available on InfoHub or contact your Konica Minolta distributor.
2. Enter the Billing Setting menu.

NOTE: For instructions on opening the Billing Setting menu, see Service manual available on
InfoHub or contact your Konica Minolta distributor.
3. Touch Management Function Choice.
YSoft SafeQ 5 1200

February 03, 2016
4. Touch Authentication Device 2.

5. Touch Card.
6. On the ID Card Type screen, touch CARD2 (to specify the USB reader). Then touch OK.
NOTE: If CARD2 does not work and come up with an internal error, you have to use CARD1.
7. Turn OFF the main power switch for at least 10 seconds.

8. Connect USB card reader.
9. Turn ON main power switch.
Konica Minolta - Configure User Authentication and Account Track
1. Right-click the Konica Minolta MFP driver; then select Printer properties > Configure.
2.
YSoft SafeQ 5 1201

February 03, 2016
2. On the Configure tab, click Acquire Settings or Obtain settings.

3. Uncheck Auto checkbox

4. Click OK
5. Back on the Configure tab, set ID&Print, User Authentication and Account Track to disable.
6. Click OK.
Konica Minolta - Disable the Certificate Verification Settings option
1. Log in to the MFP's Web interface as administrator

2. Select Security (see page).
3. From the menu, select Certificate Verification Settings.
4.
YSoft SafeQ 5 1202

February 03, 2016
4. For the Certificate Verification Settings option, select Off and save settings with OK
It is also recommended to turn off validation of certificate period. This prevents a situation when user
authenticates with invalid credentials (invalid card, invalid PIN) and it takes 1 minute to display the
information about invalid credentials.
1. Log in to the MFP's Web interface as administrator.

2. Navigate to Network > OpenAPI setting.
3.
YSoft SafeQ 5 1203

February 03, 2016
3. Under Certificate Verification Level Settings c onfigure Validity Period to Do not confirm.
Konica Minolta - Disable the ID and print option on the MFP

At the MFP, disable the ID & Print option as follows:
1.
YSoft SafeQ 5 1204

February 03, 2016
YSoft SafeQ 5 1205

February 03, 2016
4. Touch User Authentication/Account Track.
5. Touch option User Authentication Settings.
YSoft SafeQ 5 1206

February 03, 2016
6. Touch Administrative Settings.
7.
YSoft SafeQ 5 1207

February 03, 2016
7. Touch ID & Print Settings.
8. Select options as shown below; then touch OK.
ID & Print – OFF

Public User – Print Immediately
Konica Minolta - Enable OpenAPI on a device

Enable OpenAPI function on at the MFP panel as follows:
1.
YSoft SafeQ 5 1208

February 03, 2016
3.
YSoft SafeQ 5 1209

February 03, 2016
YSoft SafeQ 5 1210

February 03, 2016
6. Touch option OpenAPI Settings.
NOTE: If SSL and port number options appear, continue to chapter Konica Minolta - Configure SSL
via MFP panel
7. Touch Access Setting; then set it to Allow.
YSoft SafeQ 5 1211

February 03, 2016
Konica Minolta - Install loadable driver

The exact steps to enter the Service Mode menu and to install loadable driver for specific models can be
found in their respective Service Manuals. The manuals and the current drivers are available at the Konica
Minolta InfoHub page.
Models in Zeus a Minerva lines

Product Konica Minolta Develop models Olivetti models
lines models
Minerva C754, C654 ineo+ 754, ineo+ 654 d-COLOR MF752Plus, d-COLOR MF652Plus
Minerva C754e, C654e ineo+ 754e, ineo+ 654e d-COLOR MF752, d-COLOR MF652
2nd
series
Zeus C554, C454, ineo+ 554, ineo+ 454, d-COLOR MF552, d-COLOR MF452, d-
C364, C284, ineo+ 364, ineo+ 284, COLOR MF362, d-COLOR MF282, d-COLOR
C224 ineo+ 224 MF222
Zeus C554e, C454e, ineo+ 554e, ineo+ 454e, d-COLOR MF552Plus. d-COLOR MF452Plus,
MLK C364e, C284e, ineo+ 364e, ineo+ 284e, d-COLOR MF362Plus, d-COLOR MF282Plus,
C224e ineo+ 224e d-COLOR MF222Plus
Installation
1. Copy the loadable driver file to the root directory of a USB flash drive.
2. Insert the USB flash drive into the USB port on MFP
3.
YSoft SafeQ 5 1212

February 03, 2016
3. Enter the Service Mode on the MFP.
4. Touch System 2.
5. Touch Driver Install.
6.
YSoft SafeQ 5 1213

February 03, 2016
6. Touch Install.
7. Select Loadable Driver and touch START.

8. Wait for confirmation message and when told to, turn OFF the main switch for at least 10 seconds.
9. Remove the USB flash drive.
Loadable driver uninstallation procedure

The exact steps to enter the Service Mode menu and to uninstall loadable driver for specific models can be
found in their respective Service Manuals. The manuals are available at the Konica Minolta InfoHub page.
Overview of product lines

Product Konica Minolta Develop models Olivetti models
lines models
Minerva C754, C654 ineo+ 754, ineo+ 654 d-COLOR MF752Plus, d-COLOR MF652Plus
Minerva C754e, C654e ineo+ 754e, ineo+ 654e d-COLOR MF752, d-COLOR MF652
2nd
series
Zeus C554, C454, ineo+ 554, ineo+ 454, d-COLOR MF552, d-COLOR MF452, d-
C364, C284, ineo+ 364, ineo+ 284, COLOR MF362, d-COLOR MF282, d-COLOR
C224 ineo+ 224 MF222
Zeus C554e, C454e, ineo+ 554e, ineo+ 454e, d-COLOR MF552Plus. d-COLOR MF452Plus,
MLK C364e, C284e, ineo+ 364e, ineo+ 284e, d-COLOR MF362Plus, d-COLOR MF282Plus,
C224e ineo+ 224e d-COLOR MF222Plus
Zeus/Minerva
1.
YSoft SafeQ 5 1214

February 03, 2016
1. Call the Service Mode to the screen.

2. Touch [System 2] -> [Driver Install] -> [Uninstall].
3. Select a driver to be uninstalled.
4. Touch [Start] to uninstall the data.
5. Check that data is normally uninstalled from the message that appears on the control panel.
6. Turn OFF/ON the main power switch.
Konica Minolta - Configure Print without authentication option
Print without authentication option allows printing of documents, that are sent directly to the MFP's
IP address.
This function needs to be allowed for the Public users to be able to print.
Terminal Embedded reinstallation resets the configuration back to "restricted".
Follow these steps to set the MFP's "Print without authentication" option:
1. Tap the hardware Home button on MFP.

2. Tap Utility.
3.
YSoft SafeQ 5 1215

February 03, 2016
3. Tap option 3, Administrator Settings
4. Enter the Administrator password for the MFP; then tap OK. (The default is 1234567812345678.)
5. Tap option 4, User Authentication/Account Track.
YSoft SafeQ 5 1216

February 03, 2016
6. Tap option 4, Print without Authentication.
7. Set this option to Full Color/Black or Black Only to enable printing of the documents sent directly to
the MFP's IP address.
To disable the printing, set the option to Restrict.
Touch OK to confirm the setting.
YSoft SafeQ 5 1217

February 03, 2016
Be sure to have your print driver configured correctly according to Konica Minolta - Configure User
Authentication and Account Track.
CONFIGURING KONICA MINOLTA OPENAPI (OLDER MODELS) FOR YSOFT SAFEQ EMBEDDED TERMINAL
At Glance:
Correct FW installed (for more details see HCL - Konica Minolta)

MFP must be OpenAPI 3.5 - 4.0 compatible if embedded accounting / application shortcuts / web
browser terminal functionality is required. Models that support OpenAPI 3.5 - 4.0 usually need HDD
and/or additional memory installed (for more details see HCL - Konica Minolta)
If SafeQ on-line print accounting is required, (for more details see Print tracking methods)
No ZERO counters. Normal (A5/A4/letter) page copy, normal page print, large (A3/legal
/tabloid) page copy, large page print counter must not be 0
MFP Service Menu > Counter setting > total counter mode – MODE 2 is set!
Install loadable driver (if authentication by CARD is required)
KM - Configure and enable SSL
KM - Disable the Certificate Verification Settings option
KM - Enable OpenAPI on a device (especially when external terminal was used before embedded
installation)
KM - Configure SSL for OpenAPI and TCP Socket communication
KM - Using the MFP Web interface to configure SSL settings
KM - Using the MFP Panel to configure SSL settings
KM - Configure switches
KM - Configure USB card reader settings (if authentication by CARD is required)
KM - Configure Print without authentication option (if printing of documents, that are sent directly to
the MFP's IP address is required)
KM - Disable the ID and print option on the MFP
KM - Disable all other authentications (User Account Track, key counter, Vender2 cable etc.)
YSoft SafeQ 5 1218

February 03, 2016
KM - Add domain DNS suffix in Network settings - Default DNS domain name (in case a host name
for ORS is used)
Configure print driver as follows:
Printer properties - Configure - Device Options are configured to support all possible features (Punch
unit, Finisher etc.)
Printer properties - Configure - Obtain Settings - Auto = not checked
Printer properties - Configure - User Authentication = disabled
Printer properties - Configure - Account Track = disabled
Printer properties - Ports - Enable printer pooling is checked + additional ports are created and
checked to be used (remove windows print spooling bottleneck)
Configure and enable SSL

Open your Web browser and enter the MFP's IP address. The MFP Web ®interface,"PageScope," opens.
On the PageScope Web Connection Login screen, select Administrator; then click Login. (If you are
automatically logged in as a guest, log out and then log in again using the administrator account).
Enter the Administrator password for the MFP; then click OK.
Select the Security tab ; then select Device Certificate Setting; Continue with selecting New registration
YSoft SafeQ 5 1219

February 03, 2016
Select Create and install a self-signed Certificate and click OK.
Enter information for the SSL certificate; then click OK.
NOTE: The information you enter does not have to be valid (for example, the Admin E-mail Address does
not have to be valid), except the Validity Period, recommend is 3650 days. The Mode using SSL/TLS
setting applies only to PageScope Web Connection; you can set it to None without affecting OpenAPI's SSL
capabilities.
YSoft SafeQ 5 1220

February 03, 2016
Ensure that Encryption Key Type value RSA-1024_MD5 is selected for newer Konica Minolta
devices
When the message "Certificate has been successfully created" appears, click OK; then log out of
PageScope Web Connection.
If a message appears saying that it is necessary to reboot, reboot the MFP.
NOTE: If the MFP does not request a reboot, you must log out of the Web interface before continuing the
terminal installation.
Disable the "Certificate Verification Settings" option
Log in to the MFP's Web interface as administrator; then select Security (see page ).
From the menu, select Certificate Verification Settings.
For the Certificate Verification Settings option, select Off and save settings with OK
Enable the OpenAPI on a device option

Make sure the MFP is idle — not copying, printing, scanning, or otherwise busy.
YSoft SafeQ 5 1221

February 03, 2016
Touch the Utility/Counter button. (This is a physical button.)

Touch option 3, Administrator Settings.
Enter the Administrator password for the MFP; then touch OK.
Touch option 9, System Connection.
YSoft SafeQ 5 1222

February 03, 2016
Touch option 1, OpenAPI Settings.
NOTE: If SSL and port number options appear, continue to chapter KM - Configure SSL via MFP panel
Touch Access Setting; then set it to Allow.
Configure SSL for OpenAPI and TCP Socket communication

Configure switches
YSoft SafeQ 5 1223

February 03, 2016
Please note, that this change is required for multilevel billing codes selection on KM devices from
product lines older than Zeus. If you are using Zeus product line or newer device, do not
change the default value of switch No. 25.
Follow these steps to set right value of switch No. 25
NOTE: No. 25 is just general name of this switch, please contact your Konica Minolta distributor to tell you
the appropriate equivalent of the switch name for your specific MFP.
1. Touch Service Mode > System 2 > Software switch settings

your specific MFP, contact your Konica Minolta distributor.
2. Touch Switch No.
3. Enter 25 (or switch number which is the equivalent to SW 25)
4. Touch HFX Assignment
5. Enter the appropriate value (20)
6. Touch Fix
7. Touch End
8. Touch Exit
Configure USB card reader settings

Follow these steps to implement authentication via USB card reader if you want to use authentication with
card reader.
If a card reader willnotbe used,skip toPrint without authentication option.
Connect the USB card reader to the MFP.
Touch Service Mode > Billing Setting > Management Function Choice.
NOTE: For instructions for opening Service Mode with the Management Function Choice option for your
specific MFP, contact your Konica Minolta distributor.
Touch Authentication Device 2.
YSoft SafeQ 5 1224

February 03, 2016
Touch Card.
On the ID Card Type screen, touch CARD2 (to specify the USB reader); then touch OK. If CARD2 does not
work and come up with an internal error, you have to use CARD1.
Set "Print without authentication" option
Print without authentication option allows or disables printing of documents, that are sent directly
to the MFP's IP address.
Press the Utility/Counter button. (This is a physical button.)
Tap option 3, Administrator Settings.
Enter the Administrator password for the MFP; then tap OK. (The default is 12345678.)
YSoft SafeQ 5 1225

February 03, 2016
Tap option 4, User Authentication/Account Track.
Tap option 4, Print without Authentication.
Set this option to Allow to enable printing of the documents sent directly to the MFP's IP address. To
disable the printing, set the option to Restrict.
Tap OK to confirm the setting.
YSoft SafeQ 5 1226

February 03, 2016
Be sure to have your print driver configured correctly according to KM - Configure User
Disable the "ID and print" option on the MFP

Enter the Administrator password for the MFP; then touch OK. (The default password is 12345678.)
Touch option 4, User Authentication/Account Track.
YSoft SafeQ 5 1227

February 03, 2016
Touch option 2, User Authentication Settings.
Touch option ID & Print Settings.
Select options as described below; then touch OK.
ID & Print – OFF

Configure User Authentication and Account Track
YSoft SafeQ 5 1228

February 03, 2016
Right-click the Konica Minolta MFP; then select Printer properties > Configure.
On the Configure tab, set set ID&Print/User Authentication/Account Track to disable.

Than click to Acquire Settings or Obtain settings
Uncheck Auto checkbox

Click OK
YSoft SafeQ 5 1229

February 03, 2016
Click OK.
Install loadable driver

Product Models
lines
Thames C353, C253, C203
Mosel C650, C550, C451
Donau C652, C552, C452
GangesM 501, 421, 361
Amur C360, C280, C220
YSoft SafeQ 5 1230

February 03, 2016
Product Models
lines
Taiga 423, 363, 283, 223
LaplataM 751, 601
Citrine C35, MF30-1
TaigaY bizhub 42, bizhub 36, MF42-1, MF36-1
Minerva C754, C654
Zeus C554, C454, C364, C284, C224
Symphony PRESS1250, PRESS1250P, PRESS1052,

PRO951
Thames\Mosel devices
Model Thames vs.
Mosel
C353 Thames 1(ti1)
C253 Thames 2(ti2)
C203 Thames 2.5(ti2_5)
C650 Mosel 1(mi1)
C550 Mosel 2(mi2)
C451 Mosel 3(mi3)
Thames/Mosel
Insert CF card(max 256 MB).
Extract Thames/Mosel archive with drivers to disk.
Go to the directory according to the device code name.
Run commant mkcfldr.bat (device code) (CF drive letter) - for example mkcfldr.bat mi2 e:
Turn off the MFP.
Insert the CF card in MFP.
Turn on the MFP.
Wait for driver download.
Turn off the MFP and remove the card.
Turn on the MFP.
YSoft SafeQ 5 1231

February 03, 2016
Go to service mode and choose.
Set authentication device -> card2.

GangesM/LaplataM
Copy LoadableDeviceDriverROM directory to the root of USB flash disk.
Insert the flash disk to the MFP.
Enter the Service Mode.
Press the [System 2] in "Service mode screen".
Press [ISW].
Press the [Board Type Selection].
Select [Lodable Device Driver] and press [OK].
Press the [File Selection].
Select the relevant firmware version and press [OK].
Press Execute.
Press Start.
Check to see the message "ISW was completed."

Amur
Copy "A0EDFW.tar" to the root directory of a USB flash drive.
Insert the USB flash drive into the USB port at the rear side of the main body.
Turn on the main switch.
Select "YES" and touch the "START" button displayed on the panel.
When the downloading proccess was finished, the message of "Download Complete" comes out on the
panel.
Turn off the main switch and remove the USB flash drive.
Donau
Copy "A0P0FW.tar" to the root directory of a USB flash drive.
Insert the USB flash drive into the USB port for service at the rear side of the main body. (Remove the
screw and lift up the cover of the USB port)
panel.
YSoft SafeQ 5 1232

February 03, 2016
Taiga
Copy "A1UDFW.tar" to the root directory of a USB flash drive.
panel.
KM - Configure and enable SSL
Open your Web browser and enter the MFP's IP address. The MFP Web ®interface,"PageScope," opens.
On the PageScope Web Connection Login screen, select Administrator; then click Login. (If you are
automatically logged in as a guest, log out and then log in again using the administrator account).
Enter the Administrator password for the MFP; then click OK.
Select the Security tab ; then select Device Certificate Setting; Continue with selecting New registration
YSoft SafeQ 5 1233

February 03, 2016
Select Create and install a self-signed Certificate and click OK.
Enter information for the SSL certificate; then click OK.
NOTE: The information you enter does not have to be valid (for example, the Admin E-mail Address does
not have to be valid), except the Validity Period, recommend is 3650 days. The Mode using SSL/TLS
setting applies only to PageScope Web Connection; you can set it to None without affecting OpenAPI's SSL
capabilities.
YSoft SafeQ 5 1234

February 03, 2016
Ensure that Encryption Key Type value RSA-1024_MD5 is selected for newer Konica Minolta
devices
When the message "Certificate has been successfully created" appears, click OK; then log out of
PageScope Web Connection.
If a message appears saying that it is necessary to reboot, reboot the MFP.
NOTE: If the MFP does not request a reboot, you must log out of the Web interface before continuing the
terminal installation.
KM - Disable the Certificate Verification Settings option
Log in to the MFP's Web interface as administrator; then select Security (see page ).
From the menu, select Certificate Verification Settings.
For the Certificate Verification Settings option, select Off and save settings with OK
KM - Enable OpenAPI on a device

YSoft SafeQ 5 1235

February 03, 2016

YSoft SafeQ 5 1236

February 03, 2016
NOTE: If SSL and port number options appear, continue to chapter KM - Configure SSL via MFP panel
Touch Access Setting; then set it to Allow.
KM - Configure SSL for OpenAPI and TCP Socket communication

KM - Configure SSL via MFP Web

Log In the MFP's Web interface as administrator;
Select the Network tab, then select OpenAPI Setting and choose the SSL Only option; Then Click OK.
YSoft SafeQ 5 1237

February 03, 2016
It may not be possible to configure SSL via MFP Web, as the setting may be disabled (greyed out). In
such case you need to KM - Configure SSL via MFP panel.
With the Network tab still selected, from the menu, select TCP Socket Setting and check the Use SSL/TLS
check box. Than Click OK.
KM - Configure SSL via MFP panel

If you did not set OpenAPI and TCP Socket settings via the MFP's Web interface, use the MFP's panel to
set them as follows:
YSoft SafeQ 5 1238

February 03, 2016

YSoft SafeQ 5 1239

February 03, 2016
Touch SSL/Port Settings.
Select settings as described below; then touch OK.
YSoft SafeQ 5 1240

February 03, 2016
SSL Setting – SSL Only

Port No. – 50001
Port Number (SSL) – 50003
Return to Administrator Settings as follows: Touch Close twice or select Administrator Settings from the
menu on the left.
Touch option 5, Network Settings.
Touch the Forward button to go to the second page of Network Settings.
Touch option 1, TCP Socket Settings.
YSoft SafeQ 5 1241

February 03, 2016
Touch option 1, TCP Socket.
Change the selection to On; then touch OK.
KM - Configure switches
Please note, that this change is required for multilevel billing codes selection on KM devices from
product lines older than Zeus. If you are using Zeus product line or newer device, do not
change the default value of switch No. 25.
Follow these steps to set right value of switch No. 25
NOTE: No. 25 is just general name of this switch, please contact your Konica Minolta distributor to tell you
the appropriate equivalent of the switch name for your specific MFP.
1.
YSoft SafeQ 5 1242

February 03, 2016
1. Touch Service Mode > System 2 > Software switch settings

your specific MFP, contact your Konica Minolta distributor.
2. Touch Switch No.
3. Enter 25 (or switch number which is the equivalent to SW 25)
4. Touch HFX Assignment
5. Enter the appropriate value (20)
6. Touch Fix
7. Touch End
8. Touch Exit
KM - Configure USB card reader settings

Follow these steps to implement authentication via USB card reader if you want to use authentication with
card reader.
If a card reader willnotbe used,skip toPrint without authentication option.
Connect the USB card reader to the MFP.
Touch Service Mode > Billing Setting > Management Function Choice.
NOTE: For instructions for opening Service Mode with the Management Function Choice option for your
specific MFP, contact your Konica Minolta distributor.
Touch Authentication Device 2.
Touch Card.
On the ID Card Type screen, touch CARD2 (to specify the USB reader); then touch OK. If CARD2 does not
work and come up with an internal error, you have to use CARD1.
KM - Configure Print without authentication option
YSoft SafeQ 5 1243

February 03, 2016
Print without authentication option allows or disables printing of documents, that are sent directly
to the MFP's IP address.
Press the Utility/Counter button. (This is a physical button.)
Tap option 3, Administrator Settings.
Enter the Administrator password for the MFP; then tap OK. (The default is 12345678.)
Tap option 4, User Authentication/Account Track.
Tap option 4, Print without Authentication.
YSoft SafeQ 5 1244

February 03, 2016
Set this option to Allow to enable printing of the documents sent directly to the MFP's IP address. To
disable the printing, set the option to Restrict.
Tap OK to confirm the setting.
Be sure to have your print driver configured correctly according to KM - Configure User
KM - Disable the ID and print option on the MFP

Enter the Administrator password for the MFP; then touch OK. (The default password is 12345678.)
YSoft SafeQ 5 1245

February 03, 2016
Touch option 4, User Authentication/Account Track.
Touch option 2, User Authentication Settings.
Touch option ID & Print Settings.
Select options as described below; then touch OK.
YSoft SafeQ 5 1246

February 03, 2016
ID & Print – OFF

KM - Configure User Authentication and Account Track
Right-click the Konica Minolta MFP; then select Printer properties > Configure.
On the Configure tab, set set ID&Print/User Authentication/Account Track to disable.

Than click to Acquire Settings or Obtain settings
YSoft SafeQ 5 1247

February 03, 2016
Uncheck Auto checkbox

Click OK
Click OK.
YSoft SafeQ 5 1248

February 03, 2016
KM - Install loadable driver

Product Models
lines
Thames C353, C253, C203
Mosel C650, C550, C451
Donau C652, C552, C452
GangesM 501, 421, 361
Amur C360, C280, C220
Taiga 423, 363, 283, 223
LaplataM 751, 601
Citrine C35, MF30-1
TaigaY bizhub 42, bizhub 36, MF42-1, MF36-1
Minerva C754, C654
Zeus C554, C454, C364, C284, C224
Symphony PRESS1250, PRESS1250P, PRESS1052,

PRO951
Thames\Mosel devices
YSoft SafeQ 5 1249

February 03, 2016
Model Thames vs.

Mosel
C353 Thames 1(ti1)
C253 Thames 2(ti2)
C203 Thames 2.5(ti2_5)
C650 Mosel 1(mi1)
C550 Mosel 2(mi2)
C451 Mosel 3(mi3)
Thames/Mosel
Insert CF card(max 256 MB).
Extract Thames/Mosel archive with drivers to disk.
Go to the directory according to the device code name.
Run commant mkcfldr.bat (device code) (CF drive letter) - for example mkcfldr.bat mi2 e:
Turn off the MFP.
Insert the CF card in MFP.
Turn on the MFP.
Wait for driver download.
Turn off the MFP and remove the card.
Turn on the MFP.
Go to service mode and choose.
Set authentication device -> card2.

GangesM/LaplataM
Copy LoadableDeviceDriverROM directory to the root of USB flash disk.
Insert the flash disk to the MFP.
Enter the Service Mode.
Press the [System 2] in "Service mode screen".
Press [ISW].
Press the [Board Type Selection].
Select [Lodable Device Driver] and press [OK].
YSoft SafeQ 5 1250

February 03, 2016
Press the [File Selection].
Select the relevant firmware version and press [OK].
Press Execute.
Press Start.
Check to see the message "ISW was completed."

Amur
Copy "A0EDFW.tar" to the root directory of a USB flash drive.
Insert the USB flash drive into the USB port at the rear side of the main body.
panel.
Donau
Copy "A0P0FW.tar" to the root directory of a USB flash drive.
panel.
Taiga
Copy "A1UDFW.tar" to the root directory of a USB flash drive.
panel.
KM - Configure IPP and IPPSSL
This topic describes how to configure IPP/IPPSSL on Konica-Minolta printers.
YSoft SafeQ 5 1251

February 03, 2016
Configuration of IPP and IPPSSL

This configuration is required for using IPP and IPPSSL.
Number Description
1. Login MFP's web interface as administrator
2. Navigate to Network tab
3. Continue to IPP Setting
4. Enable IPP Setting option

Enable Accept IPP job option
Configuration of IPP over SSL

This configuration is required for using IPPSSL.
Number Description
1. Navigate to Security tab
2. Continue to PKI Settings > Device Certificate Setting
3. Use New Registration button
4. Select Request a Certificate option > OK
5. Insert a details of your organization > OK
6. A message: Certificate Request was successful is displayed > OK
7. Copy or Save a Certificate Signing Request Data and insert them to your certification authority
8. Create a certificate on your certification authority
9. Continue on Security tab > PKI Settings > Device Certificate Setting
10. Select your Requesting Certificate and press Setting button
11. Use Install a Certificate option > OK
YSoft SafeQ 5 1252

February 03, 2016
Number Description
12. Add certificate from your certification authority (the certificate you have created in step 8) > Press
Install button
13. A message with the result of installation will be displayed
14. Continue to PKI Settings > SSL Setting
15. Set Mode using SSL/TLS to Admin. Mode and User Mode
Set Encryption Strenght to enctyption which you use (if you are not sure which encryption use, set
attribute to AES-256, 3DES-168, RC4-128, DES-56, RC4-40)
KM - Recommended settings
OpenAPI Certificate Verification Level Settings - Validity Period
When user authenticates with invalid credentials (invalid card, invalid PIN) and the setting of Validity Period
is configured to Confirm, it will take 1 minute until the information about invalid credentials is displayed.
Recommended setting: OpenAPI > Validity period = Do not confirm
1. Navigate to MFP web interface

2. Login as administrator
3. Navigate to Network > OpenAPI setting
4. Configure Certificate Verification Level Settings > Validity Period = Do not confirm
CONFIGURING XEROX EIP FOR YSOFT SAFEQ EMBEDDED TERMINAL
General MFP Configuration
There are two types of Xerox MFP integration in SafeQ.
XEROX OFFICE (EIP, XSA, JBA)

YSoft SafeQ Xerox Terminal Embedded is implementation of YSoft Terminal Professional in Xerox
devices supporting a combination of EIP, XSA and JBA technologies, allowing usage of embedded
accounting and GUI.
YSoft SafeQ 5 1253

February 03, 2016
Terminal is integral and inseparable part of the YSoft SafeQ Server solution and operates only when
connected to the server. Terminals work within the TCP/IP enabled networks only.
XEROX OFFICE (JBA ONLY)
JBA – Xerox technology for job tracking and accounting directly on the MFP in the form of precise
activity logs (copying, printing, scanning). These logs can be later on (in certain time intervals) pulled
from the MFP and processed by SafeQ accounting system. Therefore, the accounting data as well as
entries in the job list (prints, copies and scans) are not available in SafeQ immediately upon job
completion (as opposed to standard "online" and "offline" SafeQ accounting), but later on as the MFPs
are queried for accounting data (logs).
Printing: print jobs do not pass through SafeQ Server: users submit their prints directly to the IP
address of the MFP, effectively bypassing SafeQ server. Therefore, there is no secured printing
available and no Print roaming (as well as all other features provided specifically by SafeQ Terminal
Professional).
Copying: user authentication is performed on the built in MFP interface (no SafeQ Terminal). User
authenticates using login name and pin.
Scanning: same as for copying.
There are two different implementations, Onbox and Offbox:
Onbox – database with user logins and pins is uploaded to the device during MFP installation
(from SQ web interface). Then, during user authentication, the login and pin is checked locally
against the MFP user database.
Offbox – user logins and passwords are not stored on the machine, but are checked during the
authentication against the Web service, which communicates with DS and SafeQ.
Tested Devices
This part describes first how to configure Xerox MFP in general; then particular MFPs are discussed
more in details. You need to configure each device first in order to communicate with SafeQ.
Xerox MFP Firmware
Xerox ColorQube® 8700 FW 071.160.223.04200+ see Xerox multifunction printers

/8900 built on ConnectKey
Xerox ColorQube® 9201 FW 060.050.009.30823 (rechecked see Xerox multifunction printers

/9202/9203 against FW 061.050.225.10300) built on Endeavor and Xerox
ColorQube 92xx Configuration
Differences
Xerox ColorQube® FW 071.180.203.23400+ see Xerox multifunction printers

9300 series built on ConnectKey and Xerox
ColorQube 93xx Configuration
Differences
YSoft SafeQ 5 1254

February 03, 2016
Xerox Phaser 3635 - see Xerox Multifunction Printers

with Samsung controller
Xerox WorkCentre® FW 1.207.8 see Xerox WorkCentre 52xx EIP

5222/25/30 Configuration
Xerox WorkCentre® FW 1.201.2 see Xerox multifunction printers

5325/5330/5335 with Fuji Xerox controller
Xerox WorkCentre® FW 025.054.060.00035 validated see Xerox multifunction printers

5632/38/45/55/65/75/87 against 025.054.065.00260, Note: built on Endeavor
This is the Single board controller
(SBC) FW version, For the Multi-
board (MBC) replace the 025.054
with 021.120)
Xerox WorkCentre® 071.190.103.23400+ see Xerox multifunction printers

5800 series built on ConnectKey
Xerox WorkCentre® - see Xerox multifunction printers

6400 built on Endeavor
Xerox WorkCentre® System FW 061.130.220.35400, see Xerox WorkCentre 57xx

5700 series Controller FW 061.130.32701 Configuration Differences

7120/25 with Fuji Xerox controller
Xerox WorkCentre® System FW 75.3.1, Controller + PS see Xerox WorkCentre 74xx EIP
7425/7428/7435 ROM 1.222.18 updated based on Configuration
System FW 75.14.43
Xerox WorkCentre® FW 071.030.103.23400+ see Xerox multifunction printers

7200 series (7220 built on ConnectKey
/7225, but not 7228
/7235/7245)

7500 series built on Endeavor

7800 series built on ConnectKey
Xerox D95, D110, D125 similar to Xerox multifunction

printers with Fuji Xerox controller

7600 series built on Endeavor and Xerox
WorkCentre 76xx Configuration
Differences
YSoft SafeQ 5 1255

February 03, 2016
General Notes
Supposed you are configuring new MFP with default settings. If you are configuring older device with
lot of customized settings, it may be useful to reset it to factory defaults first.
Most settings can be configured via internal web page of MFP with administration interface. Web
interface of each device can be different, depending on device model. Language of the interface is
mostly controlled by preferred language setting of the browser. Note that support of various browsers
can differ between particular MFPs. To enter web interface, insert <MFP IP> to the browser address
bar (you will be connected to http or https page based on MFP's current setting).
Default credential (As described in Xerox Admin Guides) is login: admin, password: 1111. For
some devices, default login: 11111, password: x-admin.
It is often referred to SMTP community in this guide – by this, it is always mean SMTP Write
community.
Newer devices support Self Address Assignment – it is recommended to turn this feature off
Xerox multifunction printers built on ConnectKey

The following multifunction printers built on ConnectKey™ have been already certified.
WorkCentre® 5845/5855/5865/5875/5890
WorkCentre® 7200 Series
WorkCentre® 7800 Series
WorkCentre® 7970
YSoft SafeQ 5 1256

February 03, 2016
ColorQube® 8700/8900
ColorQube® 9300 Series (FW 071.180.203.05401+)
This manual was created based on Xerox WorkCentre 7835 and should be applicable to most MFPs
built on ConnectKey™, although slight differences may occur.
Before installation of YSoft SafeQ Embedded Terminal

Time settings
FTP mode
Include username with validation request
Scan services for scanning with workflows
SNMP settings
After installation of YSoft SafeQ Embedded Terminal
Accounting workflows, User Accounting Prompts, Validation for Accounting Codes
Extensible Service Browser
User Permissions Roles
Convenience Authentication
Job Limits

Time settings
Go to the Properties tab > General Setup > Date and Time.
Make sure to set the time to match the YSoft SafeQ server time or specify automatic time configuration
via NTP server.
FTP mode
Go to the Properties tab > Connectivity > Setup. Click Edit in the FTP/SFTP Filling row, and then set the
Mode to Active.
YSoft SafeQ 5 1257

February 03, 2016

Go to the Properties tab > Services > Workflow Scanning > Validation Options. Enable the Include
User Name with validation request option.

You will need to enable Scan Template management in device configuration for scanning with workflows
later.
Go to the Properties tab > Services > Printing > Printing Web Services and then enable the options
Scan Template Management and Scan Extensions. Also make sure that Xerox Secure Access and
Authentication & Authorization Configuration are enabled:
YSoft SafeQ 5 1258

February 03, 2016
You might also want to check that the Confirmation Sheets for Scanning Workflows are set to print only in
case of an error. Otherwise, there might be a page printed every time someone uses the Scan option in
YSoft SafeQ terminal.
Go to the Properties tab > Services > Workflow Scanning > General Settings. Set Confirmation Sheet
to Errors Only.
YSoft SafeQ 5 1259

February 03, 2016
SNMP settings
Go to the Properties tab > Connectivity > Setup. Click Edit in the SNMP row, and then enable the option
Enable SNMP v1/v2c Protocols.
On the same page click Edit SNMP v1/v2c Properties. Set the Community Name (Read / Write)
accordingly:
YSoft SafeQ 5 1260

February 03, 2016
Proceed with the MFP installation in SafeQ to complete the installation of YSoft SafeQ Embedded
Terminal. Check the installation status and installation steps.
If there are some warnings present during the installation, you will need to do some further settings of
the MFP based on the messages you see. In that case the following information should help you with
configuration of your Xerox MFP.
These settings are necessary only if requested by the Embedded Terminal installation or if some
customization of configuration is requested.
Accounting workflows, User Accounting Prompts, Validation for Accounting Codes

Go to the Properties tab > Login/ Permissions/ Accounting > Accounting methods
Then, you have to configure the Accounting workflows, User Accounting Prompts and Validation for
Accounting Codes. Click the respective Edit buttons.
YSoft SafeQ 5 1261

February 03, 2016
Accounting Workflows:
Please note note that there are two possible configurations depending on selected features. When
payments are used, Pre-Authorization and Capture Usage has to be used. In other cases, Capture
Usage has to be used. (Please note, that without payments, the Pre-Authorization will cause a malfunction.
For example, selecting copy function and starting copying will do the scanning part of the process but then
MFP will wait for user verification).
Payments are used.
Standard configuration.
YSoft SafeQ 5 1262

February 03, 2016
User Accounting Prompts:
Validation for Accounting Codes:
YSoft SafeQ 5 1263

February 03, 2016

Go to the Properties tab > General Setup > Extensible Service Setup. Enable the Extensible Services
Browser option and Export password to Extensible Services option.

Go to the Properties tab > Login / Permissions / Accounting > User Permissions. In the User
Permissions Roles row click Edit.
On the Non-Logged-In Users tab click Edit to edit Non-Logged-In User role.
If you use device authentication mode To device, on the Services & Tools tab check that the Role State of
the Services Pathway is set to Not Allowed.
YSoft SafeQ 5 1264

February 03, 2016
You can configure Machine Status Pathway and Job Status Pathway locks freely.
If you use device authentication mode To each application, set the options accordingly. Note that for
some WorkCentre models, it is necessary to use only Per application settings for proper functionality.
YSoft SafeQ 5 1265

February 03, 2016
Go to the Properties tab > Login/ Permissions/ Accounting > Login Methods. Then click Edit next to
Convenience Authentication Setup.
YSoft SafeQ 5 1266

February 03, 2016
On Convenience Authentication Setup page, check that Accounting Information are applied
automatically. It can be modified by selecting Automatically apply Accounting Codes from the server.
Job Limits
To enable Job Limits service, go to the Properties tab > Services > Printing > Printing Web Services
and select the check box for Job Limits. Click Apply.
YSoft SafeQ 5 1267

February 03, 2016
Xerox ColorQube 93xx Configuration Differences

For complete configuration guide see Xerox multifunction printers built on ConnectKey.
This document has been created based on Xerox WorkCentre ColorQube 9303 (FW 072.180.104.14800
)
Enabling Network accounting

Go to Service menu on the embedded terminal Tools> Accounting Settings >Accounting Mode
Set Accounting Mode to Network Accounting and then use *Customize Prompts*
YSoft SafeQ 5 1268

February 03, 2016
Set Customize User Prompts to Display No Prompts and use Save
Xerox multifunction printers built on Endeavor

The following multifunction printers built on Endeavor™ have been already certified:
WorkCentre® 5632/5638/5645/5655/5665/5675/5687
WorkCentre® 6400
WorkCentre® 7525/7530/7535/7545/7556
built on Endeavor™, although slight differences may occur. Please note additional documents for the 56xx,
57xx and 76xx.

Time settings
YSoft SafeQ 5 1269

February 03, 2016
Network Accounting
FTP mode
Web Services for Devices
SNMP settings
USB Card Reader settings
Job Limits

Time settings
Go to the Properties tab > General Setup > Date and Time.
Make sure to set the time to match the YSoft SafeQ server time or specify automatic time configuration
via NTP server.
Network Accounting
Go to the Properties tab > Accounting > Setup and click on Edit...
On some older firmwares this menu is not available and Network accounting must be set using a device
panel.
YSoft SafeQ 5 1270

February 03, 2016
Then choose Network accounting and save the changes.
Then go to User Accounting Prompts / Validation.
Choose to Display Prompts for labels, disable validation and enable Prompting for All Services
YSoft SafeQ 5 1271

February 03, 2016
FTP mode
Go to the Properties tab > Connectivity > Protocols > FTP/SFTP Filing. Set the Mode to Active and
click Apply.
YSoft SafeQ 5 1272

February 03, 2016
Go to the Properties tab > Services > Custom Services > Validation Options. Enable the Include User
Name with validation request option.
Web Services for Devices

Go to the Properties tab > Connectivity > Protocols > WSD and enable the Web Services for Devices.

You will need to enable Scan Template management in device configuration for scanning with workflows
later.
Go to the Properties tab > Connectivity > Protocols > HTTP > Web Services and then enable the options
Scan Template Management and Scan Extensions.
YSoft SafeQ 5 1273

February 03, 2016
You might also want to check that the Confirmation Sheets for Scanning Workflows are set to print only in
case of an error. Otherwise, there might be a page printed every time someone uses the Scan option in
YSoft SafeQ terminal.
YSoft SafeQ 5 1274

February 03, 2016
Go to the Properties tab > Services > Workflow Scanning > General. Set Confirmation Sheet to Errors
Only.
SNMP settings
Go to the Properties tab > Connectivity > Protocols > SNMP. Enable the option Enable SNMP v1/v2c
Protocols. Click Apply and continue to Edit SNMP v1/v2c Properties.
YSoft SafeQ 5 1275

February 03, 2016
Set the Community Name (Read / Write) accordingly:
USB Card Reader settings

Go to the Properties tab > Security > Authentication > Setup > Xerox Secure Access Setup, click on
Manually Override Settings on the bottom of the page and make the configuration according to the picture
below:
YSoft SafeQ 5 1276

February 03, 2016
Save the settings and check whether your card reader is supported.
You may need to reload the page after some time to see the proper status of the card reader.
YSoft SafeQ 5 1277

February 03, 2016
If there are some warnings present during the installation, you will need to do some further settings
based on the messages.

Go to the Properties tab > General Setup > Extensible Service Setup. Enable the Extensible Services
Browser option and Export password to Extensible Services option. (You can also check that Verify
server certifcates is disabled.)
YSoft SafeQ 5 1278

February 03, 2016

Go to the Properties tab > Security > Authentication > Tools & Feature Access. Select Custom
Access.
If you use device authentication mode To device, on the Services & Tools tab check that the Role State of
the Services Pathway is set to Not Allowed.
You can configure Machine Status Pathway and Job Status Pathway locks freely.
YSoft SafeQ 5 1279

February 03, 2016
If you use device authentication mode To each application, set the options accordingly. Note that for
some WorkCentre models, it is necessary to use only Per application settings for proper functionality.
YSoft SafeQ 5 1280

February 03, 2016
Go to the Properties tab > Security > Authentication > Setup > Xerox Secure Access Setup, click on
Manually Override Settings on the bottom of the page.
YSoft SafeQ 5 1281

February 03, 2016
Check that Accounting Information is applied automatically. It can be modified by selecting Automatically
apply Accounting Codes from the server
Job Limits
Some devices may not support this feature.
This setting is necessary only if you are using the Payments feature of the YSoft SafeQ Embedded
Terminal.
YSoft SafeQ 5 1282

February 03, 2016
To enable Job Limits service, go to the Properties tab > Accounting > Setup and click Edit next to the Job
Limits item. Select the check box for Job Limits. Click Apply.
Xerox ColorQube 92xx Configuration Differences

For complete configuration guide see Xerox multifunction printers built on Endeavor.

Go to Service menu on the embedded terminal Tools> Accounting Settings >Accounting Mode
YSoft SafeQ 5 1283

February 03, 2016
Set Accounting Mode to Network Accounting and then use *Customize Prompts*
Set Customize User Prompts to Display No Prompts and use Save
YSoft SafeQ 5 1284

February 03, 2016
Xerox WorkCentre 56xx Configuration Differences

This document has been created based on Xerox WorkCentre 5655 (FW 025.054.060.00035)
Setting Date and time (on the 56xx series this is set form the local UI).
Log on the device as admin and access the tools menu. Select System Settings.
Select Time and Date
YSoft SafeQ 5 1285

February 03, 2016
Select Greenwich Mean Time Offset and set the time zone.
YSoft SafeQ 5 1286

February 03, 2016
Select Date and Time and set the values.
Make sure that you set both date and time before selecting reboot.
Once all values are set, select the Reboot button

Disable Xerox Standard Accounting: Properties > Accounting > Xerox Standard Accounting >
Enablement .
YSoft SafeQ 5 1287

February 03, 2016
Go to Service menu on the embedded terminal Access and Accounting
Go to the Authentication Mode
Set Network Accounting on
YSoft SafeQ 5 1288

February 03, 2016
Go to the Network Accounting Setup
Go back and use Network Accounting Authentication
Disable Network Accounting Authentication Setup
YSoft SafeQ 5 1289

February 03, 2016
Go back and use Network Accounting Login Display Mode
Set Network Accounting Login Display Mode to Display User ID Details and Display Account ID
Details
Xerox WorkCentre 57xx Configuration Differences

This document has been created base on Xerox WorkCentre 5755 (System FW 061.130.220.35400, Net
Controller FW 061.130.32701)
YSoft SafeQ 5 1290

February 03, 2016
Disable Xerox Standard Accounting: Properties > Accounting > Xerox Standard Accounting >
Enablement .
Go to Service menu on the embedded terminal Tools > Accounting Settings > Authentication
Set Network Accounting – on
YSoft SafeQ 5 1291

February 03, 2016
Go to the Network Accounting Setup
Select Network Accounting Authentication
YSoft SafeQ 5 1292

February 03, 2016
Disable Network Accounting Authentication Setup
Go back and use Network Accounting Login
YSoft SafeQ 5 1293

February 03, 2016
Set Network Accounting Login Display Mode to Display User ID Details and Display Account ID
Details
Xerox multifunction printers with Fuji Xerox controller

The following multifunction printers with Fuji Xerox controller have already been certified.
WorkCentre® 7120
YSoft SafeQ 5 1294

February 03, 2016
WorkCentre® 5335
with Fuji Xerox controller, although slight differences may occur.

Network Accounting
Time configuration
FTP
Extensible Service Setup
SNMP
Scan Services
Apply accounting codes
USB Card Reader
Device and Service Access

Network Accounting
This option may not be present on your MFP.
Go to the Properties tab > Accounting > Accounting Configuration and configure accounting according
to the image below.
Time configuration
YSoft SafeQ 5 1295

February 03, 2016
At the printer control panel, press the Machine Status button and switch to the Tools tab. Then touch
System Settings > Common Service Settings > Machine Clock/Timers.
FTP
Go to the Properties tab > Connectivity > Port Settings > FTP and enable the FTP Client.
Go to the Properties tab > Connectivity > Protocols > FTP and set Transfer Mode to Active Mode.
Click Apply.
Extensible Service Setup

You will need to enable plug-in support in General Setup > Extensible Service Setup > Edit
YSoft SafeQ 5 1296

February 03, 2016
Then you can enable all extensible services: Scan Services, Security, Remote System Management
Once you apply the changes set above, navigate back to the Extensible Service Setup page and enable
Export password to Extensible Services and Enable the Extensible Services Browser. Apply the
configuration changes.
YSoft SafeQ 5 1297

February 03, 2016
SNMP
You will later need to fill proper SNMP community in device configuration. You can check current MFP
setting under Properties > Connectivity > Protocols > SNMP Configuration > Edit SNMP v1/v2c
Properties .
In device configuration, corresponding Community Name (Read / Write) has to be filled
YSoft SafeQ 5 1298

February 03, 2016
Scan Services
You will need to enable Scan Template management in device configuration for scanning with workflows.
Then you need to enable scan accounting in Accounting > Accounting Configuration > Auditron Mode*.
YSoft SafeQ 5 1299

February 03, 2016
Apply accounting codes

This option may not be present on your MFP.
Go to the Properties tab > Security > Remote Authentication Servers > Xerox Secure Access Settings
and enable Get Accounting Code. Click Apply.
USB Card Reader
YSoft SafeQ 5 1300

February 03, 2016
You will need to enable plug-in support in Security > Plug-in Settings > Plug-in Settings.
Please note that you can obtain the plug-in from Xerox, Y Soft Group has no rights for its distribution.
Then you can upload a new plug-in in Security > Plug-in Settings > List of Embedded Plug-ins.
YSoft SafeQ 5 1301

February 03, 2016
Choose path to file with the plug-in and upload it to the printer.
Successful plugin installation and activation can be verified in Security > Plug-in Settings > List of
Embedded Plug-ins in Status column.
YSoft SafeQ 5 1302

February 03, 2016

User access rights must be configured globally (only if LDAP is properly set-up, user logins/aliases can be
used for per group access rights, but it still has to be configured manually per device).
Go to the Properties tab > Security > Authentication Configuration and click Next.
Configure the Device Access and Service Access.
YSoft SafeQ 5 1303

February 03, 2016
For Device Access:

a) If you chose device authentication mode To device, make sure that Services Pathway is locked.
b) If you chose device authentication mode To each application, make sure that Services Pathway is
unlocked.
In both cases you can configure locks on other services freely.
For Service Access:

a) If you chose device authentication mode To device, there are no settings to do here
b) If you chose device authentication mode To each application, make sure that YSoft SafeQ is locked,
other services may be unlocked.
YSoft SafeQ 5 1304

February 03, 2016
Xerox Multifunction Printers with Samsung controller

The following multifunction printers with a Samsung controller have already been certified.
Phaser 3635 (reviewed against Firmware version 20.105.47.000 June 2015)
This manual was created based on Xerox Phaser 3635 and should be applicable to most MFPs with
Samsung controller, although slight differences may occur.

Time configuration
Custom Services
SSL
Network Accounting
Authentication
SNMP
USB Card Reader

Time configuration
At the printer control panel, press the Machine Status button and switch to the Tools tab. Note: you my
need to be logged on as the devise Admin account to perform these settings. Then touch Device Settings
> Common Service Settings > Machine Clock/Timers.
YSoft SafeQ 5 1305

February 03, 2016
Custom Services
YSoft SafeQ 5 1306

February 03, 2016
Go to the Properties tab > Services > Custom Services and do the following settings:
SSL
Create a new secure certificate and enable SSL.
Go to the Properties tab > Security > Machine Digital Certificate and check Installed Certificates. When
a certificate is not created, create new Self signed certificate.
Then go to Connectivity > Protocols > HTTP and enable the SSL.
YSoft SafeQ 5 1307

February 03, 2016
Note that you have to reload the page after you enable SSL if it was disabled before. Next time, you will be
redirected to secured page (https). Also remember you have to recreate the certificate if you change the IP
address of the device, as the certificate is IP-relative.
Network Accounting
Go to MFP panel and log in as admin, then go to Tools > Accounting > Accounting Enablement >
Authentication Mode, choose Network Accounting and save the settings.
Then go to Network Accounting Setup > Network Accounting Authentication and Disable
authentication.
Save all values and log out from the menu.

Authentication
Go to the Properties tab > Security > Authentication > Authentication > and choose Require Network
Authentication and other required options:
YSoft SafeQ 5 1308

February 03, 2016
SNMP
setting under the Properties tab > Connectivity > Protocols > SNMP.
YSoft SafeQ 5 1309

February 03, 2016
Click Edit and set community names accordingly:
Scan Services
Go to the Properties tab > Services > Network Scanning > Scan Template Management and select the
enabled check-box.
YSoft SafeQ 5 1310

February 03, 2016
USB Card Reader

Go to the MFP panel and log in as admin, then go to Tools > User Interface > General > SFO and enable
35 and save.
This feature is unavailable on this MFP.
Xerox WorkCentre 52xx EIP Configuration
This document has been created based on Xerox WorkCentre 5230 (FW 1.207.8)
At Glance
Enabling JBA ("Network accounting")
YSoft SafeQ 5 1311

February 03, 2016
Checking enabled features

Configuring Xerox Secure Access
SNMP Community setting
Scan Services
Post-installation checks and additional settings
If JBA technology is required for accounting (you are using MFP specific accounting instead of
SNMP or job analysis accounting), it must be turned on.
Furthermore, for Onbox and Offbox user verification has to be set on (otherwise, it has to be set off).
Enable Network Accounting: Properties > Accounting > Accounting Configuration
Enable Custom Services: Properties > Services > Custom Services > *Custom Services
YSoft SafeQ 5 1312

February 03, 2016
Xerox device may come with many options disabled by factory settings. Please ensure following
options are enabled:
FTP: Properties > Connectivity > Protocols > FTP
Check Export User validation: Properties > Services > Custom Services > Validation Options >
Enable Export User Name
YSoft SafeQ 5 1313

February 03, 2016
Xerox secure access: Properties > Security > Remote Authentication Services > Xerox Secure
Access Settings .
Properties .
YSoft SafeQ 5 1314

February 03, 2016
In device configuration, corresponding Community Name (Read / Write) has to be filled
Scan Services
You will need to enable Scan Template management in device configuration for scanning with
workflows later. You can check current MFP setting under Properties > Connectivity > Protocols >
HTTP . Scan Template Management and Scan Extensions should be enabled (You can check also
Security setting – Xerox Secure Access and Authentication & Authorization Configuration).
YSoft SafeQ 5 1315

February 03, 2016
YSoft SafeQ 5 1316

February 03, 2016
4.9.2 POST-INSTALLATION CHECKS AND ADDITIONAL SETTINGS
User access rights must be configured globally (only if LDAP is properly set-up, user logins/aliases
can be used for per group access rights, but it still has to be configured manually per device).
Authentication mode: Properties > Security > Authentication Configuration
Check current settings and click Next.
Click on "Configure..." button for Service Access.
Click on "next" button for Service Access (on previous page).

a) If you chose device authentication mode To device, make sure that all services are locked.
b) If you chose device authentication mode To each application, make sure that YSoft SafeQ is
locked, other services may be unlocked.
YSoft SafeQ 5 1317

February 03, 2016
In case you change title of your application and reinstall the embedded terminal, the YSoft
SafeQ application can get unlocked. In that case, please lock the application again manually.
Xerox WorkCentre 74xx EIP Configuration
This document has been created based on Xerox WorkCentre 7435 (System FW 75.3.1,
Controller + PS ROM 1.222.18) and updated based on System FW 75.14.43
At Glance

Scan Services
Post-installation checks and additional settings
If JBA technology is required for accounting (you are using MFP specific accounting instead of SNMP
or job analysis accounting), it must be turned on.
Furthermore, for Onbox and Offbox user verification has to be set on (otherwise, it has to be set off).
Enable Network Accounting: Properties > Accounting > Accounting Configuration and Customize
User Prompts
Match the settings in the screenshot below and select Apply. Select reboot.
YSoft SafeQ 5 1318

February 03, 2016
Hide mask for login screen: Properties > Accounting > Accounting Login Screen Settings
Xerox device may come with many options disabled by factory settings. Please ensure following
options are enabled:
FTP: Properties > Connectivity > Port Settings> FTP Client
Make sure proper settings are applied, select Apply. Select reboot.
YSoft SafeQ 5 1319

February 03, 2016
Check Export User validation: Properties > Services > Custom Services > Validation Options >
Enable Export User Name
Match the settings in the screenshot below and select Apply. Reboot not required.
Xerox secure access: Properties > Security > Remote Authentication Services > Xerox Secure
Access Settings (texts illustrate situation before SafeQ Embedded Terminal installation).
YSoft SafeQ 5 1320

February 03, 2016
Properties
YSoft SafeQ 5 1321

February 03, 2016
In device configuration, corresponding Community Name (Read / Write) has to be filled .
Scan Services
YSoft SafeQ 5 1322

February 03, 2016
You will need to enable Scan Template management in device configuration for scanning with
workflows later. You can check current MFP setting under Properties > General Setup > Extensible
Service Setup. Export password and Enable the Extendable Services Browser should be enabled
.
Edit Extensible Services Setup. Scan Template Management and Scan Extensions should be
enabled .
YSoft SafeQ 5 1323

February 03, 2016
Proceed to MFP installation in SafeQ (Page ) to complete the installation in SafeQ.
YSoft SafeQ 5 1324

February 03, 2016
4.9.3 POST-INSTALLATION CHECKS AND ADDITIONAL SETTINGS
User access rights must be configured globally (only if LDAP is properly set-up, user logins/aliases
can be used for per group access rights, but it still has to be configured manually per device).
Authentication mode: Properties > Security > Authentication Configuration
Check current settings and click Next.
Click on "Configure..." button for Service Access.
Click on "next" button for Service Access (on previous page).

a) If you chose device authentication mode To device, make sure that all services are locked.
YSoft SafeQ 5 1325

February 03, 2016
b) If you chose device authentication mode To each application, make sure that YSoft SafeQ is
locked, other services may be unlocked.
In case you change title of your application and reinstall the embedded terminal, the YSoft
SafeQ application can get unlocked. In that case, please lock the application again manually.
Xerox WorkCentre 4265 EIP Configuration
This document has been created using WorkCentre 4265
You must enable Network accounting using Network Accounting Kit 098S04928
At Glance
Enabling SSL
Time settings:
Disable Device Start-Up Page and Banner Page
YSoft SafeQ 5 1326

February 03, 2016
Configuring global user access

After installation - access check
Enabling SSL
SSL can be enabled and configured only from internal web page of MFP. Create a new secure
certificate and enable SSL.
Go to Properties tab > Security > Machine Digital Certificate and check Installed Certificates. When a
certificate is not created, create new Self signed certificate.
Select Self Signed Certificate en order to Establish a Self Signed Certificate on this machine
YSoft SafeQ 5 1327

February 03, 2016
Fill in the company information and set the days of validity to max and press Apply
Then go to Properties tab >Connectivity > Protocols > HTTP and enable SSL
Note that you have to reload the page after you enable SSL if it was disabled before. Next time, you will be
redirected to secured page (HTTPS). Also remember you have to recreate the certificate if you move the
device to another IP as the certificate is IP relative.
Turn on the Network Accounting (formerly called JBA) technology if you are using MFP specific
accounting instead of SNMP or job analysis accounting.
It is also required for On-box and Off-box user verification (otherwise, it has to be turned off)
YSoft SafeQ 5 1328

February 03, 2016
Go to the Properties tab > Login/ Permissions/ Accounting > Accounting method and select Network
Accounting
Then you have to configure the Accounting workflows, User Accounting Prompts and Validation for
Accounting Codes. Click the respective Edit buttons.
Accounting Workflows:
Note that if settings other than Capture Usage will cause a malfunction. For example, selecting copy
function and starting copying will do the scanning part of the process but then MFP will wait for user
verification.
YSoft SafeQ 5 1329

February 03, 2016
User Accounting Prompts:
Validation for Accounting Codes:
Time settings:
The device time setting should be the sane as the Y Soft SafeQ server
Go to the Properties tab > General Setup > Date and Time. Make sure to set the time to match the Y Soft
SafeQ server time or specify automatic time configuration via NTP server.
YSoft SafeQ 5 1330

February 03, 2016

You will later need to fill proper SNMP community in device configuration.
Go to the Properties tab > Connectivity > Protocols > SNMP. Enable SNMP and the Click Edit in the Edit
SNMP properties row.
Set the Community Name (Read / Write) accordingly:
YSoft SafeQ 5 1331

February 03, 2016

Xerox device may come with many options disabled by factory settings. Go to template
Management Services: Properties > Services > Web services
Please ensure following options are enabled:
YSoft SafeQ 5 1332

February 03, 2016
Custom Services: Properties > General Setup > Extensible Service Setup
Scan Confirmation Sheet :
You might also want to check that the Confirmation Sheets for Scanning Workflows are set to print
only in case of an error. Otherwise, there might be a page printed every time someone uses the
Scan option in YSoft SafeQ terminal.
Go to the Properties tab > Services > Workflow Scanning > Confirmation Report Override
Confirmation Report Override to Errors Only.
YSoft SafeQ 5 1333

February 03, 2016
Disable Device Start-Up Page and Banner Page

Disable the Device Start-Up Page
Go to the Properties tab > Services > Printing and set Device Start-Up Page to Disabled
Disable the Banner Page
Go to the Properties tab > Services > Printing and set Banner Page to Disabled
Configuring global user access

Configure the Convenience Authentication settings:
Go to the Properties tab > Login/ Permissions/Accounting > Login Methods and select Convenience
Authentication.
Also enable User can login at device if card is not available.
YSoft SafeQ 5 1334

February 03, 2016
Configure User Permissions Roles:

Go to the Properties tab > Login/ Permissions/ Accounting > User Permissions. Click the yellow
pen Edit icon in the Non-Logged-In (Guest) User Role .
In manage Permissions set the permissions so that all Services Pathway options are set to Not Allowed.
YSoft SafeQ 5 1335

February 03, 2016
Go ahead and finish the installation as described in Installing YSoft SafeQ Embedded Terminal for Xerox
EIP, then come back to do the next settings
After installation - access check
After you have installed the Y Soft SafeQ Embedded Terminal, you can check that Convenience
Authentication is set correctly:
Go to the Properties tab > Login/ Permissions/ Accounting > Login Methods.
Then Click the yellow pen Edit icon next to Convenience Authorization Setup .
On Convenience Authentication Setup page, check that Accounting codes are applied automatically. It can
be modified by selecting Automatically apply Accounting Codes from the server.
CONFIGURING RICOH ESA FOR YSOFT SAFEQ EMBEDDED TERMINAL
Follow these steps to configure the MFP to allow installation of YSoft SafeQ Embedded Terminal:
Enable external accounting features of the MFP

1. If the Java VM card is not a built-in part of the MFP's hardware, insert the card into the MFP's lowest
SD slot.
CAUTION: Turn off the MFP before proceeding, to avoid damaging the Java VM card or the MFP.
NOTE: The MFP includes as many as three SD card slots. The lowest slot is reserved for the Java VM
card and firmware update cards. The slot may be covered with a metal or plastic cover, which you must
remove.
YSoft SafeQ 5 1336

February 03, 2016
2. Turn on the MFP. Wait 2 or 3 minutes while Java VM and the default version of the embedded terminal
are installed.
3. On the MFP panel, select the options shown below to activate support for enhanced external charge unit
management: SP mode 5-113-002 to 1.
4. Check that the SP mode 5-113-001 is set to 0 (default value). If not, change it to the default value.
5. Perform a soft restart of the MFP. (On the keypad, press and hold * and # for 10 seconds.)
6. Select System Settings > Administrator Tools > Enhanced External Charge Unit Management ;
then select/deselect options as shown below to enable enhanced external charge unit management to block
Copier, Printer, Document Server, Facsimile and Scanner.
CAUTION: Java™/X must not be blocked.

Setup Key Counter Management
Select System Settings > Administrator Tools > Key Counter Management; then deselect all options
as shown bellow to disable device blocking with blocking cable.
YSoft SafeQ 5 1337

February 03, 2016
Setup user authentication management

Select System Settings > Administrator Tools > User Authentication Management; then turn off User
Authentication Management.
Configuring MFP to print with watermarks in Rule Base Engine

1. Go to the Ricoh MFP web interface (Web Image Monitor)
2. Login as the Machine Administrator
3. Go to Configuration > Printer > Basic Settings
YSoft SafeQ 5 1338

February 03, 2016
4. Change Host Interface > I/O Buffer to 256 KB
CAUTION: RBE Watermark feature is only supported on PS printers
YSoft SafeQ 5 1339

February 03, 2016
Recommended configuration of shared Windows printer used for secure and direct print queue
When you are configuring shared printer for secure print, follow the the recommendations bellow to increase
performance of the driver installed in environment when it´s used for printing on printers with a different
feature configuration. The same recommendations can be applied for direct print as well since there´s no
direct access between the driver and the printer and feature configuration has to be selected manually.
Printer properties - Accessories are configured to support all possible features (Punch unit, Finisher,
etc.)
Printer properties - Accessories - Disable automatically Update Printer Information
Printer properties - Ports - Disable bidirectional settings
Printer properties - Ports - Enable printer pooling to remove Windows print job spooling bottleneck
Ricoh TE - Disable bidirectional support

Overview
Because the print driver has no direct access to any printer, it´s necessary to uncheck Bidirectional support
to prevent a time-out caused by unsuccessful attempt for such communication.
Bidirectional support
Open Devices and Printers, right-click selected Ricoh device and select Printer properties
On the Ports tab, make sure Enable bidirectional support is left unchecked
YSoft SafeQ 5 1340

February 03, 2016
Click OK.
Ricoh TE - Printer Accessories - Printer Information
Overview
Because the print driver has no direct access to any printer, it´s necessary to uncheck Automatically Update
Printer Information to prevent a time-out caused by unsuccessful attempt for such communication.
Automatically Update Printer Information
On the Accessories tab, make sure Automatically Update Printer Information is left unchecked.
YSoft SafeQ 5 1341

February 03, 2016
Ricoh TE - Printer Accessories - supported features

Overview
Because the shared printer might be used for printing on printers with a different feature configuration, it´s
necessary to manually select all possible features in order to support the highest possible configuration
(Punch unit, Finisher etc.). Once it´s done, users will be able to select and use such features on devices
equipped with them.
Supported features
On the Accessories tab, make sure all supported features (Punch unit, Finisher etc.) are checked.
YSoft SafeQ 5 1342

February 03, 2016
CONFIGURING FUJI XEROX APEOS FOR YSOFT SAFEQ EMBEDDED TERMINAL
Requirements:
1. ApeosPort-IV or ApeosPort-V (for more details see HCL - Fuji Xerox and Fuji Xerox(JAPAN))
2. External Access Kit (Web Browser, EBW v4) is enabled (Should be done by Fuji Xerox service
engineer)
3. Proper NVM is set in service mode (Should be done by Fuji Xerox service engineer)
General Notes:
During MFP configuration, MFP sometimes requires reboot. When prompted for reboot, follow the
instruction displayed either on CentreWare Internet Service or on MFP operation panel.
Please make sure that External Access Kit is installed and configured at the MFP!
MFP Configuration:
Configure MFP via operational panel
Login to MFP as a system administrator
Default credential is 11111.
YSoft SafeQ 5 1343

February 03, 2016
Clear job history by deleting all data
Optional operation
System Settings > Common Service Settings > Maintenance > Delete all data
Configure static IPv4 address

System Settings > Connectivity & Network Setup > Protocol Settings
Configure date, time and time zone same as server running SafeQ
System Settings > Common Service Settings > Machine Clock / Timers
Date
Time
Time Zone
Configure NTP settings
Optional settings
NTP time synchronization: On

NTP server address
Minimize waiting time to release print job

Auto Print: 1 Seconds
YSoft SafeQ 5 1344

February 03, 2016
Place Web Application Server 1 on home screen

System Settings > Common Service Settings > Screen / Button Settings > Service Home
Enable auto completion of email address in native scanning application
Optional settings
System Settings > E-mail / Internet Fax Service Settings > E-Mail Control
Add Me to "To" Field

Add Me to "Cc" Field
Configure MFP via CentreWare Internet Service

1 Access to MFP at http://MFP_IP_Address using Web Browser.
Following screen will be displayed. Then click [Properties] tab. Authentication dialog pops up. Type in admin
credentials. (Default credential is username: 11111, password: x-admin)
2 Generate Machine Digital Certificate
Select [ Machine Digital Certificate Management ] >> [Create New Self signed Certificate]
YSoft SafeQ 5 1345

February 03, 2016
Public Key Size: leave it as default.

Issuer: MFP adress (entered by default)
Date of validity:
Click [Apply]
3 Enable SSL/TLS
Go to [Security] >> [SSL/TLS settings]
Enable [HTTP - SSL/TSL Communication]
Click [Apply]
YSoft SafeQ 5 1346

February 03, 2016
NOTE: Please make sure to keep [Verify Remote Server Certificate] disabled. Otherwise, users would
get an error message when opening SafeQ application on the MFP panel due to an untrusted certificate.
4 Verify Secure HTTP(SSL) is enabled (By default it's enabled)
Go to [Connectivity] >> [Protocols]
Check that [Secure HTTP(SSL)] is enabled. If it's not checked, please check it and click [Apply].
YSoft SafeQ 5 1347

February 03, 2016
5 Verify both SOAP and FTP Client are enabled (By default they're enabled)
Go to [Connectivity] >> [Port Settings]
Check that both [SOAP] and [FTP Client] are enabled. If not, please check it and click [Apply].
YSoft SafeQ 5 1348

February 03, 2016
6 Enable SNMP and define SNMP Read/Write community
Go to [Connectivity] >> [SNMP configuration]
Enable [SNMP Port Status].
Enable [SNMP SNMP v1/v2c Protocols].
Click [Edit SNMP v1/v2c properties].
YSoft SafeQ 5 1349

February 03, 2016
Define [Community Name (Read Only] as " public "
Define [Community Name (Read/Write Only] as " private "

Click [Apply]
7 Configure Authentication System (Authentication Agent)

Go to [Security] >> [Authentication System]
Set [Authentication System] to Authentication Agent
Click [Apply]
YSoft SafeQ 5 1350

February 03, 2016
Machine will reboot. Click [reboot Machine]

After ApeosPort will be rebooted, device configuration is complete and you can continue with installing
SafeQ Embedded Terminal.
8 Change Filename Format
In order to use scan workflow feature, perform following steps:

Go to [Services] >> [Scan Services] >> [General]
Change Filename Format option to [img-MDDHHMMSS]
Click [Apply]
YSoft SafeQ 5 1351

February 03, 2016
9 Disable Track Print Jobs with Accounting / Billing device
In order to use direct print feature without authentication to device before print perform following steps:
Go to [Accounting] >> [Accessory settings]
Uncheck/disable option [Track Print Jobs with Accounting / Billing device]
Click [Apply]
Reboot machine to apply changes.
YSoft SafeQ 5 1352

February 03, 2016
CONFIGURING FUJI XEROX WITH XCP FOR YSOFT SAFEQ EMBEDDED TERMINAL
Requirements:
1. ApeosPort-IV or ApeosPort-V (for more details see HCL - Fuji Xerox and Fuji Xerox(JAPAN)) with
eXtensible Customizing Platform (XCP) versions 1.2+
2. External Access Kit (Web Browser, EBW v4) and Customize Extension Kit (XCP, Plug-in) are
installed (Should be done by Fuji Xerox service engineer)
3. Proper NVM is set in service mode (Should be done by Fuji Xerox service engineer)
General Notes:
During MFP configuration, MFP sometimes requires reboot. When prompted for reboot, follow the
instruction displayed either on CentreWare Internet Service or on MFP operation panel.
Please make sure that External Access Kit and Customize Extension Kit are installed and
configured at the MFP!
MFP Configuration:
Configurations via operational panel
1 Login to MFP as a system administrator and go to Tools.
Default credential is 11111.
2 Optional: Clear job history by deleting all data
Go to System Settings >> Common Service Settings >> Maintenance and tap Delete all data
3 Configure static IPv4 address
System Settings >> Connectivity & Network Setup >> Protocol Settings
4 Configure time zone, date and time according to the server running SafeQ
System Settings >> Common Service Settings >> Machine Clock / Timers
YSoft SafeQ 5 1353

February 03, 2016
Time Zone
Date
Time
WARNING: Set these options in the aforementioned order, because the Time Zone setting has effect on
the Time setting.
5 Optional: Configure NTP settings
NTP time synchronization: On

NTP server address
6 M inimize waiting time to release print job
Auto Print: 1 Seconds
7 Place Web Application Server 1 on home screen
System Settings >> Common Service Settings >> Screen / Button Settings >> Service Home
8 Optional: Enable auto completion of email address in native scanning application
System Settings >> E-mail / Internet Fax Service Settings >> E-Mail Control
Add Me to "To" Field

Add Me to "Cc" Field
9 Configure access controlAuthentication / Security Settings >> Authentication >> Access Control...
Device Access to Unlocked

Service Access >> Copy to Locked (Show Icon)
Feature Access >> Color Copying to Locked
NOTE: After uninstallation of the Embedded Terminal from the MFP, these settings need to be set to
Unlocked in order to allow access to the MFP's functions again.
Configurations via CentreWare Internet Service
1 Access to MFP at http://MFP_IP_Address using Web Browser.
Following screen will be displayed. Then click [Properties] tab. Authentication dialog pops up. Type in admin
credentials. (Default credential is username: 11111, password: x-admin)
YSoft SafeQ 5 1354

February 03, 2016
2 Generate Machine Digital Certificate
Select [Machine Digital Certificate Management] >> [Create New Self signed Certificate]
Public Key Size: leave it as default.

Issuer: MFP adress (entered by default)
Date of validity:
Click [Apply]
YSoft SafeQ 5 1355

February 03, 2016
3 Enable SSL/TLS
Go to [Security] >> [SSL/TLS settings]
Enable [HTTP - SSL/TSL Communication]
Click [Apply]
NOTE: Please make sure to keep [Verify Remote Server Certificate] disabled. Otherwise, users would
get an error message when opening SafeQ application on the MFP panel due to an untrusted certificate.
4 Verify Secure HTTP(SSL) is enabled (By default it's enabled)
Go to [Connectivity] >> [Protocols]
YSoft SafeQ 5 1356

February 03, 2016
Check that [Secure HTTP(SSL)] is enabled. If it's not checked, please check it and click [Apply].
5 Verify both SOAP and FTP Client are enabled
Go to [Connectivity] >> [Port Settings]

Check that both [SOAP] and [FTP Client] are enabled. If not, please check them.
NOTE: The port 9100 needs to be disabled only for improving security. You need to enable this port
when performing a FW upgrade.
YSoft SafeQ 5 1357

February 03, 2016
6 Enable SNMP and define SNMP Read/Write community
Go to [Connectivity] >> [SNMP configuration]

Enable [SNMP Port Status].
Enable [SNMP SNMP v1/v2c Protocols].
Click [Edit SNMP v1/v2c properties].
YSoft SafeQ 5 1358

February 03, 2016
Define [Community Name (Read Only] as " public "

Define [Community Name (Read/Write Only] as " private "
Click [Apply]
7 Enable XCP plug-in setting

Go to [Security] >> [Plug-in Settings] >> [Plug-in Settings] and enable [Plug-in Settings].
Click [Apply] and optionally reboot the machine.
YSoft SafeQ 5 1359

February 03, 2016
8 Change Filename Format
In order to use scan workflow feature, perform following steps:

Go to [Services] >> [Scan Services] >> [General]
Change Filename Format option to [img-MDDHHMMSS]
Click [Apply]
9 Disable Track Print Jobs with Accounting / Billing device
In order to use direct print feature without authentication to device before print perform following steps:
Go to [Accounting] >> [Accessory settings]
Uncheck/disable option [Track Print Jobs with Accounting / Billing device]
Click [Apply]
YSoft SafeQ 5 1360

February 03, 2016
Reboot machine to apply changes.
10 Enable Card Reader support
If you are planning on using authentication with card, set the following property to Enabled, otherwise set it
to Disabled.
Login as administrator on MFP

Go to Setup >> Authentication / Security Settings >> Authentication >> User Details Setup...
Click on Use of Smart Card
Set Use of Smart Card to Enabled, Print to Card Validation Off, Fax / Scan to Card Validation On
YSoft SafeQ 5 1361

February 03, 2016
Click on Save
Do not enable Use of Smart Card when Card Reader is not connected or you will not be using
authentication with card.
CONFIGURING SHARP OSA FOR YSOFT SAFEQ EMBEDDED TERMINAL
General Notes
Supposed you are configuring new MFP with default settings. If you are configuring older device with
lot of customized settings, it may be useful to reset it to factory defaults first.
Most settings can be configured via internal web page of MFP with administration interface. Web
interface of each device can be different, depending on device model.
Language of the interface is mostly controlled by preferred language setting of the browser. Note that
support of various browsers can differ between particular MFPs.
To enter web interface, insert <MFP IP> to the browser address bar (you will be connected to http
or https page based on MFP's current setting).
General MFP Configuration
SHARP MFP REQUIREMENTS
The device has to support OSA 3.5 and have installed MX-AMX2 and MX-AMX3 modules for full
YSQSTE functionality. It is customer's responsibility to have it installed.
How to check if MX-AMX modules are installed:
For Sharp model MX-2600N, check menu "Status".
YSoft SafeQ 5 1362

February 03, 2016
This method does not work for model MX-2610N since it shows only "Options" and not " Software
Options Installed ".
For model MX-2610N go to menu System Setings > Product Key and check if both modules are
marked with "[Enable]"
The MFP must be configured to communicate via the SSL protocol and the associated
certificate must have been created.
How to create and enabled SSL certificate:
YSOFT SAFEQ EMBEDDED TERMINAL FOR SHARP
YSoft SafeQ Embedded Terminal for Sharp is implementation of YSoft Terminal Professional in Sharp
devices supporting a combination of OSA technologies, allowing usage of embedded accounting and
GUI.
Terminal is integral and inseparable part of the YSoft SafeQ Server solution and operates only when
connected to the server. Terminals work within the TCP/IP enabled networks only.
YSoft SafeQ 5 1363

February 03, 2016
SHARP MFP CONFIGURATION
SafeQ embedded installation, should be able to configure the device itself if previous
requirements are met. If installation should not be successful you can check if device is
having following settings.
This part describes first how to configure Sharp MFP in general;

Installation and configuration of Sharp embedded terminal is automatically provided and distributed
during SafeQ installation procedure. This means that installer of SafeQ Sharp embedded terminal
should configure device automatically. You need to configure each device in case that first installation
of Sharp embedded terminal will not be successfull.
Navigate to the web administrator menu of the device and log in as administrator. Default values
are admin/admin for login and password
Navigate to Application Settings -> External Applications Settings -> Standard Application
Settings and check following window if SafeQ application and and SafeQ scan application are
created or create it with add button.
Check or Enter Y Soft SafeQ as Application Name (Y Soft SafeQ Scan for scan application)
Check the address for Application UI where TERMINAL_SERVER_IP is IP of server where

terminal server is running
YSoft SafeQ 5 1364

February 03, 2016
Optionally, icon for application can be uploaded on some machines. Please upload icon file
<TSHome>\Sharp\Terminal\icon100.png
Now continue with configuration of authentication/external accounting, if module MX-AMX3 is
installed. Navigate to Application Settings -> External Applications Settings -> External
Accounting Application Settings and select Enable for External Account Control to enable MX-
AMX3 module
If authentication method is To device, also enable Set Authentication Server (Server 1)

Then fill fields:
Server 1 (Enable)
Application Name (Y Soft SafeQ)
Address for Application UI
Address for Web Service
Press Submit. Restart of the device will be automatically required. Terminal Server must be running
during each device restart, otherwise new restart will be required.
USB CARD READER CONFIGURATION
Configuration is possible on web interface of Sharp device: User Control -> Card Type / Card Reader
Settings
There are two possible settings for USB card reader:
USB Card reader set to keyboard mode and option Use IC Card for Authentication disabled
USB Card reader set to Sharp mode and option Use IC Card for Authentication enabled
YSoft SafeQ 5 1365

February 03, 2016
CONFIGURING TOSHIBA FOR YSOFT SAFEQ EMBEDDED TERMINAL
Supported MFPs
Configuration of MFP
Upload Certificate
Allowing Direct printing
Allowing Card readers
Time Configuration
Display the SafeQ application screen after successful login
Additional notes
Supported MFPs
Model Name Series Name
e-STUDIO 5540C / 6540C / 6550C e-STUDIO6550C

Series
e-STUDIO 2040C / 2540C / 3040C / 3540C / e-STUDIO4540C

4540C Series
e-STUDIO 556 / 656 / 756 / 856 e-STUDIO856 Series
e-STUDIO 556SE / 656SE / 756SE / 856SE
e-STUDIO 206L / 256 / 306 / 356 / 456 e-STUDIO456 Series
e-STUDIO 256SE / 306SE / 356SE / 456SE
YSoft SafeQ 5 1366

February 03, 2016
e-STUDIO 2050C / 2550C e-STUDIO2550C

Series
e-STUDIO 2555C / 3055C / 3555C / 4055C /

5055C
SafeQ currently supports only models based on eBX architecture.
Auto-installation of YSoft SafeQ Terminal Embedded requires a MFP firmware version supporting
SDK 2.4 or higher
Configuration of MFP
Upload Certificate
After first installation of YSoft SafeQ Terminal Embedded, it is needed to upload our certificate to device to
make it trusted. Navigate to Administration -> Security -> Certificate Management and in section CA
certificate select CA certificate (DER) radio button and choose a file safeqds.cer from support folder of the
installation package.

If you want to use direct printing, it is necessary to allow printing for unauthenticated jobs. Navigate to
Administration -> Security -> Authentication. You need to configure the section User Authentication
Setting.
Configure option Authentication failed print job/Raw Print Job to Print.
YSoft SafeQ 5 1367

February 03, 2016
As a consequence, any print performed directly to the printer would be printed with this setting. To
prevent unwanted prints, setup IP filtering ( Administration -> Setup -> Network -> Filtering).
If you do not see the configuration for Card authentication, turn off the device and follow these steps:
1. Connect the USB card reader.

2. Turn on the device.
3. Enter the service menu.
4. On the next screen, enter 3500 and press green start-button.
5. Now enter 90001 and press OK.
6. Now enter 9398 and press green start-button again.
7. Enter eBMUserCard and restart the printer.
8. Now you should be able to continue with configuration of LDAP server.
List of Toshiba devices and required FW versions that supports USB card readers is in the following
article.
YSoft USB card reader registration chapter must be done when the Toshiba MFP FW is lower version
than FW which has YSoft USB card reader already preregistered. The card reader registration procedure is
described in the article configure Toshiba device to work with YSoft USB card reader.
Time Configuration
Time settings have to be configured for proper accounting of jobs and assignment of billing codes to these
jobs.
Go to Administration > General and configure Daylight Saving Time Settings to comply with configuration
of your server, where Terminal Server is running
Next, there are two options possible, based on the availability of SNTP (time) server in your network:
1. a. If SNTP is available, set all necessary details in section SNTP Service and set your timezone
b.
YSoft SafeQ 5 1368

February 03, 2016
b. If SNTP is not available, in section Date & Time set timezone, date and time to the time of the
Terminal Server. Also disable SNTP server.
WARNING: Be sure to set the time as precisely as possible (in means of seconds) to
avoid errors in assigning billing codes to scan jobs and copy jobs. It is better for the MFP to
have the clock set slightly forward, than backward.
Display the SafeQ application screen after successful login

To improve the experience with SafeQ Toshiba Embedded application, we recommend to do following
steps to display the SafeQ application as initial screen after successful login.
1. Enter the service menu.

2. Press 9955 to change the Extension label to "SafeQ" and click OK to save.
3. Press 9132 and insert value 99.
Additional notes
YSoft SafeQ verifies the originating device against the list of active devices in the database. For this
purpose the translation of MFP IP address to the hostname/FQDN using standard Windows features
(DNS/NetBIOS) is made. Please make sure the MFP is properly registered in the DNS or WINS
server as the delays in translation may lead to timeouts or failures during authentication.
Configuring Toshiba for ET scanning application

Follow these steps to configure the MFP:
Enable the HTTP Protocol
1. Navigate in your browser to the IP address of MFP to access web interface of MFP called
TopAccess.
2. Log in with valid credentials and navigate to Administration -> Setup -> Network and click on HTTP
Network Service
3. Make sure option Enable HTTP Server is Enabled.
YSoft SafeQ 5 1369

February 03, 2016
Enable the WSD Scan Service
TopAccess.
2. Log in with valid credentials and navigate to Administration -> Setup -> Network and click on Web
Services Setting
3. Make sure Web Services Scan is Enabled.
4. Fill in Scanner Name (any name will be accepted)
5. Fill in Scanner Information (any string will be accepted)
6. Set Authentication For PC Initiated Scan to Accept the job if user name is valid
7. Save all taken changes
YSoft SafeQ 5 1370

February 03, 2016
Rights Management
TopAccess.
2. Log in with valid credentials and navigate to Administration -> Security-> Authentication
3. Set User Authentication to Enable
4. Save all taken changes
YSoft SafeQ 5 1371

February 03, 2016
Configuring Toshiba for YSoft SafeQ Embedded Terminal with @ character in username
Situation
When any of SafeQ users username contains @ character, scan issue with YSoft scan application occurs.
The solution is set configuration option internalLdapReplaceAtChar in SafeQ (expert view) to value
\# - all occurrences of @ will be replaced with #
YSoft SafeQ 5 1372

February 03, 2016
Limitations
Even if internalLdapReplaceAtChar is set, there are limitations related to Username and
Password authentication method. So in case user with username e.g. user@domain.com is logged on
Toshiba Embedded Terminal using Username and Password, following limitations can occur:
YSoft Scan application doesn't work

Copy does not work - "Permission of execution denied" message on device after pressing start
button
User cannot go to browser application on some devices
Because of these limitations, authentication method Username and Password is not supported in
combination with usernames containing @ character.
Supported Toshiba MFP FW for YSoft USB card reader
Devices which supports YSoft USB reader
USB card reader is supported on following devices with eB-X Platform.
A4 models:
e-STUDIO287CS / e-STUDIO347CS / e-STUDIO407CS
e-STUDIO477s / e-STUDIO527s
A3 models:
e-STUDIO2040C / e-STUDIO2540C / e-STUDIO3040C / e-STUDIO3540C/ e-STUDIO4540C
e-STUDIO2050C / e-STUDIO2051C / e-STUDIO2550C / e-STUDIO2551C
e-STUDIO2555C / e-STUDIO3055C / e-STUDIO3555C / e-STUDIO4555C / e-STUDIO5055C
e-STUDIO5540C / e-STUDIO6540C / e-STUDIO6550C
e-STUDIO256 / e-STUDIO306 / e-STUDIO356 / e-STUDIO356 / e-STUDIO456 / e-STUDIO506
e-STUDIO656 / e-STUDIO756 / e-STUDIO856
e-STUDIO306 LP
On the latest MFP FW the YSoft USB card reader is already preregistered, so the registration procedure is
not required for proper working of the USB card reader. On the older MFP FW the YSoft USB card reader
must be registered to the device manually.
Please see the following table regarding MFP FW version:
Device MFP FW version MFP FW version with already

supporting preregistered Y Soft USB card
registration readers
e-STUDIO287CS / e-STUDIO347CS / e- The first firmware The first firmware already

STUDIO407CS already supports this supports this function
function
e-STUDIO477s / e-STUDIO527s
e-STUDIO2050C / e-STUDIO2051C / e- Higher than 1510 Higher than 1510

STUDIO2550C / e-STUDIO2551
YSoft SafeQ 5 1373

February 03, 2016
Device MFP FW version MFP FW version with already

supporting preregistered Y Soft USB card
registration readers
e-STUDIO2555C / e-STUDIO3055C / e- The first firmware The first firmware already

STUDIO3555C / e-STUDIO4555C / e- already supports this supports this function
STUDIO5055 function
e-STUDIO2040C / e-STUDIO2540C / e- Higher than 3404 Higher than 3404

STUDIO3040C / e-STUDIO3540C/ e-
STUDIO4540C
e-STUDIO5540C / e-STUDIO6540C / e-
STUDIO6550C
e-STUDIO256 / e-STUDIO306 / e- Higher than 1604 Higher than 1610

STUDIO356 / e-STUDIO356 / e-STUDIO456
/ e-STUDIO506
e-STUDIO656 / e-STUDIO756 / e-
STUDIO856
e-STUDIO306 LP The first firmware The first firmware already

already supports this supports this function
function
Note
It is reccomended to update your device's FW to the latest version. Latest FW versions already
have YSoft USB card reader preregistered, so it is not required to perform registration procedure.
YSoft USB card reader registration chapter must be done when the Toshiba MFP FW is lower
version than FW which has YSoft USB card reader already preregistered. More information about
the registration can be found in the article configure Toshiba device to work with YSoft USB card
reader.
Toshiba device configuration

1) Navigate to Toshiba service menu and set 3500 (write this number and press green Start button) to
"60001".
2) Connect the USB reader to the MFP.
3) Reboot the MFP.
Note: Turn the power OFF before connecting the device. If you do not, the device may not be correctly
recognized. In that case, reboot the MFP with the device connected.
YSoft USB card reader settings
YSoft SafeQ 5 1374

February 03, 2016
The USB card reader has to be set to the USB keyboard mode. When a different one is set, use the
usbrdrtool to change it.
Configure Toshiba device to work with YSoft USB card reader
YSoft USB card reader registration chapter must be done when the Toshiba MFP FW is lower version than
FW which has YSoft USB card reader already preregistered.
List of Toshiba MFP firmwares which are compatible with YSoft USB card reader.
YSoft USB card reader registration

Prerequisites:
debug_s_usbcr.sh
usbhidReaderListAdd.txt
YSoft USB card reader
Toshiba device
Files debug_s_usbcr.sh and usbhidReaderListAdd.txt are part of installation package. They are
stored in directory Card Reader Registration available under path _support\YSoft SafeQ Toshiba
Terminal Embedded .
1) Get Vendor ID, Product ID of your USB card reader

For YSoft USB readers, following VID and PID are used:
Product VID (Vendor PID (Product

ID) ID)
YSoft USB card reader - USB keyboard 214C 0202

mode
YSoft USB card reader - USB Sharp mode 214C 0205
Other products than listed above are NOT supported on the Toshiba MFP.
2) Create usbhidReaderListAdd file according to your Vendor ID, Product ID
1) Open the supplied sample device list, ”usbhidReaderListAdd.txt”, by the text editor.
2) Enter the Vendor ID, Product ID and Reader Name.
3) Registration should be 1 line per a unit. The Vendor ID, Product ID, and Reader Name should be
divided by “:” (colon).
Note: The max. number of the devices to be registered should be 16.
YSoft SafeQ 5 1375

February 03, 2016
3) Register USB card reader on your MFP

1) Copy the files usbhidReaderListAdd.txt and debug_s_usbcr.sh to the root of the USB memory.
2) Insert the USB memory to the device.
3) Normally start up the device.
4) A beep sounds when registration finishes. Remove the USB memory from the MFP to complete
registration.
CONFIGURING OKI FOR YSOFT SAFEQ EMBEDDED TERMINAL
Upload Certificate
Time Configuration
Display the SafeQ application screen after a successful log in
Auto-installation of YSoft SafeQ Embedded Terminal requires a MFP firmware version supporting
SDK 2.4 or higher
Upload Certificate
After first installation of YSoft SafeQ Embedded Terminal, it is needed to upload our certificate to device to
make it trusted. Navigate to Administration -> Security -> Certificate Management and in section CA
YSoft SafeQ 5 1376

February 03, 2016
certificate select CA certificate (DER) radio button and choose a file safeqds.cer from support folder of the
installation package.

If you want to use direct printing, it is necessary to allow printing for unauthenticated jobs. Navigate to
Administration -> Security -> Authentication. You need to configure the section User Authentication
Setting.
Configure option Authentication failed print job/Raw Print Job to Print.
As a consequence, any print performed directly to the printer would be printed with this setting. To
prevent unwanted prints, setup IP filtering ( Administration -> Setup -> Network -> Filtering).
If you do not see the configuration for Card authentication, turn off the device and follow these steps:
1. Connect the USB card reader

2. Enter the service menu
3. On the next screen, enter 3500 and press green start-button
4. Now enter 90001 and press OK
5. Now enter 9398 and press green start-button again
6. Enter eBMUserCard and restart the printer
7. Now you should be able to continue with configuration of LDAP server for Card authentication.
Time Configuration
Time settings have to be configured for proper accounting of jobs and assignment of billing codes to these
jobs.
Go to Administration > General and configure Daylight Saving Time Settings to comply with configuration
of your server, where Terminal Server is running
YSoft SafeQ 5 1377

February 03, 2016
Daylight Saving Time is not working correctly on devices with older versions of firmware (older
than O290HD0W2101 ). This can cause problems with assignment of the Billing Codes and the
time of the performed jobs. To check version of your firmware, go to Administration > General >
Version.
Next, there are two options possible, based on the availability of SNTP (time) server in your network:
1. a. If SNTP is available, set all necessary details in section SNTP Service and set your timezone
b. If SNTP is not available, in section Date & Time set timezone, date and time to the time of the
Terminal Server. Also disable SNTP server.
WARNING: Be sure to set the time as precisely as possible (in means of seconds) to
avoid errors in assigning billing codes to scan jobs and copy jobs. It is better for the MFP to
have the clock set slightly forward, than backward.
Display the SafeQ application screen after a successful log in

To improve the experience with SafeQ Embedded application in OKI, we recommend to do following
steps to display the SafeQ application as initial screen after successful log in.
1. Enter the service menu
2.
YSoft SafeQ 5 1378

February 03, 2016
2. Press 9955 to change the Extension label to "SafeQ" and click OK to save.
3. Press 9132 and insert value 99.
Configuring OKI for YSoft SafeQ Embedded Terminal with @ character in username.
Situation
When any of SafeQ users username contains @ character, scan issue with YSoft scan application occurs.
The solution is set configuration option internalLdapReplaceAtChar in SafeQ (expert view) to value
\# - all occurrences of @ will be replaced with #
Limitations
Even if internalLdapReplaceAtChar is set, there are limitations related to Username and Password
authentication method. So in case user with username e.g. user@domain.com is logged on OKI Embedded
Terminal using Username and Password, following limitations can occur:
YSoft Scan application doesn't work

Copy does not work - "Permission of execution denied" message on device after pressing start
button
User cannot go to browser application on some devices
Because of these limitations, authentication method Username and Password is not supported in
combination with usernames containing @ character.
CONFIGURING SAMSUNG FOR YSOFT SAFEQ EMBEDDED TERMINAL
Devices based on XOA-E / Android platform are supported so far. No special settings are
required for using with YSoft SafeQ Embedded Terminal.
YSoft SafeQ 5 1379

February 03, 2016
CONFIGURE USB READER
The YSoft SafeQ® USB Card Reader v2 that could be simply connected to the multi-functional device and
serves for user authentication using card.
The YSoft SafeQ® USB Card Reader v2 could be also connected to workstations and can be used with the
credit charger application or with the SQ client for authentication.
Card must be assigned to any user in the YSoft SafeQ system.

After the successful authentication the user is able to manipulate with device and perform his print jobs,
copy jobs or scan jobs (depends on the device).
This device complies with Industry Canada licence-exempt RSS standard(s). Operation is subject to the
following two conditions: (1) this device may not cause interference, and (2) this device must accept any
interference, including interference that may cause undesired operation of the device.
Mounting and Dismounting of the reader module
USB Reader Configuration
YSoft SafeQ 5 1380

February 03, 2016
MOUNTING AND DISMOUNTING OF THE READER MODULE

Following chapter displays how to mount USB reader v2 to device. The configuration could be different from
type of device or vendor type. Other thing is that reader can't be mounted only to device, because it can
work as card reader for SafeQ Client application or Recharging point for SafeQ Credit Application, so
mounting should be different according to usage.
MOUNTING OF THE READER MODULE
The mounting kit (plastic holder) enables both right-handed and left-handed installation to the MFP.
First prepare the components from the package:
plastic holder
screws
reader module
Prepare the plastic holder for the reader and remove the plastic "fork". See the following pictures.
YSoft SafeQ 5 1381

February 03, 2016
When the plastic construction is prepared, it can be mounted with crews directly to the machine. See Picture
3 - Mounting kit on the device (when not many screws is possible to mount, use double side tape for better
fixing)
If holder is fixed to the machine, we can stick the reader to holder together by clipping the reader to the
mounting kit.
Finally, connect the USB connector of the reader into a free USB slot.
DISMOUNTING OF THE READER MODULE
Removing from the device can be handled by plastic "fork" from the step 3 or screw driver or similar tool.
When reader is connected with holder to device, we have to remove reader from the mounting kit first. Use
plastic "fork" or screw driver and push the reader part, with moving the reader upwards. Steps 1,2 and 3.
YSoft SafeQ 5 1382

February 03, 2016
Reader should recover from the holder. Now we can unscrew the mounting kit from the device and
disconnect the reader with following procedure.
USB READER CONFIGURATION

USB Card reader v2 can be configured only with software utility called "usbrdrtool". The software runs in a
system console. It is not a gui application, it is an application running in text mode.
The usbrdrtool configuration tool is designed for USB readers v2 only!
The usbrdrtool prerequisites:
Windows 2000 and higher

Linux kernel 2.4 or higher with glibc 2.3.2 or higher
Root access on Linux or possibility of sudo
usbfs support for libusb-0.12 library on Linux
usbrdrtool.exe (WIN32) or usbrdtool (Linux) exacutable binaries
Note: The program requires "root" privileges under Linux, therefore it must be run as user root or sudo must
be used.
The purpose of the usbrdrtool is:
Show information about connected USB readers.

Set basic parameters of each reader such as USB reader class type, reader protocol, debug mode
etc.
Card testing for verifying correct reader functionality and reading distance.
Display of card type during testing (with readers where applicable)
Update of USB reader normal firmware.
Update of USB reader service firmware.
Download log from USB reader for debugging purposes.
CONFIGURATION OF THE USB READER BY USBRDRTOOL
Start the usbrdrtool under your operation system. When the program is run without any command line
parameter the following screen is shown. The main menu should appear with the selection you want to do.
YSoft SafeQ 5 1383

February 03, 2016
Picture 6 – Main menu

Here can user select the following numbers depends on the intervention administrator wants to do.
CARD READER CONFIGURATION SCREEN
When administrator selects the number of the reader from the reader list, the reader configuration screens
will be shown with general information about reader and following steps for next administration:
Picture 7 - Reader configuration screen
YSoft SafeQ 5 1384

February 03, 2016
Action 1 sets the USB reader configuration to defaults. This includes USB mode, reader protocol,
debug mode and other parameters. This option does not format data that are stored on USB reader
internal file system.
Action 2 sets USB mode. This option is available onlyfor specific OEM USB reader type. Available
usb modes are described in chapters 4.2.1 and 4.2.2.
Action 3 sets card reader protocol. For some card readers it is necessary to enable support for
another card types. Default card reader protocol is 0 which means that the reader default protocol will
be used. If invalid card reader protocol is selected then the default protocol will be used.
Note: Please see Y Soft Card Readers Protocols.pdf for more details about card reader protocols. This*. pdf
file is always attached to the zip file with released FW of the USB reader.
Action 4 enables debugging in case something goes wrong with the reader (for example hang-up or
reboot or anything similar). Please note that debugging enabled causes wear-out of the internal
flash so enable it only in cases when it is necessary!
Action 5 enables or disables sound on the USB reader. Please note that there is no visual
identification of successful card reading so users in some cases cannot guess what may be
wrong if the card reader makes no sound
Action 99 returns user to the previous menu. If any changes are made, the card reader is rebooted
and the changes are applied.
Action 100 returns user to the previous menu. If any changes in settings are made they are
discarded and original settings remain.
USB keyboard
USB keyboard – Optional mode
In this mode the USB reader works as a standard USB keyboard and can be switched to mode 3 only.
NOTE:
Typing of the keys is emulated as numeric keypad for 0-9 and A-F keys on standard EN/US keyboard
layout. If the card number contains any other characters, they are ignored. Caps-lock and Num-lock are
enabled and disabled if necessary and returned back to previous state after the card number is read.
The "Shift", "Ctrl", "Alt" keys must not be held during card placing or it will collide with caps-lock
and num-lock setting and incorrect card number will be read
If a national keyboard layout is used (such as French, Russian, Chinese or other) a wrong card
number will be entered. In such cases a switch to US/EN keyboard layout is necessary before
placing the card.
USB serial
USB serial – Optional mode
This mode emulates operation of COM port and can be switched to mode 1 only.
YSoft SafeQ 5 1385

February 03, 2016
On Windows platform the installation of the USB reader in this mode requires usb2-reader.inf file. This file is
distributed along with the usbrdrtool application and should be selected in the "new hardware" wizard after
the USB reader plugging/reconfiguration.
On Linux platform the driver for the serial port is installed automatically.
Card testing in usbrdrtool application will work in this mod
ACTION 3 - SETTING CARD READER PROTOCOL
When you are on the main page select appropriate number of the reader. If you want to change card reader
protocol for specified reader type (selected number), then you need to open the value 3 "Set card reader
protocol"
Picture 8 - Selecting of card reader
To choose appropriate reading protocol, please see Y Soft Card Readers Protocols.pdf for more details
about card reader protocols. This*. pdf file is always attached to the zip file with released FW of the USB
reader.
Select the number and confirm by "enter" confirmation.
Picture 9 - Reader protocol confirmation
After selecting the appropriate number of protocol, you will be navigated to submenu page, when you need
to save currently changed settings. Select "99" to save settings for changed reading protocol and confirm.
YSoft SafeQ 5 1386

February 03, 2016
Picture 10 - Saving of changes after protocol change

Card reader testing screen
Card testing screen menu can be started by number 100 from the main menu. See Picture 6 – Main menu.
When testing window will appear you can test the reader by placing a card above the reader.
Picture 11 - Test card window 1

Reader should display result from reading inside this window like example on the Picture 12 - Card testing
result.
Picture 12 - Card testing result

Multiple card readers can be tested at once. The screen automatically recognizes disconnected and newly
connected readers so it may be used for mass-production card reader testing.
If the connected reader supports card presence detection then the card number and type is visible only
when the card is placed at the card reader.
If the connected reader does not support card presence detection, a "tmout" is displayed.
The card number will be automatically erased after a couple of seconds of inactivity. This feature is intended
to make sure that the reader works properly and card numbers are read correctly every time a card is
placed.
YSoft SafeQ 5 1387

February 03, 2016
Please note that displaying the correct card type depends on card reader used and card reader protocol set.
Before using usbrdrtool as a tool for customer card testing please consult USB card reader testing
guidelines.
It is also possible to start the card testing screen directly by specifying -t command line option to the
usbrdrtool application.
Card reader Update firmware
Update of firmware for USB card reader can be done by issuing the following command in the Windows
command like (CMD) or on Linux OS:
Windows:
usbrdrtool.exe -u -i usb2-2.0.1.fw --k
Picture 13 - FW update example
Linux:
sudo ./usbrdrtool -u -i usb2-2.0.1.fw -k

'-k' option will cause the new firmware to be booted after successful update.
Note: This command can be run form CMD windows or Linux, this is not a command inside the usbrdrtool.
Card reader Update Service firmware
Update of service firmware for USB card reader can be done by issuing the following command in the
Windows command like (CMD) or on Linux OS:
Windows:
usbrdrtool.exe -w -i usb2_service-1.0.1.fw -k
Picture 14 - Example of the service firmware update
Linux:
sudo ./usbrdrtool -w -i usb2_service-1.0.1.fw --k
'-k' option will cause the new firmware to be booted after successful update.
Note: This command can be run form CMD windows or Linux, this is not a command inside the usbrdrtool.
YSoft SafeQ 5 1388

February 03, 2016
Card reader settings for downloadeing the log files
For the configuration of USB card reader to downloading log files from the reader is possible to run following
command in the Windows command like (CMD) or on Linux OS:
Windows:
usbrdrtool.exe -j -o USBLOG.TXT
Picture 15 - Get log enabling
Linux:
sudo ./usbrdrtool -j -o USBLOG.TXT
Note: Please note that logging must be enabled before using this function
Card reader USBRDRTOOL starting with predefined commands
Administrator can start the USB card reader configuration with predefined usage. The pre-configuration list
is listed bellow as command lines parameters. For example write in cmd windows command line:
Picture 16 -Command line starting with pre-configuration
In the Linux OS the usage is similar with command:

Usage: ./usbrdrtool -<parameter> <value> ...
Parameters:
-i input file (otherwise stdin)

-ooutput file (otherwise stdout)
-l list all configurable readers
YSoft SafeQ 5 1389

February 03, 2016
-r select reader number to configure, if not specified then first reader will be used
-sselect serial number of reader to configure
-k reset the usb device after successful operation
-u update standard firmware (file on stdin or input file)
-w update service firmware (file on stdin or input file)
-j get log (data on stdout or output file)
-h this help screen
-v verbose operation
-t start card testing mode
Information BeeP codes
Here is the list of beep codes, which give the result on the behavior of USB reader v2.
Legend:
- Long beep sound
. Short beep sound
Sound Behavior
- Card read error. Please try placing the card again or use the different
card.
...- Hardware configuration damaged cannot continue in booting
.-.- Update of firmware failed.
--.- Software configuration cannot be saved. Probably faulty onboard eeprom.
..-- Software configuration damaged, loading defaults.
.--- Firmware damaged.
-... No reader connected and reader required for correct functionality.
-.-. Service firmware damaged, re restore required.
.--. Error in reader power-up sequence.
Note: This option is available only if sound is enabled.
HOW TO FIND OUT VENDOR ID, PRODUCT ID OF YOUR USB CARD READER
Here is described how to find out Vendor ID and Product ID for your USB card reader
1) Connect the USB device to the USB connector of the Windows PC.
2) Navigate to Control panel > Computer Management > Device Manager.
3) Open the Human Interface Devices tab, select the HID-compliant device related to your USB reader
4) Select properties
YSoft SafeQ 5 1390

February 03, 2016
4) Click on the Details tab and select “Hardware Ids”. The VID/PID are displayed.
Note: In the following case, VID=”214C”, and PID=”0202”.
For YSoft USB readers, following VID and PID are used:
VID (Vendor PID (Product

ID) ID)
YSoft USB card reader - USB keyboard 214C 0202

mode
YSoft USB card reader - USB Sharp mode 214C 0205
UNINSTALL EMBEDDED TERMINAL

To uninstall the embedded terminal, follow these steps:
device.
YSoft SafeQ 5 1391

February 03, 2016
3a Select the Terminal tab and uncheck Embedded terminal option.
OR
3b (This step applies only when you have a hardware terminal connected to a device.)
Select Hardware terminal option.
4 Select the Basic tab and select Page tracking mechanism which you want.
NOTE: When you select Online accounting, choose Accounting driver related to your printer by
clicking highlighted button.
YSoft SafeQ 5 1392

February 03, 2016
5 Click Save device button. A dialog with uninstallation confirmation will appear. Continue with Yes
button.
6 A new window with uninstallation progress bar will be displayed.
YSoft SafeQ 5 1393

February 03, 2016
7 After successful uninstallation a confirmation message "Installation finished successfully" is

displayed.
YSoft SafeQ 5 1394

February 03, 2016
CONFIGURE SCANNING FOR EMBEDDED TERMINAL
1 Make sure your license supports Scan Management.
2 Create scan workflows according to guide: Configuring Workflow Scanning
YSoft SafeQ 5 1395

February 03, 2016
3 Set access rights to scan workflows according to guide: Setting access rights to scan workflows
4 Check your device is installed with Scan feature.
NOTE: For information about scan options, see chapter Workflow scanning or Scanning workflow
definition.
SCANNING WITH RICOH DEVICE NATIVE SCANNING APPLICATION
OVERVIEW
Scanning via Native application offers all scan settings available for device instead of scanning via SafeQ
Application which was designed to quick settings for users.
For both scanning application scan worklows defined in SafeQ are used.
YSoft SafeQ 5 1396

February 03, 2016
Scan to e-mail Scan to home folder / Scan to script*
Scanning with Configuration: Scan workflow (Scan to Configuration: Scan workflow (Scan to
device Native e-mail) with triggered hot folder must be home folder) with triggered hot folder
Scan Application added to device (SafeQ > Devices > Edit must be added to device (SafeQ >
device > Scan tab). Triggered hot folder Devices > Edit device > Scan tab).
and SMB folder defined in device must Triggered hot folder and SMB folder
be equal. defined in device must be equal.
User steps: User log in into terminal User steps: User log in into terminal
embedded, switch to native device Scan embedded, switch to native device Scan
screen, select SMB folder and perform screen, select SMB folder and perform
scan. scan.
Result: Scan file is saved to triggered Result: Scan file is saved to triggered
hot folder. The file is sent to e-mail hot folder. The file is sent moved to
address of user who has performed scan. target directory defined in scan workflow.
*NOTE: Only difference between Scan to home folder and Scan to script is, that script defined in
workflow is triggered, when Scan to script is used.
PRE-REQUISITIES
1 Check if Terminal Embedded on your device is installed: Install Embedded Terminals
2 Create scan workflows according to guide: Configuring Workflow Scanning
3 Set access rights to scan workflows according to guide: Setting access rights to scan workflows
YSoft SafeQ 5 1397

February 03, 2016
CONFIGURATION
1 Create network share folder where both SafeQ and MFP have read/write access.
2 Make sure that users have e-mail defined in YSoft SafeQ. Mailserver (and mail user/pass if
necessary) are required.
3 Go to Devices > Edit device > Scan tab and Add scanning workflows by clicking Add scan
workflow.
4 Enter Triggered hot folder (path to folder that you created in step 2) and save device.
NOTE: The triggered hot folder must be unique for each MFP and Scan workflow.
YSoft SafeQ 5 1398

February 03, 2016
5 Now you have to create SMB folder on device's web interface or device's scan menu, which will be
equal to triggered hot folder defined in the previous step.
YSoft SafeQ 5 1399

February 03, 2016
ADDING SMB FOLDER TO ADDRESS BOOK VIA DEVICE WEB INTERFACE
1 Login into device web interface and go to Address Book.
2 You can see list of created users scan destinations. To add new one touch Add user.
YSoft SafeQ 5 1400

February 03, 2016
3 Now fill in all required fields and also Folder part as following:
Protocol = SMB
Path = path to your Triggered hot folder (same as on scan tab in device settings)
Then click OK to save new destination.
YSoft SafeQ 5 1401

February 03, 2016
4 Created profile with SMB folder is saved into Address Book list.
YSoft SafeQ 5 1402

February 03, 2016
YSoft SafeQ 5 1403

February 03, 2016
ADDING SMB FOLDER TO ADDRESS BOOK VIA DEVICE TERMINAL MENU
1 Go to Scan screen on Ricoh device and touch Folder tab and then Manual Entry to add new folder
destination for scanning.
2 Select SMB protocol and fill in at least Path to folder by touching Manual entry (if you know exact
path) or Browse network (if you want to select path by browsing folders). You can also fill in User
name or password.
NOTE: Path must equal to Triggered hot folder entered on scan tab in device settings.
Then click OK to save settings.
YSoft SafeQ 5 1404

February 03, 2016
3 Your new folder is selected but not saved. To save it touch Prg. Dest. button.
4 Now you can change your folder path if you want by touching Change.
Otherwise touch OK to continue.
YSoft SafeQ 5 1405

February 03, 2016
5 Now fill in Name and Key display. You can also select Title groups in which will be your folder
preference stored.
Then click OK.
6 Now you can see saved folder into selected title group.
YSoft SafeQ 5 1406

February 03, 2016
RELATED CONFIGURATION
Configuration can be changed from SafeQ web interface:System Settings
scan-job-max-size-to-mail - Maximum size of scan job handled (sent or received) via email by SafeQ.
Value is set in bytes.
scan-job-changed-destination - The body of email sent to a user when their scan is saved in the back-
up (default) folder, i.e. not according to the workflow. This may occur for various reasons such as the
e-mail attachment is too big.
CONFIGURE SIMPLE LAYOUT FOR BROWSER-BASED TERMINALS
DESCRIPTION
Terminal layout can be simplified when customer decides not to use Scan workflows and Billing (project)
codes features. This change can be achieved with any browser-based terminals except Konica Minolta. The
main difference is that the main menu on the left side is not available, and does not distract users from
working with their print jobs.
YSoft SafeQ 5 1407

February 03, 2016
YSoft SafeQ 5 1408

February 03, 2016
CONFIGURATION
To enable this behavior, the following steps must be completed:
Disable Billing codes feature (change the value billing-codes-enabled to Disabled in the System
settings) or make sure that the user has only one billing code assigned.
Before installing device, unselect the Scan feature
ADMINISTRATOR LOGIN AND PASSWORD
YSoft SafeQ 5 1409

February 03, 2016
ADMINISTRATOR LOGIN
If you want to use a different administrator name instead of the global administrator login, enter it here:
The global administrator login is defined by property global-authentication-%your_vendor%. You can find
the property in the System settings > Terminal administration
When the device's administrator login corresponds with the global administrator login, you do not need to fill
in.
ADMINISTRATOR PASSWORD
If you want to use a different password instead of the global password, enter it here:
The global password is defined by property global-authentication-%your_vendor%. You can find the
property in the System settings > Terminal administration
When the device's password corresponds with the global password, you do not need to fill in.
GLOBAL AUTHENTICATION PROPERTIES

To set default authentication property for your vendor printers, go to System > System settings, search for
global-authentication- and modify respective property.
4.9.4 TERMINAL PROFESSIONAL
FCC STATEMENTS
§ 15.21 Information to user

The user's manual or instruction manual for an intentional or unintentional radiator shall caution the user
that changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment. In cases where the manual is provided only in a form other than
paper, such as on a computer disk or over the Internet, the information required by this section may be
included in the manual in that alternative form, provided the user can reasonably be expected to have the
capability to access information in that form.
§ 15.105 Information to the user

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to
YSoft SafeQ 5 1410

February 03, 2016
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This equipment generates,
uses, and can radiate radio frequency energy and, if not installed and used in accordance with the
instruction manual, may cause harmful interference to radio communications. Operation of this equipment in
a residential area is likely to cause harmful interference in which case the user will be required to correct the
interference at his own expense.
TERMINAL PROFESSIONAL OVERVIEW

SafeQ Terminal Professional provides external interface for users to access multifunction printers (MFPs)
and network printers to perform print, copy, and scan operations. The terminal supports Print roaming, print
job management, printing shared documents, and self-serve printing/copying. The terminal supports scan
via workflows, defined by YSoft SafeQ administrator
There are two types of SafeQ Terminal Professional:
Terminal Professional v3.5 - black case with color display

Terminal Professional v3.0 - grey case with b/w display
NOTE: Following documentation is related with Terminal Professional v3.5, therefore you might
encounter minor differences when using Terminal Professional v3.0 (e.g. terminal's service menu structure).
The terminal has a graphical user interface with touchscreen and is equipped with a 4-port network adapter.
The terminal also features:
Microcomputer
Flash EEPROM
Network interface
Various optional card readers are available to meet the compatibility requirements of your existing
identification cards. Both contactless and contact readers are available. (Users can alternatively
authenticate via PIN instead of identification card.)
The terminal communicates with YSoft SafeQ server over ethernet network (default communication port
4096). RJ45 connectors connect the terminal to the network. MFPs and printers communicate with the
SafeQ server via the terminal. Administrator can define whether users are required to authenticate at the
terminal before using the MFP or network printer.
YSoft SafeQ 5 1411

February 03, 2016
Each terminal has a MAC address allocated by Y Soft.
For more information, see Terminal Professional Specification.
SAFEQ TERMINAL PROFESSIONAL CAPABILITIES

The terminal has the following capabilities:
Supports Print roaming, printing, copying, and scanning.

Displays accounting and credit information.
Supports authorization by PIN, card, and login – alone or in a variety of combinations.
Enables one-time authorization by activation code or login and password if the user has no active
card.
Supports project accounting.
Beeps and displays a warning when copying timeout period expires.
Blocks access to MFPs – firewall and routing.
Enables central configuration.
Supports remote administration.
Optimizes data transfer between the SafeQ server and printers.
Includes power management feature that enables brightness to be decreased or turned off when the
terminal is idle for a configured length of time.
SAFEQ TERMINAL PROFESSIONAL USER OPTIONS

The terminal offers users the following options:
Print, copy, and scan.

View and select jobs (jobs to print, favorite jobs, and printed jobs).
Print favorite jobs by selecting them at the terminal.
Delete jobs from queue.
View information about print/copying status and detailed price accounting on the terminal screen.
Mark selected jobs as favorite.
Display print job preview.
TERMINAL PROFESSIONAL GUIDES

Configuring Terminal Professional
Terminal Professional Diagnostic Utils
Terminal Professional Service Menu Items
Scanning with Terminal Professional
Terminal Professional Firmware Update
Terminal Professional Specification
Smart Card support
INSTALLING TERMINAL PROFESSIONAL
At a Glance
YSoft SafeQ 5 1412

February 03, 2016
FCC statements
Step 1. Complete the Before-You-Begin checklist
Step 2. Check package contents
Step 3. Connect cables
Step 4. Displaying the Service menu
Step 5. Configure the connection between the terminal and the SafeQ server
Step 6. Test the connection between the terminal and the SafeQ server
Step 7. Replace the back cover of the terminal
Step 8. Mount the terminal
Step 9. Verify installation
FCC STATEMENTS
§ 15.21 Information to user.
The users manual or instruction manual for an intentional or unintentional radiator shall caution the user that
changes or modifications not expressly approved by the party responsible for compliance could void the

STEP 1. COMPLETE THE BEFORE-YOU-BEGIN CHECKLIST

Before you begin installing the terminal, complete this checklist:
1. If possible, register and acquire access to the Y Soft online help desk a day or two before you begin
the installation.
2. Obtain the Terminal Professional installation packages and a small Phillips screwdriver.
3. Make sure YSoft SafeQ Server is installed and running.
4. Write down the terminal's serial number (located on the back of the terminal).
5. Make sure the Control Interface cable is the correct cable for the MFP you are connecting the
terminal to.
Refer to the MFP/cable part number compatibility list that Y Soft provided you or go to
Hardware Compatibility List (HCL) and check the compatibility there.
6.
YSoft SafeQ 5 1413

February 03, 2016
6. If the cable you have is not correct, find the correct cable before you proceed. The cable may be
among other Y Soft packages at the location where you are installing the terminal.
7. Obtain the following information:
a. SafeQ server IP address
b. Does the network support DHCP?
c. If it does not support DHCP, obtain this additional information:
d. Terminal IP address
e. Netmask address
f. Gateway IP address
g. DNS server IP address
8. Information about the MFP or printer:
a. IP address
b. Serial number
c. Model number
STEP 2. CHECK PACKAGE CONTENTS

Check to make sure you have the following items (included in several packages):
Main package:
Terminal Professional
Ethernet cable
Power supply adapter
NOTE: The package also includes clear plastic cable wrap for the Ethernet cable.
Accessory packages:
Control interface cable (Blocking cable)
YSoft SafeQ 5 1414

February 03, 2016
MFP Universal Mounting Kit (bracket, screws, washers)
NOTE: The Control Interface cable for your MFP may be different from the one shown
here.
YSoft SafeQ 5 1415

February 03, 2016
STEP 3. CONNECT CABLES
1 On the back of the terminal, remove the cover and expose the connectors.
2 Connect cables as shown here:.
YSoft SafeQ 5 1416

February 03, 2016
STEP 4. DISPLAYING THE SERVICE MENU
To access most settings, first display the Site admins Service menu as described in this section.
There is similar steps for Terminal Professional v3.5 (the color one) and Terminal Professional v3.0 (the
gray one bellow).
1 If the terminal displays a Place Card screen, tap the top corners 4 times:
For TP v3.5: Tap left top corner > Tap right top corner > Tap left top corner > Tap
right top corner
For TP v3.0: Tap left top corner > Tap right bottom corner > Tap left top corner >
Tap right bottom corner
YSoft SafeQ 5 1417

February 03, 2016
OR
If the terminal displays a Keypad screen, touch the 0 button 9 times (000000000).
YSoft SafeQ 5 1418

February 03, 2016
2 The terminal displays a keypad. Enter the PIN, then touch OK.
NOTE: There is two levels of service menu (Y Soft partners service menu and Site admins service
menu). It depends on entered PIN code. Default PIN for Site admins menu is 0000. To get PIN for Y
Soft partners menu, please contact Customer Service Support.
YSoft SafeQ 5 1419

February 03, 2016
3 The terminal displays the Site admins Service menu or Y Soft Partners service menu, depending on
entered PIN on login screen.
YSoft SafeQ 5 1420

February 03, 2016
YSoft SafeQ 5 1421

February 03, 2016
4 The is difference between this two levels of service menu in following options, which are available
only from the Y Soft partners Service menu:
Cluster support
Debug mode
Card reader
Card reader test
Interaction mode
I/O Module
I/O Module test
Emergency update
Change part. PIN
YSoft SafeQ 5 1422

February 03, 2016
STEP 5. CONFIGURE THE CONNECTION BETWEEN THE TERMINAL AND THE SAFEQ SERVER
1 Display the Service menu and touch Server settings.
2 Touch Find server.
3 If the terminal finds the server, skip to step 7
OR
If the terminal does not find the server, touch Server IP
YSoft SafeQ 5 1423

February 03, 2016
4 Enter the SafeQ server’s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001
5 Touch Server port.
YSoft SafeQ 5 1424

February 03, 2016
6 Enter the SafeQ server’s port; then touch OK.
NOTE: The default port is 4096.
7 Touch Cluster support; and Enable this option
YSoft SafeQ 5 1425

February 03, 2016
8 Touch Network settings.
9 Touch DHCP and according to your network setting select Enable or Disable.
YSoft SafeQ 5 1426

February 03, 2016
10 If DHCP is enabled, touch DHCP hostname.
11 Enter the hostname that will be sent by the DHCP client; then touch OK.
NOTE: The hostname can contain a maximum of 31 characters. The terminal’s serial number is
used as the hostname by default.
YSoft SafeQ 5 1427

February 03, 2016
OR
12 If DHCP is disabled, touch Uplink interface.
13 Touch IP address.
YSoft SafeQ 5 1428

February 03, 2016
14 Enter the terminal’s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001.
15 Touch Netmask.
YSoft SafeQ 5 1429

February 03, 2016
16 Enter the subnet mask in the format shown in this example and touch OK.
255.255.255.0 is entered as 255 255 255 000.
17 Touch Back. Touch Gateway.
YSoft SafeQ 5 1430

February 03, 2016
18 Enter the gateway’s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001.
19 Touch DNS Server.
YSoft SafeQ 5 1431

February 03, 2016
20 Enter the DNS server’s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001.
21 Touch Back. Touch Save and restart to save the changes.
YSoft SafeQ 5 1432

February 03, 2016
YSoft SafeQ 5 1433

February 03, 2016
STEP 6. TEST THE CONNECTION BETWEEN THE TERMINAL AND THE SAFEQ SERVER
1 Display the Service menu and touch Diagnostic utils.
2 Touch Test server connect.
3 If the connection is successful, the terminal displays this screen:
YSoft SafeQ 5 1434

February 03, 2016
OR
4 If the connection is not successful, the terminal displays this screen:
YSoft SafeQ 5 1435

February 03, 2016
STEP 7. REPLACE THE BACK COVER OF THE TERMINAL
1 Replace the terminal’s cover and tighten the screw.
STEP 8. MOUNT THE TERMINAL

Depending on the type of bracket included with the terminal, mount the bracket to the MFP, to the wall, or to
a nearby object such as a desk or table.
1 Remove 2 screws from the back of the terminal.
YSoft SafeQ 5 1436

February 03, 2016
2 Attach the mounting bracket to the terminal.
3 If you have not already done so, write down the terminal’s serial number (located on the back of the
terminal).
4 Use the screws and washers included with the mounting bracket to mount the bracket and terminal
onto the MFP.
YSoft SafeQ 5 1437

February 03, 2016
5 Cover all cables with the clear plastic wrap (included in the plastic bag with the cable). Start the wrap
about 4 or 5 inches (10 to 12 cm) from the back of the terminal.
STEP 9. VERIFY INSTALLATION

Before you verify installation:
If a user (with associated card or PIN) has not been created in SafeQ, create one now for testing purposes
as follows:
1. In the SafeQ Web Interface, add a new user named "test".

2. Assign a card and a PIN to the test user (for example, PIN1111).
If the terminal does not include a card reader:
1. On the terminal’s PIN entry screen, touch 1111 (or whatever PIN you assigned to the test user); then
touch OK.
2. Check to make sure the MFP panel unlocks (that is, the panel lights up and comes on).
If the terminal includes a card reader:
1. Touch the PIN button to display the PIN entry screen.

2. Touch 1111 (or whatever PIN you assigned to the test user); then touch OK.
3. Check to make sure the MFP panel unlocks (that is, the panel lights up and comes on).
If the MFP unlocks and the user is authenticated, installation is now complete.
DISPLAYING THE SERVICE MENU

To access most settings, first display the Site admins Service menu as described in this section.
There is similar steps for Terminal Professional v3.5 (the color one) and Terminal Professional v3.0 (the
gray one bellow).
YSoft SafeQ 5 1438

February 03, 2016
1 If the terminal displays a Place Card screen, tap the top corners 4 times:
For TP v3.5: Tap left top corner > Tap right top corner > Tap left top corner > Tap
right top corner
For TP v3.0: Tap left top corner > Tap right bottom corner > Tap left top corner >
Tap right bottom corner
YSoft SafeQ 5 1439

February 03, 2016
OR
If the terminal displays a Keypad screen, touch the 0 button 9 times (000000000).
2 The terminal displays a keypad. Enter the PIN, then touch OK.
NOTE: There is two levels of service menu (Y Soft partners service menu and Site admins service
menu). It depends on entered PIN code. Default PIN for Site admins menu is 0000. To get PIN for Y
Soft partners menu, please contact Customer Service Support.
YSoft SafeQ 5 1440

February 03, 2016
3 The terminal displays the Site admins Service menu or Y Soft Partners service menu, depending on
entered PIN on login screen.
YSoft SafeQ 5 1441

February 03, 2016
YSoft SafeQ 5 1442

February 03, 2016
4 The is difference between this two levels of service menu in following options, which are available
only from the Y Soft partners Service menu:
Cluster support
Debug mode
Card reader
Card reader test
Interaction mode
I/O Module
I/O Module test
Emergency update
Change part. PIN
YSoft SafeQ 5 1443

February 03, 2016
TERMINAL PROFESSIONAL OVERVIEW

SafeQ Terminal Professional provides external interface for users to access multifunction printers (MFPs)
and network printers to perform print, copy, and scan operations. The terminal supports Print roaming, print
job management, printing shared documents, and self-serve printing/copying. The terminal supports scan
via workflows, defined by YSoft SafeQ administrator
There are two types of SafeQ Terminal Professional:
Terminal Professional v3.5 - black case with color display

Terminal Professional v3.0 - grey case with b/w display
NOTE: Following documentation is related with Terminal Professional v3.5, therefore you might
encounter minor differences when using Terminal Professional v3.0 (e.g. terminal's service menu structure).
The terminal has a graphical user interface with touchscreen and is equipped with a 4-port network adapter.
Microcomputer
Flash EEPROM
Network interface
Various optional card readers are available to meet the compatibility requirements of your existing
identification cards. Both contactless and contact readers are available. (Users can alternatively
authenticate via PIN instead of identification card.)
The terminal communicates with YSoft SafeQ server over ethernet network (default communication port
4096). RJ45 connectors connect the terminal to the network. MFPs and printers communicate with the
SafeQ server via the terminal. Administrator can define whether users are required to authenticate at the
terminal before using the MFP or network printer.
Each terminal has a MAC address allocated by Y Soft.
For more information, see Terminal Professional Specification.
YSoft SafeQ 5 1444

February 03, 2016
SAFEQ TERMINAL PROFESSIONAL CAPABILITIES
The terminal has the following capabilities:
Supports Print roaming, printing, copying, and scanning.

Displays accounting and credit information.
Supports authorization by PIN, card, and login – alone or in a variety of combinations.
Enables one-time authorization by activation code or login and password if the user has no active
card.
Supports project accounting.
Beeps and displays a warning when copying timeout period expires.
Blocks access to MFPs – firewall and routing.
Enables central configuration.
Supports remote administration.
Optimizes data transfer between the SafeQ server and printers.
Includes power management feature that enables brightness to be decreased or turned off when the
terminal is idle for a configured length of time.
SAFEQ TERMINAL PROFESSIONAL USER OPTIONS
The terminal offers users the following options:
Print, copy, and scan.

Delete jobs from queue.
View information about print/copying status and detailed price accounting on the terminal screen.
Mark selected jobs as favorite.
Display print job preview.
CONFIGURING TERMINAL PROFESSIONAL
At a Glance
Optimizing the Ethernet port speed and mode

Enabling cluster support
Setting MFP/printer locking options
Setting keyboard for Smart cards PIN entry
Setting and testing the I/O Module for the control cable interface
Configuring PS/2 Adapter for external keyboard and/or blocking cable
OPTIMIZING THE ETHERNET PORT SPEED AND MODE

If the port speed set by autodetect is not optimal, manually set the speed as follows:
1 Display the Service menu and touch Network settings.
YSoft SafeQ 5 1445

February 03, 2016
2 Touch Uplink Interface.
3 Touch Port speed.
YSoft SafeQ 5 1446

February 03, 2016
4 Select a port speed; then touch OK.
NOTE: You can find detailed info about available options here.
5 Touch MDI/MDIX mode.
YSoft SafeQ 5 1447

February 03, 2016
6 Select the appropriate mode; then touch OK.
ENABLING CLUSTER SUPPORT

Follow these steps to enable the terminal to be used with SafeQ Enterprise Edition server clusters:
YSoft SafeQ 5 1448

February 03, 2016
2 Touch Cluster support.
3 Touch Enable.
SETTING MFP/PRINTER LOCKING OPTIONS

The copier locking settings let you set how the MFP or network printer is locked.
YSoft SafeQ 5 1449

February 03, 2016
2 Touch Copier locking.
3 Select one of the options; then touch OK.
YSoft SafeQ 5 1450

February 03, 2016
SETTING KEYBOARD FOR SMART CARDS PIN ENTRY
1 Display the Service menu and touch Card reader settings.
2 Touch SmartCard PIN type.
YSoft SafeQ 5 1451

February 03, 2016
Select the Numeric, when you want to have only numeric keyboard by default.
The result is that user will always see only numeric keyboard (even he has the smart card with
alphanumeric characters).
Select Alphanumeric and symbols, when you want to have alphanumeric + symbols keyboard by
default. This mode contains numbers too. To switch between characters sets touch buttons in left
bottom corner.
YSoft SafeQ 5 1452

February 03, 2016
YSoft SafeQ 5 1453

February 03, 2016
SETTING AND TESTING THE I/O MODULE FOR THE CONTROL CABLE INTERFACE
1 Display the Service menu and touch I/O Module settings.
2 Touch I/O Module.
YSoft SafeQ 5 1454

February 03, 2016
4 To see if the control cable interface (also called the blocking cable interface) is functioning, touch I/O
Module test.
5 Select one of the following options and perform the associated test. The terminal displays information
received from the MFP.
YSoft SafeQ 5 1455

February 03, 2016
YSoft SafeQ 5 1456

February 03, 2016
CONFIGURING PS/2 ADAPTER FOR EXTERNAL KEYBOARD AND/OR BLOCKING CABLE
1 Connect PS/2 Adapter cable to Terminal Professional in Control interface (connector type: RJ11).
2 Connect external keyboard to PS/2 port on PS/2 Adapter box.
Suppoted are any standard PS/2 keyboards, with 5V DC, max. 100mA.
YSoft SafeQ 5 1457

February 03, 2016
Optional step: You verify that keyboard is connected and recognized as compatible in Service menu
> I/O Module settings > I/O Module info.
There could be more than one page in I/O Module info, so continue to page (by touching the
display) with PS/2 keyboard interface as Device class.
4 Optional step: Connect Blocking cable (RJ11) from printer to PS/2 Adapter box.
Printer is expected to be configured for using Blocking cable.
YSoft SafeQ 5 1458

February 03, 2016
5 User can use external keyboard to enter:
Username and password

PIN
Smart card PIN while using authentication via digital signature
Card assignment via Card activation code and Login and password
If display of Terminal Professional is dimmed then pressing any key will wakeup the terminal and
redirect user to authentication dialog.
TERMINAL PROFESSIONAL - HOSTNAMES SUPPORT
OVERVIEW
Following feature enables that Terminal Professional can connect YSoft SafeQ server via hostname
or Fully Quallified Domain Name (FQDN).
Note: When host names are set then they are overriding and also replacing setting of server IP and
other server node list (values of configuration items SERVERIP and SERVERLIST).
Connection is made by this steps:
1. Terminal resolve all given host names via DNS server

2.
YSoft SafeQ 5 1459

February 03, 2016
2. Terminal according to results updates fields SERVERIP and SERVERLIST (primary server and other
nodes list)
3. Connection negotiation to servers starts in usual way
4. If terminal is connected to cluster and receives new server nodes IP list then "SERVER_HOSTS",
"SERVERIP" and "SERVERLIST" are updated according to settings (this may clear host names list).
Note: After bootup there is connect to server to inform it about new firmware version etc. This first
connect is made according to value of "SERVERIP" not "SERVER_HOSTS" so no resolving is made. This
will ensure to connect to server from which the update was made.
CONFIGURATION
Service menu
In service menu level 1 there are these options:
Server settings -> Server hostnames

Allows to enter list of server host names in format like "hostname1:port hostname2:port"
Host name could be any valid DNS name like "sqsrv.company.local"
When server hostname is set, the setting of server IP and port are disabled. To enable them
you have to clear server host names.
Server settings -> Clear srv hostnames
Clear server host names setting
Current related options:
Server settings -> Refresh server IPs

Automatically - After successful connect to SafeQ cluster, the existing host names list is
replaced by new Server IP list obtained from cluster node (Host name list is cleared,
SERVERIP and SERVERLIST are updated)
Disabled - Setting of server host names is left unchanged
Remote configuration
The remote configuration can be performed via Remote configuration tool for hardware terminals
Configuration value of server host names is "SERVER_HOSTS". Reading or writing is supported with
remote configuration tool via authorized access - pin for level 1.
Current related items:
SERVERIP - Primary server IP address and port in format like "10.0.0.1:4096"

SERVERLIST - List of IPs of other nodes of cluster like "10.0.0.2 10.0.0.3 10.0.0.4"
LIMITATIONS
In "SERVER_HOSTS" all ports has to be same (by default 4096)

Currently DNS resolving is not cached
Remote setting of "SERVER_HOSTS" is not propagated via resolving to "SERVERIP" and
"SERVERLIST"
Static network configuration supports only one DNS server
YSoft SafeQ 5 1460

February 03, 2016
TERMINAL PROFESSIONAL DIAGNOSTIC UTILS
At a Glance
Downloading terminal logs

Ping other devices
DOWNLOADING TERMINAL LOGS

Follow these steps to download terminal logs:
NOTE: In order to download logs, the terminal must be in Debug mode.
1 Save and run the utility for downloading terminal log files in any convenient folder (for example, c:
\safeq).
NOTE: Contact the Customer Support Services when you don't have the utility.
NOTE: When you run the utility, logs will be downloaded to this location.
2 When the utility asks for the terminal IP address, enter the IP address of the terminal whose logs you
want to download.
The utility downloads the log files to the folder you specified. The logs are identified by the terminal’s
IP address (for example: 10.0.10.202.log).
PING OTHER DEVICES

Follow these steps to ping devices other than the server.
NOTE: This procedure pings devices accessible via uplink connection; it cannot detect devices
“behind” the terminal.
YSoft SafeQ 5 1461

February 03, 2016
2 Touch Ping.
3 Enter the device‘s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001.
YSoft SafeQ 5 1462

February 03, 2016
4 If the connection is unsuccessful, check to see if the IP address displayed on the screen is the correct
address for the device.
If the IP address is correct, proceed to step 5.

If the IP address is not correct, enter the correct IP address; then ping again. If the ping
fails again, proceed to step 5.
5 Check troubleshooting information at the Y Soft 24/7 help desk website: http://helpdesk.ysoft.com.
TERMINAL PROFESSIONAL SERVICE MENU ITEMS
At a Glance
Configuring terminal’s network settings

Configuring terminal’s server settings
Configuring terminal’s card reader settings
Configuring terminal’s I/O Module settings
Configuring terminal’s interface settings
Configuring terminal’s language settings
Configuring terminal’s display settings
Using terminal’s diagnostic utils
Using terminal’s service procedures
Viewing system information and settings
Viewing license information
YSoft SafeQ 5 1463

February 03, 2016
CONFIGURING TERMINAL’S NETWORK SETTINGS
1 Display the Service menu and touch Network settings.
2 The terminal displays Network settings screen with following options:
Uplink interface – See step 2a for more details.
Downlink interface – See step 2b for more details.
DHCP
Enable – all necessary data for network connection will be sent to termianl from DHCP
server.
Disable – all necessary data for network connection must be set manually in network
settings menu.
DHCP hostname – Enter the hostname that will be sent by the DHCP client. The hostname can
contain a maximum of 31 characters. The terminal’s serial number is used as the hostname by
default.
Gateway – Enter the gateway IP address in the format shown in this example: 10.0.1.1 is entered as
010 000 001 001
DNS server – Enter the DNS server’s IP address in the format shown in this example: 10.0.1.1 is
entered as 010 000 001 001
SNMP – See step 2c for and page Configuring Terminal monitoring via SNMP for more details.
YSoft SafeQ 5 1464

February 03, 2016
2a The terminal displays Uplink interface screen with following options:
IP address – Enter the terminal’s IP address in the format shown in this example: 10.0.1.1 is
entered as 010 000 001 001
Netmask – Enter the subnet mask IP address in the format shown in this example: 10.0.1.1 is
entered as 010 000 001 001
Port Speed – Select Ethernet port speed
Autodetect – Autonegotiation
10Mbps Half-Duplex – Manually force speed and duplex setting of ethernet port
10Mbps Full-Duplex – Manually force speed and duplex setting of ethernet port
100Mbps Half-Duplex – Manually force speed and duplex setting of ethernet port
100Mbps Full-Duplex – Manually force speed and duplex setting of ethernet port
Autoneg 10Mbps Half-Duplex – Autonegotiation with limited offer of speed and
duplex setting
Autoneg 10Mbps Full-Duplex – Autonegotiation with limited offer of speed and
duplex setting
Autoneg 100Mbps Half-Duplex – Autonegotiation with limited offer of speed and
duplex setting
Autoneg 100Mbps Full-Duplex – Autonegotiation with limited offer of speed and
duplex setting
MDI/MDIX mode
Auto MDI/MDI-X – Automatically detect ethernet cable crossover

MDI – Force MDI setting on ethernet port
MDI-X – Force MDI-X setting on ethernet port
YSoft SafeQ 5 1465

February 03, 2016
2b The terminal displays Downlink interface screen with following options:
Port 0 Speed – Speed settings like on Uplink interface but applied to downlink port 0
Port 0 MDI/MDIX mode – Crossover settings like on Uplink interface but applied to downlink port 0
2c The terminal displays SNMP screen with following options:
SNMP service
Community
Locations
YSoft SafeQ 5 1466

February 03, 2016
Contact
Send SNMP TRAPs
TRAP server
TRAP server port
TRAP community
Select TRAPs
YSoft SafeQ 5 1467

February 03, 2016
CONFIGURING TERMINAL’S SERVER SETTINGS
2 The terminal displays Server settings screen with following options:
Server IP – Enter the SafeQ server’s IP address in the format shown in this example: 10.0.1.1 is
entered as 010 000 001 001
Server Port – Enter the SafeQ server’s port. The default port is 4096.
Find Server – Displays the list of available servers, when you can choose one.
Cluster support
Enable – Terminal will try to connect to more nodes

Disable – Terminal will connect only to one server
Cluster mode
Balanced – All nodes are used in same way

Unbalanced – Preffered is connection to primary IP
Copier locking – Select one of MFP locking option:
Immediate – (Default) The terminal signals the MFP/printer to lock when the user
touches the End button and is logged out.
From server – The server signals the MFP/printer to lock after the job is finished and
the device returns to Ready status.
Connect timeout – Select the maximum waiting time of server connecting:
10 seconds
YSoft SafeQ 5 1468

February 03, 2016
15 seconds
30 seconds
45 seconds
60 seconds
Refresh server IPs – Following property enables / disables automatic servers IP configuring (main
server and nodes).
Automatically – (Default) Servers IP addresses are automatically configured based on

running SafeQ servers.
Disabled – Currently configured servers IP addresses stay unchanged. This apply also
for nonstandard situations such as servers behind NAT or cold backup servers.
YSoft SafeQ 5 1469

February 03, 2016
CONFIGURING TERMINAL’S CARD READER SETTINGS
1 Display the Service menu and touch Card reader settings.
2 The terminal displays Card reader settings screen with following options:
Card reader – Select the type and protocol of card reader.
Card reader test – Swipe a card through or place a card in front of the reader and see if the terminal
displays the card number. (If the card number does not appear, touch the Card reader option again
and make sure you selected the correct card reader type.)
Reader drivers info – Displays info about terminal's card reader driver.
Readers info – Displays info about terminal's card reader module.
Fingerprint reload – Touch this button to clear all fingerprint data in the terminal and download new
data from the server (applies only to fingerprint readers).
Fingerprint clear – Touch this button to clear all fingerprint data in the terminal (applies only to
fingerprint readers).
Card presence – This option is valid only for Terminals with HID continuous or SmartCard readers or
other reader that require card presence by default.
Default – When the user remove the card from the terminal, he will
be immediately logged out.
Presence not needed – User is logged out after pressing exit button or after timeout
doesn't matter if the card is removed or not.
SmartCard PIN type – This option is valid only for Terminals with SmartCard readers.
YSoft SafeQ 5 1470

February 03, 2016
Numeric – Classic login screen with numeric keypad is displayed after inserting the
card.
Alphanumeric and symbols – Login screen with alphanumeric keypad with characters,
numbers and special symbols is displayed after inserting the card.
YSoft SafeQ 5 1471

February 03, 2016
CONFIGURING TERMINAL’S I/O MODULE SETTINGS
1 Display the Service menu and touch I/O Module settings.
2 The terminal displays I/O Module settings screen with following options:
I/O Module – Select the type and mode of blocking cable.
I/O Module test
Locked – Select this option; then see if the MFP is locked.

Unlocked, BW copies only – Select this option; then see if the MFP is unlocked and
only permits B/W copies (applicable only when cable supports this feature).
Unlocked, Color copies – Select this option; then see if the MFP is unlocked and
permits both B/W and color copies.
I/O drivers info – Displays info about terminal's i/o module driver.
I/O Module info – Displays info about connected smart cable.
YSoft SafeQ 5 1472

February 03, 2016
YSoft SafeQ 5 1473

February 03, 2016
CONFIGURING TERMINAL’S INTERFACE SETTINGS
1 Display the Service menu and touch Interface settings.
2 The terminal displays Interface settings screen with two pages. To move between pages touch
Next page or Previous page. It contains following options:
Sound – For beeps to sound when terminal buttons are touched, select on. To turn off beeps, select
off.
Validation method – Select one of the following validation methods:
Card only – User only needs to swipe a card.

PIN only – User only needs to enter a PIN.
Card and PIN – User must swipe a card, then enter a PIN.
Card or PIN – User can choose to either swipe a card or enter a PIN.
Login – User must enter a login name and password.
PIN or Login – User can choose to either enter a PIN or a login name and password.
(Card and PIN) or Login – User can choose to either swipe a card and enter a PIN, or
enter a login name and password.
Card or PIN or Login – User can choose any of these methods: Swipe a card, Enter a
PIN, Enter a login name and password.
Two-factor (Card and PIN) – User must swipe card, then enter a PIN assigned to this
card
Job list mode - Select one of the following job list modes:
No job list – The terminal does not display a Job List option; users cannot view jobs at
the terminal.
Queue only – The terminal displays a Job List option. When users select it, they see a
list of only jobs in the print queue. They can select jobs they want to print or delete.
YSoft SafeQ 5 1474

February 03, 2016
Queue/printed – The terminal displays a Job List option. When users select it, they can
view jobs that are ready to print (highlighted) and jobs that have been printed.
Queue/printed/favorites – The terminal displays a Job List option. When users select
it, a submenu appears from which the user can select the jobs they want to see: jobs in
the print queue, printed jobs, or the user's favorite jobs.
Temporarily disabled – The terminal displays a Job List option. When users select it,
they see a message that the administrator has disabled the Job List feature; users
cannot view jobs at the terminal.
Interaction mode - Select one of the following interaction modes. Note: To change the
Interaction mode, you must display the Y Soft partners Service menu.
Normal – After login, the terminal displays the Main menu.

Simplified – After login, if the user has any jobs waiting, they are immediately printed
and the user is automatically logged off. If the user has no jobs waiting, the terminal
displays only the Copy menu.
Show P/C summary – Select the information that the terminal displays when a print/copy operation
is complete, before the print/copy session ends:
Pages only – The terminal displays only the number of pages.

Pages and price – The terminal displays the number of pages and the price.
Disabled – The terminal does not display any information.
Enter Project ID
Yes – The user can enter a project ID. The terminal does not initially display the project
list. However, if the user enters the first digit of a project ID, the terminal then displays all
the projects that begin with that digit. For example, if the user enters 22, the terminal
displays all the projects beginning with 22.
No – The user does not need to enter a project ID; the terminal displays all the project
IDs.
Copy timeout sound – Note: Sound must be enabled for this option to work.
Select Yes for the terminal to emit a sound when the specified maximum amount of time
for a copy session is reached. (See "Copy dialog timeout.")
Select No for the terminal to remain quiet when the specified maximum amount of time
for a copy session is reached.
Menu dialogs timeout – Select the maximum length of time with no user input the terminal will
display menus:
10 seconds
30 seconds
60 seconds
YSoft SafeQ 5 1475

February 03, 2016
None – No timeout. Applicable only if the terminal includes a specific card reader and
the user is logged in with a card. Note: "None" is supported only by Smartcard
reader, Mifare reader in Continuous mode, or HID Continuous reader.
Info dialogs timeout – Select the maximum length of time with no user input the terminal will display
information screens:
2 seconds
5 seconds
10 seconds
20 seconds
Copy dialog timeout – Select the length of time with no copy activity before the terminal
automatically logs the user out (applies only to the time before the first copy is made):
20 seconds
60 seconds
None (default) – SafeQ Server determines the timeout period.
Main menu after P/C
Enabled (applicable only if the terminal includes a selected card reader) – When a print
/copy operation is complete and the user's card is still present at the reader, the terminal
displays the Main menu and the user stays logged in---the session does not end until he
/she touches the End button.
Note: "Enabled" is supported only by Smartcard reader, Mifare reader in Continuous

mode, or HID Continuous reader.
Disabled (default) – When a print/copy operation is complete, the user is logged out
and the print/copy session is ended.
Show P/C alert messages
Enabled (default) – Print and copy screens will display warning messages from the
server.
Disabled – Print and copy screens will not display warning messages from the server.
PIN dialog text
Complete – PIN screens will include characters count.

Without characters count – PIN screens will not include characters count.
Language selector
Globe always – If multiple languages are available, the Globe button appears on the
main terminal screen. Users can touch the button, then select a language.
YSoft SafeQ 5 1476

February 03, 2016
Direct for 2 lang mode – If only two languages are available, instead of the Globe
button, a button with the name of the second language appears on the main terminal
screen. Users can touch the button to switch to the other language.
Print all jobs
Disable – User have to select each individual job before printing. Print button in main
menu invoke joblist enter. No jobs are preselected. No possibility to select all jobs by
context menu.
Enable (default) – Print button in main menu invoke printing of all waiting jobs.
Billing code keyboard
Letters, numbers and special – When the user is searching billing codes, keyboard
with letters, numbers and special characters will be displayed.
Numbers and special – When the user is searching billing codes, keyboard with
numbers and special characters will be displayed.
Numbers only – When the user is searching billing codes, keyboard with numbers will
be displayed.
Lett., numb. with dot button – When the user is searching billing codes, keyboard with
letters, numbers, special characters and dot button will be displayed.
Numbers, spec. with dot button – When the user is searching billing codes, keyboard
with numbers, special characters and dot button will be displayed.
Numbers with dot button – When the user is searching billing codes, keyboard with
numbers and dot button will be displayed.
Full keyboard, on letters - When the user is searching billing codes, full keyboard with
buttons for layout change is displayed. The first layout is letters.
Full keyboard, on cap. letters - When the user is searching billing codes, full keyboard
with buttons for layout change is displayed. The first layout is capital letters.
Full keyboard, on numbers - When the user is searching billing codes, full keyboard
with buttons for layout change is displayed. The first layout is numbers.
Full keyboard, on special - When the user is searching billing codes, full keyboard with
buttons for layout change is displayed. The first layout is special characters.
Password display
Hide all - When the user is typing a password, a dot is displayed instead of all
characters.
Show last character (default) - When the user is typing a password, the last
character is displayed.
Login keyboard type
Legacy keyboard (default) - The numeric keyboard (like SMS typing on old
phones) is used for username and password input.
Full keyboard, on letters - The full keyboard with buttons for layout change is
used for username and password input. The first layout is letters.
YSoft SafeQ 5 1477

February 03, 2016
Full keyboard, on cap. letters - The full keyboard with buttons for layout change
is used for username and password input. The first layout is capital letters.
Full keyboard, on numbers - The full keyboard with buttons for layout change is
used for username and password input. The first layout is numbers.
Full keyboard, on special - The full keyboard with buttons for layout change is
used for username and password input. The first layout is special characters.
YSoft SafeQ 5 1478

February 03, 2016
CONFIGURING TERMINAL’S LANGUAGE SETTINGS
1 Display the Service menu and touch Language settings.
2 The terminal displays Language settings screen with following options:
Default language – Select the default language the terminal will use.
Languages – Select the languages the terminal will make available for users to choose (maximum of
6 languages, including the default language).
YSoft SafeQ 5 1479

February 03, 2016
CONFIGURING TERMINAL’S DISPLAY SETTINGS
1 Display the Service menu and touch Display settings.
2 The terminal displays Display settings screen with following options:
Power management – Select a power management option:
Disable
Screen dimming
Backlight completely off
Screen completely off
Default backlight – Set the intensity of the backlight.

Minimal backlight – When power management options are applied, dim the backlight intensity.
PM timeout – Set the maximum length of time (in seconds) before power management options are
implemented.
YSoft SafeQ 5 1480

February 03, 2016
YSoft SafeQ 5 1481

February 03, 2016
USING TERMINAL’S DIAGNOSTIC UTILS
2 The terminal displays Diagnostic utils screen with following options:
Debug mode – Select one of the following debug modes:
No log – The terminal does not log any information.

Log errors – The terminal logs only error messages.
Log all messages – The terminal logs all messages.
Ping – Enter IP adress of device, which you want to ping and touch OK. Terminal pings entered IP
address and shows result of this action.
Ping server – Pings SafeQ server which was set in Server settings. The message with ping result will
be displayed.
Test server connect – Test of terminal connection to SafeQ server. The message with test result will
be displayed.
YSoft SafeQ 5 1482

February 03, 2016
YSoft SafeQ 5 1483

February 03, 2016
USING TERMINAL’S SERVICE PROCEDURES
1 Display the Service menu and touch Service.
2 The terminal displays Service screen with following options:
Reboot – Reboots the terminal.

Emergency update – Runs terminal emergency update.
Change PIN – Change PIN for accessing Y Soft admins service menu.
Change part. PIN – Change PIN for accessing Y Soft partners service menu.
VIEWING SYSTEM INFORMATION AND SETTINGS

The System Information screens display detailed information about your terminal.
YSoft SafeQ 5 1484

February 03, 2016
1 Display the Service menu and touch Information.
2 The terminal displays Information screen.

To move between pages, touch Next Page or Previous Page.
To exit Information screen, touch Back.
VIEWING LICENSE INFORMATION

The License screens display information about your terminal licenses.
1 Display the Service menu and touch Licenses.
YSoft SafeQ 5 1485

February 03, 2016
2 The terminal displays License information screen.

To move between screens, tap the screen.
SCANNING WITH TERMINAL PROFESSIONAL
At a Glance
How it works
Terms
Limitations:
Scan using workflow - configuration
Scan using SMTP - configuration
Related configuration
HOW IT WORKS
There is few ways how to scan with a Terminal Professional. All of this possibilities is defined in table below.
Scan to e-mail Scan to folder / Scan to script*
Scan via scan Configuration: Scan workflow (Scan Configuration: Scan workflow (Scan
workflow to e-mail) with scan folder must be to folder) with scan folder must be
(supported with all added to device (SafeQ > Devices > added to device (SafeQ > Devices >
printers) Edit device > Scan tab). Scan folder Edit device > Scan tab). Scan folder
and SMB folder defined in printer must and SMB folder defined in printer must
be equal. be equal.
YSoft SafeQ 5 1486

February 03, 2016
User steps: User log in into the User steps: User log in into Terminal
Terminal Professional, display Scan Professional, display Scan screen on
screen on printer, select SMB folder printer, select SMB folder and perform
and perform scan. scan.
Result: Scan file is saved to scan Result: Scan file is saved to scan
folder. When user logs out from the folder. When user logs out from the
Terminal Professional, file is sent to e- Terminal Professional, file is moved to
mail address of user who has target directory defined in scan
performed scan. workflow.
Scan via SMTP – Configuration: SMTP server IP in Not supported

Scan jobs default printer must be set to SafeQ server IP
addressee is defined address. User login on terminal, on the
( supported only for KM printer select e-mail and perform
specific devices ) scan.
User steps: User log in into the

Terminal Professional, display Fax
/Scan screen on KM printer, select e-
mail and perform scan.
Result: E-mail is delivered to e-mail

address of user who has performed
scan and to e-mail addresses selected
on the printer (except default address
set in device advanced tab).

addressee is not address. User login on terminal, on the
defined KM printer select e-mail and perform
( supported only for scan.
specific devices )
/Scan screen on KM device, select e-
mail and perform scan.Result: E-mail
is delivered to e-mail address of user
who has performed scan.
*NOTE: Only difference between Scan to folder and Scan to script is, that script defined in workflow is
triggered, when Scan to script is used.
YSoft SafeQ 5 1487

February 03, 2016
TERMS
Scan folder - Folder entered for workflow in device scan tab.
SMB folder - Folder selected from address book or inputed directly on a printer screen in scan menu
Target directory- Directory defined in scan workflow
Printer = MFP = MFP device - Multifunction printer

Device - The record in SafeQ system which defines MFP device. Read more about devices
LIMITATIONS:
selection of scan workflow from the scan workflows list is not supported on Terminal Professional
configuration of scan parameters (i.e. filename, email of sender, email of recipient, ...) is not
supported on the Terminal Professional
configuration of scan settings (i.e. color, resolution, simplex / duplex, ...) is not supported on the
YSoft SafeQ 5 1488

February 03, 2016
YSoft SafeQ 5 1489

February 03, 2016
SCAN USING WORKFLOW - CONFIGURATION
1 Install and configure Terminal Professional with MFP device.
2 Create either network share or local folder on SafeQ server where both SafeQ and MFP device have
read/write access and that folder must be visible for the MFP.
3 Make sure that users have e-mail defined in YSoft SafeQ. Mailserver (and mail user/pass if
necessary) are required.
4 From YSoft SafeQ administration web interface create a new device with terminal (connected in step
1).
5 Go to Rules > Scan workflows and add scanning workflows as described here: Managing scan
workflows
6 Go to Devices > Edit device > Scan tab and Add scanning workflows by clicking Add scan
workflow.
NOTE: Scan tab is displayed only if HW terminal is assigned to a device.
7 Enter Folder (UNC path in case of network share or absolute path in case of local folder that you
have created in step 2) and save device.
YSoft SafeQ 5 1490

February 03, 2016
NOTE: The folder must be unique for each printer and Scan workflow.
8 Login into MFP device's menu or MFP device's web interface. Go to address book and create SMB
folder, which will be equal to folder defined in device (step 7)
SMB folder configuration is different for each vendor:
Configuring KM devices for Scanning with Terminal Professional

Configuring Ricoh devices for Scanning with Terminal Professional
Configuring Sharp devices for Scanning with Terminal Professional
Configuring Xerox devices for Scanning with Terminal Professional
YSoft SafeQ 5 1491

February 03, 2016
SCAN USING SMTP - CONFIGURATION
1 Install and configure Terminal Professional with MFP device.
2 Configure MFP device's SMTP server IP address to SafeQ IP address.
It could be set in device menu
OR
in MFP device's web interface
YSoft SafeQ 5 1492

February 03, 2016
3 Login into SafeQ Web interface. Go to Devices > Printers > Edit device > Advanced tab > Add Scan
jobs default addressee.
NOTE: When default address is filled in, scan is delivered to addresses selected in MFP scan
menu. The user who has open session on the device is displayed as Sender (the user who is logged
into the Terminal Professional).
OR
Login into SafeQ Web interface. Go to Devices > Printers > Edit device > Advanced tab > Remove
Scan jobs default addressee.
NOTE: When default address is not filled in, scan is delivered to user who opened the session
(the user who is logged in to the Terminal Professional). This user is displayed as sender too.
YSoft SafeQ 5 1493

February 03, 2016
RELATED CONFIGURATION
Configuration can be changed from SafeQ web interface:System Settings
scan-job-max-size-to-mail - Maximum size of scan job handled (sent or received) via email by SafeQ.
Value is set in bytes.
scan-job-changed-destination - The body of email sent to a user when their scan is saved in the back-
up (default) folder, i.e. not according to the workflow. This may occur for various reasons such as the
e-mail attachment is too big.
SCANNING WITH TERMINAL PROFESSIONAL - HOW IT WORKS

There is few ways how to scan with a Terminal Professional. All of this possibilities is defined in table below.
Scan via scan Configuration: Scan workflow (Scan Configuration: Scan workflow (Scan
workflow to e-mail) with scan folder must be to folder) with scan folder must be
(supported with all added to device (SafeQ > Devices > added to device (SafeQ > Devices >
printers) Edit device > Scan tab). Scan folder Edit device > Scan tab). Scan folder
and SMB folder defined in printer must and SMB folder defined in printer must
be equal. be equal.
User steps: User log in into the User steps: User log in into Terminal
Terminal Professional, display Scan Professional, display Scan screen on
screen on printer, select SMB folder printer, select SMB folder and perform
and perform scan. scan.
YSoft SafeQ 5 1494

February 03, 2016
Result: Scan file is saved to scan Result: Scan file is saved to scan
folder. When user logs out from the folder. When user logs out from the
Terminal Professional, file is sent to e- Terminal Professional, file is moved to
mail address of user who has target directory defined in scan
performed scan. workflow.

addressee is defined address. User login on terminal, on the
( supported only for KM printer select e-mail and perform
specific devices ) scan.

/Scan screen on KM printer, select e-
mail and perform scan.
Result: E-mail is delivered to e-mail

address of user who has performed
scan and to e-mail addresses selected
on the printer (except default address
set in device advanced tab).

addressee is not address. User login on terminal, on the
defined KM printer select e-mail and perform
( supported only for scan.
specific devices )
/Scan screen on KM device, select e-
mail and perform scan.Result: E-mail
is delivered to e-mail address of user
who has performed scan.
*NOTE: Only difference between Scan to folder and Scan to script is, that script defined in workflow is
triggered, when Scan to script is used.
TERMS
Scan folder - Folder entered for workflow in device scan tab.
YSoft SafeQ 5 1495

February 03, 2016
SMB folder - Folder selected from address book or inputed directly on a printer screen in scan menu
Target directory- Directory defined in scan workflow
Printer = MFP = MFP device - Multifunction printer

Device - The record in SafeQ system which defines MFP device. Read more about devices
LIMITATIONS:
selection of scan workflow from the scan workflows list is not supported on Terminal Professional
configuration of scan parameters (i.e. filename, email of sender, email of recipient, ...) is not
supported on the Terminal Professional
configuration of scan settings (i.e. color, resolution, simplex / duplex, ...) is not supported on the
CONFIGURING KM DEVICES FOR SCAN VIA SMTP

To scan with Terminal professional on KM via SMTP, user have to fill email address on device. It could be
inputed directly on virtual keyboard or by selecting saved ones.
YSoft SafeQ 5 1496

February 03, 2016
ADDING E-MAIL TO ADDRESS BOOK VIA DEVICE WEB INTERFACE
1 Login into device web interface and go to Store Address and touch New Registration.
2 Select E-mail radio button and touch OK.
3 Fill in all necessary fields and touch OK.
YSoft SafeQ 5 1497

February 03, 2016
4 Entered e-mail address is saved into Address Book list.
YSoft SafeQ 5 1498

February 03, 2016
ADDING E-MAIL TO ADDRESS BOOK VIA DEVICE TERMINAL MENU
1 Display Utility menu on device and go to: One-Touch/User Box Reg. > Create One-Touch Destination
> Address Book (Public) and touch E-Mail
2 To create new record in Address Book touch New.
YSoft SafeQ 5 1499

February 03, 2016
3 Fill in all necessary fields and touch OK. To move between pages use up/down arrows.
4 Entered e-mail address is saved into Address Book list.
YSoft SafeQ 5 1500

February 03, 2016
ADDING E-MAIL FROM ADDRESS BOOK
1 Login into Terminal professional and touch Copying/Scanning.
2 Enter Fax/Scan menu at MFP device and select e-mail addresses from Address Book.
Selected e-mail addresses are listed in Broadcast Destination list.
YSoft SafeQ 5 1501

February 03, 2016
3 Push Start button and scan will be performed.
NOTE: Scan will be delivered to selected addresses, only when Scan jobs default addressee (in
SafeQ Web interface > Devices > Printers > Edit device > Advanced tab) is not filled. Otherwise,
scan will be delivered to user who perform scan.
YSoft SafeQ 5 1502

February 03, 2016
ADDING E-MAIL ADDRESS DIRECTLY
1 Login into Terminal professional and touch Copying/Scanning.
2 Enter Fax/Scan menu at MFP device and touch E-Mail on Direct Input tab.
3 Enter e-mail and touch OK.
YSoft SafeQ 5 1503

February 03, 2016
4 Entered e-mail is listed in Broadcast Destination list.
NOTE: You can add e-mail addresses with direct input and from address book in one session.
5 Push Start button and scan will be performed.
YSoft SafeQ 5 1504

February 03, 2016
NOTE: Scan will be delivered to entered address, only when Scan jobs default addressee (in
SafeQ Web interface > Devices > Printers > Edit device > Advanced tab) is not filled. Otherwise,
scan will be delivered to user who perform scan.
CONFIGURING KM DEVICES FOR SCANNING WITH TERMINAL PROFESSIONAL
At a Glance
Adding SMB folder to address book via device web interface

Adding SMB folder to address book via device terminal menu
YSoft SafeQ 5 1505

February 03, 2016
1 Login into device web interface and go to Store Address and touch New Registration.
2 Select SMB radio button and touch OK.
3 Fill in all necessary fields and touch OK.
YSoft SafeQ 5 1506

February 03, 2016
4 Created SMB folder is saved into Address Book list.
5 When user authenticates on terminal and enters Scan menu on device, he just selects created SMB
folder and performs scan. Scans will be delivered to this folder, and after logging out from Terminal
Professional, scan files will be delivered to target destination according to configuration in used scan
workflow.
YSoft SafeQ 5 1507

February 03, 2016
NOTE: SMB folder must be equal to Triggered hot folder for used scan workflow.
YSoft SafeQ 5 1508

February 03, 2016
1 Display Utility menu on device and go to: One-Touch/User Box Reg. > Create One-Touch Destination
> Address Book (Public) and touch PC (SMB).
2 To create new record in Address Book touch New.
YSoft SafeQ 5 1509

February 03, 2016
3 Fill in all necessary fields and touch OK. To move between pages use up/down arrows.
YSoft SafeQ 5 1510

February 03, 2016
4 SMB folder is saved into Address Book list.
5 When user authenticates on terminal and enters Scan menu on device, he just selects created SMB
folder and perform scan. Scans will be delivered to this folder, and after logging out from Terminal
Professional, scan files will be delivered to target destination according to configuration in used scan
workflow.
YSoft SafeQ 5 1511

February 03, 2016
NOTE: SMB folder must be equal to Triggered hot folder for used scan workflow.
CONFIGURING RICOH DEVICES FOR SCANNING WITH TERMINAL PROFESSIONAL
At a Glance
Adding SMB folder to address book via device web interface

Adding SMB folder to address book via device terminal menu
YSoft SafeQ 5 1512

February 03, 2016
1 Login into device web interface and go to Address Book.
2 You can see list of created users scan destinations. To add new one touch Add user.
YSoft SafeQ 5 1513

February 03, 2016
3 Now fill in all required fields and also Folder part as following:
Protocol = SMB
Path = path to your Triggered hot folder (same as on scan tab in device settings)
Then click OK to save new destination.
YSoft SafeQ 5 1514

February 03, 2016
4 Created profile with SMB folder is saved into Address Book list.
YSoft SafeQ 5 1515

February 03, 2016
YSoft SafeQ 5 1516

February 03, 2016
1 Go to Scan screen on Ricoh device and touch Folder tab and then Manual Entry to add new folder
destination for scanning.
2 Select SMB protocol and fill in at least Path to folder by touching Manual entry (if you know exact
path) or Browse network (if you want to select path by browsing folders). You can also fill in User
name or password.
NOTE: Path must equal to Triggered hot folder entered on scan tab in device settings.
Then click OK to save settings.
YSoft SafeQ 5 1517

February 03, 2016
3 Your new folder is selected but not saved. To save it touch Prg. Dest. button.
4 Now you can change your folder path if you want by touching Change.
Otherwise touch OK to continue.
YSoft SafeQ 5 1518

February 03, 2016
5 Now fill in Name and Key display. You can also select Title groups in which will be your folder
preference stored.
Then click OK.
6 Now you can see saved folder into selected title group.
YSoft SafeQ 5 1519

February 03, 2016
TERMINAL PROFESSIONAL FIRMWARE UPDATE
At a Glance
Terminal Professional models – firmware compatibility

Downloading new firmware
Scheduled firmware update via SafeQ Web Interface
Firmware update via fwupdate.conf
Emergency firmware update via fwupdate.conf
Firmware update via Termtool utility
TERMINAL PROFESSIONAL MODELS – FIRMWARE COMPATIBILITY
Hardware / 2.x. 3.0.x – 3.4. 3.5.x – 3.7. 3.8.x – 3.13.x (or

Firmware x x x newer)
2.x.x Yes No No No
YSoft SafeQ 5 1520

February 03, 2016
3.3.x No Yes Yes Yes
3.5.x (Display type 1) No No Yes Yes
3.5.x (Display type 2) No No No Yes
DOWNLOADING NEW FIRMWARE

For any type of firmware update on Terminal Professional, new firmware files must be downloaded first.
1 Download the new firmware files from the Y Soft Partners' Portal (http://partners.ysoft.com).
2 Copy downloaded files into the "update" folder on SafeQ server - typically C:/SafeQ5/server/update.
YSoft SafeQ 5 1521

February 03, 2016
SCHEDULED FIRMWARE UPDATE VIA SAFEQ WEB INTERFACE
Go to Devices > Terminals selection
2 Select terminal(s) which you want to update and click Schedule firmware update.
3 Set Date and time, firmware version and click Schedule update. Your update will be saved and
performed at given time.
NOTE: Update time can be late for few minutes, depending on the workload of SafeQ servers and
terminal availability.
4 You can see bar with updates status as displayed here. Click icon to see details of scheduled
updates.
If you want to delete scheduled update click icon.
YSoft SafeQ 5 1522

February 03, 2016
5 Firmware version is periodically checked every five minutes. See terminal-update-checker-

interval in SafeQ System settings if any change is needed.
Example of firmware update logged in cml.log:
2012-01-23 16:34:27,253 DEBUG TermUpdChecker| Terminal3Protocol| Sending

update request for terminal with IP 10.0.5.130
command Mv3[21,41] to 10.0.5.130
2012-01-23 16:34:27,269 DEBUG TermUpdChecker| Terminal3Protocol| >>s
[10.0.5.130]>> Mv3[21,41]
2012-01-23 16:34:27,310 DEBUG TermUpdChecker| Terminal3Protocol| <<r
[10.0.5.130]<< Mv3[-56,0]
YSoft SafeQ 5 1523

February 03, 2016
FIRMWARE UPDATE VIA FWUPDATE.CONF
1 Edit the configuration file (safeQ.fwupdate.conf or fwupdate.conf), which is located in the SafeQ
home directory in the folder ...\conf\modules (or ...\conf\), as described in the following example.
(The configuration file includes parameters for different versions of terminals and for the recharging
station.)
In the Terminal v3 firmware area, look at the highlighted. As a general rule, on the left side of the
equal sign ( = ) is the definition of the current firmware, and on the right is the new firmware. In the
example shown here, the last time the firmware was updated, version 3.12.[0-9] was updated to
version 3.13.3.
NOTE: Brackets indicate a range of firmware. For example, 3.12.[0-9] means any firmware
version from 3.12.0 to 3.12.9
To perform the update, you can use either a full update file or a differential update file. Differential
files are smaller and therefore the update is faster, but can be used only when the third-level version
of the firmware changes. For example, if you're updating from 3.12.0 to 3.12.5, you can perform a
differential update. But if you're updating from 3.12.0 to 3.13.0, you must perform a full update. If you
are not sure, perform a full update.
2 Open the configuration file on the server.
Add a line as shown on the image.

Save the file; then close it.
NOTE: Lines which stated with # symbol are not taken into account.
YSoft SafeQ 5 1524

February 03, 2016
3 Authenticate at the terminal. The update process begins. The update process can take several
minutes, depending on the connection. The terminal service menu indicates when the update is
complete.
4 Try to authenticate on the terminal.
If you are able to authenticate, you have now successfully upgraded the terminal firmware.
EMERGENCY FIRMWARE UPDATE VIA FWUPDATE.CONF
NOTE: Emergency updates are always full updates – not differential updates.
home directory in the folder conf\modules (or conf\), as described in the following example. (The
configuration file includes parameters for different versions of terminals and for the recharging
station.)
In the Terminal v3 firmware area, look at the line that includes “emergency”. On the left side of the
equal sign ( = ) is the version of the terminal and on the right is the new firmware. In the example
shown here, the last time an emergency update was performed, Terminal Professional version 3
was updated with firmware version 3.13.3.
YSoft SafeQ 5 1525

February 03, 2016
3 Use either of these methods to invoke the emergency firmware update:
Method 1: Invoking the firmware update from the Service menu
1. Display the Y Soft partners Service menu.

NOTE: You can find detailed info about accessing service menu here.
2. Touch Service.
3. Touch Emergency update.
4. The terminal reboots.
Method 2: Invoking the firmware update during power up
1. Power off the terminal.

2. Power on the terminal.
3. Immediately touch and hold your finger on the lower left corner of the terminal screen.
4. Continue to hold your finger there until the terminal asks you to confirm the emergency update.
The update process can take several minutes, depending on the connection. The terminal Service
menu indicates when the update is complete.
You have now successfully upgraded the terminal firmware.
YSoft SafeQ 5 1526

February 03, 2016
FIRMWARE UPDATE VIA TERMTOOL UTILITY

Termtool utility is standard part of YSoft SafeQ installation package. You can find it in Support folder of
installation package in Remote Configuration Tool folder.
With Termtool utility you can perform many types of updates (regular, emergency, push,...).
1 Edit fwupdate.conf file as described in Firmware update via fwupdate.conf or Emergency

firmware update via fwupdate.conf in steps 1 and 2, depends on type of update which you want to
perform.
2 Run termtool.exe from command line with appropriate parameters (depends on type of update)
You can find all parameters and other documentation about Termtool here: Remote configuration tool
for hardware terminals
TERMINAL PROFESSIONAL SPECIFICATION
TERMINAL SPECIFICATIONS
Item Specification
Terminal el. power supply input 12 VDC
Maximum current input 1.0 Amp
Working temperature +10 °C to +40 °C (50 °F to 104 °F)
Storage temperature 0 °C to +50 °C (32 °F to 122 °F)
Maximum air humidity 80% without condensation
Resistance to magnetic field no added resistance
Weight cca 900g (varies according to the card reader used)
Size (H x H x D) 165 x 99 x 52mm
Architecture Renesas SH-3
200MHz CPU, 64MB SDRAM, 16MB Flash dedicated for

firmware + 128MB dedicated for data
Screen 480 x 272px, 16-bit color
Maximum pressure: 250g
YSoft SafeQ 5 1527

February 03, 2016
Internal readers For a complete list, contact your Y Soft sales representative
External interface 8-pin miniDIN (for service only)
External reader interface (for terminal Dsub 9, RS 232 / Wiegand interface, 5V 300mA
with external reader only)
Power/frequency 200 MIPs
Data bus 32-bit
Instruction set RISC
RAM 64MB
Flash memory 16MB
Item Specification
Blocking cables to MFP Yes
Internal operating Linux

system
Customization option Yes, as

required
WARNING: For Terminal Professional HID iClass applies: This is a class A product. In a domestic
environment this product may cause radio interference in which case the user may be required to take
adequate measures.
SMART CARD SUPPORT
WHAT YOU NEED TO KNOW
This document is related to the deployment, with standalone Terminal Professional.
ABOUT SMART CARD SOLUTION
The YSoft SafeQ4 Smart Card solution delivers advanced level of security to sensitive information for
private and governmental organizations. With the smart card solution, organizations can restrict access to
the MFP's walk-up features, ensuring that only authorized users are copying, scanning, emailing and faxing
information.
Among the most important benefits is the two-factor identification and user's authentication via industry
standard means. Users must insert their access card and enter a unique PIN at the device, providing added
security in the event that a card is lost or stolen. The System validates the revocation status on all
certificates (KDC and user) using the Online Certificate Status Protocol (OCSP).
YSoft SafeQ 5 1528

February 03, 2016
YSoft SafeQ® Smart Card Solution complies with USA Homeland Security Presidential Directive (HSPD-12)
and Federal Information Processing Standards (FIPS-201) for Common Access Card (CAC) and Personal
Identity Verification (PIV) requirements.
There are three simple authentication steps for a user:
1. A user's ID badge is inserted into the reader.

2. The user's corresponding PIN is entered using the keyboard on the touch screen or the MFP or
External Terminal (see Smart Card solution options).
3. After user access is authorized and granted, the MFP panel touch screen is unlocked, allowing
access to device features.
4. Once validated, the user is logged into the MFP for all walk-up features:
Print Roaming and enterprise-wide print roaming; access all printed document and release
them securely at the printer. Selecting individual print jobs, deleting them prior print or re-
printing already printed jobs is also among options available to the user.
Access to the walk-up copying, scanning and faxing; only authenticated and authorized users
can work with the device. YSoft SafeQ provides complete and detailed audit log for all user
actions.
Secure workflow scanning; using YSoft SafeQ Scanning workflow feature, users are able to
securely scan their documents into their home folders or directly into their email. System
ensures that the scan is delivered only to secured and approved locations.
PRE-REQUISITES
YSoft SafeQ® Smart Card solution requires following components:
1. YSoft SafeQ4 version 4.0-SR2 or newer

2. Compatible Smart Card infrastructure, including configured Active Directory a Kerberos v5
Terminal Professional can act as a standalone terminal or as a smart card reader for
embedded terminal. In both cases, the configuration at the Terminal Professional is the same.
Unless you require No-PIN authentication (unauthenticated) communication, Smart Card
solution ALWAYS requires user to enter the PIN code that is stored on the smart card.
To proceed with configuration, you need to have:

Working, supported Smart Cards (with valid certificates)
Working Kerberos (v5) server (e.g. Windows 2003/2008 Active Directory with Certificate
Authority or MIT Kerberos v5)
List of REALM names (typically domains) and KERBEROS server IP addresses (typically
domain servers)
Basic Understanding about certificates and understanding how to obtain issuer certificates for
your REALMS (domains)
Root certificate or Issuing Authority certificate for user's certificates (that means issuer
certificate for certificates on smart cards)
if you don't know how to get this one, find a user's certificate (e.g. in MS Internet
Explorer), view the certificate path in certificate properties and export top level
certificate from the path.
check http://support.microsoft.com/kb/179380 for more information about exporting
certificates
YSoft SafeQ 5 1529

February 03, 2016
INSTALLATION
Assuming installed YSoft SafeQ 5 server please continue with:
1. Make sure that the Terminal Professional has properly configured smart card reader (if you insert the
smart card, the terminal asks for PIN code)
2. Add device to SafeQ and configure the terminal. If you want to use terminal as a Network Reader for
embedded solution, ONLY use the terminal SN as a network card reader SN. Do not change any
settings (e.g. ports) on the Terminal Professional!
3. Get certificate from AD (issuer of users' certificates) for each domain in DER encoded binary X.509
format (.CER)
4. Import certificates to SafeQ truststore (%SAFEQ_HOME%/conf/ssl-truststore). The keystore
password is in wrapper.conf, see: javax.net.ssl.keyStorePassword attribute
Keytool example
java\bin\keytool -server -importcert -keystore conf\ssl-truststore -file cert.crt -alias CA-00X
5. Update %SAFEQ_HOME%/conf/krb5.conf
set default_realm to your realm (typically uppercase of your domain - replace YSOFT.LOCAL
in following example with your domain)
if you will miss-configure the Realm, YSoft SafeQ will report following error to the log
file (cml.log): LoginException: Cannot get kdc for realm <REALM NAME>.
set default_tkt_enctypes to des-cbc-md5 or aes128-cts-hmac-sha1-96 (based on system you
are using. For Windows Server 2008 R2 and newer use aes128-cts-hmac-sha1-96, otherwise
use des-cbc-md5) supported algorithms
if you have only one domain, keep only one record in section [realms], otherwise create record
for every domain you have following this example
example of krb5.conf
[libdefaults]
default_realm = YSOFT.LOCAL
default_tkt_enctypes = des-cbc-md5 aes128-cts-hmac-sha1- 96
allow_weak_crypto = yes
[realms]
YSOFT.TEST = {
kdc = 10.0 . 10.40
admin_server = 10.0 . 10.40
}
YSOFT.LOCAL = {
kdc = kdc1.ysoft.local
kdc = kdc2.ysoft.local
admin_server = kdc.ysoft.local
}
6. make sure that smartCardAuthValidateCertificates configuration option in EXPERT

configuration of SafeQ is set to TRUE
7.
YSoft SafeQ 5 1530

February 03, 2016
7. copy %SAFEQ_HOME%/conf/ssl-truststore and %SAFEQ_HOME%/conf/krb5.conf on other servers

in cluster (in case that all servers will have same settings)
CONFIGURATION
Please do not change the configuration unless you are fully aware of what and why you are changing.
The only exceptions may be:
smartCardAuthValidateCertificates property that MUST be enabled

kerberos-allow-aes if use use Windows 2000/2003 Domain Server - this server doesn't support
AES, so it is necessary to disable its use, see http://technet.microsoft.com/en-us/library/cc749438
(WS.10).aspx via config value kerberos-allow-aes=false
When your DC is running in "Windows 2003 Server Forest Functional Level" or you are using
Windows 2003 Domain Server it will not accept a TGT with AES256 encryption. AES256 is only
supported when the DC is running in "Windows 2008 Server Forest Functional Level".
edit krb5.conf and exchange line default_tkt_enctypes with following two lines:
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
in Expert configuration, please remove all AES256 related options from configuration option
smartCardAuthSupportedSignMethods
Area
Configuration key default value description
Behavior
smartCardAuthSimpleMode false use smart card number for

authentication (card assignment
is based on certificate and
Kerberos authentication)
smartCardAssignmentWithoutKerberos false works only when

smartCardAuthSimpleMode
property is true, disables
Kerberos authentication for
card assignment, info from
certificate public part is used for
user matching
Features
smartCardAuthSupportedSignMethods SHA1_RSA_PKCS_PSS, supported sign methods

SHA1_RSA_PKCS,
SHA256_RSA_PKCS_PSS,
SHA256_RSA_PKCS
smartCardAuthValidateCertificates false WARNING this value must

be switched to true
YSoft SafeQ 5 1531

February 03, 2016
Area
Storage of private data
smartCardAuthKeyId
smartCardAuthKeyName
smartCardAuthCertId
smartCardAuthCertName
smartCardAuthReqPinId
smartCardAuthReqPinName
smartCardAuthCertificateUserIdSearch ALTNAME=1. list of possible storage of user

3.6.1.4.1.311.20.2.3, (principal) name on certificate
ALTNAME=1.3.6.1.5.2.2, SUBJECTDN=x search for
SUBJECTDN=UID string x in certificate subjectDN
ALTNAME=oid searches oid in
alternativeNames
EXTENSION=oid searches
DERString in extensions (eg.
EXTENSION=2.5.29.35)
Only for debug purposes (not part

of web configuration)
smartCardTestMode false test certificate signature without

Kerberos
kerberos-debug false more debug information for

Kerberos communication
NOTES
Windows 2000/2003 Server doesn't support AES, it is necessary to disable its use, see http://technet.
microsoft.com/en-us/library/cc749438(WS.10).aspx
use config value kerberos-allow-aes=false
for Kerberos Error Codes see http://technet.microsoft.com/en-us/library/bb463166.aspx
for more information about Kerberos, please refer to following articles:
http://msdn.microsoft.com/en-us/library/aa378747.aspx
http://technet.microsoft.com/en-us/library/cc753173(WS.10).aspx
http://technet.microsoft.com/en-us/library/bb742431.aspx
for the US Federal Government Standard for Personal Identity Verification (PIV) of Federal
Employees and Contractors, see FIPS-201-1-chng1.pdf
Alternatives with Smart Cards

The solution described in this document however comes with one important caveat: the authentication to the
device takes up to 15 seconds. YSoft SafeQ® provides two alternative solutions, based on Smart Cards
YSoft SafeQ 5 1532

February 03, 2016
with single-factor authentication. The following table describes the three different mechanisms in some
detail.
User Description Benefits Drawbacks Caveats

Authentication
Type
Two Factor As stated above. This is the most secure Also the slowest SafeQ uses low
(Card + PIN) User inserts their method. Complies with authentication level APDU
Authentication card, enters their FIPS 201 and other method. Requires commands to
PIN, and system similar global standards additional communicate
initiates a for an assurance level of configuration and with the device,
challenge VERY HIGH confidence. integration with a and thus can’t
/response protocol Kerberos use
to authenticate the KDC. Requires manufacturer-
user. CAC enablement provided
kit on Xerox APIs. This
devices. means that
every Smart
Card
manufacturer
may need to be
developed and
tested
independently. It’
s possible that
the card
manufacturer for
the customer
hasn’t been
implemented by
Y Soft yet, and
will require some
customization.
Single Factor User inserts their Provides relatively fast This was originally Y Soft card
Authentication card, and the method of developed as a readers may
with CHUID / system extracts a authentication. Compllies customization for receive different
FASC-N unique identifier with FIPS 201 and other one particular numbers from
for the card from similar global standards customer, and isn’ Terminal
the public for an assurance level of t guaranteed to Professionals vs.
information on the SOME confidence. work correctly at USB card
card. every installation. readers. In such
Test thoroughly cases, users
This occurs from a
may have to
static location.
register their
YSoft SafeQ 5 1533

February 03, 2016
User Description Benefits Drawbacks Caveats

Authentication
Type
before cards twice; this

guaranteeing may be seen as
delivery. a point of
frustration by the
end user.
Single Factor User waves their Provides the fastest Does not comply The reader
Authentication badge by a reader method of with FIPS 201 for technology may
with Proximity that matches the authentication. Doesn’t any assurance vary (HID Prox,
Chip embedded require physical contact level. This is also HID iClass, etc.),
technology for the of the card with the the easiest of the even within the
embedded reader. Card reader three options for a same
proximity chip. technology is cheaper. malicious user to manufacturer for
create a forgery different
or spoof. generations of
Smart Cards. Y
Soft must
complete card
testing to verify
the correct card
reader.
4.9.5 TERMINAL ULTRALIGHT
At a Glance
FCC statements
Step 1. Complete the Before-You-Begin checklist
Step 2. Check package contents
Step 3. Connect cables
Step 4. Terminal's configuration
Step 5. SafeQ server configuration
Step 6. Mount the terminal
Step 7. Verify installation
FCC STATEMENTS

YSoft SafeQ 5 1534

February 03, 2016

STEP 1. COMPLETE THE BEFORE-YOU-BEGIN CHECKLIST

Before you begin installing the terminal, complete this checklist:
1. If possible, register and acquire access to the Y Soft online help desk a day or two before you begin
the installation.
2. Obtain the Terminal Ultralight installation packages and a small Phillips screwdriver.
3. Make sure YSoft SafeQ Server is installed and running.
4. Write down the terminal's serial number (located on the back of the terminal).
5. Make sure the Control Interface cable is the correct cable for the MFP you are connecting the
terminal to.
Refer to the MFP/cable part number compatibility list that Y Soft provided you or go to
Hardware Compatibility List (HCL) and check the list there.
6. If the cable you have is not correct, find the correct cable before you proceed. The cable may be
among other Y Soft packages at the location where you are installing the terminal.
7. Obtain the following information:
a. SafeQ server IP address
b. Does the network support DHCP?
c. If it does not support DHCP, obtain this additional information:
d. Terminal IP address
e. Netmask address
f. Gateway IP address
g. DNS server IP address
8. Information about the MFP or printer:
a. IP address
b. Serial number
c. Model number
STEP 2. CHECK PACKAGE CONTENTS
Check to make sure you have the following items (included in several packages):
YSoft SafeQ 5 1535

February 03, 2016
Main package:
Terminal Ultralight
Ethernet cable
Power supply adapter
NOTE: The package also includes clear plastic cable wrap for the Ethernet cable.
Accessory packages:
Control interface cable (Blocking cable)

MFP Universal Mounting Kit (bracket, screws, washers)
NOTE: The Control Interface cable for your MFP may be different from the one shown
here.
YSoft SafeQ 5 1536

February 03, 2016
STEP 3. CONNECT CABLES
Connect cables in the order shown in this diagram.
NOTE: You must connect the Control Interface cable before you connect the Power Supply Adapter
cable.
The printer has to be connected to network directly or by switch in the UltraLight terminal.
STEP 4. TERMINAL'S CONFIGURATION

Terminal Ultralight requires TCP/IP connection to the YSoft SafeQ server. Terminal has own IP and MAC
address.
For the proper network configuration you can use:
SafeQ Terminal Configuration utility (terminal config) or

Configuration utility for hardware terminals (termtool)
YSoft SafeQ 5 1537

February 03, 2016
STEP 5. SAFEQ SERVER CONFIGURATION
device.
3 Go to Terminal tab and insert, select Hardware terminal option and enter Terminal serial number
of your Terminal Ultralight. This serial number equals to serial number written in SafeQ Terminal
Configuration util (first column).
Afterwards click on Save device.
YSoft SafeQ 5 1538

February 03, 2016
STEP 6. MOUNT THE TERMINAL
Depending on the type of bracket included with the terminal, mount the bracket to the MFP, to the wall, or to
a nearby object such as a desk or table.
To mount the terminal onto the MFP, follow these steps:
1 Remove 2 screws from the back of the terminal.
2 Attach the mounting bracket to the terminal.
3 If you have not already done so, write down the terminal's serial number (located on the back of the
terminal).
4 Use the screws and washers included with the mounting bracket to mount the bracket and terminal
onto the MFP.
YSoft SafeQ 5 1539

February 03, 2016
5 Cover the Ethernet cable with the clear plastic wrap (included in the plastic bag with the cable). Start
the wrap about 4 or 5 inches (10 – 12 cm) from the back of the terminal.
STEP 7. VERIFY INSTALLATION
1 At the terminal, enter a PIN; then press OK.
NOTE: The PIN you use must be one that you have already addedin the SafeQ system.
2 Check to make sure the MFP panel unlocks (that is, the panel lights up and comes on).
If the MFP unlocks:

Installation is now complete.
If the MFP does not unlock:
Follow the procedures for getting help as described in "Submitting a problem report to Y Soft support"
on page .
CONFIGURING TERMINAL ULTRALIGHT
For the Terminal UltraLight configuration you can use:

Remote configuration tool for hardware terminals (termtool)
YSoft SafeQ 5 1540

February 03, 2016
It is possible to configure following properties using SafeQ Terminal Configuration utility (terminal config)
Terminal's IP address
Netmask address
Gateway IP address
Enable / disable DNS server IP address
SafeQ server's IP address
Enable / disable sound
Level of debug mode
Card reader protocol
It is possible to configure following properties using Remote configuration tool for hardware terminals
(termtool)
Terminal's IP address
Netmask address
Gateway IP address
Enable / disable DNS server IP address
SafeQ server's IP address
Enable / disable sound
Level of debug mode
Card reader protocol
Enable / disable Refresh server IPs
REFRESH SERVER IPS

Following property enables / disables automatic servers IP configuring (main server and nodes).
Enabled - (Default) Servers IP addresses are automatically configured based on running SafeQ
servers.
Disabled - Currently configured servers IP addresses stay unchanged. This apply also for
nonstandard situations such as servers behind NAT or cold backup servers.
HOW TO SET REFRESH SERVER IPS ON TERMINAL ULTRALIGHT
1. You need following tools: termtool.exe and squl_cfg_set.bat. They are distributed with Terminal
UltraLight firmware.
2. Prepare configuration file. For example cfg.txt.
3. This file will contain only one line with NOSRVREFRESH=0 if you want to enable Refresh server IPs
or line with NOSRVREFRESH=1 if you want to disable Refresh server IPs.
4. In command line run following command: "squl_cfg_set.bat <IP address of Terminal Ultralight>
<configuration file>" . (Real example: "squl_cfg_set.bat 10.0.5.122 cfg.txt")
PERFORMING SERVICE PROCEDURES OF TERMINAL ULTRALIGHT AND NETWORK CARD READER
This page describes service procedures available for Terminal Ultralight and Network Card Reader. For
better understanding we are using word terminal on this page, which refers to Terminal Ultralight, and also
Network Card Reader.
YSoft SafeQ 5 1541

February 03, 2016
OVERVIEW
There are two ways to update the terminal's firmware:
Regular update – The first time a user authenticates at the terminal, the update process is automatically
triggered. SafeQ downloads the update files to the terminal, starts the update process, and displays a
message on the terminal screen informing the user about the update.
Emergency update – If you need to update only a small number of terminals, you can perform an
emergency update. Unlike a regular update, which is automatic, you initiate an emergency update at the
terminal, enabling you to perform the update at a convenient time.
YSoft SafeQ 5 1542

February 03, 2016
DOWNLOADING THE FIRMWARE FILES AND EDITING THE CONFIGURATION FILE
1 Download the new firmware files from the Y Soft Partners' Portal (http://partners.ysoft.com) to the
SafeQ server.
2 Copy the new firmware files into the "update" folder (typically: C:/SafeQ/server/update).
station.)
In the Terminal Ultralight firmware, look at the highlighted. As a general rule, on the left side of the
example shown here, the last time the firmware was updated, version 1.1.[0-9]ul was updated to
version 1.2.3.
NOTE: Brackets indicate a range of firmware. For example, 1.1.[0-9] means any firmware version
from 1.1.0 to 1.1.9

for Emergency update add line like: update-fw-ulemergency = ultralight-1.2.3.fw
for Regular update add line like: update-fw-1.1.[0-9]ul = ultralight-1.2.3.fw
NOTE: Lines which stated with # symbol is not taken into account.
YSoft SafeQ 5 1543

February 03, 2016
5 SafeQ server is now prepared for regular or emergency update (depends on lines added into
configuration file in step before).
PERFORMING A REGULAR FIRMWARE UPDATE
1 Prepare configuration file on SafeQ server as described above in Downloading the firmware files
and editing the configuration file
minutes, depending on the connection. The terminal LEDs indicates when the update is complete.
PERFORMING OTHER SERVICE PROCEDURES

This part describes all other sevice procedures for Terminal Ultralight and Network Card Reader.
1 Prepare configuration file on SafeQ server as described above in Downloading the firmware files
and editing the configuration file.
YSoft SafeQ 5 1544

February 03, 2016
2 Unplug the terminal power cable.
3 Use a paper clip or a small screwdriver to push the Emergency button and hold it.
Continue to hold the button pressed while you plug the power cable back in.
The terminal emits a short series of beeps (from 1 beep to 5 beeps) with pauses between each
series. Each series represents an action you can take. After the series of 5 beeps, it starts over with 1
beep again.
4 Release button during the pause after the:
1-beep if you want to restore default configuration settings

2-beep if you want to do the emergency firmware update
3-beep if you want to do the normal firmware update
4-beep if you want to do the emergency reload - reset configuration to default and start
emergency update
5-beep if you want to set network configuration to use DHCP server
After the action is selected it is processed and the terminal is rebooted after that.
Card reader protocol is not reset during restore configuration to default.
Terminal Ultralight and Network card reader are shipped with configuration reset to default.
If you are able to authenticate, you have now successfully performed one of selected procedures.
YSoft SafeQ 5 1545

February 03, 2016
If the Terminal Ultralight or Network Card Reader is using recent firmware version it is not necessary to
unplug the terminal power cable as described in step 2. Just follow the instructions described in step 3 but
hold the button for more than 5 seconds. This functionality works during terminal initialization or idle state
when user card or PIN is expected. It will not work when user session is in progress on Terminal UltraLight.
DEFAULT CONFIGURATION SETTINGS

Default configuration settings for Network Card Reader:
DHCP: Disabled
IP:192.168.0.100
Netmask: 255.255.255.0
Gateway: 192.168.0.254
DNS: 192.168.0.254
Primary Server: 192.168.0.254:5011
Server list: empty
Update server: 192.168.0.254:4096
Sound: Enabled
Default configuration settings for Terminal UltraLight:
DHCP: Disabled
IP:192.168.0.100
Netmask: 255.255.255.0
Gateway: 192.168.0.254
DNS: 192.168.0.254
Primary server: 192.168.0.254:4096
Server list: empty
Locking: Immediate
Auth. type: Card or PIN
Mode: Normal
Sound: Enabled
Debug mode: No log
IOmodue mode: 0
Terminal Ultralight and Network card reader are shipped with configuration reset to default.
TERMINAL ULTRALIGHT BEEP AND LED CODE SEQUENCES

The Terminal Ultralight contains status LEDs that serve for interaction with user. This chapter describes the
beeps the terminal emits and LED codes it displays to notify the user about various status conditions.
BEEP CODE SEQUENCES

In the following table, a period ( . ) represents a short beep and a dash (-) represents a long beep.
NOTE: This option is available only if sound is enabled.
YSoft SafeQ 5 1546

February 03, 2016
Sequence Description
- Card read error. Place the card again or use a different card.
.- Terminal validation failed. Server reports that the terminal is not registered on SafeQ.
-- No print job is waiting in queue.
..- User quota has been exceeded or user has no billing code assigned.
-.- User authentication failed. The PIN is not valid or the ID card is not registered in SafeQ. If
YSoft Payment System is used, it can indicate account is disabled.
.-- The terminal received an error or warning message from the SafeQ server.
If YSoft Payment System is used, it can indicate insufficient credit balance for current user
(according SafeQ system settings for YSoft Payment System -
pricePerPageReservationStrategyForCopyOnHwTerminal ) to perform copies/scans.
--- Connection to SafeQ server failed.
...- Hardware configuration is corrupt and the terminal cannot continue booting.
- .. - Maximum number of firmware update attempts reached but no valid firmware detected.
.-.- Firmware update failed.
--.- Software configuration cannot be saved. Probably faulty terminal EEPROM.
..-- Software configuration is damaged and the terminal is loading defaults.
-.-- Maximum number of firmware update attempts reached and the terminal is resuming normal
boot.
---- Network initiation failed.
.... Keyboard PCB failure.
-... No reader is connected. Reader is required for operation.
.-.. Firmware update failed. Error in server response. SafeQ server is probably not configured
correctly.
--.. Firmware update failed. Cannot connect to SafeQ server.
LED CODE SEQUENCES

The following table shows the various LED code sequences and explains what they indicate.
There are following colors used for icons:
Green - Led is green
YSoft SafeQ 5 1547

February 03, 2016
Red - Led is red

Orange - Led is orange
Grey - Led is off
Animated
Unsuccessful authentication. The terminal does not recognize
the card, PIN, or Card Activation Code code.
All LEDs are off

Terminal power is off.
Animated
Terminal is processing; please wait.
Animated
Firmware upgrade in progress; please wait.
Swipe card or enter PIN.
Enter PIN (when authentication requires card + PIN).
Enter Card Activation Code (when Card Activation Codes are

enabled on the SafeQ server).
Print jobs are available and copying is possible. Press the

Print or Copy icon.
NOTE: This code appears only on SafeQ Terminal UltraLight
Print & Copy.
YSoft SafeQ 5 1548

February 03, 2016
No print jobs are available in the queue. Copying is possible.

Press the Copy icon.
Print & Copy.
Flashing
Copying in progress. To cancel, press X or OK, or place a
card.
Print & Copy.
Flashing
Copying in progress. Server issued a warning. See the MFP
display panel for details.
Print & Copy.
Flashing
Printing in progress. Please wait until the print job is finished.
Flashing
Printing in progress. Server issued a warning. See the MFP
Flashing
An error occurred. See beep codes for details (page ).
Sequential...
Sequence that appears as a user enters a PIN.
Terminal has not been fully configured. Please contact Y

Soft Customer support services.
During boot
WARNING: Do not perform this action unless instructed
to do so by Y Soft.
Enter the terminal model. For UltraLight Print & Copy, press 1
. For UltraLight Print Only, press 3.
During initialization beep sequence

Indicates UltraLight Print & Copy model.
YSoft SafeQ 5 1549

February 03, 2016

Indicates UltraLight Print Only model.

Indicates Ethernet Reader model.
TERMINAL ULTRALIGHT SPECIFICATION
TERMINAL ULTRALIGHT SPECIFICATION
Parameter Value
Control Capacitive keyboard
Identification Using a card reader or PIN or any

combination
Network 2-port 10/100 Mbit switch (auto MDI/MDIX)
Processor Freescale Coldfire v2
Memory 64kB RAM, 512kB Flash
Electric power supply input 12V DC
Working air humidity 20% to 85% without condensation

field
4.9.6 NETWORK CARD READER
At a Glance
FCC statements
Network Card Reader overview
System Overview
Ethernet Reader specification
Terminal's configuration
SafeQ server configuration
YSoft SafeQ 5 1550

February 03, 2016
Ethernet Reader Service procedures

Service procedures
Service firmware
Reader firmware
Network Card Reader is supported with Xerox and Sharp devices.
FCC STATEMENTS

NETWORK CARD READER OVERVIEW
The YSoft SafeQ ® Ethernet Reader is based on YSoft SafeQ® Terminal UltraLight. YSoft SafeQ®
Ethernet Reader provides compact, fast and simple user interface for authorization to printer. It has no
display available; therefore user interaction is limited to status leds. User authentication (on Ethernet
Reader) is possible only with card.
There are two types of Network Card Reader:
with embedded card reader (on the left)

with external card reader connected with RS-232 cable connected to serial port in Network Card
Reader (on the right)
NOTE: Following documentation is related to both types of Network Card Readers, therefore you might
encounter minor differences when using Network Card reader with external card reader.
YSoft SafeQ 5 1551

February 03, 2016
SYSTEM OVERVIEW
The purpose of Ethernet Reader is to handle user authentication and authorization to the device
using card.
User can use also the PIN authorization (using the MFP integrated panel).
YSoft SafeQ 5 1552

February 03, 2016
Only selected card readers are supported by Ethernet Reader.

The Ethernet Reader is equipped with a 2-ports network switch and so it is not necessary to provide another
Ethernet socket for connection - the copier or printer can be connected via the terminal. It features a
microcomputer, flash ROM, network interface and a card reader.
Terminal is powered by external power supply that is also included in installation package.
The emergency button is used for reset the terminal into default settings.
YSoft SafeQ 5 1553

February 03, 2016
ETHERNET READER SPECIFICATION
Parameter Value
Identification Using a card reader
Network 2-port 10/100 Mbit switch (auto MDI

/MDIX)
Processor Freescale Coldfire v2
Memory 64kB RAM, 512kB Flash
Electric power supply input 12V DC

field
TERMINAL'S CONFIGURATION
Ethernet Reader requires TCP/IP connection to the YSoft SafeQ server. Ethernet Reader has own IP and
MAC address.
For the proper network configuration you can use:

Configuration utility for hardware terminals (termtool)
There is a default network configuration used for Ethernet Reader:
DHCP=0
IP=192.168.0.100
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
DNS=192.168.0.254
SERVERIP=192.168.0.254:5011
SERVERUPD=192.168.0.254:4096
The SERVERIP corresponds to the IP address and port of the YSoft SafeQ® Terminal Server. The IP and
port are used for card authentication.
The SERVERUDP corresponds to the SafeQ server and serves for firmware updates.
YSoft SafeQ 5 1554

February 03, 2016
SAFEQ SERVER CONFIGURATION
After the Ethernet Reader is properly configured, it must be connected to the YSoft SafeQ®.
Assume that the YSoft SafeQ® server and YSoft SafeQ® Terminal Server are already installed and
running.
device.
3 Go to Terminal tab and insert Network Card reader serial number. This serial number equals to
serial number written in SafeQ Terminal Configuration util (first column).
Then press Reinstall button to apply new settings.
NOTE: If you want to add Network Card reader serial number, one of the authentication method
with card must be selected.
YSoft SafeQ 5 1555

February 03, 2016
4 Since the installation is successfully finished, the Ethernet reader is successfully configured.
ETHERNET READER SERVICE PROCEDURES
SERVICE PROCEDURES
For more info about all service procedures, please visit: Performing service procedures of Terminal
UltraLight and Network Card Reader
SERVICE FIRMWARE
Service firmware is the most important part of the reader firmware. Right after power-up it will check the
emergency button if any action is required. Then it will check the normal firmware for integrity. If the normal
firmware is not valid then the emergency firmware will connect to server in emergency mode and download
the firmware. If the normal firmware integrity is ok, then it is started.
READER FIRMWARE
Ethernet Reader firmware is the main part of the firmware. It initializes network, autodetects readers and
sends the card number to the server when card is placed. By default the firmware starts UDP locator server
which will help detecting available readers on the local network. Also the TCP configuration server is
started.
NETWORK CARD READER BEEP AND LED CODE SEQUENCES

The Network Card Reader contains status LEDs that serve for interaction with user. This chapter describes
the beeps the terminal emits and LED codes it displays to notify the user about various status conditions.
BEEP CODE SEQUENCES
YSoft SafeQ 5 1556

February 03, 2016
- Card read error. Please try placing the card again or use the different card.
.- Reader validation failed. Server reports that the terminal is not registered on SafeQ. Please
consult administrator manual
-.- User validation failed. User card is not registered in the system.
.-- Received error or warning message from server.
...- Hardware configuration damaged, cannot continue in booting
-..- Maximum number of update attempts reached but no valid firmware detected.
.-.- Update of firmware failed.
--.- Software configuration cannot be saved. Probably faulty onboard eeprom.
..-- Software configuration damaged, loading defaults.
-.-- Maximum number of update attempts reached, resuming normal boot.
---- Network init failed.
-... No reader connected and reader required for correct functionality.
.-.. Update of firmware failed. Error in server response, SafeQ server is probably not configured
correctly.
--.. Update of firmware failed. Cannot connect to SafeQ server.
-.-. Service firmware damaged, re restore required.
-...- Debug mode, not for public release.
ETHERNET READER FLASH CODE SEQUENCES


Red - Led is red
Grey - Led is off
YSoft SafeQ 5 1557

February 03, 2016
All leds are switched off

Ethernet reader power is off.
Animated
Ethernet reader is processing, please wait.
Animated
Firmware upgrade in progress, please wait (service firmware working).
Firmware upgrade in progress, please wait (service firmware working).
Similar to the previous one.
Place card.
Flashing
Error occurred, see beep codes for details.
During init sound

Ethernet reader model (3). Please note that ethernet reader operation can be
configuration selected on UltraLight or UltraLight print only models.
In such case the read software configuration command can read current
settings.
USING EMERGENCY BUTTON

The correct procedure of using the emergency button is the following:
Use a paper clip or a tiny screwdriver to push the emergency button. Hold the button pressed for
more than 5 seconds.
Alternatively you can unplug the terminal power cable, hold the emergency button and plug the
terminal power back while still holding the emergency button
The terminal now starts with short series of beeps with a longer pause between them. The action is
selected by releasing the button in the pause. Once the beep count reaches selectable maximum it
starts over again from 1. To cancel any selection unplug the power cable and release the button.
1 beep - do a set default configuration
4 beeps - do the emergency reload - reset configuration to default and start emergency update
5 beeps - set network configuration to use DHCP server
6 beeps - push update expected, do not try to connect to the server for update
YSoft SafeQ 5 1558

February 03, 2016
After the action is selected it is processed and the terminal is rebooted after that
NETWORK CARD READER - CONTINUOUS READING AND LOG OFF BY CARD REMOVAL
OVERVIEW
This feature enables users to be logged in device while their card is placed on Network Card Reader (NCR)
and logged out when the card is removed from NCR.
CONFIGURATION
This feature is implemented since firmware 1.2.8. T o be enabled, continuous card reader protocol has
to be set. Contact customer support services for more information about card reader protocols.
HOW TO SET CARD READER PROTOCOL
Run Remote configuration tool for hardware terminals (termtool)

Select Network Card Reader from the list
Select 4) Card reader and IO module setup
Put number of required card reader protocol in Reader protocol dialog. (For example for ASK/FSK
and Multireader LF/LF+HF insert 94)
Press ENTER and save changes to terminal
USING
User with assigned card comes to Network Card Reader and place card on the reader (card stays on the
reader and is not removed). User is logged in while card is placed on terminal - > user can perform prints
/scans/ copies. After user is finished he removes card from the reader and is logged out.
4.9.7 REMOTE CONFIGURATION TOOL FOR HARDWARE TERMINALS
REMOTE CONFIGURATION TOOL FOR HARDWARE TERMINALS (TERMTOOL)
The termtool configuration tool is designed for YSoft Hardware terminals (Terminal Professional, UltraLight
and Network card reader).
Remote configuration tool for hardware terminals (termtool)

Purpose
Prerequisites
Limitations
Description
How to obtain termtool
Main program screen
Terminal configuration screen
Command line parameters
Terminal select
Input/output
(-p) SM pin
List terminals
(-g) (-G1) (-G2) get configuration
(-c) (-C1) (-C2) (-CU) set configuration
(-j) get terminal log
YSoft SafeQ 5 1559

February 03, 2016
(-J1) (-J2) get SafeQ Payment machine processing logs

(-k) get lowlevel information
(-ms) (-mc) SafeQ Payment machine - receipt template
(-uu) update standard firmware from server (normal mode)
(-ue) update standard firmware from server (emergency mode)
(-uU) update standard firmware from URL (Full update)
(-uP) update standard firmware from URL (Patch update)
(-us) update service firmware
(-ur) update service firmware from URL
(-uS) update SPM data files
(-uf) update standard firmware of Terminal Professional
(-ug) update standard firmware of Terminal UltraLight
(-r) Perform terminal reboot
(-v) (-V) verbose operation (on stderr)
Return value
Files format
Terminals list (termlist.txt)
Configuration template (termtempl.txt)
Appendix A - Common use cases
Configure SQ server settings on one newly connected terminal
Configure multiple items on many terminals connected to large network while we know
their IP addresses
Disable all downlink ports on few terminals connected to large network while we know
their IP addresses
Update service firmware on terminal
PURPOSE
Show information about detected terminals.

Set basic parameters of each terminal such as reader protocol, IO module, network settings, debug
mode etc.
Forcing of normal firmware update.
Update of service firmware.
Download log from terminal for debugging purposes.
PREREQUISITES
Windows 2000 and higher

Linux kernel 2.4 or higher
termtool.exe (WIN32) or termtool (Linux) executable binaries
LIMITATIONS
Not all functions are supported on all previous releases of terminal firmwares.
DESCRIPTION
The program runs in a system console. It is not a GUI application, it is an application running in text mode.
YSoft SafeQ 5 1560

February 03, 2016
HOW TO OBTAIN TERMTOOL

Termtool is standard part of installation package. You can find it in the _support\Remote
Configuration Tool folder of the SafeQ installation package.
MAIN PROGRAM SCREEN
When the program is run without any command line parameter the termtool loads terminal list from fixed file
(termlist.txt) and tries to detect all other accessible terminals. Then the following screen is shown:
YSoft terminal configuration utility ver. 0.9, PARTNERS release
List of available terminals:

----------------------------------------------------------------------------
0) TP 10.1.6.245 SQPRC053535E94E 3.11.0(450) TCP only
----------------------------------------------------------------------------
Additional detected terminals:

----------------------------------------------------------------------------
1) TP 10.1.5.232 SQPR9493534CD6E 3.11.4(505) TCP and bcast
2) SPM 10.1.5.221 SQPRB213537842E 3.12.0(514) TCP and bcast
3) ULPC 10.1.5.217 SQULB47151A344E 1.2.0ul TCP and bcast
4) ULPC 10.1.5.253 SQULB47151A348E 1.2.0ul TCP and bcast
----------------------------------------------------------------------------
Actions:
99) Exit application
Terminal list:
101) Refresh 102) Load 103) Save 104) Purge
Terminal :
111) Add by IP 112) Add by SN 113) Delete
Cfg. template:
121) Apply to all terminals
SM PIN for further operations (TP only): Currently: none

131) Enter PIN L 1 132) Enter PIN L 2 133) Clear PIN
Enter number:
Screen shows information about terminals:
Terminal type
TP = Professional
SPM = SafeQ Payment machine
TP-NCR = Professional in Network card reader mode
ULPC = UltraLight Print&Copy
ULPO = UltraLight Print only
NCR = Network card reader
Terminal IP address
Serial number
Firmware version
Terminal availability
YSoft SafeQ 5 1561

February 03, 2016
TCP and bcast = Terminal is reachable by both TCP connection or by broadcast - terminals in
same subnet with correct IP address setting
TCP only = Only TCP connection - terminals in different subnet, but correctly configured IP
address (and netmask etc.)
bcast only = Only broadcast connection - like terminal in same subnet, but without correctly
configured IP address
unreachable = Terminal is not on last known IP and is not reachable via broadcast (not in
same subnet)
User may select concrete terminal number (0-98) to be configured or run one of these commands:
"99) Exit application" - completely exit application

"101) Refresh" - Redetect all terminals and refresh list
"102) Load" - Load terminal list from fixed file (termlist.txt) and rescan terminals status
"103) Save" - Save current terminal list to fixed file (termlist.txt)
"104) Purge" - Clear current terminal list and redetect all terminals
"111) Add by IP" - Add single terminal to list by entering its IP address
"112) Add by SN" - Add single terminal to list by entering its serial number
"113) Delete" - Delete single terminal in list
"121) Apply to all terminals" - Apply stored configuration template (termtempl.txt) to all terminals on
list
"131) Enter PIN L 1" - Define service menu pin level 1 (site admins) for future operations on terminal
professional that requires it
"132) Enter PIN L 2" - Define service menu pin level 2 (partners) for future operations on terminal
professional that requires it
"133) Clear PIN" - Clear currently defined pin
TERMINAL CONFIGURATION SCREEN
According to terminal type, only some of following items may be displayed.

Terminal configuration screen (after selecting terminal number from the main menu):
Terminal Professional:
Terminal information:
Type : Professional
Firmware ver. : 3.11.4(505)
Servicefw ver.: 2.2.3-12
Servicefw stat: OK
Hardware information:
HW version : 3.5.3
Serial number : SQPR9493534CD6E
Manuf. date : Tue Dec 1 11:52:42 2009
Network information:
Pri. MAC addr.: 00:0A:59:F4:4C:D6
Sec. MAC addr.: 00:0A:59:F4:4C:D7
Link-0 speed : 0
Link-0 mode : 0
Link-1 speed : 0
YSoft SafeQ 5 1562

February 03, 2016
Link-1 mode : 0
Link-2 speed : 0
Link-2 mode : 0
Up-link speed : 0
Up-link mode : 0
IP information:
DHCP : Enabled
DHCP IP : 10.1.5.232
DHCP Netmask : 255.255.255.0
DHCP Gateway : 10.1.5.100
DHCP DNS : 10.1.0.100
Host name : TEST0001
Server information:
Primary server: 10.1.5.121:4096
Server list :
Locking : Immediate
Cluster supp. : Enabled
Cluster mode : Balanced
Advanced information:
Auth. type : 8 = Card or PIN or Login
Mode : Normal
Joblist mode : Queue/printed
PIN dlg. text : Without characters count
P/C alert msg.: Enabled
Sum. after P/C: Pages and price
Menu timeout : 60
Info timeout : 20
Sound : Enabled
Debug mode : Log all
Card reader and IO module:

Reader type : 48 = B-041 MultiReader LF + HF
Reader proto : 90 = EM4000 compatible + HF UIN
IOmodule type : 1 = N/A Generic iomodules
IOmodule mode : 9 = Autodetect smartcable
Language information:
Default lang. : 2 = English
Other langs. : 11 = Japanese;14 = Chinese (Simplified);17 = Chinese (Traditional);21 = Arabic;25 = Korean;
Lang. selector: Globe always
----------------------------------------------------------------------------
Terminal:
1) IP setup
2) Server setup
3) Advanced setup
4) Card reader and IO module setup
5) Languages setup
Actions:
99) Exit without saving
100) Save changes to terminal and exit (may need service menu pin)
Cfg. template:
101) Load template 102) Save changes as template
Enter number:
YSoft SafeQ 5 1563

February 03, 2016
Terminal UltraLight:
Terminal information:
Type : UltraLight Print&Copy
Firmware ver. : 1.2.0ul
Servicefw ver.: 1.7.0svcul
Servicefw stat: OK
Hardware information:
HW version : 1.5.1
Serial number : SQULB47151A344E
Manuf. date : Fri Nov 25 16:40:37 2011
HW features : 00000000
Keyb. type : 2
Network information:
MAC address : 00:0A:59:F4:A3:44
Port 0 speed : 0
Port 0 mode : 0
Port 1 speed : 0
Port 1 mode : 0
IP information:
DHCP : Enabled
DHCP IP : 10.1.5.217
DHCP Netmask : 255.255.255.0
DHCP Gateway : 10.1.5.100
DHCP DNS : 10.1.0.100 10.0.0.100 10.0.0.101
Host name : Ulko_007
Domain :
Server information:
Primary server: 10.1.5.121:4096
Server list :
Locking : Immediate
Advanced information:
Auth. type : 3 = Card or PIN
Mode : Normal
Sound : Disabled
Debug mode : Log all
Card reader and IO module:

Reader type : 44 = B-087 MultiReader HF
Reader proto : 105 = Card UIN
IOmodule type : 0 = Unknown
IOmodule mode : 0 = Unknown
----------------------------------------------------------------------------
Terminal:
1) IP setup
2) Server setup
3) Advanced setup
4) Card reader and IO module setup
YSoft SafeQ 5 1564

February 03, 2016
Actions:
99) Exit without saving
100) Save changes to terminal and exit (may need service menu pin)
Cfg. template:
101) Load template 102) Save changes as template
Enter number:
When some value is incorrect in relevant behavior or could not be obtained from terminal then "FAILED" or
"unknown" is shown. When user selects terminal configuration change relevant information are repeated
before entering new values.
Terminal "IP setup" allows to set DHCP support, terminal IP, netmask, gateway, dns, hostname.
Terminal "Server setup" allows to set server IP:port, cluster nodes IP, update server for network card
reader, locking mode, cluster support and cluster mode.
Terminal "Advanced setup" allows to set authentication type, terminal mode, joblist type, pinbox text,
timeouts, sound setting, debug setting and other interface related settings.
Terminal "Card reader and IO module setup" allows to set reader type and protocol, IO module type and its
mode.
Terminal "Languages setup" allows to set default language, other selectable languages, and language
selector type.
"SafeQ Payment Machine setup" allows to set money removal PIN and print receipt setting.
Action "99) Exit without saving" returns user to the previous menu. If any changes in settings are made they
are discarded and original settings remain.
Action "100) save changes to terminal and exit (may need service menu pin)" returns user to the previous
menu. If any configuration settings are changed, then changes are stored into terminal and applied. Some
settings require service menu pin on terminal professional so user is asked to enter it.
Action "101) Load template" loads from fixed file (termtempl.txt) configurations changes. These changes are
shown in listing.
Action "102) Save changes as template" stores all currently prepared changes on selected terminal to file
(termtempl.txt) for future use as a configuration template.
COMMAND LINE PARAMETERS

When the program is run with -h parameter, the following help screen is shown:
YSoft terminal configuration utility ver. 0.9, PARTNERS release

Usage: ./termtool -<parameter> <value> ...
Parameters:
-i input_file (otherwise stdin)

-o output_file (otherwise stdout)
-p pin SM pin
YSoft SafeQ 5 1565

February 03, 2016
-I ip_addr select IP address of terminal to configure

-t id select terminal # to configure (if not specified then first detected terminal will be used)
-s serno select terminal with given serial number
-l list terminals
-L list terminals, but do NOT list unreachable ones
-n do NOT search for new terminals (use only stored list)
-g get configuration (data on stdout or output file)

-G1 get configuration via authorized access (SM pin level 1) (data on stdout or output file)
-G2 get configuration via authorized access (SM pin level 2) (data on stdout or output file)
-c set configuration (data on stdin or input file)

-C1 set configuration via authorized access (SM pin level 1) (data on stdin or input file)
-C2 set configuration via authorized access (SM pin level 2) (data on stdin or input file)
-CU set configuration via UDP access (data on stdin or input file)
-j get terminal log (data on stdout or output file)

-J1 get SPM processing log - charges (data on stdout or output file)
-J2 get SPM processing log - items (data on stdout or output file)
-k get lowlevel information (TP only) (data on stdout or output file)
-ms SPM - set receipt template (req. SM pin l 2)(template data on stdin or input file)
-mc SPM - clear receipt template (req. SM pin l 2)
-uu update standard firmware from server (Normal mode)

-ue update standard firmware from server (Emergency mode)
-uU update standard firmware from URL (Full update of TP only) (URL on stdin or input file)
-uP update standard firmware from URL (Patch update of TP only) (URL on stdin or input file)
-us update service firmware (update file on stdin or input file)
-ur update service firmware from URL (TP only) (URL on stdin or input file)
-uS update SPM data files (update file on stdin or input file)
-uf update standard firmware of terminal professional (update file on stdin or input file)
-ug update standard firmware of terminal ultralight (update file on stdin or input file)
-r Perform terminal reboot
-h this help screen

-v verbose operation (on stderr)
-V very verbose operation (on stderr)
NOTE: Some of the functions require a specific product or a certain minimum firmware version.
TERMINAL SELECT
Terminal could be selected by
(-I) IP address - terminal must have properly configured network settings and be accessible via TCP
connection to entered IP.
(-t) id - Select terminal on id offset in stored terminal list (termlist.txt)
(-s) serial number - terminal must be accessible via broadcast or already stored in list, then it could
be selected by its serial number
YSoft SafeQ 5 1566

February 03, 2016
INPUT/OUTPUT
When command produces some output then it is shown to user (printed on stdout). It could be also
redirected by system to file or written to file by program when user uses option (-o out_file)
When command requires additional data file then user may enter them on stdin, redirect output of other
program to stdin or specify input file (-i input_file)
Linux examples:
echo "SOUND=0" | ./termtool -I 10.0.0.1 -c
./termtool -I 10.0.0.1 -c
SOUND=0
^D
./termtool -I 10.0.0.1 -c -i cfg_file.txt
Windows examples:
echo SOUND=0 | termtool.exe -I 10.0.0.1 -c
type con | termtool.exe -I 10.0.0.1 -c

SOUND=0
^Z
termtool.exe -I 10.0.0.1 -c -i cfg_file.txt
(-P) SM PIN
Configuration of some values in terminal professional or in Payment Machine requires service menu pin. So
by this option user should specify pin value. Useful with -G1 -G2 -C1 -C2 -ms -mc.
LIST TERMINALS
There is option to detect and list almost all terminals on same segment of network. Also program use stored
list (termlist.txt) to add other terminals which should be outside network segment, but still accessible via IP
address.
Output listing have same format as stored list (termlist.txt) and should modified in following ways:
(-l) list all terminals, stored ones and newly detected
YSoft SafeQ 5 1567

February 03, 2016
(-L) list all terminals (stored ones and newly detected), but do NOT list unreachable ones
Previous commands should be modified with (-n) option which force to do NOT search for new
terminals (use only stored list) so stored list will be only updated with current values and optionally
removed unreachable terminals.
(-G) (-G1) (-G2) GET CONFIGURATION
Downloads terminal configuration and shows it to user or store it to file (-o out_file).
Options (-G1) (-G2) are only for terminal professional to authorize via service menu pin level 1 or 2 -
optionally combine with parameter (-p pin).
Example on linux:
./termtool -I 10.0.0.1 -g -o CFG.TXT

./termtool -I 10.0.0.1 -G1 -p 0000 -o CFG.TXT
or on Windows:
termtool.exe -I 10.0.0.1 -g -o CFG.TXT

termtool.exe -I 10.0.0.1 -G1 -p 0000 -o CFG.TXT
(-C) (-C1) (-C2) (-CU) SET CONFIGURATION
Upload configuration entered on stdin or from input file (-i input_file) to terminal.
Options (-C1) (-C2) are only for terminal professional to authorize config upload via service menu pin level 1
or 2 - optionally combine with parameter (-p pin). Parameter (-CU) force different way of configuration
upload - via broadcasts - so terminal have to be in same network segment.
Configuration file should contain only fields which user needs to change! Storing of read only value is
considered as error so final result of run will be also error.
Example on linux:
./termtool -I 10.0.0.1 -c -i CFG.TXT

./termtool -I 10.0.0.1 -C1 -p 0000 -i CFG.TXT
or on Windows:
termtool.exe -I 10.0.0.1 -c -i CFG.TXT

termtool.exe -I 10.0.0.1 -C1 -p 0000 -i CFG.TXT
(-J) GET TERMINAL LOG
Downloads terminal log and shows it to user or store it to file (-o out_file).
YSoft SafeQ 5 1568

February 03, 2016
Please note that logging must be enabled before using this function
Example on linux:
./termtool -I 10.0.0.1 -j -o LOG.TXT
or on Windows:
termtool.exe -I 10.0.0.1 -j -o LOG.TXT
(-J1) (-J2) GET SAFEQ PAYMENT MACHINE PROCESSING LOGS
Downloads two different types of SPM logs and shows it to user or store it to file (-o out_file). These files
also enclose when reporting problem with SPM via Service desk incident reporting.
Example on linux:
./termtool -I 10.0.0.1 -J1 -o SMP_LOG1.TXT

./termtool -I 10.0.0.1 -J2 -o SMP_LOG2.TXT
or on Windows:
termtool.exe -I 10.0.0.1 -J1 -o SPM_LOG1.TXT

termtool.exe -I 10.0.0.1 -J2 -o SPM_LOG2.TXT
(-K) GET LOWLEVEL INFORMATION
Terminal professional only - Show information about boot loaders and service firmware or store them to file
(-o out_file).
(-MS) (-MC) SAFEQ PAYMENT MACHINE - RECEIPT TEMPLATE
Only for SafeQ Payment machine equipped with optional printer. There commands requires service menu
pin level 2 (combine with -p pin). By option (-ms) users shall upload new receipt template (combine with -i
input_file) or clear currently stored one (-mc)
Example on linux:
./termtool -I 10.0.0.1 -ms -i receipt.xml -p 0000

./termtool -I 10.0.0.1 -mc -p 0000
or on Windows:
YSoft SafeQ 5 1569

February 03, 2016
termtool.exe -I 10.0.0.1 -ms -i receipt.xml -p 0000

termtool.exe -I 10.0.0.1 -mc -p 0000
(-UU) UPDATE STANDARD FIRMWARE FROM SERVER (NORMAL MODE)
Invoke terminal to reboot into service firmware and do full update of firmware from SQ server.
Example on linux:
./termtool -I 10.0.0.1 -uu
or on Windows:
termtool.exe -I 10.0.0.1 -uu
(-UE) UPDATE STANDARD FIRMWARE FROM SERVER (EMERGENCY MODE)
Invoke terminal to reboot into service firmware and do emergency full update of firmware from SQ server.
Example on linux:
./termtool -I 10.0.0.1 -ue
or on Windows:
termtool.exe -I 10.0.0.1 -ue
(-UU) UPDATE STANDARD FIRMWARE FROM URL (FULL UPDATE)
Invoke terminal to reboot into service firmware and do full update of firmware from defined URL.
Example on linux:
echo "http://my_server:port/downloads/FULL-sq-3.12.0.fw" | ./termtool -I 10.0.0.1 -uU

./termtool -I 10.0.0.1 -uU -i download.url
or on Windows:
echo http://my_server:port/downloads/FULL-sq-3.12.0.fw | termtool.exe -I 10.0.0.1 -uU

termtool.exe -I 10.0.0.1 -uU -i download.url
YSoft SafeQ 5 1570

February 03, 2016
(-UP) UPDATE STANDARD FIRMWARE FROM URL (PATCH UPDATE)
Invoke terminal to do patch update of firmware from defined URL.
Example on linux:
echo "http://my_server:port/downloads/sq-3.12.0.fw" | ./termtool -I 10.0.0.1 -uP

./termtool -I 10.0.0.1 -uP -i download.url
or on Windows:
echo http://my_server:port/downloads/sq-3.12.0.fw | termtool.exe -I 10.0.0.1 -uP

termtool.exe -I 10.0.0.1 -uP -i download.url
(-US) UPDATE SERVICE FIRMWARE
Sends service firmware update to terminal.
NOTE: This "server-less" style of service firmware update is supported from firmware 3.8.0 on TP and 1.1.0
on UL.
Example on linux for TP and UL:
./termtool -I 10.0.0.1 -us -i emergency-2.2.2-12.enc

./termtool -I 10.0.0.2 -us -i ultralight_service-1.7.fw
or on Windows:
termtool.exe -I 10.0.0.1 -us -i emergency-2.2.2-12.enc

termtool.exe -I 10.0.0.2 -us -i ultralight_service-1.7.fw
(-UR) UPDATE SERVICE FIRMWARE FROM URL
Invoke terminal to do service firmware update from defined URL.
Example on linux:
echo "http://my_server:port/downloads/emergency-2.2.2-12.enc" | ./termtool -I 10.0.0.1 -ur

./termtool -I 10.0.0.1 -ur -i download.url
or on Windows:
YSoft SafeQ 5 1571

February 03, 2016
echo http://my_server:port/downloads/emergency-2.2.2-12.enc | termtool.exe -I 10.0.0.1 -ur

termtool.exe -I 10.0.0.1 -ur -i download.url
(-US) UPDATE SPM DATA FILES
SafeQ Payment Machine have posibility to update firmwares of banknote/coin acceptors. These firmwares
are stored in SPM. To update these stored data use this command with the latest data file package.
Example on linux:
./termtool -I 10.0.0.1 -uS -i spm_data-2012-05-11.enc
or on Windows:
termtool.exe -I 10.0.0.1 -uS -i spm_data-2012-05-11.enc
(-UF) UPDATE STANDARD FIRMWARE OF TERMINAL PROFESSIONAL
Sends main firmware update directly to Terminal Professional.
Note: For Terminal UltraLight or Network Card Reader see option (-ug)
Important note: This command may fail in some situations. In this case try to perform it again.
e.g.: Message "Failed to switch terminal to update mode" may mean that there is currently an
active user/admin session.
This "server-less" style of firmware update is supported on terminals that already have service
firmware 2.3.1-13 or newer, or that have standard firmware 3.8.0 or newer.
Warning: This command may automatically update terminal service firmware to minimal required
version.
Example on linux:
./termtool -I 10.0.0.1 -uf -i FULL-sq-3.13.3.fw
or on Windows:
termtool.exe -I 10.0.0.1 -uf -i FULL-sq-3.13.3.fw
YSoft SafeQ 5 1572

February 03, 2016
(-UG) UPDATE STANDARD FIRMWARE OF TERMINAL ULTRALIGHT
Sends main firmware update directly to Terminal UltraLight or Network Card Reader.
Note: For Terminal Professional see option (-uf)
Important note: This command may fail in some situations. In this case try to perform it again.
e.g.: Message "Failed to switch terminal to update mode" may mean that there is currently an
active user/admin session.
This "server-less" style of firmware update is supported on terminals that have standard firmware
1.1.5 or newer.
Warning: This command may automatically update terminal service firmware to minimal required
version.
Example on linux:
./termtool -I 10.0.0.2 -ug -i ultralight-1.2.4.fw
or on Windows:
termtool.exe -I 10.0.0.2 -ug -i ultralight-1.2.4.fw
(-R) PERFORM TERMINAL REBOOT
Invoke terminal to reboot.
Example on linux:
./termtool -I 10.0.0.1 -r
or on Windows:
termtool.exe -I 10.0.0.1 -r
YSoft SafeQ 5 1573

February 03, 2016
(-V) (-V) VERBOSE OPERATION (ON STDERR)
By specifying '-v' (debug) or '-V' (verbose debug) on command line an extended debug mode is enabled.
This may provide developers with important information in case anything during termtool operation fails.
RETURN VALUE
When command line execution is successfully done program returns 0. In case of errors any non zero value
is returned.
FILES FORMAT
TERMINALS LIST (TERMLIST.TXT)
This file stores currently known terminals.
10.0.0.1 SQPR9173533BB0E 512 3.11.6(507)

10.0.1.200 SQPRC053535E94E 512 3.11.0(450)
10.0.0.2 SQPRB213537842E 768 3.12.0(490)
0.0.0.0 SQULB47151A344E 2 1.2.0ul
10.0.0.3 SQULB47151A348E 2 1.2.0ul
List contains these values separated by space:
IP address
Serial number
Number defining type of terminal
Firmware version
If you need to import terminal list you should replace termlist.txt with list where are only IP addresses, then
call termtool to list terminals. Termtool will try to contact all terminals and update information in output
listing.
CONFIGURATION TEMPLATE (TERMTEMPL.TXT)
# 24
DEFLANG=1
# 24
LANGUAGES=2;11;
File contains optional internal data in comments (line starting with '#') and configuration values which have
to be changed.
So format allows to get current configuration from terminal and copy relevant items to template file without
any modifications.
APPENDIX A - COMMON USE CASES
CONFIGURE SQ SERVER SETTINGS ON ONE NEWLY CONNECTED TERMINAL
Terminal is configured to DHCP by default and this is correct in this situation so we need only to configure
server IP. Terminal will be connected directly to the same network subnet.
1) Interactively
YSoft SafeQ 5 1574

February 03, 2016
Connect terminal to network and let it boot

Run termtool
Termtool has to list all accessible terminals where newly connected one have to be listed
By comparing serial numbers search corresponding line and enter its number
Enter number 2 - to invoke "Server setup"
On prompt for entering primary server enter new server settings (IP address and port in format: IP:
PORT) - for example 10.0.0.1:4096
On other prompts for configuring other values simply press enter to leave current values
After return to menu enter number 100 - "Save changes to terminal and exit"
Now terminal will be configured
Enter number 99 - "Exit application" to leave utility
2) Via command line
Connect terminal to network and let it boot

Open command line window where your copy of termtool is
Enter following command on linux (replace IP address and serial number with yours):
echo "SERVERIP=10.0.0.1:4096" | ./termtool -s SQPRC013531234E -c
on Windows:
echo SERVERIP=10.0.0.1:4096 | termtool.exe -s SQPRC013531234E -c
NOTE: Configuration item "SERVERIP" stands for primary SQ server. Other configuration items
could be found in documentation enclosed in remote configuration tool
Now terminal will be configured
CONFIGURE MULTIPLE ITEMS ON MANY TERMINALS CONNECTED TO LARGE NETWORK WHILE WE KNOW THEIR IP ADDRESSES
Terminals are properly configured in customer's network, but they are on many subnets. We have list of
their IP addresses.
1) First prepare configuration template
Run termtool
Select any suitable terminal or add one of required terminal by its IP address from list( 111) Add by
IP ).
Enter all required changes of configuration by selecting appropriate items and entering values
After configure enter 102) "Save changes as template"
Enter number 99 - Exit without saving
All this could be also done manually by direct editing of termtempl.txt with correct configuration values
(items documentation enclosed in remote configuration tool).
YSoft SafeQ 5 1575

February 03, 2016
2) Modify termlist.txt
See section "Files format" for details.
Terminal list file could contain only IPs - one per line so replace current termlist.txt file with your list of
terminals IPs.
3) Apply to all terminals new settings
Run termtool without detecting new terminals, so only list will be used
termtool -n
Alternatively you could run termtool normally, then tool detects also other terminals, then selects
purge terminal list and loads list so you will have only terminals stored in list
When you configure some options that requires service menu pin on terminal professional then select
option to enter it first. (Enter PIN L 1/2)
Enter number 121 - "Apply to all terminals" to apply configuration template
Now all terminals will be configured
DISABLE ALL DOWNLINK PORTS ON FEW TERMINALS CONNECTED TO LARGE NETWORK WHILE WE KNOW THEIR IP ADDRESSES
Terminals are properly configured in customer's network, but they are on many subnets. We have list of
their IP addresses.
Ethernet ports could not be interactively configured in termtool so you have to use remote configuration with
correct configuration values. In enclosed documentation (Terminal Configuration Details_SQPR_fw3.12.0.
xlsx) you could found that ethernet port settings are stored in values PORT_X_SPEED, where X stands for
0-3 and 3 means uplink. So we need to configure items PORT_0_SPEED, PORT_1_SPEED,
PORT_2_SPEED and they are configurable via authorized access with service menu pin level 1. Best way
how to get correct value of required item is to get it from terminal.
Manually configure one terminal to disable all downlink ports

use termtool to download configuration to file:
termtool -I 10.0.0.1 -g -o old_config.txt
edit stored config file to contain only required items (PORT_0_SPEED, PORT_1_SPEED,
PORT_2_SPEED). So file will contain this content:
PORT_0_SPEED=5
PORT_1_SPEED=5
PORT_2_SPEED=5
YSoft SafeQ 5 1576

February 03, 2016
now for each terminal upload configuration change. Replace IP address with correct one and 0000
with service menu pin level 1.
termtool -I 10.0.0.2 -C1 -p 0000 -i new_config.txt
UPDATE SERVICE FIRMWARE ON TERMINAL
All terminals have service (emergency) firmware which could be updated.
NOTE: This style of service firmware update is supported from firmware 3.8.0 on TP and 1.1.0 on UL.
Obtain the newest service firmware file (files like UL/ER: ultralight_service-1.7.fw TP/SPM:
emergency-2.2.2-12.enc)
Terminal must have properly configured network settings so it have to be accessible via IP address.
(for this example we will suppose that IP address for TP is 10.0.0.50 and 10.0.0.51 for UL)
Check current version of service firmware
For TP/SPM (obtain low level information - service firmware and boot-loaders statuses)
For UL/ER you have to download whole configuration and search for the version
on linux:
./termtool -I 10.0.0.50 -k
./termtool -I 10.0.0.51 -g
on Windows:
termtool.exe -I 10.0.0.50 -k
termtool.exe -I 10.0.0.51 -g
Search for values of items SERVICE_STATUS and SERVICE_VER which contain information about
current service firmware status and version.
Update service firmware by entering following command
on linux:
./termtool -I 10.0.0.50 -us -i emergency-2.2.2-12.enc

./termtool -I 10.0.0.51 -us -i ultralight_service-1.7.fw
on Windows:
termtool.exe -I 10.0.0.50 -us -i emergency-2.2.2-12.enc

termtool.exe -I 10.0.0.51 -us -i ultralight_service-1.7.fw
YSoft SafeQ 5 1577

February 03, 2016
Wait for about 2 minutes

check if update was successful by getting current versions of service firmware
./termtool -I 10.0.0.50 -k
./termtool -I 10.0.0.51 -g
on Windows:
termtool.exe -I 10.0.0.50 -k
termtool.exe -I 10.0.0.51 -g
SAFEQ TERMINAL CONFIGURATION UTILITY
Annotation
Overview
Terminal Configuration utility
Remote configuration tool
Reading configuration
Setting configuration
Conclusion
ANNOTATION
This guide provides the essential information on the configuration of the YSoft SafeQ Terminal Professional,
YSoft SafeQ Terminal UltraLight and YSoft SafeQ Network Card Reader.
You are expected to understand some networking and printing concepts: in particular, you should be
familiar with the client/server paradigm, with IP addressing and TCP/UDP ports.
The producer does not bear any responsibility for the use of any functions not specified here unless covered
by a separate document.
The producer rejects any and all responsibility for the consequences of improper, negligent or incorrect
installation or settings of optional operational system parameters.
OVERVIEW
YSoft SafeQ Terminal Professional, YSoft SafeQ Terminal UltraLight or YSoft SafeQ Network Card
Reader could be remotely configured via network. On the same subnet of network terminal could be
accessed via UDP broadcasts without knowing its IP address by Terminal configuration utility or anywhere
on network via TCP connection but with known terminal IP address by Remote configuration tool.
This utility can be downloaded from Y Soft Partners portal: http://helpdesk.ysoft.com.
YSoft SafeQ 5 1578

February 03, 2016
TERMINAL CONFIGURATION UTILITY
Following version of firmwares are supported by Terminal Configuration utility:
YSoft SafeQ Terminal Professional - FW higher than 3.7.5
YSoft SafeQ Terminal UltraLight and YSoft SafeQ Network Card Reader - FW higher than 1.0.0.
1 Open the SafeQ Terminal Configuration utility then click Scan. The utility discovers and lists all the
terminals that are in the same subnet that the configuration utility is running on.
2 Locate the terminal you want to install by looking for it's serial number in the Serial column.
NOTES:
Once user chose required serial number, it can be copied into the system clipboard by
pressing CTRL+C. This can be handy for transfer the serial number into the YSoft
SafeQ.
User can also copy all information about required terminal into the system clipboard by
clicking an arrow on the beginning of the line and pressing CTRL+C.
Several or all lines with terminals' information can be copied. To choose and copy only
some of the lines, CTRL key needs to be pressed while choosing the lines.
To choose all of it, CTRL+A keys need to be pressed while choosing the lines.
YSoft SafeQ 5 1579

February 03, 2016
3 Configure required options for the terminal.
1. a. If DHCPis enabled, in the Server cell, check to see that the IP address matches the IP address of
the SafeQ server. If it does not, select that cell and enter the correct IP address of the SafeQ server.
b. If DHCP is not enabled, enter IP addresses and ports in each field.
Fields decription:
Serial - Terminal's serial number.
DHCP - If checked DHCP is enabled, if unchecked DHCP is disabled.
IP - Terminal's IP address
Mask - Netmask address
Gateway - Gateway IP address
DNS - DNS server IP address
Server - IP address and port number of SafeQ server, to which you want to connect this
terminal. For Terminal Professional, and Terminal Ultralight set port 4096, for Network
Card reader set port 5011.
Sound - If checked sounds is enabled, if unchecked sounds is disabled.
Debug - Debug mode
Reader - Card reader type build-in terminal.
4 Click Save button to save new settings. The terminal will restart with new settings.
Close the Terminal configuration utility.
YSoft SafeQ 5 1580

February 03, 2016
REMOTE CONFIGURATION TOOL
Following version of firmwares are supported by Remote configuration tool:
Unautorized access:
YSoft SafeQ Terminal Professional - FW higher than 3.0.0.X
YSoft SafeQ Terminal UltraLight and YSoft SafeQ Network Card Reader - FW higher than 1.1.0
Authorized access:
YSoft SafeQ Terminal Professional - FW higher than 3.11.0
Remote configuration tool package contains command line executable for both windows and Linux. There
are also some scripts for quicker usage.
Configuration of some items requires access PIN to service menu level 1 or 2.
Details of configurable items are stored in enclosed documents (Terminal configuration details).
READING CONFIGURATION
Use correct script to get configuration. If required redirect output to file to store configuration (append “> file”
to the end of command)
Scripts:
sqpr_cfg_get – Terminal Professional – unauthorized protocol

sqpr_cfg_get_l1 – Terminal Professional – authorized protocol by pin level 1
sqpr_cfg_get_l2 – Terminal Professional – authorized protocol by pin level 2
YSoft SafeQ 5 1581

February 03, 2016
squl_cfg_get – Terminal UltraLight – unauthorized protocol
Examples for terminal professional with IP address 10.0.0.1 and with PIN 0000 to service menu level 1
sqpr_cfg_get 10.0.0.1
sqpr_cfg_get_l1 10.0.0.1 0000
sqpr_cfg_get_l1 10.0.0.1 0000 > old_config.txt
Possible values of each configurable item could be expanded in future so the best way is to
configure values manually on terminal in service menu, and then download current configuration to
get required values.
SETTING CONFIGURATION
Use correct script and file with new configuration to set it. File has to contain only changed items of
configuration. If you send read only items or items from higher level you will receive error.
Scripts:
sqpr_cfg_set – Terminal Professional – unauthorized protocol

sqpr_cfg_set_l1 – Terminal Professional – authorized protocol by PIN level 1
sqpr_cfg_set_l2 – Terminal Professional – authorized protocol by PIN level 2
squl_cfg_set – Terminal UltraLight – unauthorized protocol
Examples for terminal professional with IP address 10.0.0.1, with PIN 0000 to service menu level 1 and new
configuration stored in file “new_config.txt”
sqpr_cfg_set 10.0.0.1 new_config.txt
sqpr_cfg_set_l1 10.0.0.1 0000 new_config.txt
Possible values of each configurable item could be expanded in future so the best way is to configure
values manually on terminal in service menu, and then download current configuration to get required
values. From downloaded configuration prepare new file with required items only. Upload this new
configuration.
Terminal could automatically restart after configuration upload.
Upload of configuration may fail if terminal is in use.
CONCLUSION
This manual, like YSoft SafeQ itself, is in a constant process of development. While we strive to keep the
information relevant at all times, it is possible that, as new versions of YSoft SafeQ are being released, you
will find information here that is no longer entirely up-to-date.
If you cannot find information that you think it should be here and/or if you have any other suggestion for
further improvement, please don't hesitate to contact our Customer Support Services.
YSoft SafeQ 5 1582

February 03, 2016
4.9.8 HOW TO CONNECT BLOCKING CABLE TO MFP
Page and its child pages describe information about MFP configuration for using with a hardware
terminal.
In order to prevent using an MFP without a successful authentication, an MFP panel has to be locked and
can be unlocked via a hardware terminal communication with MFP over blocking cable only.
Information about exact procedure for locking panel and connecting blocking cable can be found in the child
pages:
How to block Samsung devices

How to block OKI devices
How to block Konica Minolta devices
How to block SHARP devices
How to block RICOH devices
How to block XEROX devices
How to block TOSHIBA devices
How to block FujiXerox devices
How to block HP devices
HOW TO BLOCK FUJIXEROX DEVICES
COMPATIBLE BLOCKING CABLES
YSQC0-002-0000 Cable Xerox (FDI Required)

YSQC0-003-0000 Cable Xerox Type 2 (FDI Required)
YSQC0-048-0000 Smart Cable Xerox v2 (FDI Required - Recommended for Fuji Xerox MFP)
BLOCKING FUJIXEROX DEVICE

The device will be blocked after connecting the FDI with switches configured to 1111101000
1. Enter service mode.

2. Configure each Key chain value to Enable.
3. After entering each value, touch Exit (keep log) -> YES.
Note: Each partner shall obtain pass code to enter service mode as well as Key Chain values from Fuji
Xerox. Y Soft cannot disclose this information which is covered by NDA.
Description NVN NVN Value

Parameter
A NVN for EPA accessory - enable Ask Fuji Ask Fuji

Xerox Xerox
YSoft SafeQ 5 1583

February 03, 2016
Description NVN NVN Value

Parameter
NVM for BARE - enable (For blocking with YSoft Terminal Professional Ask Fuji Ask Fuji
/Ultralight) Xerox Xerox
C NVM for FX IC CARD GATE - enable (For YSoft SafeQ Terminal Ask Fuji Ask Fuji
Embedded) Xerox Xerox
D NVN for Copy/print control - enable Ask Fuji Ask Fuji

Xerox Xerox
E NVN for FAX/Scan control - enable Ask Fuji Ask Fuji

Xerox Xerox
Note: To unblock the device it is necessary to disable NVN B or C and A before unplug Bare FDI / EPA
Card reader.
HOW TO CHOOSE A CORRECT BLOCKING CABLE MODE ON YSQC0-048-0000

On devices supporting blocking cable YSQC0-048-0000 requires selecting a correct blocking cable mode
(mode can be found in HCL). Here´s the procedure:
1. In the service menu of terminal proceed following way: I/O Module settings -> I/O module
2. Select YSQC0-048-0000 Smart Cable Xerox v2 is chosen and on the next screen set it to be
operating in mode corresponding with the device used.
Terminal Ultralight:
1. Use the termtool utility, how to use guide can be found in Configuring Terminal UltraLight
2. After selecting the proper terminal to configure continue with entering 4 – Car reader and IO module
setup and confirm with Enter. Press Enter one more time to skip the card reader setting.
3. By entering „?“ You can list all the available types. Choose YSQC0-048-0000 Smart Cable Xerox v2.
4. Choose mode corresponding with the used device. confirm by pressing Enter.
5. Press Enter one more time and continue entering 100 in order to reboot the terminal and save
changes made in its configuration.
EXAMPLES OF BLOCKING CABLE CONNECTION:
Xerox WorkCenter 7120
YSQC0-048-0000 Smart Cable

Xerox v2 (FDI Required)
YSoft SafeQ 5 1584

February 03, 2016
HOW TO BLOCK KONICA MINOLTA DEVICES
Applicable also for Olivetti and Develop devices.
YSQC0-004-0000 Cable KM KeyCounter – Male

YSQC0-005-0000 Cable KM KeyCouner - Female
YSQC0-039-0000 KM Vender2 v5 (8-pin)
YSQC0-044-0000 Smart Cable KM Vender2 v5 (8-pin,Type2)
CONFIGURATION OF DEVICE USING KEY COUNTER CABLE( YSQC0-004-0000, YSQC0-005-0000 )
1. Enter service menu of the device

2. Press STOP - 9
3. Click on Counter settings
a. Total counter mode must be setup on "MODE 2" and large size counter mode must be setup
on "A3/B4/11x17/8½x14".
4.
YSoft SafeQ 5 1585

February 03, 2016
4. Click on Management function choice

a. In Authentication device must be setup "Key counter only"
b. In this menu is also possible to change type of predefined message which is displayed in case
of blocked panel.
c. Item Key counter > Message1-Message4
CONFIGURATION OF DEVICE USING KEY COUNTER CABLE ON BIZHUB PRESS
1. Switch-off the MFP

2. Uncover the MFP in order to allow access to a Key counter connector
3. Unplug a small yellow/beige plug which covers the Key counter connector
4. Connect the Key counter blocking cable to the Key counter connector
5. Switch-on the MFP
6. Verify that the MFP is blocked (message "Please insert key counter" is displayed on the MFP panel)
and can be unblocked by the terminal
CONFIGURATION OF DEVICE USING KM VENDER2 CABLE( YSQC0-039-0000, YSQC0-044-0000 )

Leaving the blocking cable connected to MFP and disconnecting it from Terminal Professional
/Ultralight may cause inability to start the MFP or infinite reboots of the MFP.

2. Press STOP - 9
on "A3/B4/11x17/8½x14".
a. In service menu -> Management function choice -> must be setup "vender 2"
ALTERNATIVE CONFIGURATION FOR BIZHUB C3350 (FIRMWARE A3GN30G0206-999 OR NEWER REQUIRED)

2. Press STOP -> 2 -> 2 -> 2 -> 0 -> 0
on "A3/B4/11x17/8½x14".
a. In service menu -> Management function choice -> must be setup "vender 2"
ADDITIONAL SETTING
To enable printing with Vender 2 cable setup:
Tools/counters –> 3 Administrator setting –> 9 Security Setting –> 7 Management Function setting –> 1
Function setting
Copy - ON
Print - OFF
Send Scan/Fax – ON
YSoft SafeQ 5 1586

February 03, 2016
KM bizhub C364
YSQC0-044-0000 Smart Cable KM Vender2 v5 (8-

pin,Type2)
KM bizhub C364
YSoft SafeQ 5 1587

February 03, 2016
KM bizhub C554

pin,Type2)
YSoft SafeQ 5 1588

February 03, 2016
KM bizhub C654 / C754 / C654e / C754e

pin,Type2)
KM bizhub PRESS 1250
If the depicted wire conjunction is present (default

state) - the device is unblocked.
If this is removed - device becomes blocked and

blocking cable can be attached and used for un-
blocking.
YSoft SafeQ 5 1589

February 03, 2016
KM bizhub PRESS C6000
If the depicted wire conjunction is present (default

state) - the device is unblocked.
If this is removed - device becomes blocked and

blocking cable can be attached and used for un-
blocking.
YSoft SafeQ 5 1590

February 03, 2016
YSoft SafeQ 5 1591

February 03, 2016
KM bizhub C224e / C284e / C364e / C454e /

C554e / 224e / 284e / 364e / 454e / 554e

pin,Type2)
KM bizhub Cxx4e / xx4e
YSoft SafeQ 5 1592

February 03, 2016
KM bizhub C3350/C3850

pin,Type2)
KM bizhub 4050/4750

pin,Type2)
YSoft SafeQ 5 1593

February 03, 2016
HOW TO BLOCK OKI DEVICES
YSQC0-022-0000 Cable Toshiba Harness

YSQC0-035-0000 Cable Toshiba v2 (Type 4)
YSQC0-050-0000 Cable OKI v2
SETTING VIA DEVICE SERVICE MENU

After entering device service menu, following steps have to be performed:
1. open registry 9016(type) and set up option 0 or 1 (0 disabled, 1 - insert coin message)
Quit registry settings
Compatible
devices
OKI ES9460
OKI MC760
SETTING VIA DEVICE WEB INTERFACE

After you Login to the device Web interface using Administrator login perform following:
1. Click "Admin setup”

2. Click "Management"
3. Click "System setup"
4. Select "Accounting Device" from "Access Control" drop down menu
5.
YSoft SafeQ 5 1594

February 03, 2016
5. Click "Submit"
HW setup for testing:
1. I/O Module settings

2. I/O Module
3. N/A – Generic iomodules
4. Autodetect smartcable
Compatible
devices
OKI ES4191
OKI ES9460
YSQC0-035-0000 Cable
Toshiba v2 (Type 4)
YSoft SafeQ 5 1595

February 03, 2016
OKI ES4191
YSQC0-050-0000 Cable OKI

v2
YSoft SafeQ 5 1596

February 03, 2016
OKI MC760
YSoft SafeQ 5 1597

February 03, 2016
YSoft SafeQ 5 1598

February 03, 2016
HOW TO BLOCK RICOH DEVICES
YSQC0-012-0000 Cable Ricoh (20-pin)

YSQC0-013-0000 Cable Ricoh (4-pin)
YSQC0-013-0000 Cable Ricoh (4-pin) v2

1. Navigate to system settings -> operator tools ->key counter administration

2. Here choose what features have to be blocked (usually copy, scan)
In case that the standard procedure does not work - a device cannot be unlocked by the cable, you can try
another way (for example MP 4002, MP 5002, MP C3002, MP C3502, MP C4502, MP C5502):
1. Activate support for enhanced external charge unit management (SP mode 5-113-002 to 1)
2. Navigate to System Settings -> Administrator Tools -> Enhanced External Charge Unit Management
4. Also make sure the Key Counter Management in administrator tab has all functions turned OFF.
Procedure for MP C2003, MP C3003, MP C3503, MP C4503, MP C5503 and MP C6003 devices:
In case YSQC0-013-0000 Cable Ricoh (4-pin)/YSQC0-059-0000 Cable Ricoh (4-pin) v2 is used

set SP 5113-1 to value 0 and SP 5113-2 to value 0.
1. Navigate to system settings -> administrator tools -> key counter management
In case YSQC0-012-0000 Cable Ricoh (20-pin) is used set SP 5113-1 to value 1 and SP 5113-2 to
value 0.
1. Navigate to system settings -> administrator tools -> external charge unit management
Ricoh MP 4002
YSQC0-013-0000 Cable Ricoh (4-

pin)
YSoft SafeQ 5 1599

February 03, 2016
YSoft SafeQ 5 1600

February 03, 2016
Ricoh MP 2501sp

pin)
NOTE: Type A reduction for 20pin

connector needed.
Ricoh Aficio MP C2050

pin)
YSoft SafeQ 5 1601

February 03, 2016
Ricoh Aficio MP C2500
YSoft SafeQ 5 1602

February 03, 2016
Ricoh Aficio MP C3003 / C3503 /

C4503 / C5503 / C6003

pin)
NOTE: Connector is different by

design and needs
to be modified according to image.

pin)
YSoft SafeQ 5 1603

February 03, 2016
NOTE: Optional Counter Interface

Type A needs
to be installed on device.
YSoft SafeQ 5 1604

February 03, 2016
HOW TO BLOCK SHARP DEVICES
YSQC0-026-0000 Cable Sharp (Type 3)


1. press 26
2. press Start
3. press 3
4. press Start
5. select outside auditor as VENDOR-EX, vendor mode as MODE3
6. press Start
7. press CA
Quit registry settings
Compatible
devices
Sharp MX-2610N
Sharp MX-2614N
Sharp MX-2610N
YSoft SafeQ 5 1605

February 03, 2016
HOW TO BLOCK TOSHIBA DEVICES

YSQC0-022-0000 Cable Toshiba Harness

1. Open registry 202 (type) and set up option 0 up to 3 (0 disabled, 1, 2, 3 messages)
Quit registry settings.
SETTING VIA DEVICE SERVICE MENU FOR E-STUDIO 2505/2505H/2505F

1. Open registry and set (08)9016 to 1 to enable cost recovery mode.

2. Set (08)9017 to 1 (determines what is covered in cost recovery mode).
Quit registry settings.
Toshiba e-STUDIO 2820c
Toshiba v2 (Type 4)
YSoft SafeQ 5 1606

February 03, 2016
Toshiba e-STUDIO 255
Toshiba v2 (Type 7)
YSoft SafeQ 5 1607

February 03, 2016
HOW TO BLOCK XEROX DEVICES
YSQC0-002-0000 Cable Xerox (FDI Required)

YSQC0-048-0000 Smart Cable Xerox v2 (FDI Required)
BLOCKING XEROX WORKCENTER 5875 AND OTHER CONNECTKEY BASED PRINTERS

1. Navigate to Tools > Accounting settings > Accounting mode

2. Select Auxiliary access
3. In auxiliary device type select one you want to and press Save
4. Under Services Access & Accounting you can select services you wish to restrict - select all
services as restricted except printing.
5. Under Job Timeout check Enabled and set Job Timeout to 1 second
BLOCKING XEROX WORKCENTER 7120 ( FUJIXEROX BASED CONTROLLER )

The device will be blocked after connecting the FDI with switches configured to 1111101000
YSoft SafeQ 5 1608

February 03, 2016
After connecting FDI following steps have to be done via device service menu:
1. Navigate to Common Service Settings -> Maintenance/Diagnostic -> NVM Read / Write
2. Write “850-007“, click on Confirm/Change, write „3“, click on Save
3. Close - > Exir (Keep Log) -> Yes
4. MFP is restarted
NOTE: If the scan/fax function is not blocked automaticaly, change switch 850 015 to 1.
To unblock the device it is not sufficient only to revert back the change of Switch 850-007 back to 0 but also
it is necessary to set 850-001 switch to 0. This was chaged automatically by FDI connection. After
performing these changes FDI can be disconnected.
HOW TO CHOOSE A CORRECT BLOCKING CABLE MODE ON YSQC0-048-0000

On devices supporting blocking cable YSQC0-048-0000 requires selecting a correct blocking cable mode
(mode can be found in HCL). Here´s the procedure:
1. In the service menu of terminal proceed following way: I/O Module settings -> I/O module
2. Select YSQC0-048-0000 Smart Cable Xerox v2 is chosen and on the next screen set it to be
operating in mode corresponding with the device used.
Terminal Ultralight:
1. Use the termtool utility, how to use guide can be found in Configuring Terminal UltraLight article.
2. After selecting the proper terminal to configure continue with entering 4 – Car reader and IO module
setup and confirm with Enter. Press Enter one more time to skip the card reader setting.
3. By entering „?“ You can list all the available types. Choose YSQC0-048-0000 Smart Cable Xerox v2.
4. Choose mode corresponding with the used device. confirm by pressing Enter.
5. Press Enter one more time and continue entering 100 in order to reboot the terminal and save
changes made in its configuration.

YSoft SafeQ 5 1609

February 03, 2016

YSoft SafeQ 5 1610

February 03, 2016

YSoft SafeQ 5 1611

February 03, 2016
HOW TO BLOCK SAMSUNG DEVICES
YC01000 030 - Samsung

YC01000 051 - Samsung (Type 2)
YSoft SafeQ 5 1612

February 03, 2016
The FDI Kit allows blocking the machine enabling support of other devices such as swipe card terminals.
HOW TO ENABLE THE FDI AND BLOCK AN MFP
1. Click on Machine setting > security

2. Log in with admin.
3. Click Accounting.
4. Select Foreign Device Interface.
5. Select Inhibit Services.
6. Select Copy and Scan.
7. Save and logout.
Blocking cable
YC01000 030
Blocking cable
YC01000 0051
YSoft SafeQ 5 1613

February 03, 2016
FDI
Compatible FDI :
The part no of the

FDI for Samsung
9201 , 9251 ,9301 ,
8123 , 8128 is
CLX-kit10F
The part no of the

FDI for Samsung
6555 , 6545 , 8385
is FX-kit20F
YSoft SafeQ 5 1614

February 03, 2016
YSoft SafeQ 5 1615

February 03, 2016
YSoft SafeQ 5 1616

February 03, 2016
YSoft SafeQ 5 1617

February 03, 2016
HOW TO BLOCK HP DEVICES
YSQC0-011-0000
YSQC0-057-0000
BLOCKING OF HP DEVICES USING FIH TOOL (FOREIGN INTERFACE HARNESS)

Using the FIH tool can Block/Unblock the copy on an HP Devices. Contact the copy-tracking vendor of the
desired choice to arrange for the necessary hardware and cabling.
Download and install the FIH software. The software is available from the hp website give below:
Click here to visit the HP website at http://www.hp.com.
Once on this web page, type "lj637en.exe" (without quotes) into the search window and click the arrow to
the right of the search window. This will then display a web page with a link to download the FIH Harness
software (lj637.exe). The software is used to enable or disable the FIH portal. Use the software to set and
change the administrator personal identification number (PIN). Administrators can use the PIN option to
configure the FIH to prevent any unauthorized changes. Changes can be made only with the correct PIN
authentication. It is important to remember the PIN that is assigned to the FIH administration software. The
PIN is required to make any changes to the FIH.
DETAILS
Enabling the Foreign Interface Harness portal
Download the lj637.exe utility.
Run extracts the lj637.exe to default folder.
Double-click FIH.EXE to begin the configuration of the FIH portal. The Foreign Interface Harness dialog box
appears.
Click OK .
YSoft SafeQ 5 1618

February 03, 2016
Click Enable .
If the PIN is entered before, click No . If a PIN is entered before, click Yes .
If clicked No , enter and confirm the PIN, and then click OK . If clicked Yes , enter the PIN (1234) and click
OK .
NOTE: The PIN must be in numeric form.
Click the appropriate button for the type of connection: Direct or Network .
If Direct button is selected, enter the printer port. If Network button is selected, enter the IP address and
port for the printer.
YSoft SafeQ 5 1619

February 03, 2016
NOTE: The IP address for the HP Device can be found on the printer’s Configuration page. You can print a
Configuration page from the printer control panel by selecting MENU, CONFIGURATION MENU, and then
PRINT CONFIGURATION PAGE
If an incorrect IP address is entered, it gives an error message. Otherwise, the portal has been enabled.
Disabling the Foreign Interface Harness portal
Double-click the FIH.EXE file. The Foreign Interface Harness dialog box appears.
Click OK .
Click Disable .
Enter the PIN and click OK .
If Direct button is selected, enter the printer port and click OK . If Network button is selected, enter the IP
address and port for the printer, and then click OK . The portal is disabled.
NOTE: If the PIN number gets lost and the portal needs to be disabled try using the default listed to disable
it.
Changing the PIN
Double-click the FIH.EXE file. The Foreign Interface Harness dialog box appears.
YSoft SafeQ 5 1620

February 03, 2016
Click OK .
Click Change PIN .
Enter the current PIN and click OK .
Enter and confirm the new PIN, and then click OK .
If Direct is selected, enter the printer port and click OK . If Network button is selected, enter the IP address
and port for the printer, and then click OK . The PIN is changed.
HP 4345MFP
YSoft SafeQ 5 1621

February 03, 2016
YSQC0-011-0000
Please note that a connector of the blocking cable is

not locked by screews to the machine. In case that
the connector is not plugged in correctly, the MFP
panel cannot be unlocked by the terminal once the
communication between cable and MFP cannot be
estabilished.
HOW TO BLOCK CANON DEVICES
YSQC0-016-0000 Smart Cable Canon (4-pin) SSR

YSQC0-028-0000 Smart Cable Canon (4-pin, Female v2)
YSQC0-041-0000 Smart Cable Canon (9-pin DSUB, Male)
YSQC0-045-0000 Cable Canon (Type 1)
PROCEDURE
1. Open level 2 service menu.

2. Select Copier and then Options.
3. Blocking is set under „ACC“ menu in settings called „CC-SPSW“.
a. 0 is unlocked (normal settings)
b. 1 is locked by the SafeQ cable. Unlocking is done by login on the Terminal Profesional
/Ultralight
SCAN WORKFLOWS
To make the scan workflows work, you need to set up Adress Book entry on the machine (through web
interface). This sets the address for scan upload to a shared folder on SafeQ server. Note that each
YSoft SafeQ 5 1622

February 03, 2016
machine and each workflow needs to use own folder (e.g. \\server\scan\canon1\email and
\\server\scan\canon333\home)
EXAMPLES OF BLOCKING CABLE CONNECTION
Canon iR 1133(i)
YSQC0-045-0000
Cable Canon
(Type 1)
Connect cable to
left side of the
machine
Canon iR 2520(i)
/2530(i)/2535(i)
/2545(i)
YSoft SafeQ 5 1623

February 03, 2016
YSQC0-045-0000
Cable Canon
(Type 1)
Canon iR C1028i
YSQC0-045-0000
Cable Canon
(Type 1)
YSoft SafeQ 5 1624

February 03, 2016
Canon iR 1024i
YSQC0-046-0000
Cable Canon
(Type 2)
Canon iR ADV
C5051
YSQC0-047-0000
Cable Canon
(Type 3)
YSoft SafeQ 5 1625

February 03, 2016
Canon iR 3245i
YSQC0-047-0000
Cable Canon
(Type 3)
This connector is
in use by another
cable which is not
used.
Therefore unplug
the old cable and
plug in the blocking
cable.
4.9.9 FCC STATEMENTS
These statements are used on following pages:
YSoft SafeQ 5 1626

February 03, 2016
Terminal Ultralight
Network Card Reader
Using Terminal UltraLight
Using Terminal Professional


4.10 INSTALLING AND CONFIGURING YSOFT MOBILE PRINT SERVER
Installing YSoft Mobile print server - Installation procedure of YSoft Mobile print server
Troubleshooting Mobile print server - Guide how to troubleshoot unwanted behaviour
Configuring Mobile Print Server - Configuration of YSoft Mobile print server
User mail notification composition - Guide how to setup user mail notification according to your
needs
4.10.1 INSTALLING YSOFT MOBILE PRINT SERVER
This page describes how to use the interactive installer to perform a basic YSoft Mobile print server
installation.
Prerequisites
Uninstalling
YSoft SafeQ 5 1627

February 03, 2016
PREREQUISITES
Mobile Printing Server requires online connection to a CML node or an ORS

Microsoft .NET framework 4.5
Proper configuration of e-mail server and related settings in SafeQ CML or ORS
Dedicated e-mail account with IMAP(S) or POP3(S) is required for receiving jobs by email
E-mail addresses and mailboxes must be provided by the customer. Mobile Printing may increase
load on the e-mail server, depending on environment sizing
E-mail addresses (alias) defined for users using Mobile Print Server must be unique in the whole
SafeQ environment
Target printer has to support plain PDF (PostScript print language) to be able to release the
converted job. For some MFPs the PostScript option is not available by default and could be added
additionally.
YSoft Mobile Print Installer version 5.+ does not support update from version below 5.0. For such
update backup your configuration, uninstall the old version and then run the interactive YSoft Mobile
Print Installer.
1 Obtain and run the installation file ysf-mps-install.exe from the YSoft Partner Portal. Once you
have the file and the server is ready for installation, you can begin YSoft Mobile print server
installation.
Before the installation of this component you need to install Microsoft .NET Framework 4.5.
You can download this component at http://www.microsoft.com/en-us/download/details.aspx?
id=40779
Before the installation of this component, it is necessary to configure the mail server settings
in the YSoft SafeQ Web interface. Basic configuration of the mail server is described in the article
Widgets - Welcome to YSoft SafeQ
2 Select the language that will be used for the installation process.
YSoft SafeQ 5 1628

February 03, 2016
3 Close all other applications to avoid issues with updating the relevant system files and press Next
.
YSoft SafeQ 5 1629

February 03, 2016
5 Choose destination folder in which the YSoft Mobile print server will be installed.
YSoft SafeQ 5 1630

February 03, 2016
6 Set up connection to YSoft SafeQ.
YSoft SafeQ server IP - network address of the YSoft SafeQ server

Port - Port where YSoft SafeQ is accepting jobs, default value is 9100
Web port - The port of YSoft SafeQ web interface, default value is 80
Purge period - number of hours that YSoft Mobile print shall wait before deleting
undelivered documents. default value is 168 hours (1 week)
Choose what components of YSoft Mobile print server you want to configure. Depending on your
choice YSoft Mobile print server installer will let you to configure these components on next
screens.
Shared folder settings - settings allowing documents to be uploaded via Mobile

print web interface to shared folder - continue with step 7
Email server settings - settings allowing to process documents coming as email
attachments to a dedicated mailbox - continue with step 8
Both settings - settings for shared folder and email server - continue with step 7
YSoft SafeQ 5 1631

February 03, 2016
7 Shared folder setup
Configure YSoft Mobile print server to work with YSoft SafeQ
Shared folder is used to store documents uploaded via web and pass these documents to YSoft
SafeQ.
Shared folder - path to shared folder can be:
local path - use Browse button to select local folder (applies in case YSoft SafeQ
and YSoft Mobile Print Server are installed on same server)
UNC path - in case the YSoft SafeQ server runs on remote server
(notation: \\<YSoft SafeQ host>\<Shared folder>, example: \\10.0.10.220
\C$\SafeQ5\server\mobile )
Username - username of user that has access to shared folder (UNC)
Password - password of user that has access to shared folder (UNC)
Synchronization period - number of seconds that YSoft Mobile print shall wait before checking
for new documents, default value is 1 second
YSoft SafeQ 5 1632

February 03, 2016
8 Email server setup
Configure YSoft Mobile print server to work with email server with dedicated email address.
YSoft SafeQ 5 1633

February 03, 2016
Email Server IP - network address of the email server
Username - identify mailbox that shall be checked for incoming documents, example:
user@domain.com
Password - password to mailbox mentioned above
Protocol that shall be used for communication with the email server
IMAP protocol - define port that shall be used for communication with the email
server - default value is 143
POP3 protocol - define port that shall be used for communication with the email
server - default value is 110
Enable secure connection - Mobile print server will use secured communication communicate
with mail server
Default value for IMAPs is 993

Default value for POP3s is 995
9 Configuring SafeQ
Visit SafeQ web interface and complete Mobile print server setup by enabling Mobile print server.
YSoft SafeQ 5 1634

February 03, 2016
You can also adjust and customize Mobile print server settings and behavior. See guide to Config
uring Mobile Print Server .
NOTE: If you are installing Mobile print server on same server as ORS (Offline Remote
Spooler), the link that this installer provides is wrong and leads to that ORS (known bug), you
need to open the web interface of a CML ( Central Management Layer ) node to configure it.
10 YSoft Mobile print server installer proceeds with the installation.
YSoft SafeQ 5 1635

February 03, 2016
YSoft SafeQ 5 1636

February 03, 2016

If an error occurred during the installation process, the best way to troubleshoot it is to check the installation
log file that is created during the process. All installation log file is located in the YSoft Mobile print server
mps-install.log - contains information about the entire YSoft Mobile print installation process.
UNINSTALLING
Mobile Print Server can be uninstalled:
as ordinary Windows application from the list of application

by running program uninstall.exe that can be found at YSoft Mobile print server home folder
TROUBLESHOOTING MOBILE PRINT SERVER
TROUBLESHOOTING
LOGGING
All information about running the application will be saved in file mps.log stored in
<MobilePrintSeverHomeFolder>\Logs\.
YSoft SafeQ 5 1637

February 03, 2016
There are four possible messages this file can content. Some of them can be used for troubleshooting in
case of Mobile Printing Server malfunction. See table below.
Value Example Note
DEBUG read value from the web service for developers
ERROR wrong license for technician

/administrator
INFO connected to server exchange.ysoft. for technician

com /administrator
WARN could not convert the document for technician

/administrator
Picture 1: mps.log file
MOBILE PRINT SERVER IS CRASHING BUT THERE IS NO INFO IN LOG
If Mobile Print Server is crashing but there is no useful information logged, there are two possibilities how to
investigate:
1. Observe events in Event Viewer (you can find it in Administrative tool or simply execute Eventvwr. msc)
2. Run Mobile Print Server from command line:
Run new Command Prompt window (cmd.exe) and in it execute Mobile Print Server, e.g. c:\Program Files
(x86)\YSoft Mobile Print Server\Service\MobilePrint.exe.
When the crash happen, select Close the program in the dialog.
YSoft SafeQ 5 1638

February 03, 2016
Picture 2: Mobile Print Server crash
Additional information about reason of failure appear.
Picture 3: Reason of crash
4.10.2 CONFIGURING MOBILE PRINT SERVER
Configuration of Mobile Print via CML Web interface

Functional settings
Other settings
Default paper size
Mobile Print Server configuration propagation
Additional Mobile Print Server configuration
mps.config
conversion.config
Custom conversion settings for some file types
Fonts configuration
YSoft SafeQ 5 1639

February 03, 2016
Unwanted email attachments

Encoding and fonts of text documents
CONFIGURATION OF MOBILE PRINT VIA CML WEB INTERFACE
To enable Mobile Print Server and set global options for it on CML, use YSoft SafeQ web interface. Follow
the instructions below.
1) Open YSoft SafeQ web interface http://SAFEQ_IP:SAFEQ_HTTP_PORT/ (for example http://192.

168.1.1:80/) and login as administrator
2) On page navigate to System than System settings
3) To access all of the options for Mobile Print Server, Expert views have to be set
4) Open category Mobile Print Server
FUNCTIONAL SETTINGS
Option Note
Allow mobile print for anonymous users System accepts jobs for mobile print from user without
authentication. Default value is disabled.
Force B/W for Mobile print Mobile Print Server will force black/white printing. Default
value is disabled.
Limitation: On Xerox MFPs it is not possible to force job

to be printed in gray scale.
Force duplex for Mobile print Mobile Print Server will force duplex printing. Default value is
disabled.
Ignore e-mail body If enabled and document contains any attachment, only
attached file will be converted and e-main body will be
ignored. If disabled, both body and attached file will be
converted. Default value is enabled.
Print job title prefix String that will be used as prefix for all print jobs received via
Mobile Print feature.
Enable Mobile Print Server
YSoft SafeQ 5 1640

February 03, 2016
Option Note
Enables or disables Mobile Print Server. Has to be set as

enabled.
Enable release of job on printers with If enabled, user will see list of printers in mobile web
direct queue from mobile interface. interface and can choose one for print. Default value is
disabled.
Only printers assigned to given SafeQ server which has

at least one direct queue and enabled Mobile tag are
offered.
mpsCheckTimeout Time interval to control mailbox in milliseconds. It can be

defined locally if needed, too. The default and recomended
value is 10 000 (= 10 seconds).
Picture 1: SafeQ interface - enabling Mobile Print Server
Picture 2: SafeQ interface - enabling direct queue
Picture 3: SafeQ interface - e-mail setting and job title prefix
YSoft SafeQ 5 1641

February 03, 2016
Picture 4: SafeQ interface - usage and print options
This feature is configured by configuration properties in the Mobile Print Server section of the System
Settings:
Option Note
Allow guest user registrations

Disabled - guest user registration is not allowed.
Enabled without money accounts - allows the user self-
registration, the money accounts are however not created for
the self registered users
Enable with money accounts - allows the user self-registration
and also automatically creates accounts in the YSoft Payment
System for the self registered users
The option Enable with money accounts requires YSoft Payment

System to be enabled and properly configured.
Template user for permanent Enter a user name of a user that will be used as a template when
guest users accounts creating accounts for the guest users. In case this field is empty, no
template will be used and users will be created with default values.
Guest users expiration period Specifies how long self registered users (guest users) will exist in
YSoft SafeQ before they are deleted. All permitted letters are: m -
month, w - week, d - day, h - hour. For example 2m 3w 2d 21h.
If this field is left empty, guest users accounts are created as

permanent.
Template user for temporary Enter a user name of a user that will be used as a template when
guest users accounts creating accounts for the temporary guest users. In case this field is
empty, no template will be used and users will be created with default
values .
Fixing of PowerPoint files page Fix incorrectly generated page size in PowerPoint files.
size
The option can be overwritten locally.
mps.config - example
YSoft SafeQ 5 1642

February 03, 2016
Option Note
<?xml version= "1.0" encoding= "utf-8" ?>

<mps correctSlideSize= "false" >
...
</mps>
PowerPoint files contain incorrect page size info which cannot be

processed by some printers (e.g. A4 is set to be 190.5 X 275.1mm).
This option enables an automatic correction. Mobile Print is currently
able to correct following formats: A4, A3, Ledger and Letter. (Letter's
size is the same as for 4:3 format. In this case, defaultPaperSize
setting is used to decide the output format.)
Notification settings
SafeQ Mobile Print Server provides highly customizable e-mail notification about job processing. By setting
the options listed below the administrator can customize and/or localize the notification e-mails sent to the
user.
For more information about the notification e-mail composition see Mobile Print Server - User mail
notification composition.
Option Note
Finish option black- Description of finishing option B/W set.

white
Finish option duplex Description of finishing option Duplex set.
Job conversion failed Description when a job failed to convert.
Job list footer Text below the jobs list, should contain the link to the Mobile Print Server Web
Interface (placeholder #MOBILEWEBINTERFACE#).
Job list header Text above the jobs list.
Job processing failed Description when a job failed to process (in case of general or unknown error).
Job send failed Description when a job failed to be sent to SafeQ.
Job was successfully Description when a job was successfully processed and sent to SafeQ.
processed
Mail authentication Text when the sender's email address is not registered to any user in SafeQ.
failed
Mail duplicate address Text when the sender's email address is registered to more than one user in
SafeQ.
YSoft SafeQ 5 1643

February 03, 2016
Option Note
Mail header General notification mail header.
Mail send failed Text when the sender's email address could not be verified, because of no
connection to SafeQ.
Mail send was Text when the email was accepted by the SafeQ Mobile Print Server.
successful
Notify finish option Text about which finishing options are set.
forced
Picture 5a: SafeQ interface - notification email settings
YSoft SafeQ 5 1644

February 03, 2016
Picture 5b: SafeQ interface - notification email settings
OTHER SETTINGS
DEFAULT PAPER SIZE
For formats where no paper size is encapsulated in it (i.e. HTML, MHTML, TXT, E-mail), there is a
configuration option defaultPaperSize that allows to set the paper size for such jobs. There are two sizes
available - A4 and Letter, where A4 is the default option.
1) Open YSoft SafeQ web interface http://SAFEQ_IP:SAFEQ_HTTP_PORT/ (for example http://192.

168.1.1:80/) and login as administrator
2) On page navigate to System than System settings
3) To access all of the options for Mobile Print Server, Expert views have to be set
4) Open category Regional settings
Option Note
Default paper The value uses Mobile Print Server as a default paper size for printed documents where
size no paper size is encapsulated in it (i.e. HTML, MHTML, TXT, E-mail).
The option can be overwritten locally.

<mps defaultPaperSize= "Letter" >
...
</mps>
YSoft SafeQ 5 1645

February 03, 2016
Picture 6: SafeQ interface - regional settings for MPS
MOBILE PRINT SERVER CONFIGURATION PROPAGATION

Configuration is loaded to Mobile Print Server during startup and is refreshed every 15 minutes.
In order to propagate changes immediately to Mobile Print Server, restart service YSoft SafeQ Mobile Print.
Open services.msc, select service YSoft SafeQ Mobile Print and restart this service
Picture 7: Mobile Print service - restart service
ADDITIONAL MOBILE PRINT SERVER CONFIGURATION
If you want to do some additional changes in the Mobile Print Server configuration, you can do it in the
configuration files once the Mobile Print Server is installed.
There are two configuration files called mps.config and conversion.config and their purpose is to set local
options of Mobile Print Server. Both files are located in <MobilePrintFolder>\Service\conf\.
MPS.CONFIG
In the mps.config file administrator can set or update an IP addresses of the SafeQ server it is sending
jobs to, e-mail accounts which will be assigned for sending jobs to Mobile Print Server and source folders
where the files for processing (either from upload from web interface or as 3rd party interface) will be saved.
The source folder has to be set with rights to read/write for user under whom the Mobile Print Server is
running.
Element Description
folderSource Path to source folder location. For installation on CML server default setting can be used
without any changes, otherwise proper IP address and folder has to be set. If folder
YSoft SafeQ 5 1646

February 03, 2016
Element Description
source is available under different credentials than Mobile Print Server is running, you
can add userName and password parameters and fill proper values. DownloadInterval
specifies in milliseconds how often hotfolder is checked (default 1 second).
Template for adding source folder is following:
<add host="" path="" />
or if you need to use optional parameters:
<add host="" path="" userName="" password="" downloadInterval="" />
emailSources Mailbox setting consists of type of protocol to use ( "IMAP" or "POP3" ), host IP address,
username as dedicated mailbox for mobile print server, password to the mailbox and port
to with should Mobile print connect. Only one Mobile Print Server can be set per email
source but one Mobile Print Server can operate more email sources.
Template for adding mailbox is following (minimal version):
<add type="" host="" userName="" password="" port="" />
<add type="" host="" userName="" password="" port="" secure="true"

implicitSecurityMode="true" numberOfConnections="5" ignoreCertificateChainErrors="
false" maxEmailsPerBatch ="30" networkOperationTimeout="60" />
secure - possible values are false, true, auto. False means no SSL/TLS, true
means SSL or TLS will be used.There is also possible to set value to auto and let
MPS to solve the negotiation about connection security.
implicitSecurityMode - mps uses this parameter if secure is set to true. False value
means communication with email server starts without SSL/TLS and secure layer
is set during the communication, true value means that SSL/TLS is used from the
begining of the communication with email server.
ignoreCertificateChainErrors - if you have an exchange server with a self-signed
certificate and want to connect through SSL/TLS, you have to set this value to true.
Warning: All mail server certificate errors are ignored if set to true, please consider
the security risks.
maxEmailsPerBatch - maximum nuber of emails downloaded at once (in one tick
of the mpsCheckTimeout set in SafeQ) - default value is 50
networkOperationTimeout - timeout in seconds for the download of the whole
email batch including all attachments - default value is 60
printServers SafeQ server IP and ports. Set secure="true" if you want MPS to communicate with
SafeQ via https.
Template for adding SafeQ server is following:
YSoft SafeQ 5 1647

February 03, 2016
Element Description
<add hostIP="" />
<add hostIP="" port="" webPort="" secure="" />
failedFiles Settings for files that weren’t processed successfully (folder where the files should be
moved, time in seconds after which the files should be deleted). If no settings provided,
the default values are used (default folder is „Failed“, default time is 7 days).
To set multiple elements of same type, add separate record for each of them.
Default port communication via protocol IMAP is 143 and for POP3 is 110
Optionally you can set attribute "secure" to "true" is you want to use secured communication via SSL
/TLS. Default port for secured connection for IMAP is 993 and for POP3 is 995.
To additionally encrypt email password, use SafeQ web interface. Otherwise, the password will be
displayed as plain text and will be legible. To do so, use Text encryption tool in SafeQ Dashboard.
1) put the email password into the field and press Encode button.
2) copy and paste your encrypted password into the mps.config file. See examples below.
Example of mps.config setting

<mps defaultPaperSize= "A4" correctSlideSize= "false" > 

<folderSources>

YSoft SafeQ 5 1648

February 03, 2016
<add host= "127.0.0.1" path= "C$\SafeQ5\server\mobile" userName= "administrator" password= "

code,-3,5,98,45,18,-7,-125,-92" downloadInterval= "1000" />
</folderSources>
<emailSources>


<add type= "Imap" host= "192.168.1.1" userName= "mps@company.com" password= "code,-41,
-62,68,-106,13,21,-111,-57" port= "143" secure= "False" />
</emailSources>
<printServers>

<add hostIP= "127.0.0.1" port= "9100" webPort= "80" />
</printServers>
<failedFiles folder= "Failed" maxAge= "604800" />
</mps>
web port
Please make sure your webPort matches the web port used by Y Soft SafeQ web interface.
CONVERSION.CONFIG
In the conversion.config file two types of elements are present.
Element Description
For This element describes the rules for processing the files according their types. Files not
extension defined by this rule will not be processed.
By default, all the extensions are converted by the built-in Aspose library: .doc, .dot, .docx, .
dotx, .docm, .dotm, .rtf, .xml, .odt, .ott, .html, .xhtml, .mhtml, .xls, .csv, .xlsx, .xlsm, .xlsb, .
xltx, .xltm, .ods, .ppt, .pptx, .pps, .ppsx, .pot, .potx, .odp, .txt, .fo, .svg, .xps, .epub, .bmp, .
jpeg, .jpg, .tiff, .png, .gif, .emf, .ico, .wmf
Also, by default, .pdf files are not converted and passed on to SafeQ without change, as .
pdf is our standard output format.
If you want to configure Mobile Print Server to convert certain documents with other
conveters, you can use:
MS Office (convert-by="msOffice") can handle files: .docx, .doc, .odt, .rtf, .xlsx,
.xls, .ods, .pptx, .ppt, .odp, .bmp, .jpeg, .jpe, .jpg, .tif, .tiff, .png, .gif
Libre / Open Office (convert-by="libreOffice") can handle files: .docx, .doc, .
odt, .txt., .rtf, .xlsx, .xls, .ods, .pptx, .ppt, .odp, .bmp, .jpeg, .jpe, .jpg, .tif, .tiff, .
png, .gif
iText (convert-by="iText") can handle files: .bmp, .jpeg, .jpe, .jpg, .tif, .tiff, .png,
.gif
YSoft SafeQ 5 1649

February 03, 2016
Element Description
Image Magic (convert-by="imageMagickCmd") can handle files: .bmp, .jpeg, .

jpe, .jpg, .tif, .tiff, .png, .gif
Plain text (convert-by="textFile") can convert only .txt files.
Options Here you can define a few options for the converters. For example if you want to use Libre
Office application for conversion, you have to set a path to it. MS Office path is stored in the
Windows registry and the Mobile Print application is able to get it automatically. Other
converters don't need this as they are embedded in Mobile Print application.
Also, if you want to convert plain text files (.txt) with Aspose using a specific font, specify it
in options as per example below. If not specified, Arial Unicode MS will be used, which can
handle unicode characters like cyrylic, hiragana and others.
CUSTOM CONVERSION SETTINGS FOR SOME FILE TYPES
LibreOffice documents (.odt, .ods, .odp)

Some of more complicated LibreOffice documents may be converted incorrectly by Aspose converter. In
this case please use LibreOffice converter for the affected file formats.
Images (.jpg, .gif, .png)

For .jpg, .gif and .png image formats, the default Aspose converter is slower than the alternative converters,
especially with large files. If you expect high volumes of these and performance is critical, consider using
ImageMagic converter for .gif and .png images and iText converter for .jpg images. Note that there might
be some differences between the converters especially in regards to page layout.
Text file (.txt)

If you expect processing large .txt files (exceeding 400 kB or 100 pages), consider using textFile converter
which is significantly faster for large .txt. files than the default Aspose converter.
conversion.config
<?xml version= "1.0" ?>

<conversionConfig>

< for extensions= ".doc, .dot, .docx, .dotx, .docm, .dotm, .rtf, .xml, .odt, .ott, .htm, .
html, .xhtml, .mht, .mhtm, .mhtml, .xls, .csv, .xlsx, .xlsm, .xlsb, .xltx, .xltm, .ods, .ppt, .
pptx, .pps, .ppsx, .pot, .potx, .odp, .txt, .fo, .svg, .xps, .epub, .bmp, .jpeg, .jpe, .jpg, .
tif, .tiff, .png, .gif, .emf, .ico, .wmf" convert-by= "aspose" />

YSoft SafeQ 5 1650

February 03, 2016
<options>

</options>
</conversionConfig>
FONTS CONFIGURATION
MPS uses fonts that are available in the system font folder as well as fonts stored in MPS custom folder
(standard path is: $mobilePrintHome$\Service\Fonts). Fonts used in LibreOffice and OpenOffice are
distributed with Mobile Print Server in this folder.
If there is a need to use company specific fonts or more unusual ones not being part of the system
distribution nor MPS distribution it is necessary to install these fonts on server where Mobile Print Server is
running.
To install fonts you can either:
Copy fonts to directory <windir>\Fonts

OR
Install every font by double clicking on its source file
OR
Copy fonts to directory $mobilePrintHome$\Service\Fonts
UNWANTED EMAIL ATTACHMENTS
Some email clients create unwanted attachments which shouldn't be printed by YSoft SafeQ. For example
some iOS clients create ATT00001.txt attachment even if email is sent with no attachment.
There is a functionality in MPS that helps get rid of these unwanted attachments. It is configurable via
Ignored attachments (ignoredAttachments) property in the System settings. You can specify ignored
attachments here. Values must be separated by comma "," character. To insert a comma into the file name,
you can use wild card characters "?" and "*" (similar to file search). Default value of the property is
"ATT0000?.txt" to prevent unwanted attachments that come from iOS email clients by default.
All attachments matching ignoredAttachments property values will be ignored and MPS will not send any
notification about this event (it is only logged).
ENCODING AND FONTS OF TEXT DOCUMENTS

There is a possibility that text files with some national encoding is converted in a wrong way. This happens
mainly due the problems with encoding detection. There is no algorithm to detect encoding reliably in 100%
of cases.
For this reason there is default encoding property which is used when encoding is not reliably detected.
Property is called mpsDefaultEncoding and its default value is "UTF-8". National encoding could be set
here (for example: "WINDOWS-1250").
YSoft SafeQ 5 1651

February 03, 2016
Do not forget to set also proper font (for text files converted with Aspose convertor) that supports national
characters if you encounter problems with encoding. This could be done within conversion.config file in
options part: Arial Unicode MS or Calibri is recomended. The font must be present in the system.
font for text files
<options>
<add key= "asposePlainTextFont" value= "Calibri" />
</options>
MOBILE PRINT SERVER - USER MAIL NOTIFICATION COMPOSITION
OVERVIEW
Notification e-mail composition is based on the following template:
Notification mail template
1. Mail header
2. Mail authentication result information
3. Job list header
4. List of jobs
5. Forced finishing options information
6. Job list footer
7. Mail footer
The e-mail message always contains a mail header (Mail header option), user's mail authentication result
information (based on the authentication result one of the options: Mail authentication failed, Mail duplicate
address, Mail send failed, Mail send was successful) and at the end a mail footer (Mail footer option).
In case of successfully authenticated user's e-mail, the processing details of all jobs are inserted between
the mail authentication result information and the mail footer:
the job list header (Job list header option),

the list of all jobs (one job per line) from the mail in format < job filename> <job processing status>
(based on the job processing result one of the options: Job conversion failed, Job processing failed,
Job send failed, Job was successfully processed),
YSoft SafeQ 5 1652

February 03, 2016
the information about forced finishing options (Notify finish options forced option + Finish option black-
white and/or Finish option duplex options, based on the finishing options set),
the job list footer (Job list footer option).
For better understanding see the examples below (using default values).
EXAMPLES
Mail authenticated, all jobs processed
Dear user, Mail header
this is an email notification about the result of your request to print

documents via YSoft Mobile Print Server.
Your request was successfully accepted by YSoft Mobile Print Mail send was
Server. successful
The processing of requested documents finished with following Job list header
results:
Successfully
Document.pdf was successfully queued processed jobs
Document.txt was successfully queued
Excel.xlsx was successfully queued
Picture.jpg was successfully queued
Picture.png was successfully queued
PowerPoint.pptx was successfully
queued
Word.docx was successfully queued
You can release your jobs on any terminal or you can use http://example. Job list footer
com/m to edit, view and release jobs.
This message has been sent by YSoft SafeQ Mobile Print. Mail footer
YSoft SafeQ © 2003 - 2016
YSoft SafeQ 5 1653

February 03, 2016
Mail authenticated, some job processing errors, B/W and duplex finishing options forced
Dear user,
this is an email notification about the result of your request to print documents via YSoft Mobile
Print Server.
Your request was successfully accepted by YSoft Mobile Print Server.
The processing of requested documents finished with following results:
Document.pdf was successfully queued

Document.txt was successfully queued
Excel.xlsx was successfully queued
Picture.jpg was successfully queued
Picture.png was successfully queued
Job conversion failed, job send

Notsupported.xxx could not be converted because of failed
unkonwn format
Word.docx could not be sent to SafeQ
Note that following finishing options are forced: black Notify finish options forced, Finish option
and white, duplex black-white, Finish option duplex
You can release your jobs on any terminal or you can

use http://example.com/m to edit, view and release jobs.
This message has been sent by YSoft SafeQ Mobile

Print.
Not registered e-mail address
YSoft SafeQ 5 1654

February 03, 2016
Dear user,
this is an email notification about the result of your request to print documents via YSoft Mobile
Print Server.
Your email could not be verified by YSoft Mobile Print Server because your Mail
email is not registered in SafeQ. authentication
failed
This message has been sent by YSoft SafeQ Mobile Print.

No connection to SafeQ server
Dear user,
this is an email notification about the result of your request to print documents via
YSoft Mobile Print Server.
Your email could not be processed YSoft Mobile Print Server because there is no Mail send
connection to SafeQ. failed

Duplicate e-mail address
Dear user,
this is an email notification about the result of your request to print documents via
YSoft Mobile Print Server.
Your email could not be verified by YSoft Mobile Print Server because other Mail duplicate
user has registered the same email address in YSoft SafeQ. address
YSoft SafeQ 5 1655

February 03, 2016

4.11 INSTALLING AIRPRINT
4.11.1 INSTALLATION STEPS
1 Execute the installer.
2 Fill the configuration form:
YSoft SafeQ server IP or hostname: Address of the server where a SafeQ spooler is located
(usually the nearest ORS)
Port: TCP port of a YSoft SafeQ Server, where the YSoft SafeQ Connecter for AirPrint will try
to connect for job delivery (default 9100)
SafeQ Open Services port: The service runs on the same port on both the CML and ORS
(default: 5556)
Printer name: Name of the printer that will be visible on the devices which will be using the
AirPrint
AP port: Port on which the printer will be announced (pick a port which is available and not
used by other services)
YSoft SafeQ 5 1656

February 03, 2016
3 During installation, you will be prompted to install the Apple's Bonjour.
NOTE: If you have already installed Bonjour Print Services in the past, just cancel the Bonjour
installer and click Ignore in the error notification window.
YSoft SafeQ 5 1657

February 03, 2016
4 After the installation, there should be 2 running services:
YSoft SafeQ AP Connector (status: Started)

YSoft SafeQ AP Announcer (status: Started)
NOTE: If the services are not started, check <SAFEQ_AP_DIR>\logs directory for any indication
of errors.
4.11.2 CONFIGURATION
All information regarding the options specified in the configuration file below can be found in the official
Bonjour Printing Specification at https://developer.apple.com/bonjour/printing-specification/bonjourprinting-
1.2.pdf.
[Service]
Binary=T
Color=T
PaperMax=
Transparent=T
URF="CP255,DM1,FN3,IFU1-2-3-4,IS1-2-3-4,MT2-3-4-5-6,OB10,PQ3-4-5,RS600,SRGB24,V1.2,W8"
domainname=local
name=SafeQ
note=YSoft SafeQ
pdl="application/postscript,application/vnd.hp-PCL,image/pwg-raster,application/pdf,application
/PCLm,image/tiff,image/jpeg,image/urf"
printerstate=3
printertype=0x21014
rp=ipp/print
YSoft SafeQ 5 1658

February 03, 2016
subtype=_universal
type=_ipps._tcp
air="username,password"
4.11.3 SSL CERTIFICATE
AirPrint use secure connection by default and use its own certificate. If you want to change server
certificate, follow these steps:
1 Remove default certificate binding.
Execute following commands in console:
netsh
http
delete sslcert ipport=<IP>:<port>
Where IP is 0.0.0.0 or 1.1.1.1 and port is the port to which is certificate bound. If you are not sure, you
can list all the ssl certificates with following commands:
netsh
http
show sslcert
2 Import certificate to Windows
If you don't have your certificate already in Windows, you can import it following steps here:
http://windows.microsoft.com/en-us/windows/import-export-certificates-private-keys#1TC=windows-7
3 Add SSL binding to port
Execute following command in console:
netsh
http
add sslcert ipport=0.0.0.0:<port> appid={214124cd-d05b-4309-9af9-9caa44b2b74a}
certhash=YOURCERTHASH
YSoft SafeQ 5 1659

February 03, 2016
You can find value of certhash following these steps:
1. Open mmc.exe
2. Add snap-in Certificates and then check Computer account
3. Find your certificate and double click on it
4. Certificate hash is located in Detail page under Thumprint label
5. Remove spaces in certificate hash and past in instead of YOURCERTHASH
TROUBLESHOOTING
INSTALLER
Log file of installer is located at the <SAFEQ_AP_DIR>\InstallationLog.txt.
For better identification of the issue, click "Ignore" on any error window that pop ups during installation, it
will keep the installation log intact. Clicking "Cancel" will cancel installation and uninstall any installed files
(including the log file).
NOTE: If the YSoft SafeQ does not have valid AirPrint license, the AirPrint will refuse any print job and
display information that the YSoft SafeQ has no licence. More information is in the logs located at
<SAFEQ_AP_DIR>\logs\*.
IPPSERVER AND ANNOUNCER
Log files of IPPServer and Announcer are located at <SAFEQ_AP_DIR>\logs.
4.11.4 TROUBLESHOOTING AIRPRINT
FIRST JOB HAS TO BE CANCELED/REQUEUED
DESCRIPTION
The first job on Mac OS X has to be canceled because the print job will not be correctly delivered to the
YSoft SafeQ server.
SOLUTION
Change the TXT Record in the "services.d/service.cfg" file from
air=username, password
to (see the removed space after comma and quotes before and after the value)
air="username,password"
YSoft SafeQ 5 1660

February 03, 2016
4.12 PRINTER CONFIGURATION FOR WORKSTATION AND SERVER
This page and its sub-pages represents available options and configurations of printers for Workstation and
Server in YSoft SafeQ printing environment.
There are options available:
Adding a printer to print via an LPR port from a Windows workstation or server - Win7
Installing YSoft SafeQ Client on a Windows workstation, server, or server cluster
Printing from a Windows workstation or server using SafeQ Command Line Client
Configuring a printer for LPR printing on a Mac workstation
Configuring a printer for LPR printing in Linux
4.12.1 ADDING A PRINTER TO PRINT VIA AN LPR PORT FROM A WINDOWS WORKSTATION OR
SERVER - WIN7
1 Open the Devices and Printers wizard and select Add a printer.
2 Select Add a local printer.
YSoft SafeQ 5 1661

February 03, 2016
3 On the Choose a printer port page, select Create a new port.
For Type of port, select Standard TCP/IP Port.
YSoft SafeQ 5 1662

February 03, 2016
YSoft SafeQ 5 1663

February 03, 2016
wizard.
7 Right-click the new printer; then select the Printer properties option.Select the Ports tab.
YSoft SafeQ 5 1664

February 03, 2016
8 The port you created should already be selected and highlighted. Click Configure Port.
YSoft SafeQ 5 1665

February 03, 2016

(for example secure).
4.12.2 ADDING A PRINTER TO PRINT VIA AN LPR PORT FROM A WINDOWS WORKSTATION OR
SERVER - WIN8
1 Open the Devices and Printers and select Add a printer.
YSoft SafeQ 5 1666

February 03, 2016
2 Select the printer you want to install from the list or press The printer that I want isn't listed.
In the case you have directly selected printer to install from the list, the printer will be
automatically installed.
In the case you have selected The printer that I want isn't listed, continue with
following steps.
3 Choose Add a printer using TCP/IP address or hostname
YSoft SafeQ 5 1667

February 03, 2016
YSoft SafeQ 5 1668

February 03, 2016
5 Skip Additional port information required by pressing Next button (optional step)
YSoft SafeQ 5 1669

February 03, 2016
wizard.
8 Right-click the new printer; then select the Printer properties option. Select the Ports tab.
The port you created should already be selected and highlighted. Click Configure Port.
YSoft SafeQ 5 1670

February 03, 2016

(for example my-print-queue).
Note: In the case, you won't be able to edit Port settings, select the printer in Devices and Printers
tab > click Print server properties > Ports > Change Port Settings > select the port you created in step
4 and click Configure Port
YSoft SafeQ 5 1671

February 03, 2016
4.12.3 CONFIGURING A PRINTER FOR LPR PRINTING IN LINUX
About
Adding and setting up a new printer in the graphical user interface
Adding and setting up a new printer in the CUPS interface
Using LPR and LPRNG settings
ABOUT
This page explains how to configure a printer in a Linux system to use LPR for printing.
YSoft SafeQ 5 1672

February 03, 2016
ADDING AND SETTING UP A NEW PRINTER IN THE GRAPHICAL USER INTERFACE
NOTE: The method for adding and setting up a new printer in a Linux system varies according to the
distribution and working environment. Various display managers are available, but the instructions here
guide you through the installation process in the popular Gnome environment, and Ubuntu distribution. For
other display managers (or the command line), the procedure may be different but the basics are always the
same.
1 To add a new printer, go to System Settings > Printing - localhost and click Add.
2 In the device list, expand the Network Printer list and select LPD/LPR Host or Printer.
Fill in the necessary data. Host is the IP address or hostname of your YSoft SafeQ server. Queue is
the name of the queue to which print jobs will be sent.
YSoft SafeQ 5 1673

February 03, 2016
3 Select the driver for the printer from the database, PPD file, or download it from the Internet.
YSoft SafeQ 5 1674

February 03, 2016
4 Follow the wizard and fill in all the information according to your needs.
Once everything is done, finish the wizard.
YSoft SafeQ 5 1675

February 03, 2016
5 Now it is possible to send print jobs to the newly created printer, which is configured to send the jobs
to YSoft SafeQ.
ADDING AND SETTING UP A NEW PRINTER IN THE CUPS INTERFACE
NOTE: The method for adding and setting up a new printer in a Linux system varies according to the
distribution and working environment. Various display managers are available, but the instructions here
guide you through the installation process in the popular Gnome environment, and Ubuntu distribution. For
other display managers (or the command line), the procedure may be different but the basics are always the
same.
The procedure for adding and setting up a new printer in the CUPS interface is almost the same as for the
graphical user interface. All you need to do is to select a hostname and queue for your printer as follows:
1 Open the CUPS interface (usually http://<CUPS IP address>:631).
Select the Administration tab; then click Add Printer. If necessary, enter the CUPS administrator
credentials.
YSoft SafeQ 5 1676

February 03, 2016
2 In the Other Network Printers section, select LPD/LPR Host or Printer; then* click *Continue.
3 The Connection text box is filled according to the following example:
lpd://hostname/queue
Example: If the server has the IP address 10.0.2.232 and the queue name secure, the connection
string is lpd://10.0.2.232/secure
YSoft SafeQ 5 1677

February 03, 2016
4 Proceed through the remaining steps and set up the printer according to your needs.
Once you complete all the steps of the Add Printer wizard, your printer can send prints to YSoft
SafeQ.
USING LPR AND LPRNG SETTINGS
This section is for experienced administrators and describes printcap settings.
This is an example of local printcap for printing to YSoft SafeQ:
With these settings, a print sent to the safeq_printer will be sent directly to the YSoft SafeQ server.
4.12.4 INSTALLING YSOFT SAFEQ CLIENT ON A WINDOWS WORKSTATION, SERVER, OR

SERVER CLUSTER
Overview
Limitations and requirements
YSoft SafeQ 5 1678

February 03, 2016
Installing YSoft SafeQ Client

Adding a printer for use with YSoft SafeQ Client
Uninstalling YSoft SafeQ Client
Installing/uninstalling the Enterprise version of YSoft SafeQ Client
Installing/uninstalling the Enterprise version of YSoft SafeQ Client in a Windows server cluster
OVERVIEW
To print from a local workstation (or server) via YSoft SafeQ Client, YSoft SafeQ Client must be installed on
the workstation and a printer must be added for use by the workstation. In the YSoft SafeQ Client
configuration file, the IP address of the YSoft SafeQ server must match the target IP address in the Client
configuration.
To prepare a workstation for printing via the Client, perform these two main steps:
Install YSoft SafeQ Client (see "Installing YSoft SafeQ Client").

Add a printer to YSoft SafeQ Client (see "Adding a printer for use with YSoft SafeQ Client").
If no graphical user interface is required (that is, if no user interaction is required to send print jobs to the
YSoft SafeQ server), deploy the Client as described in "Installing/uninstalling the Enterprise version of YSoft
SafeQ Client" or "Installing/uninstalling the Enterprise version of YSoft SafeQ Client in a Windows
server cluster."
LIMITATIONS AND REQUIREMENTS
YSoft SafeQ Client does not support bidirectional communication with printer. This option must be
disabled in printer properties dialog.
YSoft SafeQ Client does not support Windows 8 and Server 2012 v4 print drivers (built-in). Thus
assigning SafeQ port to such a device produces following error: "Printer settings could not be saved.
This operation is not supported." To assign SafeQ port to device, v3 print drivers (external third party
drivers) must be used.
The language of server-provided content displayed by YSoft SafeQ Client (e.g. price estimation,
shared queues, notifications) depends on the MS Windows language for date, time, and number
formats.
.NET 2.0 Framework is required for YSoft SafeQ Client on Workstation (not required for enterprise
installation on server).
INSTALLING YSOFT SAFEQ CLIENT
Follow these steps to install YSoft SafeQ Client on a Windows workstation:
1 Log in to the Windows workstation as administrator (or as a user with administrator rights).
2 Go to the folder that contains the YSoft SafeQ installation files.
YSoft SafeQ 5 1679

February 03, 2016
Configure the Client by editing the file SafeQ.ini. (Configuration options are described in SafeQ Client
configuration options)
4 From the command line, run the utility install.exe. The output should be similar to this example:
Installing SafeQ Port Monitor...

- Detecting Windows Version
(Windows 2003 Detected)
(Using NT Spooler)
- Checking Files
- Removing Old SafeQ Print Monitor
(Print Monitor Not Found)
- Deleting SafeQ Print Monitor Files from System Directory
- Copying Files to Windows System Directory
- Registering SafeQ Print Monitor
- Adding port configuration
New - IP: 192.168 . 0.1 : 9100 , Desc: SafeQ Secure Port, Queue: se-cure, Type: 1
- Event Log Resources WERE installed
SafeQ Port Monitor Installed Successfully.
ADDING A PRINTER FOR USE WITH YSOFT SAFEQ CLIENT
To install a new printer for use with YSoft SafeQ Client, follow these steps:
1 For adding printer to your workstation with Windows OS go to Control Panel > Devices and
Printers > Add printer.
When Add printer wizard will be opened click The printer that I want isn't listed button.
YSoft SafeQ 5 1680

February 03, 2016
2 Select Add a local printer or network printer with manual settings and click Next.
3 Select the Use existing port and select SafeQ Client Secure Port as the printing port
OR
YSoft SafeQ 5 1681

February 03, 2016
click Create a new port and select SafeQ.
4 Perform few other steps to set all necessary option for new printer to finish the installation wizard.
5 If device is installed,and SafeQ Client has not been yet been configured before installation in the
SafeQ.ini file, configure it now.
In your OS go to Devices > Printer properties > select SafeQ Secure Port > Configure port.
YSoft SafeQ 5 1682

February 03, 2016
5b If Microsoft Windows 7/8 OS is used, the port configuration is available with "elevated" right only
accessible via Print server properties.
Devices and Printers > select the printer which port you want to reconfigure or any other printer >
Print server properties > navigate to Ports tab > Change ports settings > select SafeQ Secure
Port > Configure port.
YSoft SafeQ 5 1683

February 03, 2016
YSoft SafeQ 5 1684

February 03, 2016
YSoft SafeQ 5 1685

February 03, 2016
YSoft SafeQ 5 1686

February 03, 2016
YSoft SafeQ 5 1687

February 03, 2016
UNINSTALLING YSOFT SAFEQ CLIENT
Follow these steps to uninstall YSoft SafeQ Client from a Windows workstation:
1 Log in to the Windows workstation as administrator (or as a user with administrator rights).
YSoft SafeQ 5 1688

February 03, 2016
2 Go to the folder that contains the YSoft SafeQ installation files.
3 From the command line, run the file install.exe, using the parameter -u. The output should be similar
to the example shown here:
Uninstalling SafeQ Port Monitor...

- Detecting Windows Version
(Windows 2003 Detected)
- Port SafeQ001 type SafeQ will be disconnected
- Disconnecting Printer 'Windows Printer Name' from SafeQ Port
- Removing Old SafeQ Print Monitor
- Deleting SafeQ Print Monitor Files from System Directory
SafeQ Port Monitor Uninstalled Successfully.
INSTALLING/UNINSTALLING THE ENTERPRISE VERSION OF YSOFT SAFEQ CLIENT

To install or uninstall the Enterprise version of YSoft SafeQ Client, follow all the steps described for
installing or uninstalling the standard version, but when running files from command lines, include the
parameter -a (install.exe -a). The -a parameter disables installation of the Client GUI application and
ensures that any errors that occur during delivery of jobs to the YSoft SafeQ server do not hang the
Windows spooler by waiting for user interaction.
INSTALLING/UNINSTALLING THE ENTERPRISE VERSION OF YSOFT SAFEQ CLIENT IN A WINDOWS SERVER

CLUSTER
To deploy the Enterprise version of YSoft SafeQ Client in a Windows server cluster, follow these steps:
1. Install YSoft SafeQ Client Enterprise on each node of the Windows cluster, using an empty
configuration file SafeQ.ini.
2. Change settings in the YSoft SafeQ Client Enterprise configuration file (SafeQ.ini) as necessary.
3. Install YSoft SafeQ Client Enterprise to a virtual server by entering the command install
\\printservername -a -c on the command line at any cluster node.
To uninstall Client from the Windows server cluster, follow these steps:
1. On the virtual server, manually disconnect all printers (print queues) from the SafeQE port.
2. Delete printer port(s) SafeQE from the virtual server by entering the command install
\\printservername -a -c -u on the command line.
3. Uninstall YSoft SafeQ Client Enterprise from all nodes by entering the command install -a -u on the
command line.
To update the Enterprise version of YSoft SafeQ Client to a newer version, it is necessary to perform the
complete uninstallation procedure described in the previous paragraph.
SAFEQ CLIENT CONFIGURATION OPTIONS
The following configuration options are available:
YSoft SafeQ 5 1689

February 03, 2016
Name of configuration Description Default value

option
ServerDeliveryMode Following options are supported: 0
0 - statically defined IP address list.
1 - use IP address of workstation the user uses

to connect via Terminal Services to server,
identify its subnet according server_subnet.csv
file and subsequently choose correct target
SafeQ server according server_subnet.csv file.
If the method fails, 0 - statically defined IP
address list is used instead.
2 - use IP address of local workstation, identify

its subnet according server_subnet.csv file and
subsequently choose correct target YSoft
SafeQ server according server_subnet.csv file.
If the method fails, 0 - statically defined IP
address list is used instead.
3 - use IP address of workstation where the

print job has been created, identify its subnet
according server_subnet.csv file and
subsequently choose correct target SafeQ
server according server_subnet.csv file. If the
method fails, 0 - statically defined IP address
list is used instead.
4 - use IP addresses obtained by DHCP: LPR

server option. If the method fails, 0 - statically
defined IP address list is used instead.
5 - use IP address taken from user's

environment, identify its subnet according
server_subnet.csv file and subsequently
choose correct target SafeQ server according
server_subnet.csv file. Option
"EnvironmentVariableIP" contains the name of
environment variable cointaining IP address.
ServerIP IP Address of SafeQ Server (CML or ORS).

When used on SafeQ Cluster (or ORS roaming
group), input the address of the first SafeQ
node (in the case of Roaming group, imput the
first Roaming ORS IP address).
YSoft SafeQ 5 1690

February 03, 2016

option
Use of DNS names is allowed. This option must

always be filled in.
ServerIP2, ServerIP3, ... IP Address for other nodes of SafeQ cluster (or
another ORS in roaming group).
ServerPort The TCP port of SafeQ Server, where the 9100

SafeQ Client will try to connect for job delivery.
Queue The queue name has to exactly match the secure

queue name created on SafeQ server.
For default general secure queue use the name
"secure".
AuthType How SafeQ Client will identify the job owner to

SafeQ server.
Some options indicated with # requires enabling
the port 4097 in SafeQ server configuration.
Don't forget in this case to configure SafeQ:
System Settings » System Setting » Print
system Setting » SafeQ Secure Port = Yes.
Following options are supported:

1 - user login (the user who's logged on the
computer)
3 - user defined text (will report the written text
as a user name)
4 - dialog with password (when a user prints,
SafeQ displays a dialog to authenticate the user
by login name and password)
NOT AVAILABLE IN SAFEQ CLIENT FOR MS
WINDOWS CLUSTER (formerly SafeQ Port
Enterprise)
5 - *(novell user login)
6 - *(novell user with context)
8 - dialog without password (similar to a dialog
with password, but without password
verification)
Enterprise)
9 - keyboard reader (the card number input is
expected from a keyboard)
YSoft SafeQ 5 1691

February 03, 2016

option

Enterprise)
AuthText This text will be reported as a user name in

case of AuthType=3, otherwise leave empty.
SavePassword Allows saving of user password in SafeQ Client 0

application when AuthType is set to 4.
0 = disable
1 = enable
Saved password is used only for the same job

owner.
Saved password is removed when the user logs
off.
LoadBalancing Allows load balancing among nodes in SafeQ 1

Cluster.
0 = disable
1 = enable
IPLoadBalancing, Load balancing per server IP address. If 0

IPLoadBalancing2, enabled for any IP address, this option disables
IPLoadBalancing3, ... LoadBalancing option.
0 = disable
1 = enable
EnvironmentVariableIP Defines environment variable containing IP ViewClient_IP_Address

address for option ServerDeliveryMode 5.
Default value "ViewClient_IP_Address" is

suitable to get IP address of user using VMware
View.
Compression Compress job data on port (SafeQ server will 0

automatically decompress it).
0 = disable
1 = enable
Encryption Encrypts data between SafeQ port and SafeQ 0

server – also the transmitted job is encrypted.
This setting requires to setup of SSL certificates
on SafeQ Server and can have significant
influence on the system performance.
YSoft SafeQ 5 1692

February 03, 2016

option
Ensure that option ProtocolLevel is set to 1 or 4

0 = disable
1 = enable
SSLCertificateVerification In case any SSL session is established during 0

job delivery, perform verification of server
certificate.
In case certificate is not valid or is not trusted,
connection is aborted and print job is not
delivered to SafeQ server.
0 = disable
1 = enable
CurrentUserNameFormat How the SafeQ Client should report the user

name. If no input is given, than just standalone
user name is reported.
Following options are available:
DS_FQDN_1779_NAME CN=someone,
OU=Users,DC=Engineering,DC=Fabrikam,
DC=Com
DS_NT4_ACCOUNT_NAME
Engineering\someone
DS_DISPLAY_NAME Jeff Smith
DS_UNIQUE_ID_NAME 4fa050f0-f561-11cf-
bdd9-00aa003a77b6
DS_CANONICAL_NAME engineering.fabrikam.
com/software/someone
DS_USER_PRINCIPAL_NAME
someone@engineering.fabrikam.com
DS_CANONICAL_NAME_EX engineering.
fabrikam.com/software\nsomeone
DS_SID_OR_SID_HISTORY_NAME S-1-5-21-
397955417-626881126-188441444-501
SAFEQ_SID_FORMAT 01:05:00:00:00:00:00:
05:15:00:00:00:23:2e:93:00:5e:fc:94:30:e5:fd:
ce:87:63:04:00:00
Note that options other than
DS_NT4_ACCOUNT_NAME require both
computer and user (not member of local
administrator group) should be members of
Microsoft Active Directory. User should have
YSoft SafeQ 5 1693

February 03, 2016

option
credentials to obtain conversion from its SID to

other formats. If printer is shared, the option
JobOwnerMethod should be set to 1
JobOwnerMethod Identification of job owner. 0

0 = default behavior (single user on workstation)
1 = identification is based on owner of printing
thread (shared printer)
ProtocolLevel Setup communication protocol. Following 4

options are available:
4 = default behavior
3 = reserved
2 = set to 2 for backward compatibility
1 = set to 1 for backward compatibility or in
case the encryption support is required
LogToFile Records a log file on SafeQ Port operations. 0

You can find this log file in temporary directory.
0 = disable
1 = enable
LogFilePath Path for SafeQ Client log file. If empty, path is

defined by configuration of system environment
variable "TEMP" (e.g. C:\Windows\TEMP).
LogFileSizeLimit Maximum limit of log file in MB before its 20

rotation occurs.
0 = no limit
LogFileCount Rotated log count. 3
WebBasedApplications Enables web based YSoft SafeQ applications 1

1 = client will display window with YSoft SafeQ
web applications after delivering job. YSoft
SafeQ provides several applications: Selection
of billing code, VIP shared queues or price
estimation
0 = client just delivers job to SafeQ. User will
not be prompted to select billing code, VIP
shared queues or price estimation
NetworkTimeout Timeout in seconds when communicating with 60

SafeQ server over TCP/IP.
ParserDPI 150
YSoft SafeQ 5 1694

February 03, 2016

option
DPI for page rendering if PriceEstimation mode

is enabled.
Note Note which will be sent with job to SafeQ

server.
RedirectToIP IP address of printer to which the print job will

be redirected in case SafeQ server
unavailability.
The job will be sent to printer by LPR protocol.
If empty, the job will not be redirected.
AssignPrinter, Search for given name in installed printers

AssignPrinter2, during installation, and bind the one which
AssignPrinter3, ... matches with the created port.
UserNameRegExMatch Regular expression which is used for matching

of user name. This option is available only
when AuthType is set to 1 (user login)
Example: for matching of "username" from
"username (ip)", expression should be set to "^
([^ ]*).*$"
UserNameRegExReplace Replacement string which is used for user

name modification. It can refer to arguments
from UserNameRegExMatch.
$0 is the full user name string, $1 refers to the
first match, $2 to the second match, ...
Example: for replacing user name with first
match (specified by expression
UserNameRegExMatch), string should be set to
"$1"
Save Password Details
Client application compares the current job owner (user logged to the computer) to the last job owner
(saved in registry). If these two match, the saved credentials are used. Otherwise, the user is asked to
fill in login and password.
User logs in and the application has currently no password saved. When the user prints and inserts the
correct credentials, the username and password are saved and it is not necessary to fill them in next
time. In case the user logs out, the application is terminated and the password is forgotten.
YSoft SafeQ 5 1695

February 03, 2016
If another user logs in, the login window appears automatically, because the job in queue is owned by
this another user. If the computer is used only by one user, he/she still has to fill the credentials in after
login to the computer. After every logout (or client application termination), the password is forgotten.
All settings are usually stored in subkeys of the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\SafeQ\Ports\
or, in the case of SafeQ Client Enterprise:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\SafeQE\Ports\
However, note that this location is system-dependent and may differ, for example in the case of
a Windows Failover Cluster. This information is provided without guarantee.
YSOFT SAFEQ CLIENT AUTODISCOVERY BASED ON DHCP CONFIGURATION
OVERVIEW
This feature allows user to print jobs with SafeQ Client from any company branch while jobs are
redirected to nearest SafeQ server.
Redirection of jobs must be configured in DHCP configuration by local administrator and local DHCP
server must be accessible on LAN.
SafeQ Client delivers the job to IP address specified in DHCP configuration for current user subnet.
For every subnet, there could be more IP addresses configured in DHCP server configuration.
If one of servers is not available, then job is delivered to another server specified for current subnet.
If DHCP does not return any valid response (e.g. no IP address is defined for DHCP option 9), then
Primary IP address (specified in YSoft SafeQ Client - Options) is used.
LIMITATIONS
Only IPv4 protocol is supported.

Hostnames are not supported and cannot be configured.
INSTALLATION
1. SETUP DHCP OPTION ON LOCAL DHCP SERVER
Set the DHCP option 9 (LPR Server) to one or more IPv4 addresses.
Linux - use following command:
option lpr-servers ip-address [ , ip-address ... ]
The LPR server option specifies a list of RFC 1179 line printer servers available to the client.
Servers should be listed in order of preference.
Windows - see Configuring DHCP server for YSoft SafeQ Client autodiscovery
YSoft SafeQ 5 1696

February 03, 2016
2. CONFIGURE ALL KNOWN PROPERTIES IN SAFEQ.INI AS USUAL
Configure the property ServerDeliveryMode to value 4.

Don't forget to configure default ServerIP property for case the DHCP server is not reachable or no
DHCP option is configured.
4. RUN INSTALL.EXE
5. THE PRINTER PORT(S) WILL BE CREATED
SafeQ Client configuration dialog with selected "DHCP option: LPR server" mode
CONFIGURING DHCP SERVER FOR YSOFT SAFEQ CLIENT AUTODISCOVERY

This article is about the configuration of DHCP server for YSoft SafeQ Client autodiscovery. Set the DHCP
option 9 (LPR Server) to one or more IPv4 addresses of SafeQ server(s) for every location where
autodiscovery based on DHCP will be used.
YSoft SafeQ 5 1697

February 03, 2016
Setting up DHCP server requires expert knowledge about system configuration and networking. If
you are not familiar with this topic, request assistance from appropriate person.
Setting of DHCP vary among operating systems and solution used. Following guide apply for
Windows Server 2008's DHCP service.
1 Log in to the Windows Server where DHCP is configured and run Server Manager.
2 Expand Roles > DHCP Server > %Server_name% > IPv4, where %Server_name% is identification
of your DHCP.
YSoft SafeQ 5 1698

February 03, 2016
Expand your Scope, right-click Server Options and select Configure Options... .
4 Navigate to option 009 LPR Servers and add IP address(es) of SafeQ server(s) for given location.
YSoft SafeQ 5 1699

February 03, 2016
5 Repeat the procedure for every location.
YSOFT SAFEQ CLIENT AUTODISCOVERY BASED ON REMOTE CONNECTION SUBNET
OVERVIEW
This feature allows SafeQ Client to deliver print jobs to different SafeQ servers, choosing the
destination server automatically.
Whole behavior is based on rules described in server_subnet.csv file.
SafeQ Client then delivers print jobs to a SafeQ server based on the IP subnet of the user or the
Client.
Behavior modes are described in installation step 3 below and also in SafeQ.ini file in the SafeQ
Client installation package.
YSoft SafeQ 5 1700

February 03, 2016
LIMITATIONS
Each user can only be connected to the terminal server once at a time. When there are more
sessions of a print job owner, the user's print jobs will be sent to the default IP address.
In ServerDeliveryMode=2, when the computer has multiple IP addresses, the first one will be used
(there is no way to choose the network interface).
It is not possible to combine load balancing and fail over at the same time (for example to achieve
loadbalancing within one datacenter and failover to another datacenter), but load balancing can be
set to all addresses mentioned in the CSV file by option LoadBalancing.
INSTALLATION
1. CREATE AND CONFIGURE SERVER_SUBNET.CSV FILE
Create CSV file (in any text editor) named server_subnet.csv and put it in the SafeQ Client
installation package (where SafeQ.ini is located)
There should be a line for each IP subnet from which clients will be printing, and for each SafeQ CML
/ORS server that will be used for print job delivery
Default IP address is used in case connection comes from subnet undescribed in server_subnet.csv
Description must be in form subnet / mask ; server_IP_address
The subnet size can be described in two ways: using a subnet mask (e.g. 10.0.11.80/255.255.255.0)
or in CIDR notation (e.g. 10.0.11.80/24)
Target allows multiple IP addresses or FQDN names (these values must be delimited by comma)
If there are multiple matching subnets, the first one is applied
For example:
server_subnet.csv example
10.0 . 5.0 / 24 ; 10.0 . 11.80 , 10.0 . 11.81

10.0 . 6.0 / 24 ; 10.0 . 11.82
10.0 . 7.0 / 255.255 . 255.0 ; 10.0 . 11.83
In this case, if user is connected from 10.0.5.* subnet and performs a job, the job will be delivered to
10.0.11.80 (or to 10.0.11.81 if the first one fails).
2. CONFIGURE ALL KNOWN PROPERTIES IN SAFEQ.INI AS USUAL
Don't forget to configure default ServerIP property

We recommend to set property AuthType = 1 or AuthType = 3 so Identification is set to Job owner
or Text when using shared printer
3. CONFIGURE SERVER AUTODISCOVERY MODE
In SafeQ.ini configure the property ServerDeliveryMode
YSoft SafeQ 5 1701

February 03, 2016
These modes can also be changed later in SafeQ Client Options in Mode selection (see image
below)
Value in Mode name in Description

ServerDeliveryMode SafeQ Client
Options
0 Static addresses Jobs are delivered to statically defined IP address (or

addresses). This is the default (and backwards-
compatible) option.
1 Remote connection SafeQ Client on a terminal server uses the IP address of

subnet the workstation from which the user is connected via a
remote desktop connection to the server and then the job
is delivered to a SafeQ server selected according to the
server_subnet.csv file (on the server)
2 Local server subnet SafeQ Client uses the IP address of the workstation
/server where the Client is running and delivers print jobs
to a SafeQ server selected according to the
server_subnet.csv file
3 Print job subnet SafeQ Client uses the IP address of the workstation where
the print job has been created and delivers print jobs to a
SafeQ server selected according to the server_subnet.
csv file (used when the print queue is shared)
5 Environment SafeQ Client uses IP address taken from user's

variable subnet environment variable and delivers print jobs to a SafeQ
server selected according to the server_subnet.csv file.
The variable "EnvironmentVariableIP" contains the name
of environment variable cointaining IP address. The
variable is searched in the Registry under
key "HKEY_CURRENT_USER\Volatile Environment".
4. RUN INSTALL.EXE
Check that there is server_subnet.csv present also in Y Soft Client instalation folder
YSoft SafeQ 5 1702

February 03, 2016
5. THE PRINTER PORT(S) WILL BE CREATED
SafeQ Client configuration dialog with selected "Remote connection subnet" mode
YSoft SafeQ 5 1703

February 03, 2016
4.12.5 INSTALLING YSOFT SAFEQ CLIENT 2.X AND ADDING A PRINTER ON A MAC
WORKSTATION
Benefits of using SafeQ client

Requirements
Adding a printer to YSoft SafeQ Client
Configuration of the client
Entering the user name and password in Client
Troubleshooting
Uninstalling Client
YSOFT SafeQ Client for MAC OS is dedicated application to take advantage of advanced SafeQ print
features and provide further benefits of using SafeQ Server print and accounting system. Its purpose is to
submit your print jobs to the SafeQ Server, while collecting further information provided by the operating
system or user input upon print. SafeQ Client supports Mac OS X 10.6.3 or up to 10.9.
BENEFITS OF USING SAFEQ CLIENT

The main benefits of using the client are:
Additional user authentication directly in the client - client can ask the user for his credentials.
Billing codes selection possibilities - it is possible to specify the number of the project the print
job should be accounted to.
Price estimation and VIP shared queues.
REQUIREMENTS
Mac OS X 10.6.3 or newer

Apple-provided Java 6 for Mac OS X (version 1.6.0_22 or newer)
Uninstall older version of YSoft SafeQ Client prior installation of new version (see Uninstall chapter)
NOTE: In case of older Java user will be forced to quit application manually on logout or reboot
YSoft SafeQ 5 1704

February 03, 2016
1 Log in to the Mac workstation as administrator (or as a user with administrator

rights).
2 In the YSoft SafeQ installation package, locate the file SafeQ Client.dmg.
3 Run the installation utility Client.pkg to install SafeQ Client.
4 Log out and Log in back or reboot machine after installation.
ADDING A PRINTER TO YSOFT SAFEQ CLIENT

To set SQPort support into your MacOS system please follow these steps:
NOTE: sqport:// option is available only in Advanced printing menu. This menu is hidden by default.
1 Go to System preferences > Print & Faxes and add new printer by clicking + button.
2 Now you have to add Advanced button to the bar. Press Control + Click on empty space in toolbar
of Add Printer window.
Select Customize Toolbar.
YSoft SafeQ 5 1705

February 03, 2016
3 Drag Advanced icon (gear wheel) to tool bar and drop it there.
YSoft SafeQ 5 1706

February 03, 2016
4 Go to added Advanced selection and set all necessary options, then click Add.
Type - select SafeQ connected network printer

URL - enter path like: sqport://<safeq_server_ip>/<queue>
Example: sqport://10.0.5.194/secure
Name: enter device name
Print Using - choose drivers for printer
YSoft SafeQ 5 1707

February 03, 2016
CONFIGURATION OF THE CLIENT
Client 2.x - Configuration is stored in /etc/safeq/safeq.ini. You do not need to edit it after
installation. IP address of SafeQ server is determined from CUPS configuration, no need to enter IP
here.
Configuration will take effect immediately after saving files, then user don't need to reboot workstation.
After you did all necessary configurations in the Safeq.ini file, you do not need to set anything in the Client
configuration panel.
When print job is send form the workstation, the popup window will appear with question about credentials
of user. User has to fill in login and password, and then print job will be send to SafeQ.
CLIENT CONFIGURATION OPTIONS - V2.X
Option Description Default

name value
authMethod Client authentication method:
login – authenticate by login

password – authenticate by login and password
YSoft SafeQ 5 1708

February 03, 2016
Option Description Default

name value
text – set authText

owner – use Job owner for login - no pop-up promtipng for
user info
protocol Define protocol level.
4 - Protocol Level 4 for communication with SafeQ Server 4

3 - Protocol Level 3 for communication with SafeQ Server 3
ENTERING THE USER NAME AND PASSWORD IN CLIENT
The first time Client is used (or any time the stored password doesn't match a YSoft SafeQ user's
password), the user must enter his/her user name and password.
YSoft SafeQ 5 1709

February 03, 2016
TROUBLESHOOTING
For troubleshooting see YSoft Mac OS Client 2.x - troubleshooting
UNINSTALLING CLIENT
To uninstall YSoft SafeQ Client from a Mac workstation, run the script uninstall.sh, which is included in the
installation package. Open Terminal enter directory with uninstall script and type following commands:
sudo ./uninstall.sh
YSOFT MAC OS CLIENT 2.X - TROUBLESHOOTING
"SAFEQ CONNECTED NETWORK PRINTER" IS NOT VISIBLE
PROBLEM:
User could not see "SafeQ connected network printer" when adding new printer in section Advanced - Type.
CORRECT SITUATION:
User can see "SafeQ connected network printer" option as displayed below.
DIAGNOSTIC:
Open Terminal window and type following command:
/usr/libexec/cups/backend/sqport
YSoft SafeQ 5 1710

February 03, 2016
EXPECTED OUTPUT:
network sqport "Unknown" "SafeQ connected network printer"
POSSIBLE ERRORS:
No such file or directory
Reason: Client is not installed.

Solution: Install client again.
Permission denied
Reason: Incorrect permission. User is not able to execute printing backend.

Further diagnostic - type following command:
ls -l /usr/libexec/cups/backend/sqport
Possible solution: Reinstall client.
CLIENT UI IS NOT STARTING AFTER LOGIN
DIAGNOSTIC:
Check version of installed Java. Open Terminal window and type following command:
java -version
EXPECTED BEHAVIOUR:
Terminal shows following line: Java version 1.6.0_35

SOLUTION:
If Java is older than 1.6.0_35 then you need to upgrade installed Java. Restart computer after Java
upgrade. Client reinstallation is not required
YSoft SafeQ 5 1711

February 03, 2016
4.12.6 INSTALLING YSOFT SAFEQ CLIENT 4.X AND ADDING A PRINTER ON A MAC
WORKSTATION
Benefits of using SafeQ client

Requirements
Adding a printer to YSoft SafeQ Client
Configuration of the client
Configuration options
Entering the user name and password in Client
Troubleshooting
Uninstalling Client
YSoft SafeQ Client for MAC OS is dedicated application to take advantage of advanced SafeQ print
features and provide further benefits of using SafeQ Server print and accounting system. Its purpose is to
submit your print jobs to the SafeQ Server, while collecting further information provided by the operating
system or user input upon print. SafeQ Client supports Mac OS X 10.8 up to Mac OS X 10.11. This client
supports YSoft SafeQ 4.x. and newer versions.
Mac OS 10.11 El Capitan requires YSoft SafeQ Client for Mac OS version 4.5
BENEFITS OF USING SAFEQ CLIENT

The main benefits of using the client are:
Additional user authentication directly in the client - client can ask the user for his credentials.
Billing codes selection possibilities - it is possible to specify the number of the project the print
job should be accounted to.
Price estimation and VIP shared queues.
REQUIREMENTS
Mac OS X 10.8 up to Mac OS X 10.10. (note: for older versions of Mac OS X you can use YSoft
SafeQ Client 2.x)
Uninstall older version of YSoft SafeQ Client 2.x prior installation of new version (see Uninstall
chapter). YSoft SafeQ Client 4.x does not need to be uninstalled before installation.
YSoft SafeQ 5 1712

February 03, 2016
1 Log in to the Mac workstation.
2 In the YSoft SafeQ installation package, locate the file YSoft SafeQ Client Mac OS X-4.x.x.dmg.
3 Run the installation utility YSoft Client Mac OS X-4.x.x.mpkg to install SafeQ Client.
4 You'll be prompted to logout at the end of installation.
ADDING A PRINTER TO YSOFT SAFEQ CLIENT

To set SQPort support into your MacOS system please follow these steps:
NOTE: sqport:// option is available only in Advanced printing menu. This menu is hidden by default.
1 Go to System preferences > Print & Scanners and add new printer by clicking + button.
2 Now you have to add Advanced button to the bar. Press Control + Click on empty space in toolbar
of Add Printer window.
Select Customize Toolbar.
YSoft SafeQ 5 1713

February 03, 2016
3 Drag Advanced icon (gear wheel) to tool bar and drop it there.
YSoft SafeQ 5 1714

February 03, 2016
4 Go to added Advanced selection and set all necessary options, then click Add.
Type: select SafeQ connected network printer

URL: enter path like: sqport://<safeq_server_ip>/<queue>
Example: sqport://10.0.5.194/secure
Name: enter device name
Print Using: choose drivers for printer
YSoft SafeQ 5 1715

February 03, 2016
YSoft SafeQ 5 1716

February 03, 2016
CONFIGURATION OF THE CLIENT
1 Go to System preferences > YSoft SafeQ
OR
open YSoft SafeQ Client application and select YSoft SafeQ Client > Preferences on top application
panel
2 Click lock icon to enable editing of configuration. You'll be prompted for administrator credentials in
order to make changes in global configuration.
YSoft SafeQ 5 1717

February 03, 2016
3 Change values of configuration. Changes are stored immediately. It is not necessary to reboot or
logout. New settings will be applied on print job.
YSoft SafeQ 5 1718

February 03, 2016
CONFIGURATION OPTIONS
Option name Description Default value
Identification Client identification method: Username and

password
Username and password – authenticate by login
and password
Username – authenticate by username
Owner – use Job owner for login - no pop-up
prompting for user credentials
Text – use specified text for authentication - no
pop-up prompting for user credentials
Encryption When selected: Client will encrypt authentication information Selected

and job data by SSL.
When not selected: Client will send authentication information

and job data without any encryption.
Web base YSoft When selected: Client will display window with YSoft SafeQ Selected
SafeQ applications web applications after delivering job. YSoft SafeQ provides
several applications: Selection of billing code, VIP shared
queues or price estimation.
When not selected: Client just delivers job to SafeQ. User won't
be prompted to select billing code, VIP shared queues or price
estimation.
Print Roaming When selected: Client will use print roaming algorithm to Not selected
determine address of SQ server. More details in YSoft Mac OS
Client 4.x - User Roaming
ENTERING THE USER NAME AND PASSWORD IN CLIENT
The first time Client is used (or any time the stored password doesn't match a YSoft SafeQ user's
password), the user must enter his/her user name and password.
User specify username and password. Click Print for sending job to YSoft SafeQ server. Click Cancel to
cancel job delivery.
NOTE: User can select Remember me check box in order to preserve credential information for next
print.
YSoft SafeQ 5 1719

February 03, 2016
TROUBLESHOOTING
For troubleshooting see YSoft Mac OS Client 4.x - troubleshooting
UNINSTALLING CLIENT
Open Terminal and start script by following command:
/Library/Application\ Support/YSoft/uninstall-safeq-client.sh
You'll maybe prompted for your mac password. Uninstall script is using sudo command.
YSOFT MAC OS CLIENT 4.X - TROUBLESHOOTING
UNABLE TO UPDATE PASSWORD IN KEYCHAIN

It may happen that for some reason it is not possible to update password in keychain.
PROBLEM:
the old password still persists in each print.

SOLUTION:
Open Keychain Access application. Find "SafeQClient" entry. CTRL+Click and click Delete "SafeQClient"
YSoft SafeQ 5 1720

February 03, 2016
HOW TO READ CLIENT GLOBAL PREFERENCES
Command
defaults read /Library/Preferences/com.ysoft.SafeQBackend
Example output
{
global = {
authMethod = password;
authText = "" ;
isEncryptionEnabled = 1 ;
isWebAppEnabled = 1 ;
};
}
Note: User password and user information is stored in local keystore - use Keychain Access application.
HOW TO UPDATE CLIENT SETTINGS FROM COMMAND LINE

E.g. goal is to disable web application. It is possible to use PlistBuddy command line tool.
To disable web application from command line:
sudo /usr/libexec/PlistBuddy -c "Set :global:isWebAppEnabled 0" /Library/Preferences/com.

ysoft.SafeQBackend.plist
When you reopen System Preferences panel with Y Soft configuration you'll see new values. (Sometimes it
gets cached and it is necessary to close and open panel again).
sudo /usr/libexec/PlistBuddy -c "Set :global:authMethod owner" /Library/Preferences/com.ysoft.

SafeQBackend.plist
YSoft SafeQ 5 1721

February 03, 2016
You can verify your configuration by following command:
/usr/libexec/PlistBuddy -c "print :global:isWebAppEnabled:" /Library/Preferences/com.ysoft.

SafeQBackend.plist
PlistBuddy documentation: https://developer.apple.com/library/mac/documentation/Darwin/Reference

/Manpages/man8/PlistBuddy.8.html
HOW TO CHANGE AUTHENTICATION METHOD TO OWNER
Command:
sudo /usr/libexec/PlistBuddy -c "Set :global:authMethod owner" /Library/Preferences/com.ysoft.

SafeQBackend.plist
HOW TO ENABLE PRINT ROAMING FROM COMMAND LINE
It is necessary to set option and reboot machine
Command:
sudo /usr/libexec/PlistBuddy -c "Set :global:isDHCPPrintRoamingEnabled 1" /Library/Preferences

/com.ysoft.SafeQBackend.plist
sudo /usr/libexec/cups/backend/sqport --dhcp-sync
HOW TO SET MULTIPLE OPTIONS IN ONE COMMAND
Use multiple -c command
sudo /usr/libexec/PlistBuddy -c "Set :global:authMethod owner" -c "Set :global:

isWebAppEnabled 0" /Library/Preferences/com.ysoft.SafeQBackend.plist
APPLICATION ALWAYS DISPLAY UI IN ONE LANGUAGE
MacOS is able to store language preferences directly for one application.
Check configuration:
defaults read $(mdls -name kMDItemCFBundleIdentifier -raw /Applications/YSoft\ SafeQ\ Client.

app) AppleLanguages
You can clear configuration:
defaults delete $(mdls -name kMDItemCFBundleIdentifier -raw /Applications/YSoft\ SafeQ\ Client.

app) AppleLanguages
YSoft SafeQ 5 1722

February 03, 2016
LOG FILES
Logs are located in the following four locations:
/var/log/cups/access_log
/var/log/cups/error_log
/var/log/cups/page_log
var/log/system.log
NOTE: System logs can be also already archived in /var/log. For example /var/log/system.log.0.gz, /var/log
/system.log.1.gz.
Logs contain also information about other applications and not just logs from YSoft Mac OS Client.
Use following command for zipping all logs into one archive:
zip ysoft_mac_logs /var/log/cups/ * /var/log/system .log
YSOFT MAC OS CLIENT 4.X - USER ROAMING
OVERVIEW
This feature allows user to print jobs with SafeQ Client from any company branch while jobs are
redirected to nearest SafeQ server.
Redirection of jobs must be configured in DHCP configuration by local administrator and local DHCP
server must be accessible on LAN.
SafeQ Client delivers the job to IP address specified in DHCP configuration for current user subnet.
For every subnet, there could be more IP addresses configured in DHCP server configuration.
If server defined in DHCP is not available, then job is delivered to address specified in YSoft SafeQ
printer port.
LIMITATIONS
Only YSoft Mac OS Client 4.1 has support for DHCP server based print roaming.
Hostnames are not supported and cannot be configured.
If first of the servers defined in DHCP is not available, others are not taken into account, but job is
sent to address specified in YSoft SafeQ printer port.
CONFIGURATION
SETUP DHCP OPTION ON LOCAL DHCP SERVER
Set the DHCP option 9 (LPR Server) to one or more IPv4 addresses.
Linux - use following command:
option lpr-servers ip-address [ , ip-address ... ]
The LPR server option specifies a list of RFC 1179 line printer servers available to the client.
Servers should be listed in order of preference.
YSoft SafeQ 5 1723

February 03, 2016
Windows - see Configuring DHCP server for YSoft SafeQ Client autodiscovery
ENABLE PRINT ROAMING IN SAFEQ CLIENT
Go to System settings
Select YSoft SafeQ Client
Enable Print Roaming
All print until now, will be sent to server configured in DHCP Option 9
4.12.7 PRINTING FROM A WINDOWS WORKSTATION OR SERVER USING SAFEQ COMMAND LINE
CLIENT
OVERVIEW
SafeQ Command Line Client is a utility that enables the delivery of print jobs (files) to the YSoft SafeQ
server by means of a command line. It is similar to the LPR utility, but provides extra features specific to
YSoft SafeQ.
This utility enables integration of third-party products with YSoft SafeQ.
USAGE
SafeQ Command Line Client can be executed directly from unpacked installation package without
any installation.
Parameters specified on the command line have the following syntax:
SafeQERun [-<parameter>=<value>] [-SQ<parameter:value>] <job file>
YSoft SafeQ 5 1724

February 03, 2016
All parameters described in SafeQ Client configuration options are supported except those that
require user interaction during printing. If a particular parameter is not specified, its default value is
used. You can also use one of following parameters with the prefix "SQ" which are passed to the
YSoft SafeQ server as extra headers without any checking:
-SQFinishing-Duplex:{ShortEdge, LongEdge, None} -SQFinishing-BW:{true,
false} -SQFinishing-Copies:3
Example that sends job file document.pdf under the title Annual report to a YSoft SafeQ server
that has the IP address 192.168.1.78 under the identity of a user that has the username smithj
SafeQERun -ServerIP=192.168.1.78 -JobTitle="Annual report" -AuthType=3 -
AuthText=smithj -SQFinishing-Duplex:LongEdge -SQFinishing-BW:true -
SQFinishing-Copies:2 document.pdf
4.12.8 PRINTING FROM SAP ON WINDOWS (SAPSPRINT)
SAP may generate one single file including multiple print jobs. The following issues may
arise:
Such file might not be released properly via YSoft SafeQ in combination with some of
the embedded terminals and it is necessary to avoid the situation by one of following
steps:
configure SAP to include only one job in one file
make the modifications in the MFD settings to allow printing of jobs without
authentication (where applicable), note that this workaround may lead to
accounting issues
Some Rule Based Engine actions might not work.
PRINTING FROM SAP TO SAFEQ
DEVICE TYPES:
In SAP R/3 a generic type of device I2SWIN or ZSAPWIN4 is defined besides the types of devices for
particular printers, that says something like this: „I do not know anything about on which specific printer will
the output be, so I leave all the formatting completely on MS Windows driver". It is obvious that the device
type is useful only for output via SAPlpd, thus the access methods F: or S:
For the device type can be in addition to character set (it is possible to create own character set) changed
also page formats and control characters i.e. interpretation of commands by specific printer.
Note: ZSAPWIN4 was supplied by SAP R for SAP R/3 release 3.1x, but it is fully usable also in higher
versions, device type I2SWIN is a part of SAP standard from release 4.0x.
ACCESS METHODS:
F: Print on the front-end computer
Probably the most widely used and most universal method of printing available form SAP R/3 release 3.1G.
YSoft SafeQ 5 1725

February 03, 2016
In SAP an output devices LOCL, LOKA or LOCWIN is usually defined with this access method, instead of
the queue a keyword __DEFAULT or %DEFAULT% is used.
When selecting output on this device, printing is sent to the user's PC who entered the request, there is
SAPlpd program automatically started which take over print job and forward it to default Windows print
queue, regardless of whether the printer is local (LPT, COM or USB) or if it's a network printer (Novell
Netware, MS Windows, UNIX, JetDirect etc.)
In certain transactions it is possible to choose a non-default print queue, SAPlpd receive the print job not
with the keyword __DEFAULT, but with the name of the specific queue. Beware, length of the name is
limited to 40 characters I guess, the rest will be cut by SAPlpd and it will report unknown name queue,
which can be, mainly for network printers, sometimes a problem.
This access method can not be used when printing is not initiated by user, but it is the result of a process
(management reports) e.g. maintenance message, store documents, purchase orders etc. It is also not
suitable for large prints in amount of hundreds or even thousands pages especially for economic reasons.
On the other hand an advantage of this method is its universality, it is available practically anytime, there is
no need to configure anything, with functional printer available from Windows adjustment of most of the print
outputs is not necessary.
S: Printing using SAP protocol
method of printing through a print server running Windows and permanently running SAPlpd (using MS
resource kit it is according to note 42268 possible to run SAPlpd on WinNT-2000 as a service) , combines
the advantages of methods F: a L:, in principle it is possible to make print server from every end PC or
contrary to these purposes dedicate one machine, hardware requirements are not particularly high, it is only
need to allow access from SAP R/3 server on TCP port 515 or communicate via saprouter.
In SAP for definition of output device with this acces method a hotspool name has to be set (machine,
where SAPlpd is runninng) and a name of print queue.
a field for hostspool name is is named as router, previously it was necessary to give the name of either
host table or DNS alias, because the field was too short for the IP address, it is now possible to specify both
the name and IP address or state string THOST table (transaction SM55).
It is not absolutely necessary to use generic driver I2SWIN or ZSAPWIN4, it is possible to use SAP drive for
pro particular printer type, then printing is essentially identical to the method L:, with one small but
significant difference: printserver is in LAN and is much more accessible for maintenance and
administration, it is not too good define print queue on SAP R/3 application server.
L: Local printing via LP / LPR
Print to a classic UNIX print queue, which must be defined in SAP R/3 application server respectively where
the spool process is running, must be allowed to communicate on TCP port 515, saprouter can not be used.
U: Print using Berkeley protocol
YSoft SafeQ 5 1726

February 03, 2016
Method is essentially identical to L method, the only difference is, that print queue (lpd demon) is running
elsewhere than spool proces, direct printing on an intelligent network printer, which have their own service
queue.
C: Direct call the operating system
Method available only for installation SAP R/3 on Windows NT respectively spool process can run on a
separate application server based on Windows NT or Windows 2000 platform.
There are other methods of access for external output management systems, archiving programs, etc.
Printing with MS Windows driver is a graphical, in case of use dot matrix printers can be very slow,
however, the output probably best fits the wysiwyg concept. It is not suitable for printing voluminous reports,
among others for the size of the spool file.
Conversely printer-specific drivers should be substantially modify, in fact it is necessary for each group to
create or edit page format. This method is particularly suitable for large or frequently repeated print jobs of a
few kinds of reports.
Spool is one of the most patched matters, drivers and page formats can vary considerably depending on the
level of support packages and output behavior may also be affected by kernel patch level or by SAPlpd
versions on front-ends.
Note: everywhere, where the Windows operating system is mentioned, any Win 32-bit OS is meant.
SAP NOTE NUMBER 894444: TOOL FOR SERVER-BASED PRINTING ON WINDOWS (SAPSPRINT)
SYMPTOM
This note provides information about how to solve problems you may have when printing with SAPLPD as a
print server.
CAUSE AND PREREQUISITES
The previous implementation of SAPLPD as a print server is increasingly unstable since the introduction of
Windows 2000. In particular for high print
output, the process may hang. For this reason, we have prepared an entirely new implementation of the
print server as a Windows service in SAPSprint. It replaces SAPLPD. You can print using the access
methods 'S' and 'U' from every SAP system, just as before. No changes are necessary in the SAP system
itself. You must replace SAPLPD with SAPSprint on the print server, and configure it accordingly.
This is described below.
INSTALLATION
Before you install SAPSprint, delete SAPLPD manually. To do this, you normally need to completely delete
the installation directory only. If you installed SAPLPD as a service using the srvany tool, you can remove
the service by
calling 'Instsrv SAPLPD remove'. You can download SAPSprint as a self-extracting executable file from
SAP Service Marketplace:
http://service.sap.com/~form/handler?
_APP=00200682500000001943HEADER=NEVENT=TREE&TMPL=01200615320200006164&V=MAINT&TA=ACTUAL
Start the program. After you enter the installation path, the system asks for the TCP/IP port and another
path for storing log files. Normally, the default setting of 515 is suitable for the port. You should only change
YSoft SafeQ 5 1727

February 03, 2016
this setting
if the Windows TCP/IP print service is also running on the computer. The SAPSprint Windows service starts
as soon as the installation is over.
We recommend that you set up the following options for the service in the Windows Service Control
Manager: Restart the service after the first error in the recovery actions, and set the wait time until the
restart to zero.
This ensures that the service is restarted when errors are detected. This should minimize the number of
incorrect print requests in the SAP system.
Furthermore, the service must run under a domain user that has the relevant authorizations for the required
printers. After the installation, the service runs under "Local system account". This can access locally-
defined printers
only. You can also set the user in the Windows Service Control Manager, in the options of the SAPSprint
service.
If you want to delete SAPSprint, you can do so using the normal Windows uninstall tool.
SETTINGS
You can display the call parameters available for SAPSprint by calling 'sapsprint -?' on the command line.
The most important parameters are those that set options, especially log options for troubleshooting.
You can set the log level to 5 by specifying 'sapsprint -oi LogLevel 5'. Immediately after installation, no log
level is set up, which means that no log file is created. By setting the log level to 1, 5, or 9, you can ensure
that more information is available in the directory that you specified during the installation. A file called
sapsprint.dbg and a print job specific file with a variable name are generated. The second file is deleted after
successful printing. It is only retained if the printout is recognized as incorrect. If you set the option
'sapsprint -oi KeepFile 1', then both this file and the print file are retained. This is primarily intended for
troubleshooting by SAP Support.
All options are case-sensitive. You can display the most important SAPSprint options by calling 'sapsprint -
?'. All possible options are described in Note 85469. Normally, the options described there are not
necessary - you should
use them only in exceptional circumstances.
TECHNICAL DETAILS
SAPSprint consists of the program 'sapsprint.exe', which contains the implementation of the Windows
service and the receiver for print data from the SAP system. The SAPWIN data stream is processed in the
DLL 'sapwin.dll'. This
DLL is also used by the new front-end printing, as described in Note 821519. SAPWIN processing errors
therefore affect both print methods. Patches for SAPSprint and the new front-end print are available in Note
841175.
SOLUTION
Install SAPSprint as described above. SAPSprint replaces the SAPLPD's server functions. Use the new
method described in Note 821519 for front-end printing.
Do not install SAPSprint on every workstation.
SAPLPD is no longer developed.
YSoft SafeQ 5 1728

February 03, 2016
RELATED NOTES
947514 Printed output of Thai ABAP lists shifted after kernel patch
946209 Analyzing SAPSprint problems
927074 Patches for SAPSprint
821519 Front-end printing with control technology
213524 SAPsprint installation in an MSCS environment
85469 Options for the SAPSprint print server tool
42268 Operate SAPLPD as a service on Windows NT/2000/XP
16420 Problems with SAPLPD
12550 Problems with remotely connected printers (WAN)
4.12.9 PRINT POOLING ON MS WINDOWS SERVER
Pooled queue speeds up the printing process when multiple jobs are in the printer queue. Print jobs from
the pooled queue are sent to the YSoft SafeQ server even if another job is being processed in windows
spooler at the moment.
1 Add printer according to Adding a printer to print via an LPR port from a Windows workstation
or server article
2 Open the Devices and Printers
3 Right click on printer.
Select Printer properties.
YSoft SafeQ 5 1729

February 03, 2016
4 On the Printer properties, select Ports tab.
Click on Add port.
YSoft SafeQ 5 1730

February 03, 2016
5 Select Standard TCP/IP Port.
Click New port to open Add Standard TCP/IP Printer port Wizard.
6 Enter the hostname or IP address of YSoft SafeQ server.
YSoft SafeQ 5 1731

February 03, 2016
Click Next.
7 Select Generic Network Card.
Click Next.
Click Finish.
YSoft SafeQ 5 1732

February 03, 2016
8 To add more ports repeat process from step 3 to step 6.
9 Mark Enable printer pooling
On Ports tab in Printer Properties window check all Standard TCP/IP Port configured for YSoft
SafeQ server.
Click Apply to save changes.
YSoft SafeQ 5 1733

February 03, 2016
Note: Your server might function differently based on the version and edition of the operating system that is
installed, your account permissions, and your menu settings.
4.12.10 SHARED PRINT FROM WINDOWS SERVER
Windows Server 2003/2008 Print Services allow printers, including those connected via a SafeQ Print
roaming system to be shared over a network and provide a centralised printer management infrastructure
allowing multiple print servers and printers to be managed from within the Microsoft Print Management tool.
Centralized print sharing simplifies changes to the print configuration. However, this does creates a
bottleneck, where all print jobs coming from any user to any printer are serialized into one single queue,
drastically reducing the print throughput. There are several techniques how to optimise, or avoid this bottle
neck:
The first option is to enable Client-side Rendering (CSR) in Windows Printer Sharing properties.
The second option is to create multiple ports and use Printer Pooling in Windows Printer Port
properties.
YSoft SafeQ 5 1734

February 03, 2016
The ultimate solution to the bottleneck created by a centralised shared print roaming printer is to use
a distributed system. This means the installation and configuration of printer drivers, print queues and
ports to each individual client workstation.
Please note that apart from a printer driver, the installation of the SafeQ Client locally at every workstation is
mandatory for any feature that requires any type of pop up dialogue (i.e. Billing Code selection ...)
4.12.11 CONFIGURING A PRINTER FOR LPR PRINTING ON A MAC WORKSTATION
About
ABOUT
This page explains how to configure a printer in a MacOS X system to use LPR for printing.
NOTE: The method for adding and setting up a new printer in a MacOS X system varies according to the
distribution and working environment.
1 To add a new printer, go to System Preferences > Printers & Scanners and click +.
YSoft SafeQ 5 1735

February 03, 2016
2 Click Advanced icon and select LPD/LPR Host or Printer.
Fill in the necessary data. URL is the format lpd://hostname/queue. Hostname is IP address or
hostname of your YSoft SafeQ server. Queue is the name of the queue to which print jobs will be
sent.
YSoft SafeQ 5 1736

February 03, 2016
3 Select the driver for the printer from Use: menu or select Other Software to display list of available
printing software drivers from the database or select Other to use PPD file.
YSoft SafeQ 5 1737

February 03, 2016
4 Once everything is done, finish the wizard.
YSoft SafeQ 5 1738

February 03, 2016
5 Now it is possible to send print jobs to the newly created printer, which is configured to send the jobs
to YSoft SafeQ.
4.12.12 ADDING A SHARED "PRINT ROAMING" PRINTER TO PRINT VIA AN LPR PORT FROM A
WINDOWS SERVER 2012
This page explains how to configure a printer in Windows 2012 to use LPR for printing.
2 Select The printer that i want isn't listed.
YSoft SafeQ 5 1739

February 03, 2016
3 Select Add a local network printer as an administrator.
By selecting this you will reopen the Devices and Printers wizard as an administrator.
YSoft SafeQ 5 1740

February 03, 2016
4 Select The printer that i want isn't listed.
YSoft SafeQ 5 1741

February 03, 2016
5 Select Add a printer using a TCP/IP address or hostname.
YSoft SafeQ 5 1742

February 03, 2016
6 For Device type, select TCP/IP Device

For Hostname or IP address, enter the address of the SafeQ CML server or SafeQ ORS server;
then enter a name for the port.
YSoft SafeQ 5 1743

February 03, 2016
YSoft SafeQ 5 1744

February 03, 2016
Select Custom and click on Settings.
8 The Hostname or IP address of the SafeQ CML server or SafeQ ORS server created should
already be visible in Port Name and Printer Name or IP Adress

On the LPR Settings page, enter the name of the queue that will be used for the printer (for
example secure when using print roaming).
If necessary, change other settings on the page to disable LPR Byte Counting and SNMP
status.
YSoft SafeQ 5 1745

February 03, 2016
9 From the list of printer drivers, select the appropriate driver or select a driver from the disk. Please
make sure that the selected driver is supported by all MFPs in the print roaming group.
YSoft SafeQ 5 1746

February 03, 2016
10 Enter a name for the new printer for exemple SafeQ_Print_Roaming
YSoft SafeQ 5 1747

February 03, 2016
11 To share the printer select Share this printer so that others on your network can find it and use
it.
YSoft SafeQ 5 1748

February 03, 2016
12 To give access right to the group Everyone, follow the procedure below.
Open Devices and Printers, right-click selected device and select Printer properties
YSoft SafeQ 5 1749

February 03, 2016
YSoft SafeQ 5 1750

February 03, 2016
On the Security tab, make sure the group Everyone has the permission to Print.
13 To add a x86 print driver go to the tab Sharing in order to add support for 32bit Windows OS.
YSoft SafeQ 5 1751

February 03, 2016
Select Change Sharing Options.
YSoft SafeQ 5 1752

February 03, 2016
YSoft SafeQ 5 1753

February 03, 2016
Then select additional Drivers.
YSoft SafeQ 5 1754

February 03, 2016
In the additional drivers window please select x86.
YSoft SafeQ 5 1755

February 03, 2016
Then select the Location of the print driver
14 Because the print driver has no direct access to any printer, it´s necessary to uncheck Bidirectional
support to prevent a time-out caused by unsuccessful attempt for such communication. On the Ports
tab, make sure Enable bidirectional support is left unchecked.
YSoft SafeQ 5 1756

February 03, 2016
When the print driver has any other kind of bidirectional support embedded, it has to be disabled as
well such as Auto Acquire Settings, Bi-Directional Communication, etc.
15 Because the driver is in default configuration, it is necessary select all available extensions and
options such as finishers, paper trays, staplers, booklets to meet the highest available hardware
configuration.
16 Send a test page to validate that the printer was installed correctly.
Go to the tab General and select Print Test Page.
YSoft SafeQ 5 1757

February 03, 2016
17 Enable Print Pooling and create another 4 LPR ports. Fore more information please refer to the
following article Print pooling on MS Windows Server.
4.12.13 ADDING A SHARED "PRINT ROAMING" PRINTER TO PRINT VIA AN LPR PORT FROM A
WINDOWS SERVER 2008 R2
2 Select Add a local printer.
YSoft SafeQ 5 1758

February 03, 2016
3 On the Choose a printer port page, select Create a new port.
For Type of port, select Standard TCP/IP Port.
YSoft SafeQ 5 1759

February 03, 2016
4 For Hostname or IP address, enter the address of the SafeQ CML server or SafeQ ORS server;
then enter a name for the port.
YSoft SafeQ 5 1760

February 03, 2016
5 Select Custom and click on Settings.
YSoft SafeQ 5 1761

February 03, 2016
6 The Hostname or IP address of the SafeQ CML server or SafeQ ORS server created should
already be visible in Port Name and Printer Name or IP Adress

On the LPR Settings page, enter the name of the queue that will be used for the printer (for
example secure when using print roaming).
If necessary, change other settings on the page to disable LPR Byte Counting and SNMP
status.
YSoft SafeQ 5 1762

February 03, 2016
7 From the list of printer drivers, select the appropriate driver or select a driver from the disk. Please
make sure that the selected driver is supported by all MFPs in the print roaming group.
YSoft SafeQ 5 1763

February 03, 2016
wizard.
YSoft SafeQ 5 1764

February 03, 2016
9 To share the printer select Share this printer so that others on your network can find it and use
it. Fore more information please refer to the following article Shared Print from Windows Server.
YSoft SafeQ 5 1765

February 03, 2016
10 Send a test page to validate that the printer was installed correctly.
Select Print a test page
YSoft SafeQ 5 1766

February 03, 2016
11 To give access right to the group Everyone, follow the procedure below.
Open Devices and Printers, right-click selected device and select Printer properties
YSoft SafeQ 5 1767

February 03, 2016
On the Security tab, make sure the group Everyone has the permission to Print.
YSoft SafeQ 5 1768

February 03, 2016
12 To add a x86 print driver go to the tab Sharing in order to add support for 32bit Windows OS.
Select Additional Drivers.
YSoft SafeQ 5 1769

February 03, 2016
YSoft SafeQ 5 1770

February 03, 2016
In the additional drivers window please select x86.
YSoft SafeQ 5 1771

February 03, 2016
YSoft SafeQ 5 1772

February 03, 2016
Then select the Location of the print driver.
13 Because the print driver has no direct access to any printer, it´s necessary to uncheck Bidirectional
support to prevent a time-out caused by unsuccessful attempt for such communication. On the Ports
tab, make sure Enable bidirectional support is left unchecked.
When the print driver has any other kind of bidirectional support embedded, it has to be disabled as
well such as Auto Acquire Settings, Bi-Directional Communication, etc.
14 Because the driver is in default configuration, it is necessary select all available extensions and
options such as finishers, paper trays, staplers, booklets to meet the highest available hardware
configuration.
15 Enable Print Pooling and create another 4 LPR ports. Fore more information please refer to the
following article Print pooling on MS Windows Server.
YSoft SafeQ 5 1773

February 03, 2016
4.13 LOCAL MONITOR
Overview
Installation
Supported operating systems
Application log
Workstations installation steps
Workstation uninstallation steps
Microsoft Cluster Server installation (MSCS)
Microsoft Cluster Server uninstallation
Configuration
Caveats
Accounting Accuracy
Duplicate Jobs in Accounting Records
Duplicated or Missing Devices
Authorized access
Limitations
Upgrade from SafeQ 4 to SafeQ 5
YSoft SafeQ 5 1774

February 03, 2016
4.13.1 OVERVIEW
Local Monitor is a thin client application that monitors printing using MS Windows Print Spooler on a
workstation or a print server.
All printer ports are monitored.

Ports can be excluded by the IgnorePortsN configuration options.
Default configuration excludes common SafeQ ports, comon 'print to file' ports, and all SMB
printers (port names starting with '\\').
The following diagram depicts how Local Monitors accounts print jobs sent to directly connected
printers (blue) and sent to SMB printer (orange) under normal circumstances.
Local Monitor uses Windows Print Spooler accounting method (see: Print tracking methods).
Accounting information is sent to a SafeQ at scheduled intervals; Local Monitor does not keep
persistent connection to the server. If the server is unavailable, Local Monitor stores accounting
information into a local cache and delivers it to the server once the connection is restored. Cache is
kept even if the system is restarted and is able to keep data as long as disk storage space is available.
YSoft SafeQ 5 1775

February 03, 2016
4.13.2 INSTALLATION
SUPPORTED OPERATING SYSTEMS
MS Windows 32 bit (XP/Vista/7/8/8.1)

MS Windows 64 bit (XP SP3/Vista/7/8/8.1)
MS Windows Servers 2003/2003R2/2008/2008R2/2012 (32bit/64bit)
APPLICATION LOG
Important information about installation and application run can be found in system temporary folder
(usually C:\WINDOWS\Temp) in file SQLocalM.log.
WORKSTATIONS INSTALLATION STEPS
1. Log in to Windows workstation as an administrator (or a user with administrator rights).

2. Go to the directory with Local Monitor installation files.
3. Preconfigure Local Monitor by editing Install.reg file. The list of all configuration options are
described in the section "Configuration options".
4. Start "install.exe" executable
WORKSTATION UNINSTALLATION STEPS
1. Log in to Windows workstation as an administrator (or a user with administrator rights).

3. Start "install.exe" executable with parameter "-u".
MICROSOFT CLUSTER SERVER INSTALLATION (MSCS)
1. Log in to server node as an administrator (or a user with administrator rights).

3. Preconfigure Local Monitor by editing Install.reg file.
a. Set option "MonitorServer"="\\\\ClusterName" with appropriate cluster name.
b. Set option "LocalIP" to IP address of cluster.
c. Set option "LMHost" to unique name.
4. Install YSoft Local Monitor service by starting "install.exe".
5. Change service status from "started" to "stopped".
6. Change service "startup type" from "automatic" to "manual".
7. Ensure that the service (running by default under the SYSTEM account) has credentials to
access monitored printers (setup service to run under administrator account).
8. Repeat steps 1 - 7 for remaining nodes in the cluster.
9. Using the Cluster Administrator, add a new resource as a "Generic service".
a. When asked for service name, enter "SQLocalMon".
b. When asked for service registry keys, add "SOFTWARE\Y Soft Corporation\SafeQ\Local
Monitor" to the list.
10. Bring created resource online.
YSoft SafeQ 5 1776

February 03, 2016
MICROSOFT CLUSTER SERVER UNINSTALLATION
1. Bring created resource offline.

2. Delete resource using Cluster Administrator.
3. Start "install.exe" executable with parameter "-u" on each node.
YSoft SafeQ 5 1777

February 03, 2016
4.13.3 CONFIGURATION
Local Monitor installation package includes configuration file Install.reg, which must be configured
prior installation. Description of configuration options follows.
Configuration option name Description Default

value
Interval Interval for checking new jobs in printer queue in seconds. dword:
0000001E
(30s)
AcceptComplete Take into account all jobs, which have status dword:
'SENT_TO_PRINTER'. 00000001
True - dword:00000001
False - dword:00000000
Server IP address or DN of SafeQ server. The information about 127.0.0.1

jobs will be sent to this IP address.
ServerPort Port, which will be used for communication with SafeQ 9100
server. The same port must be defined on the SafeQ server
side.
LocalIP IP address of local interface from which the Local Monitor

connects to SafeQ.
Use this option when installing on Microsoft Cluster Server

(set IP of cluster).
LMHost Name of workstation, which will be reported as a source

computer of the printed jobs.
Use this option when installing on Microsoft Cluster Server.
IgnorePorts1, IgnorePorts2, ... Local Monitor will ignore outputs on these ports.
MonitorPrinter1, MonitorPrinter2, ... Local Monitor will monitor this printer even if a port of the
printer is in the list of ignored ports. Specify the printers
name in Windows.
MonitorServer Local Monitor will monitor printers on specified server

instead of local printers.
Note: This option is especially useful for monitoring printers

on Windows Cluster server.
ReportEmptyJobs
YSoft SafeQ 5 1778

February 03, 2016

value
Some printer drivers create empty print job in Windows dword:

spooler and send the print job data directly to printer. 00000000
Do not report empty print jobs - dword:00000000
Allow reporting of empty print jobs - dword:00000001
ParserDPI Specify DPI for internal parser. 72
DisableParser Disables/enables analysis of job files for accounting using dword:

internal parser. 00000001
Enable - dword:00000000
Disable - dword:00000001
CurrentUserNameFormat How the Local Monitor should report the user name. If no
input is given, than just standalone user name is reported
(default).
DS_FQDN_1779_NAME CN=someone,
OU=Users,DC=Engineering,DC=Fabrikam,DC=Com
DS_NT4_ACCOUNT_NAME Engineering\someone
DS_DISPLAY_NAME Jeff Smith
DS_UNIQUE_ID_NAME 4fa050f0-f561-11cf-
bdd9-00aa003a77b6
DS_CANONICAL_NAME engineering.fabrikam.
com/software/someone
DS_USER_PRINCIPAL_NAME someone@engineering.
fabrikam.com
DS_CANONICAL_NAME_EX engineering.fabrikam.
com/software\tsomeone
DS_SERVICE_PRINCIPAL_NAME www/www.fabrikam.
com@fabrikam.com
DS_SID_OR_SID_HISTORY_NAME S-1-5-21-397955417-
626881126-188441444-501
SAFEQ_SID_FORMAT 01:05:00:00:00:00:00:
05:15:00:00:00:23:2e:93:00:5e:fc:94:30:e5:fd:ce:87:63:04:
00:00
Note: Specifying any of above options may report currently
logged on user as a job owner
ParseUserFromJobTitle This option allows parsing of job user from the job title. dword:
00000000
ParseUserFromJobTitleDelimiter Defines delimiter of username parsed from job title. [.:_/\\\\]
YSoft SafeQ 5 1779

February 03, 2016

value
Standard Perl compatible regular expression is used.

Default setting uses as delimiter one of these signs .:_/\,
backslash must be defined as \\\\.
ParseUserFromJobTitleIndex Position of owner token in job title (indexing starts at 0, ie. dword:
first token is 0, second is 1, etc.). 00000000
ParseUserFromJobTitlePreserveTitle Use this option to preserve title after parsing job. Using dword:
default value will remove username from job title (if the 00000000
ParseUserFromJobTitle is used).
YSoft SafeQ 5 1780

February 03, 2016
4.13.4 CAVEATS
ACCOUNTING ACCURACY
Accounting information reflects what Windows Print Spooler (thinks it) sends to a printer. Print
parameters and number of pages that are actually produced may differ.
It is possible to enable internal PCL parser to increase accuracy of accounting information for
PCL5/PCLXL/HPGL2 print jobs. When enabled, each print job is read from Windows Print
Spooler and analyzed.
Some print drivers do not provide correct number of pages when the printer is shared from
Windows Print server. We recommend to enable internal PCL parser to provide more accurate
accounting information.
Accounting information can get lost if YSoft SafeQ server crashes. Local Monitor does not wait
for the server to store accounting information to a persistent storage; as soon as the server
accepts the accounting information, it is removed from Local Monitor cache.
DUPLICATE JOBS IN ACCOUNTING RECORDS

Although default configuration is likely to work well in most environments, it is recommended to
properly configure ignored ports in environments where YSoft SafeQ queues, directly connected
printers, and Windows shared printers are available. Failure to do so may result in duplicated job
accounting records in SafeQ:
Print job sent to YSoft SafeQ queue is initially accounted by the Local Monitor when the job is
submitted to the queue. YSoft SafeQ will then account the same job after it is actually delivered
to a printer.
Print job sent to SMB printer is initially accounted by the Local Monitor on the client as it is sent
to the print server. If the print server is equipped with another instance of Local Monitor, job is
accounted again as it is being delivered to the printer.
DUPLICATED OR MISSING DEVICES

YSoft SafeQ automatically creates device entries for printers tracked by Local Monitors using
configurable heuristics to identify identical printers reported by multiple Local Monitors (see the local-
match-N configuration options of YSoft SafeQ). The results of this method is based on information
available about printers such as hostname, port type, port name, printer name, and printer's IP
address. Unless configured properly, one physical printer may show in reports as multiple device
entires or multiple physical printers may show as single device entry in YSoft SafeQ.
For example: When two workstations with Local Monitor print to a network printer directly, two device
entries might be created for the same printer in YSoft SafeQ - each one from Local Monitor on each
workstation. One physical printer will appear as two in the reports, each showing its share of print jobs.
AUTHORIZED ACCESS
When the safeqPortAuthOnly configuration property is set to enabled, the communication

between Local Monitor and YSoft SafeQ does not work. The default value of safeqPortAuthOnly is
disabled.
YSoft SafeQ 5 1781

February 03, 2016
4.13.5 LIMITATIONS
UPGRADE FROM SAFEQ 4 TO SAFEQ 5
The parameters local-price-bw and local-price-color have been removed from

SafeQ 5. If they were used for accounting in SafeQ 4, it is necessary to update Default Price List
for local devices in SafeQ 5 after upgrade.
4.14 EXTERNAL SCRIPTS
YSoft SafeQ supports number of external scripts that can be used in order to automate SafeQ related
processes. Description and configuration of those scripts is available in this sections.
Scripts available in <SAFEQ_DIR>\bin\:
Script files Script description
csv_import.bat Using the CSV File User Replicator
device_import.bat Using the CSV File Device Replicator
service_firmware_update. The tool for update service firmware.

bat
sqjconsole.bat Java console for CML / ORS

monitoring
4.14.1 USING THE CSV FILE DEVICE REPLICATOR
On this page
CSV Device Replicator

Functionality and configuration
CSV file structure
Sample line:
Further information
CSV DEVICE REPLICATOR
This external utility is used for device replication from CSV files into the internal SafeQ database.
YSoft SafeQ 5 1782

February 03, 2016
FUNCTIONALITY AND CONFIGURATION
Regular start-up shall be provided by the user, e.g. the Scheduled Task service in Windows, by running the
batch file delivered. To avoid pause in the end of run, add -nopause parameter.
<SAFEQ_DIR>\bin\device_import.bat
Next, several parameters can be set up in the YSoft SafeQ configuration (through System Settings page):
csv_device_dir – the value of this parameter must refer to the directory where the source csv files
with the definition of the imported devices are located. Only files with the .csv extension are uploaded
and then read in an alphabetic order. Should this directory not exist, the replication will not proceed
and this service will be recorded in the log (default: C:/SafeQ5/server/csv_devices)
csv_device_emails – if this parameter is enabled, the replicator sends, after replication, an email to
the SafeQ administrator (and to other addresses defined) if an error has occurred during replication.
(default: disabled)
csv_device_email_address – other email addresses may be added to this parameter where the
error log of the replicator shall be sent. Please separate the individual addresses with commas.
csv_device_incremental – if disabled (default) replicator will delete all devices created by previous
replication. If enabled, replicator will only update existing devices.
csv_charset – character encoding for csv files. Value follows Java convention for defining charsets.
(default: UTF-8)
CSV FILE STRUCTURE
CSV files must have an accurate format. Mandatory values must be entered (shown in the list in blue),
otherwise the device will not be replicated into the internal database. Optional values may be left blank. In
this case, they will be obtained from the device template.
The individual parameters shall be separated with a semi-colon (;), should a value contain a semi-colon,
then such value must be enclosed by inverted commas ("text;text").
All names are "case-sensitive", i.e. small and capital letters are distinguished. Example: group "default" is
not the same as "Default".
1. Device name – name of a device. This parameter doesn't have to be unique in device group. If no
Device name is specified in csv file, the device will not be replicated.
2. Group name – name of a device group (ORS group or Default group) to which the device will be
assigned. If no group exists or specified group does not exist, the device will not be replicated.
3. Template name – name of device template from which the values not specified in the csv file will be
taken. All missing parameters (accounting, price list, terminal embedded settings, advanced
parameters...) are taken over from it. If template does not exist or is not specified in csv file, the
device will not be replicated.
4. Device IP address – IP address or domain name of a device. If csv file contains domain name for
device instead of IP, replicator first translate domain into IP and then continue (this is necessary to
eliminate possibility of replication 2 same devices - one with IP and one with domain). The replicator
will determine if device with same IP address exists within the specified Group name. If exists, the
device parameters will be updated according to the values taken from the csv file and will marked as
replicated. If no such device exists with this IP, a new device will be created. IP address of the device
must be unique within one ORS Group and within all CML groups. If csv file contains device specified
YSoft SafeQ 5 1783

February 03, 2016
with domain name and SafeQ already has this device, but with IP address, then IP is changed to
domain name. If the Device IP address is not specified in csv file, the device will not be replicated.
5. Terminal serial number or IP address – if specified, a new hardware terminal will be assigned to
the device (or an old one updated). Terminal serial number must be unique within the whole SafeQ
(including all CML and ORS groups). If the Terminal serial number or IP address already exists, then
the device will not be replicated.
6. Direct queues – if the value is filled out, then direct queues will be assigned to the device. If
updating the device, then all previously assigned direct queues will be removed and newly specified
queues are added. The individual names must be separated with commas (if multiple queues are to
be assigned). Direct queue must be unique within the whole SafeQ (including all CML and ORS
groups). If the device with same direct queue exists, the new device will not be replicated.
7. Accounting center number - cost center to which the device will be assigned if value is specified. If
value is incorrect (CC is already deleted or renamed) or value is not specified, the value is taken from
template. If no such Accounting center number exists (CC in template is also incorrect), the device
will not be replicated.
8. Device description - description of the device. If no value is specified in csv file, then the value from
template is taken.
9. Device location - location of the device. If no value is specified in csv file, then the value from
template is taken.
10. Inventory number - equipment number of the device. If no value is specified in csv file, then the the
value stays empty.
11. Service Agreement number - m aintenance contract number. If no value is specified in csv file, then
the the value stays empty.
12. Person to contact - If no value is specified in csv file, then the the value from template is taken.
13. ZIP code - If no value is specified in csv file, then the the value from template is taken.
SAMPLE LINE:
_Main HQ printer;Default;Template 1 ; 10.0 . 0.1 ;SQPR751331000E;direct1,direct2; 0 ;My

printer; "Downstairs in office; third from the left" ;EQ66;ServNo# 66 ; "Phil Johnson" ; 10001
FURTHER INFORMATION
If replicated devices use terminal embedded, admin will have to install TE manually after replication.
TE setting are preconfigured and admin has to just click on reinstall button in device settings.
It is possible to have 2 devices with same terminal, because we cannot translate terminal IP into its
SN and vice versa. So the first device can have terminal specified by its IP and second can have
terminal specified by SN.
All replicated devices must have proper DNS record (DNS server must be accessible from SafeQ
CML server) in order to disallow replication of 2 same devices (one with domain name and one with
IP address).
Full replication must be run in maintenance hours only.
YSoft SafeQ 5 1784

February 03, 2016
4.14.2 USING THE CSV FILE USER REPLICATOR
The CSV replicator is intended for the download of users, cost centres, and/or user roles from pre-
defined CSV files and for storing this information in the SafeQ server internal database. In this
case, authentication is via the internal database.
The configuration is typically defined on the master CML server only.
AT A GLANCE
Following steps are needed to enable CSV file replication:
1. Configure replication source directory by editing the csv_dir configuration property through System
Settings page if necessary (default: <SAFEQ_DIR>\server\csv).
2. Create CSV files according to the structure described in the next chapter. The CSV File encoding
should be UTF-8.
3. Start replicator by running command line script <SAFEQ_DIR>\bin\csv_import.bat.
NOTE: For regular synchronization with the CSV file, schedule the import via system scheduled
tasks. To avoid pause at the end of the run, add the -nopause parameter.
NOTE: Information about replication results will be saved in log file (CSVReplicator.log) stored in
<SAFEQ_DIR>\logs.
CSV FILE STRUCTURE
Before replication, the respective CSV files must be stored in the directory named in the csv_dir
configuration parameter (initially, <SAFEQ_DIR>\server\csv).
These files must be stored in the format shown below. The files are processed in alphabetical order
based on their names. (For replication, only some of them may be used.)
NOTE: Only one type of input information per file is allowed. E.g. you cannot import users and update
card numbers in the same csv file.
NOTE: CSV files must be imported in logical order. E.g. users must be created before card is assigned
to them.
NOTE: CSV file user replicator is not able to create/modify the money accounts in YSoft Payment
System.
The following input types are supported:
User information
Card numbers
Cost centers
Roles
Mapping roles to users
Update of users
YSoft SafeQ 5 1785

February 03, 2016
Deletion of users
Set user's password
REPLICATION OF COMPLETE USER LIST

Replicates the complete list of all users created from an external source.
<user ID>;<login,alias,...>;<first name>;<last name>;<email>;<centre number>
The replication has the following features:
If the userID equals zero, then user is updated based on the login (first record). Otherwise, the user
with ID matching the userID is updated.
If the replicator finds existing user, the replicator compares existing records. In case of changes, it
updates relevant data (and adds and/or removes data).
If the replicator does not find any user, new one is created. The user ID for the new user is added by
database sequence, not by userID specified in CSV!
Records not present in the list will be marked as deleted.
PIN OR CARD NUMBER UPDATE

Adds additional information to an existing list of users (internal and/or replicated from another source).
<login>;<PIN/card number>
New PINs or card numbers will be added to corresponding records.

PINs or Card numbers not specified in the list will be deleted.
Empty fields in place of a PIN / card number imply the removal of all associated records.
PINs or Card numbers imported in another way (e.g. using internal DB/LDAP replication) will remain
unchanged.
When importing PIN number already encrypted via MD5 add tag md5@@ before whole PIN
e.g. jondoe;md5@@PINe10adc3949ba59abbe56e057f20f883e
COST CENTRE LIST REPLICATION

List of all cost centers to be replicated to the internal database.
DEPT;<centre number>;<centre name>
Centers not included in the list will be removed (marked as deleted).

Other cost centers will be added and/or updated.
ROLE LIST REPLICATION

List of all roles to be replicated to the internal database.
ROLE;<role name>;<role description>
Roles not included in the list will be removed (marked as deleted).
YSoft SafeQ 5 1786

February 03, 2016
Other roles will be added and/or updated.
ASSIGNMENT OF USER TO ROLE

The list of roles the user has been assigned to.
RMAP;<login>;<role name>
Only roles in the list will be kept for user (plus the role Everyone); the others will be removed.
SET PASSWORD FOR USER

This replication type can be used to initialize password for replicated (or any other) users.
Password is set only if user does not have any. This should prevent situation when next replication
overwrite the current user's password that user choose instead of the default one (for example via
Dashboard widget, if password change action is enabled via his user's rights).
PASSWORD;<login>;<password>
Password can't be empty and must be entered as plain text
UPDATE OF USERS
While the replication of users require list of all users (not listed users are deleted), update of users updates
only particular user.
USERUPDATE;[userID];[login,alias,...];[name];[surname];[email];[centre number];[home directory]
If userID is not empty, user is searched by her ID. Otherwise user is searched by login.
Parameters can be empty. Only filled values are updated for the user.
DELETION OF USERS
While the replication of users deletes all not listed users, deletion of users deletes only particular user.
USERDELETE;[userID];[login,alias,...]
If userID is not empty, user is deleted based on her ID. Otherwise user is deleted based on login.
4.15 HOW TO GUIDES
4.15.1 LIST OF 'HOW TO ...' GUIDES
Configuring and using Rule-based Engine

Configuring and using Shared Queues
Configuring Authorized Copying
Configuring Copy Tracking
YSoft SafeQ 5 1787

February 03, 2016
Configuring Terminal Server web server

Configuring File backend
Configuring Green reports
Configuring SSL for Web interface
Configuring ID card self assignment
Configuring IPP backend
Configuring IPPSSL backend
Configuring Office Print Tracking
Configuring Print Data Transfer Compression
Configuring Print Data Transfer Encryption
Configuring Print job list management
Configuring Print job preview
Configuring Print Roaming
Configuring Project Copy Tracking
Configuring Project Print Tracking
Configure Scan Tracking
Configure secure printing and Print roaming
Configuring Server Failover
Configuring Terminal monitoring via SNMP
Configuring WebDav
Configuring Workflow Scanning
Enabling and using print price estimation
How to disable secured communication between Terminal Server and embedded terminals
How to update Terminal Professional
Regular Expressions
Selecting certificate of Terminal Server
Use Card Number Conversion
Configuring Subscription Model reports
Configuring etcd
Single Sign-On for SafeQ Web Interface
4.15.2 CONFIGURING AND USING RULE-BASED ENGINE
OVERVIEW
Rule-based Engine allows administrator of YSoft SafeQ to define rules that will help optimize customer's
print environment. You can find purpose and examples here.
YSoft SafeQ 5 1788

February 03, 2016
CONFIGURATION
and go to Rules > Rules selection.
2 Create a new rule by clicking Add new item. A window with creating wizard will be opened.
Use wizard to create new workflow. For more information about wizard see: Using the Rule Definition
wizard
For more information about triggers, conditions, actions and notifications see: Rule-based Engine:
rule definition
3 Create all desired rules by repeating step 2.
4 Every created rule is be visible in the rule list. You can perform following actions here:
Edit - to edit the existing rule, please double click on the rule or click settings button on
the right side of rule.
Enable/disable - to enable / disable rules just click the flag icon belonging to the rule.
Rules with red flag will not be processed, rules with green flag will.
Order - order rules in list by simply dragging and dropping. If more rules are enabled,
they will be performed in the order from the first to the last in the list starting with top of
the list.
4.15.3 CONFIGURING AND USING SHARED QUEUES
Overview
Initial Deployment
Configuring Shared Queues via SafeQ Web Interface
Configuring Delegation Print (VIP Shared Queues) via SafeQ Client by user
Workstation Configuration
YSoft SafeQ 5 1789

February 03, 2016
OVERVIEW
Following administrative tasks are required to be performed in order to configure Workgroup print sharing
(Shared Queues)
INITIAL DEPLOYMENT
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 It is also necessary to properly configure Identity management. By default, SafeQ rejects all prints
initiated by unknown user (user who is not in the SafeQ Identity Database)
3 Install and configure YSoft SafeQ Terminals.
Be sure that for every device, where copy is supposed to be monitored by SafeQ, is
equipped by some type of the terminal.
Embedded Terminals: device must be properly configured and the terminal must be
deployed to the MFP (see Install Embedded Terminals). Embedded Terminal cannot be
installed, unless the device is registered in SafeQ (see "SafeQ Configuration Tasks"
section of this guide).
4 For network attached printers, (re)configure all workstations or print servers to print via SafeQ server
(or use Windows print spooler monitoring). YSoft SafeQ Client can be used for configuration of
workstations. For vast majority of the installations, configured printer ports must point to the SafeQ
Server. See Printer configuration for Workstation and Server for more information.
CONFIGURING SHARED QUEUES VIA SAFEQ WEB INTERFACE

Configure Print roaming (see Configure secure printing and Print roaming) and follow these steps to define
and configure Shared Queues:
Go to Devices > Shared queues.
2 Select Items > Add new shared queue
YSoft SafeQ 5 1790

February 03, 2016
3 To create regular shared queue:

2. Click Save
OR
To create VIP shared queue:

2. Check "VIP shared queue" checkbox
3. Click icon and select owner from displayed users list
4. Click Save
Note: You must enable the VIP shared queues in the system settings at first to see the checkbox.
Please refer to documentation related to Configuration of VIP Shared Queues.
5 Now you can see created shared queue(s) in the list. There is names, type and number of users for
each shared queue in the list.
YSoft SafeQ 5 1791

February 03, 2016
To add user, select queue and click Items > Add user to selected queue
6 Select users and roles form the displayed list and close list.
7 Now click Save settings.
Now all added users and users which are members of added roles, will see all jobs print jobs sent to
this queue.
CONFIGURING DELEGATION PRINT (VIP SHARED QUEUES) VIA SAFEQ CLIENT BY USER
To define and configure user configuration of Shared Queues follow these steps:
YSoft SafeQ 5 1792

February 03, 2016
2 Go to System > System settings and set user-defined-shared-queues-enable to enabled.

If enabled, Delegation Print feature is activated in SafeQ.
Make sure that attribute webServerPort is set to the same port as SafeQ web interface uses (e.g.
81).
Web server HTTP port value used by this web interface. Value must match settings in server.xml
configuration file and is used for construction of web links.
3 Go to Users > Users list > Set up access rights.
4 Enable Access to management of own shared print queue via separate web interface and click
Save.
YSoft SafeQ 5 1793

February 03, 2016
5 Print document from your workstation via SafeQ Client as user with granted delegation rights (device
connected to SafeQ port).
The VIP shard queues tab should be available in SafeQ Client window.
Click Select people to define which users will have access to your shared queue. You'll be redirected
to application where you can delegate persons with privilege to print your shared print jobs.
You have to enter your login and password to manage the queue.
Note: Button "Select people" is not available on ORS servers.
Note: Shared queue is automatically created also when user click Shared Print directly (sends
job via Shared print). But new queue will contain just the sender of the job.
YSoft SafeQ 5 1794

February 03, 2016
6 A window for shared queues configuration should be opened. Note: Internet Explorer must be
installed to open this window.
Login with user, which has allowed Access to management of own shared print queue via separate
web interface property in user access rights.
Note: You can access this window also via Internet Explorer web browser using URL - http
(s)://<safequrl>/client.jsp. This web page is available only on CML server but you can manage
through it also shared queue used on ORS server.
YSoft SafeQ 5 1795

February 03, 2016
7 Click Add user to add new users to shared queue.
YSoft SafeQ 5 1796

February 03, 2016
8 Select users to add from the list and click Add users.
Note: Owner of the queue is grayed and cannot be selected.
YSoft SafeQ 5 1797

February 03, 2016
9 Now you can see users added to yours shared queue. If you are done click Save and close and
close Internet Explorer window.
Created shared queue will be also available in the SafeQ web interface.
YSoft SafeQ 5 1798

February 03, 2016
10 Now shared queue is created and you can send shared jobs to print.
Now you can click Shared Print and your job will be added to created shared queue, then selected
users will have access to this job.
YSoft SafeQ 5 1799

February 03, 2016
WORKSTATION CONFIGURATION
If you want to use shared queue directly without using SafeQ web Client follow these steps:
1 Configure workstation as described here Printer configuration for Workstation and Server, and use
Shared Queue Name you've created in previous steps.
YSoft SafeQ 5 1800

February 03, 2016
4.15.4 CONFIGURING AUTHORIZED COPYING
Copy panel of the MFP device have to be locked. This is handled by I/O blocking module in
external terminal, or with installed embedded terminal and disabled appropriate functions.
User needs to authorize himself via YSoft SafeQ terminal. The YSoft SafeQ server is allowing
/disabling him the copy functionality regarding users rights or credit amount available on his
account.
OVERVIEW
Following administrative tasks are required to be performed in order to configure MFD Walkup Functions
Control.
YSoft SafeQ 5 1801

February 03, 2016
DEPLOYMENT, CONFIGURATION
1 At each device used for the authorized copying needs to be connected/installed YSoft SafeQ
terminal.
2 In case of usage YSoft SafeQ embedded terminal, the embedded terminal has to be properly
installed within MFP device. See Install Embedded Terminals.
3 In case of usage YSoft SafeQ external terminal (Terminal Professional or Terminal UltraLight), the
terminal has to be properly installed within MFP device. See Terminal Professional.
4 Administrator have to configure for each user role, group of devices or ORS servers access definition
with allowing/disabling access for copying. See Defining access rights.
4.15.5 CONFIGURING COPY TRACKING
Following administrative tasks are required to be performed in order to configure Copy Tracking
INITIAL DEPLOYMENT FOR NETWORK COPY TRACKING
3 Install and configure any of the YSoft SafeQ Terminals.
1. a. Be sure that every device where copy is supposed to be monitored by SafeQ is equipped
by some type of the terminal.
b. External Terminals: device panel of copy function must be blocked using smart cable
(see Hardware Compatibility List (HCL) and Installing and configuring YSoft SafeQ
Terminals) and available only after user authenticates.
c. Embedded Terminals: device must be properly configured and the terminal must be
installed, unless the device is registered in SafeQ.
YSoft SafeQ 5 1802

February 03, 2016
SAFEQ CONFIGURATION TASKS
1 Use Adding and editing printers in Web Administration, section Using the Printers list to add device
you wish to monitor. Make sure at least IP address and Accounting Mechanism is correctly specified.
(see Print tracking methods for more information).
For Costs Recovery, price list can be optionally defined.
2 Use Defining access rights to ensure that users are eligible to copy at the defined device.
4.15.6 CONFIGURING TERMINAL SERVER WEB SERVER
Overview
Prerequisities
Web server properties
Installation of HWC prerequisites
Installation via SafeQ installer
Manual installation
Logging of web servers
Trace logging of web servers
YSoft SafeQ 5 1803

February 03, 2016
OVERVIEW
Terminal Server implements embedded web server based on IIS hostable web core (HWC)
functionality. HWC web server is suitable even for environments with large number of devices connecting to
one node. It provides necessary performance and stability.
PREREQUISITIES
IIS 7.0 or higher must be installed on the server in order to use HWC web server and therefore it can be
used only on Windows Server 2008 or higher. The IIS together with all required features can be installed
automatically during installation of SafeQ (both for CML and ORS server) or it can be installed manually.
WEB SERVER PROPERTIES
Behavior of web servers is following:
Configuration in Terminal Server's TerminalServer.exe.config (located in

<SafeQ_dir>\terminalserver) has higher priority than configuration obtained from SafeQ.
If necessary ports (see Network communication overview) are occupied by any other application,
Terminal Server will not start.
INSTALLATION OF HWC PREREQUISITES

As the HWC web server requires additional support from the operating system, some server features must
be installed in order to run the HWC web server. Required server features can be installed during SafeQ
installation or can be set up manually on supported systems.
INSTALLATION VIA SAFEQ INSTALLER
NON-CUSTOMIZED INSTALLATION OF CML
In case of non-customized installation, necessary system roles are installed and HWC server is always
configured (if supported by the operation system).
YSoft SafeQ 5 1804

February 03, 2016
If you do not want have HWC configured automatically, deselect I want to customize my YSoft
SafeQ installation and proceed with customized installation.
Note that installation of roles and features via installer may take several minutes.
If port 80 is selected in the installer for SafeQ web interface, then IIS site called "Default Web Site"
is deleted from IIS after installation as the site overrides system settings and uses port 80 instead
of SafeQ web interface. If IIS was already installed before and you select this option, please make
sure that no important site named "Default Web Site" is configured in external IIS otherwise it will
be deleted.
CUSTOMIZED INSTALLATION OF CML
During customized installation, you have the possibility to skip automatic installation and configuration of
HWC by deselecting option Enable support for embedded IIS web server.
YSoft SafeQ 5 1805

February 03, 2016
Please check and install necessary roles manually according to guide below.
UPDATE / UPGRADE OF CML SERVER
If you are updating or upgrading SafeQ installation, then no roles nor features are installed. If you want to
use HWC web server, then server web role must be enabled manually.
ORS INSTALLATION
To install web server roles and features use configuration option enableHwcSupport in safeq-ors.ini. The
usage is following:
enableHwcSupport = 0 -- roles and features are not installed

enableHwcSupport = 1 -- web server role and corresponding features are installed. Installation
includes deleting of the default IIS web site and may take several minutes depending on system
usage and configuration.
If port 80 is selected in the installer for SafeQ web interface, then IIS site called "Default Web Site"
is deleted from IIS after installation as the site overrides system settings and uses port 80 instead
of SafeQ web interface. If IIS was already installed before and you select this option, please make
sure that no important site named "Default Web Site" is configured in external IIS otherwise it will
be deleted.
YSoft SafeQ 5 1806

February 03, 2016
MANUAL INSTALLATION
INSTALLATION VIA SCRIPTS
Server web role and related services can be enabled on Windows Server 2008, 2008 R2 and 2012 also by
powershell scripts. To execute these scripts, 64-bit version of Powershell must be used. The commands
are different for each Windows version.
Windows Server 2008
ServerManagerCmd.exe -install Web-Server Web-Asp-Net
Windows Server 2008 R2
Import-Module ServerManager
Add-WindowsFeature Web-Server
Add-WindowsFeature Web-Asp-Net
Windows Server 2012
Import-Module ServerManager
Add-WindowsFeature Web-Server
Add-WindowsFeature Web-Asp-Net45
Add-WindowsFeature Web-WHC
After installation of server web role, the IIS is always installed together with 'Default Web Site'
which uses port 80. If you want to have SafeQ 5 web interface using this port (80), delete this
default web site in IIS Server Manager, or use command
YSoft SafeQ 5 1807

February 03, 2016
C:\Windows\System32\inetsrv\AppCmd.exe delete site /site.name:"Default Web Site"
Stopping the web site is not sufficient as it starts again after computer restart.
FULLY MANUAL INSTALLATION EXAMPLE
GOTO SERVER MANAGER > ROLES , THEN OPEN ADD ROLES WIZZARD AND SELECT WEB SERVER (IIS) SERVER ROLE.
YSoft SafeQ 5 1808

February 03, 2016
ASP.NET and Hostable Web Core role services must be enabled together with depending features.
YSoft SafeQ 5 1809

February 03, 2016
YSoft SafeQ 5 1810

February 03, 2016
YSoft SafeQ 5 1811

February 03, 2016
Finally click the Install button. The installation may take several minutes.
Keep in mind that IIS is installed together with Default Web Site running on port 80 which may
interfere with SafeQ web interface. If you want to have SafeQ 5 web interface using this port (80),
delete this default web site in IIS Server Manager
LOGGING OF WEB SERVERS
You can recognize successful start of HWC web server from terminalserver.log, located in
<SafeQ_dir>\terminalserver:
Initializing web server manager...

Web server manager initialized.
Web server [Hwc] selected in configuration.
Initializing [HWC] web server...
Checking port availability...
All required ports are available. Checking [HWC] prerequisities...
IIS 7.0 or higher is installed.
Required IIS features are enabled.
.NET 4.0 is registered to IIS.
Library hwebcore.dll was found in the system.
Creating certificate wrapper.
Installing and binding certificate to secured ports...
Certificates binded and installed.
Unbinding certificates from unsecured ports....
Certificates unbinded. Activating [HWC] web server.
Initialization of [HWC] web server was succesfull.
If error occurs during HWC startup in its kernel, the error is saved into Windows Application Event Log
(known limitation of HWC).
The logs can be found in Computer Management > System Tools > Event Viewer > Windows Logs >
Application. The source of error is HostableWebCore. Double-clicking the event shows error detail.
YSoft SafeQ 5 1812

February 03, 2016
YSoft SafeQ 5 1813

February 03, 2016
TRACE LOGGING OF WEB SERVERS

Detailed traces of web server communications is moved from Terminal Server log into separate log file
<SafeQ folder>\terminalserver\logs\http_trace.log. These logs contains detailed information of all
requests together with headers and response codes. To specify verbosity, go to System > System settings
, select Advanced and set dsHttpTraceVerbosity to one of the following options:
none - nothing is logged.

fatal - only requests resulting in 5xx http error code (server error) are logged.
error - requests resulting in 4xx-5xx http code are logged.
info - requests resulting in 2xx-5xx http code are logged.
debug - all requests + request headers are logged (default value).
The Terminal Server does not need restart if the configuration is changed via SafeQ web interface.
dsHttptraceVerbosity = debug
The logs recycle themselves according to current Terminal Server logging configuration.
4.15.7 CONFIGURING FILE BACKEND
This feature is suitable mainly for troubleshooting purposes. Use after consulting with your Y Soft
representative.
YSoft SafeQ 5 1814

February 03, 2016
OVERVIEW
This page describes how to configure YSoft SafeQ to work with printer over File backend.
CONFIGURATION
File names are case sensitive.
1 Create blank file backend.File.sq in %SAFEQ_HOME%/extensions on the server where the printer
is connected and on the CML where web interface is used for administration and restart CML/ORS
services.
2 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer printers (for example,
"admin")
Go to Devices > Printers > Edit device > Advanced tab.
3 Set Backend to File.
Click Save device to apply settings.
YSoft SafeQ 5 1815

February 03, 2016
4 Go to System > System settings and configure printToFilePath property with location to store
output job file. The path is relative with working directory set to %SafeQ%\server\temp folder.
UNC path or absolute path is not supported

it is possible to enter subfolder structure
it is possible to navigate using parent directory (e.g. set ../../outputFolder to store jobs in %SafeQ%
\outputFolder)
directory will be created if it does not exist
Then click Save settings.
4.15.8 CONFIGURING GREEN REPORTS
OVERVIEW
This page describes how to configure Purged Pages reports (see Green Reporting). Purged Pages reports
show the number of pages that were sent to YSoft SafeQ but not printed (deleted on terminal or in SafeQ
Web interface). Copies and scans are not counted to the reports.
Purge Pages functions reports depends also on print job parser settings:
if parser is enabled - you can specify the price of a particular page type
if parser is disabled - you can specify the average count of pages for every non-printed job. These
jobs will be counted as A4 B/W jobs according to the settings for Green report jobs with the parser
enabled
YSoft SafeQ 5 1816

February 03, 2016
YSoft SafeQ 5 1817

February 03, 2016
CONFIGURATION
Go to System > System settings and set enable-purge_reports property to enabled.

If enabled, green reports are generated regularly in SafeQ.
2 a) Enable print job parser and set prices for Purge pages in following properties(System > System
settings):
purge_job_price_bw_a3
purge_job_price_col_a3
purge_job_price_bw
purge_job_price_col
b) In case of disabled parser , specify the average count of pages for every non-printed job
purge_job_avg_pages (System > System settings)
3 You can see statistics for Purge Pages in Reports > Web reports.
4 If you wish to see only the sum of money saved during the specific period of time, limit the web
reports to the purged pages as displayed below:
YSoft SafeQ 5 1818

February 03, 2016
5 To display actual saving only following columns have to be included in the report:
6 For more information about web reports see: Using Web reports
4.15.9 CONFIGURING SSL FOR WEB INTERFACE
This article will help you with the configuration of the secured connection (HTTPS) to the YSoft SafeQ web
interface. This article consists of:
Tomcat 7 HTTPS configuration

Example of setting up the secure connection using self-signed certificate
Example of setting up the secure connection using the existing Personal Information Exchange (*.pfx;
*.p12)
Required settings for YSoft SafeQ client
Custom host name SSL configuration
Troubleshooting
TOMCAT 7 HTTPS CONFIGURATION
The configuration is stored in <SafeQ>\tomcat\conf\server.xml for CML and

<SafeQORS>\tomcat\conf\server.xml for ORS
Keep HTTP non-SSL port (default 80) as the first in XML. Installer requires HTTP port to be the
first in definition. HTTPS should be the second.


<Connector port= "80" maxHttpHeaderSize= "8192"
maxThreads= "150" minSpareThreads= "25" maxSpareThreads= "75"
enableLookups= "false" redirectPort= "443" acceptCount= "100"
connectionTimeout= "20000" disableUploadTimeout= "true" URIEncoding= "UTF-8" />
<Connector port= "443"

protocol= "org.apache.coyote.http11.Http11AprProtocol"
maxHttpHeaderSize= "8192"
maxThreads= "200"
minSpareThreads= "25"
enableLookups= "false"
YSoft SafeQ 5 1819

February 03, 2016
disableUploadTimeout= "true"
acceptCount= "100"
scheme= "https"
secure= "true"
SSLEnabled= "true"
SSLCertificateFile= "${catalina.home}/conf/safeq-tomcat.crt"
SSLCertificateKeyFile= "${catalina.home}/conf/safeq-tomcat.key"
SSLVerifyClient= "none"
SSLPassword= "*****"
SSLProtocol= "TLSv1+SSLv2"
URIEncoding= "UTF-8"
clientAuth= "false"
SSLCipherSuite="
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA"
/>
Alternatively, you can extend supported protocols with TLSv1.1 or TLSv1.2.
The private key is stored in <SafeQ>\tomcat\conf\safeq-tomcat.key or <SafeQORS>\tomcat\conf\safeq-

tomcat.key. Private key is protected by password specified in configuration file with attribute SSLPassword.
The certificate is stored in <SafeQ>\tomcat\conf\safeq-tomcat.crt or <SafeQORS>\tomcat\conf\safeq-tomcat.

crt.
EXAMPLE OF SETTING UP THE SECURE CONNECTION USING SELF-SIGNED CERTIFICATE

This example describes the way how to make the web connection secure using the self-signed certificate. In
case you wish to use your own certificate and the private key which is trusted in your environment, it is
necessary to replace safeq-tomcat.crt and safeq-tomcat.key with your own files, set up the appropriate
password in the SSLPassword parameter (<safeq_folder>\tomcat\conf\server.xml) and restart the "YSoft
SafeQ Web interface" service.
NOTE: Path for YSoft SafeQ directory can vary based on the settings selected during the installation.
Therefore <safeq_folder> tag is used instead of exact path, which is usually C:\SafeQ5\ for the CML servers
or C:\SafeQORS\ for the ORS servers.
NOTE: In case the CML cluster is used, the steps has to be performed on every node of the CML
cluster.
1 Stop "YSoft SafeQ Web interface" service on YSoft SafeQ server
YSoft SafeQ 5 1820

February 03, 2016
2 Remove files <safeq_folder>\tomcat\conf\safeq-tomcat.crt and

<safeq_folder>\tomcat\conf\safeq-tomcat.key
3 Install OpenSSL, e.g.: Win32 OpenSSL Light - http://slproweb.com/products/Win32OpenSSL.html
4 Open command line and run the following command:
cd <safeq_folder>\tomcat\conf
openssl req - new -x509 -days 365 -nodes -out safeq-tomcat.crt -keyout safeq-tomcat.key
-passout "pass:***"
In case of OpenSSL-Win32 installation run the following command in the command

line (administrative privileges are required, path has to lead to the folder where
OpenSSL was installed):
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
It is expected that the openssl.exe is stored in the PATH environment variable (e.g.: C:
\OpenSSL-Win32\bin). If the variable does not exist, it is necessary to specify the full
path to openssl.exe.
OpenSSL commands should always contain prefix pass:, correct string is "pass:my-
secret-password"
The password for the -passout parameter can be found in the
<safeq_folder>\tomcat\conf\server.xml, search for the parameter SSLPassword
5 Answer the questions when you are prompted for them:
Q: Country Name (2 letter code) [AU]:

A: enter two-letters code for entered stateQ: State or Province Name (full name) [Some-State]:
A: enter organization state
Q: Locality Name (eg, city) []:

A: enter organization city
Q: Organization Name (eg, company) [YSoft]:

A: enter organization mane
Q: Organizational Unit Name (eg, section) []:

A: unit name
YSoft SafeQ 5 1821

February 03, 2016
Q: Common Name (e.g. server FQDN or YOUR name) []:

A: enter IP address of server (e.g. 10.0.11.70)
Q: Email Address []:

A: enter e-mail address
6 (OPTIONAL)
If you wish to enable automatic redirection from unsecured connection (HTTP port 80) to the secured
connection (HTTPS port 443), edit <SafeQ>\tomcat\conf\web.xml and append these lines before the
</web-app> tag:
YSoft SafeQ 5 1822

February 03, 2016
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
7 Start the "YSoft SafeQ Web interface" service on YSoft SafeQ server
8 Verify that YSoft SafeQ web interface functional and uses your own certificate. In case you enabled
the automatic redirection to HTTPS, opening the http://<safeq_server_IP> address will be
automatically redirected to https protocol.
EXAMPLE OF SETTING UP THE SECURE CONNECTION USING THE EXISTING PERSONAL INFORMATION
EXCHANGE (*.PFX;*.P12)
This example describes the way how to make the web connection secure using the e xisting Personal
Information Exchange (*.pfx;*.p12) .
NOTE: Path for YSoft SafeQ directory can vary based on the settings selected during the installation.
Therefore <safeq_folder> tag is used instead of exact path, which is usually C:\SafeQ5\ for the CML servers
or C:\SafeQORS\ for the ORS servers.
NOTE: In case the CML cluster is used, the steps has to be performed on every node of the CML
cluster.
1 Stop "YSoft SafeQ Web interface" service on YSoft SafeQ server
2 Remove files <safeq_folder>\tomcat\conf\safeq-tomcat.crt and

<safeq_folder>\tomcat\conf\safeq-tomcat.key
3 Install OpenSSL, e.g.: Win32 OpenSSL Light -http://slproweb.com/products/Win32OpenSSL.html
YSoft SafeQ 5 1823

February 03, 2016
In case of OpenSSL-Win32 installation run the following command in the command

line (administrative privileges are required, path has to lead to the folder where
OpenSSL was installed):
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cfg
It is expected that the openssl.exe is stored in the PATH environment variable (e.g.: C:
\OpenSSL-Win32\bin). If the variable does not exist, it is necessary to specify the full
path to openssl.exe.
OpenSSL commands should always contain prefix pass:, correct string is "pass:my-
secret-password".
The password for the -passout parameter can be found in the
<safeq_folder>\tomcat\conf\server.xml, search for the parameter SSLPassword
The value at -password parameter has to be exchanged by the password protecting
the .pfx;.p12 file
Open command line and run the following command to extract the certificate:
openssl.exe pkcs12 -in <path_to_file>\myownfile.pfx -nokeys -out "safeq-tomcat.crt" -
password "pass:***"
Open command line and run the following command to extract private key:
openssl.exe pkcs12 -in <path_to_file>\myownfile.pfx -nocerts -out "safeq-tomcat.key" -
password "pass:***" -passout "pass:***"
5 (OPTIONAL)
If you wish to enable automatic redirection from unsecured connection (HTTP port 80) to the secured
connection (HTTPS port 443), edit <SafeQ>\tomcat\conf\web.xml and append these lines before the
</web-app> tag:
YSoft SafeQ 5 1824

February 03, 2016
<web-resource-name>Automatic SLL Forwarding</web-resource-name>

6 Start the "YSoft SafeQ Web interface" service on YSoft SafeQ server
7 Verify that YSoft SafeQ web interface functional and uses your own certificate. In case you enabled
the automatic redirection to HTTPS, opening the http://<safeq_server_IP> address will be
automatically redirected to https protocol.
REQUIRED SETTINGS FOR YSOFT SAFEQ CLIENT
YSoft SafeQ Client communicates with YSoft SafeQ via web interface using embedded Internet Explorer.
Generated SSL certificate needs to be installed on PC with SafeQ Client into Certificate store Trusted Root
Certification Authorities in order to make SafeQ Client work properly. For detailed information see
Problem: SafeQ client - Windows cannot validate certificate on troubleshooting page.
By default, the primary YSoft SafeQ IP address is used as the server name in all requests. Protocol and port
for the connection is based on following settings (accessible from the web interface):
Use configuration value webServerProtocol to define whether to use the http or https protocol.
If webServerProtocol value is http, then YSoft SafeQ generates URL for client using webServerPort
value (default: 80).
If webServerProtocol value is https, then YSoft SafeQ generates URL for client using
webServerPortHTTPS value (default: 443).
Valid certificate is mandatory for HTTPS server. In case of invalid certificate client applications will
display warning or it will refuse to display client window. Depends on security policies of the
operating system
CUSTOM HOST NAME SSL CONFIGURATION

Optionally, the full YSoft SafeQ web URL (safeqWebBaseUrl) can be set. This value is used only by the
YSoft SafeQ Client to configure a custom URL of YSoft SafeQ web interface to match the SSL certificate of
YSoft SafeQ CML or ORS server.
This configuration property is not available from the web administration, it can be set only in the
configuration files.
YSoft SafeQ 5 1825

February 03, 2016
Individual SafeQ cluster nodes and ORS servers can have different values.
YSoft SafeQ CML Server YSoft SafeQ ORS Server
Steps The safeqWebBaseUrl property can be set

1. Install and configure YSoft SafeQ CML during YSoft SafeQ ORS server installation.
server (if not already installed)
2. Open configuration file For detailed information see Installing YSoft
<safeq_folder>\conf\startup.conf SafeQ ORS.
3. Edit the safeqWebBaseUrl value
(if not found, the property can be added,
please see the startup.conf snippet
bellow)
4. Restart the YSoft SafeQ CML service
startup.conf snippet
# Base URL (optional) of the YSoft SafeQ Web interface . If set, it is used used to access the
YSoft SafeQ web interface from the YSoft SafeQ Client.
# Trailing slash is not allowed here. Valid examples: http: //hostname.example.com, http://10.
10.20.20:8080, https://secure.example.com.
safeqWebBaseUrl =
TROUBLESHOOTING
For more details in case of any problems please see: Troubleshooting HTTPS Web interface
TROUBLESHOOTING HTTPS WEB INTERFACE
PROBLEM: SAFEQ CLIENT - WINDOWS CANNOT VALIDATE CERTIFICATE
Windows client does not work with invalid HTTPS certificate. It displays following error
message:
SOLUTION:
Verify that certificate is valid in browser. This certificate must be issued to server address, must have valid
CA and valid timestamp. Otherwise it will be evaluated as invalid.
YSoft SafeQ 5 1826

February 03, 2016
It is possible to use following steps to import self-signed certificate:
1 Open Internet Explorer and open HTTPS URL of SafeQ server. In case of default installation it will
be: https://<safeq_server_ip>/. Internet Explorer will display security warning.
Click Continue to this website.
2 Internet Explorer will display SafeQ web. Certificate is not valid.
Click red Certificate Error button.
3 Click View certificates.
YSoft SafeQ 5 1827

February 03, 2016
4 Certificate should be issued to server IP.
Click Install Certificate... button.
YSoft SafeQ 5 1828

February 03, 2016
5 Click Next button, when Certificate Import Wizard are displayed.
YSoft SafeQ 5 1829

February 03, 2016
6 Select Place all certificates in following store and click Browse button.
YSoft SafeQ 5 1830

February 03, 2016
7 Select Trusted Root Certification Authorities and click OK button.
YSoft SafeQ 5 1831

February 03, 2016
8 If Certificate Authorities is selected click Next button.
9 Click Finish button to complete Certificate Import.
YSoft SafeQ 5 1832

February 03, 2016
10 You'll see security warning. Just click Yes button.
YSoft SafeQ 5 1833

February 03, 2016
11 An information about successful certificate import will be displayed.
YSoft SafeQ 5 1834

February 03, 2016
PROBLEM: SAFEQ CLIENT - MAC OS AND INVALID CERTIFICATE
1 Mac client works with HTTPS and invalid certificate, but it will display warning about invalid certificate.
Click Continue button to display UI.
2 Click Show Certificate to display information about certificate.
It is possible to add certificate to trusted certificates, but warning about invalid certificate will be
displayed also next time when user log to his Mac OS machine.
YSoft SafeQ 5 1835

February 03, 2016
4.15.10 CONFIGURING ID CARD SELF ASSIGNMENT
At a Glance
Overview
Method 1. Self-assignment using Card Activation Code
Administrator manually generates a Card Activation Code for an individual user
User automatically receives a Card Activation Code via e-mail
User generates a Card Activation Code himself via the web interface
Method 2. Self-assignment using Username and Password
Related configuration options
OVERVIEW
This page describes how to configure the ID card self-assignment. ID card self assignment can be used
when a user has a card that has not been assigned to him yet and the number of this card is not available in
a central database/directory server. There are several options how the user can assign a card to himself,
see below:
METHOD 1. SELF-ASSIGNMENT USING CARD ACTIVATION CODE

The user can assign a card to himself by swiping an unknown card and entering a Card Activation Code on
a YSoft SafeQ Terminal.
"admin")
Go to System > System settings and set puk-enabled configuration option to enabled.
NOTE: The users will be able to self-assign any card that is readable by a card reader attached
to the terminals.
There are three options how to generate Card Activation Code:
YSoft SafeQ 5 1836

February 03, 2016
ADMINISTRATOR MANUALLY GENERATES A CARD ACTIVATION CODE FOR AN INDIVIDUAL USER
2a Administator navigates to Users > Users list > Edit user > Basic tab and clicks on the Generate
Card Activation Code button.
When confirmation window will be displayed, click Yes.
USER AUTOMATICALLY RECEIVES A CARD ACTIVATION CODE VIA E-MAIL
2b Card Activation Code will be automatically generated and delivered by e-mail when user sends
first print job to YSoft SafeQ server
USER GENERATES A CARD ACTIVATION CODE HIMSELF VIA THE WEB INTERFACE
2c User logs into YSoft SafeQ Web Interface, displays the Dashboard and clicks on Generate Card
Activation Code button.
When confirmation window will be displayed, click Yes.
YSoft SafeQ 5 1837

February 03, 2016
There are two possibilities how the generated Card Activation Codes from options 2a and 2c can be
delivered to the user:
3a The user receives the generated Card Activation Code via e-mail ( if it is correctly defined in YSoft
SafeQ database and sending of Card Activation Code by e-mail is set ).
3b The user can see his Card Activation Code on YSoft SafeQ Web Interface Dashboard after logging
in.
NOTE: puk-display-on-web must be set to enabled. For more information see Related
properties below.
METHOD 2. SELF-ASSIGNMENT USING USERNAME AND PASSWORD
The user can assign a card to himself by swiping an unknown card and entering his username and
password on a YSoft SafeQ Terminal.
Go to System > System settings and set assign-new-card-enabled configuration option to enabled
.
NOTE: The users will be able to self-assign any card that is readable by a card reader attached
to the terminals.
RELATED CONFIGURATION OPTIONS
puk-display-on-web - When enabled, the users can see their current Card Activation Code on the
dashboard of the SafeQ web interface.
remove-puk-after-use - When enabled, each Card Activation Code is removed from database after
use. Enabling this setting is recommended since it decreases the security risk that Card Activation
Code will be misused by another user.
puk-length - Length (number of digits) of generated Card Activation Codes. For security reasons,
this value should allow to generate at least 100 times more Card Activation Codes that there`s users
in system. Minimal length is defined to 6.
YSoft SafeQ 5 1838

February 03, 2016
assign-new-card-single - When enabled, users cannot assign a card to themselves if they already
have a card assigned.
4.15.11 CONFIGURING IPP BACKEND
OVERVIEW
This page describes how to configure SafeQ to work with printer over Internet Printing Protocol (IPP).
CONFIGURATION
2 Set Backend to IPP value and press button. The Port value will automatically change to 80
and the IPP queue value will automatically change to ipp.
CONFIGURATION OF YOUR MFP'S
YSoft SafeQ 5 1839

February 03, 2016
4.15.12 CONFIGURING IPPSSL BACKEND
OVERVIEW
This page describes how to configure SafeQ to work with printer over secure Internet Printing Protocol (IPP
via SSL).
YSoft SafeQ 5 1840

February 03, 2016
CONFIGURATION
2 Set Backend to IPPSSL value and press button. The Port value will automatically change to
443 and the IPP queue value will automatically change to ipp.
4 Go to System > System settings and set IppSslTrustManager property to secure.

If print backend IPPSSL is used, YSoft SafeQ server validates the certificate recieved from MFP
to verify the device identity. There are 2 ways how the certificates can be processed:
secure - the most secure way, the MFP certificate is validated against trusted Certification
Authorities installed in YSoft SafeQ server. This option is recommended.
simple - MFP certificates are not validated at all, any certificate received is accepted. This is the
default option, it is recommended to change it to secure as soon as you install your CA into YSoft
SafeQ server.
YSoft SafeQ 5 1841

February 03, 2016
Then click Save settings.
YSoft SafeQ 5 1842

February 03, 2016
INSTALL CERTIFICATION AUTHORITY INTO YOUR SAFEQ SERVER
1 Prepare .cer file (for example certificate.cer)
2 Use following command to configure ssl-trustore ( ..\JAVA\bin\keytool.exe -server -import -

trustcacerts -alias ysoft -file certificate.cer -keystore ..\..\conf\ssl-truststore )
3 Enter keystore password. (To obtain keystore password, please contact customer service support)
4 Confirm importing with "yes" word. Example:
5 To verify imported certificate run following command: ..\JAVA\bin\keytool.exe -server -list -v -alias
ysoft -keystore ..\..\conf\ssl-truststore
6 Enter keystore password. (To obtain keystore password, please contact customer service support)
7 Details of imported certificate should be displayed. Example:
YSoft SafeQ 5 1843

February 03, 2016
CONFIGURATION OF YOUR MFP'S
4.15.13 CONFIGURING OFFICE PRINT TRACKING
OVERVIEW
Following administrative tasks are required to be performed in order to configure Office Print Tracking.
LOCAL PRINT MONITORING
INITIAL DEPLOYMENT
2 Deploy Local Monitor Component to every Windows Workstation or Print Server with locally
connected printers. (see Local Monitor for more information).
1 To globally setup prices for monitored pages, edit Default Price List - Local B/W print (normal) and
Local color print (normal).
2 System will automatically collect print job information on after every print on monitored computers,
there is no additional administrator input required.
3 Monitored printers are automatically created in Using the Printers list.
NETWORK PRINT TRACKING
INITIAL DEPLOYMENT
YSoft SafeQ 5 1844

February 03, 2016
(or use Windows print spooler monitoring). YSoft SafeQ Client may be used for configuration of
For Costs Recovery, price list can be optionally defined in Devices > Printers > Edit device > Price
list tab.
YSoft SafeQ 5 1845

February 03, 2016
3 To monitor direct print to the device, you have to configure the direct print queue name, matching in
both Adding and editing printers and Workstation Configuration.
4 Use Defining access rights to ensure that users are eligible to print the the defined device.
4.15.14 CONFIGURING PRINT DATA TRANSFER COMPRESSION
OVERVIEW
This page describes how to configure Print data transfer compression between
1. SafeQ Client and SafeQ server

2. SafeQ server and Terminal Professional that is attached to printer
YSoft SafeQ 5 1846

February 03, 2016
COMPRESSION OF DATA SENT FROM SAFEQ CLIENT TO SAFEQ SERVER
1 Install and configure SafeQ Client application. See how to install this application. Installing YSoft
SafeQ Client on a Windows workstation, server, or server cluster
2 SafeQ Client have to be already installed with the enabled settings in the safeq.ini reqistry installation
file (located in SafeQ Client installation package) with option Compression=1
3 The settings have to be enabled also after installation of the SafeQ Client in printer port properties
where compression of the print data have to be marked.
In your OS go to Devices > Printer properties > select SafeQ Secure Port > Configure port.
An SafeQ Client - Options window will be displayed, then check Use compression > click OK to
apply new settings.
YSoft SafeQ 5 1847

February 03, 2016
Go to System > System settings and set sslProxyPort property to 4097.
COMPRESSION OF DATA SENT FROM SAFEQ SERVER TO TERMINAL PROFESSIONAL

To enable compression of data sent from SafeQ server to Terminal Professional follow these steps:
Go to System > System settings and set remote-job-sending-enabled property to enabled.
This settings enables delivering compressed jobs from YSoft SafeQ server to Terminal Professional
that is attached to printer. Files are decompressed on terminal and sent directly to printer.
2 Technical details:
zlib's compression method

Compatible only with Terminal Professional (firmware version 3.7.6 and higher)
4.15.15 CONFIGURING PRINT DATA TRANSFER ENCRYPTION
OVERVIEW
Following administrative tasks are required to be performed in order to configure Print data transfer
encryption
YSoft SafeQ 5 1848

February 03, 2016
ENCRYPTION OF DATA SENT FROM SAFEQ CLIENT TO SAFEQ SERVER
1 Install and configure SafeQ Client application. See how to install this application. Installing YSoft
SafeQ Client on a Windows workstation, server, or server cluster
2 Before the installation is launched, set Encryption=1 in safeq.ini (located in SafeQ Client installation
package).
3 Once the installation is finished, verify the encryption is enabled in the printer port properties.
Encryption can be disabled/enabled via pripter port properties at any time.
In your Operating system to Devices > Printer properties > select SafeQ Secure Port > Configure
port >
SafeQ Client - Options window will be displayed > check Use encryption > click OK to apply the
settings.
YSoft SafeQ 5 1849

February 03, 2016
Go to System > System settings and set sslProxyPort property to 4097.
5 SafeQ Administrator should enable IPP over SSL communucation for devices in SafeQ management
interface.
1. a. With every device, the secured backend method should be enabled via SafeQ web
interface. See Adding and editing printers#Advancedprintersettings
b. Device IPP communication should be enabled for each device via MFP configuration
web interface.
NOTE: Administrator has to assign access rights for individual users or roles to print, or enable
unrestricted access.
NOTE: Prices can optionally be specified for every device in Price list
4.15.16 CONFIGURING PRINT JOB LIST MANAGEMENT
OVERVIEW
This administrator task is describing the view of Print jobs on the Ysoft SafeQ terminals. Print jobs can be
sorted to the virtual printing queues, which are available for the user via terminal display. Following
administrative tasks are required to be performed in order to configure Print job list management and re-print
YSoft SafeQ 5 1850

February 03, 2016
INITIAL DEPLOYMENT
initiated by unknown user (user who is not in the SafeQ Identity Database).
1. a. Be sure that for every device, where copy is supposed to be monitored by SafeQ, is
b. Embedded Terminals: device must be properly configured and the terminal must be
deployed to the MFP. Embedded terminals cannot be installed, unless the device is
registered in SafeQ (see "SafeQ Configuration Tasks" section of this guide).
YSoft SafeQ 5 1851

February 03, 2016
SECURE PRINT AND PRINT ROAMING FEATURE - JOB LIST MANAGEMENT
Go to Devices > Printers > Edit printer > Terminal tab.
2 Steps for Print job list configuration are different for devices with Terminal Professional (step 2a) and
Terminal Embedded (step 2b).
2a DEVICE WITH TERMINAL PROFESSIONAL
To change joblist settings for Terminal Professional click icon and choose other value of Job list
from dropdown menu.
Available options for Job list folders for Terminal Professional:
Only not printed - terminal will display just only not printed jobs
To print / printed - terminal will display two job queues: waiting print jobs and already
printed jobs
To print / printed / favorites - terminal will display three job queues:waiting print jobs,
already printed jobs and favorite jobs
No joblist - terminal will not display any queue with jobs, if there will be waiting jobs user
can print them using print button
Temporarily disabled - job list button will be displayed, but not able to work - terminal
shows message "Job list has been temporarily disabled by the administrator"
YSoft SafeQ 5 1852

February 03, 2016
2b DEVICE WITH TERMINAL EMBEDDED
To change job list settings for Terminal Embedded choose from the available options in the Job list
folders:
Waiting - terminal will display just only not printed jobs

Waiting / printed - terminal will display two job queues: waiting print jobs and already
printed jobs
Waiting / printed / favorite - terminal will display three job queues: waiting print jobs,
already printed jobs, and favorite jobs
All jobs in one folder - all job list will be listed under one folder
NOTE: Following options may differ based on selected vendor.
YSoft SafeQ 5 1853

February 03, 2016
4.15.17 CONFIGURING PRINT JOB PREVIEW
OVERVIEW
Print job preview feature allows the user to see preview of first page print job on terminal screen.
YSoft SafeQ 5 1854

February 03, 2016
CONFIGURATION
Go to System > System settings > Spooler and set Print job parser property to one of these
values: Render jobs as low resolution (36 DPI) images or Render jobs as high-resolution (150
DPI) images.
For more information about parser configuration please visit Print Job Parser Configuration.
2 Set enable-preview property to enabled and Restart CML/ORS services.
If enabled, a preview service is running in SafeQ, providing print job previews to terminals.
2a When enable-preview is disabled, user cannot see job preview on terminal.
2b When enable-preview is enabled, user can see job preview on terminal.
YSoft SafeQ 5 1855

February 03, 2016
4.15.18 CONFIGURING PRINT ROAMING
Warning
CML cannot participate in ORS print roaming. Job sent to CML will not be available on ORS and
vice versa.
All CML cluster nodes (as well as external database servers they use, if any) have to be in the
same time zone for correct functionality.
All ORS servers in one YSoft SafeQ system have to be in the same time zone (Java can be set to
that time zone). This time zone can differ from CML time zone.
OVERVIEW
Print roaming (also known as "Follow-me" printing) is an extension of pull-printing. With pull-printing (also
known as secured printing), after you send a print job to a printer, you later "pull" the job to a printer — that
is, you go to a printer, log in there, and print the job. If print roaming is properly configured, you can pick-up
your documents sent to SafeQ server on every printer across all ORS groups.
YSoft SafeQ 5 1856

February 03, 2016
FAR ROAMING
Go to Devices > Printers selection
2 Click Items > Add new Group.
3 Add new standalone Offline remote spooler .
YSoft SafeQ 5 1857

February 03, 2016
4 Add another standalone ORS with same procedure.
5 Far roaming is enabled by default for all standalone ORS.
6 To set replication time interval for far roaming jobs go to System > System settings and change
value of refreshRoamingJobCronRule property.
NOTE: To turn the Far Roaming off set the refreshRoamingJobCronRule property the following
value: * * * * * ? 2099
YSoft SafeQ 5 1858

February 03, 2016
NEAR ROAMING
There are two ways how to configure Near Roaming Group. Using UDP or TCP connection.
Go to Devices > Printers selection
2 Click Items > Add new Group.
YSoft SafeQ 5 1859

February 03, 2016
3 Add new standalone Job roaming group . Fill in all field according to TCP or UDP settings in steps
5a or 5b.
YSoft SafeQ 5 1860

February 03, 2016
TCP UNICAST VS. UDP MULTICAST CONFIGURATION
It is strongly recommended to use UDP multicast instead of TCP unicast whenever it's
possible. TCP unicast is sensitive to network temporary failures instead of UPD multicast,
where reliability of communication is achieved on higher network layers and provides less
network load.
Multicast communication in YSoft SafeQ, as well as TCP Unicast, is provided via 3rd party solution,
industry standard communication java technology called JGroups. JGroups technology extends
reliable unicast (one-to-one) message transmission (like in TCP) to multicast (one-to-many) settings.
It provides reliability and group membership on top of IP Multicast. Then it enables us to use reliable
multicast.
Since every application has different reliability needs, JGroups provides a flexible protocol stack
architecture. It allows to put together custom-tailored stacks ranging from unreliable but fast - to
highly reliable but slower stacks.
In unicast communication is where one sender sends a message to one receiver. TCP unicast takes
care of message retransmission for missing messages, weeds out duplicates, fragments packets that
are too big and presents messages to the application in the order in which they were sent. Then using
TCP will cause additional network overhead, caused by nature of TCP. This in turn decreases
solution scalability. Each additional member (node) added into TCP cluster, creates significant
amount of communication to the network due to point-to-point communication with other nodes in
cluster.
In the multicast case, where one sender sends a message to many receivers, IP Multicast extends
UDP: a sender sends messages to a multicast address and the receivers have to join that multicast
address to receive them. Like in UDP, message transmission is still unreliable, and there is no notion
of membership (who has currently joined the multicast address). UDP Multicast configuration of YSoft
SafeQ is already set out-of-the-box to use reliable multicast. Only thing needs to be done: ensure
that the infrastructure supports UDP Multicast communication among all near roaming group
members (nodes).
5a
NEAR ROAMING USING TCP (PREFERRED FOR SMALL GROUPS)
Set the group as follows:
Device group name: Any name suitable

Multicast address: 0.0.0.0 (mandatory)
Multicast port: 7800 (mandatory)
Example of first group:

Device group name: NR1
Multicast address: 0.0 . 0.0
Multicast port: 7800
Example of second group:
YSoft SafeQ 5 1861

February 03, 2016

Limitation of TCP Near Roaming group: maximum is 10 ORS servers in one group.
5b
NEAR ROAMING USING UDP MULTICAST
Make sure, the multicast networking is allowed between all ORS servers in near roaming group.
Setup the group as follows:
Device group name: any name suitable

Multicast address: It is recommended to use IPv4 address in the range 239.*.*.* This information
shall be provided by the customer and has to reflect current network setup.
Multicast port: any UDP port in range 1 and 65535. This information shall be provided by the
customer and has to reflect current network setup.
For more information refer to http://en.wikipedia.org/wiki/IP_multicast
Example of first group:

Example of second group:

6 Create ORS or use existing ORS and move it to created roaming group.
Select ORS to move and click Actions > Move ORS to another job roaming group .
YSoft SafeQ 5 1862

February 03, 2016
Stop all YSoft SafeQ services on all ORS servers in the Near Roaming Group including the
newly added one (so no ORS in the NRG is running). Start one by one using this algorithm:
1. Start the ORS service

2. Start the Terminal server service
3. Start the ORS Web Service.
4. Wait until ORS is fully operational.
If you remove ORS server from near roaming group so there are only two ORSs left in the group (or
there are some non-active ORS servers in the group so there are only two active ORSs left) it is necessary
to restart ORS service on remaining ORS servers. Note that services must be restarted consequently -
service on second ORS must be restarted after first ORS is fully operational.
4.15.19 CONFIGURING PROJECT COPY TRACKING
OVERVIEW
Following administrative tasks are required to be performed in order to configure Copy Tracking
INITIAL DEPLOYMENT
2 It is also necessary to properly configure Identity management. SafeQ rejects all prints initiated by
unknown user by default. (Unknown user is user which is not defined in the SafeQ Identity Database)
Make sure that every device which should be monitored by SafeQ is equiped by some
type of terminal.
External Terminals: device panel of copy function must be blocked by smart cable (see
Hardware Compatibility List (HCL) and Installing and configuring YSoft SafeQ Terminals
), device is available only after user authenticates.
installed, unless the device is registered in SafeQ.
YSoft SafeQ 5 1863

February 03, 2016
CONFIGURATION
Go to System > System settings and set billing-codes-enabled property to enabled.

If enabled, billing codes feature is activated in SafeQ.
2 If you are using Billing codes on devices which are connected to ORS servers, s et also
billingCodesSyncCronRule property to choosen time.
Cron rules for periodic check of billing codes update default value: 0 _/15 * * * ? (every 15 mins)
3 Import projects list to SafeQ (see Billing Code Import CSV Format Specification) or Create Projects
manualy (see Managing billing codes).
NOTE: You can restrict projects visibility to user by Access Rights settings at Managing billing
codes page.
4 Use Adding and editing printers in Web Administration. Section Using the Printers list to add device
you wish to monitor. Make sure that IP address and Accounting Mechanism is correctly specified.
5 Use Defining access rights to ensure that users are allowed to copy at the defined device.
OTHER PROPERTIES
You can configure advanced behavior of billing codes in web interface System Settings (Expert mode).
When user search for billing codes result is ehnanced by path.

Behavior is configured by following variables, which should be added to YBoxConfig:
billing-codes-search-path-format - String - default: "%code%"
it contains string which is used during building path

formatting string could contain: %code%, %description% or any other character
example: %code%-%description%
billing-codes-search-result-format - String - default: "%description% (%path%)"
it contains string which is used during building path with description

formatting string could contain: %code%, %description%, %path%, or any other character
format of %path% could be specified by billing-codes-search-path-format
billing-codes-search-max-length - Int - default: 42
when path is longer then max length then it is trimmed to specified size
billing-codes-search-delimiter - String - default: " > "
delimiter between path elements

e.g.: One > Two > Three
YSoft SafeQ 5 1864

February 03, 2016
billing-codes-search-trim - Int - default: 2
trim strategy
0 - trim from start: ...abc
1 - trim from end: abc...
2 - trim from middle: ab..c
billing-codes-search-shortener - String - default: "..."
String which is placed into result string where it was shortened
billing-codes-search-limit – Integer – default: 100
maximum amount of billing codes returned by one search
It is possible to define search strategy.e

It could be specified by configuration option:
billing-codes-search-strategy - Int - default value: 5
Meaning of values:
0 - contains - Wildcard match '*ree*'

1 - prefix - Wildcard match 'gree*'
2 - suffix - Wildcard match '*een'
3 - exact - Wildcard match 'green'
4 - non-exact - Wildcard match '*green*' without 'green'
5 - exact_first - Composed strategy: Wildcard match 'green' append non_exact('*green*')
4.15.20 CONFIGURING PROJECT PRINT TRACKING
OVERVIEW
The following administrative tasks are required to be performed in order to configure Project Print Tracking.
YSoft SafeQ 5 1865

February 03, 2016
INITIAL DEPLOYMENT
3 Install and configure YSoft SafeQ Client on every workstation you want to use for project billing.
NOTE: It is not possible to share the printer from the server.
SafeQ Client have to be already installed with the enabled settings in the safeq.ini reqistry installation
file
You can automate the configuration by using the YSoft SafeQ Client's deployment file, safeq.ini
(located in SafeQ Client installation package) with option ProtocolLevel=4
YSoft SafeQ 5 1866

February 03, 2016
CONFIGURATION
Go to System > System settings and set billing-codes-enabled property to enabled.

If enabled, billing codes feature is activated in SafeQ.
2 If you are using Billing codes on devices which are connected to ORS servers, s et also
billingCodesSyncCronRule property to choosen time.
Cron rules for periodic check of billing codes update default value: 0 _/15 * * * ? (every 15 mins)
3 Import projects list to SafeQ (see Billing Code Import CSV Format Specification) or Create Projects
manualy (see Managing billing codes).
NOTE: You can restrict projects visibility to user by Access Rights settings at Managing billing
codes page.
4 Use Adding and editing printers in Web Administration. Section Using the Printers list to add device
you wish to monitor. Make sure that IP address and Accounting Mechanism is correctly specified.
5 For Costs Recovery, prices can be optionally defined in Devices > Printers > Edit printer > Price list
tab.
YSoft SafeQ 5 1867

February 03, 2016
6 Go to Direct printing tab, if you want to monitor direct prints sent to the printer.
The direct queue name must match the queue name specified when you added the printer to the
YSoft SafeQ system and in the workstation configuration. (See Adding and editing printers.)
YSoft SafeQ 5 1868

February 03, 2016
7 To ensure that users are allowed to print to the defined printer, define access rights as described in
Defining access rights.
8 If you want to define default billing codes for users, see Adding and configuring users, the "Billing
code" section.
4.15.21 CONFIGURE SCAN TRACKING
OVERVIEW
YSoft SafeQ offers scan management which, depending on the used terminal (hardware or embedded) and
vendor, provides the ability to manage scan process and the data destination.
SCAN WORKFLOWS
Before starting a scan using either of the supported terminals, it is required to configure scan workflow.
Scan workflow configuration is managed from the YSoft SafeQ Web administration, some of the scan
options may be available at the terminal (subject to system configuration).
How to configure Scan workflows
1 Log in to the SafeQ Web administration with sufficient rights to manage system configuration.
2 Create scan workflows using the guide: Configuring Workflow Scanning
NOTE: ORS servers must be restarted in order to update the scan workflows configuration.
3 Configure access rights to scan workflows using the guide: Setting access rights to scan
workflows
4 Scan workflows are now created and users can use them with YSoft SafeQ terminals.
SCANNING WITH SAFEQ TERMINALS
YSoft SafeQ supports Scan management on devices with installed Terminal Professional or Embedded
Terminal.
Each scan job can be accounted, based on defined prices. More information about configuring prices at
Price list.
1
There are two primary options to initiate a scan with Terminal Professional: Scan using YSoft SafeQ
scan workflow or Scan via SMTP (without scan workflows)
More details are available at: Scanning with Terminal Professional
YSoft SafeQ 5 1869

February 03, 2016
EMBEDDED TERMINAL
Embedded terminals support scanning via scan workflows using YSoft SafeQ scan application
(Konica Minolta, Xerox, Fuji Xerox, Sharp, Ricoh).
More details are available at: Configure scanning for Embedded Terminal
4.15.22 CONFIGURE SECURE PRINTING AND PRINT ROAMING
OVERVIEW
Following administrative tasks are required to be performed in order to configure secured printing (pull-
print) or Print roaming.
INITIAL DEPLOYMENT
Be sure that for every device, where copy is supposed to be monitored by SafeQ, is
installed, unless the device is registered in SafeQ (see "SafeQ Configuration Tasks"
section of this guide).
(or use Windows print spooler monitoring). YSoft SafeQ Client can be used for configuration of
Typically, the queue name as defined in the workstation configuration shall be "secure",
"secured" or "print_roaming" (however SafeQ generally considers any queue name
which is not Shared or Direct as queue for Secured print)
To limit print roaming functionality only to certain group of devices ("print roaming
groups"), SafeQ introduces mechanism of Device Tags.
YSoft SafeQ 5 1870

February 03, 2016
CONFIGURATION
Go to Devices > Printers > Edit printer > Tags tab.
Define list of supported PDLs (languages) to prevent print waste/misprint caused by unsupported
PDL. Please note that supported PDLs (Properties) must match with the information available with
printed job (see Using detailed job information). If the properties don't match, the print job will not be
available at the terminal.
3 For Costs Recovery, prices can be optionally defined in Price list tab.
YSoft SafeQ 5 1871

February 03, 2016
YSoft SafeQ 5 1872

February 03, 2016
Use Defining access rights to ensure that users are eligible to print at the defined device.
5 If applicable, configure job list behavior. (see Configuring Print job list management).
4.15.23 CONFIGURING SERVER FAILOVER
There are several available options for Server failover:
Microsoft Windows Network Load Balancing Cluster (WNLB) for CML servers - see Configuring
WNLB Server Failover
Microsoft Clustering Services (MSCS) for CML servers - see Configuring MSCS Server Failover -
Terminal Server in Active-Passive mode
Microsoft Clustering Services (MSCS) for CML servers - see Configuring MSCS Server Failover in
Active-Passive mode
YSoft SafeQ Application Level Cluster for CML servers
ORS Failover & Load balancing supported under Early Access program - see Configuring ORS
Failover and Load balancing
CONFIGURING MSCS SERVER FAILOVER IN ACTIVE-PASSIVE MODE
HOW TO CONFIGURE CML ACTIVE-PASSIVE FAILOVER USING MS CLUSTER SERVICES (MSCS)

Description of the environment:
Caveats:
SafeQ is installed on two (or more) servers with identical settings.

Both servers (e.g. hardware computers) are running all the time.
Both servers are pointing to one SQL server (DB).
Such environment requires independent license for each cluster node.
YSoft SafeQ 5 1873

February 03, 2016
In case of failure, user has to wait to system restart (up to 5 minutes).

Some pull accounting logs can be lost or duplicated in case of server failure.
All SafeQ services are part of MSCS as a resources. In case of node failure, MSCS fail-over the
resource to other node. All SafeQ services are always running only on one server at the time.
Expected behavior:
In case of a node failure, other node takes over all SafeQ services and users are still able to perform
all the operations.
Limitations:
Active sessions (print, scan, copy) will be interrupted during the crash of one of the servers. User will
have to log in and perform the operation again.
It is necessary to always use the virtual IP address of the cluster to administrate SafeQ using the web
interface
ENVIRONMENT REQUIREMENTS
MS Windows 2008 R2/2012 servers (Enterprise).

Functional, properly configured and validated Microsoft cluster.
Two independent SafeQ server licenses.
Supported external MSSQL server.
One dedicated IP address must be available for YSoft SafeQ services clustering. This IP address
must be reachable from the customer's LAN (MFPs and hardware terminals). This IP address cannot
be the same as MS Cluster virtual IP address.
High-availability storage is required for the job spooler to avoid single point of failure.
Service account for running YSoft SafeQ server services. It is recommended to use domain account
with administrative rights for the SafeQ servers.This account will be used for accessing network
folders used for scans and shared spooler folder.
External SQL server should be clustered to avoid single point of failure.
Technician performing the installation must have full access to SafeQ databases on the MSSQL
server and must have advanced knowledge of SQL.
INSTALL YSOFT SAFEQ
FIRST SERVER
1 Follow standard procedures to install SafeQ to the first server which is part of the MS Cluster.
During installation select the IP address of public network adapter (not the one used for
heartbeat in MS cluster).
Use external MSSQL server.
2 Activate SafeQ with your first license.
3 Set up all configuration as required (e.g. mailserver, ldap connection...).
4 Stop all SafeQ services.
YSoft SafeQ 5 1874

February 03, 2016
SECOND SERVER
1 Run the Y Soft SafeQ server installation package.
2 Follow the installation wizard and when asked to select the IP address of SafeQ server, select the IP
address of public network adapter (not the one used for heartbeat in MS cluster). Also place a
checkbox next to „I want to customize my SafeQ installation“ and press „Next“.
3 Select your installation directory and press „Next“.
4 Select „Use an existing external database server“ and press „Next“.
5 Fill in the connection details for external MSSQL server the same way as for the first server (i.e. the
same database names) and press „Test/Next“. Confirm popup dialogs by „OK“.
6 Untick checkbox at „Start SafeQ services after the installation is finished“ and modify rest of the
options per your needs. Then press „Install“.
7 Finish the installation.
NOTE: SafeQ on the second node is currently not running and it is not configured.
UNIFY YSOFT SAFEQ CONFIGURATION AND CONFIGURE USAGE OF RESERVED IP ADDRESS FOR CLUSTERING
NOTE: In this step you will be filling in the virtual IP address that is reserved for clustering of YSoft
SafeQ services. The IP address must be reachable by all workstations/MFPs that will be used with YSoft
SafeQ. The same virtual IP address will be later specified in the Failover Cluster manager.
I. IP ADDRESS IN THE SAFEQ DATABASE
Connect to the SafeQ database (by default SQDB5) via MS Management studio and modify the following:
1. in table cluster_server set ip_address to the virtual IP address of SafeQ server

2. in table cluster_server set description to safeqserver
3. in table smartq_servers set ip to the virtual IP address of SafeQ server
4. in table smartq_servers set name to safeqserver
5. in table smartq_servers set code to safeqserver-TEST
II. CONFIGURATION IN <SAFEQ>\CONF\STARTUP.CONF
Make sure that this configuration is identical on both SafeQ servers:
1. set localGUID as follows:

localGUID = safeq
2. set SafeQserver as follows:
smartQ-server-name = safeqserver
3. replace IP address at parameter smartQ-server-ip by the virtual IP reserved for clustering of SafeQ
services (same IP address as configured in the database).
4. replace path at parameter spoolDir by the path that can be accessed by both SafeQ servers. This
path will be used as a spooler for the jobs.
III. CONFIGURATION IN <SAFEQ>\TERMINALSERVER\TERMINALSERVER.EXE.CONFIG
1.
YSoft SafeQ 5 1875

February 03, 2016
1. replace IP address at parameter networkAddress by the virtual IP reserved for clustering of SafeQ
services (same IP address as configured in the database).
VI. CONFIGURATION IN <SAFEQ>\TOMCAT\CONF\SERVER.XML
1. replace IP address at parameter address by the virtual IP reserved for clustering of SafeQ services
(same IP address as configured in the database). Replace only values different than "localhost".
Afterwards, there should be 3 occurrences replaced.
YSoft SafeQ 5 1876

February 03, 2016
CONFIGURE YSOFT SAFEQ IN MICROSOFT CLUSTER SERVICES
1 Open Failover Cluster Manager (cluadmin.msc)
2 Create a new resource for „YSoft SafeQ CML“:
Right-click the cluster name, select "Configure a service or application", select "Generic
Service" and click next.
Select „YSoft SafeQ CML“ and click next.
Specify the virtual name „SafeQ-cluster“ and the virtual IP address that will be used by
all the SafeQ services. The same IP address has been used in SafeQ configuration files.
Finish the wizard with no additional changes
3 Add following SafeQ services to the the created resource:
YSoft SafeQ CML DBS

YSoft SafeQ LDAP Replicator Service
NOTE: The procedure must be performed for every mentioned service.
Failover Cluster Manager -> in the left menu right-click the resource „SafeQ-cluster“ ->
„Add a resource -> select „Generic Service“
Select one of the mentioned services, click next and finish the wizard with no additional
changes
YSoft SafeQ 5 1877

February 03, 2016
4 Add dependency on the created resource for the following services:
YSoft SafeQ CML DBS

NOTE: The procedure must be performed for every mentioned service
Failover Cluster Manager -> left-click your resource „SafeQ-cluster“

double-click the service where dependency should be added (e.g. start with „YSoft
SafeQ CML DBS“)
on tab „Dependencies“ double-click the first empty row and then select resource „Name:
SafeQ-cluster“ -> press „Apply“ and „OK
YSoft SafeQ 5 1878

February 03, 2016
5 Take resource „SafeQ-cluster“ offline (under „Services and applications“ right-click your resource and
select „Take this service or application offline“). Then bring it online again.
All your services shall be now online as shown here.
YSoft SafeQ 5 1879

February 03, 2016
FINALIZING THE CONFIGURATION
1 Set SafeQ services to run under the SafeQ service account.
NOTE: This step must be performed on both SafeQ servers
run „services.msc“ and go to the properties of all SafeQ services -> on tab „ Log On“
select „This account“ and fill in details about the account which is local administrator
and which has permissions to read/write to the shared spooler directory and to the
destination for your scanned documents.
2 Activate SafeQ license on the second server with SafeQ
If the resource „SafeQ-cluster“ is not held by the second server, move it to the second
SafeQ server via Failover Cluster Manager (cluadmin.msc). To move the resource it is
necessary to go to "services and applications" -> right-click „SafeQ-cluster“ -> select “
Move this service or application to another node” -> select second node -> confirm the
dialogue.
Log in to the SafeQ web interface via the clustered IP address.
Activate SafeQ using the second license.
TEST THE BASIC FAILOVER FUNCTIONALITY
MOVING RESOURCE SAFEQ-CLUSTER BETWEEN THE SERVERS:
YSoft SafeQ 5 1880

February 03, 2016
Try to move „SafeQ-cluster“ resource from one node to another. Go to "services and applications" ->
right-click „SafeQ-cluster“ -> select “Move this service or application to another node” -> select
second node -> confirm the dialogue.
Expected result: resource is properly moved and all services are shown as on-line
TEST PRINTING WITH FAILOVER
Move resource „SafeQ-cluster“ to the first SafeQ server. Then send a print job via the virtual IP
address of the resource and port 515.
Move resource „SafeQ-cluster“ to the second SafeQ server and release the print job via the secure
queue.
Expected result: job is printed

TEST TERMINAL SERVER FUNCTIONALITY WITH FAILOVER
Move resource „SafeQ-cluster“ to the first SafeQ server and wait till the Terminal Server is shown as
Running on the SafeQ web interface. Then log in to the web interface via virtual IP address of the
resource and reinstall the embedded terminal. Verify that you can authenticate on the embedded
terminal.
Move resource „SafeQ-cluster“ to the second server, wait till the Terminal Server is shown as
Running on the SafeQ web interface and try to authenticate via the embedded terminal
Expected result: authentication succeeds
CONFIGURING MSCS SERVER FAILOVER - TERMINAL SERVER IN ACTIVE-PASSIVE MODE
HOW TO CONFIGURE TERMINAL SERVER FAILOVER USING MS CLUSTER SERVICES (MSCS)

Expected behavior:
In case of node failure, other node take over the YSoft SafeQ Terminal Server service so embedded
terminals continues working.
Implementation:
YSoftSafeQTerminalServer service is part of MSCS as a resource. In case of node failure, MSCS fail-over
the resource to other node.
Description of the environment (Terminal Server failover in active-passive using MSCS):
YSoft SafeQ 5 1881

February 03, 2016
MS Windows 2008 R2 servers (Enterprise) and newer

Functional, properly configured and validated cluster
Pre-installed SafeQ 5 on each node of the MS Cluster
One dedicated IP address must be available for YSoft SafeQ services clustering. This IP address
must be reachable from the customer's LAN (MFPs and hardware terminals). This IP address cannot
be the same as MS Cluster virtual IP address.
YSoft SafeQ 5 1882

February 03, 2016
CONFIGURE YSOFT SAFEQ TERMINAL SERVER IN MICROSOFT CLUSTER SERVICES
1 Open Failover Cluster Manager (cluadmin.msc)
2 Create a new resource
1. a. Right click on cluster name, select "Configure a service or application" - select "Generic Service" click
next
b. Select "YSoft SafeQ Terminal Server" and click next
c. Specify virtual name (in our case terminal_server) and IP address for YSoft SafeQ Terminal Server
below, click next
i. this IP address will be used in <SafeQ_dir>\terminalserver\TerminalServer.exe.config as
"networkAddress"
d. Finish wizard with no additional changes
3 Created resource does not require any additional configuration.
4 Example of running YSoft SafeQ Terminal Server
YSoft SafeQ 5 1883

February 03, 2016
CONFIGURING YSOFT SAFEQ TERMINAL SERVER
1 Change networkAddress configuration in <SafeQ_dir>\terminalserver\TerminalServer.exe.config to

clustered IP on both servers.
2 Restart YSoft SafeQ Terminal Server service using "cluadmin.exe" to apply settings
1. a. go to "services and application" - select "terminal_server" - in "Other resources" right

click on "YSoft SafeQ Terminal Server" - choose "Take this resource off-line" - confirm
that.
b. When service is off-line, right click on the service name again and choose "bring this
resource on-line".
3 If you are using Network Card Reader, make sure that "enableNetworkLoadBalancer" is enabled in
the SafeQ Web interface > System > System settings. (workaround - see limitations)
4 Then restart all SafeQ services.
TEST
Try to move "terminal_server" resource from one node to another. Go to "services and application" -
select "terminal_server" - in "Other resources" right click on "YSoft SafeQ Terminal Server" - select
"more actions" - choose "Move this service to another service or application" - do that.
LIMITATIONS
Pull accounting (Xerox) is not retrieved during failover event. Please make sure TS always runs on
master node.
Network Card Reader is in default configuration not functional in case of failover event. Please make
sure "enableNetworkLoadBalancer" configuration is enabled as a workaround to resolve this issue.
To administrate SafeQ using web interface, use always virtual IP address of the cluster to reach node
with on-line and connected YSoft SafeQ Terminal server service (YSoft SafeQ Terminal Server is
always connected with local node only).
CONFIGURING WNLB SERVER FAILOVER
HOW TO CONFIGURE TERMINAL SERVER FAILOVER USING WINDOWS NETWORK LOAD BALANCING SERVICES (WNLB)
This article describes how to configure YSoft SafeQ to utilize Windows Network Load Balancing services for
the Terminal Server (MFP with embedded terminal) failover.
Expected behavior:
Printer with embedded terminal is able to operate in case its parent node is not running.
Implementation:
In case of failure or shutdown of YSoft SafeQ Terminal Server service, NLB node is deregistered from
cluster.
Description of the environment (Terminal Server failover using WNLB):
YSoft SafeQ 5 1884

February 03, 2016
Chapters:
How to configure Terminal Server Failover using Windows Network Load Balancing Services (WNLB)
Environment requirements
Limitations
Basic example of Network Load Balancing Services configuration
Configuring YSoft SafeQ for the proper WNLB usage
Test of functionality
Manual rebalancing of printers in case that one YSoft SafeQ server fails
Best practices
Various interesting information related to WNLB
MS Windows 2008 R2 servers (Standard or Enterprise) or newer

Properly configured and functional Windows Network Load Balancing cluster
At least one physical IP address for each member of WNLB cluster is reachable from client
workstations (for print job delivery) and from other members of WNLB cluster (for cluster
synchronization)
Shared virtual IP address of WNLB cluster is reachable from all MFPs and Network Card
Readers on ports according to Network communication overview
Filtering mode (WNLB Manager > Cluster properties > Port Rules > Edit) is set to Multiple
host with Affinity: Single + Timeout: 30minutes
EXCEPTION: If Network Card Reader (NCR) is used in the environment, filtering
mode is set to Single host and virtual IP of WNLB cluster is configured in NCR.
In every host properties - initial host state is set to Stopped (Terminal Server will register host
to WNLB once it is ready to accept connection from MFP)
LIMITATIONS
The described failover is available for CML cluster only (not for ORS)
YSoft SafeQ 5 1885

February 03, 2016
Jobs on MFP with pull accounting (e.g. older Xerox devices) is not accounted during downtime of
parent Terminal Server (it will be accounted after the Terminal Server recovery).
Print jobs stored on server that encountered failure are not available for print. Use parameter cluster-
readSharedFolderJob and the spooler directory on a high-available shared location to make print
jobs accessible even during the failure of one node.
Embedded terminal: Pull print based printers (e.g. older Xerox devices) might not show Jobs history
after print (due to the fact that printer might be not connected to it its parent Terminal Server)
Samsung Embedded Terminal - devices can be installed only when a single NLB node is running (i.e.
Status=Converged, other NLB nodes must be stopped) and device must be installed on the
respective node.
BASIC EXAMPLE OF NETWORK LOAD BALANCING SERVICES CONFIGURATION
WARNING
Following example servers only as a basic demonstration of the WNLB configuration. It

does not serve as a guideline for the implementation in the real environment. The
implementation of the WNLB is not performed by Y Soft. Due to the nature of the Windows
Network Loadbalancing, detailed analysis of the customer's network environment and the
proper selection of the loadbalancing mode has to be done prior setting up the WNLB.
Incorrect configuration of the WNLB may have severe impact on the overall performance of
the local area network.
Please note that this example applies to Windows Server 2008R2. List of steps might slightly differ in
newer versions of Windows Server OS.
1 Install the NLB feature on all nodes including the management client
dism /online /enable-feature /featurename:

NetworkLoadBalancingFullServer
dism /online /enable-feature /featurename:

NetworkLoadBalancingManagementClient
2 Open NLB manager
nlbmgr.
exe
3 Create a new cluster
1.
a.
YSoft SafeQ 5 1886

1.
February 03, 2016
a. Connect to first node and select the NIC to be clustered (in unicast mode we usually use first NIC for
standard network communication and its IP address shall be configured in SafeQ configuration file
startup.conf. The second NIC shall be used purely for NLB clustering and you shall not use it for
anything else)
b. Enter clustered IP
c. Enter cluster name and choose multicast or unicast mode (depends on your network configuration),
finish the wizard
d. Select "Add host to cluster" on cluster
e. Connect to second node and select the NIC to be clustered. Finish the wizard.
Both nodes should be in "converged" status
4 In "Cluster properties" > "Port Rules" > "Edit" > set filtering mode to "Multiple host" with Affinity: Single
+ Timeout: 30minutes
NOTE: For Network Card Readers use filtering mode "Single host" and enter clustered IP into
NCR settings
5 In every host properties - change initial host state to "Stopped" value (Terminal Server will start the
host once it is ready to accept connection from printer)
6 List of ports used by NLB: Network communication overview
7 Example of running NLB Cluster:
8 Windows 2008 R2 introduces a strong host model that does not allow different NICs to communicate
with each other. For example, if a request comes in on the 2nd NIC and if there is no default gateway
setup, then the IC will not use the 1st NIC to reply to the requests (even though there's a default
gateway setup on that 1st NIC). To change that behavior and go back to the 2003 model, run these
commands from the command prompt:
NOTE: "Local Area Connection 2" is the name of the clustered network interface)
YSoft SafeQ 5 1887

February 03, 2016
netsh interface ipv4 set interface "Local Area Connection 2" weakhostsend=enable
To verify that weakhostsend is enabled on both adapters run following command:
netsh interface ipv4 show interfaces level=verbose | findstr /R /i "interface weak.hos
YSoft SafeQ 5 1888

February 03, 2016
CONFIGURING YSOFT SAFEQ FOR THE PROPER WNLB USAGE
1 Install YSoft SafeQ cluster on the IP address that is not used by WNLB (not the WNLB virtual IP, not
the IP address used by WNLB adapter in case of unicast mode).
2 In YSoft SafeQ Web Interface go to System > Views > Advanced options > set
enableNetworkLoadBalancer and operateWnlb properties to enabled.
3 Perform these steps on all YSoft SafeQ servers that are part of WNLB cluster:
3a. Set Terminal Server to use WNLB virtual IP address:
edit file <SafeQ_dir>\terminalserver\TerminalServer.exe.config

set WNLB virtual IP address in the networkAddress parameter
3b. Configure deregistration of the failed node from the WNLB cluster in case of a failure:
Open properties of YSoft SafeQ Terminal Server and YSoft SafeQ CML services (via
services.msc) -> go to Recovery tab -> set the following configuration:
First failure: Run a Program
Program: nlb.exe
Parameters: stop
3c. Restart YSoft SafeQ Terminal Server and YSoft SafeQ CML services to apply the settings.
4 In case that failover/loa dbalancing for SHARP, Fuji Xerox or Konica Minolta Embedded
Terminals is required, enable etcd:
4a. Log in to the SafeQ Web Interface on the master node with sufficient rights to administer printers
(for example, "admin")
4b. Go to System > System settings, set enableEtcd property to enabled and s ave the
configuration
4c. Restart YSoft SafeQ Terminal Server service on all members of the WNLB cluster
See Configuring etcd for more information if needed.
5 Reinstall embedded terminal on all devices that should be connected to WNLB cluster.
Please note that usage of etcd is the preferred option now. If you were using a shared folder for failover
/loa dbalancing of SHARP or Konica Minolta Embedded Terminals and want to continue using it -
replace steps 4 with the following .
YSoft SafeQ 5 1889

February 03, 2016
4a. create a network share (for example path \\<server>\DeviceConfigurationData ). Network share must
be a high-available location. Account(s) running Terminal Server service on all members of the WNLB
cluster must have full privileges for this location.
4b. stop YSoft SafeQ Terminal Server service on all members of the WNLB cluster
4c. on all members of the WNLB cluster edit TerminalServer.exe.config located in

<safeq_dir>\terminalserver. I n the <appSettings> section add key SharedLocation:
<add key="SharedLocation" value="path" /> (for example <add key="SharedLocation" value="

\\<server>\DeviceConfigurationData" /> )
4d. start YSoft SafeQ Terminal Server service on all members of the WNLB cluster
TEST OF FUNCTIONALITY
Perform following tests for all members of the WNLB cluster:
Try to stop Terminal Server service -> WNLB manager shows Stopped state on the node where
Terminal Server was stopped (change can take up to one minute)
Try to start Terminal Server service -> WNLB manager shows Started state on the node where
Terminal Server was started (change can take up to one minute)
It is possible to authenticate on MFP when just one node shows "Converged" state
It may take up to 2 minutes for the Terminal Server to fully initiate. Thus the authentication
on the recently started Terminal Server may fail within 2 minutes from the start .
MANUAL REBALANCING OF PRINTERS IN CASE THAT ONE YSOFT SAFEQ SERVER FAILS
This topic applies only to printers with pull accounting (e.g. old Xerox devices).
When one of the cluster members fails and it is not possible to quickly recover from failure, it is
recommended to rebalance devices between CML nodes to restore proper pull accounting.
1 Go to Devices > Actions > Rebalance devices among CML nodes
2 Check list of devices in YSoft SafeQ web interface - all printer were moved to running CML nodes
(you may need to display column "Terminal Server ID" in the device list to see which server is
responsible for particular devices)
3 Rebalance devices again once the failed cluster member is back online node
BEST PRACTICES
If all members of the WNLB cluster are in same subnet you might use unicast mode.
If the members of WNLB cluster are not in same subnet, multicast mode shall be used.
When planning the use of WNLB, it is advised to replace all NCR with USB readers (otherwise
"Single host" affinity is a must and this causes that only failover is done, loadbalancing is not made
and only one CML node is utilized at a time).
YSoft SafeQ 5 1890

February 03, 2016
NLB in unicast mode
Each computer has two network cards

Two IP addresses per server and one additional clustered IP
Make sure that the second network adapter (the adapter that is failovered via WNLB) has no gateway
configured.
Make sure the network adapter with the gateway is on the top of adapters and bindings list (Control
Panel -> Network and Sharing Center -> Change adapter settings -> press F10 on keyboard >
Advanced -> Advanced Settings -> tab Adapters and Bindings).
To improve the security, add the static routes for outgoing data for the NLB adapter instead of using
the weakhost. For example the WNLB adapter is part of 10.0.11.xx subnet and it has a network
connectivity to gateway at 10.0.11.1; but as mentioned above, gateway is not configured on the NLB
adapter. To keep the stronghost model active and to be able to communicate with MFPs in a different
subnet 10.20.xx.xx, we can add a static route on WNLB adapter as "route add -p 10.20.0.0 mask
255.255.0.0 10.0.11.1".
The usage of netsh command is even better while static route is added to the WNLB adapter
only.
Example of command to add static route on WNLB adapter with interface name
"WNLB": netsh interface ipv4 add route 10.20.0.0/8 "WNLB" 10.0.11.1
Some network monitoring tools (e.g. MAC spoofing prevention) may block the WNLB communication
due to its nature (MAC address is being masked)
VMware: All members of the NLB cluster must be running on the same ESX host (must be connected
to the single portgroup on the virtual switch)
VMware: Forged Transmit on the Portgroup is set to Accept.
VMware: Notify Switches Portgroup is set to No.
VMware: MAC Address Changes on the Portgroup is set to Accept.
NLB in multicast mode
Manual entry of ARP records is required on routers:

since NLB packets are unconventional, meaning the IP address is Unicast while the MAC
address of it is Multicast, switches and routers might drop NLB packets
example of command needed to add into switch: arp 192.168.1.100 03bf.c0a8.0164 ARPA
VARIOUS INTERESTING INFORMATION RELATED TO WNLB
There are various ways to configure WNLB depending on the network architecture. Description in
Microsoft TechNet:
http://technet.microsoft.com/en-us/library/bb687542.aspx
http://technet.microsoft.com/en-us/library/cc770689%28v=ws.10%29.aspx
Selecting the Unicast or Multicast Method of Distributing Incoming Requests:
https://technet.microsoft.com/cs-cz/library/Cc782694(v=WS.10).aspx
Netsh commands for Interface Internet Protocol version 4 (IPv4). Description in Microsoft TechNet:
http://technet.microsoft.com/cs-cz/library/cc731521(v=ws.10).aspx
Sample configuration is described in VMware KB:
Sample Configuration - Network Load Balancing (NLB) Multicast Mode Configuration
YSoft SafeQ 5 1891

February 03, 2016
http://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=1006558
Sample Configuration - Network Load Balancing (NLB) Multicast mode over routed subnet -
Cisco Switch Static ARP Configuration
cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1006525
Configuration required with Unicast mode:
language=en_US&cmd=displayKC&externalId=1556
4.15.24 CONFIGURING TERMINAL MONITORING VIA SNMP
OVERVIEW
This page describes how to configure Terminal monitoring via SNMP
CONFIGURATION
NOTE: All settings could be done in service menu or by Remote configuration tool for hardware terminals
with authorized access.
1 Enter terminal's service menu. For more info see: Installing Terminal
Professional#Step4DisplayingtheServicemenu
Go to Network settings > SNMP where you can configure all required items.
2 Service menu options (Item name in remote configuration):
SNMP service - Enable/disable SNMP service (SNMP)

Community - Set SNMP community name (SNMP_COMMUNITY)
Location - Set SNMP location (SNMP_LOCATION)
Contact - Set SNMP contact (SNMP_CONTACT)
Send SNMP TRAPs - Enable/disable SNMP traps (SNMP_TRAP)

TRAP server - Set SNMP trap server IP (SNMP_TRAP_SERVER)
TRAP server port - Set SNMP trap server port (SNMP_TRAP_PORT)
TRAP Community - Set SNMP trap server community name
(SNMP_TRAP_COMMUNITY)
Select TRAPs - Individually enable/disable each trap (SNMP_ENABLED_TRAPS)
MANAGEMENT SERVER SETTINGS
Required is to set management server to use SNMP v2c protocol with correctly set community name.
TECHNICAL DETAILS
Supported only on Terminal Professional (firmware version 3.13.0 and higher)
4.15.25 CONFIGURING WEBDAV
This page describes how to configure scanning to use WebDAV, FTP or both.
YSoft SafeQ 5 1892

February 03, 2016
CONFIGURATION
To configure scanning to use WebDAV, log in to the SafeQ Web Interface with sufficient rights to administer
printers (for example, "admin")
Go to System > System settings and set scanServerType property, which can be set to the following
values:
1. webdav All printers must support WebDAV. In case any printer does not support WebDAV, it will not
be able to install embedded terminal with scan settings.
However Print and Copy settings will be still available and can be installed on every
supported embedded terminal
FTP server is disabled
2. webdav All printers that support WebDAV will be installed with WebDAV support - all others remains
ftp on FTP server instead.
3. ftp All printers will use the FTP internal server for scanning documents.
WebDAV is disabled.
CONFIGURING WEBDAV ON ORS
WebDAV is served by ORS Web Service. Default ports for this service is 80 for HTTP and 443 for HTTPS
communication.
See Installing YSoft SafeQ ORS for information how to set these ports.
4.15.26 CONFIGURING WORKFLOW SCANNING
Overview
Displaying the Scan workflows list
Adding new workflow by importing XML file
Adding new workflow using workflow wizard
Setting access rights to scan workflows
OVERVIEW
Following administrative tasks are required to be performed in order to configure Workflow scanning
There is two ways how to create scan workflows: by importing XML file or using workflow wizard. Both ways
will be described on this page.
YSoft SafeQ 5 1893

February 03, 2016
DISPLAYING THE SCAN WORKFLOWS LIST
Go to Rules > Scan workflows. On this page, you can add/edit/delete/order scan workflows.
2 To change order of existing workflows, just drag icon and drop scan workflow. Then click Save
changes. Workflows will be displayed in the same order on scanning devices.
To edit scan workflow double-click on workflow or click icon.
To delete scan workflow by click icon.
ADDING NEW WORKFLOW BY IMPORTING XML FILE
1 Click Import from XML, click "..." button and select XML file for the scan workflow. See Scanning
workflow definition for further instructions how to build XML file.
Then click Upload file. The workflow now appears on the Scan workflows page.
YSoft SafeQ 5 1894

February 03, 2016
ADDING NEW WORKFLOW USING WORKFLOW WIZARD
1 Click Add new item, and scan workflow definition wizard window will be opened.
2 Scan workflow tab contains basic info about workflow as follows:
WORKFLOW NAME (MANDATORY FIELD)
TYPE
E-mail – SafeQ sends documents as an e-mail attachment via e-mail.

Folder – SafeQ stores documents to a directory in a local or a remote file system.
Script – SafeQ stores documents to a directory in a local or a remote file system and it
runs a defined script for each of the documents.
DESCRIPTION (MANDATORY FIELD)
The description can be an arbitrary string which describes the scanning workflow in a natural
language. It is shown for example in the embedded terminal application when user selects a
workflow. It may for example contain a message for a user to enter parameter values. The description
string may be shown wrapped according to display proportions.
YSoft SafeQ 5 1895

February 03, 2016
3 Scan settings tab contains predefined settings for a resulting scan document as follows:
RESOLUTION
resolution to the highest resolution.
NOTE: Not all technologies and MFP models support all five levels of the resolution. If an
unsupported level is chosen, the scanning will not start or the resolution is approximated to the
Resolution Konica Minolta, Sharp Xerox, Fuji Xerox, Ricoh
Low 200*100 72*72
Normal 200*200 200*100
Fine 300*300 300*300
High 400*400 400*400
Super 600*600 600*600
YSoft SafeQ 5 1896

February 03, 2016
SIDES
values:
Simplex – only one page of every sheet will be scanned

Duplex – both sides of every sheet will be scanned. NOTE: Some technologies and
models do not support forcing duplex settings and user has to set it manually.
COLOR
Full color
Black and white
Bicolor
Grayscale
Monocolor
Auto – color scheme is detected automatically by the scanning device
NOTE: Not all technologies and MFP models support all six color schemes. If an unsupported
color scheme is chosen, the scanning will not start or the color scheme is approximated to the
OUTPUT FILE FORMAT
PDF – a standard multi-page PDF (Portable Document Format) document

Compact PDF – compact PDF document with reduced size
Searchable PDF – searchable PDF (OCR)
JPEG – standard JPEG (Joint Photographic Experts Group standard)
TIFF – single page TIFF (Tagged Image File Format)
Multipage TIFF – multi-page TIFF
XPS – OpenXPS document (XML Paper Specification)
XDW
NOTE: Not all technologies and MFP models support all output file formats. If an unsupported file
format is chosen, it is substituted with any other similar file format.
LOCKED PARAMETERS
It is possible to lock parameters: Resolution, Color, Output file format ad Sides. Locked parameter
can not be modified by logged user on terminal.
To lock/unlock parameter click / icon.
- Parameter is locked. It can not be modified by a user logged on a Terminal. Click

the lock icon to unlock this parameter.
- Parameter is unlocked. It can be modified by a user logged on a Terminal. Click the
lock icon to lock this parameter.
YSoft SafeQ 5 1897

February 03, 2016
4 On User parameters tab you can define User parameter - so user will able to enter / change a value
of the parameter. This can be done via terminal panel interface – currently only embedded terminals
allow users to enter parameter values.
NOTE: You can change order of parameters by dragging icon and dropping. Parameters will
be displayed in the same order on scanning devices.
YSoft SafeQ 5 1898

February 03, 2016
5 Click Add parameter and new window with following options will be displayed:
PARAMETER NAME
parameters for each scanning workflow whose names are reserved. You can choose name from list
of pre-defined names from drop-down menu. This list is dependent on type of scan workflow. In
section User parameter you can see only subset of pre-defined names which are relevant for user.
You can also select Custom value from drop down for creating custom type parameter. You'll see
new field under drop-down menu for custom name.
PARAMETER LABEL
The parameter label is an alphanumeric description of the parameter. It should contain a short
description of the parameter in a natural language. For example, the embedded terminal application
shows the label next to the input field of the parameter.
PARAMETER TYPE
The parameter type is used as a constraint for values of the parameter. For example, the embedded
terminal application uses the data type to display a specific input component or check values entered
by the user.
Data types are:
String - any text

Numeric - any real number
Boolean - values true/false
Date - date without time in format YYYYMMDD
YSoft SafeQ 5 1899

February 03, 2016
E-mail - string field with auto-completing of e-mails

NOTE: Dynamic "email" type is currently available only on Konica Minolta Terminal
Embedded with the native user interface.
REQUIRED PARAMETER FLAG
A parameter may be defined as mandatory and a user has to enter a value for it. In this case
operation cannot continue unless the value is set. In the opposite case, value can be set voluntarily
and it will not affect user's work.
DEFAULT VALUE
The default value may contain %variables%. See Scanning workflow definition for details.
6 Administrator parameters tab is same like User parameters. The only difference is that Required
parameter flag is not available for Administrator parameters and that in the section Administrator
parameters you can see all (not only relevant to user) pre-defined names in drop-down menu relevant
for the type of scan workflow. These parameters cannot be seen by user on MFP panel and therefore
cannot be change by him.
NOTE: You can change order of parameters by dragging icon and dropping.
YSoft SafeQ 5 1900

February 03, 2016
SETTING ACCESS RIGHTS TO SCAN WORKFLOWS
Go to Rules > Scan workflows access. On this page, you can create and modify access rights to
scan workflows that you have defined. (See Managing scan workflows.) Access rights can be sorted
based on Scan workflow name and by User role.
2 Click Add new item to grant access rights for scan workflows.
Allow or deny access rights (3) for selected user role (1) and workflow (2). Then click Add.
3 New access for scan workflows was added. Create more scan workflows if needed.
4 To enabled / disabled scan workflows click / icons. Then click Save changes.
- workflow is enabled
- workflow is disabled
To delete scan workflow access click icon.
YSoft SafeQ 5 1901

February 03, 2016
4.15.27 ENABLING AND USING PRINT PRICE ESTIMATION
OVERVIEW
When you print a document from your workstation, YSoft SafeQ Client enables you to compare the price of
making your print in color or in black-and-white and on available printers. You can then choose the best
options for printing your document.
PREREQUISITES
Enable Print Job Parser in YSoft SafeQ web interface to "Render jobs ..." value
YSoft SafeQ 5 1902

February 03, 2016
USING PRICE ESTIMATION IN YSOFT SAFEQ CLIENT
1 Log in to the YSoft SafeQ web interface with sufficient administrator rights
Go to System > System settings and set property clientDisplayPriceEstimation to enabled.
2 Print document from your workstation via SafeQ Client (device connected to SafeQ port).
3 The YSoft SafeQ Client windows with Price estimation tab opens. Other tabs can be displayed
based on YSoft SafeQ settings.
NOTE: In some environments, it can take around 30 seconds to YSoft SafeQ Client appears.
4 Prices estimation for your job appears as displayed on image. You can set few of finishing options
here by clicking:
Print B/W - to print the job in black-and-white

Print color - to print the job in color
Cancel print - to cancel the print
Close window - to leave and let settings without changes. Closing of this window
doesn't cancel the job.
Price estimation window is displayed for secure and direct prints. User cannot adjust finishing options
for direct prints. And only printer which has assigned direct queue used for printing is displayed,
Additionally current balance on users money account is displayed, if YSoft Payment System is
enabled. Then prices higher than current balance are grayed out.
YSoft SafeQ 5 1903

February 03, 2016
Please note that price estimation has only informative character and final job price may differ.
Following aspects can change job price after job reception on device:
rules defined in Rule-based Engine with trigger "Before job is released to the printer" or "On
job's delivery to the printer".
changes in finishing options on terminal
paper type used for print
device capabilities (e.g. format or color limitations)
LIMITATIONS
A maximum of 10 printers where the user has access rights are displayed in the Price estimation
window.
It is not possible to choose preferred printers.
YSoft SafeQ 5 1904

February 03, 2016
Price estimation does not work with coverage accounting.

In order to support conversion of a color print job to B/W or a simplex job to duplex, associated rules
must be defined in the Rule-based Engine printing feature.
4.15.28 HOW TO DISABLE SECURED COMMUNICATION BETWEEN TERMINAL SERVER AND

EMBEDDED TERMINALS
Communication between embedded terminals and Terminal Server is provided by default via secured
hypertext transfer protocol (https). If we want to have connections between Terminal Server and embedded
terminals unsecured, the secured communication must be disabled in both Terminal Server and MFP.
LIMITATIONS
Currently, the only supported vendors are FujiXerox and Sharp. The MFPs of other vendors will not work in
case when secured communication is disabled. Configuration affects entire Terminal Server and therefore
we cannot have both secured and unsecured connections between one Terminal Server and embedded
terminals. Solution to this limitation is to use multiple ORSs, where each Terminal Server has different
configuration of secured connections, for example, one with disabled secured connections and other ones
with enabled. The MFPs of unsupported vendors (e.g. Xerox) then can be connected to the Terminal Server
with enabled secured connections.
CONFIGURATION
Secured communication in Terminal Server can be disabled in SafeQ web interface via configuration option
dsSslEnabled which can be found in System settings under tab Communicator in Expert options view. The
default value is set to true (enabled). To disable https connections, set it to false (disabled) and restart
Terminal Server. This configuration is global and therefore it affects any Termianl Servers connected to
given CML through any ORS.
The other way to disable secured connections is via Terminal Server's configuration file TerminalServer.
exe.config which can be found in directory <SafeQ_dir>\terminalserver. Add or modify configuration
option dsSslEnabled in appSetting section to value false and restart Terminal Server.
<add key="dsSslEnabled" value="false" />
This configuration option affects only given Terminal Server and therefore it is suitable in case of multiple
ORSs, each with different configuration of secured communication.
YSoft SafeQ 5 1905

February 03, 2016
Note that if we disable secured communication in Terminal Server, it must be disabled also in
connected MFP and vice versa.
4.15.29 HOW TO UPDATE TERMINAL PROFESSIONAL
At a Glance
Terminal Professional models – firmware compatibility

Downloading new firmware
Scheduled firmware update via SafeQ Web Interface
Firmware update via fwupdate.conf
Emergency firmware update via fwupdate.conf
Firmware update via Termtool utility
TERMINAL PROFESSIONAL MODELS – FIRMWARE COMPATIBILITY
Hardware / 2.x. 3.0.x – 3.4. 3.5.x – 3.7. 3.8.x – 3.13.x (or

Firmware x x x newer)
2.x.x Yes No No No
3.5.x (Display type 1) No No Yes Yes
3.5.x (Display type 2) No No No Yes
DOWNLOADING NEW FIRMWARE

For any type of firmware update on Terminal Professional, new firmware files must be downloaded first.
1 Download the new firmware files from the Y Soft Partners' Portal (http://partners.ysoft.com).
2 Copy downloaded files into the "update" folder on SafeQ server - typically C:/SafeQ5/server/update.
YSoft SafeQ 5 1906

February 03, 2016
SCHEDULED FIRMWARE UPDATE VIA SAFEQ WEB INTERFACE
Go to Devices > Terminals selection
2 Select terminal(s) which you want to update and click Schedule firmware update.
3 Set Date and time, firmware version and click Schedule update. Your update will be saved and
performed at given time.
NOTE: Update time can be late for few minutes, depending on the workload of SafeQ servers and
terminal availability.
4 You can see bar with updates status as displayed here. Click icon to see details of scheduled
updates.
If you want to delete scheduled update click icon.
YSoft SafeQ 5 1907

February 03, 2016
5 Firmware version is periodically checked every five minutes. See terminal-update-checker-

interval in SafeQ System settings if any change is needed.
Example of firmware update logged in cml.log:

update request for terminal with IP 10.0.5.130
command Mv3[21,41] to 10.0.5.130
2012-01-23 16:34:27,269 DEBUG TermUpdChecker| Terminal3Protocol| >>s
[10.0.5.130]>> Mv3[21,41]
2012-01-23 16:34:27,310 DEBUG TermUpdChecker| Terminal3Protocol| <<r
[10.0.5.130]<< Mv3[-56,0]
YSoft SafeQ 5 1908

February 03, 2016
FIRMWARE UPDATE VIA FWUPDATE.CONF
station.)
In the Terminal v3 firmware area, look at the highlighted. As a general rule, on the left side of the
example shown here, the last time the firmware was updated, version 3.12.[0-9] was updated to
version 3.13.3.
NOTE: Brackets indicate a range of firmware. For example, 3.12.[0-9] means any firmware
version from 3.12.0 to 3.12.9
To perform the update, you can use either a full update file or a differential update file. Differential
files are smaller and therefore the update is faster, but can be used only when the third-level version
of the firmware changes. For example, if you're updating from 3.12.0 to 3.12.5, you can perform a
differential update. But if you're updating from 3.12.0 to 3.13.0, you must perform a full update. If you
are not sure, perform a full update.

YSoft SafeQ 5 1909

February 03, 2016
minutes, depending on the connection. The terminal service menu indicates when the update is
complete.
EMERGENCY FIRMWARE UPDATE VIA FWUPDATE.CONF
NOTE: Emergency updates are always full updates – not differential updates.
home directory in the folder conf\modules (or conf\), as described in the following example. (The
configuration file includes parameters for different versions of terminals and for the recharging
station.)
In the Terminal v3 firmware area, look at the line that includes “emergency”. On the left side of the
equal sign ( = ) is the version of the terminal and on the right is the new firmware. In the example
shown here, the last time an emergency update was performed, Terminal Professional version 3
was updated with firmware version 3.13.3.
YSoft SafeQ 5 1910

February 03, 2016

3 Use either of these methods to invoke the emergency firmware update:
Method 1: Invoking the firmware update from the Service menu
1. Display the Y Soft partners Service menu.

NOTE: You can find detailed info about accessing service menu here.
2. Touch Service.
3. Touch Emergency update.
4. The terminal reboots.
Method 2: Invoking the firmware update during power up
1. Power off the terminal.

2. Power on the terminal.
3. Immediately touch and hold your finger on the lower left corner of the terminal screen.
4. Continue to hold your finger there until the terminal asks you to confirm the emergency update.
The update process can take several minutes, depending on the connection. The terminal Service
menu indicates when the update is complete.
YSoft SafeQ 5 1911

February 03, 2016
You have now successfully upgraded the terminal firmware.
FIRMWARE UPDATE VIA TERMTOOL UTILITY
Termtool utility is standard part of YSoft SafeQ installation package. You can find it in Support folder of
installation package in Remote Configuration Tool folder.
With Termtool utility you can perform many types of updates (regular, emergency, push,...).
1 Edit fwupdate.conf file as described in Firmware update via fwupdate.conf or Emergency

firmware update via fwupdate.conf in steps 1 and 2, depends on type of update which you want to
perform.
2 Run termtool.exe from command line with appropriate parameters (depends on type of update)
You can find all parameters and other documentation about Termtool here: Remote configuration tool
for hardware terminals
4.15.30 REGULAR EXPRESSIONS
A regular expression (regex or regexp for short) is a special text string for describing a search pattern. It
goes behind simple wildcard (*) expression and it could be used to create specific and highly complex
matching rules.
This article provides only basic information about regular expressions.
Special characters
YSoft SafeQ
Various examples
External links
SPECIAL CHARACTERS
Character Meaning Example
abc Literal characters, matches part of text. lo matches hello! but not world
\ Indicates that next character is special or

escape special character so it is not treated d vs \d (literal character d or shortcut
specially for digit character, see bellow
* matches single character zero or
more times, see bellow, or \ * matches
literal character *
YSoft SafeQ 5 1912

February 03, 2016
^ Matches beginning of text or line start ^A matches ABC but not BAC.
$ Matches end of text or line end C$ matches ABC but not ACB.
* Matches the preceding character zero or test* matches test, tes or testttt
more times
+ Matches the preceding character one or test+ matches test or testttt but not tes
more times
? Matches the preceding character zero or test? matches test, tes but not testttt
one time. Equivalent to {0,1}
. Matches any single character except the tes. matches test, tess but not tes
newline character
x|y Matches either x or y, ie. boolean or gray|grey can match gray or grey
() Parentheses are used for grouping and gray|grey and gr(a|e)y are equivalent patterns
priority, some as in basic math which both describe the set of_gray_ and grey
{n} Matches exactly n occurrences of the a{2} matches aa but not a or aaa
preceding characters
{n,} Matches at least n occurrences of the a{2,} matches aa or aaa but not a
preceding characters
{n,m} Matches at least n and maximum of m a{2,4} matches aa, aaa and aaaa but not a or
occurrences of the preceding characters aaaaa
[xyz] Character set that matches any of the [xyz_ matches _x, y, or z
enclosed characters
[x-z] Character set that matches any of the Same as previous

characters range
[^xyz] Characters set that should not match [xyz_ matches a, b or other but not x, y, or z
(negation of previous two)
\b Matches world boundary (space, newline,

punctuation, end of string)
\B Matches a non-word boundary
\d Matches a digit character. Equivalent to [0-

9]
\D Matches any non-digit character. Equivalent

to [^0-9]
\n Matches a linefeed (new line)
YSoft SafeQ 5 1913

February 03, 2016
\r Matches a carriage return (new line)
\s Matches a single white space character

(space, tab, line feed)
\S Matches a single character other than white

space
\t Matches a tab
\w Matches any alphanumerical character

including underscore. Equivalent to [A-Za-
z0-9_]
\W Matches any non-word character.

Equivalent to [^A-Za-z0-9_]
YSOFT SAFEQ
Regular expressions in YSoft SafeQ are often matches directly to tested texts, ie. they behaves like every
regular expression have ^ and $ characters written around them. This means that if you write world as
regular expression and you will want to match it to Hello world it would not match because your expression
will be matched as ^world$. You need to write something like .*world.* to make it work.
VARIOUS EXAMPLES
.*Word.* Matches MS Word Document
MS Word Matches MS Word 2007 but not MS Word 2010

200.
EXTERNAL LINKS
See these external sources for more information and more complex examples and rules
http://en.wikipedia.org/wiki/Regular_expression
http://www.regular-expressions.info/
4.15.31 SELECTING CERTIFICATE OF TERMINAL SERVER
Overview
Getting Terminal Server certificate
Default certificate
Windows Certificate Store
File system
How to install certificate
How to access Windows Certificate Store
YSoft SafeQ 5 1914

February 03, 2016
OVERVIEW
Terminal Server uses by default certificate distributed with YSoft SafeQ to provide secure communication
between Terminal Server and MFPs. This certificate together with corresponding CA certificate can be
found in <SafeQ_dir>\terminalserver\Certificates. Terminal Server can also use external certificates
provided by windows certificate store or file system.
CA certificate must be uploaded to MFP prior installation of embedded terminal. Otherwise MFP
might reject certificate and users will be unable to login.
GETTING TERMINAL SERVER CERTIFICATE

The certificates can be stored as a file on local or network disc, or can be selected from Windows Certificate
Store. The options can be configured in SafeQ 5 environment web interface. Go to System > System
settings (Expert mode) and set dsCertificateSource to one of the following options:
Default - default certificate provided with SafeQ

WindowsCertStore - finds certificate in Windows Certificate Store
FileSystem - tries to find certificate on local or network disc
All the options are case-insensitive. If certificate is not found in certificate store, in the file system or if an
error occurs during initialization of certificate, the default one is used. If loaded certificate is not valid,
warning message appears in Terminal Server's log file stating that different certificate should be used.
This option can be also specified in Terminal Server's configuration file TerminalServer.exe.config which
can be found in directory <SafeQ_dir>\terminalserver\. To change source of certificates, add or modify
configuration option dsCertificateSource located in appSettings section in the same way as described
above.
<add key= "dsCertificateSource" value= "windowscertstore" />
Detailed explanation of each of the configuration options is shown below.
DEFAULT CERTIFICATE
If this option is selected, the default certificate provided with SafeQ is used for secure communication. This
certificate is stored in file <SafeQ_dir>\terminalserver\Certificates\SafeQ DS Web Server.pfx. The
default certificate is automatically installed into Windows Certificate Store specified by configuration option
dsCertificateStore.
WINDOWS CERTIFICATE STORE

If the certificate is selected from Windows Certificate Store, the certificate store name and certificate
identifier must be specified by following options:
YSoft SafeQ 5 1915

February 03, 2016
CERTIFICATE STORE
The store where Terminal Server looks for the certificate is provided via configuration option
dsCertificateStore with following options:
Root - Trusted Root Certification Authorities (default value)

My - Personal
TrustedPublisher - Trusted Publishers
TrustedPeople - Trusted People
AuthRoot - Third-Party Root Certification Authorities
This configuration option is case-insensitive and must be always provided, otherwise default store Root is
selected. This configuration option also specifies store where the certificate will be automatically installed in
case when certificate is loaded from the file system.
CERTIFICATE IDENTIFIER
Configuration option dsCertificateStoreIdentifier is used for specification of certificate in selected

certificate store.
The certificate in store can be specified by its name (column "Issued To"), which can be found in
mmc tool (see How to access Windows Certificate Store).
Another option is to specify the certificate by its unique thumbprint, which can be obtained by double-
clicking the certificate and browsing details for thumbprint.
YSoft SafeQ 5 1916

February 03, 2016
All these options can be also specified in Terminal Server's configuration file TerminalServer.exe.config
which can be found in directory <SafeQ_dir>\terminalserver. To change the options, add or modify the
configuration options located in appSettings section the same way as described above.
<add key= "dsCertificateSource" value= "windowscertstore" />

<add key= "dsCertificateStore" value= "root" />
<add key= "dsCertificateStoreIdentifier" value= "SafeQ DS Web Server" />
FILE SYSTEM
If this option is selected, Terminal Server loads certificate from filesystem. The certificate is automatically
installed into Windows Certificate Store specified by configuration option dsCertificateStore.
To specify location of file on local disc or network storage, configuration option dsCertificateFileSource
must be provided. Path to the certificate can be specified as follows:
Full path to certificate file - e.g. C:\Certificates\DS-certificate.pfx

Directory containing certificate - e.g. C:\Certificates, first .pfx file found in this directory is taken
Also network locations can be used, e.g. \\10.0.0.99\Certificates.
Again, this option can be also set in Terminal Server's configuration file TerminalServer.exe.config which
can be found in directory <SafeQ_dir>\terminalserver. To change the options, add or modify the
configuration options located in appSettings section the same way as described above.
<add key= "dsCertificateSource" value= "filesystem" />

<add key= "dsCertificateFileSource" value= "C:\Certificates" />
YSoft SafeQ 5 1917

February 03, 2016
The only type of file certificate which is now supported by Terminal Server is .pfx file.
HOW TO INSTALL CERTIFICATE
If you want to install certificate manually, follow these steps.
1 Open Windows Certificate Store as described here: How to access Windows Certificate Store
2 Right-click on the name of required certificate store (folder) and select All Tasks > Import
3 Browse to certificate you want to install and mark the certificate as exportable.
NOTE: When installing the certificate into store it must be marked as exportable otherwise
Terminal server will not be able to use it. The certificate must be also provided with private key.
HOW TO ACCESS WINDOWS CERTIFICATE STORE

Even if certificate is loaded from disc, it must be installed into Windows Certificate Store in order to be used
with Terminal Server. Therefore, to verify required functionality or manually upload the certificate, we should
access Windows Certificate Store from system.
To open Windows Certificate Store follow these steps:
1 First run mmc.exe from start menu or run window.
YSoft SafeQ 5 1918

February 03, 2016
2 Select File > Add/Remove Snap in
3 Select Certificates and click Add.
YSoft SafeQ 5 1919

February 03, 2016
4 Select Computer Account and click Next.
YSoft SafeQ 5 1920

February 03, 2016
Then select Local computer and click Finish.
6 Now the certificates snap-in is installed and the certificate store can be browsed.
4.15.32 USE CARD NUMBER CONVERSION
Card conversion can be used for translating of card reader output (the data reader gets after user swipes
a card) to card number stored in user database (LDAP, AD, YSoft SafeQ, etc.) if these two numbers are
different.
Use Card manager editor only if you are unable to login with card and Terminal access page or log files lists
different card numbers than your card has.
More card number pairs you enter, more exact result you get. You should enter at least three different pairs
to get good result.
YSoft SafeQ 5 1921

February 03, 2016
CONVERSION FUNCTION
SafeQ Support conversions of card numbers as read by Card Reader at Terminal or by LDAP
Replicator. If conversion function is defined, card numbers are automatically transformed prior
matching with (or storing to) SafeQ Identity Database.
Typical conversion configuration looks as follows and is represented by conversion attribute in
SafeQ configuration:
ASCII2Hex;Hex2Dec;Substring(-8)
Each rule is represented by its name (see description of rules) and separated by semicolon. Some
rules have one or two parameters which are in parentheses and separated by comma.
Substring(2);Hex2Dec;LeftPadding(0,3) + Substring(2,6);Hex2Dec
Some conversions may contain two (or more) independent processing that are connected by operator
+.
DESCRIPTION OF RULES
Following rules are sorted alphabetically. Please note that rule names are CASE SENSITIVE.
ASCII2Hex This rule converts string in ASCII format (typically from KM reader) into hex form.
Other input is not changed. ASCII format is "^([34][0-9])+([fF]{2})*$"
Syntax:
ASCII2Hex – convert only string with length 32 signs

ASCII2Hex(length) – convert string until specific length
Example:
ASCII2Hex(16)
33303730314446383030FFFFFFFFFFFF => 30701DF800
30701DF800 => 30701DF800
Bin2Dec Converts number from binary format into decimal format.

Syntax:
Bin2Dec
Example:
Bin2Dec
101011 => 43
Const Returns specified string. Could be used with operator +. Similar functionality
provides LeftAppend and RightAppend.
Syntax:
YSoft SafeQ 5 1922

February 03, 2016
Const(12345)
Example:
LeftPadding(0,6) + Const(@ysoft.com)
12345 => 012345@ysoft.com
123 => 000123@ysoft.com
Dec2Bin Converts number from decimal format into binary format.

Syntax:
Dec2Bin
Example:
Dec2Bin
43 => 101011
Dec2Hex Converts number in decimal format into hexadecimal format

Syntax:
Dec2Hex
Example:
Dex2Hex
12345 => 3039
123 => 7B
DecimalAdd Adds value in decimal format to current value in decimal format

Syntax:
DecimalAdd(value)
Example:
DecimalAdd(1)
12345 => 12346
123 => 124
DecimalAnd Make binary AND. Mask is in decimal format.

Syntax:
DecimalAnd(mask)
Example:
DecimalAnd(15)
7 => 7
467825 => 1
DecValue2Hex Inversion function to Hex2DecValue. Converts each pair of decimal number to

hexadecimal digit. (08 -> 8, 11 -> B). Input must have even length.
Example:
YSoft SafeQ 5 1923

February 03, 2016
09101112 => 9ABC

ODD => ODD
Hex2ASCII This is inverse function to ASCII2Hex. Converts hexadecimal string into ASCII
representation. Input string could have maximum length of 16 signs. Otherwise
original input is returned.
Syntax:
Hex2ASCII
Example:
Hex2ASCII
12AB => 31324142
JEDNA => JEDNA
DESDecrypt Decodes value encrypted by DES in Base64 format.
Example:
AzRapSymPps= => 1234
DESEncrypt Encodes value into DES and Base64 format.
Example:
123 => AzRapSymPps=
Hex2ASCII Converts hex number to its ASCII representation. It is inversion function to

ASCII2Hex;
Example:
30701DF800 => 33303730314446383030
Hex2Dec Converts number from hexadecimal format into decimal format.

Syntax:
Hex2Dec
Example:
Hex2Dec
12AB => 4779
Hex2DecValue Converts each hexadecimal digit into decimal representation (8 – 08, A – 10, B –
11, etc).
Syntax:
YSoft SafeQ 5 1924

February 03, 2016
Hex2DecValue
Example:
Hex2DecValue
12AB => 01021011
Hex2Oct Converts number from hexadecimal format into octal format.

Syntax:
Hex2Oct
Example:
Hex2Oct
12AB => 11253
HexAnd Make binary AND. Mask is in hexadecimal format. Similar functionality contains
DecimalAnd.
Syntax:
HexAnd(mask)
Example:
HexAnd(FF)
7 => 7
7237B => 7B
IsEmbed Allow next processing only if card number is from embedded reader.
Syntax:
IsEmbed
Example:
IsEmbed;RightStrip(F)
12345FFFFFFFFF (from embedded terminal) => 12345
123F (from profi terminal) => 123F
IsEven Allow next processing only if card number length is even.

Syntax:
IsEven
Example:
IsEven;LeftAppend(0)
12AB => 012AB
12A => 12A
IsLength Allow next processing only if card number length is equal to specified value.
Syntax:
YSoft SafeQ 5 1925

February 03, 2016
IsLength(value)
Example:
IsLength(10);SwapPair
1234567890 => 2143658709
IsLengthGreater Allow next processing only if card number length is greater than specified value.
Syntax:
IsLengthGreater(value)
Example:
IsLengthGreater(5);Substring(5)
12AB => 12AB
12345678 => 12345
IsLengthNot Allow next processing only if card number length is different from value.
Syntax:
IsLengthNot(value)
Example:
IsLengthNot(9);LeftAppend(0)
12456789 => 123456789
12345 => 012345
IsNotStartWith Allow next processing only if card number doesn't start with specified string.
Syntax:
IsNotStartWith(string)
Example:
IsNotStartWith(~);LeftPadding(0,8)
~1234 => ~1234
1234 => 00001234
IsStartWith Allow next processing only if card number starts with specified string.
Syntax:
IsStartWith(PIN)
Example:
IsStartWith(PIN);Substring(3,0)
PIN1234 => 1234
12345 => 12345
LeftAppend Append specified string from left side. Similar functionality has RightAppend.
Syntax:
YSoft SafeQ 5 1926

February 03, 2016
LeftAppend(prefix)
Example:
LeftAppend(YSOFT-)
12AB => YSOFT-12AB
LeftCut Cut specified prefix from left. If prefix doesn't match than do nothing.
Syntax:
LeftCut(prefix)
Example:
LeftCut(~1)
~12AB => 2AB
12A => 12A
LeftHexShift Unary bit operation LEFT SHIFT for specified count of bits. Input and output are in
hexadecimal format. This operation is equivalent to multiplying by 2count
Syntax:
LeftHexShift(count)
Example:
LeftHexShift(1)
12AB => 2556
254 => 4A8
LeftPadding Pads with specified sign from left to specified length.

Syntax:
LeftPadding(sign,length)
Example:
LeftPadding(0,10)
1234ABCD => 001234ABCD
LeftShift Unary bit operation LEFT SHIFT for specified count of bits. Input and output are in
decimal format. Similar behavior has LeftHexShift. This operation is equivalent to
multiplying by 2count
Syntax:
LeftShift(count)
Example:
LeftShift(1)
128 => 256
LeftStrip Strips specified sign from left.

Syntax:
YSoft SafeQ 5 1927

February 03, 2016
LeftStrip(sign)
Example:
LeftStrip(0)
000012AB => 12AB
00000254 => 254
LowerCase Convert alphabetical sign to its lowercase representation.

Syntax:
LowerCase
Example:
LowerCase
CARD123 => card123
LRC Computes Longitudinal Redundancy Check http://en.wikipedia.org/wiki

/Longitudinal_redundancy_check and adds it to the end.
Example:
01044F24CC => 01044F24CCA2
MD5 Computes MD5 hash of input.
Example:
1234 => 81dc9bdb52d04dc20036dbd8313ed055
Replace Replaces all occurrences of one sequence with another one.

Syntax:
Replace(source) – only removes specified source (replace with empty

string)
Replace(source,dest) – replace specified source with dest
Example:
Replace(~,0)
~1234~ => 012340
12~34 => 12034
Reverse2 Byte reverse - it is useful only for hexadecimal input because 2 signs represent
one byte. Therefore this operation makes reverse string by pair. Even length is
necessary.
Syntax:
Reverse2
Example:
Reverse2
YSoft SafeQ 5 1928

February 03, 2016
12345678 => 78563412
Reverse Reverse of string.

Syntax:
Reverse
Example:
Reverse
12345678 => 87654321
RightAppend This function is similar to LeftAppend. Append specified string from right side.
Syntax:
RightAppend(suffix)
Example:
RightAppend(-YSOFT)
12AB => 12AB-YSOFT
RightHexShift Unary bit operation RIGHT SHIFT for specified count of bits. Input and output are
in hexadecimal format. This operation is equivalent to dividing by 2count
Syntax:
RightHexShift(count)
Example:
RightHexShift(1)
12AB => 955
254 => 12A
RightPadding Pads with specified sign from right to specified length.

Syntax:
RightPadding(sign,length)
Example:
RightPadding(F,10)
1234ABCD => 1234ABCDFF
RightShift Unary bit operation RIGHT SHIFT for specified count of bits. Input and output are
in decimal format. Similar behavior has RightHexShift. This operation is equivalent
to dividing by 2count
Syntax:
RightShift(count)
Example:
RightShift(1)
256 => 128
YSoft SafeQ 5 1929

February 03, 2016
RightStrip Strips specified sign from right.

Syntax:
RightStrip(sign)
Example:
RightStrip(F)
30344142FFFFFFFFFFFFFFFFF => 30344142
SignReverse This conversion takes every string in hexadecimal format and makes its binary
reverse. For example (5 is represented in binary as 0101, reverse transfer it into
1010 that is A)
Syntax:
SignReverse
Example:
SignReverse
0123456789ABCDEF => 084C2A6E195D3B7F
Substring Selects substring of input. If any argument is negative then it is used from right
side (from end).
Syntax:
Substring( n)
Substring(start,end)
Example:
Substring(5)
1234567890 => 12345
Substring(-5)
1234567890 => 67890
Substring(3,0)
1234567890 => 4567890
123ABCDE => ABCDE
Substring(2,-2)
1234567890 => 345678
123ABCDE => 3ABC
Substring(-7,-2)
1234567890 => 45678
123ABCDE => 23ABC
Swap12785634 Swap 4th byte with 2nd. It is useful only for hexadecimal format.
Syntax:
Swap12785634
Example:
Swap12785634
YSoft SafeQ 5 1930

February 03, 2016
12345678 => 12785634
SwapPair Swaps even and odd signs.

Syntax:
SwapPair
Example:
SwapPair
123456 => 214365
UpperCase Convert alphabetical sign to its uppercase representation.

Syntax:
UpperCase
Example:
UpperCase
card123 => CARD123
4.15.33 CONFIGURING SUBSCRIPTION MODEL REPORTS
The feature is available under Early Access Program license only.
WHAT ARE SUBSCRIPTION MODEL REPORTS
Subscription Model is a new way how YSoft SafeQ product is being sold.
Currently Y Soft is selling licenses for defined amount of devices. The costs are on customer's side before
solution can be fully used.
We wanted to introduce a way to charge customer for exact number of devices customer is using
and charge him on regular basis for devices used during month to spread the costs to longer period and
reduce risk of buying solution for more devices than necessarily needed.
YSoft SafeQ 5 sends monthly reports to the YSoft HQ (or any defined email address). These reports include
number of devices of various types (embedded, hardware, reporting, local, others) that are currently
activated or have been deactivated in the span of last month and information about used license. Report are
formatted as human readable XML file with digital signature.
FEATURE CONFIGURATION
Follow these steps to configure sending of the monthly Subscription Model reports:
1. Log in into the YSoft SafeQ web interface as super administrator user.
2. Navigate to the System > System settings
3. Switch View to Expert options
4.
YSoft SafeQ 5 1931

February 03, 2016
4. Find option enableSendingOfSubscriptionModelReport and enable it.

5. Find option subscriptionModelEmailAddress and enter email address of the Subscription
Model report receiver (you should get this address from your print solution provider).
6. (optional) Find option subscriptionReportBillingDay and change day of the month when the
Subscription Model usage report should be generated.
7. (optional) Find option subscriptionReportDeviceData and select items which should be
included in the generated usage reports.
8. Save configuration changes and restart services listed in the message that confirms successful save.
YSoft SafeQ is fully configured now and reports will be sent to the defined address at the start of each
month few minutes after midnight. Report will be sent next day in case when CML server, mail server or
internet connection would be down in that time.
Generated reports are stored in the SAFEQ_INSTALL_DIRECTORY/subscription-reports (for example c:

\SafeQ5\subscription-reports) directory on CML server that generated them as digitally signed XML file.
Internet Explorer or any other XML capable application can be used to view its content.
Each sent report is logged into the cml.log log file.
RESEND THE LAST USAGE REPORT
To resend the email with the last generated usage report, follow these steps:
1. Log in into the YSoft SafeQ web interface as super administrator user.
2. Navigate to the System > System information
3. Click to Actions... > Resend the last usage report
4. Confirm the dialog
YSoft SafeQ 5 1932

February 03, 2016
4.15.34 CONFIGURING ETCD
OVERVIEW
This page describes how to configure etcd failover support for Terminal Servers.
USING ETCD
We can use etcd in configurations:
CML cluster
ORS cluster (ORS nodes in Near Roaming Group)
ENABLING ETCD ON CML CLUSTER
"admin").
Go to System > System settings, set enableEtcd property to enabled and save the configuration.
If enabled, etcd will be run with Terminal Server.
2 Restart the YSoft Terminal Server service on all CML nodes.
ENABLING ETCD ON ORS CLUSTER
"admin").
Go to System > System settings, set enableEtcd property to enabled and save the configuration.
If enabled, etcd will be run with Terminal Server.
2 Wait until configuration change is propagated to ORS nodes (or restart ORS service).
3 Restart YSoft Terminal Server service on all ORS nodes in Near Roaming Group.
CONFIGURING ETCD PORTS
"admin").
2 Go to System > System settings from the menu.
3 You can change etcdServerPort property. Default value is 2380.
YSoft SafeQ 5 1933

February 03, 2016
4 You can change etcdClientPort property. Default value is 2379.
5 After changing properties, restart YSoft Terminal Server service on all CML nodes.
6 In case of ORS cluster wait until configuration change is propagated to ORS nodes and then restart
YSoft Terminal Server service on all ORS nodes in Near Roaming Group.
LIMITATIONS
The etcd does not work in cluster nodes with different platforms (operating systems). When we use node
that has Windows x64 OS, other nodes must also have the same OS (Windows x64).
4.15.35 SINGLE SIGN-ON FOR SAFEQ WEB INTERFACE
YSoft SafeQ server together with YSoft Mobile Print Server supports various method of Single Sign-on
Configuring Generic Single Sign-On using Waffle

Configuring Oracle Access Manager Single Sign-on
Configuring Central Authentication Service (CAS) Single Sign-on
Configuring Security Assertion Markup Language 2.0 (SAML 2.0) Single Sign-on
For configuration of the secured connection (HTTPS) to the YSoft SafeQ web, follow guide Configuring SSL
for Web interface
CONFIGURING GENERIC SINGLE SIGN-ON USING WAFFLE
Prerequisites
Configuration
Web browser configuration
This article describes the steps that have to be performed in order to set up the Generic Single Sign-On
(SSO) using Waffle 1.5 to YSoft SafeQ 5 web interface. The configuration of SSO requires advanced
knowledge of system configuration and working with the configuration files.
NOTE: SSO is not supported on the ORS. Desktop SafeQ Client will work correctly with ORS even
without SSO.
PREREQUISITES
YSoft SafeQ must be installed on the server which is part of the domain. SSO is asking system for
the user authentication.
The browser used for accessing the YSoft SafeQ web interface needs to have cookies enabled.
YSoft SafeQ 5 1934

February 03, 2016
CONFIGURATION
1 Start with a clean YSoft SafeQ 5 with replicated users from Active Directory. Make sure the YSoft
SafeQ is installed on the server that is member of a domain.
2 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer system settings (for
example "admin"). Go to System > System settings and change the following configuration:
set ssoAuthenticationType property to Generic Single Sign-On (SSO).

set sso_cutDomainFromLogin to enabled.
3 Download Waffle 1.5 from http://code.dblock.org/downloads/waffle/Waffle.1.5.zip
4 Unzip Waffle.1.5.zip and copy the following files from the extracted folder Waffle\Bin to
<SafeQ>\tomcat\lib:
WARN: Copying other files than specified may lead to malfunction.
guava-13.0.1.jar
jna-3.5.0.jar
platform-3.5.0.jar
slf4j-api-1.7.2.jar
waffle-jna.jar
waffle-tomcat7.jar
5 Edit <SafeQ>\tomcat\conf\context.xml and insert the following two lines before the last line <
/Context>:
<Valve className="waffle.apache.NegotiateAuthenticator" />

<Realm className="waffle.apache.WindowsRealm" />
6 (Optional step) Edit <SafeQ>\tomcat\conf\logging.properties with an editor that supports Unix end-
of-line markers (e.g. WordPad, but not NotePad) and add the following line at the very end:
waffle.apache.NegotiateAuthenticator.level = FINE
7 (Optional step) Edit <SafeQ>\tomcat\conf\server.xml to allow users that are members of a lot of
groups to pass all their groups in header (default is 8192):
maxHttpHeaderSize="65536"
8 Edit <SafeQ>\tomcat\conf\web.xml and insert one of the following texts before the last line </web-
app>:
YSoft SafeQ 5 1935

February 03, 2016
WARN: When the language of the hosting server is different from English, text <role-
name>BUILTIN\Users</role-name> has to be replaced by the equivalent suitable for your
localization. For example the German operating system equivalent is <role-name>
VORDEFINIERT\Benutzer</role-name>. The correct name can be found using command whoami
/Groups in the command line.
NOTE: The order of constraints is important.
A. if you only want to enable SSO but you do not require automatic redirection to HTTPS, insert the
following text:
<security-role>
<role-name>BUILTIN\Users</role-name>
</security-role>


<url-pattern>/img/*</url-pattern>
<url-pattern>/web/client/*</url-pattern>
<url-pattern>/servlet/web.client.CheckJobDeliveryServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientBillingCodesServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientHttpServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientJobSaveServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientLoginServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientRecentBillingCodesServlet</url-pattern>
<url-pattern>/servlet/web.client.PriceEstimateServlet</url-pattern>
<url-pattern>/servlet/web.client.PrinterListServlet</url-pattern>
<url-pattern>/servlet/web.client.SharedQueueServlet</url-pattern>
<url-pattern>/servlet/web.client.TestSession</url-pattern>
<url-pattern>/servlet/web.client.VIPQueueServlet</url-pattern>

<url-pattern>/servlet/web.mobile.MobileConfigurationServlet</url-pattern>
<url-pattern>/servlet/web.mobile.MobileLicenseServlet</url-pattern>

<url-pattern>/servlet/com.ysoft.safeq.api.AddJobLogServlet</url-pattern>

<url-pattern>/servlet/LoginServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseCheckDumpServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseDownloadServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseDumpServlet</url-pattern>


<web-resource-name>YSoft SafeQ</web-resource-name>
<http-method>GET</http-method>
<http-method>POST</http-method>
<auth-constraint>
YSoft SafeQ 5 1936

February 03, 2016
</auth-constraint>
B. if you want to enable SSO and at the same time you wish to have all the HTTP requests
automatically redirected to HTTPS, insert the following text:
NOTE: It is recommended to set up a trusted SSL certificate when the automatic redirection to
HTTPS is enabled.
<security-role>
</security-role>


<url-pattern>/img/*</url-pattern>
<url-pattern>/web/client/*</url-pattern>
<url-pattern>/servlet/web.client.CheckJobDeliveryServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientBillingCodesServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientHttpServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientJobSaveServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientLoginServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientRecentBillingCodesServlet</url-pattern>
<url-pattern>/servlet/web.client.PriceEstimateServlet</url-pattern>
<url-pattern>/servlet/web.client.PrinterListServlet</url-pattern>
<url-pattern>/servlet/web.client.SharedQueueServlet</url-pattern>
<url-pattern>/servlet/web.client.TestSession</url-pattern>
<url-pattern>/servlet/web.client.VIPQueueServlet</url-pattern>

<url-pattern>/servlet/web.mobile.MobileConfigurationServlet</url-pattern>
<url-pattern>/servlet/web.mobile.MobileLicenseServlet</url-pattern>

<url-pattern>/servlet/com.ysoft.safeq.api.AddJobLogServlet</url-pattern>

<url-pattern>/servlet/LoginServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseCheckDumpServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseDownloadServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseDumpServlet</url-pattern>


<web-resource-name>YSoft SafeQ</web-resource-name>
<http-method>GET</http-method>
<http-method>POST</http-method>
YSoft SafeQ 5 1937

February 03, 2016
<auth-constraint>
</auth-constraint>
9 Restart the service YSoft SafeQ CML and then YSoft SafeQ Web Interface.
10 Now open the web interface from a workstation that is a member of the domain, while you're logged
in as a domain user (whose user account is replicated in YSoft SafeQ). You shouldn't be asked for
credentials.
WEB BROWSER CONFIGURATION

Internet Explorer
Ensure that Integrated Windows Authentication is enabled.
1. Choose the Tools, Internet Options menu.

2. Click the Advanced tab.
3. Scroll down to Security
4. Check Enable Integrated Windows Authentication.
5. Restart the browser.
The target website must be in the Intranet Zone.
1. Navigate to the website.

2. Choose the Tools, Internet Options menu.
3. Click the Local Intranet icon.
4. Click the Sites button.
5. Check Autmatically detect intranet network.
6. For localhost, click Advanced.
7. Add http://safeq_server_hostname to the list.
Chrome
Same as Internet Explorer.
Firefox
1.
YSoft SafeQ 5 1938

February 03, 2016
1. Type about:config in the address bar and hit enter.

2. Type network.negotiate-auth.trusted-uris in the Filter box.
3. Put your server name as the value. If you have more than one server, you can enter them all as a
comma separated list.
4. Close the tab.
CONFIGURING ORACLE ACCESS MANAGER SINGLE SIGN-ON
Prerequisites
Configuration
Limit Tomcat incoming connections to Single Sign-on server
Troubleshooting
This article describes the steps that have to be performed in order to set up the Oracle Access Manager
Single Sign-on (SSO) to YSoft SafeQ 5 web interface. The configuration of SSO requires advanced
knowledge of system configuration, working with SQL database and with the configuration files.
Article also expects that you are familiar with Oracle Access Manager and you are able to set it up as its
configuration is out of scope of this document.
PREREQUISITES
Setup YSoft SafeQ connection to LDAP directory that contains users that will be interacting with the
system (see Tools - LDAP Integration for help) and start the replication process.
Choose at least one of the replicated users as system administrator. This is necessary as default
admin account (or any other user created in YSoft SafeQ) will not be able to login to the system via
SSO). Edit selected user and assign him system role safeq admins.
CONFIGURATION
1. Login to Web Administration console with default admin account.

2. Navigate yourself to the System > System settings page
3. Switch Views menu to Expert options.
4. Use search filter to find configuration property ssoAuthenticationType and set its value to "ORACLE"
(without quotes).
5. Use search filter to find configuration property oracleSsoLoginHeader and set its value to name of the
HTTP header that will contain username of the user logged via Oracle Access Manager that should
be automatically logged to the YSoft SafeQ Administration console via SSO.
6. Save changed settings via Save changes button.
7. Restart YSoft SafeQ Web Interface system service.
8. You should be now able to login to the YSoft SafeQ Web Administration console via SSO if
everything is setup correctly. Use proxy address (assigned to the YSoft SafeQ in Oracle Access
Manager) in your web browser and if your Oracle Access Manager session is valid you should
immediately see the YSoft SafeQ Dashboard page and you will be logged with your account.
LIMIT TOMCAT INCOMING CONNECTIONS TO SINGLE SIGN-ON SERVER
YSoft SafeQ 5 1939

February 03, 2016
1. Find server.xml file located in <SafeQ_dir>/tomcat/conf

2. Backup original file so you are able to restore YSoft SafeQ to original state in case of any problems.
Copy file to same location and add .bak extension (so you will have two files in conf directory: server.
xml and server.xml.bak)
3. Find two (HTTP and HTTPS) connector definitions (see examples bellow, by default these
connectors have port 80 and 443 but this can differ base on your instruction entered in time of YSoft
SafeQ installation) and put comments () around them
4. Find AJP connector in the same configuration file and setup shared secret. Add parameter request.
secret and set its value to any password that you choose (see examples in boxes bellow).
5. Setup Oracle Access Manager proxy settings in mod_osso.conf (or httpd.conf) file. Use AJP protocol
for connection to the YSoft SafeQ Tomcat server and setup same secret password that you used in
Tomcat's server.xml file (see examples bellow).
6. Restart YSoft SafeQ Web Interface system service and Oracle Access Management server
7. You should now be able to access YSoft SafeQ Web Administration console in same manner as
before via proxy URL and additionally you should not be able to access it in browser directly via
original YSoft SafeQ Administration console URL (either on http:// or https://)
Original connectors in server.xml file
<Connector port="80" maxHttpHeaderSize="8192"

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" />
<Connector port="443" maxHttpHeaderSize="8192"

enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="SAFEQ\conf\ssl-keystore"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" />
Commented connectors in server.xml file


Original AJP connector in server.xml file
<Connector port="8009"
enableLookups="false" redirectPort="@webServerPortHTTPS@" protocol="AJP/1.3" />
YSoft SafeQ 5 1940

February 03, 2016
AJP connector in server.xml with added password phrase
<Connector port="8009" request.secret="SECRET_PASSWORD"

enableLookups="false" redirectPort="@webServerPortHTTPS@" protocol="AJP/1.3" />
Example of mod_jk settings in mod_osso.conf (httpd.conf) of Oracle Access Manager
# mod_jk configuration
JkWorkersFile conf/workers.properties
JkShmFile logs/mod_jk.shm
JkLogFile logs/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount /* safeq
Oracle Access Manager workers.properties with password (referenced from mod_osso.conf)
# Define the list of workers that will be used

# for mapping requests
worker.list=safeq
# Define safeq
worker.safeq.port=8009
worker.safeq.host=REAL_SAFEQ_IP
worker.safeq.type=ajp13
worker.safeq.secret=SECRET_PASSWORD
TROUBLESHOOTING
Q: I see error message that say that Oracle SSO is not configured correctly instead of Dashboard page
when I access proxy URL
A: Value of the oracleSsoLoginHeader is empty. You need to disable SSO (see bellow) and enter the name
of the HTTP header with username (see instructions in previous chapter Set up Single Sign on in YSoft
SafeQ).
Q: I see message about failed SSO autologin in my browser instead of the Dashboard page
A: If message states that it can't found user with your username, your account is not replicated from the
LDAP directory to the YSoft SafeQ database. If messages states that it can't found username null, the name
of the HTTP header you entered in the oracleSsoLoginHeader is not correct or SSO is setup incorrectly in
the Oracle Access Manager (sessions are not valid and HTTP header does not contain username of the
logged user). You need to disable SSO (see bellow) and enter a correct name of the HTTP header with
username (see instructions in previous chapter Set up Single Sign on in YSoft SafeQ).
Q: I enabled Oracle SSO but it does not work and I don't see any way how to disable it as I can't login to the
YSoft SafeQ Web Administration console
YSoft SafeQ 5 1941

February 03, 2016
A: Local YSoft SafeQ users can't login to the system when SSO is enabled. When SSO is not working and
you need to disable it or modify the faulty settings you need to do it directly in the YSoft SafeQ database.
This is very dangerous operation and you must know what you are doing or repercussion for the system can
be fatal. Contact YSoft Technical Support if you are not sure how to
1. Use your stored database access credentials obtained from installer when YSoft SafeQ has been
installed
2. Login via Database management tool (this depends on your environment and used database engine)
3. Open SQL query tool and execute update query in the box bellow
4. Restart YSoft SafeQ CML and YSoft SafeQ Web Interface system services
5. You should now be able to login to the YSoft SafeQ Web Administration console with standard admin
account
Update query
update safeq_config set value = '' where conf_key = 'ssoAuthenticationType'
CONFIGURING CENTRAL AUTHENTICATION SERVICE (CAS) SINGLE SIGN-ON
Configuration
Troubleshooting
Limitations
NOTE:
license.
This article describes the steps that have to be performed in order to set up the Central Authentication
Service (CAS) Single Sign-on (SSO) to YSoft SafeQ 5 web interface. The configuration of SSO requires
advanced knowledge of system configuration and working with the configuration files.
Article also expects that you are familiar with Central Authentication Service (CAS) and you are able to set it
up as its configuration is out of scope of this document.
CONFIGURATION
1. Login to the YSoft SafeQ web interface as administrator user.
2.
YSoft SafeQ 5 1942

February 03, 2016
2. Go to System > System settings page and find property ssoAuthenticationType and set it
to the Central Authentication Service Single Sign-On (CAS) value. Note that option in
the combo box is visible only with EAP license.
3. Save changes and logout from the web interface.
4. Stop YSoft SafeQ Web Interface operation system service.
5. Find SAFEQ_DIRECTORY/tomcat/cmlweb/WEB-INF/web.xml file in the folder where YSoft
SafeQ 5 is installed and add lines listed in the block bellow right before last </web-app> tag. All
placeholders (
CAS_SERVER_IP, CAS_SERVER_PORT, SAFEQ_SERVER_IP, SAFEQ_SERVER_PORT) must be
replaced with required value for modified server. It is also possible that the rest of the URL next to the
CAS server placeholders must be modified as well in case when CAS server is configured in non-
standard way.
6. Start YSoft SafeQ Web Interface operation system service.
7. Access URL of YSoft SafeQ web interface. CAS login page should be displayed instead. If user
enters the correct authentication credentials and user with the same username is registered in the
YSoft SafeQ system (manually created user or replicated from LDAP domain) he should be
immediately logged into the system and see his Dashboard page. The same scenario will apply on
Mobile Print web if it is licensed and enabled.
8. Previous steps related to physical server must be performed for all cluster server nodes in case of
multi-node cluster system and for all ORS servers (SAFEQ_DIRECTORY/tomcat/orsweb/WEB-INF
/web.xml ) in case when CAS authentication should be used also for Mobile Print web
authentication.
web.xml settings
< context -param>

< param -name>casServerUrlPrefix</ param -name>
< param -value> http://CAS_SERVER_IP:CAS_SERVER_PORT/cas </ param -value>
</ context -param>
< context -param>

< param -name>serverName</ param -name>
< param -value> http://SAFEQ_SERVER_IP:SAFEQ_SERVER_PORT </ param -value>
</ context -param>
< context -param>

< param -name>logoutCallback</ param -name>
< param -value> http://CAS_SERVER_IP:CAS_SERVER_PORT/cas/logout </ param -value>
</ context -param>
< filter >

< filter -name>Exclusion Filter</ filter -name>
< filter -class>com.ysoft.safeq.filter.ExclusionFilter</ filter -class>
</ filter >
< filter >
< filter -name>CAS Authentication Filter</ filter -name>
< filter -class>org.jasig.cas.client.authentication.AuthenticationFilter</ filter -class>
< init -param>
< param -name>casServerLoginUrl</ param -name>
YSoft SafeQ 5 1943

February 03, 2016
< param -value> http://CAS_SERVER_IP:CAS_SERVER_PORT/cas/login </ param -value>

</ init -param>
</ filter >
< filter >

< filter -name>CAS Validation Filter</ filter -name>
< filter -class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</ fil
ter -class>
</ filter >
< filter >
< filter -name>CAS HttpServletRequest Wrapper Filter</ filter -name>
< filter -class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</ filter -class>
</ filter >
< filter -mapping>
< filter -name>Exclusion Filter</ filter -name>
< url -pattern>/img/*</ url -pattern>
< url -pattern>/js/*</ url -pattern>
< url -pattern>/web/js/*</ url -pattern>
< url -pattern>/css/*</ url -pattern>
< url -pattern>/web/css/*</ url -pattern>
< url -pattern>/failure.jsp</ url -pattern>
< url -pattern>/servlet/web.mobile.MobileConfigurationServlet</ url -pattern>
< url -pattern>/servlet/web.mobile.MobileLicenseServlet</ url -pattern>
</ filter -mapping>
< filter -mapping>
< filter -name>CAS Authentication Filter</ filter -name>
< url -pattern>/*</ url -pattern>
</ filter -mapping>
< filter -mapping>
< filter -name>CAS Validation Filter</ filter -name>
</ filter -mapping>
< filter -mapping>

< filter -name>CAS HttpServletRequest Wrapper Filter</ filter -name>
</ filter -mapping>
YSoft SafeQ 5 1944

February 03, 2016
TROUBLESHOOTING
Feature can be debugged by adding (or uncommenting) following lines in SAFEQ_DIRECTORY/tomcat
/cmlweb/WEB-INF/classes/log4j.xml.
Debug messages will be logged into the cmlweb.log file.
log4j.xml debug settings
< category name = "org.jasig.cas.client" additivity = "false" >

< level value = "debug" />
< appender -ref ref = "console_app" />
</ category >
< category name = "com.ysoft.safeq.filter.ExclusionFilter" additivity = "false" >

< level value = "debug" />
< appender -ref ref = "console_app" />
</ category >
LIMITATIONS
It is not possible to login into the YSoft SafeQ web interface manually in case when CAS
authentication is enabled.
User is not redirected to CAS authentication service screen after logging out from Mobile Print web
interface. User has to click login button without entering credentials or refresh page to redirect to
CAS autentication service.
CONFIGURING SECURITY ASSERTION MARKUP LANGUAGE 2.0 (SAML 2.0) SINGLE SIGN-ON
Prerequisites
Identity Provider metadata
YSoft SafeQ user with administrator rights
Setup YSoft SafeQ
Setup SAML server
Troubleshooting
Recovery scenario in case of an invalid SAML configuration
This feature is available since YSoft SafeQ 5 MU26 and does not require any special license.
This article describes the steps that have to be performed in order to set up the Security Assertion Markup
Language 2.0 (SAML 2.0) Single Sign-on (SSO) to YSoft SafeQ 5 web interface. The configuration of SSO
requires advanced knowledge of system configuration and working with the configuration files.
YSoft SafeQ 5 1945

February 03, 2016
Article also expects that you are familiar with Security Assertion Markup Language 2.0 (SAML 2.0) and you
are able to set it up as its configuration is out of scope of this document.
PREREQUISITES
IDENTITY PROVIDER METADATA
The URL with metadata with information about SAML Identity Provider providing user
authentication must be accessible by the YSoft SafeQ server. The URL response must be formatted
according to the SAML specification and contain information about Identity Provider (locations of
authentication endpoints, keys used for verification of incoming messages, etc) which YSoft SafeQ
will use during authentication process.
Identity Provider must be configured to return username of YSoft SafeQ users either as NameID
parameter or one of the assertion attributes. All requests must be configured as (possibly)
encrypted and signed. Identity Provider must return values that can be matched against
usernames of YSoft SafeQ users.
YSOFT SAFEQ USER WITH ADMINISTRATOR RIGHTS
Choose one user in YSoft SafeQ, who will be able to authenticate via SAML (e.g. user replicated via
LDAP) and assign him role " safeq admins " . It is necessary in order to retain access to the YSoft
SafeQ Web interface with admin rights, because "Username and password" authentication method
will not be available when SAML SSO is enabled.
Default YSoft SafeQ "admin" user cannot be used, unless user with username "admin" exists in the
database that SAML is using as source of users to authenticate.
SETUP YSOFT SAFEQ
1. Log in to YSoft SafeQ web interface with administrator rights

2. Go to System > System settings page and set following properties.
a. ssoAuthenticationType to Security Assertion Markup Language 2.0 (SAML 2.0).
b. samlSsoAssertionUsernameSource to NameID parameter value or Assertion attribute value,
this setting depends on how SAML Identity Provider will serve usernames of authenticated
YSoft SafeQ users.
c. samlSsoAssertionUsernameNameIdFormat, if NameID parameter value was set in previous
step b.
or
samlSsoAssertionUsernameAttribute to name of the attribute with YSoft SafeQ username.
d. samlSsoIdentityProviderMetadata to URL that hosts Identity Provider metadata in XML format.
e. samlSsoIdentityProviderMetadataUsername to Basic Authentication username if metadata
URL requires authentication, otherwise leave the value empty.
f. samlSsoIdentityProviderMetadataPassword to Basic Authentication password if metadata
URL requires authentication, otherwise leave the value empty.
g. samlSsoIdentityProviderMetadataConnectionTimeout to time in milliseconds after which
connection to the SAML server timeouts in case when SAML server does not respond, for
example in case when SAML server is down or metadata URL is not correct or inaccessible.
h. samlSsoIdentityProviderMetadataSocketTimeout to different time in milliseconds after which
connection to the SAML server timeouts in case when no response has been received.
i.
YSoft SafeQ 5 1946

February 03, 2016
i. enableSamlSsoLogout to enable, if you want to have logout button available in YSoft SafeQ
web interface.
3. Save changes and restart SafeQ services
4. Register YSoft SafeQ servers as remote Service Provider in the SAML server (see Setup SAML
server below for details). That applies also for CML servers and all ORS servers, where you want to
use YSoft Mobile Print Server.
5. Now SAML Single Sign-On should should work for YSoft SafeQ web interface, YSoft Mobile Print
Server web interface as well for YSoft SafeQ Client web interface for managing VIP Shared Queues.
If one of the mentioned interfaces are accessed, user is redirected to SAML login page, where he will
enter credentials. In case authentication to SAML was successful, user is redirected back to fully
working session of requested Y Soft application
Y Soft applications have to be accessed under the hostname that was used for registration of the
YSoft SafeQ Service Provider into the SAML server. If authentication requests do not match the
registered hostname, the authentication will fail for security reasons
The metadata downloaded from the URL specified in samlSsoIdentityProviderMetadata are

cached into the <safeq_home>/conf/SamlIdentityProvider.xml file. In case when URL is not
accessible, these backup data are used.
SETUP SAML SERVER

The exact configuration of the SAML server is beyond the scope of this document as it depends on vendor
of the solution.
YSoft SafeQ server has to be registered as remote Service Provider in the SAML server. This is
done via metadata served by the YSoft SafeQ at https://<safeq_hostname>/saml-service-provider
(exact URL can be found in description of ssoAuthenticationType property in YSoft SafeQ System
settings).
YSoft SafeQ should be registered under its hostname, not IP address as there could be problems
with the cookies used for session tracking. Used protocol depends on the YSoft SafeQ settings but
https should be always used, even if everything works with http as well.
Each CML server has to be registered as remote Service Provider in SAML server. The metadata
URL address of each server where the web SSO will be used for the registration task.
Depending on the SAML server vendor some Service Provider settings must be set manually such
as support for encryption and signing of the authentication and logout requests, assertions,
NameID and attributes.
TROUBLESHOOTING
The logging of authentication communication can be enabled by adding following statement to the
<safeq_home>/tomcat/cmlweb/WEB-INF/classes/log4j.xml file, before <root> tag on one of the last
lines.
YSoft SafeQ 5 1947

February 03, 2016
Trace logging of the SAML communication
<category name="authentication.methods.saml" additivity="false">

<level value="trace" />
<appender-ref ref="console_app"/>
</category>
RECOVERY SCENARIO IN CASE OF AN INVALID SAML CONFIGURATION

It is possible that invalid SAML SSO System configuration will lead to inaccessible system by any user,
including administrator.
In such cases, the only possible solution is to run following SQL query on primary YSoft SafeQ database. It
will disable SAML SSO and set authentication method back to the default value "Username and password".
Recovery SQL statement
UPDATE safeq_config SET conf_value = 'USERNAME_AND_PASSWORD' WHERE conf_key = 'ssoAuthentication

Type'
NOTE: Manipulation with database can end up with disastrous consequences. You should always ask
YSoft Customer Support for the assistance.
4.16 BACKUP AND RECOVERY SCENARIOS
Backup scenarios are divided into specific areas:
CML Backup tool - Backup utility for backing up the SafeQ CML databases and configuration
CML Recovery Scenarios - CML Backup and recovery scenarios
ORS Recovery Scenarios - ORS Backup and recovery scenarios
CRS Recovery Scenarios - CRS Backup and recovery scenarios
System Sanity Checks - System Health checks
4.16.1 CML RECOVERY SCENARIOS
All recovery scenarios for CML are described on following pages.
YSoft SafeQ 5 1948

February 03, 2016
CML RECOVERY SCENARIOS
CML - Cluster Health Check describes how to verify the stability of your CML server.
CML - How to change the IP address of CML node describes the steps that needs to be taken when
the IP address of a CML server has changed. The article is divided into several parts:
Verification of the IP address

Configuring CML in the YSoft SafeQ cluster to use the new IP address
Configuring ORS to connect to the new IP address of CML
Other required reconfiguration
CML - How to move a CML to the new server with different IP address can be used in case you need
to replace the server with CML by the new one with a different IP address. Article consists of:
Step 1 - server backup

Step 2 - new server installation/configuration
Step 3 - configuring ORS to connect to the new IP address of CML
CML - How to move a CML to another disk on the same server can be used in case you need to move
the CML to another disk on the same server. Article consists of:

CML - How to restart the server and plan the temporary downtime will help you to plan the temporary
outage of CML server without a data loss. Article also describes the steps that can be taken to sustain
the printing functionality.
CML - Recovery procedure for master node shall be followed in case the master node (the first
installed node of a CML cluster / the only node in case of 1 CML installation) has been destroyed. The
article will help you to restore the CML without a data loss.
YSoft SafeQ 5 1949

February 03, 2016
CML - Recovery procedure for slave node shall be followed in case the slave node (2nd/3rd/4th node
of the CML cluster) has been destroyed. The article will help you to restore the CML slave without a
data loss.
CML - Recovery procedure for YSoft SafeQ CML cluster describes the steps to be taken when the
whole CML cluster has been destroyed. The article describes how to restore all nodes (1st/2nd/3rd/4th)
of a CML cluster from the backup.
CML - Regular system backup shall be followed to set up a regular backup of CML servers.
We strongly advise to set up the regular backup during the YSoft SafeQ installation. Non-
regular backing up of the database and configuration may lead to the irreversible data loss.
CML - Rollback steps for returning to the previous version describes how to roll back to the previous
version of YSoft SafeQ in case that an upgraded version prevents you to use some of critical YSoft
SafeQ functions. Due to the complexity of the procedure you shall perform these steps only
when it is requested by Y Soft.
CML - CLUSTER HEALTH CHECK
This document is intended to help administrator check status of CML components.
Basic health check of CML can be performed according to YSoft SafeQ CML Health Check
Advanced CML health check can be performed according to Advanced Health Check
CML - HOW TO CHANGE THE IP ADDRESS OF CML NODE
This document describes how to change the IP address of one node in the CML cluster. The steps are very
similar also for the single node installation (1CML only).
THIS ARTICLE CONSISTS OF:

Configuring CML in the YSoft SafeQ cluster to use the new IP address
Configuring ORS to connect to the new IP address of CML
Configuring YSoft Payment System to use / to connect to new IP address of CML
Configuring Mobile Print Server to connect to new IP address of CML
VERIFICATION OF THE IP ADDRESS

This section describes the way how to find the IP address of current server.
YSoft SafeQ 5 1950

February 03, 2016
1 Log in to server where the IP address has changed.

Open command prompt (Start menu=> cmd)
CONFIGURING CML IN THE YSOFT SAFEQ CLUSTER TO USE THE NEW IP ADDRESS
This chapter describes how to change the IP address of one CML node that is part of the cluster.
The procedure for configuration of new IP address at the CML which is not part of the cluster is the
same. The only difference is that the step 5 can be skipped.
1 Perform this step on all the CML nodes in cluster:
Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services (
stop whole CML cluster!):
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ 5 1951

February 03, 2016
2 Perform following step on the node where the IP address has changed:
2a. Change the IP address
Set the new IP address in the operating system
2b. Replace the IP address in startup.conf
Edit <SAFEQ_DIR>\conf\startup.conf and set your new IP address in the parameter:
smartq-server-ip = %NEW_IP_ADDRESS%
2c. Replace the IP address in TerminalServer.exe.config
Edit <SAFEQ_DIR>\terminalserver\TerminalServer.exe.config and set your new IP address in the

parameter:
YSoft SafeQ 5 1952

February 03, 2016
networkAddress = %NEW_IP_ADDRESS%
2d. Replace the IP address in server.xml
Edit <SAFEQ_DIR>\tomcat\conf\server.xml and set your new IP address in the parameter:
address="%NEW_IP_ADDRESS%"
This parameter is present multiple times.
3 Perform these steps on all the CML nodes in cluster:
The update of IP address can be also performed using the SQL query:
SQL query : update cluster_server set ip_address = '<newIP>' where ip_address =

'<oldIP>'
example of usage: update cluster_server set ip_address = '10.0.11.80' where
ip_address = '10.0.11.19'
3a. Connect to the SQDB5 database
The connection shall be made using the management application equal to the type of SQL server that
was selected during the installation of YSoft SafeQ (pgAdmin III for PostgreSQL or MS SQL server
management studio for MS SQL server). We are describing mainly the procedure for pgAdmin III
application, steps for MS SQL server management studio are very similar.
YSoft SafeQ 5 1953

February 03, 2016
Launch the application by going to Start menu => All Programs => PostgreSQL 9.2
(or by going to Start menu => Y Soft Corporation in case of embedded postgreSQL
installation ).
Double-click SafeQ PostgreSQL server connection (in the tree under Servers).
Enter the password you have selected in CML installation (for postgres user).
3b. Edit table cluster_server
In pgAdmin III go to SQDB5 => Schemas => public => Tables => right-click table
cluster_server => View Data => View All Rows
3c. Edit ip_address field and enter a new IP address for the server where the address has
changed
In our example the IP address of 2nd node was changed from 10.0.11.20 to 10.0.11.80.
Go to File -> Save once the IP address has been replaced
3d. Verify the new IP address in table smartq_servers
YSoft SafeQ 5 1954

February 03, 2016
Verify that the new IP address has been automatically changed also in the table
smartq_servers in column ip. If the change has not been done automatically, update IP
address also in this table.
3e. Repeat above mentioned action on all nodes of YSoft SafeQ CML cluster (Except the one
with the new IP address)!
4 Perform this step on all the CML nodes in cluster:
Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ services:
YSoft SafeQ CML

YSoft SafeQ CML DBS
5 Verify that synchronization in the cluster is functional:
Log in to the web interface (YSoft SafeQ Web interface => System => System information)
Verify that new IP address is visible in Cluster server info table
Verify that all servers are showing status ONLINE (the node you are connected to may
show status LOCAL)
Verify that synchronization between the nodes in the cluster is functional. See table
DBsync database & system pools (non-local servers only). Values in column
Database pool priority must not be growing constantly. They shall be changing and
they shall be often around 0.
CONFIGURING ORS TO CONNECT TO THE NEW IP ADDRESS OF CML

This section describes how you should reconfigure the ORS server for the connection to the new IP address
of the CML server.
This procedure must be followed every time the IP address of the CML is changed. The procedure must
be performed on every ORS server.
1 Be sure that orsCacheRecovery attribute is enabled.
Open YSoft SafeQ Web Interface => System => System settings => In the Expert View set
orsCacheRecovery to enabled
If you omit this step, all jobs stored on the ORS will be lost at the end of procedure.
YSoft SafeQ 5 1955

February 03, 2016
2 Open the Services window (e.g. Start => Run => services.msc) and stop all ORS services:

YSoft SafeQ ORS
3 Edit file <SAFEQ_ORS_DIR>\conf\modules\ors.conf and set your new IP address of the CML server
in parameter:
serverIP%NODE_ID%= %NEW_CML_IP_ADDRESS%
4 Delete ORS cache
Delete folder <SAFEQORS_DIR>\server\cache
YSoft SafeQ 5 1956

February 03, 2016
5 Open the Services window (e.g. Start => Run => services.msc) and start all ORS services:

YSoft SafeQ ORS
CONFIGURING YSOFT PAYMENT SYSTEM TO USE / TO CONNECT TO NEW IP ADDRESS OF CML

This section describes how you should reconfigure YSoft Payment System.
This procedure must be followed every time the IP address of the CML is changed.
1 If YSoft Payment System is on the same server as CML:
In SafeQ Web Interface open the System tab and go to the System Settings.
In the Ysoft Payment System category, find the YSoft Payment System API URL option
(internal name is paymentSystemApiUrl).
Verify the correct IP for the YPS installation is entered.
2 Edit configuration of the YSoft Payment System in <YSoft Payment System>\payment-conf\

environment-configuration.properties and set your new IP address of CML in the parameter:
1. safeq.authentication.address =
3 Restart the Ysoft Payment System Services.
CONFIGURING MOBILE PRINT SERVER TO CONNECT TO NEW IP ADDRESS OF CML

This section describes how you should reconfigure Mobile Print Server.
This procedure must be followed every time the IP address of the CML is changed.
1 Edit configuration in <YSoft Mobile Print Server>\Service\conf\mps.config and set your new IP
address of CML
2 Change the following parameter in both sections <printServers> and <folderSources>:
hostIP=
3 Restart the Ysoft Payment System Services.
OTHER REQUIRED RECONFIGURATION

This section describes what additional steps must be performed for a proper functionality of the YSoft SafeQ
once the IP address of one CML node has been changed.
1 Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the new IP address
YSoft SafeQ 5 1957

February 03, 2016
All print drivers that were connected to the CML with old IP address must be re-connected to the new
IP address.
2 Reconfigure HW terminals:
If you are using hardware terminals, make sure that they are pointing to the new IP address.
3 Reinstall all embedded Terminals:
Reinstall all embedded terminals that shall be connecting to the server with the new IP address.
4 Reconfigure CRS server (IP address of CML has to be changed):
If you are using a CRS server, the new IP address of the CML server has to be updated also on the
CRS side. The modification has to be done in the following places:
1. database yBoxDB
table smartq_servers, column ip
2. database yBoxDBCDC
3. database yBoxDBREP
no changes are required
CML - HOW TO MOVE A CML TO THE NEW SERVER WITH DIFFERENT IP ADDRESS
This document describes how to move one of the nodes in the CML cluster to the new location (with
different IP address). The steps are very similar also for the single node installation (1CML only).
It is expected that YSoft SafeQ will be stored in the same path on the new server as on the original server -
moving YSoft SafeQ to the new drive/directory would require additional changes, that are not described
here.
Warning
If you are planning to transfer the first CML node of the cluster (master) or the standalone CML
server, verify in advance that your license can be transferred to the new server. For more
YSoft SafeQ 5 1958

February 03, 2016
information see chapter Transferring license to new system (hardware or operating system change)
.

Step 3 - configuring ORS to connect to the new IP address of CML
STEP 1 - SERVER BACKUP

This part describes how to backup server that shall be moved to the new location.
Perform these steps only on the server that shall be moved to new location
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services (
stop whole CML server):
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ LDAP ReplicatorService
2 Using CML Backup tool perform following actions:
YSoft SafeQ 5 1959

February 03, 2016
CML - Database backup

CML - Configuration backup
3 Backup following folders and copy them to the new location (new server):
<SAFEQ_DIR>\server\temp
<SAFEQ_DIR>\server\spool
Folder containing scripts for scanning (in case that scan to script is used)
4 Be sure that all required components for server installation are copied to the new server. Required
components:
SQDB5 backup
SQDB5_SQDW backup
Configuration backup
Scanning scripts
YSoft SafeQ 5 Installation files
STEP 2 - NEW SERVER INSTALLATION/CONFIGURATION

This part describes how to install a CML server in the new location.
Make sure the node you want to move to the new location is stopped.
1 Perform following steps only on the server in the new location
1a. Perform the installation
Install YSoft SafeQ in the new location according to Basic server installation instructions.
Installation requirements:
Install only one CML server node (Do not connect it in to existing cluster!)
Use the same database type as for other nodes that are installed already
Untick the "Start SafeQ services after the installation is finished" option
1b. Restore databases
Restore databases on a newly installed server according to the CML - Database restore instructions.
Do not start YSoft SafeQ services in the last step of restore procedure! Keep them stopped.
1c. Exchange the IP address of the new node in the database
YSoft SafeQ 5 1960

February 03, 2016
Connect to the database SQDB5 using your SQL server management application
(pgAdmin III for PostgreSQL or MS SQL server management studio for MS SQL server).
Open cluster_server table and enter the new IP address of the node to the column
ip_address.
SQL query : update cluster_server set ip_address = '<newIP>' where
ip_address = '<oldIP>'
ip_address = '10.0.11.20'
Example on the picture shows the 2nd node of cluster with IP 10.0.11.20 was changed to 10.0.11.46.
1d. Edit startup.conf file
Open <SAFEQ_DIR>\conf\startup.conf and edit following attributes:
localGUID = set this attribute according to the value from startup.conf of your original
server (from the backup of configuration created at the beginning of this procedure)
smartq-server-id = set this attribute according to the value from column id in table
cluster_server (row with IP address of new server)
smartq-server-dbflag = set this attribute according to the value from column db_flag in
table cluster_server (row with IP address of new server)
smartq-server-name = set this attribute according to the value from column description
in table cluster_server (row with IP address of new server)
check that smartq-server-ip is properly set
YSoft SafeQ 5 1961

February 03, 2016
1e. Edit TerminalServer.exe.config file
Open <SAFEQ_DIR>\terminalserver\TerminalServer.exe.config and set your new IP address in the

parameter:
Check that all other attributes are set as it was in the backup of configuration created at
the beginning of this procedure.
1f. Restore data from original server
Copy spool directory from original YSoft SafeQ server to <SAFEQ_DIR>\server\spool

Copy temp directory from original YSoft SafeQ server to <SAFEQ_DIR>\server\temp
Copy folder containing scripts for scanning to the same location as it was on the original
server
2 Perform these steps on all the CML nodes in cluster
The update of IP address can be also performed using the SQL query:
SQL query : update cluster_server set ip_address = '<newIP>' where ip_address =

'<oldIP>'
ip_address = '10.0.11.19'
2a. Connect to the SQDB5 database
The connection shall be made using the management application equal to the type of SQL server that
was selected during the installation of YSoft SafeQ (pgAdmin III for PostgreSQL or MS SQL server
YSoft SafeQ 5 1962

February 03, 2016
management studio for MS SQL server). We are describing mainly the procedure for pgAdmin III
application, steps for MS SQL server management studio are very similar.
Launch the application by going to Start menu => All Programs => PostgreSQL 9.2 (or
by going to Start menu => Y Soft Corporation in case of embedded postgreSQL
installation).
Double-click SafeQ PostgreSQL server connection (in the tree under Servers).
Enter the password you have selected in CML installation (for postgres user).
2b. Edit table cluster_server
In pgAdmin III go to SQDB5 => Schemas => public => Tables => right-click table
cluster_server => View Data => View All Rows
2c. Edit ip_address field and enter a new IP address for the server where the address has
changed
In our example the IP address of 2nd node was changed from 10.0.11.20 to 10.0.11.46.
YSoft SafeQ 5 1963

February 03, 2016
Go to File -> Save once the IP address has been replaced
2d. Verify the new IP address in table smartq_servers
Verify that the new IP address has been automatically changed also in the table
smartq_servers in column ip. If the change has not been done automatically, update IP
address also in this table.
2e. Repeat above mentioned action on all nodes of YSoft SafeQ CML cluster (Except the one
which has been moved)!
3 Perform this step on all YSoft SafeQ CML nodes in cluster (except the one which has been
moved):
Open the Services window (e.g. Start => Run => services.msc) and restart all YSoft SafeQ
services:
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ 5 1964

February 03, 2016
4 Perform these steps on server which has been moved:
4a. Configure permissions for services
Open the Services window (e.g. Start => Run => services.msc) and set YSoft SafeQ
services to run under the same account as on the old system.
4b. Start the services
YSoft SafeQ CML

YSoft SafeQ CML DBS
show status LOCAL)
6 Optional step
Now you can delete server with original IP address.WARNING: Do not start YSoft SafeQ services
on "original" server
STEP 3 - CONFIGURING ORS TO CONNECT TO THE NEW IP ADDRESS OF CML

This section describes how you shall reconfigure the ORS server for the connection to the new IP address
of the CML server.
This procedure must be followed every time the IP address of the CML is changed. The procedure must
be performed on every ORS server.
1 Open the Services window (e.g. Start => Run => services.msc) and stop all ORS services:
YSoft SafeQ 5 1965

February 03, 2016
YSoft SafeQ ORS

2 Edit file <SAFEQ_ORS_DIR>\conf\modules\ors.conf and set your new IP address of the CML server
in parameter:
serverIP%NODE_ID%= %NEW_CML_IP_ADDRESS%
3 Delete ORS cache
Delete folder <SAFEQORS_DIR>\server\cache
4 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ ORS
services:

YSoft SafeQ ORS

once the IP address of one CML node has been changed.
All print drivers that were connected to the CML with old IP address must be re-connected to the new
IP address.
YSoft SafeQ 5 1966

February 03, 2016
4 Reconfigure CRS server (IP address of CML has to be changed):
If you are using a CRS server, the new IP address of the CML server has to be updated also on the
CRS side. The modification has to be done in the following places:
4a. database yBoxDB
4b. database yBoxDBCDC
4d. database yBoxDBREP
no changes are required
CML - HOW TO RESTART THE SERVER AND PLAN THE TEMPORARY DOWNTIME
This article will help you with a proper restart of the CML server that is part of CML cluster. In addition the
article describes the steps you shall take if you want to take one CML in a cluster offline for a longer period
of time. Procedure mainly describes the steps in a CML cluster environment but it can be used also for
environment with just one CML node.
Article is divided into two major parts:
1) How to stop the YSoft SafeQ server
use this procedure in case that you need to plan the server downtime e.g. for the server
maintenance.
2) How to start the YSoft SafeQ server
use this procedure in case that you need to start the server after the planned downtime. This
procedure can be used also in case that server has unexpectedly gone offline and you need to start it
up again (e.g. after one day).
1) HOW TO STOP THE YSOFT SAFEQ SERVER

In these instructions, the server you want to restart/temporarily stop is the A server; the other servers are B
and C servers.
YSoft SafeQ 5 1967

February 03, 2016
WARNING:
If the server A is the master node (1st installed node), some additional functions such as
LDAP replication, displaying of the web reports or sending of statistical data to the CRS server
may not be available during the downtime.
If the server A is the master node (1st installed node), keep the downtime as short as possible
(maximally 7 days). Otherwise some statistical data may not be generated.
Configuration in the system settings cannot be changed during the downtime period of any
CML node in the cluster.
1 Make sure that other nodes (B and C) are working correctly and that their job reception or reception
of connections from the terminals is not STOPPED. You can verify this in the administration interface
(YSoft SafeQ Web Interface => System => System Information => Services). All the below mentioned
services must have the status RUNNING:
TCP/IP Print Server on CML (SafeQ Port)

TCP/IP Print Server on CML (LPD)
Server Terminal UDP Identificator
SafeQ Terminal Listener
Enterprise Server Balance
Communicator
Enterprise Server Synchronization
2 Verify that there are no active locks on the A node (YSoft SafeQ Web Interface => System => System
Information => Services). If the locks are held wait until all operations are finished, users have logged
off the terminals and locks are removed.
YSoft SafeQ 5 1968

February 03, 2016
WARNING: The system can be stopped without this step. However a sudden termination of the
services may damage the jobs that are currently processed by the active sessions.
3 Stop reception of new jobs and connections from terminals on the node A you plan to stop:
YSoft SafeQ Web Interface => System => System Information => Services => press Stop service at
following objects:

YSoft SafeQ 5 1969

February 03, 2016
4 Move the print jobs from the CML that shall be stopped to another node in the cluster that will remain
active:
Perform this step only if:
cluster-readSharedFolderJob in the system settings is disabled

you plan to keep the CML server offline for the longer period of time (e.g. 10 hours) and
you wish to have the already spooled jobs available
you are stopping the CML server that is part of the CML cluster
If you omit this step, the system will continue to work but some print jobs sent to the node B will
not be available for print. Users trying to release such jobs may experience spooler error message.
4a. Copy the content of the spooler from the node to be restarted (A) to other node (B or C)
Spooler is located by default in <safeq_home>\server\spool.
4b. Change the location of the spooled jobs in the database
Open pgAdminIII or MS SQL management studio on any running CML.

Connect to the SQDB5 database using the same user/password that is used by YSoft
SafeQ. Do not use the account Sync.
Run the following SQL query on the SQDB5 database:
update smartq_jobs SET server_id=<OTHER_NODE_ID> where server_id=

<STOPPED_NODE_ID>
Example:
update smartq_jobs SET server_id=3 where server_id=1

In our example server A had ID number 1 and the jobs were copied to the server C with ID number 3.
The ID of servers can be found in the same database in table smartq_servers column id.
All changes in the database will be automatically replicated to all the other nodes.
5 Reconfigure the print drivers and terminals to connect to the node that will remain active (not the one
you are stopping)
Perform this step only if:
you have a CML cluster

you plan to keep the CML server offline for the longer period of time (e.g. 10 hours) and
you wish to have the already spooled jobs available
5a. Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the active server
YSoft SafeQ 5 1970

February 03, 2016
You can use the procedure from guide CML - Printer settings in case of one CML node failure to
sustain the printing functionality. Otherwise users might experience issues with the job printing from
the workstation to the YSoft SafeQ server.
5b. Reconfigure HW terminals:
Otherwise users will be unable to authenticate.
5c. Reinstall all embedded Terminals:
Otherwise users will be unable to authenticate. This step can be skipped if you are using Embedded
terminal failover.
6 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SadeQ Terminal Server
2) HOW TO START THE YSOFT SAFEQ SERVER

If one of the cluster nodes has been down for some time (maintenance, updates, error-related downtime),
all the missing data will be automatically synchronized between servers once the node is connected again.
With the default settings, the synchronization speed is approx. 20,000 entries per minute, i.e. information
about 4,000 jobs is replicated every minute. Therefore we recommend to connect stopped server as follows:
1 Connect server to the network outside the peak hours with YSoft SafeQ services stopped.
In case that services cannot be stopped right after the connection, stop them as soon as
possible except for YSoft SafeQ CML DBS service.
2 Start synchronization process by launching YSoft SafeQ CML DBS service (if it is not running)
YSoft SafeQ 5 1971

February 03, 2016
Connect to the SafeQ web interface of all servers in the cluster, go to => System => System
information => Services. Verify that all numbers in the Database pool priority are close to zero
(synchronization is almost finished).
4 Start all the remaining SafeQ services that are stopped.
In case that printers were reconfigured to connect to another node during the downtime period,
make sure that printers are reconfigured to the previous settings.
CML - PRINTER SETTINGS IN CASE OF ONE CML NODE FAILURE

This chapter describes how to set printers in case of one CML node failure.
These steps can be used only for enterprise solution - two or more nodes of CML cluster. In case that one
node is offline for a longer period of time and you need to sustain the printing functions from the drivers that
are pointing to this server, follow the steps described below. The following scenarios are available:
Redirecting printers without YSoft SafeQ client

Redirecting printers with YSoft SafeQ Client
REDIRECTING PRINTERS WITHOUT YSOFT SAFEQ CLIENT
All print drivers that are set to send jobs to the CML that is currently offline must be reconfigured:
1 Open the Devices and Printers.
YSoft SafeQ 5 1972

February 03, 2016
Open Printer properties.
3 Configure settings of the port that is selected.
YSoft SafeQ 5 1973

February 03, 2016
Replace IP address of the offline CML server by the IP address of another active CML node.
REDIRECTING PRINTERS WITH YSOFT SAFEQ CLIENT
All printers that are set to send all jobs to the CML that are currently offline must be reconfigured
YSoft SafeQ Client has a failover ability. In case that several addresses of CML servers were defined,
the print job will be automatically delivered to the next active CML node - in such a case the manual
reconfiguration is not required. You can define several IP addresses of CML servers by clicking " All IP
addresses" in the "SAFEQ Client - Options" window (see screenshot below). For more details see help of
YSoft SafeQ Client.
1 Open the Devices and Printers.
2 Open Printer properties.
YSoft SafeQ 5 1974

February 03, 2016
4 Replace IP address of the offline CML server by the IP address of another active CML node.
YSoft SafeQ 5 1975

February 03, 2016
CML - RECOVERY PROCEDURE FOR MASTER NODE

This section describes how to recover master node (1st installed node) of the CML cluster. The same
procedure can be used for the installation with the single CML node - the only difference is that both
databases shall be taken from the regular database backup.
If the master node is not operational for a longer period of time, you can use the procedure from CML -
Printer settings in case of one CML node failure to sustain the printing functionality.
The procedure does not require shutdown of the running CML nodes in the cluster.
Warning
YSoft SafeQ 5 1976

February 03, 2016
If you are going to recover the YSoft SafeQ on a new PC (meaning on a new installation of
operating system or on a different server), you must request the license reactivation on a new
hardware. For more information see chapter Transferring license to new system (hardware or
operating system change).
Requirements
Step 1 - restore hardware after server failure (optional)
Step 2 - restore software after server failure
Step 3 - prepare the environment
Step 4 - install and configure the new server
Step 5 - verification of the functionality
REQUIREMENTS
Kindly prepare all the required data before starting with the master node (1st installed node) recovery:
1. SQDB5 database backup from the regular system backup

Cluster environment: skip this point as the database backup will be obtained from another
member of the CML cluster later in the procedure.
2. SQDB5_SQDW database backup from the the master node (1st installed node)
Cluster environment: The backup must be 7 days old at the most. If the backup is older
than 7 days, the statistical data between the last backup date and 7 days back from the
current moment will be missing.
3. Configuration files backup from the 1st installed node, eventually master CML GUID
4. TEMP and SPOOL folder backup from the 1st installed node if they are available
required only in case that cluster-readSharedFolderJob is disabled
required only in case that you wish to restore the print jobs that were stored on this server
5. Folder containing scripts for scanning (in case that scan to script is used)
STEP 1 - RESTORE HARDWARE AFTER SERVER FAILURE (OPTIONAL)

Restore hardware required for YSoft SafeQ server.
YSoft SafeQ 5 1977

February 03, 2016
STEP 2 - RESTORE SOFTWARE AFTER SERVER FAILURE
1 Install one of the supported operating systems for YSoft SafeQ server
Make sure that server has the same IP address and hostname settings as before the failure.
2 Install one of the supported databases (or select the embedded database during installation of YSoft
SafeQ in the next step)
Database type MUST be the same as before the failure.

YSoft SafeQ database backup from master node is a MUST for the restoration of the master
node.
STEP 3 - PREPARE THE ENVIRONMENT
1 Perform this step on all running CML servers
Skip this step in case there exists just one CML node in the environment (non-clustered
installation)
Verify synchronization
Check that all data are synchronized between all running YSoft SafeQ nodes.
go to System => System information => Services column

all values in Database pool priority column must have value 0
Note: Database pool priority on the original master node will probably be non zero
(as it is not running and cannot be synchronized).
YSoft SafeQ 5 1978

February 03, 2016
2 Perform this step on all CML servers that remained functional (did not crash)
Skip this step in case there exists just one CML node in the environment (non-clustered
installation)
Using the program pgAdmin III or MS SQL management studio connect to the SQDB5 database:
Connect using the first database account (not Sync).

Enter the password you have selected during CML installation when asked for it.
2a. Find out the master node db_flag using the following query:
select db_flag from cluster_server where id = (select min(id) from cluster_server)
2b. Run the following queries. Replace x by the proper db_flag for the master node (obtained
in the previous step) before running them :
delete from cluster_sync_update_10 where server_flag & x = x;

3 Perform the database backup of SQDB5 database on CML2 (the second node of the cluster).
In case that you have just 1CML node in your environment, skip this step as you will use the
database backup created by regular daily backup.
STEP 4 - INSTALL AND CONFIGURE THE NEW SERVER
1 Perform following step on the node which you are recovering:
Install YSoft SafeQ in the new location according to Installing YSoft SafeQ CML instructions.
YSoft SafeQ 5 1979

February 03, 2016
Restore databases according to CML - Database restore instructions with following exceptions:
Restore SQDB5 from the backup made on CML2 in the previous steps (in case of
standalone CML installation use the backup created by regular daily backup)
Restore SQDB5_SQDW from the backup created by regular daily backup of the
original master node (1st installed node)
Do not start YSoft SafeQ services at the end of the restoration procedure but continue
with the next step of this guide
1c. Run these queries at master node on SQDB5
delete from cluster_sync_update_10;

1d. Modify the database
Using the program pgAdmin III or MS SQL management studio connect to the SQDB5 database:
Enter the password you have selected during CML installation (for database user, do
not use the account Sync).
Open cluster_server table and change localhostvalue as follows:
localhost = 1 for the first row (row that contains name and IP address of the
server you are restoring)
localhost = 0 for all others rows
YSoft SafeQ 5 1980

February 03, 2016
1e. Using pgAdmin III or MS SQL management studio run following query:
delete from smartq_validator
1f. Replace the configuration files
Overwrite existing configuration files with original configuration backup:
<SAFEQ_DIR>\conf
<SAFEQ_DIR>\terminalserver\TerminalServer.exe.config
YSoft SafeQ 5 1981

February 03, 2016
<SAFEQ_DIR>\tomcat\conf
Delete or rename <SAFEQ_DIR>\conf\update.conf file (it would block the start of YSoft
SafeQ CML service)
WARNING: This step requires the password for database/sync users in the database is the
same as it was before the failure. Skip this step and configure server manually if you do not
have exactly the same configuration as before the server failure! However (if you have ORS
connected) keep in mind:
localGUID in startup.conf must be configured the same way as before the failure
1g. Restore spooled jobs
Restore your backup of temp and spool directory

Copy folder containing scripts for scanning (if scan to script is used) to the same
location as it was on the original server
1h. Start services on Master node:
Open Services (e.g. Start => Run => services.msc) and start all YSoft SafeQ services in any order:
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ 5 1982

February 03, 2016
STEP 5 - VERIFICATION OF THE FUNCTIONALITY
1 Log in to the web interface (YSoft SafeQ Web interface => System => System information) of the
master node.
Verify that all servers are showing status ONLINE (the node you are connected to may show
status LOCAL)
Verify that synchronization between the nodes in the cluster is functional. See table DBsync
database & system pools (non-local servers only). Values in column Database pool
priority must not be growing constantly. They shall be changing and they shall be often around
0.
2 Test authentication/print/copy/scan. All functions must be working. Also accounting must return the
correct data.
3 In case of non-clustered environment (1CML only), cache on every ORS has to be deleted. For
specific instructions see article ORS - How to delete corrupted cache.
CML - DATABASE RESTORE

This chapter describes how to restore databases on CML server.
This article is not intended as the standalone recovery procedure. Kindly use this article only in case that
you are pointed to it from another article (such as CML - Recovery procedure for master node). The articles
pointing to this one are explicitly saying which databases shall be restored and where they shall be taken
from.
Document is divided into several parts depending on the used database engine:
PG-SQL database
MS-SQL database
YSoft SafeQ 5 1983

February 03, 2016
DATABASE RESTORE ON PGSQL DATABASE
Chapter describes the way how to restore PG-SQL databases.
Please check that current backup files are available before you start with restore procedures.
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services:
YSoft SafeQ CML

YSoft SafeQ CML DBS
2 Using the program pgAdmin III connect to the SQDB5 database:
Launch the program by selecting Start menu -> All Programs -> PostgreSQL 9.2 (Start
menu -> Y Soft Corporation in the case of embedded PG-SQL installation ) or
<SAFEQ_DIR>/PGSQL/bin/pgAdmin3.exe.
Double-click SafeQ PostgreSQL (in the tree under Servers). The program asks for
authentication.
Enter the password you have selected in CML installation (for postgres users).
YSoft SafeQ 5 1984

February 03, 2016
3 Delete current databases (SQDB5 and SQDB5_SQDW) in case they exist
4 Create a new Databases
Right-click Databases => New Database...

Create new databases with the same names as original ones
SQDB5
SQDB5_SQDW
5 Restore database from existing backup file SQDB5.
Right-click the database name (SQDB5), select "Restore..." option.

Select your backup file
Click "OK"
Backup will be restored
YSoft SafeQ 5 1985

February 03, 2016
Restoration must end with Error code 0
6 Restore database from existing backup file SQDB5_SQDW.
Right-click the database name (SQDB5_SQDW), select "Restore..." option.

Select your backup file
Click "OK"
Backup will be restored
Restoration must end with Error code 0
7 Check step:
Once databases are restored, check that they contain all tables
Go to the Databases => SQDB5 => Schemas => Public => Tables and check that tables are created
SQDB5 has about 142 tables

SQDB5_SQDW has about 37 tablets
8 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ services:
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ 5 1986

February 03, 2016
DATABASE RESTORE ON MS-SQL DATABASE
Chapter describes the way how to restore MS-SQL databases.
Please check that current backup files are available before you start with restore procedures.
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services:
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ 5 1987

February 03, 2016
2 Using the SQL server management studio connect to the SQDB5 database:
Launch the program by selecting Start menu -> All Programs -> Microsoft SQL server ->
SQL Server Management Studio.
Enter the password you have selected in CML installation (usually for sa user).
3 Delete current databases (SQDB5 and SQDB5_SQDW) in case they exist
Select Close existing connections when deleting databases
YSoft SafeQ 5 1988

February 03, 2016
4 Restore databases:
Right-click Databases => Restore Database...

Restore databases with same names as deleted
SQDB5
SQDB5_SQDW
YSoft SafeQ 5 1989

February 03, 2016
5 Check step:
Once databases are restored, check that they contain all tables.
Go to the Databases => SQDB5 => Schemas => Public => Tables and check that tables are created
SQDB5 has about 142 tables

SQDB5_SQDW has about 37 tablets
6 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ services:
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ 5 1990

February 03, 2016
CML - RECOVERY PROCEDURE FOR SLAVE NODE
This section describes how to recover/renew one CML cluster node (not the 1st installed node).
If the slave node is not operational for a longer period of time, you can use the procedure from CML -
Printer settings in case of one CML node failure to sustain the printing functionality.
STEP 1 - RESTORE HARDWARE AFTER THE SERVER FAILURE (OPTIONAL)

WARNING: Make sure that the server has the same IP address as it had before the failure.
STEP 2 - RESTORE SOFTWARE AFTER THE SERVER FAILURE
SafeQ in the next step)
YSoft SafeQ 5 1991

February 03, 2016
STEP 3 - INSTALL CML SLAVE NODE
1 Run ysf-sq5-install.exe to start the YSoft SafeQ Setup Wizard.

Select I want to customize my SafeQ installation.
2 Enter the master node (1st node) IP address and click the Retrieve node list button.
YSoft SafeQ 5 1992

February 03, 2016
Select the node you want to restore and continue by clicking the Next> button.
4 Select the same database type as on the Master node and continue with the installation process.
5 Enter original Local GUID of failed node. The original GUID can be taken from any ORS server
connected to the CML cluster (<SafeQORS_DIR>\conf\modules\ors.conf => parameter serverGUIDx
where x is the number of failed CML node you are currently restoring).
In case you do not have any ORS installed kindly insert random GUID (e.g. ckeuvnmxcviw)
YSoft SafeQ 5 1993

February 03, 2016
Also set HTTP and HTTPS port for SafeQ web interface and press Install button.
6 This step is required for External PG–SQL / MS SQL database
At specific point the installation is paused and pop-up window is displayed. Follow the on-screen
instructions to proceed further.
Database Backup article describes one of the ways how the backup can be made.
Restore database article describes how to restore the database.
7 Wait for installation to finish.
8 In case you were using any specific configuration (such as clustering via MSCS or WNLB with one
shared IP address; different port HTTPS; non-default certificates), kindly follow the part of
documentation that describes your custom settings and set them up again.
9 Restore folder with scanning scripts (if scan to script functionality is used)
YSoft SafeQ 5 1994

February 03, 2016
1 Verification of services:
Open Services (e.g. Start => Run => services.msc) and start (unless already running) the following
services in any order:
YSoft SafeQ CML

YSoft SafeQ CML DBS
All services must start without any errors. The first start of the services may take several
minutes.
2 Log in to the web interface (YSoft SafeQ Web interface => System => System information) of the
master node.
status LOCAL)
database & system pools (non-local servers only). Values in column Database pool
0.
YSoft SafeQ 5 1995

February 03, 2016
correct data.
CML - RECOVERY PROCEDURE FOR YSOFT SAFEQ CML CLUSTER
This chapter describes how to restore the cluster in case that all the nodes has failed. There are following
prerequisites:
YSoft SafeQ database backup from the master node (1st node of the cluster) is a MUST for
restoration of cluster after the failure.
It is expected that also the configuration files backup exists.
Spool directory is not restored. Users will have to send their jobs for the print again.
Warning
If you are going to recover the first CML node of the cluster (master) or the standalone CML server
on a new computer (meaning on a new installation of operating system or on a different server),
you must request the license reactivation on a new hardware. For more information see chapter
Transferring license to new system (hardware or operating system change).
STEP 1 - HOW TO CONFIGURE PRINT DRIVERS IN CASE OF CLUSTER FAILURE (OPTIONAL)

If the cluster is not operational and you need to sustain the printing functionality until the cluster is restored,
see Printing without CML (CML cluster Failure). The guide will help you with the configuration of the direct
printing from the workstation to the MFP.
All jobs printed during the cluster failure will not be accounted.
YSoft SafeQ 5 1996

February 03, 2016
STEP 2 - RESTORE HARDWARE AFTER THE SERVER FAILURE (OPTIONAL)

WARNING: Make sure that all servers has the same IP address as they had before the failure.
STEP 3 - RESTORE SOFTWARE AFTER THE SERVER FAILURE
Make sure that the same drives as in the system before the failure exists (e.g. for YSoft SafeQ
and spool directory)
SafeQ)
YSoft SafeQ 5 1997

February 03, 2016
STEP 4 - INSTALL CML MASTER NODE (1ST NODE)
1 Install 1st node according to the Installing YSoft SafeQ CML instructions.
Do not start services after the installation! (untick checkbox at option Start SafeQ services
after the installation is finished)
2 Restore database SQDB5 and SQDB5_SQDW from the existing backup.
Do not start YSoft SafeQ services at the end of the restore procedure but instead continue with
the next step of this guide.
3 Overwrite configuration files with the existing backup of the configuration. Content of the following
folders has to be replaced:
<SAFEQ_DIR>\conf
<SAFEQ_DIR>\terminalserver\*.config
Copy folder containing scripts for scanning (if scan to script is used) to the same location as it
was on the original server
same as it was before the failure. Skip this step and configure server manually if you do not
have exactly the same configuration as before the server failure! However keep in mind:
localGUID in startup.conf must be configured the same way as before the failure
4 Open the Services window (e.g. Start => Run => services.msc) and set YSoft SafeQ services to
run under the same account as before the failure.
5 Start all YSoft SafeQ services:
YSoft SafeQ CML

YSoft SafeQ CML DBS
STEP 5 - INSTALL SLAVE NODES

Repeat following steps for all slave nodes.
1 Install remaining cluster nodes according to the CML - Recovery procedure for slave node.
YSoft SafeQ 5 1998

February 03, 2016
2 Open the Services window (e.g. Start =>Run => services.msc) and set YSoft SafeQ services to run
under the same account as before the failure.
STEP 6 - RESTORE PRINTING VIA YSOFT SAFEQ AND VERIFY THE PROPER FUNCTIONALITY
Repeat following steps for all slave nodes.
1 If you have pointed print drivers directly to the MFPs, point them back to the YSoft SafeQ servers.
2 Log in to the web interface (YSoft SafeQ Web interface => System => System information)
status LOCAL)
database and system pools (non-local servers only). Values in column Database pool
0.
correct result.
4 Once all the nodes are restored, cache on every ORS has to be deleted. For specific instructions see
article ORS - How to delete corrupted cache.
CML - PRINTING WITHOUT CML (CML CLUSTER FAILURE)

This chapter describes how to set up the printers in case of CML cluster failure (all nodes are stopped).
In case that the whole YSoft SafeQ printing environment has failed and you need to temporarily enable
printing functionality without YSoft SafeQ, follow the steps described below. These instructions for
configuration of the direct printing from workstation to the MFP are specifically describing environment
without YSoft SafeQ client but even the reconfiguration of YSoft SafeQ client is very similar.
All jobs printed during the cluster failure will not be accounted.
In environment with printers with Xerox embedded terminal it is necessary for some
configurations also adjust setting of the printers.
PRINTERS SETTINGS (WITHOUT YSOFT SAFEQ CLIENT)
All print drivers that are set to send jobs to the stopped CML must be reconfigured:
YSoft SafeQ 5 1999

February 03, 2016
1 Open the Devices and Printers via the start menu.
2 Open Printer properties.
YSoft SafeQ 5 2000

February 03, 2016
Replace IP address of CML server by the printer IP address.
CML - REGULAR SYSTEM BACKUP
Warning
We strongly recommend to perform the backup on a daily basis and also prior update to any
never version of YSoft SafeQ. Non-regular backing up of the database and configuration may
lead to the irreversible data loss.
A regular daily backup is described below. No additional steps other than those mentioned here are
required for the backup. The backup consists of database backup and configuration files backup. It is the
customer's responsibility to perform the backup and copy backup files from the servers to a safe location,
e.g. an off-site network-attached storage or backup tapes.
CML BACKUP
It is essential to perform the backup of configuration and the databases on a daily basis. To perform the
backup kindly follow the instructions from articles CML Database backup and CML Configuration backup.
YSoft SafeQ 5 2001

February 03, 2016
The backup is performed using SafeQBackup.exe tool. More information about this tool (such as how to
use it to generate command line parameters for a regular backup via scheduled task) is described in article
CML Backup tool.
COLD BACKUP
Y Soft recommends to set up the "cold backup" server.
For a quick recovery in the event of a hardware failure, it is desirable to have a backup server ready from
which a cold backup can be performed. With respect to system loading speed, a backup in the form of a
virtual server may be necessary in a certain cases. The cold backup server remains inactive and
disconnected from the production environment. In case of a failure, the backup server is started, the
configuration of YSoft SafeQ server is restored according to the Recovery procedure for master node or
Recovery procedure for slave node and server is connected to the production environment to replace the
failed node .
The following rules applies to the cold backup server:
The backup server hardware configuration shall be the same as the hardware configuration of the
CML server it shall substitute.
The backup server shall also include a pre-configured and maintained operating system and pre-
installed YSoft SafeQ server (CML) in a configuration as similar as possible to the production servers
(YSoft SafeQ application + SQL database)
A YSoft SafeQ upgrade must be performed on the cold backup server after each installation of the
given upgrade on the running production servers.
The system administrator is responsible for performing the maintenance required for the cold backup
server.
YSoft SafeQ does not have to be correctly configured on the cold backup server.
BACKUP & RESTORE USING VIRTUAL MACHINE SNAPSHOT
WARN: Using this type of backup & restoration procedure will cause that all changes made in the
environment since the time of last backup till the time of the failure (such as new users, new
devices, new statistical data...) will be lost!
If you have YSoft SafeQ CML (including database) installed on a virtual platform, you can also use the
virtual machine snapshot functionality for a regular system backup. However, following rules and conditions
applies:
Environment with one CML node
Server has to be stopped when creating snapshot.

Every time you restore the CML node by returning to the previous snapshot, cache on every
ORS has to be deleted. For specific instructions see article ORS - How to delete corrupted
cache.
CML cluster environment
all servers (the whole cluster) has to be stopped when creating snapshots.
snapshots has to be created on all servers at the same time.
YSoft SafeQ 5 2002

February 03, 2016
when any CML node becomes corrupted, all CML nodes has to be reverted to the previous
snapshot. Once all the nodes are restored, cache on every ORS has to be deleted. For
specific instructions see article ORS - How to delete corrupted cache.
CML BACKUP TOOL

This article is describing the SafeQBackup.exe utility suited for backup of YSoft SafeQ CML server. The
purpose of the article is to explain how to operate the utility.
To understand which data has to be backed up and what are the recommended means of backup kindly
follow the instructions from article CML - Regular system backup.
SAFEQ BACKUP TOOL
The Backup Tool must be started on the server with installed CML. It has support for backup local
PostgresSQL, MSSQL and remote PostgresSQL.
Backup of remote MSSQL is limited due to nature of MSSQL backup. Backup Tool will provide you
hint how to write backup SQL command in Messages window after click Show commands.
Tool location: <SAFEQ_DIR>\bin\SafeQBackup.exe
YSoft SafeQ 5 2003

February 03, 2016
The tool must be executed directly on the server which has YSoft SafeQ CML installed. Environment
variable SAFEQ_HOME and <SAFEQ_DIR>\conf\cmldb.conf, <SAFEQ_DIR>\conf\cmldb-sqdw.conf
configuration files are used by this tool.
The tool has support for wildcards in file name. E.g.: it's possible to backup all files with file extension .
config in all terminalserver subdirectory by following configuration: termianlserver\*.config
The tool also uses configuration file <SAFEQ_DIR>\conf\backup.conf which contains configuration of the
tool. If the file does not exist, default configuration settings are used.
Password is not retrieved from config file. You have to enter it manually.
YSoft SafeQ 5 2004

February 03, 2016
You can select databases to back up by selecting checkbox ahead of these lines: Database, Warehouse.
You can also back up YSoft SafeQ configuration and binaries by selecting checkboxes Configuration and
Binaries.
The backups are saved in directory <SafeQ_BackupDirectory>\backup_<yyyyMMddHHmm>.
Button Command to clipboard saves command for executing selected backup tasks from command line to
clipboard.
Button Show commands will displays:
Command for executing selected backup tasks from command line

Commands executed by SafeQBackup tool after Backup button click.
Button Backup will perform backup operation. Tool will invoke backup commands. Black window may
appear during database backup. Do not close this windows manually. Wait until operation is complete. Once
this operation is complete then Messages will contain information from backup tools, including exit code of
process. These messages might be useful for diagnostic.
Button Clear Messages clears textbox Messages.
MSSQL
MSSQL is able to create backup only on local drive where database engine is running.
When you uncheck Use command line tool checkbox, then backup tool will attempt to use internal driver
to connect to database.
When you check Use Windows Authentication then command line backup will use Windows
Authentication to SQL server instead of SQL autehntication.
You can back up the configuration of CML. Select checkbox Configuration. When you click Backup then
backup tool will perform a backup of directories specified in the Configuration textfield. Paths are relative to
SAFEQ_HOME and delimited by semicolon. E.g.: conf;tomcat\conf will perform backup of C:\SafeQ5\conf
and C:\SafeQ5\tomcat\conf. Output is stored into the zip file. Its name is shown on the same line in UI.
Binaries backup
You can back up binaries of YSoft SafeQ in the same way as configuration. Select the checkbox Binaries
. When you click Backup then backup tool will perform backup of directories specified in the Binaries
textfield. Paths are relative to SAFEQ_HOME and delimited by semicolon. Output is stored into the zip
file. Its name is shown on the same line in UI.
Binary files cannot be backed up if they are in use. Therefore, if you wish to back them up you
must stop corresponding services.
YSoft SafeQ 5 2005

February 03, 2016
Max Roll Files Count
You can define the maximum count of created backups. By default 3 backups are stored. You can change it
textbox Max Roll Count. If this value is set to zero, no backups are deleted. If this value is positive and
count of backups exceeds it, the oldest backups are automatically deleted.
BACK UP FROM COMMAND LINE
Generate command from UI configuration
Configure SafeQBackup UI and click Show commands. Tool will generate line which you can use
for manual execution from command line. The command is displayed in Messages box and
introduced by : Command for executing selected backup tasks from command line. Copy next
line to clipboard and store it e.g. to backup.bat which you can invoke from command line or from
Windows task scheduler.
Alternatively, you can use Command to clipboard button to generate and store command to the
clipboard.
Command line options
--console - run tool only in console mode, execute immediately. If this option is not present command
line arguments will be loaded and displayed in UI, so you can check whether tool is configured
properly.
--backupDir=<PATH> - path to directory where tool should store backups
--backupDb - create a database backup
--backupWarehouse - create a data warehouse backup
--backupConfig=<PATH>;<PATH> - create configuration directories backup and store them in zip file
--backupBinaries=<PATH>;<PATH> - create selected directories containing YSoft SafeQ binaries
backup and store them into zip file.
--password=<STRING> - password to access the database
--useMSSQLConnection - use MSSQL connection from application, do not invoke backup using
command line tools
--useWindowsAuth - use Windows Authentication - used when MSSQL is configured to use Windows
Authentication credentials
--maxRollCount - sets maxRollCount, i.e. maximum count of created backups in directory. If set to
zero, no files are deleted.
--backupToolPath=<PATH> - path to DB backup tool (e.g. pg_dump.exe or OSQL.exe)
CML - CONFIGURATION BACKUP

This chapter described how to backup configuration files using CML Backup tool tool.
YSoft SafeQ 5 2006

February 03, 2016
CML - CONFIGURATION BACKUP
Most of the configuration is stored in the database. However there are some unique configurations stored in
the conf files. YSoft SafeQ configuration files can be backed up using SafeQBackup.exe tool
It is sufficient to perform the backup of the configuration on the first installed node of the CML cluster -
perform the backup of the slave nodes only in case you made a manual modification of configuration files on
these servers (e.g. exchanging the certificates for YSoft SafeQ Web interface).
1 Run backup utility using <SafeQ_dir>\bin\SafeQBackup.exe
2 Tick the checkbox at Configuration and click the Backup button.
The Configuration window allows you to add any additional configuration path shall be backed up. We
recommend to backup following configuration:
conf
tomcat\conf
terminalserver\*.config
folder containing scanning scripts (if scan to script is used)
Configuration files are saved in to following path:
YSoft SafeQ 5 2007

February 03, 2016
<SafeQ_backup_dir>\backup_YYYYMMDDHSS\conf_YYYYMMDDHHSS.zip
Example:
conf;bin;binc;tomcat\conf;terminalserver\*.config
The backup would be made for folders:
<SafeQ_dir>\conf\
<SafeQ_dir>\bin\
<SafeQ_dir>\binc\
<SafeQ_dir>\tomcat\conf
<SafeQ_dir>\terminalserver\*.config and it will also backup all *.config files from
terminalserver subdirectories
YSoft SafeQ 5 2008

February 03, 2016
CML - DATABASE BACKUP

This chapter describes how to backup database using CML Backup tool tool.
REGULAR SYSTEM BACKUP
Warning
Always use the first node of CML cluster for regular backup actions.
Slave nodes (other than the first one) does not contains print statistic for whole cluster. See CML - Regular
system backup page for more information.
BACKING UP YSOFT SAFEQ CML DATABASES
YSoft SafeQ 5 has two databases SQDB5 and SQDB5_SQDW. Backup tool can backup one of them or
both at the same time.
1 Run backup tool utility using <SafeQ_dir>\bin\SafeQBackup.exe
2 Select SQDB5 and SQDB5_SQDW databases, enter password and click on Backup
button.
YSoft SafeQ 5 2009

February 03, 2016
3 Databases are saved in to <SafeQ_backup_dir>\backup_YYYYMMDDHSS folder as
dump_SQDB5-YYYYMMDDHHSS
dump_SQDB5_SQDW-YYYYMMDDHHSS
CML - ROLLBACK STEPS FOR RETURNING TO THE PREVIOUS VERSION
This article describes how to roll back to the previous version of YSoft SafeQ in case that an upgraded
version prevents you to use some of critical YSoft SafeQ functions. Due to the complexity of the
procedure you shall perform these steps only when it is requested by Y Soft.
You can revert only to the version you was using before the upgrade in order to keep the database and
version compatibility.
Any new data (users/printers/statistical data) that were obtained after the upgrade will be lost when
reverting to the older version.
PREREQUISITES
Kindly prepare all the required data before starting with reverting to the previous version:
YSoft SafeQ 5 2010

February 03, 2016
1. YSoft SafeQ installation package of the version you are going to revert to.
2. SQDB5 database backup of the first CML node that was created before the upgrade to the newer
version
3. SQDB5_SQDW database of the first CML node that was created before the upgrade to the newer
version
4. Configuration files backup of the first CML node that was created before the upgrade to the newer
version
5. TEMP (<SAFEQ_DIR>\server\temp) and SPOOL (<SAFEQ_DIR>\server\spool) folder backup from
all nodes you are going to revert
required only in case that you wish to restore the print jobs that were stored on the server
STEP 1 - REMOVE YSOFT SAFEQ CML

Kindly use "Add or Remove Programs" (or "Programs and Features") to uninstall CML on all servers you are
going to revert.
Also drop SQDB5 and SQDB5_SQDW databases in case you are using the external database server,
STEP 2 - RESTORE YSOFT SAFEQ CML ON THE FIRST NODE
1 Perform following step on the node which you are recovering:
Install YSoft SafeQ according to Basic server installation instructions using the older installation
package.
Install only one CML server node

Restore databases according to CML - Database restore instructions with following exception:
Do not start YSoft SafeQ services at the end of the restore procedure but continue on
the next step of this guide
1c. Using pgAdmin III or MS SQL management studio run following query:
delete from smartq_validator
YSoft SafeQ 5 2011

February 03, 2016
1d. Replace the configuration files
Overwrite existing configuration files with original configuration backup:
<SAFEQ_DIR>\conf
<SAFEQ_DIR>\terminalserver\terminalserver.exe.config
Delete or rename <SAFEQ_DIR>\conf\update.conf file (it would block the start of YSoft
SafeQ CML service)
same as it was before the reverting. Skip this step and configure server manually if you do not
have exactly the same configuration as before the server reverting! However keep in mind:
localGUID in startup.conf must be configured the same way as before the

reverting
the same guid as in startup.conf has to be also put to
<SAFEQ_DIR>\terminalserver\terminalserver.exe.config - parameter
"networkAddress"
1e. Restore spooled jobs
Restore your backup of temp and spool directory

Copy folder containing scripts for scanning (if scan to script is used) to the same
location as it was on the original server
2 Open Services (e.g. Start => Run => services.msc) and start all YSoft SafeQ services in any order:
YSoft SafeQ CML

YSoft SafeQ CML DBS
3 Reactivate the license. For more information see article Reactivating license.
YSoft SafeQ 5 2012

February 03, 2016
STEP 3 - RESTORE YSOFT SAFEQ CML ON THE REST OF THE SERVERS IN THE CLUSTER
Skip this step in case you have just 1CML in your environment (not a clustered solution).
Kindly install the rest of the nodes using the older installation package according to the instructions from
article CML - Recovery procedure for slave node. If you wish to restore also the spool jobs, it is just
necessary to select "Do not start YSoft SafeQ services" during the installation => once the installation has
finished restore the spool directory the sane way like on the first installed node => then start all YSoft SafeQ
CML services.
STEP 4 - REINSTALL ORS SERVERS

As the ORS servers has to be always running in the same version as the CML servers, it is necessary to
uninstall the ORS servers and install it again from the old installation package.
1 Verify the orsCacheRecovery attribute is enabled in the CML settings.
orsCacheRecovery to enabled If you omit this step, all jobs stored on the ORS will be lost at the
end of procedure.
2 Backup ORS configuration files by backing up the directory <SafeQORS>\conf\
Backup ORS spooler files by backing up the content of directory <SafeQORS>\server\spool\
Backup folder containing scripts for scanning (if scan to script is used)
3 Uninstall the ORS as described in article Uninstalling YSoft SafeQ ORS.
4 Copy old ORS installation package to the server and prepare the safeq-ors.ini according to the
instructions from Installing YSoft SafeQ ORS article with following exceptions:.
a. Parameteres for safeq-ors.ini can be taken from the backup of the original configuration files that
was created in previous steps (<SafeQORS>\conf\modules\ors.conf).
b. Set localGUID according to the value from backup of the original configuration
(<SafeQORS>\conf\modules\guid.conf).
c. Set spoolDir according to your needs.
5 Upload all print jobs from the backup of spool directory (created in previous steps) to the new
location defined in safeq-ors.ini (parameter spoolDir).
YSoft SafeQ 5 2013

February 03, 2016
Copy folder containing scripts for scanning (if scan to script is used) to the same location as it was on
the original server.
6 Run the installation of ORS server using installORSv2-exe.cmd.
7 Once the installation of ORS server is finished, verify the correct ORS functionality according to the
article YSoft SafeQ ORS Health Check. Also check that you are able to release the jobs that were
delivered to the ORS before the ORS has been moved.
STEP 5 - REINSTALL EMBEDDED TERMINALS

In case that you are using the embedded terminals which are sharing the communication keys with the
YSoft SafeQ server (Sharp devices), make sure that you reinstall the embedded terminals.
STEP 6 - VERIFY THE FUNCTIONALITY

Test authentication/print/copy/scan via CML and ORS. All functions must be working. Also accounting must
return the correct result.
CML - HOW TO MOVE A CML TO ANOTHER DISK ON THE SAME SERVER

This document describes how to move CML server to another drive on the same server. The steps are very
similar also for the single node installation (1CML only).

STEP 1 - SERVER BACKUP

This part describes how to backup server that shall be moved to the new location.
Perform these steps only on the server that shall be moved to new location
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services (
stop whole CML server):
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ 5 2014

February 03, 2016
2 Using CML Backup tool perform following actions:
CML - Database backup

CML - Configuration backup
3 Backup following folders:
<SAFEQ_DIR>\server\spool
Folder containing scripts for scanning (in case that scan to script is used)
4 Be sure that all required components for server installation are existing on the server. Required
components:
SQDB5 backup
SQDB5_SQDW backup
Scanning scripts
YSoft SafeQ 5 Installation files
<SAFEQ_DIR>\conf\startup.conf file
STEP 2 - NEW SERVER INSTALLATION/CONFIGURATION

This part describes how to install a CML server in the new location.
YSoft SafeQ 5 2015

February 03, 2016
Make sure the node you want to move to the new location is stopped.
1 Perform CML server uninstallation
2 2a. Perform the installation
Install YSoft SafeQ in the new location according to Customized server installation instructions.
Use the same database type as for other nodes that are installed already or for original
CML
Choose the destination folder on another disk
Choose not start services after installation
2b. Replace startup.conf file
Replace <SAFEQ_DIR>\conf\startup.conf with previously saved one
Edit all values according to new location
2c. Restore spooler and scan scripts
Restore spooler and scan scripts previously saved to new location
2d. Restore any nonstandard configuration
Restore any nonstandard configuration made on previous CML
3 Restore databases
Restore databases on a newly installed server according to the CML - Database restore instructions.
4 Postinstallation steps:
4a. Configure permissions for services
Open the Services window (e.g. Start => Run => services.msc) and set YSoft SafeQ
services to run under the same account as on the old system.
4b. Start the services
YSoft SafeQ CML

YSoft SafeQ CML DBS
YSoft SafeQ 5 2016

February 03, 2016
show status LOCAL)
CML - HOW TO MOVE MICROSOFT SQL DATABASE TO THE NEW SERVER
This document describes how to move Microsoft SQL database from YSoft SafeQ server to another server.
/*<![CDATA[*/ DIV.RBTOC1454538949297 {PADDING: 0PX;} DIV.RBTOC1454538949297 UL {LIST-STYLE: DISC;MARGIN-LEFT: 0PX;} DIV.

RBTOC1454538949297 LI {MARGIN-LEFT: 0PX;PADDING-LEFT: 0PX;} /*]]>*/
Requirements
Backup and restore YSoft SafeQ Databases
Run validation of YSoft SafeQ Databases
Edit the file cmldb.conf on the target server
Check System health on the target server
REQUIREMENTS
New Microsoft SQL database server should fit these parameters:
For database synchronization the user named sync must exist.

Users sync security definition: sysadmin or db_owner role for SQDB5 and SQDB5_SQDW
SQL Server Browser service must be started in order to grant connection to database from another
server also you need to enable TCP/IP protocol in SQL Server Network Configuration.
BACKUP AND RESTORE YSOFT SAFEQ DATABASES
1. First Stop all YSoft SafeQ services.

2. Backup YSoft SafeQ Databases (for YSoft SafeQ 5 are default names SQDB5 and SQDB5_SQDW).
3. Restore both backed up databases on new Microsoft SQL database server.
RUN VALIDATION OF YSOFT SAFEQ DATABASES
Run the following SQL query on both restored YSoft SafeQ databases in order to clean up database
validator tables: delete from smartq_validator
YSoft SafeQ 5 2017

February 03, 2016
EDIT THE FILE CMLDB.CONF ON THE TARGET SERVER
1. Open the following file: <SafeQ_foler\conf\cmldb.conf

2. Specify path to new database in "dbURL" parameter. Path is written in next format: dbURL = jdbc:jtds:
sqlserver://[computer name ]:[port]/[DB name];instance=[instance name];ssl=request
It is necessary to fill: your server name, the port used by SQL, the name of your YSoft SafeQ
database, the name of your instance
For example: dbURL = jdbc:jtds: sqlserver://SERVER8:1433/SQDB5;instance=SQLEXPRESS;

ssl=request
3. Do the same changes in <SafeQ_folder>\conf\cmldb-sqdw.conf and <SafeQ_folder>\conf\cmldb-
cluster.conf configuration files
4. Specify database username and password in "dbUser" and "dbPass" parameters. Do the same
changes in <SafeQ_folder>\conf\cmldb-sqdw.conf file
5. Specify name of database server where SQDB5 and SQDB5_SQDW databases are placed by
updating following parameters: "sqdb-srvname" and "sqdb-dwsrvname". Database server name is
stored in this format: [computer name]\\[instance name]
To determine the server name, this can be found out by running following query on the server:
SELECT name FROM sys.servers.
For example:
sqdb-srvname=SERVER8\\SQLEXPRESS
sqdb-dwsrvname=SERVER8\\SQLEXPRESS
6. In <SafeQ_folder>\conf\cmldb-cluster.conf: Specify database login and password for "sync" user in
"dbUser" and "dbPass" parameters.
CHECK SYSTEM HEALTH ON THE TARGET SERVER

Start all YSoft SafeQ services :
YSoft SafeQ CML

YSoft SafeQ CML DBS
Check database integrity status at "Database integrity" widget on Dashboard of SafeQ web interface. All
lines have to be marked as OK. If you can see an error, see logs for more details.
Check <SafeQ folder>\logs\cml.log for errors.
YSoft SafeQ 5 2018

February 03, 2016
4.16.2 ORS RECOVERY SCENARIOS
ABOUT
All ORS recovery scenarios are described on following pages.
ORS RECOVERY SCENARIOS
ORS - How to change the GUID of ORS server describes the possibility of exchanging the GUID of
ORS.
ORS - How to change the IP address of ORS server shall be followed in case you need to change the
IP address of the ORS server.
ORS - How to delete corrupted cache can be used in case some ORS functionality is limited due to
cache corruption. Use this step only in case that it is requested by Y Soft.
ORS - How to move an ORS to the new server shall be used if you want to move the ORS to the new
server. By following this guide you will keep the GUID of the ORS which means that statistical data per
the location will be still reported under one ORS (if you uninstall ORS and install a new one with a
different GUID but the same name, you would see the ORS in the reports twice).
ORS - Recovery procedure shall be followed in case that ORS has crashed and you want to restore its
functionality.
ORS - Regular system backup describes the steps required for the backup of the ORS.
ORS - HOW TO CHANGE THE GUID OF ORS SERVER
This chapter describes steps required for changing of the ORS GUID.
WARNING: GUID = Unique identifier of server.
Before you change the GUID to a new one, be sure that the same ORS GUID in NOT already present in
your YSoft SafeQ environment.
YSoft SafeQ 5 2019

February 03, 2016
CONFIGURING ORS TO USE THE NEW GUID
If you omit this step, all jobs stored on this ORS will be lost at the end of procedure.
2 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ ORS
services:
YSoft SafeQTerminal Server

YSoft SafeQ ORS
3 Edit <SafeQORS>\conf\modules\guid.conf file and enter new ORS GUID in parameter localGUID:
localGUID=%NEW_ORS_GUID%
4 Open web interface of YSoft SafeQ CML server (use the first node in case of CML cluster) and go to
Devices => Printers.
YSoft SafeQ 5 2020

February 03, 2016
5 Edit ORS server where the GUID has changed.
6 Replace value at Spooler GUID by the new one (the same value which was used in guid.conf).
7 Delete ORS cache by deleting folder <SafeQORS>\server\cache .
services:

YSoft SafeQ ORS
9 Verify the correct ORS functionality according to the article YSoft SafeQ ORS Health Check.
YSoft SafeQ 5 2021

February 03, 2016
ORS - HOW TO CHANGE THE IP ADDRESS OF ORS SERVER
This document describes how to change the IP address of one ORS server.

Configuring ORS to use the new IP address
VERIFICATION OF THE IP ADDRESS

This section describes the way how to find the IP address of current server.
1 Log in to server where the IP address has changed.

Open command prompt (e.g. Start => Run => services.msc)
CONFIGURING ORS TO USE THE NEW IP ADDRESS

This chapter describes steps for ORS IP address change
If you omit this step, all jobs stored on the ORS will be lost at the end of procedure.
YSoft SafeQ 5 2022

February 03, 2016
services:

YSoft SafeQ ORS
3 Change IP address of the ORS server in the operating system.
4 Edit <SafeQORS>\conf\modules\ors.conf file and enter the new IP address in parameter smartQ-
server-ip:
smartQ-server-ip = %NEW_IP_ADDRESS%
5 Replace the IP address in TerminalServer.exe.config
Edit <SAFEQ_ORS_DIR>\terminalserver\TerminalServer.exe.config and set your new IP address

in the parameter:
YSoft SafeQ 5 2023

February 03, 2016
Open web interface of YSoft SafeQ CML server (use the first node in case of CML cluster) and go to
Devices => Printers.
7 Edit ORS where the IP address has changed
8 Replace the Spooler IP address by the new one
9 Delete ORS cache by deleting folder <SafeQORS>\server\cache.
services:

YSoft SafeQ ORS
YSoft SafeQ 5 2024

February 03, 2016

once the IP address of ORS server has been changed.
All print drivers that were connected to the ORS server with old IP address must be re-connected to
the new IP address.
ORS - HOW TO DELETE CORRUPTED CACHE
ABOUT CACHE DELETION

Deleting the ORS cache is in a specific cases the only way to restore the proper ORS functionality.
When the cache is deleted the particular ORS will loose all information about users, cards, jobs and
printers.
All necessary information about printers, users rights and billing codes are synchronized to the ORS
(from CML) during the first synchronization (after the restart of ORS service).
Information about Jobs is synchronized as part of Cache Recovery Mechanism
User's data will be synchronized to the ORS (from CML) during the first authentication of user.
WARNING
ORS cache equals to CML database. The request for deletion of ORS cache shall be performed
only when requested by Y Soft.
YSoft SafeQ 5 2025

February 03, 2016
HOW TO DELETE ORS CACHE
1 Verify the ORS cache recovery settings.

metadata will be recovered from CML. If this option is enabled, job consolidation will not be run
during ORS startup.
services:

YSoft SafeQ ORS
3a Delete ORS cache by deleting whole folder <SAFEQORS_DIR>\server\cache
3b Create file named ".orscdm" (note the dot at beginning) in directory <SAFEQORS_DIR>\bin. This
file works as manual flag, which indicates that caches must be deleted during ORS startup.
services:
YSoft SafeQ 5 2026

February 03, 2016

YSoft SafeQ ORS
5 Once the ORS cache is deleted, verify the correct ORS functionality according to the article YSoft
SafeQ ORS Health Check.
ORS - HOW TO MOVE AN ORS TO THE NEW SERVER

This document describes how to move one ORS to the new server while the ORS GUID remains
unchanged. The document also covers the scenario where IP address of the new server is different from the
old one.
Step 1 - configuration change on the CML server

Step 2 - backup of data on the old ORS server
Step 3 - new ORS server installation/configuration
STEP 1 - CONFIGURATION CHANGE ON THE CML SERVER

This part describes the changes that must be done on the CML server where the ORS is connected to.

ORS startup.
2 Open web interface of YSoft SafeQ CML server (use the first node in case of CML cluster) and go to
Devices > Printers.
3 Edit ORS that will be moved to the new server.
YSoft SafeQ 5 2027

February 03, 2016
4 Replace the Spooler IP address by the new one (the IP address that will be used on the new
server).
NOTE: Skip this step in case you want to keep the original IP address.
STEP 2 - BACKUP OF DATA ON THE OLD ORS SERVER

This part describes the steps to be performed on the ORS that is being moved to the new server.
services:
YSoft SafeQ ORS

YSoft SafeQ 5 2028

February 03, 2016
2 Backup ORS configuration files by backing up the directory <SafeQORS>\conf\
Backup ORS spooler files by backing up the content of directory <SafeQORS>\server\spool\
Backup folder containing scripts for scanning (if scan to script is used)
STEP 3 - NEW ORS SERVER INSTALLATION/CONFIGURATION

This part describes how to install and configure ORS on the new server.
1 Copy ORS installation package to the new server and prepare the safeq-ors.ini according to the
c. Set spoolDir and rest of the settings according to your needs.
2 Upload all print jobs from the backup of spool directory (created in previous steps) to the new
location defined in safeq-ors.ini (parameter spoolDir).
Copy folder containing scripts for scanning (if scan to script is used) to the same location as it was on
the original server.
YSoft SafeQ 5 2029

February 03, 2016
3 Run the installation of ORS server using installORSv2-exe.cmd.
4 Once the installation of ORS server is finished, verify the correct ORS functionality according to the
article YSoft SafeQ ORS Health Check. Also check that you are able to release the jobs that were
delivered to the ORS before the ORS has been moved.
5 Now you can delete the old ORS server.
WARNING: Do not start YSoft SafeQ ORS services on "original" server

once the ORS was moved to a new location.
All print drivers that were connected to the ORS server with old IP address must be re-connected to
the new IP address.
Skip this step in case the ORS IP address has not changed.
ORS - RECOVERY PROCEDURE
This section describes how to recover the failed ORS server.
If the ORS server is not operational for a longer period of time, you can use the procedure from ORS -
Printing without ORS server (ORS server Failure) to sustain the printing functionality.
All CML servers must be running and functional when performing procedure.
YSoft SafeQ 5 2030

February 03, 2016
Requirements
Step 1- restore hardware after server failure (optional)
Step 2 - restore software after server failure
Step 3 - install and configure the new server
REQUIREMENTS
Kindly prepare all the required data before starting ORS server recovery:
1. ORS installation package

2. ORS configuration files
3. SPOOL folder backup from the ORS (optional)
If the spool backup is not available, jobs stored on failed ORS will be lost and users will
have to send them for print again.
STEP 1- RESTORE HARDWARE AFTER SERVER FAILURE (OPTIONAL)

STEP 2 - RESTORE SOFTWARE AFTER SERVER FAILURE
1 Install one of the supported Operating Systems for YSoft SafeQ ORS server
Make sure that server has the same IP address and hostname settings as before the
failure. In case IP address or hostname changes, it is necessary to change it also via YSoft
SafeQ web interface before the start of ORS installation. The ORS IP address can be changed
in parameter "Spooler IP address" in the same window as "Spooler GUID" described below.
STEP 3 - INSTALL AND CONFIGURE THE NEW SERVER

ORS startup.
2 Obtain localGUID of failed ORS server.
ORS localGUID of recovered ORS must be exactly the same as the GUID on the failed ORS server.
There are two ways to obtain the GUID of failed ORS:
YSoft SafeQ 5 2031

February 03, 2016
a. localGUID can be taken from ORS configuration file <SafeQORS>\conf\module\guid.conf from

parameter localGUID
b. localGUID can be taken from YSoft SafeQ CML Web Interface => Devices => Printers => Edit
ORS that you are recovering and see value at Spooler GUID
3 Copy ORS installation package to the new server and prepare the safeq-ors.ini according to the
c. Set spoolDir according to your needs.
4
This step is optional. If not performed users would need to reprint their jobs (all missing jobs are
marked as deleted)
Copy the spooler folder from the failed ORS server to the new location.
YSoft SafeQ 5 2032

February 03, 2016
The spooler folder on failed server is stored in directory specified in

<ORS_HOME>\conf\module\ors.conf as spoolDir
The new spooler folder location is specified in safeq-ors.ini in the installation package
by parameter spoolDir. If left empty, <targetDir>/server/spool is used instead
5 Run installation of ORS server using installORSv2-exe.cmd and wait for installation to finish.

once the ORS was moved to a new location.
2 Verify that you are able to release the jobs that were delivered to the ORS before the ORS has been
restored. Perform this step only if you restored the spool directory.
ORS - PRINTING WITHOUT ORS SERVER (ORS SERVER FAILURE)

This chapter describes how to set up the printers in case of ORS failure to sustain the printing functionality.
Please note that in some cases (depending on the environment size and the seriousness of the failure) it
might be faster to just restore the ORS without performing any reconfiguration described here.
The following scenarios are available:
A) Reconnect all devices from failed ORS to the CML server

B) Reconnect all devices from failed ORS to any other existing ORS
C) Reconnect all devices directly to the printer
A) RECONNECT ALL DEVICE S FROM FAILED ORS TO THE CML SERVER
This step requires reconfiguration as follows:
Move all devices from failed ORS to CML via YSoft SafeQ web interface.
Reconfigure all hardware terminals to connect to the CML instead of the failed ORS.
Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the CML server (all print drivers
that were sending print jobs to the ORS must be re-connected to the CML).
Reinstall all embedded terminals that were moved from failed ORS server to functional ORS server.
Moving devices from ORS to CML will be reflected also in statistics (device will be shown in a different
group for the period when it has been moved).
Moving too many devices to CML might overload the CML node. See hardware sizing for maximal
amount of connected MFPs to the CML.
YSoft SafeQ 5 2033

February 03, 2016
B) RECONNECT ALL DEVICES FROM FAILED ORS TO ANY OTHER EXISTING ORS
This step requires reconfiguration as follows:
Move all devices from failed ORS to a functional ORS via YSoft SafeQ web interface.
Reconfigure all hardware terminals to connect to the functional ORS instead of the failed ORS.
Reconfigure all print drivers (or YSoft SafeQ clients) to connect to any running ORS server (all print
drivers that were sending print jobs to the ORS must be re-connected to any running ORS - due to
job roaming functionality users can send job to one ORS and release it via another one).
Reinstall all embedded terminals that were moved from failed ORS server to functional ORS server.
Moving devices from failed ORS to another one will be reflected also in statistics (device will be shown in
a different group for the period when it has been moved).
Moving too many devices to another ORS might overload the functional ORS. See hardware sizing
for maximal amount of connected MFPs to the ORS.
C) RECONNECT ALL DEVICES DIRECTLY TO THE PRINTER
This step requires additional reconfiguration steps:
Reconfigure all print drivers (or YSoft SafeQ clients) to send print job directly to the MFP. The
instructions are the same as described in article CML - Printing without CML (CML cluster Failure).
All jobs delivered to the MFP this way will not be accounted.
ORS - REGULAR SYSTEM BACKUP
ORS is designed for maximum safety and ease of configuration. Configuration is download from CML so
only the basic configuration is required during the recovery procedure.
The parts of ORS that shall be backed up:
1) folder <SafeQORS>\server\spool
This folder contains the print jobs that were delivered to this ORS.
If this folder is not backed up on the regular basis and the ORS crashes, it will be impossible to
restore these print jobs. However it is not usually an issue as users can send their documents for
print again.
2) folder <SafeQORS>\conf
This folder contains configuration data of the ORS.

The backup of this folder does not have to be backed up on the regular basis. It is enough to back it
up every time you make manual changes in the configuration files which are specific for this
particular ORS. If you do not make a manual modification of the configuration files, backup is not
required.
3) folder containing scanning scripts
Make a backup of folder containing scripts for scanning (if scan to script is used).
YSoft SafeQ 5 2034

February 03, 2016
The path of location may differ depending on the configuration of your scanning workflows.
4.16.3 CRS RECOVERY SCENARIOS
ABOUT
All recovery scenarios are described on following pages.
CRS RECOVERY SCENARIOS
CRS - Backup procedure describes: How to backup existing installation of CRS.
Page is divided into two major parts according to used components:
Backup via backup.bat script.

Backup manually.
Backup & restore using virtual machine snapshot.
CRS - Restore after server failure procedure describes: How to restore CRS server after CRS server
failure.
Use this restore instructions in the case that CRS server is corrupted.
Page is divided into several parts:
Clean up the existing server.

Installation of a new SQL server.
Configuration and recovery scenarios for a CRS server.
CRS - BACKUP
ABOUT
This page describes how the CRS backup shall be performed.
Note: We recommend to perform the backup on a daily basis and before every update to the newer
version of YSoft SafeQ.
Note: The backup shall be always copied to the safe destination. The safe destination is not present in
the same server where CRS is installed - safe backup destination is a different server or any backup
depository.
CONTENT
This chapter is divided into two parts:
CRS backup procedure using Backup.bat

CRS backup procedure (manual)
YSoft SafeQ 5 2035

February 03, 2016
CRS backup & restore using virtual machine snapshot
YSoft SafeQ 5 2036

February 03, 2016
CRS BACKUP PROCEDURE USING BACKUP.BAT
1 Skip this step in case you have the pre-configured installation files for CRS
Extract crs.zip file from YSoft SafeQ installation media into local drive.
Configure DeploymentConfig configuration files for CRS installation according to CRS configuration
page.
2 Make sure that the destination for backup is configured per your needs. CRS will be stored in the
folder defined in the installer settings (DeploymentConfig\crs\env.ini).
### --------------------------------------------------------------------------
## BACKUP ACTION
# Backup directory ( for storing CRS files backup and database dumps)
# Default: C:/SafeQCRS-Backups
backupDir=C:/SafeQCRS-Backups
# Max roll count of created backups of CRS files

# Default value: 3
backupFilesMaxRollFileCount = 3
### --------------------------------------------------------------------------
3 Begin the backup process by running the backup.bat (stored in InstallPackages folder).
Enter the environment name when asked.
The environment name is the path leading to CRS configuration files (for example if the configuration
is stored in C:\CRSinstall\DeploymentConfig\crs\TEST\node1\env.ini, you would use the environment
name as: crs\TEST\node1)
The backup will perform following operations:
1.
YSoft SafeQ 5 2037

February 03, 2016
1. Create backup folder according to backupDir setting in env.ini (if backupDir does not exist
already).
2. Perform database backup for following databases:
yBoxDB
yBoxDBCDC
3. Create SafeQCRSBackup.zip which contains backup of:
bin\
build\
conf\
4 Close installation prompt after successful backup.
5 Copy the backup to any safe destination. Example of files that were created by backup and that shall
be copied to the safe destination:
dump_yBoxDB_201304041523.backup
dump_yBoxDBCDC_201304041523.backup
SafeQCRSBackup.zip
YSoft SafeQ 5 2038

February 03, 2016
Note: This way of backup may be automated by setting up a scheduled task for "backup.bat"
in the Task Scheduler.
To make it possible to schedule a regular unattended backup, some command-line parameters

must be used to avoid the backup script pausing and waiting for user input. The minimum set of
parameters needed to achieve this is:
-env <EnvironmentName>
-nopause
For example, the complete command line could be:
InstallPackages\backup.bat -nopause -env crs\TEST\node1
CRS BACKUP PROCEDURE (MANUAL)
The procedure is describing steps for database backup via SQL Server 2008 R2. The procedure for
another database server may slightly differ. Please see documentation of your SQL server for more details.
1 Open SQL Server Management Console and connect to the database engine.
2 Backup all YSoft SafeQ CRS databases:
yBoxDB
yBoxDBCDC
Select the database and use right-click to display the context menu.
YSoft SafeQ 5 2039

February 03, 2016
Select Tasks > Back Up...
3 Add the Destination and the database backup name.
Click OK to start the backup process.
4 Repeat steps 2-3 for all SafeQ CRS databases.
yBoxDB
YSoft SafeQ 5 2040

February 03, 2016
yBoxDBCDC
5 Backup all followings subfolders from SafeQCRS folder to the backup

directory.
bin
build
conf
6 Copy the database backups and the directory backups to any safe destination.
CRS BACKUP & RESTORE USING VIRTUAL MACHINE SNAPSHOT

In case the CRS and the database is installed on the virtual platform, you can also use the virtual machine
snapshot functionality for a regular system backup. By restoring the CRS from the previous snapshot you
will loose all the statistical data that were processed between the last time of backup and the time of the
failure. This is generally not a problem as the CRS will be able to synchronize the missing statistical data
(max 1 month old) from the CML in case the CML does not experience the failure also. However we still
recommend the following:
perform the backup in a stopped state of the virtual machine

perform the backup on a daily basis
YSoft SafeQ 5 2041

February 03, 2016
CRS - RESTORE AFTER SERVER FAILURE
ABOUT
This chapter describes how to restore YSoft SafeQ CRS after the failure. This scenario shall be followed in
case of any kind of CRS failure (corrupted hardware, corrupted SQL server, missing database files,
corrupted CRS binary files...).
The article consists of:
Requirements
Step 1 - restore hardware after server failure (optional)
Step 2 - restore software after server failure (optional)
Step 3 - clean up the server before CRS re-installation
Step 4 - restore the YSoft SafeQ CRS
REQUIREMENTS
Kindly prepare all the required data before starting with the master node (1st installed node) recovery:
CRS databases backups

CRS configuration backup
CRS installation files
See article CRS - Backup for more information about database and configuration files backup.
STEP 1 - RESTORE HARDWARE AFTER SERVER FAILURE (OPTIONAL)

Replace all corrupted hardware.
Skip this step in case that hardware was not corrupted.
STEP 2 - RESTORE SOFTWARE AFTER SERVER FAILURE (OPTIONAL)

Use this step in case the operating system or MS SQL has been corrupted
1 Install the operating system.
The operating system must be supported for the particular version of MS SQL server that you are
going to deploy. See documentation of your MS SQL server for more details.
It is important to have the same IP address like on the previous server which is corrupted.
Skip this step in case the Microsoft Windows was not corrupted.
2 Install and configure Microsoft SQL Server for YSoft SafeQ CRS.
It is advised to install the same version/edition of MS SQL server which was used before the failure to
avoid the database compatibility issues. The details for the MS SQL server installation can be found
in following articles:
YSoft SafeQ 5 2042

February 03, 2016
prerequisites for the YSoft SafeQ CRS.

list of supported databases and installation instructions for the MS SQL server.
Skip this step in case the MS SQL Server was not corrupted.
1. Start Microsoft SQL Management Studio and connect to the Database Engine as the user sa
.
2. Right-click on the Replication to display the context menu; then select Configure Distribution
. (If this menu is not available and you see Publisher properties instead, this step has been
probably already done and you can proceed to next step).
3. In the window that opens, click Next; then Finish; then Finish again.
4. Replication is now enabled.
STEP 3 - CLEAN UP THE SERVER BEFORE CRS RE-INSTALLATION

It is necessary to clean up (remove) all the components described below before the YSoft SafeQ CRS can
be restored.
You can skip this step in the case of clean installation of Operating system and MS SQL server.
1
MAKE SURE THE MS SQL SERVER IS PROPERLY INSTALLED, INCLUDING REPORTING SERVICES.
Open the Reporting Services Configuration utility (Start > Programs > Microsoft SQL Server 20xx
> Configuration tools):
2
MAKE SURE THE YSOFT SAFEQ CRS SERVICE IS REMOVED
Open a Windows Service (run -> services.msc). If the YSoft SafeQ CRS service exists:
1. Stop the service

2. Delete the service using command prompt:
sc delete YSoftSafeQCRS
3
MAKE SURE THAT CRS FOLDER IS DELETED
Check disk drive where CRS server was installed. In the case that SafeQCRS folder exists, delete it.
YSoft SafeQ 5 2043

February 03, 2016
MAKE SURE THAT NO CRS DATABASES EXIST ON THE MS SQL SERVER
1. Connect to the Database Engine using SQL Server Management Studio.

2. If yBoxDBREP, yBoxDB or yBoxDBCDC databases exist, delete them.
Hints DB for removal:
If the deletion of databases fails, take the database offline (right-click the database -> Tasks > Take Offline), delete the
database file (location of related mfd and ldf file can be found by right-clicking the database -> Properties -> tab Files ->
information under "Database files" text) and then delete the database via SQL Server Management Studio.
In the database cannot be taken offline:
1. a. find the session which is currently blocking the database. SQL command:
USE [master]
select d.name, d.dbid, spid, login_time, nt_domain, nt_username, loginame from sysprocesses p inner
join sysdatabases d on p.dbid = d.dbid where d.name = '<databasename>'
GO
b. kill the blocking session. SQL command:
USE [master]
kill <spid number from previous query>
GO
c. disable single-user session for this DB . SQL command:
USE [master]
exec sp_dboption '<databasename>', 'single user', 'FALSE'
GO
d. it shall be now possible to take DB offline and delete the database files. For more information see the
documentation of your MS SQL server.
5
MAKE SURE THAT PACKAGES FOR CUBES PROCESSING ARE DELETED
1. Connect to the Integration services using SQL Server Management Studio.

2. Following packages must not be present in Running packages or Stored Packages\MSDB:
PackageBuildSafeq
PackageBuildSafeq_full
In case the packages are present, delete them.
6
MAKE SURE THAT ANALYSIS SERVICES DOES NOT CONTAIN SAFEQCDC
Connect to Analysis Services using SQL Server Management Studio. If the database SafeQCDC
database exists, delete it.
YSoft SafeQ 5 2044

February 03, 2016
YSoft SafeQ 5 2045

February 03, 2016
STEP 4 - RESTORE THE YSOFT SAFEQ CRS
1 Restore the YSoft SafeQ CRS databases (according to CRS - Database Restore) on MS SQL server:
yBoxDB
yBoxDBCDC
Be sure that yBoxDBREP does not exist on MS SQL server.
2 Configure the CRS server as described in CRS configuration, make sure the following attribute in
DeploymentConfig\crs\env.ini is set:
Database instance creation type

databaseInstanceType = existing-db
3 Run the install.bat to begin the CRS installation: InstallPackages\install.bat.
The command prompt opens. Enter the environment name, including the path to the currently
installed node:
4 You can see the installation progress in the command line window. The installation shall finish with
the message INSTALL PROCESS FINISHED SUCCESSFULLY. Then you can close the installation
window.
YSoft SafeQ 5 2046

February 03, 2016
5 Verify that YSoft SafeQ CRS service is running (using service.msc)
If it is stopped start it manually. If the service cannot be started, more information can be found in
<SafeQCRS_DIR>\logs\crs.log
YSoft SafeQ 5 2047

February 03, 2016
1 Verification of connectivity to the CRS server
It must be possible to access the statistical data on the CRS server. The date/time in the statistics
shall be equal to the date/time when the CRS backup has been performed. Please verify that data are
available.
1a. Verification of access via Analytic Services
follow the description from article Working with YSoft SafeQ CRS OLAP cubes to see
how to obtain statistics from the CRS using Analytic Services
1b. Verification of access via Reporting Services (optional)
perform this step only if Reporting Services were installed

follow the description from article Working with YSoft SafeQ CRS reports to see how to
obtain statistics from the CRS using Reporting Services
2 Verification of data synchronization from CML to CRS
Send the new data to the CRS Server
Open YSoft SafeQ Web interface of the CML server that is sending statistics to the CRS.
Open tab Reports -> CRS Reports -> Actions -> click Send statistics to the CRS
Wait till the Sending process finished message is shown. At least some rows has to be
transferred and sending must not fail.
In case there are no new statistical data on the CML, the sending of statistics may still finish
properly but the "Transferred rows" will contain 0. In such a case do the following:
make a testing print

verify that the print has been accounted in job history
wait 1 hour for the statistical data to be processed on the CML level
try to send the statistical data again
3 Verification of statistical data processing
3a. Check that CRS data processing is not in progress
YSoft SafeQ 5 2048

February 03, 2016
Verify that there is no cube processing running at the moment on the CRS server. If the package is
running, wait for it to finish.
Using SQL Server Management Studio connect to the Integration services

Make sure that no package is being shown in Running Packages. The name of
package may vary.
3b. Restart CRS service
Restart the YSoftSafeQCRS service (via services.msc) on the CRS server. This will force processing
of data in the cube and cube processing package will start.
3c. Wait for cube processing to finish
Wait till the cube processing is finished. The cube processing is finished when there is no package
running any more. To verify when the package was processed follow these steps:
Using SQL Server Management Studio connect to the Integration services

Expand Databases -> SafeQCDC -> Cubes -> right-click Base Stats -> select
Properties
Status must be Processed and the time at Last processed is subsequent to the time of
CRS service restart.
YSoft SafeQ 5 2049

February 03, 2016
Processing may take a few

hours depending on the size of the database. More details about processing can be found in the
<SafeQCRS_DIR>\logs\crs.log (thread CSDManagerCRS).
3d. Verify the statistical data
Verify the CRS report includes the data from the last synchronization. The data in the CRS shall have
the date/time equal to the last time of synchronization (as referred in point 2).
CRS - DATABASE RESTORE
ABOUT
This page describes how to restore CRS databases from the existing database backup. The description is
related to Microsoft SQL Server 2008, the steps on another version of MS SQL server are very similar.
Please see documentation of your MS SQL server for more details.
This page is only an extension of the existing documentation and it is not intended as a standalone
recovery scenario for the CRS failure. If your CRS is corrupted, please follow instructions from CRS -
Restore after server failure article to restore it.
YSoft SafeQ 5 2050

February 03, 2016
DATABASE RESTORE PROCEDURE
1 Open SQL Server Management Console and connect to the database engine.
2 Make sure that databases you want to restore does not exist. In case the database already exists,
delete it.
3 Right-click the Databases folder and select "Restore Database" option.
4 Enter the database name in "To database" field (use one of the following names: yBoxDB or
yBoxDBCDC).
Select "'From device" option and select the path to the database backup.
Tick the Restore checbox for the selected database.
YSoft SafeQ 5 2051

February 03, 2016
5 Optionally change the location where the restored database files shall be kept.
6 Click OK button to start the database restoration process.
Close the Restore Database window once the database has been restored properly.
YSoft SafeQ 5 2052

February 03, 2016
7 Repeat the step 1-6 for the restoration of remaining databases.
4.16.4 SYSTEM SANITY CHECKS
This topic helps you verify the Health Check of YSoft SafeQ system.
To quickly check CML, ORS or CRS servers, please visit following links:
YSoft SafeQ CML Health Check

YSoft SafeQ ORS Health Check
YSoft SafeQ CRS Health Check
If the CML cluster runs Windows Network Load Balancing see Windows Network Load Balancing Health
Check topic to find out how to test correct behavior of the balancing feature.
If your system runs Near Roaming group(s) see ORS Near Roaming Health Check topic to learn how to
verify ORS cluster using jConsole tool.
ADVANCED HEALTH CHECK
DATE AND TIME SETTINGS

Check that all your servers have the same time, date and timezone. It is recommended to use NTP protocol
- make sure all servers have NTP enabled and are connected to same NTP server.
COMPUTER PERFORMANCE
HDD SPACE AND FRAGMENTATION
Make sure that all partitions used by SafeQ have at least 10GB of free space.
Make sure that fragmentation is less than 80% on all partitions used by SafeQ .
HDD IN PERFORMANCE MONITOR
Run Perfmon tool that is standard part of all Microsoft Windows.
Counters discussed in this topic can be found under PhysicalDisk object.
Perfmon tool can monitor multiple disks. Please make sure you select only disks used by SafeQ.
Avg. Disk Queue Length metric represents the average number of physical read and write requests that
were queued on the selected physical disk during the sampling period. If your I/O system is overloaded,
more read/write operations will be waiting. If your disk queue length frequently exceeds a value of 1 during
peak usage, then you might have an I/O bottleneck.
YSoft SafeQ 5 2053

February 03, 2016
Avg. Disk Sec/Transfer metric is the time, in seconds, of the average disk transfer (disk latency). Please
compare the output number with below numbers:
< 10 ms - very good performance

10 - 20 ms - good performance, but might indicate minor performance problems
20 - 50 ms - slow performance, needs attention
> 50 ms - indicated serious problems
CPU PERFORMANCE IN TASK MANAGER
Verify that CPU utilization is less than 90% average over 1 minute in peak hours
MEMORY PERFORMANCE IN TASK MANAGER
Using task manager verify that memory commit is not higher than 80% of total physical memory.
Otherwise system starts swapping memory and performance might be degraded.
NETWORK PERFORMANCE IN PERFORMANCE MONITOR
Counter discussed in this topic can be found in Perfmon tool under Network Interface object.
There might be multiple network cards. Make sure you inspect network interface that is used by SafeQ
server.
Verify that Network Queue Length is 0. If the measured value is higher than 0, then network card might be
a bottleneck. Please consult your network administrator.
DATABASE PERFORMANCE
Connect to the database (PostgreSQL Server or Microsoft SQL Server) and verify following queries on all
the nodes in the cluster:
Query Result
SELECT count(*) FROM cluster_sync_update_10 query returns result in less than 200ms
SELECT count(*) FROM cluster_sync_update_10 result is less than 1000 and query finished in
WHERE server_flag<>0 less then 200ms
SELECT count(*) from cluster_sync_update_20 result is less than 50 000 and query finished in
WHERE server_flag<>0 less than 1000ms
SELECT count(*) from cluster_sync_update_30 result is less than 100 000 and query finished in
WHERE server_flag<>0 less than 2000ms
SELECT * FROM pg_stat_activity WHERE xact_start query returns less than 20 rows (PostgreSQL
is not null Only)
VIRTUAL MACHINES
If the YSoft SafeQ server runs as VMware virtual machine, please check also following metrics in vSphere
client:
There is no CPU or Memory limit set
YSoft SafeQ 5 2054

February 03, 2016
vSphere Client -> tab Resource Allocation -> CPU shows under Resource Settings Limit:
unlimited
vSphere Client -> tab Resource Allocation -> Memory shows under the Guest
Memory\Resource Settings Limit: unlimited
Memory Swap in and Balloon metrics are zero
vSphere Client -> tab Performance -> Advanced -> Chart options -> Memory -> Real-time ->
Counters: Balloon
vSphere Client -> tab Performance -> Advanced -> Chart options -> Memory -> Real-time ->
Counters: Swap in
CPU ready time for CPU real-time graph is less than 200ms
vSphere Client -> tab Performance -> Advanced -> Chart options -> CPU -> Real-time ->
Counters: Ready
If you do not have access to vSphere client, you can gather few useful information about host from with-in
Windows guest using VMwareToolboxCmd tool:
"C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe" help stat
ORS NEAR ROAMING HEALTH CHECK
Near Roaming group among multiple ORS servers is based on existence of Distributed Layer Cache
for the Cluster. This cluster cache is created automatically when Near Roaming group is created. The
goal of this check is to verify that all the members of Near Roaming group successfully joined cluster.
Following example shows two ORS servers in one Near Roaming group.
Please make sure you exactly follow described steps. Incorrect use of the jConsole tool may
permanently damage your YSoft SafeQ installation!
YSoft SafeQ 5 2055

February 03, 2016
Java Management Console (jConsole) is used to verify that all ORS servers joined Near Roaming group.
Please follow these steps to access mentioned tool:
1. Run following file: <ORS_dir>\bin\sqjconsole.bat

2. Once the jConsole starts, select Remote Process radio button and enter text: localhost:9999, then
press Connect.
NOTE: You might be warned about failed SSL connection. In that case, proceed with insecure
connection.
When logged in to jConsole browse to following path (see picture below):
a) select tab MBeans
b) choose category distCache\CacheManager\"DefaultCacheManager"\CacheManager\Attributes
Check following attributes:
a) CacheManagerStatus: Status must be running. This status is saying that the Cache Manager is up and
running. Other statuses then Running means that the Cache Manager is not running
b) ClusterMembers: This attribute must be showing all nodes that are part of Near Roaming Group. You
can find here host names or IP addreses.
YSoft SafeQ 5 2056

February 03, 2016
c) ClusterSize: This attribute must be showing number of ORS servers which are members of particular
Near Roaming Group. If the number is not equal to the number of ORS servers in Near Roaming Group
then Near Roaming Cluster is not complete and it is needed to find out which server is missing.
Make sure that the attributes are displayed correctly on all ORSes in Near Roaming Group
At last the log files that relates to Distributed Layer (%SAFEQ_HOME%\tomcat\logs\infinispan-server-rest.

log.0) may be analyzed in order to catch any inconvenient exception that may signal cache corruption or
general failures. If the log is clean we may now consider the ORS in Near Roaming Group as Fully
operational.
WINDOWS NETWORK LOAD BALANCING HEALTH CHECK
This Quick Health Check document is briefly describing what might be checked to ensure the
correct functionality of a SafeQ Terminal Server failover via WNLB . This document is working with
an example of two network cards that are used for WNLB. Please note that customer environment
and network infrastructure might be different.
Windows Network Load Balancing (WNLB) setup is described in Configuring WNLB Server Failover topic.
YSoft SafeQ 5 2057

February 03, 2016
Table of contents
CHECKS IN NETWORK LOAD BALANCING MANAGER

There are different types of situations that might occur:
1. WNLB CLUSTER IS UP AND RUNNING AND THE TRAFFIC FOR TERMINAL SERVER IS BALANCED AMONG THE SAFEQ TERMINAL SERVERS
This status in WNLB manager means that the traffic to the WNLB virtual IP address (in our case Terminal
Server) is load balanced.
How to test: Please try to connect to the virtual IP address of the WNLB cluster via the Internet browser at
https://<NLBvirtualIP>:5012 . You shall perform this test from all the subnets where MFPs with the
embedded terminal are located.
Expected result: Terminal Server test page has to be displayed properly and links on the test page are
functional.
Troubleshooting: If Terminal Server test page is not displayed properly, verify that YSoft SafeQ Terminal
Server service is running on all the nodes that are part of WNLB cluster. If necessary, analyze the log files.
YSoft SafeQ 5 2058

February 03, 2016
2. STOPPING YSOFT SAFEQ TERMINAL SERVER SERVICE AUTOMATICALLY UNREGISTERS NODE FROM WNLB
This status in WNLB manager means that one of the nodes is offline due to some error or due to the
maintenance reasons. For example when Terminal Server service is stopped or when the server is not
available.
How to test: Stop Terminal Server service on one of the nodes and try to connect to the virtual IP address
of the WNLB cluster via the Internet browser at https://<NLBvirtualIP>:5012
Expected result: The node where the Terminal Server service has been stopped is automatically
unregistered from WNLB as demonstrated on the picture above. It is possible to connect to the virtual IP
address of the WNLB cluster via the Internet browser at https://<NLBvirtualIP>:5012
Troubleshooting: If node is not automatically unregistered, make sure that all the changes in system
settings were applied as recommended in the Y Soft Help. Optionally see Terminal Server log files.
3. SERVER FAILURE AUTOMATICALLY UNREGISTERS NODE FROM WNLB
This status in WNLB manager means that one of the nodes is offline due to some error or due to the
maintenance reasons. For example when Terminal Server service is stopped or when the server is not
available.
How to test: Shutdown one server that is part of WNLB cluster and try to connect to the virtual IP address
of the WNLB cluster via the Internet browser at https://<NLBvirtualIP>:5012
YSoft SafeQ 5 2059

February 03, 2016
Expected result: The node which was disconnected/shut down is automatically unregistered from WNLB
as demonstrated on the picture above. It is possible to connect to the virtual IP address of the WNLB cluster
via the Internet browser at https://<NLBvirtualIP>:5012
Troubleshooting: If node is not automatically unregistered, verify the WNLB cluster configuration.
4. START OF YSOFT SAFEQ TERMINAL SERVER SERVICE AUTOMATICALLY REGISTERS NODE IN THE WNLB
This status in WNLB manager means that Network Load Balancing Cluster is Down and Terminal Server
does not accept any connections (i.g. both Terminal Servers are Offline).
How to test:
Stop Terminal Server service at least on one of the nodes to get a stopped state in WNLB manager
Start Terminal Server service on the node which is showing Stopped state in WNLB manager.
Expected result: In about one-two minutes the node that was unregistered from WNLB shall be registered
again and it shall be in Converged state.
Troubleshooting: If node is not automatically registered, make sure that all the changes in system settings
were applied as recommended in the Y Soft Help. Make sure that Terminal Server has established
connection with the CML service. Optionally see Terminal Server log files.
YSOFT SAFEQ CML HEALTH CHECK
BASIC HEALTH CHECK

This document is intended to help administrator check status of CML components.
YSOFT SAFEQ CML SERVICES
Check that following services are running on all the nodes that are members of YSoft SafeQ Cluster:
YSoft SafeQ CML

YSoft SafeQ CML DBS (only if SafeQ Cluster is installed)
YSoft SafeQ LDAP Replicator Service (only if LDAP connection is required)
YSoft SafeQ Terminal Server (only if Terminal Server is installed)
YSoft SafeQ 5 2060

February 03, 2016

Database server (YSoft PostgreSQL or MSSQL)
INTERNAL SAFEQ CML SERVICES
Check that following internal services are running on all the nodes which are members of YSoft SafeQ
Cluster. Status for all the internal services can be found in the YSoft SafeQ Web interface in section System
Information (please see attached screenshot)

Server Terminal UDP Identificator
Enterprise Server Balance
Communicator
Enterprise Server Synchronization
DATABASE SYNCHRONIZATION
Note: this topic applies to cluster installation only
It is needed to check that the records are correctly replicated between databases in YSoft SafeQ Cluster.
Checks must be done on all the nodes of the YSoft SafeQ Cluster.
Please see System information section on SafeQ web interface. The database replication pool should not
show high numbers (hundreds or thousands) related to replication of High/Medium/Low priority records. The
numbers in these columns should increase and decrease in a short time period.
Please see below example screenshots showing the number of records that needs to be replicated from
TEST-CML1 node to TEST-CML2.
To see the number of records waiting for the nodes nodes use the View function in the top of the System
information section. Please note that you should do these checks on all the nodes web interfaces.
YSoft SafeQ 5 2061

February 03, 2016
How to test: Create new user on first CML node web interface.
Expected result: Verify on second CML node that same user is displayed on web interface.
SPOOLER
SafeQ spooler is by default located under path <SafeQ_dir>\server\spool.
Check that jobs are deleted accordingly to SafeQ settings from the spooler folder.
Check that there is enough free space on the spooler hard-drive (more than 10GB on all partitions
used by SafeQ)
Follow these checks on all the Ysoft SafeQ Servers in Cluster.
Note: Favorite jobs remain in spooler folder until removed by user. Favorite jobs are stored separately from
other print jobs.
DATABASE INTEGRITY
Check the Database integrity widget for any duplicate entries in the system.
YSOFT SAFEQ CRS HEALTH CHECK
BASIC HEALTH CHECKS

This document is intended to help administrator check status of CRS component.
Because of the nature of CRS function, the data is processed during off-hours. Therefore it is
necessary that CRS is running at least for a day (depends on current setting) before performing
this health check.
YSOFT SAFEQ ORS SERVICES
Check that following service is running on YSoft SafeQ CRS Server:
YSoft SafeQ CRS
YSoft SafeQ 5 2062

February 03, 2016
CML SENDING DATA TO CRS
Please check that CML server is successfully sending data to CRS server. This can be done on YSoft
SafeQ CML Web interface. See picture below how to check sending status. Possible error column shall be
without any error.
COMPARE CML WEB REPORTS WITH MS SQL REPORTING SERVICES ON CRS SERVER
It is required Web reports are enabled and MS SQL Reporting services are installed on CRS server.
Verify that both CML and CRS report same figures for previous day.
How to compare:
Open YSoft SafeQ CML web interface. Navigate to Reports > Web reports. Select Standard report
and date range for previous day. See Using Web reports for more information about Web reports.
Open in web browser <SafeQ_CRS>\Reports and enter admin credentials when requested. Navigate
to SafeQ Reports > Full - Base report. Select date range for previous day. See Working with YSoft
SafeQ CRS reports for more information about CRS reports.
Compare figures in both reports
VERIFY DATA AND CUBE PROCESSING
Verify that CRS processed all data correctly from the log.
YSoft SafeQ 5 2063

February 03, 2016
YSoft SafeQ CRS log is by default located in <SafeQ_CRS>\logs\crs.log. Filter out CSDManagerCRS. All
records must be without any warning and DTExec must finish successfuly:
2013 - 10 - 30 10 : 58 : 03 , 489 DEBUG mpleThreadPoolWorker- 1 | CSDManagerCRS| Running CSD

optimization (Cluster status: )
2013 - 10 - 30 10 : 58 : 03 , 492 INFO mpleThreadPoolWorker- 1 | CSDManagerCRS| Obtaining
CDC Lock to generate statistics data...
2013 - 10 - 30 10 : 58 : 03 , 493 INFO mpleThreadPoolWorker- 1 | CSDManagerCRS| CDC Lock
obtained correctly
optimization query # 1 [spu_backup_db]
2013 - 10 - 30 10 : 58 : 03 , 570 DEBUG mpleThreadPoolWorker- 1 | CSDManagerCRS| CSD
Optimization query # 1 : 26ms.
optimization query # 2 [spu_add_new_partitions_year]
optimization query # 3 [csd_add_stats]
optimization query # 4 [prepare_stats]
2013 - 10 - 30 10 : 59 : 06 , 717 INFO mpleThreadPoolWorker- 1 | CSDManagerCRS| Running CSD
optimization query # 5 [build cube]
optimization (Cluster status: )
2013 - 10 - 30 11 : 02 : 00 , 030 INFO mpleThreadPoolWorker- 2 | CSDManagerCRS| Obtaining
CDC Lock to generate statistics data...
2013 - 10 - 30 11 : 02 : 00 , 030 WARN mpleThreadPoolWorker- 2 | CSDManagerCRS| Cannot
obtain CDC Lock to generate statistics data!
2013 - 10 - 30 11 : 02 : 00 , 030 DEBUG mpleThreadPoolWorker- 2 | CSDManagerCRS| CSD (MSSQL)
optimization DONE in 25
2013 - 10 - 30 11 : 02 : 13 , 858 DEBUG Thread- 2 | CSDManagerCRS| Microsoft (R) SQL Server
Execute Package Utility
2013 - 10 - 30 11 : 02 : 13 , 859 DEBUG Thread- 2 | CSDManagerCRS| Version 10.50 . 4000.0
for 64 -bit
2013 - 10 - 30 11 : 02 : 13 , 859 DEBUG Thread- 2 | CSDManagerCRS| Copyright (C) Microsoft
Corporation 2010 . All rights reserved.
2013 - 10 - 30 11 : 02 : 13 , 859 DEBUG Thread- 2 | CSDManagerCRS|
2013 - 10 - 30 11 : 02 : 13 , 859 DEBUG Thread- 2 | CSDManagerCRS| Started: 10 : 59 : 06
2013 - 10 - 30 11 : 02 : 13 , 859 DEBUG Thread- 2 | CSDManagerCRS| DTExec: The package
execution returned DTSER_SUCCESS ( 0 ).
2013 - 10 - 30 11 : 02 : 13 , 859 DEBUG Thread- 2 | CSDManagerCRS| Started: 10 : 59 : 06
2013 - 10 - 30 11 : 02 : 13 , 859 DEBUG Thread- 2 | CSDManagerCRS| Finished: 11 : 02 : 13
2013 - 10 - 30 11 : 02 : 13 , 859 DEBUG Thread- 2 | CSDManagerCRS| Elapsed: 186.826 seconds
2013 - 10 - 30 11 : 02 : 14 , 069 INFO mpleThreadPoolWorker- 1 | CSDManagerCRS| Command
succeeded [command= "dtexec.exe" /SQL "\PackageBuildCubeSafeq" /MAXCONCURRENT " -1 "
/CHECKPOINTING OFF /REPORTING E]
2013 - 10 - 30 11 : 02 : 14 , 069 INFO mpleThreadPoolWorker- 1 | CSDManagerCRS| CSD
optimization query # 6 [spu_del_old_cdc_year]
YSoft SafeQ 5 2064

February 03, 2016

optimization query # 7 [spu_del_old_partitions_year]
2013 - 10 - 30 11 : 02 : 15 , 995 DEBUG mpleThreadPoolWorker- 1 | CSDManagerCRS| CSD (MSSQL)
optimization DONE in 252574
YSOFT SAFEQ ORS HEALTH CHECK
BASIC HEALTH CHECKS

This document is intended to help administrator check status of ORS components.
YSOFT SAFEQ ORS SERVICES
Check that following services are running on YSoft SafeQ ORS Server:
YSoft SafeQ ORS

ORS CONNECTION STATUS ON CML WEB
Please check that ORS server is successfully connected to all YSoft SafeQ CML servers in the cluster and
that all services are reporting correct status. This can be done on YSoft SafeQ CML Web interface. Refer to
Viewing ORS status information for detailed instructions.
OFFLINE REMOTE SPOOLER DATA REPLICATION TO CML SERVER
Verify that ORS server is reporting all its data to YSoft SafeQ CML server(s).
How to test:
Send a job to YSoft SafeQ ORS server and check that job is visible in Job list on YSoft SafeQ CML
web interface with status Accepted. (Please note that data are synchronized once per minute.)
Release the job sent in previous step on any of the devices connected to YSoft SafeQ ORS server
and check whether Job List on YSoft SafeQ CML server is updated with accounting information.
Check that Terminal accesses are updated on Web interface of YSoft SafeQ CML server after
releasing the job from previous step.
SPOOLER
YSoft SafeQ spooler is by default located under path <SafeQORS>\server\spool.
Check that jobs are deleted accordingly to YSoft SafeQ settings from the Spooler folder.
Check that there is enough free space on the Spooler HDD ( more than 10GB on all partitions used
by YSoft SafeQ )
Note: Favorite jobs are remaining in spooler folder until removed by user. Favorite jobs are stored
separately from other print jobs in spooler folder.
RESTARTING ORS SERVICES IN NEAR ROAMING GROUP
Below procedures map service restart scenarios and shall be used for all maintenance procedures for Near
Roaming Group (NRG) members. Standalone ORS servers can be restarted at will.
YSoft SafeQ 5 2065

February 03, 2016
RESPONDING TO UNATTENDED ORS SERVER REBOOT
We suggest to reboot one server at a time. You should wait several minutes (up to 15 minutes)
between each restart. No action needed in such case.
If there is a need to reboot more than one server at the same time, follow Whole NRG cluster
restart.
RESTARTING SINGLE ORS
Only one server can be going through the procedure below. Once completed, another server can be
restarted. It is not recommended to restart 2 or more ORS servers at the same time. Should that be
required, proceed with Whole NRG cluster restart.
1. Stop all three ORS services in no particular order.

Never delete cache on single ORS. If that is needed, follow procedure for Whole NRG
cluster restart.
2. Start service YSoft SafeQ ORS.
3. Do not start YSoft SafeQ ORS Web Service manually, proceed to next step. YSoft SafeQ ORS Web
Service is started automatically.
4. Start service YSoft SafeQ Terminal Server.
5. Open ors.log located in SafeQORS\logs and wait until all data (users, jobs, devices, queues,
terminals,... ) are downloaded.
In case orsFailoverLockManager property is enabled and appropriate license with " ORS
failover and load balancing" feature is used , search for Download entities finished
from other ORSes in NRG. Note: This can take up to 15 minutes, depending on number
of users and jobs.
In case license without " ORS failover and load balancing" is used, search for End of
processing of GetNewJobsByUsersResponseMessage. Note: Message appears in ors.
log approximately after time defined in refreshRoamingJobCronRule property.
6. At this point the ORS is fully operational. ORS should be excluded from authentication until this
step.
7. Proceed as described below in section Verification that NRG is properly established.
WHOLE NRG CLUSTER RESTART

Whole NRG cluster restart means that all ORS servers in that NRG are restarted. The procedure is as
follows:
1. On each server in the NRG stop all three ORS services in no particular order.
Optional: delete cache on all ORS servers.
You can proceed with the following steps on each ORS at the same time. They can be starting up
in parallel.
2. Start service YSoft SafeQ ORS.
3. Do not start YSoft SafeQ ORS Web Service manually, proceed to next step. YSoft SafeQ ORS Web
Service is started automatically.
4. Start service YSoft SafeQ Terminal Server.
terminals,... ) are downloaded from distributed layer.
YSoft SafeQ 5 2066

5.
February 03, 2016
of users and jobs.
6. At this point the ORS is fully operational. ORS should be excluded from authentication until this
step.
After all ORS servers are started, proceed as described below in section Verification that NRG is properly
established.
SPECIAL CASES
Executed upon request from YSoft CSS.
ORS SERVICE ONLY RESTART
ORS service restart means that you restart only service YSoft SafeQ ORS without restarting YSoft SafeQ
ORS Web or Terminal Server.
1. Restart service YSoft SafeQ ORS.

terminals,... ) are downloaded from distributed layer.
of users and jobs.
3. Proceed as described below in section Verification that NRG is properly established.
SINGLE ORS RESTART WITH CACHE DELETION
Never delete cache on single ORS. If that is needed, follow procedure for whole NRG cluster restart.
VERIFICATION THAT NRG IS PROPERLY ESTABLISHED

Repeat the procedure for each ORS server in the NRG:
1. Connect to any ORS server in NRG

2. Go to directory c:\SafeQORS\bin and start file sqjconsole.bat
3.
YSoft SafeQ 5 2067

February 03, 2016
3. To tab Remote Process: enter <ORS_IP>:9999
4. When jConsole connects to ORS Web service go to tab MBeans

5. In menu navigate to distCache / CacheManager / "DefaultCacheManager" / CacheManager /
Attributes
6. Verify that value of attribute clusterSize corresponds to number of members in NRG
YSoft SafeQ 5 2068

February 03, 2016
4.17 SERVER MAINTENANCE
This section deals with regular recommended maintenance of SafeQ.

Included chapters are:
ORS cache recovery guide

SafeQ configuration files - CRONTRIGGER Settings
YSoft SafeQ configuration files
YSoft SafeQ log Files
YSoft SafeQ services
4.17.1 ORS CACHE RECOVERY GUIDE
SafeQ 5 supports recovery of ORS cache after it's deletion. This greatly simplifies upgrade process to
newer versions. In case of cache deletion, ORS will trigger cache recovery process during startup, and all
job-related data lost due to deletion will be re-downloaded from CML again. This document describes
procedure how to use cache recovery (further referenced as "CR") mechanism in production environments.
YSoft SafeQ 5 2069

February 03, 2016
ORS cache recovery cannot be used to restore data which are unknown to the CML (e.g. statistics which
were not yet synchronized to the CML) and job-related data for print jobs with status DELETED..
CONTENTS

How to run recovery
HW configuration
Spooler deletion
HOW TO ENABLE CACHE RECOVERY DURING UPGRADE
By default, CR is enabled. CR will be automatically run when upgrading ORS to newer version. This
behavior is ensured by property orsCacheRecovery=true in system settings of SafeQ CML interface (this
requires deleting of ORS cache after update which is assured by deleteCacheAfterUpdate=1 from file
safeq-ors.ini).
By default, both these properties are enabled.
PLEASE NOTE:
Before you choose to upgrade ORS using cache recovery, make sure that CML has property
orsCacheRecovery set to true. If you run ORS upgrade without upgrading CML at first, this property might
be disabled. This would cause that after the ORS upgrade the cache is deleted, but since CML has
orsCacheRecovery=false, CR would not be run. If you encounter such situation, you can proceed with
following steps:
stop ORS node services

set property orsCacheRecovery=true on CML web interface (or upgrading whole CML node)
restart CML services
restart ORS node (CR will be re-run)
CACHE RECOVERY MECHANISM OVERVIEW
CR mechanism is based on message communication between CML and ORS. CR request messages are
sent from ORS to CML, where they're processed, and data is returned back
to ORS. Keep in mind, that CR mechanism is based on transmitting ORS's job-related data from CML.
Each ORS running recovery will send multiple messages to CML as CR requests. CML will load data from
database and sends them back to ORS as response. Please note, that loading data from database
might be expensive operation. If several ORS nodes are running recovery simultaneously, they might
YSoft SafeQ 5 2070

February 03, 2016
overload CML node. We introduced mechanism for loadbalancing CR

requests on CML, but in case the only one node in the CML cluster is active and hunderds of ORSes are
connected, running a CR might still lead to poor performance of CML.
HOW TO RUN RECOVERY

When performance is concerned, many things must be taken into consideration. One of the most important
one is number of jobs being recovered and number of ORSs connected to CML.
In productions with hundreds of ORS per single CML, CR should not be run "at once". Instead, CR for
ORSs should be split into batches containing ~200 ORS.
In case of upgrading 600 ORSs, administrators should run CR for 200 ORS at first, and once CR is done,
proceed to next 200 ORSs and so on.
This process should ensure, that CML won't get overloaded and it will be still able to handle other requests
during recovery.
(You can see whether CR phase is done by monitoring CPU/hdd activity on CML)
PERFORMANCE ASPECTS TO CONSIDER
Following aspect directly influence CR performance
NUMBER OF JOBS PER ORS

Number of jobs which are being recovered is important aspect of CR. All job-related metadata (lost during
cache deletion, or possibly by upgrade) will be downloaded from CML to ORS.
According to number of jobs, amount of transferred metadata differs in size and might affect overall duration
of CR. We also need to take in consideration time and resources needed
for loading metadata from database, which is slowest element in whole CR process.
HW CONFIGURATION
HW setup is important mainly from DB(hdd/ssd) and CPU speed. Handling several hundreds of CR
messages on CML side utilizes CPU, while loading CR metadata from DB utilizes HDD/SSD.
Performance of these elements must be taken into consideration.
NUMBER OF ORSS PER CML

Number of ORSs connected to CML is related to overall performance of CML during CR. More ORSs
requesting recovery will consume more resources on CML side. Sudden onslaught of hundreds
of ORSs on single CML node might overload that node, and it would become unresponsive. This scenario
should be avoided as described in section 3) How to run recovery.
Please note, that even that we have load balancing on CML, it would not be able to serve such amount of
sudden CR requests, and load would not be balanced out among other nodes.
CML CLUSTER VS SINGLE NODE

In case of running CR in single CML node environment, extra precaution should be taken. CR (or upgrading
of ORS nodes) should always be run sequentially, and not at once on all ORS nodes!
SPOOLER DELETION
In case of ORS spooler deletion, all jobs belonging to this ORS will be marked on CML as DELETED. This
adds additional overhead to CML node, since it'll need to update database records
for these jobs. This operation might be time consuming and must be taken into account when running CR.
(if spoolers are deleted, number of ORSs in single CR batch should be further decreased)
YSoft SafeQ 5 2071

February 03, 2016
WHEN TO RUN CACHE RECOVERY

Since CR consumes high amount of resources, it's not recommended to run CR during high-traffic period.
Please note, that ORS needs some time to replicate metadata of received jobs to CML. Only after this step
is done, job metadata becomes available for CR. If ORS node is shut down immediately after job is
received, it's highly probable, that ORS-generated metadata will not be transmitted to CML, and CR
mechanism will remove it from ORS spooler.
POSSIBLE PROBLEMS AND CONSEQUENCES
In case of CML getting "frozen" during CR process, it's recommended to wait until it becomes responsive
again. If you get into such situation, CML is not able to handle such thrust from ORS
nodes. You need to decrease number of ORSs being recovered/upgraded. YOU ALSO NEED TO DELETE
CACHES ON THESE ORS NODES. This will trigger CR process from scratch once you start these nodes.
CR process is safe in context of repetition. At any time during CR process, data are consistent between
ORS and CML.
4.17.2 SAFEQ CONFIGURATION FILES - CRONTRIGGER SETTINGS
ABOUT CRONTRIGGERS
There is a standard CRONTAB convention to set the times for CML/ORS synchronization. CRON is a
UNIX tool that has been around for a long time, so its scheduling capabilities are powerful and proven. The
CronTrigger class is based on the scheduling capabilities of Cron.
CronTrigger uses "Cron expressions", which are able to create triggering schedules such as: "At 8:00am
every Monday through Friday" or "At 1:30am every last Friday of the month".
Cron expressions are powerful, but can be confusing. The information in this section aims to help solve
some of the mysteries of creating a cron expression.
FORMAT
A cron expression is a string comprising 6 or 7 fields separated by white space. Fields can contain any of
the allowed values, along with various combinations of the allowed special characters for that field. The
fields are as follows:
Field Name Mandatory Allowed Values Allowed Special Characters
Seconds YES 0-59 ,-*/
Minutes YES 0-59 ,-*/
Hours YES 0-23 ,-*/
Day of month YES 1-31 ,-*?/LW
Month YES 1-12 or JAN-DEC ,-*/
Day of week YES 1-7 or SUN-SAT ,-*?/L#
Year NO Empty or 1970- ,-*/

2099
YSoft SafeQ 5 2072

February 03, 2016
So, cron expressions can be as simple as this: * * * * ? *

or more complex, like this: 0/5 14,18,3-39,52 * ? JAN,MAR,SEP MON-FRI 2002-2010
YSoft SafeQ 5 2073

February 03, 2016
SPECIAL CHARACTERS
* ("ALL VALUES") used to select all values within a field. For example, "*" in the minute field means
"EVERY MINUTE".
? ("NO SPECIFIC VALUE")used if you need to specify something in one of the two fields in which the
character is allowed, but not the other. For example, if you want your trigger to fire on a particular day
of the month (say, the 10th), but you do not care what day of the week that happens to be, you would
put "10" in the day-of-month field, and "?" in the day-of-week field. See the examples below for
clarification.
- used to specify ranges. For example, "10-12" in the hour field means "THE HOURS 10, 11 AND 12".
, used to specify additional values. For example, "MON,WED,FRI" in the day-of-week field means
"THE DAYS MONDAY, WEDNESDAY, AND FRIDAY".
/ used to specify increments. For example, "0/15" in the seconds field means "THE SECONDS 0, 15,
30, AND 45". And "5/15" in the seconds field means "THE SECONDS 5, 20, 35, AND 50". "1/3" in the
day-of-month field means "FIRE EVERY 3 DAYS STARTING ON THE FIRST DAY OF THE
MONTH".
L ("LAST") has a different meaning in each of the two fields in which it is allowed. For example, the
value "L" in the day-of-month field means "THE LAST DAY OF THE MONTH" – day 31 for January,
day 28 for February on non-leap years. If it is used in the day-of-week field by itself, it simply means
"7" or "SAT". But if used in the day-of-week field after another value, it means "THE LAST
PARTICULAR DAY OF THE MONTH" – for example "6L" means "THE LAST FRIDAY OF THE
MONTH". When using the "L" option, it is important not to specify lists, or ranges of values, because
you will get confusing results.
W ("WEEKDAY") used to specify the weekday (Monday-Friday) nearest the given day. For example, if
you specify "15W" as the value for the day-of-month field, the meaning is: "THE NEAREST
WEEKDAY TO THE 15TH OF THE MONTH". So if the 15th is a Saturday, the trigger will fire on
Friday the 14th. If the 15th is a Sunday, the trigger will fire on Monday the 16th. If the 15th is a
Tuesday, then it will fire on Tuesday the 15th. However, if you specify "1W" as the value for day-of-
month, and the 1st is a Saturday, the trigger will fire on Monday the 3rd, as it will not "jump over" the
boundary of a month's days. The "W" character can only be specified when the day-of-month is a
single day, not a range or list of days.
NOTE: The "L" and "W" characters can also be combined in the day-of-month field to yield
"LW", which translates to "LAST WEEKDAY OF THE MONTH".
# used to specify "the n-th" XXX day of the month. For example, the value "6#3" in the day-of-week
field means "THE THIRD FRIDAY OF THE MONTH" (day 6 = Friday and "#3" = the 3rd one in the
month). Other examples: "2#1" = the first Monday of the month and "4#5" = the fifth Wednesday of
the month. Note that if you specify "#5" and there is not 5 of the given day-of-week in the month, then
no firing will occur that month.
NOTE: The "L" and "W" characters can also be combined in the day-of-month field to yield
"LW", which translates to "LAST WEEKDAY OF THE MONTH"
NOTE: Cron triggers examples can be found: CRONTRIGGER Examples
YSoft SafeQ 5 2074

February 03, 2016
CRONTRIGGER EXAMPLES
The following table shows a few Crontriggers examples
Smallest possible granularity is "Fire every minute"
Expression Meaning
0 0 12 * * ? Fire at 12pm (noon) every day
* 0 15 10 ? * ** Fire at 10:15am every day
0 15 10 * * ? Fire at 10:15am every day
* 0 15 10 * * ? ** Fire at 10:15am every day
0 15 10 * * ? 2005 Fire at 10:15am every day during the year 2005
0 * 14 * * ? Fire every minute starting at 2pm and ending at 2:59pm, every day
0 0/5 14 * * ? Fire every 5 minutes starting at 2pm and ending at 2:55pm, every day
0 0/5 14,18 * * ? Fire every 5 minutes starting at 2pm and ending at 2:55pm, AND fire every 5
minutes starting at 6pm and ending at 6:55pm, every day
0 0-5 14 * * ? Fire every minute starting at 2pm and ending at 2:05pm, every day
0 10,44 14 ? 3 WED Fire at 2:10pm and at 2:44pm every Wednesday in the month of March.
0 15 10 ? * MON- Fire at 10:15am every Monday, Tuesday, Wednesday, Thursday and Friday
FRI
0 15 10 15 * ? Fire at 10:15am on the 15th day of every month
0 15 10 L * ? Fire at 10:15am on the last day of every month
0 15 10 ? * 6L Fire at 10:15am on the last Friday of every month
0 15 10 ? * 6L Fire at 10:15am on the last Friday of every month
0 15 10 ? * 6L Fire at 10:15am on every last Friday of every month during the years 2002,
2002-2005 2003, 2004 and 2005
0 15 10 ? * 6#3 Fire at 10:15am on the third Friday of every month
0 0 12 1/5 * ? Fire at 12pm (noon) every 5 days every month, starting on the first day of the
month.
Source: http://quartz-scheduler.org/generated/2.2.1/html/qs-all/#page
/Quartz_Scheduler_Documentation_Set%2Fco-trg_crontriggers.html
YSoft SafeQ 5 2075

February 03, 2016
4.17.3 YSOFT SAFEQ CONFIGURATION FILES
ABOUT
This page describes basic information about configuration files of YSoft SafeQ
Unlike previous versions, YSoft SafeQ 5 does not include file system-based configuration. All user
/administrator configurable options are stored in the YSoft SafeQ database and configurable only
via the YSoft SafeQ Web Interface (see System Settings page).
The SafeQ home directory still includes a conf folder, but available configuration options are very limited
and are focused on low-level system configuration instead of user options.
Configuration options:
Configuration options are stored in the CML database and are synchronized with other system
components.
Each configuration option includes description, internal name, default value, and distribution
flags (if the options will be distributed to another CML server, to an ORS, or to Terminal Server).
Terminal Server always loads the configuration from the central YSoft SafeQ CML server
immediately after startup.
The ORS downloads the current configuration from the CML after connection and caches the data
into a persistent disk cache.
Several configuration options (especially Advanced and Expert) require restart of individual
components.
CML CONFIGURATION FILES
Unlike previous versions, YSoft SafeQ 5 does not include file system-based configuration. All user
/administrator configurable options are stored in the YSoft SafeQ database and configurable only
via the YSoft SafeQ Web Interface (see System Settings page).
Location and Name Description
<SAFEQ_DIR>\conf\cmldb.conf Contains database connection information
<SAFEQ_DIR>\conf\cmldb-cluster. Contains database connection information for sync user

conf
<SAFEQ_DIR>\conf\cmldb-sqdw. Contains database connection information for datawarehouse

conf
<SAFEQ_DIR>\conf\startup.conf Contains the minimum configuration settings required for the

system to start up, such as disk folders, database validation, and
system IP addresses.
<SAFEQ_DIR>\conf\modules\safeQ. Contains emergency firmware update configuration for hardware

fwupdate.conf terminals. Normal updates have been moved to the Terminals
page of the Web interface.
Contains Web Server start-up information.
YSoft SafeQ 5 2076

February 03, 2016
<SAFEQ_DIR>\tomcat\conf\server.
xml
<SAFEQ_DIR> Contains information necessary for Terminal Server.

\terminalserver\TerminalServer.exe.
config
<SAFEQ_DIR>\conf\update.conf Created manually for changing multiple configuration options in

DB. Configuration in update.conf can be different among nodes.
ORS CONFIGURATION FILES
<SAFEQ_DIR>\conf\modules\guid. Local GUID settings for current ORS

conf
<SAFEQ_DIR>\conf\modules\ors. ORS settings for connection to CML, spooler settings, etc.

conf
<SAFEQ_DIR>\conf\modules\safeQ. Contains emergency firmware update configuration for hardware

fwupdate.conf terminals. Normal updates have been moved to the Terminals
page of the Web interface.
<SAFEQ_DIR> Contains information necessary for Terminal Server.

\terminalserver\TerminalServer.exe.
config
Note: You can enforce local configuration in ors.conf which will supersede global configuration. To do so,
add required configuration to ors.conf and restart ORS services (e.g. to specify different card conversion
method, add and specify conversion configuration property)
CRS CONFIGURATION FILES
<SAFEQ_DIR>\conf\modules\crs.conf CRS settings
<SAFEQ_DIR>\conf\crsdb.conf Contains database connection

information
4.17.4 YSOFT SAFEQ LOG FILES
ABOUT
This page describes basic information about log files and where can be found.
CML LOG FILES

The most important CML log files are:
YSoft SafeQ 5 2077

February 03, 2016
Log file Purpose
<SAFEQ_HOME>\logs\cml.log The main CML log containing the auditing and

debugging information
<SAFEQ_HOME>\logs\cml_stdout.log Application startup and exit log; contains all un-

handled messages and thread stack traces
<SAFEQ_HOME>\logs\cmlweb.log Main Web interface audit and debug log. Contains

all un-handled messages and thread stack traces.
<SAFEQ_HOME>\logs\cmlweb-audit-log.log Main Web interface audit log. Contains all audit

log messages.
<SAFEQ_HOME>\logs\LDAPReplicator_stdout.log Complete log of all replications and integration log

for LDAP.
<SAFEQ_HOME>\logs\cml_version.log History of SafeQ versions and dates when YSoft

SafeQ CML service was started/stopped.
<SAFEQ_HOME>\logs\cmldbs_stdout.log History of SafeQ versions and dates when YSoft

SafeQ CML DBS service was started/stopped.
<SAFEQ_HOME>\terminalserver\logs\terminalserver. The main Terminal Server log containing

log communication and auditing information.
Communication between YSoft SafeQ and YSoft
Embedded terminal can be found here.
<SAFEQ_HOME>\terminalserver\YSoft.DS. Registration of requests of browser-based

Terminal\logs\lightweight.log embedded terminals.
ORS LOG FILES
The most important ORS log files are:
Log file Purpose
<SAFEQ_HOME>\logs\ors.log Main application audit and debug log.
<SAFEQ_HOME>\logs\ors_stdout.log Application startup and exit log; contains all un-

handled messages and thread stack traces.
<SAFEQ_HOME>\logs\ors_lifecycle.log Information about ORS startup; transition from ON-

LINE to OFF-LINE and vice versa.
<SAFEQ_HOME>\logs\ors_version.log Current YSoft SafeQ ORS version and build.
<SAFEQ_HOME>\logs\orsweb.log Web interface standard output log; contains all un-

handled messages and thread stack traces.
<SAFEQ_HOME>\terminalserver\logs\terminalserver. Main communication and audit log for Terminal

log Server. Communication between SafeQ and
Embedded terminal can be found here.
YSoft SafeQ 5 2078

February 03, 2016
Log file Purpose
<SAFEQ_HOME>\terminalserver\YSoft.DS. Registration of requests of browser-based

Terminal\logs\lightweight.log embedded terminals.
CRS LOG FILES
The most important CRS log files are:
Log file Purpose
<SAFEQ_HOME>\logs\crs.log Main application audit and debug log for CRS server.
<SAFEQ_HOME>\logs\ors_stdout. CRS startup and exit log; contains all un-handled messages and
log thread stack traces.
<SAFEQ_HOME>\logs\crs_version. Current YSoft SafeQ CRS version and build.

log
PAYMENT SYSTEM LOG FILES
The most important Payment system log files are:
Log file Purpose
<PAYMENT_HOME>\logs\cashdesk.log Cashdesk logs
<PAYMENT_HOME>\logs\payment- Payment system logs

system.log
<PAYMENT_HOME>\logs\catalina.log Tomcat logs
<PAYMENT_HOME>\logs\payment- Periodically updated performance statistics of all monitored

system-performance_period.log areas (updated every 15 minutes)
<PAYMENT_HOME>\logs\payment- Correlated performance statistics (updated every 12 hours)

system-performance_total.log
YSOFT SAFEQ 5 - TOMCAT LOGGING CONFIGURATION
USING PROCRUN TO LOG
This option is disabled by default. Tomcat generates log information into cmlweb.log file which
should contain all logging infomration produced by Tomcat server.
It is possible to configure Procrun wrapper of Tomcat to generate additional logging files.
YSoft SafeQ 5 2079

February 03, 2016
In order to manage Procrun execute following command in <SafeQ_dir>\tomcat\bin directory:
tomcat7w.exe //ES//YSoftWeb
Configuration dialog will appear. It is possible to change logging options in Logging tab.
It is possible to redirect Stdout and Sdterror to file. You can either select specific path to file where to store
log or insert "auto".
When you set it to specific file, then this file will be overwritten by every restart of Tomcat and it's size is not
restricted. It is not recommended for long running services.
When you set it to "auto", then Tomcat will create log files with time stamp. This is better approach, because
logs won't lost after restart of service, but administrator must take care of deleting too old log files.
This setting is overwritten by SafeQ installer. If you upgrade SafeQ then this setting will be lost.
Further information about Procrun: http://commons.apache.org/daemon/procrun.html
YSoft SafeQ 5 2080

February 03, 2016
TROUBLESHOOTING ACCORDING TO LOG FILES
COMMUNICATION CML WITH ORS

Error: Unable to get deserializer!
In case that this error message will appear in CML/ORS logfile please check if all CMLs and ORSs has the
same version (mainly of Communicator version) - it can be caused by old version of CML/ORS.
Invalid checksum of incoming message

In case that this error message will appear in logfile it means that Communicator of CML/ORS received
malformed message (checksum or message payload was modified between sender and receiver)
4.17.5 YSOFT SAFEQ SERVICES
ABOUT
This page describes YSoft SafeQ services that are installed automatically after safeq installation:
CML SERVICES
Service Display name Service Name Service description
YSoft SafeQ CML YSoftSafeQCML Main SafeQ Server service for

Central Server
YSoft SafeQ CML DBS YSoftSafeQCMLDBS Cluster Database Sync service
YSoft PostgreSQL 9.2 embedded YSQpostgres* Internal DB Service*

database*
YSoft SafeQ Terminal Server YSoftSafeQTerminalServer Terminal Server Service (embedded

devices support)
YSoft SafeQ LDAP Replicator YSoftSafeQLDAPReplicator LDAP Integration Service service

Service
YSoft SafeQ Web Interface YSoftWeb Web Interface (via Tomcat)
*Available only if installed with embedded postgre DB.
ORS SERVICES
Service Display name Service Name Service description
YSoft SafeQ ORS YSoftSafeQORS Main SafeQ Server service for Remote
Spooler
YSoft SafeQ ORS web YSoftWeb ORS Web service for client and webdav
service
YSoft SafeQ Terminal YSoftSafeQTerminalServer Terminal Server Service (embedded devices

Server support)
YSoft SafeQ 5 2081

February 03, 2016
CRS SERVICE
Service Display Service Name Service description

name
YSoft SafeQ CRS YSoftSafeQCRS Main SafeQ CRS server

service
PAYMENT SYSTEM SERVICE
Service Display Service Name Service description

name
YSoft Payment YSoftPaymentSystem Main YSoft Payment system

System service
YSoft SafeQ 5 2082

February 03, 2016
5 USER GUIDES
Quick Start Guide for End Users

Using Mobile Print Server
Using AirPrint
Using Delegation Print (VIP shared queues)
Using SafeQ Client
Using SafeQ Client on Windows workstation
Using SafeQ Client on MacOS 2.x workstation
Using SafeQ Client 4.x on MacOS workstation
Selecting billing codes in SafeQ Client
Using SafeQ Client 4.x on Linux workstation
User Guides - Terminals
Using YSoft SafeQ Embedded Terminal for Xerox (EIP)
Using YSoft SafeQ Embedded Terminal for Konica Minolta (OpenAPI)
Using YSoft SafeQ Embedded Terminal for Ricoh (ESA)
Using YSoft SafeQ Embedded Terminal for Fuji Xerox Apeos
Using YSoft SafeQ Embedded Terminal for Fuji Xerox with XCP
Using YSoft SafeQ Embedded Terminal for Sharp (OSA)
Using YSoft Payment Machine
Using YSoft SafeQ Embedded Terminal for Toshiba
Using YSoft SafeQ Embedded Terminal for OKI
Using YSoft SafeQ Embedded Terminal for Lexmark
Using YSoft SafeQ Embedded Terminal for Samsung
Using YSoft SafeQ Embedded Terminal for HP
5.1 QUICK START GUIDE FOR END USERS
You can use YSoft SafeQ on your computer to view and manage your print jobs, define your default billing
code and other tasks.
YSoft SafeQ 5 2083

February 03, 2016
5.1.1 LOGGING INTO YSOFT SAFEQ
1 Click the YSoft SafeQ shortcut on your desktop or, in your browser, enter the YSoft SafeQ
address provided to you by your system administrator.
2 If necessary, change the YSoft SafeQ language by clicking one of the flag icons.
Enter the user name and password provided to you by your system administrator; then click Lo
g in.
YSoft SafeQ 5 2084

February 03, 2016
5.1.2 LOGGING OUT OF YSOFT SAFEQ
Click Log out.
5.1.3 USING YOUR PRINT JOB LIST
You can use the Job list to view your print jobs, select jobs to print, cancel jobs, resubmit jobs to print, and
see detailed information about the jobs' progress.
YSoft SafeQ 5 2085

February 03, 2016
DISPLAYING THE JOB LIST
Click Reports > Job list
SEARCHING FOR AND DISPLAYING SPECIFIC JOBS
On the Job list page, use the filters to search for the job you need:
Date from – Start date and time (in 24-hour format).

Date to – End date and time (in 24-hour format).
Device group – Limit the search to a particular group of printers.
User/cost Center – Limit the search to a particular user or cost center.
Device – Limit the search to a specific printer.
Queue – Limit the search to a specific queue.
YSoft SafeQ 5 2086

February 03, 2016
SEARCHING FOR/DISPLAYING JOBS ACCORDING TO JOB STATUS
To search for and display jobs that have a specific status, click .
Select one or more of the following job statuses:
Printing – The job is being sent to the printer or is being printed. You can display detailed information
about the job process. Typically, the job is in a state of sending data, waiting for printing to start,
waiting for printing completion, or waiting for accounting.
Pending – The job is ready to be printed. It may be waiting for other jobs to print first or waiting for the
printer's status to be "Ready."
Accepted – YSoft SafeQ accepted the job, added it to the secured queue, and is waiting for you to log
in at a printer and print the job.
Printed – The job was successfully delivered to the printer and accounted for.
Local print – The job was sent to a local printer.
Scan – YSoft SafeQ has recorded and accounted for the job as a scan.
Copied – YSoft SafeQ has recorded and accounted for the job as a copy.
Requeued – The job was queued to be printed again.
Cancelled – You or another authorized user cancelled the job (for instance, by selecting "delete" at a
terminal).
Cancelled at start – YSoft SafeQ cancelled the job when the print server restarted.
Rejected – YSoft SafeQ denied the printing because you had insufficient credit or access rights.
Check your available credit or contact your system administrator.
Printer error – The printer did not receive the job or an error occurred during printing (usually an exact
reason for the error is given).
YSoft SafeQ 5 2087

February 03, 2016
Spooler error – The job did not print because of a problem with the print server. Contact your system
administrator.
Security violation – The job did not print because YSoft SafeQ detected an unauthorized modification
to the job. Contact your system administrator.
Deleted – The job has been deleted. If you want to print the job, re-submit it.
Batch accounting – The job is a part of a batch of jobs to be printed.
Non-SafeQ copy/print – The job was not a YSoft SafeQ job.
YSoft SafeQ 5 2088

February 03, 2016
VIEWING, CANCELING, AND MARKING JOBS AS FAVORITES
The Job list includes Views and Actions options.
To change what the Job list page displays, click , then select the option you
want. To display all your jobs, select My jobs or Job list. To display only your jobs that have
not yet been printed or only your favorite jobs, select those options.
For the jobs you displayed, select what you would like to do:
1. For each job you want to cancel, mark as a favorite, etc., check the box next to the job.
2. Click .
3. Select the option you want.
YSoft SafeQ 5 2089

February 03, 2016
4. You can refresh the window by clicking .
VIEWING DETAILED INFORMATION ABOUT JOBS; REQUEUEING, PREVIEWING OR DELETING JOBS
Click these icons to work with jobs:
Icon Name Availability Description
Detail Always Display detailed information about the

job. (You can also double-click the job to
display detailed information.) See Using
detailed job information.
Requeue Only if the job has not been deleted and If a print failed or the job has already
is not currently being printed. been printed, requeue the job to print
again.
Preview Only if the job has not been deleted and Display a preview of the job.
/or the configuration of the YSoft SafeQ
system at your organization supports it.
Note Only if the job contains a note. Hover your mouse over this icon to see
note text.
Delete Only if the job's queue is a direct print Remove the job from the queue and
queue. cancel its planned print operation.
Checkbox Only if the job has not been deleted. Mark jobs to apply the selected action to
(cancel, add to your list of favorite jobs,
etc.)
5.1.4 CHANGING YOUR PASSWORD AND GENERATING A NEW PIN
YSoft SafeQ 5 2090

February 03, 2016
SELECTING A DEFAULT BILLING CODE (PROJECT CODE)
Note: The option to select your default billing code may be available or unavailable depending on the
way the YSoft SafeQ system has been configured.
1 Click Choose another billing code.
2 Select a billing code to use as your default.
YSoft SafeQ 5 2091

February 03, 2016
5.2 USING MOBILE PRINT SERVER
Usage
Mobile Print web interface
Display language
Login screen
Uploading of print jobs using web interface
Managing the job list
Job Information
Finishing Options and Printer selection
Guest / Anonymous printing
Guest user registration
Account management
Delete account
Switch to permanent
5.2.1 USAGE
There are two ways of use mobile device to send document to print:
A) The user can send the document to a specified email address as an email attachment. It is provided
with response message about the document processing (if document was processed completely, partially or
not at all) via email. If it was processed completely and correctly then it is queued to print.
B) The user can upload the document directly from web interface.
NOTE: To access the mobile interface, enter the URL http://SAFEQ_IP:SAFEQ_HTTP_PORT/m (for
example http://192.168.1.1:80/m). The host (IP address) and port are usually exactly the same as for
accessing the YSoft SafeQ Web Interface.
Upload of files must be supported by the device's web browser.
5.2.2 MOBILE PRINT WEB INTERFACE
Mobile Print web interface is simplified YSoft SafeQ web interface for easy management of print jobs on
mobile devices. Link with web interface address is part of confirmation email.
YSoft SafeQ 5 2092

February 03, 2016
DISPLAY LANGUAGE
The language of the Mobile Print web interface can be changed by using the select box on the login screen.
The list contains all languages that are enabled in the SafeQ administration and is hidden if no additional
languages are configured.
LOGIN SCREEN
It is authentication screen to the mobile web interface. Insert the username and password values into
appropriate fields and enter in to application by click Login.
Picture 11: Mobile print logon screen
Once you are successfully authenticated, following main screen of Mobile Print is displayed.
YSoft SafeQ 5 2093

February 03, 2016
Picture 12: Mobile print main screen
User is able to perform following actions:
Action Description
Manage User can manage his job (see chapter "Managing the job list" for more information).
Jobs
Upload new User is able to upload specific file for print. (see chapter "Uploading of print jobs using
job web interface" for more information).
Upload of files must be supported by the device's web browser.

If it is not supported, Manage Jobs is displayed instead.
UPLOADING OF PRINT JOBS USING WEB INTERFACE
User can upload file for processing by selecting browse button, browse for document which should be
processed and confirming by Upload button.
Display of the browse are may differ among internet browsers.
YSoft SafeQ 5 2094

February 03, 2016
Picture 13: List job - Upload file
After upload the file will appear in the list.
Picture14: List job - Uploaded file
YSoft SafeQ 5 2095

February 03, 2016
MANAGING THE JOB LIST
On this screen a user is able to manage his jobs waiting for print or print a job on a specific printer. Click the
job filename for selecting job to print.
Picture 15: M anage jobs
Action Description
Print All All jobs in job-list will be sent to a printer. For these jobs you can select
finishing options and specific printer (see Finishing Options and printer
Selection section for more information).
Delete all jobs All jobs in joblist will be deleted.
Click on the specific Job operations for selected job (see Job information section for more
job name information).
JOB INFORMATION
Selected job displays/accepted following information / actions.
YSoft SafeQ 5 2096

February 03, 2016
Picture 16: Job Detail
You can select from following actions:
Action Description
Select printer Select available printer and finishing options (see Finishing Options and
printer Selection section for more information).
Delete job Delete selected document.
YSoft SafeQ 5 2097

February 03, 2016
Action Description
Pages (Only in case the PS Total count of BW / Color pages for selected document.
parser is enabled*)
Preview (Only in case the PS Preview of the first page for selected document is displayed.
parser is enabled*)
FINISHING OPTIONS AND PRINTER SELECTION

Finishing options can be set and printer has to be chosen.
Picture 17: Finishing options defaults
Action Description
Duplex You can select job to be printed two-sided.
Grayscale You can select job to be printed in gray scale (In this case color job will be printed as B
/W).
Limitation: On Xerox MFPs it is not possible to force job to be printed in gray scale.
Select specific printer where the job will be released.
YSoft SafeQ 5 2098

February 03, 2016
Action Description
Printer
selection
Printer status Shows printer status. (Only in case the on-line accounting is used)
When Finishing options are set click on the printer name, the job will be printed and a following message will
be displayed.
Picture 18: Job sent to printer
Availability of direct print depends on system setting by administrator.
5.2.3 GUEST / ANONYMOUS PRINTING
Mobile Print web interface is simplified web interface for easy management of print jobs on mobile devices.
Link with web interface address is part of confirmation email.
NOTE:
if a third party payment gateway (e.g. PayPal, DIBS) is not correctly configured, Recharge
button can redirect to PageNotFound (404).
GUEST USER REGISTRATION
In case this feature is enabled, the option to register a new user is displayed as a link on the mobile
web Login screen. Continue the registration by clicking on Sign up.
YSoft SafeQ 5 2099

February 03, 2016
The registration screen is displayed. A user has to enter a username and password, optionally also an email
address can be entered.
YSoft SafeQ 5 2100

February 03, 2016
If the option to create temporary users is enabled, the registration screen is displayed with the expiration
time and the switch enables a user to choose between temporary or permanent account type.
Confirmation is displayed after successful registration. In case the money account is created as well, the
option to recharge is offered to the user.
YSoft SafeQ 5 2101

February 03, 2016
Once the user is successfully authenticated, the main screen of Mobile Print web interface is displayed.
Guest users can see a link to the Account settings page. In case the YSoft Payment System is installed with
an integrated 3rd party payment gateway, a link to the YSoft Payment System gateway integration page is
displayed as well.
ACCOUNT MANAGEMENT
The user can change his/her password, email or delete his/her account. To do any of this, the user will
have to enter the actual password for verification.
YSoft SafeQ 5 2102

February 03, 2016
DELETE ACCOUNT
When a user selects the option to delete his/her account, it is required to enter the existing password and
click on the button "Delete my account now". SafeQ will try to delete it.
If the guest user does NOT have an existing money account, the SafeQ account is deleted.
If the user has an existing money account, the further steps depend on the remaining credit balance
the account:
Negative balance - the system displays warning and asks the user to settle the debt either at a
cash desk or by recharging. A link to the payment gateway integration page will be displayed
for user convenience. On the payment gateway, the missing amount will be pre-filled.
Zero balance - the money account is deleted and then the SafeQ account as well.
YSoft SafeQ 5 2103

February 03, 2016
Positive balance - the SafeQ warns the user about money being lost and offers the option to cancel
the operation. If he/she chooses to "Delete account", money account is deleted and the SafeQ
account is deleted as well.
After the guest account is deleted, the user is logged out of the mobile web and redirected back the Login
page. Any unreleased jobs of the given user are deleted.
SWITCH TO PERMANENT
A temporary guest user can switch to permanent account in Account settings.
Confirmation is displayed to verify that the user really wants to switch from temporary to permanent
account.
YSoft SafeQ 5 2104

February 03, 2016
Once the user is switched to permanent, the user settings is inherited from the template user for permanent
accounts.
5.3 USING AIRPRINT
This chapter provides instructions for using Apple devices with YSoft SafeQ Connector for AP. Following
steps will describe how to send a print job from Mac OS X device and iDevices (iPad, iPhone).
All jobs will be sent to secure queue in YSoft SafeQ. It is also required to create user with valid credentials
(username and password) in YSoft SafeQ in order to use YSoft SafeQ Connector for AP.
YSoft SafeQ 5 2105

February 03, 2016
5.3.1 CONFIGURING DEVICES WITH MAC OS X OPERATING SYSTEM
1 Open System Preferences.
NOTE: If you do not want to add the printer and you print through "Nearby printers" then
continue with step 1 chapter Send print job....
2 Open Printers & Scanners.
YSoft SafeQ 5 2106

February 03, 2016
Click on '+', click on the printer with name set in YSoft SafeQ Connector for AP and click on the Add
button.
YSoft SafeQ 5 2107

February 03, 2016
5.3.2 SEND PRINT JOB TO SECURE QUEUE ON DEVICES WITH MAC OS X OPERATING SYSTEM
1 Print a document from any application. Use printer that was selected in previous step or use printer
with name set in YSoft SafeQ Connector for AP.
2 Enter your credentials.
Print job will be sent to secure queue in SafeQ.
Send print job to secure queue on devices with iOS operating system
1 Open the document you want to print and click on "Print" icon.
YSoft SafeQ 5 2108

February 03, 2016
2 Select the printer with name set in YSoft SafeQ Connector for AirPrint.
YSoft SafeQ 5 2109

February 03, 2016
3 Confirm the print job by clicking the "Print" button.
Print job will be sent to secure queue in SafeQ.
YSoft SafeQ 5 2110

February 03, 2016
4 If you are printing for the first time, provide required credentials.
YSoft SafeQ 5 2111

February 03, 2016
NOTE: iDevices cache credentials. Next print jobs won't require reentering
credentials.
YSoft SafeQ 5 2112

February 03, 2016
5.3.3 USE FINISHING OPTIONS
1 Open the document you want to print and click on "Print" icon.
2 If the printer is not selected automatically, select the printer with name set in YSoft SafeQ Connector
for AirPrint.
3 Tap the "Options" row and select desired finishing options.
The supported finishing options are:
Copies
Single-sided / double-sided
Color / Black & White
YSoft SafeQ 5 2113

February 03, 2016
5.4 USING DELEGATION PRINT (VIP SHARED QUEUES)
YSoft SafeQ 5 2114

February 03, 2016
5.4.1 SELECTING PRIVATE PRINT OR SHARED PRINT
1 After you submit a print job, the VIP shared queues page appears. Note: This feature may not be
available, it depends on way how your YSoft SafeQ system is configured.
Now you can:
1. Click Private Print to print to a private, unshared (secure) queue. These print jobs won't be
available to other users.
2. Click Shared Print to print to a shared queue. Your print job will be available to members of
the shared queue.
Note: When you don't have a shared queue already created, the queue should be
automatically created.
3. Click Select people to define which users will have access to your VIP Shared queue. You'll
be redirected to application where you can delegate persons with privilege to print your shared
print jobs.
You have to enter your login and password to manage the queue.
Note: Select people might not be available for you. In that case administrators can provide
you with web link where you can manage your shared queue.
YSoft SafeQ 5 2115

February 03, 2016
2 Now you or delegate persons can authenticate at the terminal on the printer and print the print job.
YSoft SafeQ 5 2116

February 03, 2016
5.4.2 VIEWING INFORMATION ABOUT JOBS SUBMITTED TO DELEGATION PRINT (VIP SHARED
QUEUES) - ADMINISTRATORS ONLY
1 NOTE: Only administrators can use this feature.
On the Reports > Job list page, double click to one print job and navigate to an Information tab.
The name of the shared queue is shown in the Assigned to queue field.
2 The YSoft SafeQ Web Interface also displays information about shared queues on the Devices >
Shared queues page. For more details see: Shared Queues.
5.5 USING SAFEQ CLIENT
Using SafeQ Client on Windows workstation

Using SafeQ Client on MacOS 2.x workstation
Using SafeQ Client 4.x on MacOS workstation
Selecting billing codes in SafeQ Client
YSoft SafeQ 5 2117

February 03, 2016
Using SafeQ Client 4.x on Linux workstation
5.5.1 USING SAFEQ CLIENT ON WINDOWS WORKSTATION
OVERVIEW
There is two main ways how SafeQ Client application can behave from user view:
Without pop-up windows - after clicking print, document is sent to print server and no SafeQ Client
pop-up windows will be shown.
With pop-up windows - after clicking print, document is sent to print server and SafeQ Client pop-up
windows will be displayed. Depends on the administrator settings, you can edit print settings like
billing code, job queue or other finishing options. For more information continue in following guide.
USING SAFEQ CLIENT POP-UP WINDOWS
NOTE: Some of the screens and options displayed in following steps, can vary from screens displayed
on your workstation. Displaying SafeQ Client pop-up windows depends on administrator settings on SafeQ
server and SafeQ print port on your workstation. For more information about SafeQ Client pop-up windows
behavior contact your local administrator.
1 Send document to print from your workstation.
2 When authentication screen will be displayed, depends on settings, you can authenticate yourself by:
1. Entering user name and password and clicking OK to continue.
2. Entering user name only and clicking OK to continue.
YSoft SafeQ 5 2118

February 03, 2016
3. Swiping card connected to your workstation and continue.
3 When billing code selection window will be displayed, you can select one of the billing codes by
clicking it. Your job will be accounted to this billing code.
For more information about selecting billing codes see: Selecting billing codes in SafeQ Client
You can select billing code from:
1. Recently selected (list of last used billing codes)
YSoft SafeQ 5 2119

February 03, 2016
2. Assigned billing codes (list of all assigned billing code in tree hierarchy). Here you can also
search in a list of assigned billing codes.
YSoft SafeQ 5 2120

February 03, 2016
4 When job queue selection window will be displayed, you can select job queue for your job by clicking:
Private print - job will be assigned to the secured queue, then job will be released after
authentication and print confirmation on device.
Shared print - job will be assigned to the shard queue, then selected users can also see
and print this job in their job lists. You can add users to your shared queue by clicking
Select people.
For more information about Shared queues see: Using Delegation Print (VIP shared
queues) and Configuring and using Shared Queues.
YSoft SafeQ 5 2121

February 03, 2016
5 Finally the Price estimation windows will be displayed. Here you can see price estimation for your job
for all available printers and you can also use:
Print B/W - to print job in Black and White

Print color - to print job in Color
Cancel print - to cancel printing of this job
Additionally current balance on users money account is displayed, if YSoft Payment System is
enabled. Then prices higher than current balance are grayed out.
YSoft SafeQ 5 2122

February 03, 2016
YSoft SafeQ 5 2123

February 03, 2016
5.5.2 USING SAFEQ CLIENT ON MACOS 2.X WORKSTATION
OVERVIEW
YSoft SafeQ 5 2124

February 03, 2016
YSoft SafeQ 5 2125

February 03, 2016
YSoft SafeQ 5 2126

February 03, 2016
YSoft SafeQ 5 2127

February 03, 2016
Select people.
YSoft SafeQ 5 2128

February 03, 2016
Print B/W - to print job in Black and White.

Print color - to print job in Color.
Cancel print - to cancel printing of this job.
YSoft SafeQ 5 2129

February 03, 2016
5.5.3 USING SAFEQ CLIENT 4.X ON MACOS WORKSTATION
OVERVIEW
YSoft SafeQ 5 2130

February 03, 2016
You can select Remember me checkbox to preserve login information for next print job.
You can select Remember me checkbox to preserve login information for next print job.
YSoft SafeQ 5 2131

February 03, 2016
YSoft SafeQ 5 2132

February 03, 2016
Select people.
YSoft SafeQ 5 2133

February 03, 2016
Print B/W - to print job in Black and White

Print color - to print job in Color
Cancel print - to cancel printing of this job
Current balance on users money account is displayed, if YSoft Payment System is enabled. Prices
lower than current balance are grayed out.
YSoft SafeQ 5 2134

February 03, 2016
5.5.4 SELECTING BILLING CODES IN SAFEQ CLIENT
You can select a billing code (project code) for each print job you send to a YSoft SafeQ secure or direct
queue.
SELECTING A BILLING CODE IN YSOFT SAFEQ CLIENT WITH RECENT BILLING CODES ENABLED
YSoft SafeQ 5 2135

February 03, 2016
When Recent Billing Codes are enabled you can see the list of recently selected billing codes on the first
screen. Information about this extension: Recent Billing Codes Extension
Click on billing code to select it.
If you choose Show assigned billing codes then you will see list of assigned billing codes. You can follow
information in next chapter: Selecting a billing code in YSoft SafeQ Client
SELECTING A BILLING CODE IN YSOFT SAFEQ CLIENT – WINDOWS
On the Billing codes page, select a billing code, or click to display more billing codes; then navigate
to the billing code you need and select it.
YSoft SafeQ 5 2136

February 03, 2016
YSoft SafeQ 5 2137

February 03, 2016
YSoft SafeQ 5 2138

February 03, 2016
NOTE: If the page includes Price estimation or VIP shared queue options, you can see how to use those
options here:
Using Delegation Print (VIP shared queues)

Enabling and using print price estimation
SEARCHING FOR BILLING CODES

In the text box, enter a search phrase. Client will search for billing codes after you stop typing.
This automatic search could be disabled by turning off option "Automatic filtering of billing codes"
(enableBillingCodesAutoSearch). When automatic filtering is set to false, then it is necessary to press
ENTER or click on magnifier icon:
YSoft SafeQ 5 2139

February 03, 2016
To cancel a search, click .
YSoft SafeQ 5 2140

February 03, 2016
SELECTING A BILLING CODE IN YSOFT SAFEQ CLIENT – MAC
On the Billing codes page, select the billing code, or click to display more billing codes; then
navigate to the billing code you need and select it.
YSoft SafeQ 5 2141

February 03, 2016
YSoft SafeQ 5 2142

February 03, 2016
5.6 USER GUIDES - TERMINALS
Using YSoft SafeQ Embedded Terminal for Xerox (EIP)

Using YSoft SafeQ Embedded Terminal for Konica Minolta (OpenAPI)
Using YSoft SafeQ Embedded Terminal for Ricoh (ESA)
Using YSoft SafeQ Embedded Terminal for Fuji Xerox Apeos
Using YSoft SafeQ Embedded Terminal for Fuji Xerox with XCP
Using YSoft SafeQ Embedded Terminal for Sharp (OSA)
Using YSoft Payment Machine
Using YSoft SafeQ Embedded Terminal for Toshiba
Using YSoft SafeQ Embedded Terminal for OKI
Using YSoft SafeQ Embedded Terminal for Lexmark
Using YSoft SafeQ Embedded Terminal for Samsung
Using YSoft SafeQ Embedded Terminal for HP
5.6.1 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR XEROX (EIP)
At a Glance
Log in at the printer

Log in with a PIN or Card
Log in with a Username/Password or Card
Log out
Print all your print jobs
Register a new card
Register a new card by entering your username and password
Register a new card by entering your Card Activation Code
Register a new card by entering your Card Activation Code OR login name and password
Select jobs to print
Xerox printer with job list: Waiting, printed, favorites folders
Incompatible jobs
Display detailed information about a print job
Delete a print job
Select a billing code
Select the billing code from a list
Default billing code
Search of billing code
Continue with scan or copy
Copy
Scan
Scan Workflows list
Quick workflows and Expert workflows lists
YSoft SafeQ 5 2143

February 03, 2016
Print, copy and scan with credit balance

Display the current credit balance
Print with credit balance
Copy with credit balance
Scan with credit balance
LOG IN AT THE PRINTER
LOG IN WITH A PIN OR CARD
The device must be set up with an embedded or external card reader.
1 Place your card on the card reader attached to the printer and go to step 3.
OR
Press the Alternate Login button and continue with the next step.
2 Type your personal PIN code and press Enter.
NOTE: You can also use the numeric keyboard on the printer.
YSoft SafeQ 5 2144

February 03, 2016
3 You can select to print all your unprinted jobs immediately after login. Click Yes to do so, otherwise
click No.
LOG IN WITH A USERNAME/PASSWORD OR CARD
YSoft SafeQ 5 2145

February 03, 2016
OR
2 Type your username and press Enter.
YSoft SafeQ 5 2146

February 03, 2016
3 Type in your password and press Enter.
click No.
YSoft SafeQ 5 2147

February 03, 2016
LOG OUT
You can use any of these methods to log out from the device:
On the printer panel, press the Access button.

On the terminal screen, touch Log Out in device main menu.
Wait for the session timeout (typically 3 minutes).
Place your card on the card reader (if a card reader is available).
1 Press the Access button.
NOTE: You can use this access button anytime. After pressing this button you will be immediately
logged out.
YSoft SafeQ 5 2148

February 03, 2016
OR
2a Navigate to the main menu using home button.
2b Press your username in the top right corner and select Log Out.
YSoft SafeQ 5 2149

February 03, 2016
OR
3 After 3 minutes (note that this can be configured differently in your environment), you will be
automatically logged out.
YSoft SafeQ 5 2150

February 03, 2016
PRINT ALL YOUR PRINT JOBS
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
1 Place your card on the card reader and/or enter other login information (PIN or Login and password).
2 Confirm your login information by touching Enter.
3 When the message "Print all new jobs now?" appears, touch Yes.
YSoft SafeQ logs you in and the printer prints all your compatible waiting prints.
REGISTER A NEW CARD
The first time you use a card, use one of the methods described below to register it.
NOTE: The method you use may depend on the way your system administrator has configured SafeQ.
REGISTER A NEW CARD BY ENTERING YOUR USERNAME AND PASSWORD
YSoft SafeQ 5 2151

February 03, 2016
Swipe your card on the card reader attached to the printer.
2 Type your login name and confirm it with the Enter button.
3 Type your password and confirm it with the Enter button.
YSoft SafeQ 5 2152

February 03, 2016
4 When the assignment process will be successful, you will be logged to the printer and new card will
be assigned to your user account.
REGISTER A NEW CARD BY ENTERING YOUR CARD ACTIVATION CODE
If Card Activation Code has been assigned to you (it was received by email or it is displayed on SafeQ Web
Interface Dashboard), you can use this simple method to register your card.
1 Swipe your card on the card reader attached to the printer.
2 Insert the Card Activation Code and confirm it with the Enter button.
YSoft SafeQ 5 2153

February 03, 2016
REGISTER A NEW CARD BY ENTERING YOUR CARD ACTIVATION CODE OR LOGIN NAME AND PASSWORD
2 Insert the Card Activation Code and confirm it with the Enter button. New card will be assigned to
your user account.
OR
Touch the Enter button without entering the Card Activation Code to skip to username and
password assignment. Continue to next step.
YSoft SafeQ 5 2154

February 03, 2016
3 Type your username and confirm it with the Enter button.
YSoft SafeQ 5 2155

February 03, 2016
SELECT JOBS TO PRINT
XEROX PRINTER WITH JOB LIST: WAITING, PRINTED, FAVORITES FOLDERS
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer.
2 On the Main Menu screen, touch YSoft SafeQ.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
YSoft SafeQ 5 2156

February 03, 2016
3 Now Print job menu will be displayed.
Select jobs you want to print and touch Print button.
YSoft SafeQ 5 2157

February 03, 2016
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
5 You can also perform following actions in print menu:
Touch Print all button to print all your waiting jobs.
Display antother pages of your job list.
Navigate to Waiting / Printed / Favorite

folders.
Select jobs and mark them as a favorite.
YSoft SafeQ 5 2158

February 03, 2016
Select jobs and delete them.
Display more information and print job preview about selected job.
INCOMPATIBLE JOBS
1 Send a few jobs to the SafeQ system.
Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
jobs to print at the Xerox printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
YSoft SafeQ 5 2159

February 03, 2016
DISPLAY DETAILED INFORMATION ABOUT A PRINT JOB
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
2 Touch Info button next to the job to view jobs details.
3 Job details and preview of the first page of print job displays.
Touch OK button to exit.
YSoft SafeQ 5 2160

February 03, 2016
DELETE A PRINT JOB
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
YSoft SafeQ 5 2161

February 03, 2016
3 Touch Yes button to confirm this action.
YSoft SafeQ 5 2162

February 03, 2016
SELECT A BILLING CODE
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
YSoft SafeQ 5 2163

February 03, 2016
SELECT THE BILLING CODE FROM A LIST
1 In YSoft SafeQ application select Billing codes from the menu.
2 Screen with billing codes is displayed.
Here you can:
Touch + button to see list of children billing code (lower level).
Touch Back button to see list of parent billing codes (higher level).
Touch Arrow buttons to list pages of billing codes in actual level.
Touch text field to enter searched phrase.
Touch Magnifier button to start searching.
YSoft SafeQ 5 2164

February 03, 2016
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
The selected billing code will be highlighted.
YSoft SafeQ 5 2165

February 03, 2016
4 Now you can see newly selected billing code in the bottom of the screen.
YSoft SafeQ 5 2166

February 03, 2016
DEFAULT BILLING CODE
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
YSoft SafeQ 5 2167

February 03, 2016
SEARCH OF BILLING CODE
If you want to search billing codes, touch text field to enter searched phrase.
YSoft SafeQ 5 2168

February 03, 2016
3 Type name or number or text of billing code, which you want to search for and touch Save.
4 A result which matches your searching phase is displayed. Now you can:
Select one of the billing codes from result.
Touch Arrow buttons to list pages.
Touch text field if you want to change your searching phrase.
YSoft SafeQ 5 2169

February 03, 2016
5 The selected billing code will be highlighted.
YSoft SafeQ 5 2170

February 03, 2016
CONTINUE WITH SCAN OR COPY
1 Once billing code is selected you can continue to Scan menu to start scanning
OR
2 Continue to Copy menu to start copying
In this case navigate use HW home button to enter copy menu
YSoft SafeQ 5 2171

February 03, 2016
COPY
If your system allows you to make copies, follow these instructions.
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
2 On the Main Menu screen, touch Copy.
YSoft SafeQ 5 2172

February 03, 2016
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start (typically a green button) on the printer panel to start copying.
YSoft SafeQ 5 2173

February 03, 2016
SCAN
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
SCAN WORKFLOWS LIST
2 On the Main Menu screen, touch Scan.
3a The Scan workflows screen displays.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch one of scan workflows and now you can:
YSoft SafeQ 5 2174

February 03, 2016
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
Display another pages of your scan workflows.
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Now you can:
Touch Scan button to start scan.
Touch Cancel button to return to Scan workflow list.
YSoft SafeQ 5 2175

February 03, 2016
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
Touch text field of the scan parameter to change

value. NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning
starts
Display another pages of your scan workflow parameters.
QUICK WORKFLOWS AND EXPERT WORKFLOWS LISTS
3b The Quick scan workflows screen displays.
YSoft SafeQ 5 2176

February 03, 2016
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and your scanning starts immediately.
Display another pages of your scan workflow list.
Switch between Quick and Expert workflows
4b The Expert scan workflows screen displays.
Now you can:
Touch one of scan workflows and scan setting screen will be displayed.
YSoft SafeQ 5 2177

February 03, 2016
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Now you can:
YSoft SafeQ 5 2178

February 03, 2016
Touch Cancel button to return to Expert workflow list.

starts
PRINT, COPY AND SCAN WITH CREDIT BALANCE
DISPLAY THE CURRENT CREDIT BALANCE
YSoft SafeQ 5 2179

February 03, 2016
1 Log in to Embedded Terminal: Log in and log out at the Xerox printer and navigate to YSoft SafeQ
application
2 The current credit balance is written in bottom close to your User name.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
PRINT WITH CREDIT BALANCE
1 Select jobs you want to print and start printing.
NOTE: Only print jobs for which you have enough credit balance will be printed.
YSoft SafeQ 5 2180

February 03, 2016
2 The credit balance will be decreased.
YSoft SafeQ 5 2181

February 03, 2016
3a When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
In this case you have to deposit money to continue with printing.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
YSoft SafeQ 5 2182

February 03, 2016
3b When you try to print jobs, for which you don't have enough credit balance, job is not printed and
stays in the waiting folder. You are informed about insufficient credit.
more details.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
YSoft SafeQ 5 2183

February 03, 2016
COPY WITH CREDIT BALANCE
1 Enter the copy menu and start copying.
NOTE: Only copy jobs for which you have enough credit balance will be copied.
YSoft SafeQ 5 2184

February 03, 2016
2 When you try to copy job, for which you don't have enough credit balance, the whole copy job is
refused.
NOTE: When you have available credit balance only for few pages, you can copy them one by
one until your credit balance is consumed.
SCAN WITH CREDIT BALANCE
1 Select scan workflow which you want to use and start scanning.
YSoft SafeQ 5 2185

February 03, 2016
NOTE: Only scan jobs for which you have enough credit balance will be performed.
2 When you try to scan job, for which you don't have enough credit balance, the whole scan job is
refused.
NOTE: When you have available credit balance only for few pages, you can scan them one by
YSoft SafeQ 5 2186

February 03, 2016
COPY AT THE XEROX PRINTER
administrator.
YSoft SafeQ 5 2187

February 03, 2016
available options.
YSoft SafeQ 5 2188

February 03, 2016
YSoft SafeQ 5 2189

February 03, 2016
DELETE A PRINT JOB AT THE XEROX PRINTER
YSoft SafeQ 5 2190

February 03, 2016
YSoft SafeQ 5 2191

February 03, 2016
INCOMPATIBLE JOBS AT THE XEROX PRINTER
Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
LOG IN AND LOG OUT AT THE XEROX PRINTER
LOG IN WITH A PIN OR CARD

OR
YSoft SafeQ 5 2192

February 03, 2016
2 Type your personal PIN code and press Enter.
YSoft SafeQ 5 2193

February 03, 2016
You can select to print all your unprinted jobs immediately after login. Click Yes to do so, otherwise
click No.
LOG IN WITH A USERNAME/PASSWORD OR CARD

OR
YSoft SafeQ 5 2194

February 03, 2016
2 Type your username and press Enter.
3 Type in your password and press Enter.
YSoft SafeQ 5 2195

February 03, 2016
click No.
LOG OUT
You can use any of these methods to log out from the device:
YSoft SafeQ 5 2196

February 03, 2016
On the printer panel, press the Access button.

On the terminal screen, touch Log Out in device main menu.
Wait for the session timeout (typically 3 minutes).
Place your card on the card reader (if a card reader is available).
1 Press the Access button.
NOTE: You can use this access button anytime. After pressing this button you will be immediately
logged out.
OR
2a Navigate to the main menu using home button.
YSoft SafeQ 5 2197

February 03, 2016
2b Press your username in the top right corner and select Log Out.
OR
3 After 3 minutes (note that this can be configured differently in your environment), you will be
YSoft SafeQ 5 2198

February 03, 2016
PRINT ALL YOUR PRINT JOBS AT THE XEROX PRINTER
administrator.
1 Place your card on the card reader and/or enter other login information (PIN or Login and password).
2 Confirm your login information by touching Enter.
3 When the message "Print all new jobs now?" appears, touch Yes.
YSoft SafeQ logs you in and the printer prints all your compatible waiting prints.
YSoft SafeQ 5 2199

February 03, 2016
REGISTER A NEW CARD AT THE XEROX PRINTER
NOTE: The method you use may depend on the way your system administrator has configured SafeQ.
YSoft SafeQ 5 2200

February 03, 2016
2 Type your login name and confirm it with the Enter button.
YSoft SafeQ 5 2201

February 03, 2016

YSoft SafeQ 5 2202

February 03, 2016
YSoft SafeQ 5 2203

February 03, 2016
REGISTER A NEW CARD BY ENTERING YOUR CARD ACTIVATION CODE OR LOGIN NAME AND PASSWORD
2 Insert the Card Activation Code and confirm it with the Enter button. New card will be assigned to
your user account.
OR
Touch the Enter button without entering the Card Activation Code to skip to username and
password assignment. Continue to next step.
3 Type your username and confirm it with the Enter button.
YSoft SafeQ 5 2204

February 03, 2016
YSoft SafeQ 5 2205

February 03, 2016
SCAN AT THE XEROX PRINTER
YSoft SafeQ 5 2206

February 03, 2016
SCAN WORKFLOWS LIST
YSoft SafeQ 5 2207

February 03, 2016
Now you can:

starts
YSoft SafeQ 5 2208

February 03, 2016
YSoft SafeQ 5 2209

February 03, 2016
You can:
Now you can:
YSoft SafeQ 5 2210

February 03, 2016
Now you can:
YSoft SafeQ 5 2211

February 03, 2016

starts
SELECT A BILLING CODE AT THE XEROX PRINTER
YSoft SafeQ 5 2212

February 03, 2016
YSoft SafeQ 5 2213

February 03, 2016
Here you can:
YSoft SafeQ 5 2214

February 03, 2016
YSoft SafeQ 5 2215

February 03, 2016
YSoft SafeQ 5 2216

February 03, 2016
YSoft SafeQ 5 2217

February 03, 2016
YSoft SafeQ 5 2218

February 03, 2016
YSoft SafeQ 5 2219

February 03, 2016
YSoft SafeQ 5 2220

February 03, 2016
OR
YSoft SafeQ 5 2221

February 03, 2016
YSoft SafeQ 5 2222

February 03, 2016
SELECT JOBS TO PRINT AT THE XEROX PRINTER
YSoft SafeQ 5 2223

February 03, 2016
XEROX PRINTER WITH JOB LIST: WAITING, PRINTED, FAVORITES FOLDERS
YSoft SafeQ 5 2224

February 03, 2016
YSoft SafeQ 5 2225

February 03, 2016

folders.
YSoft SafeQ 5 2226

February 03, 2016
DISPLAY DETAILED PRINT JOBS INFORMATION AT THE XEROX PRINTER
YSoft SafeQ 5 2227

February 03, 2016
YSoft SafeQ 5 2228

February 03, 2016
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE XEROX PRINTER
1 Log in to Embedded Terminal: Log in and log out at the Xerox printer and navigate to YSoft SafeQ
application
YSoft SafeQ 5 2229

February 03, 2016
YSoft SafeQ 5 2230

February 03, 2016
more details.
YSoft SafeQ 5 2231

February 03, 2016
more details.
YSoft SafeQ 5 2232

February 03, 2016
YSoft SafeQ 5 2233

February 03, 2016
NOTE: Only copy jobs for which you have enough credit balance will be copied.
2 When you try to copy job, for which you don't have enough credit balance, the whole copy job is
refused.
NOTE: When you have available credit balance only for few pages, you can copy them one by
YSoft SafeQ 5 2234

February 03, 2016
YSoft SafeQ 5 2235

February 03, 2016
refused.
YSoft SafeQ 5 2236

February 03, 2016
5.6.2 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR KONICA MINOLTA (OPENAPI)
There are two different modes in which the the terminal can operate:
Using browser-based YSoft SafeQ Embedded Terminal for Konica Minolta

Using native YSoft SafeQ Embedded Terminal for Konica Minolta
These two manuals are also applicable for Develop and Olivetti devices.
YSoft SafeQ 5 2237

February 03, 2016
USING NATIVE YSOFT SAFEQ EMBEDDED TERMINAL FOR KONICA MINOLTA
This manual is also applicable for Develop and Olivetti devices.
At a Glance

Log in with a PIN or a card
Log in with a login name/password or a card
Log out
Print all your print jobs in the queue
Register a new card
Using default billing code
Selecting billing code from a list
Searching of billing codes
Selecting billing code by direct entering its ID or description
Incompatible jobs
View detailed information about a print job
Delete a print job
Copy
Scan
Display history of user's current session
To use the YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how
the system is set up at your location.
LOG IN WITH A PIN OR A CARD
Your system may be configured so that you can choose to log in either with a PIN or a card.
NOTE: The first time you use your card, register it as described in Register a new card at the KM printer.
YSoft SafeQ 5 2238

February 03, 2016
1 To log in, place your card on the card reader attached to the printer and go to next chapter.
OR
Touch PIN and continue to next step.
2 Type your PIN and touch OK.
YSoft SafeQ 5 2239

February 03, 2016
3 Touch Login.
NOTE: You can also set Print all value to print all compatible waiting jobs after logging in or not.
For more information see: Print all your print jobs at the KM printer below.
YSoft SafeQ 5 2240

February 03, 2016
LOG IN WITH A LOGIN NAME/PASSWORD OR A CARD
Your system may be configured so that you can choose to log in by entering your login name and password
or by placing your card on the card reader.
OR
Touch Login and continue to next step.
2 Type your login name and touch OK.
YSoft SafeQ 5 2241

February 03, 2016
3 Touch Password.
4 Type your password and touch OK.
YSoft SafeQ 5 2242

February 03, 2016
5 Touch Login.
YSoft SafeQ 5 2243

February 03, 2016
LOG OUT
To log out, touch the Access button (highlighted in the image) on the printer panel.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by
your system administrator (typically 3 minutes).
PRINT ALL YOUR PRINT JOBS IN THE QUEUE
If you want to print all your unprinted jobs automatically after you log in, follow these steps:
administrator.
1 Touch Print all - Yes on login screen before touching Login.
YSoft SafeQ 5 2244

February 03, 2016
2 Now you can fill in requred login information and touch Login or swipe card. YSoft SafeQ logs you in
and the printer prints all your compatible waiting prints.
REGISTER A NEW CARD
NOTE: The method you can use may depend on the way your system administrator has configured
YSoft SafeQ.
1 Swipe new card on the card reader attached to the printer.
2 When card assignment screen is displayed, touch Login to assign card by entering username and
password.
YSoft SafeQ 5 2245

February 03, 2016
3 Type your username and touch OK.
4 Touch Password.
YSoft SafeQ 5 2246

February 03, 2016
6 Now touch OK. You will be logged in and new card will be assigned to your user account.
YSoft SafeQ 5 2247

February 03, 2016
If Card Activation Code has been assigned to you (it was received by email or it is displayed on YSoft
SafeQ Web Interface Dashboard), you can use this simple method to register your card.
2 When card assignment screen is displayed, touch Card Activation to assign card by entering Card
Activation Code.
YSoft SafeQ 5 2248

February 03, 2016
3 Type your Card Activation Code and touch OK.
YSoft SafeQ 5 2249

February 03, 2016
Now touch OK. You will be logged in and new card will be assigned to your user account.
Your system may be set up to for you to select a billing code (project code) for the copies and scans you
make. If this is the case, after you log in, the Billing code selection page opens. Use either of the methods
described below to select your project.
In this examples following tree of billing codes will be used
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013 (default billing code)
2: Development
21: Project 1
22: Project 2
23: Project 3
YSoft SafeQ 5 2250

February 03, 2016
24: Project 4
3: Management
USING DEFAULT BILLING CODE
1 When billing code screen appears and you want to use default billing code, which is displayed at the
top of the screen, just touch OK and continue to device application main menu.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
NOTE: In the YSoft SafeQ Web Interface, you can define your own default billing code. See Quick
Start Guide for End Users.
SELECTING BILLING CODE FROM A LIST
1 If you want to select billing code from a list touch List button at the end of a Browse field to show
list of billing codes assigned to you.
YSoft SafeQ 5 2251

February 03, 2016
2 If you want to select billing code from the current level, tap this billing code, touch OK and skip to step
4.
If you want to know how to browse billing codes tree, tap 1: Financial, then OK and continue to step
3a.
NOTE: You can move between pages with billing codes by tapping arrow buttons.
YSoft SafeQ 5 2252

February 03, 2016
3a For best demonstration of browsing billing code we will go from "1: Financial" to "131: invoices
2013" back to the "13: 2013".
We've selected billing code "1: Financial". To show children of this billing code tap List button.
NOTE: In the billing code tree you can see selected/displayed billing codes as highlighted. Then
you can easily see current level.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2253

February 03, 2016
3b Children of "1: Finance" billing code displays. Tap "13:2013" billing code and tap OK.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2254

February 03, 2016
3c To show children of "13: 2013" billing code tap List button.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2255

February 03, 2016
3d Children of "13: 2013" billing code displays. Now we are at the lowest level of billing code tree.
Our target is to select "13:2013" billing code, then we have to go one level up, then parent level
represented by first line and tap OK.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2256

February 03, 2016
3e Now billing code "1: Finance" billing code was selected, then we have to tap List button again to
display children of this billing codes.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2257

February 03, 2016
3f Now finally we can select "13: 2013" billing code and touch OK to confirm it.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2258

February 03, 2016
4 If the selected billing code you want to use, tap OK to continue to device application main menu.
Otherwise go back to step 2.
YSoft SafeQ 5 2259

February 03, 2016
SEARCHING OF BILLING CODES
1 If you want to search for billing code touch keyboard button on the left from search button.
2 Type ID (number) or description (name) of billing code, which you want to search for and touch OK.
(In this example "2013").
YSoft SafeQ 5 2260

February 03, 2016
3 Now touch Search
4 Results which match your searching phase will be displayed. In brackets after billing code name, you
can see path of all parental billing codes.
YSoft SafeQ 5 2261

February 03, 2016
NOTE: In our case the path of all parental billing codes is represented by numbers of billing
codes, but it depends on the way, how the SafeQ system is configured.
Now you can:
Select one of the billing codes from the search result, touch OK and continue to next step.
OR
Touch Cancel, if you want to change your searching phase and repeat steps 1 to 4.
5 Now your billing code is selected. Touch OK to continue to device application main menu.
YSoft SafeQ 5 2262

February 03, 2016
SELECTING BILLING CODE BY DIRECT ENTERING ITS ID OR DESCRIPTION
Konica Minolta devices offers another way how to select billing code. If you know exact ID (number) or
description (name) of billing code, you can enter it in search window and touch and confirming it without
searching of browsing lists.
1 If you want to enter exact ID or description of billing code, touch keyboard button.
YSoft SafeQ 5 2263

February 03, 2016
2 Type exact ID (number) or description (name) of billing code, which you want to search for and touch
OK. (In this example "131" as a ID or "invoices 2013" as a description).
OR
YSoft SafeQ 5 2264

February 03, 2016
3 Now touch OK.
OR
YSoft SafeQ 5 2265

February 03, 2016
4 If your input will match any ID (number) or description (name) of billing code, device menu will be
displayed and matched billing code will be selected. Otherwise an error message appears and you
have to repeat these steps again.
1 Log in to Terminal Embedded: Logging in and logging out at the KM Zeus printer.
If billing code screen appears, follow steps in Selecting a billing code at the KM Zeus printer - KM
interface.
2 On the Main Menu screen, touch SafeQ Print.
NOTE: Your screen may looks like different as shown here, depends on administrator settings.
YSoft SafeQ 5 2266

February 03, 2016
3 An screen with job folder selection will be displayed. Touch one of the folder buttons.
NOTE: Your screen may include different options as shown here, depends on administrator settings.
YSoft SafeQ 5 2267

February 03, 2016
4 Touch the job(s) you want to print.
To mark/unmark all jobs, touch Select All.

To display more jobs, touch Arrow keys on the right side.
5 If you have selected jobs to print, touch Start button on the printer panel and selected jobs will be
printed. For more information about HW buttons on device panel see: Hardware buttons on KM Zeus
printer.
6 The history with all types of jobs performed in this session displays.
Touch Close.
YSoft SafeQ 5 2268

February 03, 2016
INCOMPATIBLE JOBS
1 Send a few jobs to the SafeQ system
Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer - KM interface
As displayed on picture above the printer supports only BW print, so color print jobs are incompatible
YSoft SafeQ 5 2269

February 03, 2016
VIEW DETAILED INFORMATION ABOUT A PRINT JOB
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
2 Touch ". . ." button next to the job to view jobs details.
YSoft SafeQ 5 2270

February 03, 2016
3 Now you can:
Touch Preview and continue to step 3a
OR
Touch Print job information and continue to step 3b.
YSoft SafeQ 5 2271

February 03, 2016
3a Preview of the first page of print job will be displayed.
Touch Close to exit and continue to step 4.
3b Detailed information about current print job will be displayed.
Touch Close to exit.
YSoft SafeQ 5 2272

February 03, 2016
4 Touch Cancel to exit and display job list.
DELETE A PRINT JOB
2 Touch the job(s) you want to delete and touch Delete.
YSoft SafeQ 5 2273

February 03, 2016
3 Touch OK to confirm this action or Cancel to deny it.
COPY
YSoft SafeQ 5 2274

February 03, 2016
administrator.
1 Log in to Terminal Embedded: Log in and log out at the KM printer
If billing code screen appears follow steps in Select a billing code at the KM printer - KM interface.
available options.
Then press Start button on the printer panel to start copying. For more information about HW buttons
on device panel see: Hardware buttons on KM printer
YSoft SafeQ 5 2275

February 03, 2016
SCAN
interface.
2 On the Main Menu screen, touch SafeQ Scan.
YSoft SafeQ 5 2276

February 03, 2016
3 The scan workflows screen displays. Availability of scan workflows may vary according to the YSoft
SafeQ configuration at your location. To learn about your available scanning options, contact your
system administrator.
NOTE: The example shown here is for Scan to e-mail workflow, but the process is similar for
editing other workflows.
Touch one of scan workflows and now you can and touch Parameters button next to workflow, to
change parameters like sender, recipient, scan file name, etc.
YSoft SafeQ 5 2277

February 03, 2016
4 After touching Parameters button, screen with scan workflow parameters displays. Now you can
change parameters of scan workflow.
Touch Keyboard icon next to parameter text field to change value.
NOTE: Parameters with asterisk * are mandatory and must be filled. Otherwise scan wouldn't be
performed.
YSoft SafeQ 5 2278

February 03, 2016
5 Type the sender e-mail address / recipient e-mail address / name of the scanned file depends on
selected parameter.
NOTE: The example shown here is for Recipient parameter.
Then touch OK to save new value.
YSoft SafeQ 5 2279

February 03, 2016
6 Now your parameters was saved. If you want to set another parameters, repeat steps 4 and 5.
Otherwise touch OK.
7 Now touch Scan settings to change settings like resolution, color, etc.
YSoft SafeQ 5 2280

February 03, 2016
8 After touching Scan settings, screen with available scan settings will be displayed.
Now you can change scan settings by touching each option.
Then touch Close to go back.
YSoft SafeQ 5 2281

February 03, 2016
After setting workflow parameters and scan settings press Start button on the printer panel and
selected jobs will be printed. For more information about HW buttons on device panel see: Hardware
buttons on KM Zeus printer.
DISPLAY HISTORY OF USER'S CURRENT SESSION

It is possible to display a history of user's current session.
The history contains a list of print, copy and scan jobs which were performed during one user's session
(from user's login to user's logout).
1 Touch Job History button on the SafeQ Print or the SafeQ Scan application.
NOTE: You can enter Job history screen anytime during working with printer.
YSoft SafeQ 5 2282

February 03, 2016
2 The history with all types of jobs performed in this session is displayed.
NOTE: When Payment System is used and the user has a money account assigned, there also
should be displayed prices for jobs.
YSoft SafeQ 5 2283

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to YSoft SafeQ print
or scan application.
2 The current credit balance is written in the upper part for copy, print and scan menu.
YSoft SafeQ 5 2284

February 03, 2016
YSoft SafeQ 5 2285

February 03, 2016
YSoft SafeQ 5 2286

February 03, 2016
NOTE: The credit balance is not automatically refreshed after performing print job. You should
leave the job list and enter it again to see your current credit balance.
YSoft SafeQ 5 2287

February 03, 2016
When you have credit balance only for few pages of the print job, only those pages are printed and
the rest of the print job is not printed.
In both cases you have two options:
1) Deposit credit balance and continue printing with Continue button.
2) Finish printing by pressing Job Finished button.
more details.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
YSoft SafeQ 5 2288

February 03, 2016
NOTE: If the print job costs exactly the same as your current available credit balance, then the
print job is finished and following screen will appear.
In this case you have two options:
1) Deposit credit balance and continue by pressing Start button.
2) Finish your session and logout by pressing Access button
YSoft SafeQ 5 2289

February 03, 2016
3b When you try to print jobs, for which you don't have enough credit balance, jobs will not be printed.
3c
YSoft SafeQ 5 2290

February 03, 2016
When you try to print jobs for which you do not have enough credit balance using the Print All from
the Authentication Screen, the jobs will not be printed and a warning message will be displayed.
After performing the copy job, your credit balance will be decreased.
NOTE: The current credit balance is automatically refreshed.
YSoft SafeQ 5 2291

February 03, 2016
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
When you have enough credit balance only for few copies, then only those copies will be performed
and the rest of the copy job will be refused.
1) Deposit credit balance and continue copying with Continue button.
2) Finish copying by pressing Job Finished button.
more details.
YSoft SafeQ 5 2292

February 03, 2016
NOTE: If the copy job costs exactly the same as your current available credit balance, then the
copy job is finished and following screen will appear.
YSoft SafeQ 5 2293

February 03, 2016
After performing the scan job, your credit balance will be decreased.
NOTE: The current credit balance is not automatically refreshed.
YSoft SafeQ 5 2294

February 03, 2016
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
1) Deposit credit balance and continue scanning with Start button.
2) Finish scanning by pressing Access button
more details.
YSoft SafeQ 5 2295

February 03, 2016
NOTE: If the scan job costs exactly the same as your current available credit balance, then the
scan job is finished and following screen will appear.
YSoft SafeQ 5 2296

February 03, 2016
YSoft SafeQ 5 2297

February 03, 2016
DELETE A PRINT JOB AT THE KM PRINTER - KM INTERFACE
2 Touch the job(s) you want to delete and touch Delete.
3 Touch OK to confirm this action or Cancel to deny it.
YSoft SafeQ 5 2298

February 03, 2016
DISPLAY HISTORY OF USER'S CURRENT SESSION AT THE KM PRINTER - KM INTERFACE

It is possible to display a history of user's current session.
The history contains a list of print, copy and scan jobs which were performed during one user's session
(from user's login to user's logout).
1 Touch Job History button on the SafeQ Print or the SafeQ Scan application.
NOTE: You can enter Job history screen anytime during working with printer.
YSoft SafeQ 5 2299

February 03, 2016
2 The history with all types of jobs performed in this session is displayed.
NOTE: When Payment System is used and the user has a money account assigned, there also
should be displayed prices for jobs.
YSoft SafeQ 5 2300

February 03, 2016
YSoft SafeQ 5 2301

February 03, 2016
INCOMPATIBLE JOBS AT THE KM PRINTER - KM INTERFACE
1 Send a few jobs to the SafeQ system
As displayed on picture above the printer supports only BW print, so color print jobs are incompatible
SCAN AT THE KM PRINTER - KM INTERFACE

interface.
YSoft SafeQ 5 2302

February 03, 2016
3 The scan workflows screen displays. Availability of scan workflows may vary according to the YSoft
SafeQ configuration at your location. To learn about your available scanning options, contact your
system administrator.
Touch one of scan workflows and now you can and touch Parameters button next to workflow, to
change parameters like sender, recipient, scan file name, etc.
YSoft SafeQ 5 2303

February 03, 2016
4 After touching Parameters button, screen with scan workflow parameters displays. Now you can
change parameters of scan workflow.
Touch Keyboard icon next to parameter text field to change value.
NOTE: Parameters with asterisk * are mandatory and must be filled. Otherwise scan wouldn't be
performed.
YSoft SafeQ 5 2304

February 03, 2016
5 Type the sender e-mail address / recipient e-mail address / name of the scanned file depends on
selected parameter.
NOTE: The example shown here is for Recipient parameter.
Then touch OK to save new value.
YSoft SafeQ 5 2305

February 03, 2016
6 Now your parameters was saved. If you want to set another parameters, repeat steps 4 and 5.
Otherwise touch OK.
7 Now touch Scan settings to change settings like resolution, color, etc.
YSoft SafeQ 5 2306

February 03, 2016
8 After touching Scan settings, screen with available scan settings will be displayed.
Now you can change scan settings by touching each option.
Then touch Close to go back.
YSoft SafeQ 5 2307

February 03, 2016
After setting workflow parameters and scan settings press Start button on the printer panel and
selected jobs will be printed. For more information about HW buttons on device panel see: Hardware
buttons on KM Zeus printer.
SELECT A BILLING CODE AT THE KM PRINTER - KM INTERFACE

0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
YSoft SafeQ 5 2308

February 03, 2016
24: Project 4
3: Management
YSoft SafeQ 5 2309

February 03, 2016
4.
3a.
YSoft SafeQ 5 2310

February 03, 2016
2013" back to the "13: 2013".
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2311

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2312

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2313

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2314

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2315

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2316

February 03, 2016
YSoft SafeQ 5 2317

February 03, 2016
YSoft SafeQ 5 2318

February 03, 2016
YSoft SafeQ 5 2319

February 03, 2016
3 Now touch Search
Now you can:
OR
YSoft SafeQ 5 2320

February 03, 2016
YSoft SafeQ 5 2321

February 03, 2016
YSoft SafeQ 5 2322

February 03, 2016
OR
3 Now touch OK.
YSoft SafeQ 5 2323

February 03, 2016
OR
YSoft SafeQ 5 2324

February 03, 2016
YSoft SafeQ 5 2325

February 03, 2016
SELECT JOBS TO PRINT AT THE KM PRINTER - KM INTERFACE
interface.
3 An screen with job folder selection will be displayed. Touch one of the folder buttons.
NOTE: Your screen may include different options as shown here, depends on administrator settings.
YSoft SafeQ 5 2326

February 03, 2016
4 Touch the job(s) you want to print.
To mark/unmark all jobs, touch Select All.

To display more jobs, touch Arrow keys on the right side.
YSoft SafeQ 5 2327

February 03, 2016
If you have selected jobs to print, touch Start button on the printer panel and selected jobs will be
printed. For more information about HW buttons on device panel see: Hardware buttons on KM Zeus
printer.
6 The history with all types of jobs performed in this session displays.
Touch Close.
YSoft SafeQ 5 2328

February 03, 2016
DISPLAY DETAILED PRINT JOB INFORMATION AT THE KM PRINTER - KM INTERFACE
2 Touch ". . ." button next to the job to view jobs details.
3 Now you can:
Touch Preview and continue to step 3a
OR
Touch Print job information and continue to step 3b.
YSoft SafeQ 5 2329

February 03, 2016
3a Preview of the first page of print job will be displayed.
Touch Close to exit and continue to step 4.
3b Detailed information about current print job will be displayed.
Touch Close to exit.
YSoft SafeQ 5 2330

February 03, 2016
4 Touch Cancel to exit and display job list.
YSoft SafeQ 5 2331

February 03, 2016
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE KM PRINTER - KM INTERFACE
YSoft SafeQ 5 2332

February 03, 2016
or scan application.
2 The current credit balance is written in the upper part for copy, print and scan menu.
YSoft SafeQ 5 2333

February 03, 2016
YSoft SafeQ 5 2334

February 03, 2016
NOTE: The credit balance is not automatically refreshed after performing print job. You should
leave the job list and enter it again to see your current credit balance.
YSoft SafeQ 5 2335

February 03, 2016
When you have credit balance only for few pages of the print job, only those pages are printed and
the rest of the print job is not printed.
more details.
YSoft SafeQ 5 2336

February 03, 2016
NOTE: If the print job costs exactly the same as your current available credit balance, then the
print job is finished and following screen will appear.
YSoft SafeQ 5 2337

February 03, 2016
3c
YSoft SafeQ 5 2338

February 03, 2016
When you try to print jobs for which you do not have enough credit balance using the Print All from
YSoft SafeQ 5 2339

February 03, 2016
When you have enough credit balance only for few copies, then only those copies will be performed
and the rest of the copy job will be refused.
more details.
YSoft SafeQ 5 2340

February 03, 2016
NOTE: If the copy job costs exactly the same as your current available credit balance, then the
copy job is finished and following screen will appear.
YSoft SafeQ 5 2341

February 03, 2016
YSoft SafeQ 5 2342

February 03, 2016
1) Deposit credit balance and continue scanning with Start button.
2) Finish scanning by pressing Access button
more details.
YSoft SafeQ 5 2343

February 03, 2016
NOTE: If the scan job costs exactly the same as your current available credit balance, then the
scan job is finished and following screen will appear.
YSoft SafeQ 5 2344

February 03, 2016
USING BROWSER-BASED YSOFT SAFEQ EMBEDDED TERMINAL FOR KONICA MINOLTA
This manual is also applicable for Develop and Olivetti devices.
At a Glance

Log in with a login name/password or a card
Log out
Register a new card
Using default billing code
Selecting billing code from a list
Searching of billing codes
Selecting billing code by direct entering its ID or description
YSoft SafeQ 5 2345

February 03, 2016

Incompatible jobs
Delete a print job
Select a billing code in SafeQ Application
Copy
Scan
Scan Workflows list
OR
YSoft SafeQ 5 2346

February 03, 2016
3 Touch Login.
YSoft SafeQ 5 2347

February 03, 2016
OR
YSoft SafeQ 5 2348

February 03, 2016
3 Touch Password.
YSoft SafeQ 5 2349

February 03, 2016
5 Touch Login.
YSoft SafeQ 5 2350

February 03, 2016
LOG OUT
YSoft SafeQ 5 2351

February 03, 2016
administrator.
YSoft SafeQ 5 2352

February 03, 2016
REGISTER A NEW CARD
YSoft SafeQ.
password.
YSoft SafeQ 5 2353

February 03, 2016
4 Touch Password.
YSoft SafeQ 5 2354

February 03, 2016
YSoft SafeQ 5 2355

February 03, 2016
Activation Code.
YSoft SafeQ 5 2356

February 03, 2016
YSoft SafeQ 5 2357

February 03, 2016
Now touch OK. You will be logged in and new card will be assigned to your user account.
NOTE: It is possible to select billing codes later in SafeQ Application menu (See: Selecting a billing code
at the KM printer). Then for now, you can use default billing code and continue to the next chapter.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
2: Development
21: Project 1
YSoft SafeQ 5 2358

February 03, 2016
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2359

February 03, 2016
4.
3a.
YSoft SafeQ 5 2360

February 03, 2016
2013" back to the "13: 2013".
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2361

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2362

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2363

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2364

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2365

February 03, 2016
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
YSoft SafeQ 5 2366

February 03, 2016
YSoft SafeQ 5 2367

February 03, 2016
YSoft SafeQ 5 2368

February 03, 2016
3 Now touch Search
YSoft SafeQ 5 2369

February 03, 2016
Now you can:
OR
YSoft SafeQ 5 2370

February 03, 2016
YSoft SafeQ 5 2371

February 03, 2016
OR
YSoft SafeQ 5 2372

February 03, 2016
3 Now touch OK.
OR
YSoft SafeQ 5 2373

February 03, 2016
1 Log in to Terminal Embedded: Logn and log out at the KM printer.
If billing code screen appears, follow steps in Select a billing code at the KM printer - KM interface.
YSoft SafeQ 5 2374

February 03, 2016
YSoft SafeQ 5 2375

February 03, 2016

folders.
YSoft SafeQ 5 2376

February 03, 2016
INCOMPATIBLE JOBS
to print at the KM printer.
YSoft SafeQ 5 2377

February 03, 2016
YSoft SafeQ 5 2378

February 03, 2016
DELETE A PRINT JOB
YSoft SafeQ 5 2379

February 03, 2016
SELECT A BILLING CODE IN SAFEQ APPLICATION

In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ print menu, then you can
YSoft SafeQ 5 2380

February 03, 2016
YSoft SafeQ 5 2381

February 03, 2016
1 In YSoft SafeQ print application select Billing codes from the menu.
Here you can:
YSoft SafeQ 5 2382

February 03, 2016
YSoft SafeQ 5 2383

February 03, 2016
YSoft SafeQ 5 2384

February 03, 2016
YSoft SafeQ 5 2385

February 03, 2016
YSoft SafeQ 5 2386

February 03, 2016
3 Type name or number or text of billing code, which you want to search for and touch OK.
4 The searched phrase appears in text filed. Start searching by tapping Magnifier button.
YSoft SafeQ 5 2387

February 03, 2016
YSoft SafeQ 5 2388

February 03, 2016
YSoft SafeQ 5 2389

February 03, 2016
1 Once billing code is selected you can continue to Scan menu or Copy menu to scan or copy to
selected Billing code.
Navigate to main menu using HW home button
2 Select SafeQ Scan or Copy application
COPY
administrator.
YSoft SafeQ 5 2390

February 03, 2016
available options.
YSoft SafeQ 5 2391

February 03, 2016
SCAN
SCAN WORKFLOWS LIST
1 Log in to Terminal Embedded: Log in and log out at the KM printer.
YSoft SafeQ 5 2392

February 03, 2016
Touch Scan button to perform scan with default workflow parameter and scan
settings. You scanning starts immediately.
YSoft SafeQ 5 2393

February 03, 2016
Now you can:

starts
YSoft SafeQ 5 2394

February 03, 2016
You can:
YSoft SafeQ 5 2395

February 03, 2016
Now you can:
YSoft SafeQ 5 2396

February 03, 2016
Now you can:
YSoft SafeQ 5 2397

February 03, 2016

starts
or scan application
2 The current credit balance is written in bottom close to your User name for Print and Scan application.
YSoft SafeQ 5 2398

February 03, 2016
YSoft SafeQ 5 2399

February 03, 2016
The current credit balance is written in the upper part for copy menu.
NOTE: Only pages for which you have enough credit balance will be printed. It might happen that
only half of your print job will be printed, if you don't have enough credit.
YSoft SafeQ 5 2400

February 03, 2016
NOTE: The credit balance is automatically refreshed after performing print job.
YSoft SafeQ 5 2401

February 03, 2016
3a When you try to print jobs, for which you don't have enough credit balance, only those pages are
printed, for which you have credit balance.
more details.
NOTE: If print job costs exactly the same as your current available credit balance, then the print
job is finished and following screen will appear.
YSoft SafeQ 5 2402

February 03, 2016
YSoft SafeQ 5 2403

February 03, 2016
3c When you try to print jobs for which you do not have enough credit balance using the Print All from
YSoft SafeQ 5 2404

February 03, 2016
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
more details.
YSoft SafeQ 5 2405

February 03, 2016
NOTE: If copy job costs exactly the same as your current available credit balance, then the copy
YSoft SafeQ 5 2406

February 03, 2016
YSoft SafeQ 5 2407

February 03, 2016
more details.
YSoft SafeQ 5 2408

February 03, 2016
NOTE: If scan job costs exactly the same as your current available credit balance, then the job is
finished and following screen will appear.
YSoft SafeQ 5 2409

February 03, 2016
SCAN AT THE KM PRINTER

YSoft SafeQ 5 2410

February 03, 2016
SCAN WORKFLOWS LIST
1 Log in to Terminal Embedded: Log in and log out at the KM printer.
Touch Scan button to perform scan with default workflow parameter and scan
settings. You scanning starts immediately.
YSoft SafeQ 5 2411

February 03, 2016
Now you can:

starts
YSoft SafeQ 5 2412

February 03, 2016
YSoft SafeQ 5 2413

February 03, 2016
You can:
Now you can:
YSoft SafeQ 5 2414

February 03, 2016
Now you can:
YSoft SafeQ 5 2415

February 03, 2016

starts
YSoft SafeQ 5 2416

February 03, 2016
SELECT JOBS TO PRINT AT THE KM PRINTER
1 Log in to Terminal Embedded: Logn and log out at the KM printer.
YSoft SafeQ 5 2417

February 03, 2016
YSoft SafeQ 5 2418

February 03, 2016

folders.
YSoft SafeQ 5 2419

February 03, 2016
DELETE A PRINT JOB AT THE KM PRINTER
YSoft SafeQ 5 2420

February 03, 2016
YSoft SafeQ 5 2421

February 03, 2016
INCOMPATIBLE JOBS AT THE KM PRINTER
SELECT A BILLING CODE AT THE KM PRINTER

YSoft SafeQ 5 2422

February 03, 2016
Here you can:
YSoft SafeQ 5 2423

February 03, 2016
YSoft SafeQ 5 2424

February 03, 2016
YSoft SafeQ 5 2425

February 03, 2016
YSoft SafeQ 5 2426

February 03, 2016
YSoft SafeQ 5 2427

February 03, 2016
YSoft SafeQ 5 2428

February 03, 2016
YSoft SafeQ 5 2429

February 03, 2016
YSoft SafeQ 5 2430

February 03, 2016
1 Once billing code is selected you can continue to Scan menu or Copy menu to scan or copy to
selected Billing code.
Navigate to main menu using HW home button
2 Select SafeQ Scan or Copy application
YSoft SafeQ 5 2431

February 03, 2016
DISPLAY DETAILED PRINT JOBS INFORMATION AT THE KM PRINTER
YSoft SafeQ 5 2432

February 03, 2016
YSoft SafeQ 5 2433

February 03, 2016
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE KM PRINTER
YSoft SafeQ 5 2434

February 03, 2016
or scan application
YSoft SafeQ 5 2435

February 03, 2016
The current credit balance is written in the upper part for copy menu.
YSoft SafeQ 5 2436

February 03, 2016
YSoft SafeQ 5 2437

February 03, 2016
3a When you try to print jobs, for which you don't have enough credit balance, only those pages are
printed, for which you have credit balance.
more details.
YSoft SafeQ 5 2438

February 03, 2016
NOTE: If print job costs exactly the same as your current available credit balance, then the print
YSoft SafeQ 5 2439

February 03, 2016
YSoft SafeQ 5 2440

February 03, 2016
3c When you try to print jobs for which you do not have enough credit balance using the Print All from
YSoft SafeQ 5 2441

February 03, 2016
YSoft SafeQ 5 2442

February 03, 2016
more details.
YSoft SafeQ 5 2443

February 03, 2016
NOTE: If copy job costs exactly the same as your current available credit balance, then the copy
YSoft SafeQ 5 2444

February 03, 2016
YSoft SafeQ 5 2445

February 03, 2016
more details.
YSoft SafeQ 5 2446

February 03, 2016
NOTE: If scan job costs exactly the same as your current available credit balance, then the job is
finished and following screen will appear.
YSoft SafeQ 5 2447

February 03, 2016
COPY AT THE KM PRINTER
administrator.
YSoft SafeQ 5 2448

February 03, 2016
available options.
YSoft SafeQ 5 2449

February 03, 2016
HARDWARE BUTTONS ON KM PRINTER
USING HARDWARE BUTTONS
There are only two buttons related to usage of YSoft SafeQ system on Konica Minolta Zeus or
Minerva devices:
Start button (big blue one) - after pressing copying / scanning / printing action will start.
Access button (highlighted one) - user is immediately logged out from the device after
pressing this button.
LOG IN AND LOG OUT AT THE KM PRINTER

OR
YSoft SafeQ 5 2450

February 03, 2016
3 Touch Login.
YSoft SafeQ 5 2451

February 03, 2016

NOTE: The first time you use your card, register it as described in Register a new card at the KM printer
.
OR
YSoft SafeQ 5 2452

February 03, 2016
3 Touch Password.
YSoft SafeQ 5 2453

February 03, 2016
5 Touch Login.
YSoft SafeQ 5 2454

February 03, 2016
YSoft SafeQ 5 2455

February 03, 2016
LOG OUT
PRINT ALL YOUR PRINT JOBS AT THE KM PRINTER
administrator.
YSoft SafeQ 5 2456

February 03, 2016
REGISTER A NEW CARD AT THE KM PRINTER

YSoft SafeQ.
YSoft SafeQ 5 2457

February 03, 2016
password.
YSoft SafeQ 5 2458

February 03, 2016
4 Touch Password.
YSoft SafeQ 5 2459

February 03, 2016
Type your password and touch OK.
YSoft SafeQ 5 2460

February 03, 2016

Activation Code.
YSoft SafeQ 5 2461

February 03, 2016
YSoft SafeQ 5 2462

February 03, 2016
5.6.3 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR RICOH (ESA)
At a Glance

Log in with a username/password or a card
Log out
Register a new card
Locate your Card Activation Code
Select the billing code directly after login
Select the billing code from the YSoft SafeQ application
Incompatible jobs
Delete a print job
Copy
Scan
Display the Scan menu
Select scan options and making a scan
Edit scan parameters and scan settings
Display job summary
To use YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how the
system is set up at your location.
NOTE: The first time you use your card, register it as described in Register a new card at Ricoh printer.
1 To log in, place your card on the card reader attached to the printer.
YSoft SafeQ 5 2463

February 03, 2016
OR
2 Touch the icon on the left
If you want the printer to print all your unprinted jobs after you log in, check Print all.
If you do not want the printer to print all your jobs, uncheck Print all.
3 Touch PIN text field or directly type your PIN using the printer's numeric keypad. (2 to 20
numbers). You can confirm inserted PIN by Login.
HINT: You can enter PIN using the printer's numeric keypad confirm the entrance with # key
directly on this screen.
YSoft SafeQ 5 2464

February 03, 2016
4 Confirm with OK.
LOG IN WITH A USERNAME/PASSWORD OR A CARD
Your system may be configured so that you can choose to log in by entering your username and password
or by swiping your card on the card reader.
YSoft SafeQ 5 2465

February 03, 2016
OR
3 Touch Username text field and type your username.
Touch OK.
YSoft SafeQ 5 2466

February 03, 2016
4 Touch Password and type your password.
Touch OK.
YSoft SafeQ 5 2467

February 03, 2016
LOG OUT
To log out, touch the Exit button in the right corner or place any card on the card reader (if a card reader is
attached to the printer).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
YSoft SafeQ 5 2468

February 03, 2016
Touch Exit.
REGISTER A NEW CARD
NOTE:: The method you use may depend on the way your system administrator has configured SafeQ.
The terminal should ask you for a Activation Code or for a Username and password. This depends on
SafeQ system configuration.
LOCATE YOUR CARD ACTIVATION CODE
1 Your Card Activation Code may appear in an email from SafeQ after sending first job to SafeQ or
generated manually by administrator.
YSoft SafeQ 5 2469

February 03, 2016
2 If your Card Activation Code was generated, it may appear in SafeQ web interface when you log in.
If you have a Card Activation Code, you can use this simple method to register your card.
2 Touch Card Activation Code button.
YSoft SafeQ 5 2470

February 03, 2016
3 Touch Activation Code text field to get software keyboard or use hardware keyboard to insert Card
Activation Code and then press Confirm.
4 If you have taken the first option then insert your Card activation code and confirm it with the OK
button.
YSoft SafeQ 5 2471

February 03, 2016
5 When the assignment process will be successful, you will be logged to the printer.
2 Touch Username & Password button.
YSoft SafeQ 5 2472

February 03, 2016
3 Touch Login button.
4 Insert your Username and confirm it with the OK button.
YSoft SafeQ 5 2473

February 03, 2016
5 Touch Password button.
YSoft SafeQ 5 2474

February 03, 2016
6 Insert your Password and confirm it with the OK button.

In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application. You can choose
different billing codes for different copy and scan jobs in one session.
YSoft SafeQ 5 2475

February 03, 2016
YSoft SafeQ 5 2476

February 03, 2016
SELECT THE BILLING CODE DIRECTLY AFTER LOGIN
1 The billing code screen appears directly after login.
Now you can:
Select billing code
Confirm billing code selection
Navigate to billing code children (Only billing codes with + symbol have children)
Search for billing code
Navigate between billing codes pages
Return from deeper level
YSoft SafeQ 5 2477

February 03, 2016
2 Once the billing code is confirmed, it is displayed at the bottom of the screen.
YSoft SafeQ 5 2478

February 03, 2016
SELECT THE BILLING CODE FROM THE YSOFT SAFEQ APPLICATION
NOTE: The default billing code is highlighted.
Now you can:
Select billing code
YSoft SafeQ 5 2479

February 03, 2016
YSoft SafeQ 5 2480

February 03, 2016
If you want to search billing codes, touch magnifier icon
YSoft SafeQ 5 2481

February 03, 2016
4 A result which matches your searching phase displays.
NOTE: The path from root level is displayed for each billing code in bracket.
Now you can:
Select billing code
Search again for billing code
YSoft SafeQ 5 2482

February 03, 2016
YSoft SafeQ 5 2483

February 03, 2016
1 Once billing code is selected you can continue to Scan menu to start scanning with selected billing
code.
2 OR
Navigate to Copy menu and perform a copy job for selected billing code.
YSoft SafeQ 5 2484

February 03, 2016
1 Check Print all option.
YSoft SafeQ 5 2485

February 03, 2016
2 Login to the printer.
3 YSoft SafeQ logs you in and the printer prints all your waiting prints.
1 Log in to Terminal Embedded: Log in and log out at the Ricoh printer.
YSoft SafeQ 5 2486

February 03, 2016
YSoft SafeQ 5 2487

February 03, 2016
Display more information about selected job.
Navigate to Waiting /
Printed / Favorite folders.
INCOMPATIBLE JOBS
1 Send a few jobs to the SafeQ
Log in to Terminal Embedded: Log in and log out at the Ricoh printer
2 When you have selected Print all option, only compatible jobs will be printed
OR
3 Navigate to joblist
You will see incompatible jobs grey out and marked with [ I ] symbol. You can print only compatible
jobs.
YSoft SafeQ 5 2488

February 03, 2016
1 Log in at the printer; navigate to YSoft SafeQ application
2
Select the job and touch Info icon
YSoft SafeQ 5 2489

February 03, 2016
3 Touch the OK button to return to the Job list.
DELETE A PRINT JOB
YSoft SafeQ 5 2490

February 03, 2016
Log in to Terminal Embedded: Log in and log out at the Ricoh printer and navigate to joblist: Select
jobs to print at the Ricoh printer.
2 Touch jobs you want to delete.
3
Touch Delete icon
COPY
administrator.
2 When the Main menu appears, touch the Copy button on the printer panel.
YSoft SafeQ 5 2491

February 03, 2016
3 OR
Press Home button on the printer panel and select copy feature.
4 Configure the copy options and start copying by pressing Start button.
YSoft SafeQ 5 2492

February 03, 2016
SCAN
DISPLAY THE SCAN MENU
1 Log in at the printer.
2 If a billing code screen appears:
Select the billing code and confirm selection with accept button
YSoft SafeQ 5 2493

February 03, 2016
3 On the Main menu, touch Scan.
NOTE: Your Main menu may not look exactly like the one shown here.
The Scan menu opens.
NOTE: Your screen may include different options from the ones shown here.
YSoft SafeQ 5 2494

February 03, 2016
SELECT SCAN OPTIONS AND MAKING A SCAN
Available scanning options vary according to the YSoft SafeQ configuration at your location. To learn about
your available scanning options, contact your system administrator.
To select scan options and make a scan, then follow these steps:
1 Display the Scan menu.
2 Touch the scan workflow you want to use (for example, Scan to my folder) and start scanning by
touching scan button
NOTE: The workflow shown here is only a sample. Your menu may include this or different
options.
YSoft SafeQ 5 2495

February 03, 2016
3 You can also do in scan menu:
Place your document on the scanner and start scanning.
Edit scan settings (file format, color, resolution, simplex/duplex).
Edit scan parameters (scan sender, scan recipient, filename, ...).
YSoft SafeQ 5 2496

February 03, 2016
Navigate to another pages of Scan workflow list.
EDIT SCAN PARAMETERS AND SCAN SETTINGS
Your system may allow you to change scan workflow parameters. For example, if your available scan
workflows include Scan to e-mail, you may be able to change the e-mail address to send the scan from or
to.
Your system also allow to change scan workflow settings. For example the resolution, the file format of the
scanned document, duplex / simplex settings or the color settings.
The available workflows and whether or not you can change their settings vary according to the way YSoft
SafeQ is configured at your location. For more information, contact your system administrator.
NOTE: The example shown here is for Scan to e-mail, but the process is similar for editing other
workflows.
1 Touch the Scan to my email workflow.
Edit scan settings (file format, color, resolution, simplex/duplex) described in step 2a.
Edit scan parameters (scan sender, scan recipient, filename, ...) described in step 2b.
YSoft SafeQ 5 2497

February 03, 2016
2a
Touch scan settings button.
Select required settings for Color, File type, Duplex mode and Resolution.
OR
Return back to Scan workflows list.
YSoft SafeQ 5 2498

February 03, 2016
2b
Touch scan parameters button.
Touch parameter name and add the value.
OR
YSoft SafeQ 5 2499

February 03, 2016
DISPLAY JOB SUMMARY
NOTE:
license.
The session summary window displays the total amount of print/copy/scan jobs performed in user's session.
Together with this also the number of pages and price for each job category is displayed. The total price
displays the sum of prices for each category.
NOTE: Job summary can be enabled by a configuration property "Enable YSoft SafeQ embedded
terminal for Ricoh to show session summary before the user logs out " ( srteShowSessionSummary )
that can be found in System Settings / Terminal UI.
1 Log out of the Terminal Embedded: Log in and log out at the Ricoh printer.
2 The session summary appears.
YSoft SafeQ 5 2500

February 03, 2016
3 Tap on OK to close the session summary window and logout from the terminal. The session
summary window is also closed automatically after 20 seconds.
COPY AT THE RICOH PRINTER
administrator.
2 When the Main menu appears, touch the Copy button on the printer panel.
YSoft SafeQ 5 2501

February 03, 2016
3 OR
Press Home button on the printer panel and select copy feature.
4 Configure the copy options and start copying by pressing Start button.
YSoft SafeQ 5 2502

February 03, 2016
YSoft SafeQ 5 2503

February 03, 2016
DELETE A PRINT JOB AT THE RICOH PRINTER
1 Log in to Terminal Embedded: Log in and log out at the Ricoh printer and navigate to joblist: Select
jobs to print at the Ricoh printer.
2 Touch jobs you want to delete.
3
Touch Delete icon
YSoft SafeQ 5 2504

February 03, 2016
DISPLAY DETAILED PRINT JOB INFORMATION AT THE RICOH PRINTER
1 Log in at the printer; navigate to YSoft SafeQ application
2
Select the job and touch Info icon
3 Touch the OK button to return to the Job list.
YSoft SafeQ 5 2505

February 03, 2016
INCOMPATIBLE JOBS AT THE RICOH PRINTER
Log in to Terminal Embedded: Log in and log out at the Ricoh printer
2 When you have selected Print all option, only compatible jobs will be printed
OR
You will see incompatible jobs grey out and marked with [ I ] symbol. You can print only compatible
jobs.
YSoft SafeQ 5 2506

February 03, 2016
LOG IN AND LOG OUT AT THE RICOH PRINTER

OR
YSoft SafeQ 5 2507

February 03, 2016
3 Touch PIN text field or directly type your PIN using the printer's numeric keypad. (2 to 20
numbers). You can confirm inserted PIN by Login.
HINT: You can enter PIN using the printer's numeric keypad confirm the entrance with # key
directly on this screen.
4 Confirm with OK.
YSoft SafeQ 5 2508

February 03, 2016
LOG IN WITH A USERNAME/PASSWORD OR A CARD

or by swiping your card on the card reader.
OR
YSoft SafeQ 5 2509

February 03, 2016
3 Touch Username text field and type your username.
Touch OK.
YSoft SafeQ 5 2510

February 03, 2016
4 Touch Password and type your password.
Touch OK.
YSoft SafeQ 5 2511

February 03, 2016
LOG OUT
To log out, touch the Exit button in the right corner or place any card on the card reader (if a card reader is
attached to the printer).
Touch Exit.
YSoft SafeQ 5 2512

February 03, 2016
PRINT ALL YOUR PRINT JOBS AT THE RICOH PRINTER
YSoft SafeQ 5 2513

February 03, 2016
REGISTER A NEW CARD AT RICOH PRINTER
YSoft SafeQ 5 2514

February 03, 2016

YSoft SafeQ 5 2515

February 03, 2016
3 Touch Activation Code text field to get software keyboard or use hardware keyboard to insert Card
Activation Code and then press Confirm.
4 If you have taken the first option then insert your Card activation code and confirm it with the OK
button.
YSoft SafeQ 5 2516

February 03, 2016
YSoft SafeQ 5 2517

February 03, 2016
2 Touch Username & Password button.
3 Touch Login button.
YSoft SafeQ 5 2518

February 03, 2016
YSoft SafeQ 5 2519

February 03, 2016
YSoft SafeQ 5 2520

February 03, 2016
SCAN AT THE RICOH PRINTER
YSoft SafeQ 5 2521

February 03, 2016
DISPLAY THE SCAN MENU
2 If a billing code screen appears:
Select the billing code and confirm selection with accept button
3 On the Main menu, touch Scan.
NOTE: Your Main menu may not look exactly like the one shown here.
The Scan menu opens.
NOTE: Your screen may include different options from the ones shown here.
YSoft SafeQ 5 2522

February 03, 2016
SELECT SCAN OPTIONS AND MAKING A SCAN

Available scanning options vary according to the YSoft SafeQ configuration at your location. To learn about
your available scanning options, contact your system administrator.
To select scan options and make a scan, then follow these steps:
1 Display the Scan menu.
2 Touch the scan workflow you want to use (for example, Scan to my folder) and start scanning by
touching scan button
NOTE: The workflow shown here is only a sample. Your menu may include this or different
options.
YSoft SafeQ 5 2523

February 03, 2016
YSoft SafeQ 5 2524

February 03, 2016
3 You can also do in scan menu:
Edit scan settings (file format, color, resolution, simplex/duplex).
Edit scan parameters (scan sender, scan recipient, filename, ...).
Navigate to another pages of Scan workflow list.
EDIT SCAN PARAMETERS AND SCAN SETTINGS

Your system may allow you to change scan workflow parameters. For example, if your available scan
workflows include Scan to e-mail, you may be able to change the e-mail address to send the scan from or
to.
Your system also allow to change scan workflow settings. For example the resolution, the file format of the
scanned document, duplex / simplex settings or the color settings.
The available workflows and whether or not you can change their settings vary according to the way YSoft
SafeQ is configured at your location. For more information, contact your system administrator.
YSoft SafeQ 5 2525

February 03, 2016
NOTE: The example shown here is for Scan to e-mail, but the process is similar for editing other
workflows.
1 Touch the Scan to my email workflow.
Edit scan settings (file format, color, resolution, simplex/duplex) described in step 2a.
Edit scan parameters (scan sender, scan recipient, filename, ...) described in step 2b.
2a
Touch scan settings button.
Select required settings for Color, File type, Duplex mode and Resolution.
OR
YSoft SafeQ 5 2526

February 03, 2016
2b
Touch scan parameters button.
Touch parameter name and add the value.
OR
YSoft SafeQ 5 2527

February 03, 2016
SELECT A BILLING CODE AT THE RICOH PRINTER
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application. You can choose
different billing codes for different copy and scan jobs in one session.
YSoft SafeQ 5 2528

February 03, 2016
YSoft SafeQ 5 2529

February 03, 2016
SELECT THE BILLING CODE DIRECTLY AFTER LOGIN
1 The billing code screen appears directly after login.
Now you can:
Select billing code
YSoft SafeQ 5 2530

February 03, 2016
2 Once the billing code is confirmed, it is displayed at the bottom of the screen.
YSoft SafeQ 5 2531

February 03, 2016
SELECT THE BILLING CODE FROM THE YSOFT SAFEQ APPLICATION
NOTE: The default billing code is highlighted.
Now you can:
Select billing code
YSoft SafeQ 5 2532

February 03, 2016
YSoft SafeQ 5 2533

February 03, 2016
If you want to search billing codes, touch magnifier icon
YSoft SafeQ 5 2534

February 03, 2016
4 A result which matches your searching phase displays.
NOTE: The path from root level is displayed for each billing code in bracket.
Now you can:
Select billing code
Search again for billing code
YSoft SafeQ 5 2535

February 03, 2016
YSoft SafeQ 5 2536

February 03, 2016
1 Once billing code is selected you can continue to Scan menu to start scanning with selected billing
code.
2 OR
Navigate to Copy menu and perform a copy job for selected billing code.
YSoft SafeQ 5 2537

February 03, 2016
YSoft SafeQ 5 2538

February 03, 2016
SELECT JOBS TO PRINT AT THE RICOH PRINTER
YSoft SafeQ 5 2539

February 03, 2016
Display more information about selected job.
Navigate to Waiting /
Printed / Favorite folders.
YSoft SafeQ 5 2540

February 03, 2016
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE RICOH PRINTER
1 Log in to Embedded Terminal: Log in and log out at the Ricoh printer and navigate to YSoft SafeQ
application
YSoft SafeQ 5 2541

February 03, 2016
3a
YSoft SafeQ 5 2542

February 03, 2016
If job parser is disabled or set to only analyze jobs, users are allowed to continue printing even after
their credit balance is insufficient.
NOTE: When the current balance is not sufficient for the print job, a debt is registered for the user
(in case debt registering is enabled in YSoft Payment System).
more details.
YSoft SafeQ 5 2543

February 03, 2016
NOTE: Some minimal credit is necessary to be able to enter the copy menu. The amount is
configured by your administrator.
NOTE: You can copy only a few more pages than your credit allows. For these pages a debt is
registered (in case debt registering is enabled in YSoft Payment System).
YSoft SafeQ 5 2544

February 03, 2016
refused.
5.6.4 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR FUJI XEROX APEOS
At a Glance

Log in using Username and Password or Card method
Log in using Pin or Card method
Log out
Register a new card
Incompatible jobs
YSoft SafeQ 5 2545

February 03, 2016

Delete a print job
Copy
Scan
Scan Workflows list
Print, copy and scan with credit balance at the Fuji Xerox printer
LOG IN USING USERNAME AND PASSWORD OR CARD METHOD
1 Place your card on the card reader attached to the printer.
NOTE: When the unknown card assignment feature is enabled, the assignment screen is
displayed also for swiping with known card, so the assignment screen has to be skipped. This can be
done just by leaving the input field empty and pressing Enter.
OR
Press the Log In / Out physical button and continue with the next step.
YSoft SafeQ 5 2546

February 03, 2016
2 Type in your Username and tap Next.
3 Type your Password and tap Enter.
YSoft SafeQ 5 2547

February 03, 2016
4 You are logged in and device main menu is displayed.
LOG IN USING PIN OR CARD METHOD
YSoft SafeQ 5 2548

February 03, 2016
OR
2 Type your Pin and tap Next.
YSoft SafeQ 5 2549

February 03, 2016
3 Leave Password field empty and tap Next.
YSoft SafeQ 5 2550

February 03, 2016
LOG OUT
To log out from the printer swipe with card on the card reader, press the physical button Log In / Out
button or tap the software Logout button shown on the screenshot below.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set for the
MFP by your system administrator (typically 3 minutes).
NOTE: If you are inside SafeQ application and inactive for period of time defined within SafeQ by
your system administrator, you will automatically leave from the SafeQ application to the device main
menu first. After another period of time (based on MFP settings) you will be also automatically logged
out from the device main menu.
YSoft SafeQ 5 2551

February 03, 2016
REGISTER A NEW CARD
YSoft SafeQ 5 2552

February 03, 2016
Place your card on the card reader attached to the printer.
YSoft SafeQ 5 2553

February 03, 2016
3 When the assignment process is successful, you will be logged to the printer and new card will be
assigned to your user account.
YSoft SafeQ 5 2554

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer.
YSoft SafeQ 5 2555

February 03, 2016
YSoft SafeQ 5 2556

February 03, 2016

folders.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
Select jobs to print at the Fuji Xerox printer.
YSoft SafeQ 5 2557

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
YSoft SafeQ 5 2558

February 03, 2016
DELETE A PRINT JOB
YSoft SafeQ 5 2559

February 03, 2016
YSoft SafeQ 5 2560

February 03, 2016
With YSoft SafeQ Embedded Terminal, you can choose billing (project) codes in the application menu for
copying and scanning in one session (no need to log out and log in again).
YSoft SafeQ 5 2561

February 03, 2016
Here you can:
Touch Arrow buttons to list pages of billing codes in current level.
YSoft SafeQ 5 2562

February 03, 2016
YSoft SafeQ 5 2563

February 03, 2016
YSoft SafeQ 5 2564

February 03, 2016
YSoft SafeQ 5 2565

February 03, 2016
YSoft SafeQ 5 2566

February 03, 2016
3 Type name or number or text of billing code, which you want to search for and touch Enter.
4 A result which matches your searching phase displays. Now you can:
YSoft SafeQ 5 2567

February 03, 2016
YSoft SafeQ 5 2568

February 03, 2016
OR
YSoft SafeQ 5 2569

February 03, 2016
COPY
administrator.
YSoft SafeQ 5 2570

February 03, 2016
available options.
YSoft SafeQ 5 2571

February 03, 2016
SCAN
SCAN WORKFLOWS LIST
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer
YSoft SafeQ 5 2572

February 03, 2016
scan file name, resolution, color, etc. (described in step 4a) Display another
pages of your scan workflows.
Now you can:
Change value of scan settings.
YSoft SafeQ 5 2573

February 03, 2016
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
Touch text field of the scan parameter to

change value.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
NOTE: When scanning in Duplex mode from the feeder a native prompt window appears on a
Fuji Xerox printer with Apeos JF SCLIPTLanguage Version 3.1.1 or earlier. Tap on the Last
Original button on the native Fuji Xerox screen to finish the scanning. This action is not required for
the devices with Apeos JF SCLIPTLanguage 3.1.2 and higher.
YSoft SafeQ 5 2574

February 03, 2016
YSoft SafeQ 5 2575

February 03, 2016
You can:
You can now:
YSoft SafeQ 5 2576

February 03, 2016
You can now:
YSoft SafeQ 5 2577

February 03, 2016

change value.
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE FUJI XEROX PRINTER
YSoft SafeQ 5 2578

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to YSoft
SafeQ Print or Scan application
2 In the Print and Scan application there is the current credit balance written at the bottom of the screen
next to your username.
NOTE: On every log in, SafeQ makes a reservation of an amount, which is based on rules
described in Credit handling on Fuji Xerox.
YSoft SafeQ 5 2579

February 03, 2016
YSoft SafeQ 5 2580

February 03, 2016
NOTE: The credit balance is refreshed in a few seconds after performing a print job. You need to
refresh the screen (e.g. by switching to other folder) to see the updated balance.
3a Users are allowed to continue printing even after their credit balance is insufficient when job parser is
disabled or only job analyzer is used. This is a limitation of the printer.
YSoft SafeQ 5 2581

February 03, 2016
YSoft SafeQ 5 2582

February 03, 2016
more details.
NOTE: This functionality is not supported by some types of printers.
refresh the screen (e.g. by switching to Print application) to see the updated balance.
YSoft SafeQ 5 2583

February 03, 2016
NOTE:The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
COPY AT THE FUJI XEROX PRINTER
administrator.
YSoft SafeQ 5 2584

February 03, 2016
available options.
YSoft SafeQ 5 2585

February 03, 2016
YSoft SafeQ 5 2586

February 03, 2016
DELETE A PRINT JOB AT THE FUJI XEROX PRINTER
YSoft SafeQ 5 2587

February 03, 2016
YSoft SafeQ 5 2588

February 03, 2016
INCOMPATIBLE JOBS AT THE FUJI XEROX PRINTER
Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
YSoft SafeQ 5 2589

February 03, 2016
LOG IN AND LOG OUT AT THE FUJI XEROX PRINTER
YSoft SafeQ 5 2590

February 03, 2016
OR
2 Type in your Username and tap Next.
YSoft SafeQ 5 2591

February 03, 2016
3 Type your Password and tap Enter.
YSoft SafeQ 5 2592

February 03, 2016
YSoft SafeQ 5 2593

February 03, 2016
OR
2 Type your Pin and tap Next.
YSoft SafeQ 5 2594

February 03, 2016
3 Leave Password field empty and tap Next.
YSoft SafeQ 5 2595

February 03, 2016
YSoft SafeQ 5 2596

February 03, 2016
LOG OUT
button or tap the software Logout button shown on the screenshot below.
NOTE: If you are inside SafeQ application and inactive for period of time defined within SafeQ by
your system administrator, you will automatically leave from the SafeQ application to the device main
menu first. After another period of time (based on MFP settings) you will be also automatically logged
SCAN AT THE FUJI XEROX PRINTER
YSoft SafeQ 5 2597

February 03, 2016
SCAN WORKFLOWS LIST
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer
YSoft SafeQ 5 2598

February 03, 2016
Now you can:

change value.
YSoft SafeQ 5 2599

February 03, 2016
YSoft SafeQ 5 2600

February 03, 2016
YSoft SafeQ 5 2601

February 03, 2016
You can:
YSoft SafeQ 5 2602

February 03, 2016
You can now:
You can now:
YSoft SafeQ 5 2603

February 03, 2016

change value.
YSoft SafeQ 5 2604

February 03, 2016
YSoft SafeQ 5 2605

February 03, 2016
SELECT JOBS TO PRINT AT THE FUJI XEROX PRINTER
YSoft SafeQ 5 2606

February 03, 2016
YSoft SafeQ 5 2607

February 03, 2016

folders.
YSoft SafeQ 5 2608

February 03, 2016
DISPLAY DETAILED PRINT JOBS INFORMATION AT THE FUJI XEROX PRINTER
YSoft SafeQ 5 2609

February 03, 2016
REGISTER A NEW CARD AT THE FUJI XEROX PRINTER

YSoft SafeQ 5 2610

February 03, 2016
YSoft SafeQ 5 2611

February 03, 2016
3 When the assignment process is successful, you will be logged to the printer and new card will be
SELECT A BILLING CODE AT THE FUJI XEROX PRINTER
With YSoft SafeQ Embedded Terminal, you can choose billing (project) codes in the application menu for
copying and scanning in one session (no need to log out and log in again).
YSoft SafeQ 5 2612

February 03, 2016
Here you can:
YSoft SafeQ 5 2613

February 03, 2016
YSoft SafeQ 5 2614

February 03, 2016
YSoft SafeQ 5 2615

February 03, 2016
YSoft SafeQ 5 2616

February 03, 2016
YSoft SafeQ 5 2617

February 03, 2016
YSoft SafeQ 5 2618

February 03, 2016
YSoft SafeQ 5 2619

February 03, 2016
OR
YSoft SafeQ 5 2620

February 03, 2016
YSoft SafeQ 5 2621

February 03, 2016
YSoft SafeQ 5 2622

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to YSoft
SafeQ Print or Scan application
2 In the Print and Scan application there is the current credit balance written at the bottom of the screen
next to your username.
described in Credit handling on Fuji Xerox.
YSoft SafeQ 5 2623

February 03, 2016
YSoft SafeQ 5 2624

February 03, 2016
YSoft SafeQ 5 2625

February 03, 2016
YSoft SafeQ 5 2626

February 03, 2016
YSoft SafeQ 5 2627

February 03, 2016
more details.
YSoft SafeQ 5 2628

February 03, 2016
refresh the screen (e.g. by switching to Print application) to see the updated balance.
NOTE:The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
YSoft SafeQ 5 2629

February 03, 2016
5.6.5 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR FUJI XEROX WITH XCP
At a Glance

Log in using Username and Password or Card method
Log in using Pin or Card method
Log out
Register a new card
Incompatible jobs
Delete a print job
Copy
Scan
Scan Workflows list
Print, copy and scan with credit balance at the Fuji Xerox printer
1 Optional: If enabled by you administrator, you can choose to print all waiting print jobs right after
logging in. In order to do so, tap the check-box to make the tick black.
Place your card onto the card reader attached to the printer.
OR
Tap text fields to enter your Username and Password and tap Login.
YSoft SafeQ 5 2630

February 03, 2016
2 You are logged in
OR
Type in your PIN using the external keyboard and tap Login.
YSoft SafeQ 5 2631

February 03, 2016
2 You are logged in.
Other login methods
For other authentication methods just follow the instructions written on the screen.
With authentication method PIN and Card, Username and password and Card, be sure to first
enter your credentials and swipe your card afterwards.
LOG OUT
button or tap the green area and choose Logout shown on the screenshot below.
NOTE: If you are inside SafeQ application and inactive for period of time defined by your system
administrator, you will automatically be exited from the SafeQ application to the device main menu
first. After another period of time (based on the MFP's settings) you will also be automatically logged
YSoft SafeQ 5 2632

February 03, 2016
REGISTER A NEW CARD
2 If prompted, select Card activation code method.
YSoft SafeQ 5 2633

February 03, 2016
3 Insert the Card Activation Code and confirm it with the Activate button.
4 When the assignment process is successful, you will be logged into the printer and new card will be
YSoft SafeQ 5 2634

February 03, 2016
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP.
2 Optional: If you are prompted, select Print at the Quota selection screen.
NOTE: You will not be able to perform any other operation until you log out and log in again.
3 If not redirected automatically, touch the YSoft SafeQ application in the device main menu.
YSoft SafeQ 5 2635

February 03, 2016
3 Now the Print job menu will be displayed.
YSoft SafeQ 5 2636

February 03, 2016
4 Once the job is printed, it appears in the Printed folder. This job can be reprinted in the future.

folders.
YSoft SafeQ 5 2637

February 03, 2016
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer with XCP and navigate to
joblist: Select jobs to print at the Fuji Xerox printer with XCP.
YSoft SafeQ 5 2638

February 03, 2016
1 Log in to Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP and navigate to
YSoft SafeQ 5 2639

February 03, 2016
DELETE A PRINT JOB
YSoft SafeQ 5 2640

February 03, 2016
YSoft SafeQ 5 2641

February 03, 2016
With YSoft SafeQ Embedded Terminal, you can switch between billing (project) codes for copying and
scanning.
YSoft SafeQ 5 2642

February 03, 2016
1 In the YSoft SafeQ application select Billing codes from the menu.
Here you can:
YSoft SafeQ 5 2643

February 03, 2016
YSoft SafeQ 5 2644

February 03, 2016
YSoft SafeQ 5 2645

February 03, 2016
YSoft SafeQ 5 2646

February 03, 2016
YSoft SafeQ 5 2647

February 03, 2016
YSoft SafeQ 5 2648

February 03, 2016
YSoft SafeQ 5 2649

February 03, 2016
1a Once billing code is selected you can continue to Scan menu to start scanning
1b Continue to Copy menu to start copying
YSoft SafeQ 5 2650

February 03, 2016
COPY
administrator.
2 Optional: If you are prompted, select Copy at the Quota selection screen.
YSoft SafeQ 5 2651

February 03, 2016
available options.
YSoft SafeQ 5 2652

February 03, 2016
SCAN
SCAN WORKFLOWS LIST
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP
2 Optional: If you are prompted, select Scan at the Quota selection screen.
YSoft SafeQ 5 2653

February 03, 2016
3 If not redirected automatically, touch YSoft SafeQ application in the device main menu.
YSoft SafeQ 5 2654

February 03, 2016
On the Main Menu screen, touch Scan.
YSoft SafeQ 5 2655

February 03, 2016
Now you can:

change value.
YSoft SafeQ 5 2656

February 03, 2016
YSoft SafeQ 5 2657

February 03, 2016
You can:
YSoft SafeQ 5 2658

February 03, 2016
You can now:
YSoft SafeQ 5 2659

February 03, 2016
You can now:
YSoft SafeQ 5 2660

February 03, 2016

change value.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer with XCP and navigate to
YSoft SafeQ Print or Scan application
2 In the Print and Scan application there is the currently available balance written at the bottom of the
screen next to your username.
YSoft SafeQ 5 2661

February 03, 2016
described in Credit handling on Fuji Xerox with XCP.
YSoft SafeQ 5 2662

February 03, 2016
YSoft SafeQ 5 2663

February 03, 2016
3b If the print job parser is enabled to render jobs, when you try to print jobs, for which you don't have
enough credit balance, job is not printed and stays in the waiting folder. You are informed about
YSoft SafeQ 5 2664

February 03, 2016
YSoft SafeQ 5 2665

February 03, 2016
NOTE: The credit balance is refreshed in a few seconds after performing a print job.
YSoft SafeQ 5 2666

February 03, 2016
COPY AT THE FUJI XEROX PRINTER WITH XCP
administrator.
2 Optional: If you are prompted, select Copy at the Quota selection screen.
YSoft SafeQ 5 2667

February 03, 2016
available options.
YSoft SafeQ 5 2668

February 03, 2016
YSoft SafeQ 5 2669

February 03, 2016
DELETE A PRINT JOB AT THE FUJI XEROX PRINTER WITH XCP
YSoft SafeQ 5 2670

February 03, 2016
YSoft SafeQ 5 2671

February 03, 2016
INCOMPATIBLE JOBS AT THE FUJI XEROX PRINTER WITH XCP
Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer with XCP and navigate to
YSoft SafeQ 5 2672

February 03, 2016
LOG IN AND LOG OUT AT THE FUJI XEROX PRINTER WITH XCP
Place your card onto the card reader attached to the printer.
OR
Tap text fields to enter your Username and Password and tap Login.
2 You are logged in
YSoft SafeQ 5 2673

February 03, 2016
OR
Type in your PIN using the external keyboard and tap Login.
2 You are logged in.
Other login methods
For other authentication methods just follow the instructions written on the screen.
With authentication method PIN and Card, Username and password and Card, be sure to first
enter your credentials and swipe your card afterwards.
YSoft SafeQ 5 2674

February 03, 2016
LOG OUT
button or tap the green area and choose Logout shown on the screenshot below.
NOTE: If you are inside SafeQ application and inactive for period of time defined by your system
administrator, you will automatically be exited from the SafeQ application to the device main menu
first. After another period of time (based on the MFP's settings) you will also be automatically logged
SCAN AT THE FUJI XEROX PRINTER WITH XCP
YSoft SafeQ 5 2675

February 03, 2016
SCAN WORKFLOWS LIST
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP
2 Optional: If you are prompted, select Scan at the Quota selection screen.
3 If not redirected automatically, touch YSoft SafeQ application in the device main menu.
YSoft SafeQ 5 2676

February 03, 2016
YSoft SafeQ 5 2677

February 03, 2016
Now you can:
YSoft SafeQ 5 2678

February 03, 2016

change value.
YSoft SafeQ 5 2679

February 03, 2016
YSoft SafeQ 5 2680

February 03, 2016
YSoft SafeQ 5 2681

February 03, 2016
You can:
YSoft SafeQ 5 2682

February 03, 2016
You can now:
You can now:
YSoft SafeQ 5 2683

February 03, 2016

change value.
YSoft SafeQ 5 2684

February 03, 2016
YSoft SafeQ 5 2685

February 03, 2016
SELECT JOBS TO PRINT AT THE FUJI XEROX PRINTER WITH XCP
2 Optional: If you are prompted, select Print at the Quota selection screen.
3 If not redirected automatically, touch the YSoft SafeQ application in the device main menu.
YSoft SafeQ 5 2686

February 03, 2016
3 Now the Print job menu will be displayed.
YSoft SafeQ 5 2687

February 03, 2016
4 Once the job is printed, it appears in the Printed folder. This job can be reprinted in the future.

folders.
YSoft SafeQ 5 2688

February 03, 2016
YSoft SafeQ 5 2689

February 03, 2016
DISPLAY DETAILED INFORMATION ABOUT PRINT JOBS AT THE FUJI XEROX PRINTER WITH XCP
YSoft SafeQ 5 2690

February 03, 2016
REGISTER A NEW CARD AT THE FUJI XEROX PRINTER WITH XCP

2 If prompted, select Card activation code method.
YSoft SafeQ 5 2691

February 03, 2016
3 Insert the Card Activation Code and confirm it with the Activate button.
4 When the assignment process is successful, you will be logged into the printer and new card will be
YSoft SafeQ 5 2692

February 03, 2016
SELECT A BILLING CODE AT THE FUJI XEROX PRINTER WITH XCP
With YSoft SafeQ Embedded Terminal, you can switch between billing (project) codes for copying and
scanning.
YSoft SafeQ 5 2693

February 03, 2016
1 In the YSoft SafeQ application select Billing codes from the menu.
Here you can:
YSoft SafeQ 5 2694

February 03, 2016
YSoft SafeQ 5 2695

February 03, 2016
YSoft SafeQ 5 2696

February 03, 2016
YSoft SafeQ 5 2697

February 03, 2016
YSoft SafeQ 5 2698

February 03, 2016
YSoft SafeQ 5 2699

February 03, 2016
YSoft SafeQ 5 2700

February 03, 2016
1a Once billing code is selected you can continue to Scan menu to start scanning
1b Continue to Copy menu to start copying
YSoft SafeQ 5 2701

February 03, 2016
YSoft SafeQ 5 2702

February 03, 2016
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE FUJI XEROX PRINTER WITH XCP
YSoft SafeQ 5 2703

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer with XCP and navigate to
YSoft SafeQ Print or Scan application
2 In the Print and Scan application there is the currently available balance written at the bottom of the
screen next to your username.
described in Credit handling on Fuji Xerox with XCP.
YSoft SafeQ 5 2704

February 03, 2016
YSoft SafeQ 5 2705

February 03, 2016
YSoft SafeQ 5 2706

February 03, 2016
3b If the print job parser is enabled to render jobs, when you try to print jobs, for which you don't have
enough credit balance, job is not printed and stays in the waiting folder. You are informed about
YSoft SafeQ 5 2707

February 03, 2016
YSoft SafeQ 5 2708

February 03, 2016
YSoft SafeQ 5 2709

February 03, 2016
NOTE: The credit balance is refreshed in a few seconds after performing a print job.
5.6.6 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR SHARP (OSA)
At a Glance
YSoft SafeQ 5 2710

February 03, 2016

Log in with a user name/password or a card
Log out
Register a new card
Sharp printer with job list: Waiting, printed, favorites folders
Incompatible jobs
Delete a print job
Access scan and/or copy
Enter scan
Enter copy
Copy
Scanning
Scan Workflows list
OR
Touch PIN field and continue to next step.
YSoft SafeQ 5 2711

February 03, 2016
2 Type your personal PIN code and close the keyboard or touch anywhere on the screen.
3 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Sharp printer.
YSoft SafeQ 5 2712

February 03, 2016
LOG IN WITH A USER NAME/PASSWORD OR A CARD
OR
Touch Username field and continue to next step.
YSoft SafeQ 5 2713

February 03, 2016
3 Touch Password field.
4 Type in your password and touch OK.
YSoft SafeQ 5 2714

February 03, 2016
5 Touch Login.
LOG OUT
To log out, touch the hardware or software Logout button (depends on your printer).
YSoft SafeQ 5 2715

February 03, 2016
administrator.
YSoft SafeQ 5 2716

February 03, 2016
REGISTER A NEW CARD
YSoft SafeQ 5 2717

February 03, 2016
YSoft SafeQ 5 2718

February 03, 2016
3 Touch Activation Code text field.
4 Insert your Card activation code and close the keyboard or touch anywhere on the screen.
YSoft SafeQ 5 2719

February 03, 2016
5 Touch Activate button.
YSoft SafeQ 5 2720

February 03, 2016
2 Touch Username and Password button.
3 Touch Username button.
YSoft SafeQ 5 2721

February 03, 2016
YSoft SafeQ 5 2722

February 03, 2016
YSoft SafeQ 5 2723

February 03, 2016
SHARP PRINTER WITH JOB LIST: WAITING, PRINTED, FAVORITES FOLDERS
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer.
2 On the Main Menu screen, touch YSoft SafeQ (right corner).
YSoft SafeQ 5 2724

February 03, 2016
YSoft SafeQ 5 2725

February 03, 2016

folders.
YSoft SafeQ 5 2726

February 03, 2016
Logout from YSoft SafeQ terminal embedded.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
jobs to print at the Sharp printer.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
jobs to print at the Sharp printer
YSoft SafeQ 5 2727

February 03, 2016
3 Job details and preview of the first page of print job are displayed.
DELETE A PRINT JOB
YSoft SafeQ 5 2728

February 03, 2016
YSoft SafeQ 5 2729

February 03, 2016
YSoft SafeQ 5 2730

February 03, 2016
Here you can:
YSoft SafeQ 5 2731

February 03, 2016
YSoft SafeQ 5 2732

February 03, 2016
1 The default billing code is preselected immediately after login (in this case: 121: invoices 2013)
YSoft SafeQ 5 2733

February 03, 2016
YSoft SafeQ 5 2734

February 03, 2016
YSoft SafeQ 5 2735

February 03, 2016
YSoft SafeQ 5 2736

February 03, 2016
ACCESS SCAN AND/OR COPY
If your system allows you to scan and/or copy, follow these instructions to access these functions.
NOTE: These functions could be accesible in several ways. Use either of the methods described below
enter to scan or copy.
YSoft SafeQ 5 2737

February 03, 2016
ENTER SCAN
1 Use Scan menu to start scanning
OR
2 If Scan menu is disabled you can enable it by selecting Other functions ...
YSoft SafeQ 5 2738

February 03, 2016
... and select YSoft SafeQ Scan application.
YSoft SafeQ 5 2739

February 03, 2016
ENTER COPY
1 Use Copy menu to start scanning
OR
2 If Copy menu is not displayed you can select Other functions ...
... and select Copy from the top-left menu.
YSoft SafeQ 5 2740

February 03, 2016
COPY
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer
YSoft SafeQ 5 2741

February 03, 2016
available options.
Then press Start to start copying.
SCANNING
YSoft SafeQ 5 2742

February 03, 2016
SCAN WORKFLOWS LIST
YSoft SafeQ 5 2743

February 03, 2016
NOTE: When you see two tabs Quick scan workflow and Expert scan workflow, it is possible:
In Quick scan workflow tab touch one of scan workflows and your scanning
starts immediately.
In Expert workflows tab, configure scan settings and start scanning.
Now you can:

starts
YSoft SafeQ 5 2744

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to YSoft SafeQ
print or scan application
YSoft SafeQ 5 2745

February 03, 2016
YSoft SafeQ 5 2746

February 03, 2016
YSoft SafeQ 5 2747

February 03, 2016
3a YSoft Print job parser is disabled or only job analyzer is used:
When you try to print jobs, for which you don't have enough credit balance, only those pages for
which you have credit balance are printed. Then the print stops and the job is suspended.
a) Deposit credit balance and continue printing.
b) Finish printing and deleting the suspended job.
more details.
NOTE: It is not possible to print, copy or scan on the device, unless the suspended job is
deleted.
YSoft SafeQ 5 2748

February 03, 2016
4a In case you want to deposit credit balance and continue printing:
1) Tap on the Limit button.
2) Tap on the suspended job. A prompt message appears.
3) Tap on the Yes button
4) If you have enough credit balance, rest of job will printed and accounted
YSoft SafeQ 5 2749

February 03, 2016
YSoft SafeQ 5 2750

February 03, 2016
4b Finish printing and deleting the suspended job.
2) Tap on the scroll menu
3) Tap on Stop/Delete job
4) The job will be accounted and the printed pages canceled.
YSoft SafeQ 5 2751

February 03, 2016
YSoft SafeQ 5 2752

February 03, 2016
3b YSoft Print job parser is enabled to render jobs:
When you try to print jobs, for which you don't have enough credit balance, then the print stops and
the job is not printed.
a) Deposit credit balance and try to print again.
b) Print only jobs for which you have enough credit balance.
more details.
deleted.
YSoft SafeQ 5 2753

February 03, 2016
NOTE: The current credit balance is not possible to show in Copy menu.
2 When you try to copy a job, for which you don't have enough credit balance, the copy job is refused.
In this case you have options:
1) Deposit credit balance and continue copying with Yes button.
2) Finish copying by tapping on the No button.
more details.
YSoft SafeQ 5 2754

February 03, 2016
1 Select the scan workflow you want to use and start scanning.
YSoft SafeQ 5 2755

February 03, 2016
YSoft SafeQ 5 2756

February 03, 2016
1) Deposit credit balance and continue copying with Back > Scan.
2) Finish scanning by pressing the Back button.
more details.
YSoft SafeQ 5 2757

February 03, 2016
COPY AT THE SHARP PRINTER
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer
YSoft SafeQ 5 2758

February 03, 2016
available options.
YSoft SafeQ 5 2759

February 03, 2016
DELETE A PRINT JOB AT THE SHARP PRINTER
YSoft SafeQ 5 2760

February 03, 2016
INCOMPATIBLE JOBS AT THE SHARP PRINTER
Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
LOG IN AND LOG OUT AT THE SHARP PRINTER

OR
YSoft SafeQ 5 2761

February 03, 2016
3 Touch Login.
YSoft SafeQ 5 2762

February 03, 2016

OR
YSoft SafeQ 5 2763

February 03, 2016
YSoft SafeQ 5 2764

February 03, 2016
5 Touch Login.
LOG OUT
YSoft SafeQ 5 2765

February 03, 2016
PRINT ALL YOUR PRINT JOBS AT THE SHARP PRINTER
administrator.
YSoft SafeQ 5 2766

February 03, 2016
REGISTER A NEW CARD AT THE SHARP PRINTER

YSoft SafeQ 5 2767

February 03, 2016

YSoft SafeQ 5 2768

February 03, 2016
4 Insert your Card activation code and close the keyboard or touch anywhere on the screen.
YSoft SafeQ 5 2769

February 03, 2016
YSoft SafeQ 5 2770

February 03, 2016
YSoft SafeQ 5 2771

February 03, 2016
YSoft SafeQ 5 2772

February 03, 2016
YSoft SafeQ 5 2773

February 03, 2016
SCAN AT THE SHARP PRINTER
YSoft SafeQ 5 2774

February 03, 2016
SCAN WORKFLOWS LIST
YSoft SafeQ 5 2775

February 03, 2016
starts immediately.
Now you can:

starts
YSoft SafeQ 5 2776

February 03, 2016
SELECT A BILLING CODE AT THE SHARP PRINTER
YSoft SafeQ 5 2777

February 03, 2016
Here you can:
YSoft SafeQ 5 2778

February 03, 2016
YSoft SafeQ 5 2779

February 03, 2016
YSoft SafeQ 5 2780

February 03, 2016
YSoft SafeQ 5 2781

February 03, 2016
YSoft SafeQ 5 2782

February 03, 2016
YSoft SafeQ 5 2783

February 03, 2016
YSoft SafeQ 5 2784

February 03, 2016
SELECT JOBS TO PRINT AT THE SHARP PRINTER
YSoft SafeQ 5 2785

February 03, 2016
SHARP PRINTER WITH JOB LIST: WAITING, PRINTED, FAVORITES FOLDERS
2 On the Main Menu screen, touch YSoft SafeQ (right corner).
YSoft SafeQ 5 2786

February 03, 2016
YSoft SafeQ 5 2787

February 03, 2016

folders.
Logout from YSoft SafeQ terminal embedded.
YSoft SafeQ 5 2788

February 03, 2016
DISPLAY DETAILED PRINT JOB INFORMATION AT THE SHARP PRINTER
jobs to print at the Sharp printer
YSoft SafeQ 5 2789

February 03, 2016
YSoft SafeQ 5 2790

February 03, 2016
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE SHARP PRINTER
YSoft SafeQ 5 2791

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to YSoft SafeQ
print or scan application
YSoft SafeQ 5 2792

February 03, 2016
YSoft SafeQ 5 2793

February 03, 2016
YSoft SafeQ 5 2794

February 03, 2016
3a YSoft Print job parser is disabled or only job analyzer is used:
When you try to print jobs, for which you don't have enough credit balance, only those pages for
which you have credit balance are printed. Then the print stops and the job is suspended.
a) Deposit credit balance and continue printing.
b) Finish printing and deleting the suspended job.
more details.
deleted.
YSoft SafeQ 5 2795

February 03, 2016
4a In case you want to deposit credit balance and continue printing:
2) Tap on the suspended job. A prompt message appears.
3) Tap on the Yes button
4) If you have enough credit balance, rest of job will printed and accounted
YSoft SafeQ 5 2796

February 03, 2016
YSoft SafeQ 5 2797

February 03, 2016
4b Finish printing and deleting the suspended job.
2) Tap on the scroll menu
3) Tap on Stop/Delete job
4) The job will be accounted and the printed pages canceled.
YSoft SafeQ 5 2798

February 03, 2016
YSoft SafeQ 5 2799

February 03, 2016
3b YSoft Print job parser is enabled to render jobs:
When you try to print jobs, for which you don't have enough credit balance, then the print stops and
the job is not printed.
a) Deposit credit balance and try to print again.
b) Print only jobs for which you have enough credit balance.
more details.
deleted.
YSoft SafeQ 5 2800

February 03, 2016
YSoft SafeQ 5 2801

February 03, 2016
NOTE: The current credit balance is not possible to show in Copy menu.
2 When you try to copy a job, for which you don't have enough credit balance, the copy job is refused.
In this case you have options:
1) Deposit credit balance and continue copying with Yes button.
2) Finish copying by tapping on the No button.
more details.
YSoft SafeQ 5 2802

February 03, 2016
1 Select the scan workflow you want to use and start scanning.
YSoft SafeQ 5 2803

February 03, 2016
1) Deposit credit balance and continue copying with Back > Scan.
2) Finish scanning by pressing the Back button.
more details.
YSoft SafeQ 5 2804

February 03, 2016
ACCESS TO SCAN AND COPY FUNCTIONS

If your system allows you to scan and/or copy, follow these instructions to access these functions.
NOTE: These functions could be accesible in several ways. Use either of the methods described below
enter to scan or copy.
YSoft SafeQ 5 2805

February 03, 2016
ENTER SCAN
1 Use Scan menu to start scanning
OR
2 If Scan menu is disabled you can enable it by selecting Other functions ...
YSoft SafeQ 5 2806

February 03, 2016
... and select YSoft SafeQ Scan application.
YSoft SafeQ 5 2807

February 03, 2016
ENTER COPY
1 Use Copy menu to start scanning
OR
2 If Copy menu is not displayed you can select Other functions ...
... and select Copy from the top-left menu.
YSoft SafeQ 5 2808

February 03, 2016
5.6.7 USING TERMINAL PROFESSIONAL
At a Glance
FCC statements
Overview
Changing the terminal's language
Logging in at the printer
Logging in with a PIN or a card
Logging in with a username/password or a card
Logging out
Logging in with SmartCard
Logging out with SmartCard
Registering a new card
Printing all your print jobs in the queue
Selecting jobs to print
Incompatible jobs at Terminal Professional
Deleting a print job
Selecting a billing code
Selecting a billing code
Copying and scanning
Copy / scan with credit balance
YSoft SafeQ 5 2809

February 03, 2016
FCC STATEMENTS


OVERVIEW
This chapter provides instructions for using YSoft SafeQ® Terminal Professional, firmware version 3.8.0
and higher.
Depending on how your SafeQ administrator has set up the terminal, you can use the terminal to:
Access printers and MFPs to print, copy, and scan.

YSoft SafeQ 5 2810

February 03, 2016
Delete jobs from queues.

View information about print/copying status and detailed price accounting.
CHANGING THE TERMINAL'S LANGUAGE
If necessary, change the terminal's language as follows:
1 Touch the globe icon.
2 Touch the language you want.
The available languages depend on how your terminal is configured.
OR
YSoft SafeQ 5 2811

February 03, 2016
3 Touch the language button to switch to the alternate language.
LOGGING IN AT THE PRINTER
LOGGING IN WITH A PIN OR A CARD
YSoft SafeQ 5 2812

February 03, 2016
NOTE: The first time you use your card, register it as described in Registering a new card at Terminal
Professional
To log in, swipe your card on the card reader embedded in the terminal.
OR
1 Touch PIN.
2 Type your PIN (2 or more numbers).
3 Touch OK.
YSoft SafeQ 5 2813

February 03, 2016
4 If you want the printer to print all your unprinted jobs, touch Print.
LOGGING IN WITH A USERNAME/PASSWORD OR A CARD
or by swiping your card on the card reader embedded in the terminal.
Professional
OR
1 Touch Login.
YSoft SafeQ 5 2814

February 03, 2016
2 Type your username. The keypad works like phone keypads. To enter a lowercase or uppercase
letter, touch a key more than once.
3 Touch OK.
4 Type your password.
5 Touch OK.
YSoft SafeQ 5 2815

February 03, 2016
LOGGING OUT
1 To log out, on the Main menu, touch End, or swipe any card (if available). NOTE: If you do not
log out, the terminal automatically logs you out after a period of time set by your system administrator
(typically 1 minute).
YSoft SafeQ 5 2816

February 03, 2016
LOGGING IN WITH SMARTCARD
Your system may be configured so that you can choose to log in by inserting SmartCard into card reader
embedded in the terminal.
1 To log in with Smardcard, insert your card into card reader embedded in the
terminal.
2 Login screen with numeric keyboard appears.
YSoft SafeQ 5 2817

February 03, 2016
OR
Login screen with alphanumeric keyboard appears.
You can switch between keyboards with highlighted buttons.
3 Type your PIN and touch OK or Confirm (Tick) button.
YSoft SafeQ 5 2818

February 03, 2016
4 User is successfully logged in.
LOGGING OUT WITH SMARTCARD
1 To log out, touch End, on the Main menu.
The terminal ask to remove SmartCard from reader.
YSoft SafeQ 5 2819

February 03, 2016
OR
2 Remove SmartCard from card reader, in any state of terminal.
NOTE: If you do not log out, the terminal automatically logs you out after a period of time set by
your system administrator (typically 1 minute).
REGISTERING A NEW CARD
If YSoft SafeQ does not recognize your ID card, the terminal displays a message asking you to enter your
username and password or Card Activation Code.
1 Place your ID card on the terminal.
2 To assign the card via your username and password, touch LOGIN.
OR
To assign the card via Card Activation Code, touch Act. Code.
NOTE: The terminal should ask you only for a Card Activation Code or only for a username and
password. This depends on SafeQ system configuration.
YSoft SafeQ 5 2820

February 03, 2016
OR
OR
YSoft SafeQ 5 2821

February 03, 2016
3 When you have selected assigning by username and password, enter your username and password.
YSoft SafeQ 5 2822

February 03, 2016
OR
When you have selected assigning by Card Activation Code, enter your Card Activation Code.
4 NOTE: Your Card Activation Code appears in an e-mail you receive from YSoft SafeQ.
YSoft SafeQ 5 2823

February 03, 2016
5 A confirmation message is displayed.

From now on, the terminal will recognize your ID card; you will not have to enter the Card Activation
Code again.
PRINTING ALL YOUR PRINT JOBS IN THE QUEUE
NOTE: Depending on how your administrator has set up the terminal, the print all jobs functionality could
be disabled. Pressing print button enters joblist, where you can individually select jobs to print.
YSoft SafeQ 5 2824

February 03, 2016
1 Swipe your card on the card reader and/or enter other login information.
2 On the Main menu, touch Print button.
NOTE: The Print button displays the number of print jobs you have waiting to be printed. In the
example shown here, three ( 3 ) jobs are waiting.
3 The printer/MFP begins to print all your jobs. The Print screen shows the progress.
4 When all your jobs have been printed, the terminal displays information and then automatically logs
you out.
NOTE: Price and pages information may or may not appear, depending on how the terminal has
been configured.
YSoft SafeQ 5 2825

February 03, 2016
SELECTING JOBS TO PRINT
1 Place your card on the card reader and/or enter login information.
2 On the Main menu, touch Job list.
3 Depending on the way terminal has been set up, a sub-menu may appear.
Touch the button for the type of job you want to print.
YSoft SafeQ 5 2826

February 03, 2016
4 Touch the job you want to print.
To print the selected job(s): touch the Print button and the printer prints the job(s).
5 Touch the icon hand; then select one of the following options:
To display more jobs, touch the up or down arrows.

To select / deselect all the jobs, touch Select all / Unselect all.
To mark a selected job as favorite, touch Mark favourite.
To view more information about the selected job, touch Show info.
YSoft SafeQ 5 2827

February 03, 2016
To display a print job preview, touch Show preview.
NOTE: Depending on how your administrator has set up the terminal, the Select all item in
context menu could be disabled.
6 Touch Print.
INCOMPATIBLE JOBS AT TERMINAL PROFESSIONAL
2 Login terminal professional
3 When you select Print option (print all), only compatible jobs will be printed.
Terminal Professional informs you, that there are also incompatible jobs, which were not printed.
YSoft SafeQ 5 2828

February 03, 2016
OR
You will see incompatible jobs marked with cross.
You can print only compatible jobs.
Example: As displayed on picture above the printer supports only normal (A5/A4/letter) page print, so
large (A3/legal/tabloid) pages print jobs are incompatible and it is not possible to print them.
5 It is possible that another printer supports such kind of your print jobs.
So it is recommended to try another printer in your company (in this case of example above: Try to
login and print on the normal (A5/A4/letter) / large (A3/legal/tabloid) printer).
YSoft SafeQ 5 2829

February 03, 2016
DELETING A PRINT JOB
2 Touch Job list button in main menu.
3 You may see submenu depends on administrator's settings.
Touch the button for the type of job you want to delete.
YSoft SafeQ 5 2830

February 03, 2016
4 Touch the job you want to delete.
5 Touch button Delete.
SELECTING A BILLING CODE
NOTE: Your system may be set up to for you to select a project for the copies and scans you make. If
this is the case, after you log in and touch Copying/Scanning, the Project selection screen appears.
1 Select Copying/Scanning
YSoft SafeQ 5 2831

February 03, 2016
2 Project selection screen appears.
If you have a default billing code, it is highlighted ("Project B" is default billing code in this case).
NOTE: You can define your own default billing code in the YSoft SafeQ Web Interface. See Quick
Start Guide for End Users for details.
OR
Project search screen appears.
You can search billing codes by Code number or Code name/description or use exit button to show
Project selection screen.
YSoft SafeQ 5 2832

February 03, 2016
3 Press to select a billing code.
OR
Touch the folder icon to display a list of sub-codes.
YSoft SafeQ 5 2833

February 03, 2016
List of sub-codes displayed immediately.
4 Press the Exit button to display:
the list of parent billing codes, if sub-codes is displayed

to use default billing code, if defined
to exit without selecting a billing code, if default code is not defined
YSoft SafeQ 5 2834

February 03, 2016
5 To display more billing codes, touch the slider.
To search throught all the billing codes, touch Filter; then type part of the billing code and touch OK.
COPYING AND SCANNING
1 Log in at the terminal.
2 In the Main menu, touch Copying/Scanning.
3 If billing code entry screen opens, select or search for a billing code; then you are moved to copy
screen.
YSoft SafeQ 5 2835

February 03, 2016
4 On the MFP's control panel, select the options you want; then make the copies or scan your
document.
When you finish, touch End. The terminal automatically logs you out.
NOTE: The terminal displays information about the copies or scans you made.
YSoft SafeQ 5 2836

February 03, 2016
The terminal may or may not display more information about your session, depending on the way the
terminal has been configured.
2 The current credit balance is written in the Main menu or Job menu close to your User name.
YSoft SafeQ 5 2837

February 03, 2016
1 Print all your waiting jobs by pressing Print button or navigate to Job list to select jobs you want to
print.
YSoft SafeQ 5 2838

February 03, 2016
YSoft SafeQ 5 2839

February 03, 2016
2 Once the job is printed, there is displayed consumed price and the credit balance is decreased.
HINT: You could authenticate again to check your current credit balance.
YSoft SafeQ 5 2840

February 03, 2016
3 When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
NOTE: Only the jobs that you have credit balance for are printed. The ones you do not have
sufficient credit balance for are refused.
more details.
YSoft SafeQ 5 2841

February 03, 2016
COPY / SCAN WITH CREDIT BALANCE
1 Enter the copy / scan menu and start copying / scanning.
After performing the copy / scan job, your credit balance will be decreased.
YSoft SafeQ 5 2842

February 03, 2016
YSoft SafeQ 5 2843

February 03, 2016
2 When you try to copy / scan job, for which you don't have enough credit balance, the copy / scan job
is refused.
NOTE: Only the pages that you have credit balance for are copied / scanned. The ones you do
not have sufficient credit balance for are refused. There are some limitations depending on MFP
blocking technology / cable .
more details.
YSoft SafeQ 5 2844

February 03, 2016
COPYING AND SCANNING AT TERMINAL PROFESSIONAL
1 Log in at the terminal.
2 In the Main menu, touch Copying/Scanning.
3 If billing code entry screen opens, select or search for a billing code; then you are moved to copy
screen.
4 On the MFP's control panel, select the options you want; then make the copies or scan your
document.
YSoft SafeQ 5 2845

February 03, 2016
When you finish, touch End. The terminal automatically logs you out.
NOTE: The terminal displays information about the copies or scans you made.
5 The terminal may or may not display more information about your session, depending on the way the
terminal has been configured.
YSoft SafeQ 5 2846

February 03, 2016
YSoft SafeQ 5 2847

February 03, 2016
DELETING A PRINT JOB AT TERMINAL PROFESSIONAL
2 Touch Job list button in main menu.
3 You may see submenu depends on administrator's settings.
Touch the button for the type of job you want to delete.
4 Touch the job you want to delete.
YSoft SafeQ 5 2848

February 03, 2016
5 Touch button Delete.
YSoft SafeQ 5 2849

February 03, 2016
INCOMPATIBLE JOBS AT TERMINAL PROFESSIONAL
2 Login terminal professional
3 When you select Print option (print all), only compatible jobs will be printed.
Terminal Professional informs you, that there are also incompatible jobs, which were not printed.
OR
You will see incompatible jobs marked with cross.
You can print only compatible jobs.
Example: As displayed on picture above the printer supports only normal (A5/A4/letter) page print, so
large (A3/legal/tabloid) pages print jobs are incompatible and it is not possible to print them.
YSoft SafeQ 5 2850

February 03, 2016
5 It is possible that another printer supports such kind of your print jobs.
So it is recommended to try another printer in your company (in this case of example above: Try to
login and print on the normal (A5/A4/letter) / large (A3/legal/tabloid) printer).
LOGGING IN AND LOGGING OUT AT TERMINAL PROFESSIONAL
LOGGING IN WITH A PIN OR A CARD

Professional
OR
1 Touch PIN.
YSoft SafeQ 5 2851

February 03, 2016
2 Type your PIN (2 or more numbers).
3 Touch OK.
YSoft SafeQ 5 2852

February 03, 2016
LOGGING IN WITH A USERNAME/PASSWORD OR A CARD

or by swiping your card on the card reader embedded in the terminal.
Professional
OR
1 Touch Login.
YSoft SafeQ 5 2853

February 03, 2016
2 Type your username. The keypad works like phone keypads. To enter a lowercase or uppercase
letter, touch a key more than once.
3 Touch OK.
4 Type your password.
5 Touch OK.
YSoft SafeQ 5 2854

February 03, 2016
LOGGING OUT
1 To log out, on the Main menu, touch End, or swipe any card (if available). NOTE: If you do not
log out, the terminal automatically logs you out after a period of time set by your system administrator
(typically 1 minute).
LOGGING IN WITH SMARTCARD

Your system may be configured so that you can choose to log in by inserting SmartCard into card reader
embedded in the terminal.
YSoft SafeQ 5 2855

February 03, 2016
To log in with Smardcard, insert your card into card reader embedded in the
terminal.
2 Login screen with numeric keyboard appears.
OR
Login screen with alphanumeric keyboard appears.
You can switch between keyboards with highlighted buttons.
YSoft SafeQ 5 2856

February 03, 2016
3 Type your PIN and touch OK or Confirm (Tick) button.
4 User is successfully logged in.
YSoft SafeQ 5 2857

February 03, 2016
LOGGING OUT WITH SMARTCARD
1 To log out, touch End, on the Main menu.
The terminal ask to remove SmartCard from reader.
OR
2 Remove SmartCard from card reader, in any state of terminal.
NOTE: If you do not log out, the terminal automatically logs you out after a period of time set by
your system administrator (typically 1 minute).
YSoft SafeQ 5 2858

February 03, 2016
PRINTING ALL YOUR PRINT JOBS AT TERMINAL PROFESSIONAL
NOTE: Depending on how your administrator has set up the terminal, the print all jobs functionality could
be disabled. Pressing print button enters joblist, where you can individually select jobs to print.
2 On the Main menu, touch Print button.
NOTE: The Print button displays the number of print jobs you have waiting to be printed. In the
example shown here, three ( 3 ) jobs are waiting.
YSoft SafeQ 5 2859

February 03, 2016
The printer/MFP begins to print all your jobs. The Print screen shows the progress.
4 When all your jobs have been printed, the terminal displays information and then automatically logs
you out.
NOTE: Price and pages information may or may not appear, depending on how the terminal has
been configured.
REGISTERING A NEW CARD AT TERMINAL PROFESSIONAL
If YSoft SafeQ does not recognize your ID card, the terminal displays a message asking you to enter your
username and password or Card Activation Code.
YSoft SafeQ 5 2860

February 03, 2016
1 Place your ID card on the terminal.
2 To assign the card via your username and password, touch LOGIN.
OR
To assign the card via Card Activation Code, touch Act. Code.
NOTE: The terminal should ask you only for a Card Activation Code or only for a username and
password. This depends on SafeQ system configuration.
OR
YSoft SafeQ 5 2861

February 03, 2016
OR
3 When you have selected assigning by username and password, enter your username and password.
YSoft SafeQ 5 2862

February 03, 2016
OR
When you have selected assigning by Card Activation Code, enter your Card Activation Code.
YSoft SafeQ 5 2863

February 03, 2016
4 NOTE: Your Card Activation Code appears in an e-mail you receive from YSoft SafeQ.
5 A confirmation message is displayed.

From now on, the terminal will recognize your ID card; you will not have to enter the Card Activation
YSoft SafeQ 5 2864

February 03, 2016
Code again.
SELECTING A BILLING CODE AT TERMINAL PROFESSIONAL
NOTE: Your system may be set up to for you to select a project for the copies and scans you make. If
this is the case, after you log in and touch Copying/Scanning, the Project selection screen appears.
1 Select Copying/Scanning
YSoft SafeQ 5 2865

February 03, 2016
2 Project selection screen appears.
If you have a default billing code, it is highlighted ("Project B" is default billing code in this case).
NOTE: You can define your own default billing code in the YSoft SafeQ Web Interface. See Quick
Start Guide for End Users for details.
OR
Project search screen appears.
You can search billing codes by Code number or Code name/description or use exit button to show
Project selection screen.
YSoft SafeQ 5 2866

February 03, 2016
3 Press to select a billing code.
OR
Touch the folder icon to display a list of sub-codes.
List of sub-codes displayed immediately.
YSoft SafeQ 5 2867

February 03, 2016
4 Press the Exit button to display:
the list of parent billing codes, if sub-codes is displayed

to use default billing code, if defined
to exit without selecting a billing code, if default code is not defined
5 To display more billing codes, touch the slider.
To search throught all the billing codes, touch Filter; then type part of the billing code and touch OK.
YSoft SafeQ 5 2868

February 03, 2016
SELECTING JOBS TO PRINT AT TERMINAL PROFESSIONAL
1 Place your card on the card reader and/or enter login information.
2 On the Main menu, touch Job list.
3 Depending on the way terminal has been set up, a sub-menu may appear.
Touch the button for the type of job you want to print.
4 Touch the job you want to print.
To print the selected job(s): touch the Print button and the printer prints the job(s).
YSoft SafeQ 5 2869

February 03, 2016
5 Touch the icon hand; then select one of the following options:
To display more jobs, touch the up or down arrows.

To select / deselect all the jobs, touch Select all / Unselect all.
To mark a selected job as favorite, touch Mark favourite.
To view more information about the selected job, touch Show info.
To display a print job preview, touch Show preview.
NOTE: Depending on how your administrator has set up the terminal, the Select all item in
context menu could be disabled.
YSoft SafeQ 5 2870

February 03, 2016
6 Touch Print.
YSoft SafeQ 5 2871

February 03, 2016
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT TERMINAL PROFESSIONAL
2 The current credit balance is written in the Main menu or Job menu close to your User name.
YSoft SafeQ 5 2872

February 03, 2016
YSoft SafeQ 5 2873

February 03, 2016
1 Print all your waiting jobs by pressing Print button or navigate to Job list to select jobs you want to
print.
YSoft SafeQ 5 2874

February 03, 2016
2 Once the job is printed, there is displayed consumed price and the credit balance is decreased.
HINT: You could authenticate again to check your current credit balance.
YSoft SafeQ 5 2875

February 03, 2016
3 When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
NOTE: Only the jobs that you have credit balance for are printed. The ones you do not have
sufficient credit balance for are refused.
more details.
YSoft SafeQ 5 2876

February 03, 2016
YSoft SafeQ 5 2877

February 03, 2016
COPY / SCAN WITH CREDIT BALANCE
1 Enter the copy / scan menu and start copying / scanning.
After performing the copy / scan job, your credit balance will be decreased.
YSoft SafeQ 5 2878

February 03, 2016
YSoft SafeQ 5 2879

February 03, 2016
2 When you try to copy / scan job, for which you don't have enough credit balance, the copy / scan job
is refused.
NOTE: Only the pages that you have credit balance for are copied / scanned. The ones you do
not have sufficient credit balance for are refused. There are some limitations depending on MFP
blocking technology / cable .
more details.
5.6.8 USING TERMINAL ULTRALIGHT
At a Glance
FCC statements
Overview
Using the keypad
Logging in at the printer
Logging out
Printing all print jobs
Print all jobs
Print with Credit balance
Copying
Copy and scan
Copy and scan with Credit balance
YSoft SafeQ 5 2880

February 03, 2016
Terminal specifications
Terminal UltraLight beep and LED code sequences
Beep code sequences
LED code sequences
FCC STATEMENTS


OVERVIEW
YSoft SafeQ Terminal UltraLight provides a compact, fast, and easy-to-use interface for users to access
multifunction printers (MFPs) and network printers to perform print, copy, and scan operations. The terminal
supports Print roaming and Authorized copying.
The terminal has a touch keypad for user interaction. Users can authenticate with an ID card and/or by
entering a PIN.
Terminal UltraLight Print & Copy can provide authentication for printing and copying.
Terminal UltraLight Print Only can provide authentication only for printing.
YSoft SafeQ 5 2881

February 03, 2016
You use the terminal to log in before using the printer.
When logging in with a PIN, touch the keys to enter your PIN; then touch OK.
YSoft SafeQ 5 2882

February 03, 2016
Terminal UltraLight is equipped with a 2-port Ethernet switch — the MFP or printer connects to the Ethernet
network via the terminal. The terminal communicates with the YSoft SafeQ server over the Ethernet
network. MFPs and other printers communicate with the YSoft SafeQ server via the terminal.
The terminal also includes an Emergency button for performing service procedures.
Microcomputer
Flash ROM
(Optional) Card reader – Various optional card readers are available to meet the compatibility
requirements of your existing identification cards. (PINs can be used instead of the card reader.)
USING THE KEYPAD

Terminal UltraLight's capacitive touch keypad does not require finger pressure — a light touch is enough.
(The terminal may have been configured to emit a short beep to signal when it registers a touch.) (See
Terminal UltraLight beep and LED code sequences.)
NOTE: Do not touch the keypad when the terminal is starting up. The keypad is calibrated every time
the terminal starts up --- essential for proper operation — and touching the keypad during startup interferes
with this process.
To use the keypad:
Use fingerpads — not fingertips. Fingerpads cover a larger area, enabling better detection by the
terminal.
Use a light touch.
Use only fingers — not instruments such as nails, pens, or screwdrivers.
Do not wear gloves (other than latex gloves such as those used in the medical or food industries).
The keypad may become more sensitive or less sensitive after a long period of use or when electrostatic or
electromagnetic properties in the surrounding area change. If this occurs, reboot the terminal or turn the
power off/on to automatically recalibrate the keypad.
YSoft SafeQ 5 2883

February 03, 2016
LOGGING IN AT THE PRINTER
1 To log in, Place your ID card on the terminal as shown here.
OR
2 Press the keys to enter your PIN (2 to 8 numbers); then press OK.
If authentication is successful:
You can now use the printer.
If authentication is unsuccessful:
This LED sequence indicates that the terminal did not recognize
your ID card:
Place the card again. If authentication is still not successful, contact your SafeQ
administrator.
LOGGING OUT
To log out, touch the X button or OK button on the terminal or swipe any card (if available).
YSoft SafeQ 5 2884

February 03, 2016
PRINTING ALL PRINT JOBS
PRINT ALL JOBS
After you log in, press the Print icon to print all your jobs waiting in the queue. If your terminal is Terminal
UltraLight Print Only, your waiting jobs are printed automatically after you log in.
YSoft SafeQ 5 2885

February 03, 2016
When you are using Credit (Payment system) your print jobs are printed only when you have sufficient
credit balance. Once your jobs are printed, the credit balance is automatically decreased.
When you don't have sufficient balance for your jobs, the printing is not possible and the Terminal UltraLight
informs you with . - - beep code.
When you have sufficient balance only for few waiting jobs, these jobs are printed and the remaining jobs
are refused. In this case Terminal UltraLight informs you with . - - beep code.
COPYING
COPY AND SCAN
If your terminal is the Terminal UltraLight Print & Copy model, you can make copies or scans (depends on
your SafeQ system configuration).
Press the Copy icon; then use the copier's panel to choose copy or scan options and make copies or
scans.
NOTE: If you have no waiting jobs in the queue when you log in, then terminal goes automatically to
copy mode. Pressing Copy icon will log you out.
YSoft SafeQ 5 2886

February 03, 2016
COPY AND SCAN WITH CREDIT BALANCE
When you are using Credit (Payment system) your copy / scan jobs are performed only when you have
sufficient credit balance. Once your copy / scan jobs are finished, the credit balance is automatically
decreased.
When you don't have sufficient balance for your copy / scan jobs, the copying / scanning is not possible and
the Terminal UltraLight informs you with . - - beep code.
When you have sufficient balance only for few copy / scan jobs, these jobs are performed and the remaining
copy / scan jobs are refused. In this case Terminal UltraLight informs you with . - - beep code.
TERMINAL SPECIFICATIONS
Item Specification
Terminal power supply 12 VDC

input
Maximum current input 1.0 Amp
Working temperature +5°C to +35°C (41°F to 95°F)
Storage temperature 0°C to +50°C (32°F to 122°F)
no added resistance
YSoft SafeQ 5 2887

February 03, 2016
Item Specification
Resistance to magnetic
field
Network interface 2-port 10/100 Mbit switch (auto MDI

/MDIX)
RAM 64KB
Flash memory 512KB
Control Capacitive keyboard
Identification Card reader, PIN, or card reader + PIN
Processor Freescale Coldfire version 2
TERMINAL ULTRALIGHT BEEP AND LED CODE SEQUENCES
The Terminal Ultralight contains status LEDs that serve for interaction with user. This chapter describes the
beeps the terminal emits and LED codes it displays to notify the user about various status conditions.
BEEP CODE SEQUENCES
- Card read error. Place the card again or use a different card.
.- Terminal validation failed. Server reports that the terminal is not registered on SafeQ.
-- No print job is waiting in queue.
..- User quota has been exceeded or user has no billing code assigned.
-.- User authentication failed. The PIN is not valid or the ID card is not registered in SafeQ. If
YSoft Payment System is used, it can indicate account is disabled.
.-- The terminal received an error or warning message from the SafeQ server.
If YSoft Payment System is used, it can indicate insufficient credit balance for current user
(according SafeQ system settings for YSoft Payment System -
pricePerPageReservationStrategyForCopyOnHwTerminal ) to perform copies/scans.
...- Hardware configuration is corrupt and the terminal cannot continue booting.
- .. - Maximum number of firmware update attempts reached but no valid firmware detected.
YSoft SafeQ 5 2888

February 03, 2016
.-.- Firmware update failed.
--.- Software configuration cannot be saved. Probably faulty terminal EEPROM.
..-- Software configuration is damaged and the terminal is loading defaults.
-.-- Maximum number of firmware update attempts reached and the terminal is resuming normal
boot.
---- Network initiation failed.
.... Keyboard PCB failure.
-... No reader is connected. Reader is required for operation.
.-.. Firmware update failed. Error in server response. SafeQ server is probably not configured
correctly.
--.. Firmware update failed. Cannot connect to SafeQ server.
LED CODE SEQUENCES

Red - Led is red
Grey - Led is off
Animated
Unsuccessful authentication. The terminal does not recognize
the card, PIN, or Card Activation Code code.
YSoft SafeQ 5 2889

February 03, 2016
All LEDs are off

Terminal power is off.
Animated
Terminal is processing; please wait.
Animated
Swipe card or enter PIN.
Enter PIN (when authentication requires card + PIN).
Enter Card Activation Code (when Card Activation Codes are

enabled on the SafeQ server).
Print jobs are available and copying is possible. Press the

Print or Copy icon.
Print & Copy.
No print jobs are available in the queue. Copying is possible.

Press the Copy icon.
Print & Copy.
Flashing
Copying in progress. To cancel, press X or OK, or place a
card.
Print & Copy.
Flashing
Copying in progress. Server issued a warning. See the MFP
YSoft SafeQ 5 2890

February 03, 2016

Print & Copy.
Flashing
Printing in progress. Please wait until the print job is finished.
Flashing
Printing in progress. Server issued a warning. See the MFP
Flashing
An error occurred. See beep codes for details (page ).
Sequential...
Sequence that appears as a user enters a PIN.
Terminal has not been fully configured. Please contact Y

Soft Customer support services.
During boot
WARNING: Do not perform this action unless instructed
to do so by Y Soft.
Enter the terminal model. For UltraLight Print & Copy, press 1
. For UltraLight Print Only, press 3.

Indicates UltraLight Print & Copy model.

Indicates UltraLight Print Only model.

Indicates Ethernet Reader model.
COPYING AND SCANNING AT TERMINAL ULTRALIGHT
COPY AND SCAN

If your terminal is the Terminal UltraLight Print & Copy model, you can make copies or scans (depends on
your SafeQ system configuration).
YSoft SafeQ 5 2891

February 03, 2016
Press the Copy icon; then use the copier's panel to choose copy or scan options and make copies or
scans.
NOTE: If you have no waiting jobs in the queue when you log in, then terminal goes automatically to
copy mode. Pressing Copy icon will log you out.
COPY AND SCAN WITH CREDIT BALANCE

When you are using Credit (Payment system) your copy / scan jobs are performed only when you have
sufficient credit balance. Once your copy / scan jobs are finished, the credit balance is automatically
decreased.
When you don't have sufficient balance for your copy / scan jobs, the copying / scanning is not possible and
the Terminal UltraLight informs you with . - - beep code.
When you have sufficient balance only for few copy / scan jobs, these jobs are performed and the remaining
copy / scan jobs are refused. In this case Terminal UltraLight informs you with . - - beep code.
LOGGING IN AND LOGGING OUT AT TERMINAL ULTRALIGHT
1 To log in, Place your ID card on the terminal as shown here.
YSoft SafeQ 5 2892

February 03, 2016
OR
2 Press the keys to enter your PIN (2 to 8 numbers); then press OK.
If authentication is successful:
You can now use the printer.
If authentication is unsuccessful:
This LED sequence indicates that the terminal did not recognize
your ID card:
Place the card again. If authentication is still not successful, contact your SafeQ
administrator.
LOGGING OUT
To log out, touch the X button or OK button on the terminal or swipe any card (if available).
YSoft SafeQ 5 2893

February 03, 2016
PRINTING ALL YOUR PRINT JOBS AT TERMINAL ULTRALIGHT
PRINT ALL JOBS

After you log in, press the Print icon to print all your jobs waiting in the queue. If your terminal is Terminal
UltraLight Print Only, your waiting jobs are printed automatically after you log in.
YSoft SafeQ 5 2894

February 03, 2016

When you are using Credit (Payment system) your print jobs are printed only when you have sufficient
credit balance. Once your jobs are printed, the credit balance is automatically decreased.
When you don't have sufficient balance for your jobs, the printing is not possible and the Terminal UltraLight
informs you with . - - beep code.
When you have sufficient balance only for few waiting jobs, these jobs are printed and the remaining jobs
are refused. In this case Terminal UltraLight informs you with . - - beep code.
YSoft SafeQ 5 2895

February 03, 2016
5.6.9 USING YSOFT PAYMENT MACHINE
YSoft SafeQ 5 2896

February 03, 2016
RECHARGING ACCOUNT USING YSOFT PAYMENT MACHINE
1 If you want to recharge you money account registered in YSoft Payment System via YSoft Payment
Machine, locate the device in your building first.
2 Login by swiping card, touching Login or PIN. We are using PIN in this example.
Enter PIN and touch OK.
3 Now you can select if you want to print receipt or not.
YSoft SafeQ 5 2897

February 03, 2016
NOTE: This option depends on administrator settings, then it don't have to be displayed.
4 Now screen with recharged value, users name and last last balance is displayed.
5 To recharge your account put money into coin or banknote acceptor. To exit recharging session touch
End button.
You can see recharged amount value on display.
NOTE: YSoft Payment machine is accepting coins and banknotes based on administrator
settings. Then it can happen, that some coins/notes will be rejected.
YSoft SafeQ 5 2898

February 03, 2016
6 Now receipt will be printed, if you touched Yes in step 3. Then please take the printed receipt.
5.6.10 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR TOSHIBA
At a Glance
YSoft SafeQ 5 2899

February 03, 2016

Logging in with a Username and password
Logging in with a PIN
Logging out
Copy
Scan
Scan Workflows list
YSoft SafeQ 5 2900

February 03, 2016
LOGGING IN WITH A USERNAME AND PASSWORD
1 Press User name.
2 Type your username and press OK.
YSoft SafeQ 5 2901

February 03, 2016
3 Press password.
YSoft SafeQ 5 2902

February 03, 2016
4 Type your password and press OK.
5 Press OK.
YSoft SafeQ 5 2903

February 03, 2016
LOGGING IN WITH A PIN
1 Type your PIN using keyboard.
YSoft SafeQ 5 2904

February 03, 2016
2 Press OK.
YSoft SafeQ 5 2905

February 03, 2016
LOGGING OUT
1 To log out, touch the Access button on the printer panel.
2 Confirm the logout action with YES button.
YSoft SafeQ 5 2906

February 03, 2016
YSoft SafeQ 5 2907

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Toshiba printer.
YSoft SafeQ 5 2908

February 03, 2016

folders.
YSoft SafeQ 5 2909

February 03, 2016
YSoft SafeQ 5 2910

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Toshiba printer and navigate to joblist: Select
jobs to print at the Toshiba printer.
YSoft SafeQ 5 2911

February 03, 2016
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you make.
Use either of the methods described below to select your billing code.
YSoft SafeQ 5 2912

February 03, 2016
Here you can:
YSoft SafeQ 5 2913

February 03, 2016
YSoft SafeQ 5 2914

February 03, 2016
YSoft SafeQ 5 2915

February 03, 2016
YSoft SafeQ 5 2916

February 03, 2016
YSoft SafeQ 5 2917

February 03, 2016
YSoft SafeQ 5 2918

February 03, 2016
YSoft SafeQ 5 2919

February 03, 2016
COPY
YSoft SafeQ 5 2920

February 03, 2016
Note: If you have questions about whether or not you can make copies, contact your system
administrator.
2 Touch the COPY button (on the printer's panel)
3 Select the options you need.
YSoft SafeQ 5 2921

February 03, 2016
4 On the printer panel, touch Start.
YSoft SafeQ 5 2922

February 03, 2016
5 If you want to navigate back to YSoft SafeQ application, press MENU button
YSoft SafeQ 5 2923

February 03, 2016
6 Touch SafeQ button
YSoft SafeQ 5 2924

February 03, 2016
SCAN
If your system allows you to scan, follow the instructions in this chapter. If you have questions about
whether or not you can scan, contact your system administrator.
NOTE: Scanning multiple sheets (simplex or duplex) in one scan job is supported only from automatic
document feeder (ADF).
NOTE: TIFF scan job with Black and white color combination is not supported.
YSoft SafeQ 5 2925

February 03, 2016
SCAN WORKFLOWS LIST
1 Log in to Terminal Embedded.
YSoft SafeQ 5 2926

February 03, 2016
Now you can:

starts
YSoft SafeQ 5 2927

February 03, 2016
YSoft SafeQ 5 2928

February 03, 2016
You can:
Now you can:
YSoft SafeQ 5 2929

February 03, 2016
Now you can:
YSoft SafeQ 5 2930

February 03, 2016

starts
COPY AT THE TOSHIBA PRINTER
YSoft SafeQ 5 2931

February 03, 2016
administrator.
YSoft SafeQ 5 2932

February 03, 2016
YSoft SafeQ 5 2933

February 03, 2016
YSoft SafeQ 5 2934

February 03, 2016
YSoft SafeQ 5 2935

February 03, 2016
YSoft SafeQ 5 2936

February 03, 2016
DELETE A PRINT JOB AT THE TOSHIBA PRINTER
YSoft SafeQ 5 2937

February 03, 2016
YSoft SafeQ 5 2938

February 03, 2016
DISPLAY DETAILED PRINT JOBS INFORMATION AT THE TOSHIBA PRINTER
YSoft SafeQ 5 2939

February 03, 2016
LOG IN AND LOG OUT AT THE TOSHIBA PRINTER
YSoft SafeQ 5 2940

February 03, 2016
1 Press User name.
YSoft SafeQ 5 2941

February 03, 2016
3 Press password.
YSoft SafeQ 5 2942

February 03, 2016
5 Press OK.
YSoft SafeQ 5 2943

February 03, 2016
1 Type your PIN using keyboard.
YSoft SafeQ 5 2944

February 03, 2016
2 Press OK.
YSoft SafeQ 5 2945

February 03, 2016
LOGGING OUT
YSoft SafeQ 5 2946

February 03, 2016
SCAN AT THE TOSHIBA PRINTER
YSoft SafeQ 5 2947

February 03, 2016
SCAN WORKFLOWS LIST
YSoft SafeQ 5 2948

February 03, 2016
Now you can:

starts
YSoft SafeQ 5 2949

February 03, 2016
YSoft SafeQ 5 2950

February 03, 2016
You can:
Now you can:
YSoft SafeQ 5 2951

February 03, 2016
Now you can:
YSoft SafeQ 5 2952

February 03, 2016

starts
SELECT A BILLING CODE AT THE TOSHIBA PRINTER
YSoft SafeQ 5 2953

February 03, 2016
YSoft SafeQ 5 2954

February 03, 2016
Here you can:
YSoft SafeQ 5 2955

February 03, 2016
YSoft SafeQ 5 2956

February 03, 2016
YSoft SafeQ 5 2957

February 03, 2016
YSoft SafeQ 5 2958

February 03, 2016
YSoft SafeQ 5 2959

February 03, 2016
YSoft SafeQ 5 2960

February 03, 2016
YSoft SafeQ 5 2961

February 03, 2016
YSoft SafeQ 5 2962

February 03, 2016
SELECT JOBS TO PRINT AT THE TOSHIBA PRINTER
1 Log in to Terminal Embedded: Log in and log out at the Toshiba printer.
YSoft SafeQ 5 2963

February 03, 2016

folders.
YSoft SafeQ 5 2964

February 03, 2016
5.6.11 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR OKI
At a Glance

Logging in with a Username and password
Logging in with a PIN
Logging out
Delete a print job
Copy
Scan
Scan Workflows list
YSoft SafeQ 5 2965

February 03, 2016
1 Press User name.
YSoft SafeQ 5 2966

February 03, 2016
3 Press password.
YSoft SafeQ 5 2967

February 03, 2016
5 Press OK.
YSoft SafeQ 5 2968

February 03, 2016
YSoft SafeQ 5 2969

February 03, 2016
Type your PIN using keyboard
2 Press OK.
YSoft SafeQ 5 2970

February 03, 2016
LOGGING OUT
YSoft SafeQ 5 2971

February 03, 2016
YSoft SafeQ 5 2972

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the OKI printer.
YSoft SafeQ 5 2973

February 03, 2016

folders.
YSoft SafeQ 5 2974

February 03, 2016
YSoft SafeQ 5 2975

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the OKI printer and navigate to joblist: Select jobs
to print at the OKI printer.
YSoft SafeQ 5 2976

February 03, 2016
YSoft SafeQ 5 2977

February 03, 2016
DELETE A PRINT JOB
YSoft SafeQ 5 2978

February 03, 2016
YSoft SafeQ 5 2979

February 03, 2016
Here you can:
YSoft SafeQ 5 2980

February 03, 2016
YSoft SafeQ 5 2981

February 03, 2016
YSoft SafeQ 5 2982

February 03, 2016
YSoft SafeQ 5 2983

February 03, 2016
YSoft SafeQ 5 2984

February 03, 2016
YSoft SafeQ 5 2985

February 03, 2016
YSoft SafeQ 5 2986

February 03, 2016
COPY
YSoft SafeQ 5 2987

February 03, 2016
administrator.
YSoft SafeQ 5 2988

February 03, 2016
YSoft SafeQ 5 2989

February 03, 2016
YSoft SafeQ 5 2990

February 03, 2016
YSoft SafeQ 5 2991

February 03, 2016
SCAN
YSoft SafeQ 5 2992

February 03, 2016
SCAN WORKFLOWS LIST
YSoft SafeQ 5 2993

February 03, 2016
Now you can:

starts
YSoft SafeQ 5 2994

February 03, 2016
YSoft SafeQ 5 2995

February 03, 2016
You can:
Now you can:
YSoft SafeQ 5 2996

February 03, 2016
Now you can:
YSoft SafeQ 5 2997

February 03, 2016

starts
COPY AT THE OKI PRINTER

YSoft SafeQ 5 2998

February 03, 2016
administrator.
YSoft SafeQ 5 2999

February 03, 2016
YSoft SafeQ 5 3000

February 03, 2016
YSoft SafeQ 5 3001

February 03, 2016
YSoft SafeQ 5 3002

February 03, 2016
YSoft SafeQ 5 3003

February 03, 2016
DELETE A PRINT JOB AT THE OKI PRINTER
YSoft SafeQ 5 3004

February 03, 2016
YSoft SafeQ 5 3005

February 03, 2016
DISPLAY DETAILED PRINT JOBS INFORMATION AT THE OKI PRINTER
YSoft SafeQ 5 3006

February 03, 2016
LOG IN AND LOG OUT AT THE OKI PRINTER
YSoft SafeQ 5 3007

February 03, 2016
1 Press User name.
YSoft SafeQ 5 3008

February 03, 2016
3 Press password.
YSoft SafeQ 5 3009

February 03, 2016
5 Press OK.
YSoft SafeQ 5 3010

February 03, 2016
YSoft SafeQ 5 3011

February 03, 2016
Type your PIN using keyboard
2 Press OK.
YSoft SafeQ 5 3012

February 03, 2016
LOGGING OUT
YSoft SafeQ 5 3013

February 03, 2016
SCAN AT THE OKI PRINTER
YSoft SafeQ 5 3014

February 03, 2016
SCAN WORKFLOWS LIST
YSoft SafeQ 5 3015

February 03, 2016
Now you can:

starts
YSoft SafeQ 5 3016

February 03, 2016
YSoft SafeQ 5 3017

February 03, 2016
You can:
Now you can:
YSoft SafeQ 5 3018

February 03, 2016
Now you can:
YSoft SafeQ 5 3019

February 03, 2016

starts
SELECT A BILLING CODE AT THE OKI PRINTER
YSoft SafeQ 5 3020

February 03, 2016
YSoft SafeQ 5 3021

February 03, 2016
Here you can:
YSoft SafeQ 5 3022

February 03, 2016
YSoft SafeQ 5 3023

February 03, 2016
YSoft SafeQ 5 3024

February 03, 2016
YSoft SafeQ 5 3025

February 03, 2016
YSoft SafeQ 5 3026

February 03, 2016
YSoft SafeQ 5 3027

February 03, 2016
YSoft SafeQ 5 3028

February 03, 2016
YSoft SafeQ 5 3029

February 03, 2016
SELECT JOBS TO PRINT AT THE OKI PRINTER
1 Log in to Terminal Embedded: Log in and log out at the OKI printer.
YSoft SafeQ 5 3030

February 03, 2016

folders.
YSoft SafeQ 5 3031

February 03, 2016
5.6.12 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR SAMSUNG
At a Glance

Log in with a user name/password or a card
Log out
Register a new card
Samsung printer with job list: Waiting, printed, favorites folders
Incompatible jobs
Delete a print job
Copy
Scanning
Scan Workflows list

1 Place your card on the card reader attached to the printer
OR
YSoft SafeQ 5 3032

February 03, 2016
3 Touch Login.
more information see: Print all your print jobs at the Samsung printer.
YSoft SafeQ 5 3033

February 03, 2016

OR
YSoft SafeQ 5 3034

February 03, 2016
YSoft SafeQ 5 3035

February 03, 2016
5 Touch Login.
YSoft SafeQ 5 3036

February 03, 2016
LOG OUT
YSoft SafeQ 5 3037

February 03, 2016
administrator.
REGISTER A NEW CARD
YSoft SafeQ 5 3038

February 03, 2016

YSoft SafeQ 5 3039

February 03, 2016
4 Insert your Card activation code and confirm it with the OK button.
YSoft SafeQ 5 3040

February 03, 2016
YSoft SafeQ 5 3041

February 03, 2016
YSoft SafeQ 5 3042

February 03, 2016
YSoft SafeQ 5 3043

February 03, 2016
YSoft SafeQ 5 3044

February 03, 2016
YSoft SafeQ 5 3045

February 03, 2016
YSoft SafeQ 5 3046

February 03, 2016
SAMSUNG PRINTER WITH JOB LIST: WAITING, PRINTED, FAVORITES FOLDERS
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer.
2 On the Main Menu screen, touch YSoft SafeQ icon.
YSoft SafeQ 5 3047

February 03, 2016
YSoft SafeQ 5 3048

February 03, 2016

folders.
Return to the main menu screen
YSoft SafeQ 5 3049

February 03, 2016
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
Select jobs to print at the Samsung printer.
YSoft SafeQ 5 3050

February 03, 2016
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
Select jobs to print at the Samsung printer
YSoft SafeQ 5 3051

February 03, 2016
YSoft SafeQ 5 3052

February 03, 2016
DELETE A PRINT JOB
YSoft SafeQ 5 3053

February 03, 2016
YSoft SafeQ 5 3054

February 03, 2016
Here you can:
YSoft SafeQ 5 3055

February 03, 2016
YSoft SafeQ 5 3056

February 03, 2016
YSoft SafeQ 5 3057

February 03, 2016
YSoft SafeQ 5 3058

February 03, 2016
YSoft SafeQ 5 3059

February 03, 2016
YSoft SafeQ 5 3060

February 03, 2016
YSoft SafeQ 5 3061

February 03, 2016
OR
2 Click on return button to enter main menu screen and after that continue to Copy menu to start
copying
YSoft SafeQ 5 3062

February 03, 2016
COPY
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer
YSoft SafeQ 5 3063

February 03, 2016
available options.
SCANNING
YSoft SafeQ 5 3064

February 03, 2016
YSoft SafeQ 5 3065

February 03, 2016
SCAN WORKFLOWS LIST
YSoft SafeQ 5 3066

February 03, 2016
starts immediately.
Now you can:
YSoft SafeQ 5 3067

February 03, 2016

starts
COPY AT THE SAMSUNG PRINTER

administrator.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer
YSoft SafeQ 5 3068

February 03, 2016
available options.
YSoft SafeQ 5 3069

February 03, 2016
DELETE A PRINT JOB AT THE SAMSUNG PRINTER
YSoft SafeQ 5 3070

February 03, 2016
YSoft SafeQ 5 3071

February 03, 2016
INCOMPATIBLE JOBS AT THE SAMSUNG PRINTER
Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
LOG IN AND LOG OUT AT THE SAMSUNG PRINTER

OR
YSoft SafeQ 5 3072

February 03, 2016
3 Touch Login.
YSoft SafeQ 5 3073

February 03, 2016

OR
YSoft SafeQ 5 3074

February 03, 2016
YSoft SafeQ 5 3075

February 03, 2016
5 Touch Login.
YSoft SafeQ 5 3076

February 03, 2016
LOG OUT
YSoft SafeQ 5 3077

February 03, 2016
SCAN AT THE SAMSUNG PRINTER
YSoft SafeQ 5 3078

February 03, 2016
SCAN WORKFLOWS LIST
YSoft SafeQ 5 3079

February 03, 2016
starts immediately.
Now you can:
YSoft SafeQ 5 3080

February 03, 2016

starts
SELECT A BILLING CODE AT THE SAMSUNG PRINTER
YSoft SafeQ 5 3081

February 03, 2016
Here you can:
YSoft SafeQ 5 3082

February 03, 2016
YSoft SafeQ 5 3083

February 03, 2016
YSoft SafeQ 5 3084

February 03, 2016
YSoft SafeQ 5 3085

February 03, 2016
YSoft SafeQ 5 3086

February 03, 2016
YSoft SafeQ 5 3087

February 03, 2016
YSoft SafeQ 5 3088

February 03, 2016
OR
2 Click on return button to enter main menu screen and after that continue to Copy menu to start
copying
YSoft SafeQ 5 3089

February 03, 2016
YSoft SafeQ 5 3090

February 03, 2016
SELECT JOBS TO PRINT AT THE SAMSUNG PRINTER
YSoft SafeQ 5 3091

February 03, 2016
SAMSUNG PRINTER WITH JOB LIST: WAITING, PRINTED, FAVORITES FOLDERS
2 On the Main Menu screen, touch YSoft SafeQ icon.
YSoft SafeQ 5 3092

February 03, 2016
YSoft SafeQ 5 3093

February 03, 2016

folders.
Return to the main menu screen
YSoft SafeQ 5 3094

February 03, 2016
DISPLAY DETAILED PRINT JOB INFORMATION AT THE SAMSUNG PRINTER
Select jobs to print at the Samsung printer
YSoft SafeQ 5 3095

February 03, 2016
YSoft SafeQ 5 3096

February 03, 2016
6 YSOFT PAYMENT SYSTEM
6.1 OVERVIEW
YSoft Payment System is a key requirement for customers from education sector, but also libraries and
other institutions that make their services available to a wide range of users. YSoft Payment System allows
user to purchase a credit and use it for purchase of services, like printing, from our customer.
6.2 YSOFT PAYMENT SYSTEM AND YSOFT SAFEQ
YSoft Payment System is a standalone system, which integrates with YSoft SafeQ. YSoft Payment System
contains all information about money accounts, acting as a payment gateway for YSoft SafeQ. YSoft SafeQ
is extending its functionality to charge users from credit with help of YSoft Payment System.
6.3 WEB BROWSER COMPATIBILITY
YSoft Payment System web GUI supports these browsers:
Mozilla Firefox
Google Chrome
Internet Explorer 9 or higher (compatibility view is not supported)
6.4 INSTALLATION
This section describes installation of YSoft Payment System and its components.
There are more interactive installers for different system components in YSoft Payment System:
Main installer contains all mandatory components (system core, APIs, Administration and Cash Desk
web applications).
See Installing YSoft Payment System for more info.
Additional Payment Gateway Plugins (PayPal and DIBS).

See Installing Payment Gateway Plugins for more info.
6.4.1 INSTALLING YSOFT PAYMENT SYSTEM
This page describes how to use the interactive installer to perform YSoft Payment System.
YSoft SafeQ 5 3097

February 03, 2016
INSTALLING YSOFT PAYMENT SYSTEM
1 Run the installation file ysf-ps-install.exe on the target server computer to begin YSoft Payment
System installation.
2 Select a language that will be used for the installation process.
3 It is recommended to close all other running applications in order to avoid any issues during the
installation. Click Next to proceed.
YSoft SafeQ 5 3098

February 03, 2016
4 Click I Agree to accept the license agreement. Clicking on Cancel will decline the license agreement
and stop the installation.
YSoft SafeQ 5 3099

February 03, 2016
checks several conditions and determines if the server meets all requirements for YSoft Payment
System installation.
YSoft SafeQ 5 3100

February 03, 2016
Version of Microsoft Windows

Administrator rights of the user installing YSoft Payment System
Existence of SafeQ installation
Required ports must be open and free
Available disk space
6 Select your destination folder for installing YSoft Payment System.
YSoft SafeQ 5 3101

February 03, 2016
7 Select database server type you want to use for YSoft Payment System.
YSoft SafeQ 5 3102

February 03, 2016
8 Provide database connection details for YSoft Payment System.
Please enter values as described here:
Database server IP address or hostname of server where database engine is

hostname or IP address running.
TCP port Specify TCP port for database connection. Use port 5433 to
connect to already installed embedded PostgreSQL database
(installed with YSoft SafeQ 5).
Username Database user name.
Password Database user's password.
Database name YSoft Payment System database name (e.g. YPS_DB). The
installer will attempt to create a new database using the specified
credentials if a database of the given name does not exist.
Server requires SSL Check if database server requires SSL.
Test connection Test your database connection.
YSoft SafeQ 5 3103

February 03, 2016
9 Enter the hostname or IP address of YSoft SafeQ and click Install to start installation.
YSoft SafeQ 5 3104

February 03, 2016
10 The installer begins to copy all the files required by YSoft Payment System and the database system
you chose to the selected destination folder on the server.
In case you wish to see detailed installation progress, press Show details button (or D key).
YSoft SafeQ 5 3105

February 03, 2016
11 Once installation is complete, click Finish when you are ready to close the installation wizard.
Now installation is complete and you can continue with Integration of YSoft Payment System with
YSoft SafeQ.
YSoft SafeQ 5 3106

February 03, 2016
6.4.2 UPDATING YSOFT PAYMENT SYSTEM
This page describes how to use the interactive installer to perform YSoft Payment System update.
YSoft SafeQ 5 3107

February 03, 2016
UPDATING YSOFT PAYMENT SYSTEM
1 Run the installation file ysf-ps-install.exe on the target server computer to begin YSoft Payment
System update.
2 Select a language that will be used for the update process.
YSoft SafeQ 5 3108

February 03, 2016
It is recommended to close all other running applications in order to avoid any issues during the
YSoft SafeQ 5 3109

February 03, 2016
Click I Agree to accept the license agreement. Clicking on Cancel will decline the license agreement
checks several conditions and determines if the server meets all requirements for YSoft Payment
System update.
problems area, depending on their severity. If there are warnings, update can continue. If there
are problems, update cannot continue. If any warnings or problems are indicated, review the
Version of Microsoft Windows

Administrator rights of the user updating YSoft Payment System
Existence of SafeQ installation
Available disk space
YSoft SafeQ 5 3110

February 03, 2016
YSoft SafeQ 5 3111

February 03, 2016
Select your destination folder for updating YSoft Payment System.
10
YSoft SafeQ 5 3112

February 03, 2016
The installer begins to update the YSoft Payment System.
In case you wish to see detailed update progress, press Show details button (or D key).
11
YSoft SafeQ 5 3113

February 03, 2016
Once update is complete, click Finish when you are ready to close the installation wizard.
Now update is complete and you can continue with Integration of YSoft Payment System with YSoft
SafeQ.
6.4.3 INTEGRATION OF YSOFT PAYMENT SYSTEM WITH YSOFT SAFEQ
Page content
Connecting YSoft SafeQ 5 with YSoft Payment System

Configure administrators and cash desk operators
Manage money accounts and periodic recharges
Select currency
Limitations
Integration of YSoft Payment System with YSoft SafeQ provides you with ability to charge end users for
operations such as print, copy and scan.
YSoft SafeQ 5 3114

February 03, 2016
CONNECTING YSOFT SAFEQ 5 WITH YSOFT PAYMENT SYSTEM
1 Install YSoft SafeQ 5 and YSoft Payment System. For more info see: Installing YSoft Payment System
and Installing YSoft SafeQ CML
NOTE: For proper integration of YSoft SafeQ with YSoft Payment System, sufficient license have
to be used in YSoft SafeQ.
Login SafeQ web interface and go to System Settings > YSoft Payment System.
Setup following properties:
enablePaymentSystem = Enabled
paymentSystemApiUrl = IP address of YSoft Payment Server (Example: https://10.0.11.52:
8443)
WARNING: Do not use localhost or 127.0.0.1 for paymentSystemApiUrl in multi-server

installations of the YSoft SafeQ (multiple CML nodes or ORSs).
Click Save changes and restart services as required when saving new settings.
3 YSoft SafeQ 5 and YSoft Payment System should be now connected.
For verification you can:
1. Login SafeQ web interface and go to Web interface - Payments tab. If tab is correctly displayed
and you are able to create new money account or periodic recharge, both systems are fully
integrated.
2. Login Administration web interface and go to Licence tab. If you can see text "YSoft Payment
System is fully activated", both systems are fully integrated.
YSoft SafeQ 5 3115

February 03, 2016
CONFIGURE ADMINISTRATORS AND CASH DESK OPERATORS
To access YSoft Payment

System web interfaces,
users with proper rights
have to be created in YSoft
SafeQ. Follow these steps
to setup access rights for
YSoft Payment System:
1. Log in to YSoft
SafeQ web interface
and navigate to
Users tab
2. Create new users or
edit existing ones (
Web Interface -
Users)
3. Open users details
and display Roles
tab
4. Click Add role and
add following roles:
safeq
admins role
for to grant
access to
Administration
web interface
cash desk
operators
role to grant
access to
Cashdesk
web interface
MANAGE MONEY ACCOUNTS AND PERIODIC RECHARGES
Money accounts and periodic recharges can be maintained by:
Administration web interface as part of YSoft Payment System

Web interface - Payments as part of YSfot SafeQ
SELECT CURRENCY
Currency settings for YSoft Payment System are inherited from YSoft SafeQ, without need of additional
steps like restarting services etc.
YSoft SafeQ 5 3116

February 03, 2016
To setup currency in YSoft SafeQ go to System settings > Regional settings and setup necessary
properties, or edit all settings using Welcome to SafeQ widget on SafeQ Dashboard (Widgets - Welcome
to YSoft SafeQ ).
LIMITATIONS
YSoft SafeQ requires numeric GUIDs for accounts in YSoft Payment System, while YSoft Payment
System supports alphanumeric format. Accounts with alphanumeric GUIDs cannot be managed
using YSoft SafeQ web interface.
Due to this limitation it is highly recommended to create YSoft Payment System accounts only via
YSoft SafeQ web interface.
6.4.4 INSTALLING PAYMENT GATEWAY PLUGINS
Page content
Installing Payment Gateway Plugins (PayPal, DIBS)
This page describes how to use the interactive installer to perform Payment Gateway Plugins installation as
additional components of YSoft Payment System.
Currently YSoft Payment system supports following payment gateways providers:
PayPal
DIBS
INSTALLING PAYMENT GATEWAY PLUGINS (PAYPAL, DIBS)
This particular guide will show installation of PayPal gateway plugin, but can be applied for all other gateway
plugins.
1 Run the installation file on the target computer where YSoft Payment System is installed.
ysf-ps-paypal.exe for PayPal payment plugin

ysf-ps-dibs.exe for DIBS payment plugin
2 Select a language that will be used for the installation process.
YSoft SafeQ 5 3117

February 03, 2016
3 It is recommended to close all other running applications in order to avoid any issues during the
4 Click I Agree to accept the license agreement. Clicking on Cancel will decline the license agreement
YSoft SafeQ 5 3118

February 03, 2016
5 Installer now runs a pre-installation check, to ensure YSoft Payment System is installed on the local
computer.
If any previous version of Payment Gateways Plugin has been installed on the local computer, this
plugin will be updated.
YSoft SafeQ 5 3119

February 03, 2016
6 Provide username and password for API user with access to Payment gateway API. You can find or
create this user in Administration web interface#APIUsers.
7 Fill in required settings for connection to payment gateway according payment gateway provider.
YSoft SafeQ 5 3120

February 03, 2016
For PayPal payment plugin, please enter following values:
PayPal API Endpoint URL PayPal's service URL (e.g. https://api.paypal.com/).
PayPal API Client ID (hash) PayPal's hashed "username".
PayPal API Secret (hash) PayPal's hashed "password".
NOTE: Information is available on your PayPal business account profile, please follow these
instructions to obtain it.
For DIBS payment plugin, please enter following values:
DIBS Username of DIBS merchant's account.

Username
DIBS Password of DIBS merchant's account.

Password
DIBS MD5 Merchant key for payments

Key 1
DIBS MD5 Merchant key for payments

Key 2
DIBS ID of merchant's account

Merchant ID
YSoft SafeQ 5 3121

February 03, 2016
Allowed Card, that will be accepted by the DIBS gateway. See link http://tech.dibspayment.
Cards com/toolbox/paytypes for possible values
8 The installer begins to copy all the required files into destination folder defined by the location of the
YSoft Payment System on the local machine.
In case you wish to see detailed installation progress, press Show details button (or D key).
9 Once installation is complete, click Finish when you are ready to close the installation wizard.
YSoft SafeQ 5 3122

February 03, 2016
Installation is now complete and you can connect YSoft Payment System to installed gateway by
following guide Administration web interface#PaymentGateways
6.4.5 PAYPAL API SIGNATURE
This page describes how to get API access for your business PayPal account.
1 Sign up for PayPal Business Account on PayPal home page (the process depends on your region
legislation).
2 Log into your PayPal Business Account.
YSoft SafeQ 5 3123

February 03, 2016
Enter "MyAccount" tab and then "Profile" sub-tab.
In profile sub-tab navigate to "My selling tools" and open "API access" section, click "Update".
4 Generate the Certificate set by clicking "Request API credentials" from "Option 2".
5 Check "Request API signature" radio button and then click the "Agree and Submit" button.
YSoft SafeQ 5 3124

February 03, 2016
6 After you receive an email with your API signature, you can use it during installation of Payment
Gateway Plugins.
6.5 CONFIGURATION
This section describes advanced settings of YSoft Payment System and its components. Settings
and features described here cannot be set using any available UI, but requires manual intervention
e.g. in configuration files.
6.5.1 CONFIGURING CERTIFICATES FOR YSOFT PAYMENT SYSTEM
Page content
Introduction
SSL Certificate customization
Step 1. Get the certificate
Option 1.a Generate self-signed certificate
Option 1.b Use existing certificate
Step 2. Configure YSoft Payment System
YSoft SafeQ 5 3125

February 03, 2016
Step 3. Configure CML, ORS, Terminal Server

Troubleshooting
This guide provides information about the certificates used in the YSoft Payment System and its clients.
INTRODUCTION
By default, YSoft Payment System uses a built-in certificate generated by the Y Soft CA and accepts secure
SSL connections only. This applies to both web interfaces (Cashdesk, Wallet and Payment administration)
and API access.
YSoft SafeQ CML, ORS and Terminal Server are configured to accept this certificate exclusively when
communicating with the YSoft Payment System server.
The private key is stored in <payment_system_folder>\payment-conf\keystore.jks and protected with a

password, which is saved in plain text and visible in the Tomcat configuration XML
<payment_system_folder>\conf\server.xml.
With the knowledge/access to the private key, it's possible to decrypt traffic and get
administration access to the YSoft Payment System API (including possibilities to make money
transactions). This may be a potential danger, as all YSoft Payment System installation packages
contain the same certificate and private key, but this security issue can be prevented by using a
custom certificate (more details below).
Default SSL Certificate
Owner: SURNAME=dza, EMAILADDRESS=info@ysoft.com, CN=YSoft payment system server

certificate, OU=RnD, O=Y Soft Corporation, L=Brno, C=cz
Issuer: SURNAME=DZA, EMAILADDRESS=info@ysoft.com, CN=YSoft RnD CA, OU=RnD, O=Y

Soft Corporation, L=Brno, C=cz
Serial number: 8
Valid from: Tue Feb 04 14:30:21 CET 2014 until: Thu Dec 17 15:15:17 CET 2099
Certificate fingerprints:
MD5: 54:11:E0:7A:7F:A5:E9:D6:BB:42:2D:39:B4:0B:EB:34
SHA1: 06:12:14:1D:4F:61:F6:22:55:09:DD:0F:BD:60:F2:62:B7:00:41:FC
SHA256: C8:60:69:27:51:B9:53:34:8E:AF:EA:48:27:54:B4:58:54:05:8A:C5:80:68:4F:3A:B9:F4:96:
1F:AF:A1:87:0C
Signature algorithm name: SHA512withRSA
YSoft SafeQ 5 3126

February 03, 2016
Version: 3
SSL CERTIFICATE CUSTOMIZATION
PEM certificates are supported (including self-signed, signed by commercial certificate authority or similar).
1. The private key has to be imported into the YSoft Payment System keystore
2. The certificate (containing the corresponding public key) has to be saved to the CML, ORS (if used)
and Terminal Server
Certificate change will affect both Cashdesk and Payment administration web interfaces and API
communication.
STEP 1. GET THE CERTIFICATE

Generate a new certificate and keys (you will be asked for the keystore password, which can be found in the
SSL connector definition, file <payment_system_folder>\conf\server.xml):
OPTION 1.A GENERATE SELF-SIGNED CERTIFICATE
To generate a self signed certificate, run the following commands in the command line.
cd <payment_system_folder>\payment-conf
keytool -server -genkey -keyalg RSA -alias yps-tomcat -keystore keystore.jks -validity 365
keytool -server -exportcert -rfc -alias yps-tomcat -file YPSClient.crt -keystore keystore.
NOTE: Validity is in days and can be customized, same as key alias and keysize.
NOTE: You can use Java from YSoft SafeQ CML located at <SafeQ_installation_folder>/java/bin. So the
command may look like:
"C:\SafeQ5\java\bin\keytool" -server -genkey -keyalg RSA -alias yps-tomcat -keystore keyst
Or, because keytool is part of standard Java installation, you can find this tool in the Java bin folder and in
that case you can run something like this:
"C:\Program Files (x86)\Java\jre7\bin\keytool" -server -genkey -keyalg RSA -alias yps-tomc
NOTE: JKS and CRT files could be generated on desktop and later just copied to
<payment_system_folder>\payment-conf.
NOTE: The Common Name (CN parameter) is typically composed of Host + Domain Name and will look
like "www.yoursite.com" or "yoursite.com". SSL Server Certificates are specific to the Common Name that
they have been issued to at the Host level. The Common Name must be the same as the Web address you
will be accessing when connecting to a secure site.
OPTION 1.B USE EXISTING CERTIFICATE
As YSoft Payment System system uses Java keystore, it's usually required to convert certificates from the
common PEM files (.crt and .key) to the p12 file.
Suppose you have a certificate and key in PEM format. The key is named YPSClient.key and the
certificate YPSClient.crt. It can be done using OpenSSL:
YSoft SafeQ 5 3127

February 03, 2016
openssl pkcs12 -export -in YPSClient.crt -inkey YPSClient.key -out keystore.p12 -name "yps
NOTE: OpenSSL can be downloaded and installed from following link: http://slproweb.com/products
/Win32OpenSSL.html. You can run command openssl from installation bin folder or add it to system Path
system environment variables.
NOTE: Read notes for 1.a
Import P12 keystore into Java keystore:
cd <payment_system_folder>\payment-conf
keytool -server -importkeystore -srckeystore keystore.p12 -destkeystore keystore.jks -srcs
Successful keytool output:
Entry for alias yps-tomcat successfully imported.

Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
STEP 2. CONFIGURE YSOFT PAYMENT SYSTEM

Edit <payment_system_folder>\conf\server.xml, find Connector block with the SSLEnabled="true".
change keystorePass with your new password

if you changed keytool -alias parameter in previous step than change keyAlias="yps-tomcat"
if you changed keytool -keystore parameter in previous step than change keystoreFile="${catalina.
base}/payment-conf/keystore.jks"
STEP 3. CONFIGURE CML, ORS, TERMINAL SERVER
1. Stop Payment System, CML, ORS and TS services

2. Copy new certificate into CML/ORS and TS (replace existing files):
copy YPSClient.crt "<terminal_server_folder>\Certificates\YPSClient.crt"

copy YPSClient.crt "<safeq_home>\conf\certificates\YPSClient.crt"
NOTE: This must be a single certificate in PEM format, not a truststore in PKCS#12 format. The
certificate must belong to the issuer (CA) of the certificate used for YSoft Payment System.
3. Start Payment System, CML, ORS and TS services
TROUBLESHOOTING
You can get a list of imported certificates in the keystore:
keytool -server -list -keystore keystore.jks -storepass L1faMXVVpR
In case that you already have alias present in keystore you can delete it with following command:
keytool -server -delete -alias yps_tomcat -keystore keystore.jks -storepass L1faMXVVpR
6.5.2 CONFIGURING CREDIT-BASED NOTIFICATIONS
Page content
YSoft SafeQ 5 3128

February 03, 2016
Configuration procedure
Default cron rules for generating notifications
This page described advanced configuration of Credit-based Notifications feature for YSoft Payment
System. This feature requires manual intervention to configuration files, as described below.
CONFIGURATION PROCEDURE
SMTP configuration should be configured through "SMTP configuration" tab on "Notification configuration"
1. Configure email server in "SMTP configuration" tab

2. Enable notifications and specify other settings in Administration web interface#Notifications
Except properties named in the bottom, all email settings moved from properties file to GUI.
"Use STARTTLS" - Enable/disable the use of the STARTTLS command (if supported by the server)
to switch the connection to a TLS-protected connection before issuing any login commands. Note
that an appropriate trust store must configured so that the client will trust the server's certificate.
"Wait for QUIT" - If disabled, the QUIT command is sent and the connection is immediately closed. If
enabled, causes the transport to wait for the response to the QUIT command.
"Sending interval" - cron format interval specify how often emails will be sent (default: sends emails
every 5 minutes)
Following properties remains in <yps_home>/payment-conf/environment-configuration.properties file:
# cron format interval specify how often emails will be sent (default: sends emails every 5
minutes)
notification.send-emails.cron=0 0/5 * * * ?
# debug mode of logs for email sending is disabled

mail.debug=false
DEFAULT CRON RULES FOR GENERATING NOTIFICATIONS
Account balance and Transaction notifications are generated right after the transaction has been
performed. Account statement and Transaction history notifications are generated at 1:00 AM. The
interval of sending of all generated notifications is related to notification.send-emails.cron settings.
6.5.3 CONFIGURING SSO FOR YSOFT PAYMENT SYSTEM
Page content
Overview
YSoft SafeQ 5 3129

February 03, 2016
Prerequisites
Configuration
YSoft Payment System configuration
Browser configuration
Firefox
Internet Explorer
Chrome
Usage
Local access
Remote access
Change signed in user
Sign in back via SSO
Limitations
SSO only in combination with YSoft SafeQ
Possibility to open a cash desk of another Cash Desk operator
OVERVIEW
This article describes the steps that has to be performed in order to set up the Single Sign-on (SSO) to
YSoft Payment System web interface. The configuration of SSO requires advanced knowledge about the
system configuration and working with the configuration files.
PREREQUISITES
YSoft Payment System has to be:
installed on a server which is a part of the domain. SSO is asking the system for the user
authentication.
connected with YSoft SafeQ - SSO is not supported by standalone mode of YSoft Payment System
all users which want to use SSO must have created user named by their username in YSoft SafeQ (e.
g. domain name = MY_COMPANY/dvader => YSoft SafeQ user name = dvader)
CONFIGURATION
For use of YSoft Payment System SSO functionality, you have to configure the system and used browser.
YSOFT PAYMENT SYSTEM CONFIGURATION

SSO authentication has to be set in YSoft Payment System configuration file:
1. open <ysoft-payment-system-home>/payment-conf/environment-configuration.properties
2. add/change property sign-on.type and set it to value sso-sign-on
sign-on.type=sso-sign-on
YSoft SafeQ 5 3130

February 03, 2016
BROWSER CONFIGURATION
FIREFOX
1. Type about:config in the address bar and hit enter.

2. Type network.negotiate-auth.trusted-uris in the Filter box.
3. Put your server name as the value. If you have more than one server, you can enter them all as a
comma separated list. (e.g. https://localhost)
4. Close the tab.
INTERNET EXPLORER
Ensure that Integrated Windows Authentication is enabled.
1. Open the Control Panel -> Network and Internet -> Internet Options
2. Click the Advanced tab.
3. Scroll down to Security
4. Check Enable Integrated Windows Authentication.
The target website must be in the Intranet Zone.
1. Open the Control Panel -> Network and Internet -> Internet Options
2. Click the Security.
3. Click the Local Intranet icon.
4. Click the Sites button.
5. (only for Windows 8) Check Automatically detect intranet network.
a. For localhost, click Advanced.
6. Add your server name as the value of the list. (e.g. https://localhost)
CHROME
Same as Internet Explorer.
USAGE
LOCAL ACCESS
You have to only set your environment according to "Configuration" part and start using of the system. You
are automatically signed in with your domain credentials.
REMOTE ACCESS
When you accessing YSoft Payment System from outer world by browser and the SSO is used then a
popup window with a form to fill your credentials to the domain is displayed. So you type your domain
credentials into the form and then you do not need to sign in the system, your domain credentials are used
for it.
CHANGE SIGNED IN USER

Because of use of the SSO you are automatically signed in, so you do not have chance to directly choose
signed in user. In the top-right corner a sign out button is displayed. So you can click the sign out button and
you are redirected to sign in page, where you can type wanted credentials.
YSoft SafeQ 5 3131

February 03, 2016
SIGN IN BACK VIA SSO
When you want to sign in again via your domain account, then you click the sign out button and on the sign
in page (see below) click link "Sign in as current Windows user".
LIMITATIONS
SSO ONLY IN COMBINATION WITH YSOFT SAFEQ

SSO for YSoft Payment System can be used only in combination with YSoft SafeQ. The SSO is not
supported for standalone mode of YSoft Payment System.
POSSIBILITY TO OPEN A CASH DESK OF ANOTHER CASH DESK OPERATOR

Issue in steps:
1. you have enabled SSO authentication

2. sign in as another Cash Desk operator (not by your domain user)
3. open a cash desk where your domain user has not privileges
4. leave your session expire
5. refresh page
a. expiration of the session causes that you are signed out and system sign you (your domain
user) automatically in
6. you are on the opened cash desk but with your domain user which does not have privileges to see
this cash desk
6.5.4 ADVANCED CONFIGURATION OF YSOFT PAYMENT SYSTEM
Page content
YSoft SafeQ 5 3132

February 03, 2016
General
Proxy setting
Payment system
Certificate watchdog
Payment machines
Performance statistics
License portal setting
Notification support
Javascript localization
Database configuration
Main YSoft Payment System database
Connection pool
Database schema
UI/API configuration
Cashdesk UI
Administration UI
REST API
Authorization/Authentication
User management
Sign-on authentication
Payment gateways
Payment gateway availability
Open deposit periodic jobs
GENERAL
PROXY SETTING
key default possible description

value values
general.proxy.host Proxy host. If not specified, proxy will not be

hostname used.
IP
address
general.proxy.port number If host specified, must not be empty.
general.proxy. string Proxy login name.

username
general.proxy. string Proxy password. If login specified, must not be

password empty.
YSoft SafeQ 5 3133

February 03, 2016
PAYMENT SYSTEM
key default value possible values description
paymentSystem. internal- Indicates where will be money stored:

type payment- internal-
system payment- internal-payment-system: PS database
system external-payment-system: external
external- Payment functionality provider
payment-
system
CERTIFICATE WATCHDOG

value values
certificate.watchdog. 120 number Days to certificate expiration. After this time the system
warnDays starts notifying administrator.
certificate.watchdog. 30 number Days to certificate expiration. After this time the system
errorDays starts warning administrator.
certificate.watchdog. 0 0 0 * * cron Interval in m. How often certificates will be checked.

cron * expression (default every day)
PAYMENT MACHINES

value values
spm.statistics. 0 */15 * cron Configuration for payment machines statistics logging. Defines
dump.cron *** expression how often a statistics about payment machine are generated.
spm.dumpfile path to Path to dump file.

dump file
spm.timeout. 0**** cron Defines how often the system try to disconnect timeouted
check.cron * expression payment machines. (default every minute)
PERFORMANCE STATISTICS

value values
statistics.dump. 0 */15 * * cron System performance statistics logging. How often a period
cron.period ** expression statistics are performed.
statistics.dump. 0 0 0,12 cron System performance statistics logging. How often a total
cron.total *** expression statistics are performed.
YSoft SafeQ 5 3134

February 03, 2016
LICENSE PORTAL SETTING
key default value possible description

values
com.ysoft. https://activate.ysoft.com/lic-act? URL Contains URL of portal for an online

payment. integrityKey={integrityValue} activation of YSoft Payment System.
licenseportal.url
NOTIFICATION SUPPORT
This section is describer on the separate page - Configuring Credit-based Notifications
JAVASCRIPT LOCALIZATION
key default value possible description

values
javascript. js_messages filename Javascript has its own localization files. (validation
localization. messages, datepicker, select boxes, ...) This
bundleName property defines bundle name of localization file.
javascript. js_messages_fix filename This bundle of localization files contains some

localization. internationalization fields like decimal separator or
bundleName-fix date pattern for a datepicker. The properties of this
file are not sent to translation process.
DATABASE CONFIGURATION
MAIN YSOFT PAYMENT SYSTEM DATABASE
database. H2 Database vendor describes the

vendor PostgreSQL database engine being used
MSSQL
MySQL
Oracle
H2
database. jdbc:h2:mem:clearing; string Database URL - connection string to the

url DB_CLOSE_DELAY=-1; main YSoft Payment System database
MVCC=true (dependent on the database engine)
database. sa string Database username - username of user

username used to connect to main YSoft Payment
System database
database. string Database password - password of user

password used to connect to main YSoft Payment
System database
YSoft SafeQ 5 3135

February 03, 2016
CONNECTION POOL

value values
database.transactionTimeout 5 number The number of seconds, which describe the

timeout for all transaction based operations.
Values around 30 seconds should be optimal.
Values bigger than 60 seconds are nor
recommended, because of possible database
deadlocks.
database. 1 number Initial number of connections in the pool

initialConnectionPoolSize
database. 20 number Maximum number of open prepared statements

maxOpenPreparedStatements per connection. 0 for no limit
database. 60 number The maximum number of active connections that

maxActiveConnections can be allocated at the same time. -1 for no limit
database. 0 number The minimum number of connections that can

minimumIdleConnections remain idle, without extra ones being created. 0 to
create none.
database. -1 number The maximum number of connections that can

maximumIdleConnections remain idle, without extra ones being released. -1
for no limit.
database. 60000 number The number of milliseconds to sleep between runs

timeBetweenEvictionRunsMillis of the idle connection cleanup thread.
database. 60000 number The minimum amount of time a connection may sit
minEvictableIdleTimeMillis idle in the pool before it is eligible for eviction.
DATABASE SCHEMA

value values
database. changelog. liquibase Mainly it is used for default initialization of database structure
changelog xml changelog and default configuration records . This file can contain also
filepath updates of database schema and records. This file has to be
according to rules of Liquibase (http://www.liquibase.org/).
YSoft SafeQ 5 3136

February 03, 2016
UI/API CONFIGURATION
CASHDESK UI

value values
cashdesk. https The channel clients are required to communicate through with
channel http cash desk.
https WARNING: setting this property to anything other than
any https bypasses SSL!
cashdesk. true Flag indicating whether cashdesk resources should be

cacheResources true cached. (server side resources - html templates, ...)
false
cashdesk. false Flag indicating whether to apply custom cashdesk theme,

applyTheme true whether to use default cascade styles (css).
false
ADMINISTRATION UI

value values
web.customer. https The channel clients are required to communicate through with
channel http customer web.
web. https The channel clients are required to communicate through with
administration. http administration.
channel https WARNING: setting this property to anything other than
web. true Flag indicating whether administration resources should be

cacheResources true cached. (server side resources - html templates, ...)
false
web. false Flag indicating whether to apply custom cashdesk theme,

applyTheme true whether to use default cascade styles (css).
false
YSoft SafeQ 5 3137

February 03, 2016
REST API

value values
restApi. https The channel clients are required to communicate through the
channel http REST API
AUTHORIZATION/AUTHENTICATION
USER MANAGEMENT
authentication. standalone- How to authenticate users, the options are:

type user- standalone-
management user- standalone-user-management: a database
management is queried to authenticate users
safeq-user- safeq-user-management: safeq's
management authentication service is used to
authenticate users
authentication. 0 */2 * * * * cron expression How often should be user management checked.
watchdog. (2 min default) Indicates that a user management
cron is reachable. In case the user management is
unreachable, then new incident is reported. New
incident is reported in case the user management
is reachable again.
SIGN-ON AUTHENTICATION
key default possible values description

value
sign-on. form-sign- Sets method of signing on.

type on form-sign-
on sso-sign-on: via Windows Single Sign-On
sso-sign- authentication
on form-sign-on: via form sign on
YSoft SafeQ 5 3138

February 03, 2016
PAYMENT GATEWAYS
PAYMENT GATEWAY AVAILABILITY

value values
payment.gateway.watchdog. 0 */2 * * * * cron expression How often check if payment gateway is

cron ok.
OPEN DEPOSIT PERIODIC JOBS

value values
pendingDeposits.retry. 0 0/15 * * cron How often should pending deposits be retried.

cron ** expression
pendingDeposits.retry. 10 number How long after the deposit start should PS retry
delayMinutes pending deposits.
openDeposits.expiration. 000*** cron How often should open deposits be cleaned up.
cron expression
6.5.5 ADVANCED CONFIGURATION OF PAYPAL GATEWAY PLUGIN
Page content
All mandatory configuration could be managed during installation (Installing Payment Gateway Plugins
). Once the PayPal Gateway Plugin is installed, you can use this guide to change existing or set advanced
options.
1. Open file located at <yps_home>/payment-conf/paypal-configuration.properties

2. Add or edit any configuration entry according to the table below.
3. Save configuration file.
4. Restart YSoft Payment System service to apply new settings.
Option Description
paypal.paymentSystemUrl
YSoft SafeQ 5 3139

February 03, 2016
Option Description
URL pointing to PS REST API used for Payment Gateway integrations

default: https://localhost:8443/payment-system/api/v1/paymentgateway
/deposit
paypal.channel Whether the PayPal Integration UI should require HTTPS or HTTP

connections
default: https
paypal.paymentExpirationDays The number of days after which retrying of PayPal payments stops. 30
is the number of days after which PayPal itself expires its payments.
default: 30
paypal. The number of hours after which completed deposits are removed
completedDepositCleanupHours from the database.
default: 1
paypal.depositCleanupDays Number of days after which deposits are removed from the database.
default: 60
paypal. How often should pending deposits be retried.

retryPendingDepositsCron default: 0 0/10 * * * ?
paypal. How often should pending deposits be check for expiration.

expirePendingDepositsCron default: 0 0 0 * * ?
paypal.cleanupDepositsCron How often should deposits be cleaned up.

default: 0 0 * * * ?
paypal.depositItemName Text that appears as the item name in PayPal.

default: Deposit
paypal.useHttpProxy If set to true, PayPal will be contacted through a proxy (note that
Payment System will always be contacted directly)
default: false
paypal.httpProxyHost Proxy host.

default: localhost
paypal.httpProxyPort Proxy port.

default: 3128
paypal.httpProxyUserName Proxy authentication username.
paypal.httpProxyPassword Proxy authentication password.
paypal.database.vendor Database vendor (e.g. H2, MSSQL, PostgreSQL, ...)

default: H2
paypal.database.url
YSoft SafeQ 5 3140

February 03, 2016
Option Description
Database connection string.

default: jdbc:h2:mem:paypal-integration;DB_CLOSE_DELAY=-1;
MVCC=true
paypal.database.username Database username.

default: sa
paypal.database.password Database password.

(required)
paypal.returnUrlPrefix The string that URLs sent to PayPal get prefixed with. For example if
this property is set to 'https://example.com' than the confirmation URL
sent to PayPal will look like this: 'https://example.com/deposit/123
/payment-confirmed-by-paypal'. This is done to allow the integration
module to sit behind a proxy with a public name without URL rewriting.
(required)
paypal.clientId PayPal's "username". (PayPal API app Client ID)

(required)
paypal.clientSecret PayPal's "password". (PayPal API app Secret)

(required)
paypal.serviceEndpoint PayPal's service URL (e.g. https://api.paypal.com).

(required)
paypal. PS' username. (the user has to have the appropriate rights set up in
paymentSystemUsername PS)
(required)
paypal. PS' password.

paymentSystemPassword (required)
6.5.6 ADVANCED CONFIGURATION OF DIBS GATEWAY PLUGIN
Page content
All mandatory configuration could be managed during installation (Installing Payment Gateway Plugins).
Once the DIBS Gateway Plugin is installed, you can use this guide to change existing or set advanced
options.
YSoft SafeQ 5 3141

February 03, 2016
1. Open file located at <yps_home>/payment-conf/dibs-configuration.properties

2. Add or edit any configuration entry according to the table below.
3. Save configuration file.
4. Restart YSoft Payment System service to apply new settings.
Option Description
dibs.paymentSystemUrl URL pointing to PS REST API used for Payment Gateway integrations
default: https://localhost:8443/payment-system/api/v1/paymentgateway
/deposit
dibs.channel Whether the DIBS Integration UI should require HTTPS or HTTP

connections
default: https
dibs.paymentExpirationDays The number of days after which retrying ofDIBS payments stops.
default: 30
dibs. The number of hours after which completed deposits are removed
completedDepositCleanupHours from the database.
default: 1
dibs.depositCleanupDays Number of days after which deposits are removed from the database.
default: 60
dibs.retryPendingDepositsCron How often should pending deposits be retried.

default: 0 0/10 * * * ?
dibs. How often should pending deposits be check for expiration.

expirePendingDepositsCron default: 0 0 0 * * ?
dibs.cleanupDepositsCron How often should deposits be cleaned up.

default: 0 0 * * * ?
dibs.useHttpProxy If set to true, DIBS will be contacted through a proxy (note that
Payment System will always be contacted directly)
default: false
dibs.httpProxyHost Proxy host.

default: localhost
dibs.httpProxyPort Proxy port.

default: 3128
dibs.httpProxyUserName Proxy authentication username.
dibs.httpProxyPassword Proxy authentication password.
YSoft SafeQ 5 3142

February 03, 2016
Option Description
dibs.database.vendor Database vendor (e.g. H2, MSSQL, PostgreSQL, ...)

default: H2
dibs.database.url Database connection string.

default: jdbc:h2:mem:dibs-integration;
DB_CLOSE_DELAY=-1;MVCC=true
dibs.database.username Database username.

default: sa
dibs.database.password Database password.

(required)
dibs.returnUrlPrefix The string that URLs sent to DIBS get prefixed with. For example if this
property is set to 'https://example.com' than the confirmation URL sent
to DIBS will look like this: 'https://example.com/deposit/123/payment-
confirmed-by-dibs'. This is done to allow the integration module to sit
behind a proxy with a public name without URL rewriting.
(required)
dibs.dibsUrl DIB's service URL

default: https://payment.architrade.com/paymentweb/start.action
dibs.transactionInfoUrl DIBS's transaction info URL

default: https://payment.architrade.com/cgi-bin/transinfo.cgi
dibs.transactionStatusUrl DIBS's transaction status URL

default: http://payment.architrade.com/transstatus.pml
dibs.username Username of DIBS merchant's account.

(required)
dibs.password Password of DIBS merchant's account.

(required)
dibs.md5.key1 Merchant key for payments

(required)
dibs.md5.key2 Merchant key for payments

(required)
dibs.merchantId (required)
dibs.gateway.language # da=Danish, en=English, de=German, es=Spanish, fi=Finnish,

fo=Faroese, fr=French, it=Italian, nl=Dutch, no=Norwegian, pl=Polish
(simplified), sv=Swedish, kl=Greenlandic
(required)
dibs.gateway.allowedCards
YSoft SafeQ 5 3143

February 03, 2016
Option Description
See link http://tech.dibspayment.com/toolbox/paytypes for possible

values
(required)
dibs.currencyUnit The smallest unit of an amount in the selected currency (e.g. 0.01)
(required)
dibs.paymentSystemUsername PS' username. (the user has to have the appropriate rights set up in
PS)
(required)
dibs.paymentSystemPassword PS' password.

(required)
dibs.testMode true/false. Tell to DIBS that the requests are in test mode.
default: false
1 Open file .../<ysoft_payment_system_home>/payment-conf/dibs-configuration.properties
2 Add or edit any configuration entry according to the table.
Save configuration file.
3 Restart YSoft Payment System service to apply new settings.
6.6 USAGE
This section describes basic workflows, features of YSoft Payment System and it's usage. All
features described here can be maintained using Administration web interface dedicated for
system administrators and Cashdesk web interface dedicated for cash desk operators.
6.6.1 ADMINISTRATION WEB INTERFACE
Page content
Overview
Logging in/out
Logging in
Logging out
Management
Accounts
Cash desks
YSoft SafeQ 5 3144

February 03, 2016
Payment Machines
Periodic recharges
API Users
Payment Gateways
System incidents
Reports
Filter description
Vouchers
Configuration
License
Notifications
Cash desks
OVERVIEW
Administration web interface is dedicated for system administrators. It is divided into two main sections:
Management – allows administrators to manage (create, modify, delete) any objects that are in YSoft
Payment System
Configuration – allows administrators to configure different settings and features for YSoft Payment
System and for Cash Desk as well.
Payment System application is installed as part of YSoft Payment System. See Installing YSoft Payment
System for more details.
Following table describes elements that are used globally in this UI.
Element Description
Language selection Language can be selected in the top right corner of the page. Currently selected
language is indicated by country flag. Selected language is not applied to whole
system, just on YSoft Payment System Administration web interface.
Filtering Filtering is available on pages where is presumption of having many items (e.g.
Accounts). Filters are always located in the top of the page.
Sorting Sorting is also available only on pages where we expect high number of items.
Sorting can be done almost by any column by clicking column header. Arrow is
indicating ascending ( ) or descending ( ) sorting.
Items per page and Some of the pages also contains option to limit number of items displayed per
pagination page (10, 25, 50 or 100) and pagination.
Limit for items per page can be set easily by clicking on these numbers.
Pagination can be used to list items in cases they cannot fit on one page.
Bulk actions
YSoft SafeQ 5 3145

February 03, 2016
Element Description
On pages with list view of items, there are bulk actions available. Type of the
actions are based on buttons located under the items list.
To perform bulk select items on the page by clicking check boxes next to the
items you want to edit and use one of the action buttons located under the list.
Object details by View On pages with list view of items, there are also View button on the right side of
the item line. By clicking this button, you can display item details.
LOGGING IN/OUT
Before logging to Administrative web

interface, following prerequisites have
to be met:

connected to YSoft SafeQ
server
User with role safeq admins
available in YSoft SafeQ
YSoft Payment System and
YSoft SafeQ are running
LOGGING IN
1. Go to URL https://<server-ip-
address>:8443/payment-system
or click shortcut created on
desktop on computer where
installed
2. Enter credentials of user with
administrator rights
For more info see: Integration of
YSoft Payment System with
YSoft SafeQ
3. Click Sing in
Inactive user will be

YSoft SafeQ 5 3146

February 03, 2016
LOGGING OUT
Log out from Administrative web can be

performed by clicking Sign out button in
top right corner. Or user is logged out
automatically when inactive for specified
time period.
MANAGEMENT
This section describes all tabs available in Administration web interface related to management of items and
usage of features in YSoft Payment System.
ACCOUNTS
Customer accounts which can be managed on this tab are representing users and should be mapped to the
users of external system (e.g. user in YSoft SafeQ) based on unique ID.
Do not use this tab for creating, deleting or editing customer accounts if YSoft Payment System is
used together with YSoft SafeQ. In such cases follow this guide: Managing money accounts
CASH DESKS
Cash desks in YSoft Payment System represent places where users can ask responsible person to charge
/withdraw credit, check balance/transaction history or refund transaction. To use this cash desks, you have
to log into Cash Desk web interface. For more info see: Cashdesk web interface
YSoft SafeQ 5 3147

February 03, 2016
CREATE NEW CASH DESK
1 Click button Create cash desk
2 Fill in required values:
Type: type of cash desk. General allows to view all customer virtual account balances. Merchant
is limited to display of virtual accounts bound to selected Merchant.
Merchant: Merchant account in case cash desk type Merchant is selected.
Name: cash desk unique name
Initial balance: initial balance, for cash desk as equal operation to Deposit into cash desk. Leave it
blank, if you don't want to deposit money into cash desk now.
Enable display of account history: if allowed, transaction history for money account can be
displayed in Cash Desk web interface.
Initial status: status of newly created cash desk. Disabled cash desks are not visible in Cash Desk
web interface.
Assigned operators: users with access to Cash Desk web interface, which will be able to use this
cash desk.
3 Click Create cash desk to save it.
Now all assigned operator will see this cash desk in Cash Desk web interface if has status Enabled.
YSoft SafeQ 5 3148

February 03, 2016
PAYMENT MACHINES
This section contains list of all YSoft SafeQ Payment Machines registered to YSoft Payment System. You
can authorize or deauthorize specific YSoft SafeQ Payment Machine using action buttons. By clicking
"view" you can see details of selected YSoft SafeQ Payment Machine.
The details contain authorization status and list of closures. You can rename or change authorization status
using action buttons.
To connect new Payment Machine follow this guide: Configuring Payment Machine
PERIODIC RECHARGES
Periodic recharges represent a rule that adds defined amount of credit to selected user's virtual money
account on periodic basis.
YSoft SafeQ 5 3149

February 03, 2016
CREATE PERIODIC RECHARGE
1 Click button Create periodic recharge
Name: name of periodic recharge
Description (optional): description of periodic recharge
Assigned merchant: merchant to which is the periodic recharge bound. Periodic recharge adds
amount to selected user's virtual account which is bound to this merchant.
Type: defines whether periodic recharge recharges by amounts (adds money to virtual money
account) or recharges to amount (sets virtual money account balance to specific value)
Amount: amount of money account will be recharged by / to
Recurrence: defines frequency metric the account will be recharged. Based on the type of
recurrence selected, the field the next field is chosen from alternatives (Period in days, Day of the
week, Day of month, Month + day of month or none)
Start: date the periodic recharge will start to function
Status: periodic recharge can be created as enabled or disabled
YSoft SafeQ 5 3150

February 03, 2016
NOTE: Users can be assigned from periodic recharge details using "view assigned" button in
Customers field
3 Click Create periodic recharge to save it.
API USERS
This section represents list of merchants (users) that have access to YSoft Payment System API. Using
action buttons you can enable, disable, remove or create new API user.
CREATE NEW API USER
1 Click button Create API user
Name: username for authentication
Password: password for API user authentication
Status: initial status new API user will have, can be disabled or enabled
Access to: defines permission for different REST APIs of YSoft Payment System - Merchant API,
Cashdesk API, Admin API, Balance Management API.
3 Click Create API user to save it.
There are 3 statuses of API user:
YSoft SafeQ 5 3151

February 03, 2016
enabled - Is allowed to do operations. Can be disabled (by administrator using action button) or
locked (automatically by system in case of multiple unsuccessful login attempts)
disabled - Is not allowed to do operations. Can be enabled (by administrator using action button) or
locked (automatically by system in case of multiple unsuccessful login attempts)
locked - Is not allowed to do operations. Can be enabled (by administrator using action button)
PAYMENT GATEWAYS
Payment Gateways tab allows you to manage or connect YSoft Payment System Plugins if installed. For
more info about installation see Installing Payment Gateway Plugins.
YSoft SafeQ 5 3152

February 03, 2016
CONNECT NEW YSOFT PAYMENT SYSTEM PLUGINS
1 Click button Create connection to plugin
Fill in required values. Replace <server-ip-address> with actual payment system IP address ( do not
use localhost):
Name: any text, but take into mind that this name will be displayed to a user on money deposit page
URL: use one of provided templates based on gateway vendor
for DIBS: https://<server-ip-address>:8443/dibs-integration/api/v1

for PayPal: https://<server-ip-address>:8443/paypal-integration/api/v1
Icon URL: you can use any valid URL of your favorite icon, here are examples of our default icons
(you can change it to https if you wish)
for DIBS: http://<server-ip-address>:8080/dibs-integration/assets/icon.png

for PayPal: http://<server-ip-address>:8080/paypal-integration/assets/icon.png
Status: status of newly connected Payment Gateway Plugin. Disabled gateways cannot be used for
money deposit.
YSoft SafeQ 5 3153

February 03, 2016
Require confirmation of Terms and Conditions: Check when Terms and Conditions are required.
Terms and Conditions: fill in text of Terms and Conditions.
3 Click Connect to save new connection.
New gateway will be saved only if your URL is valid and it can connect to a running plugin.
SYSTEM INCIDENTS
System incidents section is used as:
1. Early warning system - to notify system administrator about urgent situations needed to be fixed
ASAP (for example "payment gateway is down" - sysadmin should fix it before first user would be
affected)
2. Suspicious activity detection - to detect risky or unusual activity in system and let admin check the
risks related
Every incident has its importance level (severity), source (where it occurred - e.g., SafeQ transactions,
YSoft SafeQ Payment Machine, Payment Gateway, Cash desk), date of occurrence, description and detail.
Detail contains more information about incident (e.g., session ids, customer info) and error_id - reference to
log (allowing administrator to search for more details about problem).
The list grouped incidents contains list of all incidents grouped by severity, incident source and
descriptions. You can see list of specific incidents by clicking to "view" or "view all" button.
Incident description is available only in English.
REPORTS
Section reports contain list of all transactions happening in YSoft Payment System. Each
transaction contains information about balance change the column Balance change and balance value
"personal balance (virtual balance)" after this transaction in the column Final balance.
You can narrow the search using specific dates, types of transactions, user accounts or specific API users.
YSoft SafeQ 5 3154

February 03, 2016
FILTER DESCRIPTION
Type
Filter transactions by their types. Different transactions has a different type.
Balance decrease - decrease a virtual balance for a specific merchant of a customer

Balance increase - increase a virtual balance for a specific merchant of a customer
Balance reset - increase a virtual balance for a specific merchant of a customer
Cash desk deposit - deposit money to a specific customer's account through a cash desk
Cash desk withdrawal - withdraw money from a specific customer's account through a cash desk
Debt registration - one of customer's transactions registered/created new debt
Debt write off - a part (or whole) of customer's debt was paid off
Deposit via payment gateway - customer deposited some money to his/her YPS account through a
payment gateway
Initial imported debt - debt created during creation of a new imported customer (a debt from a
previous payment system)
Initial imported deposit - initial balance of a new imported customer (a balance of an account from
a previous payment system)
Money transfer - money transferred by one step transaction
Recharge event - virtual money deposited by a periodic recharge
Transaction refund - partly or fully refunded a customer's transaction
Transaction settlement - settled customer's reservations (finish step of microtransaction)
Voucher redemption - redemption of a voucher. Deposit money to a customers's account by a
voucher through a YSoft Wallet or Cash Desk
YSoft Payment Machine deposit event - deposited money through a YSoft Payment Machine
Customer
Suggestion select box for filtering of transactions by customer's username or name.
Start typing customer's username/name and list of customers is displayed. Then select the correct
customer.
Merchant
Suggestion select box for filtering of transactions by merchant's name.
Start typing merchant's name and list of merchants is displayed. Then select the correct customer.
Creation date
Filter transactions by date range. Transaction creation date has to be between the selected dates. If a date
field is empty then there is no restriction for filtering by from or to date.
Filter
Filter transactions by selected filtering options.
Reset
Reset the filtering.
VOUCHERS
Vouchers represent a smart way of recharging user accounts, connecting easy setup and low cost of
ownership with self-service.
Please learn how to set up and process vouchers by following Vouchers guide.
YSoft SafeQ 5 3155

February 03, 2016
CONFIGURATION
This section describes all tabs available in Administration web interface related to general configuration
YSoft Payment System or specific settings for applied e.g. for Cash Desk web interface.
LICENSE
License tab will provide you with information about activation of whole YSott Payment System.
For full activation YSoft Payment System proper integration have to be set with YSoft SafeQ5. For more info
see: Integration of YSoft Payment System with YSoft SafeQ
NOTIFICATIONS
YSoft Payment System provides you with possibility to receive regular notifications as a administrator or as
a account owner.
There are four types of notifications available:
Account balance – notification is issued once, when credit balance on money account goes under
defined balance limit
Transaction – notification is issued once, when any transaction is performed on money account
Account statement – notification is issued periodically and informs about all transactions performed
on money account for defined period
Transaction history – notification is issued periodically and informs administrator about all realized
transactions in YSoft Payment System for defined period
Each notification can be customized using WYSIWYG editor and variables related to current type of
notification. To apply changes in notifications configuration or email body, Save button have to be clicked for
each notification separately.
NOTE: This feature requires advanced configuration like SMTP servers, cron rules, etc. For more info
see: Configuring Credit-based Notifications
CASH DESKS
Defines configuration for usage of Cash desks. You can define rules for rounding, minimal amount for
withdrawal. You can also define the format of receipts.
NOTE: You can hover your cursor over the (tooltip) icon for more info about each option.

In this section you can define global system configuration of YSoft Payment System, for example VAT,
maximum age of reservation / pending deposit and much more.
NOTE: You can hover your cursor over the (tooltip) icon for more info about each option.
6.6.2 CASHDESK WEB INTERFACE
Page content
YSoft SafeQ 5 3156

February 03, 2016
Overview
Types of cash desks
Logging in/out
Operating cash desks
List of cash desks
Open and close cash desk, cash desk details
Money deposit and withdrawal to/from cash desk
Cash desk closures
Operating customer accounts
Open money account
Money deposit and withdrawal to/from customer account
Refund transaction
Redeem voucher
Transaction history
OVERVIEW
Cash Desk web interface is dedicated for cash desk operators as front desk agents, who manipulates with
cash and can provide basic operations with customer accounts (cash deposit or withdrawal, transaction
refunds, vouchers redemption, etc) and cash desk (opening and closing cash desks, money deposit or
withdrawal, financial closures, etc).
Cash Desk application is installed as part of YSoft Payment System. See Installing YSoft Payment System
for more details.
To change language click flash in top menu right corner and select any available language.
TYPES OF CASH DESKS

Cash desk can be configured in administration as General or Merchant.
Operator operating a General cash desk can see customer's personal and all virtual accounts. Operator can
perform deposit and withdraw operations on personal account and deposit operation on virtual accounts.
Operator operating a Merchant cash desk can see only total balance consisting of personal account balance
and virtual account (bound to configured merchant) balance. Operator can only deposit to virtual account or
do refunds.
YSoft SafeQ 5 3157

February 03, 2016
LOGGING IN/OUT
Before logging to Cash Desk web

interface, following prerequisites have
to be met:

connected to YSoft SafeQ
server
User with role cash desk
operators available in YSoft
SafeQ
YSoft Payment System and
YSoft SafeQ are running
LOGGING IN
1. Go to URL https://<server-ip-
address>:8443/payment-system
/cash-desk
or click shotcut created on
desktop on computer where
installed
2. Enter credentials of user with
cash desk operator rights
For more info see: Integration of
YSoft Payment System with
YSoft SafeQ
3. Click Sing in
Inactive user will be

LOGGING OUT
Log out from Cash Desk web can be

performed by clicking Sign out button in
top right corner. Or user is logged out
automatically when inactive for specified
time period.
YSoft SafeQ 5 3158

February 03, 2016
OPERATING CASH DESKS
This part describes all possible operations with assigned cash desks in Cash Desk web interface.
YSoft SafeQ 5 3159

February 03, 2016
LIST OF CASH DESKS
After logging in, cash

desk operator can see
list of assigned cash
desk which are not
disabled. Cash desk
can be assigned to
selected operators in
Administration web
interface#Cashdesks.
In the list you can see

basic info for each
cash desk:
Name –
name
defined
for cash
desk
Current
balance
–
balance
of cash
desk
should
reflect
amount
of
physical
money in
cash
desk
Status –
Open –
you or
other
operator
has
opened
the cash
desk and
did not
close it
YSoft SafeQ 5 3160

February 03, 2016
yet. In
operating
in this
cash
desk
Close –
nobody
is
operating
in cash
desk,
that it
can be
opened
and used
by
clicking
Open
cash
desk
Current
operator
– name
of the
operator
who
opened
and did
not close
the cash
desk yet
NOTE: All cash

desks can be forcibly
closed using
Administration web
interface#Cashdesks
YSoft SafeQ 5 3161

February 03, 2016
OPEN AND CLOSE CASH DESK, CASH DESK DETAILS
If you want
to use any
of available
cash desk,
click Open
cash desk.
If cash
desk was
already
opened you
can get
back into
cash desk
by clicking
Return to
cash desk
button .
In top right
corner you
can see
cash desk
balance. In
order to
check last
activity in
cash desk
click
Activity log
at the
bottom of
the screen.
List of
activities
will be
displayed
ordered by
date and
time.
After you
are done
with
currently
YSoft SafeQ 5 3162

February 03, 2016
opened
cash desk
click Leave
cash desk.
Cash desk
will be
properly
closed and
you will be
redirected
back to list
of cash
desks.
YSoft SafeQ 5 3163

February 03, 2016
MONEY DEPOSIT AND WITHDRAWAL TO/FROM CASH DESK
To deposit money to
cash desk follow, these
steps:
1. Click Deposit
into cash desk
button and
window Deposit
money into cash
desk will appear
2. Fill in the
amount and
optionally the
purpose
3. Click Deposit
and transaction
will be saved
To withdrawal money
from cash desk, follow
these steps:
1. Click Withdraw
from cash
desk button and
window
Withdraw money
from cash desk
will appear
2. Fill in the
amount and the
purpose,
alternatively use
Select
everything
button
3. Click Withdraw
and transaction
will be saved
After
successful deposit or
withdrawal, cash desk
YSoft SafeQ 5 3164

February 03, 2016
balance is decreased
and transaction is
visible in Activity log.
When using
YSoft
Payment
System with
YSoft SafeQ,
it might not be
possible to
withdraw all
money visible
on customer's
account. This
is caused by
very small
value missing
on customer's
account.
The behavior
is caused by
limitation of
YSoft SafeQ
described
here.
YSoft SafeQ 5 3165

February 03, 2016
CASH DESK CLOSURES
Cash desk closure

simulates financial
closure (e.g. at the
end of the day). It
can be performed
by following these
steps:
1. Click
Perform
cash desk
closure
button
2. In following
screen, click
Perform
closure
button to
proceed
closure.
When closure was

performed, closure
report appears with
list of operations
on cash desk since
last closure. Here
you can see or
reprint receipts for
operations
performed on
customer
accounts. Also
whole report can
be printed by
clicking Print
closure button in
the bottom.
List of all
closures performed
by currently logged
in operator for all
YSoft SafeQ 5 3166

February 03, 2016
assigned cash
desks can be
viewed by clicking
Closures in top
page menu.
Optionally you can

filter, sort or list
pages with
closures. To see
details of certain
closure click View
on right side
of selected line.
OPERATING CUSTOMER ACCOUNTS

This part describes all possible operations with money accounts in Cash Desk web interface. Before
operating with customer accounts, you have to first open cash desk.
YSoft SafeQ 5 3167

February 03, 2016
OPEN MONEY ACCOUNT
You can open customer

account by:
Entering username
– enter user’s name
to the field and click
Open button. Writing
down first two
characters cash desk
will display list of
users who match
written string.
Identify user with
card number – you
can also identifying
user by card (in case
card is assigned to
him) by following
these steps:
Click
Identify
user
with
card
and
window
"Enter
card
number"
will
appear
Swipe
users
card on
reader
attached
to the
computer
or
Enter
user's
card
number
and
YSoft SafeQ 5 3168

February 03, 2016
click
Open
When user has

been successfully identified
customer account screen is
displayed.
After opening
customer account
you can see
account details
and also perform
various actions
which are
described below.
Click Close to
close customer
account and you
will be redirected
back to cash
desks.
YSoft SafeQ 5 3169

February 03, 2016
MONEY DEPOSIT AND WITHDRAWAL TO/FROM CUSTOMER ACCOUNT
To deposit money to
customer account,
follow these steps:
1. Click Deposit
button and
window Deposit
money will
appear
2. You have
possibility to
select where
deposit should
be performed by
radio buttons
Deposit into
(this option is not
available for
merchant type of
a cash desk,
there is possible
to deposit
money only on a
virtual account)
a. Personal
account -
an
amount is
deposit
on the
personal
account
of the
customer
b. Virtual
account -
an
amount is
deposit
on a
virtual
account
of the
customer
YSoft SafeQ 5 3170

February 03, 2016
based on
selected
merchant
3. Fill in the
amount you
want to add to
customer
account
4. Click Deposit
and transaction
will be saved
5. When deposit is
processed
deposit receipt (
it is displayed
only for a
deposit on a
personal
account) is
displayed with
receipt number,
cash desk name,
customer name,
deposit amount
and date.
Print receipt by
clicking Print
receipt button or
close without
printing by
clicking Close
button.
To withdrawal money
from customer account,
follow these steps:
1. Click Withdraw
and window
Withdraw money
will appear
2. Fill in the
amount you
want to
withdrawal from
customer
YSoft SafeQ 5 3171

February 03, 2016
account,
alternatively use
Select
everything
button.
3. Click Withdraw
and transaction
will be saved
4. When withdrawal
is processed
deposit receipt is
displayed with
receipt number,
cash desk name,
customer name,
deposit amount
and date.
Print receipt by
clicking Print
receipt button or
close without
printing by
clicking Close
button.
After successful deposit

/withdrawal account
balance and cash desk
balance are increased
/decreased and
transaction is visible in
Activity log.
YSoft SafeQ 5 3172

February 03, 2016
REFUND TRANSACTION
Cash desk operator can refund

all charged transactions on
selected customer account in
case refunding is allowed in
Administration web
interface#YSoftPaymentSystem
To refund transaction follow

these steps:
Click Refund and

window Refunds
with all
transactions will
appear
Choose
transactions
which can be
refunded by
clicking Select.
Refund details
will be displayed.
Enter the amount
you want to
refund, optionally
use Select
everything
button, enter the
reason and click
Refund
When operation
was already
partially refunded
you can refund
the rest or part
up to remaining
amount.
When refund is
processed
Refund receipt is
displayed with
receipt number,
cash desk name,
customer name,
YSoft SafeQ 5 3173

February 03, 2016
claimed for,
reason, refunded
amount and date.
Print receipt by
clicking Print
receipt button or
close without
printing by
clicking Close
button.
After successful refund

account balance is increased,
cash desk balance decreased
and transaction is in Activity
log.
YSoft SafeQ 5 3174

February 03, 2016
REDEEM VOUCHER
Redeem voucher
Click
Redeem
voucher
button
and
window
Redeem
voucher
will
appear
Enter
voucher
code
and
click
Redeem
button
After successful
redemption account
balance is increased,
voucher number is
deactivated and
transaction is in
Activity log.
YSoft SafeQ 5 3175

February 03, 2016
TRANSACTION HISTORY
Cash desk
operator can see
also transaction
history for opened
customer account,
in case this feature
is enabled for
particular cash
desk which you are
operating in.
Click Account
history and list of
all transactions
performed for this
account will
appear.
Optionally you can

filter, sort or list
pages with
transactions
6.6.3 WORKING WITH PAYMENT SYSTEM
Page content
Reservations
Manual reservation cancellation
Automatic reservation cancellation
Overdrawn transactions
Deny overdrawing
Allow if enough credit on account
Allow and register debt if necessary
Debt tracking
Session timeout
Transaction timeout
YSoft SafeQ 5 3176

February 03, 2016
RESERVATIONS
Reservation represents money blocked on user's money account – this money stays on the money account,
but cannot be used by any user, process or for another reservation.
The purpose of reservations is to block a reasonable amount of money before a transaction happens, so
there is lower risk of account with not enough money to settle transaction. If such a situation happens
anyway, a debt is created.
WHEN ARE RESERVATIONS CREATED?

A reservation is created when Broker (Payment System) receives request from Vendor (e.g. SafeQ) to block
specified amount of money on specified account.
WHEN DO RESERVATIONS DISAPPEAR?

Reservations disappear in the following 2 cases:
The transaction is settled

The transaction was not finished and reservation cancelled
In certain cases reservation is not cancelled by receiving settlement call . In such cases, administrator has
following possibilities to unblock the reserved amount of money and make it available for other processes.
MANUAL RESERVATION CANCELLATION
In Administration web interface, administrator can open user's account and list through existing
reservations. Clicking on Cancel button, reservation will be cancelled.
AUTOMATIC RESERVATION CANCELLATION
In Administration web interface, administrator can define value for Expiration of reservations as the
maximum age of any reservation. When this age is exceeded, the reservation is cancelled automatically.
Default value is 168 hours (7 days).
YSoft SafeQ 5 3177

February 03, 2016
OVERDRAWN TRANSACTIONS
Defines the overdrawn option for print, copy or scan operations. Overdrawing of transactions can be set into
the 3 overdrawing modes:
Deny overdrawing
Allow if enough credit on account
Allow and register debt if necessary
These settings can be set in the administration part of YSoft Payment System -> YSoft Payment System ->
Overdrawn transactions.
DENY OVERDRAWING
Transaction settlements higher than the total sum of reservations are not allowed.
Use case:
Situation: Customer account balance is 30 and minimum balance of the account is set to -15. Customer also
doesn't have any registered debt or reservation.
1. reservation is created for:

a. 50 -> FAIL, the reservation cannot be created (actual account balance - minimum account
balance = 30 - (-15) = 45 => 50 > 45 => FAIL)
b. 35 -> OK, actual account balance is -5
2. continue with reservation for 35
3. settlement is settled for:
a. 32 -> OK
i. the amount is subtracted from the reservation (35 - 32)
ii. the rest of the subtraction (3) is added to the actual account balance
iii. new account balance is -2
b. 36 -> FAIL - settlement is greater than the reservation (36 > 35)
c. 53 -> FAIL - settlement is greater than the reservation (53 > 35)
ALLOW IF ENOUGH CREDIT ON ACCOUNT

Transaction settlements higher than the sum of reservations are allowed only in case the user's current
balance minus minimum account balance is higher than current settlement.
Use case:
Prerequisites => Customer account balance is 30 and minimum balance of the account is set to -15.
Customer also doesn't have any registered debt or reservation.

balance = 30 - (-15) = 45 => 50 > 45 => FAIL)
2.
YSoft SafeQ 5 3178

February 03, 2016

a. 32 -> OK
b. 36 -> OK
i. settlement is greater than the reservation and less than possible (reservation + actual
account balance - minimum balance => 35 + (-5) - (-15) = 45 ) => 35 < 36 < 45
ii. settlement is possible to create
iii. new account balance => actual account balance + reservation - settlement = -5 + 35 -
36 = -6
c. 53 -> FAIL - settlement is greater than => reservation + actual account balance - minimum
balance => 35 + (-5) - (-15) = 45 => 35 < 53 > 45
ALLOW AND REGISTER DEBT IF NECESSARY

Transaction settlements are always allowed. Debt is registered in case the settlement is higher than user's
current balance minus minimum account balance.
Use case:
Prerequisites => Customer account balance is 30 and minimum balance of the account is set to -15.
Customer also doesn't have any registered debt or reservation.

balance = 30 - (-15) = 45 => 50 > 45 => FAIL)
a. 32 -> OK
b. 36 -> OK
i. settlement is greater than the reservation and less than possible balance (reservation +
actual account balance - minimum balance => 35 + (-5) - (-15) = 45 ) => 35 < 36 < 45
ii. settlement is possible to create
iii. new account balance => actual account balance + reservation - settlement = -5 + 35 -
36 = -6
c. 53 -> OK- settlement is greater than => reservation + actual account balance - minimum
balance => 35 + (-5) - (-15) = 45 => 35 < 53 > 45
i. new debt is created => settlement - reservation = 53 - 35 = 18
ii. system automatically withdrew (actual account balance - minimum account balance)
based on existing debt => (actual account balance - minimum account balance) = -5 -
(-15) = 10
iii. debt is updated to - (debt - amount from step ii.) = 18 - 10 = 8
YSoft SafeQ 5 3179

February 03, 2016
DEBT TRACKING
When a transaction settlement is made for an amount higher than the amount of reservation and there is not
enough money on the user's account to cover the settlement, a debt is registered to user. The amount
registered as debt represents amount that was not able to be settled in other way - through settlement of
reservation, remaining money on account or allowed minimal balance. The registered amount equals
settlement amount - reservation amount.
Debt is partially settled anytime money is deposited to the account or made available on account.
The exception is in case YSoft Payment System is used in connection with external payment system,
when YSoft Payment System does not hold actual user balance, but it works as a proxy for external
payment system. Debt settlement in this case does not happen immediately, but in following interval:
5 seconds, 1 minute, 1 hour, 12 hours, 1 day, and then on daily basis. This is to prevent external
payment system from denial of service.
In case there is a debt on the account, the account balance is typically 0 (or equal to minimal
balance) and there is a debt record visible in the YSoft Payment System interface in the user's
account overview.
SESSION TIMEOUT
For security reasons, YSoft Payment System will automatically log out users logged into Administration,
Cash Desk or YSoft Wallet web after 30 minutes of inactivity or in other words no communication with
server. User will see dialog "Your session is about to expire" 5 minutes before reaching this limit. This dialog
includes two buttons:
"Reload page" button will effectively close this dialog, reset the counter, refresh the page and close
all unsubmitted forms (e.g. new periodic recharge in Administration)
"Logout" button will log out current user. It has the same effect as automatic log out.
This means that if you leave unsubmitted form inactive for at least 25 minutes, you will lose filled
information, because of timeout dialog, from which you cannot return to the form! Moving mouse or
filling the form still counts as inactivity, unless it triggers communication with server.
YSoft SafeQ 5 3180

February 03, 2016
TRANSACTION TIMEOUT
YSoft Payment System has a default timeout of 5 seconds for all transaction based operations. Examples
would be listing of transactions in UI or sending a transaction reservation request.
In case you experience occasional timeout error during execution of such transaction based operations, it
is possible that your system infrastructure is not able to finish these operations within 5 seconds. Especially
vulnerable are systems connected to an external payment provider.
As a workaround this limit can be changed in the environment-configuration.properties through option

database.transactionTimeout. See Configuration of YSoft Payment System Connection pool for more
information.
6.6.4 ACCOUNT RECHARGING OPTIONS
Page content
Software solutions
Hardware solutions
This page lists all available options for users to recharge their money accounts in YSoft Payment System.
SOFTWARE SOLUTIONS
CASH DESK WEB INTERFACE

Cash desk represent the basic way to operate YSoft Payment System. It allows operator to manually
deposit to and withdraw from user money accounts. Can be used in combination with other account
recharging options.
Please see the usage described here.
Supported functions:
YSoft SafeQ 5 3181

February 03, 2016
Deposit balance to money account

Withdraw balance from money account
Refund transaction
Define periodic recharge for selected users
Notes:
Requires access by a web browser

Requires online connection to YSoft SafeQ server
Currency and currency symbol is configurable by YSoft SafeQ administrator
Standalone Cash desk interface available
VOUCHERS
Vouchers represent smart way how to recharge user money accounts via self-service and with low cost of
ownership. It allows to define codes that are printed and distributed via any means - kiosks, existing vending
machines or other means.
Administrator to define list of codes and assign money values to them

Cash desk operator to redeem voucher for money to specific user money account via Cash desk
User to redeem voucher for money via self-service
Notes:
Requires access by a web browser

Currency and currency symbol is configurable by YSoft SafeQ administrator
Standalone Cash desk interface available
Standalone self-service redemption available
PAYMENT GATEWAYS
YSoft Payment System allows to recharge user money accounts via payment gateways. It is a good way to
recharge in tech-savvy environment.
YSoft SafeQ 5 3182

February 03, 2016
Deposit money via supported Payment Gateway (PayPal, DIBS, or other via stand-alone plugin)
Display user's account balance
Notes:
Requires access via web browser

Requires online connection to internet
HARDWARE SOLUTIONS
YSOFT PAYMENT MACHINE

The YSoft Payment Machine is designated for self-service depositing of credit to the YSoft Payment System
by using banknotes and coins. The deposit is done via direct interaction between YSoft Payment system
and the YSoft Payment Machine.
The YSoft Payment Machine is significantly modernized YSoft SafeQ Recharging Station (RCSv2).
YSoft SafeQ 5 3183

February 03, 2016
Find user by card ID or PIN

Recharge users account
Door opening sensor & alarm
Power backup for better security
Receipt printer (optional)
Improved banknote acceptor
Notes:
Supported currencies – see List of Supported Currencies

Card reader is configured by production
Currency acceptor is configured by production, but could be reconfigured from SW in certain cases.
Dimensions: 48x48x20 cm
Weight: 18kg
Mounting: wall-mounted, drilling necessary, template included
Operating conditions equals to specification for YSoft SafeQ HW Terminals (HW ver 3.5.x)
Requires online connection to YSoft SafeQ server
YSOFT SAFEQ RECHARGING STATION V2 (RCS V2)

The YSoft SafeQ Recharging Station v2 (RCS v2) is designated for self-service depositing of credit for the
YSoft Payment System credit system by using banknotes and coins. The depositing proceeds by direct
interaction between YSoft Payment System and the RCSv2.
For more information about supported hardware see: Product Lifecycle Information
YSoft SafeQ 5 3184

February 03, 2016
Find user by card ID or PIN

Recharge users account
Email alerts to administrator on defined value in the machine
Notes:
Supported currencies – see List of Supported Currencies

Card reader and currency acceptor is configured by production
Dimensions: 48x48x20 cm
Weight: cca. 19 kg
Mounting: wall-mounted, drilling necessary, template included
Operating conditions equals to specification for YSoft SafeQ HW Terminals (HW ver 3.3.x - 3.4.x)
Requires online connection to YSoft Payment System server.
LIST OF SUPPORTED CURRENCIES
Legend
YSoft Payment Machine
Self-Service Recharging Station v2
LEGEND
Supported
Not supported
This is a limitation by our supplier. Date tells the last check of availability. Some currencies may have
become possible ( ) since then.
Support is possible
Currency could be supported but without 100% guarantee. Currency could be supported by SPM firmware,
however Y Soft cannot guarantee 100% functionality without tests with real currency of respective type.
YSoft SafeQ 5 3185

February 03, 2016
YSOFT PAYMENT MACHINE
Region Country Coins Bills/Notes
Europe & Bahrain BHD

Middle East
Bosnia and Herzegovina BAM
Bulgaria BGN
Croatia HRK
Czech Rep. CZK
Denmark DKK
European Union EUR
Georgia GEL
Great Britain GBP
Hungary HUF
Israel ILS
Kuwait KWD 30.4.2014
Norway NOK
Oman OMR 17.3.2015
Poland PLN
Qatar QAR
Romania RON
Russia RUB
Saudi Arabia SAR
Sweden SEK
Switzerland CHF
UAE AED
North Canada CAD

America
USA USD
South Argentina ARS

America
Barbados BBD
YSoft SafeQ 5 3186

February 03, 2016
Region Country Coins Bills/Notes
Brazil BRL
Chile CLP
Colombia COP
Ecuador and USD
Mexico MXN
Panama PAB 30.4.2014
Peru PEN
Venezuela VEF
Africa Morocco MAD
South Africa ZAR
Asia & Pacific Australia AUD
China CNY
India INR
Indonesia IDR 30.4.2014
Japan JPY
Kazakhstan KZT
Korea KRW
Malaysia MYR
Moldova MDL 30.4.2014
New Zealand NZD
Singapore SGD
Taiwan TWD
Thailand THB
Turkey TRY
Ukraine UAH
Support of unlisted currencies
YSoft SafeQ 5 3187

February 03, 2016
Currencies not listed in the table can be checked by R&D upon request. Their availability will be
added once we have more information.
SELF-SERVICE RECHARGING STATION V2
Region Country RCS v2 RCS v2 Bills

Coins /Notes
Europe & Czech Rep. CZK

Middle East
European Union
EUR
Great Britain GBP
Hungary HUF
Israel ILS
Poland PLN
Romania RON
North Canada CAD

America
USA USD
Asia Kazakhstan KZT
Support of unlisted currencies
RCS v2 is in maintained mode. No additional currencies can be supported.
RCS V2 CURRENCY TESTING REPORTS
NOTES
YSoft SafeQ Recharging Station v2 (RCS v2) could have one of three notes acceptors: GBA HR1, GBA
HR1+ and GBA ST2.
CAD - CANADIAN DOLLAR
Banknotes
Device type GBA ST2
Device firmware S02N0454-502
Supported items: value 5(2002), 5(2006), 10(2001), 10(2005), 20(2004), 20

(revision) (2012)
YSoft SafeQ 5 3188

February 03, 2016
Pieces Value Revision Result Date
3 5 2006, pr OK 23.5.2013
2008
1 10 2005, pr OK 23.5.2013
2007
1 20 2004, pr OK 23.5.2013
2006
1 50 2004, pr Not 23.5.2013

2006 supported
1 100 2004, pr Not 23.5.2013

2003 supported
Device type GBA ST2
Supported items: value 5(2002), 5(2006), 5(2013), 10(2001), 10(2005), 10(2013), 20(2004), 20
(revision) (2012)
3 5 2006, pr OK 19.8.2014
2008
1 10 2005, pr OK 19.8.2014
2007
1 20 2004, pr OK 19.8.2014
2006
1 50 2004, pr Not supported - OK 19.8.2014

2006 rejected
1 100 2004, pr Not supported - OK 19.8.2014

2003 rejected
CZK - CZECH KORUNA
Banknotes
Device type GBA HR1
Device firmware G58N0280-202
Supported items: value 100, 200, 500(old), 500(2009), 1000(1996), 1000(2008), 2000(1996), 2000
(revision) (1999), 2000(2007), 5000
YSoft SafeQ 5 3189

February 03, 2016
3 50 1993 Withdrawn - OK rejected 23.5.2013
2 100 1997 OK 23.5.2013
2 200 1993 Withdrawn - Fail, normally 23.5.2013

accepted
2 200 1998 OK 23.5.2013
2 500 1997 OK 23.5.2013
1 500 2009 OK 23.5.2013
2 1000 1996 OK 23.5.2013
Device type GBA ST2
Device firmware N58N0454-105
Supported items: value 100, 200, 500(old), 500(2009), 1000(1996), 1000(2008), 2000(1996), 2000
(revision) (2007), 5000
2 100 1997 OK 23.5.2013

accepted
2 200 1998 OK 23.5.2013
2 500 1997 OK 23.5.2013
1 500 2009 OK 23.5.2013
2 1000 1996 OK 23.5.2013
YSoft SafeQ 5 3190

February 03, 2016
Device type GBA ST2
Supported items: value 100(1995), 200(1996), 500(1995), 500(2009), 1000(1996), 1000(2008), 2000
(revision) (1996), 2000(2007), 5000(1999)
1 100 1997 OK 19.8.2014

accepted
1 200 1998 OK 19.8.2014
1 500 1997 OK 19.8.2014
1 500 2009 OK 19.8.2014
1 1000 1996 OK 19.8.2014
EUR - EURO
Banknotes
Device type GBA HR1
(revision) (2002)
2 5 2002 1pcs OK; 1 pcs has medium errors in orientation A, rest 23.5.2013
OK
2 5 2013 OK 7.6.2013
2 10 2002 1pcs OK; 1 pcs has medium errors in orientation C, rest 23.5.2013
OK
2 20 2002 OK 23.5.2013
2 50 2002 1pcs OK; 1 pcs has medium errors in all orientations 23.5.2013
YSoft SafeQ 5 3191

February 03, 2016
Device type GBA ST2
Supported items: value 5(2002), 5(2013), 10(2002), 20(2002), 50(2002), 100(2002), 200(2002),
(revision) 500(2002)
2 5 2002 OK 23.5.2013
2 5 2013 OK 7.6.2013
2 10 2002 OK 23.5.2013
2 20 2002 OK 23.5.2013
2 50 2002 1pcs OK; 1 pcs has few errors in all orientation C, rest 23.5.2013
OK
Device type GBA ST2
(revision) (2002), 500(2002)
1 5 2002 OK 19.8.2014
3 5 2013 OK 19.8.2014
1 10 2002 OK 19.8.2014
1 20 2002 OK 19.8.2014
1 50 2002 OK 19.8.2014
GBP - POUND STERLING
Banknotes
Device type GBA HR1
Device firmware G070280-

186
Supported items: value 5, 10, 20

(revision)
YSoft SafeQ 5 3192

February 03, 2016
1 5 2002 OK 23.5.2013
1 10 2000 OK 23.5.2013
1 20 2006 OK 23.5.2013
1 50 1994 Not tested - too 23.5.2013

wide
Device type GBA ST2
Supported items: value 5(2002), 10(2000), 20(2007), 50(1994), 50

(revision) (2010)
1 5 2002 OK 23.5.2013
1 10 2000 OK 23.5.2013
1 20 2006 OK 23.5.2013
1 50 1994 Not tested - too 23.5.2013

wide
Device type GBA ST2
Supported items: value 5(2002), 10(2000), 20(2007), 50

(revision) (2010)
1 5 2002 OK 19.8.2014
1 10 2000 OK 19.8.2014
1 20 2006 OK 19.8.2014
1 50 1994 Not tested - too 19.8.2014

wide
HUF - HUNGARIAN FORINT
Banknotes
Device type GBA HR1
YSoft SafeQ 5 3193

February 03, 2016
Device firmware G53C0280-200
Supported items: value 200(old), 500(old), 500(2009), 1000(old), 1000(2009), 2000(old), 2000(2009),
(revision) 5000(old), 5000(2009), 10000(old), 10000(2009), 20000(old), 20000(2009)

accepted
1 500 2003 OK 23.5.2013
1 500 2006 OK 23.5.2013
1 1000 2006 OK 23.5.2013
2 2000 2004 OK 23.5.2013
1 5000 2005 OK 23.5.2013
1 5000 2006 OK 23.5.2013
Device type GBA ST2
(revision) (2007), 5000(1998), 5000(2008), 10000(1997), 10000(2008), 20000(1999),
20000(2009)
1 200 2002 Withdrawn - OK 23.5.2013

rejected
1 200 2005 Withdrawn - OK 23.5.2013

rejected
1 500 2003 OK 23.5.2013
1 500 2006 OK 23.5.2013
1 1000 1998 Withdrawn - OK 23.5.2013

rejected
1 1000 2006 OK 23.5.2013
2 2000 2004 OK 23.5.2013
YSoft SafeQ 5 3194

February 03, 2016
1 5000 2005 OK 23.5.2013
1 5000 2006 OK 23.5.2013
Device type GBA ST2
(revision) (2007), 5000(1998), 5000(2008), 10000(1997), 10000(2008), 20000(1999),
20000(2009)
1 200 2002 Withdrawn - OK 19.8.2014

rejected
1 200 2005 Withdrawn - OK 19.8.2014

rejected
1 500 2003 OK 19.8.2014
1 500 2006 OK 19.8.2014
1 1000 1998 Withdrawn - OK 19.8.2014

rejected
1 1000 2006 OK 19.8.2014
2 2000 2004 OK 19.8.2014
1 5000 2005 OK 19.8.2014
1 5000 2006 OK 19.8.2014
ILS - ISRAELI NEW SHEKEL
Banknotes
Device type GBA ST2
Supported items: value 20(2008), 50, 100,

(revision) 200
1 20 2008 OK 23.5.2013
1 50 2007 OK 23.5.2013
YSoft SafeQ 5 3195

February 03, 2016
1 100 2007 OK 23.5.2013
1 200 2006 OK 23.5.2013
Device type GBA ST2

(revision) (1999)
1 20 2008 OK 19.8.2014
1 50 2007 OK 19.8.2014
1 100 2007 OK 19.8.2014
1 200 2006 OK 19.8.2014
PLN - POLISH ZOTY
Banknotes
Device type GBA HR1
Supported items: value 10, 20, 50, 100,

(revision) 200
2 10 1994 OK 23.5.2013
2 20 1994 OK 23.5.2013
2 50 1994 OK 23.5.2013
2 100 1994 OK 23.5.2013
Device type GBA ST2

(revision) (1994)
YSoft SafeQ 5 3196

February 03, 2016
2 10 1994 OK 23.5.2013
2 20 1994 OK 23.5.2013
2 50 1994 OK 23.5.2013
2 100 1994 OK 23.5.2013
Device type GBA ST2
(revision) (2012), 200(1994)
1 10 1994 OK 19.8.2014
1 20 1994 OK 19.8.2014
1 50 1994 OK 19.8.2014
1 100 1994 OK 19.8.2014
RON - ROMANIAN NEW LEU
Banknotes
Device type GBA HR1
Supported items: value 1, 5, 10(old), 10(2009), 50, 100(2005), 200,

(revision) 500
2 1 2005 OK 23.5.2013
2 5 2005 OK 23.5.2013
2 10 2005 OK 23.5.2013
2 50 2005 OK 23.5.2013
2 100 2005 OK 23.5.2013
Device type GBA ST2
YSoft SafeQ 5 3197

February 03, 2016
Supported items: value 1, 5, 10(2005), 10(2008), 50, 100, 200,

(revision) 500
2 1 2005 OK 23.5.2013
2 5 2005 OK 23.5.2013
2 10 2005 OK 23.5.2013
2 50 2005 OK 23.5.2013
2 100 2005 OK 23.5.2013
Device type GBA ST2
Supported items: value 1(2005), 5(2005), 10(2005), 10(2008), 50(2005), 100(2005), 200(2006),
(revision) 500(2005)
1 1 2005 OK 19.8.2014
1 5 2005 OK 19.8.2014
1 10 2005 OK 19.8.2014
1 50 2005 OK 19.8.2014
1 100 2005 OK 19.8.2014
SAR - SAUDI RIYAL
Banknotes
Device type GBA ST2
Supported items: value 1(old), 1(2007), 5(2003), 5(2007-9), 10(2003), 10(2007-

(revision) 9)
2 1 4th OK 23.5.2013
series
2 1 2007 OK 23.5.2013
2 5 OK 23.5.2013
YSoft SafeQ 5 3198

February 03, 2016
4th
series
2 5 2007 OK 23.5.2013
2 10 4th OK 23.5.2013
series
2 10 2007 OK 23.5.2013
Device type GBA ST2
Supported items: value 1(old), 1(2007), 5(2003), 5(2007-9), 10(2003), 10(2007-

(revision) 9)
1 1 4th series OK 19.8.2014
1 1 2007 OK 19.8.2014
1 5 4th series OK 19.8.2014
1 5 2007 OK 19.8.2014
1 10 4th series OK 19.8.2014
1 10 2007 OK 19.8.2014
1 20 special Not supported - OK 19.8.2014

series rejected
1 50 4th series Not supported - OK 19.8.2014

rejected
1 50 2007 Not supported - OK 19.8.2014

rejected
USD - UNITED STATES DOLLAR
Banknotes
Device type GBA HR1
Device firmware G01C0280-199
Supported items: value 1, 2, 5(1986), 5(old), 5(new), 10(old), 10(new), 10(2004), 20(old), 20(new), 20
(revision) (2004), 50(old), 50(new), 50(2004), 100(old), 100(new)
YSoft SafeQ 5 3199

February 03, 2016
2 1 2006 OK 23.5.2013
1 5 2006 OK 23.5.2013
1 10 2006 OK 23.5.2013
1 20 2004 OK 23.5.2013
1 20 2006 OK 23.5.2013
1 50 2006 OK 23.5.2013
1 100 2006 OK 23.5.2013
Device type GBA ST2
Device firmware N01C0454-102
Supported items: value 1, 2, 5(1999), 5(2006), 10(1996), 10(2004), 20(1996), 20(2004), 50(1996), 50
(revision) (2004), 100(1996)
2 1 2006 OK 23.5.2013
1 5 2006 OK 23.5.2013
1 10 2006 OK 23.5.2013
1 20 2004 OK 23.5.2013
1 20 2006 Medium errors in orientation A and C, rest 23.5.2013

OK
1 50 2006 OK 23.5.2013
1 100 2006 OK 23.5.2013
Device type GBA ST2
Supported items: value 1(1963), 2(1976), 5(1999), 5(2006), 10(1999), 10(2004), 20(1996), 20(2004),
(revision) 50(1996), 50(2004), 100(1996), 100(2013)
2 1 2006 OK 19.8.2014
1 5 2006 OK 19.8.2014
YSoft SafeQ 5 3200

February 03, 2016
1 10 2006 OK 19.8.2014
1 20 2004 OK 19.8.2014
1 20 2006 OK 19.8.2014
1 50 2006 OK 19.8.2014
1 100 2006 OK 19.8.2014
SPM CURRENCY TESTING REPORTS
BHD - BAHRAINI DINAR
Coins
Device type CPS v2 Colibri
Device firmware BHD, Sw: 412-005
Supported items: value 0.010(B), 0.025(B), 0.050(B), 0.100(B), 0.500

(revision) (A)
2 0.050 2007, OK 25.6.2014

2010
2 0.100 2000, OK 25.6.2014

2010
Banknotes
Device type JCM UBA-10
Device firmware 1.77-18 (20.10.2008) U10BHR0317718.bin
Supported items: value 0.5(97), 0.5(08), 1(93), 1(08), 5(98), 5(08), 10(98), 10(new), 20(01), 20
(revision) (new)
2 0.5 2008 OK 25.6.2014
2 1 2008 OK 25.6.2014
1 5 2008 Mostly rejected in orientation A, C and D, rest 25.6.2014

(xxx133) OK
1 5 2008 OK 25.6.2014
(xxx393)
YSoft SafeQ 5 3201

February 03, 2016
2 10 2008 OK 25.6.2014
2 20 2008 OK 25.6.2014
BGN - BULGARIAN LEV
Banknotes
Device firmware 2.06-40 (8.5.2012) U10BGRSS0320640.bin
Supported items: value 2(99), 5(99), 5(09), 10(99), 10(08), 20(99), 20(07), 50(99), 50(06), 100
(revision) (03)
2 2 2005 OK 26.4.2013
2 5 2009 OK 26.4.2013
2 10 2008 OK 26.4.2013
2 20 2007 OK 26.4.2013
HRK - CROATIAN KUNA
Coins
Device type NRI G13.mft
Device firmware HRK, Sw: 12.03
Supported items: value 0.05(A), 0.10(A), 0.20(A), 0.50(A), 1(A), 2(A), 5

(revision) (A)
2 0.01 2001, OK rejected 17.6.2014

2007 (unsupported)
2 0.02 2004, OK rejected 17.6.2014

2005 (unsupported)
2 0.05 2012, OK 17.6.2014

2013
2 0.10 2000, OK 17.6.2014

2013
2 0.20 2007,2009 OK 17.6.2014
2 0.50 OK 17.6.2014
YSoft SafeQ 5 3202

February 03, 2016
1993,
2007
2 1 1995, OK 17.6.2014
1999
2 2 2003, OK 17.6.2014
2011
2 5 1996, OK 17.6.2014
2009
Banknotes
Device firmware 2.50-50 (3.7.2013) U10HRVSS0325050.bin
(revision) (93)
2 10 2012 OK 11.6.2014
2 20 2012 OK 11.6.2014
2 50 2002 OK 11.6.2014
1 100 2002 OK 11.6.2014
1 100 2012 OK 11.6.2014
2 200 2002 OK 11.6.2014
2 500 1993 OK 11.6.2014
2 1000 1993 OK 11.6.2014
CZK - CZECH CROWN
Coins
Device firmware CZK + EUR (bank0, bank1), Sw: 412-054
Supported items: value 1(A, a), 2(A, a), 5(A, a), 10(A, a), 20(A, a), 50(A, a)
(revision)
Notes We recommend to disable wide channel for CZK20 (channel no. 5 on coinslot
or "CZK 20.00 A" in configuration) to reject foreign coins. CZK20 coins will be
accepted through narrow channel.
YSoft SafeQ 5 3203

February 03, 2016
1 1 2001 OK 6.8.2013
1 2 1997 OK 6.8.2013
1 5 2002 OK 6.8.2013
1 10 2003 OK 6.8.2013
1 20 2002 OK 6.8.2013
1 50 1993 OK 6.8.2013
16 GBP 1989, 1993, 2000, 2001, 2002, 2003, OK rejected with disabled wide 6.8.2013
0.02 2006, 2007, 2009, 2010, 2011 channel 5
Fail, less then 10% accept ratio

when all channels enabled
5 GBP 1994, 2001, 2003, 2009 OK rejected with disabled wide 6.8.2013
0.02 channel 5
Fail, about 10% to 40% accept

ratio when all channels enabled
1 GBP 2008 OK rejected with disabled wide 6.8.2013

0.02 channel 5
Fail, about 80% accept ratio when

all channels enabled
EUR - EURO
Coins
Device firmware CZK + EUR (bank0, bank1), Sw: 412-054
Supported items: value 0.05(A), 0.10(A), 0.20(A), 0.50(A), 1(A), 2

(revision) (A)
3 0.01 2002, 2003, OK rejected 6.8.2013

2004 (unsupported)
3 0.02 2002 OK rejected 6.8.2013

(unsupported)
3 0.05 2002 OK 6.8.2013
2 0.10 2002 OK 6.8.2013
YSoft SafeQ 5 3204

February 03, 2016
1 0.20 2000 OK 6.8.2013
1 0.20 2001 OK 6.8.2013
1 0.20 2002 OK 6.8.2013
1 0.50 2000 OK 6.8.2013
1 0.50 2002 OK 6.8.2013
2 1 2002 OK 6.8.2013
2 2 2002 OK 6.8.2013
Banknotes
Device firmware 2.60-49 (21.5.2013) U10EUR5SS0326049.bin
(revision) (02)
1 5 2002 OK 7.6.2013
2 5 2013 OK 7.6.2013
1 10 2002 OK 7.6.2013
1 20 2002 OK 7.6.2013
1 50 2002 OK 7.6.2013
Device firmware 2.70-50 (19.3.2014) U10EUR5SS0327050.bin
Supported items: value 5(02), 5(13), 10(02), 10(14), 20(02), 50(02), 100(02), 200(02), 500
(revision) (02)
1 5 2002 OK 17.10.2014
3 5 2013 OK 17.10.2014
1 10 2002 OK 17.10.2014
2 10 2014 OK 17.10.2014
YSoft SafeQ 5 3205

February 03, 2016
1 20 2002 OK 17.10.2014
1 50 2002 OK 17.10.2014
AED - UNITED ARAB EMIRATES DIRHAM
Coins
Device firmware AED, Sw: 412-004
Supported items: value 0.25(A, 2 revs), 0.50(A, 3 revs), 1(A, 3 revs)

(revision)
Notes We recommend to disable wide channel for 1N (channel no. 7) to reject foreign
coins. 1N coins will be accepted through narrow channel (no. 12).
2 0.50 2007 OK 30.7.2013
7 1 2007 OK 30.7.2013
3 1 2012 OK 30.7.2013
1 AUD 1992 OK rejected 30.7.2013

0.10
1 PHP 1 2003 OK rejected with disabled wide channel 7 30.7.2013
Fail, about 50% accept ratio as AED1 when all channels

enabled
Banknotes
Device firmware 2.51-49 (30.4.2013) U10ARE2SS0325149.bin
Supported items: value 5(93-95), 5(00-01), 10(93-95), 10(98,01), 10(09), 20(97, 00), 20(09), 50(95-
(revision) 96), 50(98), 50(04-11), 100(93-95), 100(98), 100(03-06), 100(08), 100(12), 200
(89), 200(04), 200(08), 500(96), 500(98-00), 500(04), 500(06-08), 500(11),
1000(98-00), 1000(06), 1000(08), 1000(12)
Notes The width of 5 Dirhams notes is out of specification for the acceptor, so the
usage is only at own risk. Y Soft recommend to disable acceptance of it and
will not be responsible for any damages caused by this denomination.
YSoft SafeQ 5 3206

February 03, 2016
2 5 2009 OK, but see note 4.6.2013

above
2 10 2009 OK 4.6.2013
2 20 2009 OK 4.6.2013
1 50 2008 OK 4.6.2013
1 50 2011 OK 4.6.2013
2 100 2008 OK 4.6.2013
2 200 2008 OK 4.6.2013
ECUADOR AND USD - ECUADOR AND USA
Coins
Device firmware EC + USD, Sw: 412-005
Supported items: value US: 0.01(B), 0.05(A), 0.10(A), 0.25(A), 0.50(A), 1(A) EC: 0.05(B), 0.10(B),
(revision) 0.25(A), 0.50(B)
9 US 1982, 1985, 1988, 1989, 1990, 2001, 2005, OK 12.5.2014

0.01 2007
4 US 1960, 1979, 1988, 2005 OK 12.5.2014

0.05
12 US 1988, 1997, 1998, 2000, 2001, 2005, 2006, OK 12.5.2014

0.10 2008
11 US 1965, 1967, 1989, 1997, 2000, 2003, 2004 OK 12.5.2014

0.25
2 EC 2000 OK reported as USD 12.5.2014

0.05 0.05

0.10 0.10

0.25 0.25

0.50 0.50
YSoft SafeQ 5 3207

February 03, 2016
ZAR - SOUTH AFRICAN RAND
Coins
Device firmware ZAR, Sw: 12.03
Supported items: value 0.10(A), 0.20(A), 0.50(A), 1(A), 2(A), 5

(revision) (A)
1 0.50 1996 OK 10.6.2014
1 0.50 2003 OK 10.6.2014
1 1 1993 OK 10.6.2014
1 1 2011 OK 10.6.2014
1 2 1991 OK 10.6.2014
1 2 1995 OK 10.6.2014
1 5 2010 OK 10.6.2014
1 5 2011 OK 10.6.2014
Banknotes
Device firmware 2.50-49 (19.4.2013) U10ZAFSS0325049.bin
Supported items: value 10(93), 10(05), 10(12), 20(93), 20(05), 20(12), 50(92), 50(05), 50(12), 100(94),
(revision) 100(05), 100(12), 200(05), 200(12)
2 10 5th issue 2012 OK 10.6.2014
1 20 5th issue 2012 (EBxxxxxxx Fail, mostly rejected in all orientations 10.6.2014
B)
1 20 5th issue 2012 OK 10.6.2014

(CExxxxxxx B)
1 50 5th issue 2012 Sometimes rejected in orientation A and B, 10.6.2014

(AGxxxxxxx C) rest OK
1 50 5th issue 2012 OK 10.6.2014

(DQxxxxxxx C)
1 100 4th issue 2005 OK 10.6.2014
YSoft SafeQ 5 3208

February 03, 2016
1 100 5th issue 2012 OK 10.6.2014
1 200 4th issue 2005 OK 10.6.2014
1 200 5th issue 2012 OK 10.6.2014
AUD - AUSTRALIAN DOLLAR
Coins
Device firmware AUD, Sw: 412-054
Supported items: value 0.05(A), 0.10(A), 0.20(A), 0.50(A), 1(A), 2

(revision) (A)
1 0.05 2000 OK 26.3.2014
1 0.05 2008 OK 26.3.2014
1 0.10 1984 OK 26.3.2014
1 0.10 1992 OK 26.3.2014
1 0.10 2010 OK 26.3.2014
1 0.20 2008 OK 26.3.2014
1 0.20 2009 OK 26.3.2014
1 0.50 1995 OK 26.3.2014
1 0.50 2002 OK 26.3.2014
1 1 1994 OK 26.3.2014
1 1 2000 OK 26.3.2014
1 2 2006 OK 26.3.2014
1 2 2008 OK 26.3.2014
1 PHP 2003 Fail, accepted as AUD 0.10. The only possible solution is to 26.3.2014
1 disable the acceptance of AUD 0.10.
1 PKR 2004 OK rejected 26.3.2014

5
1 PKR 2006 OK rejected 26.3.2014

5
YSoft SafeQ 5 3209

February 03, 2016
Banknotes
Device firmware 1.78-17 (24.9.2008) U10AUS0317817.bin
Supported items: value 5(95), 5(01), 10(93), 20(94), 50(95), 100

(revision) (96)
2 5 Current OK 6.2.2014
polymer
2 10 Current OK 6.2.2014
polymer
2 20 Current OK 6.2.2014
polymer
2 50 Current OK 6.2.2014
polymer
1 100 Current OK 6.2.2014

polymer
MYR - MALAYSIAN RINGGIT
Banknotes
Device firmware 2.30-44 (16.10.2012) U10MYS1SS0323044.bin
Supported items: value 1(00), 1(12), 2(96), 5(99), 5(04), 5(12), 10(98), 10(03), 10(12), 20(12), 50(98),
(revision) 50(07), 100(98), 100(12)
1 1 old OK 26.4.2013
1 1 4th series OK 26.4.2013

polymer
1 5 4th series OK 26.4.2013

polymer
1 10 4th series OK 26.4.2013
1 10 with lead OK 26.4.2013
1 20 4th series OK 26.4.2013
1 50 3rd series 26.4.2013
YSoft SafeQ 5 3210

February 03, 2016
Few errors in orientation B, rest

OK
1 100 old OK 26.4.2013
1 100 4th series OK 26.4.2013
Device firmware 2.51-50 (20.12.2013) UBA10MYS1SS0325150.bin
Supported items: value 1(00), 1(12), 2(96), 5(99), 5(04), 5(12), 10(98), 10(03), 10(12), 20(12), 50(98),
(revision) 50(07), 100(98), 100(12)
1 1 old OK 17.10.2014
1 10 4th series OK 17.10.2014
2 50 4th series OK 17.10.2014

2009
1 100 old OK 17.10.2014
SGD - SINGAPORE DOLLAR
Banknotes
Device firmware 2.05-24 (4.5.2011) U10SGP0320524.bin
Supported items: value 2(99), 2(05), 2(06), 5(99), 5(99), 5(07), 10(99), 10(04), 50(99), 50(99,04), 50
(revision) (99), 50(99), 100(99), 1000(99)
2 2 4th series 24.5.2013

polymer
2 5 4th series 24.5.2013

polymer
2 10 4th series 24.5.2013

polymer
1 50 4th series 24.5.2013
TWD - NEW TAIWAN DOLLAR
Coins
YSoft SafeQ 5 3211

February 03, 2016
Device firmware TWD, Sw: 12.03
Supported items: value 1(A), 5(A), 10(A), 20(A), 50(B), 50

(revision) (C)
2 1 N/A OK 26.4.2013
1 5 N/A OK 26.4.2013
3 10 N/A OK 26.4.2013
Banknotes
Device firmware 2.07-40 (5.4.2012) U10TWNSS0320740.

bin
Supported items: value 100(01), 200(02), 500, 1000, 2000(02)

(revision)
2 100 2001 OK 26.4.2013
2 1000 2005 OK 26.4.2013
YSoft SafeQ 5 3212

February 03, 2016
VOUCHERS
DESCRIPTION
Vouchers represent an alternative way of recharging money accounts in YSoft Payment System. It
allows admin to define offline codes that represent certain amount of money, distribute these codes
offline and recharge specified amount of money to user that redeems the code.
Code can be redeemed on self-service page or using cash desk.
6.6.5 ADMINISTRATION ENVIRONMENT
Vouchers can be administered via tab "Vouchers" in administrative environment. It is possible to do

following actions here:
search in list of existing vouchers

it is possible to filter by: (part of) specific code, amount of money, expiration date and
status (default status is NEW)
it is possible to sort by: specific code, amount of money, status, redemption date,
expiration date and redemption account
removed vouchers are not displayed
remove selected vouchers
generate new vouchers
import new vouchers
export vouchers
YSoft SafeQ 5 3213

February 03, 2016
GENERATE NEW VOUCHERS
New vouchers can be generated via functionality "Generate Vouchers" accessible from "Vouchers" tab.
System will ask to fill in the following information
number of vouchers - mandatory field, defines number of vouchers created in one batch. The
maximum number is 10.000.
voucher amount - mandatory field, defines amount of money in used currency that will be
assigned to vouchers. Minimal value is 0.0001 and maximum value is 1.000.000.000.
expiration date - optional field, defines date when voucher is automatically disabled for security
reasons.
YSoft SafeQ 5 3214

February 03, 2016
VOUCHERS TO TEMPLATE
New vouchers can be exported into Microsoft Word template using functionality "Vouchers to template"
accessible from "Vouchers" tab.
Example of Microsoft Word template: Vouchers_mass_print.docx
IMPORT VOUCHERS
New vouchers can be imported from CSV file via functionality "Import Vouchers" accessible from
"Vouchers" tab.
System will ask to select file containing definitions of new vouchers. The format of file requires
following information:
first column = code. Mandatory value containing unique voucher codes.

second column = amount. Mandatory value containing amounts of money that are to be
assigned to vouchers. Minimal value is 0.0001 and maximum value is 1.000.000.000.
third column = expiration date. Optional value defining when voucher is about to expire. It must
contain future date in format yyyy-mm-dd.
YSoft SafeQ 5 3215

February 03, 2016
EXPORT VOUCHERS
Vouchers can be exported to CSV file via functionality "Export Vouchers" accessible from "Vouchers"
tab.
System will allow to choose:
type of vouchers to export. This can be:

New vouchers - vouchers that were created after selected date
Changed vouchers - vouchers that were changed (redeemed, expired or removed) after
selected date
whether to include headers which describe columns in the CSV file
date after which were the vouchers created or changed
YSoft SafeQ 5 3216

February 03, 2016
6.6.6 VOUCHER REDEMPTION
Vouchers can be redeemed through Cash Desk application or through Self-service portal.
CASH DESK
Voucher redemption functionality can be accessed via "Redeem voucher" functionality on money
account page in Cash desk.
Voucher can be redeemed by entering valid voucher code in the provided field.
YSoft SafeQ 5 3217

February 03, 2016
SELF-SERVICE PORTAL
Voucher can be redeemed by entering valid code in self-service portal.
Self-service portal can be accessed via following links:
https://<YPS server>/payment-system/customer
https://<YPS server>/payment-system/customer/login
https://<YPS server>/payment-system/customer/voucher-redemption
6.6.7 LICENSING
Vouchers are a feature licensed together with YSoft Payment System.
DEPOSIT MONEY THROUGH PAYMENT GATEWAY
Steps to recharge user's account

PayPal payment gateway
DIBS payment gateway
YSoft SafeQ 5 3218

February 03, 2016
User's version of YSoft Payment System may contain more payment gateways where user can charge his
or her account. Two basic supported payment gateways are PayPal and DIBS.
STEPS TO RECHARGE USER'S ACCOUNT
1 Login to SafeQ as a user with YSoft Payment System accout.
2 Click link 'Deposit money' on your SafeQ dashboard widget "my credit". Go to new window with
payment gateway deposit. Fill 'Amount' and choose 'Payment gateway'.
3 Click the 'Proceed to payment gateway' button.
Depending on your country, you may be required to confirm 'Terms and conditions'.
4 You should be redirected to the selected payment gateway portal page.
PAYPAL PAYMENT GATEWAY
User, who chose PayPal payment gateway, is redirected to the PayPal portal login page.
YSoft SafeQ 5 3219

February 03, 2016
1 Log into the PayPal. You should be redirected to payment 'review' page.
2 Click 'Continue' button. You should be redirected back to YSoft Payment System result page.
YSoft SafeQ 5 3220

February 03, 2016
Click 'Finish' button. The window should close and balance on your account will increase by the given
amount.
DIBS PAYMENT GATEWAY
User, who chose DIBS payment gateway, is redirected to the DIBS portal page.
1 Fill in all mandatory information about your card. Click 'Validate payment' button. You should be
redirected to DIBS's payment result page.
YSoft SafeQ 5 3221

February 03, 2016
Click 'Next' button. You should be redirected back to YSoft Payment System result page.
3 Click 'Finish' button. The window should close and balance on your account will increase by the given
amount.
SUPPORTED PAYMENT GATEWAYS
Following Payment Gateways are supported for recharging of user money accounts. In case you are
already using other Payment Gateway or you seek alternative payment methods, contact us directly.
Name of Market Status Example of payment Website

Payment methods
Gateway
PayPal worldwide http://paypal.com/

Available PayPal account
YSoft SafeQ 5 3222

February 03, 2016
Name of Market Status Example of payment Website

Payment methods
Gateway
Credit card
DIBS Scandinavia http://www.dibspayment.com/

Available Credit card
And much more:
http://www.dibspayment.com
/solutions
Ingenico e- worldwide On http://payment-services.

Commerce request Credit card ingenico.com/int/en/online-
PayPal account payment-services-solutions/e-
(formerly Direct banking commerce/online-payments
known as iDEAL
Ogone e-
Commerce) And much more:
http://payment-services.
ingenico.com/~/media/files
/Ingenico-Acquirers-
Payment-Methods.ashx
CreditGuard Israel On http://www.creditguard.co.il/en/

request Credit cards
6.7 PAYMENT SYSTEM APIS
Audit YPS REST API

Cash Desk YPS REST API
Customer YPS REST API
Entitlement System YPS REST API
Entitlement YPS REST API
Micro Transaction YPS REST API
One Step Transaction YPS REST API
Open Transaction Administration YPS REST API
Payment Gateway YPS REST API
Payment System YPS REST API
Periodic Recharge Administration YPS REST API
Reservation YPS REST API
Transaction YPS REST API
Two Step Transaction YPS REST API
YSoft SafeQ 5 3223

February 03, 2016
Voucher YPS REST API
6.7.1 AUDIT YPS REST API
REST API for auditing.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
GET Retrieving all

/v2/audit
transaction
USAGE EXAMPLES
RETRIEVING ALL TRANSACTIONS

To retrieve a transaction log merchant sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/audit
Payment system responds with:
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"type" : "MONEY_TRANSFER",
"date" : "2014-09-20T21:14:53.855Z",
"amount" : 3.00,
"balanceChange" : -3.00,
"description" : "Payment for: candy bar",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/transacti
{ "rel" : "customer", "href" : "https://<host>:<port>/payment-system/api/v2/custo
{ "rel" : "refund", "href" : "https://<host>:<port>/payment-system/api/v2/transac
}, {
"type" : "TRANSACTION_SETTLEMENT",
"date" : "2014-09-26T10:20:58.481Z",
"amount" : 10.00,
"description" : "Printing: private-document.doc",
"links" : [
YSoft SafeQ 5 3224

February 03, 2016
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/transacti
{ "rel" : "refund", "href" : "https://<host>:<port>/payment-system/api/v2/transac
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/transaction/75d
{ "rel" : "1", "href" : "https://<host>:<port>/payment-system/api/v2/transaction/f20
]
}
FINDACCOUNTEVENTS
Method
GET
URL
/v2/audit
Required
[ROLE_API_ADMIN]
Privileges
List account events. The returned list is paged.
REQUEST ARGUMENTS
Name Data Type Required Description
customerGuid String No Globally unique identifier of the customer
merchantId Number No Payment System identifier of a merchant
type String No The type of event of interest. (One of

MONEY_TRANSFER, TRANSACTION_SETTLEMENT,
TRANSACTION_REFUND, DEBT_REGISTRATION,
DEBT_WRITE_OFF, RECHARGE_EVENT,
SPM_DEPOSIT_EVENT, CASH_DESK_DEPOSIT,
CASH_DESK_WITHDRAWAL,
PAYMENT_GATEWAY_DEPOSIT,
BALANCE_INCREASE, BALANCE_DECREASE,
VOUCHER_REDEMPTION)
fromDate String (ISO8601 No

formatted date)
toDate No
YSoft SafeQ 5 3225

February 03, 2016
String (ISO8601
formatted date)
fromAmount Decimal No
toAmount Decimal No
page Number No Page number

(default
1)
pageSize Number No Page size

(default
10)
RESPONSE BODY
{
"page" : <number>,
"pageSize" : <number>,
"totalCount" : <number>,
"results" : <array of objects>, // events
"links" : <array of links>
}
LINKS
Rel Meaning Present
nextPage link to the next page of results if not on the last

page
previousPage link to the previous page of if not on the first

results page
RESULT OBJECTS
{
"customerGuid" : <string>, // Globally unique identifier of the customer
"type" : <string>, // Type of the transaction. Possible values are MON
"date" : <string>, // ISO8601 formatted date, date when transaction ha
"description" : <string>, // A merchant provided description of the transacti
"transactionId" : <string>, // A merchant defined transaction id, Only for MONE
"amount" : <number>, // Transaction amount. A decimal number (the precis
YSoft SafeQ 5 3226

February 03, 2016
"refundedTransactionId" : <string>, // Id of transaction which was refunded by this tra
"refundedTransactionId" : <string>, // Id of transaction which was refunded by this tra
"tax" : <number>, // Value of tax for the transaction. Only for MONEY
"configuredAmount" : <number>, // Configured recharge value. A decimal number (the
"addedAmount" : <number>, // Recharged value. A decimal number (the precision
"strategy" : <string>, // Recharge strategy. Only for RECHARGE_EVENT
"rounding" : <number>, // Rounding during cash desk withdrawals. A decimal
"debtAmount" : <number>, // Transaction amount. A decimal number (the precis
"debtWriteOffAmount" : <number>, // Transaction amount. A decimal number (the precis
"initialBalance" : <number>, // Imported balance. A decimal number (the precisio

}
LINKS (RESULTS)
Rel Meaning Present
customer link to the customer always
cash- link to the cash desk through which the for types: CASH_DESK_DEPOSIT,
desk action was performed CASH_DESK_WITHDRAWAL
6.7.2 CASH DESK YPS REST API
REST API for programmatic cash desk manipulation
The cash desk API is intended to be used by 3rd party cash desk software and serves as a integration point
with Payment System.
Cash desk operators use this software to perform actions on cash desks. Each action performed must be
associated with a concrete operator. This means that the 3rd party cash desk software sends requests to
Payment System on behalf of the operator.
To identify the operator performing the action Payment System requires the 3rd party software to send a
special header named 'YPS-CASH-DESK-OPERATOR-GUID' to be sent with each request. Its value needs
to be set to the globally unique identifier of the operator who performs the action.
YSoft SafeQ 5 3227

February 03, 2016
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
GET Retrieving
/v2/cash-desk
list of
operator's
cash desks
GET Retrieving
/v2/cash-desk/{cashDeskId}
details
about 1
particular
cash desk
PUT Changing
cash desk
state
POST Depositing
/v2/cash-desk/{cashDeskId}/account-deposit
money into
customer's
personal
money
account
GET Viewing
/v2/cash-desk/{cashDeskId}/account-deposit/{depositId}
details
about a
cash desk
deposit
POST Withdrawing
/v2/cash-desk/{cashDeskId}/account-withdrawal
money from
customer's
personal
money
account
GET Viewing
/v2/cash-desk/{cashDeskId}/account-withdrawal/{withdrawalId}
details
about a
cash desk
withdrawal
POST Performing
/v2/cash-desk/{cashDeskId}/closure
a cash desk
closure
YSoft SafeQ 5 3228

February 03, 2016
Endpoint HTTP Usage

Method
GET View cash

/v2/cash-desk/closure/{closureId}
desk
closure
details
GET View
/v2/cash-desk/closure/{closureId}/operations
operations
that were
performed
during the
closure
interval
USAGE EXAMPLES
RETRIEVING A LIST OF OPERATOR'S CASH DESKS

To retrieve a list of operator's cash desks the client sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/cash-desk
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
If all preconditions are met (e.g. operator has cash desks assigned) payment system responds with:
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"name" : "Library",
"state" : "CLOSED",
"balance": 100.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk
{ "rel" : "account-deposit", "href" : "https://<host>:<port>/payment-system/api/v
{ "rel" : "account-withdrawal", "href" : "https://<host>:<port>/payment-system/ap
{ "rel" : "closure", "href" : "https://<host>:<port>/payment-system/api/v2/cash-d
}, {
YSoft SafeQ 5 3229

February 03, 2016
"name" : "COPY1",
"state" : "OPEN",
"balance": 500.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk
{ "rel" : "account-deposit", "href" : "https://<host>:<port>/payment-system/api/v
{ "rel" : "account-withdrawal", "href" : "https://<host>:<port>/payment-system/ap
{ "rel" : "closure", "href" : "https://<host>:<port>/payment-system/api/v2/cash-d
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/cashdesk/1" },
{ "rel" : "1", "href" : "https://<host>:<port>/payment-system/api/v2/cashdesk/3" }
]
}
Things to note:
the request is a HTTP GET

the amount in the response does not specify the currency, currency depends on payment system
configuration
the required request header specifies the globally unique identifier of the cash desk operator
RETRIEVING DETAILS ABOUT 1 PARTICULAR CASH DESK

To retrieve details about particular cash desk the client sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/cash-desk/1
If all preconditions are met (e.g. operator has the cash desk assigned) payment system responds with:
200 Ok
-- body --
{
"name" : "Library",
"state" : "CLOSED",
"balance": 500.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk/1"
{ "rel" : "account-deposit", "href" : "https://<host>:<port>/payment-system/api/v2/c
YSoft SafeQ 5 3230

February 03, 2016
{ "rel" : "account-withdrawal", "href" : "https://<host>:<port>/payment-system/api/v
{ "rel" : "closure", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk
Things to note:

configuration
CHANGING STATE OF CASH DESK

To change cash desk state the client sends the following request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/cash-desk/1
-- body --
{
"state": "OPEN"
}
If all preconditions are met (e.g. operator has cash desk assigned) payment system responds with:
200 Ok
Things to note:
the request is a HTTP PUT

DEPOSITING MONEY TO A CUSTOMER'S MONEY ACCOUNT

To deposit money to a Customer's Money Account through cash desk the client sends the following request
to payment system:
POST https://<host>:<port>/payment-system/api/v2/cash-desk/1/account-deposit
-- body --
{
customerGuid: "jdoe",
amount: 100.00
}
YSoft SafeQ 5 3231

February 03, 2016
201 Created
-- response headers --
Location = https://<host>:<port>/payment-system/api/v2/cash-desk/1/account-deposit/23
Things to note:
the request is a HTTP POST

the location response header contains the location of the newly created deposit
WITHDRAWING MONEY FROM A CUSTOMER'S MONEY ACCOUNT

To withdraw money from a customer's money account through cash desk the client sends the following
request to payment system:
POST https://<host>:<port>/payment-system/api/v2/cash-desk/1/account-withdrawal
-- body --
{
customerGuid: "jdoe",
amount: 100.00
}
201 Created
Location = https://<host>:<port>/payment-system/api/v2/cash-desk/1/account-withdrawal/24
Things to note:

the location response header contains the location of the newly created withdrawal
PERFORMING A CASH DESK CLOSURE

To perform a cash desk closure the client sends the following request to payment system:
POST https://<host>:<port>/payment-system/api/v2/cash-desk/1/closure
If all preconditions are met (e.g. operator has cash desk assigned) payment system performs the closure,
closes the cash desk and responds with:
201 Created
Location = https://<host>:<port>/payment-system/api/v2/cash-desk/closure/24
Things to note:
YSoft SafeQ 5 3232

February 03, 2016

the location response header contains the location of the newly created closure
the cash desk will be in state CLOSED
RETRIEVING CASH DESK CLOSURE DETAILS

To retrieve details about a cash desk closure the client sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/cash-desk/closure/24
200 Ok
-- body --
{
"fromDate" : "2014-07-03T14:12:45.023Z",
"toDate" : "2014-07-03T14:31:29.001Z",
"finalBalance" : 0.00,
"operator" : {
"name" : "John the Operator",
"guid" : "johnOp"
}
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk/1"
{ "rel" : "operations", "href" : "https://<host>:<port>/payment-system/api/v2/cash-d
]
}
Things to note:
RETRIEVING CASH DESK CLOSURE OPERATION DETAILS

To retrieve details about the operations performed on a cash desk during the closure interval the client
sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/cash-desk/closure/24/operations
200 Ok
-- body --
{
YSoft SafeQ 5 3233

February 03, 2016
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk/1/ac
{ "rel" : "1", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk/1/ac
],
"content" : [{
"type" : "CASH_DESK_DEPOSIT",
"amount" : 10.00,
"rounding" : null,
"date" : "2014-07-03T14:24:45.023Z",
"operator" : {
"guid" : "johnOp"
},
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-des
{ "rel" : "customer", "href" : "https://<host>:<port>/payment-system/api/v2/cust
]
}, {
"type" : "CASH_DESK_WITHDRAWAL",
"amount" : 10.00,
"rounding" : null,
"date" : "2014-07-03T14:30:40.209Z",
"operator" : {
"guid" : "johnOp"
},
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-des
]
}]
}
Things to note:

the content attribute of the response contains a list of all operation performed on the cash desk
during the closure interval
each operation has its type
YSoft SafeQ 5 3234

February 03, 2016
FINDCASHDESKS
Method
GET
URL
/v2/cash-desk
Required
[ROLE_API_CASHDESK]
Privileges
List all operator's cash desks. This list is paged.
REQUEST HEADERS
Name Data Required Description

Type
YPS-CASH-DESK- String Yes Globally unique identification of the cash desk operator
OPERATOR-GUID on behalf of whom this request is sent
REQUEST ARGUMENTS

Type
page Number No (default 1) Page

number
pageSize Number No (default Page size

10)
RESPONSE BODY
{
"page" : <number>,
"totalCount": <number>,
"results" : <array of objects>, // cash desks
}
LINKS
Rel Meaning Present
<number> link to each cash desk in the

results

page
YSoft SafeQ 5 3235

February 03, 2016
Rel Meaning Present
previousPage link to the previous page of results if not on the first

page
RESULTS
{
"name" : <string>, // cash desk name
"state" : <string>, // cash desk state (OPEN or CLOSED)
"balance" : <number> // current cash desk balance
}
LINKS (RESULTS)
Rel Meaning Present
self self reference always
account-deposit link to the endpoint used to perform account deposits using the cash desk always
account- link to the endpoint used to perform account withdrawals using the cash always
withdrawal desk
closure link to the endpoint used to perform a closure on the cash desk always
GETCASHDESK
Method
GET
URL
Required
[ROLE_API_CASHDESK]
Privileges
Get details of a single operator's cash desk.
REQUEST HEADERS

Type
RESPONSE BODY
{
"name" : <string>, // cash desk name
YSoft SafeQ 5 3236

February 03, 2016
"state" : <string>, // cash desk state (OPEN or CLOSED)

"balance": <number> // current cash desk balance
}
LINKS
Rel Meaning Present
account-deposit link to the endpoint used to perform account deposits using the cash desk always
account- link to the endpoint used to perform account withdrawals using the cash always
withdrawal desk
closure link to the endpoint used to perform a closure on the cash desk always
CHANGECASHDESKSTATE
Method
PUT
URL
Required
[ROLE_API_CASHDESK]
Privileges
Change a cash desk state (e.i. open or close a cash desk).
REQUEST HEADERS

Type
REQUEST BODY
{
"state" : <string> // requested cash desk state (OPEN or CLOSED)
}
YSoft SafeQ 5 3237

February 03, 2016
CREATEACCOUNTDEPOSIT
Method
POST
URL
/v2/cash-desk/{cashDeskId}/account-deposit
Required
[ROLE_API_CASHDESK]
Privileges
Deposits money to a customer's personal money account through a cash desk.
REQUEST HEADERS

Type
REQUEST BODY
{
"customerGuid" : <string>, // globally unique identifier of the customer
"amount" : <number> // a positive decimal number (the precision depends on payme
RESPONSE
When an HTTP CREATED status code is returned the response Location header points to the newly
created deposit.
GETACCOUNTDEPOSIT
Method
GET
URL
/v2/cash-desk/{cashDeskId}/account-deposit/{accountDepositId}
Required
[ROLE_API_CASHDESK]
Privileges
Get details of a cash desk deposit.
RESPONSE BODY
{
"date" : <string>, // ISO8601 formatted date
YSoft SafeQ 5 3238

February 03, 2016
"amount" : <number>, // a positive decimal number (the precision depends on paym
"balanceChange" : <number>, // a positive decimal number (the precision depends on paym
"operator" : <object>, // information about the operator who performed the operati

}
OPERATOR OBJECT
{
"name" : <string>, // first name and last name of the operator
"guid" : <string> // globally unique identifier of the operator
}
LINKS
Rel Meaning Present
cash- link to the cash desk through which the deposit was always
desk performed
customer link to the customer for whom the deposit was performed always
CREATEACCOUNTWITHDRAWAL
Method
POST
URL
/v2/cash-desk/{cashDeskId}/account-withdrawal
Required
[ROLE_API_CASHDESK]
Privileges
Withdraw money from a customer's personal money account through a cash desk.
REQUEST HEADERS

Type
REQUEST BODY
{
YSoft SafeQ 5 3239

February 03, 2016
"amount" : <number> // a positive decimal number (the precision depends on payme
RESPONSE
created withdrawal.
GETACCOUNTWITHDRAWAL
Method
GET
URL
/v2/cash-desk/{cashDeskId}/account-withdrawal/{accountWithdrawalId}
Required
[ROLE_API_CASHDESK]
Privileges
Get details of a cash desk withdrawal.
RESPONSE BODY
{
"amount" : <number>, // a positive decimal number (the precision depends on paym
"balanceChange" : <number>, // a negative decimal number (the precision depends on paym

}
OPERATOR OBJECT
{
}
LINKS
Rel Meaning Present
cash- link to the cash desk through which the withdrawal was always
desk performed
customer link to the customer for whom the withdrawal was performed always
YSoft SafeQ 5 3240

February 03, 2016
CREATECLOSURE
Method
POST
URL
/v2/cash-desk/{cashDeskId}/closure
Required
[ROLE_API_CASHDESK]
Privileges
Perform a cash desk closure
A cash desk closure is a report of all activity performed on the cash desk since the last closure.
REQUEST HEADERS

Type
RESPONSE
created closure.
GETCLOSURE
Method
GET
URL
/v2/cash-desk/closure/{closureId}
Required
[ROLE_API_CASHDESK]
Privileges
Get details about a cash desk closure.
RESPONSE BODY
{
"fromDate" : <string>, // ISO8601 formatted date
"toDate" : <string>, // ISO8601 formatted date
"finalBalance" : <number>, // a decimal number (the precision depends on payment syste
YSoft SafeQ 5 3241

February 03, 2016

}
OPERATOR OBJECT
{
}
LINKS
Rel Meaning Present
operations link to the operations performed during the closure always

interval
GETCLOSUREOPERATIONS
Method
GET
URL
/v2/cash-desk/closure/{closureId}/operations
Required
[ROLE_API_CASHDESK]
Privileges
List all operations performed during a closure.
RESPONSE BODY
{
"content" : <array of objects>, // cash desk operations
}
LINKS
Rel Meaning Present
<number> link to each cash desk deposit or withdrawal in the if the operation is a deposit or a
results withdrawal
CONTENT
{
"type" : <string>, // type of the operation. One of: "INITIAL_MONEY_BOX_DEPOSIT
YSoft SafeQ 5 3242

February 03, 2016
"amount" : <number>, // a decimal number (the precision depends on payment system
"rounding" : <number>, // a decimal number (the precision depends on payment system
"operator" : <object>, // information about the operator who performed the operatio

}
OPERATOR OBJECT
{
}
LINKS (CONTENTS)
Rel Meaning Present
customer link to the customer for whom the for operation types: CASH_DESK_DEPOSIT and
operation was performed for CASH_DESK_WITHDRAWAL
6.7.3 CUSTOMER YPS REST API
REST API for customer administration.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
GET Finding customers

/v2/customer
POST Creating a new

/v2/customer
customer
GET Retrieving customer

/v2/customer/{customerGuid}
information
PUT Updating customer

information
DELETE Deleting a customer

PUT
YSoft SafeQ 5 3243

February 03, 2016
Endpoint HTTP Usage

Method
/v2/customers Updating multiple

customers information
POST Increasing customer's

/v2/customer/{customerGuid}/virtual-balance-increase
virtual balance
POST Decreasing
/v2/customer/{customerGuid}/virtual-balance-decrease
customer's virtual
balance
PUT Set a customer's

/v2/customer/{customerGuid}/virtual-balance
virtual balance to a
concrete amount
USAGE EXAMPLES
FINDING CUSTOMERS
To find customers based on search criteria the administrator sends the following request to payment
system:
GET https://<host>:<port>/payment-system/api/v2/customer?state=ENABLED
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"name" : "John Doe",
"guid" : "jdoe",
"lookupKey" : "jdoe",
"state" : "ENABLED",
"personalBalance" : 100.00,
"availableBalance" : 110.00,
"paymentProviderAccountId" : "123xyz",
"virtualBalances" : {},
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/customer
{ "rel" : "history", "href" : "https://<host>:<port>/payment-system/api/v2/trans
}, {
"name" : "Jane Doe",
YSoft SafeQ 5 3244

February 03, 2016
"guid" : "jdoe2",
"lookupKey" : "jdoe2",
"virtualBalances" : {
"safeq" : 100
},
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/customer
{ "rel" : "history", "href" : "https://<host>:<port>/payment-system/api/v2/trans
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/customer/jdoe"
{ "rel" : "1", "href" : "https://<host>:<port>/payment-system/api/v2/customer/jdoe2"
]
}
Things to note:

personalBalance and availableBalance will be null in case external payment system provider is being
used due to performance reasons.
RETRIEVING CUSTOMER INFORMATION

To retrieve information about a customer the client sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/customer/123
If all preconditions are met payment system responds with:
200 Ok
-- body --
{
"name" : "John Doe",
"guid" : "jdoe",
"lookupKey" : "jdoe",
"links" : [
YSoft SafeQ 5 3245

February 03, 2016
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/customer/jdo
{ "rel" : "history", "href" : "https://<host>:<port>/payment-system/api/v2/transacti
{ "rel" : "reservations", "href" : "https://<host>:<port>/payment-system/api/v2/rese
{ "rel" : "increase-virtual-balance", "href" : "https://<host>:<port>/payment-system
{ "rel" : "decrease-virtual-balance", "href" : "https://<host>:<port>/payment-system
{ "rel" : "set-account-balance", "href" : "https://<host>:<port>/payment-system/api/
{ "rel" : "periodic-recharge.0", "href" : "https://<host>:<port>/payment-system/api/
]
}
Things to note:

the links for reservations, balance increase and decrease are only present if the client has sufficient
privileges
CREATING NEW CUSTOMERS

To create a new customer the administrator sends the following request to payment system:
POST https://<host>:<port>/payment-system/api/v2/customer
-- body --
{
"guid" : "dvader",
"name" : "Darth Vader",
"lookupKey" : "dvader,
"minimumBalance" : 0.00,
"state" : "ENABLED"
}
If the input is correct payment system creates a new customer and replies with:
201 Created
Location = https://<host>:<port>/payment-system/api/v2/customer/dvader
Things to note:

the client has to have sufficient privileges to perform this operation
the location response header contains the location of the newly created customer
YSoft SafeQ 5 3246

February 03, 2016
UPDATING A CUSTOMER
To update a customer the administrator sends the following request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/customer/dvader
-- body --
{
"minimumBalance" : -10.00,
"state" : "DISABLED"
}
If the input is correct payment system updates the customer and replies with:
200 Ok
Things to note:

DELETING A CUSTOMER
To delete a customer the administrator sends the following request to payment system:
DELETE https://<host>:<port>/payment-system/api/v2/customer/dvader
200 Ok
Things to note:
the request is a HTTP DELETE

UPDATING MULTIPLE CUSTOMERS

To update multiple customers the administrator sends the following request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/customers
-- body --
{
"guids" : ["jdoe", "jdoe2"]
"paymentProviderAccountId" : null,
"minimumBalance" : null,
}
200 Ok
Things to note:
YSoft SafeQ 5 3247

February 03, 2016

the request body contains a list of globally unique identifiers of customers to update
INCREASING VIRTUAL BALANCE

To increase the virtual balance of a customer's money account (e.g. giving the customer an amount of free
money) the client sends the following request to payment system:
POST https://<host>:<port>/payment-system/api/v2/customer/jdoe/virtual-balance-increase
-- body --
{
"amount": 100.00,
"requestId": "123",
"description": "payment gateway failure claim"
}
If all preconditions are met payment system processes the request and replies with:
200 Ok
Things to note:

the response status code is 200
the requestId parameter is used to ensure request idempotency
DECREASING VIRTUAL BALANCE

To decrease the virtual balance of a customer's money account (e.g. taking away some amount of free
money from the customer) the client sends the following request to payment system:
POST https://<host>:<port>/payment-system/api/v2/customer/jdoe/virtual-balance-decrease
-- body --
{
"amount": 100.00,
"requestId": "456",
"description": "debt collection"
}
200 Ok
Things to note:

YSoft SafeQ 5 3248

February 03, 2016

the amount in the request does not specify the currency, currency depends on payment system
configuration
SET VIRTUAL BALANCE

To set the virtual balance of a customer's money account (e.g. setting the amount of free money) the client
PUT https://<host>:<port>/payment-system/api/v2/customer/jdoe/virtual-balance
-- body --
{
"amount": 100.00,
"requestId": "456",
"description": "resetting balance"
}
200 Ok
Things to note:

the amount in the request does not specify the currency, currency depends on payment system
configuration
GETCUSTOMER
Method
GET
URL
Required
[ROLE_API_MERCHANT]
Privileges
Get details of a customer.
RESPONSE BODY
{
"name" : <string>, // first name and last name of the customer
"guid" : <string>, // globally unique identifier of the customer
YSoft SafeQ 5 3249

February 03, 2016
"lookupKey" : <string>, // a key by which the customer can be looked up
"state" : <string>, // ENABLED or DISABLED

"personalBalance" : <number>, // a decimal number (the precision depends on pa
"availableBalance" : <number>, // a decimal number (the precision depends on pa
"minimumBalance" : <number>, // a decimal number (the precision depends on pa
"virtualBalance" : <number>, // a decimal number (the precision depends on pa
"paymentProviderAccountId" : <string>, // the account id of customer's personal account

}
LINKS
Rel Meaning Present
history link to the operations performed on the customer's always

account
open- link to a list of customer's current open transactions if the merchant can administrate
transactions reservations
increase- link to the endpoint used to increase the customer's if the merchant can increase
virtual-balance virtual balance virtual balances
decrease- link to the endpoint used to decrease the if the merchant can decrease
virtual-balance customer's virtual balance virtual balances
virtual-balance link to the endpoint used to set the customer's if the merchant can decrease
virtual balance to a concrete value virtual account balances
FINDCUSTOMERS
Method
GET
URL
/v2/customer
Required
[ROLE_API_ADMIN]
Privileges
List all customers. This list is paged. The list is sorted by customer's name.
YSoft SafeQ 5 3250

February 03, 2016
REQUEST ARGUMENTS
customerGuid String No Globally unique identifier of the customer
name String No Customer name
lookupKey String No Customer lookup key
state String (ENABLED or No Customer state

DISABLED)
balance Number No Current balance on the customer's personal

account
operator String (one of <, >, =) No Balance comparison operator
page Number No (default Page number

1)

10)
RESPONSE BODY
{
"page" : <number>,
"totalCount": <number>,
"results" : <array of objects>, // customers
}
LINKS
Rel Meaning Present
<number> link to each customer in the

results

page

results page
RESULTS
{
"name" : <string>, // first name and last name of the customer
YSoft SafeQ 5 3251

February 03, 2016
"lookupKey" : <string>, // a key by which the customer can be looked up
"personalBalance" : <number>, // a decimal number (the precision depends on pa
"availableBalance" : <number>, // a decimal number (the precision depends on pa
"virtualBalances" : <object>, // map of merchant names to virtual balances. Re

}
VIRTUAL BALANCE MAP EXAMPLE
{
"safeq" : 50,
"library" : 20
}
LINKS
Rel Meaning Present
history link to the operations performed on the customer's always

account
reservations link to a list of customer's current reservations if the merchant can administrate
reservations
increase- link to the endpoint used to increase the customer's if the merchant can increase
virtual-balance virtual balance virtual balances
decrease- link to the endpoint used to decrease the if the merchant can decrease
virtual-balance customer's virtual balance virtual balances
virtual-balance link to the endpoint used to set the customer's if the merchant can decrease
virtual balance to a concrete value virtual account balances
YSoft SafeQ 5 3252

February 03, 2016
CREATECUSTOMER
Method
POST
URL
/v2/customer
Required
[ROLE_API_ADMIN]
Privileges
Create a new customer.
REQUEST BODY
{
"name" : <string>, // customer's name

"lookupKey" : <string>, // customer's lookup key
"state" : <string> // ENABLED or DISABLED, the state of the custome
RESPONSE
created customer.
UPDATECUSTOMER
Method
PUT
URL
Required
[ROLE_API_ADMIN]
Privileges
Update a customer.
All arguments are optional. Any missing parameters will not be changed.
YSoft SafeQ 5 3253

February 03, 2016
REQUEST BODY
{
"name" : <string>, // customer's name
"lookupKey" : <string>, // customer's lookup key
DELETECUSTOMER
Method
DELETE
URL
Required
[ROLE_API_ADMIN]
Privileges
Remove a customer.
BULKUPDATECUSTOMERS
Method
PUT
URL
/v2/customers
Required
[ROLE_API_ADMIN]
Privileges
Update multiple customers.
REQUEST BODY
{
"guids" : <list of string>, // list of globally unique identifier of
YSoft SafeQ 5 3254

February 03, 2016
INCREASEVIRTUALBALANCE
Method
POST
URL
/v2/customer/{customerGuid}/virtual-balance-increase
Required
[ROLE_API_BALANCE_MANAGEMENT]
Privileges
Increases the virtual balance of customer's account by a given amount.
REQUEST BODY
{
"amount" : <number>, // positive decimal number (the precision depends on payment
"description" : <string>, // a description of the request (optional, max 1000 character
"requestId" : <string> // identifier of the request for tracking and idempotency che
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. the operation is performed only once even when
duplicate requests are sent by the merchant system. This means that in case of network problems when the
merchant system is unsure if the operation has been performed or not it can simply resend the exact same
request without worrying about duplicating the operation.
A request is considered a duplicate if the payment system has already performed a operation with the same
parameters.
DECREASEVIRTUALBALANCE
Method
POST
URL
/v2/customer/{customerGuid}/virtual-balance-decrease
Required
Privileges
Decrease the virtual balance of customer's account by a given amount.
YSoft SafeQ 5 3255

February 03, 2016
REQUEST BODY
{
REQUEST IDEMPOTENCY
parameters.
UPDATEVIRTUALBALANCE
Method
PUT
URL
/v2/customer/{customerGuid}/virtual-balance
Required
Privileges
Set the virtual balance of customer's account to a given amount.
REQUEST BODY
{
REQUEST IDEMPOTENCY
YSoft SafeQ 5 3256

February 03, 2016
parameters.
6.7.4 ENTITLEMENT SYSTEM YPS REST API
UPDATELICENSE
Method
PUT
URL
/v1/entitlement-system/license
Required
[ROLE_API_ADMIN]
Privileges
6.7.5 ENTITLEMENT YPS REST API
GETENTITLEMENT
Method
GET
URL
/v1/entitlement
Required
[ROLE_API_MERCHANT]
Privileges
6.7.6 MICRO TRANSACTION YPS REST API
REST API for micro transactions.
The micro transaction API is intended to be used for aggregating multiple reservations (micro transactions)
into one aggregated transaction. The micro transactions are settled as a single transaction from a
customer's account to a merchant's account. All requests to the payment system during the payment
process are done by the merchant on behalf of the customer. This implies that the customer trusts the
merchant to handle micro transactions transactions correctly.
MICRO TRANSACTIONS
A micro transaction is another name for a reservation within transactions that aggregate multiple
reservations into one settlement. They are part of a multi step process within multiple reservations are
created prior to their settlement as a group.
A multi step process is required when there is a time gap between the order of goods/services and their
delivery. The merchant wants to have an assurance at the time of the order that the user can pay for the
goods/services once they are delivered. And the customer wants to pay for the goods/services only after
they have been delivered.
YSoft SafeQ 5 3257

February 03, 2016
Micro transactions handle the multi step process by having the following steps:
1. reservation - the merchant system requests that payment system reserve a certain amount on
customer's account (assurance of payment). This step can be repeated multiple times.
2. settlement - after the delivery the merchant system requests that payment system settle the
aggregated transaction transferring the sum of the reserved amounts to the merchant's account
Note: the settled amount can differ the sum of the reserved amount.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
POST Creating
/v2/transaction/micro
micro
transactions
PUT Settling or
/v2/transaction/micro/{transactionId}
cancelling
aggregated
transactions.
(final step of
the multi
step
payment
process)
DELETE Removing
/v2/transaction/micro/{transactionId}/reservation/{reservationId}
micro
transactions
USAGE EXAMPLES
CREATING MICRO TRANSACTIONS

To create a micro transaction the merchant system sends a reservation request to payment system:
POST https://<host>:<port>/payment-system/api/v2/transaction/micro
-- body --
{
"customerGuid" : "jdoe",
"transactionId" : "123456",
"reservationId" : "book 456",
"amount" : 100.00,
"description" : "reservation for book 456"
}
If all preconditions are met (e.g. customer has sufficient balance for the transaction) payment system
processes the micro transaction and replies with a newly created resource location that points to the created
micro transaction:
YSoft SafeQ 5 3258

February 03, 2016
201 Created
-- headers --
Location: https://<host>:<port>/payment-system/api/v2/transaction/micro/123456/reservatio
Content-Location: https://<host>:<port>/payment-system/api/v2/transaction/micro/123456
Things to note:
the reservation request is a HTTP POST

the reservation request amount does not specify the currency, currency depends on payment system
configuration
the reservation response has its Location header set to the URI of the newly created reservation
within an aggregated transaction
the reservation response has its Content-Location header set to the URI of the aggregated
transaction
The merchant system is encouraged to store the location of the transaction and/or the micro transaction
URL for further interactions such as settling or cancelling transactions.
CANCELLING AGGREGATED TRANSACTIONS

Aggregated transactions can be cancelled making the reserved amount available for other uses. To request
transaction cancellation the merchant system sends a cancellation request to payment:
PUT https://<host>:<port>/payment-system/api/v2/transaction/micro/123456
-- body --
{
"state" : "CANCELLED",
"description" : "Customer requested order cancellation"
}
Payment system will cancel the aggregated transaction making the sum of reserved amounts available to
the customer and respond with:
200 Ok
Things to note:

customer's available balance is increased by the amount reserved by the aggregated transaction
REMOVING MICRO TRANSACTIONS

Micro transactions can be removed making the reserved amount available for other uses. To request micro
transaction removal the merchant system sends a removal request to payment system:
DELETE https://<host>:<port>/payment-system/api/v2/transaction/micro/123456/reservation/1
Payment system will remove the micro transaction making the reserved amount available to the customer
and respond with:
200 Ok
YSoft SafeQ 5 3259

February 03, 2016
Things to note:

customer's available balance is increased by the amount of the reservation
SETTLING AGGREGATED TRANSACTIONS

Aggregated transactions can be settled transferring the sum of the reserved amounts from the customer's
account to the merchant's account. To request transaction settlement the merchant system sends a
settlement request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/transaction/micro/123456
-- body --
{
"state": "SETTLED",
"amount": 100.00,
"description": "Transaction settlement"
}
Payment system will transfer the sum of the reserved amounts to the merchant's account and respond with:
200 Ok
Content-Location = https://<host>:<port>/payment-system/api/v2/transaction/123456
Things to note:

the settlement amount does not specify the currency, currency depends on payment system
configuration
the settlement amount can be higher or lower than the reserved amount
the response has its Content-Location header set to the URI of the concluded transaction
CREATEMICROTRANSACTION
Method
POST
URL
/v2/transaction/micro
Required
[ROLE_API_MERCHANT]
Privileges
Creates a new micro transaction reserving the given amount on the customer's account to the benefit of the
merchant performing the request.
YSoft SafeQ 5 3260

February 03, 2016
REQUEST BODY
{
"transactionId" : <string>, // a merchant defined identifier of the aggregated transact
"reservationId" : <string>, // a merchant defined identifier of the micro transaction.
"amount" : <number>, // positive decimal number (the precision depends on paymen
"description" : <string> // a description of micro transaction purpose. Max 1000 cha
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. only one micro transaction is created even when
merchant system is unsure if a transaction has been created or not it can simply resend the exact same
request without worrying about creating duplicate micro transactions.
A request is considered a duplicate if the payment system has already created a micro transaction with the
same parameters.
Duplicate requests are not considered as errors but the merchant system is informed about the fact that the
transaction has already been created by a previous request.
POSSIBLE RESPONSES
Response Meaning
Code
200 Ok The request is a duplicate. The micro transaction already exists. No new micro
transaction has been created. The response body contains information about when the
micro transaction has been created and in what state it is currently in.
201 Created The micro transaction has been created.
409 Conflict Micro transaction could not be processed because of insufficient balance on the
customer's account.
When a micro transaction is successfully processed the Location header of the response points to the newly
created resource representing the micro transaction. The merchant system is encouraged to store the
location of the transaction for further interactions such as cancelling of the micro transaction. The Content-
Location header points to the aggregated transaction. The merchant system is encouraged to store the
location of the aggregated transaction for further interaction such as cancellation or settlement of the
aggregated transaction.
YSoft SafeQ 5 3261

February 03, 2016
CHANGETRANSACTIONSTATE
Method
PUT
URL
/v2/transaction/micro/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
Settle or cancel an aggregated transaction.
REQUEST BODY
{
"state" : <string>, // SETTLED or CANCELLED
"description" : <string> // the reason for cancellation

}
REQUEST IDEMPOTENCY
Payment system ensures request idempotency. This means that in case of network problems when the
merchant system is unsure if a transaction has been created or not settled (cancelled) it can simply resend
the exact same request without worrying about side-effects.
Things to note:
cancelled transactions cannot be settled

settled transactions cannot be cancelled
POSSIBLE RESPONSES
Response Meaning
Code
200 Ok The transaction is already in the requested state.
404 Not Transaction id is invalid.

Found
409 Conflict Transaction could not be processed because of insufficient balance on the customer's
account or the transaction is already settled/cancelled.
RESPONSE
When an HTTP CREATED status code is returned for settlement requests the response Location header
points to the newly concluded transaction.
YSoft SafeQ 5 3262

February 03, 2016
CANCELRESERVATION
Method
DELETE
URL
/v2/transaction/micro/{transactionId}/reservation/{reservationId}
Required
[ROLE_API_MERCHANT]
Privileges
Remove a micro transaction from an aggregated transaction.
POSSIBLE RESPONSES
Response Meaning
Code
200 Ok The micro transaction has been removed.
404 Not Found The referenced aggregated transaction or micro transaction was not found.
409 Conflict The referenced aggregated transaction or micro transaction is already settled
/cancelled.
6.7.7 ONE STEP TRANSACTION YPS REST API
REST API for one-step transactions.
The one-step transaction API is intended to be used for one-time payments from a customer's account to a
merchant's account. The payment is requested by the merchant on behalf of the customer. This implies that
the customer trusts the merchant to request the payment correctly.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
POST Creating one-step

/v2/transaction/one-step
transactions
USAGE EXAMPLE
CREATING ONE-STEP TRANSACTIONS

To request a one-step transaction the merchant system sends the following request to payment system:
POST https://<host>:<port>/payment-system/api/v2/transaction/one-step
-- body --
{
YSoft SafeQ 5 3263

February 03, 2016
"amount" : 100.00,
}
If all preconditions are met payment system processes the payment and replies with a newly created
resource location that points to the created transaction:
201 Created
-- headers --
Location: https://<host>:<port>/payment-system/api/v2/transaction/123456
Things to note:

the settlement amount does not specify the currency, currency depends on payment system
configuration
the settlement amount can be higher or lower than the reserved amount
the response has its Content-Location header set to the URI of the concluded transaction
The merchant system is encouraged to store the location of the payment for further interactions such as
refunding a payment.
CREATEONESTEPTRANSACTION
Method
POST
URL
/v2/transaction/one-step
Required
[ROLE_API_MERCHANT]
Privileges
Creates a new one-step transaction for the customer and the given amount to the benefit of the merchant
performing the request.
REQUEST ARGUMENTS
REQUEST BODY
{
"transactionId" : <string>, // a merchant defined identifier of the transaction. This i
YSoft SafeQ 5 3264

February 03, 2016
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. only one one-step transaction is created even when
duplicate requests are sent by the merchant system.This means that in case of network problems when the
merchant system is unsure if a payment has been created or not it can simply resend the exact same
request without worrying about creating duplicate payments.
A request is considered a duplicate if payment system has already performed a one-step transaction with
the same parameters.
payment has already been processed by a previous request.
POSSIBLE RESPONSES
Response Meaning
Code
200 Ok The request is a duplicate. The one-step transaction already exists. No new One-step
transaction has been created.
201 Created One-step transaction has been processed.
409 Conflict One-step transaction could not be processed because of insufficient balance on the
customer's account.
When a one-step transaction is successfully processed the Location header of the response points to the
newly created resource representing it. The merchant system is encouraged to store the location of the
payment for further interactions such as displaying a payment.
6.7.8 OPEN TRANSACTION ADMINISTRATION YPS REST API
REST API for open (not settled 2-step and micro) transaction management.
PROVIDED ENDPOINTS
Endpoint
/v2/open-transaction
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}
YSoft SafeQ 5 3265

February 03, 2016
Endpoint
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}/reservation/{reser
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}/reservation/{reser
USAGE EXAMPLES
RETRIEVING ALL OPEN TRANSACTIONS

To retrieve all open transactions, admin sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/open-transaction
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 1,
"results" : [{
"transactionId" : "75dc7380-4566-11e4-916c-0800200c9a66",
"date" : "2014-09-20T21:14:53.855Z",
"amount" : 5.00,
"virtualAmount" : 4.00,
"personalAmount" : 1.00,
"merchantId" : 3,
"reservations" : [
{
"reservationId" : "1",
"amount" : 3.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-t
]
},
YSoft SafeQ 5 3266

February 03, 2016
{
"amount" : 2.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-t
]
}
],
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-tran
]
}]
}
Things to note:

RETRIEVING DETAILS ABOUT OPEN TRANSACTION

To retrieve details about open transaction, admin sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/open-transaction/merchant/{merchantId}/tr
200 Ok
-- body --
{
"date" : "2014-09-20T21:14:53.855Z",
"amount" : 5.00,
"merchantId" : 3,
"reservations" : [
{
"amount" : 3.00,
YSoft SafeQ 5 3267

February 03, 2016
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-tra
]
},
{
"amount" : 2.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-tra
]
}
],
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-transac
{ "rel" : "customer", "href" : "https://<host>:<port>/payment-system/api/v2/customer
]
}
Things to note:

CANCELING OPEN TRANSACTION

To cancel open transaction, admin sends the following request to payment system:
DELETE https://<host>:<port>/payment-system/api/v2/open-transaction/merchant/{merchantId}
200 Ok
Things to note:

RETRIEVING DETAILS ABOUT A RESERVATION OF OPEN TRANSACTION

To retrieve details about reservation of open transaction, admin sends the following request to payment
system:
GET https://<host>:<port>/payment-system/api/v2/open-transaction/merchant/{merchantId}/tr
YSoft SafeQ 5 3268

February 03, 2016
200 Ok
-- body --
{
"amount" : 3.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-trans
{ "rel" : "open-transaction", "href" : "https://<host>:<port>/payment-system/api/v
]
}
Things to note:

CANCELING A RESERVATION OF OPEN TRANSACTION

To cancel reservation of open transaction, admin sends the following request to payment system:
DELETE https://<host>:<port>/payment-system/api/v2/open-transaction/merchant/{merchantId}
200 Ok
Things to note:

FINDOPENTRANSACTIONS
Method
GET
URL
/v2/open-transaction
Required
[ROLE_API_ADMIN]
Privileges
List all open transactions. The returned list is paged.
YSoft SafeQ 5 3269

February 03, 2016
REQUEST ARGUMENTS
customerGuid String No Globally unique identifier of the

customer
merchantId Number No Payment System identifier of a

merchant
fromDate String (ISO8601 formatted No

date)
toDate String (ISO8601 formatted No

date)
page Number No (default 1) Page number

10)
RESPONSE BODY
{
"page" : <number>,
"results" : <array of open transaction objects>,
}
LINKS
Rel Meaning Present

page

results page
OPEN TRANSACTION OBJECT
{
"transactionId" : <string>, // A merchant defined transaction id
"amount" : <number>, // Total reserved amount. A decimal number (the pre
"virtualAmount" : <number>, // Reserved amount on virtual account. A decimal nu
"personalAmount" : <number>, // Reserved amount on personal account. A decimal n
YSoft SafeQ 5 3270

February 03, 2016
"merchantId" : <string>, // Identifier of merchant in Payment System
"reservations" : <array of reservation objects>, // Array of reservation objec

}
LINKS (OPEN TRANSACTION OBJECT)
Rel Meaning Present
self link to the open always

transaction
RESERVATION OBJECT
{
"reservationId" : <string>, // A merchant defined reservation id

}
LINKS (RESERVATION OBJECT)
Rel Meaning Present
self link to the always

reservation
GETTRANSACTION
Method
GET
URL
Required
[ROLE_API_ADMIN]
Privileges
Retrieve details about one open transaction.
YSoft SafeQ 5 3271

February 03, 2016
RESPONSE BODY
{
"transactionId" : <string>, // A merchant defined transaction id
"merchantId" : <string>, // Identifier of merchant in Payment System
"reservations" : <array of reservation objects>, // Array of reservation objec

}
LINKS (RESPONSE OBJECT)
Rel Meaning Present
self link to the open always

transaction
RESERVATION OBJECT
{

}
Rel Meaning Present
self link to the always

reservation
YSoft SafeQ 5 3272

February 03, 2016
DELETETRANSACTION
Method
DELETE
URL
Required
[ROLE_API_ADMIN]
Privileges
Removes a open transaction.
GETRESERVATION
Method
GET
URL
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}/reservati
Required
[ROLE_API_ADMIN]
Privileges
Retrieve details about a reservation of open transaction.
RESPONSE BODY
{

}
Rel Meaning Present
self link to the reservation always
open- link to the open always

transaction transaction
YSoft SafeQ 5 3273

February 03, 2016
DELETERESERVATION
Method
DELETE
URL
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}/reservati
Required
[ROLE_API_ADMIN]
Privileges
Removes a reservation.
6.7.9 PAYMENT GATEWAY YPS REST API
REST API for preparing Payment System deposits through Payment Gateways.
The deposit API is intended to be used by merchants preparing deposits to Payment System for their
customers. The merchant system first issues a call to the deposit API. Payment System tells the merchant
system where to redirect the customer in the response. The merchant system then redirects the client to the
prepared deposit and Payment System handles the rest.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
POST Prepare a
/v2/payment-gateway/deposit
deposit
USAGE EXAMPLE
PREPARING A DEPOSIT
To request a deposit the merchant system sends a deposit request to payment system:
POST https://<host>:<port>/payment-system/api/v2/payment-gateway/deposit
-- body --
{
"amount" : 100.00,
"currency" : "USD",
"description" : "Deposit to allow usage of merchant service",
"returnUrl" : "http://mymerchant.com/shopping-cart/payed?id=123",
"language" : "en_US"
}
If all preconditions are met payment system processes the deposit request and replies with a newly created
resource location that points to the prepared deposit.
YSoft SafeQ 5 3274

February 03, 2016
201 Created
-- headers --
Location: https://<host>:<port>/payment-system/payment-gateway/deposit/ebae4ba0-3360-46bd
-- body --
Things to note:
the deposit request is a HTTP POST

the deposit request specifies the currency, currency is checked against the configured Payment
System currency
the deposit response has its Location header set to the URL where the customer should be
redirected to to continue the deposit
CREATEDEPOSIT
Method
POST
URL
/v2/payment-gateway/deposit
Required
[ROLE_API_MERCHANT]
Privileges
Create a deposit for the customer and the given amount.
REQUEST BODY
{
"amount" : <number>, // a positive decimal number (the precision depends on payme
"currency" : <string>, // currency code according to ISO 4217 ("USD", "EUR", ...)
"description" : <string> // deposit description (optional)

"returnUrl" : <string> // URL to redirect the customer to after the deposit is fini
"language" : <string> // preferred language to display the deposit page in (option
RESPONSE
When an HTTP CREATED status code is returned the response Location header points to the URL the
customer should be redirected to to continue the deposit.
YSoft SafeQ 5 3275

February 03, 2016
GETPAYMENTGATEWAYS
Method
GET
URL
/v2/payment-gateway/list
Required
[ROLE_API_MERCHANT]
Privileges
Returns list of enabled payment gateways.
RESPONSE
List of payment gateway objects
RESULT OBJECTS
{
"gatewayId" : <number>, // id of a payment gateway
"name" : <string>, // name of the payment gateway
"termsAndConditionsEnabled" : <boolean>, // indicates if a payment gateway has a te
"termsAndConditions" : <string>, // terms and conditions of a payment gatew
"iconUrl" : <string>, // URL of a icon for a payment gateway
6.7.10 PAYMENT SYSTEM YPS REST API
REST API for obtaining Payment System configuration values
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
GET Retrieving complete

/v2/payment-system/configuration
payment system
configuration
GET Retrieving subset of

/v2/payment-system/configuration?key=???&key=???
payment system
configuration
PUT Updates payment system

configuration
PUT
YSoft SafeQ 5 3276

February 03, 2016
Endpoint HTTP Usage

Method
/v2/payment-system/license Update payment system

license
USAGE EXAMPLES
RETRIEVING COMPLETE PAYMENT SYSTEM CONFIGURATION

To retrieve the complete configuration the administrator sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/payment-system/configuration
200 OK
-- body --
{
"holdsMoneyAccountBalance": true,
"supportsRefunds": true,
"currencyCode": "EUR",
"paymentGatewaysAvailable" : true
}
Things to note:
RETRIEVING A SUBSET OF PAYMENT SYSTEM CONFIGURATION

To retrieve a subset of configuration the administrator sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/payment-system/configuration?key=currency
200 OK
-- body --
{
"currencyCode": "EUR"
}
Things to note:

the request parameters can contain multiple keys with values of names of attributes that you want to
return
possible attributes:
holdsMoneyAccountBalance
supportsRefunds
currencyCode
YSoft SafeQ 5 3277

February 03, 2016
paymentGatewaysAvailable
UPDATE PAYMENT SYSTEM CONFIGURATION

To update the configuration the administrator sends the following request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/payment-system/configuration
-- body --
{
"currencyCode": "EUR"
}
200 OK
Things to note:

some configuration options are read-only. An example is holdsMoneyAccountBalance
clients can update a subset of configuration options, they do not need to set all of them
writeable attributes:
currencyCode
UPDATING PAYMENT SYSTEM LICENSE

To update the license the administrator sends the following request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/payment-system/license
-- body --
{
"license": "<license_body>"
}
If all preconditions are met payment system processes the request and responds with:
200 Ok
Things to note:
YSoft SafeQ 5 3278

February 03, 2016
GETCONFIGURATION
Method
GET
URL
Required
[ROLE_API_ADMIN]
Privileges
Get complete payment system configuration (or its subset).
REQUEST ARGUMENTS
key List<String> No Values of key define subset of returned configuration parameters. (...
/configuration?key=currencyCode; .../configuration?
key=currencyCode&key=supportsRefunds; ...)
POSSIBLE BODY
{
"holdsMoneyAccountBalance" : <boolean>, // if true payment system holds money of money
"supportsRefunds" : <boolean>, // if payment system holds account balances it
"currencyCode" : <string>, // currency code according to ISO 4217 ("USD",
"paymentGatewaysAvailable" : <boolean> // indicates whether any payment gateways are c
UPDATECONFIGURATION
Method
PUT
URL
Required
[ROLE_API_ADMIN]
Privileges
Update payment system configuration.
YSoft SafeQ 5 3279

February 03, 2016
REQUEST BODY
{
"currencyCode" : <string> // currency code according to ISO 4217 ("USD", "EUR", ...) in
UPDATELICENSE
Method
PUT
URL
/v2/payment-system/license
Required
[ROLE_API_ADMIN]
Privileges
Updates payment system license.
REQUEST BODY
{
"license" : "<string>" // encoded license string
}
6.7.11 PERIODIC RECHARGE ADMINISTRATION YPS REST API
REST API for Periodic Recharge administration
The Periodic Recharge Administration API is intended to be used by an Administrator to manipulate

Periodic Recharges.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
GET Retrieving
/v2/periodic-recharge
a list of
periodic
recharges
GET Retrieving
/v2/periodic-recharge/{rechargeId}
details
about 1
particular
periodic
recharge
YSoft SafeQ 5 3280

February 03, 2016
Endpoint HTTP Usage

Method
POST Creating a
new
periodic
recharge
PUT Updating a
periodic
recharge
DELETE Deleting a
periodic
recharge
PUT Bulk
/v2/periodic-recharges
update
periodic
recharges
POST Assigning
/v2/periodic-recharge/{rechargeId}/recharged-customer
customers
to a
periodic
recharge
GET Retrieving
the
assigned
customers
of a
periodic
recharge
GET Retrieving
/v2/periodic-recharge/{rechargeId}/recharged-customer/{customerGuid}
information
about a
customer
assigned
to a
periodic
recharge
DELETE Remove a
customer
from a
periodic
recharge
YSoft SafeQ 5 3281

February 03, 2016
Endpoint HTTP Usage

Method
DELETE Removing
customers
from a
periodic
recharge
USAGE EXAMPLES
RETRIEVE A LIST OF PERIODIC RECHARGES

To retrieve a list of periodic recharges the administrator sends the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge
If all preconditions are met (e.g. operator has cash desks assigned) payment system responds with:
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"rechargeId" : 1,
"name" : "Monthly Allowance",
"dayOfMonth" : 1,
"description" : "$50 each month",
"amount" : 50.00,
"strategy" : "RECHARGE_BY_AMOUNT",
"startDate" : "2014-08-29T11:55:31.308Z",
"periodType" : "MONTH",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-
{ "rel" : "recharged-customers", "href" : "https://<host>:<port>/payment-system/a
}, {
"rechargeId" : 2,
"name" : "Yearly Bonus",
"month" : "JANUARY",
"dayOfMonth" : 1,
"amount" : 300.00,
"strategy" : "RECHARGE_TO_AMOUNT",
YSoft SafeQ 5 3282

February 03, 2016
"startDate" : "2014-08-29T11:55:31.308Z",
"periodType" : "YEAR",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-
{ "rel" : "recharged-customers", "href" : "https://<host>:<port>/payment-system/a
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-rechar
]
}
Things to note:

configuration
RETRIEVE DETAILS ABOUT 1 PARTICULAR PERIODIC RECHARGE

To retrieve details about a particular periodic recharge the administrator sends the following request to
payment system:
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge/1
If all preconditions are met (e.g. periodic recharge exists) payment system responds with:
200 OK
-- body --
{
"rechargeId" : 1,
"name" : "Monthly Allowance",
"dayOfMonth" : 1,
"amount" : 50.00,
"startDate" : "2014-08-29T11:55:31.308Z",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-re
YSoft SafeQ 5 3283

February 03, 2016
{ "rel" : "recharged-customers", "href" : "https://<host>:<port>/payment-system/api
Things to note:

configuration
RETRIEVE DETAILS ABOUT RECHARGED CUSTOMERS

To retrieve details about a customers recharged by a particular periodic recharge the administrator sends
the following request to payment system:
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
If all preconditions are met (e.g. periodic recharge exists) payment system responds with:
200 Ok
-- body --
{
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-recha
{ "rel" : "1", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-recha
],
"content" : [{
"customerName" : "John Doe",
"customerLookupKey" : "jdoe",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic
{ "rel" : "periodic-recharge", "href" : "https://<host>:<port>/payment-system/ap
]
}, {
"customerGuid" : "jdoe2",
"customerName" : "Jane Doe",
"customerLookupKey" : "jdoe2",
"links" : [
YSoft SafeQ 5 3284

February 03, 2016
]
}]
}
CREATE A PERIODIC RECHARGE

To create a periodic recharge the administrator sends the following request to payment system:
POST https://<host>:<port>/payment-system/api/v2/periodic-recharge
-- body --
{
"name" : "Monthly Recharge",
"amount" : 100.00,
"dayOfMonth" : 1,
"startDate" : "2014-07-03T14:30:40.209Z",
"description" : "Monthly recharge executed on the 1st of Month"
}
201 Created
Location = https://<host>:<port>/payment-system/api/v2/periodic-recharge/3
Things to note:

the location response header contains the location of the newly created periodic recharge
UPDATE A PERIODIC RECHARGE

To update a periodic recharge the administrator sends the following request to payment system using HTTP
PUT:
PUT https://<host>:<port>/payment-system/api/v2/periodic-recharge/1
-- body --
{
"amount": 200.00
}
200 Ok
Things to note:
YSoft SafeQ 5 3285

February 03, 2016

the request contains only the attributes of the periodic recharge that need to change, all others will
remain the same
DELETE A PERIODIC RECHARGE

To delete a periodic recharge the administrator sends the following request to payment system using HTTP
DELETE:
DELETE https://<host>:<port>/payment-system/api/v2/periodic-recharge/1
200 Ok
Things to note:
BULK UPDATE PERIODIC RECHARGES

To update periodic recharges in bulk the administrator sends the following request to payment system using
HTTP PUT:
PUT https://<host>:<port>/payment-system/api/v2/periodic-recharges
-- body --
{
"rechargeIds": [1, 2, 3],
}
200 Ok
Things to note:

at the moment only the state of the recharge can be modified, setting it to ENABLED or DISABLED
REMOVE A PERIODIC RECHARGE
To remove a periodic recharge the administrator sends the following request to payment system:
DELETE https://<host>:<port>/payment-system/api/v2/periodic-recharge/jdoe
200 Ok
Things to note:
YSoft SafeQ 5 3286

February 03, 2016
ASSIGN CUSTOMERS TO A PERIODIC RECHARGE

To assign customers to a periodic recharge in bulk the administrator sends the following request to payment
system:
POST https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
-- body --
{
"customerGuids" : ["dvader", "jdoe"]
}
201 Created
Content-Location = https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/rechar
Things to note:

there is no single location to be returned in the response location header, the client has to retrieve
the list of recharged customers again
the link to retrieve the recharged customers is returned in the Content-Location response header
>RETRIEVING THE ASSIGNED CUSTOMERS OF A PERIODIC RECHARGE

To retrieve customers recharged by a periodic recharge the administrator sends the following request to
payment system:
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"links" : [
],
YSoft SafeQ 5 3287

February 03, 2016

"customerLookupKey" : "jdoe"
}, {
"links" : [
],
"customerGuid" : "jdoe2",
"customerName" : "Jane Doe",
"customerLookupKey" : "jdoe2"
}],
"links" : [
]
}
Things to note:

the list is paged
RETRIEVE INFORMATION ABOUT A CUSTOMER ASSIGNED TO A PERIODIC RECHARGE

To retrieve information about one particular customer recharged by a periodic recharge the administrator
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer/1
200 Ok
-- body --
{
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-re
{ "rel" : "customer", "href" : "https://<host>:<port>/payment-system/api/v2/custome
{ "rel" : "periodic-recharge", "href" : "https://<host>:<port>/payment-system/api/v
],
YSoft SafeQ 5 3288

February 03, 2016
"customerLookupKey" : "jdoe"
}
Things to note:
REMOVE A CUSTOMER FROM A PERIODIC RECHARGE

To remove a customer from a periodic recharge the administrator sends the following request to payment
system:
DELETE https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
200 Ok
Things to note:
REMOVE CUSTOMERS FROM A PERIODIC RECHARGE

To remove customers from a periodic recharge the administrator sends the following request to payment
system:
DELETE https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
-- body --
{
"customerGuids" : ["dvader", "jdoe"]
}
200 Ok
Things to note:
YSoft SafeQ 5 3289

February 03, 2016
FINDPERIODICRECHARGES
Method
GET
URL
Required
[ROLE_API_ADMIN]
Privileges
List all periodic recharges. This list is paged.
REQUEST ARGUMENTS
customerGuid String No Customer guid
state String - ENABLED or No State of

DISABLED recharge
page Number No (default 1) Page number

10)
RESPONSE BODY
{
"page" : <number>,
"results" : <array of objects>,
}
LINKS
Rel Meaning Present
<number> link to each periodic recharge in the

results

page

page
YSoft SafeQ 5 3290

February 03, 2016
RESULT OBJECTS
{
"rechargeId" : <number>, // id of the recharge
"name" : <string>, // name of the periodic recharge
"startDate" : <string>, // ISO8601 formatted date

"strategy" : <string>, // recharging strategy; possible values are RECHARGE_BY_AMOU
"description" : <string>, // recharging description

"periodType" : <string>, // recharge period type; possible values are DAY, WEEK, MONT
"dayOfMonth" : <number>, // specifies day of month when the recharge should be proces
"dayOfWeek" : <string>, // specifies day of week when the recharge should be process
"numberOfDays" : <number>, // specifies the number of days in which the recharge should
"month" : <string>, // specifies month when the Recharge should be processed. Fi

}
LINKS (RESULTS)
Rel Meaning Present
recharged- link to a resource listing all customers recharged by this always

customers recharge
CREATEPERIODICRECHARGE
Method
POST
URL
Required
[ROLE_API_ADMIN]
Privileges
Create a periodic recharge.
YSoft SafeQ 5 3291

February 03, 2016
REQUEST BODY
{
"startDate" : <string>, // ISO8601 formatted date. Must be a date in future (tomorro


"month" : <string> // specifies month when the Recharge should be processed. Fi
RESPONSE
created periodic recharge.
GETPERIODICRECHARGE
Method
GET
URL
Required
[ROLE_API_ADMIN]
Privileges
Get information about a periodic recharge.
RESPONSE BODY
{
"rechargeId" : <number>, // id of the recharge
YSoft SafeQ 5 3292

February 03, 2016


REMOVEPERIODICRECHARGE
Method
DELETE
URL
Required
[ROLE_API_ADMIN]
Privileges
Remove a periodic recharge.
UPDATEPERIODICRECHARGE
Method
PUT
URL
Required
[ROLE_API_ADMIN]
Privileges
Update a periodic recharge.
YSoft SafeQ 5 3293

February 03, 2016
REQUEST BODY
{


UPDATEPERIODICRECHARGES
Method
PUT
URL
/v2/periodic-recharges
Required
[ROLE_API_ADMIN]
Privileges
Bulk update a periodic recharges.
REQUEST BODY
{
"rechargeIds" : <array of number>, // ids of recharges
}
YSoft SafeQ 5 3294

February 03, 2016
GETRECHARGEDCUSTOMERS
Method
GET
URL
Required
[ROLE_API_ADMIN]
Privileges
List all customers recharged by a specific periodic recharge.
REQUEST ARGUMENTS

Type
page Number No (default 1) Page

number

10)
RESPONSE BODY
{
"page" : <number>,
"results" : <array of objects>,
}
LINKS
Rel Meaning Present
<number> link to each recharged customer in the

results

page

page
RESULT OBJECTS
{
"customerName" : <string>, // first name and last name of the customer
YSoft SafeQ 5 3295

February 03, 2016

"customerLookupKey" : <number>, // a key by which the customer can be looked up

}
LINKS (CONTENT)
Rel Meaning Present
customer link to details about the customer always
periodic- link to the periodic recharge recharging the always

recharge customer
CREATERECHARGEDCUSTOMERS
Method
POST
URL
Required
[ROLE_API_ADMIN]
Privileges
Assign customers to a periodic recharge.
REQUEST BODY
{
"customerGuid" : <list of strings> // a list of globally unique identifiers of the cust
RESPONSE
When assignment was successful an HTTP status Created is returned.
GETRECHARGEDCUSTOMER
Method
GET
URL
Required
[ROLE_API_ADMIN]
Privileges
YSoft SafeQ 5 3296

February 03, 2016
Get details of a recharged customer.
RESPONSE BODY
{
"customerName" : <string>, // first name and last name of the customer
"customerLookupKey" : <number>, // a key by which the customer can be looked up

}
LINKS
Rel Meaning Present
customer link to details about the customer always
periodic- link to the periodic recharge recharging the always

recharge customer
REMOVERECHARGEDCUSTOMER
Method
DELETE
URL
Required
[ROLE_API_ADMIN]
Privileges
Remove a customer from a periodic recharge.
RESPONSE
When removal was successful an HTTP status Ok is returned.
REMOVERECHARGEDCUSTOMERS
Method
DELETE
URL
Required
[ROLE_API_ADMIN]
Privileges
Remove customers from a periodic recharge.
YSoft SafeQ 5 3297

February 03, 2016
REQUEST BODY
{
"customerGuid" : <list of strings> // a list of globally unique identifiers of the cust
RESPONSE
When removal was successful an HTTP status Ok is returned.
6.7.12 RESERVATION YPS REST API
CREATERESERVATION
Method
POST
URL
/v1/reservation
Required
[ROLE_API_MERCHANT]
Privileges
INCREMENTRESERVATION
Method
POST
URL
/v1/reservation/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
CHANGERESERVATIONSTATE
Method
PUT
URL
Required
[ROLE_API_MERCHANT]
Privileges
YSoft SafeQ 5 3298

February 03, 2016
GETRESERVATION
Method
GET
URL
Required
[ROLE_API_MERCHANT]
Privileges
CANCELRESERVATION
Method
DELETE
URL
/v1/reservation/{transactionId}/chunk/{reservationId}
Required
[ROLE_API_MERCHANT]
Privileges
6.7.13 TRANSACTION YPS REST API
REST API for transaction management.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
GET Retrieving information about a

/v2/transaction/{transactionId}
particular transaction
POST Refunding a settled transaction

/v2/transaction/{transactionId}/refund
Things to note:

configuration
RETRIEVING INFORMATION ABOUT A PARTICULAR TRANSACTION

To retrieve information about a particular transaction the merchant sends the following request to payment
system:
GET https://<host>:<port>/payment-system/api/v2/transaction/75dc7380-4566-11e4-916c-08002
YSoft SafeQ 5 3299

February 03, 2016
200 Ok
-- body --
{
"type" : "MONEY_TRANSFER",
"date" : "2014-09-20T21:14:53.855Z",
"amount" : 3.00,
"description" : "Payment for: candy bar",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/transaction/
{ "rel" : "customer", "href" : "https://<host>:<port>/payment-system/api/v2/customer
{ "rel" : "refund", "href" : "https://<host>:<port>/payment-system/api/v2/transactio
Things to note:

configuration
REFUNDING A SETTLED TRANSACTION

To request a refund of a settled transaction the merchant system sends the following request:
POST https://<host>:<port>/payment-system/api/v2/transaction/75dc7380-4566-11e4-916c-0800
-- body --
{
"refundId": "full refund",
"amount": 3.00,
"description": "Candy bar was stale"
}
If all preconditions are met payment system processes the refund and replies with:
201 Created
TDB
YSoft SafeQ 5 3300

February 03, 2016
GETTRANSACTION
Method
GET
URL
/v2/transaction/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
Get detailed information about a concluded transaction.
RESPONSE BODY
{
"type" : <string>, // Type of the transaction. Possible values are MON
"transactionId" : <string>, // merchant defined transactionId

"description" : <string>, // A merchant provided description of the transacti
"amount" : <number>, // Transaction amount. A decimal number (the precis
"tax" : <number>, // Value of tax for the transaction. Only for MONEY
"balanceChange" : <number>, // A decimal number (the precision depends on payme

}
LINKS
Rel Meaning Present
refund link to the resource used for creating refunds on this if refunds are
transaction supported
YSoft SafeQ 5 3301

February 03, 2016
CREATEREFUND
Method
POST
URL
/v2/transaction/{transactionId}/refund
Required
[ROLE_API_MERCHANT]
Privileges
Refund a transaction returning the given amount to the customer's account from the merchant's account.
REQUEST BODY
{
"refundId" : <string>, // A merchant defined refund id, used for idempotency checkin
"amount" : <number>, // Amount to be refunded. A positive decimal number (the prec
"description" : <string>, // Reason for the refund

}
POSSIBLE RESPONSES
Response Meaning
Code
200 Ok The request is a duplicate. The refund already exists. No new refund has been created.
The response body contains a representation of the refund created by the previous
request i.e. the one the current request duplicates.
201 Created The refund has been processed.
409 Conflict Refund could not be processed because it would violate the refunding rules configured
within payment system.
6.7.14 TWO STEP TRANSACTION YPS REST API
REST API for two-step transactions.
The two-step transaction API is intended to be used as clearing transactions from a customer's account to a
merchant's account. All requests to payment system during the payment process are done by the merchant
on behalf of the customer. This implies that the customer trusts the merchant to handle two-step
transactions correctly.
YSoft SafeQ 5 3302

February 03, 2016
TWO-STEP TRANSACTIONS
A two step process is required when there is a time gap between the order of goods/services and their
delivery. The merchant wants to have an assurance at the time of the order that the user can pay for the
goods/services once they are delivered. And the customer wants to pay for the goods/services only after
they have been delivered.
Two-step transactions handle this scenario by:
1. reservation - the merchant system requests that payment system reserve a certain amount on
customer's account (assurance of payment)
2. settlement - after the delivery the merchant system requests that payment system settle the two-step
transaction transferring the reserved amount to the merchant's account
Note: the settled amount can differ the reserved amount.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
POST Creating reservations (1st step of the

/v2/transaction/two-step
two step payment process)
PUT Settling or cancelling two-step

/v2/transaction/two-step/{transactionId}
transactions. (2nd step of the two step
payment process)
USAGE EXAMPLES
CREATING RESERVATIONS
To start a two-step transaction the merchant system sends a reservation request to payment system:
POST https://<host>:<port>/payment-system/api/v2/transaction/two-step
-- body --
{
"amount" : 100.00,
}
If all preconditions are met (e.g. customer has sufficient balance for the transaction) payment system
processes the reservation and replies with a newly created resource location that points to the created
transaction in progress:
201 Created
-- headers --
Location: https://<host>:<port>/payment-system/api/v2/transaction/two-step/123456
YSoft SafeQ 5 3303

February 03, 2016
Things to note:
the reservation request is a HTTP POST

the reservation request amount does not specify the currency, currency depends on payment system
configuration
the reservation response has its Location header set to the URI of the newly created transaction
The merchant system is encouraged to store the location of the reservation for further interactions such as
settling or cancelling transactions.
CANCELLING TWO-STEP TRANSACTIONS

Reservations can be cancelled making the reserved amount available for other uses. To request transaction
cancellation the merchant system sends a cancellation request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/transaction/two-step/123456
-- body --
{
"state" : "CANCELLED",
"description" : "Customer requested order cancellation"
}
Payment system will cancel the reservation making the reserved amount available to the customer and
respond with:
200 Ok
Things to note:

customer's available balance is increased by the amount reserved by the aggregated transaction
SETTLING TWO-STEP TRANSACTIONS

Reservations can be settled transferring the reserved amount from the customer's account to the
merchant's account. To request transaction settlement the merchant system sends a settlement request to
payment system:
PUT https://<host>:<port>/payment-system/api/v2/transaction/two-step/123456
-- body --
{
"state" : "SETTLED",
"amount" : 100.00,
"description" : "Transaction settlement"
}
Payment system will transfer the reserved amount to the merchant's account and respond with:
200 Ok
Content-Location = https://<host>:<port>/payment-system/api/v2/transaction/123456
YSoft SafeQ 5 3304

February 03, 2016
Things to note:

the request amount does not specify the currency, currency depends on payment system
configuration
the response has its Location header set to the URI of the newly created transaction
The merchant system is encouraged to store the location of the payment for further interactions such as
refunding a payment.
CREATERESERVATION
Method
POST
URL
/v2/transaction/two-step
Required
[ROLE_API_MERCHANT]
Privileges
Create a new two-step transaction reserving the given amount on the customer's account to the benefit of
the merchant performing the request.
REQUEST BODY
{
"transactionId" : <string>, // a merchant defined identifier of the aggregated transact
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. only one clearing transaction is created even when
merchant system is unsure if a transaction has been created or not it can simply resend the exact same
request without worrying about creating duplicate transactions.
A request is considered a duplicate if the payment system has already created a transaction with the same
parameters.
transaction has already been created by a previous request.
YSoft SafeQ 5 3305

February 03, 2016
POSSIBLE RESPONSES
Response Response Body Meaning

Code
200 Ok Clearing transaction The request is a duplicate. The transaction already exists. No new
created response transaction has been created. The response body contains
information about when the transaction has been created and in
what state it is currently in.
201 Clearing transaction The reservation has been created.

Created created response
409 Payment could not be processed because of insufficient balance

Conflict on the customer's account or the transaction is already settled
/cancelled.
When a reservation is successfully processed the Location header of the response points to the newly
created resource representing the clearing transaction. The merchant system is encouraged to store the
location of the transaction for further interactions such as cancelling or settling the transaction.
CHANGESTATE
Method
PUT
URL
/v2/transaction/two-step/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
Settle or cancel a transaction.
REQUEST BODY
{
"state" : <string>, // SETTLED or CANCELLED
"description" : <string> // the reason for cancellation

}
REQUEST IDEMPOTENCY
Payment system ensures request idempotency. This means that in case of network problems when the
merchant system is unsure if a transaction has been created or not settled (cancelled) it can simply resend
the exact same request without worrying about side-effects.
Things to note:
YSoft SafeQ 5 3306

February 03, 2016
cancelled transactions cannot be settled

settled transactions cannot be cancelled
POSSIBLE RESPONSES
Response Response Body Meaning

Code
200 Ok Settlement The transaction is already in the requested state.

/Cancellation
response
404 Not Error message Transaction id is invalid.

Found
409 Error message Transaction could not be processed because of insufficient balance
Conflict on the customer's account or the transaction is already settled
/cancelled.
RESPONSE
When an HTTP CREATED status code is returned for settlement requests the response Location header
points to the newly concluded transaction.
6.7.15 VOUCHER YPS REST API
REST API for auditing.
PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
POST Create voucher

/v2/voucher
PUT Redeem
/v2/voucher/{voucherCode}
voucher
USAGE EXAMPLES
CREATE VOUCHER
To create a voucher, administrator sends the following request to payment system:
POST https://<host>:<port>/payment-system/api/v2/voucher
-- body --
{
"code" : "ASDFXYZ123",
"amount" : 10,
"expirationDate" : "2015-09-26T10:20:58.481Z"
}
YSoft SafeQ 5 3307

February 03, 2016
201 Created
Things to note:

the amount does not specify the currency, currency depends on payment system configuration
REDEEM VOUCHER
To redeem a voucher, administrator sends the following request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/voucher/ASDFXYZ123
-- body --
{
"state" : "REDEEMED"
}
200 Ok
Things to note:
CREATEVOUCHER
Method
POST
URL
/v2/voucher
Required
[ROLE_API_ADMIN]
Privileges
Create a new voucher.
REQUEST BODY
{
"code" : <string>, // unique voucher code
"amount" : <number>, // a decimal number (the precision depends on payment syst
"expirationDate" : <string> // ISO8601 formatted date; optional expiration date in the
YSoft SafeQ 5 3308

February 03, 2016
REDEEMVOUCHER
Method
PUT
URL
/v2/voucher/{voucherCode}
Required
[ROLE_API_ADMIN]
Privileges
Redeem a voucher.
REQUEST BODY
{
"customerGuid" : <string>, // unique identifier of a customer who will redeem the vouch
"state" : <string> // constant string "REDEEMED"

}
6.8 USER MANAGEMENT YPS REST API
An endpoint retrieving user information based on username
User information contains an the identifier that is used as a customer reference within Payment
System.
6.8.1 PROVIDED ENDPOINTS
Endpoint HTTP Usage

Method
GET Retrieving information about the user

/user/{username}
POST Tries to authenticate the user using the provided

/user/authentication
credentials
6.8.2 USAGE EXAMPLES
RETRIEVING USER INFORMATION
To retrieve user information the merchant sends a HTTP GET request to user management:
GET https://<host>:<port>/user-management/api/v1/user/johndoe
If all preconditions are met (e.g. user exists) user management responds with a JSON object describing the
user
YSoft SafeQ 5 3309

February 03, 2016
200 OK
-- body --
{
userId: 1024,
username: "jdoe",
displayName: "John Doe",
email: "jdoe@gmail.com"
}
Things to note:

userId attribute is used as a customer reference within Payment System
AUTHENTICATING USERS
To authenticate a user by username and password or card number or pin the merchant sends a HTTP
POST request to user management:
POST https://<host>:<port>/user-management/api/v1/user/authentication?method=username-and
-- body --
{
username: 'jdoe',
password: '12345'
}
If the user is authenticated user management responds with a JSON object describing the user
200 OK
{
userId: 1024,
username: "jdoe",
displayName: "John Doe",
email: "jdoe@gmail.com"
}
Things to note:

userId attribute is used as a customer reference within Payment System
there are 3 authentication methods: 'username-and-password', 'card' and 'pin'
YSoft SafeQ 5 3310

February 03, 2016
6.8.3 GETUSERBYUSERNAME
Method
GET
URL
/user/{username:.*}
Returns information about a user
POSSIBLE RESPONSES
Response Response Meaning

Code Body
200 OK User The request has been processed normally.

information
404 Not Found Username is not known.
500 Internal Error User management encountered an unexpected condition which

Server Error message prevented it from fulfilling the request.
USER INFORMATION RESPONSE
Attribute Data Type Meaning
userId Positive integer within range Internal user identity. Used as a customer reference within
(0, 263-1) Payment System.
username String Username
displayName String Display name.
email String User's email address.
6.8.4 AUTHENTICATEBYUSERNAMEANDPASSWORD
Method
POST
URL
Authenticates a user by username and password
YSoft SafeQ 5 3311

February 03, 2016
REQUEST ARGUMENTS

Type
method String Yes Constant string 'username-and-password' sent as a request

parameter
username String Yes User's username.
password String Yes User's password.
POSSIBLE RESPONSES

Code Body
200 OK User User has been authenticated successfully.

information
400 Bad List of Authentication could not be attempted because of bad input. Detailed
Request causes information can be found in the response body
401 Username authentication has failed.

Unauthorized

6.8.5 AUTHENTICATEBYCARD
Method
POST
URL
Authenticates a user by card number
YSoft SafeQ 5 3312

February 03, 2016
REQUEST ARGUMENTS

Type
method String Yes Constant string 'card' sent as a request

parameter
card String Yes User's username.
POSSIBLE RESPONSES

Code Body

information

Unauthorized

6.8.6 AUTHENTICATEBYPIN
Method
POST
URL
Authenticates a user by pin
YSoft SafeQ 5 3313

February 03, 2016
REQUEST ARGUMENTS

Type
method String Yes Constant string 'pin' sent as a request

parameter
pin String Yes User's pin.
POSSIBLE RESPONSES

Code Body

information

Unauthorized

6.8.7 PING
Method
GET
URL
/ping
YSoft SafeQ 5 3314

February 03, 2016
6.9 YSOFT PAYMENT MACHINE
The following documents describe the YSoft Payment machine installation and use:
Configuring Payment Machine

Operating the Payment Machine
Payment Machine Troubleshooting
YSoft Payment Machine Data Sets
YSoft Payment Machine Overview
6.9.1 CONFIGURING PAYMENT MACHINE
Page content
Selecting the communication protocol

Configuring the YSoft Payment System server address
Connecting Payment Machine to Payment System
Resetting the system date
SELECTING THE COMMUNICATION PROTOCOL
Warning: Changing the communication protocol may erase the charging logs so unfinished recharges
will be lost. Perform this configuration only when you are sure that there are no unfinished items.
1 Display the Service menu and tap Payment System.
YSoft SafeQ 5 3315

February 03, 2016
2 Tap Charging protocol.
3 Select YSoft Payment System; then tap OK.
YSoft SafeQ 5 3316

February 03, 2016
Note: Protocol version 1 is intended only for interconnection with a version of YSoft SafeQ
server prior to version 3.6
Note: Protocol version 2 is intended only for interconnection with YSoft SafeQ server version 3.6
Note: The protocol YSoft Payment System is intended only for interconnection with YSoft
Payment System server and YSoft SafeQ 5
YSoft SafeQ 5 3317

February 03, 2016
CONFIGURING THE YSOFT PAYMENT SYSTEM SERVER ADDRESS
1 Display the Service menu and tap Payment System.
2 Tap PS Server address.
3 Enter the YSoft Payment System server host name or IP address; then tap .
YSoft SafeQ 5 3318

February 03, 2016
Note: The YSoft Payment System server address may be different from the YSoft SafeQ server
address.
4 Enter Payment System server port; then tap .
YSoft SafeQ 5 3319

February 03, 2016
Note: The default port for YSoft Payment System is 4197.
CONNECTING PAYMENT MACHINE TO PAYMENT SYSTEM
When YSoft Payment Machine has been configured correctly, it automatically connects to YSoft Payment
System. To make YSoft Payment Machine fully functional with YSoft Payment System, please follow these
steps.
1 When the correct server address is configured in the YSoft Payment Machine service menu, the
device will display a "not authorized" message.
YSoft SafeQ 5 3320

February 03, 2016
2 Log into YSoft Payment System administration and go to Payment machines
Select the YSoft Payment Machine, which you want to authorize and click Authorize selected.
3 The YSoft Payment Machine's status will change to Authorized.
YSoft SafeQ 5 3321

February 03, 2016
Users are now able to log into YSoft Payment Machine
4 You can also change the name of the YSoft Payment Machine by clicking View to display details and
then click Rename payment machine.
After saving the new name, it will be visible in YSoft Payment System administration; you can then
identify each YSoft Payment Machine easily.
YSoft SafeQ 5 3322

February 03, 2016
RESETTING THE SYSTEM DATE
Note: Performing a system date reset is not necessary in normal situations. It is useful only when the
device date is accidentally the past and the certificates for encrypted communication could not be verified.
1 Display the Service menu and tap Service.
2 Tap Reset date.
YSoft SafeQ 5 3323

February 03, 2016
3 Tap YES.
NOTE: It is recommended to perform a date reset without network connection to prevent date
synchronization over the network.
4 The date is restored to the build date of the firmware and the device will reboot.
6.9.2 OPERATING THE PAYMENT MACHINE
Page content
YSoft SafeQ 5 3324

February 03, 2016
Removing money from the deposit box and performing closure
YSoft SafeQ 5 3325

February 03, 2016
REMOVING MONEY FROM THE DEPOSIT BOX AND PERFORMING CLOSURE
1 Enter Service menu authentication by tapping the corners.
2 Enter the PIN for money removal, press OK.
YSoft SafeQ 5 3326

February 03, 2016
Choose Remove money.
4 Confirm.
Note: The alarm is disabled after the confirmation.
YSoft SafeQ 5 3327

February 03, 2016
Open deposit box and remove money.
6 While the door is open, a timer is in effect. As the timeout period nears the end, the terminal begins to
beep. To continue
with the door open, touch WAIT. When the money removal is finished, press DONE.
7 Perform closure.
YSoft SafeQ 5 3328

February 03, 2016
Note: The closure can be performed only when connection to Payment system is available.
8 Confirmation screen will be displayed. Touch screen to return back to Service menu.
9 The closure details can be displayed on YSoft Payment System administration. Log in and go to
Payment machines.
YSoft SafeQ 5 3329

February 03, 2016
Click on View for the Payment machine, where closure was performed.
10 Details (list of deposits) for each closure can be then displayed by clicking on View for the particular
closure.
6.9.3 PAYMENT MACHINE TROUBLESHOOTING
COULD NOT CONNECT TO SERVER
Check for correct date on Payment System server and also on Payment machine. (Network connection is
strongly encrypted SSL connection with certificate verification. Verification will fail if devices has older date
then creation time of certificates.) There is possibility to reset system date of Payment Machine in it's
service menu.
ACCESS DENIED
When user is not able to access recharging screen on Payment machine due to Access denied error, it can
be caused by using currency in Payment System which is not supported by Payment machine.
YSoft SafeQ 5 3330

February 03, 2016
6.9.4 YSOFT PAYMENT MACHINE DATA SETS
Data sets contain firmwares for the bank note acceptation unit and printer (used for receipts).
Only supported currencies are listed, however data set package contains also other files which are not
intended for general use.
DATA SET 2014-05-26
Updated:
CAD-253-50
EUR5-270-50
GBPNIRL1-270-51
GBPSCO2-272-51
KZT1-270-51
PEN-270-50
PLN-270-51
RUB-270-50
USD-270-51
File name Currency Version Release Supported items1) Notes

date
AED2-251- United 2.51-49 30.4.2013 5(93-95), 5(00-01), 10(93- The width 59mm of 5
49 Arab 95), 10(98,01), 10(09), 20 Dirhams is out of device
Emirates - (97, 00), 20(09), 50(95- specification.2)
Dirham 96), 50(98), 50(04-11),
100(93-95), 100(98), 100
(03-06), 100(08), 100
(12), 200(89), 200(04),
200(08), 500(96), 500(98-
00), 500(04), 500(06-08),
500(11), 1000(98-00),
1000(06), 1000(08), 1000
(12)
AUD-178- Australia - 1.78-17 24.9.2008 5(95), 5(01), 10(93), 20

17 Dollar (94), 50(95), 100(96)
BGN-206- Bulgaria - 2.06-40 8.5.2012 2(99), 5(99), 5(09), 10 The length 116mm of 2
40 Leva (99), 10(08), 20(99), 20 Leva is out of device
(07), 50(99), 50(06), 100 specification.2)
(03)
CAD-253- Canada - 2.53-50 10.12.2013 5(02), 5(06), 5(13), 10 Minor improvement

50 Dollar (01), 10(05), 10(13), 20
(04), 20(12), 50(04), 50
(12), 100(04), 100(11)
YSoft SafeQ 5 3331

February 03, 2016

date
CLP-232- Chile - 2.32-46 26.12.2012 1000(93-07), 1000(10),

46 Peso 2000(97-03), 2000
(04,07), 2000(09), 5000
(86-08), 5000(09), 10000
(91-08), 10000(09),
20000(98-08), 20000(09)
CZK-206- Czech 2.06-24 15.3.2011 100(95), 100(97), 200 The length 170mm of
24 Republic - (96), 200(98), 500(95), 5000 Korun is out of
Korun 500(97), 500(09), 1000 device specification.3)
(96), 1000(08), 2000(96),
2000(99), 2000(07), 5000
(99), 5000(09)
DKK-208- Denmark - 2.08-40 28.6.2012 50(97), 50(04), 50(09),

40 Kroner 100(97), 100(02), 100
(09), 200(97), 200(03),
200(09), 500(97), 500
(03), 500(09), 1000(97),
1000(04), 1000(09)
EUR5-270- European 2.70-50 19.03.2014 5(02), 5(13), 10(02), 10 Added support for EUR10
50 Union - (14), 20(02), 50(02), 100 (2014) note. Improved
Euro (02), 200(02), 500(02) acceptance of EUR5,
EUR10, EUR20 and
EUR50 notes.
GBPNIRL1- England 2.70-51 4.4.2014 BofE: 5(02), 10(00), 20 Removed BofE 50(94)
270-51 /North (06), 50(10) BofI: 5(08), 5
Ireland - (13), 10(08), 10(13), 20
Pounds (91-99), 20(99-07), 20
(08), 20(13) NB: 10(08),
20(05), 20(09) UB: 5(90-
93), 5(98-01), 5(07), 10
(97), 10(07), 20(96-06),
20(07), 50(97) DB: 10
(13), 20(13) FTB: 10(94-
96), 10(98), 20(94,96), 20
(98), 50(94)
GBPSCO2- England 2.72-51 16.5.2014 BofE: 5(02), 10(00), 20 Removed BofE 50(94),
272-51 /Scotland - (06), 50(11) CB: 5(90), 5 Minor improvements
Pounds (09), 10(97), 10(06), 10
(09), 20(97), 20(99), 20
(09), 50(09) RBofS: 5
YSoft SafeQ 5 3332

February 03, 2016

date
(88), 5(04), 10(92), 20(91-

99,07) BofS: 5(95), 5
(07), 10(95), 10(07), 20
(95), 20(07)
HUF-205- Hungary - 2.05-31 23.12.2011 500(98), 500(01), 500

31 Forint (06), 500(07,08), 1000
(06), 1000(09), 2000(98),
2000(07,08), 5000(99),
5000(08), 10000(97),
10000(08), 20000(99),
20000(09)
CHF2-230- Switzerland 2.30-43 11.9.2012 10(97), 20(96), 50(95), The length 170mm of
43 - Franc 100(98), 200(97) 200 Franc is out of
device specification.3)
CHF3-205- Switzerland 2.05-40 30.4.2012 10(97), 20(96), 50(95), The length 170mm of
40 - Franc 100(98), 200(97), 1000 200 Franc is out of
(98) device specification.3)
The length 182mm of
1000 Franc is out of
ILS-178-16 Israel - 1.78-16 18.7.2008 20(98,01), 20(08), 50

Sheqalim (98,07), 100(98,02,07),
200(98,02,06)
KZT1-270- Kazakhstan 2.70-51 8.5.2014 200(06), 500(06), 1000 Added 1000(13) note
51 - Tenge (06), 1000(10), 1000(11),
1000(13), 2000(06), 2000
(11), 2000(12), 5000(06),
5000(08), 5000(11),
10000(06), 10000(11),
10000(12)
MYR1-251- Malaysia - 2.51-50 20.12.2013 1(00), 1(12), 2(96), 5(99),

50 Ringgit 5(04), 5(12), 10(98), 10
(03), 10(12), 20(12), 50
(98), 50(07), 100(98), 100
(12)
MYR2-251- Malaysia - 2.51-50 20.12.2013 10(98), 10(03), 10(12), 20

50 Ringgit (12), 50(98), 50(07), 100
(98), 100(12)
YSoft SafeQ 5 3333

February 03, 2016

date
PEN1-251- Peru - 2.51-50 24.7.2013 10(95-06), 10(09), 20(95-

50 Soles 06), 20(09), 50(92-06), 50
(09), 100(92-06), 100
(09), 200(95), 200(09)
PEN-270- Peru - 2.70-50 10.2.2014 10(95-06), 10(09), 20(95- Added 100(12) note
50 Soles 06), 20(09), 50(92-06), 50
(09), 100(92-06), 100(09-
12), 200(95), 200(09)
PLN-270- Poland - 2.70-51 30.4.2014 10(94), 10(12), 20(94), 20 Added new banknotes -
51 Zlotych (12), 50(94), 50(06), 50 revision 2012
(12), 100(94), 100(12),
200(94) The width 60mm of 10
(94) Zlotych is out of
RON-205- Romania - 2.05-21 13.7.2010 1(05), 5(05), 10(05), 10

21 Lei (08), 50(05), 100(05), 200
(06), 500(05)
RUB-270- Russia - 2.70-50 13.3.2014 10(97), 10(04), 50(97), 50 Improved acceptance

50 Ruble (04), 100(97), 100(04),
500(97), 500(04), 500
(10), 1000(97), 1000(04),
1000(10), 5000(97), 5000
(10)
SAR-176- Saudi 1.76-17 2.9.2008 1(old), 1(07), 5(old), 5

17 Arabia - (07), 10(old), 10(07), 20
Riyals (old), 50(old), 50(07), 100
(old), 100(03), 100(07),
200(old), 500(old), 500
(03), 500(07)
SGD-205- Singapore - 2.05-24 4.5.2011 2(99), 2(05), 2(06), 5(99), The length 170mm of
24 Singapore 5(99), 5(07), 10(99), 10 1000 Dollar is out of
Dollar (04), 50(99), 50(99,04), device specification.3)
50(99), 50(99), 100(99),
1000(99)
TWD-207- Taiwan - 2.07-40 5.4.2012 100(01), 200(02), 500,

40 Yuan 1000, 2000(02)
USD-270- USA - 2.70-51 31.3.2014 1(85-09), 5(93-95), 5(99), Minor improvement

51 Dollar 5(06-09), 10(90-95), 10
(99-03), 10(04-09), 20(90-
YSoft SafeQ 5 3334

February 03, 2016

date
95), 20(99-01), 20(04-

09), 50(90-93), 50(96-
01), 50(04-09), 100(90-
93), 100(96-06), 100(09)
Notes:
1) Format: Denomination (revision)
2) Note is out of device specification (Width 62-85mm, Length 120-165mm, Length up to 170mm when
using Steel Cash Box). Y Soft recommends to disable acceptance of it. Y Soft will not be responsible for any
damages caused by this denomination.
3) Note is out of device specification with Plastic Cash Box, Steel Cash box required (Width 62-85mm,
Length 120-165mm, Length up to 170mm when using Steel Cash Box). Y Soft recommends to disable
acceptance of it or obtain Steel Cash Box. Y Soft will not be responsible for any damages caused by this
denomination with Plastic Cash Box.
6.9.5 YSOFT PAYMENT MACHINE OVERVIEW
OVERVIEW
YSoft Payment Machine allows easy credit recharging.
There are a few major changes from previous versions.
YSoft Payment Machine is now connected directly to YSoft Payment System instead of YSoft SafeQ server
and this connection is automatically negotiated and kept in place the whole time to allow the better
monitoring of YSoft Payment Machine.
For interconnection, we have developed a new communication protocol, which is strongly encrypted with
low bandwidth requirements and many future benefits.
For its proper functioning, YSoft Payment Machine has to be correctly configured. Mainly the
communication protocol (the new one for YSoft Payment System), the YSoft Payment System server
address (hostname or IP address), and other items as in the previous version (for example currency,
enabled notes/coins, etc.) have to be set correctly. Due to direct communication to YSoft Payment System
there is a separate configuration of the YSoft Payment System server address and YSoft SafeQ server IP.
Connection to a YSoft SafeQ server is not needed during normal operation, it is only useful for maintenance
(for example, an emergency update of firmware).
MIGRATION PROCEDURE
If customer needs to reconfigure YSoft Payment Machine from YSoft SafeQ 3.6 to YSoft SafeQ 5 with YSoft
Payment System there are only a few steps required on the SPM side:
1. Verify that there is no unfinished recharging - migration will erase them
2.
YSoft SafeQ 5 3335

February 03, 2016
2. Update the firmware of YSoft Payment Machine to 3.14.0 or newer

3. Reconfigure YSoft Payment Machine to the new communications protocol
4. Set the YSoft Payment System server address (server hostname and port - default 4197)
5. Perform the configuration of SPM on the YSoft Payment System server
NETWORK COMMUNICATION
The YSoft Payment System server in its default configuration has these TCP ports dedicated for YSoft
Payment Machine connections:
4197 - Management connection over SSL - this port is needs to be set up in the YSoft Payment
Machine service menu during the configuration of the YSoft Payment System server address
4199 - Main connection over SSL
4196 and 4198 - Reserved for future use (connections over plain TCP)
Both connections are permanently connected to ensure full YSoft Payment Machine monitoring from the
server and quick responses to user login. First the management connection is negotiated and then, if YSoft
Payment Machine is authorized to connect to the server, the main connection is established.
YSoft SafeQ 5 3336

YSoft SafeQ 5 - Documentation

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

YSoft SafeQ 5 - Documentation

Caricato da

Copyright:

Formati disponibili

making the MFDs think™

1 What is YSoft SafeQ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.4.5 Billing Code selection for Printing at the terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

3.2.3 Hardware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

4.6.9 Adding a terminal and configuring Print roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

4.15.25Configuring WebDav . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1892

5.6 User Guides - Terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2143

6.7.11 Periodic Recharge Administration YPS REST API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3280

1 WHAT IS YSOFT SAFEQ?

1.0.1 YSOFT SAFEQ

1.0.1 SAVE COSTS, TIME AND THE ENVIRONMENT

1.0.1 MAKE PRINTING EASIER AND MORE CONVENIENT

1.0.1 PROTECT YOUR DATA AND ACCESS TO MULTIFUNCTION PRINTERS!

Learn more about features and benefits

Learn more about typical deployment scenarios

Deployment, Integration and System configuration

'How to' guides

2 INTRODUCING YSOFT SAFEQ 5

2.1 MORE HIGH-LEVEL DETAILS ABOUT YSOFT SAFEQ 5 FEATURES FOLLOW:

2.2 CHANGE LOG

2.2.1 MAINTENANCE UPDATE 28 (04/02/2016)

2.2.2 MAINTENANCE UPDATE 27 (07/01/2016)

YSoft Payment System allows easier definition of quotas.

2.2.3 MAINTENANCE UPDATE 26 (19/11/2015)

2.2.4 MAINTENANCE UPDATE 25 (22/10/2015)

2.2.5 MAINTENANCE UPDATE 24 (25/09/2015)

2.2.6 MAINTENANCE UPDATE 23 (03/09/2015)

Early Access Program

Support for page quotas has been improved:

2.2.7 MAINTENANCE UPDATE 22 (13/08/2015)

Early Access Program

Support for page quotas has been improved:

2.2.8 CUMULATIVE UPDATE 2 (04/08/2015)

About Cumulative Update

New features (moving from Early Access Program to general availability)

New features in Early Access Program

2.2.9 MAINTENANCE UPDATE 20 (02/07/2015)

2.2.10 MAINTENANCE UPDATE 19 (11/06/2015)

Early Access Program

2.2.11 MAINTENANCE UPDATE 18 (21/05/2015)

Early Access Program

YSoft SafeQ Embedded Terminal for Fuji Xerox with XCP:

2.2.12 MAINTENANCE UPDATE 17 (30/04/2015)

YSoft SafeQ Embedded Terminal for Sharp:

Early Access Program

YSoft SafeQ Embedded Terminal for Fuji Xerox with XCP:

Fixed issue causing user access to be reported twice.

2.2.13 MAINTENANCE UPDATE 16 (13/04/2015)

2.2.14 MAINTENANCE UPDATE 15 (19/03/2015)

2.2.15 MAINTENANCE UPDATE 14 (02/03/2015)

Early Access Program

YSoft SafeQ Embedded Terminal for Fuji Xerox with XCP:

2.2.16 MAINTENANCE UPDATE 13 (05/02/2015)

Early Access Program

2.2.17 MAINTENANCE UPDATE 12 (15/01/2014)

In YSoft Payment System, following changes and features were introduced:

Early Access Program

YSoft SafeQ Embedded Terminal for Samsung:

2.2.18 MAINTENANCE UPDATE 11 (18/12/2014)

Terminal Professional correctly displays preview of a job from ORS.

Early Access Program

2.2.19 MAINTENANCE UPDATE 10 (24/11/2014)

2.2.20 CUMULATIVE UPDATE 1 (20/11/2014)

About Cumulative update