Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
YSoft SafeQ 5
February 03, 2016
February 03, 2016
TABLE OF CONTENTS
YSoft SafeQ 5 2
February 03, 2016
YSoft SafeQ 5 3
February 03, 2016
YSoft SafeQ 5 4
February 03, 2016
YSoft SafeQ 5 5
February 03, 2016
4.12.4 Installing YSoft SafeQ Client on a Windows workstation, server, or server cluster . . . . . 1678
4.12.5 Installing YSoft SafeQ Client 2.x and adding a printer on a Mac workstation . . . . . . . . . 1704
4.12.6 Installing YSoft SafeQ Client 4.x and adding a printer on a Mac workstation . . . . . . . . . 1712
4.12.7 Printing from a Windows workstation or server using SafeQ Command Line Client . . . . 1724
4.12.8 Printing from SAP on Windows (SAPSprint) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1725
4.12.9 Print pooling on MS Windows Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1729
4.12.10Shared Print from Windows Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1734
4.12.11Configuring a printer for LPR printing on a Mac workstation . . . . . . . . . . . . . . . . . . . . . . 1735
4.12.12Adding a shared "Print Roaming" printer to print via an LPR port from a Windows Server
2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1739
4.12.13Adding a shared "Print Roaming" printer to print via an LPR port from a Windows Server
2008 R2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1758
4.13 Local Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1774
4.13.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1775
4.13.2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1776
4.13.3 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1778
4.13.4 Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1781
4.13.5 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1782
4.14 External scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1782
4.14.1 Using the CSV File Device Replicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1782
4.14.2 Using the CSV File User Replicator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1785
4.15 How To Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787
4.15.1 List of 'how to ...' guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787
4.15.2 Configuring and using Rule-based Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1788
4.15.3 Configuring and using Shared Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1789
4.15.4 Configuring Authorized Copying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1801
4.15.5 Configuring Copy Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1802
4.15.6 Configuring Terminal Server web server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1803
4.15.7 Configuring File backend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1814
4.15.8 Configuring Green reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1816
4.15.9 Configuring SSL for Web interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1819
4.15.10Configuring ID card self assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1836
4.15.11Configuring IPP backend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1839
4.15.12Configuring IPPSSL backend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1840
4.15.13Configuring Office Print Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1844
4.15.14Configuring Print Data Transfer Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1846
4.15.15Configuring Print Data Transfer Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1848
4.15.16Configuring Print job list management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1850
4.15.17Configuring Print job preview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1854
4.15.18Configuring Print Roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1856
4.15.19Configuring Project Copy Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1863
4.15.20Configuring Project Print Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1865
4.15.21Configure Scan Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1869
4.15.22Configure secure printing and Print roaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1870
4.15.23Configuring Server Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1873
4.15.24Configuring Terminal monitoring via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1892
YSoft SafeQ 5 6
February 03, 2016
Configuring Terminal monitoring via SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1892
YSoft SafeQ 5 7
February 03, 2016
YSoft SafeQ 5 8
February 03, 2016
YSoft SafeQ 5 9
February 03, 2016
DOCUMENT DESCRIPTION
YSoft SafeQ 5 10
February 03, 2016
is a solution which helps organizations wherever their electronic information meets paper –
printing, copying, and scanning.
changes the way organizations print by advancing productivity and security.
protects the environment and reduces costs by controlling print volumes and reducing
unnecessary prints.
YSoft SafeQ delivers comprehensive management and administrative control of all printing, copying
and scanning operations. It provides high levels of security for all documents, cost savings,
conservation of environmental resources, and greater convenience for users.
With YSoft SafeQ, your company enjoys complete control over printing, copying and scanning. YSoft
SafeQ enables the administrator to define fixed rules and allocate roles to specific employees within
the company. How a user can print is defined by their role—for example, those with accounting roles
may only be allowed to print in black-and-white, while those with marketing roles may be allowed to
print in color. This helps enforce responsible behavior and leads to lower costs and fewer wasted
resources.
With the YSoft SafeQ print solution, users print and scan faster and more easily, saving them time that
they can spend on other tasks. Exciting new features such as Mobile Printing, Job Roaming and
Private Cloud give you total independence—you can print from the airport, from a restaurant or from
home. You can pick up the print job wherever you are within your corporate network—on another floor
in your building, at a location across the city, or even in another country. Central administration lets the
administrator control an unlimited number of locations from a single place, and settings are
automatically applied to other locations and subsidiaries. In addition, scanning is simpler than ever.
With one touch of a button, your document is sent to your email inbox or to a folder you have specified.
As YSoft SafeQ increases convenience and boosts productivity, many of the problems you may have
experienced in the past are eliminated.
Protecting sensitive data and controlling user access to multifunction printers is critical. That’s why
YSoft SafeQ ensures that users of MFPs are always identified through ID cards, passwords or PINs—
and the system controls their access and rights. Users can pick up their print jobs at the printer of their
choice, because YSoft SafeQ makes it possible to print safely, anywhere. The YSoft SafeQ solution
can also precisely account and report the details of all jobs for each printer. Educational institutions and
other organizations can use YSoft SafeQ to charge for printing.
YSoft SafeQ 5 11
February 03, 2016
YSoft SafeQ 5 12
February 03, 2016
YSoft SafeQ 5 13
February 03, 2016
YSoft Payment System - Allow users to pay for print, copy or scan services in your environment. Users
are charged based on prices defined in YSoft SafeQ, using pre-charged money on their accounts. Users are
able to recharge their account using YSoft Payment Machine (recharging station) and manually-operated
Cash Desk. Integration with third-party systems is possible thanks to robust set of APIs.
Mobile Print Server - Allow your end users to print from devices on the go. No need to teach your users
anything complex or install drivers; the solution is as simple as sending an e-mail or uploading a document
via designated web page.
YSoft SafeQ Embedded Terminal - New browser-based terminal with updated graphical and
interaction design lowers the amount of time your users need to spend with multifunction devices.
Management Reports - Obtain visually beautiful and structured report with one click. Report provides a
complete picture of the print environment, including information about paper consumption, printer utilization,
prints per user for specified period.
Private Cloud Technology - Large deployments are generally supported using distributed architecture
model (central management and local spoolers). YSoft SafeQ 5 brings an improved High-Performance
Offline Remote Spoolers, which are able to handle up to 200 connected devices. With server-level Print
roaming, users can pick up jobs anywhere in the print environment.
Rule-based engine - Apply rules over print jobs. Force monochrome instead of color, double-sided
instead of single-side print. Apply more rules based on different events and options. Simple wizard is
available even for unexperienced administrators.
Collaboration - Multiple users working on a same project, admin picking up jobs for the manager. User
Print sharing - VIP Shared Queues allows sharing print jobs among working groups.
Assignable price lists - Create one price list or custom price list for every user, device or cost center.
Multi-level Billing Codes - Monitor costs for different customers, projects or even departments using
multi-level billing codes (also known as project codes). Users can change the billing code using external or
embedded terminal, or at the workstation.
Reporting - Automatic or manual reports available in web administration, including Green reports and
Central Reporting Services support. Check spent and saved money and allow your users to see their
statistics.
Administration and User web interface - Easy-to-use web interface, which includes Admin Dashboard
and User Dashboard. Admin dashboard provides tools for managing users, devices, print queues, scan
workflows and other parts of the system.
Integrated installation - Basic server installation and deployment wizard. Advanced or large
deployments can be satisfied with set of standalone packages for different parts of YSoft SafeQ.
Licensing System - Flexible licensing model. Product can be quickly activated online or offline. New
license information is automatically distributed within the entire system.
YSoft SafeQ 5 14
February 03, 2016
Information about latest releases is always included in product documentation. See Change Log
for changes in individual service releases.
What's new
In Mobile Print Server e-mail notifications, the text of footer can be configured.
Released the last firmware update for YSoft Recharging Station. It also contains support for the new
€20 banknote and other currency updates.
Fixes
Scan workflows can be used multiple times in one session on Toshiba Embedded Terminal.
Currently the second attempt triggered "Scanning error".
YSoft Payment System can now be used with USB print of Fax on Fuji Xerox XCP Embedded
Terminal.
The fax feature is now accessible for users of Konica Minolta Embedded Terminal.
In YSoft Payment System, text of Terms & Conditions in Payment Gateway is no longer required to
be filled, when the Terms & Conditions are not used.
The authentication on Xerox Embedded Terminal used to fail if machine did not respond in time. The
timeout is now configurable.
YSoft SafeQ Client for Mac has the client icon no longer missing in launchpad.
Early Access
Extended accounting of colors - it is possible to account wider range of colors (1 color, 2 color, Full
Color) on Konica Minolta.
It is possible to track all prints, copies and scans that were performed by Public User on Konica
Minolta devices.
New browser based authentication for Toshiba/OKI devices has been added. New authentication
brings several improvements:
New authentication screen with Y Soft branding,
New authentication options including two factor authentication such as PIN and Card,
Support for card self-registration.
YSoft SafeQ 5 15
February 03, 2016
What's new
New firmware 3.15.1 for Terminal Professional and for Payment Machine is available.The new
firmware
Adds support for various special characters to username & password login method and card
registration. We focused on special characters widely used in customer environments which
rely on strong passwords.
Adds "Full keyboard" layout to username & password login method and to card registration as
well. It makes it easier for users to type their username and password than on the legacy 12-
button number pad. The new "login keyboard" settings in service menu allows to select the
default keyboard layout for all users. More information available in the article Terminal
Professional Service Menu Items.
Payment Machine banknote support has been updated. This update brings support for the new €20
banknote and some updates in British Pounds, Singapore Dollars and Israeli Sheqalim.
Improvements in card reading capabilities and support for easier customization for USB card reader,
Terminal Professional and Payment Machine.
AirPrint version 2.3 has been added. This version brings minor fixes and improvements and
also newly adds support for simple print output options - color/bw and simplex/duplex setting.
Fixes
Fixed issue that prevented user who sent a job to shared print queue to release it.
The LDAP replicator service port configuration has been moved from Connect to LDAP screen to the
System Settings to the new configuration property "Y Soft SafeQ LDAP replicator service port".
Early Access
What's new
New YSoft SafeQ Client for Windows 2.26 has been released. This version adds adds compatibility
with Microsoft Windows 10.
It is now possible to display user's personal and virtual balance separately on the embedded
terminals. More details are available on Showing personal and virtual balance on embedded terminals
.
YSoft Payment System now downloads e.g. SMTP configuration and currency from YSoft SafeQ by
itself during service start or during periodical checks.
YSoft SafeQ 5 16
February 03, 2016
YSoft Payment System has new default value of timeout for transaction operations sets to 5 seconds.
The limit can be changed in the environment-configuration.properties through "database.
transactionTimeout" property (value is in seconds), in case the infrastructure is slower or is
connected to external payment provider. We do not recommend to set the value higher than 60
seconds.
It is now possible to authenticate to the YSoft SafeQ, YSoft Mobile Print and YSoft Payment System
web interfaces using SAML2. More details available on Configuring Security Assertion Markup
Language 2.0 (SAML 2.0) single sign-on.
It is now possible to set automatic correction of page size for MS Powerpoint presentations sent to
YSoft SafeQ Mobile Print. More details on Configuring Mobile Print Server
Fixes
YSoft SafeQ Embedded Terminal for Toshiba/OKI: Access with unknown cards is now correctly
displayed in the Terminal Access page.
YSoft SafeQ Embedded Terminal for Ricoh now acounts jobs to billing code selected on terminal, not
to default one.
Early Access
It is possible to select Billing Codes for print jobs directly on the embedded terminal. More details are
available on Billing Code selection for Printing at the terminal.
It is possible to restrict the access rights also for fax operations. This allows to prevent unauthorized
access More details available on Access rights for fax.
Improvements in Quotas. More details in Quotas.
It is now possible to define Soft Quotas. When soft quotas are exceeded, user is notified,
however MFD functions are not affected, so user is still able to print, copy or scan on the MFD.
It is now possible to define quota accounts for the entire Cost center.
Users can let their PayEx account be charged directly for services.
What's new
New YSoft SafeQ Client for Mac v4.5 has been added. This version adds compatibility with the newly
released Mac OS X El Capitan (10.11).
YSoft SafeQ now supports Microsoft Exchange Online services. This can be enabled using the " Mail
server TLS support" configuration property in order to upgrade plain text socket connection to
encryption if offered by the server, usually on port 25 or 587
YSoft Payment System installer is now checking connectivity to YSoft SafeQ User Management
during installation. When updating, it is required update the YSoft SafeQ installation before updating
YSoft Payment System.
YSoft SafeQ Client now shows user's money balance on Price Estimate screen (available for secure
print).
Fixes
YSoft SafeQ 5 17
February 03, 2016
Web dashboard widget for encryption now now supports also encryption of additional characters
such as "%", "&" and "+".
Fixed issue with Embedded Terminal mass reinstallation in combination with devices filter based on
terminal type and status.
Early Access
Page quotas can now be set up in YSoft Payment System administration UI.
Minimal balance, Initial balance and assignment of Periodic recharges can be set during Payment
entitlement creation.
It is possible to have users charged for personal prints only on Konica Minolta Embedded Terminal
(Browser).
When Two-factor authentication is used, users can define their own PIN on YSoft SafeQ web
administration.
What's new
New YSoft SafeQ Client for Windows 2.25 has been added. This versions fixes issue with crashing
client, when multiple jobs are sent quickly in a row.
New log file "cmlweb-audit-log.log" has been introduced that contains all audit log messages. The log
file is located in <SAFEQ_HOME>\logs\ directory. More information can be found in the YSoft SafeQ
log Files article.
Only one Terminal Server instance is part of YSoft SafeQ. The path to Terminal Server directory is
<SafeQ5>\terminalserver\.
Terminal Server can now utilize ETCD technology to store data necessary for synchronization
when failover using WNLB is implemented. More information about the configuration can found in the
article Configuring WNLB Server Failover .
Documentation is no longer in provided in .chm format, instead HTML documentation is attached.
Fixes
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issue with web authentication to A4
devices using PIN.
Fixed issue when occasionally Terminal Ultralight failed to decrypt the secure communication with
SafeQ server which caused print jobs deletion by MFD.
What's new
Support for Swedish localization has been added to YSoft SafeQ Embedded Terminals.
Fixes
Incompatible jobs are no longer switched to "Cancelled" state after "Print all" action and remain in
the accepted state.
YSoft SafeQ 5 18
February 03, 2016
YSoft SafeQ Embedded Terminal for Konica Minolta: It is now possible to set Quick copy an the
initial screen displayed after user authentication (which is defined using the initial-screen
configuration property).
YSoft SafeQ Embedded Terminal for Ricoh: maxPrintAllJobs configuration property works correctly
when "Print all" is triggered.
YSoft SafeQ Embedded Terminal for Ricoh: The jobs are now released correctly according the
jobsAllSortOrder configuration property when "Print all" is triggered.
What's new
New firmware 3.14.15 for Terminal Professional is available.This firmware introduces larger keyboard
displayed on the billing code selection screen and brings additional improvements in localization.
New YSoft SafeQ Client for Windows version 2.24 has been added. This versions brings updated
Portuguese ( Brazil ) localization.
YSoft SafeQ Embedded Terminal for Toshiba/OKI: Automatic user logout has been implemented.
Fixes
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issue with occasional incorrect
accounting of duplex print and copy jobs.
Device with online accounting is successfully moved to a different ORS group, even when it's turned
off or it's offline for any specific reason.
Improved tracking of Rule Based Engine rules execution in the log files.
Cumulative Update contains additional stability and quality improvements. Y Soft recommends to
update existing YSoft SafeQ 5 customers to this latest release. Additionally, Cumulative Update
provides many new features under standard licenses.
YSoft SafeQ 5 19
February 03, 2016
What's new
New version of SafeQ demo is available on the Partner Portal. SafeQ Demo is a tool, that allows to
update SafeQ database to specific state, when the YSoft SafeQ looks like it has been used by a real
company for specific time period. The new version brings new graphical user interface that allows
quick and easy configuration of the environment.
YSoft SafeQ allows to delegate the administration of the print environment. Local administrators can
be defined and assigned to one or more ORS servers. This administrators then have the rights to
manage only the devices, jobs and related reports for the given ORS servers. More information can
be found in the following article.
YSoft SafeQ allows to print seamlessly from the iOS (version 4.2 and newer) and MacOS devices
using the AirPrint connector. The connector utilizes the zero-configuration Bonjour protocol. Printing
service presented by printer is registered via this protocol and any iOS or Mac client is able to
discover it and use it. More information can be found in the following article.
Payment System allows to defined virtual credit which can be assigned to users periodically. Users
have the “available balance” which is the sum of users personal and virtual credit. New options were
added to the web administration allowing to recharge credit to an entire role or cost center or to
define periodic recharge initial balance for a cost center (also via LDAP replicator). More information
can be found in the following article.
Payment System does not require manual Java installation anymore. From this update, it will start to
use only Java bundled in Payment System installer.
The YSoft SafeQ Embedded Terminal for Samsung has been added. The terminal is supported on
devices based on the XOA-E platform. and supports the standard embedded terminal feature set
including various authentication methods, print job management, support for scanning via scanning
workflows, billing code selection and credit operations in connection with YSoft Payment System.
More information can be found in the following article.
New YSoft SafeQ Embedded Terminal for Fuji Xerox has been introduced. The terminal brings
additional authentication options (PIN and Card, PIN or Card etc.), support for USB card readers and
also improves the behavior in connection with Payment System. The new terminal requires the
device to support the eXtensible Customizing Platform (XCP). M ore information about the terminal
can be found in the following article.
Support for page quotas has been added. Quotas allow to limit user's consumption of print and copy
services. Quotas are defined for specific time period (e.g. monthly). Once they are consumed, the
user is prevented from additional operations until the quotas are refreshed. Quotas are available on
all embedded terminals for Konica Minolta, Xerox, Sharp, Ricoh, Samsung.
What's new
YSoft SafeQ 5 20
February 03, 2016
TLS secured connection has been implemented to YSoft SafeQ subsystems (LDAP replicator,
Spooler for Client and IPPSSL Backend), the configuration is set to true by default. To change the
protocol settings, please do so in configuration option with prefix customCipherSuites,
filterExportedCipherSuites, cryptographicProtocol and allowCustomCipherSuites for particular
subsystem.
Fixes
Filtering of accounts by personal balance in the YSoft SafeQ web administration has been fixed.
Personal and virtual balances are separated into two values.
List of billing codes is now displayed in the same order in the YSoft SafeQ Client an in the embedded
terminals.
Scanning workflow parameters entered on the embedded terminal are validated before scan is
started.
Rule Based Engine action "Deny authentication at terminal" is working correctly.
Price defined for locally monitored devices is correctly synchronized to ORS.
YSoft SafeQ Embedded Terminal for Toshiba/OKI: User access rights defined in the Access
Definition are correctly applied.
What's new
YSoft SafeQ Embedded Terminal for OKI/Toshiba: Authentication by PIN is now supported. It is
configured during embedded terminal installation.
The LDAP replicator additionally allows to import and convert PIN number from single-value attribute.
User Roaming for Virtual Desktops: When YSoft SafeQ Client is used on virtual desktop, it is possible
to print using ORS that is physically nearest to the user. This is available as new ServerDeliveryMode
option in YSoft SafeQ Client.
Fixes
YSoft SafeQ Embedded Terminal for Ricoh: The enterprise mode, which allows the terminal to
automatically connect to different SafeQ node in case the first node fails, was improved. The speed
of connection to different node has been improved and it is also possible to select server selection
strategy. More information about configuration is available in the article the following article.
User name is correctly displayed in RTL (Right-to-left) languages on Terminal Professional when
Payment System is used.
Fixed an issue in money withdrawal procedure in recharging stations when using with SafeQ 5
Payment System.
Fixed a few issues with scanning folders and scan-to-folder document delivery.
YSoft SafeQ Embedded Terminal for Konica Minolta: Kiosk mode support has been added allowing
the embedded terminal to be installed in a Kiosk mode.
YSoft SafeQ 5 21
February 03, 2016
YSoft SafeQ now supports AirPrint integration allowing seamless printing from iOS (version 4.2 and
newer) and MacOS devices. Apple’s zero-configuration Bonjour protocol is used. Printing service
presented by printer is registered via this protocol and any iOS or Mac client is able to discover it and
use it.
What's new
YSoft SafeQ Embedded Terminal for Ricoh: Button for PIN confirmation has been added to the
authentication screen.
YSoft SafeQ Embedded Terminal for Ricoh: Embedded terminal installation speed has been
improved.
Fixes
Mobile Print Server: Notifications are merged in case multiple attachments are send as part of one
email.
LDAP replicator no longer fails during replication in case straight double quotes (") are used in the
directory structure.
Jobs waiting in the shared queue are correctly released using in case the Print All option is
enabled on the authentication screen.
YSoft SafeQ Embedded Terminal for OKI: Duplex scanning from feeder is working correctly.
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issue when Terminal Server rejected
card authentication in case the card information contained non hexadecimal character (0-9a-fA-F).
YSoft SafeQ is now able to correctly display the list of money accounts, in case the YSoft Payment
System connects to an external purse (credit handled outside of YSoft Payment System).
What's new
YSoft SafeQ client 2.22 has been released. The new version contains the following changes:
Fixed issue preventing the YSoft SafeQ Client from being installed on Microsoft Windows XP.
Fixed issue allowing to switch off encryption during a man-in-the-middle attack.
YSoft SafeQ Embedded Terminal for Ricoh:
The print logic has been reworked.
Support for USB card readers has been improved on most devices. This should solve issues
when entering sleep mode, plug and play issues after multiple pull-outs and some issues
when the card was only partially read. Log files were also modified and should be more clear
and readable.
YSoft SafeQ 5 22
February 03, 2016
Fixes
Fixed issue with incorrect rounding when calculating price for duplex jobs.
YSoft SafeQ Embedded Terminal for Ricoh:
Multiple jobs printed at once are now printed in the correct order.
What's new
YSoft SafeQ Embedded Terminal for Xerox: The configuration of accounting is now automated
during the embedded terminal installation process.
Fixes
When updating CML, it is necessary to manually update the server.xml file to get rid of the SSL
FREAK vulnerability (CVE-2015-0204): For https connector, update protocol and add
SSLCipherSuite as described in the article Configuring SSL for Web interface.
YSoft Mobile Print Server: Fixed issue with converting images in the main html body.
YSoft SafeQ: Fixed issue with replication of terminal accesses by unassigned card from ORS server
to CML server
YSoft SafeQ 5 23
February 03, 2016
YSoft SafeQ: Fixed issue with migration of Pricelists when upgrading from YSoft SafeQ 4 to YSoft
SafeQ 5 on MSSQL database.
YSoft SafeQ Embedded Terminal for Xerox: Fixed issue with correct color mode output of "auto"
color mode in scanning workflow.
What's new
YSoft SafeQ Embedded Terminal for Konica Minolta: It is possible to access the KM device using
web access again.
YSoft SafeQ Embedded Terminal for Sharp: The authentication process was reworked which brings
improvement in the authentication speed.
YSoft Payment System now contains timeout that logs out users after period of inactivity.
YSoft Payment System now shows customer balance and debt in YSoft Wallet and Payment
Gateway deposits.
YSoft Payment System allows to export administrative reports to CSV file.
Fixes
YSoft SafeQ Embedded Terminal for Ricoh: Fixed issue preventing users with disabled money
accounts from using devices without payments.
YSoft SafeQ Embedded Terminal for Toshiba: Fixed issue preventing users to scan more pages on
glass in one scanning session.
YSoft Payment System: Fixed issue that balance notifications reacted to personal balance only and
ignored possible virtual balances of user.
YSoft SafeQ installer: Fixed issue that prevented to use custom installation path when upgrading
from YSoft SafeQ 4.
YSoft SafeQ: Fixed issue with duplication of cost centers when using LDAP replicator full replication
and specific conditions are met.
YSoft SafeQ: Fixed issue with Single Sign-on functionality preventing internal users from logging in
after manual log out.
What's new
YSoft SafeQ Payment System: It is now possible to export generated vouchers into a word template
that allows to print all generated vouchers at once. More information can be found in the following
article.
YSoft SafeQ Embedded Terminal for Xerox: The embedded terminal installation process has been
improved. During the installation the SSL is now automatically set, security certificate is created (if
missing) and the device features can be locked depending on the selected Authentication mode (To
each application/To device).
Support for Turkish language has been added to the YSoft SafeQ installers.
Fixes
YSoft SafeQ Embedded Terminal for OKI: Fixed issues with accounting.
YSoft SafeQ 5 24
February 03, 2016
YSoft SafeQ Embedded Terminal for Ricoh: Fixed issue preventing the users from scanning when
the price for scanning is set to 0.
YSoft SafeQ Embedded Terminal for Ricoh: Fixed issue preventing the users from accessing copy
menu in case the the price for B/W copies is set to 0.
YSoft SafeQ Embedded Terminal for Ricoh: Issue with incorrect page rotation of pages scanned from
the glass has been fixed. Limitations are mentioned in the article embedded terminals
YSoft SafeQ Embedded Terminal for Toshiba: Successful access to the embedded terminal are
correctly recorded in the Terminal Access list.
YSoft Payment System: The speed of mass periodic recharge unassignment has been improved.
YSoft Payment System: Notifications are now sent even though the authentication on the SMTP
server is disabled.
What's new
An informative message about restricted permissions is displayed in case a user with access
restrictions for printing navigates to the Print tab on the browser based YSoft SafeQ Embedded
Terminals.
Fixes
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issue that prevented the job list to be
correctly displayed in case hundreds of print jobs are waiting in the print queue.
YSoft SafeQ Embedded Terminal for Ricoh: Fixed issue when the card swipe was ignored in other
application than YSoft SafeQ.
YSoft SafeQ Embedded Terminal for Toshiba: Details about authentication process were added to
the log files.
YSoft SafeQ Embedded Terminal for Xerox: Fixed issue that prevented the embedded terminal to be
installed in case the devices address was specified as fully qualified domain name.
New YSoft SafeQ Embedded Terminal for Fuji Xerox has been introduced. The new terminal allows
to use additional authentication options (PIN and Card, PIN or Card etc.), supports USB card readers
and improves the behavior in connection with Payment System. The new terminal requires support of
eXtensible Customizing Platform. M ore information about the terminal can be found in the following
article.
YSoft SafeQ Embedded Terminal for Samsung: Fixed issue when log out by a card swipe
occasionally lead to unexpected behavior.
YSoft SafeQ 5 25
February 03, 2016
What's new
Fixes
YSoft SafeQ Embedded Terminal for Konica Minolta: An error message is correctly displayed when
user with insufficient credit prints a print job using the Print All functionality.
YSoft SafeQ Embedded Terminal for Ricoh: The fields "Administrator username" and "Administrator
password" on the Printer setting / Terminal tab were fixed. This fields allow to enter credentials used
for the installation of the embedded terminal.
YSoft SafeQ Embedded Terminal for Xerox: The "Print-all-button-default-value" configuration option
sets whether the waiting print jobs will be released after authentication or not (regardless on the
value of "Print-all-button" configuration option).
YSoft SafeQ Embedded Terminal for Xerox: The message informing about insufficient funds at copy
session is correctly translated.
Fixes
YSoft SafeQ 5 26
February 03, 2016
Fixed issue that on specific conditions prevented the Terminal tab to be displayed when editing a
device, even thought the license was sufficient.
Fixed issue causing the licenses for devices with Reporting were not displayed correctly on the web
interface for some license module combinations.
YSoft SafeQ Embedded Terminal for Xerox: Fixed prevented the Embedded Terminal from being
correctly installed in case Accounting was not selected for the installation.
YSoft SafeQ Embedded Terminal for OKI: Scanning from feeder has been fixed.
The YSoft SafeQ Embedded Terminal for Samsung devices has been introduced. Terminal supports
devices based on the XOA-E platform and offers all standard YSoft SafeQ features such as user
authentication, print roaming, print job management and scanning workflows. The Payment System
is operations such as charging for prints/scans/copies are supported as well. More details can be
found on the page Embedded Terminals.
What's new
The YSoft Payment System allows to define Terms & Conditions displayed to the end users by the
Payment Gateway during the recharging flow. This allows our customers to match Payment Gateway
compliance requirements that usually require user to sign Terms & Conditions before payment is
processed.
SafeQ Client v 2.20 has been released. The new version adds the option to disable the price
estimation popup window. Information about the configuration can be found here.
Newest OpenSSL libraries containing fix for the so called Poodlebleed vulnerability has been
implemented.
Fixes
The characters supported in Billing Codes created via web administration are also supported in
Billing Codes imported via CSV import.
Results of Embedded Terminal mass re-installation are displayed correctly in the YSoft SafeQ web
interface.
Fixed issue that prevented the embedded terminal to be reinstalled from an ORS that was previously
restarted.
Fixed issue with device re-installation after the IP address of the device has been changed.
Fixed issue that allowed to release a print job to the printer and print it even though the Rule Based
Engine rule is defined to reject the job.
YSoft SafeQ Embedded Terminal for OKI/Toshiba: Scanning from the native application works even
thought the Scan Management module is not in licensed.
YSoft SafeQ Embedded Terminal for Sharp: User access rights for Print, Copy and Color operations
are correctly applied.
YSoft SafeQ 5 27
February 03, 2016
Cumulative Update contains additional stability and quality improvements. Y Soft recommends to
update existing YSoft SafeQ 5 customers to this latest release. Additionally, Cumulative Update
provides many new features under standard licenses.
Please note that Service Release has been renamed to Maintenance Update to avoid existing
confusion among our partners and customers about its purpose and contents.
What's new
New installer has been introduced. The installer allows deployment of YSoft SafeQ CML Server,
YSoft Payment System and YSoft Mobile Print Server together using one file and also eliminates
the necessary additional steps to interconnect the installed components. This allows fast and easy
deployment of YSoft SafeQ. More information about the installer can be found in the following article.
The YSoft SafeQ Embedded Terminal for Ricoh fully certified by Ricoh Developer Program is part of
the installation package.
Guest user registration allows the visitors to create their own accounts directly on the Mobile Print
Server web interface. Users can create a permanent or a temporary account (which will be deleted
after specified time period). Once the user creates the account, the user can submit the jobs to print
via email or Mobile Print web interface and print them on any printer in the YSoft SafeQ environment.
More information about the visitor registration can be found in the following article.
The Payment System allows the administrators to define and redeem vouchers. A voucher is an
alphanumeric code that represents specific amount of money. These vouchers can be sold
offline and redeemed via Cash Desk or student self-service page. When redeemed, the specified
amount of money is added to money account and the voucher cannot be used anymore. More
information can be found in the following article.
Scanning support has been added to the YSoft SafeQ Embedded Terminal for Toshiba. The users
are allowed to scan the documents using the predefined scanning workflows (scan to folder, scan to
mail, scan to script) and modify the scanning workflow parameters or scanning options such as
Format, Quality, Color and Sides setting directly on the embedded terminal. The required
configuration can be found in the following article.
Option to define notifications via popup message in SafeQ client has been added to the Rule Based
Engine. The notification can be displayed in the SafeQ client right after a rule is triggered which helps
to further improve the user experience of the end users. More information about the setup and usage
can be found in the following article.
Support the double byte characters in job names has been introduced. This feature allows the
specific embedded terminals to display the job names in national characters not supported by the
MFP (for example Hebrew or Arabic). More information and limitations can be found in the following
article.
The YSoft SafeQ Embedded Terminal for Develop and Olivetti has been added. As the Develop
/Olivetti are re-branded Konica Minolta devices, the embedded terminal supports the standard Konica
Minolta feature set including two versions of the embedded terminal (browser based and native),
various authentication methods, print job management, support for scanning via scanning workflows,
billing code selection and credit operations in connection with YSoft Payment System. More
information can be found in the following article.
YSoft SafeQ 5 28
February 03, 2016
The YSoft SafeQ Embedded Terminal for OKI has been added. The embedded terminal supports
authentication, print job management, scanning via scanning workflows and support for billing codes.
More information about can be found in the following article.
What's new
SafeQ Client for Mac v 4.2 has been released. This version adds support for Arabic, Hebrew and
Swedish language and also supports for the latest Mac OS 10.10 Yosemite.
The MPS server is now able to run even if the SMTP server is not defined in the SafeQ configuration.
It is possible to access the SafeQ web interface without re-entering login details using Central
Authentication Service (CAS).
Fixes
Incompatible jobs are no longer displayed when the "showIncompatibleJobs" configuration property
is disabled.
YSoft SafeQ Embedded Terminal for Konica Minolta: Fixed issues related with printing from USB,
prints from USB drive are correctly accounted and charged.
YSoft Payment System: Pending deposits are correctly displayed for the selected payment gateway.
Fixed issue with Scan-to-script scanning workflows where most of external script command
parameter is cut off
Support for local admins has been added. The local admins are only able to see jobs for their service
organization and manage devices in service organization.
Warning
This Service Release requires re-installation of the YSoft SafeQ Embedded Terminals for Konica
Minolta. In case the terminals are not re-installed, the users might not be able to authenticate.
What's new
When user selects job(s) to be printed on the Embedded Terminal, the price for the job(s) is
estimated and the print request is sent to SafeQ server only if the user has sufficient balance.
Otherwise the print is rejected and the user is informed. This applies to YSoft SafeQ Embedded
Terminal for FujiXerox, Konica Minolta, Sharp and Xerox.
Note: This feature requires Print job parser to be enabled, so that the number of pages in the
document can be correctly parsed.
YSoft Payment System: When the “Initial account balance“ configuration option is defined and a new
Payment System account is created and charged by this amount, the information about the
transaction is saved in transaction history.
Fixes
YSoft SafeQ 5 29
February 03, 2016
Print job preview on the Embedded Terminal is correctly working also for roaming print jobs.
In case the Billing Codes are disabled, the Billing Code defined for the user is no longer displayed on
the Embedded Terminal.
The Job list folders configuration is correctly propagated to the Embedded Terminals during
installation.
Print job is correctly removed from the Waiting folder once it has been printed on the Embedded
Terminal.
Searching for Billing Codes on YSoft SafeQ Client connected to ORS has been fixed.
YSoft Payment System: Fixed issue when some of the periodic recharges were only visible in the
YSoft SafeQ web interface.
YSoft SafeQ Embedded Terminal for Fuji Xerox: The user's credit balance displayed on the
Embedded Terminal is no longer reduced by the reservation. User is able to see his exact current
credit balance.
YSoft SafeQ Embedded Terminal for Xerox: Fixed defect that prevented the Embedded Terminal to
be properly installed in case a host name was defined in the "networkAddress" parameter in the
Terminal Server configuration file.
The YSoft SafeQ Embedded Terminal for Olivetti devices has been introduced. The embedded
terminal supports all standard features and functions such as user authentication, print job
management and support for scanning workflows and Payment System.
What's new
SafeQ Client for Mac 4.1 has been released allowing the DHCP user roaming. The SafeQ Client for
Mac is able to obtain the YSoft SafeQ CML or ORS server IP address(es) automatically from a
particular DHCP option.
The Payment System web interface allows to define the layout template used for credit based
notification emails and reports. A WYSIWYG editor can be used for the template definition allowing to
easily define the formatting with the option to simply insert tables or images.
New firmware for banknote acceptors in YSoft Recharging Station v2 is available. This firmware
contains updated information about CAD, EUR, GBP, ILS, PLN, RON, USD currencies. Please
contact our Customer Support Service for further assistance with the update of the firmware.
New configuration option “Enable faster print on Ricoh devices” was introduced on the YSoft SafeQ
embedded Terminal for Ricoh. Enabling this option allows faster processing of print jobs on Ricoh
devices in case multiple documents are printed at once.
Note: This method may eventually cause incorrect accounting of print jobs in case of hardware
issues (like paper jam) therefore it is recommended to keep it disabled when YSoft SafeQ is
used in combination with Payment System
Fixes
Print jobs in the job list folders are sorted correctly according the " jobsSortOrder" configuration
property.
Print all button releases print jobs in correct order.
YSoft SafeQ 5 30
February 03, 2016
Fixed several issues with favorite jobs on a device connected to an ORS in Near/Far Roaming group.
The job cans be correctly marked as favorite and it is possible to correctly print/delete it.
The repeat option "At the end of the month" for periodic recharge is available also on the YSoft
SafeQ web interface.
YSoft SafeQ Embedded Terminal for Fuji Xerox: Fixed defect that prevented the user to log into the
terminal in case one of the services was free of charge.
YSoft SafeQ Embedded Terminal for Konica Minolta: Users are allowed to search for email address
when using Scan-to-email scanning workflow also on a device connected to an ORS.
YSoft SafeQ Embedded Terminal for Konica Minolta: Printing a direct print job with insufficient credit
no longer causes the device to be blocked for all following print jobs. Such job is correctly rejected by
machine and job state is set to Canceled.
Note: Print job parser needs to be enabled for this functionality.
YSoft SafeQ Embedded Terminal for Ricoh: Fixed defect with wrong encoding of national characters
that were displayed incorrectly.
YSoft SafeQ Embedded Terminal for Xerox: Fixed issues with embedded terminal installation of
Accounting on Xerox TE cannot be installed with accounting on WorkCentre 7242 and
WorkCentre 74xx.
New authentication method for native YSoft SafeQ Embedded Terminal for Konica Minolta has been
added. This authentication method allows to use “Card and PIN” authentication in combination with
“Username and password”. This feature allows the users who lose their card to be able to
authenticate using their credentials. More information can be found in the following article.
Support for advanced scanning options has been added to the native YSoft SafeQ Embedded
Terminal for Konica Minolta. The advanced scanning options include support for defining
parameters Simplex/Duplex, Scan Size, Separate Scan, Page Setting and Original Type. More
information can be found in the following article.
Note: Special firmware is required on the devices.
What's new
Credit based notifications were added to the YSoft Payment System allowing the administrators to
define automatic e-mail notifications and reports. Notification can be sent or regular basis or in case
specific conditions are met.
YSoft SafeQ Embedded Terminal for Ricoh: Support for print job preview has been added. Please
not that the Print job preview function is not available on the devices with uWVGA displays.
Fixes
YSoft SafeQ Embedded Terminal for Fuji Xerox: Fixed issue with unsuccessful registration of the
YSoft SafeQ application on older devices caused by long reboot duration.
YSoft SafeQ Embedded Terminal for Ricoh: Language is switched correctly even when the user is
logged in the YSoft SafeQ application.
YSoft SafeQ Embedded Terminal for Sharp: Fixed several layout issues on the Authentication screen
and Job list screen on the devices with small display.
YSoft SafeQ 5 31
February 03, 2016
YSoft SafeQ Embedded Terminal for Sharp: Accounting of operations performed by a user without
Payment System account works correctly.
Print job preview on the Embedded Terminals is properly displayed for a jobs that were marked as
favorite.
New functionality has been added to the Payment System which allows the administrators to define
and redeem vouchers (alphanumeric codes that represent certain amount of money). These
vouchers can be sold offline and redeemed via Cash Desk or student self-service page. When
redeemed, specified amount of money is added to money account and the voucher cannot be used
anymore.
The YSoft SafeQ Embedded Terminal for Develop devices has been introduced. As the Develop
MFPs are rebranded Konica Minolta MFPs, the embedded terminal supports all standard features
and functions such as user authentication, print job management and support for scanning workflows
and Payment System.
What's new
SafeQ Payment Machine supports Croatian Kuna, South African Rand and Bahrain Dinar. For
detailed information about supported currencies see the list of supported currencies.
Fixes
Fixed defect that prevented unknown cards swiped on the YSoft SafeQ Embedded Terminal for
Konica Minolta from being displayed in the Terminal Access screen.
Users without money account are able to release a direct print jobs on the YSoft SafeQ Embedded
Terminal for Ricoh and browser-based YSoft SafeQ Embedded Terminal for Konica Minolta.
It is now possible to delete jobs from favorite folder on the YSoft SafeQ Embedded Terminal for
Ricoh.
The "Color" restrictions are correctly applied on the YSoft SafeQ Embedded Terminal for Ricoh.
The exit button on the YSoft SafeQ Embedded Terminal for Sharp works correctly also on the
devices equipped with only AMX3 module.
User printing a direct print job on the YSoft SafeQ Embedded Terminal for Sharp is no longer logged
into the SafeQ application in case he/she runs out of credit during the print.
Convenience Authentication is automatically configured in case the YSoft SafeQ Embedded Terminal
for Xerox is installed on the Xerox device built on the ConnectKey firmware.
The estimated price in SafeQ Client is now displayed correctly according to the price list hierarchy.
For more information about the price lists see the following article.
Billing code menu is also displayed when the embedded terminal is installed only with the Print
application (this applies for all browser-based terminals).
Embedded IIS web server is correctly configured during ORS installation.
Fixed defect that prevented SafeQ CML installed without Terminal Server to be able to update to a
newer Service Release.
YSoft SafeQ 5 32
February 03, 2016
Support for double byte characters in the job names has been introduced. This features allows the
embedded terminals to show the job names in national characters which are not supported by the
MFP (for example Hebrew or Arabic). More information can be found in the following article.
What's new
The credit handling on YSoft SafeQ Embedded Terminal for Sharp has been improved. The terminal
is able to interrupt print/copy operation in case the user's minimal balance is reached. More
information can be found in the following article.
The YSoft Payment System allows to define the initial balance when creating new money account.
Also it is possible to define the maximum balance for periodic recharge, above which the periodic
recharge will not add any new credit.
Few improvements in the web administration have been done:
Favorite jobs are now distinguished in the job list.
It is possible to filter the jobs with unidentified job owner.
It is possible to sort the list of automatic e-mail/file reports.
Fixes
Copy and scan jobs are correctly accounted to the selected billing code on YSoft SafeQ Embedded
Terminal for Sharp.
Fixed defect that caused the card registration screen to be displayed even if the configuration
property assign-new-card-enabled was set to disabled.
Fixed defect that prevented users with disabled rights for color to print in black and white on the
browser based YSoft SafeQ Embedded Terminal for Konica Minolta.
Fixed defect that caused an exception to be thrown on the YSoft SafeQ Embedded Terminal for
Ricoh in case the pagination arrows were used before page was refreshed after print.
Automatic log out is working on the YSoft SafeQ Embedded Terminal for FujiXerox.
Fixed defect that prevented to assign card to a user using HID card with HID USB card reader.
Double quotations (") are handled correctly in the Scan-to-script scanning workflows parameters.
Previously the script was not executed if the script parameter contained double quotations.
The jobs from a shared queue are visible also on an ORS in far roaming group where the owner of
the shared queue was never logged before.
Mobile print for visitors: Fixed defect that prevented visitors to self-register via Internet Explorer.
Warning
Because of the change in classes used for logging, update of the CRS server to SR4 or higher will
overwrite the log4j.xml file.
What's new
YSoft SafeQ 5 33
February 03, 2016
Language selection has been added to the Mobile Print Server web interface allowing the users to
change the default language.
The number of document formats accepted by the Mobile Print Server has been more than doubled.
See the documentation for the complete list of 44 supported file formats.
Support for new currencies has beend adde to the SafeQ Payment Machine. Detailed information
can be found in the list of supported currencies.
The YSoft SafeQ Embedded Terminal for Toshiba allows the selection of billing codes. Different
billing codes can be selected for different copy and scan jobs in one session.
New watermark variables (such as job name, file name etc.) are available in the Rule Based Engine.
Complete list can be found in this article.
Single sign-on functionality has been implemented to the YSoft Payment System allowing the users
to log in seamlessly without having to type the password.
Possibility to search through all transactions with advanced filtering options has been added to YSoft
Payment System.
Cancelling of open reservations is possible directly in the Payment System web interface. The open
reservations can be also automatically closed after defined time period in order to allow customers to
use their credit again.
YSoft SafeQ CML server and YSoft SafeQ Payment System supports Microsoft SQL Server 2014.
More information can be found in the article software requirements.
Fixes
It is possible to install the YSoft SafeQ Embedded Terminal for Ricoh also on devices Ricoh MP
C2003SP and Ricoh MP C2553.
JobLimits are now only utilized when the Payment System is used on YSoftSafeQ Embedded
Terminal for Xerox.
Messages on the authentication screen on the YSoftSafeQ Embedded Terminal for Xerox are
correctly localized.
Fixed issue that prevented the copy and scan jobs to be accounted to the selected billing code on
YSoftSafeQ Embedded Terminal for Sharp.
Fixed defect that prevented the PIN numbers to be overwritten in case the PIN-overwrite is enabled
and users are imported from LDAP
Jobs sent to the VIP shared queue are now visible also to the other members of the VIP shared
queue.
Favorite job operations on the embedded terminals are now correctly reflected.
Mobile print for visitors has been introduced. This feature allows the visitors to self-register directly on
the Mobile Print Server web interface. User can choose to create a permanent or a temporary
account that will be deleted after a set time. Once the account is created, the user can send jobs to
Mobile Print via email or web and print them on any printer in the YSoft SafeQ environment using just
their account username and password.
The YSoft SafeQ Embedded Terminal for OKI allows the selection of billing codes. Different billing
codes can be selected for different copy and scan jobs in one session.
YSoft SafeQ 5 34
February 03, 2016
The YSoft SafeQ Embedded Terminal for Toshiba and OKI now supports the Scan Management
features. Users are able to scan documents using the predefined scanning workflows (scan to folder,
scan to mail, scan to script) and modify the scanning workflow parameters or scanning options such
as Format, Quality, Color and Sides setting directly on the embedded terminal.
The Rule Based Engine now supports new notification option – popup in SafeQ client. More
information can be found in following article.
What's new
Fixes
YSoft SafeQ components contain the newest version of the OpenSSL library with the Heartbleed
vulnerability fixed.
YSoft SafeQ now provides two-factor authentication method (similar to Card and PIN authentication
method), where the user always has only one specific Card and PIN combination (each card has
always one PIN). More information can be found in the following article, the feature is available for
Konica Minolta and Terminal Professional only.
YSoft SafeQ 5 35
February 03, 2016
In university environment, where students migrate between different study programs (study program
is a cost center in domain controller), it is possible to add initial free credit for each cost center once
the user joins the program (is included in the cost center). This way, user is entitled to receive free
credit (e.g. based on legal requirements in some countries).
Students may migrate between different study programs (cost centers). Therefore this custom
feature additionally handles situation when given credit is removed and replaced with another
one (each study program/cost center may have different initial free credit).
Students also may receive in some study programs (cost centers) regular free credit from the
university. Each study program (cost center) can be then configured to include its users into
regular account recharge.
More details are available upon request.
Please consult use of this early access feature with Y Soft as it might not be suitable for every
environment.
What's new
Fixes
Fixed installation issues on multiple Xerox devices (such as Xerox WC7845 and Xerox WC3315).
The installation fails with proper error message in case XSA is disabled on Xerox machines
YSoft SafeQ 5 36
February 03, 2016
Fixed defect that caused the installation to take 30 minutes on Windows Server 2012 due to the
installation of the web role features.
License activation can be performed only on the first node of the cluster.
Fixed error on Sharp embedded terminal that caused Unexpected error to be thrown. This error
occured in case the user swiped an unregistered card or entered incorrect Card Activation Code
or login and password during card activation.
<SAFEQ_HOME>\logs\cmlweb-audit-log. Main Web interface audit log. Contains all audit log
log messages.
This bulletin serves as official notice about sales and support of Y Soft products.
YSoft SafeQ 3.2 3.2.44f (selected unsupported 31-Dec- Deployment of latest version is
projects only) 2010 recommended.
YSoft SafeQ 3.3 3.3.5 (selected unsupported 31-Dec- Deployment of latest version is
projects only) 2011 recommended.
YSoft SafeQ 5 37
February 03, 2016
YSoft SafeQ 3.7 3.7.4 (selected unsupported 31-Dec- Deployment of latest version is
projects only) 2012 recommended.
YSoft SafeQ 5 38
February 03, 2016
YSoft SafeQ 5 39
February 03, 2016
YSoft SafeQ 5 40
February 03, 2016
YSoft 1.0.0+ 1-Jul- 28-Jun- Y Soft certification Used for secure communication
AirPrint 2015 2025 authority (not between AirPrint Connector and iOS
trusted) devices.
YSoft SafeQ 5 41
February 03, 2016
Early Access Program allows Y Soft to expose fresh exciting new features to select partners in advance
before official release. This allows us to collect feedback from around the world, fix any imminent issues or
enhance new features before general availability. Although fully functional, features may not be fully
localized and are provided in English language only. Unless confirmed otherwise, these features are not
covered by SLA. Also, for some of the features in early Access Program, Y Soft reserves the right to request
official statement of work to be created before considering use of a feature in customer's project. This is in
order to avoid any possible misunderstanding among any of the involved stakeholders.
Early Access Program is available only for selected partners. Should you wish to join our community, please
contact your responsible account manager. After your request gets approved, we will update your license
and new features become available immediately after product reactivation.
... I find an issue or a bug? Report it back to us through our Customer Services team! Unless confirmed
otherwise, EAP features are not covered by SLA agreement.
... I have some comments or ideas? We're thrilled to hear from your experience with new features. Please
do send us the feedback through your account manager or directly to eap@ysoft.com.
... I would like to use some of the feature with customer/prospect? Y Soft reserves the right to request
official statement of work to be created before considering use of a feature in customer's project. This is in
order to avoid any possible misunderstanding among any of the involved stakeholders. Please contact your
account manager if you have a prospect or existing customer.
2.4.4 QUOTAS
YSoft SafeQ 5 42
February 03, 2016
Administrator defines Quotas that have to apply for different groups of users. It is possible to define:
Cost center "Japan HQ employees" is limited by quota "Color Copy" and by quota "Print BW"
Cost center "Germany TOP management" is limited by different quota "Color Print"
All users in affected cost center are bound by the quota. In case user's action (print or copy) on Embedded
Terminal would exceed the quota, action is rejected and user is informed about the reason.
It is possible to have certain users limited by Quotas and others by Payment. The differentiation is done on
cost-center level.
YSoft SafeQ 5 43
February 03, 2016
BENEFIT
Primary benefit of Quotas is the possibility to save costs by preventing misuse of print & copy services
by employees. Consumption is limited in understandable form - in number of pages.
Specific environments, like Universities, benefit from opportunity to combine quotas and payment.
Typically employees are limited by page quotas and students or visitors have to purchase their own credit.
CONFIGURATION OF QUOTAS
NOTE:
This feature is currently available only under Early Access Program and therefore requires special
license.
PREREQUISITES
YSoft SafeQ version 5 and YSoft Payment System installed from Maintenance Update 27 or newer
License with Early Access feature "Quotas"
LIMITATIONS
Quotas do not take into consideration Finishing options - when job is changed directly on terminal, it
is still blocked according to initial state of job.
Quotas do not take into consideration Rule-based engine - when job is changed in RBE, it is still
blocked according to initial state of job.
Refunding functionality in YSoft SafeQ web administration is decommissioned. It works through YSoft
Payment System - Cash desk only.
When user's entitlement is changed (user is moved to different cost center), changes can be
reflected with delay.
Do not use Quotas or Entitlements together with creation of money accounts in YSoft SafeQ
(manually or via LDAP). Entitlements will make the manual / LDAP creation obsolete in the future.
Terminal Professional v3 is not supported.
Toshiba (OKI) Embedded Terminal is not supported.
For more limitations see page Vendor-specific limitations and known issues.
YSoft SafeQ 5 44
February 03, 2016
SETTING UP QUOTAS
3 In section Quotas, create new quota definition(s) (page limit, recurrence, etc.).
Please note: Define only valid combinations, according to Quota types for specific vendors
(3a) (Optional) When creating or editing quota, check "Enable threshold notification" in order to turn on
soft quotas.
Set up Threshold as % of limit when end user will receive e-mail notification.
Set up "quota owner" - e.g. manager or IT representative, that receives the notifications too.
In section Notifications you can optionally update template of e-mails - tab "Quota
notification" and "Quota notification owner"
(3b) (Optional) In section Periodic recharges, create new periodic recharge definition(s)
Summary Yes The name of the Entitlement for the references in YSoft Payment
System
YSoft SafeQ 5 45
February 03, 2016
Group IDs Conditional The number of cost center from YSoft SafeQ (see below where to
find this information). Either this field or "Usernames" should contain
a valid value. More group IDs should be comma separated.
Related features:
All users from specific group (cost center) will be charged according
to entitlement with the related cost center number
Usernames Conditional Accepts only YSoft SafeQ usernames. Either this field or "Group
IDs" should contain a valid value. More usernames should be
comma separated.
Initial No Displayed only for PAYMENT type. Works only for new
balance automatically created customers.
YSoft SafeQ 5 46
February 03, 2016
Periodic No Displayed only for PAYMENT type. Related recharges can be linked
Recharges by their name.
Quotas Yes Displayed only for QUOTA type. Related quotas can be linked by
their name.
7 (Optional) In YSoft SafeQ system settings, set or keep On-demand payment account creation
on Enabled.
YSoft SafeQ 5 47
February 03, 2016
YSoft SafeQ system On-demand payment account YSoft Payment System creates
settings creation missing accounts of users
(onDemandPaymentAccountCreation) automatically before transaction,
based on Entitlement settings. This
configuration ensures users are
always charged according to their
group settings, but removes the
possibility to not charge users based
on their missing money account.
Values:
YSoft SafeQ 5 48
February 03, 2016
pages + + + +
Color BW Color BW
Konica Minolta
Xerox
Ricoh
Samsung
Sharp
Legend:
- the quota identifier or combination can be used with the specific vendor
- the quota identifier, combination or whole vendor can have specifics in behavior or limitations. Please
refer to Vendor-specific limitations and known issues
- the quota identifier or combination cannot be used with the specific vendor.
RICOH
Limitations:
YSoft SafeQ 5 49
February 03, 2016
It is possible to reach negative quota balance. It is mainly caused by slow connection between the
device and the server.
If user has less balance then is needed to perform 5 copies. The user is restricted to perform any
copy job. To allow copying, quota balance must satisfy the following conditions:
BW COPY, COLOR COPY, COLOR, BW - if defined, balance of each of them must be at least
5
COPY - must be at least BW COPY + COLOR COPY or BW + COLOR (if they are defined),
depending on which of the two sums is bigger
Similarly, if user has quota for all pages enabled, he must have at least 5 pages available to be
allowed to copy. If user quota balance gets under 5 pages during copy job, his access to copy
operation will be restricted.
SAMSUNG
Limitations:
Device is able to make reservation per 10 pages. Therefore, any remaining quota below 10 is not
usable.
It may occasionally happen, that device stops requesting reservations of quotas. In this case, users
are not limited in their actions, although operations are accounted by SafeQ. To fix that, it is
necessary to clear the main memory of the device and install the device's firmware again.
Known issues:
When user prints a mixed job (containing both color and BW pages), the printing stops right after one
color and one BW page has been printed (or vice versa).
SHARP
Limitations:
It is not possible to use quota defined as PRINT or COPY (without color specification). Only
definitions like PRINT COLOR or COPY BW are allowed.
Print all or print more jobs - it is possible that not all jobs are printed. It depends on balance of
quotas. The strategy for reservation is the same as for credit handling.
Balance < 100 - whole quota is reserved (jobs have to be printed one by one)
Balance >= 100 - half of quota is reserved (jobs can be printed in batches)
Known issues:
Print all functionality is available also to users with insufficient quotas. All jobs are printed and users
ends up with negative balance.
If user starts copying with 0 quotas of type COLOR COPY and BW COPY, all remaining quotas are
reserved and not returned in reasonable time.
Quotas for copying are decreased when user prints with no quotas for printing defined.
KONICA MINOLTA
Limitations:
YSoft SafeQ 5 50
February 03, 2016
Stop-on-zero works only with a single quota defined for user. Reason: With Konica Minolta, we can
only restrict number of operations and some functions of the device. This can be done only at the
authentication.
If multiple quotas are defined, in the most cases, the number of possible operations is a sum
of all the quotas. (e.g. PRINT 1 and COPY 1 makes 2 possible operations)
In detail, the number of operations is the maximum of all complete subsets found. A
complete subset is PRINT, COPY or COPY, BW or PRINT BW, PRINT COLOR, COPY
BW, COPY COLOR...
Operations (functions) related to quotas with zero or negative remaining balance are restricted
upon login. (e.g. COLOR 0 restricts user from performing any color jobs)
Operations (functions) related to quotas, that are not defined, are unlimited for user. (e.g.
quotas PRINT COLOR, PRINT BW make copying unlimited)
If quota balance reaches exactly 0 during printing, warning screen is displayed with a button "Start"
on it. User must log out.
Possible scenarios:
User has COPY 1, PRINT 1, BW1. Upon login, no function is disabled and the user gets 2
operations. User can now perform any two operations in one session.
Example 1: The user performs 2 BW prints. Resulting quotas are COPY 1, PRINT -1, BW -1.
Upon next login, the user is restricted to perform any BW jobs and any print jobs with 1 action
left. Thus the user can perform only 1 color copy.
Example 2: The user performs 1 BW print and 1 color copy. Resulting quotas are COPY 0,
PRINT 0, BW 0. User can now not perform any further operations.
Example 3: The user performs 1BW print and 1 BW copy. Resulting quotas are COPY 0,
PRINT 0, BW -1. User can now not perform any further operations.
Example 4: The user performs 2 color prints. Resulting quotas are COPY 1, PRINT -1, BW 1.
Upon next login, the user is restricted to perform any print jobs with 1 action left. Thus the user
can perform only 1 copy.
Limitations:
Users are not restricted in printing using direct queue or the Print all functionality, even with negative
quotas amount. It is recommended to disable these features while using print quotas.
It is not possible to use quotas PRINT, COPY, COLOR, BW (but it is possible to use their
combinations, e.g. PRINT COLOR)
With fujiXeroxEnableDefaultQuotaTogglingStrategy enabled, only half of Quota for all pages can be
used for printing, the other half is divided between BW and color copy jobs. If user has quota for all
pages = x, then
BW Copy = x/4
Color Copy = x/4
Print = x - x/4 - x/4
YSoft SafeQ 5 51
February 03, 2016
NOTE:
This feature is currently available only under Early Access Program and therefore requires special
license.
Overview
Prerequisites
Setup of Billing Code selection for Printing at the terminal
Behavior with different settings
Limitations for setting "Terminal"
OVERVIEW
Before implementing this feature, users were able to choose Billing Code directly on terminal only for scan
and copy jobs. Print jobs were accounted under the Billing Code, chosen at the YSoft SafeQ Client
application, when sending the job to the YSoft SafeQ server.
Now administrator can enable Billing Code selection on terminal also for print jobs. So users will be able to
change the Billing Code previously selected at the YSoft SafeQ Client application, right before printing the
job on Embedded Terminal. This feature is not supported on hardware terminals like Terminal Professional
or Terminal Ultralight.
For example:
A user sends a frequently printed form to a YSoft SafeQ and marks it as favorite, so that it can be
printed anytime. However, this form is used in many different projects. By selecting the Billing Code
at the terminal, the releases of the form will be each accounted under correct Billing Codes.
A user always sends his print jobs with the default Billing Code selected, not to be bothered by it's
selection. But this time he needs to print something for a special project. Instead of having to resend
the job, the user can change the Billing Code at the terminal.
Jobs sent by Mobile Print can now also be accounted under a Billing Code.
PREREQUISITES
YSoft SafeQ 5 52
February 03, 2016
License with Early Access feature "Billing Code selection for Printing at the terminal"
1 Activate the license with the feature "Billing Code selection for Printing at the terminal" under Early
Access License
When user selects a Billing Code in the YSoft SafeQ Client, every print and reprint of that job will
always be accounted under the selected Billing Code.
If the Billing Code in YSoft SafeQ Client is not selected, the job won't be accounted under any Billing
Code when it is printed and reprinted. This applies regardless of the Billing Code selected on the
terminal (e.g. when job is sent by LPR or user had no Billing Code at the time of sending the job).
When user selects a Billing Code on the terminal (or has a default Billing Code assigned), each
printed job will be accounted under given Billing Code (until the billing code is changed).
When user selects a Billing Code for a job in the YSoft SafeQ Client, and no Billing Code is selected
on the terminal, the job will be accounted under the Billing Code selected in YSoft SafeQ Client.
If the Billing Code is selected neither on the terminal nor in the YSoft SafeQ Client, the reprints will be
accounted under no Billing Code.
Print All from authentication screen behaves the same way as secure print.
Direct print jobs will be accounted under the Billing Code selected in the YSoft SafeQ Client.
Result of changing the Billing Code while releasing a batch of print jobs will be different on each
vendor (based on accounting strategy).
Default Billing Code has the same effect as choosing a Billing Code right upon log in to a terminal.
NOTE: On terminals, where BC selection is forced right after login (or users has assigned default
BC), users will always be forced to change BC assigned on job reception to YSoft SafeQ server.
NOTE: Billing code which job was accounted to, does not change value of assigned billing code,
which can be found in job details on SafeQ web interface. Billing code selected on terminal is saved
only to job accounting information.
Users always have to select the Billing Code when logging in, forcing them to change it for print jobs.
YSoft SafeQ 5 53
February 03, 2016
When changing the Billing Code while printing multiple documents, the documents will be accounted
under the Billing Code chosen at the time of their actual release to the printer. This does not apply to
Direct Print and Print All.
Note, that on the native type of the Embedded Terminal, it is not possible to change Billing Codes
during user session.
Xerox
It is not possible to change Billing Code for jobs printed by Print All functionality if there was a Billing
Code selected on the YSoft SafeQ Client application
When changing the Billing Code while printing multiple documents, the documents will be accounted
under the Billing Code chosen at the time of their actual release to the printer. This does not apply to
Direct Print.
Ricoh
Users always have to select the Billing Code when logging in, forcing them to change it for print jobs.
When changing the Billing Code while printing multiple documents has no affect on the documents.
Sharp
When changing the Billing Code while printing multiple documents, the documents will be accounted
under the Billing Code chosen at the time of their actual release to the printer. This does not apply to
Direct Print and Print All.
Users always have to select the Billing Code when logging in, forcing them to change it for print jobs.
When changing the Billing Code while printing multiple documents, the documents will be accounted
under the Billing Code chosen at the time of their actual release to the printer. This does not apply to
Direct Print.
Samsung, Lexmark
Users always have to select the Billing Code when logging in, forcing them to change it for print jobs.
When changing the Billing Code while printing multiple documents, the documents will be accounted
under the Billing Code chosen at the time of their actual release to the printer.
OKI, Toshiba
When changing the Billing Code while printing multiple documents, the documents will be accounted
under the Billing Code chosen at the time of their actual release to the printer. This does not apply to
Direct Print.
This feature is not supported on hardware terminals. Original billing code will be used for accounting
regardless of value set in billingCodePrecedence property.
YSoft SafeQ 5 54
February 03, 2016
NOTE:
This feature is currently available only under Early Access Program and therefore requires special
license.
Overview
Prerequisites
Defining access rights on web
Access restriction on YSoft SafeQ Embedded Terminals
OVERVIEW
As an extension to Fax accounting support, YSoft SafeQ now provides options to restrict access to Fax
feature based on roles, device groups or specific devices. In case Fax access is restricted, user cannot
enter Fax menu on device with Embedded Terminal.
Administrator can configure fax access restriction, in SafeQ Web interface under the Rules > Access
definition. Fax access is enabled by default, after update from releases where this feature was not
available.
PREREQUISITES
YSoft SafeQ 5 55
February 03, 2016
Click Add new item, and access record definition window will be opened.
User role
Device group
Device
grant or deny access rights for fax feature
Modify Fax access rights for already created access records in the list. Click / icons to grant
/deny access.
- access is granted
- access is denied
YSoft SafeQ 5 56
February 03, 2016
FujiXerox It is not possible to restrict Fax operation (similarly as the copy restrictions)
FujiXerox The Fax application is visible in the menu, but user is not allowed to enter it and an
XCP insufficient access rights message is displayed, if the user doesn't have Fax access
rights granted.
KonicaMinolta The Fax icon in the menu is not displayed, if the user doesn't have Fax access rights
granted.
Lexmark The Fax icon in the menu is not displayed, if the user doesn't have Fax access rights
granted.
Ricoh The Fax application is visible in the menu, but user is not allowed to enter it and an
insufficient access rights message is displayed, if the user doesn't have Fax access
rights granted.
Samsung The Fax application is visible in the menu, but user is not allowed to enter it and an
insufficient access rights message is displayed, if the user doesn't have Fax access
rights granted.
Sharp User can enter the Fax application, but is not allowed to perform any Fax operation
and an insufficient access rights message is displayed, if the user doesn't have Fax
access rights granted.
Toshiba/OKI User can enter the Fax application, but is not allowed to perform any Fax operation, if
the user doesn't have Fax access rights granted.
Xerox All Fax applications (Fax, Server Fax, and Email Fax) icons in the menu are not
displayed, if the user doesn't have Fax access rights granted. Authentication mode must
be "To device". It is necessary to enable enableXeroxAccessDefinition property in
System settings.
The result of detection whether installed device supports access definition or not is
shown in Embedded Terminals installation overview window:
YSoft SafeQ 5 57
February 03, 2016
NOTE:
This feature is currently available only under Early Access Program and therefore requires special
license.
The session summary window displays the total amount of print/copy/scan jobs performed in user's session.
Together with this also the number of pages and price for each job category is displayed. The total price
displays the sum of prices for each category.
NOTE: Job summary can be enabled by a configuration property "Enable YSoft SafeQ embedded
terminal for Ricoh to show session summary before the user logs out " ( srteShowSessionSummary )
that can be found in System Settings / Terminal UI.
1 Log out of the Terminal Embedded: Log in and log out at the Ricoh printer.
YSoft SafeQ 5 58
February 03, 2016
3 Tap on OK to close the session summary window and logout from the terminal. The session
summary window is also closed automatically after 20 seconds.
2.5 LICENSING
YSoft SafeQ 5 introduces important changes in the license model. The product is licensed per device with
two simple options:
The per-device license with embedded terminal applies to all supported vendors, therefore it is not required
to get separate license for each vendor in customer's environment (see list of supported terminals).
YSoft SafeQ 5 Suite license offers all features available and supported. Therefore customers can enjoy
most of what YSoft SafeQ 5 has to offer at highly competitive price.
Editions (Instant, Professional, Enterprise) are no longer available. Instead, YSoft SafeQ 5 can be
purchased in separate (or combined) modules:
Authentication
Print Roaming
Reporting
Credit and Billing
Rule Based Print
Scan Management
Mobile Print
YSoft SafeQ 5 59
February 03, 2016
Authentication, Reporting, Credit and Billing, Rule Based Print and Mobile Print modules
can be licensed standalone. Print Roaming and Scan Management modules must be
licensed together with Authentication module.
For each per device license (with embedded terminal or without embedded terminal) either
the whole SafeQ Suite with all modules can be licensed, or just individual modules or their
combination, however the licensed modules has to match.
It is not allowed eg. to license 10 devices with embedded terminal with
Authentication and Print roaming module and 10 devices with embedded terminal
with Authentication and Scan Management module.
Only exception is the Reporting module that can be licensed standalone in addition
to the other licensed modules (for example for monitoring of prints on the older
devices).
Up-to-date information about available licenses, packages and combinations is always available
from your Y Soft representative.
YSoft SafeQ 5 can be licensed by individual modules. Features in every module are limited, the list of
features available in each module follows:
Please note that the list of available features contains only the most important ones, for
further information please see the licensing guide on the Partner Portal or contact your Y
Soft representative.
Available features may depend on the type of terminal (Terminal Professional/Ultralight,
Embedded Terminal).
YSoft SafeQ 5 60
February 03, 2016
Authentication
direct queue authentication
authentication module is required
application on the for modules Scan
embedded terminal Management and
/terminal professional Print Roaming
various authentication
authentication module is
methods (PIN, card, recommended for
username and modules Credit and
password, billing module and
combination) Reporting and Mobile
card self-registration Print
YSoft SafeQ 5 61
February 03, 2016
Reporting
direct queue license for Reporting
online, offline and module can be
embedded offered standalone in
accounting addition to the rest of
predefined automatic the licensed modules
reports in various recommended
formats module:
management reports Authentication
customizable reports Authentication
local printer module is
monitoring REQUIRED for the
CRS connector embedded
default definable accounting on:
price list FujiXerox
OKI
Ricoh
Sharp
Toshiba
only one price list
is available
YSoft SafeQ 5 62
February 03, 2016
Credit and
billing module direct queue recommended with
YSoft Payment module:
System (including Authentication
Payment System Authentication
administration module is
interface and Cash REQUIRED for the
Desk interface) embedded
SafeQ Payment accounting on:
Machine support FujiXerox
(credit charging via OKI
SPM) Ricoh
support for credit Sharp
operations on Toshiba
terminals (payments support not
for prints/scans available for Toshiba
/copies) and OKI embedded
online, offline and terminal
embedded
accounting
definable price lists
multilevel billing
codes
YSoft SafeQ 5 63
February 03, 2016
Rule Based
Print direct queue recommended with
RBE conditions, Authentication and
actions and Print Roaming
notifications modules
standalone Rule
Based Print module
provides the same
benefits when
obtained with license
for device with
/without embedded
terminal.
it will be not
possible to use
certain rules and
conditions without
additional modules:
conditions
"Outcome of
authentication
on terminal"
requires the
Authentication
module
action "Queue
the job to user’
s VIP Shared
queue"
requires the
Print Roaming
module
YSoft SafeQ 5 64
February 03, 2016
Scan , requires
Management Authentication scan application on Reporting or Credit
module the embedded and Billing module is
terminal required for
scan to email/scan to accounting of the
folder/ scan to script scan jobs
workflows
Mobile Print
mobile print via email recommended with
mobile print via Authentication and
mobile print web Print Roaming
interface modules
conversion of standalone
multiple formats Mobile Print module
(PDF, DOC, XLS, provides the same
PPT, JPEG, PNG) benefits when
AirPrint obtained with license
for device with
/without embedded
terminal.
when the Embedded terminal is installed, after saving the device, the license for the device with
embedded terminal is applied
when the Reporting device is being created, after saving the device, the license for standalone
Reporting module is applied
when the Hardware terminal option or no option is selected, after saving the device, the license for
device without embedded terminal is applied
YSoft SafeQ 5 65
February 03, 2016
2.5.4 ARCHITECTURE
Due to the changes in licensing, every YSoft SafeQ 5 license allows the installation of multiple CML nodes
and multiple ORS servers.
YSoft SafeQ uses encrypted XML license file (license.xml) stored in %SAFEQ_HOME%/conf/license
/license.xml. Every license has expiration date(s) and is limited to a specific YSoft SafeQ version. Existing
YSoft SafeQ 4 license cannot be used with YSoft SafeQ 5.
Data in a license
Date of expiration
Support ID
License owner
YSoft SafeQ 5 66
February 03, 2016
OVERVIEW
YSoft SafeQ license file is generated by the YSoft SafeQ Activation Portal. YSoft SafeQ requires only an
activation key, which is part of the license agreement received after product purchase. After entering the
activation key, the license file is available for download from the portal.
The YSoft SafeQ system provides the following information to the YSoft SafeQ Activation Portal during the
activation process:
The activation process can be either online, if the YSoft SafeQ server has a direct internet connection to
the Activation Portal, or offline, by following the instructions provided on the YSoft SafeQ Web Interface.
Offline activation can also be used for obtaining the 30-day trial license.
The result of the activation is that YSoft SafeQ is activated with all available features and the web interface
no longer prompts for activation. When the license is activated properly:
ACTIVATION METHODS
ONLINE ACTIVATION
A YSoft SafeQ administrator logs in to the YSoft SafeQ web interface enters the activation key received
after purchase and selects the Activate online activation method. After the administrator clicks on the
Activate button, the YSoft SafeQ server contacts the activation portal (http://portal.ysoft.com) and tries to
activate YSoft SafeQ. If an activation key matches an existing license, the license is encoded and sent to
the server. YSoft SafeQ server stores the license and YSoft SafeQ is activated. No restart is required. For
further information see the Using the online activation method.
OFFLINE ACTIVATION
A YSoft SafeQ administrator logs in to the YSoft SafeQ Web Interface enters the activation key received
after purchase and selects the Activate offline activation method. YSoft SafeQ generates an encoded
integrity key containing information for activation. The next step required for successful activation is to
manually generate the license key at http://portal.ysoft.com/activate. The previously generated integrity
needs to be entered in the corresponding field on the Web page. The license key is returned if the integrity
key contains a valid activation key. The returned license key can be entered via the YSoft SafeQ web
interface which activates the YSoft SafeQ copy. For further information see the Using the offline activation
method.
YSoft SafeQ 5 67
February 03, 2016
LICENSE UPGRADE
License upgrade is a process where the currently activated license receives additional devices, features or
extended duration of the support. Once the extension has been purchased, new activation key shall be
obtained. The new key has to be activated on the YSoft SafeQ web interface so that the key is bound to the
existing license. For more information see chapter Upgrade license.
TROUBLESHOOTING
YSoft SafeQ is deactivated on following occasions:
In case of issues with the license activation, the first troubleshooting step is using the Offline activation
method. This method displays error messages returned by the activation server. The information from offline
activation are required by Y Soft customer support services when an incident via Service Desk is reported.
Each incident needs to contain screenshot of the error message, generated integrity key and description of
the steps that were performed prior the activation (e.g. old server has failed and we are trying to activate
license on a new server).
YSoft SafeQ 5 68
February 03, 2016
2. On the Activation key screen enter the activation key and click on Next.
3. On the Activation method screen select the Activate offline option and click on Next.
4. The integrity key is generated automatically. Copy the integrity key and click on Next.
YSoft SafeQ 5 69
February 03, 2016
5. From a computer with Internet access, visit the website http://portal.ysoft.com/activate, enter your
integrity key and generate the license key. On the License key screen enter the license key
generated on the activation portal and click on Activate to finish the activation process.
YSoft SafeQ is always activated or reactivated from the first node of the cluster only.
2. On the Activation key screen enter the activation key and click on Next.
YSoft SafeQ 5 70
February 03, 2016
3. On the Activation method screen select the Activate online option and click on Activate. YSoft
SafeQ server contacts http://portal.ysoft.com and downloads the license.
YSoft SafeQ is always activated or reactivated from the first node of the cluster only. YSoft SafeQ
stores the license in the file %SAFEQ_HOME%/conf/license/license.xml.
LICENSE REACTIVATION
After upgrading to new Service Release or restoring the installation on the same hardware and the same
operating system (without the OS being reinstalled), YSoft SafeQ must be reactivated again. When the
license reactivation is performed, all orders that have been previously used on this server will be
automatically activated.
LICENSE REACTIVATION
YSoft SafeQ 5 71
February 03, 2016
2. Then select one of the activation methods (Online activation or Offline activation) and perform the
corresponding following steps.
YSoft SafeQ is always activated or reactivated from the first node of the cluster only. YSoft SafeQ
stores the license in the file %SAFEQ_HOME%/conf/license/license.xml.
SUPPORT ID
Support ID is a unique identifier of every YSoft SafeQ installation. All orders related to the installation are
associated with one Support ID. Every Support ID is bound to the computer where the first activation has
been done. In case the customer orders additional features or devices, the activation code from the new
order needs to be used at the same server as before, otherwise the new features or devices will not be
successfully added. In case of server cluster, all activation codes need to be applied at the Master server.
2. In the YSoft SafeQ web interface in the System Information tab / License information section.
3. Y Soft partners can find the support ID in the Service Desk in the list of registered installations.
YSoft SafeQ 5 72
February 03, 2016
2. The integrity key is generated automatically. Copy the integrity key and click on Next.
3. Visit the website http://portal.ysoft.com/activate from a computer with Internet access, enter your
integrity key and generate the license key. On the License key screen enter the license key
generated on the activation portal and click on Activate to finish the activation process.
YSoft SafeQ 5 73
February 03, 2016
LICENSE UPGRADE
License upgrade allows extending the existing license with additional devices, features or support (after
purchase has been done).
Prerequisites
Access to the YSoft SafeQ web interface of the first installed CML server (master)
New activation key
LICENSE UPGRADE
1. Log in as administrator to YSoft SafeQ web administration on the first installed CML server (master
node) and open the license information.
YSoft SafeQ 5 74
February 03, 2016
4. Enter the new activation key received from Y Soft or Y Soft representative.
5. Select one of the activation methods (Online activation or Offline activation) and walk through the
next steps to finish the license upgrade.
YSoft SafeQ 5 75
February 03, 2016
Make sure there has been no YSoft SafeQ license (not even a Demo or Trial license) activated on
the computer you are going to use. If this condition is not met, the following error message will be
displayed when trying to activate the product:
The license on this computer is connected to MAxxxxxx but the related SLA record is
MAyyyyyy! Manual intervention in Y Soft HELIOS IS is required. Please contact our
Service Desk. We apologize for inconvenience!
The license can be transferred to new hardware without any assistance from Y Soft Corporation. Please
follow the steps below:
1. Log in as administrator to YSoft SafeQ Web administration of the new server installation.
2. Select Reactivate existing license.
YSoft SafeQ 5 76
February 03, 2016
5. On a computer connected to the internet, open the web browser and navigate to http://activate.ysoft.
com
6. Click the Transfer license to new hardware link.
7. Enter the integrity key, Support ID and Customer Name. Values will be verified automatically.
YSoft SafeQ 5 77
February 03, 2016
9. Copy the generated string and paste it to License key field on the YSoft SafeQ web interface. Then
click on the Activate button to finish the reactivation.
The partner responsible for the installation needs to send a request to allow reactivation on new
hardware to orders@ysoft.com.
The request must contain
the reason why the transfer is needed
support ID or the customer company name
Please note that the approval process may take several days to complete.
If you urgently need the license, you can activate the trial license instead. This will require additional support
from Y Soft Customer Support team after the license transfer is approved. The SafeQ 5 Trial Licenses
also limits the volume of supported devices.
YSoft SafeQ 5 can be activated with a free 30-day trial license. For more information see the article trial
license activation. Trial licenses provide access to the entire YSoft SafeQ 5 Suite, with the license for 25
devices with embedded terminal and 25 devices without embedded terminal.
The following table outlines which features are included in each trial license.
Architecture SafeQ 5
Suite
YSoft SafeQ 5 78
February 03, 2016
Architecture SafeQ 5
Suite
Features SafeQ 5
Suite
Card assignment
Print roaming
Print tracking
Print compression
Print encryption
Offline accounting
Online accounting
Predefined reports
Custom reports
Purge reports
Management reports
Automated reports
Report exports
CRS connector
Projects tracking
Scan management
Payment system
Shared queues
YSoft SafeQ 5 79
February 03, 2016
The requester allows upgrading the existing YSoft SafeQ 4 license key to the license valid for YSoft SafeQ
5. We recommend that license upgrade is requested 3 weeks before the actual upgrade.
Prerequisites
Verify that:
1. Navigate to YSoft SafeQ Activation Portal (https://activate.ysoft.com) and log in to the YSoft Partner
portal for advanced functions.
YSoft SafeQ 5 80
February 03, 2016
3. Enter the YSoft SafeQ 4 support ID to the available column and click Generate to sent the request.
NOTE: If the provided support ID has no valid Software Support, an error message occurs. In this
case, please send your request directly to your dedicated Account Manager who will provide you with
a possible solution.
4. The request is is sent for validation to orders. Normally the request is processed within a few days
but in peak periods it make take even a few weeks. That is why we recommend to plan the upgrade
and request the licence upgrade 3 weeks prior to the actual upgrade.
NOTE: After the license upgrade is confirmed YSoft SafeQ 4 remains operational. However, do not
re-activate SafeQ 4 installation. For updating to the latest Service Release of YSoft SafeQ 4 it is not
required that the installation is re-activated instead after the installation of update is finish proceed
with the upgrade to Y Soft SafeQ 5.
5. Once the request is processed it is possible to proceed with the upgrade.
NOTE: We strongly recommend NOT to install Y Soft SafeQ 5 aside and activate a TRIAL license
while waiting for the validation of the request. Such servers (read: servers with pre-installed YSoft
SafeQ 5 that has TRIAL licence activated.) are not authorized to use "Activation key" for upgrades.
YSoft SafeQ 5 81
February 03, 2016
Installer
YSoft SafeQ web interface and YSoft Payment System
External and Embedded Terminals
YSoft SafeQ Client
2.6.1 INSTALLER
English
Chinese Simplified
Czech
Danish
French
German
Hungarian
Brazilian
Portuguese
Japanese
Polish
Portuguese
Russian
Slovak
Spanish
English
Chinese Simplified
YSoft SafeQ 5 82
February 03, 2016
Czech
Danish
French
German
Hungarian
Japanese
Polish
Brazilian
Portuguese
Portuguese
Russian
Slovak
Spanish
Language Terminal Fuji Xerox Fuji Xerox Konica Ricoh Sharp Toshiba
Professional Embedded XCP Minolta Embedded Embedded Embedded
Embedded Embedded
(terminal
application
supports
same
localizations
as Fuji
Xerox
Embedded)
English
Czech
YSoft SafeQ 5 83
February 03, 2016
Language Terminal Fuji Xerox Fuji Xerox Konica Ricoh Sharp Toshiba
Professional Embedded XCP Minolta Embedded Embedded Embedded
Embedded Embedded
(terminal
application
supports
same
localizations
as Fuji
Xerox
Embedded)
Bulgarian
Chinese localized,
Simplified not
supported
Chinese
Traditional
Croatian
Danish
Dutch
Estonian
Finnish
French
Georgian
German
Greek
YSoft SafeQ 5 84
February 03, 2016
Language Terminal Fuji Xerox Fuji Xerox Konica Ricoh Sharp Toshiba
Professional Embedded XCP Minolta Embedded Embedded Embedded
Embedded Embedded
(terminal
application
supports
same
localizations
as Fuji
Xerox
Embedded)
Hungarian
Italian
Japanese
Kazakh
Korean
Latvian
Lithuanian
Norwegian
Polish
Portuguese
(Brazil)
Portuguese
(Portugal)
Romanian
Russian
Serbian
(Cyrillic)
YSoft SafeQ 5 85
February 03, 2016
Language Terminal Fuji Xerox Fuji Xerox Konica Ricoh Sharp Toshiba
Professional Embedded XCP Minolta Embedded Embedded Embedded
Embedded Embedded
(terminal
application
supports
same
localizations
as Fuji
Xerox
Embedded)
Serbian
(Latin)
Slovak localized,
not
supported
Slovenian
Spanish
Thai
Turkish
Ukrainian
English
Czech
Arabic
Bulgarian
Chinese Simplified
Chinese Traditional
Croatian
YSoft SafeQ 5 86
February 03, 2016
Danish
Dutch
Estonian
Finnish
French
German
Greek
Hebrew
Hungarian
Italian
Japanese
Kazakh
Korean
Latvian
Lithuanian
Norwegian
Polish
Portuguese (Brazil)
Portuguese
(Portugal)
Romanian
Russian
Serbian (Cyrillic)
Serbian (Latin)
Slovak
Slovenian
YSoft SafeQ 5 87
February 03, 2016
Spanish
Swedish
Thai
Turkish
Ukrainian
YSoft SafeQ 5 88
February 03, 2016
YSoft SafeQ offers various features for the customer benefit when using multifunction devices. The
following table describes which components are required (servers, terminals, clients).
Copy Tracking
Scan Tracking
REPORTING
Reporting gives the ability to use information from print, copy, scan tracking and provide both high-level
and detailed overview to IT managers. Reporting provides details about device usage, costs, users and
impact on the environment (also known as "Green Reporting"). The information can be then used to
further optimize the print environment.
YSoft SafeQ 5 89
February 03, 2016
Green Reporting
SCAN MANAGEMENT
YSoft SafeQ allows users to choose one of the default scan workflows right after installation - sending
scanned documents to user's email address or home folder. To simplify internal business workflows,
scan-to-script capability can be used together with custom scripts to e.g. send the scanned data into
another system for further processing or archiving.
YSoft SafeQ 5 90
February 03, 2016
Workflow scanning
MOBILE PRINTING
With BYOD (bring your own device) trend going up, the ability to print from mobile devices is needed
more than ever. Users can send their data via e-mail or upload them using dedicated website. In
combination with Print Roaming, the printouts are available almost at all times.
Email Printing
User Roaming
YSoft SafeQ 5 91
February 03, 2016
Identity management
Card self-assignment
Deployment
Licensing
Localizations
Server failover
YSoft SafeQ 5 92
February 03, 2016
DEVICE MONITORING
Whether you are only interested in the print volumes or are collecting data to compare with other
systems, meter collection is included and offers access to device counters.
Explanations:
Terminal is required
Distributed Server System is required (see Distributed Server System - Private Cloud
)
Terminals provide user interface which allows interaction with multifunction or other printers. The key
features allow user authentication, print job management and access to other YSoft SafeQ features for end
users.
YSoft SafeQ 5 93
February 03, 2016
Terminal
Important note: Please always refer to the Hardware Compatibility List for up-to-date information about
supported vendors and devices.
Note: This document is the sole source for descriptions of all YSoft SafeQ functionality; any functionality
provided by the YSoft SafeQ solution (incidentally or intentionally) that is not described in this document
shall not be considered as officially available and supported. Intellectual property held in this document is an
asset of Y SOFT and its affiliated companies. Nothing in this document is intended to grant any rights under
any patent, copyright or other intellectual property right to any party other than Y SOFT. Specifications are
subject to change without prior notice.
The information contained within this document is for the intended reader, bound by a signed NDA, is
confidential, and is supplied to the reader solely for his/her internal use. The reader agrees that he/she will
disclose this information only within his/her organization and then only to those employees who have a
direct need for such information. The reader further agrees that this information in any part or in its entirety
will not be disclosed by him/her to any other party without the express, written consent of Y SOFT.
YSoft SafeQ 5 94
February 03, 2016
YSoft SafeQ 5 95
February 03, 2016
YSoft SafeQ offers various features for the customer benefit when using multifunction devices. The
following table describes which components are required (servers, terminals, clients).
Copy Tracking
Scan Tracking
REPORTING
Reporting gives the ability to use information from print, copy, scan tracking and provide both high-level
and detailed overview to IT managers. Reporting provides details about device usage, costs, users and
impact on the environment (also known as "Green Reporting"). The information can be then used to
further optimize the print environment.
Green Reporting
YSoft SafeQ 5 96
February 03, 2016
SCAN MANAGEMENT
YSoft SafeQ allows users to choose one of the default scan workflows right after installation - sending
scanned documents to user's email address or home folder. To simplify internal business workflows,
scan-to-script capability can be used together with custom scripts to e.g. send the scanned data into
another system for further processing or archiving.
Workflow scanning
YSoft SafeQ 5 97
February 03, 2016
MOBILE PRINTING
With BYOD (bring your own device) trend going up, the ability to print from mobile devices is needed
more than ever. Users can send their data via e-mail or upload them using dedicated website. In
combination with Print Roaming, the printouts are available almost at all times.
Email Printing
User Roaming
YSoft SafeQ 5 98
February 03, 2016
Identity management
Card self-assignment
Deployment
Licensing
Localizations
Server failover
DEVICE MONITORING
Whether you are only interested in the print volumes or are collecting data to compare with other
systems, meter collection is included and offers access to device counters.
YSoft SafeQ 5 99
February 03, 2016
Explanations:
Terminal is required
Distributed Server System is required (see Distributed Server System - Private Cloud
)
YSoft SafeQ supports Usage and Costs Reporting interface integration with MS SQL OLAP Data
Warehouse.
OVERVIEW
YSoft SafeQ captures information about the print environment, devices and users. The data are accesible
for large print environments by integration with Microsoft SQL OLAP Data Warehouse and can be included
in company's business intelligence systems.
PRE-REQUISITES
MS SQL 2008/2008R2/2012 Standard or Enterprise Server with Analysis Services. Several features
may be limited when using Standard Edition. see http://www.microsoft.com/sqlserver/en/us/product-
info/compare.aspx for more information.
Detailed description of Print Stats scales: Scales used on the MS-SQL ENT and MS-SQL STD
platform:
Detailed description of the Accounting Cost Specific cost center of accounted job. Use this value
Center dimension: to determine the current cost centers (for example, in
the users report):
Detailed description of Device Group dimension: Device's group. For example: the number of jobs
printed for a specific device group.
Detailed descriptions of File Type dimension: Job file type. For example, which jobs users printed,
or how many jobs of a certain job type were printed.
Detailed description of Printer Type dimension: Device model (according to SafeQ web interface):
Detailed description of Time dimension: Can be used when defining reports or for viewing
device usage over a period of time:
DATA WAREHOUSE
The data warehouse is used for permanent storage of statistical and descriptive data. There is a possibility
to manage how old data will be stored in data warehouse and if database backup should be created during
cleanup procedure. System creates partition for each new year to manage data effectively and delete old
partitions.
enableDBCleanup = true
Used for enabling data warehouse cleanup. Cleanup removes data older than specified in
archiveDataYears from the warehouse.
enableDBBackup = true
archiveDataYears = 1
Used for defining period, how old data will be kept in data warehouse. The value is specified in
calendar years (e.g. all data since 1.1.2013 will be held in cube in case the current date is
1.1.2014 or 12.12.2014).
cdcDbBackupPath = c:/SafeQCRS/backup/
OLAP CUBE
OLAP cubes use data from data warehouse as its direct source. There is possibility to manage how old
information will be stored in base OLAP cube. There is also possibility of creating cubes backup during
cleanup procedure. System creates partition for each month to manage data effectively and delete old
partitions.
This settings cannot be changed later. To change these options YSoft SafeQ CRS has to be
reinstalled with newly defined settings.
enableBaseCubeCleanup = 1
Used for enabling base cube cleanup. Cleanup removes data older than specified in
cdcArchiveCubePeriod from the Base cube.
cdcEnableBackupCubeBase = 1
cdcEnableBackupCubeFull = 1
Used for enabling full cube backup; if enabled, each month the full cubes older than specified in
cdcArchiveCubeMonths property will be moved to backup directory.
cdcArchiveCubePeriod = 1
Used for defining period, how old data will be stored in base cube. The value is specified in
calendar years (e.g. all data since 1.1.2013 will be held in cube in case the current date is
1.1.2014 or 12.12.2014).
cdcDbBackupPath = c:/SafeQCRS/backup/
enableReportsCleanup = true
Used for enabling web reports database cleanup. Cleanup removes data older than specified in
archiveReportsYears from the web reports database.
archiveReportsYears = 1
Used for defining period, how old data will be stored in web reports database. The value is
specified in calendar years (e.g. all data since 1.1.2013 will be held in cube in case the current
date is 1.1.2014 or 12.12.2014).
INITIAL BACKUP
When update of YSoft SafeQ CRS is performed, an initial backup of data warehouse and / or base cube is
created (depends on settings of enableDBBackup, cdcEnableBackupCubeBase properties). This backup
contains all data in data warehouse / base cube before YSoft SafeQ CRS update. To avoid creating an
empty partitions, dataYearStart property should be used. No initial backup is created when clean installation
of YSoft SafeQ CRS is performed.
SafeQ_FULL Cube is an OLAP application of MS-SQL 2008, 2008 R2 or 2012, Standard or higher edition,
which enables efficient viewing and browsing of data for one month. In YSoft SafeQ CRS, the following
cube is included:
Full stats: Full statistics; data are not aggregated. Drill-down to the level of individual jobs is
possible.
SafeQ_RV Cube is an OLAP application of MS-SQL 2008, 2008 R2 or 2012, Standard or higher edition,
which enables efficient viewing and browsing of data. In YSoft SafeQ CRS, the following cube is included:
Real Volume: Statistical data derived from device counters grouped by device, cost center, and
accounting type. Distribution of data is derived from base statistical data, optional cube.
For CRS Enterprise, the following Measure and Dimension data are available:
Measure – countable data, such as the number of pages, price, etc.:
Dimension – descriptive information for Measure data (such as who printed, the printer they used,
etc.)
Accounting Cost Centre Distinct Count: number of cost centers using a service. For example, the
number of cost centers printing to the current printer can be displayed.
Device Distinct Count: number of printers. For example, you can see how many printers are
handling the current job type (print/copy/...)
Accounting Cost Center - Number: the number of the accounting cost center
Accounting Cost Center - Name: the name of the accounting cost center
Accounting Type: output type (B/W copy, B/W print, color copy, color print large (A3/legal/tabloid),
scan, purged (not printed) jobs, etc...). Can be used to learn the output type of each user or device
center.
Device - Activation Date: activation date of the device (date of the first device use via SafeQ)
Device - Backend: print backend (according to YSoft SafeQ Web Interfacee)
Device - Contact Person: contact person (according to YSoft SafeQ Web Interface)
Device - Cost Centre Name: name of the device's cost center (according to YSoft SafeQ Web
Interface). For the actual cost center, use the dimension "Accounting Costs Centre".
Device - Cost Centre Number: the device's cost center number (according to YSoft SafeQ Web
Interface). For the actual cost center, use the dimension "Accounting Costs Centre".
Device - Deactivation Date: activation date of device (date of the first device use via SafeQ)
Device - Description: device description (according to YSoft SafeQ Web Interface)
Device - Device Group: device group (according to YSoft SafeQ Web Interface)
Device - Name: device name (according to YSoft SafeQ Web Interface)
Device - Driver: device's accounting driver (according to YSoft SafeQ Web Interface)
Device - Equipment Id: device's equipment ID (according to YSoft SafeQ Web Interface)
Device - IP Address: device's IP address or DNS name (according to YSoft SafeQ Web Interface)
Device - Location: device's location (according to YSoft SafeQ Web Interface)
Device - Service Agreement Id: device's service agreement identification number (according to
YSoft SafeQ Web Interface)
Device - Accounting Driver: device's accounting drive
Device - Device Id: device's ID
Device - Printer Type Name: device's printer type name
Device Group - Name: device group name (according to YSoft SafeQ Web Interface)
Device Group - Type: device group type (RS, ORS, CML)
Filetype - Name: job filetype name (according to YSoft SafeQ Web Interface)
Filetype - Extension: job filetype name extension (according to YSoft SafeQ Web Interface)
Filetype - Prefix: job filetype name prefix (according to YSoft SafeQ Web Interface)
Job Origin: origin of printed job – the name of the station (server), from which the job was printed
Job Title: title of each job as it will appear in the list of all printed jobs. For example: relation to the
user or device.
Day: day of the month when the job was printed – sequential number in month
Day Of Week: day of the week when the job was printed – sequential number in week
Hour: hour that the job was printed
Month: month when the job was printed
Time: complete time data, including the printing process jobs
Week Number: week when the job was printed – sequential number in year
Year: year when the job was printed
Date: date when the job was printed
Date Hour: date and time when the job was printed (time is rounded to a whole hour )
Small Time: date and time when the job was printed (time is rounded to seconds)
User - Cost Centre Name: name of the user's current cost center. To see the cost center to which a
job was accounted at the time of its accounting, please use the dimension Accounting Cost Center.
User - Cost Centre Number: number of the user's current cost center. To see the cost center to
which a job was accounted at the time of its accounting, please use the dimension Accounting Cost
Center.
User - Email: user's e-mail
User - Full Name: user's full name (surname and name)
User - Login: user's login (user's primary login)
User - Name: user's name
User - Surname: user's surname
User - Number: user's personal ID (according to YSoft SafeQ Web Interface)
Forced: Forced type (Not Forced, Forced B/W, Forced Duplex, Forced B/W&Duplex)
Connection via Microsoft Excel 2003 is possible as well (after downloading a missing component from
the official Microsoft website), but Y Soft does not support this method of connection.
If you cannot connect to OLAP cube, contact your administrator.
1 Open the Microsoft SQL Server Management Studio application (referred to as Management
Studio); then select connection to Analysis Services.
2 In the Server name field, select the database server you want to connect to. (The database name
can be the IP address or the hostname.)
3 Click Connect.
4 In the left panel is a tree structure of the Analysis services. As shown in the picture below, find the
required OLAP cube; then right-click it and select Browse.
We just selected a measurable value (Measure). Continue, using descriptive data or dimensions.
Example: Drag-and-drop the dimension Devices - Device Name to the Drop Row Fields Here
area.
6 Continue with the pivot table. This example shows Date from the Time dimension.
You can also work with many more measures and dimensions not shown in the pictures above.
2 In the Data tab, select From Other Sources > From Analysis Services.
3 In the Data Connection Wizard, enter the database Server name and select Windows, or enter a
specific User Name and Password; then click Next.
If you want to display Full Stats, select the database and month that you require; then click Next.
6 Select a display type: pivot table, chart, or both; then click OK.
After successful connection, you will see a window exactly as shown in picture below.
7 Select dimensions or measures as described above. The picture below shows an example of a
simple pivot table.
Working with a YSoft SafeQ pivot table is the same as with any other pivot table.
YSoft SafeQ CRS Reports allows you to view the basic reports via the web interface using
the reporting services.
See the article YSoft SafeQ CRS Report Builder for information about generating a
customized report.
1 Use any Web browser (for example, Microsoft Internet Explorer) to connect to the Reports server.
Enter: http://SERVER_NAME/reports/
2 In the pop-up window, type the user name and password to access the Reports server. (This
authorization is verified using domain accounts.)
3 A new basic Reports menu window opens. Click SafeQ Reports to display a list of reports.
5 In this window, you can define additional filter parameters (year, month, day, etc.). Click the View
Report button to display the required data.
This step requires that Reporting Services are configured for an e-mail delivery. This is not
configured by default. Omitting this step will cause that e-mail will not be offered as one of the
delivery options. For more information kindly refer to the Microsoft documentation at http://technet.
microsoft.com/en-us/library/ms345234(v=SQL.105).aspx
1 Find the report you wish to send via email. Hover the mouse over the report, open the drop-down
menu and click Manage.
2 Select the Processing Options, then select Cache a temporary copy of the report. Expire copy
of report after a number of minutes: 30.
3 Select the Subscriptions tab and click New Subscription. The new window Report Delivery
Options will be opened.
4 Fill in the e-mail recipient in To field, fill in the e-mail Subject and set the other parameters per your
needs. The content of the window will differ according to the attributes of your report.
Once finished, click the Select Schedule button. The new window Schedule details will be opened
5 Configure how often the e-mail report shall be sent (Hour, Day, Week, Month, Once). Once finished,
confirm the configuration by clicking OK.
Please bear in mind that it may take around one day to synchronize and process all the data from
the CML servers (depending on the configuration of the CML and the environment) - thus when
setting up a monthly schedule, it is recommended to set it up to the beginning of the second day in
the month.
6 Confirm also the Reports Delivery Options window by clicking OK. The new subscription is now
displayed on the Subscriptions tab. Your e-mail schedule is created and it will send an email with
reports according to the configuration.
1 THE FOLLOWING PREDEFINED ATTRIBUTES ARE AVAILABLE FOR BOTH BASE AND FULL REPORTS:
year - year
month - month
day - day
hour - hour
date - date/hour/minute (only in Full report)
jobs cnt – jobs count
pages – number of pages
price - price
costs per page – cost per page
price per page – price per page
avg cvg – average job coverage
Avg Toner K: average coverage of black toner
Avg Toner Cmy: average coverage of color toner
papers – quantity of paper
These are identical to the Base report attributes, but additionally there is a Date attribute in
every report.
Report Full - Base report
Report Full - Cost Centers report
Report Full - Device Cost Centers report
Report Full - Devices Groups report
Report Full - Devices report
Report Full - Filetypes report
Report Full - Projects report
Report Full - Servers report
Report Full - Users report
Microsoft Report Builder is an application which allows you to define your own reports.
Such reports can be interactively displayed, accessed later using web browser or can be
used as a template for an automatic e-mail reports . It is a "ClickOnce WinForms" application,
which means that it can be installed from any Web browser (it is not a Web Browser application).
However running it from Internet Explorer is recommended.
For more information about Report Builder see the documentation that is included with
every version of the application.
When using Internet Explorer, make sure that the compatibility view is enabled, otherwise prompt
to install .NET 3.5 will be shown repeatedly.
If the Report Builder icon is not displayed, display it via the following link:
http://<SERVERNAME>/ReportServer/ReportBuilder/ReportBuilder.application
3 Select CDC Full Stats Model and press Test Connection button. The information about successful
connection must be shown. Continue to the next window by pressing OK and Next.
4 The configurable report is displayed. On the left side of the window, the Entities panel lists all
available tables in the selected model. The Fields panel lists all individual items that may appear in
the report. There is the Assembly output in the center of the window, which is a graphical
representation of the report being created.
5 Move individual items into the Assembly output to built up your desired report (e.g. select Device in
the left upper menu, then drag Name in the bottom menu and drop it in the window on the right side.
This will add you the device names to the report. Then you can add another fields such as Acc for
counter type and Total pages from the Smartq Stats Fulls entity).
6 You can set your report to include only certain data. For example, you can create a report for a
specific cost center, report related to print only or create the report that is limited to a certain period
of time (predefined static date or relative date containing only data from the last month)
6a. Click the Filter button (the blue funnel icon). A new window with filter options opens.
6b. Select the items you would like to use as a filtering condition by dragging them on the left side
and dropping them on the right side. Then specify the filtering conditions (example demonstrates
only the print jobs for the last month; not including the current month). Once finished, click OK.
7 Once you have added all required fields for the report and applied the filters, click Next. New window
with available columns will be shown. Drag the fields you wish to see in the report from the left menu
to the appropriate windows on the right side according to your needs. Then click Next.
10 The final design of the report is shown. The design is still editable.
Click Run button in the left upper menu to see the output including the data. Please note that it may
take several minutes generate the report. Some of the fields are expandable.
11 In case you would to like slightly modify the look of the output, you can go back to the design view by
pressing Design button in the upper left menu. Then you can edit the values by double-click. For
more information about available options kindly refer to the Report Builder documentation.
12 If you wish to make the report available also for the other users, use the Save as option in the menu.
You can use the default location for saving reports or you can create a custom location.
WARN: Do not save the report to "SafeQ Reports Builder" or "SafeQ Reports"
location, these locations are erased with every update of the CRS server.
Enter the report's name; then click Save. The report you saved will be available on the
Reports server.
You can use this method to create a report that can be used by others users. A simple
example of a saved report is shown in the picture.
This page describes the architecture of YSoft SafeQ CRS (Central Reporting Services) and
includes a diagram of central data collection.
ARCHITECTURE DESCRIPTION
The YSoft SafeQ CML (Central Management Layer) (configured as the CRS sender) is a client that
sends data to YSoft SafeQ Data Collector (a component of the CRS server). YSoft SafeQ Data
Collector processes data from the CML server and temporarily stores it in a database. There are two
types of data: Statistical data and Descriptive data.
Statistical data is mapped to Descriptive data according to the selected key. All Statistical data are sent
every time, while Descriptive data are sent only when required by Statistical data.
YSoft SafeQ Data Collector stores all data into the Data Warehouse in predefined intervals. Data are
already structured and ready to be processed by client tools. The Data Warehouse provides data for
the OLAP cube, Microsoft Reporting Services, and Microsoft Report Builder. To optimize performance,
data are mirrored in separate databases for MS Reporting Services and MS Report Builder.
A standalone database server is recommended.
In terms of communication, the YSoft SafeQ CML that sends data to the CRS is a client, while the
YSoft SafeQ CRS is a server. The YSoft SafeQ CML must be properly configured and connected to
YSoft SafeQ Data Collector. The data sending period and other configuration settings of the CML client
are configured in the appropriate configuration file. (For data sending period information and for other
settings, see the chapter "Central Reporting System" in your YSoft SafeQ administration guide. Also
see detailed information in Installing YSoft SafeQ CRS server.)
YSoft SafeQ Data Collector is basically a specially configured YSoft SafeQ server that is able to
receive and process data from YSoft SafeQ CML servers that are configured as clients.
Data Collector uses the Microsoft SQL Server 2008, 2008 R2 or 2012 database for data storage. Data
Collector receives new Statistical data from YSoft SafeQ CMLs (clients) and temporarily stores it in the
database. After all Statistical data are collected, Data Collector asks the specific YSoft SafeQ CML
(client) for the Descriptive data needed for mapping Statistical data.
The last data that Data Collector receives from the YSoft SafeQ client represents the current values of
counters from devices (MFPs, printers, copiers) that are collected by the YSoft SafeQ CML and YSoft
SafeQ ORS.
Data are synchronized from Data Collector to the Data Warehouse every hour (all mapped Statistical
data and all counters from devices).
If any Statistical data received cannot be mapped correctly, Data Collector will try to map it during the
next synchronization.
Data Collector settings are stored in the appropriate configuration file. (See detailed descriptions in
Installing YSoft SafeQ CRS server.)
DATA WAREHOUSE
The Data Warehouse is implemented as relational databases in MS SQL 2008, 2008 R2 or 2012
server. The Data Warehouse is used for permanent storage of Statistical and Descriptive data from
YSoft SafeQ Data Collector. Data are already structured in non-aggregated form and ready to be
processed by client tools. These data are a direct source for OLAP cube, Microsoft Reporting Services,
and Microsoft Report Builder. To optimize performance, data are mirrored in separate databases for
MS Reporting Services and MS Report Builder.
DATA MAPPING
Descriptive data which goes into YSoft SafeQ Data Collector are re-mapped to Statistical data due to a
possible conflict of identifiers. Three identifiers are created: the original identifier, a new identifier, and
source identifier. The set of these three identifiers is referred to as the mapping descriptor. Statistical
data are adjusted according to this descriptor, to include the new identifier with the correct relation to
the original ID.
You can access all data in the Data Warehouse by using Microsoft Report Server. You can use
predefined reports or you can use Microsoft Report Builder to create reports (both are part of MS SQL
2008, 2008 R2 and 2012.)
Responsibility of YSoft SafeQ Announcer for AP is to broadcast information about available printing server
to iOS devices and Mac.
YSoft SafeQ Announcer for AP must have IP address from the subnet with iOS or Mac devices.
Otherwise users won't see announced service.
Responsibility of YSoft SafeQ Connector for AP is to receive requests from iOS device or Mac via IPPS and
translate them to SafeQ Protocol Level 4 which is used to deliver job to YSoft SafeQ.
Make sure that your CML has license for Mobile Print. Without license the service won't start.
REQUIREMENTS
Operating system with YSoft SafeQ Connector should be Microsoft Windows (tested on Windows
Server 2008, Windows 8.1)
The server with the YSoft SafeQ Connector has to be in the same subnet as the devices which will
use AirPrint feature - the required Wi-Fi subnet.
YSoft SafeQ must have Mobile Print license with AirPrint feature.
Exceptions at firewall are set for the ports used by the integration.
Target printers have to support plain PDF (PostScript print language) to be able to release print
jobs queued on devices with iOS operating system. For some MFPs the PostScript option is not
available by default and could be added additionally.
LIMITATIONS
Billing codes can't be selected when submitting a job to SafeQ via AirPrint.
On Mac OS X the "Generic PostScript Driver" has to be selected to print Color jobs
Some of the vendors might not support PostScript Driver, in such cases it is recommended to
choose vendor-specific driver.
On Mac OS X when a user enters wrong credentials, the prompt to enter credentials is not displayed
again and the job stays in "Hold for authentication" status.
When the user requeues a job, the prompt for credentials is correctly displayed.
On iDevices (iPhone, iPad, etc.) when a user prints a photo, the default paper size is not A4 but it
matches default Photo printing sizes.
Once a user submits a job and provides credentials, credentials are saved and used for all
subsequent print jobs.
Sequence number is prepended to print jobs sent from Mac OS X.
This bug is in Mac OS X and will be fixed in El Capitan (10.11).
INSTALLATION
Installation instructions are available in Installing AirPrint.
SSL CERTIFICATE
SSL Certificate is used for encrypted connection between YSoft SafeQ Connector for AP and User
Workstation (Mac OS X, iPhone, iPad, ...), it was generated July 1st 2015 and will be valid until June 28th
2025.
OVERVIEW
YSoft SafeQ keeps all jobs by default in its spooler for a certain period of time. This allows users to run re-
print of favorite jobs or recently printed jobs. Some customers may be interested in enhanced security when
it comes to retaining print jobs, for example banks or other institutions, where print jobs contain sensitive or
private data. In order to address this need, YSoft SafeQ can be configured to Delete jobs after printing,
which removes the data from server immediately after print job is released at the printer.
This obviously means, that such jobs cannot be re-printed in the future. Please note that this option does
not apply to favorite jobs, only to the jobs which were recently printed.
CONFIGURATION
There are several options to configure this feature:
All jobs are deleted right after they are released when Delete print jobs as soon as they are
printed ( deleteAllJobsAfterPrint) is set to ENABLED in System settings > Spooler
Only certain jobs are deleted. Note, that deleteAllJobsAfterPrint overrides those options
Can be configured for selected devices on the Terminal tab
Enable the feature - by check the checkbox
Disable the feature - by uncheck checkbox.
Can be configured per cost centre on the cost centre detail
Can be configured per user on the user detail
DESCRIPTION
Counter reporting extends YSoft SafeQ solution with the ability to collect device page meters.
Administrators can set the system to automatically collect device counters (sometime known as "page
meters") from all registered devices and use the information to provide invoicing data to the supplier
while verifying reporting accuracy.
Reports in web administration display the information about counter readouts in a separate page,
where the data can be filtered by date, device and device group. The data are also automatically
available in Central Reporting Services (if used in your YSoft SafeQ deployment).
The system can be configured for manual or scheduled export into one of the supported formats (CSV,
XML or XLS) for more convenience.
More information about the web administration and export options, please read Tools - Counter reports
.
AVAILABILITY
This feature is generally available in YSoft SafeQ 5 Suite license, as a part of Reporting module.
Private Cloud technology enables smart agent distribution and deployment on remote locations,
optimizes network usage, and provides job continuity if communication fails between a remote location
and the central YSoft SafeQ CML location. At each remote site, an Offline Remote Spooler (ORS) can
be installed on an existing print server or on any other available server that the office allocates for that
purpose. The ORS agent is deployed from the central location and can be customized to be deployed
unattended, with parameters configured in advance.
YSoft SafeQ Offline Remote Spooler (ORS) is a proxy application that can run on a local print server
or on a YSoft SafeQ Appliance - SafeQube. An ORS provides all the functions of YSoft SafeQ (as
described in these Wiki pages) with the exception of system administration. The ORS contains the
YSoft SafeQ core component with spooling capabilities, the terminal server component for embedded
terminal support (YSoft SafeQ 5 only), and a data/configuration cache.
The ORS does not include a database. Data are stored in the persistent cache in the application
folder. (The application must have Write access to the folder.) Data are stored unencrypted.
The ORS has no configuration/administrative interface; management is centralized via the CML.
ORS deployment is fully automated via an MSI package. The only configuration option is the IP
address of the CML server.
The ORS is a stateless component; in case of failure, a simple restart is sufficient.
Data synchronization is handled in "best-effort-mode," which means that whenever the ORS has
an online connection, it exchanges job tickets and user authentication tickets with the CML
server.
ORS data caches are loaded automatically along with the relevant configuration after the first
connection to the CML or whenever the data cache has been deleted by the administrator
(recovery).
Based on analysis of Private Cloud use by real customers, the data traffic between ORS and CML
components is less than 5% of the print volume managed by each individual ORS.
Customer print servers manage all printing and copying locally and are equipped with an
installed YSoft SafeQ Offline Remote Services(ORS) service.
This service is stateless and does not include an interface for configuration, database, or
management. It is used to handle print jobs and MFP sessions and for exchanging
authentication and reporting data with the central data center.
The ORS contains a data cache so that if connection to the data center fails, the ORS
can operate autonomously for a limited time (configurable).
The ORS server can directly handle a maximum of 50 connected devices.
Distributed data center with YSoft SafeQ Enterprise Central Management Layer (CML)
cluster (2-4 servers).
The CML provides central administration, accounting, and print job security for the head
office and for branch offices.
The CML cluster can directly handle printing services for locations directly connected to
the data center (maximum of 200 devices directly connected to one CML server).
The data center also includes YSoft SafeQ Central Reporting Services (CRS Enterprise)
installed on a separate server at headquarters.
The CRS server receives and processes reporting data from all connected YSoft SafeQ
CML clusters and provides access to Usage and Cost reports via MS SQL OLAP and
Analysis Services.
USER STORIES
1. ORS – As an administrator, I want to use the YSoft SafeQ system at many of our company
locations and manage all the locations from a single point.
Online TCP/IP network connection (64kbps+) between CML and ORS components
CAVEATS
Each ORS server must be connected to one CML cluster [1-4 servers].
The CML system serves as an independent management and integration point and supports up
to 500 connected ORS servers per one CML server. NOTE: It is not recommended to connect
more than 10 ORS servers to a SINGLE (not clustered) CML server.
Each CRS can collect data from up to 100 CML systems. However, every CML with connected
ORS servers is considered to be an independent installation of YSoft SafeQ, with separate
configuration and management.
If an ORS is in offline mode (that is, without connection to the CML), new users cannot register.
See Offline Mode ORS limitations for more details.
ORS LIMITATIONS
DESCRIPTION
YSoft Payment System introduced concept of "virtual credit". It represents free entitlement of customer,
which can be used as payment for services. For better usability, YSoft SafeQ introduced a way to
manage it through cost centers or user roles:
LICENSING
Free Money Accounts is a standard feature included in YSoft SafeQ 5 Suite, module Credit and Billing.
LIMITATIONS
Adding users and their modification are supported only with LDAP.
Do not add users in YSoft Payment System directly, nor create / update them directly via
YSoft SafeQ UI or via CSV import.
Existing users (replicated without this set to enabled) are not affected by " Create money
account when creating user account in LDAP " property.
Periodic recharge assigned to all users that belonged to a cost center is not automatically assigned
to users newly added to the cost center and is not automatically removed from users removed from
the cost center.
Enable property "Create money account when creating user account" in LDAP settings on "Schema"
tab for those LDAP sources that will use credit management.
You may set virtual credit to users belonging to specific Cost Center.
OVERVIEW
Green reporting tracks pages which have not been released, i.e. physically printed out. Sometimes, it is
referred to as "purged print jobs". Green report can be displayed in web administration of YSoft SafeQ,
tab Reports. Green report shows the number of print job pages that were received by YSoft SafeQ but
never printed, represent volume of costs saved by Rule-based Engine and printing impact to the
environment.
SafeQ tracks and reports number of "purged" pages: pages that has been sent to print, but not
physically released at the device (based on defined rules or secured print). The reported data are
shown as a number of trees used for consumed paper, volume of CO2 produced by creating
consumed paper (information is only approximate, based on publicly available algorithms).
SafeQ tracks and reports total volume of printed pages of an individual user prior his/her printing using
YSoft SafeQ Client. SafeQ additionally tracks and reports total volume of printed pages for an
individual user prior after his/her authentication at the device using YSoft SafeQ terminal. SafeQ also
tracks and reports related costs for pages that has been forced to be printed in monochrome or duplex.
DEPENDENCIES
LICENSING
Green Reporting is a standard feature included in YSoft SafeQ 5 Suite, module Reporting.
OVERVIEW
YSoft SafeQ has its own identity database in order to provide authentication, authorization and
accounting features. The data can be populated from different sources - manually via web interface, or
automatically replicated from LDAP or imported using CSV file format from a third-party system. Each
user must have a unique record in YSoft SafeQ, data are stored in the main database (CML server).
Unique username Mandatory At least one username or alias must be defined in order to
(s) identify print job owner. Case sensitive.
Password Optional NOTE: The password is NOT synchronized from LDAP sources
to the YSoft SafeQ database.
Home directory Optional Mandatory for use with Scan to home folder feature.
Department Mandatory
number
Some of the steps can be carried out automatically during user workflow. For example users can
assign cards to their account using Card self-assignment at the terminal.
One of the most common methods for adding users via YSoft SafeQ Web administration. Since all
users are created manually, this process can be lengthy, depending on the amount of users that will be
using YSoft SafeQ for printing services.
The administrator can add, edit or remove users from the internal database (see Web Interface - Users
).
The LDAP User Replicator downloads users and their attributes from an LDAP server. When you run
the LDAP User Replicator, all user attributes are automatically replicated into the YSoft SafeQ
database. The only exception is the password attribute, which is not replicated.
This import process is mostly used in companies with higher volume of users and company having
Active Directory identity management.
More information about the LDAP User Replicator, including configuration tips, can be found at Tools -
LDAP Integration.
The CSV File User Replicator imports users, roles, and cost centers from specially formatted CSV file
to the YSoft SafeQ database. This enables you to use any source of data with YSoft SafeQ. The only
requirement is that the source must allow data export to CSV file or through custom developed scripts.
This import can be performed periodically; the operating system scheduler can be set to
periodically run the CSV File User Replicator.
More information about the CSV File User Replicator, including examples of the CSV file structure, can
be found at Using the CSV File User Replicator.
Importing information from a CSV file is similar to using the CSV File Use Replicator, except for two
differences: you can import the CSV file information directly from the YSoft SafeQ Web Interface, and
the import cannot be set to run periodically. To import data from a CSV file:
The structure of a CSV file is almost identical to the CSV file used by the CSV File User Replicator, as
shown here:
3. Import data.
All user attributes from the CSV file are saved to the internal YSoft SafeQ database.
Import from other systems is not directly supported by YSoft SafeQ. However, Y Soft offers additional,
separately priced option to develop custom integration with third-party systems. Please consult with
your Y Soft representative the necessary details prior installing YSoft SafeQ.
THE PRINCIPLE
To understand rights inheritance, it is important to know how the roles structure works.
Every YSoft SafeQ installation includes the role everyone by default. This role cannot be deleted.
Every YSoft SafeQ user has this role automatically assigned — that is, every user is a member of the
role everyone and this cannot be changed. This role is superior to all roles you create.
If you set access rights for the role everyone, these rights will be applied to all users. You can set
detailed rights by defining a new role, setting its rights, and assigning it to a user. The new role inherits
rights from its superior group everyone, but the settings made in the new role override its parent
role settings.
If you set access rights for an individual device, these rights take priority over the settings of the
entire device group.
If a user is assigned multiple roles of the same level at the same time, prohibition has priority.
Example: user1 login is member of the role everyone, role1, and role2. The role everyone has print
access rights set for a device group named Default. For role1, device group Default is prohibited and
for role2 this group is permitted. As a result, user1 is prohibited from printing to all devices included in
the Default group, because the permission in the everyone role is ignored. user1 is also a member of
other roles which are permitted to print to this Default device group, but the role everyone is
subordinate to other roles and ignored --- the only settings that matter for user1 are the settings
made for role1 and role2. Printing is prohibited to the Default group for role1 and permitted for role2.
Because prohibition has priority (see above), prohibition is applied.
Unlike function rights, assigning device access rights has one extra feature – the ability to assign
default rights to a role. A role's default device rights will apply to all device groups that do not have
rights explicitly set for the particular role. A role's default device rights settings have priority over the
access right settings of a device group, both for the role everyone and for any other roles.
Example: A user is member of the role everyone and role1. The role everyone has printing rights set
for a device group devices1 and role1 has default rights set for copying. If the user accesses a
device that is not part of device group devices1, printing is permitted to a user because it is permitted
to the everyone role. If a user accesses a device that is not part of device group devices1, copying is
permitted to the user because the default rights for copying have been set for his/her role in relation to
all device groups which have not been explicitly set. This means that if a user's role1 has printing rights
set for device group devices2, the default settings are ignored and printing is permitted to the user only
according to role1's device rights set explicitly for the group devices2.
YSoft SafeQ 5 supports JDBC connection pool for database connection pooling. JDBC connection pool
saves system and database resources. JDBC connection pool main benefits are: reuse connections, set
minimal pool size, set maximal pool size, close idle connection after expiry, close idle connection not
properly closed after expiry, close long running queries after expiry, statement caching.
JDBC connection pool is enabled by configuration property enableDBPool placed in configuration file
startup.conf. Possible values are true, false [default is true].
CMLDB.CONF
dbClass Database type identification; required. Values are PGSQL, PGSQL &
MSSQL MSSQL
sqdb-ds-ssl Specifies if and how to use SSL for secure communication PGSQL &
MSSQL
cdcDbName Name of the CDC database (needed for the OLAP cube) MSSQL
dbValidator If dbValidator property is set to true then every connection PGSQL &
is validated by SQL call "SELECT 1". In case of database MSSQL
disconnection (e.g. database reset) connection is
automatically refreshed.
validator-makearchive archives an old definition of views while replacing with a PGSQL &
new definition MSSQL
validator-deletearchive clears definition in archives before running a new database PGSQL &
validation cycle MSSQL
dbValidatorConnectionTimeout max duration of stale connection for dbValidator; default is PGSQL &
20 sec, 0 means use non-expirable connection MSSQL
dbConnectionCleanerPeriod connection are cleaned up after the specified time period; PGSQL &
default is 10 sec MSSQL
sqdb-dwdbowner database owner for MSSQL sever for DWH database MSSQL
CMLDB-CLUSTER.CONF
dbClass Database type identification; required. Values are PGSQL, PGSQL &
MSSQL MSSQL
sqdb-ds-ssl Specifies if and how to use SSL for secure communication PGSQL &
MSSQL
dbValidator If dbValidator property is set to true then every connection PGSQL &
is validated by SQL call "SELECT 1". In case of database MSSQL
disconnection (e.g. database reset) connection is
automatically refreshed.
dbValidatorConnectionTimeout max duration of stale connection for dbValidator; default is PGSQL &
20 sec, 0 means use non-expirable connection MSSQL
dbConnectionCleanerPeriod connection are cleaned up after the specified time period; PGSQL &
default is 10 sec MSSQL
CMLDB-SQDW.CONF
dbClass Database type identification; required. Values are PGSQL, PGSQL &
MSSQL MSSQL
sqdb-ds-ssl Specifies if and how to use SSL for secure communication PGSQL &
MSSQL
dbValidator If dbValidator property is set to true then every connection PGSQL &
is validated by SQL call "SELECT 1". In case of database MSSQL
disconnection (e.g. database reset) connection is
automatically refreshed.
validator-makearchive archives an old definition of views while replacing with a PGSQL &
new definition MSSQL
validator-deletearchive clears definition in archives before running a new database PGSQL &
validation cycle MSSQL
dbDefaultConnectionTimeout max duration of stale connection; default is 300 sec PGSQL &
MSSQL
dbValidatorConnectionTimeout max duration of stale connection for dbValidator; default is PGSQL &
20 sec, 0 means use non-expirable connection MSSQL
dbConnectionCleanerPeriod connection are cleaned up after the specified time period; PGSQL &
default is 10 sec MSSQL
sqdb-dwsrvname database server name for MSSQL sever for DWH database MSSQL
sqdb-dwdbowner database owner for MSSQL sever for DWH database MSSQL
CONFIGURATION EXAMPLES
User and sync must both have same domain. If you are not using domain use PC name instead.
Remember that when you are setting domain name to change dbURL also.
cmldb.conf
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5;appName=SafeQ;ssl=request;domain=MYPC
dbUser = dbuser
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance =
sqdb-ds-domain = MYPC
sqdb-ds-namedPipe =
sqdb-ds-ssl =
cdcDbName =
cdcDbOwner =
dbValidator = false
validator-enabled = true
validator-makearchive = true
validator-deletearchive = false
dbDefaultConnectionTimeout = 20
dbValidatorConnectionTimeout = 20
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDB = 100
dbMinConnections-SQDB = 10
sqdb-srvname=MYPC
sqdb-dbowner=dbo
sqdb-dwsrvname=MYPC
sqdb-dwdbowner=dbo
dbConnTestCount = 3
dbConnTestDelayInSec = 15
cmldb-cluster.conf
dbId = SQDBCLUSTER
dbClass = MSSQL
dbDriver = net.sourceforge.jtds.jdbc.Driver
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5;appName=SafeQ;ssl=request;domain=MYPC
dbUser = sync
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance =
sqdb-ds-domain = MYPC
sqdb-ds-namedPipe =
sqdb-ds-ssl =
validator-enabled = false
dbDefaultConnectionTimeout = 20
dbValidatorConnectionTimeout = 20
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDBCLUSTER = 20
dbMinConnections-SQDBCLUSTER = 0
cmldb-sqdw.conf
dbId = SQDBDW
dbClass = MSSQL
dbDriver = net.sourceforge.jtds.jdbc.Driver
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5_SQDW;appName=SafeQ;ssl=request;domain=MYPC
dbUser = sa
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5_SQDW
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance =
sqdb-ds-domain = MYPC
sqdb-ds-namedPipe =
sqdb-ds-ssl =
#dbValidator = true
validator-enabled = true
dbDefaultConnectionTimeout = 300
dbValidatorConnectionTimeout = 300
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDBDW = 20
dbMinConnections-SQDBDW = 0
cmldb.conf
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5;appName=SafeQ;ssl=request;;
instance=$sqlInstanceName
dbUser = dbuser
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance = myInstance
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
cdcDbName =
cdcDbOwner =
dbValidator = false
validator-enabled = true
validator-makearchive = true
validator-deletearchive = false
dbDefaultConnectionTimeout = 20
dbValidatorConnectionTimeout = 20
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDB = 100
dbMinConnections-SQDB = 10
sqdb-srvname=
sqdb-dbowner=dbo
sqdb-dwsrvname=
sqdb-dwdbowner=dbo
dbConnTestCount = 3
dbConnTestDelayInSec = 15
cmldb-cluster.conf
dbId = SQDBCLUSTER
dbClass = MSSQL
dbDriver = net.sourceforge.jtds.jdbc.Driver
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5;appName=SafeQ;ssl=request;
instance=$sqlInstanceName
dbUser = sync
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance = myInstance
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
validator-enabled = false
dbDefaultConnectionTimeout = 20
dbValidatorConnectionTimeout = 20
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDBCLUSTER = 20
dbMinConnections-SQDBCLUSTER = 0
cmldb-sqdw.conf
dbId = SQDBDW
dbClass = MSSQL
dbDriver = net.sourceforge.jtds.jdbc.Driver
dbURL = jdbc:jtds:sqlserver://localhost:1433/SQDB5_SQDW;appName=SafeQ;ssl=request;;
instance=$sqlInstanceName
dbUser = sa
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 1433
dbName = SQDB5_SQDW
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance = myInstance
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
#dbValidator = true
validator-enabled = true
dbDefaultConnectionTimeout = 300
dbValidatorConnectionTimeout = 300
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDBDW = 20
dbMinConnections-SQDBDW = 0
CONNECT TO POSTGRESQL
cmldb.conf
dbId = SQDB
dbClass = PGSQL
dbDriver = org.postgresql.Driver
dbURL = jdbc:postgresql://localhost:5432/SQDB5?charSet=UTF-8
dbUser = dbuser
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 5432
dbName = SQDB5
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance =
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
cdcDbName =
cdcDbOwner =
dbValidator = false
validator-enabled = true
validator-makearchive = true
validator-deletearchive = false
dbDefaultConnectionTimeout = 20
dbValidatorConnectionTimeout = 20
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDB = 100
dbMinConnections-SQDB = 10
sqdb-srvname=
sqdb-dbowner=dbo
sqdb-dwsrvname=
sqdb-dwdbowner=dbo
dbConnTestCount = 3
dbConnTestDelayInSec = 15
cmldb-cluster.conf
dbId = SQDBCLUSTER
dbClass = PGSQL
dbDriver = org.postgresql.Driver
dbURL = jdbc:postgresql://localhost:5432/SQDB5?charSet=UTF-8
dbUser = sync
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 5432
dbName = SQDB5
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance =
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
validator-enabled = false
dbDefaultConnectionTimeout = 20
dbValidatorConnectionTimeout = 20
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDBCLUSTER = 20
dbMinConnections-SQDBCLUSTER = 0
cmldb-sqdw.conf
dbId = SQDBDW
dbClass = PGSQL
dbDriver = org.postgresql.Driver
dbURL = jdbc:postgresql://localhost:5432/SQDB5_SQDW?charSet=UTF-8
dbUser = dbuser
dbPass = # write user password
dbEncoding = UTF-8
dbIp = localhost
dbPort = 5432
dbName = SQDB5_SQDW
sqdb-ds-applicationName = YSoft SafeQ 5
sqdb-ds-instance =
sqdb-ds-domain =
sqdb-ds-namedPipe =
sqdb-ds-ssl =
validator-enabled = true
dbDefaultConnectionTimeout = 300
dbValidatorConnectionTimeout = 300
dbConnectionCleanerPeriod = 10
dbMaxConnections-SQDBDW = 20
dbMinConnections-SQDBDW = 0
LOCAL ADMINISTRATORS
DESCRIPTION
Service organizations are used in large YSoft SafeQ environments. They are used for creation of local
administrators and to grant them access to see and manage only parts of the system, for example local
branch of the company where they are located.
Each service organization is defined by list of YSoft SafeQ users which are called local administrators
and list of ORS servers. When local administrator logs in into the system he can only see and manage
data related to the assigned ORS servers, for example printers registered on these servers or print jobs
sent to them.
LICENSING
Local Administrators is a standard feature included in YSoft SafeQ 5 Suite, module Reporting.
OVERVIEW
Office Print Tracking feature provides the benefit of collecting information about all print jobs in the
environment using multiple different options. Print jobs may travel from workstation to the printer
directly (via serial or parallel ports of a computer) - where YSoft SafeQ offers the ability to track the
accounting information. For network printers and print servers, where print job travels through YSoft
SafeQ, additional capabilities are available above common print tracking. All gathered job information
including accounting is then used for usage and cost reports.
Not all information may be available with every print job or deployment scenario. YSoft SafeQ is
typically able to address about 95-98% of tracked pages to individual users or departments. This is
most commonly caused by various maintenance print jobs, system status print jobs, direct IP printing,
server reboots and limitations of the page meter tracking (vendor-specific limitations). Please review
Print tracking methods for more details.
The client workstation must be able to deliver data to the YSoft SafeQ server:
Using LPR (supported by most modern operating systems)
Using installed and configured YSoft SafeQ Client or Local Monitor
By sending an e-mail or uploading a document using YSoft Mobile Print Server feature
The client workstation must be able to provide the information about the user's identity in order
to authorize the print job using:
LPR user identification - user identification is logged by the client system or connected
shared printer (see RFC 1179, chapter 7.8).
YSoft SafeQ protocol for user identification – user is defined in the YSoft SafeQ Client
(see SafeQ Workstation Client Protocol Specification).
Print job title – retrieved via LPR RFC 1179, 7.4 or via YSoft SafeQ Client, using a
specific format (see RFC 1179, chapter 7.4).
The feature is enabled via the configuration option parseUserFromTitle =
<user_names>, which is disabled by default. The <user_names> value can
contain multiple users, separated by "comma" symbol ( , ).
The user name must be provided as a part of the job title, delimited by sign
defined in configuration property parseUserFromTitleDelimiter (default values:
"dot" or "colon" or "underscore" or "slash" or "backslash" – e.g. USER.title or
USER:title or USER/title or USER_title.
Position of user name could be specified by configuration property
parseUserFromTitleIndex (default value: 1 for USER.title, other possibilites: 2 for
something.USER.title etc.).
There is also possible to keep original job title by setting configuration property
parseUserFromTitlePreserverTitle (default behavior is removing user name).
Print job title (filename) is by default detected by N, T, J commands of the RFC
1179 (whichever command comes first in the data stream).
Only jobs that arrive with a specific owner identity (that is, a configured user
login name) are processed by YSoft SafeQ.
PJL command in print job data stream – PJL header in the following form can be used to
detect user identity directly from the data stream, for example:
YSoft SafeQ identifies the owner from the header by matching the header to a
(configurable) regular expression, therefore the key and the value may contain any string
but there must be a way to match them to one regular expression pattern common for all
jobs received by YSoft SafeQ. The row must be placed within the PJL header in the print
job.
This feature is enabled via the configuration option parseUserFromJob (enabled
by default) and ParserPJLUser (default pattern)
For configuration and deployment information, see Configuring Office Print Tracking.
Local monitor uses the information from Windows Print spooler. This however requires initial
configuration.
In order to understand limitation of different tracking options, please have a look at the available
Print tracking methods.
LICENSING
Office Print Tracking is included in every YSoft SafeQ 5 Suite license. Additionally, print tracking is
available as a part of the Reporting module.
This workflow is typically used for Office Print Tracking on locally (USB) connected printers.
1. (Optional) User information is typically replicated from an LDAP server using a secured (server-
authenticated) LDAP/S connection. See Identity management for additional details.
2. The user prints directly to the printer.
3. The YSoft SafeQ Local Monitor application (installed on the workstation) collects the data from
Windows Print Spooler and sends it to the YSoft SafeQ server (plain text protocol).
This workflow is typically used for Office Print Tracking, Project Print Tracking, or in several cases of
Rule-based Engine.
1. (Optional) User information is typically replicated from an LDAP server using a secured (server-
authenticated) LDAP/S connection. See Identity management for additional details.
2. The user prints the data from the workstation using a standard print mechanism. By default, the
data are transferred via plain LPR protocol. Optionally, plain or encrypted (TLS-based, server-
authenticated) data transfer is possible using YSoft SafeQ Client. The server stores the data in
plain form in the disk folder. For details, see Security overview.
3. If the user is authorized to print the job, YSoft SafeQ releases the job immediately to the network
printer (by default, the data is transferred via plain LPR protocol or RAW TCP screen). IPP or
IPP over SSL with MFP certificate verification is also possible.
a. Note: In the current version of YSoft SafeQ, there is no simple mechanism for
uploading a printer certificate to YSoft SafeQ and managing printer certificates. This is
going to be changed soon.
4. YSoft SafeQ uses several methods to gather accounting data (see Print tracking methods). If
the Online Accounting method is used, SNMP protocol is used to gather the current page
meter information from the printer.
5. If the Vendor-provided Accounting method is used, accounting information is transferred to
YSoft SafeQ from the printer via SOAP or HTTPS POST message.
OVERVIEW
DESCRIPTION
With the optional Pass-through print feature, YSoft SafeQ is able to automatically create new users as
soon as they send first print job to SafeQ. Since the created user will not have any ID card assigned
and SafeQ does not know user's e-mail address to provide PIN or Card Activation Code, this feature is
enabled only for jobs sent to a direct queue. Once SafeQ receives a job for any direct queue from
unknown user, new user account is created from template. Only login attribute is set correctly, other
attributes are generated automatically. If the user account with same login is added into LDAP later on,
and SafeQ is configured to replicate user accounts from this LDAP, the user attributes are updated in
SafeQ according the values in LDAP.
USER STORIES
1. As an Administrator of legacy systems, I want to configure the systems to print via SafeQ with a
direct release and keep track of the account that print (even if these are unauthenticated) so that
I have audit log of the pritns from my systems and can use it for print optimization.
REQUIREMENTS
System shall auto-register new user in the system, if:
it receives a print job from a user not available in SafeQ identity database,
if the print job is designated to a direct queue,
there is a 'template user' configured (template user is any user defined in system setting which
assigned roles and settings are used for creating new autoregistered user),
if the 'template user' has right to print to the target direct queue.
System shall replace the 'auto registered' user record with a real LDAP user record if such a
record is created in LDAP.
SETTINGS
1. The new user accounts are based on template user, so the template user must be set first - see
templateUserLogin configuration option in SafeQ System settings to enter a login name of any
existing user, the new user will have same access rights and so as the template user defined.
2. Administrator can choose (not) to receive notification emails each time a new user is created
automatically - see notifyAdminAutoRegisteredUserCreated configuration option in SafeQ
System settings
CAVEATS
Pass-through print for anonymous users is available only if
If there is already existing deleted user with same login in SafeQ database, no user is created neither
re-activated. The incoming job is rejected, and warning email is sent to administrator (if sending
notification emails is enabled). Please note this email is also sent if the job was sent to non-direct
queue.
YSoft SafeQ
offline print accounting Monitors every print routed from a workstation to a networked
printer via the YSoft SafeQ server in real-time, prior to printing.
[pages sent to print] Only reports print jobs routed via YSoft SafeQ server!
With YSoft SafeQ, the YSoft SafeQ license must include the Offline
Accounting option. If the license does not include Offline
Accounting, it is not possible to select the Offline Accounting
method for a device and all devices configured for offline accounting
will be switched to no accounting as soon as the expiration of the
license is detected.
Available for any LPR capable system.
Uses PCL [Y Soft] and/or PostScript [GhostScript] data analyzers.
Tracks the number of A4/letter BW/color pages and A3/legal/tabloid
BW/color pages and duplex usage for all pages sent to print for
any PCL5+, PostScript, and HPGL2 print jobs.
Optionally tracks per-page print area coverage and estimated usage
of C,M,Y,K toners (based on job analysis).
Monitoring printed pages, and especially their quality and color use,
may slightly differ from the current output and information accounted
by the printer, because printers can use different processing
algorithms. The print job is always accounted completely, even if
only part of it has been printed (for example if the user aborts the
printing on the MFP panel).
This method will not provide fully accurate report about all
printed pages, due to the technology limitation and the fact that it
only measures pages that has been released from particular
workstation, not taking into account neither status of the device, its
real output, nor other un-monitored prints . Example: A color page
printed on a BW printer is printed as BW but accounted as a color
page.
Device dependent
accounting At scheduled intervals, monitors every print routed from a
workstation to a networked printer via the YSoft SafeQ server.
[pages really printed] With YSoft SafeQ, the YSoft SafeQ license must include the Device
dependent accounting option. If the license does not include Device
dependent accounting, it is not possible to select the Device
dependent accounting method for a device and all devices
configured for device dependent accounting will be switched to no
accounting as soon as the expiration of the license is detected.
(Some embedded terminals will be automatically reinstalled.) All
accounting information received from MFPs is ignored.
Available for any LPR capable system.
Works only with PCL jobs with PJL headers and PostScript 2/3 jobs.
Available only for the following devices (verify by checking the YSoft
SafeQ HCL):
Fuji Xerox MFPs with Accounting Logs option.
Konica Minolta MFPs with OpenAPI3 account maps.
Ricoh ESA with SDK4, 7 or 10.
Sharp MFPs with OSA (MX-AMX3) module.
Toshiba MFPs with Open Platform SDK.
Xerox MFPs with Network Accounting (JBA) kit including 3-
tier billing.
Incompatible with YSoft SafeQ external (hardware) terminals.
Tracks the number of pages that have been really printed by
the network printer. Using this method, the tracking accuracy is
typically 95-98 per cent. Even with this method, YSoft SafeQ is
unable to identify origin of various printed pages, such as: service
pages, printer status pages, pages originated from printer web or
USB drive, pages printed directly to the printer IP address, incoming
FAX pages and pages copied without authentication. In order to
achieve greater accuracy, it is important to follow the change
management procedures when adding, moving or changing
individual tracked devices and limit outputs without identifiable
source. Tracked information varies per printer, but can include total
number of impressions, total number of BW/color impressions (3
tiers where supported), total number of small (A5/A4/letter/legal)
and large (A3/11x17/tabloid/ledger) pages, duplex usage.
You may have also seen the older term, "vendor-provided
accounting".
OVERVIEW
YSoft SafeQ 5 introduces new way to define prices for print operations. Prices are newly defined in separate
Price lists, which can be later assigned to individual users, cost centers or devices. In order to ensure
proper accounting of print operations, devices must have assigned at minimum the Default Price List. Price
list can be shared by multiple users, cost centers or devices. Therefore in homogenous environment where
all devices run at the same cost, only one price list must be configured and can be applied to all devices,
users or cost centers quickly.
Price lists assigned to individual users have the highest priority. If no price list is defined for a user, cost
center price list is used. If no price list is defined for a cost center, device price list is used (note: device
must always have a price list, if accounting is to be enabled).
For proper accounting of all type jobs on device, prices for this device must be set in Devices > Printers >
Edit device > Price list tab.
Here you can define prices for all available printer functions.
NOTE: For more information about "Detailed fixed costs" and "Detailed scan" check Advanced
Detail Accounting page.
If entered value has more digits than set in decimal_precision configuration property it is automatically
rounded.
Example: Number of decimal places is set to 1, administrator enters number 1.18 and number si
automatically saved as 1.2
For scanning:
(Cost per click x number of printed pages) + (paper cost x number of used papers) + (page cost x
number of printed pages)
EXAMPLES:
(Cost per click x 1 page) + (paper cost x 1 paper) + (B/W page cost x 1 page)
NOTE: You can see print job prices estimation in SafeQ Client window as displayed on
image.
(Cost per click x 2 pages) + (paper cost x 1 paper) + (Color page cost x 2 pages)
NOTE: You can see print job prices estimation in SafeQ Client window as displayed on image.
(Cost per click x 1 page) + (paper cost x 1 paper) + (B/W page cost x 1 page)
(Cost per click x 2 pages) + (paper cost x 1 paper) + (Color page cost x 2 pages)
OVERVIEW
There are two additional features in YSoft SafeQ 5 that can be used to account job in more detail:
Detail Scan Accounting - allows the administrator to specify prices for scan jobs based on their size
(normal / large) and color (B&W / color).
Detail Media Accounting - allows the administrator to specify prices for standard plain paper and
non standard media used for copying or printing.
Both of these features can be used only with some embedded terminals, depending on their accounting
/reporting capabilities (more details in Limitations below).
SETTINGS
1. To enable these features navigate in YSoft SafeQ web GUI to System settings (log into the web as
admin, then navigate thru menu System -> System settings).
2. Switch to Advanced or Expert view.
3. To enable Detail Scan Accounting - search for " scanJobsDetailAccounting" (without quotes) and
choose the option called Enabled.
4. To enable Detail Media Accounting - search for " detailMediaTypeAccounting " (without quotes)
and choose the option called Enabled.
5. After you change one or both of the options Save changes.
PRICE LIST
Once either of the features is enabled, the Price List configuration will display new items.
There are four items for Detail Scan Accounting: B&W scan (normal), B&W scan (large), Color scan
(normal) and Color scan (large). If the device used for scanning supports detailed accounting, the values
entered in particular fields will be used.
There are two new items for Detail Media Accounting: Non standard media type (normal), Non standard
media type (large). If the device used for printing/copying supports detailed accounting, the values entered
in particular fields will be used to account paper costs. Standard Paper cost is used otherwise.
LIMITATIONS
Not all vendors provide support for detail scan job accounting (e.g. B&W vs.color, normal vs. large
paper size). Please consult the use of this feature in your environment with Y Soft representatives.
Not all vendors provide support for media type based job accounting (whether plain paper or
another media type has been used). Please consult the use of this feature in your environment with Y
Soft representatives.
By design, external Y Soft terminals and the Ricoh embedded terminal do not support this level of
advanced accounting.
Both price estimation and final accounting is able to distinguish only 2 types of colorfulness for detail
scan job accounting - B&W and Color. All other possible types (one color, two color and similar) are
accounted as Color. This applies also for devices that are able to report only the size but not the
colorfullness of a scan job - on such a devices all scan jobs are accounted as Color when detail
scan job acounting is enabled (ie. Konica Minolta MFPs without payment support enabled).
Only Normal (ie. A4) and Large (ie. A3) paper size is distinguished when detail scan job accounting
is used.
All information about scan job accounting is stored as "common" scan job - it is not possible to
distinguish neither paper size nor colorfullness in YSoft SafeQ reports (web reports, Manager reports,
CRS, etc.).
It is not possible to distinguish media type used YSoft SafeQ reports (web reports, Manager reports,
CRS, etc.) even if media type based job accounting is enabled.
DESCRIPTION
The Project Print Tracking feature allows users to select and assign a target project for every print
initiated from their workstation in order to track per-project costs. Billing codes (project codes) are
provided in a hierarchical structure that can represent different business models (for example, a list of
customers and their individual projects).
For configuration and deployment information, see Configuring Project Print Tracking.
For managing billing codes in the YSoft SafeQ Web Interface, see Managing billing codes.
For an overview of importing/exporting billing codes, see Billing Code Import CSV Format
Specification.
For an overview of the user workflow relating to billing codes, see Selecting billing codes in
SafeQ Client.
USER STORIES
As a user, I want to print a document and select a billing code (project code) for the produced
output so that I can exactly track and later charge costs related to the various projects I'm
working on.
REQUIREMENTS
YSoft SafeQ shall provide a project list (tree) from which the user can select a project prior to
making every print.
Every project contains the following attributes: unique code, name, access permissions.
YSoft SafeQ shall provide reports of outputs/prints generated for every project.
YSoft SafeQ shall allow the administrator to manage the project list and also to use import and
export tools to automate management of the project list.
This feature shall be supported by all Office and Production Print Tracking methods.
YSoft SafeQ Client shall support smart search for billing (project) codes (that is, the user types
letters/numbers and the list is automatically filtered for matching projects only).
YSoft SafeQ shall support definition of a "default billing code (project code)" as an attribute of
the user. This information shall also be replicated from an external data source (where possible).
DEPENDENCIES/NON-FUNCTIONAL REQUIREMENTS
LIMITATIONS
The list of available billing codes (project codes) for each new user is synchronized to ORS
servers at the next periodic synchronization – which means that the user may see only the
default billing code upon first access, and all other billing codes after the next periodic sync.
YSoft SafeQ5 supports a maximum of 1000 billing codes per one level (with no technical
limitation on the number of nested levels). If you have more billing codes, use (or
request) the import script that can import data into the logical tree structure.
Available for network printers connected via the YSoft SafeQ server only! Does not work on
print queues shared by a print server.
The user must select a billing code prior to making every print. Only projects assigned to the
user are visible; tiered billing code selection (i.e. the user first limits the selection, then selects
the code) is available.
If no project is defined or assigned to the user, the project selection dialog is not displayed and
prints are accounted to a default project (if defined) or no project (otherwise).
If the project selection dialog is canceled the prints are accounted to a default project (if defined)
or no project (otherwise).
When billing code is changed during copying larger amount of pages, copy job is accounted to
the billing code chosen at the moment copy job was finished, not to the one chosen when
copying started.
Access permissions are defined for the tree and related sub-tree
Administrator can define default project per user or cost center (not role)
Administrator can define budget per project (with costs per page as defined per device
in YSoft SafeQ)
When the budget limit is reached, users are unable to print to this project unless
administrator adds some value to the project account
When the budget limit is reached, project administrator (assigned to a respective project
folder) is notified by e-mail
LICENSING
The Project Print Tracking feature is a standalone licensed feature. To use Project Print Tracking, this
feature must be included in the license and the license for this feature must not have expired. Without
valid license,
Recommendation
It is recommended to use a maximum of 1000 billing codes per one level (without technical
limitation on the number of nested levels).
If you have more billing codes, use (or request) the import script that can import data into the
logical tree structure.
CSV FORMAT
Billing codes are stored in a comma-separated values file.
Delimiter: semicolon ;
Quote character (if needed): double quote "
IMPORTER CONFIGURATION
You can modify the behavior of the importer by configuring the first row.
FORMAT SELECTION
Several formats are supported for import. The format MUST be specified in the first line in first column.
Available formats: prefix, parent
Format specification string: format:parent
LEVEL DELIMITER
When you use the prefix format, you can change the default delimiter from '.' to another single character.
Delimiter specification string: levelDelimiter:/
Default level delimiter is '.'
Default prefix importer will read 1.2.3.. When you change levelDelimiter to / then it will read data in
format 1/2/3.
SUPPORTED FORMATS
FORMAT PREFIX
1. Billing code in tree format – MANDATORY; String – e.g.: 1.2.14 - parent is in this case 1.2 and billing
code for this item is 14
2. Billing code description – MANDATORY; String – e.g.: Primary code
3. Extension string. From the 3rd position, you can specify extension strings. Each column contains one
and only one extension. Extensions are applied from the first left record to the right.
FORMAT PARENT
Parent billing code (first-level billing code) is optional. When it is not specified, the billing code is considered
to be directly under the root element.
The uniqueness of a billing code is defined by its path. The same billing codes can appear under different
parents.
EXTENSION STRING
Format: extension_name:value
Extension user
This extension contains user's login. Current billing code with entire subtree will be assigned to specified
user.
Example: user:georgik
Extension center
Extension contains number of cost center. Current billing code with entire subtree will be assigned to
specified cost center.
Example: center:118999881
Extension action
Available actions:
remove - This deletes the individual code and its entire subtree
Example: action:remove
It is possible to handle a large volume of billing codes, but you should follow certain rules.
1. If you need to assign a large number of billing codes, group them under one parent and assign only this
parent.
2. If you need to assign the same set of billing codes to a large number of users, create a role and assign
billing codes to the role according to guideline 1.
3. Make as few deletions as possible. Billing codes are still in the database even when they are deleted.
3.1. If you already deleted a large number of billing codes from the database, ask a database expert to
clean up and VACUUM the database. Billing codes are necessary for statistics; incorrect deletions can harm
statistics.
4. Do not create more than 1000 children at the first level of billing code tree. Divide billing codes into
groups.
Note for guideline 3: Use SQ4 SR2. Importer is able to synchronize the CSV file with the database. It
performs as few delete/insert operations as possible. (Prior versions did not check the database.)
FORMAT PREFIX
format:prefix;
1;Czech republic;user:barbora;user:richard
1.1;Brno;
1.2;Lomna;
1.2.1;Dolni Lomna;
1.2.3;Horni Lomna;
1.3;Milikov;
2;Slovakia;center:118999881
2.1;Kosice
2.2;Povazska Bystrica;
2.2.1;Vrtizer;
2.2.2;Milochov;
1.9;Trencin;
2.2.3;Marikova;
Sample in Excel:
format:prefix;levelDelimiter:/;
1;Czech republic;user:barbora;user:richard
1/1;Brno;
1/2;Lomna;
1/2/1;Dolni Lomna;
1/2/3;Horni Lomna;
1/3;Milikov;
format:prefix
1;Large forest;;action:remove
1;Desert;;
1.1;Sahara;;user:georgik;118999881;user:arnost
1.1.1;Sand;
1.1.2;Dust;
FORMAT PARENT
format:parent
100;Large forest;;center:118999881
10;Giant Sequoia;100;user:mary;user:james
11;Coast Redwood;100
12;Western Redcedar;100
13;Australian Oak;100
14;Inheritance;100;center:118999881
200;Old forest;
8;Bristlecone Pine;200
9;Alerce;200
10;Giant Sequoia;200
11;Sugi;200
12;Huon-pine;200
Sample in Excel:
SPECIAL CHARACTERS
You can use LiberOffice Calc to generate proper CSV file in UTF-8 from Excel table. Use semicolon as field
delimiter and no character as text delimiter.
format:prefix;levelDelimiter:*
1;Tiskárna
1*1;
1*1*1;
2;
2*1;
2*2;tölvufræði
Sample in Excel:
RECOMMENDATION
LIMITATION
max 1,000 sub-levels per one first-level for a one import procedure
max 3 MB CSV file size
the following characters are restricted: ?&’”<>
if you need to enter the character backslash '\' you must escape it, i.e. type '\\'
1. Check that billing codes are enabled. In System settings you should see "Enabling billing codes" set
to "enabled".
2. User must have at least two billing codes. When user has just one billing code it will become
automatically the default billing code and Billing code selection won't be displayed.
File which define billing codes must contain also all billing codes up to the root. If there is no such path then
importer won't be able to put billing code into tree.
format:prefix
500;Master
600.7000;Child
Correction:
format:prefix
500;Master
600;Second master
600.7000;Child
HOW IT WORKS
Recent Billing Codes is extension of Billing codes Workstation Client functionality. User can choose billing
code from the list with recently used billing codes. This saves time, because it is not necessary to browse all
available billing codes.
List of billing codes is limited to 10 recent billing codes. When user sends job to print then this billing codes
is moved to the top of recent billing code list.
When billing code is not in list of recently used billing codes then user can browse in the full list of billing
codes available to him. In order to display list of assigned billing codes just click on button Show assigned
billing codes. Follow instructions in Selecting billing codes in SafeQ Client.
List of recent billing codes displays only billing codes that are assigned to user or cost center. Deleted or
unassigned billing codes won't be displayed.
CONFIGURATION
Recent billing codes extension is turned on by default. It is possible to turn it off via System configuration -
option Display Recently Selected Billing Codes.
When Recent billing codes extension is turned off then user can see only list of billing codes.
PURPOSE
YSoft SafeQ provides added value to customer via fulfilling various business needs. Rule-based Engine
allows fulfillment of following:
OVERVIEW
Rule-based Engine acts based on rules defined by administrator. Rules can be combined in order to fit the
environment customer works in.
For configuration and deployment information, see Configuring and using Rule-based Engine and Using the
Rule Definition wizard.
CAVEATS
Some transformations may work only under specific conditions (see Rule-based Engine: rule
definition for more info).
Rules management on SafeQ web interface is allowed only on master CML node.
Rules management on slave node is possible only in case master node is down and slave node
takes over master role. If you change rules on slave node, do not make any changes on master node
for at least 5 minutes after it is fully started again.
Term Definition
Trigger Defines action that triggers the execution of rule - when the conditions are evaluated.
Condition Is reviewed when rule is triggered. Evaluates whether action should be performed. When
more conditions are defined for specific rule, all of them must be met in order for rule to do
action.
Action Action is something the system does, typically with a print job. Happens when rule is
triggered and conditions are met.
Notification Information to end user, manager, administrator or external system about successful
execution of rule - it was triggered and conditions were met.
Trigger Description
On reception of job by Print Job Reception from user workstation or print server.
YSoft SafeQ server This is where you can affect how the job will be processed by the
system, e.g., redirect the job to a different queue.
Before job is released to Before print job is released to a device managed by SafeQ.
the printer This is where you can reject the job.
On job status change When status of user print job has changed
Job Conditions
Job Conditions
On
reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
On
reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
Job Conditions
Job is printed on device from <group Triggers: At least one group must be specified
/ ORS> (Devices -> Items -> Add new group),
Before job otherwise this condition is disabled.
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
Job title <contains / matches> <text> Triggers: Text can be in the form of a regular
expression to detect various patterns.
On See Regular Expressions for pattern
reception of building information.
job by
YSoft
SafeQ
server
Job Conditions
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job has been sent to named queue Triggers: Text can be in the form of a regular
<contains / matches> <queue_name> expression to detect various patterns.
On See Regular Expressions for pattern
reception of building information.
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job Conditions
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job <has / has not> set a <system Triggers: Setting a system tag (using the "Mark
tag> job with tag" action) in one rule doesn't
On affect other rules because all conditions
reception of are evaluated at the beginning.
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job <has / has not> set a <user tag> Triggers: Setting a user tag (using the "Mark
job with tag" action) in one rule doesn't
On affect other rules because all conditions
reception of are evaluated at the beginning.
job by
YSoft
SafeQ
server
Job Conditions
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
Job Conditions
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
logout at
terminal
On job
status
change
If Job contains <more than, equal to, The rule requires enabled job parser.
less than, between> <x> [<all,b/w,color>]
pages [with paper size <large, small>]
Total amount of <all pages per month Triggers: This rule is not applied before first
/ BW pages per year / etc.> by job owner statistics are processed (processing of
is <equal to / not equal to / greater than / On statistics is run approximately every
less than / greater or equal to / less than reception of hour)
or equal to> <number>. job by
YSoft This rule requires the following
SafeQ property to be enabled:
server displayPrintedPagesPricesOnTerminal
Before job
is released
to the
printer
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
Job Conditions
On job
status
change
Time Conditions
Job Conditions
On job's
delivery to
the printer
On user's
login at
terminal
On user's
logout at
terminal
On job
status
change
Add watermark <text> to each page. Triggers: Watermarking feature is available for
Add it to <position> of the page, rotate it PCL and PostScript jobs only.
by <number>° and use font with <size> On job's Only ISO Latin-1 and Latin-2
and <color> delivery to character set is supported.
the printer
Variables can be used, see below for
their definition.
On job's
delivery to
the printer
Mark job with <tag> Triggers: This action will not affect the
evaluation of tag conditions in
On subsequent rules because all conditions
reception of are evaluated before any rules are
job by executed.
YSoft
SafeQ
server
Re-queue the job to <queue> Triggers: Valid for direct queue only.
On
reception of
job by
YSoft
SafeQ
server
Before job
is released
to the
printer
On
reception of
job by
YSoft
SafeQ
server
Queue the job to user's VIP Shared Triggers: Valid only for users with existing VIP
queue shared queues.
On
reception of
job by
YSoft
SafeQ
server
General Notification
Information
Send e-mail with Triggers: Variables can be used, see below for their
<subject> and content of definition.
<text> to job owner all
Send e-mail with Triggers: Variables can be used, see below for their
<subject> and content of definition.
<text> to <user> all
Send YSoft SafeQ Client Triggers: Requires job to be submitted by YSoft SafeQ
notification to job owner Client
On reception of
job by YSoft Shows popup to user
SafeQ server
Notification is defined in HTML, therefore
hyperlinks can be used.
Variable Description
Variable Description
[DEVICE_BACKEND] Data Delivery Method as configured in SafeQ (e.g., TCP/IP Raw, LPR,
IPP)
[USER_ID] Internal SafeQ unique ID of the user from the Identity Database
Please note that notifications "Send e-mail" send messages in plain text. Microsoft Outlook by
default removes line breaks in plain text e-mails. If this issue occurs in your environment, please
disable this feature in Microsoft Outlook:
Customer is working in strict Convert all jobs into Many printers need to have also color
environment where control of black&white toners filled in order to function even
employee activity is necessary. if only black&white printing is needed.
Customer is sensitive to costs of Avoid usage of expensive color toner
printing solution. in environment where users do not
need the color printing.
Customer's environment contains Redirect all jobs above X Redirect all large jobs to low-cost
lots of MFPs with high cost of print pages to low-cost printer printer in order to maximize its
and one central printer with low- benefit.
Notify user via SafeQ
cost printing. Customer wants to
Client popup Inform employees with SafeQ Client
optimize low-cost printer usage.
popup that job was redirected so
employee does not waste time by
going to wrong device to pick up
prints.
PREREQUISITES
LIMITATIONS
Go to Rules tab from the menu and create new rule or edit some existing rule.
2 Go to notification tab.
Set text for notification. You can use also HTML tags, to format text or display graphics in notification.
Save rule.
3 When a print job is sent by YSoft SafeQ Client and job is accepted by server, notification will be
display within client window.
In case that job is deleted from spooler, when clicking button Close, client window is
closed.
In other cases - if job is accepted on server and saved on spooler, only notification
window is closed.
Scanning to SMTP is an optional way of using SafeQ internal SMTP server, which receives data directly
from the printer (on port 25, thus SMTP).
ABOUT
Scan job created by MFP is sent via SMTP to SafeQ, where it is processed. In order to identify the
originating user (and because MFP cannot provide the user identification data), SafeQ looks up its database
or cache to discover the user who was logged in to the particular terminal or device based on the
information attached to the scan job (time is parsed from the file name).
If not such user is found, the scan job is ignored and not delivered to any user.
SMTP SETTINGS
To enable or disable SMTP server check the"SMTP" value from scanServerType property on System ->
System settings page.
The time and date included in the file name must be in one of the following formats:
a) YYYYMMDDHHmmss
[1-2][0-9][0-9][0-9][0-1][0-9][0-3][0-9][0-2][0-9][0-5][0-9][0-5][0-9]
b) YYMMDDHHmmss
[0-9][0-9][0-1][0-9][0-3][0-9][0-2][0-9][0-5][0-9][0-5][0-9]
In both cases 24-hour time format must be used and the seconds must be included.
SUPPORTED DEVICES
Scan to SMTP is supported only with devices that set file names of scan jobs with date and time included in
format mentioned above.
By default only HW terminal Professional is supported. Do not enable just the SMTP server in
scanServerType system settings property if Terminal Server is used (at least one more type must
be enabled) otherwise Terminal Server will not run correctly.
For scanning from embedded terminals, it is strictly recommended to use Scan via workflows.
As a System Administrator, I would like to configure my printing environment in the way there is
not a single point of failure, so that I can significantly increase high availability of printing services.
System readiness (especially 3rd party technologies, like NLB) must be consulted with Y Soft
before using with customer.
FAILOVER - OVERVIEW
Note: Failover works only within high-speed and low-latency networks (preferably 1Gb
ethernet networks). Based on experience from our existing customers, printing via slow
networks is generally unacceptable for end-users even for a short period of time. The failover
currently works only with SafeQ CML "cluster". Although ORS servers can also form "clusters
/near roaming groups", automated failover isn't fully supported at the moment.
ASSUMPTIONS
SafeQ System offers application-level failover and load balancing which encompasses all system
components. This failover and load balancing is however subject to limitations imposed by components
beyond SafeQ CML System supplier control.
Solution is based on the YSoft SafeQ Application level clustering technology. This technology is based
on the inter-server communication, message exchange and metadata synchronization among
individual YSoft SafeQ CML Servers.
to have the CML servers available on high-speed and low-latency network (preferably fiber
optics).
to have all YSoft SafeQ components (CML Server Core, Terminal Server) installed at the same
server and to have database instance for every system in the cluster.
To enable full failover and load balancing for MFPs connected with YSoft SafeQ system, there are
three options to be used:
1. For some devices and technologies, client-based failover mechanism can be used
2. Microsoft Cluster Services (MSCS)
3. Microsoft Windows Network Load Balancing (NLB) technology can be leveraged
Failover options
Server OS based
real-time server state of the art requires complex infrastructure
failover mechanism solution configuration
(MSCS) expensive initial investments
expensive maintenance
virtual IP must be used for
administration (Terminal Server
connected with local server
only)
Server OS based
real-time server included in requires extra infrastructure
failover mechanism Standard Windows configuration
(WNLB) server version network multicasting among
fully transparent to servers shall be configured to
the end users get the best performance
fast and reliable
solution that covers
both load balancing
and fail over
Client based failover system expects that there is a smart component installed at the client system
that checks for server availability. Such system is fully active providing both server failover and
load-balancing.
( blue line - print from workstation , green line - print to the printer , black line - authentication from
terminal )
YSoft SafeQ Hardware Terminal for Printers/MFPs
Hardware terminal checks the server availability upon every authentication requests and
initialize the session with responding server.
YSoft SafeQ Workstation Client for Print Servers and User Workstations
The client component verifies availability of individual servers and re-directs print job to available
print server.
If the server fails, the client automatically prints the document to the other server
Print Job Data is not synchronized among servers, to ensure availability of stored print
jobs, it is recommended to use shared SAN storage.
This option is by default available for External Terminals and any workstation or print server with
installed YSoft SafeQ Client and print driver (system print queue).
OS based failover system works with assumption there is an operating system level mechanism that
can
1. provide single IP address / host name to external systems (so that print servers, user
workstations and multi-functional printers don't need to verify server availability or switch among
multiple servers and
2. provide mechanism to re-direct traffic to the secondary server(s) in case of primary server's
outage.
( blue line - print from workstation , green line - print to the printer , black line - authentication from
terminal )
Currently supported mechanisms are MSCS and NLB:
Windows Shared Print Queues (print drivers + Enterprise version of YSoft SafeQ Client) and
SafeQ components are deployed as a clustered services.
In this case redundancy requires that applications be installed on multiple servers within the
cluster. However, an application is online on only one node at any point in time.
Caveats:
SafeQ can have only one active CML node
such environment requires independent license for each cluster node
in case of failure, user has to wait to system restart (up to 5 minutes)
some pull accounting logs can be lost or duplicated in case of server failure
2. Clustering of Terminal Server service (Active-Passive) and having two SafeQ CML services
running (Active-Active)
Example of Terminal Server cluster:
Caveats:
System can run up to 4 SafeQ CML nodes, however only one Terminal Server can
be running in system (as TS do not have unique identifier for communication with
CML)
Limitations:
this solution is not working with pull accounting (e.g. Xerox with EIP version lesser
than 2)
The SafeQ System is extended with NLB support in the following way:
When the SafeQ System detects a failure of a particular server node, the newly elected master
node shall temporarily remove such failed node by using Microsoft-supported tools, such as
PowerShell or NLB.EXE.
Reasonably after the previously-failed node is operational again, the current master node shall
re-add the previously failed node to the NLB cluster. A timeout mechanism shall prevent the
cluster from removing and re-adding the nodes in a quick succession in case of short-term
failures (such as temporary lack of network connectivity which only spans few seconds) which
would result in decreased system performance due to thrashing.
Limitations:
Y Soft supports using NLB for introducing failover and load balancing only on Microsoft
Windows servers.
NLB needs to be configured in multicast mode to span SafeQ cluster nodes running
in different data centers or connected to different networks. Network multicast is ONLY
required to be supported among servers, but the cluster virtual IP address has to be
network-reachable from the MFPs or workstations.
Network uni-cast No extra network All data is transferred to all servers in the cluster,
configuration needed increasing load on the network.
The NLB shall be configured with port rules and affinity to maintain short term affinity of MFPs
with individual Tevice Server services to preserve user sessions. User sessions are not shared
among Terminal Server services.
All limitations of the NLB technology apply with the following exception(s):
The NLB technology alone does not support application failover and provides only load
balancing functionality – this limitation is lifted by adding NLB support to SafeQ for failing
over to correctly running SafeQ cluster nodes.
Status of services is monitored internally by SafeQ and in case of shutdown the node is
disconnected from NLB. SafeQ services must be set to un-register from NLB via services.
msc in case of crash.
manual re-balancing is needed in case of failure to restore pull accounting functionality.
New re-balancing cycle is needed after failback.
RE-BALANCING
To restore full accounting functionality in case of failure, master node provides option to automatically
/manually re-balance devices among all running DS.
System shall be capable of deployment of group of servers providing redundant solution (both
servers shall be able to accept sessions from workstations and terminals)
System shall be capable of operation regardless to which server in group the printing client or
terminal connects.
Servers in the group shall be able to share print job list and request print data from any other
server.
Servers in the group shall be able to access print job data on shared SAN storage.
System shall provide automated means for the system or client components to detect outage of
one server and re-direct incoming traffic to another server.
System shall alert SafeQ administrator about server outage via email.
For server-originated actions (e.g.job based accounting log collection, ...), the system shall hand-
over the operation to secondary server automatically or upon administrator's confirmation.
System shall provide cluster visual health overview via Administrative interface Dashboard
Widget
Servers in a YSoft SafeQ failover cluster must be installed and available on a high-speed, low-
latency LAN.
Load balancing is only supported if print drives and YSoft SafeQ clients are installed locally on
every workstation or on a print server
Server based real-time server failover system works only on single sub-net and vLAN
NLB server based real-time server failover system requires Windows server operating system
If one server fails, all operations (copy/scan) processing at that moment will be terminated and
user must start them again (e.g. re-authenticate at the terminal).
Web reports are only available on first node. If first node fails, web reports will not be available
until first node is recovered.
Print Job Data are not synchronized among servers, to ensure availability of stored print jobs, it
is recommended to use external shared SAN storage.
YSoft SafeQ CML cluster can be build from up to 4 servers ( In extreme cases, when connecting
more than 800 devices in one location and Print roaming is not possible to configure, a 5th
server can be connected to the system. Please consult your Y Soft specialist ).
Error rendering macro 'excerpt-include' : No link could be created for 'YSoft SafeQ Multi-server
Technology'.
OVERVIEW
OVERVIEW
YSoft SafeQ tags specify compatibility between print jobs and printers. If print document contains a tag,
which is not enabled for a device, job is marked as Incompatible and cannot be printed on this device.
Incompatible jobs can be displayed at the terminal, depending how YSoft SafeQ is configured
(administrators can choose to display them in case of heterogenous environment, where such jobs may
appear). For more details, please read Configuring displaying incompatible jobs.
SYSTEM TAGS
System tags refer to print language(s) used by a printer. System tags must be set according to the features
and capabilities available at the printer.
System tags can be enabled, but no new tags can be added or removed. To enable or disable tag, click the
tag name or icon.
Tags can be automatically added to print jobs using Rule-based printing, Mobile Print Server features or
using YSoft SafeQ Client (example: ForceDuplex tag, ForceBW tag, etc.).
If device has embedded terminal, it must be reinstalled when system tags are changed. Device wizard will
ask for reinstallation when device changes are saved.
USER TAGS
User tags are used to extend options of Rule-based printing.
User tags can be configured under Devices > Tools > User tags. Then, when the administrator wants to
set up a print queue that submits print jobs into YSoft SafeQ with user tags, using the SafeQ Client, the user
tag(s) should be appended to the queue name after the colon character. For example, the queue name in
the SafeQ Client configuration would be entered as "secure:UserTag1" (without the double-quotes).
DESCRIPTION
YSoft SafeQ gathers data for outputs produced by monitored printers, copiers and MFPs and presents
them via a centralized Web interface. For large print environments, the system also supports
integration with MS SQL OLAP Data Warehouse.
For various reasons YSoft SafeQ is typically able to address about 95-98 per cent of tracked
pages to individual users or departments, the difference is caused by various service prints,
system status prints, direct IP printing, server restarts, and limitations on the page meter
handling by devices. for details, please see Print tracking methods and Available Copy Tracking
Methods.
USER STORIES
1. Reporting - As a manager, I want to receive reports for the activity on controlled printers /
MFPs so that I have information to optimize our printing environment.
2. CRS - As a manager, I want to be able to centrally store reporting data into data warehouse so
that I can use business analysis tools to integrate the reporting data with our internal process
tools.
REQUIREMENTS
YSoft SafeQ shall provide pre-defined addressed reports available via the YSoft SafeQ Web
Interface:
User (name, login, ID), user department (if available in the Identity Database)
Originating workstation/server name
Output Device (name, location, evidence number, IP), device group, device cost center
Project code (if Project Print Tracking is enabled)
Output type (print, copy, scan)
Number of pages as per tracking method: total number of impressions, total number of
BW/color impressions, total number of small (A5/A4/letter) and large (A3/legal/tabloid)
pages, duplex usage
Estimated Page Coverage, and Estimated Toner Consumption Only available by print
job data stream analysis, where configured and for Offline Print tracking methods
Calculated Job price based on Administrator-defined price list
Print Job file type (e.g. PDF, Outlook, Image, .... based on the print job title)
Date and time (tracking of whole hours), time interval
YSoft SafeQ shall provide user definable addressed reports available via the YSoft SafeQ Web
Interface.
YSoft SafeQ shall provide user definable addressed reports via MS SQL Analysis Services
(OLAP).
YSoft SafeQ shall provide detailed job information and it's history via the YSoft SafeQ Web
Interface** Job date and time (in case of batch accounting several jobs can be accounted as a
single job)
Job name
User (name, login, ID)
Document name and type (depending on substring search, e.g. suffix)
Job list (history of operations with a job)
YSoft SafeQ shall provide export data to XML, CSV, XLS, HTML, PDF from SafeQ web
interface
YSoft SafeQ shall provide scheduled data export to XML, CSV, XLS, HTML, PDF to specified
folder or specified email addresses with periodicity: daily, weekly (for previous calendar week),
monthly (for previous calendar month), monthly (for past monthly period)
YSoft SafeQ shall support access restrictions based on YSoft SafeQ roles.
YSoft SafeQ Web administration interface (4.0) shall displas information whether the report is up-
to-data (e.g that all data has been collected and processed)
YSoft SafeQ Web reports shall support configurable restrictions on display of user identity
information (name, surname, login)
Print, copy or scan tracking must be configured (see details for tracking methods and tracked
information in Print/copy/scan tracking feature description).
Reporting interface has to be configured via YSoft SafeQ server deployment
CSDMagerCML task generated all data for reports. This task run one hour after finish of
previous one.
CSDMagerCML task base steps:
Generate data for green reports (propertyenable-purge_reports).
Copy jobs into DWH.
Generate data for CRS reports (property cdc-sender or web-stats-enable).
Generate data for Web reports (property web-stats-enable). We recomended to use this
in non CRS environment. For huge amount of pages, more then 2 milions per month, we
strictly recomended to use CRS instead Web reports.
Generate data for user terminal reports (property displayPrintedPagesPricesOnTerminal
and "CRS reports").
Generate data for dashboard (property web-stats-enable).
Delete old data from reports.
Update data in DWH based on late send data to YSoft SafeQ.
CSDMagerCML task maintenance steps (run once per day):
Delete old data from database.
Run database optimalization.
Properties cdc-sender and web-stats-enable should be enabled just at leading node.
Generate data for CRS reports: newest data for reports are used after specified interval after
saving this data into database. Data which was actualy printed will be in reports after specified
interval, configuration property: printJobAgeForStats [minutes], default value 60, allow range 10
- 120. In one node environment is printJobAgeForStats property irelevant, interval is set to 0
minutes by aplication.
Generate data for Web reports: for generate web reports are used data prepared for CRS
reports.
CAVEATS
Web reports can only handle millions of print job information, after reaching about 2 000 000
records (1 record ~= 1 user x one day x one device), the old data are being automatically
deleted. For data storage over longer periods it is necessary to use OLAP data warehouse.
Detailed job information are stored only for a pre-defined time (one month by default, max 3
months)
Role based access is available for web reports only; OLAP reporting access is limited by SQL
server access permissions
LICENSING
Usage and Cost Reporting feature is separated in a license where each license has specific limitation if
license for the feature expires or is not available in a license. Without valid licence,
DESCRIPTION
User Roaming is a complementary feature to the Print roaming. It enables roaming users within the
customer infrastructure and provide autoconfiguration capabilities to their working environment. A user
with a portable computer is able to print via the nearest ORS or CML server so that travelling user
doesn't need to do any manual re-configuration of print queues.
Travelling users can benefit from this feature by automatically having their print jobs sent to local
SafeQ server, wherever they are. Users do not require any additional configuration in order to print in
any branch office of their company.
SafeQ Client automatically identifies the local SafeQ ORS server (or the local near-roaming-group of
ORS servers, or the local node of a CML cluster, as the case may be) based on current network
environment. It uses the selected detection algorithm. In case of failure, follows static configuration.
DHCP option
Obtains the YSoft SafeQ CML or ORS server IP address(es) from a particular DHCP
option. The DHCP option code is statically configured (LPR being defined by code 9) in
customer environment by local network administrator.
If multiple IP addresses are configured by DHCP option 9, the random one is used for job
delivery.
If the YSoft SafeQ Client gets no valid IP address from the local DHCP server, "Static
configuration" method is used instead .
Supported by YSoft SafeQ Client 2.12 and higher
Static configuration
Default configuration
The way of configuring a list of specific IP addresses or hostnames, useful for simple
single-location situations or as a fallback for the case of failed autodiscovery of every
other method (e.g. "DHCP option" method does not return any valid response - no IP
address, "Static configuration" method is used instead).
Supported by YSoft SafeQ Client 1.0 and higher
DEPENDENCIES
LIMITATIONS / CAVEATS
The "DHCP option" autodiscovery method requires that DHCP option 9 is manually configured in
the respective DHCP servers for each subnet where clients are expected to connect.
DESCRIPTION
YSoft Mobile Print Server that allows users to print documents from mobile devices such as smart
phones and tablets. The solution is based on commonly known experience - sending an e-mail with
attachment or uploading document via dedicated web page. Such document gets retrieved from Mobile
Print Server by SafeQ, processed and stored in the print queue. Users can release their jobs at any
printer in SafeQ environment.
1. User sends an email to defined mail server with attached document to be printed.
a. Alternatively, user can upload a document via Mobile Print Server web interface.
2. Mobile Print Server checks the incoming email folder (or upload folder), converts documents to
PDF format and delivers it to SafeQ secured print queue.
3. User receives confirmation email with option to access the document via web browser.
a. User can upload a new document.
b. User can list through already processed documents.
c. User can see a preview and documents pages information.
d. User can delete a document.
e. User can define the output print to be simplex/duplex and/or gray scale/color.
f. User can print a document via selected direct queue.
4. User authenticates at the terminals and releases the document.
Mobile Print Server is second generation of YSoft SafeQ Mobile Print solution, independent of previous
one.
All major document formats are supported. These supported formats can be divided into several
groups according to their types:
MS Office document doc, docx, docm, dot, dotx, dotm, rtf, xls, xlsx, xlsm, xlsb, xltx, xltm, csv,
family ppt, pptx, pps, ppsx, pot, potx
Images jpg, jpeg, png, bmp, gif, tiff, ico, wmf, emf, svg
See Configuring Mobile Print Server for the configuration and deployment information.
See Using Mobile Print Server for the user workflow overview.
USER STORIES
1. EmailPrint As a User I want to print my documents by sending them to email and then
selecting finishing options at the web or terminal, so that I can print from any mobile device or
any computer without installing print drivers.
2. WebPrint As a User I want to print my documents by uploading them via secured web page
and then selecting finishing options, so that I can print from any mobile device or any computer
without installing print drivers.
REQUIREMENTS
Print job reception:
User shall be informed via reply to the email about success or failure of the acceptance and
conversion of "printed" data.
User shall be able to log into secured web page and perform following settings:
upload a new document,
delete a document,
release a document to a direct queue to be printed,
list through processed documents,
define duplex/simplex mode,
define color/gray scale mode,
see preview of a document and it's page information.
User authentication:
Administration:
Administrator shall be able to define IMAP(s) or POP3(s) account for email printing.
Administrator shall be able to enable/disable direct printing from Mobile Print Server web
interface.
Administrator shall be able to customize/localize the e-mail notification messages.
Every Mobile Print Server installation must use dedicated mailbox (e-mail address) for retrieving
print jobs.
Guest and anonymous printing is currently supported only with special license. For more
information see the article guest printing.
Use of Exchange IMAP is recommended.
Refreshing job list in Mobile Print web interface doesn't work on iOS devices.
Roamed jobs sent to a printer from Mobile Print web interface on ORS are not printed.
Job previews might not be displayed for some jobs in cluster environment.
When Mobile Print Server fails to process a job, the job is not being processed anymore and
could be lost.
Mobile web page is not reading and writing BW / duplex information properly.
iOS devices cannot be used for document upload at web interface.
Jobs are processed one at a time. Please consult sizing based on your environment with Y Soft
representative.
When uninstalling the Mobile Print Server, it is recommended to reboot the operating system to
ensure proper removal of Mobile Print service.
OVERVIEW
YSoft SafeQ Client is an optional component that delivers print jobs to YSoft SafeQ (CML and ORS)
servers. It can be used in place of the standard LPR protocol client (called "Standard TCP/IP Port" in
Microsoft Windows) to provide additional features, especially ones specific to YSoft SafeQ. It is typically
installed on end-user workstations or print servers (wherever printers are defined in the operating system),
and is a part of the printer definition. In Windows, it is implemented as a Windows Print Spooler Port Monitor
and an optional user interface application. In Linux and Mac OS X, it is a CUPS backend. In addition, a
command-line version, independent from the operating system's printing subsystem, is also available for
use in automated processes with a need to submit ready-made print jobs to a queue.
SUPPORTED PLATFORMS
YSoft SafeQ Client supports the following operating systems:
Notes:
YSoft SafeQ Client does not support Microsoft Windows 8 and newer with v4 (bundled) printer
drivers. Vendors' v3 drivers must be used.
YSoft SafeQ Client for Mac OS X version 4 or higher is assumed (a native Mac OS X application).
Store credentials for next print job (for more details see SafeQ Client
configuration options)
Specify billing/project code (available only when print driver is installed locally
on the workstation)
Failover / loadbalancing support (Client can deliver print job to any available
YSoft SafeQ server in multi-server environment. The client must be installed
on the same workstation/server as the print driver and thus the failover works
from this location onwards.)
Display estimated price of a print job, allow conversion from color to black and
white, display available money account balance (available only when print
driver is installed locally on the workstation)
Delegation Print (VIP Shared Queues) (available only when print driver is
installed locally on the workstation, but a solution using a rule in the Rule-
Based Engine is available as an alternative)
User roaming – Travelling users can print via the nearest ORS or CML server
without any manual re-configuration of print queues.
LICENSING
YSoft SafeQ Client does not require any extra license: it is licensed as part of YSoft SafeQ. As long as a
customer has a license for YSoft SafeQ (any modules and any number of devices), they can use YSoft
SafeQ Client on any number of computers, for any number of users.
Protocol Level 4
Generic
Communication
Getting values from server
Supported Get-* requests
Encryption
Authentication
Trusted client
Queue specification
Tags
Document
Finishing options
Values
Examples
Simple job with "testuser" account
Some comments on .NET implementation
Protocol Level 3 and older
PROTOCOL LEVEL 4
GENERIC
Protocol is message oriented. Client opens connection to server. Client sends request and server returns
response.
Request MAY continue on next line only in defined cases, like sending block of data with defined length.
Extra spaces in value part of request are NOT ignored and they're considered as part of value. E.g.: '%%%
SafeQ-Something: hello \n' will produce value ' hello '
COMMUNICATION
%%%SafeQ-Check:\n
Server just ignore this message and it keeps connection alive. This command serves client to determine
which server is available for printing.
%%%SafeQ-ProtocolLevel:4\n
This is necessary, because it allows SafeQ to determine proper processor for protocol.
%%%SafeQ-Version:Windows 2.0\n
%%%SafeQ-Compression:ZIP\n
Client MUST send data in chunks. Each chunk must begin with header:
%%%SafeQ-Data:<length in bytes>\n
%%%SafeQ-Data:0\n
Client MAY send information about job (only in case job parsing is enabled):
%%%SafeQ-Get-<VARIABLE>:\n
%%%SafeQ-Unknown:\n
%%%SafeQ-<VARIABLE>:<VALUE>\n
%%%SafeQ-Get-JobStatus:\n
Response:
%%%SafeQ-JobStatus:[OK|Abort]\n
%%%SafeQ-Get-JobSize:\n
Response:
%%%SafeQ-JobSize:<SIZE>\n
%%%SafeQ-Get-BrowserLink:\n
Response:
%%%SafeQ-BrowserLink:<LINK-URL_ENCODED>\n
Note: Size of browser window should be determined on client side from the HTML element body.
%%%SafeQ-Get-JobParsing:\n
%%%SafeQ-JobParsing:1\n
%%%SafeQ-Get-License:[Compression|Encryption]\n
Response:
%%%SafeQ-License:[Enabled|Disabled]\n
%%%SafeQ-Get-ConnectionClose:\n
Response:
%%%SafeQ-ConnectionClose:OK\n
Encryption
Client MAY request encryption - via TLS - STARTTLS. (Further info about STARTTLS - http://en.wikipedia.
org/wiki/STARTTLS)
%%%SafeQ-Get-Encryption:TLS\n
After acknowledging encryption from server side client MUST initiate TLS handshake.
Authentication
It is possible to authenticate user. The Client MUST send at least one of the following headers:
%%%SafeQ-Login:<LOGIN>\n
%%%SafeQ-Password:<PASSWORD>\n
%%%SafeQ-Card:<CARD>\n
%%%SafeQ-Get-Authentication:<METHOD>\n
Trusted client
The simplest way how to authenticate user is to send his SafeQ login in header.
%%%SafeQ-For:<LOGIN>\n
Queue specification
Client MAY specify printing queue (e.g.: Secure):
%%%SafeQ-LP:<QUEUE-NAME>\n
Tags
It is possible to set tags to job by sending following command.
It is possible to add user tag to queue name. Add tag name after queue name, delimiter is semicolon:
%%%SafeQ-LP:<QUEUE-NAME>:<TAG-NAME>\n
You can specify more tags, delimiter is comma. Do not add any extra spaces:
%%%SafeQ-LP:<QUEUE-NAME>:<TAG-NAME>,<TAG-NAME>,<TAG-NAME>\n
%%%SafeQ-Title:<TITLE>\n
%%%SafeQ-Note:<TEXT>\n
%%%Safeq-MachineName:<TEXT>\n
In case job is cancelled by user (job may be incomplete), the following header is sent (before end of job
data header - %%%SafeQ-Data:0\n):
%%%SafeQ-JobStatus:Cancelled\n
Client MUST NOT send any further SafeQ-Data block with non-zero size of data block. If such a block
occurs then server terminates connection because of protocol violation.
FINISHING OPTIONS
It is possible to set finishing options by sending following commands before sending last block of data.
%%%SafeQ-Finishing-Copies:<NUMBER>\n
%%%SafeQ-Finishing-Duplex:<DUPLEX-VALUE>\n
%%%SafeQ-Finishing-BW:<BOOLEAN>\n
%%%SafeQ-Finishing-Stapler:<BOOLEAN>\n
VALUES
EXAMPLES
It is possible to send job from command line. You can use netcat tool. Just store data into file in Unix format
(\n as line delimiter).
Netcat command:
%%%SafeQ-Check:
%%%SafeQ-ProtocolLevel:4
%%%SafeQ-For:testuser
%%%SafeQ-Title:Test Page
%%%SafeQ-Version:Windows 2.0
%%%SafeQ-Note:Note
%%%SafeQ-Domain:YSOFT
%%%SafeQ-MachineName:PC054
%%%SafeQ-Get-BrowserLink:
%%%SafeQ-JobID:2
%%%SafeQ-Data:3
abc%%%SafeQ-Data:0
// The memory stream capacity must be exactly the total size of input buffers (no trailing '\0'
characters)
using (var stream = new MemoryStream(commands.Select(c => c.Length).Sum()))
{
foreach (var cmd in commands)
{
stream.Write(cmd);
}
}
%%%SmartQ-CodePage: codepage
%%%SmartQ-For: username
%%%SmartQ-Title: title%%%SmartQ-LP: queue
%%%SmartQ-Sec: secureid
%%%SmartQ-Domain: domain
%%%SmartQ-JobID: jobid
%%%SmartQ-Zip: zip
<raw print job data>
Legend:
codepage: encoding mode for subsequent text fields - value "65001" means UTF-8.
queue: queue on YSoft SafeQ server, where job will be stored (note: queue must match queue on YSoft
SafeQ).
domain: specifies domain of workstation, which is sending the print job to SafeQ.
DESCRIPTION
For better user experience a new type of options were added to Rule based engine:
Send YSoft SafeQ Client notification to job owner - upon job reception SafeQ Client will display
notification message
Action Delete print job - upon job reception to SafeQ this job is deleted from spooler
USER STORIES
1. As an Administrator I want to set up rules which will notify the user's SafeQ Client when a job is
received by SafeQ in case the job is deleted - this is only one of many other cases.
2. As a SafeQ Client user I want to see the notification that administrator set to inform me about
job modification.
REQUIREMENTS
1. Administrator shall configure rules in Rule based engines with newly introduced options.
2. User shall install and configure SafeQ Client on his workstation.
LIMITATIONS
RBE Client notifications need to be configured together with one of following features: Billing Codes,
Price Estimations or Shared Queues.
LICENSING
Rule based engine Client notification is a feature licensed together with Rule-based engine.
This whitepaper describes the different configuration options for data security within YSoft SafeQ, required
configuration and related demands on customer infrastructure.
Print data security, also provided by YSoft SafeQ, is described in the Print roaming feature description.
COMMUNICATION PATHS
YSoft SafeQ, on very abstract level, is comprised of several network communication paths described in this
article. A general overview of the communication is as follows:
(1) Print data storage at SafeQ By default Optional AES. Optional PKI-
server based
(2) Copy / scan session data from n/a Optional TLS n/a
terminal to server (proprietary or SOAP)
(3a) Print from server to network By default Optional TLS (IPP over n/a
printer SSL)
(3b) Scan data delivery from MFP to By default Optional TLS (WebDAV n/a
server /S)
(4) SafeQ integration with identity By default (LDAP Optional TLS (LDAPS) n/a
database provider or JDBC)
(5) Scan data delivery from server to By default Protocol dependent n/a
destinations
(5) SafeQ integration with mail By default Optional TLS 1.0 n/a
server (SMTP)
(6) SafeQ integration with 3rd party Protocol Protocol dependent n/a
provider dependent
By default, SafeQ supports unauthenticated TLS communication for data paths 1,2,3,4,5,7,8.
3rd Party communication model is based on individual applications and/or protocols.
Server Authentication is supported by default for data paths:
4 (SafeQ server verifies LDAP certificate & domain name)
8 (Administrator web browser verifies SafeQ server certificate & server hostname).
Server Authentication is supported (using extended key management) for data paths:
1 (Client computer verifies SafeQ server certificate & server hostname. YSoft SafeQ Client
and printer drivers must be installed at the workstation, printer sharing from central server is
not possible)
2 (SafeQ terminal verifies SafeQ certificate & server IP address)
3a (SafeQ server verifies printer certificate & printer hostname)
3b (MFP verifies server certificate - this depends on MFP capabilities and requires trusted CA)
5 (SafeQ server verifies mail server certificate)
7 (ORS server verifies CML server certificate)
Client authentication is supported for:
2 (SafeQ server verifies SafeQ Terminal; this is valid for terminal professional only)
SafeQ Server Certificate(s) - for Terminals, Workstation Clients and administrator workstation(s).
Administrator creates self-signed certificates for all servers.
Server certificates (private keys) are stored in password protected key store on the SafeQ
server disk. Password is hard-coded to the application.
SafeQ Client displays "accept certificate" dialogue upon first print and stores the certificate to
Workstation store.
MFP Certificates
SafeQ retrieves X509 certificate on first connection to the MFP.
LDAP Certificate
SafeQ retrieves X509 certificate on first connection to the MFP.
AES ENCRYPTION FOR PRINT DATA STORAGE AT SAFEQ SERVER (DATA AT REST)
In case of not using PKI Based end-to-end encryption, unique AES session key generated by SafeQ client
and exchanged with SafeQ server using authenticated TLS session (1).
Key is stored with every job in SafeQ job database (SQL). Data are stored on hard drive encrypted
as received from client (1) and decrypted only into temporary memory only before delivery to the
printer (2).
Note that this functionality is currently not available.
TERMINAL AUTHENTICATION
SafeQ 5 support user authentication to the terminal in various modes (see Terminal Authentication Matrix).
Terminal always communicates authentication data (PIN codes, Card Numbers or User Credentials) via
secured TCP/IP communication to SafeQ server.
For ORS - data are ALWAYS verified with Local Data Cache and (only if not found locally) with CML.
For CML - PIN codes and Card Numbers are verified by sub-string match in SafeQ SQL database.
(see Identity management). PIN codes are typically stored in form of one-way hash. Data are
replicated to ORS data caches in scheduled intervals or on demand (by Administrator or 1st User
Access).
User Credentials (Login/Password) on CML are verified either by sub-string match in SafeQ SQL
database (if manually assigned to the user), with Kerberos 5 (see next chapter) or with LDAP - using
LDAP/S authentication mechanism. Locally stored passwords (hashes; if available) are replicated to
ORS data cache. If the password is found in ORS data cache, CML server (and further LDAP server
is not used)
AUTHORIZATION MODEL
YSoft SafeQ is managed via a centralized web interface.
It uses Role-based access control (RBAC) with Capability model for certain system operations. The
administrator can create multiple roles and delegate selected administrative and managerial permissions
and operations to these roles. It is also possible to define personal user accounts with full administrative
privileges, and disable the default, anonymous administrative account.
SafeQ supports replication of roles from external sources (e.g., Active Directory/LDAPS or CSV file) with
additional administration within SafeQ.
With Active Directory and eDirectory, the SafeQ system takes advantage of advanced Active Directory
specific replication information to optimize the replication process.
Data delivery throughput for PKI-based encryption via Terminal Professional is about 512 kbps.
Data delivery throughput for TLS based encryption (SSL over IPP) depends on the speed of the target
printer.
Passwords and authentication data are not logged. Access to the log files is not controlled and must be
managed on operating system level.
Internal SQL database. In case of embedded PGSQL/MSSQL Express, the database is accessible
only via the local host interface. In case of an external DB, the security model is the responsibility of
the database administrator. The database is accessible only with the name and password stored in
the configuration file.
Internal Configuration Files. Are stored in the SafeQ operation directory in a text format. The data
is secured on the same level of access as relevant directories and OS.
External Data sources. Configuration dependent. For LDAP integration security, please see LDAP
Integration Security document.
All passwords and user codes are stored in the configuration files and database in an encoded form
(one-way encryption is used). Access data to external systems (including access to the SQL DB
SafeQ itself) is stored as encoded by an AES-256 encryption (using hardcoded key).
Print job data is stored temporarily on the file system in the plain unencrypted form as received from
the source workstation, or optionally encrypted as specified in previous chapters. Using system
configuration, this data can be automatically deleted (not wiped) after print or administrator defined
expiration time.
USED TECHNOLOGIES
The whole solution is proprietary. Oracle Java 7 is used for System Core, MS .NET 4.5 Framework for MFP
integration and Apache Tomcat, MS SQL or PostgreSQL Database Engines are among standard 3rd party
components used in the solution.
ADDITIONAL NOTES
Some print drivers support print job data encryption for particular printer. This feature can only be used for
direct print to the specified device.
All session timeouts in the system (administrative console or terminal access) are administrator definable
using centralized web interface.
There are not practical limitations regarding character sets and length for usernames and passwords.
Certain MFPs may impose additional limitations on their own.
APPLICATION COMMUNICATION
By default SafeQ uses SSL based, authenticated encryption for all application level data transfers (server-
terminal, inter-server) based on built-in RSA keys and X509 certificates. Keys and certificates can be
replaced by customer certificates and are stored on the file system in encrypted file (using built-in, non-trivial
password).
IPsec Encrypted Print Data from Doesn't need any software at the
Workstation to SafeQ (Print) Server workstation or special configuration of
and from Server to Printer SafeQ application
Application based Encrypted Print Data From SafeQ Doesn't need support on infrastructure
SSL encryption (Print) Server (shared printer) and /network level
(Server-Printer) from Server to Printer
Data on the print server are not
encrypted and requires Security setup at
the Server
Application based Encrypted Print Data from Doesn't need support on infrastructure
SSL encryption Workstation to SafeQ (Print) Server /network level
(Workstation-Printer) and from Server to Printer
Requires print drivers and SafeQ
client to be installed on all workstations.
Application based Encrypted Print Data from Print data are encrypted all the way,
PKI encryption Workstation to Printer including data-at-rest on the server.
By default, SafeQ doesn't use any type of print data encryption. Print data encryption can significantly
(5x) slow down the print speed.
No Encryption Data are transferred over This is default configuration, MFPs scan
network in plain form using email, FTP or SMB protocols
(authenticated, un-encrypted)
IPsec Encrypted Scan Data from Requires IPsec support on MFPs and
MFP to SafeQ (Print) Server Print Servers
Application based SSL Encrypted Scan Data From Doesn't need support on infrastructure
encryption (MFP- MFP to SafeQ (Print) Server /network level
Server)
Data on the print server are not
encrypted and requires Security setup at the
Server
Application based SSL Encrypted Scan Data From Doesn't need support on infrastructure
encryption (MFP- MFP to SafeQ (Print) Server /network level
Server-Email) and Mail Server
Data are not stored on the server, but
removed immediately after delivery
By default, SafeQ doesn't use any type of print data encryption. Print data encryption can significantly
(5x) slow down the print speed.
which are defined in the X.500 family of standards. Today, LDAP is widely used mainly thank to the strong
support of the protocol in OpenLDAP (Open Source Directory Service), Novell eDirectory (formerly Novell
Directory Services) and Microsoft Active Directory.
For more information about LDAP, please refer to the following documents:
http://tools.ietf.org/rfc/rfc4510.txt
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
How to view and set LDAP policy in Active Directory http://support.microsoft.com/kb/315071
From the SafeQ perspective, LDAP support is essential because it is now one of the major ways how to
access corporate user account information. SafeQ uses such information for seamless authentication of
users.
SafeQ may retrieve the following information from a directory service (depends on configuration):
User account information (name, e-mail address, login name and any aliases, assigned cost center).
Password is not retrieved.
Card number and PIN.
Group membership (translated to SafeQ roles).
Groups (translated to SafeQ Roles for Role-based Access Control)
Traditional approaches to replication usually provide a challenge in designing and configuring the system
integration with directory service or multiple directory services, however SafeQ LDAP Replication
technology is designed to be deployable in small and big environments.
Replication is a process where data are copied from one data source to another. We only need to discuss
the one-way replication where one source acts as master, where modifications happen and the other acts
as subordinate, which stores data in read only manner. In our case, the master is the directory service and
the subordinate in SafeQ. During the replication, new data are copied from directory service to SafeQ,
existing data are updated and deleted data are marked as deleted.
The SafeQ LDAP Replication technology comes with the following features:
Integration with multiple directory services. SafeQ can also handle situations where single user
account exists in multiple directory trees or services or when user is a member of a group, which
exists in different tree or service.
Security awareness. SafeQ never replicates user passwords, even if it is technically possible or
permitted by the directory service.
Performance. SafeQ LDAP Replication operates in two modes: differential and full replication.
Differential replication replicates only changes occurred since the last (differential) replication. Full
replication replicates the entire directory tree(s) according to configuration.
By default, SafeQ replicates the following attributes (applies to Microsoft Active Directory configuration):
User: GUID, sAMAccountName, cn, sn, mail, memberOf; optional attributes: homeDirectory,
department, custom attribute with card ID such as otherPager
Group: GUID, sAMAccountName, description
User membership in a group is determined using the memberOf attribute. All replicated groups are
translated into SafeQ roles.
Data SafeQ stores a redundant copy of my SafeQ stores a read only copy of the
Redundancy data which may get invalid by local replicated data and correctly propagates all
changes. changes to the system. This way, data are
only provided in a way which generates less
overhead - data are replicated more
efficiently in batches.
Data It is not feasible to make local SafeQ maintains local and replicated data
Redundancy modifications as they will be overriden separately. For example if a user account
when replication occurs. has two ID cards, one replicated and one
added manually, the system will never
automatically delete the manually added
card.
Replication SafeQ leaks out potentially sensitive data All data stored in the system would be
of Sensitive by using replication. available to SafeQ even by using online
Data connection anyway. all the replicated data
would be available to SafeQ anyway and
stored in-memory, visible in reports, log files,
web interface and other parts of the system
which tracks and displays information.
Leaking Replication leaks out user passwords or SafeQ never replicates user passwords, even
Passwords at least stores them in less secure way. if it is technically possible. Password-based
authentication is handled using online
connection to the directory service.
Invalidation It is impossible to quickly invalidate user Differential replication (which also propagates
of User credentials. user credentials) has a very low overhead
Credentials (depending on the amount of changes in your
directory service) and can be run every few
minutes without raising the load imposed on
the directory service agents. This way, the
credential change is propagated very quickly.
Differential Replication mode requires a mean of tracking changes in the directory service to operate
correctly. When connected to the active directory, USN (Universal Sequence Numbers) are used to track
changes. When connected to Novell eDirectory, modification timestamps are used to track changes.
Differential Replication has currently one limitation: it is not possible to replicate deletion of objects. This is
based on the limitation of the most common directory services (Microsoft Active Directory and Novell
eDirectory) which provide no reliable way to track object deletion. Full Replication however replicates even
object deletion correctly.
RECOMMENDED CONFIGURATION
Regardless of the number of directory service you are going to use, you shall follow some basic guidelines
when configuring the LDAP Replication.
Schedule Differential Replication to run several times a day (even as often as every couple of minutes) and
Full Replication to run once a day, out of office hours. If you have 24/7 environment, schedule the full
replication to run off-peak hours.
If you have a complex rule structure, do not forget to correctly configure maximum page size in SafeQ.
Otherwise, only portion of the data will be replicated to SafeQ.
Scanning Overview
PKI (SMARTCARD BASED) OR LOGIN/PASSWORD BASED AUTHENTICATION AND SCAN TO NETWORK FOLDER
1. User information is typically replicated from LDAP server using secured (server-authenticated) LDAP
/S connection. This step is however purely optional. See Identity management for additional details.
2. User swipes/inserts the card and/or enters the PIN code. The information is transferred to SafeQ
using TLS based secure protocol (with client only authentication - server verifies identity of terminal).
Sever looks up the internal SQL database to find the user record connected with the entered PIN
code or card ID.
a. if Smart Card authentication or login/password authentication is used SafeQ server uses
Kerberos v5 protocol to get the Ticket Granting Ticket information (TGT) form Kerberos server.
b. Kerberos sends encrypted information back to the server
c. Server uses the secured connection to decipher the data
d. Server gets the deciphered data and looks up the internal database for respective user record
3. If the user is authorized to scan, the device panel is unlocked (either using serial smart blocking
cable from terminal or internal mechanism in case of MFP panel integrated (embedded) terminal.
4. User scans the data. MFP transfers the data using configured protocol (differs per MFP capabilities).
a. The most common option is data transfer via unsecured SMB of FTP protocol. (Target IP
address and folder is pre-configured at the MFP during initial MFP configuration).
b. Some devices allows data transfer using secured WebDAV protocol with server
authentication.
5. SafeQ gathers the accounting data using several mechanisms (see Print tracking methods). If the
online accounting method is used, SNMP protocol is used to gather the current page meter
information from the printer.
6. In case of vender provided accounting, the accounting information is transferred to SafeQ from
printer using SOAP or HTTPS POST message.
7. SafeQ server transfers the data using administrator-configured protocol.
In case of scanning to owner's email, data are transferred as email attachment. SafeQ server
accesses the email server using configured account with secured password authentication.
Data are transferred in plain form.
In case of scanning to the network folder, the scan is delivered to the home folder specified in
user record (inside SafeQ SQL database). Authentication to the network folder is based on
privileges of the system account that runs SafeQ to access the folder. The system account
MUST have the write access to all network home folders.
(7.a) In case of PKI based or login/password authentication used with:
Terminal Professional, SafeQ users Kerberos Ticket Granting Ticket (TGT) service and
impersonates the user to access the home folder. In such a case, no special privileges
for the system account that runs SafeQ are needed. Configuration can be done by
following description at Smart Card support
Terminal Embedded, SafeQ service must have full access to write to the home folders
of the users. Kerberos Ticket Granting Ticket (TGT) cannot be used.
NOTE: When a user is a member of the Administrators group and this workflow is used,
the job will be stored under the Administrators context, not the original user.
SESSION AUTHENTICATION
Both scan collection and scan delivery processes require authenticated user session to be established prior
the operation starts. User authenticates at terminal and selects scanning mode. Server receives the
authentication request (i.e. card swipe, SmartCard certificate verification, user credentials) via secured
network connection and verifies with configured data source (i.e. Active Directory) . If the verification is
successful SafeQ establishes a session, including all user information (i.e. user email, login name, home
folder, ...) . These information are used as a metadata for data delivery process.
DATA COLLECTION
SafeQ can be configured to receive data from source MFP in many ways. There is no special or additional
security level for the data collection part. The most common methods are data reception via email (SMTP)
or hot folder (SMB or FTP). The data flow is following:
DATA DELIVERY
SafeQ collects the data from the hot folder and delivers it to ONE defined destination. The delivery process
is limited by several items:
1. The delivery is only executed, if there is an authentication user session associated with the collected
document (i.e. the creator of the document is known).
2. For scan to email workflow, SafeQ server uses configured SMTP server to deliver the email.
Connection to SMTP server can be authenticated using service account defined in SafeQ
configuration file.
3. For scan to folder / home folder, SafeQ server tries to access to the destination folder using Windows
file access or SMB protocol.
a. By default, service account used for running SafeQ service at the server (or SafeQ daemon for
Linux environments) must have write access to the target directory - Authentication to the
a.
February 03, 2016
target directory is managed on the Operating System Level. For scan to home feature, this
means, the service account must have the write access to ALL user home directories. Home
directory information is associated with the authenticated user's record in SafeQ Identity
Database.
b. In case of configured Kerberos5 authentication (and login by Domain Credentials or Smart
Card) SafeQ uses Kerberos TGT to access the network folder (using SMB/CIFS protocol)
4. For scan to script feature, the command line script is executed for every scanned (collected) file.
SafeQ passes several parameters to the script - authenticated user's name, user's home directory,
path to collected file, source device information. The script is executed with the credentials of the
Service account used for running SafeQ service at the servers.
ABSTRACT
This document deals with how personal information about users in processed in SafeQ with respect to
different data sources, the lifecycle of data processing and potential legal implications, such as Act No. 101
/2000 Coll., on the protection of personal data in the Czech Republic.
DEFINITION OF PERSONAL USER INFORMATION
For the purpose of this document, the data which might be containing personal user information are referred
to as entities. We make an intentional distinction between Corporate Entities where all information
contained therein is coming from, related to and possibly owned by the legal body operating the SafeQ
system and Mixed Entities which may contain personal user information.
In this document, we also refer to data structure and make important distinction between unstructured data,
where the SafeQ system does not work with the data in a structured way (i.e. identifying elements of
information in the data and relationships between such elements) and structured data where the data
structure is taken into account.
1. Structured Data
a. Data exchanged between SafeQ and Identity Management Systems (e.g., Active Directory,
OpenLDAP)
b.
SafeQ system processes the following kinds of unstructured data which may contain Personal User
Information:
1. Print Jobs
2. Scanned Documents (also referred to as Scans)
1. (Optional) Job Title which may be specified as part of the print job data stream by means of
appropriate PCL commands. Such job title contain and refer to the contents of the print job or the
original document which was printed by a user resulting in the print job. Job Title may also be linking
the document to a particular person(s).
2. (Optional) Job Owner which is specified either as part of the print job data stream or as part of the
communication protocol used for receiving the print job by the system. The Job Owner links the print
job to a particular user account, which may or may not correspond to a real person(s).
This information is tracked for the purpose of reporting printed volumes on a per-user basis.
The SafeQ system usually defines one or more administrator user accounts (by default, the user account is
called “admin”). Such user accounts have permissions to view the Job Title and Job Owner information of all
print jobs.
The visibility of Job Title CAN BE DISABLED by using the configuration property:
If this configuration property is set to disabled, than no user accounts have permissions to view the titles of
print jobs in the SafeQ system Web Interface. Not even the user accounts identified as Job Owner can view
the Job Title(s) of appropriate Print Jobs. This means that the Job Title of any Print Job cannot be retrieved
from the system by any standard means.
The visibility and traceability of Job Owner CAN BE DISABLED by using the configuration property:
If this configuration property is set to disabled, than Job Owner information is never displayed in SafeQ Web
Interface or in SafeQ Reports. This means that there is than no standard way, how to connect particular
Print Job(s) or print volumes with particular user account(s).
The SafeQ system usually defines one or more administrator user accounts (by default, the user account is
called “admin”). Such user accounts have permissions to view the Job Owner information of all Scanned
Documents.
The visibility and traceability of Job Owner CAN BE DISABLED by using the configuration property:
If this configuration property is set to disabled, than Job Owner information is never displayed in SafeQ Web
Interface or in SafeQ Reports. This means that there is than no standard way, how to connect particular
Scanned Document(s) or print volumes with particular user account(s).
PERSONAL USER INFORMATION IN STRUCTURED DATA
Login Name
First (Given) Name
Surname
Password
Card IDs and PIN Numbers
E-Mail
Home Directory (*)
Cost Center associated with the User Account (*)
Default Billing Code for the User (*)
Elements marked with (*) are system-related settings and are not relevant for storing Personal Information.
All other elements may, but not necessarily must potentially contains personal information, however it is
crucial to define, how are these elements maintained.
User Accounts are created and managed in one of the following ways:
1. The User Account(s) are created and managed using the SafeQ web interface. By default, users can
access information related to their User Accounts only if and only if they can authenticate with the
system using their password. Administrator user accounts can manage any User account in the
system.
2. The User Account(s) are “imported” or “replicated” to SafeQ system using technical means from
another systems. Corporations usually employ systems for managing user identities and credentials,
usually referred to as Identity Management systems. SafeQ, if properly configured, can retrieve user
information from such systems.
Whether User Entity in SafeQ contains Personal Information depend on the policy governing what
data are entered to the system (above mentioned 1) or policy governing corporate identity
management (above mentioned 2).
SafeQ is using User entities for authentication and reporting, where the traceability of particular print
jobs / scanned documents to particular User Account(s) can be disabled by configuration (defined
above).
For more information refer to Adding and configuring users and Identity management in SafeQ
documentation.
Personal Information in other system entities
Besides the User mixed entity, the SafeQ system operates with the following entities:
OVERVIEW
Deployment of YSoft SafeQ solution requires installation of YSoft SafeQ server, which puts user
management, device management and additional system integrations at one place. Additional features may
require additional systems to be installed and configured.
Name Description
REQUIREMENTS
Hardware requirements
Software requirements
Network requirements
Identity management system (e.g. Active Directory) is recommended
NOTES
YSoft SafeQ CML must be properly installed and configured. It is a critical point, which - in case of
failure - may result in the inability of end user printing, copying, scanning and other related tasks.
Server failover is managed via application or operating system level redundancy, more details
available in Server failover.
Multi-location deployments are supported using distributed server system - Private Cloud.
By default YSoft SafeQ server is running under Local System. If it is necessary to run it under
another account (e.g. because of permissions for scanning hotfolders), such account must have
granted local administrator, run as service (and permissions to given hotfolders).
Please refer to Hardware requirements and Software requirements for server specific prerequisites.
Before deploying YSoft SafeQ in your environment, we always recommend to understand the environment
from the perspective of network communication, review the information about typical deployments and run
pre-installation checks.
Workstation requirements
1. Windows print queue – the input/output print queue inside operating system. The print queue is a
mechanism that provides print driver to a client software (e.g. to create a PCL/PS file, receive data
stream over a network, store it on the hard drive and serialize it to the printer).
2. YSoft SafeQ print queue – print queue inside YSoft SafeQ which can be connected to a specific
printer, terminal (reader) or group of users. From the perspective of Windows print queue, this
represents (LPR) queue name in the print queue backend. YSoft SafeQ server has an internal
mechanism to balance the load by partially serializing the incoming traffic; in theory there is no limit
on how many Windows print queues can be connected to the YSoft SafeQ server.
3. Network Device – physical printing device (single or multifunction printer) with terminal and card
reader. YSoft SafeQ server sends print jobs to the device. One network device typically represents
one or multiple Windows print queues.
4. YSoft SafeQ CML Server – main YSoft SafeQ server on a physical or virtual server. CML server
uses SQL database to retain print job data, LPR subsystem that receives prints from print server or
client workstations, web administration interface, system for managing requests from terminals and
readers and LDAP integration subsystem.
A single CML server can handle up to 200 network devices.
A 4-node CML cluster can handle up to 1600 network devices (note that reasonable hardware or
virtual platform is required).
5.
5. YSoft SafeQ ORS Server – spooler server on a physical or virtual server. Multiple ORSes can build
a roaming group which is able to handle up to 2000 devices in a 25-node system.
Each YSoft SafeQ ORS server can handle up to 200 network devices.
JVM is very memory intensive. When using virtual machines, servers shall have configured
memory reservation based on the maximum heap size of YSoft SafeQ CML/ORS server.
See Network communication overview for more details on YSoft SafeQ communication.
Up to 500 remote sites and total of 1000 Two-nodes CML server cluster, each with 6GB RAM.
devices
Additional remote sites (up to 2000 For every 500 remote sites, there is one node in a CML
remote sites) server cluster.
Up to 200 devices/server
Dual Core 2GHz or faster processor
YSoft SafeQ ORS (requires 2GB free RAM (4 GB RAM recommended), 1GB
connection to a central server) Network
Equal VM with at least 2 cores
20GB available disk space (disk size highly depends
on job size, print spooler and parser settings)
Connection to storage with a throughput of at least
150MB/s and 300 IOPS
disk performance is highly affected by
replication buffer persistence settings
(cacheReplicationBufferPersistent)
if the expected load is higher than 2000jobs
/hour, it is recommended to disable
cacheReplicationBufferPersistent option to
lower disk load and keep ORS and CML in the
same data center.
Up to 2000 devices
8-core 2.6Ghz (for example Intel X5355)
100 millions pages yearly (half printed, 16GB RAM recommended
half scan and copy) 200GB HDD (four years of statistics; default
configuration when keeping cubes with detailed
statistics for last three months and all basic statistics;
enabled reporting services)
Notes
When installing on Windows 2008 32bit, please install standalone PostgreSQL 9.2 32bit.
Installation of CML with embedded MS SQL database is not supported on server core editions.
YSoft SafeQ CML supports Microsoft Server Cluster (MSCS).
Using embedded terminals on YSoft SafeQ CML (embedded terminals connected to CML) always
requires Microsoft .NET 4.5.1.
Note: If you do not install Terminal Server component, Microsoft .NET 4.5.1 is not required;
embedded features will not be available.
Using embedded terminals on YSoft SafeQ ORS (embedded terminals connected to ORS) always
requires Microsoft .NET 4.5.1.
See Installing YSoft SafeQ CRS for additional requirements of the YSoft SafeQ CRS.
YSoft SafeQ 5 Server does not support Linux.
SUPPORTED DATABASES
Microsoft SQL Server 2012/2014 offers AlwaysOn Availability Group. This functionality is not
supported by SafeQ.
YSoft SafeQ CML requires a stable connection to the database server for its proper functionality.
YSoft SafeQ CML server requires two databases:
one is used for real-time access, configuration and active job data
second is used as data archive, primarily for reporting and data audit
YSoft SafeQ application level cluster requires two databases for each CML server. All databases can
be on the same database server (highly available SQL server is mandatory in this case)
Connection to the SQL server is realized on the Java level using secured JDBC connection (integral
part of the application)
YSoft SafeQ will not work if the connection to the database server and its databases is not
available, even in the case of short, intermittent outages.
DATABASE SIZING
Example based on real customer data (10 million pages per month):
Common settings:
Login credentials for YSoft SafeQ access, with ownership rights to its database
Collation case-insensitive
Reliable low-latency network connection (if the DB server is on another server)
PostgreSQL configuration:
UTF-8 collation
9.2 version only
Non-local-admin account for running PostgreSQL system service (Windows OS)
To install, update or run YSoft SafeQ 5.0 CML Server database user postgres and sync must have
superadmin role.
This page provides a complete list of ports and protocols that must be enabled on firewalls in order to
ensure YSoft SafeQ system functionality.
Optional TCP 515 LPR job reception from client workstations (LPR)
10kB - 1GB per
(if using workstation
print job
client)
Optional TCP 4097 proprietary SSL Access verification with job print from client
(if using workstation 100kB per print workstations (YSoft SafeQ Port Protocol)
client) job
Optional / TCP 9797 JMX CML DBSync system health monitoring via
Recommended from JConsole.
Localhost
(monitoring only)
(monitoring only)
Optional / TCP 9898 JMX ORS, CRS system health monitoring via
Recommended from JConsole.
Localhost
ORS only: Configurable by
(monitoring only) orsJmxServerPort property in
SafeQ system settings.
Optional / TCP 9999 JMX ORS Web (distributed layer) system health
Recommended from monitoring via JConsole.
Localhost
(monitoring only)
Optional / TCP 9000 JMX CML, CRS auxiliary internal port used by
Recommended from JMX server.
Localhost
CML only: Configurable by
jmxRmiServerPort property in
SafeQ system settings.
Optional / TCP 9005 JMX CML DBSync auxiliary internal port used by
Recommended from JMX server.
Localhost
Optional / TCP 19044 JMX ORS Web auxiliary internal port used by
Recommended from JMX server .
Localhost
Mandatory for embedded TCP 50001 proprietary WS Embedded (KM, Xerox, Sharp)
terminals /50003 SSL remote configuration
Mandatory with YSoft SafeQ TCP 80, proprietary Ricoh Terminal Embedded
Embedded Terminal for Ricoh 443, installation and automatic
ESA 8080, configuration used by RXOP
51443 libraries
Mandatory for online print UDP 161 SNMP Online accounting of network
/copy tracking printer MFP
Mandatory with YSoft SafeQ TCP 49629, HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for 49630 Terminal for Toshiba
Toshiba installation
Mandatory with YSoft SafeQ TCP 80, 443 HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for Xerox Terminal for Xerox/Fuji-Xerox
/Fuji-Xerox installation
Mandatory with YSoft SafeQ TCP 80, HTTP, YSoft SafeQ Embedded
Embedded Terminal for Konica 50003 proprietary WS Terminal for Konica Minolta
Minolta SSL installation
TCP 80 HTTP
Mandatory for YSoft SafeQ UDP 161 SNMP YSoft SafeQ Embedded
Embedded Terminal installation Terminal installation MFP
check
Mandatory with YSoft SafeQ TCP 4096, Proprietary YSoft SafeQ Embedded
Embedded Terminal for Ricoh 5012 Terminal (Ricoh
low volume, low
authentication and session
latency
control)
YSoft SafeQ Embedded
Terminal (Accounting and
charging)
Mandatory with YSoft SafeQ TCP 5011, HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for Browser 5012, Terminal browser
5013 communication
Mandatory with YSoft SafeQ TCP 5014- WS SSL YSoft SafeQ Embedded
Embedded Terminal for KM 5019 Terminal (KM) authentication
low volume, low
and session control
latency
Mandatory with YSoft SafeQ TCP 389 LDAP Internal LDAP for YSoft
Embedded Terminal for Toshiba SafeQ Embedded Terminal
for Toshiba
Mandatory with Network Card TCP 5011 Proprietary SSL Network Card Reader
Reader /5012 authentication
Mandatory for WebDAV scanning TCP 443 Secured Scanning from MFPs via scan
WebDAV workflow (optional, depending
/HTTPS on MFP capabilities)
Mandatory for embedded terminal TCP 21 FTP Scanning from MFPs via scan
scanning to folder (optional, depending
on MFP capabilities)
Mandatory for TCP 4099 CML > CML Application-level cluster synchronization
cluster
proprietary
Mandatory for TCP 6010 ORS > CML ORS-to-CML communication and
ORS synchronization
proprietary
~40 - 60 kB per
print job
Mandatory for TCP 4139 CML > CRS Reporting data collection
Central
proprietary
Reporting
~1kB per print
job
Mandatory for job TCP 8000 ORS > ORS Job data transfer for roaming jobs
roaming (uncompressed)
Mandatory for TCP 6020 CML > CML Internal communication between CMLs
load balancing
Mandatory for UDP configurable ORS > ORS Near Roaming Group synchronization.
near job roaming Multicast Mandatory for roaming groups with
10+ ORS servers.
Mandatory for TCP 7800 ORS > ORS Near Roaming Group synchronization.
near job roaming Required for roaming groups up to 10
ORS servers.
Mandatory for TCP 20222 CML/MPS > RMI registry port used by web for
web status CML SafeQRemote listening and binding
information
Mandatory for TCP 20223 CML/MPS > RMI registry port used by web for
web status CML incoming connections
information
Mandatory for TCP 20224 CML/MPS > RMI registry port used by web for
web status CML UserManagerRemote binding and
information listening
Mandatory for TCP 20225 CML/MPS > RMI registry port used by web for
web status CML PaymentManagerRemote binding and
information listening
Mandatory for TCP 9100 AP > CML, ORS AirPrint to CML/ORS via client protocol
AirPrint
Mandatory for TCP 5556 AP > CML, ORS AirPrint (AP) component,
AirPrint communication with server application
Optional for etcd TCP 2380 etcd > etcd Default value of port for communication
between etcd nodes (either between
CML nodes in the cluster or between on
ORS nodes in near roaming group)
Optional for etcd TCP 2379 TS > etcd Default value of port used by the
Terminal Server to communicate with
the local etcd
OTHER COMMUNICATION
Mandatory for LDAP TCP 686 CML > LDAP LDAP integration (server > LDAP
synchronization controller) secured over SSL
Optional TCP 389 CML > LDAP LDAP integration (server > LDAP
controller)
Optional TCP 3268 CML > LDAP LDAP integration (server > LDAP
controller)
(global catalogue)
Optional TCP 4100 Terminal > SafeQ Port where the terminal update
(if using firmware service is running (configurable by rs-
updates of HW terminal-update-port)
terminals)
Optional TCP 4444 Rech. Station > YSoft SafeQ Payment Machine
(if using Payment CML (QuickChip); not supported by YSoft
system) SafeQ5
Optional
(if using Payment
system)
Optional TCP 8443 CML/TS > YSoft web, rest services (APIs)
(if using Payment Payment System
system)
Optional TCP 80 SafeQ Client -> ORS web communication with client
(if using workstation ORS web (billing codes etc.)
client)
Mandatory for AirPrint UDP 5353 AirPrint > subnet AirPrint (AP) component multicast to
subnet using Bonjour
Mandatory for AirPrint TCP 8050 client > AirPrint Job delivery from iOS or MAC client
to AirPrint (AP) over IPPS. 8050 is
default but configurable port.
CLUSTER INSTALLATION
The following diagram is for reference only and does not show all possible options.
DHCP SUPPORT
Terminals can be configured in static IP or dynamic IP (DHCP) mode.
TERMINAL PROFESSIONAL
Uses UDHCP Client ver. 1.2.1. If DHCP server is not available then DHCP client keeps running in
background.Terminal boots normally but no connection to network is available.
TERMINAL ULTRALIGHT
Uses DHCP client according to RFC 2131 and RFC 1533.If DHCP server is not available then zero network
configuration according to RFC 3927 is started within 2 seconds. (Terminal stays in the "initializing" dialog
(green leds animated around).Terminal TCP server (TCP port 4095) and UDP locator (UDP port 64099) are
available during zero network configuration.The DHCP client continues operating in the background. As
soon as the DHCP client gets a valid DHCP lease, the zero network configuration is shut down and the
terminal continues in standard operation.)
TERMINAL PROFESSIONAL
Multi-threaded connection to SafeQ servers: 500ms before next deploy, maximum number of servers in
cluster: 10, total connection timeout: 15-22s depending on node count. Timeout for established SafeQ
server connection: 20s-2min depending on protocol state.Closing connection causes immediate user
session end.
TERMINAL ULTRALIGHT
Timeout for connecting per SafeQ server: 2s, number of connection attempts per server: 3, maximum
number of servers in cluster: 5. Timeout for established SafeQ server connection: 30s. Timeout for
established SafeQ server connection, before sending user authentication data: 1s. Closing connection
causes immediate user session end.
IPV6 SUPPORT
External hardware terminals support IPv4. If IPv6 is required, customization of Terminal Professional
firmware is possible.
LPR
JetDirect
TCP RAW/9000
New versions may bring support for new delivery protocols (e.g. IPP/IPP over SSL).
In SafeQ 5, backends are also augmented with Decorators. Backend Decorators act as filters which are
applied in sequence to the delivered jobs. These filters are used for many things, like injecting PJL headers
into a job, removing or changing PJL headers, modifying contents of the print job
SINGLE LOCATION
YSoft SafeQ can be installed on dedicated or print server. Print jobs are routed through YSoft SafeQ,
which additionally controls access to multifunction devices and printers. Each location has its own
individual YSoft SafeQ installation and is managed independently. YSoft SafeQ server offers failover
based on synchronized application-level redundancy or operating system clustering. ( learn more)
SMALL BUSINESS
ORS servers, centralized administration and reporting is required. In this situation, printing and MFP
access at the largest location are managed by a YSoft SafeQ CML server, with other locations handled
by independent ORS server(s). The entire system is managed from one central location.
NOTES: Each ORS can handle only a limited number of printers. It is highly recommended that a
failover system be established by means of server virtualization, clustering, or daily backup
procedures.
For detailed distributed system information, please see Distributed Server System - Private Cloud.
REGIONAL GOVERNMENT
For customers with multiple locations that are all about the same size, we recommend the use of a fully
distributed environment with a centralized administrative location.
Print servers for individual buildings should be equipped with a YSoft SafeQ ORS application, which
manages printing and MFP access within the local building. The YSoft SafeQ CML system is used only
as a centralized management, integration, and reporting point. Online connection between the CML
server and ORS servers is required, even if the connection is slow.
NOTES: Each ORS can handle only a limited number of printers. It is highly recommended that a
failover system be established by means of server virtualization, clustering, or daily backup
procedures.
This architecture cannot be used in situations where the Payment System is required.
For detailed information about distributed server system, please read Distributed Server System -
Private Cloud.
RETAIL BANK
Every customer site with more than 20 users has a print server. This print server can be virtual,
dedicated, or shared with other applications. Although many of the remote site locations may not have
a constant connection to the main data center, some connection to the main data center is required,
even if slow. The print server at each location manages all printing and copy locally and is equipped
with an installed YSoft SafeQ Offline Remote Spooler (ORS) service. Each ORS can handle only a
limited number of printers. It is highly recommended that a failover system be established by means of
server virtualization, clustering, or daily backup procedures.
A data center with a YSoft SafeQ Enterprise Central Management Layer (CML) cluster (2-4 servers) is
distributed across headquarters locations and provides central administration and integration services.
The CML cluster also directly handles printing services in the locations directly connected to the data
center (a maximum of 100 devices can be connected to each CML server).
The data center also includes YSoft SafeQ Central Reporting Services (CRS Enterprise), which
provides access to all required reports via MS SQL OLAP and Analysis Services.
For detailed information about distributed server system, please read Distributed Server System -
Private Cloud.
For the largest global organizations with a large number of devices and multiple locations across large
metropolitan areas or campuses, ORS server farms or clusters should be used.
With this type of company, the vast majority of users usually print at their home location. However,
some users frequently travel among buildings throughout the metropolitan area. In that case, fully
transparent Print roaming is required. To enable Print roaming, clustered ORS servers are used. Each
cluster manages its own location, or is part of a larger high-speed network that covers a metropolitan
area "within walking distance." Single ORS servers are used only for smaller remote offices. Printing
via an ORS cluster is fully transparent to the user. The system can be configured so that meta data are
synchronized between ORS clusters (with a defined delay) so there is fully transparent Print roaming
among ORS clusters as well. However, because the print job data remain at the original location, print
speed can be affected by network bandwidth and latency.
Typically with this type of large organization, some users also frequently travel among remote locations
or different areas. These users require the ability to release the print job at any location, wherever they
are. To meet those needs, additional steps (manual selection or pre-roaming in the background) are
required to release the jobs at any location. To achieve that, this architecture utilizes a"super CML"
system, which is not dedicated for printing, but which coordinates Print Roaming between CML clusters
and ORS systems.
For detailed information about distributed server system, please read Distributed Server System -
Private Cloud.
SPECIAL
YSoft SafeQ can be deployed in additional environments. However, each case must be considered and
analyzed individually.
Please consult any special uses of YSoft SafeQ with YSoft representatives.
FOLLOWING FEATURES HAS TO BE INSTALLED AND AVAILABLE ON THE SERVER FOR SAFEQ CML SERVER INSTALLATION
No Web server may be installed on the computer. (If installed, it must not listen on TCP port 80).
Windows Installer 4.5 must be installed in order to use embedded MS SQL 2008 Express installation.
The latest version of web browser shall be installed (IE, Chrome or Firefox).
Optional TCP 515 LPR job reception from client workstations (LPR)
10kB - 1GB per
(if using workstation
print job
client)
Optional TCP 4097 proprietary SSL Access verification with job print from client
(if using workstation 100kB per print workstations (YSoft SafeQ Port Protocol)
client) job
Optional / TCP 9797 JMX CML DBSync system health monitoring via
Recommended from JConsole.
Localhost
(monitoring only)
(monitoring only)
Optional / TCP 9898 JMX ORS, CRS system health monitoring via
Recommended from JConsole.
Localhost
ORS only: Configurable by
(monitoring only) orsJmxServerPort property in
SafeQ system settings.
Optional / TCP 9999 JMX ORS Web (distributed layer) system health
Recommended from monitoring via JConsole.
Localhost
(monitoring only)
Optional / TCP 9000 JMX CML, CRS auxiliary internal port used by
Recommended from JMX server.
Localhost
CML only: Configurable by
jmxRmiServerPort property in
SafeQ system settings.
Optional / TCP 9005 JMX CML DBSync auxiliary internal port used by
Recommended from JMX server.
Localhost
Optional / TCP 19044 JMX ORS Web auxiliary internal port used by
Recommended from JMX server .
Localhost
Mandatory for embedded TCP 50001 proprietary WS Embedded (KM, Xerox, Sharp)
terminals /50003 SSL remote configuration
Mandatory with YSoft SafeQ TCP 80, proprietary Ricoh Terminal Embedded
Embedded Terminal for Ricoh 443, installation and automatic
ESA 8080, configuration used by RXOP
51443 libraries
Mandatory for online print UDP 161 SNMP Online accounting of network
/copy tracking printer MFP
Mandatory with YSoft SafeQ TCP 49629, HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for 49630 Terminal for Toshiba
Toshiba installation
Mandatory with YSoft SafeQ TCP 80, 443 HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for Xerox Terminal for Xerox/Fuji-Xerox
/Fuji-Xerox installation
Mandatory with YSoft SafeQ TCP 80, HTTP, YSoft SafeQ Embedded
Embedded Terminal for Konica 50003 proprietary WS Terminal for Konica Minolta
Minolta SSL installation
Mandatory for YSoft SafeQ UDP 161 SNMP YSoft SafeQ Embedded
Embedded Terminal installation Terminal installation MFP
check
Mandatory with YSoft SafeQ TCP 4096, Proprietary YSoft SafeQ Embedded
Embedded Terminal for Ricoh 5012 Terminal (Ricoh
low volume, low
authentication and session
latency
control)
YSoft SafeQ Embedded
Terminal (Accounting and
charging)
Mandatory with YSoft SafeQ TCP 5011, HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for Browser 5012, Terminal browser
5013 communication
Mandatory with YSoft SQTA or TCP 5021, HTTP/HTTPS YSoft SafeQ Terminal
YSoft SafeQ Embedded Terminal 5022 Application communication
for Browser (Sharp)
Mandatory with YSoft SafeQ TCP 5014- WS SSL YSoft SafeQ Embedded
Embedded Terminal for KM 5019 Terminal (KM) authentication
low volume, low
and session control
latency
Mandatory with YSoft SafeQ TCP 389 LDAP Internal LDAP for YSoft
Embedded Terminal for Toshiba SafeQ Embedded Terminal
for Toshiba
Mandatory with Network Card TCP 5011 Proprietary SSL Network Card Reader
Reader /5012 authentication
Mandatory for embedded terminal TCP 21 FTP Scanning from MFPs via scan
scanning to folder (optional, depending
on MFP capabilities)
Optional - Passive FTP transfers TCP >1023 FTP Range of ports for passive
FTP transfers (optional,
(for embedded terminal scanning) depending on SafeQ setting,
configurable by
ftpPassivePorts)
Mandatory for TCP 4099 CML > CML Application-level cluster synchronization
cluster
proprietary
Mandatory for TCP 6010 ORS > CML ORS-to-CML communication and
ORS synchronization
proprietary
~40 - 60 kB per
print job
Mandatory for TCP 4139 CML > CRS Reporting data collection
Central
proprietary
Reporting
Mandatory for job TCP 8000 ORS > ORS Job data transfer for roaming jobs
roaming (uncompressed)
Mandatory for TCP 6020 CML > CML Internal communication between CMLs
load balancing
Mandatory for UDP configurable ORS > ORS Near Roaming Group synchronization.
near job roaming Multicast Mandatory for roaming groups with
10+ ORS servers.
Mandatory for TCP 7800 ORS > ORS Near Roaming Group synchronization.
near job roaming Required for roaming groups up to 10
ORS servers.
Mandatory for TCP 20222 CML/MPS > RMI registry port used by web for
web status CML SafeQRemote listening and binding
information
Mandatory for TCP 20223 CML/MPS > RMI registry port used by web for
web status CML incoming connections
information
Mandatory for TCP 20224 CML/MPS > RMI registry port used by web for
web status CML UserManagerRemote binding and
information listening
Mandatory for TCP 20225 CML/MPS > RMI registry port used by web for
web status CML PaymentManagerRemote binding and
information listening
Mandatory for TCP 9100 AP > CML, ORS AirPrint to CML/ORS via client protocol
AirPrint
Mandatory for TCP 5556 AP > CML, ORS AirPrint (AP) component,
AirPrint communication with server application
Optional for etcd TCP 2380 etcd > etcd Default value of port for communication
between etcd nodes (either between
Optional for etcd TCP 2379 TS > etcd Default value of port used by the
Terminal Server to communicate with
the local etcd
OTHER COMMUNICATION
Mandatory for LDAP TCP 686 CML > LDAP LDAP integration (server > LDAP
synchronization controller) secured over SSL
Optional TCP 389 CML > LDAP LDAP integration (server > LDAP
controller)
Optional TCP 3268 CML > LDAP LDAP integration (server > LDAP
controller)
(global catalogue)
Optional TCP 4100 Terminal > SafeQ Port where the terminal update
(if using firmware service is running (configurable by rs-
updates of HW terminal-update-port)
terminals)
Optional TCP 4444 Rech. Station > YSoft SafeQ Payment Machine
(if using Payment CML (QuickChip); not supported by YSoft
system) SafeQ5
Optional TCP 8080 CML/TS > YSoft web, rest services (APIs)
(if using Payment Payment System
system)
Optional TCP 8443 CML/TS > YSoft web, rest services (APIs)
(if using Payment Payment System
system)
Optional TCP 80 SafeQ Client -> ORS web communication with client
(if using workstation ORS web (billing codes etc.)
client)
Mandatory for AirPrint UDP 5353 AirPrint > subnet AirPrint (AP) component multicast to
subnet using Bonjour
Mandatory for AirPrint TCP 8050 client > AirPrint Job delivery from iOS or MAC client
to AirPrint (AP) over IPPS. 8050 is
default but configurable port.
CLUSTER INSTALLATION
A static IP address must be set on the server before the installation of SafeQ CRS.
Computer with supported platform installed.
Server hardware and storage space is according to specification; the estimated DB capacity is
approx. 5 GB for one month of data storing.
No other software installed, except as agreed by YSOFT
Physical server dedicated only for SafeQ CRS server.
.NET Framework 4.0 Full Profile installed
IIS enabled, ASP.NET support set up
Latest security patches installed on operating systems
Antivirus Settings
There is no other software that can interfere with SafeQ installed on the server, especially another
database (unless it's intended for SafeQ), or Other Print Solution, except as specified in this
document.
YSoft SafeQ CRS Enterprise must be installed on a dedicated server – not where another instance of YSoft
SafeQ is running.
As a prerequisite for YSoft SafeQ CRS installation, Microsoft SQL Server must be installed and running on
the same server with the following minimum components:
Database Engine
SQL Server Agent
Analysis Services
Reporting Services
Integration Services
Workstation components (including SQL Server Management Studio)
In order to install YSoft SafeQ CRS, before beginning installation of MS SQL Server, MS IIS (a
component of the Microsoft Windows Server operating system) must be installed.
Microsoft SQL Server Enterprise Edition is recommended, although Standard Edition may be sufficient for
smaller installations.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles are
required: SQL Server Analysis Services "Server administrators" group.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are
required: db_ssisadmin.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Reporting Services roles are
required: SQL Server Reporting Services "System administrator" role.
To run YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles are required: SQL
Server Analysis Services "Server administrators" group.
To run YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are required:
db_ssisoperator.
To run package at YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are
required: db_ssisoperator.
To browse reports at YSoft SafeQ 5.0 CRS Server the following SQL Server Reporting Services roles are
required: SQL Server Reporting Services "Browser" role.
See the MS SQL Server 2008 installation procedure and MS SQL Server 2012 installation
procedure for information how to install MS SQL Server for YSoft SafeQ CRS.
FOLLOWING FEATURES HAS TO BE INSTALLED AND AVAILABLE ON THE SERVER FOR ORS SERVER INSTALLATION
Following criteria shall be met in order to install ORS in near roaming group (NRG):
Following criteria shall be met in order to install ORS on a server with several network interfaces
Server is configured as described in: SafeQ ORS on a server with two or more network interfaces
Optional TCP 515 LPR job reception from client workstations (LPR)
10kB - 1GB per
(if using workstation
print job
client)
Optional TCP 4097 proprietary SSL Access verification with job print from client
(if using workstation 100kB per print workstations (YSoft SafeQ Port Protocol)
client) job
Optional / TCP 9797 JMX CML DBSync system health monitoring via
Recommended from JConsole.
Localhost
(monitoring only)
Optional /
Recommended from
Localhost
(monitoring only)
Optional / TCP 9898 JMX ORS, CRS system health monitoring via
Recommended from JConsole.
Localhost
ORS only: Configurable by
(monitoring only) orsJmxServerPort property in
SafeQ system settings.
Optional / TCP 9999 JMX ORS Web (distributed layer) system health
Recommended from monitoring via JConsole.
Localhost
(monitoring only)
Optional / TCP 9000 JMX CML, CRS auxiliary internal port used by
Recommended from JMX server.
Localhost
CML only: Configurable by
jmxRmiServerPort property in
SafeQ system settings.
Optional / TCP 9005 JMX CML DBSync auxiliary internal port used by
Recommended from JMX server.
Localhost
Optional / TCP 19044 JMX ORS Web auxiliary internal port used by
Recommended from JMX server .
Localhost
Mandatory for embedded TCP 50001 proprietary WS Embedded (KM, Xerox, Sharp)
terminals /50003 SSL remote configuration
Mandatory with YSoft SafeQ TCP 80, proprietary Ricoh Terminal Embedded
Embedded Terminal for Ricoh 443, installation and automatic
ESA 8080, configuration used by RXOP
51443 libraries
Mandatory for online print UDP 161 SNMP Online accounting of network
/copy tracking printer MFP
Mandatory with YSoft SafeQ TCP 49629, HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for 49630 Terminal for Toshiba
Toshiba installation
Mandatory with YSoft SafeQ TCP 80, 443 HTTP/HTTPS YSoft SafeQ Embedded
Embedded Terminal for Xerox Terminal for Xerox/Fuji-Xerox
/Fuji-Xerox installation
Mandatory with YSoft SafeQ TCP 80, HTTP, YSoft SafeQ Embedded
Embedded Terminal for Konica 50003 proprietary WS Terminal for Konica Minolta
Minolta SSL installation
Mandatory for YSoft SafeQ UDP 161 SNMP YSoft SafeQ Embedded
Embedded Terminal installation Terminal installation MFP
check
Mandatory with YSoft SafeQ TCP 4096, Proprietary YSoft SafeQ Embedded
Embedded Terminal for Ricoh 5012 Terminal (Ricoh
low volume, low
authentication and session
latency
control)
YSoft SafeQ Embedded
Terminal (Accounting and
charging)
TCP HTTP/HTTPS
Mandatory with YSoft SQTA or TCP 5021, HTTP/HTTPS YSoft SafeQ Terminal
YSoft SafeQ Embedded Terminal 5022 Application communication
for Browser (Sharp)
Mandatory with YSoft SafeQ TCP 5014- WS SSL YSoft SafeQ Embedded
Embedded Terminal for KM 5019 Terminal (KM) authentication
low volume, low
and session control
latency
Mandatory with YSoft SafeQ TCP 389 LDAP Internal LDAP for YSoft
Embedded Terminal for Toshiba SafeQ Embedded Terminal
for Toshiba
Mandatory with Network Card TCP 5011 Proprietary SSL Network Card Reader
Reader /5012 authentication
Mandatory for WebDAV scanning TCP 443 Secured Scanning from MFPs via scan
WebDAV workflow (optional, depending
/HTTPS on MFP capabilities)
TCP 21 FTP
Optional - Passive FTP transfers TCP >1023 FTP Range of ports for passive
FTP transfers (optional,
(for embedded terminal scanning) depending on SafeQ setting,
configurable by
ftpPassivePorts)
Mandatory for TCP 4099 CML > CML Application-level cluster synchronization
cluster
proprietary
Mandatory for TCP 6010 ORS > CML ORS-to-CML communication and
ORS synchronization
proprietary
~40 - 60 kB per
print job
Mandatory for TCP 4139 CML > CRS Reporting data collection
Central
proprietary
Reporting
~1kB per print
job
proprietary
Mandatory for job TCP 8000 ORS > ORS Job data transfer for roaming jobs
roaming (uncompressed)
Mandatory for TCP 6020 CML > CML Internal communication between CMLs
load balancing
Mandatory for UDP configurable ORS > ORS Near Roaming Group synchronization.
near job roaming Multicast Mandatory for roaming groups with
10+ ORS servers.
Mandatory for TCP 7800 ORS > ORS Near Roaming Group synchronization.
near job roaming Required for roaming groups up to 10
ORS servers.
Mandatory for TCP 20222 CML/MPS > RMI registry port used by web for
web status CML SafeQRemote listening and binding
information
Mandatory for TCP 20223 CML/MPS > RMI registry port used by web for
web status CML incoming connections
information
Mandatory for TCP 20224 CML/MPS > RMI registry port used by web for
web status CML UserManagerRemote binding and
information listening
Mandatory for TCP 20225 CML/MPS > RMI registry port used by web for
web status CML PaymentManagerRemote binding and
information listening
Mandatory for TCP 9100 AP > CML, ORS AirPrint to CML/ORS via client protocol
AirPrint
Mandatory for TCP 5556 AP > CML, ORS AirPrint (AP) component,
AirPrint communication with server application
Optional for etcd TCP 2380 etcd > etcd Default value of port for communication
between etcd nodes (either between
CML nodes in the cluster or between on
ORS nodes in near roaming group)
Optional for etcd TCP 2379 TS > etcd Default value of port used by the
Terminal Server to communicate with
the local etcd
OTHER COMMUNICATION
Mandatory for LDAP TCP 686 CML > LDAP LDAP integration (server > LDAP
synchronization controller) secured over SSL
Optional TCP 389 CML > LDAP LDAP integration (server > LDAP
controller)
Optional TCP 3268 CML > LDAP LDAP integration (server > LDAP
controller)
(global catalogue)
Optional TCP 4100 Terminal > SafeQ Port where the terminal update
(if using firmware service is running (configurable by rs-
updates of HW terminal-update-port)
terminals)
Optional TCP 4444 Rech. Station > YSoft SafeQ Payment Machine
(if using Payment CML (QuickChip); not supported by YSoft
system) SafeQ5
Optional
(if using Payment
system)
Optional TCP 8443 CML/TS > YSoft web, rest services (APIs)
(if using Payment Payment System
system)
Optional TCP 80 SafeQ Client -> ORS web communication with client
(if using workstation ORS web (billing codes etc.)
client)
Mandatory for AirPrint UDP 5353 AirPrint > subnet AirPrint (AP) component multicast to
subnet using Bonjour
Mandatory for AirPrint TCP 8050 client > AirPrint Job delivery from iOS or MAC client
to AirPrint (AP) over IPPS. 8050 is
default but configurable port.
CLUSTER INSTALLATION
PREREQUISITES
Please make sure that the following criteria are met before the installation of ORS is started:
1. Hostname of the server with more network interfaces is resolved as the IP address dedicated for
the ORS (i.e. hostname is mapped to the correct NIC).
2. All CML nodes where this ORS will be connected to must be able to resolve this hostname
correctly.
3. All ORSes which are/will be members of near roaming group needs to be able to resolve this
hostname correctly.
4. The interface bound to the IP address dedicated for ORS must be configured as the first active
network interface in the list of available adapters and bindings.
see the description below for the basic instructions how to verify this step
additional information about this step can be found at http://technet.microsoft.com/en-us/library
/cc732472.aspx if needed
HOW TO VERIFY THAT ADAPTER WITH IP ADDRESS DEDICATED FOR ORS IS FIRST IN THE LIST OF AVAILABLE ADAPTERS
Step 1 - Find the adapter that uses IP address dedicated for ORS
This section describes the way how to identify the network adapter which uses the IP address dedicated for
ORS.
1 Log in to server and Open command prompt (e.g. Start => Run => services.msc)
3 Find which adapter is configured to use the IP address dedicated for ORS.
Example: If the needed IP address is mentioned in "Ethernet adapter Local Area Connection "
section, the Local Area Connection is the connection we need.
1 Open Control Panel -> Network and Sharing Center -> Change adapter settings
2 Press the Alt key on your keyboard and choose Advanced -> Advanced Settings...
3 Verify that the connection with the IP address dedicated for ORS is set as the first one in the
Connections section
4 If the connection with the IP address dedicated for ORS is not listed as the first on the top of the list,
use the arrow up or arrow down buttons to change the order and save the settings using OK button.
Terminals provide user interface which allows interaction with multifunction or other printers. The key
features allow user authentication, print job management and access to other YSoft SafeQ features for end
users.
Terminal
Important note: Please always refer to the Hardware Compatibility List for up-to-date information about
supported vendors and devices.
eXtensible Customizing
Card authentication with optional
Platform versions 1.2+ needs
USB card reader.
to be installed on the device.
with XCP User interface walkthrough is
available at Using YSoft
SafeQ Embedded Terminal
for Fuji Xerox with XCP.
KNOWN LIMITATIONS
Embedded Terminal cannot be uninstalled or reinstalled when users are logged in.
Xerox EIP, Fuji Xerox Apeos: It is not possible to restrict copying.
Xerox EIP: It is not possible to restrict user access rights of native applications per user by default.
On most devices, the support can be enabled by enabling property enableXeroxAccessDefinition in
System settings. On the not supported devices, this option can be configured for each device by
administrator manually.
Xerox EIP: It is not possible to restrict user access rights for color operations per user, this option can
be configured for each device by administrator manually.
Xerox EIP: If incorrect device credentials are used three times, device locks out access from the
particular IP address for an hour. It is possible to erase the device lockout table manually.
Xerox EIP: Automatic log out does not work from the native copy menu.
Xerox EIP: Terminal inactivity timeout set in advanced tab of user's edit dialog (or in settings of Cost
center, if this value is inherited from the Cost center) has to be different and ideally higher than the
inactivity timeout set on device. If the timeout set per user is lower and a it expires, users will still be
able to perform copies until the timeout set on device expires.
Xerox EIP: When actual Billing code is changed while a copy job is being performed, the copy job will
be assigned the new Billing code.
Xerox EIP: Automatic color detection when scanning using YSoft SafeQ scanning application is
supported only on devices with EIP 3.0 and higher.
Fuji Xerox Apeos: After automatic log out from SafeQ Application user is navigated to device main
menu. After given time (based on device settings) user is also automatically logged out from device
main menu.
Fuji Xerox Apeos: Only ASCII characters can be used when entering scanning workflow parameters
on the embedded terminal.
Fuji Xerox Apeos: SSMI 1.4 or higher is required for the proper function of Payment System. In case
the SSMI version is lower, the quota system is not applied and user can reach negative balance.
Fuji Xerox Apeos: Only card self-registration using card activation code is supported.
Fuji Xerox Apeos: When the card activation feature is enabled and there is card swipe with registered
card, the user must always navigate through the Card Activation Code screen.
Fuji Xerox Apeos: Blank pages are accounted as BW print.
Fuji Xerox Apeos: It can take up to 15 minutes for device to return blocked money back to money
account (if Payment System is used for print/copy/scan charging).
Fuji Xerox Apeos: Terminal inactivity timeout set in advanced tab of user's edit dialog (or in settings
of Cost center, if this value is inherited from the Cost center) does not work. The session will be
ended as soon as timeout set on device expires.
Fuji Xerox Apeos: When actual Billing code is changed while a copy job is being performed, the copy
job will be assigned the new Billing code.
Fuji Xerox Apeos: Enable etcd to avoid duplicate accounting records on CML cluster.
Fuji Xerox with XCP: Direct printing works, but the print jobs are performed even when the user has
insufficient credit.
Fuji Xerox with XCP: Print All works, but if the user is out of credit, the printing continues and a debt
record is created.
Fuji Xerox with XCP: When swiping a card at the card reader when the device is in a sleep mode, the
user is not authenticated.
Fuji Xerox with XCP: Scan feature can not be blocked on some firmwares of devices.
Fuji Xerox with XCP: Enable etcd to avoid duplicate accounting records on CML cluster.
Konica Minolta: Jobs performed by Public user and jobs sent directly to printer are not accounted.
Konica Minolta: Scan jobs performed by a user with insufficient credit are accounted. This may cause
discrepancy between SafeQ reports and the information in Payment System
Konica Minolta OpenAPI 4.0: Name attribute of Scan workflow parameter has not to be longer than
16 characters and has to contain alphanumeric characters only.
Konica Minolta: native interface: Simplex/duplex option for scan is not propagated from scan
workflow template, so following settings has to be set manually on device's panel.
Konica Minolta: native interface: It is not possible to mark jobs as favorite.
Konica Minolta: Searchable PDF – searchable PDF (OCR) cannot be defaulted in Scanning
Workflow - standard PDF is used instead.
Konica Minolta: With browser-based embedded terminal, Waiting folder is not refreshed after print.
The user must navigate to another folder in order to refresh the list.
Konica Minolta: With browser-based embedded terminal, scanning via WebDav is not supported.
Konica Minolta: User with login name admin is not supported with YSoft SafeQ Embedded Terminal
for Konica Minolta.
Konica Minolta: From Service Release 9 it is not possible to authenticate as an user via the web
interface of the device.
Konica Minolta: For limitations related to printing from USB see the article printing from USB on YSoft
SafeQ Embedded Terminal for Konica Minolta.
Konica Minolta C35: Logout before all jobs are printed causes that only the first job is accounted.
Konica Minolta C35: Swipe with card immediately when authentication screen is displayed causes
that user is not logged in.
Konica Minolta C284, C654: Card registration and billing code selection in the same authentication
causes terminal to stay in main authentication screen.
Konica Minolta C364 PCL driver: Jobs with resolution of 1200 DPI generated by this print driver have
blank preview and are not printed. Only one page of error report is released from printer.
Ricoh: When accounting is not licensed (Reporting or Credit and billing modules), only the print
application is available on the terminal (users are unable to access the scanning application and the
native copy application).
Ricoh: When a previously disconnected USB card reader is connected again to the device (or device
is woken up from the sleep mode), it takes up to one minute (device dependent) untill USB card
reader is responsive again. Ricoh C3002 has to be restarted for USB card reader to be responsive
again.
Ricoh: Print from USB is not supported with Payment System. Jobs would not be accounted.
Ricoh: Credit balance is not displayed on devices with small displays (e.g. MP301SPF).
Ricoh: Accounting for scanning via native scanning application is not supported.
Ricoh Aficio MP 171, Aficio MP 171 SPF, Aficio MP C400 Series, Aficio MP 201, Aficio MP 201 SPF,
Aficio MP 301 Series, Aficio MP C300 Series, Aficio SP 5200S + Aficio SP 5210SF + Aficio SP
5210SR, MP C305 SP, Aficio MP C305 Series, MP C401 Series: On these models there are two
limitations related to duplex scanning:
Every even page may be rotated by 180 degrees in the resulting file when scanning from
automatic document feeder (ADF) to JPEG format.
Every even page may be rotated by 180 degrees in the resulting file when scanning manually
from glass to multiple TIFF files or to a single TIFF file. Note that duplex option for scanning
from glass makes no sense.
HARDWARE TERMINALS
16.5x10x5cm
Terminal interaction is accomplished via a 900g
graphical touchscreen display (480 x 272 pixels,
color).
Terminal includes an integrated card reader for
authentication with various types of cards (see
Terminal Authentication Matrix).
Terminal contains 4-port 10/100 Mbit switch with
fully configurable sockets.
Configuration of a terminal is done via the
Professional graphical touchscreen display or remotely via a
secured TCP/IP connection from the YSoft SafeQ
central management interface.
Network/power cables are hidden under the cover.
See Using Terminal Professional for user interface
details and Installing and configuring YSoft SafeQ
Terminals for installation guides.
Professional Terminal Supports Terminal
monitoring via SNMP tools.
15x3.7x7.
Terminal interaction is accomplished via numeric 5cm
capacitive keyboard, print/copy buttons, status 500g
LEDs and/or sound signals.
Terminal includes an integrated card reader for
authentication by various types of cards (see
Terminal Authentication Matrix).
Terminal includes 2-port 10/100 Mbit switch.
Configuration of a terminal is done remotely from a
configuration utility on any workstation via secured
TCP/IP or UDP connection
Network/power cables are connected from the top
UltraLight of the terminal.
See Using Terminal UltraLight for user interface
details and Installing and configuring YSoft SafeQ
Terminals for installation guides.
Terminal is capable of restricting access to the device via a third-party interface (FDI/FIH/KC/VI).
Terminal must be connected to TCP/IP network with its own IP address (DHCP ready).
If the terminal fails, copying and scanning are no longer available.
Mounting kit and interface cable are required to connect the terminal to the MFP/printer (terminal
mounted to wall/table/MFP uses 1 or 2 screws or double-sided Velcro tape).
Power socket is required within 2m / 6ft distance.
Operating conditions: office environment, 5°C - 35°C , max 20% - 80% air humidity without
condensation.
Copy tracking
As a manager, I want to receive reports for all copy activity on controlled copiers / MFPs so that I
have information to optimize our printing environment.
Scan tracking
As a manager, I want to receive reports for all scan activity on controlled network scanners / MFPs so
that I have an audit log in case of any security issues.
Print roaming
As a user, I want to print a document from my workstation and then release it at the printer only after
I authenticate there, so that I'm sure my documents remain confidential.
As a user, I want to print a document from my workstation; then authenticate and release the job at
any printer in my office (LAN), so I don't need to rely on the availability of only one printer.
As a user traveling around company offices, I want to print a document from my notebook; then
authenticate and release the job at any printer in any office (WAN or VPN network), so I don't need to
rely on the availability of only one printer and am not limited to a single print server or my default
printer.
Workflow scanning
As a user, I want to authenticate once at the MFP and select the appropriate scan workflow so that
my documents are automatically delivered to my desired destination(s) without my having to enter
unnecessary information.
Card self-assignment
As a user, I want to use my ID card to authenticate at the MFP. If I have a new card, I want to
authenticate at the MFP by using other credentials; then swipe the card and have it be assigned as
my future identification method — so that the next time I authenticate, I only need to use that card.
DESCRIPTION
SafeQ Terminal blocks access to the MFP panel options so only authenticated and authorized user can
operate it.
USER STORIES
1. AuthCopy - As a User I want to authenticate at the MFP so that the MFP knows my identity and
can provide personalized workflow based on my needs.
REQUIREMENTS
SafeQ shall block copy access when user doesn't have proper permissions.
SafeQ shall block colour copy if user doesn't have proper permissions to print in colour.
SafeQ shall stop hard copy after first detected colour copy if user doesn't have proper
permissions to print in colour.
Administrator shall be able to define timeout for user's session (after what time is user logged off
at the device when idle).
SPECIAL REQUIREMENTS
In addition to the standard terminal access control, SafeQ shall control copy access to any Xerox
Network Accounting JBA enabled networked printer via Network Accounting Kit (JBA):
Copy jobs must be authenticated via JBA on-box (On-Box mode is not supported on ORS
servers and must be configured centrally) or off-box mode by: Login/PIN, Login only, PIN only.
Special license might be required.
When using JBA on-box mode, all PIN codes must be stored in DB in unencrypted form, so it
can be transferred to the device. Number of users account that can be stored to the device
differs depends on device available memory.
Both HTTP and HTTPS communication protocols are supported for JBA.
DEPENDENCIES/NON-FUNCTIONAL REQUIREMENTS
YSoft SafeQ Server must be installed and available within LAN proximity.
Identity management must be established.
MFP must be equipped with terminal with correctly configured authentication and support panel
access control.
CAVEATS
Due to the technical limitations, color copy blocking and Real-Time hard copy stop is only
supported by Terminal Professional/Ultralight using Xerox FDI,KM Vender2 interfaces,KM
OpenAPI, Ricoh ESA and Xerox EIP 2.0 capable devices.
PIN code (see YSoft SafeQ Security Overview for more see
details) Embedded
Terminals
PIN code (see YSoft SafeQ Security Overview for more see
details) Embedded
Terminals
DESCRIPTION
YSoft SafeQ tracks all produced copies and provides addressed reporting per device and user
USER STORIES
CopyTracking - As a Manager I want to receive reports for the copy activity on controlled copiers /
MFPs so that I have information to optimize our printing environment.
REQUIREMENTS
SafeQ system shall collect information per each copy, device and user.
SafeQ system shall collect detailed information for each copy job: amount of pages per paper
size (in two sizes: large and normal), amount of color/monochrome pages and duplex usage.
SafeQ Server must be installed and available within LAN with Identity management established
MFD Walkup Functions Control must be established
CAVEATS
For various reasons YSoft SafeQ is typically able to address about 95-98 per cent of tracked
pages to individual users or departments, the difference is caused by various service prints,
system status prints, direct IP printing, server restarts, and limitations on the page meter
handling by devices.
see Available Copy Tracking Methods for more information and limitations
LICENSING
Copy tracking feature is a standalone licensed feature since YSoft SafeQ 5.0 with following limitation if
license for the feature expires or is not available in a license. Please see License content per version to
review all SafeQ version and availability of a feature.
This workflow is typically used for MFD Walkup Functions Control, Copy Tracking, Project Copy and
Scan Tracking or Scan Tracking
1. User information is typically replicated from LDAP server using secured (server-authenticated)
LDAP/S connection. This step is however purely optional. See Identity management for
additional details.
2. User swipes/inserts the card and/or enters the PIN code. The information is transferred to SafeQ
using TLS based secure protocol (with client only authentication - server verifies identity of
terminal). Sever looks up the internal SQL database to find the user record connected with the
entered PIN code or card ID.
a. if Smart Card authentication or login/password authentication is used SafeQ server uses
Kerberos v5 protocol to get the Ticket Granting Ticket information (TGT) form Kerberos
server.
b. Kerberos sends encrypted information back to the server
c. Server uses the secured connection to decipher the data
d. Server gets the deciphered data and looks up the internal database for respective user
record
3. If the user is authorized to copy, the device panel is unlocked (either using serial smart blocking
cable from terminal or internal mechanism in case of MFP panel integrated (embedded)
terminal.
4. SafeQ gathers the accounting data using several mechanisms (see Available Copy Tracking
Methods). If the online accounting method is used, SNMP protocol is used to gather the current
page meter information from the printer.
5. In case of vender provided accounting, the accounting information is transferred to SafeQ from
printer using SOAP or HTTPS POST message.
Off-line copy
accounting Monitors any copy produced at the copier/MFP in real-time.
Tracking works with devices actively checked by YSoft SafeQ terminal.
Realized by physical connection to the copy device via vender provided
interface (see YSoft SafeQ HCL (portal.ysoft.com)
Tracks number of pages actually copied at the device. Tracked information
varies as per device of total number of impressions, total number of BW/color
impressions, total number of small (A5/A4/letter) and large (A3/legal/tabloid)
pages, duplex usage.
On-line copy
accounting Monitors any copy produced at the copier via LAN connection in real-time
Tracking works with devices actively checked by YSoft SafeQ terminal.
Copies made outside the control of YSoft SafeQ (such as public access,
admin, etc.) may be reported as "Anonymous copies"
Available for any copier/MFP listed in YSoft SafeQ HCL (portal.ysoft.com)
Tracks number of pages actually copied by the network device. Tracked
information varies as per devices of total number of impressions, total number
of BW/color impressions (3-tiers where available), total number of small (A5/A4
/letter) and large (A3/legal/tabloid) pages, duplex usage.
Online accounting disables multitasking capabilities for MFPs (only one user
at a time can operate the MFP to enable this tracking)
Average network response speed from the printer to server on SNMP query
must be less than 200ms.
Native copy
accounting Monitors any copy produced at the copier/MFP via network connection
Tracking works with devices actively checked by YSoft SafeQ terminal.
Copies made outside the control of YSoft SafeQ (such as public access,
admin, etc.) are not reported.
Incompatible with external (hardware) terminals
Gathers data in scheduled intervals; Available only for the following devices
(verify by checking the YSoft SafeQ HCL):
Fuji Xerox MFPs with Accounting Logs option.
Konica Minolta MFPs with OpenAPI3 account maps
Ricoh ESA with SDK4,7 or 10
Sharp MFPs with OSA (MX-AMX3) module.
Toshiba MFPs with Open Platform SDK.
Xerox MFPs with Network Accounting (JBA) kit including 3-tier billing.
Copy jobs must contain information about user.
Tracks number of pages actually copied by the network device. Tracked
information varies as per devices of total number of impressions, total number
of BW/color impressions, total number of small (A5/A4/letter) and large (A3
/legal/tabloid) pages, duplex usage.
DESCRIPTION
YSoft SafeQ tracks all produced scan and provides addressed reporting per device and user. The scan
tracking is only supported for scan jobs routed via SafeQ server or for devices with Vendor Provided
Accounting Mechanism (Konica Minolta OpenAPI, Sharp OSA, Xerox JBA, Ricoh ESA).
USER STORIES
1. ScanTracking - As a Manager I want to receive reports for the scan activity on controlled
network scanners / MFPs so that I have audit log in case of any security issues.
REQUIREMENTS
SafeQ system shall collect information per each scan routed via SafeQ, device and user.
SafeQ system shall collect detailed information for each scan routed via SafeQ job: amount of
pages, amount of color/monochrome pages and duplex usage.
SafeQ system shall collect information per each scan reported via device Vendor Provided
Mechanism.
YSoft SafeQ Server must be installed and available within LAN with Identity management
established
MFP must be equipped with terminal with correctly configured authentication (panel blocking)
Scanners must transfer data via SafeQ (see Workflow scanning)
CAVEATS
LICENSING
Scan tracking feature is a standalone licensed feature of YSoft SafeQ with following limitation if license
for the feature expires or is not available in a license. Without valid licence,
DESCRIPTION
Project Copy tracking allows users to select and assign target project for every copy made in order to
track per-project costs. Project codes are provided in the hierarchical structure that can represent
different business models (e.g. List of the customers and their individual projects).
see Configuring Project Copy Tracking for configuration and deployment information.
see Billing Code Import CSV Format Specification for import/export overview.
USER STORIES
1. ProjectCopyTrack - As a User I want to authenticate for copy and select project / billing code
for the produced output so that I can exactly track costs related with various projects I'm working
on.
REQUIREMENTS
User shall select project code prior copy [see table below] from multi-tiered, hierarchical list (i.e.
user first limits the selection, then selects code). This selection shall be Mandatory, if the project
billing feature is enabled on the device by the administrator.
User shall be able to skip Project selection if he/she has assigned the Default Billing code
Project code selection shall be completely skipped for users with only one assigned billing code
User shall be able to search for billing code using sub-string search; result of this search shall
be list of matching billing codes with complete path
CAVEATS
Billing codes cannot be enabled / disabled per devices, this feature can be enabled / disabled
only for whole SafeQ system.
On Konica Minolta and Sharp terminal embedded native application it is impossible to change
selected billing code (The user has to logout and login again to change selected billing code).
For list search results on KM C35 you must confirm input dialog after search term direct input.
After that you can return in to the input dialog and press 'List results' button to see searched
billing codes.
On Sharp devices default billing code is marked with an asterisk.
It is not possible to force user to select billing code immediately after login on Xerox and
FujiXerox devices.
When billing code selection is not successful on KM then error message is displayed and user is
logged out. Due to technology limitation we are not able to implement different behavior after the
error message confirmation.
On FujiXerox devices Billing codes are not fully supported
Behavior and project definition related to the Project Print Tracking feature;
YSoft SafeQ Server must be installed and available within LAN proximity
Identity management must be established
MFP must be equipped with terminal with graphical user interface and properly configured
authentication (panel blocking)
Default billing code is also suitable with Terminal UltraLight (terminal without graphical user
interface)
DESCRIPTION
Print Roaming is an extension of pull-printing (print job after authentication at the MFD). With pull-
printing, after user sends a job to a printer, user "pulls" the job to the printer — user goes to a printer,
authenticates and prints the job. This feature brings several important advantages:
Flexibility: Users can send a print job and choose any MFD for pick up
Costs and environment: Reduced paper waste which results from printouts left at printers
uncollected
Security: Users have to authenticate at the printer before documents are printed out
With both Print Roaming and pull-printing, users can release their print jobs at any printer which is
connected to YSoft SafeQ system.
Print Roaming is one of the key needs of companies with multiple locations - users who move between
the locations frequently need the ability to manage their print, copy and scan jobs without any
additional changes in their habits. In practical terms - wherever the user is and needs to print, copy or
scan, they can do so using combination of Print Roaming and Pull-Printing features of YSoft SafeQ.
Job roaming in the YSoft SafeQ Enterprise Distributed Server System - Private Cloud is built on top of
ORS technology. Roaming is established among two or more ORS servers, acting as peers. Additional
types of roaming, such as the transfer of print jobs to and from the CML server are not considered.
1. The user can pick up submitted print jobs at any device connected to YSoft SafeQ without any
significant impact on the wait times.
2. The system administrator has an option to decrease system overhead by increasing waiting
times before jobs are available in more distant locations.
Two print roaming modes are available: near roaming and far roaming. Because peers need to share
certain types of information (in a group), an ORS can belong only to one roaming group (members of
which have access to all jobs in the group much faster), configured by the system administrator. The
system provide multiple near-roaming and far-roaming groups in order to support variety of
environments.
YSoft SafeQ does not modify print job data, so PDL-level compatibility between printers must be
ensured by other means.
To configure this feature, see Configure secure printing and Print roaming.
This is typically required in case of hundreds/thousands of users in a relatively small area on a high-
speed, low-latency network (such as LAN or sometimes even buildings co-located in one city).
Read Configuring Print Roaming about more details on how to configure the system to allow this
behavior.
This roaming mode sends job metadata over main CML server and support for UDP multicasting is not
required for standard operation. However, the infrastructure will still provide high-performance
networking to minimize the delay to job availability. This mode of operation is more robust, but is useful
in situations where only a fraction of the users requires roaming for their operations (such as travelling
salesmen, etc.).
USER STORIES
1. Pull-print -- As a user, I want to print a document from my workstation and release it at the
printer only after I authenticate there, so that I'm sure my documents remain confident.
2. Roaming-print (LAN) -- As a user, I want to print a document from my workstation and
release it at any printer in my office (LAN proximity) after I authenticate there, so that I don't
need to rely on the availability of only one printer.
3. Roaming-print (WAN) -- As a user travelling around company offices, I want to print a
document from my notebook and release it at any printer in any office (WAN or VPN network)
after I authenticate, so that I don't need to rely on the availability of only one printer and without
needing to know the location of my print server or my default printer.
REQUIREMENTS
The user can print a document from a workstation by using default printing methods; the system
must keep the document on hold and not release it to the printer.
The user will be able to authenticate at the printer and request release of held print jobs to the
printer.
The system will release only print jobs that are compatible with the target printer. see
example in the comments section.
Incompatible print jobs will not be available to the user (or the user will be informed about
the incompatibility issue); this option will be configurable by the system administrator.
The user will be able to use secure print (pull-print) at every printer connected to the system
network.
With a high-speed network, the user will be able to send a document to print from any
workstation and release it at any printer, exactly as if using standard Print roaming, regardless of
the number of involved servers or underlying architecture.
With a low-speed / low-latency network, the user will be able to send a document to print from
any workstation and release it at any printer; however, if the originating system is "far" from the
target printer, the system will synchronize data in the background and request that the user wait
(for synchronization) or release the document later.
The YSoft SafeQ Web Interface will be modified so that the system administrator can create and
modify roaming groups for near or far job roaming. The administrator will be able to completely
disable roaming by setting an ORS to operate in standalone mode only.
YSoft SafeQ Server must be installed and available within LAN proximity. Secured-print works
only in a LAN.
Each printer must be equipped with a terminal.
Print drivers must send print data to YSoft SafeQ server.
Identity management must be established (see User Identity management).
Distributed Server System - Private Cloud with a single central CML system must be
established, with a server in every location required for near- or far- print roaming.
Global identity management (common for all YSoft SafeQ servers in the network) must be
established.
No extensions in YSoft SafeQ Client or any other client tool is necessary. Job roaming may
introduce additional pop-up messages to be handled by the default YSoft SafeQ Client facility
for such messages.
The origin ORS and the destination ORS in a near-roaming group must be visible to each other
on the network. The network must also provide the necessary bandwidth and low latency to
eliminate any impact of the network on the availability of print jobs at destination ORSs. Without
network visibility and performance, near-roaming mode does not produce correct results and
cannot be used.
For near-roaming groups with more than 10 ORS servers, UDP Multicast must be enabled
among servers!
CAVEATS
When using job roaming, note that you CANNOT roam jobs between CML and ORS.
For a near-roaming mode, it is recommended to to use fiber optics network.
When using an application-based failover system, if a server fails, all print jobs stored on the
failed server are unavailable for release at terminals and users must re-submit the jobs from
their workstations.
Shared network storage can solve this problem.
Pull-print may affect the speed of the print process (measured as time-to-print) under the
following conditions:
YSoft SafeQ server is available on a 100MB LAN, complies with specifications, and CPU
utilization is <10%.
User authenticates at the terminal, opens a job list, selects a print job, and selects Print.
Time is measured from that moment to the moment the printer starts to receive data.
Comments
Printer compatibility is defined based on the System Tags in YSoft SafeQ Administrative web interface.
The tag represents the capability of the printer, such as PDL-compatibility (PCL, PostScript, ...) or
feature such as Color, Duplex, Paper Size (Large/Small).
Example:
A3(Tabloid) Color Printer ... will display all A4(letter), A3(Tabloid), Monochrome and Color print
jobs in the list.
A3(Tabloid) Mono Printer ... will display all A4(letter), A3(Tabloid), Monochrome and Color print
jobs in the list, but will only allow release of Mono Print jobs.
A4(Tabloid) Color Printer ... will display all A4(letter), A3(Tabloid), Monochrome and Color print
jobs in the list, but will only allow release of A4(Letter) Print jobs.
A4(Tabloid) Mono Printer ... will display all A4(letter), A3(Tabloid), Monochrome and Color print
jobs in the list, but will only allow release of Mono A4(Letter) Print jobs.
This workflow is typically used for secured printing (pull-printing), Print roaming, YSoft Mobile Print
Server.
1. User information is typically replicated from an LDAP server using a secured (server-
authenticated) LDAP/S connection. This step is, however, purely optional. See Identity
management for additional details.
2. The user prints the data from the workstation using the standard print mechanism. By default,
the data are transferred via plain LPR protocol. Optional plain or encrypted data transfer is
possible using YSoft SafeQ Client for Windows, OS X or Linux. The server stores the data in
plain form on the disk folder. For more details, see YSoft SafeQ Security Overview document.
3. The user places/inserts the card and/or enters a PIN.
If PIN only or card ID verification is used, the information is transferred to YSoft SafeQ
using the TLS-based secure protocol (with client-only authentication — the server verifies
the identity of the terminal). The server looks up the internal SQL database to find the
user record associated with the entered PIN or card ID.
If Smart Card Authentication via Terminal Professional is used, following communication
occurs to YSoft SafeQ server using the TLS-based secure protocol (with client-only
authentication — the server verifies the identity of the terminal).
(A) YSoft SafeQ server uses the Kerberos v5 protocol to get the Ticket Granting
Ticket information (TGT) from the Kerberos server.
(B) Kerberos sends encrypted information back to the server.
(C) The server uses the secured connection with Smart Card to decipher the data.
(D) The Server gets the deciphered data and looks up the internal database for the
respective user record.
If Smart Card Authentication occurs at MFD directly, than:
(A,B) The MFD verifies smart card directly with Active Directory using Kerberos
protocol
(H) The MFD request a user session with SafeQ server based
on Authenticated User's Subject ID.
4. YSoft SafeQ uses several methods to gather the accounting data (see Print tracking methods).
If the online accounting method is used, the SNMP protocol is used to gather the current page
meter information from the printer.
5. With vender-provided accounting, the accounting information is transferred to YSoft SafeQ from
the printer via SOAP or HTTPS POST message.
Please note that this feature requires device to be equipped with PIV compliant smart card reader
and provide user information via embedded terminal session.
MOBILE PRINTING
If mobile printing (YSoft Mobile Print Server) is used, only Print method (2) on the previous diagrams is
different. The user does not deliver the data using described protocols; instead, the user sends the
data via e-mail or uploads the data to the YSoft SafeQ Web.
If the e-mail method is used, the owner of the document is recognized by the FROM: email
header. No further special security is enforced. If the user e-mail address is not known to the
system, depending on the configuration, the server can send a registration link to the user. The
user then uses his YSoft SafeQ credentials to log in to the page. Typically
Kerberos authentication (3.a/3.b) is used.
If the Web upload method is used, the user must access the secured (server authentication
only) Web page, log in using the same method as described in the previous point, and upload
the document using the standard HTTP(S) upload form. Kerberos-based single-sign-on (SSO)
is also available. YSoft SafeQ uses Windows Authentication Framework (http://waffle.
codeplex.com/documentation) for the SSO process.
DESCRIPTION
SafeQ Terminals provides
see Configuring Print job list management for configuration and deployment information.
USER STORIES
1. JobList - As a User I want to list my print jobs at the printer before I print them so that I can do
a last time decisions about what and how to print.
REQUIREMENTS
Terminal shall provide list of queued print jobs, with information about job title, print date, owner,
number of pages and status (new, already printed, favourite)
Terminal shall provide list of already printed jobs with option to re-print or delete
Terminal shall allow release all waiting print jobs
Terminal shall allow release only selected print jobs
Terminal shall support print all jobs after authentication (if configured)
Terminal shall display preview of first page
Terminal shall allow marking / unmarking a document as a favourite
Terminal shall allow deletion of selected document from the print queue
Terminal shall allow change job properties: number of copies, duplex, usage of colour [if
applicable] This feature is not yet supported.
Terminal shall support configurable sorting of print jobs list
Terminal shall support configurable limit of print jobs to be displayed in the list
SafeQ shall enable administrators to configure job expiration after how long the jobs will be
removed from the printed queue
Excluding weekends (SafeQ 5.0)
Terminal shall support use of all MFP function after authentication (print / copy / scan)
CAVEATS
Information about Number of pages is available for PCL5+ and PS print jobs only with enabled
print job analyser at SafeQ server
Terminal professional only allows one operation at the device after authentication (either copy
/scan or print, but not combination)
Printers must be equipped with terminal with graphical user interface (Professional or
Embedded)
There can be 'Internal error' message displayed on KM C35 after pressing 'Status' button on any
print job folder. After error message confirmation proper screen is displayed. This behavior can
OVERVIEW
DESCRIPTION
This feature allows managers to share their prints with their assistants without asking IT support. Users
can decide with whom to share the print.
See Configuring and using Shared Queues for configuration and deployment information.
Delegation Print is based on Workgroup print sharing (Shared Queues) and use that same
techniques.
See Using Delegation Print (VIP shared queues) for user workflow description.
USER STORIES
1. VIPQueue - As a User I want to print my documents in the way so that colleagues I select can
release them on the printers (using Print roaming story).
REQUIREMENTS
Administrator shall be able to define group of users that can share print jobs with another users.
User shall be able to decide prior print whether the print job will be designated to secured (Print
roaming or shared queue).
User shall be able to select users (from the SafeQ Identity Database) and add them to private
shared queue.
Print roaming with print queue management and re-print must be configured.
Both YSoft SafeQ Client and respective print driver have to be installed locally on any
workstation required for print sharing.
Print drivers must send print data to SafeQ server via SafeQ Client [see Workstation Client].
CAVEATS
Shared print jobs are not available on "print all" user action of print queue management, but only
on specific selection.
Shared queues are defined in the "current availability" mode. That means that whoever is
eligible to access the shared queue can see all available print jobs, regardless of when and for
whom these have been intended.
Released print job changes owner to person who released it and thus is being accounted to
this person, not the originating author!
Delegation Print is supported on ORS server. However, it is not possible for users to manage
list of privileged persons through ORS, or even to create the queue. To do so, users must either
manage the list during printing using SafeQ client connected to CML or through dedicated web
application available on http(s)://<safequrl>/client.jsp, where <safequrl> is the address of CML
server. This must be done at least once for each user, to create the queue.
Delegation print shared queues have reserved name in form "shared_<username>". Avoid
creating non-VIP shared queue with such name. If non-VIP shared queue with such name
already exists and user tries to create VIP shared queue, this VIP shared queue will replace the
old non-VIP one.
Document is removed from the Shared queue after it has been released to the printer.
Marking shared job as favorite is not supported at the moment.
If printing via ORS, this configuration value has to be Disabled: localJobsFilteringEnabled
DESCRIPTION
Shared queues are specific version of secured queues. They enable multiple users to access selected
documents (in accordance with the users' rights). All jobs sent to the shared queue are automatically
accessible to all users with access rights to that queue.
See Configuring and using Shared Queues for configuration and deployment information.
USER STORIES
1. Shared Queues - As a User I want to print my documents in the way so that my colleagues working
in the same workgroup can release them on the printers (using Print roaming story)
REQUIREMENTS
User shall be able to print the document and share it automatically by administrator-defined group of
users.
Defined users should be able to list and release print jobs shared by another user via Terminal
User shall be able to see the author of the print job at the job list (Print job list management and re-
print)
Print roaming with print queue management and re-print must be configured.
Print drivers must send print data to SafeQ server using YSoft SafeQ Client
Printers must be equipped by terminal with graphical display (Professional or Embedded)
CAVEATS
Shared print jobs are also available on "print all" user action of print queue management.
Released print job changes owner to person who released it and thus is being accounted to this
person, not the originating author!
Document is removed from the Shared queue after it has been released to the printer. The name
of document's job-queue is changed by adding prefix "shared-".
Marking shared job as favorite is not supported at the moment.
LICENSING
Workgroup print sharing feature is a standalone licensed feature since YSoft SafeQ 5.0 with following
limitation if license for the feature expires or is not available in a license. Please see License content per
version to review all SafeQ version and availability of a feature.
There are no menus and option to configure shared queues on web interface.
Terminal does not display jobs sent to shared queue which has been created in a system while
license was valid.
Workflow scanning is a mechanism that provides users with simplified scanning mechanism (e.g. automated
routing to their home folder or email) and allows administrators to integrate scanning processes with
document management applications.
see Workflow Scanning - Administrative Tasks for configuration and deployment information.
see Scanning workflow definition for more information.
USER STORIES
1. WorkflowScanning - As a User I want to authenticate once at the MFP and use appropriate
scanning workflow function at the MFP so that my documents are automatically delivered to desired
destination(s) without requesting me to enter unnecessary information.
2. SecuredScanning - As an Administrator I want to configure devices to deliver scanned documents
to SafeQ via WebDAV/S so that the document won't travel over the network unsecured.
REQUIREMENTS
Defined attributes can be passed to email subject or body (as a variables in email
template defined by administrator – see available workflow attributes section)
Scans are delivered via SMTP. Basic authentication including secure password
verification is available.
Sender address (FROM:) is replaced by the authenticated user's email (if available).
Additional options:
If the job size exceeds defined size, Document is stored to defined folder or
rejected with notification to the user's email.
Defined attributes (see Available Workflow Attributes) can be used as a variable
in the folder name placeholder
Sender address (FROM:) is replaced by the authenticated user's email (if available).
For Xerox Embedded, Konica Minolta Embedded and Sharp Embedded Terminal, user
email is passed to the MFP after successful authentication of the user.
Service account (one that is used to run SafeQ server service) credentials are used to
write the target directory. See Scan Management security overview for additional
details.
Defined attributes can be passed to the script -- see available workflow attributes
section)
Service account running SafeQ server service must have access to the target directory
and rights to execute the script.
There are several scripts available with the software:
Integration with RightFax / FerariFax / FaxChange / StreemFax server
(see workflow overview ) and providing user information to enable FAX
confirmation email.
Scan to pre-defined list of network folders
Following Workflow Attributes shall be available for workflow definition on all terminals
Attributes defined by system. every attribute %ATTR% will be replaced by respective value.
List of file types that are processed by the workflow script. By default only Images (JPG, TIF, PDF)
are delivered to defined destination.
Following Workflow Attributes shall be available for workflow definition on Embedded Terminals
ONLY
Define default settings for scan:
Define list of attributes that user should/must select/complete at the MFP with the scan
document
System shall allow administrator to define target file name for the scanned document (document file
will be renamed on the way thru SafeQ). Several variables are available to be used in the name
placeholder.
Defined attributes (see Available Workflow Attributes)
Date (Date format is YYYY-MM-DD)
Whenever the target file already exists in the destination folder, the new file with numbered
postfix (e.g _1, _2, _3) will be created.
Administrator shall configure the Embedded Terminal so that the device uses either FTP repository
or WebDAV (WebDAV/S)
Administrator shall create a workflow scanning template that delivers the data to a defined repository
(eg. Smb/webdav/ftp folder defined by path and system variables (plus variables from LDAP such as
home directory or webDav home page) directly, rather that passing the data thru SafeQ server
System shall check the compatibility of the device with selected repository and restrain administrator
to configure unsupported repository
CAVEATS
SafeQ can only run limited number of scanning scripts (Store to folder at the server and execute
external script workflow; default 5) in parallel. Additional workflow are being serialized and executed
after successful termination of active scripts.
LICENSING
Workflow scanning feature is a standalone licensed feature since YSoft SafeQwith following limitation if
license for the feature expires or is not available in a license. Please see License content per version to
review all SafeQ version and availability of a feature.
PKI (SMARTCARD BASED) OR LOGIN/PASSWORD BASED AUTHENTICATION AND SCAN TO NETWORK FOLDER
1. User information is typically replicated from LDAP server using secured (server-authenticated) LDAP
/S connection. This step is however purely optional. See Identity management for additional details.
2. User swipes/inserts the card and/or enters the PIN code. The information is transferred to SafeQ
using TLS based secure protocol (with client only authentication - server verifies identity of terminal).
Sever looks up the internal SQL database to find the user record connected with the entered PIN
code or card ID.
a.
OUTBOUND FAX
INBOUND FAX
SCAN TO RIGHTFAX
SafeQ is able to integrate with RightFax solution using the Scan to Script scanning workflow. The script
whose path is provided in the administrator workflow parameter script is called for each scanned file with
parameter dial whose value is provided by users while scanning on the terminal.
1. Enable scanning with terminal embedded and use predefined scanning workflows that will be used with
the MFP (see help for more information about "Workflow scanning").
2. Copy "scanToRightFax.cmd" into "C:\SafeQ5\Scan"
3. Edit parameters WF_LOGIN, WF_PASSWORD, RIGHTFAX_PATH in "scanToRightFax.cmd"
4. Make sure that the path RIGHTFAX_PATH exists and the credentials provided to it (WF_LOGIN,
WF_PASSWORD) have full permissions for read/write/delete.
5. Set up RightFax server to periodically check "RIGHTFAX_PATH" folder for new *.pdf and *.hpf files. The
*.hpf file will contain information about user and Fax number provided in the scan workflow. Make sure that
RightFax deletes the files that were already processed. Kindly consult RightFax documentation on the setup
details.
HOW TO USE:
SCANTORIGHTFAX.CMD CONTENT:
rem Path to the RIGHTFAX scan folder (the path should not be ending by backslash).
rem Create the directory if it does not exist.
set RIGHTFAX_PATH=\\<IP>\<folder>
mkdir %RIGHTFAX_PATH%
:PROCEED
set NEW_NAME=%RANDOM%%RANDOM%%RANDOM%
set DST_FILE=%RIGHTFAX_PATH%\%NEW_NAME%.pdf
set HPF_FILE=%RIGHTFAX_PATH%\%NEW_NAME%.hpf
goto END
:IGNORE
rem Do nothing.
:END
1. Enable scanning with terminal embedded and use predefined scanning workflows that will be used with
the MFP (see help for more information about "Workflow scanning").
2. Copy "scanToRightFax.cmd" into "C:\SafeQ5\Scan"
3. Copy folder "blat262" from "blat262.full.zip" to "C:\SafeQ5\"
4. Set up customer's SMTP server to deliver all incoming e-mails coming from SafeQ server to
<number>@fax.com to a specific POP3 mailbox.
5. Set up RightFax server to periodically check POP3 mailbox as specified in step 4) and send all e-mails
from it as faxes (consult RightFax documentation on the setup details).
6. Make sure that users have email defined in YSoft SafeQ
HOW TO USE:
<scan>
<name>Fax</name>
<destination>script</destination>
<description>Scan and fax via RightFax</description>
<options>
<resolution>normal</resolution>
<sides> 1 </sides>
<color>auto</color>
<fileType>pdf</fileType>
</options>
<admin>
<parameter>
<pname>script</pname>
<type>string</type>
<label>Script command call</label>
<required> true </required>
< default >C:/SafeQ5/Scan/scanToRightFax.cmd %dial% %file% %email%</ default >
</parameter>
<parameter>
<pname>targetDir</pname>
<type>string</type>
<label>Target directory</label>
<required> true </required>
< default >C:/SafeQ5/scan</ default >
</parameter>
</admin>
<user>
<!-- using this parameter, users may enter the fax number on the terminal -->
<parameter>
<type>string</type>
<pname>dial</pname>
<label>Fax number</label>
<required> true </required>
< default ></ default >
</parameter>
</user>
</scan>
SCANTORIGHTFAX.CMD CONTENT:
rem Change the value in SMTPserverIP to the IP address of your e-mail server
set SMTPserverIP=<IP>
@echo off
echo --- >> C:\SafeQ5\logs\fax.log
echo %DATE% %TIME% Sending % 2 to fax % 1 , user: % 3 >> C:\SafeQ5\logs\fax.log
echo C:\SafeQ5\blat262\full\blat.exe -server %SMTPserverIP% -f % 3 -to % 1 @fax .com -subject
"Fax from %3 to %1" -body "This is Fax" -base64 -attach "%2" >> C:\SafeQ5\logs\fax.log
C:\SafeQ5\blat262\full\blat.exe -server %SMTPserverIP% -f % 3 -to % 1 @fax .com -subject "Fax
from %3 to %1" -body "This is Fax" -base64 -attach "%2" >> C:\SafeQ5\logs\fax.log 2 >& 1
if errorlevel 1 goto error
:ok
echo Deleting the file >> C:\SafeQ5\logs\fax.log
del "%2" >> C:\SafeQ5\logs\fax.log 2 >& 1
goto end
:error
echo Errorlevel: %ERRORLEVEL% - not deleting >> C:\SafeQ5\logs\fax.log
:end
This page describes options and all information necessary to create a scanning workflow in XML
file used for processing incoming scans from MFPs. These workflows can be used for both
scanning with embedded terminal and scanning with hardware terminal.
At A Glance
Basically, the scanning workflow in SafeQ is a tool for describing process of handling scans created by
MFP and uploaded to SafeQ. That means it does not describe the way the scans are uploaded to
SafeQ rather than way they are processed and delivered to the end user.
The scanning workflows are defined in XML. The XML definition is called a scanning template. This
template describes a scanning workflow and can be changed by the SafeQ administrator by opening it
in a text editor, modifying the XML structure as described hereafter, and importing to SafeQ. A very
basic knowledge of XML is therefore needed.
VALIDATION
Before the scanning workflow is uploaded to the SafeQ and activated in, an XML validation is executed
to prevent occurrence of any malicious content in the provided workflow. The scanning workflow is
validated against the XML schema.
The XML schema file name is a configurable parameter in the System Settings configuration. The
name of this parameter is scanTemplateSchema.
The value of this parameter contains the path of the XML schema file. If this parameter is empty or
even omitted, then XML validation would not be performed. Following table summarizes default
contents of the scanTemplateSchema parameter in the CML configuration file.
Basic workflow settings section is usually entered on the beginning of the workflow after the <scan>
tag. All these definitions are mandatory.
WORKFLOW NAME
The name of the workflow is visible on SafeQ web interface and in case of scanning with embedded
terminal also on a panel of MFP where user selects from available workflows.
<name>Scan to e-mail</name>
SCAN DESTINATION
The destination of scanned documents defines where the scanned document shall be stored. There
are three possible values:
<destination>home</destination>
WORKFLOW DESCRIPTION
The description can be an arbitrary string which describes the scanning workflow in a natural language.
It is shown for example in the embedded terminal application when user selects a workflow. It may
contain a message for a user to enter parameter values (see section about workflow parameters). The
description string may be shown wrapped according to display proportions.
<description>
</description>
Please do not use any special characters, including diacritics and apostrophes.
KEEP METADATA
Scanned metadata will not be deleted from delivery.
WORKFLOW PARAMETERS
Workflow parameters may be used to customize a standard behaviour of a scanning workflow which is
defined by the destination element. A parameter is declared as follows:
....
<parameter>
<pname>filename</pname>
<type>string</type>
<label>Output name of the file</label>
<required> false </required>
< default >file</ default >
</parameter>
...
Values of parameters are taken from element default and in case of scanning with embedded terminals
they can be provided by a logged user via Parameters menu in the terminal applications. For this
purpose, parameters are placed in parameter spaces (see next section for information on parameter
spaces).
There is a list of predefined parameters for each supported scan destination with a special purpose
which may be included in the scanning template.
Moreover, a variable with the same name as parameter can be used in parameter values. This variable
is then replaced by the real value (entered by user on the terminal) of the parameter. This enables the
administrator to include other than a predefined parameter.
Each parameter starts with a tag <parameter> and ends with </parameter>.
SPACES
In the XML scanning template, a parameter must be placed into either parameter space. The presence
of a parameter in a parameter space determines who can assign a value to the parameter. There are
two parameter spaces:
admin – only the administrator can assign a value to the parameter. This can be done using
element default.
user – user (with access rights to the scanning workflow) can assign a value to the parameter.
This can be done via terminal panel interface – currently only embedded terminals allow users
to enter parameter values.
To put it simply, users cannot assign a value to a parameter inside the admin parameter space. The
administrator has to define such parameter with a default value using variables if necessary.
Parameters in user parameter space can also have a default value but this can be changed from the
panel interface.
Currently, only embedded terminals allow user to enter parameter values. Therefore, a template for
scanning with hardware terminals must have all parameters in the admin parameter space (those in
the user parameter space are ignored).
A parameter can be put into a parameter space by enclosing it in tags <user> and </user>, or <admin>
and </admin>. Example of one parameter in user space and one parameter in admin space:
<scan>
...
<user>
...
<parameter>
<pname>filename</pname>
<type>string</type>
<label>Output name of the file</label>
<required> false </required>
< default >file</ default >
</parameter>
...
</user>
<admin>
...
<parameter>
<pname>targetDir</pname>
<type>string</type>
<label>Target directory</label>
<required> false </required>
< default >\\server\share%login%</ default >
</parameter>
...
</admin>
</scan>
PARAMETER NAME
The parameter name is an alphanumeric identifier of the parameter. There is a set of special
parameters for each scanning workflow whose names are reserved.
<pname>to</pname>
A value of the data type must be enclosed in tags type. Dynamic "email" type is currently available only
on Konica Minolta Terminal Embedded with the native user interface.
<pname>to</pname>
<type>email</type>
<pname>to</pname>
<label>E-mail recipient</label>
A value of the flag must be enclosed in tags required. Use values true or false, and if tag is omitted,
the default value is false.
Example of definition of a mandatory parameter (user has to enter e-mail of the recipient prior
scanning):
<pname>to</pname>
<type>email</type>
<required> true </required>
DEFAULT VALUE
A parameter may have a default value which must respect data type. This value is used unless
changed either way, typically from the embedded terminal application. As for the scanning with
hardware terminal, the default value field is the only way to provide a value for the parameter.
<pname>filename</pname>
< default >Scan from %email%</ default >
3.4.10 VARIABLES
Variables provide a mechanism to resolve a parameter value according to a context of a scan job. The
variables can be used in default field of the parameter or when entering parameter value from the
scanning application of an embedded terminal. Basically, there are two types of variables:
PREDEFINED VARIABLES
The predefined variables have reserved name and a special meaning. According to the subsystem
where the variable is replaced by a real value, there are two sets of predefined variables:
A Scan server predefined variable is specified as text starting and ending with character "%". Such
variable is substituted with a real value in time the SafeQ server starts processing of scans uploaded
by the MFP. Therefore they may be used on the embedded terminal by a user providing a value for the
parameter. The SafeQ server recognizes the following variables in scanning templates:
Example: Parameter targetDir is a special parameter which defines directory in a file system, where the
scans are stored. Suppose each user in SafeQ has a home directory on the company server galileo
whose name is the same as the username of the user. Then the targetDir parameter may be defined
as follows:
<parameter>
<pname>targetDir</pname>
<type>string</type>
<label>Target directory</label>
<required> true </required>
< default >galileo%userhome%</ default >
</parameter>
A Terminal Server predefined variable is specified as text starting and ending with character "%" and
can be used only when scanning with an embedded terminal. Such variable is substituted with a real
value in time the user opens the scanning application in the embedded terminal and is shown as
default values in input fields of parameter values. The following variables are recognized:
(date) - current date in format set by SafeQ property scanDateFormat in expert options, for
example use yyyy-MM-dd in order to get `2012-12-21` for 21st December 2012.
(time) - current time in format set by SafeQ property scanTimeFormat, for example use HH-
mm-ss-fff in order to get `12-15-00-000` for quarter past twelve .
(username) - username of a currently logged user
The Terminal Server predefined variables are currently not supported by Ricoh ESA
Terminal Embedded.
The Terminal Server predefined variables are not resolved when scanning with Terminal
Professional or Terminal Ultralight.
The Terminal Server predefined variables can also be specified with character "@", but this
possibility is deprecated and is kept only for backward compatibility.
Example: Parameter filename is a special parameter which defines name of the output file. To include
the current time, date and username of the user in the name of the file, the parameter may be defined
as follows:
<parameter>
<type>string</type>
<pname>filename</pname>
TEMPLATE VARIABLES
Template variables don't generally have any special meaning. They are defined in the scanning
template by a parameter definition and are then used typically in default values of other parameters.
They only have meaning when scanning with an embedded terminal, since they're used to carry values
provided by user. Such variable has the same naming convention as a scan server predefined variable,
i.e. it is in form %parameterName%, where parameterName is a name of the parameter
corresponding to this variable.
Example: A typical usage of a template variable is in scanning to fax (scan to script workflow with a fax
script). In default value of parameter script you can see there is variable %faxNum%. When SafeQ
processes the uploaded scan it substitutes this variable with the real value of parameter faxNum
entered by user on the terminal.
<admin>
<parameter>
<pname>script</pname>
<type>string</type>
<label>Script command call</label>
<required> true </required>
< default >\\faxserver\script\fax.cmd %faxNum% %file%</ default >
</parameter>
...
</admin>
<user>
<parameter>
<pname>faxNum</pname>
<type>string</type>
<label>Fax number</label>
<required> true </required>
< default ></ default >
</parameter>
</user>
...
SCAN OPTIONS
Scan options allows predefining settings for a resulting scan document such as resolution, file format or
color. The scan options section starts with tag <options> and ends with tag </options>.
Scan options feature is available only for scanning with embedded terminal, since vendor technologies
are leveraged to setup a scan job according to the settings. When a template with scan options is used
for scanning with hardware terminal, the scan options are ignored.
<options>
<resolution locked= "true" >normal</resolution>
<sides locked= "true" > 1 </sides>
<color locked= "true" >color</color>
<fileType locked= "true" >pdf</fileType>
</options>
It is possible to define that any particular scan option is locked, i.e. it can not be modified by logged
user on terminal. This feature can be set by specifying an attribute locked="true" in starting tag of an
option entity.
RESOLUTION
This option specifies resolution of scanning. There are five possible values sorted from the lowest
resolution to the highest resolution:
low
normal
fine
high
super
Not all technologies and MFP models support all five levels of the resolution. If an unsupported level is
chosen, it is approximated to the nearest possible value.
Resolution KM, Sharp [DPI] Xerox, Ricoh [DPI] FX, FX with XCP [DPI]
COLOR
This option specifies color scheme of a scan. There are following values:
Not all technologies and MFP models support all six color schemes. If an unsupported color scheme is
chosen, it is substituted with the nearest possible value.
<color>auto</color>
The value of output file format option must be enclosed in tags fileType.
Not all technologies and MFP models support all output file formats. If an unsupported file format is
chosen, it is substituted with any other similar file format.
<fileType>tiff</fileType>
1 – simples
2 – duplex
Some technologies and models do not support forcing duplex settings and user has to set it manually.
<sides> 2 </sides>
Despite the scanning templates can be used for both scanning with hardware and embedded terminal,
not all features declared by the template definition are supported by hardware terminals. Therefore,
some features declared by template are ignored when scanning with a hardware terminal:
User parameter space – hardware terminals does not allow user to enter values of parameters,
therefore all parameters in user parameter space are ignored in such templates.
Scan options – hardware terminal does not communicate with vendor technology, therefore
scan options are ignored in such templates.
Terminal Server predefined variables – hardware terminals does not substitute this kind of
variables.
However, you can still use the same template for the both types of scanning; some parts of template
are ignored when scanning with hardware terminal.
SCANNING TO E-MAIL
Default behavior - Scanned documents are delivered to the logged user's e-mail as an
attachment.
Supported parameters:
from – sender of the e-mail. if the value is blank or the parameter is omitted, the sender is
the logged user.
to – recipient of the e-mail. Parameter may be used only once. If the value is blank or the
parameter is omitted, the recipient is the logged user.
filename – name of the files in the e-mail attachment. If the value is blank or omitted, the
file produced by the MFP is not renamed. If there is more files, their names are suffixed
with a value from a numeric sequence.
failoverDir – path to a directory in local or a remote file system, where the scan is stored if
the default delivery via e-mail failed for any reason. UNC paths are allowed.
maxFilesPerMessage – number of scanned documents sent in one e-mail.
Related SafeQ configuration
scan-job-max-size-to-mail – Maximum size of attachments. If the attachment exceeds the
maximum size, the files are stored in directory specified by failoverDir.
scan-email-undeliverable-attempts – Number of attempts to submit the e-mail.
scan-email-undeliverable-timeout – Interval between two submit attempts
email-with-scan-subject – Subject of the e-mail with the attachment
email-with-scan-body – Body of the e-mail with the attachment.
scan-job-too-big-message – Body of the e-mail which is sent to the user who created the
scan if the size of the attachment exceeded the maximum allowed size.
scan-job-changed-destination – Body of the e-mail which is sent when the files couldn't
be sent via email neither moved to the failover directory.
default-scan-folder – path to a directory in local or a remote file system, where the scan is
stored if it couldn't be saved to the failover directory (usually system temp).
Note that old files are deleted from this folder based on name pattern (variables are
Please make sure that filename parameter will not contain characters which can not be used in file,
folder, or shortcut names. For example: \ / : * ? " < > |
<scan>
<name>Scan to e-mail</name>
<destination>email</destination>
<description>Template for scanning to user's email</description>
<options>
<resolution>low</resolution>
<sides> 2 </sides>
<color>bicolor</color>
<fileType>jpeg</fileType>
</options>
<user>
<parameter>
<type>email</type>
<pname>from</pname>
<label>Sender</label>
<required> true </required>
< default >john.doe @ysoft .com</ default >
</parameter>
<parameter>
<type>email</type>
<pname>to</pname>
<label>Recipient</label>
<required> false </required>
< default ></ default >
</parameter>
<parameter>
<type>string</type>
<pname>filename</pname>
<label>Output name of the file</label>
<required> false </required>
< default >Scan from device %devicename% by %name% %surname%</ default >
</parameter>
</user>
<admin>
<parameter>
<type>string</type>
<pname>failoverDir</pname>
<label>Failover directory</label>
<required> false </required>
< default >%userhome%</ default >
</parameter>
<parameter>
<type>string</type>
<pname>maxFilesPerMessage</pname>
<label>Max number of files per email</label>
<required> false </required>
SCANNING TO FOLDER
Default behavior – Scanned documents are moved to the logged user's home directory.
Supported parameters
targetDir – a path to a directory in local or a remote file system, where the files are stored.
If the value is blank or the parameter is omitted, the target directory is the logged user's
home directory.
filename – name of the moved files. If the value is blank or omitted, the file produced by
the MFP is not renamed. If a file with the same name is already present in the target
directory, the file name suffixed with a value from a numeric sequence.
Related SafeQ configuration
default-scan-folder - path to a directory in local or a remote file system, where the scan is
stored if it couldn't be saved to the target directory (usually system temp).
scan-job-changed-destination – Body of the e-mail which is sent when the files couldn't
be saved to the target directory.
Please make sure that filename parameter will not contain characters which can not be used in file,
folder, or shortcut names. For example: \ / : * ? " < > |
Please note that files are stored to the target folder under identity of the service account that
is used to run SafeQ service. The service account must have write access to the target folder.
The only exception is where Kerberos5 authentication (via user credentials or PKI is used). in
this case, whenever the targetDir parameter starts with smb:, system first tries to copy the file
under identity of the authenticated user (using Kerberos TGT).
<scan>
<name>Scan to home folder</name>
<destination>home</destination>
<description>
This is a scan to home scanning workflow with locked options.
</description>
<options>
<resolution locked= "true" >normal</resolution>
<sides locked= "true" > 1 </sides>
<color locked= "true" >color</color>
<fileType locked= "true" >pdf</fileType>
</options>
<user>
<parameter>
<type>string</type>
<pname>filename</pname>
<label>Output name of the file</label>
<required> false </required>
< default >File %file%</ default >
</parameter>
</user>
<admin>
<parameter>
<pname>targetDir</pname>
<type>string</type>
<label>Target directory</label>
<required> true </required>
< default >%userhome%</ default >
</parameter>
</admin>
</scan>
SCANNING TO SCRIPT
Default behavior – Scanned documents are moved to the directory specified by parameter
targetDir and a script call from parameter script is executed. There is one script execution per
each scanned document. This behavior can be changed to process all scanned documents in
single script execution by placing special parameters to script command call.
Supported parameters
filename – name of the moved files. If the value is blank or omitted, the file produced by
the MFP is not renamed. If a file with the same name is already present in the target
directory, the file name suffixed with a value from a numeric sequence.
targetDir – a path to a directory in local or a remote file system, where the files are stored
prior executing the script. This parameter is mandatory for this type of workflow. If the
value is not specified, all files are moved to the default directory.
script – a script command call (includes full path to script and arguments) which is
executed upon each file uploaded from the MFP. This parameter is mandatory for this
type of workflow. If the value is not specified, all files are moved to the default directory.
Related SafeQ configuration
default-scan-folder - path to a directory in local or a remote file system, where the scan is
stored if parameters targetDir or script is undefined or the script returns a non-zero exit
code.
scan-job-changed-destination – Body of the e-mail which is sent when the files are saved
to the default directory.
Processing all scanned documents in single script execution
Alternative behavior to the default, it is triggered by placing %fileList% parameter among
script parameters. Filesystem paths to all scanned documents are then dumped to text
file located in targetDir and %fileList% parameter in script command call gets replaced by
absolute path to this text file. Replaced path to text file then effectively becomes one of
the script parameters. SafeQ then invokes script only one time, it is the responsibility of
the external script to resolve all scanned documents from text file and process
them within single script execution.
Similarly to %fileList%, you can put %metadata% parameter to script parameters. SafeQ
will dump all predefined scan variables into text file and replace %metadata% parameter
with absolute path to this text file. External script can read all predefined scan variables
from this file.
%metadata% parameter is not supported in default behavior.
Please make sure that filename parameter will not contain characters which can not be used in file,
folder, or shortcut names. For example: \ / : * ? " < > |
Also keep in mind that in case your script is on path containing spaces, it has to be enclosed in
double quotes - e.g.:
<scan>
<name>Scan to fax</name>
<destination>script</destination>
<description>
This is a scan to fax workflow. Please enter fax number in the parameters menu prior
scanning
</description>
<keepmetadata> true </keepmetadata>
<options>
<resolution locked= "true" >normal</resolution>
<sides locked= "true" > 1 </sides>
<color locked= "true" >color</color>
<fileType locked= "true" >pdf</fileType>
</options>
<admin>
<parameter>
<pname>script</pname>
<type>string</type>
<label>Script command call</label>
<required> true </required>
< default >\\faxserver\workdir\script.cmd %faxNum% %file%</ default >
</parameter>
<parameter>
<pname>targetDir</pname>
<type>string</type>
<label>Target directory</label>
<required> true </required>
< default >%userhome%</ default >
</parameter>
</admin>
<user>
<parameter>
<pname>faxNum</pname>
<type>string</type>
<label>Fax number</label>
<required> true </required>
< default ></ default >
</parameter>
</user>
</scan>
<parameter>
<pname>script</pname>
<type>string</type>
<label>Script command call</label>
<required> true </required>
< default >c:\Windows\System32\cscript.exe c:\test\script\vbs.vbs</ default >
</parameter>
SCAN TO SHAREPOINT
YSoft SafeQ is able to upload document into Microsoft Sharepoint using the Scan to Script
scanning workflow. The script whose path is provided in the administrator workflow parameter
script is called for each scanned file done by user while scanning on the terminal.
HOW TO SETUP:
1. Enable scanning with terminal embedded and use predefined scanning workflows that will be used
with the MFP (see help for more information about "Workflow scanning").
2. Create and than copy "ScanToSharepoint.cmd" into "C:\SafeQ5\Scan\"
3. Download Curl (http://curl.haxx.se/), unzip and copy content into folder "C:\SafeQ5\scan\". Another
option is ask Customer Support Services to provide it.
4. Import scanning workflow with this content:
<scan>
<name>Sharepoint</name>
<destination>script</destination>
<description>Scan to Sharepoint with fixed path</description>
<options>
<resolution>normal</resolution>
<sides> 1 </sides>
<color>auto</color>
<fileType>pdf</fileType>
</options>
<admin>
<parameter>
<pname>script</pname>
<type>string</type>
@echo off
C:/SafeQ5/Scan/curl --ntlm -u : -X MKCOL % 2 /% 3 /
C:/SafeQ5/Scan/curl -T % 1 --ntlm -u %username%:%password% % 2 /% 3 /
HOW TO USE:
5.
TROUBLESHOOTING:
See cml.log and sharepoint.log in <SafeQ_HOME>\logs folder.
LIMITATIONS
Scans are stored in defined Sharepoint address and also in directory C:/SafeQ5/Scan/
Script ScanToSharepoint.cmd stores username and password and it can be easily read
OVERVIEW
Scanning application is divided into two separate tabs - Quick workflows and Expert workflows.
The Quick workflows tab will display only the scanning workflows that don't have any customizable
parameters (Scan settings is locked and no editable User parameters exist). All other scanning workflows
will be displayed in the Expert workflows tab.
QUICK WORKFLOWS
The scanning workflows in the Quick workflows tab will enable the one click scanning. This means that once
the user selects the scanning workflow, the scanning procedure begins immediately.
EXPERT WORKFLOWS
The scanning workflows in the Expert workflows tab will behave similar as standard scanning application.
This means that selecting a scanning workflow will display page with scan workflow settings before the scan
begins.
In the scan workflow settings page user can adjust workflow parameters or scanning settings before start of
the scanning.
CONFIGURATION
The option to display the scanning workflows in separate tabs or in one tab is configurable in the system
setting by system property separatedScanWorkflows
scan workflows are displayed in one tab when the property is disabled
scan workflows are displayed in two tabs when the property is enabled
DESCRIPTION
This feature allows users to automatically register their ID card to the system based on alternative
authentication mechanism.
USER STORIES
REQUIREMENTS
Users shall be able to self-register ID card (unknown to system) based on Card Activation Code,
generated by administrator on demand or automatically by the system after first registered print.
Users shall receive Card Activation Code via email.
Users shall be able to self-register ID card (unknown to system) based on SafeQ or LDAP/AD
credentials (user name/password) please note that available keyboard charsets might be
different device per device. SafeQ terminal professional uses touchscreen to emulate mobile-
phone-like keyboard (with no special characters). External keyboard is available on request .
Users shall be able to generate Card Activation Code after login to YSoft SafeQ web interface
and later use it for registering the card at the terminal (if this method is approved by
administrator).
Administrator shall be able to generate Card Activation Code for an individual user.
YSoft SafeQ Server must be installed and available within LAN proximity
Identity management must be established
MFP must be equipped with terminal with graphical display (Terminal Professional or
Embedded)
CAVEATS
When using Distributed Server System - Private Cloud, there must be an online connection
available to the Central Datacenter (CML)
This feature is not supported for Smart Cards or Fingerprints.
Due to the security reasons it is not possible to set less then 6 digits Card Activation Code
LICENSING
ID card self-assignment feature is a standalone licensed feature in YSoft SafeQ with following limitation
if license for the feature expires or is not available in a license. Please see License content per version
to review all SafeQ version and availability of a feature.
OVERVIEW
Every user in SafeQ can have any number (usually one) of assigned card numbers. Typically, these
correspond to the ID badges of employees with RFID and/or similar contactless identification chips. There
are many different standards of identification chips, most of which are, however, incompatible between
themselves. SafeQ is able to work with virtually any of them provided that the terminals are equipped with
the right card scanners.
Instead of and/or besides cards, users may also use numeric PIN codes for authentication at SafeQ
terminals. This PIN code is treated as a virtual card number: it is stored in the same place and managed in
the same way. However, for security reasons, a cryptographic hash of the PIN code is stored instead of the
current PIN, so that it is not easy, even for an administrator, to find out the PIN of a user.
REQUIRED ACCESS RIGHTS FOR MANAGING PIN AND CARD ACTIVATION CODES AND CARDS
The administrator needs to have access rights for View list of users and for Add, edit, and delete users.
For assigning a card from web interface, admin needs also rights for List of accesses to terminals.
The PIN code is treated as a virtual card number: it is stored in the same place and managed in the same
way.
Write down PIN to Card ID/PIN field and press save button or green + button.
You can remove currently PIN clicking to it and clicking to red - button.
1. AUTOMATICALLY -- Card Activation Code is generated after receiving first print job from the user.
YSoft SafeQ generates subsequently the Card Activation Code for the user.
2. MANUALLY -- Card Activation Code is generated by the administrator by clicking to Generate Card
Activation Code button.
In case of status Unknown card, PIN, or password, administrator can create new user or assign PIN,
card number to existing user.
Assign card/PIN to Dialog for new user definition is opened and card/PIN is filled in card
new user field. Administrator must fill rest of the required field and save user to
complete action. See Adding and configuring users.
Assign card/PIN to List of existing users is opened and administrator can choose one of
exiting user them. Dialog with selected user definition is opened. Administrator
must save changes to complete action. See Adding and configuring
users.
This feature enables to add or generate PIN with time expiration to users. When the PIN expires, the
user cannot login with this PIN and has to generate a new PIN. New PINs can also be generated by an
administrator. The administrator can set PIN expiration or generate a PIN with the default expiration.
When a user or an administrator generates a new PIN a notification e-mail with PIN and its expiration date
is sent to the user. Another notification email is sent before user's PIN is going to expire.
NOTE: When a user has some PIN(s) defined and a new PIN is generated, all previous PINs are
deleted.
Set PIN expiration and press the Generate PIN button. An e-mail is sent to the user's mailbox, an example
follows:
Configuration
There are several properties related to PIN code generation.
This property enables to set length of the variable part of PIN (without digits in login name) in digits.
PIN-size = 6
Time in days, when the notification e-mail is sent to user before his PIN expires.
PIN-expiration-notification = 7
The following two properties handle the archivation of old PINs. When enabled, the old PINs are written to a
history table. When a PIN is stored in the history table, it cannot be used as an active PIN. After PIN
archivation period expires, PINs are deleted and could be reused.
PIN-history-enabled = false
PIN-archivation-period = 365
Specifies, whether e-mail notifications are sent to the user after a new PIN is generated.
PIN-enable-display-for-user = true
Specifies, whether a newly generated PIN is displayed to the user in a browser popup window.
PIN-enable-display-for-admin = false
DESCRIPTION
SafeQ can manage print data compression using standard ZLIB mechanisms, reaching about 60%
compression rate over standard office prints in PCL or PostScript format
see Configuring Print Data Transfer Compression for configuration and deployment information.
USER STORIES
REQUIREMENTS
CAVEATS
LICENSING
Print data transfer compression feature is a standalone licensed feature since YSoft SafeQ 5.0 with
following limitation if license for the feature expires or is not available in a license. Please see License
content per version to review all SafeQ version and availability of a feature.
Data sent from YSoft SafeQ Client are not compressed and all client configuration is ignored
regarding the data compression.
Data sent from SafeQ server to Terminal Professional is not compressed and data is sent
directly to printer uncompressed.
ADDITIONAL NOTES
following table and represents real-time measurement of data compressions and comparison to thinPrint
(please note that quality reduction has not been enabled on thinPrint)
insurance PDF 143 RICOH 22,00 23 890,89 7:40 6 984,01 2:12 6 997,12
agreement. Aficio min min
pdf MP161
PCL 5e
HP 0:38 0:32
LaserJet min min
1505N
DESCRIPTION
Goal of this feature is to be able to monitor the SafeQ hardware Terminal Professional via SNMP.
Customer is able to see a problem on the terminal immediately after it occurs to be able to respond and
hopefully solve the problem before users start experiencing it.
USER STORIES
FUNCTIONAL REQUIREMENTS
1) The terminal sends SNMP traps (UDP packet) to the management server when the following
conditions are met (according to configuration):
2) The terminal also support SNMP polling and respond to SNMP requests sent from a management
server. The following information are available in the terminal's MIB:
3) The terminal allows user to enable / disable and set SNMP support in its service menu. It should be
possible to switch on/off sending individual traps in the service menu.
CAVEATS
Terminal also contain following items which are not relevant to user interaction with terminal.
.1.3.6.1.4.1.2021.10.1.5.1 = INTEGER: 0
.1.3.6.1.4.1.2021.10.1.5.2 = INTEGER: 3
.1.3.6.1.4.1.2021.10.1.5.3 = INTEGER: 0
.1.3.6.1.4.1.2021.11.50.0 = Counter32: 68634
.1.3.6.1.4.1.2021.11.51.0 = Counter32: 0
.1.3.6.1.4.1.2021.11.52.0 = Counter32: 113747
.1.3.6.1.4.1.2021.11.53.0 = Counter32: 44088492
.1.3.6.1.4.1.2021.11.59.0 = Counter32: 46093471
.1.3.6.1.4.1.2021.11.60.0 = Counter32: 2800901
LICENSING
License coverage of the feature
The feature is not covered by a license which equals to freely available feature in any
installation.
DESCRIPTION
SafeQ supports encryption of print data transfers allowing to print confidential data over insecure
network.
see Configuring Print Data Transfer Encryption for configuration and deployment information.
see YSoft SafeQ Security Overview for detailed information on key management and data
transfer workflow
USER STORIES
REQUIREMENTS
1. All network communication related to the print data from workstation to the network printer shall
be encrypted and authenticated
2. SafeQ Client shall transfer the data to SafeQ Server using SSL/TLS data stream or using AES
cipher (unique session key exchanged via authenticated SSL stream).
3. Client on Windows shall verify server certificate using Windows Certificate store.
4. SafeQ server shall transfer the data to MFP using IPP over SSL data stream.
5. SafeQ server shall verify MFP certificate. SafeQ server shall accept the MFP certificate on first
connection and use this certificate in future.
6. Administrator shall be able to remove the MFP certificate from individual device or all devices
via web interface.
CAVEATS
Server key is stored in password protected key store on server disk. The password is Hard-
coded in SafeQ.
Data are stored unencrypted on the server's hard drive. For server data encryption we
recommend to use Microsoft Windows EFS.
Supported SafeQ versions: SafeQ 5.0
LICENSING
Print data transfer encryption feature is licensed as a part of YSoft SafeQ Client license
CREDIT HANDLING
YSoft SafeQ allows to limit consumption of print, copy and scan services using credit. This is done via
integration with YSoft Payment System.
LIMITATIONS
YSoft SafeQ has minor inaccuracies (far beyond decimal point) in calculated price.
PRINTING
Before the print job is released, YSoft SafeQ reserves the estimated price for the job.
If the reservation fails (e.g. because the user's available balance is lower than the
estimated price for the job) the print job is not released.
When the print job is accounted, the reservation is settled with the final price of the job.
NOTE : Print job parser needs to be set to at least to the option "Render jobs as low resolution (36
DPI) images" in order to use the YSoft Payment System with Y Soft hardware terminals.
COPYING/SCANNING
NOTE : Prepaid copying and scanning is only available with Terminal Professional and Terminal
UltraLight Print&Copy.
This table described ability of hardware terminals prevent users to reach balance value under defined
minimal balance threshold by performing printing/copying/scanning job with higher price, than user's
available balance.
Legend:
- job not even started or interrupted, when there is not enough balance on user's account. Only
printed pages are accounted and charged.
- same as for previous case. But there can are few edge cases, when print job is printed, accounted
and debt is registered on user's account.
- whole job is printed, accounted and charged. Debt is registered on user's account. See more
about debts in Working with Payment System.
Assumption for this behavior is setting "Overdrawn transactions" property to "Allow and register debt if
necessary" in Y Soft Payment System configuration.
reaches value below reaches value below balance reaches balance reaches
reservation amount. reservation amount. value below value below
He cannot perform He cannot perform reservation amount. reservation amount.
other jobs. other jobs. He can perform He can perform
unlimited number of unlimited number of
Solution: Not Solution: Not scan jobs in the scan jobs in the
available. Impact can available. Impact can current session. current session.
be minimized by be minimized by
setting minimum setting minimum Solution: Not Solution: Not
balance and balance and available. Impact can available. Impact can
reservation amount reservation amount be minimized by be minimized by
to appropriate values to appropriate values setting minimum setting minimum
based on job prices. based on job prices. balance and balance and
reservation amount reservation amount
Some devices can
to appropriate values to appropriate values
interrupt scanning,
based on job prices. based on job prices.
so behavior only
scanned pages are
accounted and
charged.
Fuji Xerox
Default Strategy
Example
Limitations
Requirements
DEFAULT STRATEGY
If the user has an account in the Payment System a credit reservation is created for the user
(user without Payment System account has set quotas to unlimited for all operations).
If not zero prices are set for the user.
The amount to be reserved depends on the user's current credit balance and on the price for A4
color page.
If price for A4 color page is 0, then one quarter of the user's current credit is reserved.
If the user's current credit is higher than the price for 100 A4 color pages, then one
quarter of the user's current credit is reserved.
If the user's current credit is lower than the price for 100 A4 color pages, but is higher or
equal to price for 50 A4 color pages, the price for 25 A4 color pages is reserved.
If the user's credit is lower than the price for 50 A4 color pages, then the half of user's
credit is reserved.
Then the quotas are defined according the reserved amount.
Separate quotas are defined for individual operations: color scan, b&w scan, color copy
and b&w copy
Each of quotas (color scan, b&w scan, color copy and b&w copy) is computed from
amount to be reserved. In corner cases debt can be created.
Once the job is finished the accounting information is sent to YSoft SafeQ.
One settlement is generated for all transactions in the given session.
In case the connection to the Payment System is not available, the settlement is sent
once the connection is available again.
For each print job credit reservation is created before print based on price provided by parser.
Once the job is finished accounting info is sent to SafeQ which settles the transaction. When it is
not possible to create reservation the job is not printed.
When the connection to Payment System is lost, it is not possible to create the credit reservation
in the Payment System, therefore the operation is forbidden. In case the connection to the
Payment System is lost during settlement, the settlement is sent later when the connection is
available again.
The initial reservation has a specific time to live, once this time runs out, the reservation is
cancelled.
EXAMPLE
Operation Price
A4 color 2€
page
A4 B/W 1€
page
A4 color 2.5 €
copy
A4 B/W copy 1€
Scan 3€
Available A4 pages: User credit balance in Payment System / price for A4 color page 10 € / 2 €
=5
User has credit for 5 A4 pages (user's credit is lower than the price for 50 A4 color pages), then
half of credit is reserved 10 € / 2 = 5 €
The quotas are calculated the following way
Corner case: User performs all operations allowed by quota's setting ( Maximal price available for
Quota = 3 € + 5 € + 5 € = 13 € ), but user has balance 10 € in Payment System, so debt 3 € will be
created.
3.4.19 LIMITATIONS
Quotas are applied separately for color and bw copy or scan jobs.
Different quotas are defined for color/bw pages. Those quotas are consumed
independently which means that if the user depletes the quotas for color pages, he/she
is still allowed to copy/scan in bw because the quotas for bw pages remained
untouched.
Users can be prevented to from scanning only in case they do not have enough credit
before the scanning actually starts. It is not possible to interrupt the scanning operation
that is in progress in case the quotas are depleted.
Print all will print all waiting jobs regardless of user actual credit. Direct prints are not charged
In case the MFP is busy after the defined time to live runs out.
Prints performed from SafeQ are handled individually by YSoft SafeQ subsystems according
to prices estimated by print job parser. For other types of print (e.g. print from USB), there are
quotas set by SafeQ and handled by the device itself.
The print quotas are set during log in and are not consumed when printing from SafeQ.
Therefor, when using both print from SafeQ and other types of print in a single session,
user can go into dept.
3.4.20 REQUIREMENTS
For proper function the print job parser needs to be enabled and set to render jobs.
Two different quota reservation strategies can be used, the selected strategy is configured by the
configuration option "Use default quota toggling strategy for FujiXerox " (
fujiXeroxEnableDefaultQuotaTogglingStrategy ) in the System Settings.
If the configuration option is set to enabled, the quotas on YSoft SafeQ Embedded Terminal for Fuji
Xerox are calculated from for all operations (color scan, bw scan, color copy and bw copy). This
allows the user to perform all operations but with smaller quotas for each operation.
Enabled is the default setting.
If the configuration option is set to disabled, the user is forced to select the desired operation after
authentication, the quotas are then calculated only for the operation the user selected.
BEHAVIOR WITH "USE DEFAULT QUOTA TOGGLING STRATEGY FOR FUJIXEROX " ENABLED
Reservation strategy
If the user has an account in the Payment System a credit reservation is created for the user (user
without Payment System account has set quotas to unlimited for all operations).
If not zero prices are set for the user.
The amount to be reserved depends on the user's current credit balance and on the price for A4
color page.
If price for A4 color page is 0, then one quarter of the user's current credit is reserved.
If the user's current credit is higher than the price for 100 A4 color pages, then one quarter of
the user's current credit is reserved.
If the user's current credit is lower than the price for 100 A4 color pages, but is higher or equal
to price for 50 A4 color pages, the price for 25 A4 color pages is reserved.
If the user's credit is lower than the price for 50 A4 color pages, then the half of user's credit is
reserved.
Then the quotas are defined according the reserved amount.
Separate quotas are defined for individual operations:
color scan
bw scan
color copy
bw copy
Each of quotas (color scan, bw scan, color copy and bw copy) is computed from amount to be
reserved. In corner cases debt can be created.
Once the job is finished the accounting information is sent to YSoft SafeQ.
One settlement is generated for all transactions in the given session.
In case the connection to the Payment System is not available, the settlement is sent once the
connection is available again.
For each print job credit reservation is created before print based on price provided by parser. Once
the job is finished accounting info is sent to YSoft SafeQ which settles the transaction. When it is not
possible to create reservation the job is not printed.
When the connection to Payment System is lost, it is not possible to create the credit reservation in
the Payment System, therefore the operation is forbidden. In case the connection to the Payment
System is lost during settlement, the settlement is sent later when the connection is available again.
Example
Operation Price
A4 color 2€
page
A4 bw page 1€
A4 color 2.5 €
copy
A4 bw copy 1€
Scan 3€
Available A4 pages: User credit balance in Payment System / price for A4 color page 10 € / 2 € = 5
User has credit for 5 A4 pages (user's credit is lower than the price for 50 A4 color pages), then half
of credit is reserved 10 € / 2 = 5 €
The quotas are calculated the following way:
Corner case: User performs all operations allowed by quota's setting ( Maximal price available for Quota
= 3 € + 5 € + 5 € = 13 € ), but users balance in the Payment System is 10 €, this means that that the debt of
3 € will be registered for the user .
BEHAVIOR WITH "USE DEFAULT QUOTA TOGGLING STRATEGY FOR FUJIXEROX " DISABLED
Reservation strategy
User authenticates on the terminal and the terminal checks whether the user has an account in the
Payment System.
If so the user is forced to select the action for which the quotas will be defined, the options are:
Print
Scan
Copy
All available credit is used to calculate quota for the selected operation (apart from Print), quotas for
other operations are set to 0.
Separate quotas are defined for color / bw operations
Print quotas are not set as print is handled by YSoft SafeQ subsystems according the prices
estimated by print job parser
User is allowed to perform only the selected operation (either print, copy or scan)
Example
Operation Price
A4 color 2€
page
A4 B/W 1€
page
A4 color 2.5 €
copy
A4 B/W copy 1€
Operation Price
Scan 3€
Whole user credit will be reserved 10 €. Suppose user will select Copy operation.
The quotas are calculated the following way:
A4 color 10 € / 2 € = 5 2 € * 5 = 10 €
copy
A4 B/W 10 € / 1 € = 10 1 € * 10 = 10 €
copy
Corner case: User performs all operations allowed by quota's setting ( Maximal price available for Quota
= 10 € + 10 € = 20 € ), but user has balance 10 € in Payment System, this means that that the debt of 10 €
will be registered for the user .
DIAGRAM
LIMITATIONS
Print quotas are not set (print is handled by SafeQ subsystems according the prices estimated by
print job parser).
Print jobs are handle by SafeQ because Fuji Xerox devices do not have working "stop on
zero" feature for print.
Quotas are applied separately for color and bw copy or scan jobs.
Different quotas are defined for color/bw pages. Those quotas are consumed independently
which means that if the user depletes the quotas for color pages, he/she is still allowed to
copy/scan in bw because the quotas for bw pages remained untouched.
Payment System with direct print doesn't work, users are not charged for the direct prints.
Print all will print all waiting jobs regardless of user actual credit.
REQUIREMENTS
For proper function the print job parser needs to be enabled and set to render jobs (because of
handling print jobs by SafeQ - Fuji Xerox "stop on zero" limitation).
Info
All transactions in a user's session on a terminal are settled only after user logs out.
When the connection to YSoft Payment System is lost, the terminal holds the transactions
that need to be settled and repeats the attempt every 5 minutes (this value can be
configured).
The following information also applies to Develop and Olivetti MFP's.
When MFP receives balance = 0 from SafeQ server during print/copy/scan operation and
negative credit not allowed, possible operation at MFP is logout by ID button, confirm job
only. Even if some job type has cost = 0, MFP does not accept execution of jobs from the
MFP panel. Job execution other than from the pannel is possible (eg. Print job = cost 0 and
direct print is used when credit balance is 0).
1. User logs into YSoft SafeQ Embedded Terminal for Konica Minolta.
2. The Embedded Terminal checks if user has a Payment System account.
If not, zero prices are set for the user.
3. YSoft SafeQ creates a initial reservation for 10 large color duplex pages from the user’s balance. The
reserved amount is rented to the MFP. Initial reservation is mandatory due to specific handling of
charging by Konica Minolta devices.
If the user does not have enough credit to create a reservation for 10 large color duplex
pages, then the entire remaining user's credit is rented.
If user has no credit, reservation of 0 is created.
If price for large color page is zero, reservation is 10 times sum of maximum paper price and
maximum operation price. Note, that large One Color print is counted as 2 times normal One
Color print, which is defined in price list.
If all prices are zero, reservation of 1 is created (and later settled as zero).
4. User releases a print job from the secure queue.
5.
5. a) If the parser is enabled and if the price for the job is correctly estimated, SafeQ checks if the user's
balance (including the reserved amount) is equal to or greater than the estimated cost of the job. If
not, the print job is not released to the MFP and the user is informed.
b) If the parser is disabled or set to option "Only analyze jobs", it might not be possible to reprint
a print job for which the user does not have sufficient balance. Depending on the version of firmware
of the MFP, the MFP shows one of the following messages:
Insufficient funds.
Touch [Continue] to continue the job.
touch [Job End] to cancel the job.
[Continue][Job Finished]
Due to insufficient funds, the job could not be processed.
The job was deleted.
[OK]
Upon tapping on Job finished or OK, the job is removed from print queue and its state is either
Canceled (in case a configuration option "Delete after print" is disabled) or Deleted (in case
the "Delete after print" is enabled).
6. If the user's balance is sufficient, SafeQ releases the print job to the MFP.
7. Job is printed.
8. In case the rented amount is depleted during print, the MFP asks for next rental.
SafeQ reserves the cost of 10 A3 color pages from the user’s balance and rents the amount to
the MFP.
The original reservation amount increased.
If the user has no more balance available, the current job is stopped or rejected.
9. Print job is accounted by SafeQ.
10. User logs out from the terminal.
11.
11. MFP computes the total amount of not used rentals and returns it to SafeQ.
12. SafeQ computes the real cost as follows: real costs = total rentals – not used total rentals.
13. SafeQ charges the real costs from user’s account (the reservation is settled with the real cost and the
reservation is closed).
Warning
In case the user has insufficient credit to print the entire print job, it may happen that the job gets
stuck. The MFP is in the state Printing error which causes all the following print jobs to be blocked.
To unblock the MFP, either the job needs to be deleted on the MFP using standard administrator's
credentials or the Terminal Server needs to be restarted.
1. User logs into YSoft SafeQ Embedded Terminal for Konica Minolta.
2. The Embedded Terminal checks if user has a Payment System account
If not, zero prices are set for the user
3. YSoft SafeQ creates a initial reservation for 10 A3 color pages from the user’s balance. The reserved
amount is rented to the MFP. Initial reservation is mandatory due to specific handling of charging by
Konica Minolta devices.
If the user does not have enough credit to create a reservation for 10 large color duplex
pages, then the entire remaining user's credit is rented.
If user has no credit, reservation of 0 is created.
If price for large color page is zero, reservation is 10 times sum of maximum paper price and
maximum operation price. Note, that large One Color print is counted as 2 times normal One
Color print, which is defined in price list.
If all prices are zero, reservation of 1 is created (and later settled as zero).
4. User asks SafeQ for starting a copy/scan job.
5. User makes copies/scans as long as the balance is sufficient.
6. SafeQ accounts the copy/scan jobs.
7. User logs out from the terminal.
8. MFP computes the total amount of not used rentals and returns it to SafeQ.
9. SafeQ computes the real cost as follows: real costs = total rentals – not used total rentals.
10. SafeQ charges the real costs from user’s account (the reservation is settled with the real cost and the
reservation is closed).
Print job parser needs to be set to at least to the option "Render jobs as low resolution (36
DPI) images" in order to use the Payment System with Ricoh Embedded Terminal.
The copy operation may not stop immediately once the minimal balance is reached.
Depending on the device, there can be a small delay that allows the users to overrun their
balance. For example MP C305 price for 2 A4 copies but stopped after 6.
COPYING
When user requests copying, initial reservation is created. Reservation is driven by SafeQ
pricePerPageReservationStrategyForCopyOnHwTerminal and
pagesCountReservationForCopyOnHwTerminal properties available in SafeQ system settings.
Formula for creating reservation is: MIN|MAX from user price list where Price != 0 *
pagesCountReservationForCopyOnHwTerminal.
If the user does not have enough credit for the initial reservation, he is not allowed to copy.
When all prices are equal 0 user has no restriction and can copy for free.
Reservation can be modified during copy session as the number of copies increases and
additional money needs to be reserved from user's account, but till there is enough money on
user's account.
PRINTING
The estimated price of the job received from SafeQ is reserved in Payment System.
If the reservation is successful, the job can be printed. After the job is printed, the actual price of
the job is calculated and settled.
SCANNING
Once the document is scanned, the actual price for the job is computed and the terminal tries to
allocate this amount in the Payment System.
If allocation is successful, the allocated amount is immediately reserved amount is immediately
settled in Payment System. If the reservation is unsuccessful, the whole scan job is discarded.
3.5 PRINTING
Samsung quota mechanism is designed to asks for closest highest 10 pages. E.g. if 3 pages should be
printed, then money for 10 pages must be reserved. If 11 pages should be printed, then money for 20
pages must be reserved. Once job is done the rest of money is returned immediately to user's account.
3.6 COPYING
There is the same behavior as described in print above. Samsung asks for closest highest 10 pages.
3.7 SCANNING
Samsung asks for 1 quota per single page. If 3 pages are scanned, then 3 pages will be reserved. If 11
pages should be scanned, then 11 pages will be reserved.
Quota calculation
Printing
Secure print
Direct print
Copying
Scanning
The print/copy operation may not stop immediately once the minimal balance is
reached. Depending on the device, there can be a small delay that allows the users to
overrun their balance by about 4 pages.
When the job is suspended due to insufficient funds, the following behaviour differs
depending on the supported OSA version.
OSA version < 4.0 It is not possible to print, copy or scan on the device, unless the
suspended job is manually deleted.
OSA version >= 4.0 Suspended scan and copy jobs are automatically deleted; Print
jobs are stopped and waiting for user input (retry / delete).
If more jobs are printed in one batch, it might happen that the following jobs are suspended
even though the user has enough credit.
The reason for this is that the quota calculation for the next job is done before the
accounting information from the previous is sent.
The suspended jobs can be released by on the "Limits" native screen, here it is
possible to select the suspended job and re-check the limits. After confirmation the
job is released.
After user authenticates on the terminal, the terminal checks whether the user has an account in
the Payment System. If not, zero prices are set for the user.
3.9 PRINTING
In case the user does not have enough balance to print the selected job or in case the user
reaches the minimum balance when printing, a warning message appears on the terminal
informing the user that the job has been suspended.
The "Limits" button appears on the screen, this button navigates the user to the native screen,
where the suspended job will be displayed. From this screen it is possible to delete the
suspended job.
In case the user does not have enough balance to print the direct print job, the SafeQ
application appears with a warning message informing the user that the job has been
suspended.
3.10 COPYING
In case the user does not have enough balance to begin copying a warning message is
displayed informing the user that the limit of pages has been reached and the copy job is
denied.
In case the user reaches minimal balance while copying, the behaviour differs depending on the
OSA version
OSA version < 4.0
In case the user reaches minimal balance while copying, the copy job is
suspended.
The "Limits" button appears on the screen, this button navigates the user to the
native screen, where the suspended job will be displayed. From this screen it is
possible to deleted the suspended job.
OSA version >= 4.0
In case the user reaches minimal balance while copying, the copy job is deleted
and only pages which were already copied are accounted.
3.11 SCANNING
In case the user does not have enough credit to begin with the scanning, the scan operation is
stopped.
Sharp devices currently do not allow the ongoing scan operation to be stopped in case the
minimal balance is reached.
When the connection to PS is lost, it is not possible to create the reservation in the Payment
System, therefore the operation is restricted.
DESCRIPTION
This feature allows users to see various representations of their balance, including their personal and
virtual balance separately.
USER STORIES
1. As a User I want to see my personal and virtual balance separately, so that I can see which
balance I am using.
2. As a User I want to see all my available balance, so that I can see how much I have left to be
used. (This is useful for cases when minimal balance is not zero.)
3. As a User I want to see my actual account balance to clearly see when I am in debt.
REQUIREMENTS
Users should understand that personal balance is their real money they deposited to their
accounts.
Users should understand that virtual (bonus) balance is the balance they received without
spending their real money, usually by automatic recharges.
Users should understand that available balance is the balance they can use and that they will be
restricted to do any charged actions when this balance reaches zero.
YSoft SafeQ Server must be installed and available within LAN proximity
YSoft Payment System must be installed and configured
YSoft SafeQ Embedded Terminal must be installed on the MFP(s)
LICENSING
"Showing personal and virtual balance" feature is under a standard license.
CONFIGURATION
To configure "Showing personal and virtual balance" feature, go to YSoft SafeQ web interface and
authenticate with an account with administrative rights. In Views menu switch to Advanced options,
then go to System > System settings. Under YSoft Payment System tab search for property
preferredBalanceType. There are three possible values:
Available balance - The balance shown on the terminal represents the user’s total balance. The
displayed balance represents formula (personal + virtual - minimal) balance.
Separated balances - The terminal shows the user’s personal and virtual balances separately.
An example of a representation would be "EUR 20.52 (+ 13.04) ", where the virtual balance is in
the green font. This is except to the native type of YSoft SafeQ Embedded Terminal for Konica
Minolta, where the representation would be "EUR 20.52 (+ 13.04 bonus)".
Available balance without minimal balance - The balance shown on the terminal represents how
much credit is available on the user’s account without including their minimal balance. The user
may have a negative value if their minimal balance is negative. The displayed balance
represents formula (personal + virtual) balance.
3.11.22 DIFFERENCES BETWEEN SHARED QUEUES AND DELEGATION PRINT (VIP SHARED
QUEUES)
OVERVIEW
This article describes differences between shared queues and Delegation Print (aka VIP shared queues).
ACCOUNTING DIFFERENCES
There are no accounting differences between terminal types. Shared job is always accounted to user,
who released the job. No matter if shared queue is VIP or not.
a) printSharedJobs=Disabled
If some another member of shared queue (no matter if VIP or not) sign in, behavior depends on terminal:
Terminal professional and SRET: Shared job is not visible in main menu. Job is shown only in
waiting jobs list.
Terminal embedded: Shared job is shown in main menu (for example Print(1)) but it is not
possible to print it from main menu. This job can be released only from waiting jobs tab.
b) PrintSharedJobs=Enabled
If some another member of shared queue (no matter if VIP or not) sign in:
In case, that job is accounted to user, who released the job, BC of user who sent the job is used.
3.11.23 PRINTING FROM USB ON YSOFT SAFEQ EMBEDDED TERMINAL FOR KONICA MINOLTA
OVERVIEW:
USB print behaves differently on devices with different OpenAPI versions. Based on the selected
authentication method and OpenAPI version, the print from USB might be:
not supported
supported
supported with additional authentication screen shown on the panel
The additional authentication screen is an empty screen with title User authentication and two
buttons OK and Cancel. The screen appears after a document from USB is chosen. To continue,
click OK.
When using a combination of OpenAPI and authentication option for which the USB print is not
supported, the additional authentication screen is displayed too, but the OK button is not enabled
(it is greyed out and cannot be activated).
OpenAPI differences:
Card with
additional
authentication
Two-factor with
additional
authentication
with additional authentication - print from USB requires additional authentication (user needs to confirm
the credentials or provide some other type of credentials)
3.11.24 SUPPORT FOR REGIONAL CHARACTERS IN JOB NAMES - SETUP AND USAGE
PREREQUISITES
LIMITATIONS
2 Log into Embedded Terminal and navigate to job list. Double-byte job names are shown
correctly.
3.11.25 SUPPORT FOR REGIONAL CHARACTERS IN JOB NAMES - XEROX AND RICOH
DESCRIPTION
This feature solves need of countries where non-latin alphabets are being used (such as Hebrew,
Arabic) to use Embedded Terminal. It makes it possible to display characters that are not supported by
the MFP in the Job list as images.
When an MFP does not support regional characters in job names, it used to be nearly impossible to
use the Embedded Terminal as users couldn't determine which job should be printed from the job list.
The support allows users in various regions to enjoy Embedded Terminal experience even if MFP does
not support their characters by default.
Please see Support for regional characters in job names - setup and usage for details of usage.
SUPPORTED FEATURES
Copy Tracking
Scan Tracking
Print Roaming
Card self-assignment
Print data transfer if the device supports IPP/SSL if the device if the device
encryption (or special firmware required) supports IPP/SSL supports IPP/SSL
Terminal localization
When using application-based failover system without shared spooler, in case of server failure all
print jobs stored on failed server become unavailable for release on SafeQ terminal and user has to
print them again from the workstation. Print jobs may be available again after server recovery.
All currently running operations on failed server are cancelled and user has to start operation again (i.
e. re-authenticate to the terminal and release jobs again or re-start copy/scan session).
Copy or scan job might be not accounted (depends on tracking technology).
Connection recovery function might take few minutes, terminals are not available during this time.
The YSoft SafeQ USB Card Reader v2 can be connected simply to a multi-functional printer (MFP) and
serves for user authentication using a card. The card must be assigned to a user in the YSoft SafeQ
system. After successful authentication the user can use the device and perform his/her print, copy or scan
jobs (depending on the device).
The YSoft SafeQ USB Card Reader v2 can also be connected to workstations and used with YSoft
Payment System cash desk application or with the YSoft SafeQ client for authentication.
SYSTEM OVERVIEW
The YSoft SafeQ USB Card Reader v2 has the following characteristics:
Connection and power supply of the card reader via the USB host interface.
Compatibility with some other MFP applications
HARDWARE COMPONENTS
Parameter Value
Voltage 5V DC
Cable length 2m
NOTE: List of shown certificates is not complete and may depend on exact product part number.
NOTE: List of shown certificates is not complete and may depend on exact product part number.
4 ADMINISTRATIVE GUIDES
At A Glance
This page contains procedures and tutorials describing how to use SafeQ.
Reporting
How to setup Rule based printing (Configuring and using Rule-based Engine)
How to setup Secured print / Print roaming (Configure secure printing and Print roaming)
How to setup Print roaming (Configuring Print Roaming)
How to use Print queue management and re-print (Configuring Print job list management)
How to setup User Print sharing (Configuring and using Shared Queues)
How to setup Workgroup print sharing (Configuring and using Shared Queues)
How to setup Authorized copying (Configuring Authorized Copying)
Scan Management
Mobile Printing
How to setup Web Printing and Email Printing for Mobile Devices (Configuring Mobile Print Server)
How to setup User Print Roaming (Configuring User Roaming)
This Quick Start Guide enables you to quickly and easily install YSoft SafeQ and set it up for direct printing.
In addition, this guide includes links to pages where you can find more information about installing and
setting up YSoft SafeQ, such as detailed installation instructions and how to add printers to the YSoft SafeQ
system.
When you download the YSoft SafeQ package, you get everything you need to install the system. The
package also includes important tools and standalone applications that can help you configure and
troubleshoot YSoft SafeQ, as well as documentation that provides basic and detailed information about
various aspects of the system.
Once you have the YSoft SafeQ installation package, you can begin the installation. However, to make sure
your installation is successful, before you begin, consider the following important preliminary requirements:
A physical or virtual server must be available, dedicated for the YSoft SafeQ system and which
meets the requirements to support YSoft SafeQ functions.
MFPs and other printers that will be used with YSoft SafeQ must be configured and connected to the
network, and the associated required print drivers and hardware components (for example, terminals
or network readers) must be available.
If you plan to integrate YSoft SafeQ with a User Domain such as Active Directory, Novell, or
OpenLDAP, make sure you have all required information, especially domain controller access
/connection information and user directory FDQN.
If you plan to connect embedded, browser-based terminals (FX, KM, Sharp, Xerox) with Windows
2008 R2 or Windows 7, make sure that in "Server Role Manager - Features" or "Programs and
Features", ".NET WCF Activation" feature(s) are enabled.
Make sure you have a valid, new activation key.
NOTE: The activation key is hardware-bound and once used cannot be re-used by a different
computer.
When you are sure your system meets all the prerequisites, you can begin the YSoft SafeQ installation.
With the interactive installer, all you need to do is to run the installation file and follow the steps in the
installation wizard. You can choose between the default installation or a customized installation. The
default installation will install YSoft SafeQ with the recommended settings, but with a customized
installation, you can set all the settings yourself.
1 Obtain and run installation file ysf-sq5-install.exe from YSoft Partner Portal. Once you have the file
and the server is ready for installation, you can begin YSoft SafeQ installation.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything necessary for
installing a fully functional YSoft SafeQ server.
2 Select a language that will be used for the installation process. This language will also be used as
the default language for the YSoft SafeQ system.
NOTE: You can change the language for YSoft SafeQ at any time after installation is done.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree,
click Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This procedure
checks several conditions and determines if the server meets all requirements for YSoft SafeQ
installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, installation can continue. If there
are problems, installation cannot continue. If any warnings or problems are indicated, review the
warnings and resolve the problems, then continue.
Accept the default YSoft SafeQ server installation folder, database engine, and IP
address.
7 If you chose the default installation, the installer displays the account name and password for the
database. The password is automatically copied to the clipboard. Save this password to a safe
place so that you can either use it when you need it or change it if you want.
Click OK.
8 The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server. In case you wish to see detailed installation
progress, press Show details button (or D key).
9 The last page of the wizard informs you about the results of the installation process and gives you
the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to close the
installation wizard.
If an error occurred during the installation process, please check the following log files that were created
during the process. All the installation log files are located in the YSoft SafeQ installation folder.
pginstall.log - contains information about PostgreSQL installation (if you selected PostgreSQL as
the database to install).
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
NOTE: On servers with a firewall, it may be necessary to enable several network ports. See YSoft
SafeQ Network communication overview for more information.
At the end of the installation, you can set up the YSoft SafeQ system for use.
To use YSoft SafeQ, log into the YSoft SafeQ Administrative Web Interface. The default login credentials
are:
user: admin
password: admin
For the best experience, use Microsoft Internet Explorer v9 or Google Chrome.
If you use a web browser and your YSoft SafeQ web interface is configured to use a different port
than the standard port 80, you must enter the complete URL, including the prefix "http", in your Web
interface (e.g.: http://safeq_ip:8080/).
You can choose the language of YSoft SafeQ web interface by clicking a national flag.
After installation is complete, SafeQ must be activated. YSoft SafeQ supports two types of activation:
online and offline. The system requires an activation key, which is a part of the license agreement you
received after the product was purchased.
(See Activating YSoft SafeQ for a detailed description of the activation process.)
Using the online activation method - Log into the YSoft SafeQ Web Interface as administrator and, on the
Dashboard, enter the activation key. YSoft SafeQ automatically contacts the YSoft Partners Portal and
downloads the license.
If the YSoft SafeQ server is not connected to the Internet, perform the Using the offline activation method
procedure.
You can now start working with YSoft SafeQ. On the Dashboard, follow the Welcome to YSoft
SafeQ wizard to begin. Additional help and instructions are available in the YSoft SafeQ Web
Interface --- click the help icon located in the top right corner of the page.
After you log in, the YSoft SafeQ Dashboard page opens. A list of widgets is available that you can
use to get information about various YSoft SafeQ functions.
The most important first step is to use the Welcome to YSoft SafeQ widget. This widget shows you
the steps you need to perform before the YSoft SafeQ system is ready to use.
If you need more information about the initial YSoft SafeQ settings, see Widgets - Welcome to YSoft
SafeQ in the Help pages.
If you use Active Directory and want to integrate YSoft SafeQ with your AD domain, follow these steps.
Otherwise, add users manually using User list.The following steps will guide you through the default Active
directory integration setup. For advanced and expert options please refer to LDAP Integration - Advanced
and Expert settings.
1 Open the LDAP integration wizard through the Welcome to YSoft SafeQ Widget at the main screen.
NOTE: The settings for LDAP replication can be also found on the web interface: Users ->
Actions... -> Connect to LDAP
On the Connection tab, you can setup the integration setting with LDAP.
The Scheduling tab gives you the possibility to schedule the run of replication. All settings are
revealed after you check the Enable regular synchronizations checkbox. The options are:
Start full replication - Here you can select the days and times for full replication, by
clicking checkboxes.
Start differential replication - Here you can specify the hours or time interval from the
last replication to start differential replication. This type of replication will be started every
day.
NOTE: You have to restart YSoft SafeQ CML services to apply these changes.
The Status tab contains only information about the last synchronization with the LDAP server (date,
duration and result) and the count of added/updated/deleted users, cost centers and roles.
Many YSoft SafeQ features require a terminal that controls the associated printer/MFP. For information
about installing and configuring terminals, see Installing and configuring YSoft SafeQ Terminals. (You can
also access this information in the YSoft SafeQ Web Interface Help pages.)
4.6.10 ABOUT DIRECT PRINTING AND FORCED B/W PRINTING FROM WINDOWS WORKSTATIONS
Direct printing tracks prints without interfering with the standard workflow for users. At the workstation, the
user sends a print job and it is delivered through YSoft SafeQ directly to the printer without any
additional delay in processing. Direct printing is the method of printing in YSoft SafeQ that most closely
resembles printing in a traditional network printing environment.
In order to implement direct printing, you must first add a printer to YSoft SafeQ and then add it to the
Windows workstation.
3.
3. Proceed through all the device setup pages, selecting settings according to your needs. (Skip the
Terminal page settings unless you want to connect a terminal to the system; a terminal is not
required for direct printing.)
4. On the Direct printing page, click Add queue and enter a unique name for the direct printing queue.
We recommend a name such as direct-<name of the machine>, for example direct-printer1.
5. Click Save Device to save the printer.
In the Windows Add Printer wizard, set the printer port to send print jobs to YSoft SafeQ. This enables you
to use YSoft SafeQ to track prints.
LPR is a network protocol for submitting print jobs to a remote printer (the YSoft SafeQ server in this case).
This page explains how to configure a printer in Windows to use LPR for printing.
2 Select the printer you want to install from the list or press The printer that I want isn't listed.
In the case you have directly selected printer to install from the list, the printer will be
automatically installed.
In the case you have selected The printer that I want isn't listed, continue with
following steps.
4 For Hostname or IP address, enter the address of the printer; then enter a name for the port.
5 Skip Additional port information required by pressing Next button (optional step)
6 From the list of printer drivers, select the appropriate driver (or select a driver from the disk).
7 Enter a name for the new printer; then wait for the installation process to finish. Select other options
according to your needs (sharing, setting the printer as default, test page printing); then finish the
wizard.
8 Right-click the new printer; then select the Printer properties option. Select the Ports tab.
The port you created should already be selected and highlighted. Click Configure Port.
9 Change the Printer Name or IP Address to the IP address of the YSoft SafeQ server.
Note: In the case, you won't be able to edit Port settings, select the printer in Devices and Printers
tab > click Print server properties > Ports > Change Port Settings > select the port you created in step
4 and click Configure Port
Now the workstation is configured to send print jobs to the YSoft SafeQ server.
CONFIGURING ROLES
The last thing you need to do is to set up access rights and/or restrictions. These rights and restrictions
are determined by Roles you define in the YSoft SafeQ system. YSoft SafeQ includes some predefined
roles. If you want to create your own role:
1. In the YSoft SafeQ Web Interface, select Users > Role list > Add new item.
2. Each user can be assigned one or more roles. To assign a role to a user, edit the user and assign a
role to him or her on the Roles page.
3. After you create a role and assign it to users, select Rules > Access definition.
4. Create an access definition for the new role: Click Add new item; then select the role and the
group of devices where the printer is installed (group Default by default).
5.
5. Allow or restrict use of the printers in this group by clicking the icons below the print, copy and color
options. A green check means that users the role is assigned to are permitted to perform the
operation; a red cross means they are not permitted to perform the operation. By default, users
are permitted to perform all operations. To force black-and-white printing for all users the role is
assigned to, change the color icon to a red cross.
6. After the settings are complete, click Add.
YSoft SafeQ installation cannot proceed - Check to make sure the server meets all the
prerequisites for YSoft SafeQ installation. If you use the graphical YSoft SafeQ installer, after the
preinstallation check is performed, the Warnings and Problems sections provide information about
conditions that have not been met.
YSoft SafeQ installation fail - If the installation proceeds but fails, look in the installation log files to
see if you can find the possible cause of the failure. All installation log files are in the YSoft SafeQ
program folder. The files are:
pginstall.log - contains information about PostgreSQL installation
sqinstall.log - contains information about the entire YSoft SafeQ installation process
Activation issues - If you encounter any issues during the activation process (online/offline), first
make sure you are using the correct activation code. Both online and offline activation processes tell
you exactly where the fault is, so troubleshooting should be easy.
A print job sent to the printer was not printed - If you sent a job to YSoft SafeQ but it did not print,
there can be several causes:
1. In the YSoft SafeQ Web Interface, go to the Job list and check to see if the job is listed there.
If the job is not listed in the Job list, the printer's settings on the Windows workstation
may not be correct. Verify that the printer and its port are configured exactly as described in
this guide and that the queue to which you send the print job has been created in YSoft
SafeQ.
If the job is in the Job list, check the job's details to see why the job was not printed.
2. Other causes of this problem can be incorrect printer settings in YSoft SafeQ (IP address,
queue name, etc.) or incorrect access settings for the printer. You can usually find these causes in
the details about the job in the Job list.
3. If you cannot find the cause of the issue, contact Y Soft Customer Support Services, who will
be glad to help you.
Table of Contents
Reports
Devices
Users
Rules
System
Note: Some of the descriptions may vary based on your configuration or license.
Mozilla Firefox
Google Chrome
Internet Explorer 9 or higher
Internet Explorer 8 is supported, but may be slow in some cases
Compatibility view is not supported
Note: Web administration is compatible with any ACID3 compatible website browser.
Error rendering macro 'excerpt-include' : No link could be created for 'Web interface – Overview'.Error
rendering macro 'excerpt-include' : No link could be created for 'Web interface – Dashboard'.
4.7.1 REPORTS
Job list – List and audit log of all print, copy, and scan jobs tracked by YSoft SafeQ (see Managing
jobs in the Job list).
Web reports – Centralized interface for accessing Usage and Costs Reports and Green Reports (see
Using Web reports).
CRS reports – Management interface for data transfers to Central Reporting Services (see Using
CRS reports).
ORS overview -- Status overview and audit log for ORS connectivity in a distributed server system
(see Distributed Server System - Private Cloud and Viewing ORS status information).
NOTE: This option is not available when no ORS is installed.
Terminal accesses -- Audit log of all access attempts from YSoft SafeQ Terminals (see Terminal
accesses).
Reporting tools:
Automatic file reports -- Schedule regular exports of reports to a file (see Tools - automatic file
reports).
Automatic e-mail reports – Schedule regular exports of reports to defined e-mail addresses
(see Tools - automatic e-mail reports).
Data repair operations log – (see Tools - data repair - operations log).
Data repair (see Data repair).
Data repair manual counters readout (see Data repair manual counters readout).
4.7.2 DEVICES
Printers list – Lists all devices managed by YSoft SafeQ (see Using the Printers list).
Terminals list – Lists all terminals connected to devices (see Terminals ) .
Device templates – Templates for automating the process of adding devices to YSoft
SafeQ (see Device Templates).
Shared queues for user shared printing (Delegation Print (VIP Shared Queues) and
workgroup shared printing (Workgroup print sharing (Shared Queues) (see Shared
Queues).
Device management tools
Tools - Batch editing
Tools - Printer types
Tools - User tags
Error rendering macro 'excerpt-include' : No link could be created for 'Web Interface - Projects'.
4.7.3 USERS
Users list -- List of users registered in the YSoft SafeQ system (in the Identity management
database) (see Managing users in the Users list).
Roles list – List of available user roles (see Managing roles in the Roles list).
Cost centers -- List of cost centers (usually based on departments) (see Managing cost centers).
User management tools
Data import – Import users, roles, and cost centers from a CSV file (see Tools - Data Import).
Data export – Export users, roles, and cost centers to a CSV file (see Tools - Data Export).
LDAP integration – See Tools - LDAP Integration.
4.7.4 RULES
4.7.5 SYSTEM
System information – Diagnostics overview of the YSoft SafeQ system (see System Information).
System settings – Basic and expert configuration of various system settings (see System Settings).
System tools:
Card Number Conversion Tool
Diagnostics export
exported data structure
Event viewer
Export settings for YSoft SafeQ Client
Print Job Parser Configuration
System Information
System logs
System Settings
OVERVIEW
Overview consists of following functions:
LOGIN SCREEN
Login Screen is a basic authentication screen for YSoft SafeQ web interface.
You can choose the language of YSoft SafeQ web interface by clicking a national flag.
WRONG CREDENTIALS
If user enters wrong credentials and tries to log in, the following error is displayed.
AUTOMATIC LOGOUT
If user has been inactive for a set time period, he is logged out automatically and redirected to Login Screen
where following notice appears. The time period can be specified in system settings.
Check your YSoft SafeQ Service status. If Service cannot be started, please contact YSoft Customer
Service Support using http://portal.ysoft.com.
Menus
Main menu
Sub-menu
Quick menu
General page functions
Header
Footer
Page action buttons
Using Search filters
Page tables
Table sorting
Show / Hide table columns
Table pages
Pop-up windows
Tablet panels
UI settings
User interface compact mode
Modal alert messages
Quick menu
Tables pagination
Alerts and confirmation messages
Others
Progress bars
Tooltips
MENUS
MAIN MENU
Main menu items (tabs) available at the top of the page, represents basic thematic groups of pages in
SafeQ Web Interface to make navigating and searching for the right information as easy as possible.
To access tab (Reports, Devices, Projects, etc.), click its name in the main menu located at the top of the
page. Selected tab is always bold and highlighted.
SUB-MENU
Almost each main menu tab as a thematic group of pages includes also sub-menu with these pages. You
can see this sub-menu directly below the main menu tabs.
Links to the most important pages are shown directly in the sub-menu; less important ones are accessible
via a Tools menu. The currently displayed sub-menu page has always bold font.
QUICK MENU
There is also possibility to activate Quick menu instead of classic Main and Sub-menu. If Quick menu is
activated, s ub pages of each item in the main menu will be available in the rollover menu for quick access
from any page.
To enable/disable Quick menu use UI Settings down on each page and select/deselect Quick menu. For
more info see UI settings below on this page.
HEADER
Here you can see available page functions located at the right top corner of the each page. Availability of
these functions can vary based on the displayed page. Detailed info about each icon is described in the
table below.
Function Description
Search Click icon to show or hide search the Search panel on the page when it's available.
panel
This setting applies to all the Web interface pages, so when you show/hide the Search
panel on one page, it will be showed/hidden on all pages.
When page is marked as favorite you can access it from any other page by hovering
favorite icon and selecting page from a list of favorite pages.
Help Click icon to display help for the currently displayed page.
FOOTER
Here you can see available page functions located at the bottom of the each page. Detailed info about each
icon is described in the table below.
Function Description
Date and time Current day in the week, date and time of SafeQ server.
Client IP address IP address of machine from which is user connected to SafeQ Web
Interface.
Function Description
Detailed info about each action type is described in the table below.
Action Description
Add item Create a new item on the page. For example a new device, user, rule, etc.
Actions Display list of actions you not frequently need to use. For example delete all items on
the page, export items to an Excel file, etc.
These actions are usually sorted in groups based on the type of action.
Views Change the page view, usually the type of data listed on page.
Save changes Save changes you made on the page. Usually it is related to changes in table lists.
Detailed info about all items of search filter are described in the table below.
Click the arrow to display a drop-down list with options you can select.
Click the calendar icon to display a calendar; then select a date from the
calendar.
Click to apply current search filter. You can also user Enter key instead of
this button.
PAGE TABLES
The information on each page is contained in the Content panel. The type of information on each page
varies, but is usually in table format. Tables comprise of columns (with headers at the top) and rows of data.
Many tables include page numbers at the bottom.
Each table contains top blue panel with the name of columns. Some of the tables also enables
sorting and settings for displaying columns. For more info see Table sorting below.
At the left of each row is an icon that represents the data in the row. To the right of the icon are text
columns that describe the listed record.
To manipulate a record, click an icon on the right side of the row. These icons vary based on record
type. You can find more info about icons at the help related to specific page.
Some of the icons are standardized throughout the Web interface (for example, the edit and delete
icons).
To select multiple records and apply the same operations to all of them, check the check boxes on
the right side of the rows (if available).
To display details about a record, double-click the record's row.
TABLE SORTING
Some tables includes sorting option. To sort data in the table from descending to ascending, click the
column heading. To change the order from ascending to descending, click again.
You can see icon next to column heading selected for sorting. It indicates descending to ascending order. In
example displayed here ascending sorting according Login column is selected.
Click icon at top left corner of the table, and select/deselect columns which you want to show/hide. You can
also change order of columns by dragging and dropping lines using icon. Then save changes using Set
button.
Alternatively you can disable data loading of table when you first enter the page. In this case green
message is displayed and you need to refresh data on page or use search feature. This option can be used
for enterprise customers with large databases that uses web interface only for searching and load of
information that is not important put unnecessary strain on database and user must wait before whole page
full of data is loaded.
TABLE PAGES
Some of the tables includes also table pagination at the right bottom of the table. There is two options for
setting table pagination:
Without pagination (default): record are displayed on the one. To display more records, click Load
more records.
With pagination: records are split into more pages. To see display more records, click arrows to
move on the first/previous/next/last page.
To specify the number of items to display on each page, click icon (highlighted on the image below),
enter the number in the text box and click Save. This setting applies to all tables in the SafeQ Web
interface.
POP-UP WINDOWS
Pop-up windows in SafeQ are used for creating new records, editing existing ones, or to displaying detailed
information about record. Most pop-up windows in the Web interface include Tablet panels ( see Tablet
panels below ). Click the options in the Tablet panel to navigate through the pop-up window's pages. To
save the record and to perform other operations, click the buttons located at the bottom of the window.
move pop-up window by clicking the top title bar; then drag and drop the pop-up window to a new
location.
move to the next record by clicking (arrows) at the right top corner of window.
show help related to current pop-up window by clicking (question mark) icon at the right top
corner of window.
close pop-up by clicking (close) icon at the right top corner of window.
TABLET PANELS
Some of the pages, but mostly pop-up windows have Tablet panels on the right side of the window. They
are representing different types of settings or options. To access these categories, just click their name in
tablet menu.
UI SETTINGS
Each page of SafeQ Web Interface includes quick settings for user interface. All available options in UI
settings window are described below.
Mode recommended for devices with smaller display resolutions. Size of the fonts is smaller and usage of
available space of the display is optimized. You can see difference when this function is disabled or enabled
on the picture below.
Messages with actions` results, warnings and errors will be displayed in the bottom right corner and they will
not require confirmation. Otherwise messages dialogs will be displayed modally - i.e. in the middle of the
screen and they will require confirmation before you can continue.
QUICK MENU
Sub pages of each item in the main menu will be available in the rollover menu for quick access from any
page.
TABLES PAGINATION
Tables that have more records then the set limit per page can be viewed page by page via clicking on
arrows icons. Otherwise link that will load more records and attach them at the end of the table will be
displayed.
Soft alerts (enabled by default): Don't requires user to interact with to dismiss them. Soft dialog are
dismissed automatically after some time (error messages stay on screen for longer time). If
messages stacks high or they are blocking you when you want to interact with the page, you can
dismiss them manually by clicking on them.
Soft alerts are displayed in bottom right corner of the page.
Modal alerts: Modal alerts requires to be interacted with before they are dismissed. In order to
continue, click the button at the bottom of the message to dismiss it. You can not interact with the
rest of the page until then. Modal alerts are displayed in the center of the page.
Information
messages
display
information
about the
results of
operations.
Warning
messages
indicate that
information
you entered
is not in the
correct
format or
that
information is
missing.
Error
messages
appear if an
operation
fails, for
example if a
record has
not been
saved.
Confirmation
messages
require you
to make a
decision and
select an
option. You
can often
choose if you
want to
proceed with
an operation
or cancel it.
OTHERS
PROGRESS BARS
Progress bars and the associated text appear when data are being updated or loaded. The time required for
loading varies, but you can decrease load times by using the latest versions of the supported Web
browsers. (Internet Explorer 7 and 8 perform poorly, so avoid using them if possible).
TOOLTIPS
DASHBOARD
Dashboard will be displayed directly after logging in Y Soft SafeQ Web Interface. You can also select
Dashboard in top menu to display it.
User Dashboard - Information about the user Dashboard, the first page the users see.
Admin Dashboard - Information about the administrator Dashboard, which displays basic information
about system health and usage.
Available dashboard widgets - Overview and description of widgets available on the
administrator Dashboard.
Widgets - Welcome to YSoft SafeQ - Detail explanation of the Welcome to YSoft
SafeQ widget.
ADMIN DASHBOARD
Overview
Functions
Add widget
Actions
Views
SLA warnings
OVERVIEW
Dashboard is first page administrator sees when he successfully log in to the SafeQ web interface.
Dashboard contains numerous widgets that can be moved around and interact with. Widgets are displayed
based on user's access rights and offers various information about system, user's activity in system and
shortcuts to frequently performed operations.
On this page, the SafeQ administrator or user with administrators right can view important information about
the SafeQ system using widgets.
FUNCTIONS
In the top right corner there is few functions available for this page. For general page functions see: Web
interface - Basics
ADD WIDGET
This function allows you to add more widgets to the Dashboard. After clicking Add widget list of available
will be displayed. You can add widgets by clicking icon next to it.
For more info see: Available dashboard widgets
NOTE: Add widget button is not available when all available widgets are displayed.
ACTIONS
User interface
Enable compact mode Mode recommended for devices with smaller display resolutions. Size of the
fonts is smaller and usage of available space of the display is optimized.
User interface
This mode can be activated on every page by clicking Settings in page footer
and selecting User interface compact mode.
Enable modal alert Messages with actions` results, warnings and errors will be displayed modally - i.
messages e. in the middle of the screen and they will require confirmation before you can
continue. By default they are displaying as a popup windows in the bottom right
corner and they not require confirmation.
This mode can be activated on every page by clicking Settings in page footer
and selecting Modal alert messages.
Users
Export data to CSV Import user data from a CSV file. For more info see: Tools - Data Import.
Import data from CSV Export user data to a CSV file For more info see: Tools - Data Export.
Connect to LDAP Set up connection for users, cost centers and roles from Active Directory. For
more info see: Tools - LDAP Integration.
VIEWS
You can display widgets in different number of columns. After clicking View you can select one of these
options:
SLA WARNINGS
When SLA is purchased you can encounter various warnings in form of yellow ribbon at the top of the
admin's dashboard. Warning is displayed in following cases:
You have two choices whenever one of these warnings is displayed. Either dismiss it or you choose to be
reminded later. Dismiss will hide warning for all administrator users and will not be displayed until same
event occurs again, i.e. when you upgrade your SLA and then it expires again in the future. Remind later
function will hide warning for your active session. Warning will be displayed again when you relogin to the
application.
ABOUT
Following page describes a basic information about available widgets that can be placed on Dashboard
page.
At A Glance
About
SafeQ Version
System Services
Active objects in SafeQ
Printed/Failed jobs
System Information
My last jobs
My saving
Access credentials
Text encryption
Canceled jobs by system restart
Locks on Devices
Welcome to YSoft SafeQ
My links
Cluster server status
DB integrity
SAFEQ VERSION
Attribute Description
Internal version Internal version of currently installed SafeQ server and date of release
(YYYYMMDD)
License expiration When the license will expire. You can display detailed information about
license in tooltip by placing mouse cursor over icon next to the expiration
date. Items marked with red color are expired or depleted.
SLA details Information about currently purchased SLA. Name of the SLA, expiration date
and number of devices that is covered by it.
Support information Detailed system information in the case of any trouble. You can display and
download support information in order to provide customer support with
detailed system information and configuration. For more info see: Support
information
SYSTEM SERVICES
TCP/IP Print Server on CML Y Soft SafeQ server is ready to accept jobs from SafeQ Client (listening
(SafeQ Port) on 9100 port by default)
TCP/IP Print Server on CML Y Soft SafeQ server is ready to accept jobs using LPR protocol (listening
(LPD) on 515 port by default).
Server Terminal UDP Auto discovery of Y Soft SafeQ server by terminal professional is active
Identificator
SafeQ Terminal Listener Y Soft SafeQ server is ready to accept connection from external terminals
(listening on 4096 port by default)
Enterprise Server Balance Y Soft SafeQ server is ready to synchronize data in a cluster
Attribute Description
Attribute Description
PRINTED/FAILED JOBS
Successful print jobs are displayed in blue color, failed ones in red.
Print jobs are summed per hour and data are listed from last SafeQ restart time.
Attribute Description
SYSTEM INFORMATION
Attribute Description
Free disk (with spooler) space Total amount of free disk space
More details provides link to System Information where detailed information can be found.
MY LAST JOBS
Attribute Description
Attribute Description
MY SAVING
This widget described how many trees, energy, water and CO2 you saved.
Every non-accounted job (but only in deleted status) is counted as purged.
Data are listed for current month and also for current calendar year.
Attribute Description
Money Total amount of money that you saved (in currently set
currency)
ACCESS CREDENTIALS
Attribute Description
Change pasword Change your password that can be used to login to web administration
interface or to the terminal or printer.
Generate PIN code This code can be used for authentication on the terminal on the printer.
Generate Card This code can be used to assign a new card on the terminal on the printer.
Activation Code Swipe your card over the terminal and when you are asked, type this Card
Activation Code. Next time you will use your card you will be automatically
authenticated.
TEXT ENCRYPTION
Through this widget you can encryp any text. This type of encryption is used by various SafeQ tools,
application and settings for securing sensitive information for system's users (passwords, PINs, etc.).
Through this widget you can find all jobs that were canceled by system restart. All jobs may be re-queued or
canceled.
Attribute Description
Find automatically canceled Find all jobs that were canceled during SafeQ
jobs restart
LOCKS ON DEVICES
Attribute Description
Number of locks held by CML Total amount of locks that are holding by CML server (All CML
nodes together)
Number of locks held on ORS Total amount of locks that are holding by ORS server (All ORS
servers servers together)
Number od CML groups that are Total amount of CML groups that are holding locks
holding locks
Number od ORS servers that are Total amount of ORS servers that are holding locks
holding locks
Lockson cluster nodes (CML) Total amount of lock holding by each CML server
This widget should be used for basic SafeQ setup before first system use.
Uncompleted tasks are marked by red color, partially completed ones by orange and completed tasks by
green. If any task is marked with red color, whole widget area has red background.
Attribute Description
Company information Basic settings with information about company that uses this YSoft SafeQ
server. This section is available only when Management report feature is
licensed.
Language settings This section contains localization settings - languages that are available for
users on administration web and terminals.
Users, cost centres Basic operaions with Users, cost centres and roles
and roles
Print job parser Basic settings of print job parser (see Print Job Parser Configuration for more
information about this section)
Description of Welcome to YSoft SafeQ widget can be found here: Widgets - Welcome to YSoft SafeQ.
MY LINKS
Through this widget user may add custom hyperlinks to other web pages or applications.
Attribute Description
web page
FTP
E-mail
Other
On this widget you can see statuses of all CML cluster nodes.
Attribute Description
Hostname
IP address
DB INTEGRITY
Through this widget administrator can see if YSoft SafeQ database integrity is intact and no record that
should be unique is duplicated (this situation can occur for example if replication in cluster server starts
acting erroneously).
Green OK is displayed if everything is all right for particular type of record. Red FAIL with information with
wrong records is displayed if one or more particular records are duplicated.
Attribute Description
Last The time when the update was performed for last
update time
About
Following page describes a basic information about Welcome At A Glance
YSoft SafeQ widget.
This widget is accesssible from Admin Dashboard page. All About
available widgets are described Available dashboard widgets. Company
Only administrator can see this widget - User NOT information
E-mail settings
Language
settings
Regional
settings
Users, cost
centre and roles
Devices
Print job parser
System is ready
Company information
This section is available only if Management report feature is licensed.
Attributes Description
Company Name of company that uses this YSoft SafeQ server. Information is used to personalize
name exported Management report.
Fiscal year Month that starts new fiscal year in the company that uses this YSoft SafeQ server.
start Settings is used to correctly display data for affected time periods (fiscal year, fiscal
quarter) in Management report.
E-mail settings
Attributes Description
Attributes Description
Language settings
Attributes Description
Supported Language localizations that should be available for YSoft SafeQ users.
languages
You can set languages that are avilable for the web interface and for the connected
terminals on server. These settings are separated because some localization
packages contains only texts for terminals.
Attributes Description
Language that is set as supported on web interface must be also enabled on server.
Regional settings
Attributes Description
When you set it e.g. to 4 and Maximal fraction digits is equal or greater than
this value, then you can get result: 0.0001.
Attributes Description
When you set it e.g. to 4 you can get results like: 0.0001. When Maximal
fraction digits is set to 4 and Minimal fraction digits is set to 2, then you`ll get
numbers: 0.01 and 0.0001.
Supported VAT values Click on the field to modify VAT (Value-Add Tax) values that are available for
the users in various price related settings. You can remove existing values, add
a new ones and enable or disable ability to select 'VAT free' option in price
settings.
Number of decimal Number of decimal places that will be used in SafeQ system
places
Display zeros in Enable/Disable of displaying Zeros in decimal number 1.30 -> 1.3
decimal places
Attributes Description
Go to Users list link to the user list: Managing users in the Users list
Add new user a new user can be created Adding and configuring users
Attributes Description
Add new cost a new cost centre can be created Creating and editing cost centers
centre
Import users from Import data from CSV Tools - Data Import
CSV
Minimum password This property enforces minimum password length for passwords entered by system
length users via this web interface (CSV imports and other external tools are not covered
intentionally). If password has less characters then value of this property, password
will be rejected and user will be informed about proper password length. Set value
to 0 to allow passwords of any length.
Enforce strong This property enforces certain rules that passwords entered by system users via
passwords this web interface (CSV imports and other external tools are not covered
intentionally) must comply with, otherwise the password will be rejected and user
will be informed about necessary requirements for a new password.
Devices
Attributes Description
Add new a new device can be created Adding and editing printers
device
Attributes Description
Disable all parsers Print jobs will not be parsed, analyzed and no print preview will be
rendered. This option does not affect system performance.
Only analyse jobs Print jobs are not rendered as images but are only analyzed. No job
preview is available. This option is not suitable for coverage
(same parser for PS and PCL
accounting. It is recommended for offline accounting. Internal analyzer
jobs)
(YSoft Parser) will be used both for PCL and PS print jobs.
Additionally this option enables parser of the XCPT print job headers
to detect certain kinds of color jobs. This option has minimum impact
on system performance.
Only analyse jobs Print jobs are not rendered as images but are only analyzed. No job
preview is available. This option is not suitable for coverage
(different parsers for PS and
accounting. It is suitable for offline accounting. Internal analyzer is
PCL jobs)
only for PCL jobs, in case of PS jobs GhostScript will be used if
available. This option has minimum impact on system performance.
Attributes Description
Render jobs as low resolution Print jobs are rendered as images and converted to CMYK. Previews
(36 DPI) images of jobs are also generated. The generated images are at a low
resolution (36 DPI) to conserve system resources. This option is
suitable for offline accounting and job preview. This option may
reduce the system performance.
Render jobs as high-resolution Print jobs are rendered as images and converted to CMYK. Previews
(150 DPI) images of jobs are also generated. The generated images are at a high
resolution (150 DPI). This option is suitable for offline accounting, job
preview, and coverage accounting. This option may significantly
reduce the system performance.
System is ready
Attributes Description
Go to job list link to the job list Managing jobs in the Job list
SUPPORT INFORMATION
At A Glance
Support information
System information
List of system information
Support information download
SUPPORT INFORMATION
Support information dialog can be found on web interface: YSoft SafeQ version widget > Support
information. This dialog contains information for customer support in the case of any trouble .
A custom support information can be added to this page by editing value of customSupportInformation
configuration property in system settings.
SYSTEM INFORMATION
System information tab contains up-to-date detailed information about installed YSoft SafeQ.
Components Section contains information about each system component - its current version and
install date and also its update history.
Licenced items Information about licenced items, amount of licenced and currently used items
System Information about OS, disk space and SafeQ installation directory
Information for customer support can be downloaded by clicking button Download support information.
Downloaded zip file contains CML configuration files and file with system information.
USER DASHBOARD
Overview
Functions
Add widget
Actions
Views
OVERVIEW
Dashboard is the first page a user sees when they successfully log in to the SafeQ web interface.
Dashboard contains numerous widgets that can be moved around and interacted with. Widgets are
displayed based on user's access rights and they offer various information about the user's activity in the
system and shortcuts to frequently performed operations.
On this page, a user can view important information about the SafeQ system via widgets.
FUNCTIONS
In the top right corner there is few functions available for this page. For general page functions see: Web
interface - Basics
ADD WIDGET
This function allows you to add more widgets to the Dashboard. After clicking Add widget list of available
will be displayed. You can add widgets by clicking icon next to it.
For more info see: Available dashboard widgets
NOTE: Add widget button is not available when all available widgets are displayed.
ACTIONS
User interface
Enable compact mode Mode recommended for devices with smaller display resolutions. Size of the
fonts is smaller and usage of available space of the display is optimized.
This mode can be activated on every page by clicking Settings in page footer
and selecting User interface compact mode.
Enable modal alert Messages with actions` results, warnings and errors will be displayed modally - i.
messages e. in the middle of the screen and they will require confirmation before you can
continue. By default they are displaying as a popup windows in the bottom right
corner and they not require confirmation.
This mode can be activated on every page by clicking Settings in page footer
and selecting Modal alert messages.
VIEWS
You can display widgets in different number of columns. After clicking View you can select one of these
options:
REPORTS
Job list – List and audit log of all print, copy, and scan jobs tracked by YSoft SafeQ (see Managing
jobs in the Job list).
Web reports – Centralized interface for accessing Usage and Costs Reports and Green Reports (see
Using Web reports).
CRS reports – Management interface for data transfers to Central Reporting Services (see Using
CRS reports).
ORS overview -- Status overview and audit log for ORS connectivity in a distributed server system
(see Distributed Server System - Private Cloud and Viewing ORS status information).
NOTE: This option is not available when no ORS is installed.
Terminal accesses -- Audit log of all access attempts from YSoft SafeQ Terminals (see Terminal
accesses).
Reporting tools:
Automatic file reports -- Schedule regular exports of reports to a file (see Tools - automatic file
reports).
Automatic e-mail reports – Schedule regular exports of reports to defined e-mail addresses
(see Tools - automatic e-mail reports).
Data repair operations log – (see Tools - data repair - operations log).
Data repair (see Data repair).
Data repair manual counters readout (see Data repair manual counters readout).
DATA REPAIR
ABOUT
The statistical data repair tool enables you to move print jobs among individual printers. If you replace a
device with another one, you can move print jobs from the old device to the new one. SafeQ will identify
these jobs as having been printed by the new device.
Data repair is available only for persons with Data Repair rights. This rights can be managed through
Tools - Data repair User delegating page.
At Glance
About
General overview
Repair process and requirements
Data repair synchronization for statistics
GENERAL OVERVIEW
Data repair can be found on web interface: Reports -> Tools ... -> Data repair
Attributes:
Field Description
Old device This printer will be deactivated and replaced with a new one.
Only deleted/deactivated printers are displayed
New device New printer that is replacing the old one. Printer must not have been
activated, otherwise the repair process fails.
Not activated printer means that no jobs have been processed via SafeQ)
Date of device's From this date jobs printed on the old device will be identified with the new
replacement one.
Repair statistical After clicking on this button - statistical data will be repaired
data
In order to successfully run data repair, you must select both the old device that is to be replaced
(which may have been deactivated and deleted) and the new device that is replacing the old one.
The new device must not have been activated (i.e., no jobs have been processed via SafeQ),
otherwise the repair process fails.
You must also select a time period within which the jobs printed on an old device will be replaced with
new ones.
After successful data repair, the old device is deactivated and deleted and the new one is activated.
Both actions are run immediately. Set the deactivation date for the deactivated device for a date on
which the job identification is to be changed. The activation of the new device will be set at the same
date.
The repair itself is reflected in CRS statistics with a delay. The delay depends on the set CRS
synchronization times. A repair will be synchronized during each new synchronization. The date and
time values and a list of repairs waiting for synchronization are displayed, both in the window header
and also in the synchronization settings window.
You can set synchronization times via the cdc-time-windows parameter in the configuration (e.g.: cdc-
time-windows = 3:00;12:00;21:00).
ABOUT
Manual counters readout is used for manually increasing counters for a selected device. It can only be run
by a delegated user Tools - Data repair User delegating.
At Glance
About
General overview
Manual counters readout
GENERAL OVERVIEW
Data repair: Manual counters readout be found on web interface: Reports -> Tools... -> Data
repair: Manual counters readout
1. Click the Browse icon (...) to select the device whose counters are to be changed manually
2. Select a device.
Attributes:
1 - Device search by a selected string.
2 - Complete list of ORS servers.
3 - List of all available MFPs in the selected Device group (ORS list) (2).
After you click Search device, a list of devices that meet the search string conditions is
displayed.
4 - ORS servers search.
3.
A list of counter values is displayed (1). To activate manual counters readout, click the
button.
4. In the following window, reset counter values for a selected printer; then click Save to save your
settings.
If you save counter values for a printer (that is, manual counters were increased), the system
generates an anonymous job with the number of pages necessary to account for the
difference between the currently entered counter values and the counter values previously
saved.
MANAGEMENT REPORTS
Management Reports provide convenient way of disclosing information about SafeQ environment via
reports for entire company, departments, devices and users. Management reports provide enhanced
overview about print environment, based on data collected by YSoft SafeQ 5.
If the page is unavailable, please check the following system settings (System > System settings) and
configure:
web-stats-enable = enable
enableManagementReport = enable
NOTE: For clustered SafeQ deployment, Web reports are show only at the master node.
firstMonthOfFiscalYear
companyName
REPORT VIEWS
Management reports provide several different overviews. By clicking the Views option in the top right
corner, you can access company, department, device and user-focused views.
COMPANY OVERVIEW
Company overview displays information for all deparments, users and devices. Records in the Top five
departments, Top five users and Most used devices are sorted according to spending (Price).
DEPARTMENT OVERVIEW
With department overview, you can display information about one particular department, listing all users and
devices which belong there. Records in the Top five users and Most used devices are sorted according to
spending (Price).
DEVICE OVERVIEW
Device overview displays reports for devices within entire company (note: only devices connected so SafeQ
environment are displayed). Records are shown based on total spending (Total price).
USER OVERVIEW
The last view shows records for all users across the company. Records are shown based on total spending
(Total price).
Unless data are available for a particular year, the year will not be listed in the drop-down menu.
EXPORTING REPORT
All of the available data can be exported into single consolidated document. Reports are generated for one
month, however include also year, current quarter and selected month overview.
Export options are available from the Actions menu, both on-demand and scheduled.
Based on predefined schedule (every first day of the new month), you can automatically receive reports to
selected e-mail address.
Paper size information: Large format includes A3/legal/tabloid and larger. Normal format includes A4/A5
/letter and smaller.
The Job list enables you to view and manage YSoft SafeQ print, copy, and scan jobs. This page is related
to Usage and Cost reports and can also be useful for troubleshooting and diagnostic purposes.
The Job list page includes default filters, action and view buttons, and the list of jobs.
You can disable displaying of the name of the job's owner by disabling system configuration
property show-job-user and of the print job title by showJobTitle property.
Printing – The job is being sent to the printer or is being printed. You can view detailed information
about the job process. Typically, the job is sending data, waiting for the print to start, waiting for the
print to be completed, or waiting for accounting.
Pending – The job is ready to be delivered to a printer. The job will be printed when previous jobs
have been printed or it will wait for another printer to change to the "ready" status.
Accepted – The job was accepted by the spooler and has been added to the secured queue and is
waiting for the secure release.
Printed – The job was successfully delivered to the printer and accounted.
Local Print – The print job is registered via local monitoring.
Scan – A registered and accounted scanned document.
Copied – A registered and accounted copy.
ReQueued – The job was queued for printing again.
Cancelled – The job was cancelled by the user (for example, the user selected "delete" at the
terminal).
To configure and apply filters and see the filtered data, click (located on the left side of the page).
To use different Job list view options, click and then select the desired view.
To work with selected jobs, check the checkbox next to the job and then click on and
select the option you need.
Requeue Only if job is not deleted and is not Requeue the job to print if the print failed
currently being printed or the job has already been printed.
Note Only if job contains note Hover your mouse over this icon to see
note text.
Assign to Only if job is not assigned to any user in Assign jobs that have an unidentified
user system owner to a new or existing user. All
current and future jobs from the
unidentified owner will now be assigned
to the user you selected.
Delete Only if job is queued to be printed in a Remove the job from the queue and
direct queue cancel its planned print operation.
Checkbox Only if job is not deleted Check the box to mark jobs for bulk
action. Available actions are located in
the top right Action menu.
In the YSoft SafeQ Web Interface, go to the Job list, find the job; then click on icon or double click on
the table record (row) .
Attribute Description
Basic
Job name Name of the print job - name of the job is not visible if configuration property
showJobTitle is disabled
Owner Information about the job's owner - information is not visible if configuration
property show-job-user is disabled
Pages
Type Information about duplex prints (This data is collected only if the internal parser is
enabled.)
Number of pages Number of normal (A5/A4/letter) pages (This data is collected only if the internal
(normal) parser is enabled.)
Attribute Description
Number of pages Number of large (A3/legal/tabloid) pages (This data is collected only if the internal
(large) parser is enabled.)
Average coverage Average coverage percentage (This data is collected only if the internal parser is
enabled.)
Status
Last state change Last date and time time that status changed
YSoft SafeQ spooler IP address of the YSoft SafeQ spooler where the job is saved
Server Name and IP address of the YSoft SafeQ server where the job is stored or created
Sender Sender's IP address; date and time the job was accepted by the YSoft SafeQ
server
Tags
Advanced
This tab can contain different attributes according to the type of the job (print, copy or scan)
VIEWING A PRINT JOB'S HISTORY
In the YSoft SafeQ Web Interface, go to the Job list, find the job; then click on icon or double click on
job .
Attribute Description
Date, State, Date, status, and other information about the job. You can set history order by
Message clicking on the Date column header.
TOOLS
In the YSoft SafeQ Web Interface, go to the Job list, find the job; then click on icon or double click on
job .
Requeue
Attribute Description
Select the target queue from the list Select a print queue from the list of available queues.
Type the name of target queue manually Type the name of the target print queue.
Owner
This tool allows you to change owner of the job by selecting another user from list.
Favorite
This tool allows you to mark and unmark job as favorite.
Assign
Assign jobs that have an unidentified owner to a new or existing user. All current and future jobs from the
unidentified owner will now be assigned to the user you selected.
ABOUT
This section describes how to schedule a web report export that sends the report as an email attachment.
The look of the user interface may differ based on currently selected values and licensed features.
At Glance
About
General Overview
Working with Automatic Email Reports
Creating New Automatic Email Report
GENERAL OVERVIEW
The automatic email reports can be found under the Reports module in the section Tools.
Administrator can create a new automatic email report with the button . A new pop-
up window will be opened (see below).
Administrator can modify an existing automatic email report using the button .
Administrator can delete an existing automatic email report using the button .
Configuration:
The Save settings button saves and activates the new automatic email report.
ABOUT
This section describes how to schedule a web report export that saves the report into a file in a specific
folder. The look of the user interface may differ based on currently selected values and licensed features.
At Glance
About
General Overview
Working with Automatic File Reports
Creating New Automatic File Report
GENERAL OVERVIEW
The automatic file reports can be found under Reports module in the section Tools.
Administrator can create a new automatic file report with the button . A new pop-up
window will be opened (see below).
Administrator can modify an existing automatic file report using the button .
Administrator can delete an existing automatic file report using the button .
Configuration:
File name – File name prefix for the report. The full file name is constructed based on the prefix,
interval, export type, and the Overwrite file switch.
Overwrite file – If enabled, the report is always saved into the same file, possibly overwriting the
previous report. If disabled, a time stamp is added into the file name so that older reports are not
overwritten.
Filter – Saved web report filter used to generate the report. The filter determines the report
structure (fields, grouping etc.).
The Save settings button saves and activates the new automatic file report.
About
Access Counter reports
Counter reports
Report exporting
Start and end counters
Daily counters
Scheduled reports
ABOUT
YSoft SafeQ can be configured to monitor counters (sometimes known as page meters) with devices that
use online counter monitoring. Web administration allows access to the readouts and reports.
In the YSoft SafeQ Web Interface, select Reports > Tools > Counter reports.
COUNTER REPORTS
Page displays two types of reports in its basic mode and offers filter for page content.
Additional columns can be added to the table via columns menu which is available after clicking on
gear icon in table's top left corner.
Type of report - this option switches two main types of report - Start and end counters and
Daily counter history (see next chapter for detailed description).
Device group / ORS - this field is used to filter report based on group or ORS. If you select CML
group (for example predefined Default), counters of all devices from all CML groups are listed,
not just from selected group.
From date - Start period of report - date from which are data in the report included.
To date - End period of report - date to which are data in the report included.
REPORT EXPORTING
You can export current report to file by using one of the export action located in page's Actions...
menu.
Available formats are: HTML, XML, XLS, CSV and PDF.
This is the default type of a report. It lists counters value at the start of displayed report period, it's
ending values and difference.
Most columns contains three values. First value describes counter's value in start of report period,
second value is end of report period and third value is the difference between first and second value.
Exact times when listed values has been read from device could be found in Readout date column
(there is a date for starting reading the counter's value and also a date for ending reading the counter's
value).
DAILY COUNTERS
This is the second report that could be displayed by switching Type of report option in filter. Report
lists all devices in the system and a history of daily counters readout operations. You can easily
observe how counters values changed for each device day by day.
SCHEDULED REPORTS
Reports does not have to been exported to file manually and this operation can be scheduled. You can
setup what kind of report and for what time period should be automatically send to defined e-mail
addresses. Report is always send right after measured period of time ends. For example right after
midnight of first day of new month for previous month or right after midnight of first day of new week for
previous week.
You can see list of scheduled report by changing page's view (use top right Views... menu).
These reports could be edited or deleted.
To schedule new automatic report use Schedule automatic report action in top menu.
Report name - Name of a report that is used in e-mail and on the web interface for better
management.
Type of report - Type of a report you want to schedule - Start and end counters or Daily
counters history
Sending interval - Interval defines how often should be report sent. The report is always sent
around midnight in the last day of selected period. Available options are monthly and weekly.
Format - Format of report file attached to e-mail.
Devices group / ORS - Only counters from devices located in selected devices group or ORS
are included in report. If a CML group is selected, all CML devices are used. You can leave it
empty to include all devices.
E-mails - E-mail addresses that will receive scheduled report.
ABOUT
In the operations log, you can retrospectively view all logged events that may affect statistical data. Each
logged event shows the SafeQ user who ran the operation, the workstation IP address from which he/she
logged in, the time, and also data relating to the individual logged event types.
The operations log is accessible to the SafeQ system administrator (login admin) and to users delegated for
statistical data repair (Tools - Delegating users to perform data repair).
This tool describes possibility to operation log reports with user behavior in SafeQ 5.0 web interface.
Some information and screen descriptions may differ based on available configuration and/or license
At Glance
About
General overview
Operation log list
Working with Operation log
GENERAL OVERVIEW
The Operation log reports can be found under Reports module in the section Tools...
Administrator is able to see and monitor changes of the YSoft SafeQ environment done through the
web interface. With this list Administrator is able to search users, event dates, types of changes and
changed objects.
Administrator using selected filter can see specific operation actions in the list.
Author of the action - user of the system, which does the action via YSoft SafeQ web interface
Event date - exact date and time when action was processed
Event type - description of the event and behavior with the YSoft SafeQ system
Event object/user which did the action - attribute and object related with this action, or object
which was used during action
If administrator wants to see and check detail filter, there needs to be enabled button
here administrator can specify only actions he needs to see from the list.
Log out of system Information about logout process of a delegated SafeQ Web
Interface user.
Statistical data repair Administrator delegated another statistical data repair user.
user delegating
Statistical data repair Administrator removed rights for statistical data repair from the
user removing user.
Running statistical data This user executed statistical data repair for particular devices.
repair
Adding a new device Information about an added device and the user responsible.
Deleting a device Information about a deleted device and the user responsible.
ABOUT
In the YSoft SafeQ Web Interface, select Reports > CRS reports.
On the CRS reports page, specify the date range for data transfers to include in your CRS report.
Manually enter dates in the Transfers from and Transfers to boxes, or click the calendar icons and
select the dates.
VIEWING ORS DATA TRANSFER HISTORY AND THE DATE OF THE NEXT SCHEDULED TRANSFER
On the CRS reports page, you can see which ORS (Offline Remote Spooler) has the least recent
transfer of statistics and counter data, and the date of the next scheduled data transfer.
To generate and view a CRS report: in the YSoft SafeQ Web Interface, select Reports > CRS reports;
then enter a date range and click .
RECALCULATING STATISTICS, SENDING STATISTICS TO THE CRS, AND SENDING COUNTERS TO THE CRS
To recalculate statistics or to send statistics or counters to the CRS: on the CRS reports page, click
; then select the appropriate option:
Recalculate statistics – Deletes statistical data from the database and regenerates data from
information about jobs.
Send statistics to CRS – Forces statistics to be sent to the CRS.
Send counters to CRS -- Forces counters to be sent to the CRS.
ABOUT
In the YSoft SafeQ Web Interface, select Reports > Terminal access.
The Terminal access page displays information about all attempts that were made to access terminals
in your YSoft SafeQ system.
The page shows the current filters used for the information displayed on the page, the status of access
attempts, Action and View buttons, and a detailed list of access attempts.
You can use the following filters to display only the information you need:
The Terminal access page includes graphical charts of terminal access attempt status information.
You can create a new user and assign the PIN or card to that new user.
or
You can create a new device and assign the unregistered terminal to it.
or
Assign terminal to a Click the icon. The Add device page opens, with the terminal's
new device serial number automatically entered on the Terminal tab. Enter the
rest of the information required; then save the device.
Assign terminal to an Click the icon. In the list of devices that appears, select a device that
existing device does not already have a terminal (hardware or embedded)
assigned. Save the changes.
Assign card/PIN to a Click the icon. The Add user page opens. Enter the required
new user information; then save the user. When user is saved, you will be
asked if you want to continue with user edit or if you want to assign
user to card. Click on Yes to assign card. See Adding and
configuring users.
Assign card/PIN to an Click the icon. In the list of users that appears, select a user. The
existing user Edit user page opens. Save the changes. See Adding and
configuring users.
Overview
Displaying the Web reports page
Selecting a report to view
Selecting specific information to include in the report
Displaying and working with a report
Action options
Saving the changes you made as a new customized report
OVERVIEW
This page describes the Web reports page, which is a central interface for accessing and managing Usage
and Costs reports and Green reports.
Web reports consists of two kinds of statistical data: basic statistics and detailed statistics. Detailed
statistics contain details about each individual job accounted by the YSoft SafeQ. Basic statistics are
created from detailed statistic by grouping similar jobs in one hour intervals. Basic statistics preserve key
dimensions (print/copy/scan, user name, cost center, device, billing code…) but drop job-specific ones (job
title, job origin, exact time).
Detailed statistics keep data for the last 2,000,000 jobs or the last 31 days, whichever comes first. Basic
statistics keep data for last 2,000,000 aggregated records. Older records are removed. Please consider the
installation of the CRS if longer history of accounting data is required. Another option to preserve older data
is to set up regular automatic exports.
1. Login into YSoft SafeQ Web Interface with sufficient rights to administer printers (for example,
"admin")
2. Go to Reports > Web reports
The Advanced filters give you many options for information to include in the selected report:
Advanced filter
Available Columns
To specify which columns will be visible in the generated report, click the column name and it will be
automatically added to the Columns included in report section.
NOTE: Four columns with the prefix Savings are for Green reports (see Green Reporting). Green
reports provide information about specific savings to the environment that result from the use of YSoft
SafeQ.
Savings – CO2
Savings – energy
Savings – trees
Savings – water
Order Column
In this section, select which counter types (for example B/W print, color print, B/W print large, ...) will be
displayed in the report overview and the order in which the columns will be displayed. To include a counter
type, leave the green check next to it. If you do not want to see that type of counter in your report, click the
green check to change it to a red cross. To change the order of counter types, click the associated arrow
icons.
Columns written in bold font are summary columns that displays the sum of counters (for example BW
pages contains sum of all Black and White type of print, copy, etc.).
Please note that Average coverage information is available only for jobs accounted using
Coverage accounting.
On the left side of the report, you can see counter types: Total, B/W print, B/W copy, Color pages and so
on. To display only selected counter types, click the counter types you want to include. For example, to
display only B/W prints, click B/W print.
bar, line or pie graph (if hidden, click on the graph icon in the top left corner of report)
general report for selected time interval
report according advanced filter settings (depends on the length, report can be displayed on more
pages - to move between pages use arrows in the bottom right corner)
Here you can see different graph types (bar, line, pie)
ACTION OPTIONS
Include latest processed data – Report will be recalculated to include the latest processed data
(data that is saved in database more than one hour but had not been added to report by hourly
executed statistics generator task).
Delete current custom filter – Delete the current customized filter (if you have selected filter
options).
Export report to... -- These 4 options let you export the displayed report to a file with the selected
extension. You can choose between three types of Microsoft Excel files (CSV, XLS or XLSX), a PDF
file, or an HTML and XML file.
ABOUT
The Web reports page enables you to display and configure Green reports. Green reports include
information about purged jobs and can also include information about savings in terms of energy, trees,
water, etc.
For more information about Green (Purge) reports, see Green reports.
For information about settings, see Configuring Green reports.
At a Glance
About
Displaying information about purged prints
Example of a Green report with the parser disabled
Example of a Green report with the parser enabled
Including Savings information in Green reports
In the YSoft SafeQ Web Interface, select Reports > Web reports.
Purged prints are listed in the Counter type column. The number of purged pages is shown in the
Pages - count column.
Click ; then use the filters to select the Savings information you want Green
reports to include.
The report now includes the types of Savings information you selected.
ABOUT
This page describes how to use the ORS overview page in the YSoft SafeQ Web Interface to view status
information about ORSs (Offline Remote Spoolers). (See also Distributed Server System - Private Cloud.)
At a Glance
About
Displaying the ORS overview page
Using the ORS overview page
Filtering ORS overview information
In the YSoft SafeQ Web Interface, select Reports > ORS overview.
On this page, you can see an overview of connected and disconnected ORS servers.
The first table shows the ORS servers that are connected to each CML server node.
Attribute Description
ONLINE
OFFLINE
Connected ORS servers Number of ORS servers connected to the CML server
Disconnected ORS server (including Number of ORS servers disconnected from the CML server
partially connected) (including partially connected — that is, where one service is
disconnected)
The second table shows ORS status information relating to the selected filter option.
Attribute Description
Last statistics data The most recent time that statistics were sent from this ORS server to the
synchronization CML server
Status of the ORS's web service is monitored each five minutes by default - this means that when
you see information about service status on this page, it could be maximum of five minutes old.
You can modify checking frequency via system configuration property
webServiceStatusCheckJobCronRule (CRON rule).
Communication between YSoft SafeQ server and its Terminal Server is stateless, therefore
information about current Terminal server status cannot be displayed on this page.
Attribute Properties
Hostname ORS server hostname or IP address (depends how ORS is registered in the system)
DEVICES
Printers list – Lists all devices managed by YSoft SafeQ (see Using the Printers list).
Terminals list – Lists all terminals connected to devices (see Terminals ) .
Device templates – Templates for automating the process of adding devices to YSoft
SafeQ (see Device Templates).
Shared queues for user shared printing (Delegation Print (VIP Shared Queues) and
workgroup shared printing (Workgroup print sharing (Shared Queues) (see Shared
Queues).
Device management tools
Tools - Batch editing
Tools - Printer types
Tools - User tags
DEVICE TEMPLATES
ABOUT
This page describes the device template in SafeQ 5.0 web At Glance
interface. Some attributes may differ based on available
configuration and/or license. Device templates is the tool to create About
/configure one template device type, which will be used for the General overview
installation of many other devices of the same type and same Working with
settings. This can be useful, when customer have got a lot of Device Templates
devices of the same vendor and version.
GENERAL OVERVIEW
Attribute Description
Creates new device template - see Device Templates Editor; for more
information.
This page describes the device template editor in SafeQ 5.0 web interface. Some attributes may
differ based on available configuration and/or license.
Device templates is the tool to create/configure one template device type, which will be used for
the installation of many others devices of the same type and same settings. This can be useful
when customer has got a lot of devices of the same vendor and version.
At Glance
BASIC SETTINGS
Within new pop up window you can create device template exactly the same way as create device
manually. (see Adding and editing printers)
Attribute Description
Name Represents unique name of the device template. Use any information that will
simplify recognition of the device template in the system.
Description Represents any additional identifier that helps better orientation in device
(optional) templates list.
Group Virtual group or ORS server. The group must be configured correctly in order
to achieve desired functionality of SafeQ.
This attribute may not be available in all configurations.
Page tracking Page tracking mechanism for selected device template - in the case of
mechanism selecting "Online" mechanism, accounting driver for the device must be
selected.
Terminal
This page represents information whether the device is equipped with on of available YSoft SafeQ
Terminals embedded. If you want to use any functionality that requires terminal embedded, this page
has to be correctly completed.
WARNING
Attribute Description
Integration type Embedded terminal type for this MFP. This list strictly depends on the
embedded terminals available in the SafeQ license file. Terminal types
without the proper license are not displayed.
Administrator login Administration login to MFP – Default settings for this type of technology
can be set in System Settings.
Administrator password Administration password to MFP – Default settings for this type of
technology can be set in System Settings.
Delete jobs after All jobs will be deleted immediately after printing.
printing
Authentication Mode
Attribute Description
Settings determine if users must authenticate only to use the MFP or for
every application on the MFP.
Authentication Method Authentication methods available to user for identity confirmation at MFP:
-PIN
-Card
-Username and password
-PIN or card
-PIN and card
-Username and password, or card
-Username and password and card
-Login (other methods)
Authentication Method depends on selected Integration type
Application - Job list Job folder which will be available for user at MFP:
folder -Waiting
-Waiting and Printed
-Waiting, printed and favourites
-All jobs in one folder
-No job list
Advanced
Attribute Description
Contact person Name of the contact person responsible for the device in case of
breakdowns, malfunction, etc.
Scan job default Default scanning email address for this device.
addressee
Printer type Specific device type for csv export: see Tools - Printer types
Backend Determines the way in which the device communicates. If the option
"Change port value to default" is selected, the port will be changed to the
default value of the particular backend together with the change of the
backend.
Port The port number that the device will communicate through.
Attribute Description
Alert message
encoding
Batch Accounting Batch accounting is an extension of standard online print accounting and it
represents a quicker and more efficient use of printers accounted online.
Settings available only for MFP without embedded terminal.
SNMP
Attribute Description
SNMP v2 read-only SNMP read-only community for remotely accessing the device states
community (standard settings is public)
SNMP v2 read-write SNMP read-write community for remotely reading and writing to device
community properties (standard settings is private)
SNMP v3 Username
Price list
On this page you can set accounting values for devices and for particular print types, copies, etc.
The contents of the tab are different for each device driver (and the tab might not even be available
for some drivers).
Attribute Description
Cost per click Price for every printed page. (If the duplex function has been used one
sheet of paper has two sides.)
Attribute Description
Non standard media Blank sheet price for non standard media type.
type (normal)
Non standard media Blank sheet price for non standard media type.
type (large)
B/W print Price of toner consumption for one page (normal) of black and white print.
B/W print print large Price of toner consumption for one page (large) of black and white print.
Monocolor print Price of toner consumption for one page (normal) of monocolor print.
Color print Price of toner consumption for one page (normal) of color print.
Color print large Price of toner consumption for one page (large) of color print.
B/W print copy Price of toner consumption for one page (normal) of black and white copy.
B/W print copy large Price of toner consumption for one page (large) of black and white copy.
Monocolor copy Price of toner consumption for one page (normal) of monocolor copy.
Color copy Price of toner consumption for one page (normal) of color copy.
Color copy large Price of toner consumption for one page (large) of color copy.
Offline print accounting Print from this device will be accounted offline.
Offline copy accounting Copy from this device will be accounted offline.
B/W Scan (normal) Price settings for BW A4 scan via Embedded terminal.
B/W Scan (large) Price settings for BW A3 scan via Embedded terminal.
Color Scan (normal) Price settings for COLOR A4 scan via Embedded terminal.
Color Scan (large) Price settings for COLOR A3 scan via Embedded terminal.
Coverage cost If the percentage of toner/ink coverage is the same as selected, 100% of
the amount will be accounted. Otherwise the billed amounts will be
calculated by coverage.
Parser must be enabled for proper functionality
Coverage accounting - If this option is selected, color printouts will be billed based on toner or ink
color prints coverage.
Attribute Description
Coverage accounting - If this option is selected, black printouts will be billed based on toner or ink
black prints coverage.
Alert messages Encoding in which printer status is saved and displayed in the SafeQ
encoding system.
Tags
Tags are used for sorting jobs to printer queues. They work the same way as print properties.
Attributes
The green icon indicates that this option must be stated in the print job in order for the job to be
printed.
The red icon cannot be stated in the job in order for the job to be printed.
To change a property setting, click the icon.
When template is created and saved using "Save template" button, pop up window is closed and
template is displayed in the template list.
MANAGING TERMINALS
About
Displaying and using the Terminals page
Working with hardware terminals
Filtering information to display on the Terminals page
Scheduling terminal firmware updates
Actions available on the Terminals page
ABOUT
On the Terminals page, you can manage YSoft SafeQ terminals that are connected to devices.
The Terminals page contains a list of terminals that have been added to your YSoft SafeQ system,
along with a description of each terminal and the version of the firmware installed on the terminal.
Server groups
Filter options
Action buttons
Group or ORS Restrict the list of terminals to a specific Group/ORS name based on:
name
Name
Spooler IP address
Spooler GUID
Terminal type Restrict the list of terminals to a specific terminal type with following states:
Queue Restrict the list of terminals to a device which used queues or terminals based on:
Search in group If field is checked all search results will be sorted via their parent group and you can
browse through them.
All results will be listed on one page regardless of group if field is unchecked.
In this case group information will be at the start of each record and it can be used to
display rest of the group content.
Clear button Cancels any selected filter and refreshes page with devices.
NOTE: You can select to update an entire Device Group or only one terminal.
Date and time of Select the date and time the terminal update will be performed.
update
Only lesser versions If you want to update a later version of terminal firmware to an earlier version,
clear the Only lesser versions checkbox.
NOTE: If only hardware terminals are selected options for embedded terminals are not available in
Actions bar.
Actions you perform by selecting an Actions option will be applied to all terminals.
Embeded terminals
Reinstall embedded terminal for Select devices (via checkbox next to the device's record) and use
selected devices this action to reinstall embedded terminal for these devices. This
action can be used for example when reinstallation of multiple
devices is required by change in the system configuration or after
application of the new embedded terminal settings via Tools - Batch
editing page.
Hardware terminals
Schedule firmware update An windows for scheduling updates will be opened, same as
Schedule firmware update button.
Groups/ORS
Move ORS to another job Moves the selected ORS device group to a defined job roaming
roaming group group.
Export group list to CSV Exports the list of groups to the file DevicesGroupsList.csv. The
CSV file contains: Group Name, Group Type (ORS, CML), ORS
version if available, ORS IP address if available, Number of devices
registered to the group, ORS server GUID if available, spooler limit
for ORS if available. You can select the character set encoding for
the exported file.
Devices
Select all devices Selects all the printers in the opened group.
Move devices to new group Creates a new device group (virtual or ORS) and moves all selected
printers to this group.
Move devices to another group Moves all selected printers to another device group (virtual or ORS).
Move devices to new monitor Creates a new Local Device Monitor and groups selected printers
into it. This applies only to printers added automatically via the YSoft
SafeQ Local Spooler Monitor.
Move devices to another monitor Groups selected printers into a new Local Device Monitor. This
applies only to printers added automatically via the YSoft SafeQ
Local Spooler Monitor.
TERMINAL SETTINGS
BASIC
Terminal configuration can edited over web interface with basic settings.
Attribute Description
IP Terminal IP address
Job list settings Job list settings that will be displayed on terminal after
authentication:
Attribute Description
Card
PIN
Card and PIN
Card or PIN
Login
Card or Login
PIN or Login
(Card and PIN) or Login
(Card or PIN) or Login
Normal
Simplified
Show P/C summary Summary that will be shown on terminal after print/copy:
Pages only
Pages and prices
Disabled
Enable
Disable
Immediate
from server
Globe
Direct for 2 language
Attribute Description
enable
disable
no log
log errors
log all messages
NETWORK SETTINGS
Attribute Description
Attribute Description
Disabled
Enabled
Copy dialog timeout Additional timeout to first copy (Primary driven by server
settings):
60s
20s
None
Attribute Description
Complete
Without character count
Enable
Disable
Only in print dialog
Only in copy dialog
SHARED QUEUES
OVERVIEW
Shared queues are secured queues. They enable multiple users to access selected documents (in
accordance with the users' rights). All jobs sent to the shared queue are automatically accessible to all
users with access rights to that queue.
There are also special type of shared queues: VIP shared queue, which have assigned one SafeQ user as
an owner. Then the owner can add or remove users or roles in shared queue via web link or via SafeQ
Client. For more info please see: Configuring and using Shared Queues
This page provides management interface for Workgroup print sharing (Shared Queues) functionality.
On the left side there is list of shared queues. You can see name of the shared queue, type (VIP or
non VIP queue) and number of members.
To edit settings of queues (name, owner, queue type) click icon.
To delete queue click icon.
On the right is list of members (users and roles) for selected shared queue
To delete member of shared queue click icon.
There is also filter available on the page. You can search for shared queues by:
queue name
users which are member of the queue(s)
owners of the VIP shared queues
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
OR
Note: You must enable the VIP shared queues in the system settings at first to see the checkbox.
Please refer to documentation related to Configuration of VIP Shared Queues.
5 Now you can see created shared queue(s) in the list. There is names, type and number of users for
each shared queue in the list.
To add user, select queue and click Items > Add user to selected queue
6 Select users and roles form the displayed list and close list.
Now all added users and users which are members of added roles, will see all jobs print jobs sent to
this queue.
OVERVIEW
This page describes how to configure use device counters and use their current values when eg. moving
devices.
Device counter is for counting all kind of jobs (print, copy, scan, etc,) and all different types of these jobs
(color, black&white, large, etc.) provided by device (it cannot be changed in any way). SafeQ is using this
counters for comparing values to identify Anonymous or Non-SafeQ jobs (Creation and accounting of
"anonymous" and "purge" jobs).
CONFIGURATION
1 Log in to the SafeQ Web administration with sufficient rights to manage devices.
2 Go to Devices > Printers selection and click the edit icon next to the device or double click on the
device with online accounting.
3 Click Test selected tracking mechanism to see the Current and Saved values for device counters.
4 Now you can see job type, Current counter value on device and Saved counter value in SafeQ.
NOTE: To see counters for all devices see: Tools - Counter reports
The difference between Current and Saved values can be caused by for example:
if you are using device in one SafeQ environment, then move device into another SafeQ
environment (eg. demo installation), performing jobs there and then, moving back to the
first environment.
Counter values are synced with SafeQ every time, when job is performed by registered user in SafeQ
on the device. If SafeQ found out, there is difference, Non-SafeQ print/copy/scan jobs will be added
to the job list. This process is right, in first example. If you are using device like in second example,
you have to sync statistics before performing any by registered user in SafeQ. Otherwise job reports
and statistics will inaccurate, because of data from other SafeQ evironment will be used in this one.
To aviod these problems click Set to current counters value and Current values will be synced to
SafeQ.
5 An Warning windows will be displayed. Please read this warning carefully. This action is
recommended only in specific cases (see previous step for more info) and can lead to inaccurate
statistic reports. It affects only devices with online accounting or device depended accounting with a
ccounting driver for counters collection. Then anonymous jobs will be created to cover this counter
difference and these jobs will be included into statistics for period, when this feature has been used.
6 Now you can see, counters was synchronized, and Current (in device) and Saved (in SafeQ)
counters are equal.
In case that administrator wants to move device to CML from ORS node which is currently down he
can choose the way of device's counters preservation.
Create counter difference print job - after the device is moved, its counters will be set to
values from CML database. If this option is chosen, it is possible that counter difference
print job will be created.
Reset device's counter values - after the device is moved, its counters are reset to zero.
Counter difference print job will not be created.
ABOUT
Batch editor is the option for the mass operation with devices, which are connected with SafeQ (see
Using the Printers list).
This page describes Device management in SafeQ 5.0 web interface. Some information and screen
descriptions may differ based on available configuration and/or license.
At Glance
About
General Overview
Working with Batch editing
Available Operations
GENERAL OVERVIEW
Batch editing can be found on web interface: Devices -> Tools -> Batch editing
On this page you can perform multiple edits for several devices at once.
Apply changes
AVAILABLE OPERATIONS
Attribute Description
move to group this option can specify the affinity of the devices to groups
set cost center can specify cost centers for multiple devices
change online accounting with this option administrator can change online accounting
driver driver for multiple devices
change accounting driver for with this option administrator can change driver used for
counters collection counters collection for multiple devices
change port with this option administrator can change TCP/IP port for multiple
devices (9100 or 515)
change backend with this option administrator can change backend data delivery
for multiple devices (LPR, LPR PJL copies,TCP/IP Raw and TCP
/IP Raw NoMap)
set accounting data with this option administrator can change online accounting
driver for multiple devices
change system tags settings with this option administrator can change and configure system
tags for multiple devices
change system tags settings with this option administrator can change and configure user tags
for multiple devices
default addressee for scan jobs with this option administrator can specify default address name
for scanning
embedded terminal settings administrator can change settings for the terminal embedded - to
apply the settings, devices' embedded terminals must be
reinstalled - you can use action "Reinstall embedded terminal for
selected devices" on page Devices > Printers
GENERAL OVERVIEW
Through this page you can find requested device/devices according to specific advanced filter settings.
ABOUT
Printer type module is always used in cooperation with feature called Export settings for YSoft SafeQ Client.
The printer types will be part of CSV export that can be later used for the installation of SafeQ client.
Under the printer types you can set up the type of the device with specified type of accounting. This can be
later used also in the Advanced settings of devices in SafeQ (see Using the Printers list). In SafeQ, you can
define printer types and assign them to individual devices.
A device type consists of a printer name (type name) and a driver name used in the Windows operating
system as the device driver.
DO NOT CONFUSE THIS WITH THE ACCOUNTING DEVICE DRIVER USED IN SAFEQ
One of the defined types always has to be marked as default. It should never happen that either no driver
(device type) or more than one driver is set as the default. This is done by marking the first defined type
automatically as default. The system does not allow you to delete any default type before setting another
one in its place.
At Glance
About
General Overview
Working with Printer types
Creating a new Printer type
GENERAL OVERVIEW
Printer types can be found on web interface: Devices -> Tools ->Printer types
Each line with a printer type includes a printer name displayed in the first column (this name represents
the printer type shown in a drop-down menu of the device edit dialogue window), a driver name
displayed in the second column, and an accounting device type listed in the third column. Next to it,
there is an icon for editing the particular printer type data and an icon for removing the printer type data
from the list. The check box at the end of the line is used for setting a default printer type. By checking
the check box, the printer type is set as the default. As stated above, only one printer type can be
checked as default at a time (it is monitored by SafeQ).
You can find the driver name in the SafeQPort-CSV.txt file. It includes a list that must correspond to
"Printer type" on safeq web interface (see Adding and editing printers or Device Templates Editor).
To add a new printer type, click the button in the right-hand upper corner of the
printer type list. To save a new or edited type, enter both the printer name and the driver.
Attribute Description
Printer type Enter Printer type (name will be available in drop-down menu in device edit
dialog)
Printer driver Enter exact name of the printer driver used in the windows operating system
Type of Choose type of accounting which will be used for accounting of anonymous jobs
accounting on CRS
ABOUT
User tags are used for sorting jobs to printer queues. They work the At Glance
same way as print properties set via device drivers.
About
see Adding and editing printers for detailed information. General
see Tags wizard for practical usage overview. overview
Filter
options
Working
with Tags
GENERAL OVERVIEW
Device templates can be found on web interface: Devices -> Tools ->Users tags
Using of TAGS
New tags can be Created/Edited or Deleted .
FILTER OPTIONS
TAGS WIZARD
ABOUT
User tags are used for sorting jobs to printer queues. They work the same way as print properties set via
device drivers.
This page is divided to several parts. The first part describes SafeQ configuration on web interface. The
second part describes how to configure safeq client (on client workstation) and how the device tags works.
At Glance
About
Creating TAGs
Allow or Disable tags
SafeQ Client settings
Displaying of TAGs in job information on web interface
CREATING TAGS
Device templates can be found on web interface: Devices -> Tools ->Users tags
On the users Tags page click on the button, enter the tag name and save it by "Save tag" button.
Tag name correct format: Name must not contain spaces, must be 3-10 characters long, and can
consist of only alphanumeric characters.
Once a tags are created you can define which of them allow or disable. Open any existing (or you can
create a new one) device and go to the Tags tab.
On this page you can select tag that will be allowed or disabled.
If device has embedded terminal, it must be reinstalled when system tags are changed. Device wizard
will ask for reinstallation when device changes are saved.
Attributes:
The green icon indicates that this option is allowed in the print job in order for the job to be printed.
The red icon indicates that this tag cannot be in the job in order for the job to be printed.
To change a property setting, click the icon.
Once a tag is created you can simply define it in SafeQ Client. Edit the Queue name in SafeQ client as
described below:
%QUEUE_NAME%:%TAG1%,%TAG2%,%TAG3%
Or combine both:
%QUEUE_NAME%:!%TAG1%,!%TAG2%
Example
Secure:SALES,!RnD
Job will be send to secure queue with allowed TAG SALES and denied TAG RnD.
WARNING: TAGS must be named in SafeQ Client exactly as in SafeQ. IF NOT tag will be not
displayed on SafeQ web IF or used in a print job.
When you send a job with TAGS, you can display them on web interface in job info page.
In the case we used an previous example - It will looks like picture above (allowed SALES TAG and
denied TAG RnD ).
Devices can be sorted into groups – either logical, in a desired structure, or physical – by individual print
spoolers.
The Printers list is a key requirement for all YSoft SafeQ features.
For more information about individual device settings, see Adding and editing printers.
For information about sorting devices into groups, see Creating device groups.
Information and screen descriptions vary according to your YSoft SafeQ configuration and/or license.
The page is divided into three parts. (Each part is described in detail below.)
The left area displays device groups (virtual or physical remote servers). NOTE: This list is not
available in all YSoft SafeQ configurations.
The right area displays all connected printers. Every printer/copier for use with YSoft SafeQ must
be included here.
The top area allows to apply search filters, and perform additional Actions.
NOTE: You can change size of left and right panel by re positioning the divider between them via mouse
drag and drop. Divider position setting is saved for each user separately.
NOTE: Descriptions of individual items (for example, the meanings of the Description, Backend, and
Type headings) are available in Adding and editing printers.
Available actions:
Action Description
Device not activated This device has not been used and was not activated yet. Device
name is in gray color.
Problem with terminal There is a problem with terminal embedded settings. Clicking on icon
embedded settings opens window with device's embedded terminal. Device name is in
red color.
Open device interface Opens the printer's Web interface, by means of http://<device_ip>/
Test accounting driver Tests the accounting driver responsible for Office Print Tracking.
Accounting drivers are described in Adding and editing printers.
Last 10 print jobs Displays a list of the last 10 print jobs produced on the printer. This
information serves only as a quick reference to the latest activity
managed by YSoft SafeQ on the selected printer.
Adding and editing printers Opens a page where you can edit YSoft SafeQ settings for the
printer.
Batch actions Check this box for every device you want to apply a selected action
to.
Several types of device groups are available, each indicated by a different symbol.
NOTE: Depending on your YSoft SafeQ configuration and license, some (or all) types may not be
available.
CML server or The central YSoft SafeQ server (the CML server) (see YSoft SafeQ Server).
cluster
Virtual group A virtual group to organize printers directly connected to the YSoft SafeQ CML
server. You can create any number of virtual groups to logically sort printers
directly connected to the YSoft SafeQ CML server. For example, you could
create a different virtual group for each floor of your building.
ORS An Offline Remote Spooler (see Distributed Server System - Private Cloud). This
group is automatically created the first time an ORS connects to the YSoft SafeQ
CML server (if there are available licenses). All printers registered to this group
are managed by the respective ORS server.
Job roaming A group of remote spoolers used for Near Roaming (YSoft SafeQ ORS
group clustering), a feature of Print roaming.
Available actions:
Action Description
Group Opens a page where you can edit and change settings for the selected group.
editor
Batch Enables batch actions for the group. See "Available actions", below.
actions
Group or ORS Restrict the list of terminals to a specific Group/ORS name based on:
name
Name
Spooler IP address
Spooler GUID
Terminal type Restrict the list of terminals to a specific terminal type with following states:
Regardless of terminal
Embedded: In any state
Embedded: Sucessfully installed
Embedded: Required reinstallation
Embedded: Not enabled
Hardware: Professional
Hardware: Ultralight
Queue Restrict the list of terminals to a device which used queues or terminals based on:
Search in group If field is checked all search results will be sorted via their parent group and you can
browse through them.
All results will be listed on one page regardless of group if field is unchecked.
In this case group information will be at the start of each record and it can be used to
display rest of the group content.
Clear button Cancels any selected filter and refreshes page with devices.
Add new device Add a new printer to YSoft SafeQ. For details, see Adding and editing printers.
Add new device from Add a new printer to YSoft SafeQ based on an existing template. For details,
template see Adding and editing printers and Device Templates.
Add new group Add a new virtual device group. For details, see Creating device groups.
To display other options, on the top right side of the page, click Actions.
Embeded terminals
Open embedded terminals Displays an overview of any pending embedded terminal deployment
installation monitor activity.
Reinstall embedded terminal for Select devices (via checkbox next to the device's record) and use
selected devices this action to reinstall embedded terminal for these devices. This
action can be used for example when reinstallation of multiple
devices is required by change in the system configuration or after
application of the new embedded terminal settings via Tools - Batch
editing page. Only devices in selected device group will be
reinstalled.
Embeded terminals
Uninstall embedded terminal from This action works exactly the same as Reinstall embedded terminal
selected devices for selected devices (see above). Only difference is that this action
does not reinstall embedded terminals but remove them from the
devices. Same order of steps and principles applies.
Hardware terminals
Groups/ORS
Move ORS to another job Moves the selected ORS device group to a defined job roaming
roaming group group.
Export group list to CSV Exports the list of groups to the file DevicesGroupsList.csv. The
CSV file contains: Group Name, Group Type (ORS, CML), ORS
version if available, ORS IP address if available, Number of devices
registered to the group, ORS server GUID if available, spooler limit
for ORS if available. You can select the character set encoding for
the exported file.
Device
Embeded terminals
Duplicate selected device Duplicates selected device with all settings, except unique ones (e.g.
IP address, HW terminal serial number, direct queues, etc.)
Exchange selected device Deletes selected device, and creates new one with same settings,
except unique ones (e.g. e quipment number, m aintenance contract
number ). You will have to repair data, and the new device will
appear in statistics. For more info about data repair see: Data Repair
Devices
Select all devices Selects all the printers in the opened group.
Move devices to new group Creates a new device group (virtual or ORS) and moves all selected
printers to this group.
Move devices to another group Moves all selected printers to another device group (virtual or ORS).
Move devices to new monitor Creates a new Local Device Monitor and groups selected printers
into it. This applies only to printers added automatically via the YSoft
SafeQ Local Spooler Monitor.
Move devices to another monitor Groups selected printers into a new Local Device Monitor. This
applies only to printers added automatically via the YSoft SafeQ
Local Spooler Monitor.
This page describes how to add and edit devices (printers) in At a Glance
the YSoft SafeQ Web Interface. Attributes vary according to
your YSoft SafeQ configuration and/or license. About adding and
Printer configuration interface serves as a primary tool for editing printers
configuring new or existing devices. Basic settings
Specifying that the
See Print tracking methods and Available Copy printer uses a
Tracking Methods for various tracking mechanisms. terminal
See Office Print Tracking for major limitations and Embedded
caveats. terminal
See Print roaming for basic information about using settings
terminals. Hardware
See YSoft SafeQ Terminals for information about terminal
supported terminals. settings
Reporting
device
Adding and editing
direct print queues
Advanced printer
settings
SNMP settings
Prices settings
Printer property
settings
Scan
BASIC SETTINGS
On the Printer page select Basic to display the essential required settings for a printer.
Attribute Description
Name Unique name of the printer. Use any information that will make it easy to
identify the printer throughout the YSoft SafeQ system.
Description Any additional information that will help identify the printer in reports and in
the Device list.
Group Virtual group or ORS server. The group must be configured correctly in order
to work with YSoft SafeQ.
Cost center Default cost center for the printer, for reporting purposes.
Attribute Description
Accounting driver Accounting driver for the printer for counters collection.
for
counters collection Displayed only if Device dependent tracking mechanism is selected.
Embedded terminal tab is always set by default to Basic mode, which hides some of advanced
settings.
To access all available options for embedded terminal change mode to Advanced.
Attribute Description
Vendor Embedded terminal type for this MFP. The listed options vary according to the
embedded terminals available in the YSoft SafeQ license file. Terminal types
not included in the license are not displayed.
Attribute Description
Administrator Administration login to MFP – You can specify login for the administrator if it
login vary from globally configured.
Administrator Administration password to MFP – You can specify password for the
password administrator if it vary from globally configured.
Delete jobs after If checked, all print jobs released by this terminal will be deleted after they are
printing printed and therefore will not be available for reprinting. Can be configured
globally via deleteAllJobsAfterPrint property.
Mode Determines if users must authenticate only to use the MFP or for each
application on the MFP.
Method Authentication methods available to the user for identity confirmation at the
MFP:
-Card
-PIN
-PIN and card
-PIN or card
-Username and password
-Username and password, and card
-Username and password or card
Authentication Method depends on the selected Integration type.
Network Card In case device is equipped with Network Card reader, enter its serial number
reader (SN).
Application Determines if YSoft SafeQ application shall be enabled for the device
Type Method used for integrating the embedded terminal application with the MFP's
panel.
-Native
-Browser
Job list folders Job folder(s) that will be available for users at the MFP:
-All jobs in one folder
-Waiting
-Waiting, printed
-Waiting, printed, favorites
Scan Determines if YSoft SafeQ scan application shall be enabled for the device.
Payments If selected, YSoft SafeQ payment feature will be enabled for the device.
Attribute Description
Terminal serial Serial number of the terminal. The serial number is usually located on the
number back of the terminal and begins with SN (see the blue box).
Switch the terminal Switches terminal with another device. Device (terminal) must be activated
to use this feature.
Edit terminal's Opens dialog for modifying the setting of the terminal. Device (terminal)
must be activated to use this feature.
settings
Delete jobs after If checked, all print jobs released by this terminal will be deleted after they
printing are printed and therefore will not be available for reprinting. Can be
configured globally via deleteAllJobsAfterPrint property.
Attribute Description
Terminal Information about the terminal (e.g. version of firmware installed on the
onformation terminal). This information is updated every time the terminal connects to
the server.
REPORTING DEVICE
If you want to have device added in YSoft SafeQ system just for reporting purposes (print tracking via
direct print) and do not consume licence for devices with either embedded or hardware terminal, select
Reporting device.
The Direct printing page displays names of direct queues. Direct queues ensure direct release of any
print job to the printer. Direct print queues are used for enabling YSoft SafeQ Office Print Tracking
without interfering with the standard user workflow. The user releases the print job from her
workstation and it is delivered via YSoft SafeQ directly to the printer without any delay in processing.
Attribute Description
Name Name of the queue as it appears in the source print system. For printing with
Windows this is either the LPR print queue name or the YSoft SafeQ Client queue
name as configured in Windows Print Queue. For other systems this is the LPR
queue name. For details see Printer configuration for Workstation and Server.
Delete after If checked, all print jobs released by this terminal will be deleted after they are
printing printed and therefore will not be available for reprinting. Can be configured
globally via deleteAllJobsAfterPrint property.
Attribute Description
Activation of device Date and time of the first activity (print, copy, scan) recognized by
YSoft SafeQ.
Contact person Name of the contact person responsible for the printer in case of
breakdowns, malfunctions, etc.
Scan job default Default scanning email address for this printer
addressee
Printer type Specific printer type for CSV export: see Tools - Printer types
Attribute Description
Offline print/copy Enables extended options for offline tracking mechanism for print
accounting /copy jobs. If one of offline accounting options is enabled, more
options for coverage accounting are displayed.
Coverage accounting - Enables to use coverage accounting for black or color prints when
black/color prints copying or printing, based on setting above.
Coverage accounting - Setting the percentage of page coverage, which is basic value for
percentage calculating page price in coverage accounting. Coverage page
price = page coverage / " Coverage accounting - percentage"
value x page price defined in price list.
For more info see tooltip ( ) next to this option on SafeQ web
interface.
Alert messages encoding Encoding for alert message reported by the device.
SNMP SETTINGS
Attribute Description
SNMPv2 Configures SafeQ to communicate with the device using SNMP version 2 using selected
community.
SNMPv3 Configures SafeQ to communicate with the device using SNMP version 3.
PRICES SETTINGS
In the Prices you can set accounting values for printers and for particular types of prints, copies, etc.
The contents of the page vary according to the printer driver and the selected price list.
See Managing assignable price lists for the instruction how to edit and assign price list to the device.
On the Tags page you can define printer and user properties. By default all properties are enabled.
Each property has an icon with a specific color that indicates the way the YSoft SafeQ server will
handle the printer during job processing.
Attributes
The green icon indicates that this option is allowed in the print job in order for the job to be printed.
The red icon indicates that this tag cannot be in the job in order for the job to be printed.
To change a property setting, click the icon.
Tag description:
You can find information about creating tags here: Tools - Users tags
You can find information about using tags here: Tags wizard
SCAN
In the Scan you can scanning workflows for the device with hardware terminal.
See Scanning with Terminal Professional for the instruction how to set scanning with hardware
terminal.
For devices with embedded terminal, refer to Configure scanning for Embedded Terminal instead.
ABOUT
1. From YSoft SafeQ administration web interface Add new device manually.
4. Back on the terminal check Tracking mechanism "Device dependent" and select Accounting driver
from device driver list.
7. Save a device.
Following settings can be set for device monitoring (on System Settings page)
Attribute Description
This page describes how to use the device group editor in the At a Glance
YSoft SafeQ 5.0 Web Interface to create groups of devices.
Attributes vary according to your YSoft SafeQ configuration About creating device
and/or license. groups
Use the device group editor to create groups of devices for Creating a new device
support of YSoft SafeQ features. group – Overview
Creating a new
For additional information about ORS servers, see common
Distributed server system – Private Cloud and Print device group
roaming. Creating a new
Offline Remote
Spooler
Creating a new
job-roaming
group
The Group page opens. On the Group page, select the type of the group:
After you save the new group, YSoft SafeQ displays it in the Web interface.
A common device group is a group of devices for a YSoft SafeQ CML cluster. To create a common
device group:
Maximum Maximum size of the spooler on the ORS server. There are two options:
spooler size 1) Same size as the spooler on the CML server.
2) Enter a size for the ORS spooler.
Multicast port Multicast TCP port of this ORS cluster (job-roaming group)
PROJECTS
Billing codes list – Lists all the billing codes (project codes) used for Project Print Tracking and
Project Copy and Scan Tracking (see Managing billing codes).
Project tools
Importing billing codes
ABOUT
You use the Billing Codes list to create and manage At Glance
a list of billing codes (also called project codes), their
structure, and their assignment to individual users, About
cost centers, or user roles. In order to track outputs Displaying the Billing
per project, after you create billing codes, the user Codes list
must select a billing code from the Billing Codes list Working with billing
each time he/she makes any prints or copies. codes
Searching for and
This page is related to Project Print Tracking and displaying only
Project Copy and Scan Tracking. For more specific billing codes
information about related configuration settings, see: Assigning a billing
code to a user
Project Print Tracking overview About billing code
Configuring Project Print Tracking inheritance
Configuring Project Copy Tracking Assigning default
Billing Code Import CSV Format Specification billing codes
and Importing billing codes Automatically
Selecting billing codes in SafeQ Client and applying default
YSoft SafeQ Terminals billing codes at
devices
This page provides an overview of how to
manage billing (project) codes via the YSoft
SafeQ 5.0 Web Interface. Information and
screen descriptions vary according to your
YSoft SafeQ configuration and/or license.
In the YSoft SafeQ Web Interface, select Projects > Billing codes.
To add sub-level billing codes, click . To edit an existing billing code, click . To delete
When you add or change multiple billing codes, to save all the changes you made in the Billing
Code list, click .
When you change only one billing code, to save the changes for only that billing code, click
.
To view billing code information or to assign billing codes to users, roles, or cost centers, click
For more information about creating new billing codes, see Creating and assigning billing codes.
You can use filters to search for and display specific billing codes. To activate a filter, click .
Enter the complete billing code number, the partial number, or the billing code's description; then click
Search to search all the existing codes.
To edit a user's billing codes, select User > Billing codes; then click Assign billing code to user.
To assign a billing code to a user, click the billing code (for example, 1 Desert).
You can assign billing codes to users, roles, or cost centers. Users inherit billing codes from roles and cost
centers.
If you do not assign a specific billing code to a user, the user inherits the default billing code from a role or a
cost center.
ASSIGNING DEFAULT BILLING CODES
You can also assign a default billing code directly to a specific user:
To assign at least one billing code to a user, edit the user and use the Billing codes option (User
> Billing codes).
When the user has no default billing code assigned, she can inherits the default billing code from a cost
center if assigned.
Select a billing code from the Billing Code list. (This list includes billing codes assigned to users, cost
centers, and roles.) Once you select a specific default billing code for the user, that billing code overrides
the cost center's default billing code.
To assign a cost center's default billing code to all members of the cost center:
When you change the cost center's default billing code, check the option Set as default value for all cost
center members. This causes specific default billing codes set for users to be deleted from user settings
and users' default billing codes will be inherited from the current cost center.
At a Glance
Adding access rights to users, cost centers, and roles for selected billing codes in the Billing
Codes list
Adding billing codes to users in the Users list
Adding default billing code to users in the Users list
Adding billing codes to cost centers in the Cost Centers list
Adding a default billing code to a cost center in the Cost Centers list
Adding billing codes to roles in the Roles list
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
4 Enter a billing code name and description (both are required); then click the save icon.
NOTE: Billing code name must be unique for each billing codes level.
5 To add sub-level billing codes to a first-level billing code, click the add icon on the same line as the
first-level billing code.
6 Enter names and descriptions; then click the save icon to save the billing codes.
7 Repeat steps 5 and 6 to create the billing code structure you require.
ADDING ACCESS RIGHTS TO USERS, COST CENTERS, AND ROLES FOR SELECTED BILLING CODES IN THE BILLING CODES LIST
NOTE: When you assign a first-level billing code for users, cost centers, or roles, all sub-levels of
that first-level billing code are also automatically assigned.
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
3 Click the icon to Show and edit users, cost centers and roles.
5 Click users, cost centers, and roles in the lists to assign a billing code to them.
8 You can also assign another users, cost centers, or roles to selected sub-level billing code.
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
3 To edit a user, double-click the user or click the edit user icon.
NOTE: When you assign a first-level billing code for the user all sub-levels of that first-level billing
code are also automatically assigned.
8 The User page now shows the billing codes assigned to the user. Click Save.
NOTE: To assign a default billing code to a user, at least one billing code must already have been
assigned to the user, a cost centre where the user belongs or a role where the user belongs.
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
3 To edit a user, double-click the user or click the edit user icon.
6 The User page now displays the default billing code. Click Save.
7 When you are using ORS servers, don't forget to Update data on ORS server.
NOTE: When you assign billing codes for the cost centre, all cost centre memebers will have
automatically assigned all these billing codes.
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
3 To edit a cost center, double-click the cost center or click the edit cost center icon.
6 Select the billing codes you want to assign to the cost center.
NOTE: When you assign a first-level billing code for the cost center all sub-levels of that first-level billing code are
also automatically assigned.
8 The Cost center page now shows the billing codes assigned to the cost center. Click Save changes.
ADDING A DEFAULT BILLING CODE TO A COST CENTER IN THE COST CENTERS LIST
NOTE: To assign a default billing code to a cost center, at least one billing code must already have been
assigned to the cost center.
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
3 To edit the cost center, double-click the cost center or click the edit cost center icon.
5 Select the billing code you want to assign to the cost center.
6 The Cost center page now shows the default billing code assigned to the cost center.
7 If you want the cost center default billing code to apply to all users who belong to this cost center:
check Set as default values for all cost center members. (Any other default billing codes
assigned to users will be overwritten.)
If you do not want the cost center default billing code to apply to all users:
leave the checkbox clear.
9 If you are using ORS servers, don't forget to Update data on ORS server.
NOTE: When you assign billing codes for the role, all role memebers will have automatically assigned all
these billing codes.
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
3 To edit a role, double-click the role or click the edit role icon.
NOTE: When you assign a first-level billing code for the role all sub-levels of that first-level billing
code are also automatically assigned.
8 The Role page now shows the billing codes assigned to the role. Click Save.
9 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer projects and users (for
example, admin).
ABOUT
To import billing codes from a CSV file, use the import utility, At a Glance
which you can access from the Billing codes page.
About
See Billing Code Import CSV Format Specification for General overview
more details. Creating a CSV file
See Project Print Tracking for limitations. that includes billing
codes
GENERAL OVERVIEW
To display the Billing codes import page: in the YSoft SafeQ Web Interface, select Projects >
Billing codes > Actions ... > Billing codes import.
Select the CSV file; then click Import data to start the import.
If a problem occurred during import, the message Error detected during the last import appears. To
download a CSV file that includes descriptions of errors, click Download CSV file with errors.
Delete codes that does not occur in CSV - All Biling Codes that are not listed in imported CSV
files will be deleted.
Overview
Displaying price lists
Managing price lists
Adding price lists
Assigning price lists
Assigning price list from Price list dialog
Assigning from User dialog
Assigning from Cost center dialog
Assigning from Device dialog
Unassigning price lists
Unassigning from Price list dialog - Devices tab
Unassigning from Price list dialog - Cost centers tab
Unassigning from Price list dialog - Users tab
Unassigning multiple price lists
Deleting price list
OVERVIEW
This page describes how to manage assignable price lists.
Assignable price lists enables administrator to define prices of printing, copying or scanning. These price
lists can be assigned to:
users
cost centers
devices
Also note that there are some rules and dependencies which could not be obvious at first sight.
Since price lists can be assigned to devices, cost centers or users, there are more ways to assign them.
Select devices you want to assign by clicking on them. When you have selected all target devices, use
close button.
Now you can see list of devices assigned to current price list. Save price list by selecting Save changes
button.
Select cost centers you want to assign by clicking on them. When you have selected all target cost centers,
use close button.
Now you can see list of cost centers assigned to current price list. Save price list by selecting Save changes
button.
Select users you want to assign by clicking on them. When you have selected all target devices, use close
button.
Now you can see list of users assigned to current price list. Save price list by selecting Save changes
button.
In Prices tab select option Select price list for this user.
Select browse button to browse available price lists or you can use new button to assign
completely new price list.
Now you can see assigned price list with its prices. Save user by selecting Save button.
Additionally you can edit the current price list by selecting edit button.
WARN: By editing price list, you'll change prices for all users, cost centers or devices which is price list
assigned to.
In Prices tab select option Select price list for this cost center.
Select browse button to browse available price lists or you can use new button to assign
completely new price list.
Now you can see assigned price list with its prices. Save cost center by selecting Save button.
Additionally you can edit the current price list by selecting edit button.
WARN: By editing price list, you'll change prices for all users, cost centers or devices which is price list
assigned to.
In the YSoft SafeQ Web interface, select Devices > Printers and edit target device.
In Prices tab there is always in default Default Price list selected. Select browse button to browse
available price lists or you can use new button to assign completely new price list.
Now you can see assigned price list with its prices. Save device by selecting Save button.
Additionally you can edit the current price list by selecting edit button.
WARN: By editing price list, you'll change prices for all users, cost centers or devices which is price list
assigned to.
In the YSoft SafeQ Web interface, select Billing > Price lists and edit target price list.
In all cases, dialog is displayed and administrator is asked to choose another price list to replace the
previous one.
Unassigning price lists from devices is different from cost centers or users, because device must always
have at least one price list assigned, usually Default Price list.
In the YSoft SafeQ Web interface, select Billing > Price lists check price list that you want to unassign,
then enter Actions ... > Unassign selected price lists.
In case some of the price lists are assigned to device, administrator is asked to choose price list to replace
the old one. Users and cost centers will not be affected with the price list selected for devices.
In the YSoft SafeQ Web interface, select Billing > Price lists.
Use stop sign button to delete one price list or you can use checkboxes to select multiple price lists and
then enter Actions ... > Delete selected price lists.
In case some of the price lists are assigned to device, administrator is asked to choose price list to replace
the old one. Users and cost centers will not be affected with the price list selected for devices.
PAYMENTS
NOTE: This section is available only if YSoft Payment System is installed and properly integrated
with SafeQ. For more info see: Integration of YSoft Payment System with YSoft SafeQ
Page content
Click on Items > Add a new account in the top right corner.
Enter required details of the new money account and click Save changes.
Click on Items > Add multiple new accounts in the top right corner.
Click Add a user, cost center or role. New window with list of users, cost centers or roles will
appear.
Click on individual user, cost center or role to select it. When finished, close the dialog window.
3 Enter details for new money accounts (same configuration will be applied for all selected users in this
wizard).
4 As an optional step, you can assign existing periodic recharges to all newly created money accounts.
NOTE: If you don't have any existing periodic recharge, you can create one by following the steps
described in Managing periodic recharges guide.
5 Click Save. Notification will be displayed in bottom right corner once the operation is finished. You
can close the dialog window or continue adding another accounts.
WARNING: Adding accounts in bulk can take few hours depends on the number of users and
periodic recharges selected. Session on YSoft SafeQ web interface cannot be interrupted until all
accounts are created in YSoft Payment System.
You can create and enable/disable money accounts for users also in Users details window.
Navigate to Users, double-click the line with username who you wish to assign money account to, or
click the icon.
Display Account tab and perform any available actions with users money account.
AVAILABLE ACTIONS
Transaction history List of all performed transactions for the selected money account
/ Disable / Enable Disable / Enable money accounts. User with disabled money
account is not able to user his money accounting for any
transaction.
Account details /
Edit account
Delete account Removes the money account including credit balance, debts,
transactions, reservations, etc. from YSoft Payment System
Batch actions Check this box for every money account you want to apply a
selected action to
View enabled / Switching between list of enabled and disabled money accounts
disabled accounts
Page content
Enter required details of the new periodic recharge. Optionally, you can select which accounts are
going to be recharged by this periodic recharge.
NOTE: You can hover your cursor over the (tooltip) icon for more details about each field.
AVAILABLE ACTIONS
Periodic recharge details / Periodic recharge details where you can also edit few
Edit periodic recharge values
Delete periodic recharge Removes the periodic recharge from YSoft Payment
System
Batch actions Check this box for every periodic recharge you want to
apply a selected action to
View active / disabled Switching between list of active and disabled periodic
periodic recharges recharges
USERS
Users list -- List of users registered in the YSoft SafeQ system (in the Identity management
database) (see Managing users in the Users list).
Roles list – List of available user roles (see Managing roles in the Roles list).
Cost centers -- List of cost centers (usually based on departments) (see Managing cost centers).
User management tools
Data import – Import users, roles, and cost centers from a CSV file (see Tools - Data Import).
Data export – Export users, roles, and cost centers to a CSV file (see Tools - Data Export).
LDAP integration – See Tools - LDAP Integration.
ABOUT
Through this tool you can find conversion method and At Glance
setup YSoft SafeQ to convert card numbers read by
terminals to match value stored in database. About
General overview
Enter expression
manually (Expert
mode)
Disabling logging
of card numbers
GENERAL OVERVIEW
Card Conversion tool can be found on web interface: Users -> Users list -> Actions -> Card conversion
settings
Another option is locate property conversion in System Settings and pres ... button.
For proper functionality of Card number conversion tool is required to enter at least three card number pairs
to get as accurate result as possible.
Attribute Description
Card reader output Card number how it is read by used card reader.
Enter at least three card number pairs to get as accurate result
as possible
Card number in database Card number how it is stored in user database (LDAP, AD, SafeQ, etc.).
Card manager is used to convert reader output to this desire format.
Card readed type Used card reader type. Each line can use different card reader type
because you could need to find card manager that works for all used card
readers. If you don't know the reader type select Arbitrary
Attribute Description
Find matching card manager According to the entered rows, the database will be searched for known
card managers. Results of this search will be displayed in Exact result
panel.
Enter expression manually This options can be used by experts. Enter requested expression
manually. You can find syntax description in YSoft SafeQ documentation
(use dialog's help).
Exact results Search results are displayed here. In the case when more than one card
manager had been found during the search there will be displayed more
than one result. Add additional card number pairs to make result more
exact or choose one of them.
Partial results Results that are matching only part of entered card number pairs. These
card manager can not be used. You can use link next to them to find out
which pairs are matching to them and which are not.
Evaluate entered card manager pairs against the database for known
card managers.
You can create an custom expression for card matching through Enter expression manually option.
For more information about these mechanism see Use Card Number Conversion.
DISABLING LOGGING OF CARD NUMBERS
If it is necessary (e.g. for security reason) hide card numbers from log, add following snipped to log4j.xml.
To display the Cost Center list: in the YSoft SafeQ Web Interface, select Users > Cost centers.
To edit multiple cost centers, check all the cost centers you want to edit and select Actions ... > Edit
selected cost centers.
To select or deselect all Cost centers displayed on the page, select Actions ... > Select all listed
records.
Use filters to search for and display only specific cost centers.
Enter the number or description of the cost center you want to display.
Apply filter Search for an existing cost center according to the filter you
entered.
To access options for updating, importing, or exporting cost center data, click .
Import data from Import data via the Tools - LDAP Integration
Active Directory / NDS function.
/ Open LDAP
This page describes how to create and edit cost centers in the YSoft SafeQ Web Interface. Attributes vary
depending on your YSoft SafeQ configuration and/or license.
At a Glance
On the Cost center page, select Basic to display cost center settings.
Attributes:
Attribute Description
Terminal inactivity timeout This figure defines a time limit after which the user is logged out of
the terminal. This value is set for situations when the user forgets
to log out and thus is blocking the device for another user. This
option also serves as protection against possible misuse of user
accounts.
Delete jobs after printing To delete jobs after printing, select Yes. To keep and save jobs
after printing, select No.
Use default values for all cost If you want to use the values set on this page as the default
center members values for all users in this cost center, check the checkbox.
On the Cost center page, select Billing codes to assign a billing code to the cost center.
Attributes:
Attribute Description
On the Cost center page, select Prices to assign a price list to the cost center.
Attributes:
Attribute Description
Select price list for this Select this option if you want to specify price list for the cost center.
cost center See Managing assignable price lists for detailed usage instruction
Percentage of the Percentage of device costs that will be accounted to the users in cost
device's price list center. 100% is set as the default.
ABOUT ROLES
Roles are used for assigning access permissions and usually At a Glance
correspond to responsibilities within an organization. For
example, there could be a role for the print administrator and a About roles
separate role for cashiers. Roles are equivalent to groups in Displaying the Roles
the Active Directory service. (AD service groups can be list
displayed the same way as roles in the YSoft SafeQ system.) Working with the
Each role has a name and a description. Roles list
Filtering roles to
Roles are used for defining access permissions to the display in the Roles
YSoft SafeQ Web Interface and for permissions to use list
individual YSoft SafeQ operations/actions/features. Additional
Each user can be a member of multiple roles. For more filter options
information about how using multiple roles for a single Updating, importing,
user works, see Inheritance and competition among and exporting role
roles. data
In the YSoft SafeQ Web Interface, select Users > Roles list.
On this page, you can view, add, edit, and delete roles, and perform other role-related actions.
Edit a role.
On the Roles list page, use filters to display only the roles you need.
To access options for updating, importing, and exporting role data, click .
ROLE WIZARD
ABOUT
This page describes the Role wizard in YSoft SafeQ web interface. Some attributes may differ based on
available configuration and/or license.
Role wizard is the main tool to create and configure role. It is accessible from Role list.
At Glance
About
Basic
Billing Codes
BASIC
Attribute Description
Description Role
description
BILLING CODES
Attributes:
Attribute Description
ABOUT
On the Users list page, you can add and edit users.
Additionally you can add some optional columns to table or hide one of the default ones by clicking on
gearbox button.
Login
Surname, Name
Name
Surname
E-mail
Cost center
PIN, Cards - number of PINs user have assigned and assigned cards
Home directory - user's home directory
Create a new user in the YSoft SafeQ database (see Adding and configuring users
for more information).
Delete a user from the database. The user will be marked as deleted, but will still be
included in reports. You can later restore a deleted user (limitation: the list of PIN and
card values is emptied when the user is deleted) .
Active users You can lists only Active users (default option) via page View action (top right
corner)
Deleted users You can lists only Deleted users via page View action (top right corner)
Role Users with the selected role (see Managing roles in the Roles list)
Cost center Users with the selected cost center (see Managing cost centers list)
Data import Import user data from a CSV file. For more info see: Tools -
Data Import.
Data export Export user data to a CSV file For more info see: Tools - Data
Export.
LDAP Set up connection for users, cost centers and roles from
import Active Directory. For more info see: Tools - LDAP Integration
ABOUT
This page describe how to add and edit users in the YSoft SafeQ Web Interface. (Information and options
vary according to your YSoft SafeQ configuration and/or license.)
To display the User page where you can add and edit a user: in the YSoft SafeQ Web Interface, select
Users > User list. See Managing users in the Users list.
At a Glance
About
Entering basic information about the user
Entering additional information about the user
Assigning roles to the user
Adding an alias to the user
Assigning billing codes to the user
Assigning price list to the user
Assign PIN to the user
Assign Card Activation Code to the user
Assign Card to the user
Attributes:
Attribute Description
Username Unique login (username) that identifies the user in the system for access rights to the
YSoft SafeQ Web Interface and for print job identification. Y Soft recommends that
you choose a login that is identical to the user's login for the company network.
Password The password is securely saved in the database. The text of the password cannot be
displayed. If a user forgets his/her password, a new password must be generated.
This property enforces minimum password length for passwords entered by system
users via this web interface (CSV imports and other external tools are not covered
intentionally). If password has less characters then value of this property, password
Attribute Description
will be rejected and user will be informed about proper password length. Set value to 0
to allow passwords of any length.
This property enforces certain rules that passwords entered by system users via this
web interface (CSV imports and other external tools are not covered intentionally)
must comply with, otherwise the password will be rejected and user will be informed
about necessary requirements for a new password.
Card ID/PIN List of ID cards and PINs. Each user can have one or more ID cards. ID cards and
PINs are used for user authentication at YSoft SafeQ terminals.
E-mail Enter an e-mail that will be used for sending messages to the user from the YSoft
SafeQ system.
Home directory User's home directory (used for scanning to home folder).
To support network scanning, the home directory must contain the complete path on
the YSoft SafeQ server or the complete UNC path. The home folder must be
accessible by YSoft SafeQ — see Scan Management security overview for more
details.
Cost center A number that identifies the cost center assigned to the user. Each user must be
assigned only one cost center (see Managing cost centers).
Default billing Default billing code for the user (see Project Print Tracking).
code
You can choose if user have additional information inherited from assigned cost center (default option) or
you want to set them for the edited user differently.
Attributes:
Attribute Description
Terminal inactivity This figure defines a time limit after which the user is logged out of the terminal.
timeout This value is set for situations when the user forgets to log out and is thus is
blocking the device for another user. This option also serves as protection
against possible misuse of user accounts.
Delete jobs after To delete jobs after printing, select Yes. To keep and save jobs after printing,
printing select No.
Click Roles.
The user's access rights to printers and printer features are determined by the roles you assign to him/her.
Assign a role (or multiple roles) to the user. For more information, see Managing roles in the Roles list.
Attributes:
Attribute Description
Click Aliases.
The user's aliases can be managed on this page. Aliases are user's alternative usernames. An alias must
be unique within the set of all active usernames and all aliases.
They are best used when a user has several accounts and the usernames aren't identical, for example in
Windows or SAP. Authentication in YSoft SafeQ is possible using alias and the spooler recognizes aliases
as well. Aliases are a good way to tell YSoft SafeQ that two or more usernames belong to the same user.
Aliases are useful for detecting the user's identity during printing.
NOTE: Please note that user aliases are not recognized in YSoft Payment System, if connected to YSoft
SafeQ.
Attributes:
Attribute Description
Attributes:
Attribute Description
Click Prices.
Attributes:
Attribute Description
Use common price Prices are inherited from the cost center or device
list
Select price list for Select this option if you want to specify price list for the user. See Managing
this user assignable price lists for detailed usage instruction
Write down PIN to Card ID/PIN field and press save button or green + button.
To enable PIN generator in the system, go to System > System settings and set following property to
enabled:
PIN-generator - The option enables feature for generating a PIN code for oneself on the YSoft
SafeQ web GUI.
If you choose to generate a new PIN you can choose if you want to generate code with unlimited validity or
with expiration date.
Default expiration time is 60 days. You can change default value in System settings.
Remaining expiration of the generated PIN code is displayed next to it in the user's Card ID/PIN list.
Opposite to PINs, Card Activation Codes cannot be added manually to the user. Users can generate Card
Activation Code for themselves, see Configuring ID card self assignment for configuration guide.
puk-enabled - If enabled users are able to self-assign an unknown card using a generated Card
Activation Code from the terminal interface.
User will receive the new code via e-mail if enabled in System settings.
ASSIGN CARD TO THE USER
Write down PIN to Card ID/PIN field and press save button or green + button.
The required form of entered Card may vary based on setting of conversion property.
GENERAL OVERVIEW
eThrough this tool you can setup YSoft SafeQ to convert and store PIN codes in user database.
To set PIN conversion tool go to System settings and set conversionPIN property. Property defines
how YSoft SafeQ expects PIN codes to be stored in source database (this can be internal database
with or without LDAP Replicator, AD, ...). Allowed values are:
If MD5WithoutPrefix, SwipeBytes or Plain values are used, PIN codes are displayed as card
numbers in the YSoft SafeQ web interface. The PIN-override, puk-ignore-pin and PIN-history-
enabled properties are not applicable to these PIN codes.
All already existing PIN codes are NOT converted. To convert PIN codes to new format for existing
users, it is necessary to enter them manually again.
ABOUT
Data export is simple utility for exporting Users and/or Cost Centers to csv file. It is accessible from
Managing users in the Users list.
Data Export page is accessible from all pages under Users section on web interface: Users ->
Actions... -> Export data to CSV
GENERAL OVERVIEW
On the left side of Data Export page administrator can select character encoding, on the right side of Data
Export page user can select scope of data to export.
Export will be save in csv file format.
Action Description
Action Description
Action Description
Data that are exported encrypted are marked with prefix do_not_convert@@. When YSoft SafeQ
imports data from CSV file via Tools - Data Import it looks for this prefix when it tries to decide if
input value must be converted via currently set conversion method or not.
ABOUT
Data import is a utility for Importing Users and/or Cost Centres from csv file. It is accessible from Managing
users in the Users list.
Data Import page is accessible from all following pages on web interface: Users -> Users list/Role list/
Cost Centres -> Actions... -> Data Import
GENERAL OVERVIEW
On the upper of the Data import page there is a basic file scructure for csv files. In bottom part there is a
CSF file character encoding and path to CSV file with data to import.
Action Description
Data that are exported encrypted (for example PIN codes or passwords) are marked with prefix
do_not_convert@@. When YSoft SafeQ imports data from CSV file it looks for this prefix when it
tries to decide if input value must be converted via currently set conversion method or not.
300;add;5;Communication
300;add;7;Enterprise and Industry
100;add;villevirtanen;Ville;Virtanen;PIN5555;5;villevirtanen@test.cz;;4MV0b
100;add;jeandupont;Jean;Dupont;268742;7;jeandupont@test.cz;\\share\users\jeandupont;B27Kf
200;add;villevirtanen;268743
200;add;jeandupont;PIN7777
200;add;johndoe;do_not_convert@@PINb59c67bf196a4758191e42f76670ceba
About
Basic mode
Test settings tab
Log tab
Advanced and Expert mode
Running the replication
ABOUT
SafeQ 5 has LDAP replicator tool integrated in the SafeQ web interface.
The following steps will guide you through the default Active directory integration setup. For advanced and
expert options please refer to LDAP Integration - Advanced and Expert settings.
1 Open the LDAP integration wizard through the Welcome to YSoft SafeQ Widget at the main screen.
NOTE: The settings for LDAP replication can be also found on the web interface: Users ->
Actions... -> Connect to LDAP
On the Connection tab, you can setup the integration setting with LDAP.
LDAP server.
The Scheduling tab gives you the possibility to schedule the run of replication. All settings are
revealed after you check the Enable regular synchronizations checkbox. The options are:
Start full replication - Here you can select the days and times for full replication, by
clicking checkboxes.
Start differential replication - Here you can specify the hours or time interval from the
last replication to start differential replication. This type of replication will be started every
day.
NOTE: You have to restart YSoft SafeQ CML services to apply these changes.
The Status tab contains only information about the last synchronization with the LDAP server (date,
duration and result) and the count of added/updated/deleted users, cost centers and roles.
BASIC MODE
In Basic mode there are additional tabs:
The Test Settings tab enables you to test the connection to the LDAP server. Please note that the settings
have to be saved before the test can start. If the settings are correct, the test will return first 5 users, cost
centers and roles matching entered settings and filters.
There is a summary table in the top if more than one LDAP connection (domain) is set. You can see if
domain settings are correct (all icons are green) or something is setup wrongly (red icons). If test returned
less then 5 results, icon is orange. This does not necessary means that setting is wrong (there could be only
three object of that type in the LDAP) but warning is raised so administrator can check if for example filter
settings is correct.
You can list returned items for each domain by clicking on domain name in the summary table.
LOG TAB
On the last tab called Log, you can see information that were logged by the running LDAP replicator. This is
a good place for troubleshooting if there is any issue with the replication process.
Basic
Advanced
Expert
Each mode "unlocks" new tabs for the replicator settings. However, for majority of installations, the basic
mode will be sufficient.
For advanced and expert options please refer to LDAP Integration - Advanced and Expert settings.
Advanced mode
Replicator tab
Schema tab
Expert mode
Connection tab
Mapping tab
Filters tab
Domains
ADVANCED MODE
Replicator tab
LDAP service port - The port on which LDAP listens to YSoft SafeQ.
Number of objects in search request - Maximum number of objects requested in one response page
during search. Set to -1 for unlimited response.
List of binary attributes - List of attributes that contain binary (non-string) values. Attributes are separated
by commas. No spaces are allowed.
Delete imported objects in case of an error - Parameter affects only the Full replication (not the
Differential replication). YSoft SafeQ launches the procedure for deletion of outdated objects at the end of
every full LDAP replication. For example when some user is deleted on the Active Directory side, this user is
deleted on YSoft SafeQ side at the end of LDAP replication by the procedure for deletion of outdated
objects.
If this parameter is set to "disable" and there is any error during the replication (connection error,
unexpected values...), procedure for deletion of outdated objects is not launched - this way it is
prevented the deletion of valid objects. It is strongly recommended to leave it with default value
"disable".
If this parameter is set to "enable" and any error during replication occurs, procedure for deletion of
outdated objects is launched - this may cause that even valid objects will be deleted during
replication and users will be unable to authenticate. "Enable" shall be selected only in case when
requested by Y Soft Corporation (for example as a temporary workaround for issues where LDAP
contains incorrect values).
Terminate replication if an error occurs - Enable this feature to terminate replication if any error occurs
during synchronizing user roles or cost centers (these objects are synchronized before any user account).
Schema tab
The Schema tab enables you to specify your own attributes that contain important user data like attribute
containing aliases, login, cards numbers and other data.
Import users - If disabled, only cost centers and groups are imported – not users.
Attribute containing username - Do not include domain in username - Determines how domain will be
separated from login:
Option none - domain will not be separated from the login and string will be used as it is
Option at sign or backslash (@, \) - domain will be separated by (@, \)
Option dot (.) - domain will be separated by (.)
Login Alias
Do not include domain in username none at sign or backslash (@, \) dot (.)
Check username uniqueness - if this option is disabled duplicated users can be created. If both this option
and the option Overwrite user if already exists in database from Filters tab in Expert mode are enabled
the duplicity is excluded, i.e. the original user created in SafeQ Web interface is deleted and the user
from the Active Directory is created.
Attributes containing aliases - Attributes containing user aliases. Use commas to separate multiple
attributes.
Attribute containing user role (membership) - Attribute containing user role (membership). This multi-
valued attribute is a collection of the Distinguished Names of all groups the user is a direct member of.
Attributes containing cards/PINs - Attributes containing cards and PINs. Use commas to separate
multiple attributes. Multiple values can be replicated from this attribute.
Card number conversions - Function for conversion of card numbers stored in LDAP to values stored in
database. For more info about syntax and function examples see Use Card Number Conversion.
Card separator - If multiple card numbers are stored in a single-value attribute in LDAP, the card numbers
are separated by the defined separator.
Note: The separator must not contain apostrophe character (ASCII code 039).
Note: If LDAP replicator is used in On-demand (semi-online) mode, this feature is not supported –
only one card number may be stored in each single-value attribute.
Delete all the user’s cards when a user’s account is deactivated - When user's account is deactivated
in LDAP, all user's cards will be deleted in database.
Note: If this option is enabled, the user’s cards that were added via the YSoft SafeQ web interface or
card self-assignment will also be deleted from the database. Because this operation cannot be
undone, the recommended value is disabled.
Note: Do not enable this option if multiple LDAP accounts are merged into one YSoft SafeQ user
account (that is, if multiple LDAP accounts have the same employeeID attribute). Deleting or
disabling one of the accounts on the LDAP server causes all cards from the merged user account to
be deleted from the YSoft SafeQ database.
Attribute containing PIN code - Attribute containing PIN, which can be converted in case PIN code
conversion value is defined. Only single value is replicated from this attribute.
PIN code conversion - Function for conversion of PIN code stored in LDAP attributed defined in Attribute
containing PIN code to value stored in database. For more info about syntax and function examples see
Use Card Number Conversion .
If this option is enabled, SafeQ will automatically create YSoft Payment System account for new
users.
If user's account is deactivated in LDAP, YSoft Payment System account will be disabled for such
user.
If user's account is moved to LDAP source where this option is disabled, YSoft Payment System
account will be disabled for such user.
If user's account is moved to LDAP source where this option is enabled, YSoft Payment System
account will be created or enabled for such user.
Note: If YSoft Payment System is unavailable, the money account will not be created.
Note: There is no way to import initial account balance from LDAP.
EXPERT MODE
Connection tab
The Connection tab has new option called Mode of LDAP server certificate check which defines how the
LDAP server certificate is validated (applies to LDAPS protocol only).
hash - Hash of the certificate is stored in conf\ldap-keystore during first connection. If the certificate
of LDAP server is changed, the connection is refused. Delete conf\ldap-keystore file in you changed
certificate. This is default behavior.
secure - Certificate of LDAP server is verified by Certificate Authority public key. To use this feature
you have to import your CA`s public key into YSoft SafeQ truststore.
Here is example how to import CA certificate to YSoft SafeQ (to obtain keystore password, please contact
customer support services):
Timeout - Number of milliseconds after which connection to the LDAP server times out if there was no
response. If several reconnection attempts are configured in Replicator tab, LDAP replication will retry the
connection after delay specified by ldapReconnectionDelay System settings configuration property.
Number of threads - Number of concurrently running threads. Number of threads should not exceed
number of LDAP connections. Database should have sufficient number of open connections.
Maximum response time - Maximum response time in seconds. Requests that take longer than
given time are prematurely canceled.
Mapping tab
The Mapping tab allows you to configure options and conversion for user unique mapping, option for
extracting external ID and several options for user´s organizational unit mapping.
Options for unique mapping of users - Options for user unique mapping:
Conversion for unique mapping of users - Turn on conversion of user unique mapping Options for user
unique mapping, e.g. for ”GUID” (=value ”ID-GUID”) is converted to ”objectGUID” (used for Active
Directory).
Usually for existing installations value ”true” should be set for backward configuration compatibility.
For new installations it is recommended that you use ”false” and specified item Options for user unique
mapping properly, e.g ”Options for user unique mapping = ID-objectGUID” for Active Directory. Typically,
false is used for non-AD servers.
Option for extracting external ID - Option for extracting ext-id from attribute Options for user unique
mapping. Matching parts are used for output. Unmatching input is not processed. For example: regex (d+)-
adm-(d+)|adm-(d+) for inputs 12345-adm-6789, 123-adm-456789, adm-123456789, 123456789 will have
same output 12345678.
DN:[attribute-name] Cost centers are searched by query in LDAP, cost center is assigned according
to LDAP setting (by DN prefix). [attribute-name] determines user ext-id. Example: DN:GUID
NUMBER:[attribute-name] Cost center creation during user replication. Number is stored in user’s
[attribute-name]. Name is created as ”OU-”[attribute-name], example: NUMBER:department
NAME:[attribute-name] Cost center creation during user replication. Name is stored in user’s
[attribute-name]. Number is identical to the ID (initialized by sequence). Example: NAME:department
NN1:[attribute-name-with-number]:[attribute-name-with-name] Cost center creation during user
replication. [attribute-name-with-number] contains cost center number and [attribute-name-with-
name] contains its name. Example: NN1:department:company
NN2:[attribute-name]:[groups-order]:[pattern] Cost center creation during user replication. The
user’s [attribute-name] must include content that matches reg-ex [pattern]. Value must contain at
least two reg-ex groups: the first for OU name, the second for OU number. [groups-order] is string ”
name,number”, or ”number,name” depending on the mapping order of regex-groups to OU number
and OU name in [pattern]. Example: NN2:department:number,name:([^:]*):(.*)
Conversion of user cost center mapping - Turn on conversion of user’s cost center unit mapping (
Options for user’s cost center mapping). For example, ”GUID” (=value ”DN:GUID”) is converted to ”
objectGUID” (used for Active Directory).
Usually for existing installations, set this value to ”enable” (true) for backward configuration compatibility.
For new installations it is recommended that you use ”disable” (false) and the specified item Options for user’
s cost center mapping, for example, ”Options for user’s cost center mapping = DN:objectGUID” for Active
Directory. Typically, false is used for non-AD servers.
Map cost center only when value exists - When enabled, user’s cost center information is updated only if
cost center exists. If disabled, user is saved without cost center information.
Attribute containing unique identifier for groups - Name of LDAP attribute containing unique identifier
for groups.
Bind user to ancestor groups - Option that specifies to map user not just to its superior roles but also to
roles superior to these roles.
Filters tab
In the Filters tab you can specify additional filters for users, groups or cost centers searching and some
other filters according to your needs.
Additional filter for user searches - You can use this filter if the standard built-in filter includes unwanted
objects in the search result. For example, filter for users that have not been disabled (&
(objectCategory=Person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Additional filter for group searches - Use this filter if the standard built-in filter includes unwanted objects
in the search result.
Additional filter for cost center searches - You can use this filter if the standard built-in filter includes
unwanted objects in the search result. This setting is in effect only when Mapping -> Options for user’s cost
center mapping is set to DN:keyword (for example DN:GUID). With other options (like NAME, NUMBER,...)
this option is not used.
Ignore distinguished name when searching for users - Domain name branches to ignore during
searches of users. Separate multiple values with a pipe.
Ignore distinguished name when searching for groups - Domain name branches to ignore during
searches of users. Separate multiple values with a pipe.
Ignore distinguished name when searching for cost centers - Domain name branches to ignore during
searches of users. Separate multiple values with a pipe.
Overwrite user if already exists in database - Enable this option if you have created internal users prior
synchronization from LDAP.
Merge automatically generated accounts in YSoft SafeQ database - If multiple user accounts are
automatically generated in the YSoft SafeQ database, they can be automatically merged once accounts are
created in LDAP with aliases that are the same as the generated accounts. This should be enabled only
when using the anonymous print feature.
Domains
The last option added is the Domains section located under all mentioned configuration tabs. If there are
more LDAP servers, you can add each one to this section. Then you can either use the same settings for
both (or more) domains, or you can specify different settings for each domain.
This can be done by clickng the icon next to each setting. If the icon is green, the settings is valid for all
domains. If the icon is red then the domains are differentiated by the color of text fields:
ABOUT
If a user's settings (name, surname, PIN, alias...) or access right settings have been changed and you want
to transfer the changes to the ORS immediately, after you select Update data on ORS server, click the
Run synchronization button as described below.
To sync data to all ORS servers at once, select Update data on all ORS servers.
To sync data to only a specific, connected ORS server, select Update data only on selected connected
ORS.
Button Description
Button Description
ENABLE FEATURE
In the YSoft SafeQ Web Interface, select System > System settings.
Find property enableLocalAdministratorSupport and set it to Enabled. Logout and login from the YSoft
SafeQ web interface is required in order to see newly enabled page in the menu.
On this page, you can view, add, edit, and delete service organization.
Use Add new item link to add new service organization or use wrench icon to edit existing one.
When Local administrator support is licensed, some rights are highlighted in the blue color. Only these
rights are safe to be assigned to the local administrator users or to the roles that these users are members
of. In case when some other user right is assigned user can access pages that does not limit access based
on service organization and user can see or manage data that does not belong to his organization.
RULES
ABOUT
Access rights restriction for device native applications (e.g. Copy) on YSoft SafeQ Embedded
Terminal for Xerox, requires following settings:
Color restriction is not supported at all, for native applications on Xerox machines.
GENERAL OVERVIEW
To set access rules, in the Web interface, go to Rules > Access definition.
Option Description
Option Description
Option Description
User role Defined user roles. To set up access rights for all users, select everyone
.
Device group Device group (ORS) to set up access to. To enable the selected role to
access all devices, select ALL DEVICES GROUP.
Device Device to set up access to. To enable the selected role to access all the
devices in the group, select ALL DEVICES IN GROUP.
ACTIONS
To update data on ORS servers or to set access rights display options, click . The
following menu opens:
Update data on ORS - Select this option to upload changes to ORS servers: Update Data on ORS
Access right view behavior settings - Select this option to open access rights display options.
First option: Check this if you do not want YSoft SafeQ to display notifications when you save
access rights changes. You may want to use this option if you add or edit a large number of
access rights. (If there is an error, messages appear anyway.)
Second option: Check this; if you want YSoft SafeQ to automatically save newly added access
rights. If you select this, you will not need to click the Save icon next to each access rights
definition.
Third option - Check this if you do not want YSoft SafeQ to display pop-up dialogs that require
confirmation for deleting particular access rights.
Overview
Displaying the Scan workflows list
Adding new workflow by importing XML file
Adding new workflow using workflow wizard
OVERVIEW
Before user can scan via Y Soft SafeQ, scan workflows must be defined first.
There is two ways how to create scan workflows: by importing XML file or using workflow wizard. Both ways
will be described on this page.
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Go to Rules > Scan workflows. On this page, you can add/edit/delete/order scan workflows.
2 To change order of existing workflows, just drag icon and drop scan workflow. Then click Save
changes. Workflows will be displayed in the same order on scanning devices.
1 Click Import from XML, click "..." button and select XML file for the scan workflow. See Scanning
workflow definition for further instructions how to build XML file.
Then click Upload file. The workflow now appears on the Scan workflows page.
1 Click Add new item, and scan workflow definition wizard window will be opened.
The name of the workflow is visible on SafeQ web interface and in case of scanning with embedded
terminal also on a panel of MFP where user selects from available workflows.
TYPE
The destination of scanned documents defines where the scanned document shall be stored. There
are three possible values:
The description can be an arbitrary string which describes the scanning workflow in a natural
language. It is shown for example in the embedded terminal application when user selects a
workflow. It may for example contain a message for a user to enter parameter values. The description
string may be shown wrapped according to display proportions.
3 Scan settings tab contains predefined settings for a resulting scan document as follows:
RESOLUTION
This option specifies resolution of scanning. There are five possible values sorted from the lowest
resolution to the highest resolution.
NOTE: Not all technologies and MFP models support all five levels of the resolution. If an
unsupported level is chosen, the scanning will not start or the resolution is approximated to the
nearest possible value (differs for each vendor).
SIDES
This option specifies whether the scan shall be scanned as duplex or simplex. There are following
values:
COLOR
This option specifies color scheme of a scan. There are following values:
Full color
Black and white
Bicolor
Grayscale
Monocolor
Auto – color scheme is detected automatically by the scanning device
NOTE: Not all technologies and MFP models support all six color schemes. If an unsupported
color scheme is chosen, the scanning will not start or the color scheme is approximated to the
nearest possible value (differs for each vendor).
This option specifies file format of the output file. There are following values:
NOTE: Not all technologies and MFP models support all output file formats. If an unsupported file
format is chosen, it is substituted with any other similar file format.
LOCKED PARAMETERS
It is possible to lock parameters: Resolution, Color, Output file format ad Sides. Locked parameter
can not be modified by logged user on terminal.
4 On User parameters tab you can define User parameter - so user will able to enter / change a value
of the parameter. This can be done via terminal panel interface – currently only embedded terminals
allow users to enter parameter values.
NOTE: You can change order of parameters by dragging icon and dropping. Parameters will
be displayed in the same order on scanning devices.
5 Click Add parameter and new window with following options will be displayed:
PARAMETER NAME
The parameter name is an alphanumeric identifier of the parameter. There is a set of special
parameters for each scanning workflow whose names are reserved. You can choose name from list
of pre-defined names from drop-down menu. This list is dependent on type of scan workflow. In
section User parameter you can see only subset of pre-defined names which are relevant for user.
You can also select Custom value from drop down for creating custom type parameter. You'll see
new field under drop-down menu for custom name.
PARAMETER LABEL
The parameter label is an alphanumeric description of the parameter. It should contain a short
description of the parameter in a natural language. For example, the embedded terminal application
shows the label next to the input field of the parameter.
PARAMETER TYPE
The parameter type is used as a constraint for values of the parameter. For example, the embedded
terminal application uses the data type to display a specific input component or check values entered
by the user.
Data types are:
A parameter may be defined as mandatory and a user has to enter a value for it. In this case
operation cannot continue unless the value is set. In the opposite case, value can be set voluntarily
and it will not affect user's work.
DEFAULT VALUE
A parameter may have a default value which must respect data type. This value is used unless
changed either way, typically from the embedded terminal application. As for the scanning with
hardware terminal, the default value field is the only way to provide a value for the parameter.
The default value may contain %variables%. See Scanning workflow definition for details.
6 Administrator parameters tab is same like User parameters. The only difference is that Required
parameter flag is not available for Administrator parameters and that in the section Administrator
parameters you can see all (not only relevant to user) pre-defined names in drop-down menu relevant
for the type of scan workflow. These parameters cannot be seen by user on MFP panel and therefore
cannot be change by him.
NOTE: You can change order of parameters by dragging icon and dropping.
OVERVIEW
In order for scan workflows to appear on embedded terminal screens, you must set access rights to the
workflows - users cannot use scan workflows that you have not set access rights for.
CONFIGURATION
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Go to Rules > Scan workflows access. On this page, you can create and modify access rights to
scan workflows that you have defined. (See Managing scan workflows.) Access rights can be sorted
based on Scan workflow name and by User role.
2 Click Add new item to grant access rights for scan workflows.
Allow or deny access rights (3) for selected user role (1) and workflow (2). Then click Add.
3 New access for scan workflows was added. Create more scan workflows if needed.
NOTE: When you have installed devices on ORS, you have to restart ORS service to propagate
scan workflows to ORS.
4 To enabled / disabled scan workflows click / icons. Then click Save changes.
- workflow is enabled
- workflow is disabled
ABOUT
Statistical data repair can be performed only by users that the YSoft SafeQ administrator (login: admin) has
specifically delegated. These delegated users will then have the "Data repair" tool in their menu.
At a Glance
About
Displaying the user delegation option
Delegating and undelegating a user
Pages in the Web interface that delegated users will be able to see
In the YSoft SafeQ Web Interface, select Roles > Tools > Data repair: user delegating.
(in the upper right corner). A list of YSoft SafeQ users opens. Select the user you
want to delegate. YSoft SafeQ immediately delegates the user.
In the list of delegated users, select the user; then click the icon and confirm your selection.
The YSoft SafeQ administrator (login: admin) cannot be delegated for statistical data repair actions.
PAGES IN THE WEB INTERFACE THAT DELEGATED USERS WILL BE ABLE TO SEE
Delegated users will be able to see these pages:
Data Repair
Data repair Manual counters readout
ABOUT
On this page, you can manage print job rules and access the Rules Definition wizard.
- Drag and move the rule in the list. Multiple rules can apply to the same print job.
Panel (1) lists available Conditions, Actions and Notifications that can be used to create new
rule.
You can use links in header (3) or buttons in toolbar (4) to switch between available
Conditions, Actions or Notifications.
To create new rule, first enter name of the rule, then click on Conditions, Actions or Notification to add
them to Rule panel. Trigger option limits which Actions, Conditions and Notifications can be added to
the rule because they need specific triggers to work. When you have finished defining your rule, click
on Save button (5) to save rule.
If item is grayed (6) out, it means that specific item (Condition, Action or Notification) is not available for
currently selected Trigger (7) or could not work with some of the selected Conditions, Actions or
Notification.
All values in multiple attribute are linked with OR logical conjunction. This means that one of the
values must apply to Condition to be evaluated as successful.
REMOVE CONDITION/ACTION
To remove Conditions, Actions or Notification from rule, hover your mouse about unwanted item. Cross
icon (1) will be displayed on the left side of the item. Click on this icon to remove item from rule.
For example of Rule Definition wizard usage, please see Example of Rule Definition Wizard usage.
For definition of specific conditions, please see Rule-based Engine: rule definition.
Define trigger - when rule will be executed. For list of triggers and their options, please see Rule-based
Engine: rule definition.
On the Rule Definition wizard Conditions tab, specify the conditions print jobs must meet in order for
YSoft SafeQ to apply the rule.
The condition appears on right side of wizard and might need additional information to be defined.
For definition of specific conditions, please see Rule-based Engine: rule definition.
On the Rule Definition wizard Actions tab, specify the actions the rule will do if defined conditions are
met.
For more detailed information about actions, see Rule-based Engine: rule definition.
If you want YSoft SafeQ to send a notification after it modifies a print job because of a rule, specify the
type of notification.
If you do not want YSoft SafeQ to send notifications, do not do anything on this tab.
For more detailed information about actions, see Rule-based Engine: rule definition.
Click Save to save the rule and add it to the Rules list.
MORE INFORMATION
ABOUT
The Rule Definition wizard is used for creating RBE rules. At a Glance
You use the wizard to specify triggers (when rule is executed), About
conditions (validating whether action is made), actions (what to be Example of
done) and notifications (who and how should be informed about creating a new
execution of rule). Please see available items in Rule-based rule
Engine: rule definition.
Example:
Example:
As you can see all selected actions has been added to the rule.
SYSTEM
System information – Diagnostics overview of the YSoft SafeQ system (see System Information).
System settings – Basic and expert configuration of various system settings (see System Settings).
System tools:
Card Number Conversion Tool
Diagnostics export
exported data structure
Event viewer
Export settings for YSoft SafeQ Client
Print Job Parser Configuration
System Information
System logs
System Settings
DIAGNOSTICS EXPORT
EABOUT
The main goal is to enable you to identify and diagnose system At Glance
problems in the following three areas:
eAbout
Unsuccessful user terminal access General overview
Disconnecting ORS Automatic
Monitoring print job error states export
You can export files either at once or in intervals settings:
Manual
export
settings
Last
finished
export
About
diagnostics
exports
GENERAL OVERVIEW
Diagnostics export can be found on web interface: System > Tools... > Diagnostics export
The system enables a regular (automatic) and/or single data export in CSV format for further
processing in the MS Excel application. Three files can be exported, and each one contains data for
one of the areas stated above.
This field
shows
last
performed
manual or
automatic
export
with date
and time
and path
where
export is
stored
More info about exported data structure can be found exported data structure.
ABOUT
This page describes Exported data structure from Diagnostics export page.
At Glance
About
Exported data structure
Unsuccessful user access to terminal
Disconnecting ORS
Monitoring print job error states
Semicolon (;)
Windows -1250 coding
Structure:
Disconnecting ORS
File name: RSDisconnections.csv
Structure:
Structure:
Job ID
Job Log ID
Device ID
Device name
Device group ID
GUID ORS – branch identification
ORS name
User ID
User login
Cost centre number
Job status (code)
Job status (text)
Job name
Error code, values:
0 – Other error
1 – Device error
2 – SafeQ error
3 – Network error
4 – Accounting error
Error code (text)
Error date and time --"dd.MM.yyyy HH:mm" format
Error description
EVENT VIEWER
ABOUT
At Glance
About
General overview
Filters
GENERAL OVERVIEW
Event viewer can be found on web interface: System -> Tools -> Event Viewer
On this page SafeQ administrator is able to see events that happend on SafeQ system.
Attribute Description
FILTERS
Filer Description
Author of event
If you want to include only a fragment of
the author name, you must add the special
character %
Description of event
If you want to include only a fragment of
the event description, you must add the
special character %
ABOUT
CSV export for a SafeQ Client is used for exporting a CVS file containing At Glance
all information about printers, GUIDs, and ORS servers, which is needed
for SafeQ Enterprise Port installation for RS. About
General
Please note that individual package containing print drivers is overview
usually required in order to fully use this feature!
This feature is typically used for extra large deployment in
cooperation with YSoft
GENERAL OVERVIEW
Export settings for YSoft client must be enabled: system > system settings > displayClientExportAction
= true
NOTE: Export settings for YSoft Client can be found on web interface: System > System
information. By default the export is hidden (see configuration parameter displayClientExportAction
)
Initiate export by clicking Export settings for SafeQ Client and printer drivers installation.
At a Glance
About
General Parser Configuration
How to download and install GhostScript
ABOUT
This page contains detailed description of print job parser.
Print job parser is used by YSoft SafeQ to determine number of print job pages and for image preview
rendering.
YSoft SafeQ comes with build in parser for PCL and HPGL print jobs. If you want to parse PostScript (PS)
jobs, you need to download and install GhostScript parser on your own because due to licensing limitation it
can not be included in YSoft SafeQ installation package.
TOP LEVEL
Option Description
Disable all parsers Print jobs will not be parsed, analyzed and no print preview would
be rendered. This option provides the best system performance.
Only analyse jobs This option will not render the print jobs. It would just analyze them
and will not create job previews. Internal analyzer is highly
(same parser for PS and PCL jobs)
accurate in number of pages estimations, less accurate in
color detection and size detection (therefore suitable for offline
accounting where mentioned limitations do not interfere). It
consumes only few of system resources. Internal analyzer (YSoft
Parser) will be used both for PCL and PS print jobs. Additionally
this option enables parser of the XCPT print job headers to detect
certain kinds of color jobs.
Only analyse jobs This option will not render the print jobs. It would just analyze them
and will not create job previews. Internal analyzer is highly
(different parsers for PS and PCL
accurate in number of pages estimations, less accurate in
jobs)
color detection and size detection (therefore suitable for offline
accounting where mentioned limitations do not interfere). It
consumes only few of system resources.
Render low-resolution images This option will render an image from every job, transform it to
from jobs (36 DPI) CMYK, and generate a preview. The image will be low-res (36 DPI)
in order to conserve system resources. Suitable for offline
accounting, and job preview. This option can worsen system
performance.
Render high-resolution images This option will render an image from every job, transform it to
from jobs (150 DPI) CMYK, and generate a preview. The image will be hi-res (150 DPI).
Suitable for offline accounting, job preview, and coverage
accounting. This option has significant impact on system
performance.
aply for job analysis) and thus information gathered by Print Job Parser are overridden by information
present in XCPT header. Also XCPT header analysis can be configured regardless enabled parser to obtain
basic job information without affecting system performance, see XCPT Header Analysis Configuration.
LOW LEVEL
2 Execute downloaded install package (for example gs861w32.exe) and click on Setup button.
4 When installation finishes everything is ready. Try to send PostScript print job to YSoft SafeQ server
and check number of pages in job info details (page Reports > Job list). Number of pages should
not be zero.
If you decide to experiment with newer version of GhostScript, installation workflow can differ and you
need to also update all references to GhostScript version in configuration options ParserPS and
ParserPSWorkDir (located in Expert options view on Settings > Printing parser page) so location
of gswin32.exe file in file system matches value of configuration options mentioned above.
ABOUT
To enable XCPT header analysis, navigate to the Settings Settings page and choose Spooler category.
CAVEAT
Color information within XCPT job is not representing real color quality of the job itself but it reflects only
whether Xerox Black and White Conversion is ticked in Image Options tab of the Printer Properties
dialog. Therefore B/W print job with this option un-ticked is recognized as color job.
Because XCPT header analysis is prioritized over parser output (does not affect Only analyse jobs
mode), B/W job will be marked as color even if output of parser without enabled XCPT header analyser is
correct.
SYSTEM INFORMATION
AT GLANCE
At Glance
General overview
Services
Service
All locks are listed
Cluster server info
DBSync database and system pools
License information
System
Locks
Locks on CML (by node)
Locks on ORS
Locsk on CML (by group)
Database
GENERAL OVERVIEW
SERVICES
This is a main panel which you can see when you enter on the System information page. Page is
divided to several parts.
SERVICE
On this page you can see statuses of all SafeQ Internal Services. Some stopped services may be
started.
Attribute Description
Number of locks held by CML Total count of locks held by all CML servers
together
Number of locks held on ORS servers Total count of locks held by all ORS servers
together
Number of CML groups that are holding Total count of CML groups that are holding locks
locks
Number or ORS servers that are holding Total count of ORS servers that are holding locksr
locks
Locks on cluster nodes (CML) Total count of locks held by each CML server
LICENSE INFORMATION
Detailed information about licensed elements is available after expanding Show licensed features.
SYSTEM
You can find more information about tab content on Support information page.
LOCKS
Locks page is divided to a three parts. Locks page shows the list of printers that are currently using for
print.
About Locks
LOCKS ON ORS
DATABASE
SYSTEM LOGS
ABOUT
Through this page you can simply download logs from CML At Glance
server.
Y Soft Hepldesk may ask you for this information. Log files are About
typically located in <SafeQ_DIR>\logs (e.g. C:\SafeQ5\logs) folder General overview
on YSoft SafeQ server. Working
with
system
logs
GENERAL OVERVIEW
System logs can be found on web interface: System -> Tools -> System logs
SYSTEM SETTINGS
About
General overview
Working with System settings
Search filter
Tablet panels
Property details
Saving new settings
Functions
Add new item
Actions
Views
Save settings
Settings in Dashboard widget
Delivering configuration to the customer
ABOUT
Through this system settings page, authorized administrator can manage SafeQ configuration.
YSoft SafeQ 5 has no user-configurable hard text or xml configuration files on the file system. All
configuration settings is saved in database. There may be some configuration files in SafeQ installation
directory, however these are considered as a part of application, required for its start up and shall not be
modified any time.
GENERAL OVERVIEW
System settings can be found on web interface: System > System settings
Please note that settings of LDAP replicator are in separate page in user management, see Tools - LDAP
Integration.
SEARCH FILTER
by entering text phase into text filed. This phase must be part of property name, description or
internal name.
by marking/unmarking SafeQ components which are using this property
To apply current search filter click Search button. To cancel current serach filter click Clear buton.
TABLET PANELS
Tablet panel on the left side of the page are representing different categories of system settings. Number of
displayed categories depends on the currently selected view and search filter.
To change category just click its name. Currently selected category is always highlighted with white color.
PROPERTY DETAILS
Each property listed in System settings contains some attributes which are described below. All attributes
marked with asterisk are always display for each property.
After changing settings values you have to save changes to apply new settings. It is possible to change
more values on different pages and then save settings
After clicking button, there is displayed a window with summary of changes, list of
components to be restarted and list of terminals to be reinstalled. To confirm these changes click Yes.
FUNCTIONS
In the top right corner there is few functions available for this page. For general page functions see: Web
interface - Basics
This function is available only in Expert options view and allows you to add custom properties into System
settings. After clicking pop-up window will be displayed. Fill in all necessary field and
click Add property.
ACTIONS
Name Description
Import settings Imports previously exported file with differential settings with following conditions:
from file
Differential system settings in the import file has to exist in existing
YSoft SafeQ settings and only value is updated. If system setting does
not exist in YSoft SafeQ, an error is reported.
Setting has to be contain valid values which can be imported.
Setting in YSoft SafeQ which should be overwritten by value from the
import file cannot be read-only otherwise an error is reported.
Setting which exists as user settings in YSoft SafeQ cannot be
overwritten by any setting from the import file. Such setting has to be
modified only from web interface.
Imported user defined setting cannot overwrite existing system setting
in the YSoft SafeQ.
If your import fails, remove invalid setting from the import file according these
conditions and try to load it again.
Export settings to Exports settings difference between default value and set value. Only key and a
file current value is exported. All user defined settings are exported as full record which
means with information about used subsystems, all flags, default value and its
assignment in category to be able to restore it again in the import. Settings which are
not changes are not exported.
VIEWS
SafeQ system settings are divided into three levels, based on impact to SafeQ system. After clicking
you can select:
To save new settings you have to click button before leaving system settings page. For
more info see Saving new settings.
To prepare changes in configuration, create XML file for import with following structure:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
<property>
<key>property name</key>
<value>value</value>
</property>
<property>
<key>property name 2</key>
<value>value 2</value>
</property>
...
</configuration>
Any user with right to change system settings can than import the XML file.
Please note that you have to follow rules for importing setting. Also SafeQ services must be restarted for
applying settings where required.
The following information is the main directory for YSoft SafeQ server installation, update and
uninstallation instructions.
For YSoft SafeQ 5 central components (the CML) or a single server, the following guides are available:
The following information is the main directory for YSoft SafeQ CML server installation instructions.
This page describes how to use the interactive installer to perform a basic YSoft SafeQ server
installation.
Standard installation
Troubleshooting the installation process
Customized installation or adding / replacing node
Using the file update.conf
STANDARD INSTALLATION
1 Obtain and run installation file ysf-sq5-install.exe from YSoft Partner Portal. Once you have the file
and the server is ready for installation, you can begin YSoft SafeQ installation.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything necessary for
installing a fully functional YSoft SafeQ server.
2 Select a language that will be used for the installation process. This language will also be used as
the default language for the YSoft SafeQ system.
NOTE: You can change the language for YSoft SafeQ at any time after installation is done.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree,
click Cancel to quit the installation.
After you accept the license agreement, the installer runs a preinstallation check. This procedure
checks several conditions and determines if the server meets all requirements for YSoft SafeQ
installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, installation can continue. If there
are problems, installation cannot continue. If any warnings or problems are indicated, review the
warnings and resolve the problems, then continue.
Accept the default YSoft SafeQ server installation folder, database engine, and IP
address.
7 If you chose the default installation, the installer displays the account name and password for the
database. The password is automatically copied to the clipboard. Save this password to a safe
place so that you can either use it when you need it or change it if you want.
Click OK.
8 The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server. In case you wish to see detailed installation
progress, press Show details button (or D key).
9 The last page of the wizard informs you about the results of the installation process and gives you
the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to close the
installation wizard.
pginstall.log - contains information about PostgreSQL installation (if you selected PostgreSQL as
the database to install).
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
6a If you wish to use values other than the default settings, check I want to customize my YSoft
SafeQ installation.
If you want to install master node select Install a new YSoft SafeQ server (or the first node
of a YSoft SafeQ cluster) and continue by click "Next"
If you want to add node to existing cluster, select Add or replace a node in an existing
YSoft SafeQ cluster, enter Cluster master node IP address and after clicking Retrieve node
list select Add new node option.
NOTE: When you add new node to cluster in environment with ORS servers, configuration
of ORS servers must be adjusted to communicate with new CML server too.
6c You now have the option to select your own installation location. You can install YSoft
SafeQ anywhere other than a UNC path or the root folder of the drive.
6d1 In case of Embedded PostgreSQL or Bundled Microsoft SQL Server you must specify
password for database user and sync user. Passwords must be entered twice to avoid
problem with potential typo.
You can use Generate password buttons to generate passwords for database user and sync
user. On button click, password is generated and copied into the clipboard.
In case you selected embedded Microsoft SQL Server 2012 Express edition, password must
meet minimum password strength as described here:
A strong password cannot be the following terms associated with the installation computer:
6d2 In case of External database you must specify information about connection.
NOTE: Database names should not contain special characters or white spaces.
6e1 If you are installing additional node you have to enter master node IP address, retrieve node
list information and click "add new node".
6e2 Enter YSoft SafeQ admin credentials from master node to perform database dump during
installation process.
6f The last page of the wizard presents you with the following settings:
7 When installation is finished, please restart YSoft SafeQ CML and YSoft SafeQ CML DBS
services on all previously installed nodes.
The file cannot contain configuration options that are stored in the files startup.conf, cmldb.conf,
cmldb-sqdw.conf, and cmldb-cluster.conf (otherwise the service will not start).
You can create the file whenever you need it; you can also use it for preconfiguring your installation,
but changes are applied only after the YSoft SafeQ CML service is restarted.
The file cannot contain a new configuration. If you want to add a new configuration option: in the
YSoft SafeQ Web Interface, use System Settings > Add new item.
The file updates only values. To change any other setting, such as a required restart or applying an
update on a subsystem, you must use the YSoft SafeQ Web Interface.
Listed configuration options are referenced by their internal name. The format in the file is internal
name = value. You can find internal names on the System Settings page.
If update.conf is used in clustered environment, all other CML nodes have to run and be available to
CML node where update.conf is applied.
1 Open SQL Server Management Studio and connect to the Database Engine
Enter Login name sync, switch to SQL Server authentication and insert password and untick
Enforce password policy
Switch to the Server Roles tab and tick sysadmin role. Finish the sync user creation by pressing OK
button
PREREQUISITES
1 Open SQL Server Management Studio and connect to the Database Engine.
3 Add 2 domain users, who will be used for communication between SafeQ installer and database. One
of users must have username 'sync'.
Enter Login name in following format 'domain\username' and select Windows authentication as
authentication method.
5 Run YSoft SafeQ CML installer. On installation settings screen check I want to customize my YSoft
SafeQ installation and click Next.
6 Select Use and existing external database server in database type selection step.
7 Check Use Windows Authentication (instead of SQL) checkbox and fill in Domain textbox.
Fill in connection details for both users. Use users and password registered n domain.
NOTE: Domain name have to match one, used during users creation in database engine:
INSTALLING SAFEQ ON SERVER WITH SPECIFIC DATABASE COLLATION FOR MS-SQL DATABASE
If you are installing SafeQ on server with Turkish locale using external MS SQL server 2012, you have to
create database with specific colation settings first.
Before SafeQ installation described in article Installing YSoft SafeQ CML, following steps are required
to create database with specific collation.
Then you can see both databases in SQL Server Management Studio.
6 Now you can install SafeQ according to Installing YSoft SafeQ CML.
In step 6d3 enter database names of already created databases (SQDB5 and SQDB5_SQDW).
1 Download installation files of PostgreSQL Only PostgreSQL 9.2 is supported for SafeQ 5
PGSQL SETTINGS
SQ DATABASE
listen_addresses = '*'
SQ DW DATABASE
listen_addresses = '*'
MSSQL SETTINGS
SQ Database server and SQ DW Database server must be linked as servers via MSSQL server
(Management Studio -> Database Engine -> Server Objects -> Linked Servers).
After administrator of MSSQL servers links the servers you must properly specify values in SafeQ config
files (srvnames must be same as in Linked Servers part):
sqdb-srvname
sqdb-dwsrvname
Server must be linked from both sides, SQ DW Database to SQ Database and SQ Database to SQ DW
Database.
You can use the wizard to update all version of YSoft SafeQ 5 that was previously installed via any
installer (GUI or script).
When updating to a new release, all installed components (YSoft SafeQ CML/ORS/CRS servers, Mobile
Print Server, YSoft Payment System and YSoft Payment System plugins) have to be updated.
In case one or more YSoft SafeQ services has been disabled, enable them before you start.
If you want to update YSoft SafeQ installed via enterprise (script) installer - Be sure that safeq_home
property is already exists in environment variables. Create this variable (safeq_home=<SafeQ_dir>) if it
does not exist already.
If you want to enable JDBC connection pool feature when updating from YSoft SafeQ 5 SR 5 or 6, you
should set configuration property enableDBPool in configuration file startup.conf to true.
Upgrade from Service Release 8 and earlier requires re-installation of the YSoft SafeQ Embedded
Terminals for Konica Minolta. In case the terminals are not re-installed, users might not be able to
authenticate.
1 a. Download the installation package ysf-sq5-install.exe from the YSoft Partner Portal. Once you
have the package and the server is ready for installation, you can begin the YSoft SafeQ installation.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything required to install a
fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be used as
the default language for the YSoft SafeQ system.
NOTE: Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree, click
Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This procedure
checks several conditions and determines if the server meets all requirements for YSoft SafeQ
installation.
or
Click Next.
9 The last page of the wizard indicates that the update is complete. Click Finish.
1 Shut down the whole environment. Follow chapter: Stop all ORS and Outage
CML services on all servers
Use the time of CML update The reason for starting with node
for next steps 2 is to mitigate a risk of slow
validation. The database on node 2 is
quite small compared to CML 1 which
makes it likely to validate faster. Time
of validation defines duration of the
outage.
8 Update CML 1 and all other CML Follow chapter: Update CML None
nodes
10 Update the rest of the ORS servers Follow chapter: Update ORS Intermittent
service
interruption
Between steps 1 and 6, the printing is unavailable. It is expected to take up to ..... hours to restore it
2.3. EXPECTED DATA LOSS
The steps show manual changes. In real update procedure we suggest to have pre-configured files as
suggested above.
3) Wait for the validation to finish, do not interrupt! Click "retry" as many times as needed. It can
take up to several hours if the database grew big.
4) Stop all services on updated CML 2 to perform all changes below (keep the database server service
running, if it is local)
3.2.1. Backup
You can perform the ORS backups while CML is being installed
run.cmd
excl.txt
logs\terminalserver\logs\terminalserver\AccountedJobsserver\temp\
server\cache\server\spool\
(should be done in advance) Configure the safeq-ors.ini configuration file. The CML Server GUIDs
can be found on the SafeQ Web Interface of the CML Servers
Run the installORSv2-exe.cmd command file
Check the Install-ORS.log to make sure the installation has completed
Stop all ORS services
At this point both CML servers are updated so configuration can be adjusted in System Settings.
3.4.1. Requirements
The following SQL Server Analysis Services roles are required: SQL Server Analysis Services
"Server administrators" group
Y Soft service account has to be temporarily granted the following permissions. Permissions can be
removed after the update is finished:
The following SQL Server Integration Services roles are required: db_ssisadmin
3.4.2. Backup
3.4.3. Configure
In most of the cases it is possible to use the "old" DeploymentConfig package as the parameters do not
change.
3.4.4. Run update script
Replace <ENV>with respective environment name and run the command:
3.4.6. Troubleshooting
Connect to Analysis services -> open cube -> Data Sources -> Properties:
If the installation fails, verify the required permissions and run the update again
4. ROLLBACK PROCEDURE
<CML/ORS>\*.log
<CML/ORS>\logs\*.log
<CML/ORS>\terminalserver\logs\*.log
Event viewer export from CML/ORS
CML 2 database backup
To install YSoft SafeQ ORS (Offline Remote Spooler), use the installORSv2-exe.cmd installation script. By
default the installer installs YSoft SafeQ ORS in the C:\SafeQORS directory. The installer generates the
global identifier (GUID) for the ORS server and places it in the configuration file guid.conf. If this file already
exists in the target location, the existing GUID is preserved and will be used.
You can use the MSI package to install YSoft SafeQ ORS.
For the correct system settings, see SafeQ ORS Server pre-installation check list.
Do not install YSoft SafeQ ORS on the same server where YSoft SafeQ CML is running.
Before beginning the installation, edit the file safeq-ors.ini (included in the installation package). Below is a
description of most important configuration attributes.
1 For a new YSoft SafeQ ORS installation with an already assigned GUID, enter the GUID in the
parameter localGUID: Use this parameter only if you want to install YSoft SafeQ ORS on a
server with a specific GUID, typically for a server crash recovery, in which case it is necessary to
keep the original GUID that was on the ORS server before the accident. The detailed instructions for
the recovery of the ORS can be found in ORS - Recovery procedure.
localGUID= <NEW_ORS_GUID>
2 Set the GUIDs, IP addresses, and ports for communication with YSoft SafeQ CML servers.
CML server GUIDs were created during YSoft SafeQ CML installation. They can be
found on respective web interface of each CML server in System info widget.
Another option to locate GUID of the CML server is in the value of the property
localGUID which can be found in <SafeQ_DIR>\conf\startup.conf configuration file of
respective CML server.
Do not change the port for communicating — keep it as 6010.
Add the IP address or DNS name of the YSoft SafeQ CML server.
It is always necessary to fill in details for all CML servers in your CML cluster.
If you do not have all four CML servers in your environment, delete redundant rows (e.g.
serverGUID4, serverPORT4, serverIP4) or comment them by putting ";" mark in front of them.
serverGUID1= <FIRST_NODE_GUID>
serverPORT1= 6010
serverIP1= <FIRST_SERVER_IP>
serverGUID2= <SECOND_NODE_GUID>
serverPORT2= 6010
serverIP2= <SECOND_SERVER_IP>
Example
3 Define directory for the installation of YSoft SafeQ ORS by setting the following parameters:
targetDir = <PATH>
Example
targetDir=C:\SafeQORS
If you do not enter these directories, the default values will be used: <targetDir>/server/spool,
<targetDir>/server/temp, <targetDir>/server/cache.
5 Another parameters in the SafeQ-ors.ini file are for configuring the SMTP server. The SMTP server
is used for sending scanned documents to users and for sending notifications to users. In the
configuration file, enter the IP address or DNS name of the SMTP server, IP address or DNS name
of the backup SMTP server, sender's e-mail, and login to SMTP server (if required).
smtpServer= <SMTP_SERVER_IP_ADDRESS>
smtpServerBackup= <BACKUP_SMTP_SERVER_IP_ADDRESS>
emailSender= <EMAIL_SENDER>
smtpUser= <SMTP_USER>
smtpPassword= <SMTP_PASSWORD>
If you do not enter these settings, values will be obtained from CML server setting.
Example
6 ORS Web Server serves several functions: interface for desktop client, scanning using webdav,
Mobile Print Server services. It is possible to change port for HTTP and HTTPS communication
(These two ports are mandatory). YSoft ORS Web server service won't start if either one of these
ports is blocked.
webServerPort= 80
webServerPortHTTPS= 443
7 Optionally, the base URL of YSoft SafeQ Web interface can be entered. If set, it is used to access
YSoft SafeQ web interface from YSoft SafeQ Client.
It may be used to configure custom host name for YSoft SafeQ Client to match the SSL
certificate of YSoft SafeQ ORS server (see Configuring SSL for Web interface).
8 In case you prefer to use Hostname instead of IP address for the local machine address, modify
configuration of parameter useHostname. If set to 1, variable "smartQ-server-ip" in file "ors.conf" is
set to local host name instead of local IP address
useHostname= 0
The DNS name resolution and the reverse lookup for the ORS server must be functional.
If the ORS server is part of a domain, FQDN will be used instead of the host name . The DNS
suffix must be configured properly in your network.
The FQDN hostname address is used only for purposes of ORS. Internal communication
between SafeQ subsystems (for example ORS<->CML) is always based on IP addresses (even
when useHostname=1).
9 Terminal server is required for communication between YSoft SafeQ and embedded terminals. If you
are not using embedded terminals at all, you can disable installation of Terminal server by
configuration parameter installTerminalServer. Default value is to have Terminal server installed.
installTerminalServer= 1
10 Terminal server leverages Hostable web core of the IIS. By modifying pf parameter
enableHwcSupport you can set whether all necessary system components shall be set
automatically or you want to do so manually according to Configuring Terminal Server web server.
enableHwcSupport= 1
Installation of web role for embedded IIS web server may take several minutes depending on
system usage and configuration.
Warning
If port 80 is selected in the installer for ORS web interface, then IIS site called "Default Web Site" is
deleted from IIS after installation as the site overrides system settings and uses port 80 instead of
SafeQ web interface. If IIS was already installed before and you select this option, please make sure
that no important site named "Default Web Site" is configured in external IIS otherwise it will be
deleted.
Before you begin, make sure you have modified the safeq-ors.ini file for your local conditions in the
currently installed environment, even when performing an update.
To install YSoft SafeQ ORS with specific configuration for HW terminal updates, copy your modified safeq.
fwupdate.conf into the directory containing the YSoft SafeQ ORS installation files and run the setup file
with an additional parameter:
installORSv2-exe.cmd safeq.fwupdate.conf.
For more intensive check, proceed with YSoft SafeQ ORS Health Check.
1. Install-ORS.log
log is created in the directory with ORS installation packages
2. application event log
see the log on a computer where ORS installation has failed. Some MSI Installer related
messages may be logged here
3. cml.log
log is stored in folder <SafeQ_dir>\logs that can be located on the CML server, which was
specified in safeq-ors.ini ServerIP field
4. ors.log
log is stored in folder <SafeQ_dir>\logs that can be located on the ORS server. Check this
log if installation was successful but ORS server is can not start
IN THIS DOCUMENT
ORS update
About ORS update
ORS update procedure
Verify that the YSoft SafeQ ORS is functional
Cache Recovery
How to enable cache recovery during upgrade
ORS UPDATE
To update a version of YSoft SafeQ ORS, use the installORSv2-exe.cmd installation script (the same
script you use for the initial installation).
The installer automatically uninstalls YSoft SafeQ ORS and saves the file guid.conf (with the specific GUID
of this particular ORS) to disk.
The installer then installs the latest version of YSoft SafeQ ORS to the specified folder, using the same
GUID as the previous version.
WARNING
In productions with hundreds of ORS servers, update should not be run "at once". Instead,
updates for ORSs should be split into batches containing ~200 ORS.
In case of upgrading 600 ORSs, administrators should run updates for 200 ORS at first, and once
update is done, proceed to next 200 ORSs and so on.
This process ensures, that CML will not get overloaded and it will be still able to handle other
requests during recovery.
Before you start update, verify the ORS cache recovery settings.
NOTE: If you omit this step, all jobs stored on the ORS will lost after the end of procedure.
Prepare safeq-ors.ini according to Installing YSoft SafeQ ORS description with following exceptions:
1. Parameters for safeq-ors.ini can be taken from backup-ed configuration files of ORS server.
2. Set attribute deleteCacheAfterUpdate=1
Make sure you have modified the file safeq-ors.ini for the local conditions in the currently
installed environment, even when performing an update.
or
Copy the file safeq.fwupdate.conf to the folder that contains the YSoft SafeQ ORS installation files
and run the installation script with this additional parameter:
installORSv2-exe.cmd <safeq.fwupdate.conf>
For productions with hundreds of ORSs, and Cache Recovery feature enabled, update should not be
run "at once". Instead, updates for ORSs should be split into batches containing ~200 ORS.
In case of upgrading 600 ORSs, administrators should run updates for 200 ORS at first, and once
update is done, proceed to next 200 ORSs and so on.
This process ensures, that CML won't get overloaded and it will be still able to handle other requests
during cache recovery.
Once the update of YSoft SafeQ ORS is finished, make sure the YSoft SafeQ ORS service is
running:
Open Services on the YSoft SafeQ ORS server (Start > Run > services.msc) and check the
following services:
6 Post-installation step
If scan to home/folder is used, you have to set up once again the account which is used to run the
YSoft SafeQ ORS service.
1 Open the YSoft SafeQ Web Interface and log in as an user with the right to administer printers (e.g.
admin).
2 Select Devices > Printers. The group list (on the left) shows the connected YSoft SafeQ ORS
server. (A new, additional ORS server should not have been created.)
the ORS status indicates that it is connected to the YSoft SafeQ CML
the ORS version shown is the same as the version of the update you installed
CACHE RECOVERY
SafeQ 5 supports recovery of ORS cache after it's deletion. This greatly simplifies upgrade process to
newer versions. In case of cache deletion, ORS will trigger cache recovery process during startup, and all
job-related data lost due to deletion will be re-downloaded from CML again. This document describes
procedure how to use cache recovery (further referenced as "CR") mechanism in production environments.
ORS cache recovery cannot be used to restore data which are unknown to the CML (e.g. statistics which
were not yet synchronized to the CML) and job-related data for print jobs with status DELETED..
CONTENTS
PLEASE NOTE:
Before you choose to upgrade ORS using cache recovery, make sure that CML has property
orsCacheRecovery set to true. If you run ORS upgrade without upgrading CML at first, this property might
be disabled. This would cause that after the ORS upgrade the cache is deleted, but since CML has
orsCacheRecovery=false, CR would not be run. If you encounter such situation, you can proceed with
following steps:
This process should ensure, that CML won't get overloaded and it will be still able to handle other requests
during recovery.
(You can see whether CR phase is done by monitoring CPU/hdd activity on CML)
Number of jobs which are being recovered is important aspect of CR. All job-related metadata (lost during
cache deletion, or possibly by upgrade) will be downloaded from CML to ORS.
According to number of jobs, amount of transferred metadata differs in size and might affect overall duration
of CR. We also need to take in consideration time and resources needed
for loading metadata from database, which is slowest element in whole CR process.
HW CONFIGURATION
HW setup is important mainly from DB(hdd/ssd) and CPU speed. Handling several hundreds of CR
messages on CML side utilizes CPU, while loading CR metadata from DB utilizes HDD/SSD.
Performance of these elements must be taken into consideration.
NUMBER OF ORSS PER CML
Number of ORSs connected to CML is related to overall performance of CML during CR. More ORSs
requesting recovery will consume more resources on CML side. Sudden onslaught of hundreds
of ORSs on single CML node might overload that node, and it would become unresponsive. This scenario
should be avoided as described in section 3) How to run recovery.
Please note, that even that we have load balancing on CML, it would not be able to serve such amount of
sudden CR requests, and load would not be balanced out among other nodes.
CML CLUSTER VS SINGLE NODE
In case of running CR in single CML node environment, extra precaution should be taken. CR (or upgrading
of ORS nodes) should always be run sequentially, and not at once on all ORS nodes!
SPOOLER DELETION
In case of ORS spooler deletion, all jobs belonging to this ORS will be marked on CML as DELETED. This
adds additional overhead to CML node, since it'll need to update database records
for these jobs. This operation might be time consuming and must be taken into account when running CR.
(if spoolers are deleted, number of ORSs in single CR batch should be further decreased)
The YSoft SafeQ CRS version must match the YSoft SafeQ CML version.
SUPPORTED DATABASES
YSoft SafeQ CRS supports the following versions of MS-SQL Server:
See the MS SQL Server 2008 installation procedure and MS SQL Server 2012 installation
procedure for information how to install MS SQL Server for YSoft SafeQ CRS.
INSTALLATION PREREQUISITES
YSoft SafeQ CRS Enterprise must be installed on a dedicated server – not where another instance of YSoft
SafeQ is running.
As a prerequisite for YSoft SafeQ CRS installation, Microsoft SQL Server must be installed and running on
the same server with the following minimum components:
Database Engine
SQL Server Agent
Analysis Services
Reporting Services
Integration Services
Workstation components (including SQL Server Management Studio)
In order to install YSoft SafeQ CRS, before beginning installation of MS SQL Server, MS IIS (a
component of the Microsoft Windows Server operating system) must be installed.
When installing Microsoft SQL Server, the following settings must be configured:
Microsoft SQL Server Enterprise Edition is recommended, although Standard Edition may be sufficient for
smaller installations.
MS SQL SERVER USER PERMISSIONS LEVEL FOR INSTALLATION
To install, upgrade YSoft SafeQ 5.0 CRS Server the following database roles are required: db_owner OR
db_datareader, db_datawriter, db_ddladmin.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles are
required: SQL Server Analysis Services "Server administrators" group.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are
required: db_ssisadmin.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Reporting Services roles are
required: SQL Server Reporting Services "System administrator" role.
MS SQL SERVER USER PERMISSIONS LEVEL FOR RUNTIME
To run YSoft SafeQ 5.0 at CRS Server the following database roles are required: db_datareader,
db_datawriter.
To run YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles are required: SQL
Server Analysis Services "Server administrators" group.
To run YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are required:
db_ssisoperator.
MS SQL SERVER USER PERMISSIONS LEVEL FOR OPERATIONS
To open/manage cube at YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles
are required: SQL Server Analysis Services Database "Full control ( Administrator )" role .
To run package at YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are
required: db_ssisoperator.
To browse reports at YSoft SafeQ 5.0 CRS Server the following SQL Server Reporting Services roles are
required: SQL Server Reporting Services "Browser" role.
MS SQL SERVER ANALYSIS SERVICES SERVICE USER ACCOUNT PERMISSIONS
"SQL Server Analysis Services" service user account must have access (db_owner OR db_datareader,
db_datawriter, db_ddladmin) to CRS databases (yBoxDB, yBoxDBCDC). The best option is to give him
Server Role sysadmin.
INSTALLATION PROCEDURE
This section describes how to install YSoft SafeQ CRS Enterprise, OLAP cubes, and reports in MS SQL
Reporting Services.
1 Open the Reporting Services Configuration utility (Start > Programs > Microsoft SQL Server
20xx > Configuration tools):
The command prompt opens. Enter the environment name, including the path to the currently
installed node:
Example: crs\TEST\node1
5 Check step
Go to the website http://hostname/reports (hostname = SafeQ CRS server name). You should see
the Reporting Services Web interface.
NOTE: The Reporting Services Web interface appears only if reporting services are installed
(installReportingServices = true).
CRS CONFIGURATION
This page describes configuration for CRS installation. See also the page Data management and backup for
further information.
We highly advise you that you make a backup of "DeploymentConfig" folder once the
configuration is finished. The backup of your original settings will be very useful in case of
CRS recovery or update and it shall be stored in the safe location.
GLOBAL CONFIGURATION
DeploymentConfig\env.ini:
//SMTP configuration
mailServer=<SMTP_IP_ADDRESS>
mailServerBackup=<SMTP_BACKUP_IP_ADDRESS>
mailFrom=<MAIL_FROM>
mailUser=<USER>
mailPass=<USER_PASSWORD>
// If SSL or TSL is enabled, it is used for communication with the SMTP mail server. SSL or TLS
must be enabled also on your mail server.
// Both properties mailSmtpSsl and mailSmtpTls should not be enabled at once.
mailSmtpSsl = false
mailSmtpTls = false
//Administrator e-mail address where system will send alerts (eg. if a printer fails).
adminEmail=<ADMIN_EMAIL>
//If send-email-after-startup is enabled, an e-mail will be sent to adminEmail each time the
SafeQ service starts.
//Do not enable this feature unless you are sure that adminEmail and mailserver options are
configured correctly.
send-email-after-startup=true
// Localization
// supported languages: cs,en,sk,es
int_languages= en
int_defaultLanguage= en
// currency - USD($ %) 840, EUR(€ %) 978, CZK(% KÄ) 203, GBP( %) 826, HUF(% Ft) 348
// character ¤ will be replaced by int_currency variable
int_currency_fmt=¤%
int_currency=$
int_currency_name = USD
Note: If a mail server does not require authentication, do not specify mailUser and mailPass properties.
Otherwise an authentication error from mailserver appears and sending fails.
//Database instance creation type (For the first installation, use the *clean-full-cluster*
value.)
databaseInstanceType = clean-full-cluster
//clean-full-cluster:
// Creates empty database instances yBoxDB and yBoxDBCDC.
// Executes initial SQL scripts. After installation, performs database validation.
//existing-db:
//Connects to existing database instances yBoxDB and yBoxDBCDC with no changes;
//yboxDBRep will be created from scratch.
// MSSQL DB version (For the first installation, use the *autodetect* value.)
dbVersion = autodetect
//Allowed values: \\
// MSSQL 2008 = 10.0
// MSSQL 2008 R2 = 10.50
// MSSQL 2012 = 11
//if branch is not known for CDC server, should it create one? [default=true]
cdc-register-new-branch = true
In the same env.ini file, enter all required values in the Database connection settings sections:
//Database type identification (The only allowed value for the CRS subsystem is *MSSQL*.)
dbClass=MSSQL
//relation database server for CRS (IP address or hostname of server with MSSQL database)
sqlDbServer = 127.0.0.1
enableDBBackup = true
In the same env.ini file, enter all required values in the Cube & package settings
sections:
//olap database domain user for CRS (empty value = current user)
olapDomainUser =
//Job name
//needed for 'cdc-build-cube = spstartjob' option
//default: BuildCubeSafeq
cdc-jobname = BuildCubeSafeq
cdcArchiveCubePeriod = 1
In the same env.ini file, enter all required values in the Integration services settings
sections:
In the same env.ini file, enter all required values in the Reporting services settings sections:
repSqlPasswd =
//Name of reports
//default is "SafeQ Reports"
repReportsName=SafeQ Reports
//if branch is not known for CDC server, should it create one? [default=true]
cdc-register-new-branch = true
//Each of these properties will list the email addresses that will receive an email
//notification once the data reception / data processing after reception is finished
//successfully / with an error. (When the property is empty, the notification will not be sent.)
//notify-receive-success-recipients = example@email.com
notify-receive-success-recipients =
//notify-receive-failure-recipients = example@email.com
notify-receive-failure-recipients =
//notify-process-success-recipients = example@email.com
notify-process-success-recipients =
//notify-process-failure-recipients = example@email.com
notify-process-failure-recipients =
Save and close the env.ini file and continue to the next step.
As a prerequisite for YSoft SafeQ CRS installation, Microsoft SQL Server must be installed and running on
the same server with the following minimum components:
Database Engine
SQL Server Agent
Analysis Services
Reporting Services
Integration Services
Workstation components (including SQL Server Management Studio)
In order to install YSoft SafeQ CRS, before beginning installation of MS SQL Server, MS IIS (a
component of the Microsoft Windows Server operating system) must be installed.
When installing Microsoft SQL Server, the following settings must be configured:
Microsoft SQL Server Enterprise Edition is recommended, although Standard Edition may be sufficient for
smaller installations.
MS SQL SERVER USER PERMISSIONS LEVEL FOR INSTALLATION
To install, upgrade YSoft SafeQ 5.0 CRS Server the following database roles are required: db_owner OR
db_datareader, db_datawriter, db_ddladmin.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles are
required: SQL Server Analysis Services "Server administrators" group.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are
required: db_ssisadmin.
To install, upgrade YSoft SafeQ 5.0 CRS Server the following SQL Server Reporting Services roles are
required: SQL Server Reporting Services "System administrator" role.
MS SQL SERVER USER PERMISSIONS LEVEL FOR RUNTIME
To run YSoft SafeQ 5.0 at CRS Server the following database roles are required: db_datareader,
db_datawriter.
To run YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles are required: SQL
Server Analysis Services "Server administrators" group.
To run YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are required:
db_ssisoperator.
MS SQL SERVER USER PERMISSIONS LEVEL FOR OPERATIONS
To open/manage cube at YSoft SafeQ 5.0 CRS Server the following SQL Server Analysis Services roles
are required: SQL Server Analysis Services Database "Full control ( Administrator )" role .
To run package at YSoft SafeQ 5.0 CRS Server the following SQL Server Integration Services roles are
required: db_ssisoperator.
To browse reports at YSoft SafeQ 5.0 CRS Server the following SQL Server Reporting Services roles are
required: SQL Server Reporting Services "Browser" role.
MS SQL SERVER ANALYSIS SERVICES SERVICE USER ACCOUNT PERMISSIONS
"SQL Server Analysis Services" service user account must have access (db_owner OR db_datareader,
db_datawriter, db_ddladmin) to CRS databases (yBoxDB, yBoxDBCDC). The best option is to give him
Server Role sysadmin.
See the MS SQL Server 2008 installation procedure and MS SQL Server 2012 installation
procedure for information how to install MS SQL Server for YSoft SafeQ CRS.
ABOUT
This page contains basic informations for SafeQ CRS installation on MS-SQL instance.
1 Open SQL Server Configuration manager (start ->Microsoft SQL Server -> Configuration Tools
-> SQL Configuration manager).
2 Select installed instance and open Properties for TCP/IP (enable TCP/IP if is disabled).
Avoid using 1434. This port is used by MSSQL - DAC. Use higher port number, e.g.: 1489
sqlDbInstance =
# Example: sqlDbInstance =Instance1
Updated config:
sqlDbInstance = Instance1
2 In the same env.ini configure TCP port for connection to Instance server
dbPort=
# NOTE: Important: avoid using 1434 . This port is used by
MSSQL - DAC. Use higher port number, e.g.: 1481 .
Updated configuration:
dbPort= 1489
ABOUT
This Document provides step by step instruction for installation of MS SQL Server 2008 for YSoft SafeQ
CRS server. Document is divided in to several parts:
Images in this section are illustrative only, and may be different according to the Windows service
pack you are using.
1 Insert the installation medium into the computer. When the SQL Server Installation Center window
appears, select New installation or add features to an existing installation.
2 The SQL Server installer copies all required files to the server. Click OK to continue.
10 Check disk space requirements. If enough free space is available, click Next.
12
1. a. Select Mixed Mode.
b. Enter the password.
c. Specify the SQL Server Administrator account.
d. Click Next.
13 Specify users with administrative permissions for Analysis Services; then click Next.
14 Select the Install the native mode default configuration option; then click Next.
15 Click Next.
16 Click Next.
19 Click Close.
1.
a.
If the SQL Server Reporting Services page does not appear as shown here, see Troubleshooting
CRS Enterprise installation
Images are for illustration purposes only. Your screens may look a little different.
1 Run Microsoft SQL Server Management Studio and connect to Database Engine. Use the sa login.
4 Enter the new location for databases by clicking the browse ( ... ) button and selecting the location, or
by entering the path in the text box.
5 Click OK (located at the bottom of the page) to save the new location.
ABOUT
This Document provides step by step instruction for installation of MS SQL Server 2012 for YSoft SafeQ
CRS server. Document is divided in to several parts:
Images in this section are illustrative only, and may be different according to the Windows service
pack you are using.
1 Insert the installation medium into the computer. When the SQL Server Installation Center window
appears, select New installation or add features to an existing installation.
2 The SQL Server installer copies all required files to the server. Click OK to continue.
b.
10 Check disk space requirements. If enough free space is available, click Next.
12
1. a. Select Mixed Mode.
b. Enter the password.
c. Specify the SQL Server Administrator account.
d. Click Next.
13 Specify users with administrative permissions for Analysis Services; then click Next.
14 Select the Install the native mode default configuration option (Reporting Service configuration);
then click Next.
15 Click Next.
16 Click Next.
19 Click Close.
d.
If the SQL Server Reporting Services page does not appear as shown here, see Troubleshooting
CRS Enterprise installation
Images are for illustration purposes only. Your screens may look a little different.
1 Run Microsoft SQL Server Management Studio and connect to Database Engine. Use the sa login.
4 Enter the new location for databases by clicking the browse ( ... ) button and selecting the location, or
by entering the path in the text box.
5 Click OK (located at the bottom of the page) to save the new location.
PERFORM THIS PROCEDURE ONLY ON THE CML MASTER SERVER (ON THE FIRST CLUSTER NODE).
If the values already exist, update them as follows. If they do not exist, create them:
cdc_enable_enterprise = true
cdc-sender = true
SET THE FOLLOWING VALUES IN THE CONFIGURATION VIA THE WEB INTERFACE:
cdc-branch = the unique identification of this client. The value is combination of „smartQ-server-name“ from
„startup.conf“ file from the first cluster node and „cdc-branch-locality“ from the system settings
Remember that when the service starts up, recalculations occur only every hour. For testing purposes, if
you want the data to appear in the statistics without having to wait for an hour, you can set the sending time
(for example, to every minute) by selecting cdc-time-intervals=60000 (and commenting choice cdc-time-
windows). After configuration, restart both servers gradually (CRS and CML sender). cdc-time-intervals
has higher priority than configuration in cdc-time-windows.
This section describes basic problems that may occur, their possible causes, and suggestions for solutions.
This section will be continually updated as necessary. This section does not include all possible failures and
their solutions.
1 If MS SQL server cannot be installed or if the following error appears when you try to access the
Reporting Service:
Description: An unhandled exception occurred during the execution of the current Web request.
Review the stack trace for more information about the error and where it originated in the code.
Source Error: An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can be identified using the
exception stack trace below.
Stack Trace:
[HttpException (0x80004005): The current identity (NT AUTHORITY\NETWORK SERVICE) does not
have write access to
'C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files'.]
System.Web.HttpRuntime.SetUpCodegenDirectory(CompilationSection
compilationSection) \+11329385
System.Web.HttpRuntime.HostingInit(HostingEnvironmentFlags hostingFlags) \+35
6
\[HttpException (0x80004005): The current identity (NT AUTHORITY\NETWORK SERVICE) does
not have write access to
'C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files'.\]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) \+11294470
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) \+88
2 If you export reports to MS Excel for accounting print costs, it is necessary to have a user named
safeq_reporter in the relational database. This user must have a password and access rights to the
CRS database yBoxDBCDC).
3 If CRS installation or update fails, you can set up log files to include detailed log messages. Using a
text editor with UTF-8 support, open the file InstallPackages\deployer\scripts\log4j-deployment.
xml. In the section shown here, change the value debug to trace:
<root>
<level value="debug" />
<appender-ref ref="log_app"/>
<appender-ref ref="console_app"/>
</root>
Save the file and run the installation procedure again. The log file now includes detailed log
messages (for example, output resulting from executing third-party tools and programs for installation
of cube, reporting services, etc.).
INSTALLATION SCRIPTS
ABOUT
All installation scripts are available in the installation package (InstallPackages folder).
To see the list of supported parameters for each script, run the script with the parameter -help
. For example, to get help for the backup script, issue the command:
InstallPackages\backup.bat -help
INSTALL.BAT
Script for installing YSoft SafeQ CRS Server. For more information see chapter Installing YSoft SafeQ
CRS.
UPDATE.BAT
Script for updating of YSoft SafeQ CRS Server. For more information see chapter Updating YSoft
SafeQ CRS.
BACKUP.BAT
This script performs a backup of your currently installed YSoft SafeQ CRS server.
bin\
build\
conf\
To make it possible to schedule a regular unattended backup, some command-line parameters must
be used to avoid the backup script pausing and waiting for user input. The minimum set of parameters
needed to achieve this is:
-env <EnvironmentName>
-nopause
UNINSTALL.BAT
Using this script you can uninstall existing YSoft SafeQ CRS server. For more information see chapter
Uninstalling YSoft SafeQ CRS.
STATUS.BAT
This script performs check of status of your currently installed YSoft SafeQ CRS server.
1) Use the configured YSoft SafeQ CRS installer according to CRS configuration and run status.bat
(InstallPackages\status.bat.)
3)
Input parameters
System properties
SafeQ Services
Configuration
Free disk space
logs size
ABOUT
This section describes how to update an older (already installed) version of YSoft SafeQ Central Reporting
Services (CRS).
If you are installing YSoft SafeQ CRS for the first time (that is, a clean installation), go to Installing YSoft
SafeQ CRS.
1 Skip this step in the case that you have already pre-configured installation files of CRS server.
NOTE: File log4j.xml located in conf folder will be overwritten by new one, when updating to
Service Release 4 or higher. That means, custom log settings will be lost.
3 Enter the environment name, including the version and the path of the currently installed node:
Example: crs\TEST\node1
5 The CRS installer checks all available information about the currently installed CRS and updates it
with the latest version.
Uninstalling instructions about SafeQ CML can be found:Uninstalling YSoft SafeQ CML and database
Uninstalling instructions about SafeQ ORS can be found:Uninstalling YSoft SafeQ ORS
Uninstalling instructions about SafeQ CRS can be found:Uninstalling YSoft SafeQ CRS
If you installed SafeQ Server on External database, database will not be un-installed and remains
on server.
If the original SafeQORS directory remains after uninstallation and you do not need to keep any print
jobs, delete the directory.
If the original SafeQORS directory remains after uninstallation and you do not need to keep any
print jobs, delete the directory.
1 This chapter describes how to uninstall the YSoft SafeQ CRS server.
The command prompt opens. Enter the environment name to installed node:
2 The installer will uninstall YSoft SafeQ CRS from your server as follows:
Stops/uninstalls services. (Even if the target directory is deleted/corrupted, services are removed from
the Windows registry.)
NOTES:
If deleteTargetDir parameter is set, the entire content of targetDir is removed, including
configuration, scripts and logs files.
If deleteTargetDir parameter is NOT set, directories conf, server, logs and scripts are preserved.
If dropDBInstances parameter is set, database instances YBOXDB and YBOXDBCDC are
uninstalled
Exclude all SafeQ folders from antivirus checks, including SafeQ spooler (the folder the physical jobs data
are stored in) and SafeQ database files (if embedded database is used, no matter it is PostgreSQL or
Microsoft SQL server).
If antivirus protection is installed on the SafeQ server, the entire SafeQ directory, SafeQ system services,
data storage for incoming jobs (spooler) on CRS server MS-SQL DB, and the entire SafeQCRS folder must
be removed from the regular (runtime) antivirus test.
These settings primarily protect the print subsystem and log files from becoming locked, damaged, and/or
from "freezing" or slowing down. A typical symptom caused by antivirus protection is "zero-byte" files. File
system Indexing must be disabled at all the following directories.
The same settings apply for central components (CML) and remote spooler (ORS).
Folder CML Value Example ORS Value Example CRS Value Extensions
content Example Example
Folder CML Value Example ORS Value Example CRS Value Extensions
content Example Example
Installation
directory of
dedicated
database
The directories and executable files listed above must be removed from real-time tests. Regular off-line
tests (outside print peak, e.g. 3:00 a.m.) are recommended.
Before upgrading to YSoft SafeQ 5 it is necessary to request an upgrade for the license first. For
more information on requesting a license upgrade please pay attention to all information available
on the link below.
Migration to YSoft SafeQ 5 is supported only for YSoft SafeQ 4 SR46. Please update your version
before migration.
Please, read Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 notes before migration.
SAFEQ4
1. Write down GUID of the master CML node. You can obtain it from the web interface of YSoft SafeQ
or from <SafeQ4>\conf\startup.conf (parameter localGUID) on the master node.
2. Stop all SafeQ4 services (both CML and ORS)
3. Backup SQDB4 and SQDB4_SQDW databases
4. Backup SafeQ4 files and folders:
a. c:\SafeQ4\conf
b. c:\SafeQ4\server\spool (if you want to keep jobs)
c. c:\SafeQ4\server\update (if you want to keep custom FW update files)
d. c:\SafeQ4\ds\Conf\config.ini
e. c:\SafeQ4\tomcat\conf\server.xml
5. Uninstall SafeQ4
SAFEQ5
1. Install SafeQ5 with the same GUID which was used for SafeQ4
2. Stop all SafeQ5 services
3. Delete SQDB5 and SQDB5_SQDW databases - check "Close existing connections" option before
proceeding
4. Restore SQDB4, SQDB4_SQDW as SQDB5, SQDB5_SQDW from backup files
a. Databases -> Restore Database... -> To database: SQDB5 -> From device: choose backup
file -> tick Restore and finish the wizard
b. Repeat similar procedure for SQDB5_SQDW
5. Run migration scripts on SQDB5 database (available in the YSoft SafeQ 5 installation package,
folder "_support\Manual upgrade from SafeQ 4"):
a. 01_drop_columns.sql
b. 02_migrate_pricelists.sql
c. 03_update_terminals.sql
d. 04_migrate_users_8.sql
i. If you use a different name for SQDB5_SQDW database, update the script
correspondingly (all "update SQDB5_SQDW.dbo.*" records)
e. 05_migrate_globalauth.sql
6. Update table cluster_server if necessary
7. Restore configuration files regarding backup:
a. Copy rools.drl file from SafeQ4 backup into SafeQ5 (overwrite existing one)
b. If you want to keep jobs, copy content from SafeQ4 spool folder into SafeQ5
c.
c. If you want to keep custom FW update files, copy content from SafeQ update folder into
SafeQ5
d. Verify terminalserver configuration and update it regarding c:\SafeQ4\ds\Conf\config.ini if
needed
i. in c:\SafeQ5\terminalserver\\TerminalServer.exe.config - change "networkAddress" if
needed
ii. in c:\SafeQ5\terminalserver\WebServer.config - change bindings if needed
e. Verify configuration of tomcat and update it regarding c:\SafeQ4\tomcat\conf\server.xml if
needed
i. in c:\SafeQ5\tomcat\conf\server.xml - change settings if needed
8. Start SafeQ5, check DB validation
9. Verify scan to script settings (paths might be wrong after upgrade to SafeQ5)
10. Verify global authentication properties in SafeQ5 system settings - make sure that the default
administrator login/password suits your needs and change it if needed.
a. Go to System > System settings and search for global-authentication-
11. Reinstall SafeQ embedded terminals on all printers
a. Note: Support of embedded terminal types was unified in SafeQ5. Terminal type will be
automatically migrated to proper type by migration scripts.
SAFEQ4
1. Write down GUID of the master CML node. You can obtain it from the web interface of YSoft SafeQ
or from <SafeQ4>\conf\startup.conf (parameter localGUID) on the master node.
2. Stop all SafeQ4 services (both CML and ORS)
3. Backup SQDB4 and SQDB4_SQDW databases (choose Format TAR + appropriate file names, leave
rest of options in default state)
4. Backup SafeQ4 files and folders:
a. c:\SafeQ4\conf
b. c:\SafeQ4\server\spool (if you want to keep jobs)
c. c:\SafeQ4\server\update (if you want to keep custom FW update files)
d. c:\SafeQ4\ds\Conf\config.ini
e. c:\SafeQ4\tomcat\conf\server.xml
5. Uninstall SafeQ4
SAFEQ5
1. Install SafeQ5 with the same GUID which was used for SafeQ4
2. Stop all SafeQ5 services
3. Drop SQDB5 and SQDB5_SQDW databases
4. Create new empty SQDB5 and SQDB5_SQDW databases
5. Restore SQDB4, SQDB4_SQDW as SQDB5, SQDB5_SQDW - ignore errors and returned exit code -
close the dialog using X button
6. Run script on SQDB5_SQDW database (available in the YSoft SafeQ 5 installation package, folder
"_support\Manual upgrade from SafeQ 4"):
a. 02_drop_dblink_func.sql
7.
Please, read Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 notes before migration.
OVERVIEW
This page describes step-by-step migration process to upgrade existing YSoft SafeQ 4 installation to YSoft
SafeQ 5.
Overview
Before upgrade
Migration steps for master CML node
Troubleshooting the installation process
Custom installation
Additonal steps
BEFORE UPGRADE
1 Download and run the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once
you have the file and the server is ready for installation, you can begin YSoft SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to
install a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be
used as the default language for the YSoft SafeQ system.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not
agree, click Cancel to quit the installation.
After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines if the server meets all requirements for
YSoft SafeQ installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Sh
ow problems area, depending on their severity. If there are warnings, installation can
continue. If there are problems, installation cannot continue. If any warnings or problems are
indicated, review the warnings and resolve the problems, then continue.
7 All settings including MS-SQL password will be used from SafeQ 4 configuration
8 The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server.
9 The last page of the wizard informs you about the results of the installation process and gives
you the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to
close the installation wizard.
NOTE: SafeQ installer will disable MS-SQL 2008 from SafeQ 4 and install a new MS-SQL
2012
If an error occurred during the installation process, the best way to troubleshoot it is to check the several log
files that were created during the process. All installation log files are located in the YSoft SafeQ installation
folder.
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
CUSTOM INSTALLATION
6a If you wish to use values other than the default settings, check I want to customize my YSoft
SafeQ installation.
6b Select Upgrade from YSoft SafeQ 4.0.34.2 option. Name of this option may differ, it depends
on version of SafeQ that was installed before upgrade.
6c You now have the option to select your own installation location. You can install YSoft
SafeQ anywhere other than a UNC path or the root folder of the drive.
6d User's credentials for user sa and sync are migrated from YSoft SafeQ 4. Continue to next
step (Next >).
7 Local GUID and ports are migrated from YSoft SafeQ configuration. Click to "Install".
8 The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server.
9 The last page of the wizard informs you about the results of the installation process and gives
you the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to
close the installation wizard.
NOTE: SafeQ installer will disable MS-SQL 2008 from SafeQ 4 and install a new MS-SQL
2012
ADDITONAL STEPS
Please, read Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 notes before migration.
OVERVIEW
This page describes step-by-step migration process to upgrade existing YSoft SafeQ 4 installation to YSoft
SafeQ 5.
Overview
Before upgrade
Migration steps for master CML node
Troubleshooting the installation process
Custom installation
Migration steps for second and every other node of CML
Troubleshooting the installation process
Additional steps
BEFORE UPGRADE
1 Download and run the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once
you have the file and the server is ready for installation, you can begin YSoft SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to
install a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be
used as the default language for the YSoft SafeQ system.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not
agree, click Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines whether the server meets all necessary
requirements for YSoft SafeQ installation.
If any of these requirements are not met, they will be displayed in either the Show warnings or
Show problems area, depending on their severity. If there are warnings, installation can cont
inue. If there are problems, installation cannot continue. If any warnings or problems are
indicated, review the warnings and resolve the problems, then continue.
8 If you want to perform database backup, select YES, otherwise click "NO"
9 The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server.
10 The last page of the wizard informs you about the results of the installation process and gives
you the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to
close the installation wizard.
If an error occurred during the installation process, the best way to troubleshoot it is to check the several log
files that were created during the process. All installation log files are located in the YSoft SafeQ installation
folder.
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
CUSTOM INSTALLATION
6a If you wish to use values other than the default settings, check I want to customize my YSoft
SafeQ installation.
6b Select Upgrade from YSoft SafeQ 4.0.34.2 option. Name of this option may differ, it depends
on version of SafeQ that was installed before upgrade.
6c You now have the option to select your own installation location. You can install YSoft
SafeQ anywhere other than a UNC path or the root folder of the drive.
7 Local Guid and ports are migrated from YSoft SafeQ configuration. Click on Install to begin
the instlallation.
After you accept the license agreement, the installer runs a preinstallation check. This procedure checks
several conditions and determines whether the server meets all necessary requirements for YSoft SafeQ
installation.
If any of these requirements are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, installation can continue. If there are
problems, installation cannot continue. If any warnings or problems are indicated, review the warnings and
resolve the problems, then continue.
Installation requires the exactly the same IP addresses used with YSoft SafeQ 4 (second node of
YSoft SafeQ 5 has to have the same IP address that was used used for YSoft SafeQ 4).
1 Obtain and run the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once you have
the file and the server is ready for installation, you can begin YSoft SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to install
a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be used as
the default language for the YSoft SafeQ system.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree, click
Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This procedure
checks several conditions and determines whether the server meets all necessary requirements for
YSoft SafeQ installation.
If any of these requirements are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, installation can continue. If there
are problems, installation cannot continue. If any warnings or problems are indicated, review the
warnings and resolve the problems, then continue.
6 Select I want to customize my YSoft SafeQ installation and continue to next step.
7 Select Add or replace a node in existing YSoft SafeQ cluster and continue to next step.
8 Enter the IP address of the current master node (1st node) and click Retreive node list. Then select
the IP address of the node that you want to replace and continue to next step.
Example: In this case the second node with IP address 10.0.11.19 is selected.
9 You now have the option to select your own installation location. You can install YSoft SafeQ
anywhere other than a UNC path or the root folder of the drive.
1 The last page of the wizard presents you with the following settings:
3
Local GUID for currently installing CML server (node). Please use exactly the same GUID as
was used in YSoft SafeQ 4. You can obtain it from the web interface of YSoft SafeQ or from <
SafeQ4>\conf\startup.conf (parameter localGUID) on the node you are upgrading.
TCP port that the YSoft SafeQ Web Interface will use.
HTTPS TCP port for YSoft SafeQ Web Interface.
Install the Terminal Server: To install Terminal Server, check the checkbox. To not install it,
leave the checkbox empty.
Start YSoft SafeQ services after the installation is finished: To start services after
installation, check the checkbox. To not start services, leave the checkbox empty.
Enable support for embedded IIS we server: To install IIS web server, check the checkbox.
To not install IIS web server, leave the checkbox empty.
IIS web server is required to use embedded hostable web core (HWC) web server inside Terminal
Server. HWC web server is suitable for environments with a lot of devices on one node (e.g. up to
400) or for customers that experience problems with the legacy web server mainly for stability
reasons (unexpected crashes). It provides best performance and stability, that is not achievable with
any other embedded web server solution. NOTE: Checkbox for web role installation appear, only
on systems which supports IIS 7 or higher (Windows Server 2008, 2008 R2 and 2012)
1 The installer begins to copy all the files required by YSoft SafeQ and the database system you chose
4 to the selected destination folder on the server.
Installation will be paused. Follow the displayed steps and perform a backup from master node and
restore it to the currently installed slave node.
In case an error occurred during the installation process, the best way to troubleshoot it is to check the
several log files that were created during the process. All installation log files are located in the YSoft SafeQ
installation folder.
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
ADDITIONAL STEPS
Please, read Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 notes before migration.
OVERVIEW
This page describes step-by-step migration process to upgrade existing YSoft SafeQ 4 installation to YSoft
SafeQ 5.
Overview
Before upgrade
Migration steps for master CML node
Troubleshooting the installation process
Custom installation
Migration steps for second and every other node of CML
Troubleshooting the installation process
Additional steps
BEFORE UPGRADE
1 Download and run the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once
you have the file and the server is ready for installation, you can begin YSoft SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to
install a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be
used as the default language for the YSoft SafeQ system.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not
agree, click Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines if the server meets all requirements for
YSoft SafeQ installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Sh
ow problems area, depending on their severity. If there are warnings, installation can
continue. If there are problems, installation cannot continue. If any warnings or problems are
indicated, review the warnings and resolve the problems, then continue.
7 All settings including postres password will be used from SafeQ 4 configuration
8 The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server.
9 The last page of the wizard informs you about the results of the installation process and gives
you the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to
close the installation wizard.
If an error occurred during the installation process, the best way to troubleshoot it is to check the several log
files that were created during the process. All installation log files are located in the YSoft SafeQ installation
folder.
pginstall.log - contains information about PostgreSQL installation (if you selected PostgreSQL as
the database to install).
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
CUSTOM INSTALLATION
6a If you wish to use values other than the default settings, check I want to customize my YSoft
SafeQ installation.
6b Select Upgrade from YSoft SafeQ 4.0.34.2 option. Name of this option may differ, it depends
on version of SafeQ that was installed before upgrade.
6c You now have the option to select your own installation location. You can install YSoft
SafeQ anywhere other than a UNC path or the root folder of the drive.
6d
User's credentials for user postgres and sync are migrated from YSoft SafeQ 4. Continue to
next step (Next >).
7 Local Guid and ports are migrated from YSoft SafeQ configuration. Click to "Install".
Installation requires exactly the same IP addresses as were used in YSoft SafeQ 4 (Second node of YSoft
SafeQ 5 must has the same IP address as was used for YSoft SafeQ 4)
1 Obtain and run the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once
you have the file and the server is ready for installation, you can begin YSoft SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to
install a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be
used as the default language for the YSoft SafeQ system.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not
agree, click Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines if the server meets all requirements for
YSoft SafeQ installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Sh
ow problems area, depending on their severity. If there are warnings, installation can
continue. If there are problems, installation cannot continue. If any warnings or problems are
indicated, review the warnings and resolve the problems, then continue.
6 Select "I want to customize my YSoft SafeQ installation" and continue to next step.
7 Select "Add or replace a node in existing YSoft SafeQ cluster" and continue to next step.
8 Enter current master node IP address (1st node) and click to Retreive node list. Then select IP
address of node that you wants to replace and continue to next step.
9 You now have the option to select your own installation location. You can install YSoft
SafeQ anywhere other than a UNC path or the root folder of the drive.
12 Enter YSoft SafeQ admin credentials from master node to perform database dump during
installation process.
13 The last page of the wizard presents you with the following settings:
Local GUID for currently installing CML server (node). Please use exactly the same
GUID as was used in YSoft SafeQ 4. You can obtain it from the web interface of YSoft
SafeQ or from <SafeQ4>\conf\startup.conf (parameter localGUID) on the node you are
upgrading.
TCP port that the YSoft SafeQ Web Interface will use.
HTTPS TCP port for YSoft SafeQ Web Interface.
Install the Terminal Server: To install Terminal Server, check the checkbox. To not
install it, leave the checkbox empty.
Start YSoft SafeQ services after the installation is finished: To start services after
installation, check the checkbox. To not start services, leave the checkbox empty.
Enable support for embedded IIS we server: To install IIS web server, check the
checkbox. To not install IIS web server, leave the checkbox empty.
IIS web server is required to use embedded hostable web core (HWC) web server inside
Terminal Server. HWC web server is suitable for environments with a lot of devices on one
node (e.g. up to 400) or for customers that experience problems with the legacy web server
mainly for stability reasons (unexpected crashes). It provides best performance and stability,
that is not achievable with any other embedded web server solution. NOTE: Checkbox for
web role installation appear, only on systems which supports IIS 7 or higher (Windows Server
2008, 2008 R2 and 2012)
14 The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server.
If an error occurred during the installation process, the best way to troubleshoot it is to check the several log
files that were created during the process. All installation log files are located in the YSoft SafeQ installation
folder.
pginstall.log - contains information about PostgreSQL installation (if you selected PostgreSQL as
the database to install).
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
ADDITIONAL STEPS
Please, read Upgrade from YSoft SafeQ 4 to YSoft SafeQ 5 notes before migration.
OVERVIEW
This page describes step-by-step migration process to upgrade existing YSoft SafeQ 4 installation to YSoft
SafeQ 5.
Overview
Before upgrade
Postgre SQL 9.2 installation
Restore SafeQ databases from SafeQ 4
Migration steps for master CML node
Troubleshooting the installation process
Custom installation
Troubleshooting the installation process
Migration steps for second and every other node of CML
Troubleshooting the installation process
Additional steps
BEFORE UPGRADE
4 Create new database user called "sync" with the identical password as in SafeQ 4
(PostgreSQL 8.4).
1 Download the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once you
have the file and the server is ready for installation, start the installation in order to begin YSoft
SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to
install a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be
used as the default language for the YSoft SafeQ system.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not
agree, click Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines whether the server meets all necessary
requirements for YSoft SafeQ installation.
If any of these requirements are not met, they will be displayed in either the Show warnings or
Show problems area, depending on their severity. If there are warnings, installation can
continue. If there are problems, installation cannot continue. If any warnings or problems are
indicated, review the warnings and resolve the problems, then continue.
8 Enter the YSoft SafeQ 5 databases names for (where the existing YSoft SafeQ 4 databases
were migrated).
9 The installer begins to copy all the files required files to the selected destination folder on the
server.
10 The last page of the wizard informs you about the results of the installation process and gives
you the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to
close the installation wizard.
In case any error occurs during the installation process, the best way to troubleshoot it is to check the log
files that created during the process. All log files created during installation are located in the YSoft SafeQ
installation folder.
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
CUSTOM INSTALLATION
1 Download the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once you
have the file and the server is ready for installation, start the installation in order to begin YSoft
SafeQ migration. NOTE: In order to install YSoft SafeQ, this file is required. It contains
everything needed to install a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be
used as the default language for the YSoft SafeQ system.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not
agree, click Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines whether the server meets all necessary
requirements for YSoft SafeQ installation.
If any of these requirements are not met, they will be displayed in either the Show warnings or
Show problems area, depending on their severity. If there are warnings, installation can
continue. If there are problems, installation cannot continue. If any warnings or problems are
indicated, review the warnings and resolve the problems, then continue.
7 Select the Upgrade from YSoft SafeQ 4.0.34.2 option. Name of this option may differ, it
depends on version of SafeQ that was installed before upgrade.
10
Enter the databases names for YSoft SafeQ 5 (where the existing YSoft SafeQ 4 databases
were migrated).
12 The installer begins to copy all the files required files to the selected destination folder on the
server.
13 The last page of the wizard informs you about the results of the installation process and gives
you the option to display the YSoft SafeQ Web Interface. Click Finish when you are ready to
close the installation wizard.
If an error occurred during the installation process, the best way to troubleshoot it is to check the several log
files that were created during the process. All installation log files are located in the YSoft SafeQ installation
folder.
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
Installation requires the exactly the same IP addresses used with YSoft SafeQ 4 (second node of
YSoft SafeQ 5 has to have the same IP address that was used used for YSoft SafeQ 4).
Installation requires the installed PostgreSQL database server.
1 Download the installation file ysf-sq5-install.exe from the Y Soft Partner Portal. Once you
have the file and the server is ready for installation, start the installation in order to begin YSoft
SafeQ migration.
NOTE: In order to install YSoft SafeQ, this file is required. It contains everything needed to
install a fully functional YSoft SafeQ server.
2 Select the language that will be used for the installation process. This language will also be
used as the default language for the YSoft SafeQ system.
3 Close all other applications to avoid issues with updating the relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not
agree, click Cancel to quit the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This
procedure checks several conditions and determines whether the server meets all necessary
requirements for YSoft SafeQ installation.
If any of these requirements are not met, they will be displayed in either the Show warnings or
Show problems area, depending on their severity. If there are warnings, installation can
continue. If there are problems, installation cannot continue. If any warnings or problems are
indicated, review the warnings and resolve the problems, then continue.
6 Select I want to customize my YSoft SafeQ installation and continue to next step.
7 Select Add or replace a node in existing YSoft SafeQ cluster and continue to next step.
8 Enter the IP address of the current master node (1st node) and click Retreive node list. Then
select the IP address of the node that you want to replace and continue to next step.
Example: In this case the second node with IP address 10.0.11.19 is selected.
9 You now have the option to select your own installation location. You can install YSoft
SafeQ anywhere other than a UNC path or the root folder of the drive.
13 The last page of the wizard allows you to change the following settings:
Local GUID for currently installing CML server (node). Please use exactly the same
GUID as was used in YSoft SafeQ 4. You can obtain it from the web interface of YSoft
SafeQ or from <SafeQ4>\conf\startup.conf (parameter localGUID) on the node you are
upgrading.
TCP port that the YSoft SafeQ Web Interface will use.
HTTPS TCP port for YSoft SafeQ Web Interface.
Install the Terminal Server: To install Terminal Server, check the checkbox. To not
install it, leave the checkbox empty.
Start YSoft SafeQ services after the installation is finished: To start services after
installation, check the checkbox. To not start services, leave the checkbox empty.
Enable support for embedded IIS we server: To install IIS web server, check the
checkbox. To not install IIS web server, leave the checkbox empty.
IIS web server is required to use embedded hostable web core (HWC) web server inside
Terminal Server. HWC web server is suitable for environments with a lot of devices on one
node (e.g. up to 400) or for customers that experience problems with the legacy web server
mainly for stability reasons (unexpected crashes). It provides best performance and stability,
that is not achievable with any other embedded web server solution. NOTE: Checkbox for
web role installation appear, only on systems which supports IIS 7 or higher (Windows Server
2008, 2008 R2 and 2012)
14
The installer begins to copy all the files required by YSoft SafeQ and the database system you
chose to the selected destination folder on the server.
15 Installation will be paused. Follow the displayed steps and restore SQDB5 database from the
master node to slave node.
In case an error occurred during the installation process, the best way to troubleshoot it is to check the
several log files that were created during the process. All installation log files are located in the YSoft SafeQ
installation folder.
sqinstall.log - contains information about the entire YSoft SafeQ installation process.
ADDITIONAL STEPS
3 Begin the update by running the update.bat as an administrator. Program is stored in Install
Packages\update.bat. The command prompt will be opened.
4 Enter the environment name, including the version and the path of the currently installed node:
Example: crs\TEST\node1
6 The CRS installer checks all available information about the currently installed CRS and
updates it with the latest version.
8 Open <SAFEQ_DIR>\conf\startup.conf on CML master node and make sure the parameter cdc
-sender = true . In case the parameter was not configured this way, restart YSoft SafeQ CML
service.
Toshiba devices have to be deleted before upgrade and created again after upgrade is done.
Check, if settings of embedded terminals are correct. If necessary, correct these settings before use.
All embedded devices have to be reinstalled.
Upgrade Terminal professional FW, if necessary.
Rules for RBE are not automatically migrated, they have to created again or rools.drl file should be
copied from SafeQ4 directory (e.g.: c:\SafeQ4\conf\) into SafeQ5 (e.g.: c:\SafeQ5\conf\).
If you want to keep print jobs, copy content from SafeQ4 spool folder (e.g.: c:\SafeQ4\server\spool\)
into SafeQ5 (e.g.: c:\SafeQ5\server\spool\).
If you want to keep custom FW update files, copy content from SafeQ update folder (e.g.: c:
\SafeQ4\server\update\) into SafeQ5 (e.g.: c:\SafeQ5\server\update\).
Prepare safeq-ors.ini according to Installing YSoft SafeQ ORS description with following
exceptions:
1. Parameters for safeq-ors.ini can be taken from backup-ed configuration files of ORS
server.
2. Set attribute deleteCacheAfterUpdate=1
3. Leave localGUID= attribute empty (will be used the same guid as for YSoft
SafeQ4)
When you complete the configuration and installation procedures, check to be sure the YSoft
SafeQ ORS server service is running. On the YSoft SafeQ ORS server, open Services (for
example: Start > Run > services.msc) and check the following services:
For more intensive check, proceed with YSoft SafeQ ORS Health Check.
In case that ORS installation is failing, search the following places for more information about the failure:
1. Install-ORS.log
log is created in the directory with ORS installation packages
2. application event log
see the log on a computer where ORS installation has failed. Some MSI Installer related
messages may be logged here
3. cml.log
log is stored in folder <SafeQ_dir>\logs that can be located on the CML server, which was
specified in safeq-ors.ini ServerIP field
4. ors.log
log is stored in folder <SafeQ_dir>\logs that can be located on the ORS server. Check this
log if installation was successful but ORS server is can not start
This page describes how to use the interactive installer to perform a basic YSoft SafeQ server installation
using bundle installer.
Standard installation
Once the SafeQ license is activated, all SafeQ services needs to be restarted.
Troubleshooting the installation process
Bundle installer allows you to install YSoft SafeQ CML, YSoft Payment System and YSoft
Mobile Print Server at once without need of further steps to interconnect the installed
components. Therefore, some of advanced installation options are not available in the
bundle installer. The installer is dedicated for installations of single CML node environments
with all components installed on one server.
The bundle installer does not support upgrade from YSoft SafeQ 4.
STANDARD INSTALLATION
1 Obtain and run installation file ysf-sq5-bundle-installer.exe from YSoft Partner Portal. Once you
have the file and the server is ready for installation, you can begin YSoft SafeQ installation.
NOTE: This file contains everything necessary for installing a fully functional YSoft SafeQ server,
YSoft Payment System and YSoft Mobile Print Server.
2 Select a language that will be used for the installation process. This language will also be used as the
default language for all installed components.
NOTE: You can change the language for all installed components at any time after installation is
done.
3 Close all other applications to avoid issues with updating relevant system files.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree,
click Cancel to quit the installation.
5 Please choose destination folder where YSoft SafeQ and other components will be installed. You
can choose any destination other than a UNC path or a root folder of a disk drive.
6 Now you can select which components will be installed together with YSoft SafeQ which installation
is mandatory. The options are:
NOTE: To get all components fully working, you have to obtain license which will contain support
for these components. Otherwise, you will not be able to use these components.
7 After selecting the components to install, the installer runs a system readiness check. This
procedure checks several conditions and determines if the server meets all requirements for YSoft
SafeQ installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, installation can continue. If there
are problems, installation cannot continue. If any warnings or problems are indicated, review the
warnings and resolve the problems, then continue.
8 Choose the database that will be used by YSoft SafeQ and also YSoft Payment System, if the latter
was selected to be installed.
If selecting Embedded database server type continue to step 9a. Based on database
vendor selection PostgreSQL 9.2 or Microsoft SQL Server 2012 Express Edition
database engine will be installed.
NOTE: Installation of embedded Microsoft SQL Server 2012 Express Edition
database engine is possible only if Windows Installer version 4.5 or higher is present
If selecting External database server type continue to step 9b. Based on the database
vendor selection, a connection can be set up to an existing PostgreSQL 9.2.x or
Microsoft SQL Server 2008, 2012 or 2014 database engine. Chosen engine have to
have enough capacity to hold the YSoft SafeQ and YSoft Payment System database.
9a If you have selected Embedded database server type in step 8, now you have to specify password
for database user and sync user. Passwords must be entered twice to avoid problem with potential
typo.
You can use Generate password buttons to generate passwords for database user and sync user.
On button click, password is generated and copied into the clipboard.
In case you selected embedded Microsoft SQL Server, password must meet minimum password
strength as described here:
A strong password cannot be the following terms associated with the installation computer:
9b If you have selected External database server type in step 8, now you can set up connection to an
existing PostgreSQL 9.2.x or Microsoft SQL Server 2008, 2012 or 2014 database engine by
specifying following values (image below describes connection to Microsoft SQL Server):
Server hostname or IP address where one of the supported database engines are
installed and running
Port number or Instance name on which the database engine is running
Database username and password. This user have to be the database administrator.
Domain users are not supported by bundle installer.
10 If you have also selected the YSoft Mobile Print Server to be installed, set up connection to an
external email server by specifying following values:
NOTE: When using a server hostname instead of an IP address (e.g. "mail.domain.com"), do not
use domain name again in Email account username field (use "user", not "user@domain.com").
Example 1
Example 2
If all parameters meet your requirements, you can start installation by clicking Install button.
13 The installer starts to install all selected components and the database engine (in case of embedded
database type was selected) to the selected destination folder on the server.
In case you wish to see detailed installation progress, press Show details button (or user Alt+D
shortcut).
14 The last page of the wizard informs you about results of the installation process. Click Finish when
you are ready to close the installation wizard.
Installation is complete. Now you can start using all the installed components of YSoft SafeQ.
15
ONCE THE SAFEQ LICENSE IS ACTIVATED, ALL SAFEQ SERVICES NEEDS TO BE RESTARTED.
If an error occurred during the installation process, please check the following log files that were created
during the process. All the installation log files are located in the YSoft SafeQ installation folder.
aio-install.log - contains information about steps performed during installation readiness check
sqinstall.log - contains information about YSoft SafeQ installation process
payment-install.log - contains information about YSoft Payment System installation process
mps-install.log - contains information about YSoft Mobile Print Server installation process
Embedded Terminal
You can skip this step if you are using Workstation OS or you've configured this via centralized
domain policy. These settings is important for proper working of Terminal Server and YSoft Payment
System.
Make sure TCP ports 5010 – 5020 are not used by other programs. (SafeQ Terminal Server
requires that these ports be free.)
Turn off Automatic Root Certificates Update as follows:
NOTE: To perform this procedure, you must be a member of the local Administrators
group, or you must have been delegated the appropriate authority.
On the Windows Desktop, click Start > Run.
Type gpedit.msc; then click OK.
If the User Account Control dialog box appears, confirm that the action it displays is
what you want; then click Continue.
Then go to: Computer Configuration > Administrative Templates > System >
Internet Communication Management > Internet Communication settings.
Double-click Turn off Automatic Root Certificates Update; then click Enabled, Apply
, and OK.
Close the Local Group Policy Editor window.
Apply the new policy settings by running gpupdate /force in the command line
BEFORE INSTALLATION
1 Make sure that all steps from Install Embedded Terminals are carried out before the installation.
2 Configure the device. For more information, see Configuring Konica Minolta OpenAPI for YSoft
SafeQ Embedded Terminal.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Konica Minolta from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
(Advanced only) Allow public user – Enable if you want to allow access for the
public user.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that this
application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Native – Application will use native Konica Minolta look and feel.
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
NOTE: It is recommended to set Print job parser at least to the option "Render jobs
as low resolution (36 DPI) images" to enhance user experience and to minimize credit
overdrafts.
NOTE:
Some options are available for editting only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
Installation of ET on older platforms (Thames, Mosel, Donau, GangesM, Amur, Taiga, Citrine series)
requires manually entering login details on the Terminal tab.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
System settings
Additional features are available via System settings. Some of these settings may require reinstallation of
the terminal or reboot of YSoft SafeQ server.
1 Devices have option to configure myPanel screen with desired application icons only. The idea is to
display only the most common options used in user's daily routine.
To configure this screen Go to System > System settings and set shortcuts-references to
following values: sq, copy, scan, storage
This configuration de fines ordered list of applications displayed on the embedded terminal
shortcut panel. Possible options are: sq, sqprint, sqscan, copy, scan, storage, imgpanel, browser.
If enabled, card numbers from legacy card readers on Konica Minolta are converted to follow
standard string format of card numbers.
Defines what MFP application is displayed to the user when they logs into the terminal. Possible
options are: shortcuts, sq, sqprint, sqscan, copy, scan, storage, imgpanel, browser, ecopyscan,
scanflow, datapoint.
4 In case only Reporting or Credit and Billing modules are included in the license without
Authentication, the embedded terminal can be installed only with Accounting or Payment features.
In such case a generic user needs to exist in SafeQ to whom all the data from MFP will be reported.
The login button on the MFP authentication screen then authenticates every user as this generic user
(see the picture bellow).
In case it is not possible to use such user, you can change generic user name in
TerminalServer.exe.config file where the configuration configuration property
'KMPublicUserLogin' needs to be added. Example: <add key="KMPublicUserLogin" value="
generic" />
the corresponding username has to be also defined in the SafeQ web administration
please note that it is not allowed to use strings 'public', 'admin' and 'boxadmin'
BEFORE INSTALLATION
1 Make sure that all steps from Install Embedded Terminals are carried out before the installation.
2 Configure the device. For more information, see Configuring Konica Minolta OpenAPI for YSoft
SafeQ Embedded Terminal (applicable also for Develop devices).
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Develop from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
(Advanced only) Allow public user – Enable if you want to allow access for the
public user.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that this
application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Native – Application will use native Konica Minolta look and feel.
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
NOTE: It is recommended to set Print job parser at least to the option "Render jobs
as low resolution (36 DPI) images" to enhance user experience and to minimize credit
overdrafts.
NOTE:
Some options are available for editing only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
Installation of ET on older platforms (Thames, Mosel, Donau, GangesM, Amur, Taiga, Citrine series)
requires manually entering login details on the Terminal tab.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
System settings
Additional features are available via System settings. Some of these settings may require reinstallation of
the terminal or reboot of the YSoft SafeQ server.
1 Devices have option to configure myPanel screen with desired application icons only. The idea is to
display only the most common options used in user's daily routine.
To configure this screen Go to System > System settings and set shortcuts-references to
following values: sq, copy, scan, storage
This configuration de fines ordered list of applications displayed on the embedded terminal
shortcut panel. Possible options are: sq, sqprint, sqscan, copy, scan, storage, imgpanel, browser.
If enabled, card numbers from legacy card readers on Develop are converted to follow standard
string format of card numbers.
Defines what MFP application is displayed to the user when they logs into the terminal. Possible
options are: shortcuts, sq, sqprint, sqscan, copy, scan, storage, imgpanel, browser, ecopyscan,
scanflow, datapoint.
4 In case only Reporting or Credit and Billing modules are included in the license without
Authentication, the embedded terminal can be installed only with Accounting or Payment features.
In such case a generic user needs to exist in SafeQ to whom all the data from MFP will be reported.
The login button on the MFP authentication screen then authenticates every user as this generic user
(see the picture bellow).
In case it is not possible to use such user, you can change generic user name in
TerminalServer.exe.config file where the configuration configuration property
'KMPublicUserLogin' needs to be added. Example: <add key="KMPublicUserLogin" value="
generic" />
the corresponding username has to be also defined in the SafeQ web administration
please note that it is not allowed to use strings 'public ' , ' admin ' and ' boxadmin '
BEFORE INSTALLATION
1 Make sure that all steps from Install Embedded Terminals are carried out before the installation.
2 Configure the device. For more information, see Configuring Konica Minolta OpenAPI for YSoft
SafeQ Embedded Terminal (applicable also for Olivetti devices).
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Olivetti from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
(Advanced only) Allow public user – Enable if you want to allow access for the
public user.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that this
application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Native – Application will use native Konica Minolta look and feel.
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
NOTE: It is recommended to set Print job parser at least to the option "Render jobs
as low resolution (36 DPI) images" to enhance user experience and to minimize credit
overdrafts.
NOTE:
Some options are available for editting only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
Installation of ET on older platforms (Thames, Mosel, Donau, GangesM, Amur, Taiga, Citrine series)
requires manually entering login details on the Terminal tab.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
System settings
Additional features are available via System settings. Some of these settings may require reinstallation of
the terminal or reboot of YSoft SafeQ server.
1 Devices have option to configure myPanel screen with desired application icons only. The idea is to
display only the most common options used in user's daily routine.
To configure this screen Go to System > System settings and set shortcuts-references to
following values: sq, copy, scan, storage
This configuration de fines ordered list of applications displayed on the embedded terminal
shortcut panel. Possible options are: sq, sqprint, sqscan, copy, scan, storage, imgpanel, browser.
If enabled, card numbers from legacy card readers on Olivetti are converted to follow standard
string format of card numbers.
Defines what MFP application is displayed to the user when they logs into the terminal. Possible
options are: shortcuts, sq, sqprint, sqscan, copy, scan, storage, imgpanel, browser, ecopyscan,
scanflow, datapoint.
4 In case only Reporting or Credit and Billing modules are included in the license without
Authentication, the embedded terminal can be installed only with Accounting or Payment features.
In such case a generic user needs to exist in SafeQ to whom all the data from MFP will be reported.
The login button on the MFP authentication screen then authenticates every user as this generic user
(see the picture bellow).
In case it is not possible to use such user, you can change generic user name in
TerminalServer.exe.config file where the configuration configuration property
'KMPublicUserLogin' needs to be added. Example: <add key="KMPublicUserLogin" value="
generic" />
the corresponding username has to be also defined in the SafeQ web administration
please note that it is not allowed to use strings 'public', 'admin' and 'boxadmin'
1 Make sure that all steps from Install Embedded Terminals are carried out before the installation.
2 Configure the device. See Configuring Xerox EIP for YSoft SafeQ Embedded Terminal for more
information.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Xerox from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode
To device - the device is locked. User must authenticate to unlock the
device and access any of the features. This is the recommended option.
To each application - the user must authenticate only to access the YSoft
SafeQ or any other application specified by administrator.
If you have previously manually configured any application or feature to
authenticate via YSoft SafeQ, the reinstallation of the YSoft SafeQ
Embedded Terminal will cause such configuration to be deleted. In this
case, you can manually export security settings of the printer before
terminal reinstallation and then recover the device to its original state. For
more information see Configuring Xerox EIP for YSoft SafeQ Embedded
Terminal.
Access definition control of native applications (e.g. copy) is not
supported with this mode of authentication.
(Advanced only) Network Card reader – Enter a serial number of a network card
reader for this device. Note: The serial number must be unique for each
device.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that this
application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
WARNING: Make sure that your device supports JBA / Network Accounting.
Otherwise the installation will fail.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
WARNING: Make sure that your device supports Job Limits. Otherwise the
installation will fail.
NOTE: Some options are available for editting only in the Advanced view. You can choose
between Basic and Advanced in the lower left corner. If any Advanced option is changed from its
default value it will become editable also in the Basic view until its value is changed again to default.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
If the installation finished with warning (yellow icon), check the installation steps to see the necessary
additional settings, that were not successfully set automatically. In Configuring Xerox EIP for YSoft SafeQ
Embedded Terminal select a sub-page according your particular device model. There you can find a part
named "After installation of YSoft SafeQ Embedded Terminal" that contains all the necessary instructions.
In case you change title of your application (property application-title in configuration) and reinstall the
Embedded Terminal, the YSoft SafeQ application on the device can get unlocked and the application icon
may change its screen position. In that case, please lock the application again and move the icon to the
original place manually. (See documentation of your Xerox device for more information.)
ADDITIONAL NOTES
Language selection
On some Xerox devices (e.g. Phaser 3635) the currently selected language on device cannot be detected.
Therefor the Blocking, Login and Card Assignment screens are not displayed in this language. In such case,
you can enable forceLanguageOnXsaAuthentication property. This will make all screens to be displayed in
one language, the first one in supported-lang-priority property list.
For access rights control of native applications (e.g. copy) on YSoft SafeQ Embedded Terminal for Xerox, it
is necessary to enable property enableXeroxAccessDefinition in System settings in YSoft SafeQ Web
administration. The access rights control is only supported with authentication mode To device.
Access rights control of native applications is not supported on some models. To see, whether your model is
supported, check the installation overview window. You can find there one of the two messages:
Access right control of color is not supported in native applications. This can be only configured individually
per device by administrator. For more information see Configuring Xerox EIP for YSoft SafeQ Embedded
Terminal.
Description
According to the obtained license, it may happen that it will be possible to install the Xerox EIP devices only
with Accounting or Payment modules. This configuration requires the user to authenticate locally on the
device. This authentication is however not checked with SafeQ server. Detailed behavior is explained
below.
Accounting module only
If only the Accounting module is installed, before the user is allowed to perform any operation on the device,
he/she is forced to enter User ID and Account ID on the device. User ID is mapped as user's login to SafeQ.
All jobs performed on the device are then accounted.
If user enters correct login as User ID, jobs will be accounted to user.
If user enters incorrect login as User ID, jobs will be accounted to unknown user.
If user enters correct login as User ID, jobs will be accounted and charged to user.
If user enters incorrect login as User ID, error message will be displayed on device screen
Note: This option is not supported on devices with EIP 1.5 and lower.
Limitations
Hardware button for logout may not work as expected on certain types of devices. Therefore the user
has to use the software logout button in order to logout.
User is allowed to enter any string as the Account ID, the Account ID is not verified or mapped by
SafeQ server.
BEFORE INSTALLATION
1 Make sure all general properties as defined in Install Embedded Terminals document are completed.
2 Configure the MFP properly. See Configuring Sharp OSA for YSoft SafeQ Embedded Terminal for
more information.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Sharp from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
(Advanced only) Network Card reader – Enter a serial number of a network card
reader for this device. Note: The serial number must be unique for each
device.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that this
application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
NOTE: It is recommended to set Print job parser at least to the option "Render jobs
as low resolution (36 DPI) images" to enhance user experience and to minimize credit
overdrafts.
NOTE:
Some options are available for editting only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
Terminal requires both AMX2 and AMX3 licenses to be installed and enabled.
About
Initial screen feature allows administrator to configure which application or screen will be displayed directly
after user authentication on printer.
Configuration
NOTE: initial-screen property is under Advanced options, so make sure you have chosen the right
view.
Behaviour matrix
Describes which application is displayed for which initial-screen property values based on type of installed
Embedded Terminal.
Overview
Sharp devices provide the ability to install YSoft SafeQ Embedded Terminal, browser-based software
application. Specific licensing policy requires each device to be configured before installing the embedded
terminal.
Differences between AMX2 and AMX3 licensing
AMX2 license only
On devices supporting lower OSA version, in the case that both licenses are enabled (AMX2, AMX3)
and the user login, he is taken to the Sharp OSA native panel (not directly to YSoft application).
On devices supporting OSA 4 and higher, the initial-screen property defines where the user is
taken after authentication.
Logout with card is not possible when card reader is in keyboard mode.
Logout with card is not possible when device is not fully unlocked (user didn´t enter to copy or scan
application after log in).
In IC Card Mode enabled on device and Sharp mode set on USB card reader swiping card causes
occasional blinking of display.
In case of changing AMX2/3 license keys, Terminal Server must be restarted before installation of
ET.
If the MFP device is asleep, user must start the device manually before swiping the card at USB card
reader.
When the user credential (i.e. user name, password) are not filled in, the Login button is active, but it
does not make any action.
In the case that AMX2 license is enabled only and the Authentication Mode is configured "To each
application", the USB IC Card mode is not working (the USB keyboard mode must be configured).
1 Make sure that all steps from Install Embedded Terminals are carried out before the installation.
Configure the device. See Configuring Fuji Xerox Apeos for YSoft SafeQ Embedded Terminal for
more information.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select FujiXerox from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
(Advanced only) Network Card reader – Enter a serial number of a network card
reader for this device. Note: The serial number must be unique for each
device.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that
this application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
Print job parser needs to be set at least to the option "Render jobs as low resolution
(36 DPI) images" in order to use the Payment System with the YSoft SafeQ Embedded
Terminal for Fuji Xerox.
NOTE:
Some options are available for editting only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
3 Go to System Settings > Common Service Settings > Screen / Button Settings...
5 You can select position, where YSoft SafeQ application shortcut should be placed. After changing the
position, press Save.
(If another application is already registered to the selected position, it will be replaced by YSoft
SafeQ.)
6 Select Web Application Server 1 where YSoft SafeQ is registered. Press Save.
By pressing the Details option, you can view underlying configuration (see next screenshot).
INSTALLING YSOFT SAFEQ EMBEDDED TERMINAL FOR FUJI XEROX WITH XCP
Before installation
1 Make sure that all steps from Install Embedded Terminals are carried out before the installation.
2 Configure the device. See Configuring Fuji Xerox with XCP for YSoft SafeQ Embedded Terminal for
more information.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select FujiXerox XCP from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
(Advanced only) Network Card reader – Enter a serial number of a network card
reader for this device. Note: The serial number must be unique for each
device.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that
this application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
Print job parser needs to be set at least to the option "Render jobs as low resolution
(36 DPI) images" in order to use the Payment System with the YSoft SafeQ Embedded
Terminal for Fuji Xerox with XCP.
NOTE:
Some options are available for editing only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
When custom quota toggling strategy is enabled, right after authenticating at the Embedded
Terminal users will be prompted to choose, whether they want to print, copy or scan. SafeQ will
thus be able to set reservations of credit accordingly, which will reduce many limitations of the
default quota toggling strategy. For more information see Credit handling on Fuji Xerox.
1 Go to Tools >> System Settings >> Common Service Settings >> Screen / Button Settings
4 Tap Save
NOTE: If the YSoft SafeQ authentication screen is diplayed, press the Log In / Out button and tap
Log in as Administrator
3 Go to System Settings > Common Service Settings > Screen / Button Settings...
5 You can select position, where YSoft SafeQ application shortcut should be placed. After changing the
position, press Save.
(If another application is already registered to the selected position, it will be replaced by YSoft
SafeQ.)
6 Select Web Application Server 1 where YSoft SafeQ is registered. Press Save.
By pressing the Details option, you can view underlying configuration (see next screenshot).
About
Initial screen feature allows administrator to configure which application or screen will be displayed directly
after user authentication on printer.
Configuration
NOTE: initial-screen property is under Advanced options, so make sure you have chosen the right
view.
Behaviour matrix
Describes which application is displayed for which initial-screen property values based on type of installed
Embedded Terminal.
NOTE: Unsupported initial-screen values ( sqprint, sqscan, etc.) will be replaced by shortcuts value.
YSoft SafeQ Embedded Terminal for Ricoh ESA is supported only on Ricoh devices with SDK/J 4.
x and higher.
BEFORE INSTALLATION
1 Make sure that all steps from Install Embedded Terminals are carried out before the installation.
2 Configure the device. See Configuring Ricoh ESA for YSoft SafeQ Embedded Terminal for more
information.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Ricoh from the list.
(Advanced only) Administrator login – this feature is described in
Administrator login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after
print feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that
this application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Native – Application will use terminal with YSoft SafeQ interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according
to the appropriate price list.
Print job parser needs to be set at least to the option "Render jobs as low resolution (36 DPI)
images" in order to use the Payment System with Ricoh embedded terminal.
NOTE:
Some options are available for editting only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to
the device.
Contact person - use this value to specify person responsible for the device (in case
of failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Embedded Terminal.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device
and used for printing at the device. After selecting another printing backend, use the
wrench icon to automatically adjust the Port number. Otherwise, you will need to
change it manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. which user is using for
printing. This change can affect job accounting for users with diacritics in the login
name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Scan tab offers alternative to embedded terminal scanning allowing the users to scan documents
using native scanning application of the device instead. To enable this feature the scanning has to
be configured according to the article Scanning with Ricoh device native scanning application.
12 Click Save device button. After confirmation, the device will be automatically reinstalled with
updated configuration and embedded terminal.
13 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
15 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
NOTE: The failover feature works only with devices connected to CML. Failover feature must be enabled
by system configuration srte-enterprise-mode.
1 Authenticate at YSoft SafeQ Embedded Terminal for Ricoh ESA with the valid account.
Authentication must not fail.
2 Log in to the YSoft SafeQ Embedded Terminal for Ricoh ESA web configuration at 'http://MFP_IP:
8080/sqet/Login' (where MFP_IP is the MFP's IP address). Enter the login code. (The default is 14569
.)
3 Verify that you see the IP address of all your CML servers in the list.
Optionally you can stop the CML which is listed as the first and try to authenticate at the device.
Authentication must be working. In the YSoft SafeQ Embedded Terminal for Ricoh ESA web
configuration you will see that the order of the servers has been changed.
YSOFT SAFEQ EMBEDDED TERMINAL FOR RICOH ESA - ADDITIONAL SPECIFIC SETTINGS
System settings
You can configure additional options related to YSoft SafeQ Embedded Terminal for Ricoh ESA in System
settings:
Logout time (srte-logout-timeout) - When users do not perform any action for defined period of time,
they will be logged out automatically from the terminal. Value is set in seconds.
Multiple server mode (srte-enterprise-mode) - If enabled, Ricoh Embedded Terminal is running in
the enterprise mode, i.e. the terminal application connects to multiple CML servers.
Secured connection (srte-ssl-configuration) - If enabled, YSoft SafeQ uses SSL connection to
configure SRTE.
Maximum job file size (srte-size-for-server-print) - This option limits size of a print job being stored
locally on the device HDD before printing. Jobs which are larger than the defined limit will be printed
directly from the server. Value is set in bytes.
Enable faster print on Ricoh devices ( srteEnableFasterPrint ) - This option enables faster
processing of print jobs on Ricoh devices. This method may eventually cause incorrect accounting of
print jobs in case of hardware issues (like paper jam) therefore it is recommended to keep it disabled
when YSoft SafeQ is used in combination with Payment System.
Scan rotation
Devices with SRTE (ver. A.) installed can be configured to rotate color pdf scans. This option is
configurable for each device at the SRTE web configuration.
After login with level 2 password, the following screen will appear. Here you can change the option to
rotate scans.
YSoft SafeQ Embedded Terminal for Ricoh ESA is communicating directly to the "YSoft SafeQ CML" with
some exceptions when support from "YSoft SafeQ Terminal Server" service is required. Therefore, standard
procedures for the loadbalancing and failover via Microsoft Cluster Server or Failover using Windows
Network Load Balancing Services (NLB) does not apply for this type of embedded terminal.
If you have the failover enabled, MFP will obtain the list of IP addresses for all the CML nodes after the first
successful authentication. If the primary CML becomes unavailable, embedded terminal will automatically
find another CML according to strategy selected in configuration. Then the embedded terminal will use the
resolved CML as the primary until it becomes unavailable or until some preconfigured time interval passes.
Then another server is found and selected as primary in dependency on selected failover strategy. With
some strategies the MFP may automatically switch back to a preferred CML if you restore its functionality.
The server can be resolved as active only if both YSoft SafeQ CML and YSoft SafeQ Terminal Server are
responding to MFP requests.
Limitations
1 This failover configuration does not provide Load-
balancing.
Enabling failover support for YSoft SafeQ Embedded Terminal for Ricoh ESA
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
2 Save the configuration and restart the CML service on all the nodes and reinstall all the devices with
YSoft SafeQ Embedded Terminal for Ricoh ESA.
3 Set srteFailoverStrategy property to required strategy. The option determines how the primary
server is resolved in case when the current server becomes unavailable. The strategies are described
in following section.
4 Set srteFailoverCheckInterval property to required value. It sets the maximal time (in minutes) after
which the primary CML server is resolved according to selected strategy. The minimal allowed value
of this property is one.
5 Save the configuration and reinstall all the devices with YSoft SafeQ Embedded Terminal for Ricoh
ESA.
Strategies for server selection in YSoft SafeQ Embedded Terminal for Ricoh ESA
1
DEFAULT STRATEGY
With this strategy the MFP will always check for the CML server with fastest response. The servers
are checked for their availability in parallel and the first CML server which responses is taken as the
primary for all ongoing communication.
2
PRIMARY NODE PREFERRED
With this strategy the "primary node" is always preferred. In this scenario, the "primary node" is the
CML from which the MFP was originally installed. If the "primary node" is not available, another
server is selected using the default strategy described above. If the "primary node" becomes
available, the MFP will connect to it when the current one becomes unavailable or after the
preconfigured time interval passes.
2 Log in to the YSoft SafeQ Embedded Terminal for Ricoh ESA Web Configuration Interface at '
http://MFP_IP:8080/sqet/Login' (where MFP_IP is the MFP's IP address). Please note the HTTP
address is case-sensitive. Enter the login code. (The default is 14569.)
3 Verify that you see the IP address of all your CMLs in the list.
4 Optionally you can stop the CML which is listed as the first. Then verify that authentication is still
working. In the YSoft SafeQ Embedded Terminal for Ricoh ESA Web Configuration Interface you will
see that the order of the servers has switched.
Overview
Function Key
Function Priority
Overview
This feature allows you to define your own key shortcut to quickly access YSoft SafeQ application by
clicking function key button.
Function Key
Specify YSoft SafeQ application for a key accessible via MFP panel.
Function Priority
Specify YSoft SafeQ application for as a default function/application displayed after a successful
authentication.
YSOFT SAFEQ EMBEDDED TERMINAL FOR RICOH ESA - WEB CONFIGURATION INTERFACE
1. Log in to the YSoft SafeQ Embedded Terminal for Ricoh ESA (SRET) Web Configuration Interface at
'http://MFP_IP:8080/sqet/Login' (where MFP_IP is the MFP's IP address) through your web browser.
2. Enter the login code. (The default is 14569.)
Information
Configuration settings
SafeQ server IP - IP adress(es) of SQ server(s) communicating with SRET. SRET can communicate
with multiple SQ servers. SQ server currently communicating with SRET, is listed first. Order of
servers reflects priority of communication attempts in case of terminal failover.
SafeQ server port - Port on which SRET is communicating with SafeQ server.
Debug Memory - Settings turns ON/OFF logging of memory consumption. In case this setting is
turned on, SRET logs will contain detailed information about consumption of device's memory (Stack
size).
Enable color pdf scans rotation - Settings turns ON/OFF pdf rotation. In case this setting is turned
on, SRET will rotate all scanned PDF files.
Automatic user logout - Time (in seconds) after which user will be logged out from SRET.
Print jobs from SafeQ server if language is unknown - Settings turns ON/OFF print of jobs with
unknown language.
Logs obtainment
YSoft SafeQ Embedded Terminal for Ricoh ESA logs and additional information about SRET are available
via Web Configuration Interface.
On Web Configuration Interface main page click on Logs button and following status page will appear:
1 Make sure all general properties as defined in Installing Embedded Terminals document are
completed
2 Configure the MFP properly. See Configuring Toshiba for YSoft SafeQ Embedded Terminal for more
information.
3 Go to SafeQ Web Interface > System Settings and set forceStartInternalLdap to enabled. This option
will ensure that internal LDAP server (required for authentication on Toshiba Embedded Terminal) will
be initialized during CML/ORS service start.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Toshiba from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method. Username and password or PIN
are supported authentication methods. With this option, authentication with Card
via YSoft USB card reader is also possible but additional configuration might be
required, for more information see the article supported Toshiba MFP FW for
YSoft USB card reader.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
When any users username contains @ character, additional configuration is
required, for more information see the article Configuring Toshiba for YSoft SafeQ
Embedded Terminal with @ character in username.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that this
application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
NOTE: Some options are available for editing only in the Advanced view. You can choose
between Basic and Advanced in the lower left corner. If any Advanced option is changed from its
default value it will become editable also in the Basic view until its value is changed again to default.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
1 Make sure all general properties as defined in Installing Embedded Terminals document are
completed
2 Configure the MFP properly. See Configuring OKI for YSoft SafeQ Embedded Terminal for more
information.
3 Go to SafeQ Web Interface > System Settings and set forceStartInternalLdap to enabled. This option
will ensure that internal LDAP server (required for authentication on OKI Embedded Terminal) will be
initialized during CML/ORS service start.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select OKI from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method. Username and password or PIN
are supported authentication methods.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that
this application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
NOTE: Some options are available for editing only in the Advanced view. You can choose
between Basic and Advanced in the lower left corner. If any Advanced option is changed from its
default value it will become editable also in the Basic view until its value is changed again to default.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
BEFORE INSTALLATION
1 Make sure all general properties as defined in Install Embedded Terminals document are completed.
2 Configure the MFP properly. See Configuring Samsung for YSoft SafeQ Embedded Terminal for
more information.
1 Log in to the Web administration, use account authorized to manage the system.
3 Click the Items button in the top-right corner of the window (as illustrated on the picture below).
Choose to add device manually or using a template. This guide continues with manual steps,
however you can find more details about using device templates in the Device Templates chapter.
4 On the Basic tab, enter necessary details to identify a device. Please note that Name and IP address
are mandatory and must be unique in case of one ORS server. Here is a list of all available options
for each device.
Name - name your device. The name will be used to identify the device in YSoft SafeQ.
Tip: Make sure to call all devices in a similar manner (e.g. model number) for easier
troubleshooting.
Description - you can specify further details to recognize the device in the system.
Location - use this option if you want to describe exact placement of the device.
Group - this option defines in which group or ORS server will the device be placed.
Choose from existing groups or ORS servers.
Cost center - device may belong to a particular cost center. Choose from existing cost
centers.
IP address - mandatory configuration. IP address must be unique within a group or the
ORS server. You can also use domain name instead of IP adress.
Page tracking mechanism - configuration defines the type of accounting to be used.
Accounting driver - this option can be used with external terminals and online
accounting. With embedded terminals, you can use accounting driver to collect device
counters (see Tools - Counter reports for more details).
5 Continue to the Terminal tab, select the Embedded terminal option at the top. More configuration
options will be displayed. Once you click Save device installation will begin.
Vendor
Select Samsung from the list.
(Advanced only) Administrator login – this feature is described in Administrator
login and password
(Advanced only) Administrator password – this feature is described in
Administrator login and password
(Advanced only) Delete jobs after printing – enables / disables delete after print
feature. For more details please see: Delete jobs after printing
Authentication
Enable this option if you want the users to authenticate before accessing the device.
Note that this may affect also other features.
Method – Select the authentication method.
(Advanced only) Mode – keep the To device option. Users must authenticate to
unlock the device and access any of the features.
(Advanced only) Network Card reader – Enter a serial number of a network card
reader for this device. Note: The serial number must be unique for each
device.
Application
Enable this option if you want to use the YSoft SafeQ interface application. Note that this
application may be required by some other features.
(Advanced only) Type – Select the type of terminal to install:
Browser – Application will use browser-based terminal with YSoft SafeQ
interface.
(Advanced only) Job list folders – Select which folders should be displayed to
the users.
Scan
Enable this option if you want to enable YSoft SafeQ scanning features.
Accounting
Enable this option if you want to enable native accounting.
Payments
Enable this option if you want to use Payment System with this device. When enabled,
users with money accounts will be charged for print, copy and scan activity according to
the appropriate price list.
NOTE: It is recommended to set Print job parser at least to the option "Render jobs
as low resolution (36 DPI) images" to enhance user experience and to minimize credit
overdrafts.
NOTE:
Some options are available for editing only in the Advanced view. You can choose between Basic
and Advanced in the lower left corner. If any Advanced option is changed from its default value it will
become editable also in the Basic view until its value is changed again to default.
6 Direct printing tab allows you to specify direct queue(s) which enable the device to receive jobs
without the need for user to authenticate at the terminal (note: print job is still authorized in YSoft
SafeQ).
In order to add a direct queue, click the Add queue button in the top right corner and specify its
name. The direct queue name must be unique in the entire system.
For each direct queue, you can enable or disable deleting the print jobs after being printed out
(released at the printer) by choosing the option Delete after printing. More information about
deleting jobs after print is available at Delete jobs after printing.
7 Navigate to the Advanced tab, which allows you to specify additional optional configuration.
Equipment number - specify unique identifier for each device. Equipment number
remains the same even if the device name or IP address is changed.
Maintenance contract number - typically used to identify specific contract linked to the
device.
Contact person - use this value to specify person responsible for the device (in case of
failure, errors, maintenance, etc.)
Scan jobs default addressee - this option is used with Terminal Professional and
therefore does not apply to installation of Terminal Embedded.
Printer type - this is a custom field which can be used with printer type definition
(located in Devices > Tools > Printer types menu).
Backend - option refers to network protocol used for communication with the device and
used for printing at the device. After selecting another printing backend, use the wrench
icon to automatically adjust the Port number. Otherwise, you will need to change it
manually.
The following network protocols are available:
IPP - provides a standard network protocol for remote printing as well as for
managing print jobs, media size, resolution, etc.
IPPSSL - basic IPP with job encryption over SSL.
LPR - general TCP/IP utility that is used to send print jobs from clients to print
servers.
LPR (PJL Copies) - basic LPR extended with PJL method for switching printer
languages at the job level.
TCP/IP Raw - TCP/IP with raw socket that allows access to the underlying
transport provider.
TCP/IP Raw NoMap - same as TCP/IP Raw, but with NoMap function.
Port - port number that device uses for communication. This option depends on the
selected print backend.
Print job encoding - encoding type used by the device. Encoding is defined by print
driver used by the users at the time of creating print job. It can affect job accounting for
users with diacritics in the login name. Default value is UTF-8.
Online accounting / Offline print accounting / Offline copy accounting - select to
enable particular accounting method (this is an optional configuration).
Alert messages encoding - configures encoding of messages created by the device.
8 The SNMP tab allows configuration of SNMP v2 and SNMP v3 used with the device.
SNMP v2
SNMP read-only community for remotely accessing the device states.
SNMP read-write community for remotely reading and writing to device
properties.
SNMP v3
Username
Context name
Authentication algorithm
Authentication password
Privacy algorithm
Privacy password
Configured prices are used for accounting print, copy and scan jobs performed at the device. Prices
are defined in the assigned price list. For more information about job accounting see Price list and
Advanced Detail Accounting.
10 Tags tab enables different print languages or user tags for the device.
All print languages are enabled by default. This configuration must match tags for each job (see
detailed job information).
Check how to use System and User tags.
11 Click Save device button. After confirmation, the device will be automatically reinstalled with updated
configuration and embedded terminal.
12 The embedded terminal is being installed. New popup with installation progress will appear. You can
close the window with device settings.
For more details about the installation, click the small double arrow icon .
Should the installation process encounter any issues, please open the installation details with more
information about the error.
14 If you need to change the settings of an already installed device or terminal, click the edit icon or
double-click the device from the list.
Please note, that some settings may require terminal reinstallation, which will occur automatically
after saving the changes.
GLOBAL SETTINGS
Overview
With "Print all" user can print all jobs in Waiting folder after logging in on Terminal Embedded.
Configuration
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
2 After saving the settings and restarting Terminal server, "Print all" buttons will be displayed on the
terminal's login screen or displayed after login based on type of terminal.
NOTE: Reinstallation of embedded terminal is required for some terminal types. You will be
informed if this is your case based on embedded terminals in your environment when saving the
settings.
Related properties
There are few another properties related to "Print all" function:
print-all-button-default-value - This option set initial state of `Print all` button on authentication
screen of embedded terminal. Default value is false.
printSharedJobs - If enabled, all normal and shared jobs are printed on `print all` command.
jobsAllSortOrder - Order of printed jobs after "Print all" based on delivery date to YSoft SafeQ. You
can set either print newest jobs first or last.
maxPrintAllJobs - Maximum number of jobs printed with "Print all".
This feature is for displaying of all jobs (even with incompatible language) on terminal job list.
This feature works with all Embedded Terminals and Terminal Professional.
Configuration
1 Go to System > System settings > Terminal UI (Expert mode view) and set
showIncompatibleJobs property to enabled.
Property description: If enabled, all jobs (even with incompatible language) are shown on terminal.
3 Configure (or check) printer tags on page Devices > Edit printer > Tags
NOTE: In this case, all jobs with Colour tag will be marked as incompatible jobs and it won't
be possible to print them.
4 Send a job to SafeQ and check it is properly parsed. You can check the job on the Reports >
Display detailed job information > Information page.
NOTE: This job will be marked as a incompatible job, because it contains Colour tag, which is not
allowed in the step 3.
CONFIGURE MFPS
Configuring Konica Minolta OpenAPI (Zeus/Minerva) for YSoft SafeQ Embedded Terminal
Configuring Konica Minolta OpenAPI (older models) for YSoft SafeQ Embedded Terminal
Configuring Xerox EIP for YSoft SafeQ Embedded Terminal
Configuring Ricoh ESA for YSoft SafeQ Embedded Terminal
Configuring Fuji Xerox Apeos for YSoft SafeQ Embedded Terminal
Configuring Fuji Xerox with XCP for YSoft SafeQ Embedded Terminal
Configuring Sharp OSA for YSoft SafeQ Embedded Terminal
Configuring Toshiba for YSoft SafeQ Embedded Terminal
Configuring OKI for YSoft SafeQ Embedded Terminal
Configuring Samsung for YSoft SafeQ Embedded Terminal
Configuring Lexmark for YSoft SafeQ Embedded Terminal
Configuring HP for YSoft SafeQ Embedded Terminal
CONFIGURING KONICA MINOLTA OPENAPI (ZEUS/MINERVA) FOR YSOFT SAFEQ EMBEDDED TERMINAL
Requirements:
Correct firmware is installed on MFP (for more details see HCL - Konica Minolta)
MFP is OpenAPI 3.5 - 4.0 compatible if embedded accounting / application shortcuts / web browser
terminal functionality is required.
Models that support OpenAPI 3.5 - 4.0 may need HDD and/or additional memory installed (for more
details see HCL - Konica Minolta)
At Glance:
7. Add domain DNS suffix in Network settings - Default DNS domain name (in case a host name for
ORS is used)
8. Configure the Windows print driver
9. Install loadable driver (if authentication by CARD is required)
10. Configure USB card reader settings (if authentication by CARD is required)
1. Open your Web browser and enter the MFP's IP address. The MFP Web interface,"PageScope®,"
opens.
2. On the PageScope Web Connection Login screen, select Administrator; then click Login. (If you
are automatically logged in as a guest, log out and then log in again using the administrator account).
NOTE: The PageScope Web interface varies according to the specific MFP.
3. Enter the Administrator password for the MFP; then click OK.
NOTE: The default password is 1234567812345678.
4. Select the Security tab ; then select Device Certificate Setting; Continue with selecting New
registration.
NOTE: If the device already has a factory default settings certificate, delete it first and then create a
new one.
SSL/TLS setting applies only to PageScope Web Connection; you can set it to None without
affecting OpenAPI's SSL capabilities.
Ensure that Encryption Key Type value RSA-1024_MD5 is selected for newer Konica
Minolta devices
7. When the message "Certificate has been successfully created" appears, click OK.
8. Log out of PageScope® Web Connection. If a message appears saying that it is necessary to reboot,
reboot the MFP.
NOTE: If the MFP does not request a reboot, you must log out of the Web interface before continuing
the terminal installation.
4.
4. For the Certificate Verification Settings option, select Off and save settings with OK
It is also recommended to turn off validation of certificate period. This prevents a situation when user
authenticates with invalid credentials (invalid card, invalid PIN) and it takes 1 minute to display the
information about invalid credentials.
3.
3. Under Certificate Verification Level Settings c onfigure Validity Period to Do not confirm.
1. Make sure the MFP is idle — not copying, printing, scanning, or otherwise busy.
4. Enter the Administrator password for the MFP; then touch OK.
Note: The default password is 1234567812345678
NOTE: If SSL and port number options appear, continue to chapter Konica Minolta - Configure SSL
via MFP panel
7. Touch Access Setting; then set it to Allow.
3.
3. With the Network tab still selected, from the menu, select TCP Socket Setting and check the Use
SSL/TLS check box. Than Click OK.
4. Turn the main switch OFF and then ON again to apply changes to TCP Socket settings.
For remote reset use the web interface of the MFP, menu Maintenance > Reset > Reset.
Configure region
For Develop, only Europe region and Others2 region are supported. To change setting of a region of your
device, please see the Develop - Configure region page.
1.
1. Right-click the Konica Minolta MFP driver; then select Printer properties > Configure.
4.
4. Click OK
5. Back on the Configure tab, set ID&Print, User Authentication and Account Track to disable.
6. Click OK.
2.
1.
1. Open your Web browser and enter the MFP's IP address. The MFP Web interface,"PageScope®,"
opens.
2. On the PageScope Web Connection Login screen, select Administrator; then click Login. (If you
are automatically logged in as a guest, log out and then log in again using the administrator account).
NOTE: The PageScope Web interface varies according to the specific MFP.
3. Enter the Administrator password for the MFP; then click OK.
NOTE: The default password is 1234567812345678.
4. Select the Security tab ; then select Device Certificate Setting; Continue with selecting New
registration.
NOTE: If the device already has a factory default settings certificate, delete it first and then create a
new one.
SSL/TLS setting applies only to PageScope Web Connection; you can set it to None without
affecting OpenAPI's SSL capabilities.
Ensure that Encryption Key Type value RSA-1024_MD5 is selected for newer Konica
Minolta devices
7. When the message "Certificate has been successfully created" appears, click OK.
8. Log out of PageScope® Web Connection. If a message appears saying that it is necessary to reboot,
reboot the MFP.
NOTE: If the MFP does not request a reboot, you must log out of the Web interface before continuing
the terminal installation.
12. Add certificate from your certification authority (the certificate you have created in step 8) > Press the
Install button
13. A message with the result of installation will be displayed
14. Continue to PKI Settings > SSL Setting
15. Set Mode using SSL/TLS to Admin. Mode and User Mode
16. Set Encryption Strenght to encryption which you use (if you are not sure which encryption use, set
attribute to AES-256, 3DES-168, RC4-128, DES-56, RC4-40)
Konica Minolta - Configure SSL for OpenAPI and TCP Socket communication
Configure additional required SSL settings as described here.
You can configure the settings by using either the MFP's Web interface or the MFP panel.
1. Make sure the MFP is idle — not copying, printing, scanning, or otherwise busy.
3.
4. Enter the Administrator password for the MFP; then touch OK.
NOTE: The default password is 1234567812345678.
11. Touch TCP Socket Settings (on second page of the Network Settings menu).
13. Change the settings for Use SSL/TLS to ON; then touch OK.
3.
3. With the Network tab still selected, from the menu, select TCP Socket Setting and check the Use
SSL/TLS check box. Than Click OK.
4. Turn the main switch OFF and then ON again to apply changes to TCP Socket settings.
For remote reset use the web interface of the MFP, menu Maintenance > Reset > Reset.
For Develop, only Europe region and Others2 region are supported. It is recommended to use the
Europe region.
1. Right-click the Konica Minolta MFP driver; then select Printer properties > Configure.
2.
5. Back on the Configure tab, set ID&Print, User Authentication and Account Track to disable.
6. Click OK.
4.
4. For the Certificate Verification Settings option, select Off and save settings with OK
It is also recommended to turn off validation of certificate period. This prevents a situation when user
authenticates with invalid credentials (invalid card, invalid PIN) and it takes 1 minute to display the
information about invalid credentials.
3.
3. Under Certificate Verification Level Settings c onfigure Validity Period to Do not confirm.
1.
3. Enter the Administrator password for the MFP; then touch OK.
Note: The default password is 1234567812345678
7.
1.
1. Make sure the MFP is idle — not copying, printing, scanning, or otherwise busy.
3.
4. Enter the Administrator password for the MFP; then touch OK.
Note: The default password is 1234567812345678
NOTE: If SSL and port number options appear, continue to chapter Konica Minolta - Configure SSL
via MFP panel
7. Touch Access Setting; then set it to Allow.
Minerva C754, C654 ineo+ 754, ineo+ 654 d-COLOR MF752Plus, d-COLOR MF652Plus
Minerva C754e, C654e ineo+ 754e, ineo+ 654e d-COLOR MF752, d-COLOR MF652
2nd
series
Zeus C554, C454, ineo+ 554, ineo+ 454, d-COLOR MF552, d-COLOR MF452, d-
C364, C284, ineo+ 364, ineo+ 284, COLOR MF362, d-COLOR MF282, d-COLOR
C224 ineo+ 224 MF222
Zeus C554e, C454e, ineo+ 554e, ineo+ 454e, d-COLOR MF552Plus. d-COLOR MF452Plus,
MLK C364e, C284e, ineo+ 364e, ineo+ 284e, d-COLOR MF362Plus, d-COLOR MF282Plus,
C224e ineo+ 224e d-COLOR MF222Plus
Installation
1. Copy the loadable driver file to the root directory of a USB flash drive.
2. Insert the USB flash drive into the USB port on MFP
3.
4. Touch System 2.
6.
6. Touch Install.
Minerva C754, C654 ineo+ 754, ineo+ 654 d-COLOR MF752Plus, d-COLOR MF652Plus
Minerva C754e, C654e ineo+ 754e, ineo+ 654e d-COLOR MF752, d-COLOR MF652
2nd
series
Zeus C554, C454, ineo+ 554, ineo+ 454, d-COLOR MF552, d-COLOR MF452, d-
C364, C284, ineo+ 364, ineo+ 284, COLOR MF362, d-COLOR MF282, d-COLOR
C224 ineo+ 224 MF222
Zeus C554e, C454e, ineo+ 554e, ineo+ 454e, d-COLOR MF552Plus. d-COLOR MF452Plus,
MLK C364e, C284e, ineo+ 364e, ineo+ 284e, d-COLOR MF362Plus, d-COLOR MF282Plus,
C224e ineo+ 224e d-COLOR MF222Plus
Zeus/Minerva
1.
Print without authentication option allows printing of documents, that are sent directly to the MFP's
IP address.
This function needs to be allowed for the Public users to be able to print.
Follow these steps to set the MFP's "Print without authentication" option:
3.
4. Enter the Administrator password for the MFP; then tap OK. (The default is 1234567812345678.)
7. Set this option to Full Color/Black or Black Only to enable printing of the documents sent directly to
the MFP's IP address.
To disable the printing, set the option to Restrict.
Touch OK to confirm the setting.
Be sure to have your print driver configured correctly according to Konica Minolta - Configure User
Authentication and Account Track.
CONFIGURING KONICA MINOLTA OPENAPI (OLDER MODELS) FOR YSOFT SAFEQ EMBEDDED TERMINAL
At Glance:
KM - Add domain DNS suffix in Network settings - Default DNS domain name (in case a host name
for ORS is used)
Printer properties - Configure - Device Options are configured to support all possible features (Punch
unit, Finisher etc.)
Printer properties - Configure - Obtain Settings - Auto = not checked
Printer properties - Configure - User Authentication = disabled
Printer properties - Configure - Account Track = disabled
Printer properties - Ports - Enable printer pooling is checked + additional ports are created and
checked to be used (remove windows print spooling bottleneck)
On the PageScope Web Connection Login screen, select Administrator; then click Login. (If you are
automatically logged in as a guest, log out and then log in again using the administrator account).
NOTE: The PageScope Web interface varies according to the specific MFP.
Enter the Administrator password for the MFP; then click OK.
Select the Security tab ; then select Device Certificate Setting; Continue with selecting New registration
NOTE: The information you enter does not have to be valid (for example, the Admin E-mail Address does
not have to be valid), except the Validity Period, recommend is 3650 days. The Mode using SSL/TLS
setting applies only to PageScope Web Connection; you can set it to None without affecting OpenAPI's SSL
capabilities.
Ensure that Encryption Key Type value RSA-1024_MD5 is selected for newer Konica Minolta
devices
When the message "Certificate has been successfully created" appears, click OK; then log out of
PageScope Web Connection.
NOTE: If the MFP does not request a reboot, you must log out of the Web interface before continuing the
terminal installation.
Disable the "Certificate Verification Settings" option
Log in to the MFP's Web interface as administrator; then select Security (see page ).
From the menu, select Certificate Verification Settings.
For the Certificate Verification Settings option, select Off and save settings with OK
Enter the Administrator password for the MFP; then touch OK.
NOTE: The default password is 12345678.
NOTE: If SSL and port number options appear, continue to chapter KM - Configure SSL via MFP panel
Touch Access Setting; then set it to Allow.
You can configure the settings by using either the MFP's Web interface or the MFP panel.
Configure switches
Please note, that this change is required for multilevel billing codes selection on KM devices from
product lines older than Zeus. If you are using Zeus product line or newer device, do not
change the default value of switch No. 25.
NOTE: No. 25 is just general name of this switch, please contact your Konica Minolta distributor to tell you
the appropriate equivalent of the switch name for your specific MFP.
Touch Service Mode > Billing Setting > Management Function Choice.
NOTE: For instructions for opening Service Mode with the Management Function Choice option for your
specific MFP, contact your Konica Minolta distributor.
Touch Card.
On the ID Card Type screen, touch CARD2 (to specify the USB reader); then touch OK. If CARD2 does not
work and come up with an internal error, you have to use CARD1.
Set "Print without authentication" option
Print without authentication option allows or disables printing of documents, that are sent directly
to the MFP's IP address.
Follow these steps to set the MFP's "Print without authentication" option:
Enter the Administrator password for the MFP; then tap OK. (The default is 12345678.)
Set this option to Allow to enable printing of the documents sent directly to the MFP's IP address. To
disable the printing, set the option to Restrict.
Tap OK to confirm the setting.
Be sure to have your print driver configured correctly according to KM - Configure User
Authentication and Account Track.
Enter the Administrator password for the MFP; then touch OK. (The default password is 12345678.)
Right-click the Konica Minolta MFP; then select Printer properties > Configure.
Click OK.
Product Models
lines
Thames\Mosel devices
Model Thames vs.
Mosel
Thames/Mosel
Insert CF card(max 256 MB).
Run commant mkcfldr.bat (device code) (CF drive letter) - for example mkcfldr.bat mi2 e:
Press [ISW].
Press Execute.
Press Start.
Insert the USB flash drive into the USB port at the rear side of the main body.
Select "YES" and touch the "START" button displayed on the panel.
When the downloading proccess was finished, the message of "Download Complete" comes out on the
panel.
Turn off the main switch and remove the USB flash drive.
Donau
Copy "A0P0FW.tar" to the root directory of a USB flash drive.
Insert the USB flash drive into the USB port for service at the rear side of the main body. (Remove the
screw and lift up the cover of the USB port)
Select "YES" and touch the "START" button displayed on the panel.
When the downloading proccess was finished, the message of "Download Complete" comes out on the
panel.
Turn off the main switch and remove the USB flash drive.
Taiga
Copy "A1UDFW.tar" to the root directory of a USB flash drive.
Insert the USB flash drive into the USB port for service at the rear side of the main body. (Remove the
screw and lift up the cover of the USB port)
Select "YES" and touch the "START" button displayed on the panel.
When the downloading proccess was finished, the message of "Download Complete" comes out on the
panel.
Turn off the main switch and remove the USB flash drive.
KM - Configure and enable SSL
Open your Web browser and enter the MFP's IP address. The MFP Web ®interface,"PageScope," opens.
On the PageScope Web Connection Login screen, select Administrator; then click Login. (If you are
automatically logged in as a guest, log out and then log in again using the administrator account).
NOTE: The PageScope Web interface varies according to the specific MFP.
Enter the Administrator password for the MFP; then click OK.
Select the Security tab ; then select Device Certificate Setting; Continue with selecting New registration
NOTE: The information you enter does not have to be valid (for example, the Admin E-mail Address does
not have to be valid), except the Validity Period, recommend is 3650 days. The Mode using SSL/TLS
setting applies only to PageScope Web Connection; you can set it to None without affecting OpenAPI's SSL
capabilities.
Ensure that Encryption Key Type value RSA-1024_MD5 is selected for newer Konica Minolta
devices
When the message "Certificate has been successfully created" appears, click OK; then log out of
PageScope Web Connection.
NOTE: If the MFP does not request a reboot, you must log out of the Web interface before continuing the
terminal installation.
KM - Disable the Certificate Verification Settings option
Log in to the MFP's Web interface as administrator; then select Security (see page ).
From the menu, select Certificate Verification Settings.
For the Certificate Verification Settings option, select Off and save settings with OK
Enter the Administrator password for the MFP; then touch OK.
NOTE: The default password is 12345678.
NOTE: If SSL and port number options appear, continue to chapter KM - Configure SSL via MFP panel
Touch Access Setting; then set it to Allow.
You can configure the settings by using either the MFP's Web interface or the MFP panel.
It may not be possible to configure SSL via MFP Web, as the setting may be disabled (greyed out). In
such case you need to KM - Configure SSL via MFP panel.
With the Network tab still selected, from the menu, select TCP Socket Setting and check the Use SSL/TLS
check box. Than Click OK.
Enter the Administrator password for the MFP; then touch OK.
NOTE: The default password is 12345678.
KM - Configure switches
Please note, that this change is required for multilevel billing codes selection on KM devices from
product lines older than Zeus. If you are using Zeus product line or newer device, do not
change the default value of switch No. 25.
NOTE: No. 25 is just general name of this switch, please contact your Konica Minolta distributor to tell you
the appropriate equivalent of the switch name for your specific MFP.
1.
Touch Service Mode > Billing Setting > Management Function Choice.
NOTE: For instructions for opening Service Mode with the Management Function Choice option for your
specific MFP, contact your Konica Minolta distributor.
Touch Card.
On the ID Card Type screen, touch CARD2 (to specify the USB reader); then touch OK. If CARD2 does not
work and come up with an internal error, you have to use CARD1.
KM - Configure Print without authentication option
Print without authentication option allows or disables printing of documents, that are sent directly
to the MFP's IP address.
Follow these steps to set the MFP's "Print without authentication" option:
Enter the Administrator password for the MFP; then tap OK. (The default is 12345678.)
Set this option to Allow to enable printing of the documents sent directly to the MFP's IP address. To
disable the printing, set the option to Restrict.
Tap OK to confirm the setting.
Be sure to have your print driver configured correctly according to KM - Configure User
Authentication and Account Track.
Enter the Administrator password for the MFP; then touch OK. (The default password is 12345678.)
Click OK.
Thames\Mosel devices
Thames/Mosel
Insert CF card(max 256 MB).
Run commant mkcfldr.bat (device code) (CF drive letter) - for example mkcfldr.bat mi2 e:
Press [ISW].
Press Execute.
Press Start.
Insert the USB flash drive into the USB port at the rear side of the main body.
Select "YES" and touch the "START" button displayed on the panel.
When the downloading proccess was finished, the message of "Download Complete" comes out on the
panel.
Turn off the main switch and remove the USB flash drive.
Donau
Copy "A0P0FW.tar" to the root directory of a USB flash drive.
Insert the USB flash drive into the USB port for service at the rear side of the main body. (Remove the
screw and lift up the cover of the USB port)
Select "YES" and touch the "START" button displayed on the panel.
When the downloading proccess was finished, the message of "Download Complete" comes out on the
panel.
Turn off the main switch and remove the USB flash drive.
Taiga
Copy "A1UDFW.tar" to the root directory of a USB flash drive.
Insert the USB flash drive into the USB port for service at the rear side of the main body. (Remove the
screw and lift up the cover of the USB port)
Select "YES" and touch the "START" button displayed on the panel.
When the downloading proccess was finished, the message of "Download Complete" comes out on the
panel.
Turn off the main switch and remove the USB flash drive.
KM - Configure IPP and IPPSSL
This topic describes how to configure IPP/IPPSSL on Konica-Minolta printers.
Number Description
Number Description
7. Copy or Save a Certificate Signing Request Data and insert them to your certification authority
9. Continue on Security tab > PKI Settings > Device Certificate Setting
Number Description
12. Add certificate from your certification authority (the certificate you have created in step 8) > Press
Install button
15. Set Mode using SSL/TLS to Admin. Mode and User Mode
Set Encryption Strenght to enctyption which you use (if you are not sure which encryption use, set
attribute to AES-256, 3DES-168, RC4-128, DES-56, RC4-40)
KM - Recommended settings
OpenAPI Certificate Verification Level Settings - Validity Period
When user authenticates with invalid credentials (invalid card, invalid PIN) and the setting of Validity Period
is configured to Confirm, it will take 1 minute until the information about invalid credentials is displayed.
Terminal is integral and inseparable part of the YSoft SafeQ Server solution and operates only when
connected to the server. Terminals work within the TCP/IP enabled networks only.
JBA – Xerox technology for job tracking and accounting directly on the MFP in the form of precise
activity logs (copying, printing, scanning). These logs can be later on (in certain time intervals) pulled
from the MFP and processed by SafeQ accounting system. Therefore, the accounting data as well as
entries in the job list (prints, copies and scans) are not available in SafeQ immediately upon job
completion (as opposed to standard "online" and "offline" SafeQ accounting), but later on as the MFPs
are queried for accounting data (logs).
Printing: print jobs do not pass through SafeQ Server: users submit their prints directly to the IP
address of the MFP, effectively bypassing SafeQ server. Therefore, there is no secured printing
available and no Print roaming (as well as all other features provided specifically by SafeQ Terminal
Professional).
Copying: user authentication is performed on the built in MFP interface (no SafeQ Terminal). User
authenticates using login name and pin.
Scanning: same as for copying.
There are two different implementations, Onbox and Offbox:
Onbox – database with user logins and pins is uploaded to the device during MFP installation
(from SQ web interface). Then, during user authentication, the login and pin is checked locally
against the MFP user database.
Offbox – user logins and passwords are not stored on the machine, but are checked during the
authentication against the Web service, which communicates with DS and SafeQ.
Tested Devices
This part describes first how to configure Xerox MFP in general; then particular MFPs are discussed
more in details. You need to configure each device first in order to communicate with SafeQ.
Xerox WorkCentre® System FW 75.3.1, Controller + PS see Xerox WorkCentre 74xx EIP
7425/7428/7435 ROM 1.222.18 updated based on Configuration
System FW 75.14.43
General Notes
Supposed you are configuring new MFP with default settings. If you are configuring older device with
lot of customized settings, it may be useful to reset it to factory defaults first.
Most settings can be configured via internal web page of MFP with administration interface. Web
interface of each device can be different, depending on device model. Language of the interface is
mostly controlled by preferred language setting of the browser. Note that support of various browsers
can differ between particular MFPs. To enter web interface, insert <MFP IP> to the browser address
bar (you will be connected to http or https page based on MFP's current setting).
Default credential (As described in Xerox Admin Guides) is login: admin, password: 1111. For
some devices, default login: 11111, password: x-admin.
It is often referred to SMTP community in this guide – by this, it is always mean SMTP Write
community.
Newer devices support Self Address Assignment – it is recommended to turn this feature off
WorkCentre® 5845/5855/5865/5875/5890
WorkCentre® 7200 Series
WorkCentre® 7800 Series
WorkCentre® 7970
ColorQube® 8700/8900
ColorQube® 9300 Series (FW 071.180.203.05401+)
This manual was created based on Xerox WorkCentre 7835 and should be applicable to most MFPs
built on ConnectKey™, although slight differences may occur.
FTP mode
Go to the Properties tab > Connectivity > Setup. Click Edit in the FTP/SFTP Filling row, and then set the
Mode to Active.
Go to the Properties tab > Services > Printing > Printing Web Services and then enable the options
Scan Template Management and Scan Extensions. Also make sure that Xerox Secure Access and
Authentication & Authorization Configuration are enabled:
You might also want to check that the Confirmation Sheets for Scanning Workflows are set to print only in
case of an error. Otherwise, there might be a page printed every time someone uses the Scan option in
YSoft SafeQ terminal.
Go to the Properties tab > Services > Workflow Scanning > General Settings. Set Confirmation Sheet
to Errors Only.
SNMP settings
Go to the Properties tab > Connectivity > Setup. Click Edit in the SNMP row, and then enable the option
Enable SNMP v1/v2c Protocols.
On the same page click Edit SNMP v1/v2c Properties. Set the Community Name (Read / Write)
accordingly:
Proceed with the MFP installation in SafeQ to complete the installation of YSoft SafeQ Embedded
Terminal. Check the installation status and installation steps.
If there are some warnings present during the installation, you will need to do some further settings of
the MFP based on the messages you see. In that case the following information should help you with
configuration of your Xerox MFP.
After installation of YSoft SafeQ Embedded Terminal
These settings are necessary only if requested by the Embedded Terminal installation or if some
customization of configuration is requested.
Then, you have to configure the Accounting workflows, User Accounting Prompts and Validation for
Accounting Codes. Click the respective Edit buttons.
Accounting Workflows:
Please note note that there are two possible configurations depending on selected features. When
payments are used, Pre-Authorization and Capture Usage has to be used. In other cases, Capture
Usage has to be used. (Please note, that without payments, the Pre-Authorization will cause a malfunction.
For example, selecting copy function and starting copying will do the scanning part of the process but then
MFP will wait for user verification).
Standard configuration.
On the Non-Logged-In Users tab click Edit to edit Non-Logged-In User role.
If you use device authentication mode To device, on the Services & Tools tab check that the Role State of
the Services Pathway is set to Not Allowed.
You can configure Machine Status Pathway and Job Status Pathway locks freely.
If you use device authentication mode To each application, set the options accordingly. Note that for
some WorkCentre models, it is necessary to use only Per application settings for proper functionality.
Convenience Authentication
Go to the Properties tab > Login/ Permissions/ Accounting > Login Methods. Then click Edit next to
Convenience Authentication Setup.
On Convenience Authentication Setup page, check that Accounting Information are applied
automatically. It can be modified by selecting Automatically apply Accounting Codes from the server.
Job Limits
To enable Job Limits service, go to the Properties tab > Services > Printing > Printing Web Services
and select the check box for Job Limits. Click Apply.
This document has been created based on Xerox WorkCentre ColorQube 9303 (FW 072.180.104.14800
)
Set Accounting Mode to Network Accounting and then use *Customize Prompts*
WorkCentre® 5632/5638/5645/5655/5665/5675/5687
WorkCentre® 6400
WorkCentre® 7525/7530/7535/7545/7556
This manual was created based on Xerox WorkCentre 7535 and should be applicable to most MFPs
built on Endeavor™, although slight differences may occur. Please note additional documents for the 56xx,
57xx and 76xx.
Network Accounting
FTP mode
Include username with validation request
Web Services for Devices
Scan services for scanning with workflows
SNMP settings
USB Card Reader settings
After installation of YSoft SafeQ Embedded Terminal
Extensible Service Browser
User Permissions Roles
Convenience Authentication
Job Limits
Network Accounting
Go to the Properties tab > Accounting > Setup and click on Edit...
On some older firmwares this menu is not available and Network accounting must be set using a device
panel.
Choose to Display Prompts for labels, disable validation and enable Prompting for All Services
FTP mode
Go to the Properties tab > Connectivity > Protocols > FTP/SFTP Filing. Set the Mode to Active and
click Apply.
Go to the Properties tab > Services > Custom Services > Validation Options. Enable the Include User
Name with validation request option.
Go to the Properties tab > Connectivity > Protocols > HTTP > Web Services and then enable the options
Scan Template Management and Scan Extensions.
You might also want to check that the Confirmation Sheets for Scanning Workflows are set to print only in
case of an error. Otherwise, there might be a page printed every time someone uses the Scan option in
YSoft SafeQ terminal.
Go to the Properties tab > Services > Workflow Scanning > General. Set Confirmation Sheet to Errors
Only.
SNMP settings
Go to the Properties tab > Connectivity > Protocols > SNMP. Enable the option Enable SNMP v1/v2c
Protocols. Click Apply and continue to Edit SNMP v1/v2c Properties.
Save the settings and check whether your card reader is supported.
You may need to reload the page after some time to see the proper status of the card reader.
Proceed with the MFP installation in SafeQ to complete the installation of YSoft SafeQ Embedded
Terminal. Check the installation status and installation steps.
If there are some warnings present during the installation, you will need to do some further settings
based on the messages.
After installation of YSoft SafeQ Embedded Terminal
These settings are necessary only if requested by the Embedded Terminal installation or if some
customization of configuration is requested.
If you use device authentication mode To device, on the Services & Tools tab check that the Role State of
the Services Pathway is set to Not Allowed.
You can configure Machine Status Pathway and Job Status Pathway locks freely.
If you use device authentication mode To each application, set the options accordingly. Note that for
some WorkCentre models, it is necessary to use only Per application settings for proper functionality.
Convenience Authentication
Go to the Properties tab > Security > Authentication > Setup > Xerox Secure Access Setup, click on
Manually Override Settings on the bottom of the page.
Check that Accounting Information is applied automatically. It can be modified by selecting Automatically
apply Accounting Codes from the server
Job Limits
Some devices may not support this feature.
This setting is necessary only if you are using the Payments feature of the YSoft SafeQ Embedded
Terminal.
To enable Job Limits service, go to the Properties tab > Accounting > Setup and click Edit next to the Job
Limits item. Select the check box for Job Limits. Click Apply.
Set Accounting Mode to Network Accounting and then use *Customize Prompts*
Setting Date and time (on the 56xx series this is set form the local UI).
Log on the device as admin and access the tools menu. Select System Settings.
Select Greenwich Mean Time Offset and set the time zone.
Make sure that you set both date and time before selecting reboot.
Set Network Accounting Login Display Mode to Display User ID Details and Display Account ID
Details
Disable Xerox Standard Accounting: Properties > Accounting > Xerox Standard Accounting >
Enablement .
Go to Service menu on the embedded terminal Tools > Accounting Settings > Authentication
Set Network Accounting Login Display Mode to Display User ID Details and Display Account ID
Details
WorkCentre® 7120
WorkCentre® 5335
This manual was created based on Xerox WorkCentre 5335 and should be applicable to most MFPs
with Fuji Xerox controller, although slight differences may occur.
Time configuration
At the printer control panel, press the Machine Status button and switch to the Tools tab. Then touch
System Settings > Common Service Settings > Machine Clock/Timers.
FTP
Go to the Properties tab > Connectivity > Port Settings > FTP and enable the FTP Client.
Go to the Properties tab > Connectivity > Protocols > FTP and set Transfer Mode to Active Mode.
Click Apply.
Then you can enable all extensible services: Scan Services, Security, Remote System Management
Once you apply the changes set above, navigate back to the Extensible Service Setup page and enable
Export password to Extensible Services and Enable the Extensible Services Browser. Apply the
configuration changes.
SNMP
You will later need to fill proper SNMP community in device configuration. You can check current MFP
setting under Properties > Connectivity > Protocols > SNMP Configuration > Edit SNMP v1/v2c
Properties .
Scan Services
You will need to enable Scan Template management in device configuration for scanning with workflows.
Then you need to enable scan accounting in Accounting > Accounting Configuration > Auditron Mode*.
You will need to enable plug-in support in Security > Plug-in Settings > Plug-in Settings.
Please note that you can obtain the plug-in from Xerox, Y Soft Group has no rights for its distribution.
Then you can upload a new plug-in in Security > Plug-in Settings > List of Embedded Plug-ins.
Choose path to file with the plug-in and upload it to the printer.
Successful plugin installation and activation can be verified in Security > Plug-in Settings > List of
Embedded Plug-ins in Status column.
Proceed with the MFP installation in SafeQ to complete the installation of YSoft SafeQ Embedded
Terminal. Check the installation status and installation steps.
If there are some warnings present during the installation, you will need to do some further settings
based on the messages.
After installation of YSoft SafeQ Embedded Terminal
These settings are necessary only if requested by the Embedded Terminal installation or if some
customization of configuration is requested.
This manual was created based on Xerox Phaser 3635 and should be applicable to most MFPs with
Samsung controller, although slight differences may occur.
Custom Services
Go to the Properties tab > Services > Custom Services and do the following settings:
SSL
Create a new secure certificate and enable SSL.
Go to the Properties tab > Security > Machine Digital Certificate and check Installed Certificates. When
a certificate is not created, create new Self signed certificate.
Then go to Connectivity > Protocols > HTTP and enable the SSL.
Note that you have to reload the page after you enable SSL if it was disabled before. Next time, you will be
redirected to secured page (https). Also remember you have to recreate the certificate if you change the IP
address of the device, as the certificate is IP-relative.
Network Accounting
Go to MFP panel and log in as admin, then go to Tools > Accounting > Accounting Enablement >
Authentication Mode, choose Network Accounting and save the settings.
Then go to Network Accounting Setup > Network Accounting Authentication and Disable
authentication.
SNMP
You will later need to fill proper SNMP community in device configuration. You can check current MFP
setting under the Properties tab > Connectivity > Protocols > SNMP.
Scan Services
Go to the Properties tab > Services > Network Scanning > Scan Template Management and select the
enabled check-box.
Proceed with the MFP installation in SafeQ to complete the installation of YSoft SafeQ Embedded
Terminal. Check the installation status and installation steps.
If there are some warnings present during the installation, you will need to do some further settings
based on the messages.
After installation of YSoft SafeQ Embedded Terminal
Device and Service Access
This feature is unavailable on this MFP.
This document has been created based on Xerox WorkCentre 5230 (FW 1.207.8)
At Glance
If JBA technology is required for accounting (you are using MFP specific accounting instead of
SNMP or job analysis accounting), it must be turned on.
Furthermore, for Onbox and Offbox user verification has to be set on (otherwise, it has to be set off).
Enable Network Accounting: Properties > Accounting > Accounting Configuration
Enable Custom Services: Properties > Services > Custom Services > *Custom Services
Xerox device may come with many options disabled by factory settings. Please ensure following
options are enabled:
FTP: Properties > Connectivity > Protocols > FTP
Check Export User validation: Properties > Services > Custom Services > Validation Options >
Enable Export User Name
Xerox secure access: Properties > Security > Remote Authentication Services > Xerox Secure
Access Settings .
You will later need to fill proper SNMP community in device configuration. You can check current MFP
setting under Properties > Connectivity > Protocols > SNMP Configuration > Edit SNMP v1/v2c
Properties .
Scan Services
You will need to enable Scan Template management in device configuration for scanning with
workflows later. You can check current MFP setting under Properties > Connectivity > Protocols >
HTTP . Scan Template Management and Scan Extensions should be enabled (You can check also
Security setting – Xerox Secure Access and Authentication & Authorization Configuration).
User access rights must be configured globally (only if LDAP is properly set-up, user logins/aliases
can be used for per group access rights, but it still has to be configured manually per device).
Authentication mode: Properties > Security > Authentication Configuration
Check current settings and click Next.
In case you change title of your application and reinstall the embedded terminal, the YSoft
SafeQ application can get unlocked. In that case, please lock the application again manually.
This document has been created based on Xerox WorkCentre 7435 (System FW 75.3.1,
Controller + PS ROM 1.222.18) and updated based on System FW 75.14.43
At Glance
If JBA technology is required for accounting (you are using MFP specific accounting instead of SNMP
or job analysis accounting), it must be turned on.
Furthermore, for Onbox and Offbox user verification has to be set on (otherwise, it has to be set off).
Enable Network Accounting: Properties > Accounting > Accounting Configuration and Customize
User Prompts
Match the settings in the screenshot below and select Apply. Select reboot.
Hide mask for login screen: Properties > Accounting > Accounting Login Screen Settings
Match the settings in the screenshot below and select Apply. Select reboot.
Xerox device may come with many options disabled by factory settings. Please ensure following
options are enabled:
FTP: Properties > Connectivity > Port Settings> FTP Client
Make sure proper settings are applied, select Apply. Select reboot.
Check Export User validation: Properties > Services > Custom Services > Validation Options >
Enable Export User Name
Match the settings in the screenshot below and select Apply. Reboot not required.
Xerox secure access: Properties > Security > Remote Authentication Services > Xerox Secure
Access Settings (texts illustrate situation before SafeQ Embedded Terminal installation).
Match the settings in the screenshot below and select Apply. Select reboot.
You will later need to fill proper SNMP community in device configuration. You can check current MFP
setting under Properties > Connectivity > Protocols > SNMP Configuration > Edit SNMP v1/v2c
Properties
Match the settings in the screenshot below and select Apply. Reboot not required.
Match the settings in the screenshot below and select Apply. Reboot not required.
Scan Services
You will need to enable Scan Template management in device configuration for scanning with
workflows later. You can check current MFP setting under Properties > General Setup > Extensible
Service Setup. Export password and Enable the Extendable Services Browser should be enabled
.
Match the settings in the screenshot below and select Apply. Reboot not required.
Edit Extensible Services Setup. Scan Template Management and Scan Extensions should be
enabled .
Match the settings in the screenshot below and select Apply. Reboot not required.
User access rights must be configured globally (only if LDAP is properly set-up, user logins/aliases
can be used for per group access rights, but it still has to be configured manually per device).
Authentication mode: Properties > Security > Authentication Configuration
Check current settings and click Next.
b) If you chose device authentication mode To each application, make sure that YSoft SafeQ is
locked, other services may be unlocked.
In case you change title of your application and reinstall the embedded terminal, the YSoft
SafeQ application can get unlocked. In that case, please lock the application again manually.
You must enable Network accounting using Network Accounting Kit 098S04928
At Glance
Enabling SSL
Enabling JBA ("Network accounting")
Time settings:
SNMP Community setting
Checking enabled features
Disable Device Start-Up Page and Banner Page
Enabling SSL
SSL can be enabled and configured only from internal web page of MFP. Create a new secure
certificate and enable SSL.
Go to Properties tab > Security > Machine Digital Certificate and check Installed Certificates. When a
certificate is not created, create new Self signed certificate.
Select Self Signed Certificate en order to Establish a Self Signed Certificate on this machine
Fill in the company information and set the days of validity to max and press Apply
Then go to Properties tab >Connectivity > Protocols > HTTP and enable SSL
Note that you have to reload the page after you enable SSL if it was disabled before. Next time, you will be
redirected to secured page (HTTPS). Also remember you have to recreate the certificate if you move the
device to another IP as the certificate is IP relative.
Enabling JBA ("Network accounting")
Turn on the Network Accounting (formerly called JBA) technology if you are using MFP specific
accounting instead of SNMP or job analysis accounting.
It is also required for On-box and Off-box user verification (otherwise, it has to be turned off)
Go to the Properties tab > Login/ Permissions/ Accounting > Accounting method and select Network
Accounting
Then you have to configure the Accounting workflows, User Accounting Prompts and Validation for
Accounting Codes. Click the respective Edit buttons.
Accounting Workflows:
Note that if settings other than Capture Usage will cause a malfunction. For example, selecting copy
function and starting copying will do the scanning part of the process but then MFP will wait for user
verification.
Time settings:
The device time setting should be the sane as the Y Soft SafeQ server
Go to the Properties tab > General Setup > Date and Time. Make sure to set the time to match the Y Soft
SafeQ server time or specify automatic time configuration via NTP server.
Go to the Properties tab > Connectivity > Protocols > SNMP. Enable SNMP and the Click Edit in the Edit
SNMP properties row.
Custom Services: Properties > General Setup > Extensible Service Setup
You might also want to check that the Confirmation Sheets for Scanning Workflows are set to print
only in case of an error. Otherwise, there might be a page printed every time someone uses the
Scan option in YSoft SafeQ terminal.
Go to the Properties tab > Services > Workflow Scanning > Confirmation Report Override
Go to the Properties tab > Services > Printing and set Device Start-Up Page to Disabled
Go to the Properties tab > Services > Printing and set Banner Page to Disabled
In manage Permissions set the permissions so that all Services Pathway options are set to Not Allowed.
Go ahead and finish the installation as described in Installing YSoft SafeQ Embedded Terminal for Xerox
EIP, then come back to do the next settings
After installation - access check
After you have installed the Y Soft SafeQ Embedded Terminal, you can check that Convenience
Authentication is set correctly:
Go to the Properties tab > Login/ Permissions/ Accounting > Login Methods.
Then Click the yellow pen Edit icon next to Convenience Authorization Setup .
On Convenience Authentication Setup page, check that Accounting codes are applied automatically. It can
be modified by selecting Automatically apply Accounting Codes from the server.
Follow these steps to configure the MFP to allow installation of YSoft SafeQ Embedded Terminal:
CAUTION: Turn off the MFP before proceeding, to avoid damaging the Java VM card or the MFP.
NOTE: The MFP includes as many as three SD card slots. The lowest slot is reserved for the Java VM
card and firmware update cards. The slot may be covered with a metal or plastic cover, which you must
remove.
2. Turn on the MFP. Wait 2 or 3 minutes while Java VM and the default version of the embedded terminal
are installed.
3. On the MFP panel, select the options shown below to activate support for enhanced external charge unit
management: SP mode 5-113-002 to 1.
4. Check that the SP mode 5-113-001 is set to 0 (default value). If not, change it to the default value.
5. Perform a soft restart of the MFP. (On the keypad, press and hold * and # for 10 seconds.)
6. Select System Settings > Administrator Tools > Enhanced External Charge Unit Management ;
then select/deselect options as shown below to enable enhanced external charge unit management to block
Copier, Printer, Document Server, Facsimile and Scanner.
Recommended configuration of shared Windows printer used for secure and direct print queue
When you are configuring shared printer for secure print, follow the the recommendations bellow to increase
performance of the driver installed in environment when it´s used for printing on printers with a different
feature configuration. The same recommendations can be applied for direct print as well since there´s no
direct access between the driver and the printer and feature configuration has to be selected manually.
Printer properties - Accessories are configured to support all possible features (Punch unit, Finisher,
etc.)
Printer properties - Accessories - Disable automatically Update Printer Information
Printer properties - Ports - Disable bidirectional settings
Printer properties - Ports - Enable printer pooling to remove Windows print job spooling bottleneck
On the Ports tab, make sure Enable bidirectional support is left unchecked
Click OK.
Ricoh TE - Printer Accessories - Printer Information
Overview
Because the print driver has no direct access to any printer, it´s necessary to uncheck Automatically Update
Printer Information to prevent a time-out caused by unsuccessful attempt for such communication.
Automatically Update Printer Information
Open Devices and Printers, right-click selected Ricoh device and select Printer properties
On the Accessories tab, make sure Automatically Update Printer Information is left unchecked.
On the Accessories tab, make sure all supported features (Punch unit, Finisher etc.) are checked.
Requirements:
1. ApeosPort-IV or ApeosPort-V (for more details see HCL - Fuji Xerox and Fuji Xerox(JAPAN))
2. External Access Kit (Web Browser, EBW v4) is enabled (Should be done by Fuji Xerox service
engineer)
3. Proper NVM is set in service mode (Should be done by Fuji Xerox service engineer)
General Notes:
During MFP configuration, MFP sometimes requires reboot. When prompted for reboot, follow the
instruction displayed either on CentreWare Internet Service or on MFP operation panel.
Please make sure that External Access Kit is installed and configured at the MFP!
MFP Configuration:
Configure MFP via operational panel
Login to MFP as a system administrator
Default credential is 11111.
Optional operation
System Settings > Common Service Settings > Maintenance > Delete all data
Date
Time
Time Zone
Optional settings
System Settings > Common Service Settings > Machine Clock / Timers
Optional settings
System Settings > E-mail / Internet Fax Service Settings > E-Mail Control
Following screen will be displayed. Then click [Properties] tab. Authentication dialog pops up. Type in admin
credentials. (Default credential is username: 11111, password: x-admin)
Select [ Machine Digital Certificate Management ] >> [Create New Self signed Certificate]
3 Enable SSL/TLS
Click [Apply]
NOTE: Please make sure to keep [Verify Remote Server Certificate] disabled. Otherwise, users would
get an error message when opening SafeQ application on the MFP panel due to an untrusted certificate.
Check that [Secure HTTP(SSL)] is enabled. If it's not checked, please check it and click [Apply].
5 Verify both SOAP and FTP Client are enabled (By default they're enabled)
Check that both [SOAP] and [FTP Client] are enabled. If not, please check it and click [Apply].
In order to use direct print feature without authentication to device before print perform following steps:
Go to [Accounting] >> [Accessory settings]
Uncheck/disable option [Track Print Jobs with Accounting / Billing device]
Click [Apply]
CONFIGURING FUJI XEROX WITH XCP FOR YSOFT SAFEQ EMBEDDED TERMINAL
Requirements:
1. ApeosPort-IV or ApeosPort-V (for more details see HCL - Fuji Xerox and Fuji Xerox(JAPAN)) with
eXtensible Customizing Platform (XCP) versions 1.2+
2. External Access Kit (Web Browser, EBW v4) and Customize Extension Kit (XCP, Plug-in) are
installed (Should be done by Fuji Xerox service engineer)
3. Proper NVM is set in service mode (Should be done by Fuji Xerox service engineer)
General Notes:
During MFP configuration, MFP sometimes requires reboot. When prompted for reboot, follow the
instruction displayed either on CentreWare Internet Service or on MFP operation panel.
Please make sure that External Access Kit and Customize Extension Kit are installed and
configured at the MFP!
MFP Configuration:
Configurations via operational panel
1 Login to MFP as a system administrator and go to Tools.
Default credential is 11111.
Go to System Settings >> Common Service Settings >> Maintenance and tap Delete all data
System Settings >> Connectivity & Network Setup >> Protocol Settings
4 Configure time zone, date and time according to the server running SafeQ
System Settings >> Common Service Settings >> Machine Clock / Timers
Time Zone
Date
Time
WARNING: Set these options in the aforementioned order, because the Time Zone setting has effect on
the Time setting.
System Settings >> Common Service Settings >> Machine Clock / Timers
System Settings >> Common Service Settings >> Machine Clock / Timers
System Settings >> Common Service Settings >> Screen / Button Settings >> Service Home
System Settings >> E-mail / Internet Fax Service Settings >> E-Mail Control
9 Configure access controlAuthentication / Security Settings >> Authentication >> Access Control...
NOTE: After uninstallation of the Embedded Terminal from the MFP, these settings need to be set to
Unlocked in order to allow access to the MFP's functions again.
Configurations via CentreWare Internet Service
1 Access to MFP at http://MFP_IP_Address using Web Browser.
Following screen will be displayed. Then click [Properties] tab. Authentication dialog pops up. Type in admin
credentials. (Default credential is username: 11111, password: x-admin)
Select [Machine Digital Certificate Management] >> [Create New Self signed Certificate]
3 Enable SSL/TLS
Click [Apply]
NOTE: Please make sure to keep [Verify Remote Server Certificate] disabled. Otherwise, users would
get an error message when opening SafeQ application on the MFP panel due to an untrusted certificate.
Check that [Secure HTTP(SSL)] is enabled. If it's not checked, please check it and click [Apply].
In order to use direct print feature without authentication to device before print perform following steps:
Go to [Accounting] >> [Accessory settings]
Uncheck/disable option [Track Print Jobs with Accounting / Billing device]
Click [Apply]
If you are planning on using authentication with card, set the following property to Enabled, otherwise set it
to Disabled.
Set Use of Smart Card to Enabled, Print to Card Validation Off, Fax / Scan to Card Validation On
Click on Save
Do not enable Use of Smart Card when Card Reader is not connected or you will not be using
authentication with card.
CONFIGURING SHARP OSA FOR YSOFT SAFEQ EMBEDDED TERMINAL
General Notes
Supposed you are configuring new MFP with default settings. If you are configuring older device with
lot of customized settings, it may be useful to reset it to factory defaults first.
Most settings can be configured via internal web page of MFP with administration interface. Web
interface of each device can be different, depending on device model.
Language of the interface is mostly controlled by preferred language setting of the browser. Note that
support of various browsers can differ between particular MFPs.
To enter web interface, insert <MFP IP> to the browser address bar (you will be connected to http
or https page based on MFP's current setting).
The device has to support OSA 3.5 and have installed MX-AMX2 and MX-AMX3 modules for full
YSQSTE functionality. It is customer's responsibility to have it installed.
This method does not work for model MX-2610N since it shows only "Options" and not " Software
Options Installed ".
For model MX-2610N go to menu System Setings > Product Key and check if both modules are
marked with "[Enable]"
The MFP must be configured to communicate via the SSL protocol and the associated
certificate must have been created.
YSoft SafeQ Embedded Terminal for Sharp is implementation of YSoft Terminal Professional in Sharp
devices supporting a combination of OSA technologies, allowing usage of embedded accounting and
GUI.
Terminal is integral and inseparable part of the YSoft SafeQ Server solution and operates only when
connected to the server. Terminals work within the TCP/IP enabled networks only.
SafeQ embedded installation, should be able to configure the device itself if previous
requirements are met. If installation should not be successful you can check if device is
having following settings.
Navigate to the web administrator menu of the device and log in as administrator. Default values
are admin/admin for login and password
Navigate to Application Settings -> External Applications Settings -> Standard Application
Settings and check following window if SafeQ application and and SafeQ scan application are
created or create it with add button.
Check or Enter Y Soft SafeQ as Application Name (Y Soft SafeQ Scan for scan application)
Optionally, icon for application can be uploaded on some machines. Please upload icon file
<TSHome>\Sharp\Terminal\icon100.png
Now continue with configuration of authentication/external accounting, if module MX-AMX3 is
installed. Navigate to Application Settings -> External Applications Settings -> External
Accounting Application Settings and select Enable for External Account Control to enable MX-
AMX3 module
Server 1 (Enable)
Application Name (Y Soft SafeQ)
Address for Application UI
Address for Web Service
Press Submit. Restart of the device will be automatically required. Terminal Server must be running
during each device restart, otherwise new restart will be required.
Configuration is possible on web interface of Sharp device: User Control -> Card Type / Card Reader
Settings
USB Card reader set to keyboard mode and option Use IC Card for Authentication disabled
USB Card reader set to Sharp mode and option Use IC Card for Authentication enabled
Supported MFPs
Configuration of MFP
Upload Certificate
Allowing Direct printing
Allowing Card readers
Time Configuration
Display the SafeQ application screen after successful login
Additional notes
Supported MFPs
Model Name Series Name
Auto-installation of YSoft SafeQ Terminal Embedded requires a MFP firmware version supporting
SDK 2.4 or higher
Configuration of MFP
Upload Certificate
After first installation of YSoft SafeQ Terminal Embedded, it is needed to upload our certificate to device to
make it trusted. Navigate to Administration -> Security -> Certificate Management and in section CA
certificate select CA certificate (DER) radio button and choose a file safeqds.cer from support folder of the
installation package.
As a consequence, any print performed directly to the printer would be printed with this setting. To
prevent unwanted prints, setup IP filtering ( Administration -> Setup -> Network -> Filtering).
Allowing Card readers
If you do not see the configuration for Card authentication, turn off the device and follow these steps:
List of Toshiba devices and required FW versions that supports USB card readers is in the following
article.
YSoft USB card reader registration chapter must be done when the Toshiba MFP FW is lower version
than FW which has YSoft USB card reader already preregistered. The card reader registration procedure is
described in the article configure Toshiba device to work with YSoft USB card reader.
Time Configuration
Time settings have to be configured for proper accounting of jobs and assignment of billing codes to these
jobs.
Go to Administration > General and configure Daylight Saving Time Settings to comply with configuration
of your server, where Terminal Server is running
Next, there are two options possible, based on the availability of SNTP (time) server in your network:
1. a. If SNTP is available, set all necessary details in section SNTP Service and set your timezone
b.
b. If SNTP is not available, in section Date & Time set timezone, date and time to the time of the
Terminal Server. Also disable SNTP server.
WARNING: Be sure to set the time as precisely as possible (in means of seconds) to
avoid errors in assigning billing codes to scan jobs and copy jobs. It is better for the MFP to
have the clock set slightly forward, than backward.
Additional notes
YSoft SafeQ verifies the originating device against the list of active devices in the database. For this
purpose the translation of MFP IP address to the hostname/FQDN using standard Windows features
(DNS/NetBIOS) is made. Please make sure the MFP is properly registered in the DNS or WINS
server as the delays in translation may lead to timeouts or failures during authentication.
1. Navigate in your browser to the IP address of MFP to access web interface of MFP called
TopAccess.
2. Log in with valid credentials and navigate to Administration -> Setup -> Network and click on HTTP
Network Service
3. Make sure option Enable HTTP Server is Enabled.
1. Navigate in your browser to the IP address of MFP to access web interface of MFP called
TopAccess.
2. Log in with valid credentials and navigate to Administration -> Setup -> Network and click on Web
Services Setting
3. Make sure Web Services Scan is Enabled.
4. Fill in Scanner Name (any name will be accepted)
5. Fill in Scanner Information (any string will be accepted)
6. Set Authentication For PC Initiated Scan to Accept the job if user name is valid
7. Save all taken changes
Rights Management
1. Navigate in your browser to the IP address of MFP to access web interface of MFP called
TopAccess.
2. Log in with valid credentials and navigate to Administration -> Security-> Authentication
3. Set User Authentication to Enable
4. Save all taken changes
Configuring Toshiba for YSoft SafeQ Embedded Terminal with @ character in username
Situation
When any of SafeQ users username contains @ character, scan issue with YSoft scan application occurs.
The solution is set configuration option internalLdapReplaceAtChar in SafeQ (expert view) to value
\# - all occurrences of @ will be replaced with #
Limitations
Even if internalLdapReplaceAtChar is set, there are limitations related to Username and
Password authentication method. So in case user with username e.g. user@domain.com is logged on
Toshiba Embedded Terminal using Username and Password, following limitations can occur:
Because of these limitations, authentication method Username and Password is not supported in
combination with usernames containing @ character.
Supported Toshiba MFP FW for YSoft USB card reader
Devices which supports YSoft USB reader
USB card reader is supported on following devices with eB-X Platform.
A4 models:
e-STUDIO287CS / e-STUDIO347CS / e-STUDIO407CS
e-STUDIO477s / e-STUDIO527s
A3 models:
e-STUDIO2040C / e-STUDIO2540C / e-STUDIO3040C / e-STUDIO3540C/ e-STUDIO4540C
e-STUDIO2050C / e-STUDIO2051C / e-STUDIO2550C / e-STUDIO2551C
e-STUDIO2555C / e-STUDIO3055C / e-STUDIO3555C / e-STUDIO4555C / e-STUDIO5055C
e-STUDIO5540C / e-STUDIO6540C / e-STUDIO6550C
e-STUDIO256 / e-STUDIO306 / e-STUDIO356 / e-STUDIO356 / e-STUDIO456 / e-STUDIO506
e-STUDIO656 / e-STUDIO756 / e-STUDIO856
e-STUDIO306 LP
On the latest MFP FW the YSoft USB card reader is already preregistered, so the registration procedure is
not required for proper working of the USB card reader. On the older MFP FW the YSoft USB card reader
must be registered to the device manually.
e-STUDIO5540C / e-STUDIO6540C / e-
STUDIO6550C
e-STUDIO656 / e-STUDIO756 / e-
STUDIO856
Note
It is reccomended to update your device's FW to the latest version. Latest FW versions already
have YSoft USB card reader preregistered, so it is not required to perform registration procedure.
YSoft USB card reader registration chapter must be done when the Toshiba MFP FW is lower
version than FW which has YSoft USB card reader already preregistered. More information about
the registration can be found in the article configure Toshiba device to work with YSoft USB card
reader.
Note: Turn the power OFF before connecting the device. If you do not, the device may not be correctly
recognized. In that case, reboot the MFP with the device connected.
YSoft USB card reader settings
The USB card reader has to be set to the USB keyboard mode. When a different one is set, use the
usbrdrtool to change it.
Configure Toshiba device to work with YSoft USB card reader
YSoft USB card reader registration chapter must be done when the Toshiba MFP FW is lower version than
FW which has YSoft USB card reader already preregistered.
List of Toshiba MFP firmwares which are compatible with YSoft USB card reader.
debug_s_usbcr.sh
usbhidReaderListAdd.txt
YSoft USB card reader
Toshiba device
Files debug_s_usbcr.sh and usbhidReaderListAdd.txt are part of installation package. They are
stored in directory Card Reader Registration available under path _support\YSoft SafeQ Toshiba
Terminal Embedded .
Other products than listed above are NOT supported on the Toshiba MFP.
2) Create usbhidReaderListAdd file according to your Vendor ID, Product ID
1) Open the supplied sample device list, ”usbhidReaderListAdd.txt”, by the text editor.
3) Registration should be 1 line per a unit. The Vendor ID, Product ID, and Reader Name should be
divided by “:” (colon).
4) A beep sounds when registration finishes. Remove the USB memory from the MFP to complete
registration.
CONFIGURING OKI FOR YSOFT SAFEQ EMBEDDED TERMINAL
Upload Certificate
Allowing Direct printing
Allowing Card readers
Time Configuration
Display the SafeQ application screen after a successful log in
Auto-installation of YSoft SafeQ Embedded Terminal requires a MFP firmware version supporting
SDK 2.4 or higher
Upload Certificate
After first installation of YSoft SafeQ Embedded Terminal, it is needed to upload our certificate to device to
make it trusted. Navigate to Administration -> Security -> Certificate Management and in section CA
certificate select CA certificate (DER) radio button and choose a file safeqds.cer from support folder of the
installation package.
As a consequence, any print performed directly to the printer would be printed with this setting. To
prevent unwanted prints, setup IP filtering ( Administration -> Setup -> Network -> Filtering).
Allowing Card readers
If you do not see the configuration for Card authentication, turn off the device and follow these steps:
Time Configuration
Time settings have to be configured for proper accounting of jobs and assignment of billing codes to these
jobs.
Go to Administration > General and configure Daylight Saving Time Settings to comply with configuration
of your server, where Terminal Server is running
Daylight Saving Time is not working correctly on devices with older versions of firmware (older
than O290HD0W2101 ). This can cause problems with assignment of the Billing Codes and the
time of the performed jobs. To check version of your firmware, go to Administration > General >
Version.
Next, there are two options possible, based on the availability of SNTP (time) server in your network:
1. a. If SNTP is available, set all necessary details in section SNTP Service and set your timezone
b. If SNTP is not available, in section Date & Time set timezone, date and time to the time of the
Terminal Server. Also disable SNTP server.
WARNING: Be sure to set the time as precisely as possible (in means of seconds) to
avoid errors in assigning billing codes to scan jobs and copy jobs. It is better for the MFP to
have the clock set slightly forward, than backward.
2.
2. Press 9955 to change the Extension label to "SafeQ" and click OK to save.
3. Press 9132 and insert value 99.
Configuring OKI for YSoft SafeQ Embedded Terminal with @ character in username.
Situation
When any of SafeQ users username contains @ character, scan issue with YSoft scan application occurs.
The solution is set configuration option internalLdapReplaceAtChar in SafeQ (expert view) to value
\# - all occurrences of @ will be replaced with #
Limitations
Even if internalLdapReplaceAtChar is set, there are limitations related to Username and Password
authentication method. So in case user with username e.g. user@domain.com is logged on OKI Embedded
Terminal using Username and Password, following limitations can occur:
Because of these limitations, authentication method Username and Password is not supported in
combination with usernames containing @ character.
CONFIGURING SAMSUNG FOR YSOFT SAFEQ EMBEDDED TERMINAL
Devices based on XOA-E / Android platform are supported so far. No special settings are
required for using with YSoft SafeQ Embedded Terminal.
The YSoft SafeQ® USB Card Reader v2 that could be simply connected to the multi-functional device and
serves for user authentication using card.
The YSoft SafeQ® USB Card Reader v2 could be also connected to workstations and can be used with the
credit charger application or with the SQ client for authentication.
This device complies with Industry Canada licence-exempt RSS standard(s). Operation is subject to the
following two conditions: (1) this device may not cause interference, and (2) this device must accept any
interference, including interference that may cause undesired operation of the device.
NOTE: List of shown certificates is not complete and may depend on exact product part number.
The mounting kit (plastic holder) enables both right-handed and left-handed installation to the MFP.
First prepare the components from the package:
plastic holder
screws
reader module
Prepare the plastic holder for the reader and remove the plastic "fork". See the following pictures.
When the plastic construction is prepared, it can be mounted with crews directly to the machine. See Picture
3 - Mounting kit on the device (when not many screws is possible to mount, use double side tape for better
fixing)
If holder is fixed to the machine, we can stick the reader to holder together by clipping the reader to the
mounting kit.
Finally, connect the USB connector of the reader into a free USB slot.
DISMOUNTING OF THE READER MODULE
Removing from the device can be handled by plastic "fork" from the step 3 or screw driver or similar tool.
When reader is connected with holder to device, we have to remove reader from the mounting kit first. Use
plastic "fork" or screw driver and push the reader part, with moving the reader upwards. Steps 1,2 and 3.
Reader should recover from the holder. Now we can unscrew the mounting kit from the device and
disconnect the reader with following procedure.
Note: The program requires "root" privileges under Linux, therefore it must be run as user root or sudo must
be used.
Start the usbrdrtool under your operation system. When the program is run without any command line
parameter the following screen is shown. The main menu should appear with the selection you want to do.
When administrator selects the number of the reader from the reader list, the reader configuration screens
will be shown with general information about reader and following steps for next administration:
Action 1 sets the USB reader configuration to defaults. This includes USB mode, reader protocol,
debug mode and other parameters. This option does not format data that are stored on USB reader
internal file system.
Action 2 sets USB mode. This option is available onlyfor specific OEM USB reader type. Available
usb modes are described in chapters 4.2.1 and 4.2.2.
Action 3 sets card reader protocol. For some card readers it is necessary to enable support for
another card types. Default card reader protocol is 0 which means that the reader default protocol will
be used. If invalid card reader protocol is selected then the default protocol will be used.
Note: Please see Y Soft Card Readers Protocols.pdf for more details about card reader protocols. This*. pdf
file is always attached to the zip file with released FW of the USB reader.
Action 4 enables debugging in case something goes wrong with the reader (for example hang-up or
reboot or anything similar). Please note that debugging enabled causes wear-out of the internal
flash so enable it only in cases when it is necessary!
Action 5 enables or disables sound on the USB reader. Please note that there is no visual
identification of successful card reading so users in some cases cannot guess what may be
wrong if the card reader makes no sound
Action 99 returns user to the previous menu. If any changes are made, the card reader is rebooted
and the changes are applied.
Action 100 returns user to the previous menu. If any changes in settings are made they are
discarded and original settings remain.
USB keyboard
In this mode the USB reader works as a standard USB keyboard and can be switched to mode 3 only.
NOTE:
Typing of the keys is emulated as numeric keypad for 0-9 and A-F keys on standard EN/US keyboard
layout. If the card number contains any other characters, they are ignored. Caps-lock and Num-lock are
enabled and disabled if necessary and returned back to previous state after the card number is read.
The "Shift", "Ctrl", "Alt" keys must not be held during card placing or it will collide with caps-lock
and num-lock setting and incorrect card number will be read
If a national keyboard layout is used (such as French, Russian, Chinese or other) a wrong card
number will be entered. In such cases a switch to US/EN keyboard layout is necessary before
placing the card.
USB serial
This mode emulates operation of COM port and can be switched to mode 1 only.
On Windows platform the installation of the USB reader in this mode requires usb2-reader.inf file. This file is
distributed along with the usbrdrtool application and should be selected in the "new hardware" wizard after
the USB reader plugging/reconfiguration.
On Linux platform the driver for the serial port is installed automatically.
Card testing in usbrdrtool application will work in this mod
ACTION 3 - SETTING CARD READER PROTOCOL
When you are on the main page select appropriate number of the reader. If you want to change card reader
protocol for specified reader type (selected number), then you need to open the value 3 "Set card reader
protocol"
To choose appropriate reading protocol, please see Y Soft Card Readers Protocols.pdf for more details
about card reader protocols. This*. pdf file is always attached to the zip file with released FW of the USB
reader.
Select the number and confirm by "enter" confirmation.
After selecting the appropriate number of protocol, you will be navigated to submenu page, when you need
to save currently changed settings. Select "99" to save settings for changed reading protocol and confirm.
Card testing screen menu can be started by number 100 from the main menu. See Picture 6 – Main menu.
When testing window will appear you can test the reader by placing a card above the reader.
If the connected reader supports card presence detection then the card number and type is visible only
when the card is placed at the card reader.
If the connected reader does not support card presence detection, a "tmout" is displayed.
The card number will be automatically erased after a couple of seconds of inactivity. This feature is intended
to make sure that the reader works properly and card numbers are read correctly every time a card is
placed.
Please note that displaying the correct card type depends on card reader used and card reader protocol set.
Before using usbrdrtool as a tool for customer card testing please consult USB card reader testing
guidelines.
It is also possible to start the card testing screen directly by specifying -t command line option to the
usbrdrtool application.
Card reader Update firmware
Update of firmware for USB card reader can be done by issuing the following command in the Windows
command like (CMD) or on Linux OS:
Windows:
usbrdrtool.exe -u -i usb2-2.0.1.fw --k
Linux:
Update of service firmware for USB card reader can be done by issuing the following command in the
Windows command like (CMD) or on Linux OS:
Windows:
usbrdrtool.exe -w -i usb2_service-1.0.1.fw -k
Linux:
sudo ./usbrdrtool -w -i usb2_service-1.0.1.fw --k
'-k' option will cause the new firmware to be booted after successful update.
Note: This command can be run form CMD windows or Linux, this is not a command inside the usbrdrtool.
For the configuration of USB card reader to downloading log files from the reader is possible to run following
command in the Windows command like (CMD) or on Linux OS:
Windows:
usbrdrtool.exe -j -o USBLOG.TXT
Linux:
sudo ./usbrdrtool -j -o USBLOG.TXT
Note: Please note that logging must be enabled before using this function
Card reader USBRDRTOOL starting with predefined commands
Administrator can start the USB card reader configuration with predefined usage. The pre-configuration list
is listed bellow as command lines parameters. For example write in cmd windows command line:
-r select reader number to configure, if not specified then first reader will be used
-sselect serial number of reader to configure
-k reset the usb device after successful operation
-u update standard firmware (file on stdin or input file)
-w update service firmware (file on stdin or input file)
-j get log (data on stdout or output file)
-h this help screen
-v verbose operation
-t start card testing mode
Here is the list of beep codes, which give the result on the behavior of USB reader v2.
Legend:
Sound Behavior
- Card read error. Please try placing the card again or use the different
card.
HOW TO FIND OUT VENDOR ID, PRODUCT ID OF YOUR USB CARD READER
Here is described how to find out Vendor ID and Product ID for your USB card reader
1) Connect the USB device to the USB connector of the Windows PC.
3) Open the Human Interface Devices tab, select the HID-compliant device related to your USB reader
4) Select properties
4) Click on the Details tab and select “Hardware Ids”. The VID/PID are displayed.
For YSoft USB readers, following VID and PID are used:
1 Log in to the Web administration, use account authorized to manage the system.
2 Go to Devices > Printers selection and click the edit icon next to the device or double click on the
device.
OR
3b (This step applies only when you have a hardware terminal connected to a device.)
4 Select the Basic tab and select Page tracking mechanism which you want.
NOTE: When you select Online accounting, choose Accounting driver related to your printer by
clicking highlighted button.
5 Click Save device button. A dialog with uninstallation confirmation will appear. Continue with Yes
button.
NOTE: When you have installed devices on ORS, you have to restart ORS service to propagate
scan workflows to ORS.
3 Set access rights to scan workflows according to guide: Setting access rights to scan workflows
NOTE: For information about scan options, see chapter Workflow scanning or Scanning workflow
definition.
OVERVIEW
Scanning via Native application offers all scan settings available for device instead of scanning via SafeQ
Application which was designed to quick settings for users.
For both scanning application scan worklows defined in SafeQ are used.
Scanning with Configuration: Scan workflow (Scan to Configuration: Scan workflow (Scan to
device Native e-mail) with triggered hot folder must be home folder) with triggered hot folder
Scan Application added to device (SafeQ > Devices > Edit must be added to device (SafeQ >
device > Scan tab). Triggered hot folder Devices > Edit device > Scan tab).
and SMB folder defined in device must Triggered hot folder and SMB folder
be equal. defined in device must be equal.
User steps: User log in into terminal User steps: User log in into terminal
embedded, switch to native device Scan embedded, switch to native device Scan
screen, select SMB folder and perform screen, select SMB folder and perform
scan. scan.
Result: Scan file is saved to triggered Result: Scan file is saved to triggered
hot folder. The file is sent to e-mail hot folder. The file is sent moved to
address of user who has performed scan. target directory defined in scan workflow.
*NOTE: Only difference between Scan to home folder and Scan to script is, that script defined in
workflow is triggered, when Scan to script is used.
PRE-REQUISITIES
NOTE: When you have installed devices on ORS, you have to restart ORS service to propagate
scan workflows to ORS.
3 Set access rights to scan workflows according to guide: Setting access rights to scan workflows
CONFIGURATION
1 Create network share folder where both SafeQ and MFP have read/write access.
2 Make sure that users have e-mail defined in YSoft SafeQ. Mailserver (and mail user/pass if
necessary) are required.
3 Go to Devices > Edit device > Scan tab and Add scanning workflows by clicking Add scan
workflow.
4 Enter Triggered hot folder (path to folder that you created in step 2) and save device.
NOTE: The triggered hot folder must be unique for each MFP and Scan workflow.
5 Now you have to create SMB folder on device's web interface or device's scan menu, which will be
equal to triggered hot folder defined in the previous step.
2 You can see list of created users scan destinations. To add new one touch Add user.
3 Now fill in all required fields and also Folder part as following:
Protocol = SMB
Path = path to your Triggered hot folder (same as on scan tab in device settings)
4 Created profile with SMB folder is saved into Address Book list.
1 Go to Scan screen on Ricoh device and touch Folder tab and then Manual Entry to add new folder
destination for scanning.
2 Select SMB protocol and fill in at least Path to folder by touching Manual entry (if you know exact
path) or Browse network (if you want to select path by browsing folders). You can also fill in User
name or password.
NOTE: Path must equal to Triggered hot folder entered on scan tab in device settings.
3 Your new folder is selected but not saved. To save it touch Prg. Dest. button.
4 Now you can change your folder path if you want by touching Change.
5 Now fill in Name and Key display. You can also select Title groups in which will be your folder
preference stored.
6 Now you can see saved folder into selected title group.
RELATED CONFIGURATION
scan-job-max-size-to-mail - Maximum size of scan job handled (sent or received) via email by SafeQ.
Value is set in bytes.
scan-job-changed-destination - The body of email sent to a user when their scan is saved in the back-
up (default) folder, i.e. not according to the workflow. This may occur for various reasons such as the
e-mail attachment is too big.
DESCRIPTION
Terminal layout can be simplified when customer decides not to use Scan workflows and Billing (project)
codes features. This change can be achieved with any browser-based terminals except Konica Minolta. The
main difference is that the main menu on the left side is not available, and does not distract users from
working with their print jobs.
CONFIGURATION
To enable this behavior, the following steps must be completed:
Disable Billing codes feature (change the value billing-codes-enabled to Disabled in the System
settings) or make sure that the user has only one billing code assigned.
Before installing device, unselect the Scan feature
ADMINISTRATOR LOGIN
If you want to use a different administrator name instead of the global administrator login, enter it here:
The global administrator login is defined by property global-authentication-%your_vendor%. You can find
the property in the System settings > Terminal administration
When the device's administrator login corresponds with the global administrator login, you do not need to fill
in.
ADMINISTRATOR PASSWORD
If you want to use a different password instead of the global password, enter it here:
The global password is defined by property global-authentication-%your_vendor%. You can find the
property in the System settings > Terminal administration
When the device's password corresponds with the global password, you do not need to fill in.
FCC STATEMENTS
part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This equipment generates,
uses, and can radiate radio frequency energy and, if not installed and used in accordance with the
instruction manual, may cause harmful interference to radio communications. Operation of this equipment in
a residential area is likely to cause harmful interference in which case the user will be required to correct the
interference at his own expense.
NOTE: Following documentation is related with Terminal Professional v3.5, therefore you might
encounter minor differences when using Terminal Professional v3.0 (e.g. terminal's service menu structure).
The terminal has a graphical user interface with touchscreen and is equipped with a 4-port network adapter.
Microcomputer
Flash EEPROM
Network interface
Various optional card readers are available to meet the compatibility requirements of your existing
identification cards. Both contactless and contact readers are available. (Users can alternatively
authenticate via PIN instead of identification card.)
The terminal communicates with YSoft SafeQ server over ethernet network (default communication port
4096). RJ45 connectors connect the terminal to the network. MFPs and printers communicate with the
SafeQ server via the terminal. Administrator can define whether users are required to authenticate at the
terminal before using the MFP or network printer.
At a Glance
FCC statements
Step 1. Complete the Before-You-Begin checklist
Step 2. Check package contents
Step 3. Connect cables
Step 4. Displaying the Service menu
Step 5. Configure the connection between the terminal and the SafeQ server
Step 6. Test the connection between the terminal and the SafeQ server
Step 7. Replace the back cover of the terminal
Step 8. Mount the terminal
Step 9. Verify installation
FCC STATEMENTS
§ 15.21 Information to user.
The users manual or instruction manual for an intentional or unintentional radiator shall caution the user that
changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment. In cases where the manual is provided only in a form other than
paper, such as on a computer disk or over the Internet, the information required by this section may be
included in the manual in that alternative form, provided the user can reasonably be expected to have the
capability to access information in that form.
1. If possible, register and acquire access to the Y Soft online help desk a day or two before you begin
the installation.
2. Obtain the Terminal Professional installation packages and a small Phillips screwdriver.
3. Make sure YSoft SafeQ Server is installed and running.
4. Write down the terminal's serial number (located on the back of the terminal).
5. Make sure the Control Interface cable is the correct cable for the MFP you are connecting the
terminal to.
Refer to the MFP/cable part number compatibility list that Y Soft provided you or go to
Hardware Compatibility List (HCL) and check the compatibility there.
6.
6. If the cable you have is not correct, find the correct cable before you proceed. The cable may be
among other Y Soft packages at the location where you are installing the terminal.
7. Obtain the following information:
a. SafeQ server IP address
b. Does the network support DHCP?
c. If it does not support DHCP, obtain this additional information:
d. Terminal IP address
e. Netmask address
f. Gateway IP address
g. DNS server IP address
8. Information about the MFP or printer:
a. IP address
b. Serial number
c. Model number
Main package:
Terminal Professional
Ethernet cable
Power supply adapter
NOTE: The package also includes clear plastic cable wrap for the Ethernet cable.
Accessory packages:
NOTE: The Control Interface cable for your MFP may be different from the one shown
here.
1 On the back of the terminal, remove the cover and expose the connectors.
To access most settings, first display the Site admins Service menu as described in this section.
There is similar steps for Terminal Professional v3.5 (the color one) and Terminal Professional v3.0 (the
gray one bellow).
1 If the terminal displays a Place Card screen, tap the top corners 4 times:
For TP v3.5: Tap left top corner > Tap right top corner > Tap left top corner > Tap
right top corner
For TP v3.0: Tap left top corner > Tap right bottom corner > Tap left top corner >
Tap right bottom corner
OR
If the terminal displays a Keypad screen, touch the 0 button 9 times (000000000).
2 The terminal displays a keypad. Enter the PIN, then touch OK.
NOTE: There is two levels of service menu (Y Soft partners service menu and Site admins service
menu). It depends on entered PIN code. Default PIN for Site admins menu is 0000. To get PIN for Y
Soft partners menu, please contact Customer Service Support.
3 The terminal displays the Site admins Service menu or Y Soft Partners service menu, depending on
entered PIN on login screen.
4 The is difference between this two levels of service menu in following options, which are available
only from the Y Soft partners Service menu:
Cluster support
Debug mode
Card reader
Card reader test
Interaction mode
I/O Module
I/O Module test
Emergency update
Change part. PIN
STEP 5. CONFIGURE THE CONNECTION BETWEEN THE TERMINAL AND THE SAFEQ SERVER
OR
4 Enter the SafeQ server’s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001
9 Touch DHCP and according to your network setting select Enable or Disable.
11 Enter the hostname that will be sent by the DHCP client; then touch OK.
NOTE: The hostname can contain a maximum of 31 characters. The terminal’s serial number is
used as the hostname by default.
OR
13 Touch IP address.
14 Enter the terminal’s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001.
15 Touch Netmask.
16 Enter the subnet mask in the format shown in this example and touch OK.
255.255.255.0 is entered as 255 255 255 000.
18 Enter the gateway’s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001.
20 Enter the DNS server’s IP address in the format shown in this example and touch OK.
10.0.1.1 is entered as 010 000 001 001.
STEP 6. TEST THE CONNECTION BETWEEN THE TERMINAL AND THE SAFEQ SERVER
OR
3 If you have not already done so, write down the terminal’s serial number (located on the back of the
terminal).
4 Use the screws and washers included with the mounting bracket to mount the bracket and terminal
onto the MFP.
5 Cover all cables with the clear plastic wrap (included in the plastic bag with the cable). Start the wrap
about 4 or 5 inches (10 to 12 cm) from the back of the terminal.
If a user (with associated card or PIN) has not been created in SafeQ, create one now for testing purposes
as follows:
1. On the terminal’s PIN entry screen, touch 1111 (or whatever PIN you assigned to the test user); then
touch OK.
2. Check to make sure the MFP panel unlocks (that is, the panel lights up and comes on).
If the MFP unlocks and the user is authenticated, installation is now complete.
There is similar steps for Terminal Professional v3.5 (the color one) and Terminal Professional v3.0 (the
gray one bellow).
1 If the terminal displays a Place Card screen, tap the top corners 4 times:
For TP v3.5: Tap left top corner > Tap right top corner > Tap left top corner > Tap
right top corner
For TP v3.0: Tap left top corner > Tap right bottom corner > Tap left top corner >
Tap right bottom corner
OR
If the terminal displays a Keypad screen, touch the 0 button 9 times (000000000).
2 The terminal displays a keypad. Enter the PIN, then touch OK.
NOTE: There is two levels of service menu (Y Soft partners service menu and Site admins service
menu). It depends on entered PIN code. Default PIN for Site admins menu is 0000. To get PIN for Y
Soft partners menu, please contact Customer Service Support.
3 The terminal displays the Site admins Service menu or Y Soft Partners service menu, depending on
entered PIN on login screen.
4 The is difference between this two levels of service menu in following options, which are available
only from the Y Soft partners Service menu:
Cluster support
Debug mode
Card reader
Card reader test
Interaction mode
I/O Module
I/O Module test
Emergency update
Change part. PIN
NOTE: Following documentation is related with Terminal Professional v3.5, therefore you might
encounter minor differences when using Terminal Professional v3.0 (e.g. terminal's service menu structure).
The terminal has a graphical user interface with touchscreen and is equipped with a 4-port network adapter.
Microcomputer
Flash EEPROM
Network interface
Various optional card readers are available to meet the compatibility requirements of your existing
identification cards. Both contactless and contact readers are available. (Users can alternatively
authenticate via PIN instead of identification card.)
The terminal communicates with YSoft SafeQ server over ethernet network (default communication port
4096). RJ45 connectors connect the terminal to the network. MFPs and printers communicate with the
SafeQ server via the terminal. Administrator can define whether users are required to authenticate at the
terminal before using the MFP or network printer.
At a Glance
NOTE: You can find detailed info about available options here.
NOTE: You can find detailed info about available options here.
3 Touch Enable.
NOTE: You can find detailed info about available options here.
NOTE: You can find detailed info about available options here.
Select the Numeric, when you want to have only numeric keyboard by default.
The result is that user will always see only numeric keyboard (even he has the smart card with
alphanumeric characters).
Select Alphanumeric and symbols, when you want to have alphanumeric + symbols keyboard by
default. This mode contains numbers too. To switch between characters sets touch buttons in left
bottom corner.
SETTING AND TESTING THE I/O MODULE FOR THE CONTROL CABLE INTERFACE
NOTE: You can find detailed info about available options here.
4 To see if the control cable interface (also called the blocking cable interface) is functioning, touch I/O
Module test.
5 Select one of the following options and perform the associated test. The terminal displays information
received from the MFP.
NOTE: You can find detailed info about available options here.
1 Connect PS/2 Adapter cable to Terminal Professional in Control interface (connector type: RJ11).
Suppoted are any standard PS/2 keyboards, with 5V DC, max. 100mA.
Optional step: You verify that keyboard is connected and recognized as compatible in Service menu
> I/O Module settings > I/O Module info.
There could be more than one page in I/O Module info, so continue to page (by touching the
display) with PS/2 keyboard interface as Device class.
4 Optional step: Connect Blocking cable (RJ11) from printer to PS/2 Adapter box.
If display of Terminal Professional is dimmed then pressing any key will wakeup the terminal and
redirect user to authentication dialog.
OVERVIEW
Following feature enables that Terminal Professional can connect YSoft SafeQ server via hostname
or Fully Quallified Domain Name (FQDN).
Note: When host names are set then they are overriding and also replacing setting of server IP and
other server node list (values of configuration items SERVERIP and SERVERLIST).
2. Terminal according to results updates fields SERVERIP and SERVERLIST (primary server and other
nodes list)
3. Connection negotiation to servers starts in usual way
4. If terminal is connected to cluster and receives new server nodes IP list then "SERVER_HOSTS",
"SERVERIP" and "SERVERLIST" are updated according to settings (this may clear host names list).
Note: After bootup there is connect to server to inform it about new firmware version etc. This first
connect is made according to value of "SERVERIP" not "SERVER_HOSTS" so no resolving is made. This
will ensure to connect to server from which the update was made.
CONFIGURATION
Service menu
In service menu level 1 there are these options:
Remote configuration
The remote configuration can be performed via Remote configuration tool for hardware terminals
Configuration value of server host names is "SERVER_HOSTS". Reading or writing is supported with
remote configuration tool via authorized access - pin for level 1.
LIMITATIONS
At a Glance
1 Save and run the utility for downloading terminal log files in any convenient folder (for example, c:
\safeq).
NOTE: Contact the Customer Support Services when you don't have the utility.
NOTE: When you run the utility, logs will be downloaded to this location.
2 When the utility asks for the terminal IP address, enter the IP address of the terminal whose logs you
want to download.
The utility downloads the log files to the folder you specified. The logs are identified by the terminal’s
IP address (for example: 10.0.10.202.log).
NOTE: This procedure pings devices accessible via uplink connection; it cannot detect devices
“behind” the terminal.
2 Touch Ping.
3 Enter the device‘s IP address in the format shown in this example and touch OK.
4 If the connection is unsuccessful, check to see if the IP address displayed on the screen is the correct
address for the device.
5 Check troubleshooting information at the Y Soft 24/7 help desk website: http://helpdesk.ysoft.com.
At a Glance
DHCP
Enable – all necessary data for network connection will be sent to termianl from DHCP
server.
Disable – all necessary data for network connection must be set manually in network
settings menu.
DHCP hostname – Enter the hostname that will be sent by the DHCP client. The hostname can
contain a maximum of 31 characters. The terminal’s serial number is used as the hostname by
default.
Gateway – Enter the gateway IP address in the format shown in this example: 10.0.1.1 is entered as
010 000 001 001
DNS server – Enter the DNS server’s IP address in the format shown in this example: 10.0.1.1 is
entered as 010 000 001 001
SNMP – See step 2c for and page Configuring Terminal monitoring via SNMP for more details.
IP address – Enter the terminal’s IP address in the format shown in this example: 10.0.1.1 is
entered as 010 000 001 001
Netmask – Enter the subnet mask IP address in the format shown in this example: 10.0.1.1 is
entered as 010 000 001 001
Autodetect – Autonegotiation
10Mbps Half-Duplex – Manually force speed and duplex setting of ethernet port
10Mbps Full-Duplex – Manually force speed and duplex setting of ethernet port
100Mbps Half-Duplex – Manually force speed and duplex setting of ethernet port
100Mbps Full-Duplex – Manually force speed and duplex setting of ethernet port
Autoneg 10Mbps Half-Duplex – Autonegotiation with limited offer of speed and
duplex setting
Autoneg 10Mbps Full-Duplex – Autonegotiation with limited offer of speed and
duplex setting
Autoneg 100Mbps Half-Duplex – Autonegotiation with limited offer of speed and
duplex setting
Autoneg 100Mbps Full-Duplex – Autonegotiation with limited offer of speed and
duplex setting
MDI/MDIX mode
Port 0 Speed – Speed settings like on Uplink interface but applied to downlink port 0
Port 1 Speed – Speed settings like on Uplink interface but applied to downlink port 1
Port 2 Speed – Speed settings like on Uplink interface but applied to downlink port 2
Port 0 MDI/MDIX mode – Crossover settings like on Uplink interface but applied to downlink port 0
Port 1 MDI/MDIX mode – Crossover settings like on Uplink interface but applied to downlink port 1
Port 2 MDI/MDIX mode – Crossover settings like on Uplink interface but applied to downlink port 2
SNMP service
Community
Locations
Contact
Send SNMP TRAPs
TRAP server
TRAP server port
TRAP community
Select TRAPs
Server IP – Enter the SafeQ server’s IP address in the format shown in this example: 10.0.1.1 is
entered as 010 000 001 001
Server Port – Enter the SafeQ server’s port. The default port is 4096.
Find Server – Displays the list of available servers, when you can choose one.
Cluster support
Cluster mode
Immediate – (Default) The terminal signals the MFP/printer to lock when the user
touches the End button and is logged out.
From server – The server signals the MFP/printer to lock after the job is finished and
the device returns to Ready status.
10 seconds
15 seconds
30 seconds
45 seconds
60 seconds
Refresh server IPs – Following property enables / disables automatic servers IP configuring (main
server and nodes).
2 The terminal displays Card reader settings screen with following options:
Card reader test – Swipe a card through or place a card in front of the reader and see if the terminal
displays the card number. (If the card number does not appear, touch the Card reader option again
and make sure you selected the correct card reader type.)
Reader drivers info – Displays info about terminal's card reader driver.
Fingerprint reload – Touch this button to clear all fingerprint data in the terminal and download new
data from the server (applies only to fingerprint readers).
Fingerprint clear – Touch this button to clear all fingerprint data in the terminal (applies only to
fingerprint readers).
Card presence – This option is valid only for Terminals with HID continuous or SmartCard readers or
other reader that require card presence by default.
Default – When the user remove the card from the terminal, he will
be immediately logged out.
Presence not needed – User is logged out after pressing exit button or after timeout
doesn't matter if the card is removed or not.
SmartCard PIN type – This option is valid only for Terminals with SmartCard readers.
Numeric – Classic login screen with numeric keypad is displayed after inserting the
card.
Alphanumeric and symbols – Login screen with alphanumeric keypad with characters,
numbers and special symbols is displayed after inserting the card.
2 The terminal displays I/O Module settings screen with following options:
I/O drivers info – Displays info about terminal's i/o module driver.
2 The terminal displays Interface settings screen with two pages. To move between pages touch
Next page or Previous page. It contains following options:
Sound – For beeps to sound when terminal buttons are touched, select on. To turn off beeps, select
off.
Job list mode - Select one of the following job list modes:
No job list – The terminal does not display a Job List option; users cannot view jobs at
the terminal.
Queue only – The terminal displays a Job List option. When users select it, they see a
list of only jobs in the print queue. They can select jobs they want to print or delete.
Queue/printed – The terminal displays a Job List option. When users select it, they can
view jobs that are ready to print (highlighted) and jobs that have been printed.
Queue/printed/favorites – The terminal displays a Job List option. When users select
it, a submenu appears from which the user can select the jobs they want to see: jobs in
the print queue, printed jobs, or the user's favorite jobs.
Temporarily disabled – The terminal displays a Job List option. When users select it,
they see a message that the administrator has disabled the Job List feature; users
cannot view jobs at the terminal.
Interaction mode - Select one of the following interaction modes. Note: To change the
Interaction mode, you must display the Y Soft partners Service menu.
Show P/C summary – Select the information that the terminal displays when a print/copy operation
is complete, before the print/copy session ends:
Enter Project ID
Yes – The user can enter a project ID. The terminal does not initially display the project
list. However, if the user enters the first digit of a project ID, the terminal then displays all
the projects that begin with that digit. For example, if the user enters 22, the terminal
displays all the projects beginning with 22.
No – The user does not need to enter a project ID; the terminal displays all the project
IDs.
Copy timeout sound – Note: Sound must be enabled for this option to work.
Select Yes for the terminal to emit a sound when the specified maximum amount of time
for a copy session is reached. (See "Copy dialog timeout.")
Select No for the terminal to remain quiet when the specified maximum amount of time
for a copy session is reached.
Menu dialogs timeout – Select the maximum length of time with no user input the terminal will
display menus:
10 seconds
30 seconds
60 seconds
None – No timeout. Applicable only if the terminal includes a specific card reader and
the user is logged in with a card. Note: "None" is supported only by Smartcard
reader, Mifare reader in Continuous mode, or HID Continuous reader.
Info dialogs timeout – Select the maximum length of time with no user input the terminal will display
information screens:
2 seconds
5 seconds
10 seconds
20 seconds
Copy dialog timeout – Select the length of time with no copy activity before the terminal
automatically logs the user out (applies only to the time before the first copy is made):
20 seconds
60 seconds
None (default) – SafeQ Server determines the timeout period.
Enabled (applicable only if the terminal includes a selected card reader) – When a print
/copy operation is complete and the user's card is still present at the reader, the terminal
displays the Main menu and the user stays logged in---the session does not end until he
/she touches the End button.
Enabled (default) – Print and copy screens will display warning messages from the
server.
Disabled – Print and copy screens will not display warning messages from the server.
Language selector
Globe always – If multiple languages are available, the Globe button appears on the
main terminal screen. Users can touch the button, then select a language.
Direct for 2 lang mode – If only two languages are available, instead of the Globe
button, a button with the name of the second language appears on the main terminal
screen. Users can touch the button to switch to the other language.
Disable – User have to select each individual job before printing. Print button in main
menu invoke joblist enter. No jobs are preselected. No possibility to select all jobs by
context menu.
Enable (default) – Print button in main menu invoke printing of all waiting jobs.
Letters, numbers and special – When the user is searching billing codes, keyboard
with letters, numbers and special characters will be displayed.
Numbers and special – When the user is searching billing codes, keyboard with
numbers and special characters will be displayed.
Numbers only – When the user is searching billing codes, keyboard with numbers will
be displayed.
Lett., numb. with dot button – When the user is searching billing codes, keyboard with
letters, numbers, special characters and dot button will be displayed.
Numbers, spec. with dot button – When the user is searching billing codes, keyboard
with numbers, special characters and dot button will be displayed.
Numbers with dot button – When the user is searching billing codes, keyboard with
numbers and dot button will be displayed.
Full keyboard, on letters - When the user is searching billing codes, full keyboard with
buttons for layout change is displayed. The first layout is letters.
Full keyboard, on cap. letters - When the user is searching billing codes, full keyboard
with buttons for layout change is displayed. The first layout is capital letters.
Full keyboard, on numbers - When the user is searching billing codes, full keyboard
with buttons for layout change is displayed. The first layout is numbers.
Full keyboard, on special - When the user is searching billing codes, full keyboard with
buttons for layout change is displayed. The first layout is special characters.
Password display
Hide all - When the user is typing a password, a dot is displayed instead of all
characters.
Show last character (default) - When the user is typing a password, the last
character is displayed.
Legacy keyboard (default) - The numeric keyboard (like SMS typing on old
phones) is used for username and password input.
Full keyboard, on letters - The full keyboard with buttons for layout change is
used for username and password input. The first layout is letters.
Full keyboard, on cap. letters - The full keyboard with buttons for layout change
is used for username and password input. The first layout is capital letters.
Full keyboard, on numbers - The full keyboard with buttons for layout change is
used for username and password input. The first layout is numbers.
Full keyboard, on special - The full keyboard with buttons for layout change is
used for username and password input. The first layout is special characters.
Default language – Select the default language the terminal will use.
Languages – Select the languages the terminal will make available for users to choose (maximum of
6 languages, including the default language).
Disable
Screen dimming
Backlight completely off
Screen completely off
Ping – Enter IP adress of device, which you want to ping and touch OK. Terminal pings entered IP
address and shows result of this action.
Ping server – Pings SafeQ server which was set in Server settings. The message with ping result will
be displayed.
Test server connect – Test of terminal connection to SafeQ server. The message with test result will
be displayed.
At a Glance
How it works
Terms
Limitations:
Scan using workflow - configuration
Scan using SMTP - configuration
Related configuration
HOW IT WORKS
There is few ways how to scan with a Terminal Professional. All of this possibilities is defined in table below.
Scan via scan Configuration: Scan workflow (Scan Configuration: Scan workflow (Scan
workflow to e-mail) with scan folder must be to folder) with scan folder must be
(supported with all added to device (SafeQ > Devices > added to device (SafeQ > Devices >
printers) Edit device > Scan tab). Scan folder Edit device > Scan tab). Scan folder
and SMB folder defined in printer must and SMB folder defined in printer must
be equal. be equal.
User steps: User log in into the User steps: User log in into Terminal
Terminal Professional, display Scan Professional, display Scan screen on
screen on printer, select SMB folder printer, select SMB folder and perform
and perform scan. scan.
Result: Scan file is saved to scan Result: Scan file is saved to scan
folder. When user logs out from the folder. When user logs out from the
Terminal Professional, file is sent to e- Terminal Professional, file is moved to
mail address of user who has target directory defined in scan
performed scan. workflow.
*NOTE: Only difference between Scan to folder and Scan to script is, that script defined in workflow is
triggered, when Scan to script is used.
TERMS
SMB folder - Folder selected from address book or inputed directly on a printer screen in scan menu
LIMITATIONS:
selection of scan workflow from the scan workflows list is not supported on Terminal Professional
configuration of scan parameters (i.e. filename, email of sender, email of recipient, ...) is not
supported on the Terminal Professional
configuration of scan settings (i.e. color, resolution, simplex / duplex, ...) is not supported on the
Terminal Professional
2 Create either network share or local folder on SafeQ server where both SafeQ and MFP device have
read/write access and that folder must be visible for the MFP.
3 Make sure that users have e-mail defined in YSoft SafeQ. Mailserver (and mail user/pass if
necessary) are required.
4 From YSoft SafeQ administration web interface create a new device with terminal (connected in step
1).
5 Go to Rules > Scan workflows and add scanning workflows as described here: Managing scan
workflows
6 Go to Devices > Edit device > Scan tab and Add scanning workflows by clicking Add scan
workflow.
7 Enter Folder (UNC path in case of network share or absolute path in case of local folder that you
have created in step 2) and save device.
NOTE: The folder must be unique for each printer and Scan workflow.
8 Login into MFP device's menu or MFP device's web interface. Go to address book and create SMB
folder, which will be equal to folder defined in device (step 7)
OR
3 Login into SafeQ Web interface. Go to Devices > Printers > Edit device > Advanced tab > Add Scan
jobs default addressee.
NOTE: When default address is filled in, scan is delivered to addresses selected in MFP scan
menu. The user who has open session on the device is displayed as Sender (the user who is logged
into the Terminal Professional).
OR
Login into SafeQ Web interface. Go to Devices > Printers > Edit device > Advanced tab > Remove
Scan jobs default addressee.
NOTE: When default address is not filled in, scan is delivered to user who opened the session
(the user who is logged in to the Terminal Professional). This user is displayed as sender too.
RELATED CONFIGURATION
Configuration can be changed from SafeQ web interface:System Settings
scan-job-max-size-to-mail - Maximum size of scan job handled (sent or received) via email by SafeQ.
Value is set in bytes.
scan-job-changed-destination - The body of email sent to a user when their scan is saved in the back-
up (default) folder, i.e. not according to the workflow. This may occur for various reasons such as the
e-mail attachment is too big.
Scan via scan Configuration: Scan workflow (Scan Configuration: Scan workflow (Scan
workflow to e-mail) with scan folder must be to folder) with scan folder must be
(supported with all added to device (SafeQ > Devices > added to device (SafeQ > Devices >
printers) Edit device > Scan tab). Scan folder Edit device > Scan tab). Scan folder
and SMB folder defined in printer must and SMB folder defined in printer must
be equal. be equal.
User steps: User log in into the User steps: User log in into Terminal
Terminal Professional, display Scan Professional, display Scan screen on
screen on printer, select SMB folder printer, select SMB folder and perform
and perform scan. scan.
Result: Scan file is saved to scan Result: Scan file is saved to scan
folder. When user logs out from the folder. When user logs out from the
Terminal Professional, file is sent to e- Terminal Professional, file is moved to
mail address of user who has target directory defined in scan
performed scan. workflow.
*NOTE: Only difference between Scan to folder and Scan to script is, that script defined in workflow is
triggered, when Scan to script is used.
TERMS
SMB folder - Folder selected from address book or inputed directly on a printer screen in scan menu
LIMITATIONS:
selection of scan workflow from the scan workflows list is not supported on Terminal Professional
configuration of scan parameters (i.e. filename, email of sender, email of recipient, ...) is not
supported on the Terminal Professional
configuration of scan settings (i.e. color, resolution, simplex / duplex, ...) is not supported on the
Terminal Professional
1 Login into device web interface and go to Store Address and touch New Registration.
1 Display Utility menu on device and go to: One-Touch/User Box Reg. > Create One-Touch Destination
> Address Book (Public) and touch E-Mail
3 Fill in all necessary fields and touch OK. To move between pages use up/down arrows.
2 Enter Fax/Scan menu at MFP device and select e-mail addresses from Address Book.
NOTE: Scan will be delivered to selected addresses, only when Scan jobs default addressee (in
SafeQ Web interface > Devices > Printers > Edit device > Advanced tab) is not filled. Otherwise,
scan will be delivered to user who perform scan.
2 Enter Fax/Scan menu at MFP device and touch E-Mail on Direct Input tab.
NOTE: You can add e-mail addresses with direct input and from address book in one session.
NOTE: Scan will be delivered to entered address, only when Scan jobs default addressee (in
SafeQ Web interface > Devices > Printers > Edit device > Advanced tab) is not filled. Otherwise,
scan will be delivered to user who perform scan.
At a Glance
1 Login into device web interface and go to Store Address and touch New Registration.
5 When user authenticates on terminal and enters Scan menu on device, he just selects created SMB
folder and performs scan. Scans will be delivered to this folder, and after logging out from Terminal
Professional, scan files will be delivered to target destination according to configuration in used scan
workflow.
NOTE: SMB folder must be equal to Triggered hot folder for used scan workflow.
1 Display Utility menu on device and go to: One-Touch/User Box Reg. > Create One-Touch Destination
> Address Book (Public) and touch PC (SMB).
3 Fill in all necessary fields and touch OK. To move between pages use up/down arrows.
5 When user authenticates on terminal and enters Scan menu on device, he just selects created SMB
folder and perform scan. Scans will be delivered to this folder, and after logging out from Terminal
Professional, scan files will be delivered to target destination according to configuration in used scan
workflow.
NOTE: SMB folder must be equal to Triggered hot folder for used scan workflow.
At a Glance
2 You can see list of created users scan destinations. To add new one touch Add user.
3 Now fill in all required fields and also Folder part as following:
Protocol = SMB
Path = path to your Triggered hot folder (same as on scan tab in device settings)
4 Created profile with SMB folder is saved into Address Book list.
1 Go to Scan screen on Ricoh device and touch Folder tab and then Manual Entry to add new folder
destination for scanning.
2 Select SMB protocol and fill in at least Path to folder by touching Manual entry (if you know exact
path) or Browse network (if you want to select path by browsing folders). You can also fill in User
name or password.
NOTE: Path must equal to Triggered hot folder entered on scan tab in device settings.
3 Your new folder is selected but not saved. To save it touch Prg. Dest. button.
4 Now you can change your folder path if you want by touching Change.
5 Now fill in Name and Key display. You can also select Title groups in which will be your folder
preference stored.
6 Now you can see saved folder into selected title group.
At a Glance
2.x.x Yes No No No
1 Download the new firmware files from the Y Soft Partners' Portal (http://partners.ysoft.com).
2 Copy downloaded files into the "update" folder on SafeQ server - typically C:/SafeQ5/server/update.
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
2 Select terminal(s) which you want to update and click Schedule firmware update.
3 Set Date and time, firmware version and click Schedule update. Your update will be saved and
performed at given time.
NOTE: Update time can be late for few minutes, depending on the workload of SafeQ servers and
terminal availability.
4 You can see bar with updates status as displayed here. Click icon to see details of scheduled
updates.
1 Edit the configuration file (safeQ.fwupdate.conf or fwupdate.conf), which is located in the SafeQ
home directory in the folder ...\conf\modules (or ...\conf\), as described in the following example.
(The configuration file includes parameters for different versions of terminals and for the recharging
station.)
In the Terminal v3 firmware area, look at the highlighted. As a general rule, on the left side of the
equal sign ( = ) is the definition of the current firmware, and on the right is the new firmware. In the
example shown here, the last time the firmware was updated, version 3.12.[0-9] was updated to
version 3.13.3.
NOTE: Brackets indicate a range of firmware. For example, 3.12.[0-9] means any firmware
version from 3.12.0 to 3.12.9
To perform the update, you can use either a full update file or a differential update file. Differential
files are smaller and therefore the update is faster, but can be used only when the third-level version
of the firmware changes. For example, if you're updating from 3.12.0 to 3.12.5, you can perform a
differential update. But if you're updating from 3.12.0 to 3.13.0, you must perform a full update. If you
are not sure, perform a full update.
NOTE: Lines which stated with # symbol are not taken into account.
3 Authenticate at the terminal. The update process begins. The update process can take several
minutes, depending on the connection. The terminal service menu indicates when the update is
complete.
If you are able to authenticate, you have now successfully upgraded the terminal firmware.
NOTE: Emergency updates are always full updates – not differential updates.
1 Edit the configuration file (safeQ.fwupdate.conf or fwupdate.conf), which is located in the SafeQ
home directory in the folder conf\modules (or conf\), as described in the following example. (The
configuration file includes parameters for different versions of terminals and for the recharging
station.)
In the Terminal v3 firmware area, look at the line that includes “emergency”. On the left side of the
equal sign ( = ) is the version of the terminal and on the right is the new firmware. In the example
shown here, the last time an emergency update was performed, Terminal Professional version 3
was updated with firmware version 3.13.3.
NOTE: Lines which stated with # symbol are not taken into account.
The update process can take several minutes, depending on the connection. The terminal Service
menu indicates when the update is complete.
With Termtool utility you can perform many types of updates (regular, emergency, push,...).
2 Run termtool.exe from command line with appropriate parameters (depends on type of update)
You can find all parameters and other documentation about Termtool here: Remote configuration tool
for hardware terminals
TERMINAL SPECIFICATIONS
Item Specification
Internal readers For a complete list, contact your Y Soft sales representative
External reader interface (for terminal Dsub 9, RS 232 / Wiegand interface, 5V 300mA
with external reader only)
RAM 64MB
Item Specification
WARNING: For Terminal Professional HID iClass applies: This is a class A product. In a domestic
environment this product may cause radio interference in which case the user may be required to take
adequate measures.
The YSoft SafeQ4 Smart Card solution delivers advanced level of security to sensitive information for
private and governmental organizations. With the smart card solution, organizations can restrict access to
the MFP's walk-up features, ensuring that only authorized users are copying, scanning, emailing and faxing
information.
Among the most important benefits is the two-factor identification and user's authentication via industry
standard means. Users must insert their access card and enter a unique PIN at the device, providing added
security in the event that a card is lost or stolen. The System validates the revocation status on all
certificates (KDC and user) using the Online Certificate Status Protocol (OCSP).
YSoft SafeQ® Smart Card Solution complies with USA Homeland Security Presidential Directive (HSPD-12)
and Federal Information Processing Standards (FIPS-201) for Common Access Card (CAC) and Personal
Identity Verification (PIV) requirements.
PRE-REQUISITES
INSTALLATION
Assuming installed YSoft SafeQ 5 server please continue with:
1. Make sure that the Terminal Professional has properly configured smart card reader (if you insert the
smart card, the terminal asks for PIN code)
2. Add device to SafeQ and configure the terminal. If you want to use terminal as a Network Reader for
embedded solution, ONLY use the terminal SN as a network card reader SN. Do not change any
settings (e.g. ports) on the Terminal Professional!
3. Get certificate from AD (issuer of users' certificates) for each domain in DER encoded binary X.509
format (.CER)
4. Import certificates to SafeQ truststore (%SAFEQ_HOME%/conf/ssl-truststore). The keystore
password is in wrapper.conf, see: javax.net.ssl.keyStorePassword attribute
Keytool example
5. Update %SAFEQ_HOME%/conf/krb5.conf
set default_realm to your realm (typically uppercase of your domain - replace YSOFT.LOCAL
in following example with your domain)
if you will miss-configure the Realm, YSoft SafeQ will report following error to the log
file (cml.log): LoginException: Cannot get kdc for realm <REALM NAME>.
set default_tkt_enctypes to des-cbc-md5 or aes128-cts-hmac-sha1-96 (based on system you
are using. For Windows Server 2008 R2 and newer use aes128-cts-hmac-sha1-96, otherwise
use des-cbc-md5) supported algorithms
if you have only one domain, keep only one record in section [realms], otherwise create record
for every domain you have following this example
example of krb5.conf
[libdefaults]
default_realm = YSOFT.LOCAL
default_tkt_enctypes = des-cbc-md5 aes128-cts-hmac-sha1- 96
allow_weak_crypto = yes
[realms]
YSOFT.TEST = {
kdc = 10.0 . 10.40
admin_server = 10.0 . 10.40
}
YSOFT.LOCAL = {
kdc = kdc1.ysoft.local
kdc = kdc2.ysoft.local
admin_server = kdc.ysoft.local
}
7.
CONFIGURATION
Please do not change the configuration unless you are fully aware of what and why you are changing.
The only exceptions may be:
Area
Behavior
Features
Area
smartCardAuthKeyId
smartCardAuthKeyName
smartCardAuthCertId
smartCardAuthCertName
smartCardAuthReqPinId
smartCardAuthReqPinName
NOTES
Windows 2000/2003 Server doesn't support AES, it is necessary to disable its use, see http://technet.
microsoft.com/en-us/library/cc749438(WS.10).aspx
use config value kerberos-allow-aes=false
for Kerberos Error Codes see http://technet.microsoft.com/en-us/library/bb463166.aspx
for more information about Kerberos, please refer to following articles:
http://msdn.microsoft.com/en-us/library/aa378747.aspx
http://technet.microsoft.com/en-us/library/cc753173(WS.10).aspx
http://technet.microsoft.com/en-us/library/bb742431.aspx
for the US Federal Government Standard for Personal Identity Verification (PIV) of Federal
Employees and Contractors, see FIPS-201-1-chng1.pdf
with single-factor authentication. The following table describes the three different mechanisms in some
detail.
Two Factor As stated above. This is the most secure Also the slowest SafeQ uses low
(Card + PIN) User inserts their method. Complies with authentication level APDU
Authentication card, enters their FIPS 201 and other method. Requires commands to
PIN, and system similar global standards additional communicate
initiates a for an assurance level of configuration and with the device,
challenge VERY HIGH confidence. integration with a and thus can’t
/response protocol Kerberos use
to authenticate the KDC. Requires manufacturer-
user. CAC enablement provided
kit on Xerox APIs. This
devices. means that
every Smart
Card
manufacturer
may need to be
developed and
tested
independently. It’
s possible that
the card
manufacturer for
the customer
hasn’t been
implemented by
Y Soft yet, and
will require some
customization.
Single Factor User inserts their Provides relatively fast This was originally Y Soft card
Authentication card, and the method of developed as a readers may
with CHUID / system extracts a authentication. Compllies customization for receive different
FASC-N unique identifier with FIPS 201 and other one particular numbers from
for the card from similar global standards customer, and isn’ Terminal
the public for an assurance level of t guaranteed to Professionals vs.
information on the SOME confidence. work correctly at USB card
card. every installation. readers. In such
Test thoroughly cases, users
This occurs from a
may have to
static location.
register their
Single Factor User waves their Provides the fastest Does not comply The reader
Authentication badge by a reader method of with FIPS 201 for technology may
with Proximity that matches the authentication. Doesn’t any assurance vary (HID Prox,
Chip embedded require physical contact level. This is also HID iClass, etc.),
technology for the of the card with the the easiest of the even within the
embedded reader. Card reader three options for a same
proximity chip. technology is cheaper. malicious user to manufacturer for
create a forgery different
or spoof. generations of
Smart Cards. Y
Soft must
complete card
testing to verify
the correct card
reader.
At a Glance
FCC statements
Step 1. Complete the Before-You-Begin checklist
Step 2. Check package contents
Step 3. Connect cables
Step 4. Terminal's configuration
Step 5. SafeQ server configuration
Step 6. Mount the terminal
Step 7. Verify installation
FCC STATEMENTS
user's authority to operate the equipment. In cases where the manual is provided only in a form other than
paper, such as on a computer disk or over the Internet, the information required by this section may be
included in the manual in that alternative form, provided the user can reasonably be expected to have the
capability to access information in that form.
1. If possible, register and acquire access to the Y Soft online help desk a day or two before you begin
the installation.
2. Obtain the Terminal Ultralight installation packages and a small Phillips screwdriver.
3. Make sure YSoft SafeQ Server is installed and running.
4. Write down the terminal's serial number (located on the back of the terminal).
5. Make sure the Control Interface cable is the correct cable for the MFP you are connecting the
terminal to.
Refer to the MFP/cable part number compatibility list that Y Soft provided you or go to
Hardware Compatibility List (HCL) and check the list there.
6. If the cable you have is not correct, find the correct cable before you proceed. The cable may be
among other Y Soft packages at the location where you are installing the terminal.
7. Obtain the following information:
a. SafeQ server IP address
b. Does the network support DHCP?
c. If it does not support DHCP, obtain this additional information:
d. Terminal IP address
e. Netmask address
f. Gateway IP address
g. DNS server IP address
8. Information about the MFP or printer:
a. IP address
b. Serial number
c. Model number
Check to make sure you have the following items (included in several packages):
Main package:
Terminal Ultralight
Ethernet cable
Power supply adapter
NOTE: The package also includes clear plastic cable wrap for the Ethernet cable.
Accessory packages:
NOTE: The Control Interface cable for your MFP may be different from the one shown
here.
NOTE: You must connect the Control Interface cable before you connect the Power Supply Adapter
cable.
The printer has to be connected to network directly or by switch in the UltraLight terminal.
1 Log in to the SafeQ Web administration with sufficient rights to manage devices.
2 Go to Devices > Printers selection and click the edit icon next to the device or double click on the
device.
3 Go to Terminal tab and insert, select Hardware terminal option and enter Terminal serial number
of your Terminal Ultralight. This serial number equals to serial number written in SafeQ Terminal
Configuration util (first column).
Depending on the type of bracket included with the terminal, mount the bracket to the MFP, to the wall, or to
a nearby object such as a desk or table.
To mount the terminal onto the MFP, follow these steps:
3 If you have not already done so, write down the terminal's serial number (located on the back of the
terminal).
4 Use the screws and washers included with the mounting bracket to mount the bracket and terminal
onto the MFP.
5 Cover the Ethernet cable with the clear plastic wrap (included in the plastic bag with the cable). Start
the wrap about 4 or 5 inches (10 – 12 cm) from the back of the terminal.
NOTE: The PIN you use must be one that you have already addedin the SafeQ system.
2 Check to make sure the MFP panel unlocks (that is, the panel lights up and comes on).
It is possible to configure following properties using SafeQ Terminal Configuration utility (terminal config)
Terminal's IP address
Netmask address
Gateway IP address
Enable / disable DNS server IP address
SafeQ server's IP address
Enable / disable sound
Level of debug mode
Card reader protocol
It is possible to configure following properties using Remote configuration tool for hardware terminals
(termtool)
Terminal's IP address
Netmask address
Gateway IP address
Enable / disable DNS server IP address
SafeQ server's IP address
Enable / disable sound
Level of debug mode
Card reader protocol
Enable / disable Refresh server IPs
Enabled - (Default) Servers IP addresses are automatically configured based on running SafeQ
servers.
Disabled - Currently configured servers IP addresses stay unchanged. This apply also for
nonstandard situations such as servers behind NAT or cold backup servers.
1. You need following tools: termtool.exe and squl_cfg_set.bat. They are distributed with Terminal
UltraLight firmware.
2. Prepare configuration file. For example cfg.txt.
3. This file will contain only one line with NOSRVREFRESH=0 if you want to enable Refresh server IPs
or line with NOSRVREFRESH=1 if you want to disable Refresh server IPs.
4. In command line run following command: "squl_cfg_set.bat <IP address of Terminal Ultralight>
<configuration file>" . (Real example: "squl_cfg_set.bat 10.0.5.122 cfg.txt")
This page describes service procedures available for Terminal Ultralight and Network Card Reader. For
better understanding we are using word terminal on this page, which refers to Terminal Ultralight, and also
Network Card Reader.
OVERVIEW
There are two ways to update the terminal's firmware:
Regular update – The first time a user authenticates at the terminal, the update process is automatically
triggered. SafeQ downloads the update files to the terminal, starts the update process, and displays a
message on the terminal screen informing the user about the update.
Emergency update – If you need to update only a small number of terminals, you can perform an
emergency update. Unlike a regular update, which is automatic, you initiate an emergency update at the
terminal, enabling you to perform the update at a convenient time.
1 Download the new firmware files from the Y Soft Partners' Portal (http://partners.ysoft.com) to the
SafeQ server.
2 Copy the new firmware files into the "update" folder (typically: C:/SafeQ/server/update).
3 Edit the configuration file (safeQ.fwupdate.conf or fwupdate.conf), which is located in the SafeQ
home directory in the folder ...\conf\modules (or ...\conf\), as described in the following example.
(The configuration file includes parameters for different versions of terminals and for the recharging
station.)
In the Terminal Ultralight firmware, look at the highlighted. As a general rule, on the left side of the
equal sign ( = ) is the definition of the current firmware, and on the right is the new firmware. In the
example shown here, the last time the firmware was updated, version 1.1.[0-9]ul was updated to
version 1.2.3.
NOTE: Brackets indicate a range of firmware. For example, 1.1.[0-9] means any firmware version
from 1.1.0 to 1.1.9
NOTE: Lines which stated with # symbol is not taken into account.
5 SafeQ server is now prepared for regular or emergency update (depends on lines added into
configuration file in step before).
1 Prepare configuration file on SafeQ server as described above in Downloading the firmware files
and editing the configuration file
2 Authenticate at the terminal. The update process begins. The update process can take several
minutes, depending on the connection. The terminal LEDs indicates when the update is complete.
If you are able to authenticate, you have now successfully upgraded the terminal firmware.
1 Prepare configuration file on SafeQ server as described above in Downloading the firmware files
and editing the configuration file.
3 Use a paper clip or a small screwdriver to push the Emergency button and hold it.
Continue to hold the button pressed while you plug the power cable back in.
The terminal emits a short series of beeps (from 1 beep to 5 beeps) with pauses between each
series. Each series represents an action you can take. After the series of 5 beeps, it starts over with 1
beep again.
After the action is selected it is processed and the terminal is rebooted after that.
Terminal Ultralight and Network card reader are shipped with configuration reset to default.
If you are able to authenticate, you have now successfully performed one of selected procedures.
If the Terminal Ultralight or Network Card Reader is using recent firmware version it is not necessary to
unplug the terminal power cable as described in step 2. Just follow the instructions described in step 3 but
hold the button for more than 5 seconds. This functionality works during terminal initialization or idle state
when user card or PIN is expected. It will not work when user session is in progress on Terminal UltraLight.
DHCP: Disabled
IP:192.168.0.100
Netmask: 255.255.255.0
Gateway: 192.168.0.254
DNS: 192.168.0.254
Primary Server: 192.168.0.254:5011
Server list: empty
Update server: 192.168.0.254:4096
Sound: Enabled
DHCP: Disabled
IP:192.168.0.100
Netmask: 255.255.255.0
Gateway: 192.168.0.254
DNS: 192.168.0.254
Primary server: 192.168.0.254:4096
Server list: empty
Locking: Immediate
Auth. type: Card or PIN
Mode: Normal
Sound: Enabled
Debug mode: No log
IOmodue mode: 0
Terminal Ultralight and Network card reader are shipped with configuration reset to default.
Sequence Description
- Card read error. Place the card again or use a different card.
.- Terminal validation failed. Server reports that the terminal is not registered on SafeQ.
..- User quota has been exceeded or user has no billing code assigned.
-.- User authentication failed. The PIN is not valid or the ID card is not registered in SafeQ. If
YSoft Payment System is used, it can indicate account is disabled.
.-- The terminal received an error or warning message from the SafeQ server.
If YSoft Payment System is used, it can indicate insufficient credit balance for current user
(according SafeQ system settings for YSoft Payment System -
pricePerPageReservationStrategyForCopyOnHwTerminal ) to perform copies/scans.
...- Hardware configuration is corrupt and the terminal cannot continue booting.
- .. - Maximum number of firmware update attempts reached but no valid firmware detected.
-.-- Maximum number of firmware update attempts reached and the terminal is resuming normal
boot.
.-.. Firmware update failed. Error in server response. SafeQ server is probably not configured
correctly.
Sequence Description
Animated
Unsuccessful authentication. The terminal does not recognize
the card, PIN, or Card Activation Code code.
Animated
Terminal is processing; please wait.
Animated
Firmware upgrade in progress; please wait.
Sequence Description
Flashing
Copying in progress. To cancel, press X or OK, or place a
card.
NOTE: This code appears only on SafeQ Terminal UltraLight
Print & Copy.
Flashing
Copying in progress. Server issued a warning. See the MFP
display panel for details.
NOTE: This code appears only on SafeQ Terminal UltraLight
Print & Copy.
Flashing
Printing in progress. Please wait until the print job is finished.
Flashing
Printing in progress. Server issued a warning. See the MFP
display panel for details.
Flashing
An error occurred. See beep codes for details (page ).
Sequential...
Sequence that appears as a user enters a PIN.
During boot
WARNING: Do not perform this action unless instructed
to do so by Y Soft.
Enter the terminal model. For UltraLight Print & Copy, press 1
. For UltraLight Print Only, press 3.
Sequence Description
Parameter Value
At a Glance
FCC statements
Network Card Reader overview
System Overview
Ethernet Reader specification
Terminal's configuration
SafeQ server configuration
FCC STATEMENTS
§ 15.21 Information to user
The user's manual or instruction manual for an intentional or unintentional radiator shall caution the user
that changes or modifications not expressly approved by the party responsible for compliance could void the
user's authority to operate the equipment. In cases where the manual is provided only in a form other than
paper, such as on a computer disk or over the Internet, the information required by this section may be
included in the manual in that alternative form, provided the user can reasonably be expected to have the
capability to access information in that form.
The YSoft SafeQ ® Ethernet Reader is based on YSoft SafeQ® Terminal UltraLight. YSoft SafeQ®
Ethernet Reader provides compact, fast and simple user interface for authorization to printer. It has no
display available; therefore user interaction is limited to status leds. User authentication (on Ethernet
Reader) is possible only with card.
NOTE: Following documentation is related to both types of Network Card Readers, therefore you might
encounter minor differences when using Network Card reader with external card reader.
SYSTEM OVERVIEW
The purpose of Ethernet Reader is to handle user authentication and authorization to the device
using card.
User can use also the PIN authorization (using the MFP integrated panel).
Terminal is powered by external power supply that is also included in installation package.
The emergency button is used for reset the terminal into default settings.
Parameter Value
TERMINAL'S CONFIGURATION
Ethernet Reader requires TCP/IP connection to the YSoft SafeQ server. Ethernet Reader has own IP and
MAC address.
DHCP=0
IP=192.168.0.100
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
DNS=192.168.0.254
SERVERIP=192.168.0.254:5011
SERVERUPD=192.168.0.254:4096
The SERVERIP corresponds to the IP address and port of the YSoft SafeQ® Terminal Server. The IP and
port are used for card authentication.
The SERVERUDP corresponds to the SafeQ server and serves for firmware updates.
After the Ethernet Reader is properly configured, it must be connected to the YSoft SafeQ®.
Assume that the YSoft SafeQ® server and YSoft SafeQ® Terminal Server are already installed and
running.
1 Log in to the SafeQ Web administration with sufficient rights to manage devices.
2 Go to Devices > Printers selection and click the edit icon next to the device or double click on the
device.
3 Go to Terminal tab and insert Network Card reader serial number. This serial number equals to
serial number written in SafeQ Terminal Configuration util (first column).
NOTE: If you want to add Network Card reader serial number, one of the authentication method
with card must be selected.
4 Since the installation is successfully finished, the Ethernet reader is successfully configured.
SERVICE PROCEDURES
For more info about all service procedures, please visit: Performing service procedures of Terminal
UltraLight and Network Card Reader
SERVICE FIRMWARE
Service firmware is the most important part of the reader firmware. Right after power-up it will check the
emergency button if any action is required. Then it will check the normal firmware for integrity. If the normal
firmware is not valid then the emergency firmware will connect to server in emergency mode and download
the firmware. If the normal firmware integrity is ok, then it is started.
READER FIRMWARE
Ethernet Reader firmware is the main part of the firmware. It initializes network, autodetects readers and
sends the card number to the server when card is placed. By default the firmware starts UDP locator server
which will help detecting available readers on the local network. Also the TCP configuration server is
started.
In the following table, a period ( . ) represents a short beep and a dash (-) represents a long beep.
Sequence Description
- Card read error. Please try placing the card again or use the different card.
.- Reader validation failed. Server reports that the terminal is not registered on SafeQ. Please
consult administrator manual
-.- User validation failed. User card is not registered in the system.
-..- Maximum number of update attempts reached but no valid firmware detected.
.-.. Update of firmware failed. Error in server response, SafeQ server is probably not configured
correctly.
Animated
Ethernet reader is processing, please wait.
Animated
Firmware upgrade in progress, please wait (service firmware working).
Place card.
Flashing
Error occurred, see beep codes for details.
Use a paper clip or a tiny screwdriver to push the emergency button. Hold the button pressed for
more than 5 seconds.
Alternatively you can unplug the terminal power cable, hold the emergency button and plug the
terminal power back while still holding the emergency button
The terminal now starts with short series of beeps with a longer pause between them. The action is
selected by releasing the button in the pause. Once the beep count reaches selectable maximum it
starts over again from 1. To cancel any selection unplug the power cable and release the button.
1 beep - do a set default configuration
4 beeps - do the emergency reload - reset configuration to default and start emergency update
5 beeps - set network configuration to use DHCP server
6 beeps - push update expected, do not try to connect to the server for update
After the action is selected it is processed and the terminal is rebooted after that
NETWORK CARD READER - CONTINUOUS READING AND LOG OFF BY CARD REMOVAL
OVERVIEW
This feature enables users to be logged in device while their card is placed on Network Card Reader (NCR)
and logged out when the card is removed from NCR.
CONFIGURATION
This feature is implemented since firmware 1.2.8. T o be enabled, continuous card reader protocol has
to be set. Contact customer support services for more information about card reader protocols.
USING
User with assigned card comes to Network Card Reader and place card on the reader (card stays on the
reader and is not removed). User is logged in while card is placed on terminal - > user can perform prints
/scans/ copies. After user is finished he removes card from the reader and is logged out.
The termtool configuration tool is designed for YSoft Hardware terminals (Terminal Professional, UltraLight
and Network card reader).
PURPOSE
PREREQUISITES
LIMITATIONS
Not all functions are supported on all previous releases of terminal firmwares.
DESCRIPTION
The program runs in a system console. It is not a GUI application, it is an application running in text mode.
When the program is run without any command line parameter the termtool loads terminal list from fixed file
(termlist.txt) and tries to detect all other accessible terminals. Then the following screen is shown:
Actions:
99) Exit application
Terminal list:
101) Refresh 102) Load 103) Save 104) Purge
Terminal :
111) Add by IP 112) Add by SN 113) Delete
Cfg. template:
121) Apply to all terminals
Enter number:
Terminal type
TP = Professional
SPM = SafeQ Payment machine
TP-NCR = Professional in Network card reader mode
ULPC = UltraLight Print&Copy
ULPO = UltraLight Print only
NCR = Network card reader
Terminal IP address
Serial number
Firmware version
Terminal availability
TCP and bcast = Terminal is reachable by both TCP connection or by broadcast - terminals in
same subnet with correct IP address setting
TCP only = Only TCP connection - terminals in different subnet, but correctly configured IP
address (and netmask etc.)
bcast only = Only broadcast connection - like terminal in same subnet, but without correctly
configured IP address
unreachable = Terminal is not on last known IP and is not reachable via broadcast (not in
same subnet)
User may select concrete terminal number (0-98) to be configured or run one of these commands:
Terminal Professional:
Terminal information:
Type : Professional
Firmware ver. : 3.11.4(505)
Servicefw ver.: 2.2.3-12
Servicefw stat: OK
Hardware information:
HW version : 3.5.3
Serial number : SQPR9493534CD6E
Manuf. date : Tue Dec 1 11:52:42 2009
Network information:
Pri. MAC addr.: 00:0A:59:F4:4C:D6
Sec. MAC addr.: 00:0A:59:F4:4C:D7
Link-0 speed : 0
Link-0 mode : 0
Link-1 speed : 0
Link-1 mode : 0
Link-2 speed : 0
Link-2 mode : 0
Up-link speed : 0
Up-link mode : 0
IP information:
DHCP : Enabled
DHCP IP : 10.1.5.232
DHCP Netmask : 255.255.255.0
DHCP Gateway : 10.1.5.100
DHCP DNS : 10.1.0.100
Host name : TEST0001
Server information:
Primary server: 10.1.5.121:4096
Server list :
Locking : Immediate
Cluster supp. : Enabled
Cluster mode : Balanced
Advanced information:
Auth. type : 8 = Card or PIN or Login
Mode : Normal
Joblist mode : Queue/printed
PIN dlg. text : Without characters count
P/C alert msg.: Enabled
Sum. after P/C: Pages and price
Menu timeout : 60
Info timeout : 20
Sound : Enabled
Debug mode : Log all
Language information:
Default lang. : 2 = English
Other langs. : 11 = Japanese;14 = Chinese (Simplified);17 = Chinese (Traditional);21 = Arabic;25 = Korean;
Lang. selector: Globe always
----------------------------------------------------------------------------
Terminal:
1) IP setup
2) Server setup
3) Advanced setup
4) Card reader and IO module setup
5) Languages setup
Actions:
99) Exit without saving
100) Save changes to terminal and exit (may need service menu pin)
Cfg. template:
101) Load template 102) Save changes as template
Enter number:
Terminal UltraLight:
Terminal information:
Type : UltraLight Print&Copy
Firmware ver. : 1.2.0ul
Servicefw ver.: 1.7.0svcul
Servicefw stat: OK
Hardware information:
HW version : 1.5.1
Serial number : SQULB47151A344E
Manuf. date : Fri Nov 25 16:40:37 2011
HW features : 00000000
Keyb. type : 2
Network information:
MAC address : 00:0A:59:F4:A3:44
Port 0 speed : 0
Port 0 mode : 0
Port 1 speed : 0
Port 1 mode : 0
IP information:
DHCP : Enabled
DHCP IP : 10.1.5.217
DHCP Netmask : 255.255.255.0
DHCP Gateway : 10.1.5.100
DHCP DNS : 10.1.0.100 10.0.0.100 10.0.0.101
Host name : Ulko_007
Domain :
Server information:
Primary server: 10.1.5.121:4096
Server list :
Locking : Immediate
Advanced information:
Auth. type : 3 = Card or PIN
Mode : Normal
Sound : Disabled
Debug mode : Log all
----------------------------------------------------------------------------
Terminal:
1) IP setup
2) Server setup
3) Advanced setup
4) Card reader and IO module setup
Actions:
99) Exit without saving
100) Save changes to terminal and exit (may need service menu pin)
Cfg. template:
101) Load template 102) Save changes as template
Enter number:
When some value is incorrect in relevant behavior or could not be obtained from terminal then "FAILED" or
"unknown" is shown. When user selects terminal configuration change relevant information are repeated
before entering new values.
Terminal "IP setup" allows to set DHCP support, terminal IP, netmask, gateway, dns, hostname.
Terminal "Server setup" allows to set server IP:port, cluster nodes IP, update server for network card
reader, locking mode, cluster support and cluster mode.
Terminal "Advanced setup" allows to set authentication type, terminal mode, joblist type, pinbox text,
timeouts, sound setting, debug setting and other interface related settings.
Terminal "Card reader and IO module setup" allows to set reader type and protocol, IO module type and its
mode.
Terminal "Languages setup" allows to set default language, other selectable languages, and language
selector type.
"SafeQ Payment Machine setup" allows to set money removal PIN and print receipt setting.
Action "99) Exit without saving" returns user to the previous menu. If any changes in settings are made they
are discarded and original settings remain.
Action "100) save changes to terminal and exit (may need service menu pin)" returns user to the previous
menu. If any configuration settings are changed, then changes are stored into terminal and applied. Some
settings require service menu pin on terminal professional so user is asked to enter it.
Action "101) Load template" loads from fixed file (termtempl.txt) configurations changes. These changes are
shown in listing.
Action "102) Save changes as template" stores all currently prepared changes on selected terminal to file
(termtempl.txt) for future use as a configuration template.
-l list terminals
-L list terminals, but do NOT list unreachable ones
-n do NOT search for new terminals (use only stored list)
-ms SPM - set receipt template (req. SM pin l 2)(template data on stdin or input file)
-mc SPM - clear receipt template (req. SM pin l 2)
NOTE: Some of the functions require a specific product or a certain minimum firmware version.
TERMINAL SELECT
(-I) IP address - terminal must have properly configured network settings and be accessible via TCP
connection to entered IP.
(-t) id - Select terminal on id offset in stored terminal list (termlist.txt)
(-s) serial number - terminal must be accessible via broadcast or already stored in list, then it could
be selected by its serial number
INPUT/OUTPUT
When command produces some output then it is shown to user (printed on stdout). It could be also
redirected by system to file or written to file by program when user uses option (-o out_file)
When command requires additional data file then user may enter them on stdin, redirect output of other
program to stdin or specify input file (-i input_file)
Linux examples:
./termtool -I 10.0.0.1 -c
SOUND=0
^D
Windows examples:
(-P) SM PIN
Configuration of some values in terminal professional or in Payment Machine requires service menu pin. So
by this option user should specify pin value. Useful with -G1 -G2 -C1 -C2 -ms -mc.
LIST TERMINALS
There is option to detect and list almost all terminals on same segment of network. Also program use stored
list (termlist.txt) to add other terminals which should be outside network segment, but still accessible via IP
address.
Output listing have same format as stored list (termlist.txt) and should modified in following ways:
(-L) list all terminals (stored ones and newly detected), but do NOT list unreachable ones
Previous commands should be modified with (-n) option which force to do NOT search for new
terminals (use only stored list) so stored list will be only updated with current values and optionally
removed unreachable terminals.
Downloads terminal configuration and shows it to user or store it to file (-o out_file).
Options (-G1) (-G2) are only for terminal professional to authorize via service menu pin level 1 or 2 -
optionally combine with parameter (-p pin).
Example on linux:
or on Windows:
Upload configuration entered on stdin or from input file (-i input_file) to terminal.
Options (-C1) (-C2) are only for terminal professional to authorize config upload via service menu pin level 1
or 2 - optionally combine with parameter (-p pin). Parameter (-CU) force different way of configuration
upload - via broadcasts - so terminal have to be in same network segment.
Configuration file should contain only fields which user needs to change! Storing of read only value is
considered as error so final result of run will be also error.
Example on linux:
or on Windows:
Downloads terminal log and shows it to user or store it to file (-o out_file).
Please note that logging must be enabled before using this function
Example on linux:
or on Windows:
Downloads two different types of SPM logs and shows it to user or store it to file (-o out_file). These files
also enclose when reporting problem with SPM via Service desk incident reporting.
Example on linux:
or on Windows:
Terminal professional only - Show information about boot loaders and service firmware or store them to file
(-o out_file).
(-MS) (-MC) SAFEQ PAYMENT MACHINE - RECEIPT TEMPLATE
Only for SafeQ Payment machine equipped with optional printer. There commands requires service menu
pin level 2 (combine with -p pin). By option (-ms) users shall upload new receipt template (combine with -i
input_file) or clear currently stored one (-mc)
Example on linux:
or on Windows:
Invoke terminal to reboot into service firmware and do full update of firmware from SQ server.
Example on linux:
or on Windows:
Invoke terminal to reboot into service firmware and do emergency full update of firmware from SQ server.
Example on linux:
or on Windows:
Invoke terminal to reboot into service firmware and do full update of firmware from defined URL.
Example on linux:
or on Windows:
Example on linux:
or on Windows:
NOTE: This "server-less" style of service firmware update is supported from firmware 3.8.0 on TP and 1.1.0
on UL.
or on Windows:
Example on linux:
or on Windows:
SafeQ Payment Machine have posibility to update firmwares of banknote/coin acceptors. These firmwares
are stored in SPM. To update these stored data use this command with the latest data file package.
Example on linux:
or on Windows:
Note: For Terminal UltraLight or Network Card Reader see option (-ug)
Important note: This command may fail in some situations. In this case try to perform it again.
e.g.: Message "Failed to switch terminal to update mode" may mean that there is currently an
active user/admin session.
This "server-less" style of firmware update is supported on terminals that already have service
firmware 2.3.1-13 or newer, or that have standard firmware 3.8.0 or newer.
Warning: This command may automatically update terminal service firmware to minimal required
version.
Example on linux:
or on Windows:
Sends main firmware update directly to Terminal UltraLight or Network Card Reader.
Important note: This command may fail in some situations. In this case try to perform it again.
e.g.: Message "Failed to switch terminal to update mode" may mean that there is currently an
active user/admin session.
This "server-less" style of firmware update is supported on terminals that have standard firmware
1.1.5 or newer.
Warning: This command may automatically update terminal service firmware to minimal required
version.
Example on linux:
or on Windows:
Example on linux:
./termtool -I 10.0.0.1 -r
or on Windows:
termtool.exe -I 10.0.0.1 -r
By specifying '-v' (debug) or '-V' (verbose debug) on command line an extended debug mode is enabled.
This may provide developers with important information in case anything during termtool operation fails.
RETURN VALUE
When command line execution is successfully done program returns 0. In case of errors any non zero value
is returned.
FILES FORMAT
IP address
Serial number
Number defining type of terminal
Firmware version
If you need to import terminal list you should replace termlist.txt with list where are only IP addresses, then
call termtool to list terminals. Termtool will try to contact all terminals and update information in output
listing.
CONFIGURATION TEMPLATE (TERMTEMPL.TXT)
# 24
DEFLANG=1
# 24
LANGUAGES=2;11;
File contains optional internal data in comments (line starting with '#') and configuration values which have
to be changed.
So format allows to get current configuration from terminal and copy relevant items to template file without
any modifications.
Terminal is configured to DHCP by default and this is correct in this situation so we need only to configure
server IP. Terminal will be connected directly to the same network subnet.
1) Interactively
on Windows:
NOTE: Configuration item "SERVERIP" stands for primary SQ server. Other configuration items
could be found in documentation enclosed in remote configuration tool
Now terminal will be configured
CONFIGURE MULTIPLE ITEMS ON MANY TERMINALS CONNECTED TO LARGE NETWORK WHILE WE KNOW THEIR IP ADDRESSES
Terminals are properly configured in customer's network, but they are on many subnets. We have list of
their IP addresses.
Run termtool
Select any suitable terminal or add one of required terminal by its IP address from list( 111) Add by
IP ).
Enter all required changes of configuration by selecting appropriate items and entering values
After configure enter 102) "Save changes as template"
Enter number 99 - Exit without saving
Enter number 99 - "Exit application" to leave utility
All this could be also done manually by direct editing of termtempl.txt with correct configuration values
(items documentation enclosed in remote configuration tool).
2) Modify termlist.txt
See section "Files format" for details.
Terminal list file could contain only IPs - one per line so replace current termlist.txt file with your list of
terminals IPs.
Run termtool without detecting new terminals, so only list will be used
termtool -n
Alternatively you could run termtool normally, then tool detects also other terminals, then selects
purge terminal list and loads list so you will have only terminals stored in list
When you configure some options that requires service menu pin on terminal professional then select
option to enter it first. (Enter PIN L 1/2)
Enter number 121 - "Apply to all terminals" to apply configuration template
Now all terminals will be configured
Enter number 99 - "Exit application" to leave utility
DISABLE ALL DOWNLINK PORTS ON FEW TERMINALS CONNECTED TO LARGE NETWORK WHILE WE KNOW THEIR IP ADDRESSES
Terminals are properly configured in customer's network, but they are on many subnets. We have list of
their IP addresses.
Ethernet ports could not be interactively configured in termtool so you have to use remote configuration with
correct configuration values. In enclosed documentation (Terminal Configuration Details_SQPR_fw3.12.0.
xlsx) you could found that ethernet port settings are stored in values PORT_X_SPEED, where X stands for
0-3 and 3 means uplink. So we need to configure items PORT_0_SPEED, PORT_1_SPEED,
PORT_2_SPEED and they are configurable via authorized access with service menu pin level 1. Best way
how to get correct value of required item is to get it from terminal.
edit stored config file to contain only required items (PORT_0_SPEED, PORT_1_SPEED,
PORT_2_SPEED). So file will contain this content:
PORT_0_SPEED=5
PORT_1_SPEED=5
PORT_2_SPEED=5
now for each terminal upload configuration change. Replace IP address with correct one and 0000
with service menu pin level 1.
NOTE: This style of service firmware update is supported from firmware 3.8.0 on TP and 1.1.0 on UL.
Obtain the newest service firmware file (files like UL/ER: ultralight_service-1.7.fw TP/SPM:
emergency-2.2.2-12.enc)
Terminal must have properly configured network settings so it have to be accessible via IP address.
(for this example we will suppose that IP address for TP is 10.0.0.50 and 10.0.0.51 for UL)
Check current version of service firmware
For TP/SPM (obtain low level information - service firmware and boot-loaders statuses)
For UL/ER you have to download whole configuration and search for the version
on linux:
./termtool -I 10.0.0.50 -k
./termtool -I 10.0.0.51 -g
on Windows:
termtool.exe -I 10.0.0.50 -k
termtool.exe -I 10.0.0.51 -g
Search for values of items SERVICE_STATUS and SERVICE_VER which contain information about
current service firmware status and version.
Update service firmware by entering following command
on linux:
on Windows:
./termtool -I 10.0.0.50 -k
./termtool -I 10.0.0.51 -g
on Windows:
termtool.exe -I 10.0.0.50 -k
termtool.exe -I 10.0.0.51 -g
Annotation
Overview
Terminal Configuration utility
Remote configuration tool
Reading configuration
Setting configuration
Conclusion
ANNOTATION
This guide provides the essential information on the configuration of the YSoft SafeQ Terminal Professional,
YSoft SafeQ Terminal UltraLight and YSoft SafeQ Network Card Reader.
You are expected to understand some networking and printing concepts: in particular, you should be
familiar with the client/server paradigm, with IP addressing and TCP/UDP ports.
The producer does not bear any responsibility for the use of any functions not specified here unless covered
by a separate document.
The producer rejects any and all responsibility for the consequences of improper, negligent or incorrect
installation or settings of optional operational system parameters.
OVERVIEW
YSoft SafeQ Terminal Professional, YSoft SafeQ Terminal UltraLight or YSoft SafeQ Network Card
Reader could be remotely configured via network. On the same subnet of network terminal could be
accessed via UDP broadcasts without knowing its IP address by Terminal configuration utility or anywhere
on network via TCP connection but with known terminal IP address by Remote configuration tool.
YSoft SafeQ Terminal UltraLight and YSoft SafeQ Network Card Reader - FW higher than 1.0.0.
1 Open the SafeQ Terminal Configuration utility then click Scan. The utility discovers and lists all the
terminals that are in the same subnet that the configuration utility is running on.
2 Locate the terminal you want to install by looking for it's serial number in the Serial column.
NOTES:
Once user chose required serial number, it can be copied into the system clipboard by
pressing CTRL+C. This can be handy for transfer the serial number into the YSoft
SafeQ.
User can also copy all information about required terminal into the system clipboard by
clicking an arrow on the beginning of the line and pressing CTRL+C.
Several or all lines with terminals' information can be copied. To choose and copy only
some of the lines, CTRL key needs to be pressed while choosing the lines.
To choose all of it, CTRL+A keys need to be pressed while choosing the lines.
1. a. If DHCPis enabled, in the Server cell, check to see that the IP address matches the IP address of
the SafeQ server. If it does not, select that cell and enter the correct IP address of the SafeQ server.
b. If DHCP is not enabled, enter IP addresses and ports in each field.
Fields decription:
Serial - Terminal's serial number.
DHCP - If checked DHCP is enabled, if unchecked DHCP is disabled.
IP - Terminal's IP address
Mask - Netmask address
Gateway - Gateway IP address
DNS - DNS server IP address
Server - IP address and port number of SafeQ server, to which you want to connect this
terminal. For Terminal Professional, and Terminal Ultralight set port 4096, for Network
Card reader set port 5011.
Sound - If checked sounds is enabled, if unchecked sounds is disabled.
Debug - Debug mode
Reader - Card reader type build-in terminal.
4 Click Save button to save new settings. The terminal will restart with new settings.
Unautorized access:
YSoft SafeQ Terminal Professional - FW higher than 3.0.0.X
YSoft SafeQ Terminal UltraLight and YSoft SafeQ Network Card Reader - FW higher than 1.1.0
Authorized access:
YSoft SafeQ Terminal Professional - FW higher than 3.11.0
Remote configuration tool package contains command line executable for both windows and Linux. There
are also some scripts for quicker usage.
Details of configurable items are stored in enclosed documents (Terminal configuration details).
READING CONFIGURATION
Use correct script to get configuration. If required redirect output to file to store configuration (append “> file”
to the end of command)
Scripts:
Examples for terminal professional with IP address 10.0.0.1 and with PIN 0000 to service menu level 1
sqpr_cfg_get 10.0.0.1
sqpr_cfg_get_l1 10.0.0.1 0000
sqpr_cfg_get_l1 10.0.0.1 0000 > old_config.txt
Possible values of each configurable item could be expanded in future so the best way is to
configure values manually on terminal in service menu, and then download current configuration to
get required values.
SETTING CONFIGURATION
Use correct script and file with new configuration to set it. File has to contain only changed items of
configuration. If you send read only items or items from higher level you will receive error.
Scripts:
Examples for terminal professional with IP address 10.0.0.1, with PIN 0000 to service menu level 1 and new
configuration stored in file “new_config.txt”
sqpr_cfg_set 10.0.0.1 new_config.txt
sqpr_cfg_set_l1 10.0.0.1 0000 new_config.txt
Possible values of each configurable item could be expanded in future so the best way is to configure
values manually on terminal in service menu, and then download current configuration to get required
values. From downloaded configuration prepare new file with required items only. Upload this new
configuration.
CONCLUSION
This manual, like YSoft SafeQ itself, is in a constant process of development. While we strive to keep the
information relevant at all times, it is possible that, as new versions of YSoft SafeQ are being released, you
will find information here that is no longer entirely up-to-date.
If you cannot find information that you think it should be here and/or if you have any other suggestion for
further improvement, please don't hesitate to contact our Customer Support Services.
Page and its child pages describe information about MFP configuration for using with a hardware
terminal.
In order to prevent using an MFP without a successful authentication, an MFP panel has to be locked and
can be unlocked via a hardware terminal communication with MFP over blocking cable only.
Information about exact procedure for locking panel and connecting blocking cable can be found in the child
pages:
Note: Each partner shall obtain pass code to enter service mode as well as Key Chain values from Fuji
Xerox. Y Soft cannot disclose this information which is covered by NDA.
NVM for BARE - enable (For blocking with YSoft Terminal Professional Ask Fuji Ask Fuji
/Ultralight) Xerox Xerox
C NVM for FX IC CARD GATE - enable (For YSoft SafeQ Terminal Ask Fuji Ask Fuji
Embedded) Xerox Xerox
Note: To unblock the device it is necessary to disable NVN B or C and A before unplug Bare FDI / EPA
Card reader.
Terminal Professional:
1. In the service menu of terminal proceed following way: I/O Module settings -> I/O module
2. Select YSQC0-048-0000 Smart Cable Xerox v2 is chosen and on the next screen set it to be
operating in mode corresponding with the device used.
Terminal Ultralight:
1. Use the termtool utility, how to use guide can be found in Configuring Terminal UltraLight
2. After selecting the proper terminal to configure continue with entering 4 – Car reader and IO module
setup and confirm with Enter. Press Enter one more time to skip the card reader setting.
3. By entering „?“ You can list all the available types. Choose YSQC0-048-0000 Smart Cable Xerox v2.
4. Choose mode corresponding with the used device. confirm by pressing Enter.
5. Press Enter one more time and continue entering 100 in order to reboot the terminal and save
changes made in its configuration.
4.
ADDITIONAL SETTING
Tools/counters –> 3 Administrator setting –> 9 Security Setting –> 7 Management Function setting –> 1
Function setting
Copy - ON
Print - OFF
Send Scan/Fax – ON
KM bizhub C364
KM bizhub C364
KM bizhub C554
KM bizhub C3350/C3850
KM bizhub 4050/4750
1. open registry 9016(type) and set up option 0 or 1 (0 disabled, 1 - insert coin message)
Compatible
devices
OKI ES9460
OKI MC760
5.
5. Click "Submit"
Compatible
devices
OKI ES4191
OKI ES9460
YSQC0-035-0000 Cable
Toshiba v2 (Type 4)
OKI ES4191
OKI MC760
In case that the standard procedure does not work - a device cannot be unlocked by the cable, you can try
another way (for example MP 4002, MP 5002, MP C3002, MP C3502, MP C4502, MP C5502):
1. Activate support for enhanced external charge unit management (SP mode 5-113-002 to 1)
2. Navigate to System Settings -> Administrator Tools -> Enhanced External Charge Unit Management
3. Here choose what features have to be blocked (usually copy, scan)
4. Also make sure the Key Counter Management in administrator tab has all functions turned OFF.
Procedure for MP C2003, MP C3003, MP C3503, MP C4503, MP C5503 and MP C6003 devices:
1. Navigate to system settings -> administrator tools -> key counter management
2. Here choose what features have to be blocked (usually copy, scan)
In case YSQC0-012-0000 Cable Ricoh (20-pin) is used set SP 5113-1 to value 1 and SP 5113-2 to
value 0.
1. Navigate to system settings -> administrator tools -> external charge unit management
2. Here choose what features have to be blocked (usually copy, scan)
Ricoh MP 4002
Ricoh MP 2501sp
to be installed on device.
1. press 26
2. press Start
3. press 3
4. press Start
5. select outside auditor as VENDOR-EX, vendor mode as MODE3
6. press Start
7. press CA
Compatible
devices
Sharp MX-2610N
Sharp MX-2614N
Sharp MX-2610N
YSQC0-035-0000 Cable
Toshiba v2 (Type 4)
YSQC0-042-0000 Cable
Toshiba v2 (Type 7)
After connecting FDI following steps have to be done via device service menu:
1. Navigate to Common Service Settings -> Maintenance/Diagnostic -> NVM Read / Write
2. Write “850-007“, click on Confirm/Change, write „3“, click on Save
3. Close - > Exir (Keep Log) -> Yes
4. MFP is restarted
NOTE: If the scan/fax function is not blocked automaticaly, change switch 850 015 to 1.
To unblock the device it is not sufficient only to revert back the change of Switch 850-007 back to 0 but also
it is necessary to set 850-001 switch to 0. This was chaged automatically by FDI connection. After
performing these changes FDI can be disconnected.
Terminal Professional:
1. In the service menu of terminal proceed following way: I/O Module settings -> I/O module
2. Select YSQC0-048-0000 Smart Cable Xerox v2 is chosen and on the next screen set it to be
operating in mode corresponding with the device used.
Terminal Ultralight:
1. Use the termtool utility, how to use guide can be found in Configuring Terminal UltraLight article.
2. After selecting the proper terminal to configure continue with entering 4 – Car reader and IO module
setup and confirm with Enter. Press Enter one more time to skip the card reader setting.
3. By entering „?“ You can list all the available types. Choose YSQC0-048-0000 Smart Cable Xerox v2.
4. Choose mode corresponding with the used device. confirm by pressing Enter.
5. Press Enter one more time and continue entering 100 in order to reboot the terminal and save
changes made in its configuration.
The FDI Kit allows blocking the machine enabling support of other devices such as swipe card terminals.
Blocking cable
YC01000 030
Blocking cable
YC01000 0051
FDI
Compatible FDI :
YSQC0-011-0000
YSQC0-057-0000
Download and install the FIH software. The software is available from the hp website give below:
Once on this web page, type "lj637en.exe" (without quotes) into the search window and click the arrow to
the right of the search window. This will then display a web page with a link to download the FIH Harness
software (lj637.exe). The software is used to enable or disable the FIH portal. Use the software to set and
change the administrator personal identification number (PIN). Administrators can use the PIN option to
configure the FIH to prevent any unauthorized changes. Changes can be made only with the correct PIN
authentication. It is important to remember the PIN that is assigned to the FIH administration software. The
PIN is required to make any changes to the FIH.
DETAILS
Double-click FIH.EXE to begin the configuration of the FIH portal. The Foreign Interface Harness dialog box
appears.
Click OK .
Click Enable .
If the PIN is entered before, click No . If a PIN is entered before, click Yes .
If clicked No , enter and confirm the PIN, and then click OK . If clicked Yes , enter the PIN (1234) and click
OK .
Click the appropriate button for the type of connection: Direct or Network .
If Direct button is selected, enter the printer port. If Network button is selected, enter the IP address and
port for the printer.
NOTE: The IP address for the HP Device can be found on the printer’s Configuration page. You can print a
Configuration page from the printer control panel by selecting MENU, CONFIGURATION MENU, and then
PRINT CONFIGURATION PAGE
If an incorrect IP address is entered, it gives an error message. Otherwise, the portal has been enabled.
Double-click the FIH.EXE file. The Foreign Interface Harness dialog box appears.
Click OK .
Click Disable .
Click the appropriate button for the type of connection: Direct or Network .
If Direct button is selected, enter the printer port and click OK . If Network button is selected, enter the IP
address and port for the printer, and then click OK . The portal is disabled.
NOTE: If the PIN number gets lost and the portal needs to be disabled try using the default listed to disable
it.
Double-click the FIH.EXE file. The Foreign Interface Harness dialog box appears.
Click OK .
Click the appropriate button for the type of connection: Direct or Network .
If Direct is selected, enter the printer port and click OK . If Network button is selected, enter the IP address
and port for the printer, and then click OK . The PIN is changed.
HP 4345MFP
YSQC0-011-0000
PROCEDURE
SCAN WORKFLOWS
To make the scan workflows work, you need to set up Adress Book entry on the machine (through web
interface). This sets the address for scan upload to a shared folder on SafeQ server. Note that each
machine and each workflow needs to use own folder (e.g. \\server\scan\canon1\email and
\\server\scan\canon333\home)
Canon iR 1133(i)
YSQC0-045-0000
Cable Canon
(Type 1)
Connect cable to
left side of the
machine
Canon iR 2520(i)
/2530(i)/2535(i)
/2545(i)
YSQC0-045-0000
Cable Canon
(Type 1)
Canon iR C1028i
YSQC0-045-0000
Cable Canon
(Type 1)
Canon iR 1024i
YSQC0-046-0000
Cable Canon
(Type 2)
Canon iR ADV
C5051
YSQC0-047-0000
Cable Canon
(Type 3)
Canon iR 3245i
YSQC0-047-0000
Cable Canon
(Type 3)
This connector is
in use by another
cable which is not
used.
Therefore unplug
the old cable and
plug in the blocking
cable.
Terminal Professional
Terminal Ultralight
Network Card Reader
Using Terminal UltraLight
Using Terminal Professional
Installing YSoft Mobile print server - Installation procedure of YSoft Mobile print server
User mail notification composition - Guide how to setup user mail notification according to your
needs
This page describes how to use the interactive installer to perform a basic YSoft Mobile print server
installation.
Prerequisites
Standard installation
Troubleshooting the installation process
Uninstalling
PREREQUISITES
STANDARD INSTALLATION
1 Obtain and run the installation file ysf-mps-install.exe from the YSoft Partner Portal. Once you
have the file and the server is ready for installation, you can begin YSoft Mobile print server
installation.
Before the installation of this component you need to install Microsoft .NET Framework 4.5.
You can download this component at http://www.microsoft.com/en-us/download/details.aspx?
id=40779
Before the installation of this component, it is necessary to configure the mail server settings
in the YSoft SafeQ Web interface. Basic configuration of the mail server is described in the article
Widgets - Welcome to YSoft SafeQ
2 Select the language that will be used for the installation process.
3 Close all other applications to avoid issues with updating the relevant system files and press Next
.
4 If you agree to all the license terms and conditions, click I Agree to continue. If you do not agree,
click Cancel to quit the installation.
5 Choose destination folder in which the YSoft Mobile print server will be installed.
Choose what components of YSoft Mobile print server you want to configure. Depending on your
choice YSoft Mobile print server installer will let you to configure these components on next
screens.
Shared folder is used to store documents uploaded via web and pass these documents to YSoft
SafeQ.
local path - use Browse button to select local folder (applies in case YSoft SafeQ
and YSoft Mobile Print Server are installed on same server)
UNC path - in case the YSoft SafeQ server runs on remote server
(notation: \\<YSoft SafeQ host>\<Shared folder>, example: \\10.0.10.220
\C$\SafeQ5\server\mobile )
Synchronization period - number of seconds that YSoft Mobile print shall wait before checking
for new documents, default value is 1 second
Configure YSoft Mobile print server to work with email server with dedicated email address.
Username - identify mailbox that shall be checked for incoming documents, example:
user@domain.com
Protocol that shall be used for communication with the email server
IMAP protocol - define port that shall be used for communication with the email
server - default value is 143
POP3 protocol - define port that shall be used for communication with the email
server - default value is 110
Enable secure connection - Mobile print server will use secured communication communicate
with mail server
9 Configuring SafeQ
Visit SafeQ web interface and complete Mobile print server setup by enabling Mobile print server.
You can also adjust and customize Mobile print server settings and behavior. See guide to Config
uring Mobile Print Server .
NOTE: If you are installing Mobile print server on same server as ORS (Offline Remote
Spooler), the link that this installer provides is wrong and leads to that ORS (known bug), you
need to open the web interface of a CML ( Central Management Layer ) node to configure it.
mps-install.log - contains information about the entire YSoft Mobile print installation process.
UNINSTALLING
Mobile Print Server can be uninstalled:
TROUBLESHOOTING
LOGGING
All information about running the application will be saved in file mps.log stored in
<MobilePrintSeverHomeFolder>\Logs\.
There are four possible messages this file can content. Some of them can be used for troubleshooting in
case of Mobile Printing Server malfunction. See table below.
If Mobile Print Server is crashing but there is no useful information logged, there are two possibilities how to
investigate:
1. Observe events in Event Viewer (you can find it in Administrative tool or simply execute Eventvwr. msc)
Run new Command Prompt window (cmd.exe) and in it execute Mobile Print Server, e.g. c:\Program Files
(x86)\YSoft Mobile Print Server\Service\MobilePrint.exe.
When the crash happen, select Close the program in the dialog.
To enable Mobile Print Server and set global options for it on CML, use YSoft SafeQ web interface. Follow
the instructions below.
3) To access all of the options for Mobile Print Server, Expert views have to be set
FUNCTIONAL SETTINGS
Option Note
Allow mobile print for anonymous users System accepts jobs for mobile print from user without
authentication. Default value is disabled.
Force B/W for Mobile print Mobile Print Server will force black/white printing. Default
value is disabled.
Force duplex for Mobile print Mobile Print Server will force duplex printing. Default value is
disabled.
Ignore e-mail body If enabled and document contains any attachment, only
attached file will be converted and e-main body will be
ignored. If disabled, both body and attached file will be
converted. Default value is enabled.
Print job title prefix String that will be used as prefix for all print jobs received via
Mobile Print feature.
Option Note
Enable release of job on printers with If enabled, user will see list of printers in mobile web
direct queue from mobile interface. interface and can choose one for print. Default value is
disabled.
This feature is configured by configuration properties in the Mobile Print Server section of the System
Settings:
Option Note
Template user for permanent Enter a user name of a user that will be used as a template when
guest users accounts creating accounts for the guest users. In case this field is empty, no
template will be used and users will be created with default values.
Guest users expiration period Specifies how long self registered users (guest users) will exist in
YSoft SafeQ before they are deleted. All permitted letters are: m -
month, w - week, d - day, h - hour. For example 2m 3w 2d 21h.
Template user for temporary Enter a user name of a user that will be used as a template when
guest users accounts creating accounts for the temporary guest users. In case this field is
empty, no template will be used and users will be created with default
values .
Fixing of PowerPoint files page Fix incorrectly generated page size in PowerPoint files.
size
The option can be overwritten locally.
mps.config - example
Option Note
Notification settings
SafeQ Mobile Print Server provides highly customizable e-mail notification about job processing. By setting
the options listed below the administrator can customize and/or localize the notification e-mails sent to the
user.
For more information about the notification e-mail composition see Mobile Print Server - User mail
notification composition.
Option Note
Job list footer Text below the jobs list, should contain the link to the Mobile Print Server Web
Interface (placeholder #MOBILEWEBINTERFACE#).
Job processing failed Description when a job failed to process (in case of general or unknown error).
Job was successfully Description when a job was successfully processed and sent to SafeQ.
processed
Mail authentication Text when the sender's email address is not registered to any user in SafeQ.
failed
Mail duplicate address Text when the sender's email address is registered to more than one user in
SafeQ.
Option Note
Mail send failed Text when the sender's email address could not be verified, because of no
connection to SafeQ.
Mail send was Text when the email was accepted by the SafeQ Mobile Print Server.
successful
Notify finish option Text about which finishing options are set.
forced
OTHER SETTINGS
For formats where no paper size is encapsulated in it (i.e. HTML, MHTML, TXT, E-mail), there is a
configuration option defaultPaperSize that allows to set the paper size for such jobs. There are two sizes
available - A4 and Letter, where A4 is the default option.
3) To access all of the options for Mobile Print Server, Expert views have to be set
Option Note
Default paper The value uses Mobile Print Server as a default paper size for printed documents where
size no paper size is encapsulated in it (i.e. HTML, MHTML, TXT, E-mail).
mps.config - example
In order to propagate changes immediately to Mobile Print Server, restart service YSoft SafeQ Mobile Print.
Open services.msc, select service YSoft SafeQ Mobile Print and restart this service
If you want to do some additional changes in the Mobile Print Server configuration, you can do it in the
configuration files once the Mobile Print Server is installed.
There are two configuration files called mps.config and conversion.config and their purpose is to set local
options of Mobile Print Server. Both files are located in <MobilePrintFolder>\Service\conf\.
MPS.CONFIG
In the mps.config file administrator can set or update an IP addresses of the SafeQ server it is sending
jobs to, e-mail accounts which will be assigned for sending jobs to Mobile Print Server and source folders
where the files for processing (either from upload from web interface or as 3rd party interface) will be saved.
The source folder has to be set with rights to read/write for user under whom the Mobile Print Server is
running.
Element Description
folderSource Path to source folder location. For installation on CML server default setting can be used
without any changes, otherwise proper IP address and folder has to be set. If folder
Element Description
source is available under different credentials than Mobile Print Server is running, you
can add userName and password parameters and fill proper values. DownloadInterval
specifies in milliseconds how often hotfolder is checked (default 1 second).
emailSources Mailbox setting consists of type of protocol to use ( "IMAP" or "POP3" ), host IP address,
username as dedicated mailbox for mobile print server, password to the mailbox and port
to with should Mobile print connect. Only one Mobile Print Server can be set per email
source but one Mobile Print Server can operate more email sources.
secure - possible values are false, true, auto. False means no SSL/TLS, true
means SSL or TLS will be used.There is also possible to set value to auto and let
MPS to solve the negotiation about connection security.
implicitSecurityMode - mps uses this parameter if secure is set to true. False value
means communication with email server starts without SSL/TLS and secure layer
is set during the communication, true value means that SSL/TLS is used from the
begining of the communication with email server.
ignoreCertificateChainErrors - if you have an exchange server with a self-signed
certificate and want to connect through SSL/TLS, you have to set this value to true.
Warning: All mail server certificate errors are ignored if set to true, please consider
the security risks.
maxEmailsPerBatch - maximum nuber of emails downloaded at once (in one tick
of the mpsCheckTimeout set in SafeQ) - default value is 50
networkOperationTimeout - timeout in seconds for the download of the whole
email batch including all attachments - default value is 60
printServers SafeQ server IP and ports. Set secure="true" if you want MPS to communicate with
SafeQ via https.
Element Description
failedFiles Settings for files that weren’t processed successfully (folder where the files should be
moved, time in seconds after which the files should be deleted). If no settings provided,
the default values are used (default folder is „Failed“, default time is 7 days).
To set multiple elements of same type, add separate record for each of them.
Default port communication via protocol IMAP is 143 and for POP3 is 110
Optionally you can set attribute "secure" to "true" is you want to use secured communication via SSL
/TLS. Default port for secured connection for IMAP is 993 and for POP3 is 995.
To additionally encrypt email password, use SafeQ web interface. Otherwise, the password will be
displayed as plain text and will be legible. To do so, use Text encryption tool in SafeQ Dashboard.
1) put the email password into the field and press Encode button.
2) copy and paste your encrypted password into the mps.config file. See examples below.
mps.config - example
web port
Please make sure your webPort matches the web port used by Y Soft SafeQ web interface.
CONVERSION.CONFIG
In the conversion.config file two types of elements are present.
Element Description
For This element describes the rules for processing the files according their types. Files not
extension defined by this rule will not be processed.
By default, all the extensions are converted by the built-in Aspose library: .doc, .dot, .docx, .
dotx, .docm, .dotm, .rtf, .xml, .odt, .ott, .html, .xhtml, .mhtml, .xls, .csv, .xlsx, .xlsm, .xlsb, .
xltx, .xltm, .ods, .ppt, .pptx, .pps, .ppsx, .pot, .potx, .odp, .txt, .fo, .svg, .xps, .epub, .bmp, .
jpeg, .jpg, .tiff, .png, .gif, .emf, .ico, .wmf
Also, by default, .pdf files are not converted and passed on to SafeQ without change, as .
pdf is our standard output format.
If you want to configure Mobile Print Server to convert certain documents with other
conveters, you can use:
MS Office (convert-by="msOffice") can handle files: .docx, .doc, .odt, .rtf, .xlsx,
.xls, .ods, .pptx, .ppt, .odp, .bmp, .jpeg, .jpe, .jpg, .tif, .tiff, .png, .gif
Libre / Open Office (convert-by="libreOffice") can handle files: .docx, .doc, .
odt, .txt., .rtf, .xlsx, .xls, .ods, .pptx, .ppt, .odp, .bmp, .jpeg, .jpe, .jpg, .tif, .tiff, .
png, .gif
iText (convert-by="iText") can handle files: .bmp, .jpeg, .jpe, .jpg, .tif, .tiff, .png,
.gif
Element Description
Options Here you can define a few options for the converters. For example if you want to use Libre
Office application for conversion, you have to set a path to it. MS Office path is stored in the
Windows registry and the Mobile Print application is able to get it automatically. Other
converters don't need this as they are embedded in Mobile Print application.
Also, if you want to convert plain text files (.txt) with Aspose using a specific font, specify it
in options as per example below. If not specified, Arial Unicode MS will be used, which can
handle unicode characters like cyrylic, hiragana and others.
conversion.config
<options>
<!--
These options are supplied to all the converters when initialized. for example:
<add key= "asposePlainTextFont" value= "Arial Unicode MS" />
<add key= "libreOfficePath" value= "C:\Program Files (x86)\LibreOffice 3.6\program" />
-->
</options>
</conversionConfig>
FONTS CONFIGURATION
MPS uses fonts that are available in the system font folder as well as fonts stored in MPS custom folder
(standard path is: $mobilePrintHome$\Service\Fonts). Fonts used in LibreOffice and OpenOffice are
distributed with Mobile Print Server in this folder.
If there is a need to use company specific fonts or more unusual ones not being part of the system
distribution nor MPS distribution it is necessary to install these fonts on server where Mobile Print Server is
running.
Some email clients create unwanted attachments which shouldn't be printed by YSoft SafeQ. For example
some iOS clients create ATT00001.txt attachment even if email is sent with no attachment.
There is a functionality in MPS that helps get rid of these unwanted attachments. It is configurable via
Ignored attachments (ignoredAttachments) property in the System settings. You can specify ignored
attachments here. Values must be separated by comma "," character. To insert a comma into the file name,
you can use wild card characters "?" and "*" (similar to file search). Default value of the property is
"ATT0000?.txt" to prevent unwanted attachments that come from iOS email clients by default.
All attachments matching ignoredAttachments property values will be ignored and MPS will not send any
notification about this event (it is only logged).
Do not forget to set also proper font (for text files converted with Aspose convertor) that supports national
characters if you encounter problems with encoding. This could be done within conversion.config file in
options part: Arial Unicode MS or Calibri is recomended. The font must be present in the system.
<options>
<add key= "asposePlainTextFont" value= "Calibri" />
</options>
OVERVIEW
Notification e-mail composition is based on the following template:
1. Mail header
2. Mail authentication result information
3. Job list header
4. List of jobs
5. Forced finishing options information
6. Job list footer
7. Mail footer
The e-mail message always contains a mail header (Mail header option), user's mail authentication result
information (based on the authentication result one of the options: Mail authentication failed, Mail duplicate
address, Mail send failed, Mail send was successful) and at the end a mail footer (Mail footer option).
In case of successfully authenticated user's e-mail, the processing details of all jobs are inserted between
the mail authentication result information and the mail footer:
the information about forced finishing options (Notify finish options forced option + Finish option black-
white and/or Finish option duplex options, based on the finishing options set),
the job list footer (Job list footer option).
For better understanding see the examples below (using default values).
EXAMPLES
Your request was successfully accepted by YSoft Mobile Print Mail send was
Server. successful
The processing of requested documents finished with following Job list header
results:
Successfully
Document.pdf was successfully queued processed jobs
Document.txt was successfully queued
Excel.xlsx was successfully queued
Picture.jpg was successfully queued
Picture.png was successfully queued
PowerPoint.pptx was successfully
queued
Word.docx was successfully queued
You can release your jobs on any terminal or you can use http://example. Job list footer
com/m to edit, view and release jobs.
This message has been sent by YSoft SafeQ Mobile Print. Mail footer
YSoft SafeQ © 2003 - 2016
Mail authenticated, some job processing errors, B/W and duplex finishing options forced
Dear user,
this is an email notification about the result of your request to print documents via YSoft Mobile
Print Server.
Note that following finishing options are forced: black Notify finish options forced, Finish option
and white, duplex black-white, Finish option duplex
Dear user,
this is an email notification about the result of your request to print documents via YSoft Mobile
Print Server.
Your email could not be verified by YSoft Mobile Print Server because your Mail
email is not registered in SafeQ. authentication
failed
Dear user,
this is an email notification about the result of your request to print documents via
YSoft Mobile Print Server.
Your email could not be processed YSoft Mobile Print Server because there is no Mail send
connection to SafeQ. failed
Dear user,
this is an email notification about the result of your request to print documents via
YSoft Mobile Print Server.
Your email could not be verified by YSoft Mobile Print Server because other Mail duplicate
user has registered the same email address in YSoft SafeQ. address
YSoft SafeQ server IP or hostname: Address of the server where a SafeQ spooler is located
(usually the nearest ORS)
Port: TCP port of a YSoft SafeQ Server, where the YSoft SafeQ Connecter for AirPrint will try
to connect for job delivery (default 9100)
SafeQ Open Services port: The service runs on the same port on both the CML and ORS
(default: 5556)
Printer name: Name of the printer that will be visible on the devices which will be using the
AirPrint
AP port: Port on which the printer will be announced (pick a port which is available and not
used by other services)
NOTE: If you have already installed Bonjour Print Services in the past, just cancel the Bonjour
installer and click Ignore in the error notification window.
NOTE: If the services are not started, check <SAFEQ_AP_DIR>\logs directory for any indication
of errors.
4.11.2 CONFIGURATION
All information regarding the options specified in the configuration file below can be found in the official
Bonjour Printing Specification at https://developer.apple.com/bonjour/printing-specification/bonjourprinting-
1.2.pdf.
[Service]
Binary=T
Color=T
PaperMax=
Transparent=T
URF="CP255,DM1,FN3,IFU1-2-3-4,IS1-2-3-4,MT2-3-4-5-6,OB10,PQ3-4-5,RS600,SRGB24,V1.2,W8"
domainname=local
name=SafeQ
note=YSoft SafeQ
pdl="application/postscript,application/vnd.hp-PCL,image/pwg-raster,application/pdf,application
/PCLm,image/tiff,image/jpeg,image/urf"
printerstate=3
printertype=0x21014
rp=ipp/print
subtype=_universal
type=_ipps._tcp
air="username,password"
AirPrint use secure connection by default and use its own certificate. If you want to change server
certificate, follow these steps:
netsh
http
delete sslcert ipport=<IP>:<port>
Where IP is 0.0.0.0 or 1.1.1.1 and port is the port to which is certificate bound. If you are not sure, you
can list all the ssl certificates with following commands:
netsh
http
show sslcert
If you don't have your certificate already in Windows, you can import it following steps here:
http://windows.microsoft.com/en-us/windows/import-export-certificates-private-keys#1TC=windows-7
netsh
http
add sslcert ipport=0.0.0.0:<port> appid={214124cd-d05b-4309-9af9-9caa44b2b74a}
certhash=YOURCERTHASH
1. Open mmc.exe
2. Add snap-in Certificates and then check Computer account
3. Find your certificate and double click on it
4. Certificate hash is located in Detail page under Thumprint label
5. Remove spaces in certificate hash and past in instead of YOURCERTHASH
TROUBLESHOOTING
INSTALLER
For better identification of the issue, click "Ignore" on any error window that pop ups during installation, it
will keep the installation log intact. Clicking "Cancel" will cancel installation and uninstall any installed files
(including the log file).
NOTE: If the YSoft SafeQ does not have valid AirPrint license, the AirPrint will refuse any print job and
display information that the YSoft SafeQ has no licence. More information is in the logs located at
<SAFEQ_AP_DIR>\logs\*.
DESCRIPTION
The first job on Mac OS X has to be canceled because the print job will not be correctly delivered to the
YSoft SafeQ server.
SOLUTION
Change the TXT Record in the "services.d/service.cfg" file from
air=username, password
to (see the removed space after comma and quotes before and after the value)
air="username,password"
This page and its sub-pages represents available options and configurations of printers for Workstation and
Server in YSoft SafeQ printing environment.
Adding a printer to print via an LPR port from a Windows workstation or server - Win7
Installing YSoft SafeQ Client on a Windows workstation, server, or server cluster
Printing from a Windows workstation or server using SafeQ Command Line Client
Configuring a printer for LPR printing on a Mac workstation
Configuring a printer for LPR printing in Linux
Installing YSoft SafeQ Client 2.x and adding a printer on a Mac workstation
Installing YSoft SafeQ Client 4.x and adding a printer on a Mac workstation
4.12.1 ADDING A PRINTER TO PRINT VIA AN LPR PORT FROM A WINDOWS WORKSTATION OR
SERVER - WIN7
LPR is a network protocol for submitting print jobs to a remote printer (the YSoft SafeQ server in this case).
This page explains how to configure a printer in Windows to use LPR for printing.
1 Open the Devices and Printers wizard and select Add a printer.
4 For Hostname or IP address, enter the address of the printer; then enter a name for the port.
5 From the list of printer drivers, select the appropriate driver (or select a driver from the disk).
6 Enter a name for the new printer; then wait for the installation process to finish. Select other options
according to your needs (sharing, setting the printer as default, test page printing); then finish the
wizard.
7 Right-click the new printer; then select the Printer properties option.Select the Ports tab.
8 The port you created should already be selected and highlighted. Click Configure Port.
9 Change the Printer Name or IP Address to the IP address of the YSoft SafeQ server.
4.12.2 ADDING A PRINTER TO PRINT VIA AN LPR PORT FROM A WINDOWS WORKSTATION OR
SERVER - WIN8
LPR is a network protocol for submitting print jobs to a remote printer (the YSoft SafeQ server in this case).
This page explains how to configure a printer in Windows to use LPR for printing.
2 Select the printer you want to install from the list or press The printer that I want isn't listed.
In the case you have directly selected printer to install from the list, the printer will be
automatically installed.
In the case you have selected The printer that I want isn't listed, continue with
following steps.
4 For Hostname or IP address, enter the address of the printer; then enter a name for the port.
5 Skip Additional port information required by pressing Next button (optional step)
6 From the list of printer drivers, select the appropriate driver (or select a driver from the disk).
7 Enter a name for the new printer; then wait for the installation process to finish. Select other options
according to your needs (sharing, setting the printer as default, test page printing); then finish the
wizard.
8 Right-click the new printer; then select the Printer properties option. Select the Ports tab.
The port you created should already be selected and highlighted. Click Configure Port.
9 Change the Printer Name or IP Address to the IP address of the YSoft SafeQ server.
Note: In the case, you won't be able to edit Port settings, select the printer in Devices and Printers
tab > click Print server properties > Ports > Change Port Settings > select the port you created in step
4 and click Configure Port
About
Adding and setting up a new printer in the graphical user interface
Adding and setting up a new printer in the CUPS interface
Adding and setting up a new printer in the graphical user interface
Using LPR and LPRNG settings
ABOUT
LPR is a network protocol for submitting print jobs to a remote printer (the YSoft SafeQ server in this case).
This page explains how to configure a printer in a Linux system to use LPR for printing.
NOTE: The method for adding and setting up a new printer in a Linux system varies according to the
distribution and working environment. Various display managers are available, but the instructions here
guide you through the installation process in the popular Gnome environment, and Ubuntu distribution. For
other display managers (or the command line), the procedure may be different but the basics are always the
same.
1 To add a new printer, go to System Settings > Printing - localhost and click Add.
2 In the device list, expand the Network Printer list and select LPD/LPR Host or Printer.
Fill in the necessary data. Host is the IP address or hostname of your YSoft SafeQ server. Queue is
the name of the queue to which print jobs will be sent.
3 Select the driver for the printer from the database, PPD file, or download it from the Internet.
4 Follow the wizard and fill in all the information according to your needs.
5 Now it is possible to send print jobs to the newly created printer, which is configured to send the jobs
to YSoft SafeQ.
NOTE: The method for adding and setting up a new printer in a Linux system varies according to the
distribution and working environment. Various display managers are available, but the instructions here
guide you through the installation process in the popular Gnome environment, and Ubuntu distribution. For
other display managers (or the command line), the procedure may be different but the basics are always the
same.
The procedure for adding and setting up a new printer in the CUPS interface is almost the same as for the
graphical user interface. All you need to do is to select a hostname and queue for your printer as follows:
Select the Administration tab; then click Add Printer. If necessary, enter the CUPS administrator
credentials.
2 In the Other Network Printers section, select LPD/LPR Host or Printer; then* click *Continue.
lpd://hostname/queue
Example: If the server has the IP address 10.0.2.232 and the queue name secure, the connection
string is lpd://10.0.2.232/secure
4 Proceed through the remaining steps and set up the printer according to your needs.
Once you complete all the steps of the Add Printer wizard, your printer can send prints to YSoft
SafeQ.
With these settings, a print sent to the safeq_printer will be sent directly to the YSoft SafeQ server.
Overview
Limitations and requirements
OVERVIEW
To print from a local workstation (or server) via YSoft SafeQ Client, YSoft SafeQ Client must be installed on
the workstation and a printer must be added for use by the workstation. In the YSoft SafeQ Client
configuration file, the IP address of the YSoft SafeQ server must match the target IP address in the Client
configuration.
To prepare a workstation for printing via the Client, perform these two main steps:
If no graphical user interface is required (that is, if no user interaction is required to send print jobs to the
YSoft SafeQ server), deploy the Client as described in "Installing/uninstalling the Enterprise version of YSoft
SafeQ Client" or "Installing/uninstalling the Enterprise version of YSoft SafeQ Client in a Windows
server cluster."
YSoft SafeQ Client does not support bidirectional communication with printer. This option must be
disabled in printer properties dialog.
YSoft SafeQ Client does not support Windows 8 and Server 2012 v4 print drivers (built-in). Thus
assigning SafeQ port to such a device produces following error: "Printer settings could not be saved.
This operation is not supported." To assign SafeQ port to device, v3 print drivers (external third party
drivers) must be used.
The language of server-provided content displayed by YSoft SafeQ Client (e.g. price estimation,
shared queues, notifications) depends on the MS Windows language for date, time, and number
formats.
.NET 2.0 Framework is required for YSoft SafeQ Client on Workstation (not required for enterprise
installation on server).
1 Log in to the Windows workstation as administrator (or as a user with administrator rights).
Configure the Client by editing the file SafeQ.ini. (Configuration options are described in SafeQ Client
configuration options)
4 From the command line, run the utility install.exe. The output should be similar to this example:
To install a new printer for use with YSoft SafeQ Client, follow these steps:
1 For adding printer to your workstation with Windows OS go to Control Panel > Devices and
Printers > Add printer.
When Add printer wizard will be opened click The printer that I want isn't listed button.
2 Select Add a local printer or network printer with manual settings and click Next.
3 Select the Use existing port and select SafeQ Client Secure Port as the printing port
OR
4 Perform few other steps to set all necessary option for new printer to finish the installation wizard.
5 If device is installed,and SafeQ Client has not been yet been configured before installation in the
SafeQ.ini file, configure it now.
In your OS go to Devices > Printer properties > select SafeQ Secure Port > Configure port.
5b If Microsoft Windows 7/8 OS is used, the port configuration is available with "elevated" right only
accessible via Print server properties.
Devices and Printers > select the printer which port you want to reconfigure or any other printer >
Print server properties > navigate to Ports tab > Change ports settings > select SafeQ Secure
Port > Configure port.
Follow these steps to uninstall YSoft SafeQ Client from a Windows workstation:
1 Log in to the Windows workstation as administrator (or as a user with administrator rights).
3 From the command line, run the file install.exe, using the parameter -u. The output should be similar
to the example shown here:
1. Install YSoft SafeQ Client Enterprise on each node of the Windows cluster, using an empty
configuration file SafeQ.ini.
2. Change settings in the YSoft SafeQ Client Enterprise configuration file (SafeQ.ini) as necessary.
3. Install YSoft SafeQ Client Enterprise to a virtual server by entering the command install
\\printservername -a -c on the command line at any cluster node.
To uninstall Client from the Windows server cluster, follow these steps:
1. On the virtual server, manually disconnect all printers (print queues) from the SafeQE port.
2. Delete printer port(s) SafeQE from the virtual server by entering the command install
\\printservername -a -c -u on the command line.
3. Uninstall YSoft SafeQ Client Enterprise from all nodes by entering the command install -a -u on the
command line.
To update the Enterprise version of YSoft SafeQ Client to a newer version, it is necessary to perform the
complete uninstallation procedure described in the previous paragraph.
ServerIP2, ServerIP3, ... IP Address for other nodes of SafeQ cluster (or
another ORS in roaming group).
ParserDPI 150
Client application compares the current job owner (user logged to the computer) to the last job owner
(saved in registry). If these two match, the saved credentials are used. Otherwise, the user is asked to
fill in login and password.
User logs in and the application has currently no password saved. When the user prints and inserts the
correct credentials, the username and password are saved and it is not necessary to fill them in next
time. In case the user logs out, the application is terminated and the password is forgotten.
If another user logs in, the login window appears automatically, because the job in queue is owned by
this another user. If the computer is used only by one user, he/she still has to fill the credentials in after
login to the computer. After every logout (or client application termination), the password is forgotten.
All settings are usually stored in subkeys of the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\SafeQ\Ports\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\SafeQE\Ports\
However, note that this location is system-dependent and may differ, for example in the case of
a Windows Failover Cluster. This information is provided without guarantee.
OVERVIEW
This feature allows user to print jobs with SafeQ Client from any company branch while jobs are
redirected to nearest SafeQ server.
Redirection of jobs must be configured in DHCP configuration by local administrator and local DHCP
server must be accessible on LAN.
SafeQ Client delivers the job to IP address specified in DHCP configuration for current user subnet.
For every subnet, there could be more IP addresses configured in DHCP server configuration.
If one of servers is not available, then job is delivered to another server specified for current subnet.
If DHCP does not return any valid response (e.g. no IP address is defined for DHCP option 9), then
Primary IP address (specified in YSoft SafeQ Client - Options) is used.
LIMITATIONS
INSTALLATION
Set the DHCP option 9 (LPR Server) to one or more IPv4 addresses.
Linux - use following command:
option lpr-servers ip-address [ , ip-address ... ]
The LPR server option specifies a list of RFC 1179 line printer servers available to the client.
Servers should be listed in order of preference.
Windows - see Configuring DHCP server for YSoft SafeQ Client autodiscovery
4. RUN INSTALL.EXE
SafeQ Client configuration dialog with selected "DHCP option: LPR server" mode
Setting up DHCP server requires expert knowledge about system configuration and networking. If
you are not familiar with this topic, request assistance from appropriate person.
Setting of DHCP vary among operating systems and solution used. Following guide apply for
Windows Server 2008's DHCP service.
1 Log in to the Windows Server where DHCP is configured and run Server Manager.
2 Expand Roles > DHCP Server > %Server_name% > IPv4, where %Server_name% is identification
of your DHCP.
Expand your Scope, right-click Server Options and select Configure Options... .
4 Navigate to option 009 LPR Servers and add IP address(es) of SafeQ server(s) for given location.
OVERVIEW
This feature allows SafeQ Client to deliver print jobs to different SafeQ servers, choosing the
destination server automatically.
Whole behavior is based on rules described in server_subnet.csv file.
SafeQ Client then delivers print jobs to a SafeQ server based on the IP subnet of the user or the
Client.
Behavior modes are described in installation step 3 below and also in SafeQ.ini file in the SafeQ
Client installation package.
LIMITATIONS
Each user can only be connected to the terminal server once at a time. When there are more
sessions of a print job owner, the user's print jobs will be sent to the default IP address.
Only IPv4 protocol is supported.
In ServerDeliveryMode=2, when the computer has multiple IP addresses, the first one will be used
(there is no way to choose the network interface).
It is not possible to combine load balancing and fail over at the same time (for example to achieve
loadbalancing within one datacenter and failover to another datacenter), but load balancing can be
set to all addresses mentioned in the CSV file by option LoadBalancing.
INSTALLATION
Create CSV file (in any text editor) named server_subnet.csv and put it in the SafeQ Client
installation package (where SafeQ.ini is located)
There should be a line for each IP subnet from which clients will be printing, and for each SafeQ CML
/ORS server that will be used for print job delivery
Default IP address is used in case connection comes from subnet undescribed in server_subnet.csv
Description must be in form subnet / mask ; server_IP_address
The subnet size can be described in two ways: using a subnet mask (e.g. 10.0.11.80/255.255.255.0)
or in CIDR notation (e.g. 10.0.11.80/24)
Target allows multiple IP addresses or FQDN names (these values must be delimited by comma)
If there are multiple matching subnets, the first one is applied
For example:
server_subnet.csv example
In this case, if user is connected from 10.0.5.* subnet and performs a job, the job will be delivered to
10.0.11.80 (or to 10.0.11.81 if the first one fails).
2. CONFIGURE ALL KNOWN PROPERTIES IN SAFEQ.INI AS USUAL
These modes can also be changed later in SafeQ Client Options in Mode selection (see image
below)
2 Local server subnet SafeQ Client uses the IP address of the workstation
/server where the Client is running and delivers print jobs
to a SafeQ server selected according to the
server_subnet.csv file
3 Print job subnet SafeQ Client uses the IP address of the workstation where
the print job has been created and delivers print jobs to a
SafeQ server selected according to the server_subnet.
csv file (used when the print queue is shared)
4. RUN INSTALL.EXE
Check that there is server_subnet.csv present also in Y Soft Client instalation folder
SafeQ Client configuration dialog with selected "Remote connection subnet" mode
4.12.5 INSTALLING YSOFT SAFEQ CLIENT 2.X AND ADDING A PRINTER ON A MAC
WORKSTATION
YSOFT SafeQ Client for MAC OS is dedicated application to take advantage of advanced SafeQ print
features and provide further benefits of using SafeQ Server print and accounting system. Its purpose is to
submit your print jobs to the SafeQ Server, while collecting further information provided by the operating
system or user input upon print. SafeQ Client supports Mac OS X 10.6.3 or up to 10.9.
Additional user authentication directly in the client - client can ask the user for his credentials.
Billing codes selection possibilities - it is possible to specify the number of the project the print
job should be accounted to.
Price estimation and VIP shared queues.
REQUIREMENTS
NOTE: In case of older Java user will be forced to quit application manually on logout or reboot
2 In the YSoft SafeQ installation package, locate the file SafeQ Client.dmg.
NOTE: sqport:// option is available only in Advanced printing menu. This menu is hidden by default.
1 Go to System preferences > Print & Faxes and add new printer by clicking + button.
2 Now you have to add Advanced button to the bar. Press Control + Click on empty space in toolbar
of Add Printer window.
3 Drag Advanced icon (gear wheel) to tool bar and drop it there.
4 Go to added Advanced selection and set all necessary options, then click Add.
Client 2.x - Configuration is stored in /etc/safeq/safeq.ini. You do not need to edit it after
installation. IP address of SafeQ server is determined from CUPS configuration, no need to enter IP
here.
Configuration will take effect immediately after saving files, then user don't need to reboot workstation.
After you did all necessary configurations in the Safeq.ini file, you do not need to set anything in the Client
configuration panel.
When print job is send form the workstation, the popup window will appear with question about credentials
of user. User has to fill in login and password, and then print job will be send to SafeQ.
The first time Client is used (or any time the stored password doesn't match a YSoft SafeQ user's
password), the user must enter his/her user name and password.
TROUBLESHOOTING
For troubleshooting see YSoft Mac OS Client 2.x - troubleshooting
UNINSTALLING CLIENT
To uninstall YSoft SafeQ Client from a Mac workstation, run the script uninstall.sh, which is included in the
installation package. Open Terminal enter directory with uninstall script and type following commands:
sudo ./uninstall.sh
PROBLEM:
User could not see "SafeQ connected network printer" when adding new printer in section Advanced - Type.
CORRECT SITUATION:
User can see "SafeQ connected network printer" option as displayed below.
DIAGNOSTIC:
/usr/libexec/cups/backend/sqport
EXPECTED OUTPUT:
POSSIBLE ERRORS:
Permission denied
ls -l /usr/libexec/cups/backend/sqport
DIAGNOSTIC:
Check version of installed Java. Open Terminal window and type following command:
java -version
EXPECTED BEHAVIOUR:
If Java is older than 1.6.0_35 then you need to upgrade installed Java. Restart computer after Java
upgrade. Client reinstallation is not required
4.12.6 INSTALLING YSOFT SAFEQ CLIENT 4.X AND ADDING A PRINTER ON A MAC
WORKSTATION
YSoft SafeQ Client for MAC OS is dedicated application to take advantage of advanced SafeQ print
features and provide further benefits of using SafeQ Server print and accounting system. Its purpose is to
submit your print jobs to the SafeQ Server, while collecting further information provided by the operating
system or user input upon print. SafeQ Client supports Mac OS X 10.8 up to Mac OS X 10.11. This client
supports YSoft SafeQ 4.x. and newer versions.
Mac OS 10.11 El Capitan requires YSoft SafeQ Client for Mac OS version 4.5
Additional user authentication directly in the client - client can ask the user for his credentials.
Billing codes selection possibilities - it is possible to specify the number of the project the print
job should be accounted to.
Price estimation and VIP shared queues.
REQUIREMENTS
Mac OS X 10.8 up to Mac OS X 10.10. (note: for older versions of Mac OS X you can use YSoft
SafeQ Client 2.x)
Uninstall older version of YSoft SafeQ Client 2.x prior installation of new version (see Uninstall
chapter). YSoft SafeQ Client 4.x does not need to be uninstalled before installation.
2 In the YSoft SafeQ installation package, locate the file YSoft SafeQ Client Mac OS X-4.x.x.dmg.
3 Run the installation utility YSoft Client Mac OS X-4.x.x.mpkg to install SafeQ Client.
NOTE: sqport:// option is available only in Advanced printing menu. This menu is hidden by default.
1 Go to System preferences > Print & Scanners and add new printer by clicking + button.
2 Now you have to add Advanced button to the bar. Press Control + Click on empty space in toolbar
of Add Printer window.
3 Drag Advanced icon (gear wheel) to tool bar and drop it there.
4 Go to added Advanced selection and set all necessary options, then click Add.
OR
open YSoft SafeQ Client application and select YSoft SafeQ Client > Preferences on top application
panel
2 Click lock icon to enable editing of configuration. You'll be prompted for administrator credentials in
order to make changes in global configuration.
3 Change values of configuration. Changes are stored immediately. It is not necessary to reboot or
logout. New settings will be applied on print job.
CONFIGURATION OPTIONS
Web base YSoft When selected: Client will display window with YSoft SafeQ Selected
SafeQ applications web applications after delivering job. YSoft SafeQ provides
several applications: Selection of billing code, VIP shared
queues or price estimation.
When not selected: Client just delivers job to SafeQ. User won't
be prompted to select billing code, VIP shared queues or price
estimation.
Print Roaming When selected: Client will use print roaming algorithm to Not selected
determine address of SQ server. More details in YSoft Mac OS
Client 4.x - User Roaming
The first time Client is used (or any time the stored password doesn't match a YSoft SafeQ user's
password), the user must enter his/her user name and password.
User specify username and password. Click Print for sending job to YSoft SafeQ server. Click Cancel to
cancel job delivery.
NOTE: User can select Remember me check box in order to preserve credential information for next
print.
TROUBLESHOOTING
For troubleshooting see YSoft Mac OS Client 4.x - troubleshooting
UNINSTALLING CLIENT
/Library/Application\ Support/YSoft/uninstall-safeq-client.sh
You'll maybe prompted for your mac password. Uninstall script is using sudo command.
PROBLEM:
Open Keychain Access application. Find "SafeQClient" entry. CTRL+Click and click Delete "SafeQClient"
Command
Example output
{
global = {
authMethod = password;
authText = "" ;
isEncryptionEnabled = 1 ;
isWebAppEnabled = 1 ;
};
}
Note: User password and user information is stored in local keystore - use Keychain Access application.
When you reopen System Preferences panel with Y Soft configuration you'll see new values. (Sometimes it
gets cached and it is necessary to close and open panel again).
Command:
Command:
Check configuration:
LOG FILES
Logs are located in the following four locations:
/var/log/cups/access_log
/var/log/cups/error_log
/var/log/cups/page_log
var/log/system.log
NOTE: System logs can be also already archived in /var/log. For example /var/log/system.log.0.gz, /var/log
/system.log.1.gz.
Logs contain also information about other applications and not just logs from YSoft Mac OS Client.
Use following command for zipping all logs into one archive:
OVERVIEW
This feature allows user to print jobs with SafeQ Client from any company branch while jobs are
redirected to nearest SafeQ server.
Redirection of jobs must be configured in DHCP configuration by local administrator and local DHCP
server must be accessible on LAN.
SafeQ Client delivers the job to IP address specified in DHCP configuration for current user subnet.
For every subnet, there could be more IP addresses configured in DHCP server configuration.
If server defined in DHCP is not available, then job is delivered to address specified in YSoft SafeQ
printer port.
LIMITATIONS
Only YSoft Mac OS Client 4.1 has support for DHCP server based print roaming.
Only IPv4 protocol is supported.
Hostnames are not supported and cannot be configured.
If first of the servers defined in DHCP is not available, others are not taken into account, but job is
sent to address specified in YSoft SafeQ printer port.
CONFIGURATION
Set the DHCP option 9 (LPR Server) to one or more IPv4 addresses.
Linux - use following command:
option lpr-servers ip-address [ , ip-address ... ]
The LPR server option specifies a list of RFC 1179 line printer servers available to the client.
Servers should be listed in order of preference.
Windows - see Configuring DHCP server for YSoft SafeQ Client autodiscovery
Go to System settings
Select YSoft SafeQ Client
Enable Print Roaming
All print until now, will be sent to server configured in DHCP Option 9
4.12.7 PRINTING FROM A WINDOWS WORKSTATION OR SERVER USING SAFEQ COMMAND LINE
CLIENT
OVERVIEW
SafeQ Command Line Client is a utility that enables the delivery of print jobs (files) to the YSoft SafeQ
server by means of a command line. It is similar to the LPR utility, but provides extra features specific to
YSoft SafeQ.
USAGE
SafeQ Command Line Client can be executed directly from unpacked installation package without
any installation.
Parameters specified on the command line have the following syntax:
SafeQERun [-<parameter>=<value>] [-SQ<parameter:value>] <job file>
All parameters described in SafeQ Client configuration options are supported except those that
require user interaction during printing. If a particular parameter is not specified, its default value is
used. You can also use one of following parameters with the prefix "SQ" which are passed to the
YSoft SafeQ server as extra headers without any checking:
-SQFinishing-Duplex:{ShortEdge, LongEdge, None} -SQFinishing-BW:{true,
false} -SQFinishing-Copies:3
Example that sends job file document.pdf under the title Annual report to a YSoft SafeQ server
that has the IP address 192.168.1.78 under the identity of a user that has the username smithj
SafeQERun -ServerIP=192.168.1.78 -JobTitle="Annual report" -AuthType=3 -
AuthText=smithj -SQFinishing-Duplex:LongEdge -SQFinishing-BW:true -
SQFinishing-Copies:2 document.pdf
SAP may generate one single file including multiple print jobs. The following issues may
arise:
Such file might not be released properly via YSoft SafeQ in combination with some of
the embedded terminals and it is necessary to avoid the situation by one of following
steps:
configure SAP to include only one job in one file
make the modifications in the MFD settings to allow printing of jobs without
authentication (where applicable), note that this workaround may lead to
accounting issues
Some Rule Based Engine actions might not work.
DEVICE TYPES:
In SAP R/3 a generic type of device I2SWIN or ZSAPWIN4 is defined besides the types of devices for
particular printers, that says something like this: „I do not know anything about on which specific printer will
the output be, so I leave all the formatting completely on MS Windows driver". It is obvious that the device
type is useful only for output via SAPlpd, thus the access methods F: or S:
For the device type can be in addition to character set (it is possible to create own character set) changed
also page formats and control characters i.e. interpretation of commands by specific printer.
Note: ZSAPWIN4 was supplied by SAP R for SAP R/3 release 3.1x, but it is fully usable also in higher
versions, device type I2SWIN is a part of SAP standard from release 4.0x.
ACCESS METHODS:
F: Print on the front-end computer
Probably the most widely used and most universal method of printing available form SAP R/3 release 3.1G.
In SAP an output devices LOCL, LOKA or LOCWIN is usually defined with this access method, instead of
the queue a keyword __DEFAULT or %DEFAULT% is used.
When selecting output on this device, printing is sent to the user's PC who entered the request, there is
SAPlpd program automatically started which take over print job and forward it to default Windows print
queue, regardless of whether the printer is local (LPT, COM or USB) or if it's a network printer (Novell
Netware, MS Windows, UNIX, JetDirect etc.)
In certain transactions it is possible to choose a non-default print queue, SAPlpd receive the print job not
with the keyword __DEFAULT, but with the name of the specific queue. Beware, length of the name is
limited to 40 characters I guess, the rest will be cut by SAPlpd and it will report unknown name queue,
which can be, mainly for network printers, sometimes a problem.
This access method can not be used when printing is not initiated by user, but it is the result of a process
(management reports) e.g. maintenance message, store documents, purchase orders etc. It is also not
suitable for large prints in amount of hundreds or even thousands pages especially for economic reasons.
On the other hand an advantage of this method is its universality, it is available practically anytime, there is
no need to configure anything, with functional printer available from Windows adjustment of most of the print
outputs is not necessary.
method of printing through a print server running Windows and permanently running SAPlpd (using MS
resource kit it is according to note 42268 possible to run SAPlpd on WinNT-2000 as a service) , combines
the advantages of methods F: a L:, in principle it is possible to make print server from every end PC or
contrary to these purposes dedicate one machine, hardware requirements are not particularly high, it is only
need to allow access from SAP R/3 server on TCP port 515 or communicate via saprouter.
In SAP for definition of output device with this acces method a hotspool name has to be set (machine,
where SAPlpd is runninng) and a name of print queue.
a field for hostspool name is is named as router, previously it was necessary to give the name of either
host table or DNS alias, because the field was too short for the IP address, it is now possible to specify both
the name and IP address or state string THOST table (transaction SM55).
It is not absolutely necessary to use generic driver I2SWIN or ZSAPWIN4, it is possible to use SAP drive for
pro particular printer type, then printing is essentially identical to the method L:, with one small but
significant difference: printserver is in LAN and is much more accessible for maintenance and
administration, it is not too good define print queue on SAP R/3 application server.
Print to a classic UNIX print queue, which must be defined in SAP R/3 application server respectively where
the spool process is running, must be allowed to communicate on TCP port 515, saprouter can not be used.
Method is essentially identical to L method, the only difference is, that print queue (lpd demon) is running
elsewhere than spool proces, direct printing on an intelligent network printer, which have their own service
queue.
Method available only for installation SAP R/3 on Windows NT respectively spool process can run on a
separate application server based on Windows NT or Windows 2000 platform.
There are other methods of access for external output management systems, archiving programs, etc.
Printing with MS Windows driver is a graphical, in case of use dot matrix printers can be very slow,
however, the output probably best fits the wysiwyg concept. It is not suitable for printing voluminous reports,
among others for the size of the spool file.
Conversely printer-specific drivers should be substantially modify, in fact it is necessary for each group to
create or edit page format. This method is particularly suitable for large or frequently repeated print jobs of a
few kinds of reports.
Spool is one of the most patched matters, drivers and page formats can vary considerably depending on the
level of support packages and output behavior may also be affected by kernel patch level or by SAPlpd
versions on front-ends.
Note: everywhere, where the Windows operating system is mentioned, any Win 32-bit OS is meant.
SAP NOTE NUMBER 894444: TOOL FOR SERVER-BASED PRINTING ON WINDOWS (SAPSPRINT)
SYMPTOM
This note provides information about how to solve problems you may have when printing with SAPLPD as a
print server.
CAUSE AND PREREQUISITES
The previous implementation of SAPLPD as a print server is increasingly unstable since the introduction of
Windows 2000. In particular for high print
output, the process may hang. For this reason, we have prepared an entirely new implementation of the
print server as a Windows service in SAPSprint. It replaces SAPLPD. You can print using the access
methods 'S' and 'U' from every SAP system, just as before. No changes are necessary in the SAP system
itself. You must replace SAPLPD with SAPSprint on the print server, and configure it accordingly.
This is described below.
INSTALLATION
Before you install SAPSprint, delete SAPLPD manually. To do this, you normally need to completely delete
the installation directory only. If you installed SAPLPD as a service using the srvany tool, you can remove
the service by
calling 'Instsrv SAPLPD remove'. You can download SAPSprint as a self-extracting executable file from
SAP Service Marketplace:
http://service.sap.com/~form/handler?
_APP=00200682500000001943HEADER=NEVENT=TREE&TMPL=01200615320200006164&V=MAINT&TA=ACTUAL
Start the program. After you enter the installation path, the system asks for the TCP/IP port and another
path for storing log files. Normally, the default setting of 515 is suitable for the port. You should only change
this setting
if the Windows TCP/IP print service is also running on the computer. The SAPSprint Windows service starts
as soon as the installation is over.
We recommend that you set up the following options for the service in the Windows Service Control
Manager: Restart the service after the first error in the recovery actions, and set the wait time until the
restart to zero.
This ensures that the service is restarted when errors are detected. This should minimize the number of
incorrect print requests in the SAP system.
Furthermore, the service must run under a domain user that has the relevant authorizations for the required
printers. After the installation, the service runs under "Local system account". This can access locally-
defined printers
only. You can also set the user in the Windows Service Control Manager, in the options of the SAPSprint
service.
If you want to delete SAPSprint, you can do so using the normal Windows uninstall tool.
SETTINGS
You can display the call parameters available for SAPSprint by calling 'sapsprint -?' on the command line.
The most important parameters are those that set options, especially log options for troubleshooting.
You can set the log level to 5 by specifying 'sapsprint -oi LogLevel 5'. Immediately after installation, no log
level is set up, which means that no log file is created. By setting the log level to 1, 5, or 9, you can ensure
that more information is available in the directory that you specified during the installation. A file called
sapsprint.dbg and a print job specific file with a variable name are generated. The second file is deleted after
successful printing. It is only retained if the printout is recognized as incorrect. If you set the option
'sapsprint -oi KeepFile 1', then both this file and the print file are retained. This is primarily intended for
troubleshooting by SAP Support.
All options are case-sensitive. You can display the most important SAPSprint options by calling 'sapsprint -
?'. All possible options are described in Note 85469. Normally, the options described there are not
necessary - you should
use them only in exceptional circumstances.
TECHNICAL DETAILS
SAPSprint consists of the program 'sapsprint.exe', which contains the implementation of the Windows
service and the receiver for print data from the SAP system. The SAPWIN data stream is processed in the
DLL 'sapwin.dll'. This
DLL is also used by the new front-end printing, as described in Note 821519. SAPWIN processing errors
therefore affect both print methods. Patches for SAPSprint and the new front-end print are available in Note
841175.
SOLUTION
Install SAPSprint as described above. SAPSprint replaces the SAPLPD's server functions. Use the new
method described in Note 821519 for front-end printing.
Do not install SAPSprint on every workstation.
RELATED NOTES
947514 Printed output of Thai ABAP lists shifted after kernel patch
946209 Analyzing SAPSprint problems
927074 Patches for SAPSprint
821519 Front-end printing with control technology
213524 SAPsprint installation in an MSCS environment
85469 Options for the SAPSprint print server tool
42268 Operate SAPLPD as a service on Windows NT/2000/XP
16420 Problems with SAPLPD
12550 Problems with remotely connected printers (WAN)
Pooled queue speeds up the printing process when multiple jobs are in the printer queue. Print jobs from
the pooled queue are sent to the YSoft SafeQ server even if another job is being processed in windows
spooler at the moment.
1 Add printer according to Adding a printer to print via an LPR port from a Windows workstation
or server article
Click New port to open Add Standard TCP/IP Printer port Wizard.
Click Next.
Click Next.
Click Finish.
On Ports tab in Printer Properties window check all Standard TCP/IP Port configured for YSoft
SafeQ server.
Note: Your server might function differently based on the version and edition of the operating system that is
installed, your account permissions, and your menu settings.
Windows Server 2003/2008 Print Services allow printers, including those connected via a SafeQ Print
roaming system to be shared over a network and provide a centralised printer management infrastructure
allowing multiple print servers and printers to be managed from within the Microsoft Print Management tool.
Centralized print sharing simplifies changes to the print configuration. However, this does creates a
bottleneck, where all print jobs coming from any user to any printer are serialized into one single queue,
drastically reducing the print throughput. There are several techniques how to optimise, or avoid this bottle
neck:
The first option is to enable Client-side Rendering (CSR) in Windows Printer Sharing properties.
The second option is to create multiple ports and use Printer Pooling in Windows Printer Port
properties.
The ultimate solution to the bottleneck created by a centralised shared print roaming printer is to use
a distributed system. This means the installation and configuration of printer drivers, print queues and
ports to each individual client workstation.
Please note that apart from a printer driver, the installation of the SafeQ Client locally at every workstation is
mandatory for any feature that requires any type of pop up dialogue (i.e. Billing Code selection ...)
About
Adding and setting up a new printer in the graphical user interface
ABOUT
LPR is a network protocol for submitting print jobs to a remote printer (the YSoft SafeQ server in this case).
This page explains how to configure a printer in a MacOS X system to use LPR for printing.
NOTE: The method for adding and setting up a new printer in a MacOS X system varies according to the
distribution and working environment.
1 To add a new printer, go to System Preferences > Printers & Scanners and click +.
Fill in the necessary data. URL is the format lpd://hostname/queue. Hostname is IP address or
hostname of your YSoft SafeQ server. Queue is the name of the queue to which print jobs will be
sent.
3 Select the driver for the printer from Use: menu or select Other Software to display list of available
printing software drivers from the database or select Other to use PPD file.
5 Now it is possible to send print jobs to the newly created printer, which is configured to send the jobs
to YSoft SafeQ.
4.12.12 ADDING A SHARED "PRINT ROAMING" PRINTER TO PRINT VIA AN LPR PORT FROM A
WINDOWS SERVER 2012
LPR is a network protocol for submitting print jobs to a remote printer (the YSoft SafeQ server in this case).
This page explains how to configure a printer in Windows 2012 to use LPR for printing.
1 Open the Devices and Printers wizard and select Add a printer.
By selecting this you will reopen the Devices and Printers wizard as an administrator.
8 The Hostname or IP address of the SafeQ CML server or SafeQ ORS server created should
already be visible in Port Name and Printer Name or IP Adress
9 From the list of printer drivers, select the appropriate driver or select a driver from the disk. Please
make sure that the selected driver is supported by all MFPs in the print roaming group.
11 To share the printer select Share this printer so that others on your network can find it and use
it.
12 To give access right to the group Everyone, follow the procedure below.
Open Devices and Printers, right-click selected device and select Printer properties
On the Security tab, make sure the group Everyone has the permission to Print.
13 To add a x86 print driver go to the tab Sharing in order to add support for 32bit Windows OS.
14 Because the print driver has no direct access to any printer, it´s necessary to uncheck Bidirectional
support to prevent a time-out caused by unsuccessful attempt for such communication. On the Ports
tab, make sure Enable bidirectional support is left unchecked.
When the print driver has any other kind of bidirectional support embedded, it has to be disabled as
well such as Auto Acquire Settings, Bi-Directional Communication, etc.
15 Because the driver is in default configuration, it is necessary select all available extensions and
options such as finishers, paper trays, staplers, booklets to meet the highest available hardware
configuration.
16 Send a test page to validate that the printer was installed correctly.
17 Enable Print Pooling and create another 4 LPR ports. Fore more information please refer to the
following article Print pooling on MS Windows Server.
4.12.13 ADDING A SHARED "PRINT ROAMING" PRINTER TO PRINT VIA AN LPR PORT FROM A
WINDOWS SERVER 2008 R2
LPR is a network protocol for submitting print jobs to a remote printer (the YSoft SafeQ server in this case).
This page explains how to configure a printer in Windows to use LPR for printing.
1 Open the Devices and Printers wizard and select Add a printer.
4 For Hostname or IP address, enter the address of the SafeQ CML server or SafeQ ORS server;
then enter a name for the port.
6 The Hostname or IP address of the SafeQ CML server or SafeQ ORS server created should
already be visible in Port Name and Printer Name or IP Adress
7 From the list of printer drivers, select the appropriate driver or select a driver from the disk. Please
make sure that the selected driver is supported by all MFPs in the print roaming group.
8 Enter a name for the new printer; then wait for the installation process to finish. Select other options
according to your needs (sharing, setting the printer as default, test page printing); then finish the
wizard.
9 To share the printer select Share this printer so that others on your network can find it and use
it. Fore more information please refer to the following article Shared Print from Windows Server.
10 Send a test page to validate that the printer was installed correctly.
11 To give access right to the group Everyone, follow the procedure below.
Open Devices and Printers, right-click selected device and select Printer properties
On the Security tab, make sure the group Everyone has the permission to Print.
12 To add a x86 print driver go to the tab Sharing in order to add support for 32bit Windows OS.
13 Because the print driver has no direct access to any printer, it´s necessary to uncheck Bidirectional
support to prevent a time-out caused by unsuccessful attempt for such communication. On the Ports
tab, make sure Enable bidirectional support is left unchecked.
When the print driver has any other kind of bidirectional support embedded, it has to be disabled as
well such as Auto Acquire Settings, Bi-Directional Communication, etc.
14 Because the driver is in default configuration, it is necessary select all available extensions and
options such as finishers, paper trays, staplers, booklets to meet the highest available hardware
configuration.
15 Enable Print Pooling and create another 4 LPR ports. Fore more information please refer to the
following article Print pooling on MS Windows Server.
Overview
Installation
Supported operating systems
Application log
Workstations installation steps
Workstation uninstallation steps
Microsoft Cluster Server installation (MSCS)
Microsoft Cluster Server uninstallation
Configuration
Caveats
Accounting Accuracy
Duplicate Jobs in Accounting Records
Duplicated or Missing Devices
Authorized access
Limitations
Upgrade from SafeQ 4 to SafeQ 5
4.13.1 OVERVIEW
Local Monitor is a thin client application that monitors printing using MS Windows Print Spooler on a
workstation or a print server.
The following diagram depicts how Local Monitors accounts print jobs sent to directly connected
printers (blue) and sent to SMB printer (orange) under normal circumstances.
Local Monitor uses Windows Print Spooler accounting method (see: Print tracking methods).
Accounting information is sent to a SafeQ at scheduled intervals; Local Monitor does not keep
persistent connection to the server. If the server is unavailable, Local Monitor stores accounting
information into a local cache and delivers it to the server once the connection is restored. Cache is
kept even if the system is restarted and is able to keep data as long as disk storage space is available.
4.13.2 INSTALLATION
APPLICATION LOG
Important information about installation and application run can be found in system temporary folder
(usually C:\WINDOWS\Temp) in file SQLocalM.log.
4.13.3 CONFIGURATION
Local Monitor installation package includes configuration file Install.reg, which must be configured
prior installation. Description of configuration options follows.
Interval Interval for checking new jobs in printer queue in seconds. dword:
0000001E
(30s)
AcceptComplete Take into account all jobs, which have status dword:
'SENT_TO_PRINTER'. 00000001
True - dword:00000001
False - dword:00000000
ServerPort Port, which will be used for communication with SafeQ 9100
server. The same port must be defined on the SafeQ server
side.
IgnorePorts1, IgnorePorts2, ... Local Monitor will ignore outputs on these ports.
MonitorPrinter1, MonitorPrinter2, ... Local Monitor will monitor this printer even if a port of the
printer is in the list of ignored ports. Specify the printers
name in Windows.
ReportEmptyJobs
Enable - dword:00000000
Disable - dword:00000001
CurrentUserNameFormat How the Local Monitor should report the user name. If no
input is given, than just standalone user name is reported
(default).
DS_FQDN_1779_NAME CN=someone,
OU=Users,DC=Engineering,DC=Fabrikam,DC=Com
DS_NT4_ACCOUNT_NAME Engineering\someone
DS_DISPLAY_NAME Jeff Smith
DS_UNIQUE_ID_NAME 4fa050f0-f561-11cf-
bdd9-00aa003a77b6
DS_CANONICAL_NAME engineering.fabrikam.
com/software/someone
DS_USER_PRINCIPAL_NAME someone@engineering.
fabrikam.com
DS_CANONICAL_NAME_EX engineering.fabrikam.
com/software\tsomeone
DS_SERVICE_PRINCIPAL_NAME www/www.fabrikam.
com@fabrikam.com
DS_SID_OR_SID_HISTORY_NAME S-1-5-21-397955417-
626881126-188441444-501
SAFEQ_SID_FORMAT 01:05:00:00:00:00:00:
05:15:00:00:00:23:2e:93:00:5e:fc:94:30:e5:fd:ce:87:63:04:
00:00
Note: Specifying any of above options may report currently
logged on user as a job owner
ParseUserFromJobTitle This option allows parsing of job user from the job title. dword:
00000000
Enable - dword:00000001
Disable - dword:00000000
ParseUserFromJobTitleIndex Position of owner token in job title (indexing starts at 0, ie. dword:
first token is 0, second is 1, etc.). 00000000
ParseUserFromJobTitlePreserveTitle Use this option to preserve title after parsing job. Using dword:
default value will remove username from job title (if the 00000000
ParseUserFromJobTitle is used).
Enable - dword:00000001
Disable - dword:00000000
4.13.4 CAVEATS
ACCOUNTING ACCURACY
Accounting information reflects what Windows Print Spooler (thinks it) sends to a printer. Print
parameters and number of pages that are actually produced may differ.
It is possible to enable internal PCL parser to increase accuracy of accounting information for
PCL5/PCLXL/HPGL2 print jobs. When enabled, each print job is read from Windows Print
Spooler and analyzed.
Some print drivers do not provide correct number of pages when the printer is shared from
Windows Print server. We recommend to enable internal PCL parser to provide more accurate
accounting information.
Accounting information can get lost if YSoft SafeQ server crashes. Local Monitor does not wait
for the server to store accounting information to a persistent storage; as soon as the server
accepts the accounting information, it is removed from Local Monitor cache.
Print job sent to YSoft SafeQ queue is initially accounted by the Local Monitor when the job is
submitted to the queue. YSoft SafeQ will then account the same job after it is actually delivered
to a printer.
Print job sent to SMB printer is initially accounted by the Local Monitor on the client as it is sent
to the print server. If the print server is equipped with another instance of Local Monitor, job is
accounted again as it is being delivered to the printer.
For example: When two workstations with Local Monitor print to a network printer directly, two device
entries might be created for the same printer in YSoft SafeQ - each one from Local Monitor on each
workstation. One physical printer will appear as two in the reports, each showing its share of print jobs.
AUTHORIZED ACCESS
4.13.5 LIMITATIONS
YSoft SafeQ supports number of external scripts that can be used in order to automate SafeQ related
processes. Description and configuration of those scripts is available in this sections.
On this page
This external utility is used for device replication from CSV files into the internal SafeQ database.
Regular start-up shall be provided by the user, e.g. the Scheduled Task service in Windows, by running the
batch file delivered. To avoid pause in the end of run, add -nopause parameter.
<SAFEQ_DIR>\bin\device_import.bat
Next, several parameters can be set up in the YSoft SafeQ configuration (through System Settings page):
csv_device_dir – the value of this parameter must refer to the directory where the source csv files
with the definition of the imported devices are located. Only files with the .csv extension are uploaded
and then read in an alphabetic order. Should this directory not exist, the replication will not proceed
and this service will be recorded in the log (default: C:/SafeQ5/server/csv_devices)
csv_device_emails – if this parameter is enabled, the replicator sends, after replication, an email to
the SafeQ administrator (and to other addresses defined) if an error has occurred during replication.
(default: disabled)
csv_device_email_address – other email addresses may be added to this parameter where the
error log of the replicator shall be sent. Please separate the individual addresses with commas.
csv_device_incremental – if disabled (default) replicator will delete all devices created by previous
replication. If enabled, replicator will only update existing devices.
csv_charset – character encoding for csv files. Value follows Java convention for defining charsets.
(default: UTF-8)
CSV files must have an accurate format. Mandatory values must be entered (shown in the list in blue),
otherwise the device will not be replicated into the internal database. Optional values may be left blank. In
this case, they will be obtained from the device template.
The individual parameters shall be separated with a semi-colon (;), should a value contain a semi-colon,
then such value must be enclosed by inverted commas ("text;text").
All names are "case-sensitive", i.e. small and capital letters are distinguished. Example: group "default" is
not the same as "Default".
1. Device name – name of a device. This parameter doesn't have to be unique in device group. If no
Device name is specified in csv file, the device will not be replicated.
2. Group name – name of a device group (ORS group or Default group) to which the device will be
assigned. If no group exists or specified group does not exist, the device will not be replicated.
3. Template name – name of device template from which the values not specified in the csv file will be
taken. All missing parameters (accounting, price list, terminal embedded settings, advanced
parameters...) are taken over from it. If template does not exist or is not specified in csv file, the
device will not be replicated.
4. Device IP address – IP address or domain name of a device. If csv file contains domain name for
device instead of IP, replicator first translate domain into IP and then continue (this is necessary to
eliminate possibility of replication 2 same devices - one with IP and one with domain). The replicator
will determine if device with same IP address exists within the specified Group name. If exists, the
device parameters will be updated according to the values taken from the csv file and will marked as
replicated. If no such device exists with this IP, a new device will be created. IP address of the device
must be unique within one ORS Group and within all CML groups. If csv file contains device specified
with domain name and SafeQ already has this device, but with IP address, then IP is changed to
domain name. If the Device IP address is not specified in csv file, the device will not be replicated.
5. Terminal serial number or IP address – if specified, a new hardware terminal will be assigned to
the device (or an old one updated). Terminal serial number must be unique within the whole SafeQ
(including all CML and ORS groups). If the Terminal serial number or IP address already exists, then
the device will not be replicated.
6. Direct queues – if the value is filled out, then direct queues will be assigned to the device. If
updating the device, then all previously assigned direct queues will be removed and newly specified
queues are added. The individual names must be separated with commas (if multiple queues are to
be assigned). Direct queue must be unique within the whole SafeQ (including all CML and ORS
groups). If the device with same direct queue exists, the new device will not be replicated.
7. Accounting center number - cost center to which the device will be assigned if value is specified. If
value is incorrect (CC is already deleted or renamed) or value is not specified, the value is taken from
template. If no such Accounting center number exists (CC in template is also incorrect), the device
will not be replicated.
8. Device description - description of the device. If no value is specified in csv file, then the value from
template is taken.
9. Device location - location of the device. If no value is specified in csv file, then the value from
template is taken.
10. Inventory number - equipment number of the device. If no value is specified in csv file, then the the
value stays empty.
11. Service Agreement number - m aintenance contract number. If no value is specified in csv file, then
the the value stays empty.
12. Person to contact - If no value is specified in csv file, then the the value from template is taken.
13. ZIP code - If no value is specified in csv file, then the the value from template is taken.
SAMPLE LINE:
FURTHER INFORMATION
If replicated devices use terminal embedded, admin will have to install TE manually after replication.
TE setting are preconfigured and admin has to just click on reinstall button in device settings.
It is possible to have 2 devices with same terminal, because we cannot translate terminal IP into its
SN and vice versa. So the first device can have terminal specified by its IP and second can have
terminal specified by SN.
All replicated devices must have proper DNS record (DNS server must be accessible from SafeQ
CML server) in order to disallow replication of 2 same devices (one with domain name and one with
IP address).
The CSV replicator is intended for the download of users, cost centres, and/or user roles from pre-
defined CSV files and for storing this information in the SafeQ server internal database. In this
case, authentication is via the internal database.
AT A GLANCE
1. Configure replication source directory by editing the csv_dir configuration property through System
Settings page if necessary (default: <SAFEQ_DIR>\server\csv).
2. Create CSV files according to the structure described in the next chapter. The CSV File encoding
should be UTF-8.
3. Start replicator by running command line script <SAFEQ_DIR>\bin\csv_import.bat.
NOTE: For regular synchronization with the CSV file, schedule the import via system scheduled
tasks. To avoid pause at the end of the run, add the -nopause parameter.
NOTE: Information about replication results will be saved in log file (CSVReplicator.log) stored in
<SAFEQ_DIR>\logs.
Before replication, the respective CSV files must be stored in the directory named in the csv_dir
configuration parameter (initially, <SAFEQ_DIR>\server\csv).
These files must be stored in the format shown below. The files are processed in alphabetical order
based on their names. (For replication, only some of them may be used.)
NOTE: Only one type of input information per file is allowed. E.g. you cannot import users and update
card numbers in the same csv file.
NOTE: CSV files must be imported in logical order. E.g. users must be created before card is assigned
to them.
NOTE: CSV file user replicator is not able to create/modify the money accounts in YSoft Payment
System.
User information
Card numbers
Cost centers
Roles
Mapping roles to users
Update of users
Deletion of users
Set user's password
If the userID equals zero, then user is updated based on the login (first record). Otherwise, the user
with ID matching the userID is updated.
If the replicator finds existing user, the replicator compares existing records. In case of changes, it
updates relevant data (and adds and/or removes data).
If the replicator does not find any user, new one is created. The user ID for the new user is added by
database sequence, not by userID specified in CSV!
Records not present in the list will be marked as deleted.
<login>;<PIN/card number>
RMAP;<login>;<role name>
Only roles in the list will be kept for user (plus the role Everyone); the others will be removed.
Password is set only if user does not have any. This should prevent situation when next replication
overwrite the current user's password that user choose instead of the default one (for example via
Dashboard widget, if password change action is enabled via his user's rights).
PASSWORD;<login>;<password>
UPDATE OF USERS
While the replication of users require list of all users (not listed users are deleted), update of users updates
only particular user.
If userID is not empty, user is searched by her ID. Otherwise user is searched by login.
Parameters can be empty. Only filled values are updated for the user.
DELETION OF USERS
While the replication of users deletes all not listed users, deletion of users deletes only particular user.
USERDELETE;[userID];[login,alias,...]
If userID is not empty, user is deleted based on her ID. Otherwise user is deleted based on login.
OVERVIEW
Rule-based Engine allows administrator of YSoft SafeQ to define rules that will help optimize customer's
print environment. You can find purpose and examples here.
CONFIGURATION
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
and go to Rules > Rules selection.
2 Create a new rule by clicking Add new item. A window with creating wizard will be opened.
Use wizard to create new workflow. For more information about wizard see: Using the Rule Definition
wizard
For more information about triggers, conditions, actions and notifications see: Rule-based Engine:
rule definition
4 Every created rule is be visible in the rule list. You can perform following actions here:
Edit - to edit the existing rule, please double click on the rule or click settings button on
the right side of rule.
Enable/disable - to enable / disable rules just click the flag icon belonging to the rule.
Rules with red flag will not be processed, rules with green flag will.
Order - order rules in list by simply dragging and dropping. If more rules are enabled,
they will be performed in the order from the first to the last in the list starting with top of
the list.
Overview
Initial Deployment
Configuring Shared Queues via SafeQ Web Interface
Configuring Delegation Print (VIP Shared Queues) via SafeQ Client by user
Workstation Configuration
OVERVIEW
Following administrative tasks are required to be performed in order to configure Workgroup print sharing
(Shared Queues)
INITIAL DEPLOYMENT
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 It is also necessary to properly configure Identity management. By default, SafeQ rejects all prints
initiated by unknown user (user who is not in the SafeQ Identity Database)
Be sure that for every device, where copy is supposed to be monitored by SafeQ, is
equipped by some type of the terminal.
Embedded Terminals: device must be properly configured and the terminal must be
deployed to the MFP (see Install Embedded Terminals). Embedded Terminal cannot be
installed, unless the device is registered in SafeQ (see "SafeQ Configuration Tasks"
section of this guide).
4 For network attached printers, (re)configure all workstations or print servers to print via SafeQ server
(or use Windows print spooler monitoring). YSoft SafeQ Client can be used for configuration of
workstations. For vast majority of the installations, configured printer ports must point to the SafeQ
Server. See Printer configuration for Workstation and Server for more information.
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
OR
Note: You must enable the VIP shared queues in the system settings at first to see the checkbox.
Please refer to documentation related to Configuration of VIP Shared Queues.
5 Now you can see created shared queue(s) in the list. There is names, type and number of users for
each shared queue in the list.
To add user, select queue and click Items > Add user to selected queue
6 Select users and roles form the displayed list and close list.
Now all added users and users which are members of added roles, will see all jobs print jobs sent to
this queue.
CONFIGURING DELEGATION PRINT (VIP SHARED QUEUES) VIA SAFEQ CLIENT BY USER
To define and configure user configuration of Shared Queues follow these steps:
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Make sure that attribute webServerPort is set to the same port as SafeQ web interface uses (e.g.
81).
Web server HTTP port value used by this web interface. Value must match settings in server.xml
configuration file and is used for construction of web links.
4 Enable Access to management of own shared print queue via separate web interface and click
Save.
5 Print document from your workstation via SafeQ Client as user with granted delegation rights (device
connected to SafeQ port).
The VIP shard queues tab should be available in SafeQ Client window.
Click Select people to define which users will have access to your shared queue. You'll be redirected
to application where you can delegate persons with privilege to print your shared print jobs.
You have to enter your login and password to manage the queue.
Note: Button "Select people" is not available on ORS servers.
Note: Shared queue is automatically created also when user click Shared Print directly (sends
job via Shared print). But new queue will contain just the sender of the job.
6 A window for shared queues configuration should be opened. Note: Internet Explorer must be
installed to open this window.
Login with user, which has allowed Access to management of own shared print queue via separate
web interface property in user access rights.
Note: You can access this window also via Internet Explorer web browser using URL - http
(s)://<safequrl>/client.jsp. This web page is available only on CML server but you can manage
through it also shared queue used on ORS server.
8 Select users to add from the list and click Add users.
9 Now you can see users added to yours shared queue. If you are done click Save and close and
close Internet Explorer window.
Created shared queue will be also available in the SafeQ web interface.
10 Now shared queue is created and you can send shared jobs to print.
Now you can click Shared Print and your job will be added to created shared queue, then selected
users will have access to this job.
WORKSTATION CONFIGURATION
If you want to use shared queue directly without using SafeQ web Client follow these steps:
1 Configure workstation as described here Printer configuration for Workstation and Server, and use
Shared Queue Name you've created in previous steps.
Copy panel of the MFP device have to be locked. This is handled by I/O blocking module in
external terminal, or with installed embedded terminal and disabled appropriate functions.
User needs to authorize himself via YSoft SafeQ terminal. The YSoft SafeQ server is allowing
/disabling him the copy functionality regarding users rights or credit amount available on his
account.
OVERVIEW
Following administrative tasks are required to be performed in order to configure MFD Walkup Functions
Control.
DEPLOYMENT, CONFIGURATION
1 At each device used for the authorized copying needs to be connected/installed YSoft SafeQ
terminal.
2 In case of usage YSoft SafeQ embedded terminal, the embedded terminal has to be properly
installed within MFP device. See Install Embedded Terminals.
3 In case of usage YSoft SafeQ external terminal (Terminal Professional or Terminal UltraLight), the
terminal has to be properly installed within MFP device. See Terminal Professional.
4 Administrator have to configure for each user role, group of devices or ORS servers access definition
with allowing/disabling access for copying. See Defining access rights.
Following administrative tasks are required to be performed in order to configure Copy Tracking
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 It is also necessary to properly configure Identity management. By default, SafeQ rejects all prints
initiated by unknown user (user who is not in the SafeQ Identity Database)
1. a. Be sure that every device where copy is supposed to be monitored by SafeQ is equipped
by some type of the terminal.
b. External Terminals: device panel of copy function must be blocked using smart cable
(see Hardware Compatibility List (HCL) and Installing and configuring YSoft SafeQ
Terminals) and available only after user authenticates.
c. Embedded Terminals: device must be properly configured and the terminal must be
deployed to the MFP (see Install Embedded Terminals). Embedded Terminal cannot be
installed, unless the device is registered in SafeQ.
1 Use Adding and editing printers in Web Administration, section Using the Printers list to add device
you wish to monitor. Make sure at least IP address and Accounting Mechanism is correctly specified.
(see Print tracking methods for more information).
2 Use Defining access rights to ensure that users are eligible to copy at the defined device.
Overview
Prerequisities
Web server properties
Installation of HWC prerequisites
Installation via SafeQ installer
Manual installation
Logging of web servers
Trace logging of web servers
OVERVIEW
Terminal Server implements embedded web server based on IIS hostable web core (HWC)
functionality. HWC web server is suitable even for environments with large number of devices connecting to
one node. It provides necessary performance and stability.
PREREQUISITIES
IIS 7.0 or higher must be installed on the server in order to use HWC web server and therefore it can be
used only on Windows Server 2008 or higher. The IIS together with all required features can be installed
automatically during installation of SafeQ (both for CML and ORS server) or it can be installed manually.
In case of non-customized installation, necessary system roles are installed and HWC server is always
configured (if supported by the operation system).
If you do not want have HWC configured automatically, deselect I want to customize my YSoft
SafeQ installation and proceed with customized installation.
Note that installation of roles and features via installer may take several minutes.
If port 80 is selected in the installer for SafeQ web interface, then IIS site called "Default Web Site"
is deleted from IIS after installation as the site overrides system settings and uses port 80 instead
of SafeQ web interface. If IIS was already installed before and you select this option, please make
sure that no important site named "Default Web Site" is configured in external IIS otherwise it will
be deleted.
During customized installation, you have the possibility to skip automatic installation and configuration of
HWC by deselecting option Enable support for embedded IIS web server.
Please check and install necessary roles manually according to guide below.
If you are updating or upgrading SafeQ installation, then no roles nor features are installed. If you want to
use HWC web server, then server web role must be enabled manually.
ORS INSTALLATION
To install web server roles and features use configuration option enableHwcSupport in safeq-ors.ini. The
usage is following:
If port 80 is selected in the installer for SafeQ web interface, then IIS site called "Default Web Site"
is deleted from IIS after installation as the site overrides system settings and uses port 80 instead
of SafeQ web interface. If IIS was already installed before and you select this option, please make
sure that no important site named "Default Web Site" is configured in external IIS otherwise it will
be deleted.
MANUAL INSTALLATION
Server web role and related services can be enabled on Windows Server 2008, 2008 R2 and 2012 also by
powershell scripts. To execute these scripts, 64-bit version of Powershell must be used. The commands
are different for each Windows version.
Import-Module ServerManager
Add-WindowsFeature Web-Server
Add-WindowsFeature Web-Asp-Net
Import-Module ServerManager
Add-WindowsFeature Web-Server
Add-WindowsFeature Web-Asp-Net45
Add-WindowsFeature Web-WHC
After installation of server web role, the IIS is always installed together with 'Default Web Site'
which uses port 80. If you want to have SafeQ 5 web interface using this port (80), delete this
default web site in IIS Server Manager, or use command
Stopping the web site is not sufficient as it starts again after computer restart.
GOTO SERVER MANAGER > ROLES , THEN OPEN ADD ROLES WIZZARD AND SELECT WEB SERVER (IIS) SERVER ROLE.
ASP.NET and Hostable Web Core role services must be enabled together with depending features.
Finally click the Install button. The installation may take several minutes.
Keep in mind that IIS is installed together with Default Web Site running on port 80 which may
interfere with SafeQ web interface. If you want to have SafeQ 5 web interface using this port (80),
delete this default web site in IIS Server Manager
You can recognize successful start of HWC web server from terminalserver.log, located in
<SafeQ_dir>\terminalserver:
If error occurs during HWC startup in its kernel, the error is saved into Windows Application Event Log
(known limitation of HWC).
The logs can be found in Computer Management > System Tools > Event Viewer > Windows Logs >
Application. The source of error is HostableWebCore. Double-clicking the event shows error detail.
The Terminal Server does not need restart if the configuration is changed via SafeQ web interface.
dsHttptraceVerbosity = debug
The logs recycle themselves according to current Terminal Server logging configuration.
This feature is suitable mainly for troubleshooting purposes. Use after consulting with your Y Soft
representative.
OVERVIEW
This page describes how to configure YSoft SafeQ to work with printer over File backend.
CONFIGURATION
1 Create blank file backend.File.sq in %SAFEQ_HOME%/extensions on the server where the printer
is connected and on the CML where web interface is used for administration and restart CML/ORS
services.
2 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer printers (for example,
"admin")
4 Go to System > System settings and configure printToFilePath property with location to store
output job file. The path is relative with working directory set to %SafeQ%\server\temp folder.
OVERVIEW
This page describes how to configure Purged Pages reports (see Green Reporting). Purged Pages reports
show the number of pages that were sent to YSoft SafeQ but not printed (deleted on terminal or in SafeQ
Web interface). Copies and scans are not counted to the reports.
Purge Pages functions reports depends also on print job parser settings:
if parser is enabled - you can specify the price of a particular page type
if parser is disabled - you can specify the average count of pages for every non-printed job. These
jobs will be counted as A4 B/W jobs according to the settings for Green report jobs with the parser
enabled
CONFIGURATION
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
2 a) Enable print job parser and set prices for Purge pages in following properties(System > System
settings):
purge_job_price_bw_a3
purge_job_price_col_a3
purge_job_price_bw
purge_job_price_col
b) In case of disabled parser , specify the average count of pages for every non-printed job
purge_job_avg_pages (System > System settings)
3 You can see statistics for Purge Pages in Reports > Web reports.
4 If you wish to see only the sum of money saved during the specific period of time, limit the web
reports to the purged pages as displayed below:
5 To display actual saving only following columns have to be included in the report:
6 For more information about web reports see: Using Web reports
This article will help you with the configuration of the secured connection (HTTPS) to the YSoft SafeQ web
interface. This article consists of:
Keep HTTP non-SSL port (default 80) as the first in XML. Installer requires HTTP port to be the
first in definition. HTTPS should be the second.
disableUploadTimeout= "true"
acceptCount= "100"
scheme= "https"
secure= "true"
SSLEnabled= "true"
SSLCertificateFile= "${catalina.home}/conf/safeq-tomcat.crt"
SSLCertificateKeyFile= "${catalina.home}/conf/safeq-tomcat.key"
SSLVerifyClient= "none"
SSLPassword= "*****"
SSLProtocol= "TLSv1+SSLv2"
URIEncoding= "UTF-8"
clientAuth= "false"
SSLCipherSuite="
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA"
/>
NOTE: Path for YSoft SafeQ directory can vary based on the settings selected during the installation.
Therefore <safeq_folder> tag is used instead of exact path, which is usually C:\SafeQ5\ for the CML servers
or C:\SafeQORS\ for the ORS servers.
NOTE: In case the CML cluster is used, the steps has to be performed on every node of the CML
cluster.
cd <safeq_folder>\tomcat\conf
openssl req - new -x509 -days 365 -nodes -out safeq-tomcat.crt -keyout safeq-tomcat.key
-passout "pass:***"
6 (OPTIONAL)
If you wish to enable automatic redirection from unsecured connection (HTTP port 80) to the secured
connection (HTTPS port 443), edit <SafeQ>\tomcat\conf\web.xml and append these lines before the
</web-app> tag:
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
7 Start the "YSoft SafeQ Web interface" service on YSoft SafeQ server
8 Verify that YSoft SafeQ web interface functional and uses your own certificate. In case you enabled
the automatic redirection to HTTPS, opening the http://<safeq_server_IP> address will be
automatically redirected to https protocol.
EXAMPLE OF SETTING UP THE SECURE CONNECTION USING THE EXISTING PERSONAL INFORMATION
EXCHANGE (*.PFX;*.P12)
This example describes the way how to make the web connection secure using the e xisting Personal
Information Exchange (*.pfx;*.p12) .
NOTE: Path for YSoft SafeQ directory can vary based on the settings selected during the installation.
Therefore <safeq_folder> tag is used instead of exact path, which is usually C:\SafeQ5\ for the CML servers
or C:\SafeQORS\ for the ORS servers.
NOTE: In case the CML cluster is used, the steps has to be performed on every node of the CML
cluster.
Open command line and run the following command to extract the certificate:
cd <safeq_folder>\tomcat\conf
openssl.exe pkcs12 -in <path_to_file>\myownfile.pfx -nokeys -out "safeq-tomcat.crt" -
password "pass:***"
Open command line and run the following command to extract private key:
cd <safeq_folder>\tomcat\conf
openssl.exe pkcs12 -in <path_to_file>\myownfile.pfx -nocerts -out "safeq-tomcat.key" -
password "pass:***" -passout "pass:***"
5 (OPTIONAL)
If you wish to enable automatic redirection from unsecured connection (HTTP port 80) to the secured
connection (HTTPS port 443), edit <SafeQ>\tomcat\conf\web.xml and append these lines before the
</web-app> tag:
<security-constraint>
<web-resource-collection>
6 Start the "YSoft SafeQ Web interface" service on YSoft SafeQ server
7 Verify that YSoft SafeQ web interface functional and uses your own certificate. In case you enabled
the automatic redirection to HTTPS, opening the http://<safeq_server_IP> address will be
automatically redirected to https protocol.
YSoft SafeQ Client communicates with YSoft SafeQ via web interface using embedded Internet Explorer.
Generated SSL certificate needs to be installed on PC with SafeQ Client into Certificate store Trusted Root
Certification Authorities in order to make SafeQ Client work properly. For detailed information see
Problem: SafeQ client - Windows cannot validate certificate on troubleshooting page.
By default, the primary YSoft SafeQ IP address is used as the server name in all requests. Protocol and port
for the connection is based on following settings (accessible from the web interface):
Use configuration value webServerProtocol to define whether to use the http or https protocol.
If webServerProtocol value is http, then YSoft SafeQ generates URL for client using webServerPort
value (default: 80).
If webServerProtocol value is https, then YSoft SafeQ generates URL for client using
webServerPortHTTPS value (default: 443).
Valid certificate is mandatory for HTTPS server. In case of invalid certificate client applications will
display warning or it will refuse to display client window. Depends on security policies of the
operating system
This configuration property is not available from the web administration, it can be set only in the
configuration files.
Individual SafeQ cluster nodes and ORS servers can have different values.
startup.conf snippet
# Base URL (optional) of the YSoft SafeQ Web interface . If set, it is used used to access the
YSoft SafeQ web interface from the YSoft SafeQ Client.
# Trailing slash is not allowed here. Valid examples: http: //hostname.example.com, http://10.
10.20.20:8080, https://secure.example.com.
safeqWebBaseUrl =
TROUBLESHOOTING
For more details in case of any problems please see: Troubleshooting HTTPS Web interface
Windows client does not work with invalid HTTPS certificate. It displays following error
message:
SOLUTION:
Verify that certificate is valid in browser. This certificate must be issued to server address, must have valid
CA and valid timestamp. Otherwise it will be evaluated as invalid.
1 Open Internet Explorer and open HTTPS URL of SafeQ server. In case of default installation it will
be: https://<safeq_server_ip>/. Internet Explorer will display security warning.
6 Select Place all certificates in following store and click Browse button.
1 Mac client works with HTTPS and invalid certificate, but it will display warning about invalid certificate.
It is possible to add certificate to trusted certificates, but warning about invalid certificate will be
displayed also next time when user log to his Mac OS machine.
At a Glance
Overview
Method 1. Self-assignment using Card Activation Code
Administrator manually generates a Card Activation Code for an individual user
User automatically receives a Card Activation Code via e-mail
User generates a Card Activation Code himself via the web interface
Method 2. Self-assignment using Username and Password
Related configuration options
OVERVIEW
This page describes how to configure the ID card self-assignment. ID card self assignment can be used
when a user has a card that has not been assigned to him yet and the number of this card is not available in
a central database/directory server. There are several options how the user can assign a card to himself,
see below:
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer printers (for example,
"admin")
Go to System > System settings and set puk-enabled configuration option to enabled.
NOTE: The users will be able to self-assign any card that is readable by a card reader attached
to the terminals.
2a Administator navigates to Users > Users list > Edit user > Basic tab and clicks on the Generate
Card Activation Code button.
2b Card Activation Code will be automatically generated and delivered by e-mail when user sends
first print job to YSoft SafeQ server
USER GENERATES A CARD ACTIVATION CODE HIMSELF VIA THE WEB INTERFACE
2c User logs into YSoft SafeQ Web Interface, displays the Dashboard and clicks on Generate Card
Activation Code button.
There are two possibilities how the generated Card Activation Codes from options 2a and 2c can be
delivered to the user:
3a The user receives the generated Card Activation Code via e-mail ( if it is correctly defined in YSoft
SafeQ database and sending of Card Activation Code by e-mail is set ).
3b The user can see his Card Activation Code on YSoft SafeQ Web Interface Dashboard after logging
in.
NOTE: puk-display-on-web must be set to enabled. For more information see Related
properties below.
The user can assign a card to himself by swiping an unknown card and entering his username and
password on a YSoft SafeQ Terminal.
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Go to System > System settings and set assign-new-card-enabled configuration option to enabled
.
NOTE: The users will be able to self-assign any card that is readable by a card reader attached
to the terminals.
puk-display-on-web - When enabled, the users can see their current Card Activation Code on the
dashboard of the SafeQ web interface.
remove-puk-after-use - When enabled, each Card Activation Code is removed from database after
use. Enabling this setting is recommended since it decreases the security risk that Card Activation
Code will be misused by another user.
puk-length - Length (number of digits) of generated Card Activation Codes. For security reasons,
this value should allow to generate at least 100 times more Card Activation Codes that there`s users
in system. Minimal length is defined to 6.
assign-new-card-single - When enabled, users cannot assign a card to themselves if they already
have a card assigned.
OVERVIEW
This page describes how to configure SafeQ to work with printer over Internet Printing Protocol (IPP).
CONFIGURATION
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
2 Set Backend to IPP value and press button. The Port value will automatically change to 80
and the IPP queue value will automatically change to ipp.
OVERVIEW
This page describes how to configure SafeQ to work with printer over secure Internet Printing Protocol (IPP
via SSL).
CONFIGURATION
1 Log in to the SafeQ Web administration with sufficient rights to manage devices.
2 Set Backend to IPPSSL value and press button. The Port value will automatically change to
443 and the IPP queue value will automatically change to ipp.
3 Enter keystore password. (To obtain keystore password, please contact customer service support)
5 To verify imported certificate run following command: ..\JAVA\bin\keytool.exe -server -list -v -alias
ysoft -keystore ..\..\conf\ssl-truststore
6 Enter keystore password. (To obtain keystore password, please contact customer service support)
OVERVIEW
Following administrative tasks are required to be performed in order to configure Office Print Tracking.
INITIAL DEPLOYMENT
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 Deploy Local Monitor Component to every Windows Workstation or Print Server with locally
connected printers. (see Local Monitor for more information).
1 To globally setup prices for monitored pages, edit Default Price List - Local B/W print (normal) and
Local color print (normal).
2 System will automatically collect print job information on after every print on monitored computers,
there is no additional administrator input required.
INITIAL DEPLOYMENT
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 It is also necessary to properly configure Identity management. By default, SafeQ rejects all prints
initiated by unknown user (user who is not in the SafeQ Identity Database)
1 For network attached printers, (re)configure all workstations or print servers to print via SafeQ server
(or use Windows print spooler monitoring). YSoft SafeQ Client may be used for configuration of
workstations. For vast majority of the installations, configured printer ports must point to the SafeQ
Server. See Printer configuration for Workstation and Server for more information.
2 Use Adding and editing printers in Web Administration, section Using the Printers list to add device
you wish to monitor. Make sure at least IP address and Accounting Mechanism is correctly specified.
(see Print tracking methods for more information).
For Costs Recovery, price list can be optionally defined in Devices > Printers > Edit device > Price
list tab.
3 To monitor direct print to the device, you have to configure the direct print queue name, matching in
both Adding and editing printers and Workstation Configuration.
4 Use Defining access rights to ensure that users are eligible to print the the defined device.
OVERVIEW
This page describes how to configure Print data transfer compression between
1 Install and configure SafeQ Client application. See how to install this application. Installing YSoft
SafeQ Client on a Windows workstation, server, or server cluster
2 SafeQ Client have to be already installed with the enabled settings in the safeq.ini reqistry installation
file (located in SafeQ Client installation package) with option Compression=1
3 The settings have to be enabled also after installation of the SafeQ Client in printer port properties
where compression of the print data have to be marked.
In your OS go to Devices > Printer properties > select SafeQ Secure Port > Configure port.
An SafeQ Client - Options window will be displayed, then check Use compression > click OK to
apply new settings.
4 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
This settings enables delivering compressed jobs from YSoft SafeQ server to Terminal Professional
that is attached to printer. Files are decompressed on terminal and sent directly to printer.
2 Technical details:
OVERVIEW
Following administrative tasks are required to be performed in order to configure Print data transfer
encryption
1 Install and configure SafeQ Client application. See how to install this application. Installing YSoft
SafeQ Client on a Windows workstation, server, or server cluster
2 Before the installation is launched, set Encryption=1 in safeq.ini (located in SafeQ Client installation
package).
3 Once the installation is finished, verify the encryption is enabled in the printer port properties.
Encryption can be disabled/enabled via pripter port properties at any time.
In your Operating system to Devices > Printer properties > select SafeQ Secure Port > Configure
port >
SafeQ Client - Options window will be displayed > check Use encryption > click OK to apply the
settings.
4 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
5 SafeQ Administrator should enable IPP over SSL communucation for devices in SafeQ management
interface.
1. a. With every device, the secured backend method should be enabled via SafeQ web
interface. See Adding and editing printers#Advancedprintersettings
b. Device IPP communication should be enabled for each device via MFP configuration
web interface.
NOTE: Administrator has to assign access rights for individual users or roles to print, or enable
unrestricted access.
NOTE: Prices can optionally be specified for every device in Price list
OVERVIEW
This administrator task is describing the view of Print jobs on the Ysoft SafeQ terminals. Print jobs can be
sorted to the virtual printing queues, which are available for the user via terminal display. Following
administrative tasks are required to be performed in order to configure Print job list management and re-print
INITIAL DEPLOYMENT
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 It is also necessary to properly configure Identity management. By default, SafeQ rejects all prints
initiated by unknown user (user who is not in the SafeQ Identity Database).
1. a. Be sure that for every device, where copy is supposed to be monitored by SafeQ, is
equipped by some type of the terminal.
b. Embedded Terminals: device must be properly configured and the terminal must be
deployed to the MFP. Embedded terminals cannot be installed, unless the device is
registered in SafeQ (see "SafeQ Configuration Tasks" section of this guide).
1 Log in to the SafeQ Web administration with sufficient rights to manage devices.
2 Steps for Print job list configuration are different for devices with Terminal Professional (step 2a) and
Terminal Embedded (step 2b).
To change joblist settings for Terminal Professional click icon and choose other value of Job list
from dropdown menu.
Only not printed - terminal will display just only not printed jobs
To print / printed - terminal will display two job queues: waiting print jobs and already
printed jobs
To print / printed / favorites - terminal will display three job queues:waiting print jobs,
already printed jobs and favorite jobs
No joblist - terminal will not display any queue with jobs, if there will be waiting jobs user
can print them using print button
Temporarily disabled - job list button will be displayed, but not able to work - terminal
shows message "Job list has been temporarily disabled by the administrator"
To change job list settings for Terminal Embedded choose from the available options in the Job list
folders:
OVERVIEW
Print job preview feature allows the user to see preview of first page print job on terminal screen.
CONFIGURATION
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Go to System > System settings > Spooler and set Print job parser property to one of these
values: Render jobs as low resolution (36 DPI) images or Render jobs as high-resolution (150
DPI) images.
For more information about parser configuration please visit Print Job Parser Configuration.
If enabled, a preview service is running in SafeQ, providing print job previews to terminals.
Warning
CML cannot participate in ORS print roaming. Job sent to CML will not be available on ORS and
vice versa.
All CML cluster nodes (as well as external database servers they use, if any) have to be in the
same time zone for correct functionality.
All ORS servers in one YSoft SafeQ system have to be in the same time zone (Java can be set to
that time zone). This time zone can differ from CML time zone.
OVERVIEW
Print roaming (also known as "Follow-me" printing) is an extension of pull-printing. With pull-printing (also
known as secured printing), after you send a print job to a printer, you later "pull" the job to a printer — that
is, you go to a printer, log in there, and print the job. If print roaming is properly configured, you can pick-up
your documents sent to SafeQ server on every printer across all ORS groups.
FAR ROAMING
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
6 To set replication time interval for far roaming jobs go to System > System settings and change
value of refreshRoamingJobCronRule property.
NOTE: To turn the Far Roaming off set the refreshRoamingJobCronRule property the following
value: * * * * * ? 2099
NEAR ROAMING
There are two ways how to configure Near Roaming Group. Using UDP or TCP connection.
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
3 Add new standalone Job roaming group . Fill in all field according to TCP or UDP settings in steps
5a or 5b.
It is strongly recommended to use UDP multicast instead of TCP unicast whenever it's
possible. TCP unicast is sensitive to network temporary failures instead of UPD multicast,
where reliability of communication is achieved on higher network layers and provides less
network load.
Multicast communication in YSoft SafeQ, as well as TCP Unicast, is provided via 3rd party solution,
industry standard communication java technology called JGroups. JGroups technology extends
reliable unicast (one-to-one) message transmission (like in TCP) to multicast (one-to-many) settings.
It provides reliability and group membership on top of IP Multicast. Then it enables us to use reliable
multicast.
Since every application has different reliability needs, JGroups provides a flexible protocol stack
architecture. It allows to put together custom-tailored stacks ranging from unreliable but fast - to
highly reliable but slower stacks.
In unicast communication is where one sender sends a message to one receiver. TCP unicast takes
care of message retransmission for missing messages, weeds out duplicates, fragments packets that
are too big and presents messages to the application in the order in which they were sent. Then using
TCP will cause additional network overhead, caused by nature of TCP. This in turn decreases
solution scalability. Each additional member (node) added into TCP cluster, creates significant
amount of communication to the network due to point-to-point communication with other nodes in
cluster.
In the multicast case, where one sender sends a message to many receivers, IP Multicast extends
UDP: a sender sends messages to a multicast address and the receivers have to join that multicast
address to receive them. Like in UDP, message transmission is still unreliable, and there is no notion
of membership (who has currently joined the multicast address). UDP Multicast configuration of YSoft
SafeQ is already set out-of-the-box to use reliable multicast. Only thing needs to be done: ensure
that the infrastructure supports UDP Multicast communication among all near roaming group
members (nodes).
5a
NEAR ROAMING USING TCP (PREFERRED FOR SMALL GROUPS)
Set the group as follows:
Limitation of TCP Near Roaming group: maximum is 10 ORS servers in one group.
5b
NEAR ROAMING USING UDP MULTICAST
Make sure, the multicast networking is allowed between all ORS servers in near roaming group.
6 Create ORS or use existing ORS and move it to created roaming group.
Select ORS to move and click Actions > Move ORS to another job roaming group .
Stop all YSoft SafeQ services on all ORS servers in the Near Roaming Group including the
newly added one (so no ORS in the NRG is running). Start one by one using this algorithm:
If you remove ORS server from near roaming group so there are only two ORSs left in the group (or
there are some non-active ORS servers in the group so there are only two active ORSs left) it is necessary
to restart ORS service on remaining ORS servers. Note that services must be restarted consequently -
service on second ORS must be restarted after first ORS is fully operational.
OVERVIEW
Following administrative tasks are required to be performed in order to configure Copy Tracking
INITIAL DEPLOYMENT
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 It is also necessary to properly configure Identity management. SafeQ rejects all prints initiated by
unknown user by default. (Unknown user is user which is not defined in the SafeQ Identity Database)
Make sure that every device which should be monitored by SafeQ is equiped by some
type of terminal.
External Terminals: device panel of copy function must be blocked by smart cable (see
Hardware Compatibility List (HCL) and Installing and configuring YSoft SafeQ Terminals
), device is available only after user authenticates.
Embedded Terminals: device must be properly configured and the terminal must be
deployed to the MFP (see Install Embedded Terminals). Embedded Terminal cannot be
installed, unless the device is registered in SafeQ.
CONFIGURATION
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
2 If you are using Billing codes on devices which are connected to ORS servers, s et also
billingCodesSyncCronRule property to choosen time.
Cron rules for periodic check of billing codes update default value: 0 _/15 * * * ? (every 15 mins)
3 Import projects list to SafeQ (see Billing Code Import CSV Format Specification) or Create Projects
manualy (see Managing billing codes).
NOTE: You can restrict projects visibility to user by Access Rights settings at Managing billing
codes page.
4 Use Adding and editing printers in Web Administration. Section Using the Printers list to add device
you wish to monitor. Make sure that IP address and Accounting Mechanism is correctly specified.
(see Print tracking methods for more information).
5 Use Defining access rights to ensure that users are allowed to copy at the defined device.
OTHER PROPERTIES
You can configure advanced behavior of billing codes in web interface System Settings (Expert mode).
when path is longer then max length then it is trimmed to specified size
trim strategy
0 - trim from start: ...abc
1 - trim from end: abc...
2 - trim from middle: ab..c
Meaning of values:
OVERVIEW
The following administrative tasks are required to be performed in order to configure Project Print Tracking.
INITIAL DEPLOYMENT
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 It is also necessary to properly configure Identity management. SafeQ rejects all prints initiated by
unknown user by default. (Unknown user is user which is not defined in the SafeQ Identity Database)
3 Install and configure YSoft SafeQ Client on every workstation you want to use for project billing.
SafeQ Client have to be already installed with the enabled settings in the safeq.ini reqistry installation
file
You can automate the configuration by using the YSoft SafeQ Client's deployment file, safeq.ini
(located in SafeQ Client installation package) with option ProtocolLevel=4
CONFIGURATION
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
2 If you are using Billing codes on devices which are connected to ORS servers, s et also
billingCodesSyncCronRule property to choosen time.
Cron rules for periodic check of billing codes update default value: 0 _/15 * * * ? (every 15 mins)
3 Import projects list to SafeQ (see Billing Code Import CSV Format Specification) or Create Projects
manualy (see Managing billing codes).
NOTE: You can restrict projects visibility to user by Access Rights settings at Managing billing
codes page.
4 Use Adding and editing printers in Web Administration. Section Using the Printers list to add device
you wish to monitor. Make sure that IP address and Accounting Mechanism is correctly specified.
(see Print tracking methods for more information).
5 For Costs Recovery, prices can be optionally defined in Devices > Printers > Edit printer > Price list
tab.
6 Go to Direct printing tab, if you want to monitor direct prints sent to the printer.
The direct queue name must match the queue name specified when you added the printer to the
YSoft SafeQ system and in the workstation configuration. (See Adding and editing printers.)
7 To ensure that users are allowed to print to the defined printer, define access rights as described in
Defining access rights.
8 If you want to define default billing codes for users, see Adding and configuring users, the "Billing
code" section.
OVERVIEW
YSoft SafeQ offers scan management which, depending on the used terminal (hardware or embedded) and
vendor, provides the ability to manage scan process and the data destination.
SCAN WORKFLOWS
Before starting a scan using either of the supported terminals, it is required to configure scan workflow.
Scan workflow configuration is managed from the YSoft SafeQ Web administration, some of the scan
options may be available at the terminal (subject to system configuration).
1 Log in to the SafeQ Web administration with sufficient rights to manage system configuration.
NOTE: ORS servers must be restarted in order to update the scan workflows configuration.
3 Configure access rights to scan workflows using the guide: Setting access rights to scan
workflows
4 Scan workflows are now created and users can use them with YSoft SafeQ terminals.
YSoft SafeQ supports Scan management on devices with installed Terminal Professional or Embedded
Terminal.
Each scan job can be accounted, based on defined prices. More information about configuring prices at
Price list.
1
TERMINAL PROFESSIONAL
There are two primary options to initiate a scan with Terminal Professional: Scan using YSoft SafeQ
scan workflow or Scan via SMTP (without scan workflows)
EMBEDDED TERMINAL
Embedded terminals support scanning via scan workflows using YSoft SafeQ scan application
(Konica Minolta, Xerox, Fuji Xerox, Sharp, Ricoh).
More details are available at: Configure scanning for Embedded Terminal
OVERVIEW
Following administrative tasks are required to be performed in order to configure secured printing (pull-
print) or Print roaming.
INITIAL DEPLOYMENT
1 Make sure the SafeQ server is currently installed and running. (see YSoft SafeQ 5 installation
procedure for more information).
2 It is also necessary to properly configure Identity management. SafeQ rejects all prints initiated by
unknown user by default. (Unknown user is user which is not defined in the SafeQ Identity Database)
Be sure that for every device, where copy is supposed to be monitored by SafeQ, is
equipped by some type of the terminal.
Embedded Terminals: device must be properly configured and the terminal must be
deployed to the MFP (see Install Embedded Terminals). Embedded Terminal cannot be
installed, unless the device is registered in SafeQ (see "SafeQ Configuration Tasks"
section of this guide).
4 For network attached printers, (re)configure all workstations or print servers to print via SafeQ server
(or use Windows print spooler monitoring). YSoft SafeQ Client can be used for configuration of
workstations. For vast majority of the installations, configured printer ports must point to the SafeQ
Server. See Printer configuration for Workstation and Server for more information.
Typically, the queue name as defined in the workstation configuration shall be "secure",
"secured" or "print_roaming" (however SafeQ generally considers any queue name
which is not Shared or Direct as queue for Secured print)
To limit print roaming functionality only to certain group of devices ("print roaming
groups"), SafeQ introduces mechanism of Device Tags.
CONFIGURATION
1 Use Adding and editing printers in Web Administration, section Using the Printers list to add device
you wish to monitor. Make sure at least IP address and Accounting Mechanism is correctly specified.
(see Print tracking methods for more information).
2 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Define list of supported PDLs (languages) to prevent print waste/misprint caused by unsupported
PDL. Please note that supported PDLs (Properties) must match with the information available with
printed job (see Using detailed job information). If the properties don't match, the print job will not be
available at the terminal.
3 For Costs Recovery, prices can be optionally defined in Price list tab.
Use Defining access rights to ensure that users are eligible to print at the defined device.
5 If applicable, configure job list behavior. (see Configuring Print job list management).
Microsoft Windows Network Load Balancing Cluster (WNLB) for CML servers - see Configuring
WNLB Server Failover
Microsoft Clustering Services (MSCS) for CML servers - see Configuring MSCS Server Failover -
Terminal Server in Active-Passive mode
Microsoft Clustering Services (MSCS) for CML servers - see Configuring MSCS Server Failover in
Active-Passive mode
YSoft SafeQ Application Level Cluster for CML servers
ORS Failover & Load balancing supported under Early Access program - see Configuring ORS
Failover and Load balancing
Caveats:
Expected behavior:
In case of a node failure, other node takes over all SafeQ services and users are still able to perform
all the operations.
Limitations:
Active sessions (print, scan, copy) will be interrupted during the crash of one of the servers. User will
have to log in and perform the operation again.
It is necessary to always use the virtual IP address of the cluster to administrate SafeQ using the web
interface
ENVIRONMENT REQUIREMENTS
FIRST SERVER
1 Follow standard procedures to install SafeQ to the first server which is part of the MS Cluster.
During installation select the IP address of public network adapter (not the one used for
heartbeat in MS cluster).
Use external MSSQL server.
SECOND SERVER
2 Follow the installation wizard and when asked to select the IP address of SafeQ server, select the IP
address of public network adapter (not the one used for heartbeat in MS cluster). Also place a
checkbox next to „I want to customize my SafeQ installation“ and press „Next“.
5 Fill in the connection details for external MSSQL server the same way as for the first server (i.e. the
same database names) and press „Test/Next“. Confirm popup dialogs by „OK“.
6 Untick checkbox at „Start SafeQ services after the installation is finished“ and modify rest of the
options per your needs. Then press „Install“.
NOTE: SafeQ on the second node is currently not running and it is not configured.
UNIFY YSOFT SAFEQ CONFIGURATION AND CONFIGURE USAGE OF RESERVED IP ADDRESS FOR CLUSTERING
NOTE: In this step you will be filling in the virtual IP address that is reserved for clustering of YSoft
SafeQ services. The IP address must be reachable by all workstations/MFPs that will be used with YSoft
SafeQ. The same virtual IP address will be later specified in the Failover Cluster manager.
Connect to the SafeQ database (by default SQDB5) via MS Management studio and modify the following:
1.
1. replace IP address at parameter networkAddress by the virtual IP reserved for clustering of SafeQ
services (same IP address as configured in the database).
1. replace IP address at parameter address by the virtual IP reserved for clustering of SafeQ services
(same IP address as configured in the database). Replace only values different than "localhost".
Afterwards, there should be 3 occurrences replaced.
Right-click the cluster name, select "Configure a service or application", select "Generic
Service" and click next.
Select „YSoft SafeQ CML“ and click next.
Specify the virtual name „SafeQ-cluster“ and the virtual IP address that will be used by
all the SafeQ services. The same IP address has been used in SafeQ configuration files.
Finish the wizard with no additional changes
Failover Cluster Manager -> in the left menu right-click the resource „SafeQ-cluster“ ->
„Add a resource -> select „Generic Service“
Select one of the mentioned services, click next and finish the wizard with no additional
changes
5 Take resource „SafeQ-cluster“ offline (under „Services and applications“ right-click your resource and
select „Take this service or application offline“). Then bring it online again.
run „services.msc“ and go to the properties of all SafeQ services -> on tab „ Log On“
select „This account“ and fill in details about the account which is local administrator
and which has permissions to read/write to the shared spooler directory and to the
destination for your scanned documents.
If the resource „SafeQ-cluster“ is not held by the second server, move it to the second
SafeQ server via Failover Cluster Manager (cluadmin.msc). To move the resource it is
necessary to go to "services and applications" -> right-click „SafeQ-cluster“ -> select “
Move this service or application to another node” -> select second node -> confirm the
dialogue.
Log in to the SafeQ web interface via the clustered IP address.
Activate SafeQ using the second license.
Try to move „SafeQ-cluster“ resource from one node to another. Go to "services and applications" ->
right-click „SafeQ-cluster“ -> select “Move this service or application to another node” -> select
second node -> confirm the dialogue.
Expected result: resource is properly moved and all services are shown as on-line
TEST PRINTING WITH FAILOVER
Move resource „SafeQ-cluster“ to the first SafeQ server. Then send a print job via the virtual IP
address of the resource and port 515.
Move resource „SafeQ-cluster“ to the second SafeQ server and release the print job via the secure
queue.
Move resource „SafeQ-cluster“ to the first SafeQ server and wait till the Terminal Server is shown as
Running on the SafeQ web interface. Then log in to the web interface via virtual IP address of the
resource and reinstall the embedded terminal. Verify that you can authenticate on the embedded
terminal.
Move resource „SafeQ-cluster“ to the second server, wait till the Terminal Server is shown as
Running on the SafeQ web interface and try to authenticate via the embedded terminal
Implementation:
YSoftSafeQTerminalServer service is part of MSCS as a resource. In case of node failure, MSCS fail-over
the resource to other node.
ENVIRONMENT REQUIREMENTS
1. a. Right click on cluster name, select "Configure a service or application" - select "Generic Service" click
next
b. Select "YSoft SafeQ Terminal Server" and click next
c. Specify virtual name (in our case terminal_server) and IP address for YSoft SafeQ Terminal Server
below, click next
i. this IP address will be used in <SafeQ_dir>\terminalserver\TerminalServer.exe.config as
"networkAddress"
d. Finish wizard with no additional changes
2 Restart YSoft SafeQ Terminal Server service using "cluadmin.exe" to apply settings
3 If you are using Network Card Reader, make sure that "enableNetworkLoadBalancer" is enabled in
the SafeQ Web interface > System > System settings. (workaround - see limitations)
TEST
Try to move "terminal_server" resource from one node to another. Go to "services and application" -
select "terminal_server" - in "Other resources" right click on "YSoft SafeQ Terminal Server" - select
"more actions" - choose "Move this service to another service or application" - do that.
LIMITATIONS
Pull accounting (Xerox) is not retrieved during failover event. Please make sure TS always runs on
master node.
Network Card Reader is in default configuration not functional in case of failover event. Please make
sure "enableNetworkLoadBalancer" configuration is enabled as a workaround to resolve this issue.
To administrate SafeQ using web interface, use always virtual IP address of the cluster to reach node
with on-line and connected YSoft SafeQ Terminal server service (YSoft SafeQ Terminal Server is
always connected with local node only).
HOW TO CONFIGURE TERMINAL SERVER FAILOVER USING WINDOWS NETWORK LOAD BALANCING SERVICES (WNLB)
This article describes how to configure YSoft SafeQ to utilize Windows Network Load Balancing services for
the Terminal Server (MFP with embedded terminal) failover.
Expected behavior:
Printer with embedded terminal is able to operate in case its parent node is not running.
Implementation:
In case of failure or shutdown of YSoft SafeQ Terminal Server service, NLB node is deregistered from
cluster.
Chapters:
How to configure Terminal Server Failover using Windows Network Load Balancing Services (WNLB)
Environment requirements
Limitations
Basic example of Network Load Balancing Services configuration
Configuring YSoft SafeQ for the proper WNLB usage
Test of functionality
Manual rebalancing of printers in case that one YSoft SafeQ server fails
Best practices
Various interesting information related to WNLB
ENVIRONMENT REQUIREMENTS
LIMITATIONS
The described failover is available for CML cluster only (not for ORS)
Jobs on MFP with pull accounting (e.g. older Xerox devices) is not accounted during downtime of
parent Terminal Server (it will be accounted after the Terminal Server recovery).
Print jobs stored on server that encountered failure are not available for print. Use parameter cluster-
readSharedFolderJob and the spooler directory on a high-available shared location to make print
jobs accessible even during the failure of one node.
Embedded terminal: Pull print based printers (e.g. older Xerox devices) might not show Jobs history
after print (due to the fact that printer might be not connected to it its parent Terminal Server)
Samsung Embedded Terminal - devices can be installed only when a single NLB node is running (i.e.
Status=Converged, other NLB nodes must be stopped) and device must be installed on the
respective node.
WARNING
Please note that this example applies to Windows Server 2008R2. List of steps might slightly differ in
newer versions of Windows Server OS.
1 Install the NLB feature on all nodes including the management client
nlbmgr.
exe
1.
a.
a. Connect to first node and select the NIC to be clustered (in unicast mode we usually use first NIC for
standard network communication and its IP address shall be configured in SafeQ configuration file
startup.conf. The second NIC shall be used purely for NLB clustering and you shall not use it for
anything else)
b. Enter clustered IP
c. Enter cluster name and choose multicast or unicast mode (depends on your network configuration),
finish the wizard
d. Select "Add host to cluster" on cluster
e. Connect to second node and select the NIC to be clustered. Finish the wizard.
Both nodes should be in "converged" status
4 In "Cluster properties" > "Port Rules" > "Edit" > set filtering mode to "Multiple host" with Affinity: Single
+ Timeout: 30minutes
NOTE: For Network Card Readers use filtering mode "Single host" and enter clustered IP into
NCR settings
5 In every host properties - change initial host state to "Stopped" value (Terminal Server will start the
host once it is ready to accept connection from printer)
8 Windows 2008 R2 introduces a strong host model that does not allow different NICs to communicate
with each other. For example, if a request comes in on the 2nd NIC and if there is no default gateway
setup, then the IC will not use the 1st NIC to reply to the requests (even though there's a default
gateway setup on that 1st NIC). To change that behavior and go back to the 2003 model, run these
commands from the command prompt:
NOTE: "Local Area Connection 2" is the name of the clustered network interface)
netsh interface ipv4 set interface "Local Area Connection 2" weakhostsend=enable
1 Install YSoft SafeQ cluster on the IP address that is not used by WNLB (not the WNLB virtual IP, not
the IP address used by WNLB adapter in case of unicast mode).
2 In YSoft SafeQ Web Interface go to System > Views > Advanced options > set
enableNetworkLoadBalancer and operateWnlb properties to enabled.
3 Perform these steps on all YSoft SafeQ servers that are part of WNLB cluster:
3b. Configure deregistration of the failed node from the WNLB cluster in case of a failure:
Open properties of YSoft SafeQ Terminal Server and YSoft SafeQ CML services (via
services.msc) -> go to Recovery tab -> set the following configuration:
First failure: Run a Program
Program: nlb.exe
Parameters: stop
3c. Restart YSoft SafeQ Terminal Server and YSoft SafeQ CML services to apply the settings.
4 In case that failover/loa dbalancing for SHARP, Fuji Xerox or Konica Minolta Embedded
Terminals is required, enable etcd:
4a. Log in to the SafeQ Web Interface on the master node with sufficient rights to administer printers
(for example, "admin")
4b. Go to System > System settings, set enableEtcd property to enabled and s ave the
configuration
4c. Restart YSoft SafeQ Terminal Server service on all members of the WNLB cluster
5 Reinstall embedded terminal on all devices that should be connected to WNLB cluster.
Please note that usage of etcd is the preferred option now. If you were using a shared folder for failover
/loa dbalancing of SHARP or Konica Minolta Embedded Terminals and want to continue using it -
replace steps 4 with the following .
4a. create a network share (for example path \\<server>\DeviceConfigurationData ). Network share must
be a high-available location. Account(s) running Terminal Server service on all members of the WNLB
cluster must have full privileges for this location.
4b. stop YSoft SafeQ Terminal Server service on all members of the WNLB cluster
4d. start YSoft SafeQ Terminal Server service on all members of the WNLB cluster
TEST OF FUNCTIONALITY
Perform following tests for all members of the WNLB cluster:
Try to stop Terminal Server service -> WNLB manager shows Stopped state on the node where
Terminal Server was stopped (change can take up to one minute)
Try to start Terminal Server service -> WNLB manager shows Started state on the node where
Terminal Server was started (change can take up to one minute)
It is possible to authenticate on MFP when just one node shows "Converged" state
It may take up to 2 minutes for the Terminal Server to fully initiate. Thus the authentication
on the recently started Terminal Server may fail within 2 minutes from the start .
MANUAL REBALANCING OF PRINTERS IN CASE THAT ONE YSOFT SAFEQ SERVER FAILS
This topic applies only to printers with pull accounting (e.g. old Xerox devices).
When one of the cluster members fails and it is not possible to quickly recover from failure, it is
recommended to rebalance devices between CML nodes to restore proper pull accounting.
2 Check list of devices in YSoft SafeQ web interface - all printer were moved to running CML nodes
(you may need to display column "Terminal Server ID" in the device list to see which server is
responsible for particular devices)
3 Rebalance devices again once the failed cluster member is back online node
BEST PRACTICES
If all members of the WNLB cluster are in same subnet you might use unicast mode.
If the members of WNLB cluster are not in same subnet, multicast mode shall be used.
When planning the use of WNLB, it is advised to replace all NCR with USB readers (otherwise
"Single host" affinity is a must and this causes that only failover is done, loadbalancing is not made
and only one CML node is utilized at a time).
There are various ways to configure WNLB depending on the network architecture. Description in
Microsoft TechNet:
http://technet.microsoft.com/en-us/library/bb687542.aspx
http://technet.microsoft.com/en-us/library/cc770689%28v=ws.10%29.aspx
Selecting the Unicast or Multicast Method of Distributing Incoming Requests:
https://technet.microsoft.com/cs-cz/library/Cc782694(v=WS.10).aspx
Netsh commands for Interface Internet Protocol version 4 (IPv4). Description in Microsoft TechNet:
http://technet.microsoft.com/cs-cz/library/cc731521(v=ws.10).aspx
Sample configuration is described in VMware KB:
Sample Configuration - Network Load Balancing (NLB) Multicast Mode Configuration
http://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=1006558
Sample Configuration - Network Load Balancing (NLB) Multicast mode over routed subnet -
Cisco Switch Static ARP Configuration
http://kb.vmware.com/selfservice/microsites/search.do?
cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1006525
Configuration required with Unicast mode:
http://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=1556
OVERVIEW
CONFIGURATION
NOTE: All settings could be done in service menu or by Remote configuration tool for hardware terminals
with authorized access.
1 Enter terminal's service menu. For more info see: Installing Terminal
Professional#Step4DisplayingtheServicemenu
Go to Network settings > SNMP where you can configure all required items.
Required is to set management server to use SNMP v2c protocol with correctly set community name.
TECHNICAL DETAILS
Supported only on Terminal Professional (firmware version 3.13.0 and higher)
This page describes how to configure scanning to use WebDAV, FTP or both.
CONFIGURATION
To configure scanning to use WebDAV, log in to the SafeQ Web Interface with sufficient rights to administer
printers (for example, "admin")
Go to System > System settings and set scanServerType property, which can be set to the following
values:
1. webdav All printers must support WebDAV. In case any printer does not support WebDAV, it will not
be able to install embedded terminal with scan settings.
However Print and Copy settings will be still available and can be installed on every
supported embedded terminal
FTP server is disabled
2. webdav All printers that support WebDAV will be installed with WebDAV support - all others remains
ftp on FTP server instead.
3. ftp All printers will use the FTP internal server for scanning documents.
WebDAV is disabled.
WebDAV is served by ORS Web Service. Default ports for this service is 80 for HTTP and 443 for HTTPS
communication.
See Installing YSoft SafeQ ORS for information how to set these ports.
Overview
Displaying the Scan workflows list
Adding new workflow by importing XML file
Adding new workflow using workflow wizard
Setting access rights to scan workflows
OVERVIEW
Following administrative tasks are required to be performed in order to configure Workflow scanning
There is two ways how to create scan workflows: by importing XML file or using workflow wizard. Both ways
will be described on this page.
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Go to Rules > Scan workflows. On this page, you can add/edit/delete/order scan workflows.
2 To change order of existing workflows, just drag icon and drop scan workflow. Then click Save
changes. Workflows will be displayed in the same order on scanning devices.
1 Click Import from XML, click "..." button and select XML file for the scan workflow. See Scanning
workflow definition for further instructions how to build XML file.
Then click Upload file. The workflow now appears on the Scan workflows page.
1 Click Add new item, and scan workflow definition wizard window will be opened.
The name of the workflow is visible on SafeQ web interface and in case of scanning with embedded
terminal also on a panel of MFP where user selects from available workflows.
TYPE
The destination of scanned documents defines where the scanned document shall be stored. There
are three possible values:
The description can be an arbitrary string which describes the scanning workflow in a natural
language. It is shown for example in the embedded terminal application when user selects a
workflow. It may for example contain a message for a user to enter parameter values. The description
string may be shown wrapped according to display proportions.
3 Scan settings tab contains predefined settings for a resulting scan document as follows:
RESOLUTION
This option specifies resolution of scanning. There are five possible values sorted from the lowest
resolution to the highest resolution.
NOTE: Not all technologies and MFP models support all five levels of the resolution. If an
unsupported level is chosen, the scanning will not start or the resolution is approximated to the
nearest possible value (differs for each vendor).
SIDES
This option specifies whether the scan shall be scanned as duplex or simplex. There are following
values:
COLOR
This option specifies color scheme of a scan. There are following values:
Full color
Black and white
Bicolor
Grayscale
Monocolor
Auto – color scheme is detected automatically by the scanning device
NOTE: Not all technologies and MFP models support all six color schemes. If an unsupported
color scheme is chosen, the scanning will not start or the color scheme is approximated to the
nearest possible value (differs for each vendor).
This option specifies file format of the output file. There are following values:
NOTE: Not all technologies and MFP models support all output file formats. If an unsupported file
format is chosen, it is substituted with any other similar file format.
LOCKED PARAMETERS
It is possible to lock parameters: Resolution, Color, Output file format ad Sides. Locked parameter
can not be modified by logged user on terminal.
4 On User parameters tab you can define User parameter - so user will able to enter / change a value
of the parameter. This can be done via terminal panel interface – currently only embedded terminals
allow users to enter parameter values.
NOTE: You can change order of parameters by dragging icon and dropping. Parameters will
be displayed in the same order on scanning devices.
5 Click Add parameter and new window with following options will be displayed:
PARAMETER NAME
The parameter name is an alphanumeric identifier of the parameter. There is a set of special
parameters for each scanning workflow whose names are reserved. You can choose name from list
of pre-defined names from drop-down menu. This list is dependent on type of scan workflow. In
section User parameter you can see only subset of pre-defined names which are relevant for user.
You can also select Custom value from drop down for creating custom type parameter. You'll see
new field under drop-down menu for custom name.
PARAMETER LABEL
The parameter label is an alphanumeric description of the parameter. It should contain a short
description of the parameter in a natural language. For example, the embedded terminal application
shows the label next to the input field of the parameter.
PARAMETER TYPE
The parameter type is used as a constraint for values of the parameter. For example, the embedded
terminal application uses the data type to display a specific input component or check values entered
by the user.
Data types are:
A parameter may be defined as mandatory and a user has to enter a value for it. In this case
operation cannot continue unless the value is set. In the opposite case, value can be set voluntarily
and it will not affect user's work.
DEFAULT VALUE
A parameter may have a default value which must respect data type. This value is used unless
changed either way, typically from the embedded terminal application. As for the scanning with
hardware terminal, the default value field is the only way to provide a value for the parameter.
The default value may contain %variables%. See Scanning workflow definition for details.
6 Administrator parameters tab is same like User parameters. The only difference is that Required
parameter flag is not available for Administrator parameters and that in the section Administrator
parameters you can see all (not only relevant to user) pre-defined names in drop-down menu relevant
for the type of scan workflow. These parameters cannot be seen by user on MFP panel and therefore
cannot be change by him.
NOTE: You can change order of parameters by dragging icon and dropping.
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
Go to Rules > Scan workflows access. On this page, you can create and modify access rights to
scan workflows that you have defined. (See Managing scan workflows.) Access rights can be sorted
based on Scan workflow name and by User role.
2 Click Add new item to grant access rights for scan workflows.
Allow or deny access rights (3) for selected user role (1) and workflow (2). Then click Add.
3 New access for scan workflows was added. Create more scan workflows if needed.
NOTE: When you have installed devices on ORS, you have to restart ORS service to propagate
scan workflows to ORS.
4 To enabled / disabled scan workflows click / icons. Then click Save changes.
- workflow is enabled
- workflow is disabled
OVERVIEW
When you print a document from your workstation, YSoft SafeQ Client enables you to compare the price of
making your print in color or in black-and-white and on available printers. You can then choose the best
options for printing your document.
PREREQUISITES
Enable Print Job Parser in YSoft SafeQ web interface to "Render jobs ..." value
1 Log in to the YSoft SafeQ web interface with sufficient administrator rights
2 Print document from your workstation via SafeQ Client (device connected to SafeQ port).
3 The YSoft SafeQ Client windows with Price estimation tab opens. Other tabs can be displayed
based on YSoft SafeQ settings.
NOTE: In some environments, it can take around 30 seconds to YSoft SafeQ Client appears.
4 Prices estimation for your job appears as displayed on image. You can set few of finishing options
here by clicking:
Price estimation window is displayed for secure and direct prints. User cannot adjust finishing options
for direct prints. And only printer which has assigned direct queue used for printing is displayed,
Additionally current balance on users money account is displayed, if YSoft Payment System is
enabled. Then prices higher than current balance are grayed out.
Please note that price estimation has only informative character and final job price may differ.
Following aspects can change job price after job reception on device:
rules defined in Rule-based Engine with trigger "Before job is released to the printer" or "On
job's delivery to the printer".
changes in finishing options on terminal
paper type used for print
device capabilities (e.g. format or color limitations)
LIMITATIONS
A maximum of 10 printers where the user has access rights are displayed in the Price estimation
window.
It is not possible to choose preferred printers.
Communication between embedded terminals and Terminal Server is provided by default via secured
hypertext transfer protocol (https). If we want to have connections between Terminal Server and embedded
terminals unsecured, the secured communication must be disabled in both Terminal Server and MFP.
LIMITATIONS
Currently, the only supported vendors are FujiXerox and Sharp. The MFPs of other vendors will not work in
case when secured communication is disabled. Configuration affects entire Terminal Server and therefore
we cannot have both secured and unsecured connections between one Terminal Server and embedded
terminals. Solution to this limitation is to use multiple ORSs, where each Terminal Server has different
configuration of secured connections, for example, one with disabled secured connections and other ones
with enabled. The MFPs of unsupported vendors (e.g. Xerox) then can be connected to the Terminal Server
with enabled secured connections.
CONFIGURATION
Secured communication in Terminal Server can be disabled in SafeQ web interface via configuration option
dsSslEnabled which can be found in System settings under tab Communicator in Expert options view. The
default value is set to true (enabled). To disable https connections, set it to false (disabled) and restart
Terminal Server. This configuration is global and therefore it affects any Termianl Servers connected to
given CML through any ORS.
The other way to disable secured connections is via Terminal Server's configuration file TerminalServer.
exe.config which can be found in directory <SafeQ_dir>\terminalserver. Add or modify configuration
option dsSslEnabled in appSetting section to value false and restart Terminal Server.
This configuration option affects only given Terminal Server and therefore it is suitable in case of multiple
ORSs, each with different configuration of secured communication.
Note that if we disable secured communication in Terminal Server, it must be disabled also in
connected MFP and vice versa.
At a Glance
2.x.x Yes No No No
1 Download the new firmware files from the Y Soft Partners' Portal (http://partners.ysoft.com).
2 Copy downloaded files into the "update" folder on SafeQ server - typically C:/SafeQ5/server/update.
1 Log in to the SafeQ Web Interface with sufficient rights to administer printers (for example, "admin")
2 Select terminal(s) which you want to update and click Schedule firmware update.
3 Set Date and time, firmware version and click Schedule update. Your update will be saved and
performed at given time.
NOTE: Update time can be late for few minutes, depending on the workload of SafeQ servers and
terminal availability.
4 You can see bar with updates status as displayed here. Click icon to see details of scheduled
updates.
1 Edit the configuration file (safeQ.fwupdate.conf or fwupdate.conf), which is located in the SafeQ
home directory in the folder ...\conf\modules (or ...\conf\), as described in the following example.
(The configuration file includes parameters for different versions of terminals and for the recharging
station.)
In the Terminal v3 firmware area, look at the highlighted. As a general rule, on the left side of the
equal sign ( = ) is the definition of the current firmware, and on the right is the new firmware. In the
example shown here, the last time the firmware was updated, version 3.12.[0-9] was updated to
version 3.13.3.
NOTE: Brackets indicate a range of firmware. For example, 3.12.[0-9] means any firmware
version from 3.12.0 to 3.12.9
To perform the update, you can use either a full update file or a differential update file. Differential
files are smaller and therefore the update is faster, but can be used only when the third-level version
of the firmware changes. For example, if you're updating from 3.12.0 to 3.12.5, you can perform a
differential update. But if you're updating from 3.12.0 to 3.13.0, you must perform a full update. If you
are not sure, perform a full update.
NOTE: Lines which stated with # symbol are not taken into account.
3 Authenticate at the terminal. The update process begins. The update process can take several
minutes, depending on the connection. The terminal service menu indicates when the update is
complete.
If you are able to authenticate, you have now successfully upgraded the terminal firmware.
NOTE: Emergency updates are always full updates – not differential updates.
1 Edit the configuration file (safeQ.fwupdate.conf or fwupdate.conf), which is located in the SafeQ
home directory in the folder conf\modules (or conf\), as described in the following example. (The
configuration file includes parameters for different versions of terminals and for the recharging
station.)
In the Terminal v3 firmware area, look at the line that includes “emergency”. On the left side of the
equal sign ( = ) is the version of the terminal and on the right is the new firmware. In the example
shown here, the last time an emergency update was performed, Terminal Professional version 3
was updated with firmware version 3.13.3.
NOTE: Lines which stated with # symbol are not taken into account.
The update process can take several minutes, depending on the connection. The terminal Service
menu indicates when the update is complete.
Termtool utility is standard part of YSoft SafeQ installation package. You can find it in Support folder of
installation package in Remote Configuration Tool folder.
With Termtool utility you can perform many types of updates (regular, emergency, push,...).
2 Run termtool.exe from command line with appropriate parameters (depends on type of update)
You can find all parameters and other documentation about Termtool here: Remote configuration tool
for hardware terminals
A regular expression (regex or regexp for short) is a special text string for describing a search pattern. It
goes behind simple wildcard (*) expression and it could be used to create specific and highly complex
matching rules.
This article provides only basic information about regular expressions.
Special characters
YSoft SafeQ
Various examples
External links
SPECIAL CHARACTERS
abc Literal characters, matches part of text. lo matches hello! but not world
^ Matches beginning of text or line start ^A matches ABC but not BAC.
$ Matches end of text or line end C$ matches ABC but not ACB.
* Matches the preceding character zero or test* matches test, tes or testttt
more times
+ Matches the preceding character one or test+ matches test or testttt but not tes
more times
? Matches the preceding character zero or test? matches test, tes but not testttt
one time. Equivalent to {0,1}
. Matches any single character except the tes. matches test, tess but not tes
newline character
x|y Matches either x or y, ie. boolean or gray|grey can match gray or grey
() Parentheses are used for grouping and gray|grey and gr(a|e)y are equivalent patterns
priority, some as in basic math which both describe the set of_gray_ and grey
{n} Matches exactly n occurrences of the a{2} matches aa but not a or aaa
preceding characters
{n,} Matches at least n occurrences of the a{2,} matches aa or aaa but not a
preceding characters
{n,m} Matches at least n and maximum of m a{2,4} matches aa, aaa and aaaa but not a or
occurrences of the preceding characters aaaaa
[xyz] Character set that matches any of the [xyz_ matches _x, y, or z
enclosed characters
[^xyz] Characters set that should not match [xyz_ matches a, b or other but not x, y, or z
(negation of previous two)
\t Matches a tab
YSOFT SAFEQ
Regular expressions in YSoft SafeQ are often matches directly to tested texts, ie. they behaves like every
regular expression have ^ and $ characters written around them. This means that if you write world as
regular expression and you will want to match it to Hello world it would not match because your expression
will be matched as ^world$. You need to write something like .*world.* to make it work.
VARIOUS EXAMPLES
EXTERNAL LINKS
See these external sources for more information and more complex examples and rules
http://en.wikipedia.org/wiki/Regular_expression
http://www.regular-expressions.info/
Overview
Getting Terminal Server certificate
Default certificate
Windows Certificate Store
File system
How to install certificate
How to access Windows Certificate Store
OVERVIEW
Terminal Server uses by default certificate distributed with YSoft SafeQ to provide secure communication
between Terminal Server and MFPs. This certificate together with corresponding CA certificate can be
found in <SafeQ_dir>\terminalserver\Certificates. Terminal Server can also use external certificates
provided by windows certificate store or file system.
CA certificate must be uploaded to MFP prior installation of embedded terminal. Otherwise MFP
might reject certificate and users will be unable to login.
All the options are case-insensitive. If certificate is not found in certificate store, in the file system or if an
error occurs during initialization of certificate, the default one is used. If loaded certificate is not valid,
warning message appears in Terminal Server's log file stating that different certificate should be used.
This option can be also specified in Terminal Server's configuration file TerminalServer.exe.config which
can be found in directory <SafeQ_dir>\terminalserver\. To change source of certificates, add or modify
configuration option dsCertificateSource located in appSettings section in the same way as described
above.
DEFAULT CERTIFICATE
If this option is selected, the default certificate provided with SafeQ is used for secure communication. This
certificate is stored in file <SafeQ_dir>\terminalserver\Certificates\SafeQ DS Web Server.pfx. The
default certificate is automatically installed into Windows Certificate Store specified by configuration option
dsCertificateStore.
CERTIFICATE STORE
The store where Terminal Server looks for the certificate is provided via configuration option
dsCertificateStore with following options:
This configuration option is case-insensitive and must be always provided, otherwise default store Root is
selected. This configuration option also specifies store where the certificate will be automatically installed in
case when certificate is loaded from the file system.
CERTIFICATE IDENTIFIER
The certificate in store can be specified by its name (column "Issued To"), which can be found in
mmc tool (see How to access Windows Certificate Store).
Another option is to specify the certificate by its unique thumbprint, which can be obtained by double-
clicking the certificate and browsing details for thumbprint.
All these options can be also specified in Terminal Server's configuration file TerminalServer.exe.config
which can be found in directory <SafeQ_dir>\terminalserver. To change the options, add or modify the
configuration options located in appSettings section the same way as described above.
FILE SYSTEM
If this option is selected, Terminal Server loads certificate from filesystem. The certificate is automatically
installed into Windows Certificate Store specified by configuration option dsCertificateStore.
To specify location of file on local disc or network storage, configuration option dsCertificateFileSource
must be provided. Path to the certificate can be specified as follows:
Again, this option can be also set in Terminal Server's configuration file TerminalServer.exe.config which
can be found in directory <SafeQ_dir>\terminalserver. To change the options, add or modify the
configuration options located in appSettings section the same way as described above.
The only type of file certificate which is now supported by Terminal Server is .pfx file.
1 Open Windows Certificate Store as described here: How to access Windows Certificate Store
2 Right-click on the name of required certificate store (folder) and select All Tasks > Import
3 Browse to certificate you want to install and mark the certificate as exportable.
NOTE: When installing the certificate into store it must be marked as exportable otherwise
Terminal server will not be able to use it. The certificate must be also provided with private key.
6 Now the certificates snap-in is installed and the certificate store can be browsed.
Card conversion can be used for translating of card reader output (the data reader gets after user swipes
a card) to card number stored in user database (LDAP, AD, YSoft SafeQ, etc.) if these two numbers are
different.
Use Card manager editor only if you are unable to login with card and Terminal access page or log files lists
different card numbers than your card has.
More card number pairs you enter, more exact result you get. You should enter at least three different pairs
to get good result.
CONVERSION FUNCTION
SafeQ Support conversions of card numbers as read by Card Reader at Terminal or by LDAP
Replicator. If conversion function is defined, card numbers are automatically transformed prior
matching with (or storing to) SafeQ Identity Database.
Typical conversion configuration looks as follows and is represented by conversion attribute in
SafeQ configuration:
ASCII2Hex;Hex2Dec;Substring(-8)
Each rule is represented by its name (see description of rules) and separated by semicolon. Some
rules have one or two parameters which are in parentheses and separated by comma.
Substring(2);Hex2Dec;LeftPadding(0,3) + Substring(2,6);Hex2Dec
Some conversions may contain two (or more) independent processing that are connected by operator
+.
DESCRIPTION OF RULES
Following rules are sorted alphabetically. Please note that rule names are CASE SENSITIVE.
ASCII2Hex This rule converts string in ASCII format (typically from KM reader) into hex form.
Other input is not changed. ASCII format is "^([34][0-9])+([fF]{2})*$"
Syntax:
Bin2Dec
Example:
Bin2Dec
101011 => 43
Const Returns specified string. Could be used with operator +. Similar functionality
provides LeftAppend and RightAppend.
Syntax:
Const(12345)
Example:
LeftPadding(0,6) + Const(@ysoft.com)
12345 => 012345@ysoft.com
123 => 000123@ysoft.com
Dec2Bin
Example:
Dec2Bin
43 => 101011
Dec2Hex
Example:
Dex2Hex
12345 => 3039
123 => 7B
DecimalAdd(value)
Example:
DecimalAdd(1)
12345 => 12346
123 => 124
DecimalAnd(mask)
Example:
DecimalAnd(15)
7 => 7
467825 => 1
Example:
Hex2ASCII This is inverse function to ASCII2Hex. Converts hexadecimal string into ASCII
representation. Input string could have maximum length of 16 signs. Otherwise
original input is returned.
Syntax:
Hex2ASCII
Example:
Hex2ASCII
12AB => 31324142
JEDNA => JEDNA
Example:
Example:
Example:
Hex2Dec
Example:
Hex2Dec
12AB => 4779
Hex2DecValue Converts each hexadecimal digit into decimal representation (8 – 08, A – 10, B –
11, etc).
Syntax:
Hex2DecValue
Example:
Hex2DecValue
12AB => 01021011
Hex2Oct
Example:
Hex2Oct
12AB => 11253
HexAnd Make binary AND. Mask is in hexadecimal format. Similar functionality contains
DecimalAnd.
Syntax:
HexAnd(mask)
Example:
HexAnd(FF)
7 => 7
7237B => 7B
IsEmbed Allow next processing only if card number is from embedded reader.
Syntax:
IsEmbed
Example:
IsEmbed;RightStrip(F)
12345FFFFFFFFF (from embedded terminal) => 12345
123F (from profi terminal) => 123F
IsEven
Example:
IsEven;LeftAppend(0)
12AB => 012AB
12A => 12A
IsLength Allow next processing only if card number length is equal to specified value.
Syntax:
IsLength(value)
Example:
IsLength(10);SwapPair
1234567890 => 2143658709
IsLengthGreater Allow next processing only if card number length is greater than specified value.
Syntax:
IsLengthGreater(value)
Example:
IsLengthGreater(5);Substring(5)
12AB => 12AB
12345678 => 12345
IsLengthNot Allow next processing only if card number length is different from value.
Syntax:
IsLengthNot(value)
Example:
IsLengthNot(9);LeftAppend(0)
12456789 => 123456789
12345 => 012345
IsNotStartWith Allow next processing only if card number doesn't start with specified string.
Syntax:
IsNotStartWith(string)
Example:
IsNotStartWith(~);LeftPadding(0,8)
~1234 => ~1234
1234 => 00001234
IsStartWith Allow next processing only if card number starts with specified string.
Syntax:
IsStartWith(PIN)
Example:
IsStartWith(PIN);Substring(3,0)
PIN1234 => 1234
12345 => 12345
LeftAppend Append specified string from left side. Similar functionality has RightAppend.
Syntax:
LeftAppend(prefix)
Example:
LeftAppend(YSOFT-)
12AB => YSOFT-12AB
LeftCut Cut specified prefix from left. If prefix doesn't match than do nothing.
Syntax:
LeftCut(prefix)
Example:
LeftCut(~1)
~12AB => 2AB
12A => 12A
LeftHexShift Unary bit operation LEFT SHIFT for specified count of bits. Input and output are in
hexadecimal format. This operation is equivalent to multiplying by 2count
Syntax:
LeftHexShift(count)
Example:
LeftHexShift(1)
12AB => 2556
254 => 4A8
LeftPadding(sign,length)
Example:
LeftPadding(0,10)
1234ABCD => 001234ABCD
LeftShift Unary bit operation LEFT SHIFT for specified count of bits. Input and output are in
decimal format. Similar behavior has LeftHexShift. This operation is equivalent to
multiplying by 2count
Syntax:
LeftShift(count)
Example:
LeftShift(1)
128 => 256
LeftStrip(sign)
Example:
LeftStrip(0)
000012AB => 12AB
00000254 => 254
LowerCase
Example:
LowerCase
CARD123 => card123
Example:
Example:
Reverse2 Byte reverse - it is useful only for hexadecimal input because 2 signs represent
one byte. Therefore this operation makes reverse string by pair. Even length is
necessary.
Syntax:
Reverse2
Example:
Reverse2
Reverse
Example:
Reverse
12345678 => 87654321
RightAppend This function is similar to LeftAppend. Append specified string from right side.
Syntax:
RightAppend(suffix)
Example:
RightAppend(-YSOFT)
12AB => 12AB-YSOFT
RightHexShift Unary bit operation RIGHT SHIFT for specified count of bits. Input and output are
in hexadecimal format. This operation is equivalent to dividing by 2count
Syntax:
RightHexShift(count)
Example:
RightHexShift(1)
12AB => 955
254 => 12A
RightPadding(sign,length)
Example:
RightPadding(F,10)
1234ABCD => 1234ABCDFF
RightShift Unary bit operation RIGHT SHIFT for specified count of bits. Input and output are
in decimal format. Similar behavior has RightHexShift. This operation is equivalent
to dividing by 2count
Syntax:
RightShift(count)
Example:
RightShift(1)
256 => 128
RightStrip(sign)
Example:
RightStrip(F)
30344142FFFFFFFFFFFFFFFFF => 30344142
SignReverse This conversion takes every string in hexadecimal format and makes its binary
reverse. For example (5 is represented in binary as 0101, reverse transfer it into
1010 that is A)
Syntax:
SignReverse
Example:
SignReverse
0123456789ABCDEF => 084C2A6E195D3B7F
Substring Selects substring of input. If any argument is negative then it is used from right
side (from end).
Syntax:
Substring( n)
Substring(start,end)
Example:
Substring(5)
1234567890 => 12345
Substring(-5)
1234567890 => 67890
Substring(3,0)
1234567890 => 4567890
123ABCDE => ABCDE
Substring(2,-2)
1234567890 => 345678
123ABCDE => 3ABC
Substring(-7,-2)
1234567890 => 45678
123ABCDE => 23ABC
Swap12785634 Swap 4th byte with 2nd. It is useful only for hexadecimal format.
Syntax:
Swap12785634
Example:
Swap12785634
SwapPair
Example:
SwapPair
123456 => 214365
UpperCase
Example:
UpperCase
card123 => CARD123
Subscription Model is a new way how YSoft SafeQ product is being sold.
Currently Y Soft is selling licenses for defined amount of devices. The costs are on customer's side before
solution can be fully used.
We wanted to introduce a way to charge customer for exact number of devices customer is using
and charge him on regular basis for devices used during month to spread the costs to longer period and
reduce risk of buying solution for more devices than necessarily needed.
YSoft SafeQ 5 sends monthly reports to the YSoft HQ (or any defined email address). These reports include
number of devices of various types (embedded, hardware, reporting, local, others) that are currently
activated or have been deactivated in the span of last month and information about used license. Report are
formatted as human readable XML file with digital signature.
FEATURE CONFIGURATION
Follow these steps to configure sending of the monthly Subscription Model reports:
1. Log in into the YSoft SafeQ web interface as super administrator user.
2. Navigate to the System > System settings
3. Switch View to Expert options
4.
YSoft SafeQ is fully configured now and reports will be sent to the defined address at the start of each
month few minutes after midnight. Report will be sent next day in case when CML server, mail server or
internet connection would be down in that time.
To resend the email with the last generated usage report, follow these steps:
1. Log in into the YSoft SafeQ web interface as super administrator user.
2. Navigate to the System > System information
3. Click to Actions... > Resend the last usage report
4. Confirm the dialog
OVERVIEW
This page describes how to configure etcd failover support for Terminal Servers.
USING ETCD
CML cluster
ORS cluster (ORS nodes in Near Roaming Group)
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer printers (for example,
"admin").
Go to System > System settings, set enableEtcd property to enabled and save the configuration.
If enabled, etcd will be run with Terminal Server.
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer printers (for example,
"admin").
Go to System > System settings, set enableEtcd property to enabled and save the configuration.
If enabled, etcd will be run with Terminal Server.
2 Wait until configuration change is propagated to ORS nodes (or restart ORS service).
3 Restart YSoft Terminal Server service on all ORS nodes in Near Roaming Group.
1 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer printers (for example,
"admin").
5 After changing properties, restart YSoft Terminal Server service on all CML nodes.
6 In case of ORS cluster wait until configuration change is propagated to ORS nodes and then restart
YSoft Terminal Server service on all ORS nodes in Near Roaming Group.
LIMITATIONS
The etcd does not work in cluster nodes with different platforms (operating systems). When we use node
that has Windows x64 OS, other nodes must also have the same OS (Windows x64).
YSoft SafeQ server together with YSoft Mobile Print Server supports various method of Single Sign-on
For configuration of the secured connection (HTTPS) to the YSoft SafeQ web, follow guide Configuring SSL
for Web interface
Prerequisites
Configuration
Web browser configuration
This article describes the steps that have to be performed in order to set up the Generic Single Sign-On
(SSO) using Waffle 1.5 to YSoft SafeQ 5 web interface. The configuration of SSO requires advanced
knowledge of system configuration and working with the configuration files.
NOTE: SSO is not supported on the ORS. Desktop SafeQ Client will work correctly with ORS even
without SSO.
PREREQUISITES
YSoft SafeQ must be installed on the server which is part of the domain. SSO is asking system for
the user authentication.
The browser used for accessing the YSoft SafeQ web interface needs to have cookies enabled.
CONFIGURATION
1 Start with a clean YSoft SafeQ 5 with replicated users from Active Directory. Make sure the YSoft
SafeQ is installed on the server that is member of a domain.
2 Log in to the YSoft SafeQ Web Interface with sufficient rights to administer system settings (for
example "admin"). Go to System > System settings and change the following configuration:
4 Unzip Waffle.1.5.zip and copy the following files from the extracted folder Waffle\Bin to
<SafeQ>\tomcat\lib:
guava-13.0.1.jar
jna-3.5.0.jar
platform-3.5.0.jar
slf4j-api-1.7.2.jar
waffle-jna.jar
waffle-tomcat7.jar
5 Edit <SafeQ>\tomcat\conf\context.xml and insert the following two lines before the last line <
/Context>:
6 (Optional step) Edit <SafeQ>\tomcat\conf\logging.properties with an editor that supports Unix end-
of-line markers (e.g. WordPad, but not NotePad) and add the following line at the very end:
waffle.apache.NegotiateAuthenticator.level = FINE
7 (Optional step) Edit <SafeQ>\tomcat\conf\server.xml to allow users that are members of a lot of
groups to pass all their groups in header (default is 8192):
maxHttpHeaderSize="65536"
8 Edit <SafeQ>\tomcat\conf\web.xml and insert one of the following texts before the last line </web-
app>:
WARN: When the language of the hosting server is different from English, text <role-
name>BUILTIN\Users</role-name> has to be replaced by the equivalent suitable for your
localization. For example the German operating system equivalent is <role-name>
VORDEFINIERT\Benutzer</role-name>. The correct name can be found using command whoami
/Groups in the command line.
A. if you only want to enable SSO but you do not require automatic redirection to HTTPS, insert the
following text:
<security-role>
<role-name>BUILTIN\Users</role-name>
</security-role>
<!-- Do not apply Single Sign On constraint on ClientApplication - required for desktop
client -->
<security-constraint>
<web-resource-collection>
<!-- Desktop Client -->
<url-pattern>/img/*</url-pattern>
<url-pattern>/web/client/*</url-pattern>
<url-pattern>/servlet/web.client.CheckJobDeliveryServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientBillingCodesServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientHttpServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientJobSaveServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientLoginServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientRecentBillingCodesServlet</url-pattern>
<url-pattern>/servlet/web.client.PriceEstimateServlet</url-pattern>
<url-pattern>/servlet/web.client.PrinterListServlet</url-pattern>
<url-pattern>/servlet/web.client.SharedQueueServlet</url-pattern>
<url-pattern>/servlet/web.client.TestSession</url-pattern>
<url-pattern>/servlet/web.client.VIPQueueServlet</url-pattern>
<!-- Mobile Print Server -->
<url-pattern>/servlet/web.mobile.MobileConfigurationServlet</url-pattern>
<url-pattern>/servlet/web.mobile.MobileLicenseServlet</url-pattern>
<!-- Job history API - parameter jobLogApiUserLogin -->
<url-pattern>/servlet/com.ysoft.safeq.api.AddJobLogServlet</url-pattern>
<!-- SafeQ CML cluster installation -->
<url-pattern>/servlet/LoginServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseCheckDumpServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseDownloadServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseDumpServlet</url-pattern>
</web-resource-collection>
</security-constraint>
<role-name>BUILTIN\Users</role-name>
</auth-constraint>
</security-constraint>
B. if you want to enable SSO and at the same time you wish to have all the HTTP requests
automatically redirected to HTTPS, insert the following text:
NOTE: It is recommended to set up a trusted SSL certificate when the automatic redirection to
HTTPS is enabled.
<security-role>
<role-name>BUILTIN\Users</role-name>
</security-role>
<!-- Do not apply Single Sign On constraint on ClientApplication - required for desktop
client -->
<security-constraint>
<web-resource-collection>
<!-- Desktop Client -->
<url-pattern>/img/*</url-pattern>
<url-pattern>/web/client/*</url-pattern>
<url-pattern>/servlet/web.client.CheckJobDeliveryServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientBillingCodesServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientHttpServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientJobSaveServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientLoginServlet</url-pattern>
<url-pattern>/servlet/web.client.ClientRecentBillingCodesServlet</url-pattern>
<url-pattern>/servlet/web.client.PriceEstimateServlet</url-pattern>
<url-pattern>/servlet/web.client.PrinterListServlet</url-pattern>
<url-pattern>/servlet/web.client.SharedQueueServlet</url-pattern>
<url-pattern>/servlet/web.client.TestSession</url-pattern>
<url-pattern>/servlet/web.client.VIPQueueServlet</url-pattern>
<!-- Mobile Print Server -->
<url-pattern>/servlet/web.mobile.MobileConfigurationServlet</url-pattern>
<url-pattern>/servlet/web.mobile.MobileLicenseServlet</url-pattern>
<!-- Job history API - parameter jobLogApiUserLogin -->
<url-pattern>/servlet/com.ysoft.safeq.api.AddJobLogServlet</url-pattern>
<!-- SafeQ CML cluster installation -->
<url-pattern>/servlet/LoginServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseCheckDumpServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseDownloadServlet</url-pattern>
<url-pattern>/servlet/web.DatabaseDumpServlet</url-pattern>
</web-resource-collection>
</security-constraint>
<auth-constraint>
<role-name>BUILTIN\Users</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
9 Restart the service YSoft SafeQ CML and then YSoft SafeQ Web Interface.
10 Now open the web interface from a workstation that is a member of the domain, while you're logged
in as a domain user (whose user account is replicated in YSoft SafeQ). You shouldn't be asked for
credentials.
Chrome
Firefox
1.
Prerequisites
Configuration
Limit Tomcat incoming connections to Single Sign-on server
Troubleshooting
This article describes the steps that have to be performed in order to set up the Oracle Access Manager
Single Sign-on (SSO) to YSoft SafeQ 5 web interface. The configuration of SSO requires advanced
knowledge of system configuration, working with SQL database and with the configuration files.
Article also expects that you are familiar with Oracle Access Manager and you are able to set it up as its
configuration is out of scope of this document.
PREREQUISITES
Setup YSoft SafeQ connection to LDAP directory that contains users that will be interacting with the
system (see Tools - LDAP Integration for help) and start the replication process.
Choose at least one of the replicated users as system administrator. This is necessary as default
admin account (or any other user created in YSoft SafeQ) will not be able to login to the system via
SSO). Edit selected user and assign him system role safeq admins.
CONFIGURATION
<Connector port="8009"
enableLookups="false" redirectPort="@webServerPortHTTPS@" protocol="AJP/1.3" />
# mod_jk configuration
JkWorkersFile conf/workers.properties
JkShmFile logs/mod_jk.shm
JkLogFile logs/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount /* safeq
# Define safeq
worker.safeq.port=8009
worker.safeq.host=REAL_SAFEQ_IP
worker.safeq.type=ajp13
worker.safeq.secret=SECRET_PASSWORD
TROUBLESHOOTING
Q: I see error message that say that Oracle SSO is not configured correctly instead of Dashboard page
when I access proxy URL
A: Value of the oracleSsoLoginHeader is empty. You need to disable SSO (see bellow) and enter the name
of the HTTP header with username (see instructions in previous chapter Set up Single Sign on in YSoft
SafeQ).
Q: I see message about failed SSO autologin in my browser instead of the Dashboard page
A: If message states that it can't found user with your username, your account is not replicated from the
LDAP directory to the YSoft SafeQ database. If messages states that it can't found username null, the name
of the HTTP header you entered in the oracleSsoLoginHeader is not correct or SSO is setup incorrectly in
the Oracle Access Manager (sessions are not valid and HTTP header does not contain username of the
logged user). You need to disable SSO (see bellow) and enter a correct name of the HTTP header with
username (see instructions in previous chapter Set up Single Sign on in YSoft SafeQ).
Q: I enabled Oracle SSO but it does not work and I don't see any way how to disable it as I can't login to the
YSoft SafeQ Web Administration console
A: Local YSoft SafeQ users can't login to the system when SSO is enabled. When SSO is not working and
you need to disable it or modify the faulty settings you need to do it directly in the YSoft SafeQ database.
This is very dangerous operation and you must know what you are doing or repercussion for the system can
be fatal. Contact YSoft Technical Support if you are not sure how to
1. Use your stored database access credentials obtained from installer when YSoft SafeQ has been
installed
2. Login via Database management tool (this depends on your environment and used database engine)
3. Open SQL query tool and execute update query in the box bellow
4. Restart YSoft SafeQ CML and YSoft SafeQ Web Interface system services
5. You should now be able to login to the YSoft SafeQ Web Administration console with standard admin
account
Update query
Configuration
Troubleshooting
Limitations
NOTE:
This feature is currently available only under Early Access Program and therefore requires special
license.
This article describes the steps that have to be performed in order to set up the Central Authentication
Service (CAS) Single Sign-on (SSO) to YSoft SafeQ 5 web interface. The configuration of SSO requires
advanced knowledge of system configuration and working with the configuration files.
Article also expects that you are familiar with Central Authentication Service (CAS) and you are able to set it
up as its configuration is out of scope of this document.
CONFIGURATION
2.
2. Go to System > System settings page and find property ssoAuthenticationType and set it
to the Central Authentication Service Single Sign-On (CAS) value. Note that option in
the combo box is visible only with EAP license.
3. Save changes and logout from the web interface.
4. Stop YSoft SafeQ Web Interface operation system service.
5. Find SAFEQ_DIRECTORY/tomcat/cmlweb/WEB-INF/web.xml file in the folder where YSoft
SafeQ 5 is installed and add lines listed in the block bellow right before last </web-app> tag. All
placeholders (
CAS_SERVER_IP, CAS_SERVER_PORT, SAFEQ_SERVER_IP, SAFEQ_SERVER_PORT) must be
replaced with required value for modified server. It is also possible that the rest of the URL next to the
CAS server placeholders must be modified as well in case when CAS server is configured in non-
standard way.
6. Start YSoft SafeQ Web Interface operation system service.
7. Access URL of YSoft SafeQ web interface. CAS login page should be displayed instead. If user
enters the correct authentication credentials and user with the same username is registered in the
YSoft SafeQ system (manually created user or replicated from LDAP domain) he should be
immediately logged into the system and see his Dashboard page. The same scenario will apply on
Mobile Print web if it is licensed and enabled.
8. Previous steps related to physical server must be performed for all cluster server nodes in case of
multi-node cluster system and for all ORS servers (SAFEQ_DIRECTORY/tomcat/orsweb/WEB-INF
/web.xml ) in case when CAS authentication should be used also for Mobile Print web
authentication.
web.xml settings
TROUBLESHOOTING
Feature can be debugged by adding (or uncommenting) following lines in SAFEQ_DIRECTORY/tomcat
/cmlweb/WEB-INF/classes/log4j.xml.
LIMITATIONS
It is not possible to login into the YSoft SafeQ web interface manually in case when CAS
authentication is enabled.
User is not redirected to CAS authentication service screen after logging out from Mobile Print web
interface. User has to click login button without entering credentials or refresh page to redirect to
CAS autentication service.
CONFIGURING SECURITY ASSERTION MARKUP LANGUAGE 2.0 (SAML 2.0) SINGLE SIGN-ON
Prerequisites
Identity Provider metadata
YSoft SafeQ user with administrator rights
Setup YSoft SafeQ
Setup SAML server
Troubleshooting
Recovery scenario in case of an invalid SAML configuration
This feature is available since YSoft SafeQ 5 MU26 and does not require any special license.
This article describes the steps that have to be performed in order to set up the Security Assertion Markup
Language 2.0 (SAML 2.0) Single Sign-on (SSO) to YSoft SafeQ 5 web interface. The configuration of SSO
requires advanced knowledge of system configuration and working with the configuration files.
Article also expects that you are familiar with Security Assertion Markup Language 2.0 (SAML 2.0) and you
are able to set it up as its configuration is out of scope of this document.
PREREQUISITES
The URL with metadata with information about SAML Identity Provider providing user
authentication must be accessible by the YSoft SafeQ server. The URL response must be formatted
according to the SAML specification and contain information about Identity Provider (locations of
authentication endpoints, keys used for verification of incoming messages, etc) which YSoft SafeQ
will use during authentication process.
Identity Provider must be configured to return username of YSoft SafeQ users either as NameID
parameter or one of the assertion attributes. All requests must be configured as (possibly)
encrypted and signed. Identity Provider must return values that can be matched against
usernames of YSoft SafeQ users.
Choose one user in YSoft SafeQ, who will be able to authenticate via SAML (e.g. user replicated via
LDAP) and assign him role " safeq admins " . It is necessary in order to retain access to the YSoft
SafeQ Web interface with admin rights, because "Username and password" authentication method
will not be available when SAML SSO is enabled.
Default YSoft SafeQ "admin" user cannot be used, unless user with username "admin" exists in the
database that SAML is using as source of users to authenticate.
i.
i. enableSamlSsoLogout to enable, if you want to have logout button available in YSoft SafeQ
web interface.
3. Save changes and restart SafeQ services
4. Register YSoft SafeQ servers as remote Service Provider in the SAML server (see Setup SAML
server below for details). That applies also for CML servers and all ORS servers, where you want to
use YSoft Mobile Print Server.
5. Now SAML Single Sign-On should should work for YSoft SafeQ web interface, YSoft Mobile Print
Server web interface as well for YSoft SafeQ Client web interface for managing VIP Shared Queues.
If one of the mentioned interfaces are accessed, user is redirected to SAML login page, where he will
enter credentials. In case authentication to SAML was successful, user is redirected back to fully
working session of requested Y Soft application
Y Soft applications have to be accessed under the hostname that was used for registration of the
YSoft SafeQ Service Provider into the SAML server. If authentication requests do not match the
registered hostname, the authentication will fail for security reasons
YSoft SafeQ server has to be registered as remote Service Provider in the SAML server. This is
done via metadata served by the YSoft SafeQ at https://<safeq_hostname>/saml-service-provider
(exact URL can be found in description of ssoAuthenticationType property in YSoft SafeQ System
settings).
YSoft SafeQ should be registered under its hostname, not IP address as there could be problems
with the cookies used for session tracking. Used protocol depends on the YSoft SafeQ settings but
https should be always used, even if everything works with http as well.
Each CML server has to be registered as remote Service Provider in SAML server. The metadata
URL address of each server where the web SSO will be used for the registration task.
Depending on the SAML server vendor some Service Provider settings must be set manually such
as support for encryption and signing of the authentication and logout requests, assertions,
NameID and attributes.
TROUBLESHOOTING
The logging of authentication communication can be enabled by adding following statement to the
<safeq_home>/tomcat/cmlweb/WEB-INF/classes/log4j.xml file, before <root> tag on one of the last
lines.
In such cases, the only possible solution is to run following SQL query on primary YSoft SafeQ database. It
will disable SAML SSO and set authentication method back to the default value "Username and password".
NOTE: Manipulation with database can end up with disastrous consequences. You should always ask
YSoft Customer Support for the assistance.
CML Backup tool - Backup utility for backing up the SafeQ CML databases and configuration
CML - Cluster Health Check describes how to verify the stability of your CML server.
CML - How to change the IP address of CML node describes the steps that needs to be taken when
the IP address of a CML server has changed. The article is divided into several parts:
CML - How to move a CML to the new server with different IP address can be used in case you need
to replace the server with CML by the new one with a different IP address. Article consists of:
CML - How to move a CML to another disk on the same server can be used in case you need to move
the CML to another disk on the same server. Article consists of:
CML - How to restart the server and plan the temporary downtime will help you to plan the temporary
outage of CML server without a data loss. Article also describes the steps that can be taken to sustain
the printing functionality.
CML - Recovery procedure for master node shall be followed in case the master node (the first
installed node of a CML cluster / the only node in case of 1 CML installation) has been destroyed. The
article will help you to restore the CML without a data loss.
CML - Recovery procedure for slave node shall be followed in case the slave node (2nd/3rd/4th node
of the CML cluster) has been destroyed. The article will help you to restore the CML slave without a
data loss.
CML - Recovery procedure for YSoft SafeQ CML cluster describes the steps to be taken when the
whole CML cluster has been destroyed. The article describes how to restore all nodes (1st/2nd/3rd/4th)
of a CML cluster from the backup.
CML - Regular system backup shall be followed to set up a regular backup of CML servers.
We strongly advise to set up the regular backup during the YSoft SafeQ installation. Non-
regular backing up of the database and configuration may lead to the irreversible data loss.
CML - Rollback steps for returning to the previous version describes how to roll back to the previous
version of YSoft SafeQ in case that an upgraded version prevents you to use some of critical YSoft
SafeQ functions. Due to the complexity of the procedure you shall perform these steps only
when it is requested by Y Soft.
Basic health check of CML can be performed according to YSoft SafeQ CML Health Check
Advanced CML health check can be performed according to Advanced Health Check
This document describes how to change the IP address of one node in the CML cluster. The steps are very
similar also for the single node installation (1CML only).
CONFIGURING CML IN THE YSOFT SAFEQ CLUSTER TO USE THE NEW IP ADDRESS
This chapter describes how to change the IP address of one CML node that is part of the cluster.
The procedure for configuration of new IP address at the CML which is not part of the cluster is the
same. The only difference is that the step 5 can be skipped.
Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services (
stop whole CML cluster!):
2 Perform following step on the node where the IP address has changed:
smartq-server-ip = %NEW_IP_ADDRESS%
networkAddress = %NEW_IP_ADDRESS%
address="%NEW_IP_ADDRESS%"
This parameter is present multiple times.
The update of IP address can be also performed using the SQL query:
The connection shall be made using the management application equal to the type of SQL server that
was selected during the installation of YSoft SafeQ (pgAdmin III for PostgreSQL or MS SQL server
management studio for MS SQL server). We are describing mainly the procedure for pgAdmin III
application, steps for MS SQL server management studio are very similar.
Launch the application by going to Start menu => All Programs => PostgreSQL 9.2
(or by going to Start menu => Y Soft Corporation in case of embedded postgreSQL
installation ).
Double-click SafeQ PostgreSQL server connection (in the tree under Servers).
Enter the password you have selected in CML installation (for postgres user).
In pgAdmin III go to SQDB5 => Schemas => public => Tables => right-click table
cluster_server => View Data => View All Rows
3c. Edit ip_address field and enter a new IP address for the server where the address has
changed
In our example the IP address of 2nd node was changed from 10.0.11.20 to 10.0.11.80.
Verify that the new IP address has been automatically changed also in the table
smartq_servers in column ip. If the change has not been done automatically, update IP
address also in this table.
3e. Repeat above mentioned action on all nodes of YSoft SafeQ CML cluster (Except the one
with the new IP address)!
Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ services:
Log in to the web interface (YSoft SafeQ Web interface => System => System information)
Verify that new IP address is visible in Cluster server info table
Verify that all servers are showing status ONLINE (the node you are connected to may
show status LOCAL)
Verify that synchronization between the nodes in the cluster is functional. See table
DBsync database & system pools (non-local servers only). Values in column
Database pool priority must not be growing constantly. They shall be changing and
they shall be often around 0.
This procedure must be followed every time the IP address of the CML is changed. The procedure must
be performed on every ORS server.
Open YSoft SafeQ Web Interface => System => System settings => In the Expert View set
orsCacheRecovery to enabled
If you omit this step, all jobs stored on the ORS will be lost at the end of procedure.
2 Open the Services window (e.g. Start => Run => services.msc) and stop all ORS services:
3 Edit file <SAFEQ_ORS_DIR>\conf\modules\ors.conf and set your new IP address of the CML server
in parameter:
serverIP%NODE_ID%= %NEW_CML_IP_ADDRESS%
5 Open the Services window (e.g. Start => Run => services.msc) and start all ORS services:
This procedure must be followed every time the IP address of the CML is changed.
In SafeQ Web Interface open the System tab and go to the System Settings.
In the Ysoft Payment System category, find the YSoft Payment System API URL option
(internal name is paymentSystemApiUrl).
Verify the correct IP for the YPS installation is entered.
1. safeq.authentication.address =
This procedure must be followed every time the IP address of the CML is changed.
1 Edit configuration in <YSoft Mobile Print Server>\Service\conf\mps.config and set your new IP
address of CML
hostIP=
1 Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the new IP address
All print drivers that were connected to the CML with old IP address must be re-connected to the new
IP address.
2 Reconfigure HW terminals:
If you are using hardware terminals, make sure that they are pointing to the new IP address.
Reinstall all embedded terminals that shall be connecting to the server with the new IP address.
If you are using a CRS server, the new IP address of the CML server has to be updated also on the
CRS side. The modification has to be done in the following places:
1. database yBoxDB
table smartq_servers, column ip
2. database yBoxDBCDC
table smartq_servers, column ip
3. database yBoxDBREP
no changes are required
CML - HOW TO MOVE A CML TO THE NEW SERVER WITH DIFFERENT IP ADDRESS
This document describes how to move one of the nodes in the CML cluster to the new location (with
different IP address). The steps are very similar also for the single node installation (1CML only).
It is expected that YSoft SafeQ will be stored in the same path on the new server as on the original server -
moving YSoft SafeQ to the new drive/directory would require additional changes, that are not described
here.
Warning
If you are planning to transfer the first CML node of the cluster (master) or the standalone CML
server, verify in advance that your license can be transferred to the new server. For more
information see chapter Transferring license to new system (hardware or operating system change)
.
Perform these steps only on the server that shall be moved to new location
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services (
stop whole CML server):
3 Backup following folders and copy them to the new location (new server):
<SAFEQ_DIR>\server\temp
<SAFEQ_DIR>\server\spool
Folder containing scripts for scanning (in case that scan to script is used)
4 Be sure that all required components for server installation are copied to the new server. Required
components:
SQDB5 backup
SQDB5_SQDW backup
Configuration backup
Scanning scripts
YSoft SafeQ 5 Installation files
Make sure the node you want to move to the new location is stopped.
Install YSoft SafeQ in the new location according to Basic server installation instructions.
Installation requirements:
Install only one CML server node (Do not connect it in to existing cluster!)
Use the same database type as for other nodes that are installed already
Untick the "Start SafeQ services after the installation is finished" option
Restore databases on a newly installed server according to the CML - Database restore instructions.
Do not start YSoft SafeQ services in the last step of restore procedure! Keep them stopped.
Connect to the database SQDB5 using your SQL server management application
(pgAdmin III for PostgreSQL or MS SQL server management studio for MS SQL server).
Open cluster_server table and enter the new IP address of the node to the column
ip_address.
SQL query : update cluster_server set ip_address = '<newIP>' where
ip_address = '<oldIP>'
example of usage: update cluster_server set ip_address = '10.0.11.46' where
ip_address = '10.0.11.20'
Example on the picture shows the 2nd node of cluster with IP 10.0.11.20 was changed to 10.0.11.46.
localGUID = set this attribute according to the value from startup.conf of your original
server (from the backup of configuration created at the beginning of this procedure)
smartq-server-id = set this attribute according to the value from column id in table
cluster_server (row with IP address of new server)
smartq-server-dbflag = set this attribute according to the value from column db_flag in
table cluster_server (row with IP address of new server)
smartq-server-name = set this attribute according to the value from column description
in table cluster_server (row with IP address of new server)
check that smartq-server-ip is properly set
networkAddress = %NEW_IP_ADDRESS%
Check that all other attributes are set as it was in the backup of configuration created at
the beginning of this procedure.
The update of IP address can be also performed using the SQL query:
The connection shall be made using the management application equal to the type of SQL server that
was selected during the installation of YSoft SafeQ (pgAdmin III for PostgreSQL or MS SQL server
management studio for MS SQL server). We are describing mainly the procedure for pgAdmin III
application, steps for MS SQL server management studio are very similar.
Launch the application by going to Start menu => All Programs => PostgreSQL 9.2 (or
by going to Start menu => Y Soft Corporation in case of embedded postgreSQL
installation).
Double-click SafeQ PostgreSQL server connection (in the tree under Servers).
Enter the password you have selected in CML installation (for postgres user).
In pgAdmin III go to SQDB5 => Schemas => public => Tables => right-click table
cluster_server => View Data => View All Rows
2c. Edit ip_address field and enter a new IP address for the server where the address has
changed
In our example the IP address of 2nd node was changed from 10.0.11.20 to 10.0.11.46.
Verify that the new IP address has been automatically changed also in the table
smartq_servers in column ip. If the change has not been done automatically, update IP
address also in this table.
2e. Repeat above mentioned action on all nodes of YSoft SafeQ CML cluster (Except the one
which has been moved)!
3 Perform this step on all YSoft SafeQ CML nodes in cluster (except the one which has been
moved):
Open the Services window (e.g. Start => Run => services.msc) and restart all YSoft SafeQ
services:
Open the Services window (e.g. Start => Run => services.msc) and set YSoft SafeQ
services to run under the same account as on the old system.
Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ services:
Log in to the web interface (YSoft SafeQ Web interface => System => System information)
Verify that new IP address is visible in Cluster server info table
Verify that all servers are showing status ONLINE (the node you are connected to may
show status LOCAL)
Verify that synchronization between the nodes in the cluster is functional. See table
DBsync database & system pools (non-local servers only). Values in column
Database pool priority must not be growing constantly. They shall be changing and
they shall be often around 0.
6 Optional step
Now you can delete server with original IP address.WARNING: Do not start YSoft SafeQ services
on "original" server
This procedure must be followed every time the IP address of the CML is changed. The procedure must
be performed on every ORS server.
1 Open the Services window (e.g. Start => Run => services.msc) and stop all ORS services:
2 Edit file <SAFEQ_ORS_DIR>\conf\modules\ors.conf and set your new IP address of the CML server
in parameter:
serverIP%NODE_ID%= %NEW_CML_IP_ADDRESS%
4 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ ORS
services:
1 Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the new IP address
All print drivers that were connected to the CML with old IP address must be re-connected to the new
IP address.
2 Reconfigure HW terminals:
If you are using hardware terminals, make sure that they are pointing to the new IP address.
Reinstall all embedded terminals that shall be connecting to the server with the new IP address.
If you are using a CRS server, the new IP address of the CML server has to be updated also on the
CRS side. The modification has to be done in the following places:
CML - HOW TO RESTART THE SERVER AND PLAN THE TEMPORARY DOWNTIME
This article will help you with a proper restart of the CML server that is part of CML cluster. In addition the
article describes the steps you shall take if you want to take one CML in a cluster offline for a longer period
of time. Procedure mainly describes the steps in a CML cluster environment but it can be used also for
environment with just one CML node.
use this procedure in case that you need to plan the server downtime e.g. for the server
maintenance.
use this procedure in case that you need to start the server after the planned downtime. This
procedure can be used also in case that server has unexpectedly gone offline and you need to start it
up again (e.g. after one day).
WARNING:
If the server A is the master node (1st installed node), some additional functions such as
LDAP replication, displaying of the web reports or sending of statistical data to the CRS server
may not be available during the downtime.
If the server A is the master node (1st installed node), keep the downtime as short as possible
(maximally 7 days). Otherwise some statistical data may not be generated.
Configuration in the system settings cannot be changed during the downtime period of any
CML node in the cluster.
1 Make sure that other nodes (B and C) are working correctly and that their job reception or reception
of connections from the terminals is not STOPPED. You can verify this in the administration interface
(YSoft SafeQ Web Interface => System => System Information => Services). All the below mentioned
services must have the status RUNNING:
2 Verify that there are no active locks on the A node (YSoft SafeQ Web Interface => System => System
Information => Services). If the locks are held wait until all operations are finished, users have logged
off the terminals and locks are removed.
WARNING: The system can be stopped without this step. However a sudden termination of the
services may damage the jobs that are currently processed by the active sessions.
3 Stop reception of new jobs and connections from terminals on the node A you plan to stop:
YSoft SafeQ Web Interface => System => System Information => Services => press Stop service at
following objects:
4 Move the print jobs from the CML that shall be stopped to another node in the cluster that will remain
active:
If you omit this step, the system will continue to work but some print jobs sent to the node B will
not be available for print. Users trying to release such jobs may experience spooler error message.
4a. Copy the content of the spooler from the node to be restarted (A) to other node (B or C)
Example:
All changes in the database will be automatically replicated to all the other nodes.
5 Reconfigure the print drivers and terminals to connect to the node that will remain active (not the one
you are stopping)
5a. Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the active server
You can use the procedure from guide CML - Printer settings in case of one CML node failure to
sustain the printing functionality. Otherwise users might experience issues with the job printing from
the workstation to the YSoft SafeQ server.
If you are using hardware terminals, make sure that they are pointing to the new IP address.
Otherwise users will be unable to authenticate.
Reinstall all embedded terminals that shall be connecting to the server with the new IP address.
Otherwise users will be unable to authenticate. This step can be skipped if you are using Embedded
terminal failover.
6 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services
1 Connect server to the network outside the peak hours with YSoft SafeQ services stopped.
In case that services cannot be stopped right after the connection, stop them as soon as
possible except for YSoft SafeQ CML DBS service.
2 Start synchronization process by launching YSoft SafeQ CML DBS service (if it is not running)
Connect to the SafeQ web interface of all servers in the cluster, go to => System => System
information => Services. Verify that all numbers in the Database pool priority are close to zero
(synchronization is almost finished).
In case that printers were reconfigured to connect to another node during the downtime period,
make sure that printers are reconfigured to the previous settings.
These steps can be used only for enterprise solution - two or more nodes of CML cluster. In case that one
node is offline for a longer period of time and you need to sustain the printing functions from the drivers that
are pointing to this server, follow the steps described below. The following scenarios are available:
All print drivers that are set to send jobs to the CML that is currently offline must be reconfigured:
Replace IP address of the offline CML server by the IP address of another active CML node.
All printers that are set to send all jobs to the CML that are currently offline must be reconfigured
YSoft SafeQ Client has a failover ability. In case that several addresses of CML servers were defined,
the print job will be automatically delivered to the next active CML node - in such a case the manual
reconfiguration is not required. You can define several IP addresses of CML servers by clicking " All IP
addresses" in the "SAFEQ Client - Options" window (see screenshot below). For more details see help of
YSoft SafeQ Client.
4 Replace IP address of the offline CML server by the IP address of another active CML node.
If the master node is not operational for a longer period of time, you can use the procedure from CML -
Printer settings in case of one CML node failure to sustain the printing functionality.
The procedure does not require shutdown of the running CML nodes in the cluster.
Warning
If you are going to recover the YSoft SafeQ on a new PC (meaning on a new installation of
operating system or on a different server), you must request the license reactivation on a new
hardware. For more information see chapter Transferring license to new system (hardware or
operating system change).
Requirements
Step 1 - restore hardware after server failure (optional)
Step 2 - restore software after server failure
Step 3 - prepare the environment
Step 4 - install and configure the new server
Step 5 - verification of the functionality
REQUIREMENTS
Kindly prepare all the required data before starting with the master node (1st installed node) recovery:
1 Install one of the supported operating systems for YSoft SafeQ server
Make sure that server has the same IP address and hostname settings as before the failure.
2 Install one of the supported databases (or select the embedded database during installation of YSoft
SafeQ in the next step)
Skip this step in case there exists just one CML node in the environment (non-clustered
installation)
Verify synchronization
Check that all data are synchronized between all running YSoft SafeQ nodes.
Note: Database pool priority on the original master node will probably be non zero
(as it is not running and cannot be synchronized).
2 Perform this step on all CML servers that remained functional (did not crash)
Skip this step in case there exists just one CML node in the environment (non-clustered
installation)
Using the program pgAdmin III or MS SQL management studio connect to the SQDB5 database:
2a. Find out the master node db_flag using the following query:
2b. Run the following queries. Replace x by the proper db_flag for the master node (obtained
in the previous step) before running them :
3 Perform the database backup of SQDB5 database on CML2 (the second node of the cluster).
In case that you have just 1CML node in your environment, skip this step as you will use the
database backup created by regular daily backup.
Install YSoft SafeQ in the new location according to Installing YSoft SafeQ CML instructions.
Installation requirements:
Install only one CML server node (Do not connect it in to existing cluster!)
Use the same database type as for other nodes that are installed already
Untick the "Start SafeQ services after the installation is finished" option
Restore databases according to CML - Database restore instructions with following exceptions:
Restore SQDB5 from the backup made on CML2 in the previous steps (in case of
standalone CML installation use the backup created by regular daily backup)
Restore SQDB5_SQDW from the backup created by regular daily backup of the
original master node (1st installed node)
Do not start YSoft SafeQ services at the end of the restoration procedure but continue
with the next step of this guide
Using the program pgAdmin III or MS SQL management studio connect to the SQDB5 database:
Enter the password you have selected during CML installation (for database user, do
not use the account Sync).
Open cluster_server table and change localhostvalue as follows:
localhost = 1 for the first row (row that contains name and IP address of the
server you are restoring)
localhost = 0 for all others rows
1e. Using pgAdmin III or MS SQL management studio run following query:
<SAFEQ_DIR>\conf
<SAFEQ_DIR>\terminalserver\TerminalServer.exe.config
<SAFEQ_DIR>\tomcat\conf
Delete or rename <SAFEQ_DIR>\conf\update.conf file (it would block the start of YSoft
SafeQ CML service)
WARNING: This step requires the password for database/sync users in the database is the
same as it was before the failure. Skip this step and configure server manually if you do not
have exactly the same configuration as before the server failure! However (if you have ORS
connected) keep in mind:
localGUID in startup.conf must be configured the same way as before the failure
Open Services (e.g. Start => Run => services.msc) and start all YSoft SafeQ services in any order:
1 Log in to the web interface (YSoft SafeQ Web interface => System => System information) of the
master node.
Verify that all servers are showing status ONLINE (the node you are connected to may show
status LOCAL)
Verify that synchronization between the nodes in the cluster is functional. See table DBsync
database & system pools (non-local servers only). Values in column Database pool
priority must not be growing constantly. They shall be changing and they shall be often around
0.
2 Test authentication/print/copy/scan. All functions must be working. Also accounting must return the
correct data.
3 In case of non-clustered environment (1CML only), cache on every ORS has to be deleted. For
specific instructions see article ORS - How to delete corrupted cache.
This article is not intended as the standalone recovery procedure. Kindly use this article only in case that
you are pointed to it from another article (such as CML - Recovery procedure for master node). The articles
pointing to this one are explicitly saying which databases shall be restored and where they shall be taken
from.
Document is divided into several parts depending on the used database engine:
PG-SQL database
MS-SQL database
Please check that current backup files are available before you start with restore procedures.
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services:
Launch the program by selecting Start menu -> All Programs -> PostgreSQL 9.2 (Start
menu -> Y Soft Corporation in the case of embedded PG-SQL installation ) or
<SAFEQ_DIR>/PGSQL/bin/pgAdmin3.exe.
Double-click SafeQ PostgreSQL (in the tree under Servers). The program asks for
authentication.
Enter the password you have selected in CML installation (for postgres users).
SQDB5_SQDW
7 Check step:
Once databases are restored, check that they contain all tables
Go to the Databases => SQDB5 => Schemas => Public => Tables and check that tables are created
8 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ services:
Please check that current backup files are available before you start with restore procedures.
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services:
2 Using the SQL server management studio connect to the SQDB5 database:
Launch the program by selecting Start menu -> All Programs -> Microsoft SQL server ->
SQL Server Management Studio.
Enter the password you have selected in CML installation (usually for sa user).
4 Restore databases:
5 Check step:
Once databases are restored, check that they contain all tables.
Go to the Databases => SQDB5 => Schemas => Public => Tables and check that tables are created
6 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ services:
This section describes how to recover/renew one CML cluster node (not the 1st installed node).
If the slave node is not operational for a longer period of time, you can use the procedure from CML -
Printer settings in case of one CML node failure to sustain the printing functionality.
WARNING: Make sure that the server has the same IP address as it had before the failure.
1 Install one of the supported operating systems for YSoft SafeQ server
2 Install one of the supported databases (or select the embedded database during installation of YSoft
SafeQ in the next step)
2 Enter the master node (1st node) IP address and click the Retrieve node list button.
Select the node you want to restore and continue by clicking the Next> button.
4 Select the same database type as on the Master node and continue with the installation process.
5 Enter original Local GUID of failed node. The original GUID can be taken from any ORS server
connected to the CML cluster (<SafeQORS_DIR>\conf\modules\ors.conf => parameter serverGUIDx
where x is the number of failed CML node you are currently restoring).
In case you do not have any ORS installed kindly insert random GUID (e.g. ckeuvnmxcviw)
Also set HTTP and HTTPS port for SafeQ web interface and press Install button.
At specific point the installation is paused and pop-up window is displayed. Follow the on-screen
instructions to proceed further.
Database Backup article describes one of the ways how the backup can be made.
Restore database article describes how to restore the database.
8 In case you were using any specific configuration (such as clustering via MSCS or WNLB with one
shared IP address; different port HTTPS; non-default certificates), kindly follow the part of
documentation that describes your custom settings and set them up again.
9 Restore folder with scanning scripts (if scan to script functionality is used)
1 Verification of services:
Open Services (e.g. Start => Run => services.msc) and start (unless already running) the following
services in any order:
All services must start without any errors. The first start of the services may take several
minutes.
2 Log in to the web interface (YSoft SafeQ Web interface => System => System information) of the
master node.
Verify that all servers are showing status ONLINE (the node you are connected to may show
status LOCAL)
Verify that synchronization between the nodes in the cluster is functional. See table DBsync
database & system pools (non-local servers only). Values in column Database pool
priority must not be growing constantly. They shall be changing and they shall be often around
0.
3 Test authentication/print/copy/scan. All functions must be working. Also accounting must return the
correct data.
This chapter describes how to restore the cluster in case that all the nodes has failed. There are following
prerequisites:
YSoft SafeQ database backup from the master node (1st node of the cluster) is a MUST for
restoration of cluster after the failure.
It is expected that also the configuration files backup exists.
Spool directory is not restored. Users will have to send their jobs for the print again.
Warning
If you are going to recover the first CML node of the cluster (master) or the standalone CML server
on a new computer (meaning on a new installation of operating system or on a different server),
you must request the license reactivation on a new hardware. For more information see chapter
Transferring license to new system (hardware or operating system change).
All jobs printed during the cluster failure will not be accounted.
WARNING: Make sure that all servers has the same IP address as they had before the failure.
1 Install one of the supported operating systems for YSoft SafeQ server
Make sure that the same drives as in the system before the failure exists (e.g. for YSoft SafeQ
and spool directory)
2 Install one of the supported databases (or select the embedded database during installation of YSoft
SafeQ)
1 Install 1st node according to the Installing YSoft SafeQ CML instructions.
Do not start services after the installation! (untick checkbox at option Start SafeQ services
after the installation is finished)
Do not start YSoft SafeQ services at the end of the restore procedure but instead continue with
the next step of this guide.
3 Overwrite configuration files with the existing backup of the configuration. Content of the following
folders has to be replaced:
<SAFEQ_DIR>\conf
<SAFEQ_DIR>\terminalserver\*.config
<SAFEQ_DIR>\tomcat\conf
Copy folder containing scripts for scanning (if scan to script is used) to the same location as it
was on the original server
WARNING: This step requires the password for database/sync users in the database is the
same as it was before the failure. Skip this step and configure server manually if you do not
have exactly the same configuration as before the server failure! However keep in mind:
localGUID in startup.conf must be configured the same way as before the failure
4 Open the Services window (e.g. Start => Run => services.msc) and set YSoft SafeQ services to
run under the same account as before the failure.
1 Install remaining cluster nodes according to the CML - Recovery procedure for slave node.
2 Open the Services window (e.g. Start =>Run => services.msc) and set YSoft SafeQ services to run
under the same account as before the failure.
STEP 6 - RESTORE PRINTING VIA YSOFT SAFEQ AND VERIFY THE PROPER FUNCTIONALITY
Repeat following steps for all slave nodes.
1 If you have pointed print drivers directly to the MFPs, point them back to the YSoft SafeQ servers.
2 Log in to the web interface (YSoft SafeQ Web interface => System => System information)
Verify that all servers are showing status ONLINE (the node you are connected to may show
status LOCAL)
Verify that synchronization between the nodes in the cluster is functional. See table DBsync
database and system pools (non-local servers only). Values in column Database pool
priority must not be growing constantly. They shall be changing and they shall be often around
0.
3 Test authentication/print/copy/scan. All functions must be working. Also accounting must return the
correct result.
4 Once all the nodes are restored, cache on every ORS has to be deleted. For specific instructions see
article ORS - How to delete corrupted cache.
In case that the whole YSoft SafeQ printing environment has failed and you need to temporarily enable
printing functionality without YSoft SafeQ, follow the steps described below. These instructions for
configuration of the direct printing from workstation to the MFP are specifically describing environment
without YSoft SafeQ client but even the reconfiguration of YSoft SafeQ client is very similar.
All jobs printed during the cluster failure will not be accounted.
In environment with printers with Xerox embedded terminal it is necessary for some
configurations also adjust setting of the printers.
All print drivers that are set to send jobs to the stopped CML must be reconfigured:
Warning
We strongly recommend to perform the backup on a daily basis and also prior update to any
never version of YSoft SafeQ. Non-regular backing up of the database and configuration may
lead to the irreversible data loss.
A regular daily backup is described below. No additional steps other than those mentioned here are
required for the backup. The backup consists of database backup and configuration files backup. It is the
customer's responsibility to perform the backup and copy backup files from the servers to a safe location,
e.g. an off-site network-attached storage or backup tapes.
CML BACKUP
It is essential to perform the backup of configuration and the databases on a daily basis. To perform the
backup kindly follow the instructions from articles CML Database backup and CML Configuration backup.
The backup is performed using SafeQBackup.exe tool. More information about this tool (such as how to
use it to generate command line parameters for a regular backup via scheduled task) is described in article
CML Backup tool.
COLD BACKUP
Y Soft recommends to set up the "cold backup" server.
For a quick recovery in the event of a hardware failure, it is desirable to have a backup server ready from
which a cold backup can be performed. With respect to system loading speed, a backup in the form of a
virtual server may be necessary in a certain cases. The cold backup server remains inactive and
disconnected from the production environment. In case of a failure, the backup server is started, the
configuration of YSoft SafeQ server is restored according to the Recovery procedure for master node or
Recovery procedure for slave node and server is connected to the production environment to replace the
failed node .
The backup server hardware configuration shall be the same as the hardware configuration of the
CML server it shall substitute.
The backup server shall also include a pre-configured and maintained operating system and pre-
installed YSoft SafeQ server (CML) in a configuration as similar as possible to the production servers
(YSoft SafeQ application + SQL database)
A YSoft SafeQ upgrade must be performed on the cold backup server after each installation of the
given upgrade on the running production servers.
The system administrator is responsible for performing the maintenance required for the cold backup
server.
YSoft SafeQ does not have to be correctly configured on the cold backup server.
WARN: Using this type of backup & restoration procedure will cause that all changes made in the
environment since the time of last backup till the time of the failure (such as new users, new
devices, new statistical data...) will be lost!
If you have YSoft SafeQ CML (including database) installed on a virtual platform, you can also use the
virtual machine snapshot functionality for a regular system backup. However, following rules and conditions
applies:
all servers (the whole cluster) has to be stopped when creating snapshots.
snapshots has to be created on all servers at the same time.
when any CML node becomes corrupted, all CML nodes has to be reverted to the previous
snapshot. Once all the nodes are restored, cache on every ORS has to be deleted. For
specific instructions see article ORS - How to delete corrupted cache.
To understand which data has to be backed up and what are the recommended means of backup kindly
follow the instructions from article CML - Regular system backup.
The Backup Tool must be started on the server with installed CML. It has support for backup local
PostgresSQL, MSSQL and remote PostgresSQL.
Backup of remote MSSQL is limited due to nature of MSSQL backup. Backup Tool will provide you
hint how to write backup SQL command in Messages window after click Show commands.
The tool must be executed directly on the server which has YSoft SafeQ CML installed. Environment
variable SAFEQ_HOME and <SAFEQ_DIR>\conf\cmldb.conf, <SAFEQ_DIR>\conf\cmldb-sqdw.conf
configuration files are used by this tool.
The tool has support for wildcards in file name. E.g.: it's possible to backup all files with file extension .
config in all terminalserver subdirectory by following configuration: termianlserver\*.config
The tool also uses configuration file <SAFEQ_DIR>\conf\backup.conf which contains configuration of the
tool. If the file does not exist, default configuration settings are used.
Password is not retrieved from config file. You have to enter it manually.
You can select databases to back up by selecting checkbox ahead of these lines: Database, Warehouse.
You can also back up YSoft SafeQ configuration and binaries by selecting checkboxes Configuration and
Binaries.
Button Command to clipboard saves command for executing selected backup tasks from command line to
clipboard.
Button Backup will perform backup operation. Tool will invoke backup commands. Black window may
appear during database backup. Do not close this windows manually. Wait until operation is complete. Once
this operation is complete then Messages will contain information from backup tools, including exit code of
process. These messages might be useful for diagnostic.
MSSQL
MSSQL is able to create backup only on local drive where database engine is running.
When you uncheck Use command line tool checkbox, then backup tool will attempt to use internal driver
to connect to database.
When you check Use Windows Authentication then command line backup will use Windows
Authentication to SQL server instead of SQL autehntication.
Configuration backup
You can back up the configuration of CML. Select checkbox Configuration. When you click Backup then
backup tool will perform a backup of directories specified in the Configuration textfield. Paths are relative to
SAFEQ_HOME and delimited by semicolon. E.g.: conf;tomcat\conf will perform backup of C:\SafeQ5\conf
and C:\SafeQ5\tomcat\conf. Output is stored into the zip file. Its name is shown on the same line in UI.
Binaries backup
You can back up binaries of YSoft SafeQ in the same way as configuration. Select the checkbox Binaries
. When you click Backup then backup tool will perform backup of directories specified in the Binaries
textfield. Paths are relative to SAFEQ_HOME and delimited by semicolon. Output is stored into the zip
file. Its name is shown on the same line in UI.
Binary files cannot be backed up if they are in use. Therefore, if you wish to back them up you
must stop corresponding services.
You can define the maximum count of created backups. By default 3 backups are stored. You can change it
textbox Max Roll Count. If this value is set to zero, no backups are deleted. If this value is positive and
count of backups exceeds it, the oldest backups are automatically deleted.
BACK UP FROM COMMAND LINE
Configure SafeQBackup UI and click Show commands. Tool will generate line which you can use
for manual execution from command line. The command is displayed in Messages box and
introduced by : Command for executing selected backup tasks from command line. Copy next
line to clipboard and store it e.g. to backup.bat which you can invoke from command line or from
Windows task scheduler.
Alternatively, you can use Command to clipboard button to generate and store command to the
clipboard.
--console - run tool only in console mode, execute immediately. If this option is not present command
line arguments will be loaded and displayed in UI, so you can check whether tool is configured
properly.
--backupDir=<PATH> - path to directory where tool should store backups
--backupDb - create a database backup
--backupWarehouse - create a data warehouse backup
--backupConfig=<PATH>;<PATH> - create configuration directories backup and store them in zip file
--backupBinaries=<PATH>;<PATH> - create selected directories containing YSoft SafeQ binaries
backup and store them into zip file.
--password=<STRING> - password to access the database
--useMSSQLConnection - use MSSQL connection from application, do not invoke backup using
command line tools
--useWindowsAuth - use Windows Authentication - used when MSSQL is configured to use Windows
Authentication credentials
--maxRollCount - sets maxRollCount, i.e. maximum count of created backups in directory. If set to
zero, no files are deleted.
--backupToolPath=<PATH> - path to DB backup tool (e.g. pg_dump.exe or OSQL.exe)
Most of the configuration is stored in the database. However there are some unique configurations stored in
the conf files. YSoft SafeQ configuration files can be backed up using SafeQBackup.exe tool
It is sufficient to perform the backup of the configuration on the first installed node of the CML cluster -
perform the backup of the slave nodes only in case you made a manual modification of configuration files on
these servers (e.g. exchanging the certificates for YSoft SafeQ Web interface).
The Configuration window allows you to add any additional configuration path shall be backed up. We
recommend to backup following configuration:
conf
tomcat\conf
terminalserver\*.config
folder containing scanning scripts (if scan to script is used)
<SafeQ_backup_dir>\backup_YYYYMMDDHSS\conf_YYYYMMDDHHSS.zip
Example:
conf;bin;binc;tomcat\conf;terminalserver\*.config
<SafeQ_dir>\conf\
<SafeQ_dir>\bin\
<SafeQ_dir>\binc\
<SafeQ_dir>\tomcat\conf
<SafeQ_dir>\terminalserver\*.config and it will also backup all *.config files from
terminalserver subdirectories
Warning
Always use the first node of CML cluster for regular backup actions.
Slave nodes (other than the first one) does not contains print statistic for whole cluster. See CML - Regular
system backup page for more information.
BACKING UP YSOFT SAFEQ CML DATABASES
YSoft SafeQ 5 has two databases SQDB5 and SQDB5_SQDW. Backup tool can backup one of them or
both at the same time.
2 Select SQDB5 and SQDB5_SQDW databases, enter password and click on Backup
button.
dump_SQDB5-YYYYMMDDHHSS
dump_SQDB5_SQDW-YYYYMMDDHHSS
This article describes how to roll back to the previous version of YSoft SafeQ in case that an upgraded
version prevents you to use some of critical YSoft SafeQ functions. Due to the complexity of the
procedure you shall perform these steps only when it is requested by Y Soft.
You can revert only to the version you was using before the upgrade in order to keep the database and
version compatibility.
Any new data (users/printers/statistical data) that were obtained after the upgrade will be lost when
reverting to the older version.
PREREQUISITES
Kindly prepare all the required data before starting with reverting to the previous version:
1. YSoft SafeQ installation package of the version you are going to revert to.
2. SQDB5 database backup of the first CML node that was created before the upgrade to the newer
version
3. SQDB5_SQDW database of the first CML node that was created before the upgrade to the newer
version
4. Configuration files backup of the first CML node that was created before the upgrade to the newer
version
5. TEMP (<SAFEQ_DIR>\server\temp) and SPOOL (<SAFEQ_DIR>\server\spool) folder backup from
all nodes you are going to revert
required only in case that you wish to restore the print jobs that were stored on the server
6. Folder containing scripts for scanning (in case that scan to script is used)
Also drop SQDB5 and SQDB5_SQDW databases in case you are using the external database server,
Install YSoft SafeQ according to Basic server installation instructions using the older installation
package.
Installation requirements:
Restore databases according to CML - Database restore instructions with following exception:
Do not start YSoft SafeQ services at the end of the restore procedure but continue on
the next step of this guide
1c. Using pgAdmin III or MS SQL management studio run following query:
<SAFEQ_DIR>\conf
<SAFEQ_DIR>\tomcat\conf
<SAFEQ_DIR>\terminalserver\terminalserver.exe.config
Delete or rename <SAFEQ_DIR>\conf\update.conf file (it would block the start of YSoft
SafeQ CML service)
WARNING: This step requires the password for database/sync users in the database is the
same as it was before the reverting. Skip this step and configure server manually if you do not
have exactly the same configuration as before the server reverting! However keep in mind:
2 Open Services (e.g. Start => Run => services.msc) and start all YSoft SafeQ services in any order:
3 Reactivate the license. For more information see article Reactivating license.
STEP 3 - RESTORE YSOFT SAFEQ CML ON THE REST OF THE SERVERS IN THE CLUSTER
Skip this step in case you have just 1CML in your environment (not a clustered solution).
Kindly install the rest of the nodes using the older installation package according to the instructions from
article CML - Recovery procedure for slave node. If you wish to restore also the spool jobs, it is just
necessary to select "Do not start YSoft SafeQ services" during the installation => once the installation has
finished restore the spool directory the sane way like on the first installed node => then start all YSoft SafeQ
CML services.
Open YSoft SafeQ Web Interface => System => System settings => In the Expert View set
orsCacheRecovery to enabled If you omit this step, all jobs stored on the ORS will be lost at the
end of procedure.
Backup folder containing scripts for scanning (if scan to script is used)
4 Copy old ORS installation package to the server and prepare the safeq-ors.ini according to the
instructions from Installing YSoft SafeQ ORS article with following exceptions:.
a. Parameteres for safeq-ors.ini can be taken from the backup of the original configuration files that
was created in previous steps (<SafeQORS>\conf\modules\ors.conf).
b. Set localGUID according to the value from backup of the original configuration
(<SafeQORS>\conf\modules\guid.conf).
5 Upload all print jobs from the backup of spool directory (created in previous steps) to the new
location defined in safeq-ors.ini (parameter spoolDir).
Copy folder containing scripts for scanning (if scan to script is used) to the same location as it was on
the original server.
7 Once the installation of ORS server is finished, verify the correct ORS functionality according to the
article YSoft SafeQ ORS Health Check. Also check that you are able to release the jobs that were
delivered to the ORS before the ORS has been moved.
Perform these steps only on the server that shall be moved to new location
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ services (
stop whole CML server):
<SAFEQ_DIR>\server\spool
Folder containing scripts for scanning (in case that scan to script is used)
4 Be sure that all required components for server installation are existing on the server. Required
components:
SQDB5 backup
SQDB5_SQDW backup
Configuration backup
Scanning scripts
YSoft SafeQ 5 Installation files
<SAFEQ_DIR>\conf\startup.conf file
Make sure the node you want to move to the new location is stopped.
Install YSoft SafeQ in the new location according to Customized server installation instructions.
Installation requirements:
Install only one CML server node (Do not connect it in to existing cluster!)
Use the same database type as for other nodes that are installed already or for original
CML
Choose the destination folder on another disk
Choose not start services after installation
3 Restore databases
Restore databases on a newly installed server according to the CML - Database restore instructions.
4 Postinstallation steps:
Open the Services window (e.g. Start => Run => services.msc) and set YSoft SafeQ
services to run under the same account as on the old system.
Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ services:
Log in to the web interface (YSoft SafeQ Web interface => System => System information)
Verify that new IP address is visible in Cluster server info table
Verify that all servers are showing status ONLINE (the node you are connected to may
show status LOCAL)
Verify that synchronization between the nodes in the cluster is functional. See table
DBsync database & system pools (non-local servers only). Values in column
Database pool priority must not be growing constantly. They shall be changing and
they shall be often around 0.
This document describes how to move Microsoft SQL database from YSoft SafeQ server to another server.
Requirements
Backup and restore YSoft SafeQ Databases
Run validation of YSoft SafeQ Databases
Edit the file cmldb.conf on the target server
Check System health on the target server
REQUIREMENTS
New Microsoft SQL database server should fit these parameters:
Run the following SQL query on both restored YSoft SafeQ databases in order to clean up database
validator tables: delete from smartq_validator
It is necessary to fill: your server name, the port used by SQL, the name of your YSoft SafeQ
database, the name of your instance
For example:
sqdb-srvname=SERVER8\\SQLEXPRESS
sqdb-dwsrvname=SERVER8\\SQLEXPRESS
6. In <SafeQ_folder>\conf\cmldb-cluster.conf: Specify database login and password for "sync" user in
"dbUser" and "dbPass" parameters.
Check database integrity status at "Database integrity" widget on Dashboard of SafeQ web interface. All
lines have to be marked as OK. If you can see an error, see logs for more details.
ABOUT
All ORS recovery scenarios are described on following pages.
ORS - How to change the GUID of ORS server describes the possibility of exchanging the GUID of
ORS.
ORS - How to change the IP address of ORS server shall be followed in case you need to change the
IP address of the ORS server.
ORS - How to delete corrupted cache can be used in case some ORS functionality is limited due to
cache corruption. Use this step only in case that it is requested by Y Soft.
ORS - How to move an ORS to the new server shall be used if you want to move the ORS to the new
server. By following this guide you will keep the GUID of the ORS which means that statistical data per
the location will be still reported under one ORS (if you uninstall ORS and install a new one with a
different GUID but the same name, you would see the ORS in the reports twice).
ORS - Recovery procedure shall be followed in case that ORS has crashed and you want to restore its
functionality.
ORS - Regular system backup describes the steps required for the backup of the ORS.
This chapter describes steps required for changing of the ORS GUID.
Before you change the GUID to a new one, be sure that the same ORS GUID in NOT already present in
your YSoft SafeQ environment.
Open YSoft SafeQ Web Interface => System => System settings => In the Expert View set
orsCacheRecovery to enabled
If you omit this step, all jobs stored on this ORS will be lost at the end of procedure.
2 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ ORS
services:
3 Edit <SafeQORS>\conf\modules\guid.conf file and enter new ORS GUID in parameter localGUID:
localGUID=%NEW_ORS_GUID%
4 Open web interface of YSoft SafeQ CML server (use the first node in case of CML cluster) and go to
Devices => Printers.
6 Replace value at Spooler GUID by the new one (the same value which was used in guid.conf).
8 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ ORS
services:
9 Verify the correct ORS functionality according to the article YSoft SafeQ ORS Health Check.
This document describes how to change the IP address of one ORS server.
Open YSoft SafeQ Web Interface => System => System settings => In the Expert View set
orsCacheRecovery to enabled
If you omit this step, all jobs stored on the ORS will be lost at the end of procedure.
2 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ ORS
services:
4 Edit <SafeQORS>\conf\modules\ors.conf file and enter the new IP address in parameter smartQ-
server-ip:
smartQ-server-ip = %NEW_IP_ADDRESS%
networkAddress = %NEW_IP_ADDRESS%
Open web interface of YSoft SafeQ CML server (use the first node in case of CML cluster) and go to
Devices => Printers.
10 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ ORS
services:
11 Verify the correct ORS functionality according to the article YSoft SafeQ ORS Health Check.
1 Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the new IP address
All print drivers that were connected to the ORS server with old IP address must be re-connected to
the new IP address.
2 Reconfigure HW terminals:
If you are using hardware terminals, make sure that they are pointing to the new IP address.
Reinstall all embedded terminals that shall be connecting to the server with the new IP address.
When the cache is deleted the particular ORS will loose all information about users, cards, jobs and
printers.
All necessary information about printers, users rights and billing codes are synchronized to the ORS
(from CML) during the first synchronization (after the restart of ORS service).
Information about Jobs is synchronized as part of Cache Recovery Mechanism
User's data will be synchronized to the ORS (from CML) during the first authentication of user.
WARNING
ORS cache equals to CML database. The request for deletion of ORS cache shall be performed
only when requested by Y Soft.
NOTE: If you omit this step, all jobs stored on the ORS will lost after the end of procedure.
2 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ ORS
services:
3b Create file named ".orscdm" (note the dot at beginning) in directory <SAFEQORS_DIR>\bin. This
file works as manual flag, which indicates that caches must be deleted during ORS startup.
4 Open the Services window (e.g. Start => Run => services.msc) and start all YSoft SafeQ ORS
services:
5 Once the ORS cache is deleted, verify the correct ORS functionality according to the article YSoft
SafeQ ORS Health Check.
NOTE: If you omit this step, all jobs stored on the ORS will lost after the end of procedure.
2 Open web interface of YSoft SafeQ CML server (use the first node in case of CML cluster) and go to
Devices > Printers.
4 Replace the Spooler IP address by the new one (the IP address that will be used on the new
server).
NOTE: Skip this step in case you want to keep the original IP address.
1 Open the Services window (e.g. Start => Run => services.msc) and stop all YSoft SafeQ ORS
services:
Backup folder containing scripts for scanning (if scan to script is used)
1 Copy ORS installation package to the new server and prepare the safeq-ors.ini according to the
instructions from Installing YSoft SafeQ ORS article with following exceptions:.
a. Parameteres for safeq-ors.ini can be taken from the backup of the original configuration files that
was created in previous steps (<SafeQORS>\conf\modules\ors.conf).
b. Set localGUID according to the value from backup of the original configuration
(<SafeQORS>\conf\modules\guid.conf).
2 Upload all print jobs from the backup of spool directory (created in previous steps) to the new
location defined in safeq-ors.ini (parameter spoolDir).
Copy folder containing scripts for scanning (if scan to script is used) to the same location as it was on
the original server.
4 Once the installation of ORS server is finished, verify the correct ORS functionality according to the
article YSoft SafeQ ORS Health Check. Also check that you are able to release the jobs that were
delivered to the ORS before the ORS has been moved.
1 Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the new IP address
All print drivers that were connected to the ORS server with old IP address must be re-connected to
the new IP address.
Skip this step in case the ORS IP address has not changed.
2 Reconfigure HW terminals:
If you are using hardware terminals, make sure that they are pointing to the new IP address.
Skip this step in case the ORS IP address has not changed.
Reinstall all embedded terminals that shall be connecting to the server with the new IP address.
Skip this step in case the ORS IP address has not changed.
If the ORS server is not operational for a longer period of time, you can use the procedure from ORS -
Printing without ORS server (ORS server Failure) to sustain the printing functionality.
All CML servers must be running and functional when performing procedure.
Requirements
Step 1- restore hardware after server failure (optional)
Step 2 - restore software after server failure
Step 3 - install and configure the new server
Step 4 - verification of the functionality
REQUIREMENTS
Kindly prepare all the required data before starting ORS server recovery:
1 Install one of the supported Operating Systems for YSoft SafeQ ORS server
Make sure that server has the same IP address and hostname settings as before the
failure. In case IP address or hostname changes, it is necessary to change it also via YSoft
SafeQ web interface before the start of ORS installation. The ORS IP address can be changed
in parameter "Spooler IP address" in the same window as "Spooler GUID" described below.
NOTE: If you omit this step, all jobs stored on the ORS will lost after the end of procedure.
ORS localGUID of recovered ORS must be exactly the same as the GUID on the failed ORS server.
There are two ways to obtain the GUID of failed ORS:
b. localGUID can be taken from YSoft SafeQ CML Web Interface => Devices => Printers => Edit
ORS that you are recovering and see value at Spooler GUID
3 Copy ORS installation package to the new server and prepare the safeq-ors.ini according to the
instructions from Installing YSoft SafeQ ORS article with following exceptions:.
a. Parameteres for safeq-ors.ini can be taken from the backup of the original configuration files that
was created in previous steps (<SafeQORS>\conf\modules\ors.conf).
b. Set localGUID according to the value from backup of the original configuration
(<SafeQORS>\conf\modules\guid.conf).
4
This step is optional. If not performed users would need to reprint their jobs (all missing jobs are
marked as deleted)
Copy the spooler folder from the failed ORS server to the new location.
5 Run installation of ORS server using installORSv2-exe.cmd and wait for installation to finish.
1 Verify the correct ORS functionality according to the article YSoft SafeQ ORS Health Check.
2 Verify that you are able to release the jobs that were delivered to the ORS before the ORS has been
restored. Perform this step only if you restored the spool directory.
Please note that in some cases (depending on the environment size and the seriousness of the failure) it
might be faster to just restore the ORS without performing any reconfiguration described here.
Move all devices from failed ORS to CML via YSoft SafeQ web interface.
Reconfigure all hardware terminals to connect to the CML instead of the failed ORS.
Reconfigure all print drivers (or YSoft SafeQ clients) to connect to the CML server (all print drivers
that were sending print jobs to the ORS must be re-connected to the CML).
Reinstall all embedded terminals that were moved from failed ORS server to functional ORS server.
Moving devices from ORS to CML will be reflected also in statistics (device will be shown in a different
group for the period when it has been moved).
Moving too many devices to CML might overload the CML node. See hardware sizing for maximal
amount of connected MFPs to the CML.
B) RECONNECT ALL DEVICES FROM FAILED ORS TO ANY OTHER EXISTING ORS
Move all devices from failed ORS to a functional ORS via YSoft SafeQ web interface.
Reconfigure all hardware terminals to connect to the functional ORS instead of the failed ORS.
Reconfigure all print drivers (or YSoft SafeQ clients) to connect to any running ORS server (all print
drivers that were sending print jobs to the ORS must be re-connected to any running ORS - due to
job roaming functionality users can send job to one ORS and release it via another one).
Reinstall all embedded terminals that were moved from failed ORS server to functional ORS server.
Moving devices from failed ORS to another one will be reflected also in statistics (device will be shown in
a different group for the period when it has been moved).
Moving too many devices to another ORS might overload the functional ORS. See hardware sizing
for maximal amount of connected MFPs to the ORS.
C) RECONNECT ALL DEVICES DIRECTLY TO THE PRINTER
Reconfigure all print drivers (or YSoft SafeQ clients) to send print job directly to the MFP. The
instructions are the same as described in article CML - Printing without CML (CML cluster Failure).
All jobs delivered to the MFP this way will not be accounted.
ORS is designed for maximum safety and ease of configuration. Configuration is download from CML so
only the basic configuration is required during the recovery procedure.
1) folder <SafeQORS>\server\spool
This folder contains the print jobs that were delivered to this ORS.
If this folder is not backed up on the regular basis and the ORS crashes, it will be impossible to
restore these print jobs. However it is not usually an issue as users can send their documents for
print again.
2) folder <SafeQORS>\conf
Make a backup of folder containing scripts for scanning (if scan to script is used).
The path of location may differ depending on the configuration of your scanning workflows.
ABOUT
CRS - Restore after server failure procedure describes: How to restore CRS server after CRS server
failure.
Use this restore instructions in the case that CRS server is corrupted.
CRS - BACKUP
ABOUT
This page describes how the CRS backup shall be performed.
Note: We recommend to perform the backup on a daily basis and before every update to the newer
version of YSoft SafeQ.
Note: The backup shall be always copied to the safe destination. The safe destination is not present in
the same server where CRS is installed - safe backup destination is a different server or any backup
depository.
CONTENT
This chapter is divided into two parts:
1 Skip this step in case you have the pre-configured installation files for CRS
Extract crs.zip file from YSoft SafeQ installation media into local drive.
Configure DeploymentConfig configuration files for CRS installation according to CRS configuration
page.
2 Make sure that the destination for backup is configured per your needs. CRS will be stored in the
folder defined in the installer settings (DeploymentConfig\crs\env.ini).
### --------------------------------------------------------------------------
## BACKUP ACTION
# Backup directory ( for storing CRS files backup and database dumps)
# Default: C:/SafeQCRS-Backups
backupDir=C:/SafeQCRS-Backups
3 Begin the backup process by running the backup.bat (stored in InstallPackages folder).
The environment name is the path leading to CRS configuration files (for example if the configuration
is stored in C:\CRSinstall\DeploymentConfig\crs\TEST\node1\env.ini, you would use the environment
name as: crs\TEST\node1)
1.
1. Create backup folder according to backupDir setting in env.ini (if backupDir does not exist
already).
2. Perform database backup for following databases:
yBoxDB
yBoxDBCDC
bin\
build\
conf\
5 Copy the backup to any safe destination. Example of files that were created by backup and that shall
be copied to the safe destination:
dump_yBoxDB_201304041523.backup
dump_yBoxDBCDC_201304041523.backup
SafeQCRSBackup.zip
Note: This way of backup may be automated by setting up a scheduled task for "backup.bat"
in the Task Scheduler.
-env <EnvironmentName>
-nopause
The procedure is describing steps for database backup via SQL Server 2008 R2. The procedure for
another database server may slightly differ. Please see documentation of your SQL server for more details.
1 Open SQL Server Management Console and connect to the database engine.
yBoxDB
yBoxDBCDC
Select the database and use right-click to display the context menu.
yBoxDB
yBoxDBCDC
bin
build
conf
6 Copy the database backups and the directory backups to any safe destination.
ABOUT
This chapter describes how to restore YSoft SafeQ CRS after the failure. This scenario shall be followed in
case of any kind of CRS failure (corrupted hardware, corrupted SQL server, missing database files,
corrupted CRS binary files...).
Requirements
Step 1 - restore hardware after server failure (optional)
Step 2 - restore software after server failure (optional)
Step 3 - clean up the server before CRS re-installation
Step 4 - restore the YSoft SafeQ CRS
Step 5 - verification of the functionality
REQUIREMENTS
Kindly prepare all the required data before starting with the master node (1st installed node) recovery:
See article CRS - Backup for more information about database and configuration files backup.
The operating system must be supported for the particular version of MS SQL server that you are
going to deploy. See documentation of your MS SQL server for more details.
It is important to have the same IP address like on the previous server which is corrupted.
Skip this step in case the Microsoft Windows was not corrupted.
2 Install and configure Microsoft SQL Server for YSoft SafeQ CRS.
It is advised to install the same version/edition of MS SQL server which was used before the failure to
avoid the database compatibility issues. The details for the MS SQL server installation can be found
in following articles:
Skip this step in case the MS SQL Server was not corrupted.
1. Start Microsoft SQL Management Studio and connect to the Database Engine as the user sa
.
2. Right-click on the Replication to display the context menu; then select Configure Distribution
. (If this menu is not available and you see Publisher properties instead, this step has been
probably already done and you can proceed to next step).
3. In the window that opens, click Next; then Finish; then Finish again.
4. Replication is now enabled.
You can skip this step in the case of clean installation of Operating system and MS SQL server.
1
MAKE SURE THE MS SQL SERVER IS PROPERLY INSTALLED, INCLUDING REPORTING SERVICES.
Open the Reporting Services Configuration utility (Start > Programs > Microsoft SQL Server 20xx
> Configuration tools):
2
MAKE SURE THE YSOFT SAFEQ CRS SERVICE IS REMOVED
Open a Windows Service (run -> services.msc). If the YSoft SafeQ CRS service exists:
sc delete YSoftSafeQCRS
3
MAKE SURE THAT CRS FOLDER IS DELETED
Check disk drive where CRS server was installed. In the case that SafeQCRS folder exists, delete it.
If the deletion of databases fails, take the database offline (right-click the database -> Tasks > Take Offline), delete the
database file (location of related mfd and ldf file can be found by right-clicking the database -> Properties -> tab Files ->
information under "Database files" text) and then delete the database via SQL Server Management Studio.
1. a. find the session which is currently blocking the database. SQL command:
USE [master]
select d.name, d.dbid, spid, login_time, nt_domain, nt_username, loginame from sysprocesses p inner
GO
b. kill the blocking session. SQL command:
USE [master]
GO
c. disable single-user session for this DB . SQL command:
USE [master]
GO
d. it shall be now possible to take DB offline and delete the database files. For more information see the
5
MAKE SURE THAT PACKAGES FOR CUBES PROCESSING ARE DELETED
6
MAKE SURE THAT ANALYSIS SERVICES DOES NOT CONTAIN SAFEQCDC
Connect to Analysis Services using SQL Server Management Studio. If the database SafeQCDC
database exists, delete it.
1 Restore the YSoft SafeQ CRS databases (according to CRS - Database Restore) on MS SQL server:
yBoxDB
yBoxDBCDC
2 Configure the CRS server as described in CRS configuration, make sure the following attribute in
DeploymentConfig\crs\env.ini is set:
The command prompt opens. Enter the environment name, including the path to the currently
installed node:
Example: crs\TEST\node1
4 You can see the installation progress in the command line window. The installation shall finish with
the message INSTALL PROCESS FINISHED SUCCESSFULLY. Then you can close the installation
window.
If it is stopped start it manually. If the service cannot be started, more information can be found in
<SafeQCRS_DIR>\logs\crs.log
It must be possible to access the statistical data on the CRS server. The date/time in the statistics
shall be equal to the date/time when the CRS backup has been performed. Please verify that data are
available.
follow the description from article Working with YSoft SafeQ CRS OLAP cubes to see
how to obtain statistics from the CRS using Analytic Services
Open YSoft SafeQ Web interface of the CML server that is sending statistics to the CRS.
Open tab Reports -> CRS Reports -> Actions -> click Send statistics to the CRS
Wait till the Sending process finished message is shown. At least some rows has to be
transferred and sending must not fail.
In case there are no new statistical data on the CML, the sending of statistics may still finish
properly but the "Transferred rows" will contain 0. In such a case do the following:
Verify that there is no cube processing running at the moment on the CRS server. If the package is
running, wait for it to finish.
Restart the YSoftSafeQCRS service (via services.msc) on the CRS server. This will force processing
of data in the cube and cube processing package will start.
Wait till the cube processing is finished. The cube processing is finished when there is no package
running any more. To verify when the package was processed follow these steps:
Verify the CRS report includes the data from the last synchronization. The data in the CRS shall have
the date/time equal to the last time of synchronization (as referred in point 2).
ABOUT
This page describes how to restore CRS databases from the existing database backup. The description is
related to Microsoft SQL Server 2008, the steps on another version of MS SQL server are very similar.
Please see documentation of your MS SQL server for more details.
This page is only an extension of the existing documentation and it is not intended as a standalone
recovery scenario for the CRS failure. If your CRS is corrupted, please follow instructions from CRS -
Restore after server failure article to restore it.
1 Open SQL Server Management Console and connect to the database engine.
2 Make sure that databases you want to restore does not exist. In case the database already exists,
delete it.
4 Enter the database name in "To database" field (use one of the following names: yBoxDB or
yBoxDBCDC).
Select "'From device" option and select the path to the database backup.
5 Optionally change the location where the restored database files shall be kept.
Close the Restore Database window once the database has been restored properly.
This topic helps you verify the Health Check of YSoft SafeQ system.
To quickly check CML, ORS or CRS servers, please visit following links:
If the CML cluster runs Windows Network Load Balancing see Windows Network Load Balancing Health
Check topic to find out how to test correct behavior of the balancing feature.
If your system runs Near Roaming group(s) see ORS Near Roaming Health Check topic to learn how to
verify ORS cluster using jConsole tool.
COMPUTER PERFORMANCE
Make sure that all partitions used by SafeQ have at least 10GB of free space.
Make sure that fragmentation is less than 80% on all partitions used by SafeQ .
Perfmon tool can monitor multiple disks. Please make sure you select only disks used by SafeQ.
Avg. Disk Queue Length metric represents the average number of physical read and write requests that
were queued on the selected physical disk during the sampling period. If your I/O system is overloaded,
more read/write operations will be waiting. If your disk queue length frequently exceeds a value of 1 during
peak usage, then you might have an I/O bottleneck.
Avg. Disk Sec/Transfer metric is the time, in seconds, of the average disk transfer (disk latency). Please
compare the output number with below numbers:
Verify that CPU utilization is less than 90% average over 1 minute in peak hours
MEMORY PERFORMANCE IN TASK MANAGER
Using task manager verify that memory commit is not higher than 80% of total physical memory.
Otherwise system starts swapping memory and performance might be degraded.
NETWORK PERFORMANCE IN PERFORMANCE MONITOR
Counter discussed in this topic can be found in Perfmon tool under Network Interface object.
There might be multiple network cards. Make sure you inspect network interface that is used by SafeQ
server.
Verify that Network Queue Length is 0. If the measured value is higher than 0, then network card might be
a bottleneck. Please consult your network administrator.
DATABASE PERFORMANCE
Connect to the database (PostgreSQL Server or Microsoft SQL Server) and verify following queries on all
the nodes in the cluster:
Query Result
SELECT count(*) FROM cluster_sync_update_10 query returns result in less than 200ms
SELECT count(*) FROM cluster_sync_update_10 result is less than 1000 and query finished in
WHERE server_flag<>0 less then 200ms
SELECT count(*) from cluster_sync_update_20 result is less than 50 000 and query finished in
WHERE server_flag<>0 less than 1000ms
SELECT count(*) from cluster_sync_update_30 result is less than 100 000 and query finished in
WHERE server_flag<>0 less than 2000ms
SELECT * FROM pg_stat_activity WHERE xact_start query returns less than 20 rows (PostgreSQL
is not null Only)
VIRTUAL MACHINES
If the YSoft SafeQ server runs as VMware virtual machine, please check also following metrics in vSphere
client:
vSphere Client -> tab Resource Allocation -> CPU shows under Resource Settings Limit:
unlimited
vSphere Client -> tab Resource Allocation -> Memory shows under the Guest
Memory\Resource Settings Limit: unlimited
Memory Swap in and Balloon metrics are zero
vSphere Client -> tab Performance -> Advanced -> Chart options -> Memory -> Real-time ->
Counters: Balloon
vSphere Client -> tab Performance -> Advanced -> Chart options -> Memory -> Real-time ->
Counters: Swap in
CPU ready time for CPU real-time graph is less than 200ms
vSphere Client -> tab Performance -> Advanced -> Chart options -> CPU -> Real-time ->
Counters: Ready
If you do not have access to vSphere client, you can gather few useful information about host from with-in
Windows guest using VMwareToolboxCmd tool:
Near Roaming group among multiple ORS servers is based on existence of Distributed Layer Cache
for the Cluster. This cluster cache is created automatically when Near Roaming group is created. The
goal of this check is to verify that all the members of Near Roaming group successfully joined cluster.
Following example shows two ORS servers in one Near Roaming group.
Please make sure you exactly follow described steps. Incorrect use of the jConsole tool may
permanently damage your YSoft SafeQ installation!
Java Management Console (jConsole) is used to verify that all ORS servers joined Near Roaming group.
Please follow these steps to access mentioned tool:
NOTE: You might be warned about failed SSL connection. In that case, proceed with insecure
connection.
a) CacheManagerStatus: Status must be running. This status is saying that the Cache Manager is up and
running. Other statuses then Running means that the Cache Manager is not running
b) ClusterMembers: This attribute must be showing all nodes that are part of Near Roaming Group. You
can find here host names or IP addreses.
c) ClusterSize: This attribute must be showing number of ORS servers which are members of particular
Near Roaming Group. If the number is not equal to the number of ORS servers in Near Roaming Group
then Near Roaming Cluster is not complete and it is needed to find out which server is missing.
Make sure that the attributes are displayed correctly on all ORSes in Near Roaming Group
This Quick Health Check document is briefly describing what might be checked to ensure the
correct functionality of a SafeQ Terminal Server failover via WNLB . This document is working with
an example of two network cards that are used for WNLB. Please note that customer environment
and network infrastructure might be different.
Windows Network Load Balancing (WNLB) setup is described in Configuring WNLB Server Failover topic.
Table of contents
1. WNLB CLUSTER IS UP AND RUNNING AND THE TRAFFIC FOR TERMINAL SERVER IS BALANCED AMONG THE SAFEQ TERMINAL SERVERS
This status in WNLB manager means that the traffic to the WNLB virtual IP address (in our case Terminal
Server) is load balanced.
How to test: Please try to connect to the virtual IP address of the WNLB cluster via the Internet browser at
https://<NLBvirtualIP>:5012 . You shall perform this test from all the subnets where MFPs with the
embedded terminal are located.
Expected result: Terminal Server test page has to be displayed properly and links on the test page are
functional.
Troubleshooting: If Terminal Server test page is not displayed properly, verify that YSoft SafeQ Terminal
Server service is running on all the nodes that are part of WNLB cluster. If necessary, analyze the log files.
2. STOPPING YSOFT SAFEQ TERMINAL SERVER SERVICE AUTOMATICALLY UNREGISTERS NODE FROM WNLB
This status in WNLB manager means that one of the nodes is offline due to some error or due to the
maintenance reasons. For example when Terminal Server service is stopped or when the server is not
available.
How to test: Stop Terminal Server service on one of the nodes and try to connect to the virtual IP address
of the WNLB cluster via the Internet browser at https://<NLBvirtualIP>:5012
Expected result: The node where the Terminal Server service has been stopped is automatically
unregistered from WNLB as demonstrated on the picture above. It is possible to connect to the virtual IP
address of the WNLB cluster via the Internet browser at https://<NLBvirtualIP>:5012
Troubleshooting: If node is not automatically unregistered, make sure that all the changes in system
settings were applied as recommended in the Y Soft Help. Optionally see Terminal Server log files.
This status in WNLB manager means that one of the nodes is offline due to some error or due to the
maintenance reasons. For example when Terminal Server service is stopped or when the server is not
available.
How to test: Shutdown one server that is part of WNLB cluster and try to connect to the virtual IP address
of the WNLB cluster via the Internet browser at https://<NLBvirtualIP>:5012
Expected result: The node which was disconnected/shut down is automatically unregistered from WNLB
as demonstrated on the picture above. It is possible to connect to the virtual IP address of the WNLB cluster
via the Internet browser at https://<NLBvirtualIP>:5012
Troubleshooting: If node is not automatically unregistered, verify the WNLB cluster configuration.
4. START OF YSOFT SAFEQ TERMINAL SERVER SERVICE AUTOMATICALLY REGISTERS NODE IN THE WNLB
This status in WNLB manager means that Network Load Balancing Cluster is Down and Terminal Server
does not accept any connections (i.g. both Terminal Servers are Offline).
How to test:
Stop Terminal Server service at least on one of the nodes to get a stopped state in WNLB manager
Start Terminal Server service on the node which is showing Stopped state in WNLB manager.
Expected result: In about one-two minutes the node that was unregistered from WNLB shall be registered
again and it shall be in Converged state.
Troubleshooting: If node is not automatically registered, make sure that all the changes in system settings
were applied as recommended in the Y Soft Help. Make sure that Terminal Server has established
connection with the CML service. Optionally see Terminal Server log files.
Check that following services are running on all the nodes that are members of YSoft SafeQ Cluster:
Check that following internal services are running on all the nodes which are members of YSoft SafeQ
Cluster. Status for all the internal services can be found in the YSoft SafeQ Web interface in section System
Information (please see attached screenshot)
DATABASE SYNCHRONIZATION
It is needed to check that the records are correctly replicated between databases in YSoft SafeQ Cluster.
Checks must be done on all the nodes of the YSoft SafeQ Cluster.
Please see System information section on SafeQ web interface. The database replication pool should not
show high numbers (hundreds or thousands) related to replication of High/Medium/Low priority records. The
numbers in these columns should increase and decrease in a short time period.
Please see below example screenshots showing the number of records that needs to be replicated from
TEST-CML1 node to TEST-CML2.
To see the number of records waiting for the nodes nodes use the View function in the top of the System
information section. Please note that you should do these checks on all the nodes web interfaces.
How to test: Create new user on first CML node web interface.
Expected result: Verify on second CML node that same user is displayed on web interface.
SPOOLER
Check that jobs are deleted accordingly to SafeQ settings from the spooler folder.
Check that there is enough free space on the spooler hard-drive (more than 10GB on all partitions
used by SafeQ)
Follow these checks on all the Ysoft SafeQ Servers in Cluster.
Note: Favorite jobs remain in spooler folder until removed by user. Favorite jobs are stored separately from
other print jobs.
DATABASE INTEGRITY
Check the Database integrity widget for any duplicate entries in the system.
Because of the nature of CRS function, the data is processed during off-hours. Therefore it is
necessary that CRS is running at least for a day (depends on current setting) before performing
this health check.
Please check that CML server is successfully sending data to CRS server. This can be done on YSoft
SafeQ CML Web interface. See picture below how to check sending status. Possible error column shall be
without any error.
COMPARE CML WEB REPORTS WITH MS SQL REPORTING SERVICES ON CRS SERVER
It is required Web reports are enabled and MS SQL Reporting services are installed on CRS server.
Verify that both CML and CRS report same figures for previous day.
How to compare:
Open YSoft SafeQ CML web interface. Navigate to Reports > Web reports. Select Standard report
and date range for previous day. See Using Web reports for more information about Web reports.
Open in web browser <SafeQ_CRS>\Reports and enter admin credentials when requested. Navigate
to SafeQ Reports > Full - Base report. Select date range for previous day. See Working with YSoft
SafeQ CRS reports for more information about CRS reports.
Compare figures in both reports
Verify that CRS processed all data correctly from the log.
YSoft SafeQ CRS log is by default located in <SafeQ_CRS>\logs\crs.log. Filter out CSDManagerCRS. All
records must be without any warning and DTExec must finish successfuly:
Check that following services are running on YSoft SafeQ ORS Server:
Please check that ORS server is successfully connected to all YSoft SafeQ CML servers in the cluster and
that all services are reporting correct status. This can be done on YSoft SafeQ CML Web interface. Refer to
Viewing ORS status information for detailed instructions.
OFFLINE REMOTE SPOOLER DATA REPLICATION TO CML SERVER
Verify that ORS server is reporting all its data to YSoft SafeQ CML server(s).
How to test:
Send a job to YSoft SafeQ ORS server and check that job is visible in Job list on YSoft SafeQ CML
web interface with status Accepted. (Please note that data are synchronized once per minute.)
Release the job sent in previous step on any of the devices connected to YSoft SafeQ ORS server
and check whether Job List on YSoft SafeQ CML server is updated with accounting information.
Check that Terminal accesses are updated on Web interface of YSoft SafeQ CML server after
releasing the job from previous step.
SPOOLER
Check that jobs are deleted accordingly to YSoft SafeQ settings from the Spooler folder.
Check that there is enough free space on the Spooler HDD ( more than 10GB on all partitions used
by YSoft SafeQ )
Note: Favorite jobs are remaining in spooler folder until removed by user. Favorite jobs are stored
separately from other print jobs in spooler folder.
Below procedures map service restart scenarios and shall be used for all maintenance procedures for Near
Roaming Group (NRG) members. Standalone ORS servers can be restarted at will.
We suggest to reboot one server at a time. You should wait several minutes (up to 15 minutes)
between each restart. No action needed in such case.
If there is a need to reboot more than one server at the same time, follow Whole NRG cluster
restart.
Only one server can be going through the procedure below. Once completed, another server can be
restarted. It is not recommended to restart 2 or more ORS servers at the same time. Should that be
required, proceed with Whole NRG cluster restart.
1. On each server in the NRG stop all three ORS services in no particular order.
Optional: delete cache on all ORS servers.
You can proceed with the following steps on each ORS at the same time. They can be starting up
in parallel.
2. Start service YSoft SafeQ ORS.
3. Do not start YSoft SafeQ ORS Web Service manually, proceed to next step. YSoft SafeQ ORS Web
Service is started automatically.
4. Start service YSoft SafeQ Terminal Server.
5. Open ors.log located in SafeQORS\logs and wait until all data (users, jobs, devices, queues,
terminals,... ) are downloaded from distributed layer.
In case orsFailoverLockManager property is enabled and appropriate license with " ORS
failover and load balancing" feature is used , search for Download entities finished
from other ORSes in NRG. Note: This can take up to 15 minutes, depending on number
of users and jobs.
In case license without " ORS failover and load balancing" is used, search for End of
processing of GetNewJobsByUsersResponseMessage. Note: Message appears in ors.
log approximately after time defined in refreshRoamingJobCronRule property.
6. At this point the ORS is fully operational. ORS should be excluded from authentication until this
step.
After all ORS servers are started, proceed as described below in section Verification that NRG is properly
established.
SPECIAL CASES
Executed upon request from YSoft CSS.
ORS service restart means that you restart only service YSoft SafeQ ORS without restarting YSoft SafeQ
ORS Web or Terminal Server.
Never delete cache on single ORS. If that is needed, follow procedure for whole NRG cluster restart.
3.
SafeQ 5 supports recovery of ORS cache after it's deletion. This greatly simplifies upgrade process to
newer versions. In case of cache deletion, ORS will trigger cache recovery process during startup, and all
job-related data lost due to deletion will be re-downloaded from CML again. This document describes
procedure how to use cache recovery (further referenced as "CR") mechanism in production environments.
ORS cache recovery cannot be used to restore data which are unknown to the CML (e.g. statistics which
were not yet synchronized to the CML) and job-related data for print jobs with status DELETED..
CONTENTS
By default, CR is enabled. CR will be automatically run when upgrading ORS to newer version. This
behavior is ensured by property orsCacheRecovery=true in system settings of SafeQ CML interface (this
requires deleting of ORS cache after update which is assured by deleteCacheAfterUpdate=1 from file
safeq-ors.ini).
PLEASE NOTE:
Before you choose to upgrade ORS using cache recovery, make sure that CML has property
orsCacheRecovery set to true. If you run ORS upgrade without upgrading CML at first, this property might
be disabled. This would cause that after the ORS upgrade the cache is deleted, but since CML has
orsCacheRecovery=false, CR would not be run. If you encounter such situation, you can proceed with
following steps:
CR mechanism is based on message communication between CML and ORS. CR request messages are
sent from ORS to CML, where they're processed, and data is returned back
to ORS. Keep in mind, that CR mechanism is based on transmitting ORS's job-related data from CML.
Each ORS running recovery will send multiple messages to CML as CR requests. CML will load data from
database and sends them back to ORS as response. Please note, that loading data from database
might be expensive operation. If several ORS nodes are running recovery simultaneously, they might
HW CONFIGURATION
HW setup is important mainly from DB(hdd/ssd) and CPU speed. Handling several hundreds of CR
messages on CML side utilizes CPU, while loading CR metadata from DB utilizes HDD/SSD.
Performance of these elements must be taken into consideration.
SPOOLER DELETION
In case of ORS spooler deletion, all jobs belonging to this ORS will be marked on CML as DELETED. This
adds additional overhead to CML node, since it'll need to update database records
for these jobs. This operation might be time consuming and must be taken into account when running CR.
(if spoolers are deleted, number of ORSs in single CR batch should be further decreased)
In case of CML getting "frozen" during CR process, it's recommended to wait until it becomes responsive
again. If you get into such situation, CML is not able to handle such thrust from ORS
nodes. You need to decrease number of ORSs being recovered/upgraded. YOU ALSO NEED TO DELETE
CACHES ON THESE ORS NODES. This will trigger CR process from scratch once you start these nodes.
CR process is safe in context of repetition. At any time during CR process, data are consistent between
ORS and CML.
ABOUT CRONTRIGGERS
There is a standard CRONTAB convention to set the times for CML/ORS synchronization. CRON is a
UNIX tool that has been around for a long time, so its scheduling capabilities are powerful and proven. The
CronTrigger class is based on the scheduling capabilities of Cron.
CronTrigger uses "Cron expressions", which are able to create triggering schedules such as: "At 8:00am
every Monday through Friday" or "At 1:30am every last Friday of the month".
Cron expressions are powerful, but can be confusing. The information in this section aims to help solve
some of the mysteries of creating a cron expression.
FORMAT
A cron expression is a string comprising 6 or 7 fields separated by white space. Fields can contain any of
the allowed values, along with various combinations of the allowed special characters for that field. The
fields are as follows:
SPECIAL CHARACTERS
* ("ALL VALUES") used to select all values within a field. For example, "*" in the minute field means
"EVERY MINUTE".
? ("NO SPECIFIC VALUE")used if you need to specify something in one of the two fields in which the
character is allowed, but not the other. For example, if you want your trigger to fire on a particular day
of the month (say, the 10th), but you do not care what day of the week that happens to be, you would
put "10" in the day-of-month field, and "?" in the day-of-week field. See the examples below for
clarification.
- used to specify ranges. For example, "10-12" in the hour field means "THE HOURS 10, 11 AND 12".
, used to specify additional values. For example, "MON,WED,FRI" in the day-of-week field means
"THE DAYS MONDAY, WEDNESDAY, AND FRIDAY".
/ used to specify increments. For example, "0/15" in the seconds field means "THE SECONDS 0, 15,
30, AND 45". And "5/15" in the seconds field means "THE SECONDS 5, 20, 35, AND 50". "1/3" in the
day-of-month field means "FIRE EVERY 3 DAYS STARTING ON THE FIRST DAY OF THE
MONTH".
L ("LAST") has a different meaning in each of the two fields in which it is allowed. For example, the
value "L" in the day-of-month field means "THE LAST DAY OF THE MONTH" – day 31 for January,
day 28 for February on non-leap years. If it is used in the day-of-week field by itself, it simply means
"7" or "SAT". But if used in the day-of-week field after another value, it means "THE LAST
PARTICULAR DAY OF THE MONTH" – for example "6L" means "THE LAST FRIDAY OF THE
MONTH". When using the "L" option, it is important not to specify lists, or ranges of values, because
you will get confusing results.
W ("WEEKDAY") used to specify the weekday (Monday-Friday) nearest the given day. For example, if
you specify "15W" as the value for the day-of-month field, the meaning is: "THE NEAREST
WEEKDAY TO THE 15TH OF THE MONTH". So if the 15th is a Saturday, the trigger will fire on
Friday the 14th. If the 15th is a Sunday, the trigger will fire on Monday the 16th. If the 15th is a
Tuesday, then it will fire on Tuesday the 15th. However, if you specify "1W" as the value for day-of-
month, and the 1st is a Saturday, the trigger will fire on Monday the 3rd, as it will not "jump over" the
boundary of a month's days. The "W" character can only be specified when the day-of-month is a
single day, not a range or list of days.
NOTE: The "L" and "W" characters can also be combined in the day-of-month field to yield
"LW", which translates to "LAST WEEKDAY OF THE MONTH".
# used to specify "the n-th" XXX day of the month. For example, the value "6#3" in the day-of-week
field means "THE THIRD FRIDAY OF THE MONTH" (day 6 = Friday and "#3" = the 3rd one in the
month). Other examples: "2#1" = the first Monday of the month and "4#5" = the fifth Wednesday of
the month. Note that if you specify "#5" and there is not 5 of the given day-of-week in the month, then
no firing will occur that month.
NOTE: The "L" and "W" characters can also be combined in the day-of-month field to yield
"LW", which translates to "LAST WEEKDAY OF THE MONTH"
CRONTRIGGER EXAMPLES
Expression Meaning
0 * 14 * * ? Fire every minute starting at 2pm and ending at 2:59pm, every day
0 0/5 14 * * ? Fire every 5 minutes starting at 2pm and ending at 2:55pm, every day
0 0/5 14,18 * * ? Fire every 5 minutes starting at 2pm and ending at 2:55pm, AND fire every 5
minutes starting at 6pm and ending at 6:55pm, every day
0 0-5 14 * * ? Fire every minute starting at 2pm and ending at 2:05pm, every day
0 10,44 14 ? 3 WED Fire at 2:10pm and at 2:44pm every Wednesday in the month of March.
0 15 10 ? * MON- Fire at 10:15am every Monday, Tuesday, Wednesday, Thursday and Friday
FRI
0 15 10 ? * 6L Fire at 10:15am on every last Friday of every month during the years 2002,
2002-2005 2003, 2004 and 2005
0 0 12 1/5 * ? Fire at 12pm (noon) every 5 days every month, starting on the first day of the
month.
Source: http://quartz-scheduler.org/generated/2.2.1/html/qs-all/#page
/Quartz_Scheduler_Documentation_Set%2Fco-trg_crontriggers.html
ABOUT
This page describes basic information about configuration files of YSoft SafeQ
Unlike previous versions, YSoft SafeQ 5 does not include file system-based configuration. All user
/administrator configurable options are stored in the YSoft SafeQ database and configurable only
via the YSoft SafeQ Web Interface (see System Settings page).
The SafeQ home directory still includes a conf folder, but available configuration options are very limited
and are focused on low-level system configuration instead of user options.
Configuration options:
Configuration options are stored in the CML database and are synchronized with other system
components.
Each configuration option includes description, internal name, default value, and distribution
flags (if the options will be distributed to another CML server, to an ORS, or to Terminal Server).
Terminal Server always loads the configuration from the central YSoft SafeQ CML server
immediately after startup.
The ORS downloads the current configuration from the CML after connection and caches the data
into a persistent disk cache.
Several configuration options (especially Advanced and Expert) require restart of individual
components.
Unlike previous versions, YSoft SafeQ 5 does not include file system-based configuration. All user
/administrator configurable options are stored in the YSoft SafeQ database and configurable only
via the YSoft SafeQ Web Interface (see System Settings page).
<SAFEQ_DIR>\tomcat\conf\server.
xml
Note: You can enforce local configuration in ors.conf which will supersede global configuration. To do so,
add required configuration to ors.conf and restart ORS services (e.g. to specify different card conversion
method, add and specify conversion configuration property)
ABOUT
This page describes basic information about log files and where can be found.
<SAFEQ_HOME>\logs\crs.log Main application audit and debug log for CRS server.
<SAFEQ_HOME>\logs\ors_stdout. CRS startup and exit log; contains all un-handled messages and
log thread stack traces.
This option is disabled by default. Tomcat generates log information into cmlweb.log file which
should contain all logging infomration produced by Tomcat server.
tomcat7w.exe //ES//YSoftWeb
Configuration dialog will appear. It is possible to change logging options in Logging tab.
It is possible to redirect Stdout and Sdterror to file. You can either select specific path to file where to store
log or insert "auto".
When you set it to specific file, then this file will be overwritten by every restart of Tomcat and it's size is not
restricted. It is not recommended for long running services.
When you set it to "auto", then Tomcat will create log files with time stamp. This is better approach, because
logs won't lost after restart of service, but administrator must take care of deleting too old log files.
This setting is overwritten by SafeQ installer. If you upgrade SafeQ then this setting will be lost.
ABOUT
This page describes YSoft SafeQ services that are installed automatically after safeq installation:
CML SERVICES
ORS SERVICES
YSoft SafeQ ORS YSoftSafeQORS Main SafeQ Server service for Remote
Spooler
YSoft SafeQ ORS web YSoftWeb ORS Web service for client and webdav
service
CRS SERVICE
5 USER GUIDES
You can use YSoft SafeQ on your computer to view and manage your print jobs, define your default billing
code and other tasks.
1 Click the YSoft SafeQ shortcut on your desktop or, in your browser, enter the YSoft SafeQ
address provided to you by your system administrator.
2 If necessary, change the YSoft SafeQ language by clicking one of the flag icons.
Enter the user name and password provided to you by your system administrator; then click Lo
g in.
You can use the Job list to view your print jobs, select jobs to print, cancel jobs, resubmit jobs to print, and
see detailed information about the jobs' progress.
On the Job list page, use the filters to search for the job you need:
To search for and display jobs that have a specific status, click .
Printing – The job is being sent to the printer or is being printed. You can display detailed information
about the job process. Typically, the job is in a state of sending data, waiting for printing to start,
waiting for printing completion, or waiting for accounting.
Pending – The job is ready to be printed. It may be waiting for other jobs to print first or waiting for the
printer's status to be "Ready."
Accepted – YSoft SafeQ accepted the job, added it to the secured queue, and is waiting for you to log
in at a printer and print the job.
Printed – The job was successfully delivered to the printer and accounted for.
Local print – The job was sent to a local printer.
Scan – YSoft SafeQ has recorded and accounted for the job as a scan.
Copied – YSoft SafeQ has recorded and accounted for the job as a copy.
Requeued – The job was queued to be printed again.
Cancelled – You or another authorized user cancelled the job (for instance, by selecting "delete" at a
terminal).
Cancelled at start – YSoft SafeQ cancelled the job when the print server restarted.
Rejected – YSoft SafeQ denied the printing because you had insufficient credit or access rights.
Check your available credit or contact your system administrator.
Printer error – The printer did not receive the job or an error occurred during printing (usually an exact
reason for the error is given).
Spooler error – The job did not print because of a problem with the print server. Contact your system
administrator.
Security violation – The job did not print because YSoft SafeQ detected an unauthorized modification
to the job. Contact your system administrator.
Deleted – The job has been deleted. If you want to print the job, re-submit it.
Batch accounting – The job is a part of a batch of jobs to be printed.
Non-SafeQ copy/print – The job was not a YSoft SafeQ job.
To change what the Job list page displays, click , then select the option you
want. To display all your jobs, select My jobs or Job list. To display only your jobs that have
not yet been printed or only your favorite jobs, select those options.
For the jobs you displayed, select what you would like to do:
1. For each job you want to cancel, mark as a favorite, etc., check the box next to the job.
2. Click .
Requeue Only if the job has not been deleted and If a print failed or the job has already
is not currently being printed. been printed, requeue the job to print
again.
Preview Only if the job has not been deleted and Display a preview of the job.
/or the configuration of the YSoft SafeQ
system at your organization supports it.
Note Only if the job contains a note. Hover your mouse over this icon to see
note text.
Delete Only if the job's queue is a direct print Remove the job from the queue and
queue. cancel its planned print operation.
Checkbox Only if the job has not been deleted. Mark jobs to apply the selected action to
(cancel, add to your list of favorite jobs,
etc.)
Note: The option to select your default billing code may be available or unavailable depending on the
way the YSoft SafeQ system has been configured.
Usage
Mobile Print web interface
Display language
Login screen
Uploading of print jobs using web interface
Managing the job list
Job Information
Finishing Options and Printer selection
Guest / Anonymous printing
Guest user registration
Account management
Delete account
Switch to permanent
5.2.1 USAGE
There are two ways of use mobile device to send document to print:
A) The user can send the document to a specified email address as an email attachment. It is provided
with response message about the document processing (if document was processed completely, partially or
not at all) via email. If it was processed completely and correctly then it is queued to print.
B) The user can upload the document directly from web interface.
NOTE: To access the mobile interface, enter the URL http://SAFEQ_IP:SAFEQ_HTTP_PORT/m (for
example http://192.168.1.1:80/m). The host (IP address) and port are usually exactly the same as for
accessing the YSoft SafeQ Web Interface.
Mobile Print web interface is simplified YSoft SafeQ web interface for easy management of print jobs on
mobile devices. Link with web interface address is part of confirmation email.
DISPLAY LANGUAGE
The language of the Mobile Print web interface can be changed by using the select box on the login screen.
The list contains all languages that are enabled in the SafeQ administration and is hidden if no additional
languages are configured.
LOGIN SCREEN
It is authentication screen to the mobile web interface. Insert the username and password values into
appropriate fields and enter in to application by click Login.
Once you are successfully authenticated, following main screen of Mobile Print is displayed.
Action Description
Manage User can manage his job (see chapter "Managing the job list" for more information).
Jobs
Upload new User is able to upload specific file for print. (see chapter "Uploading of print jobs using
job web interface" for more information).
User can upload file for processing by selecting browse button, browse for document which should be
processed and confirming by Upload button.
On this screen a user is able to manage his jobs waiting for print or print a job on a specific printer. Click the
job filename for selecting job to print.
Action Description
Print All All jobs in job-list will be sent to a printer. For these jobs you can select
finishing options and specific printer (see Finishing Options and printer
Selection section for more information).
Click on the specific Job operations for selected job (see Job information section for more
job name information).
JOB INFORMATION
Selected job displays/accepted following information / actions.
Action Description
Select printer Select available printer and finishing options (see Finishing Options and
printer Selection section for more information).
Action Description
Pages (Only in case the PS Total count of BW / Color pages for selected document.
parser is enabled*)
Preview (Only in case the PS Preview of the first page for selected document is displayed.
parser is enabled*)
Action Description
Grayscale You can select job to be printed in gray scale (In this case color job will be printed as B
/W).
Limitation: On Xerox MFPs it is not possible to force job to be printed in gray scale.
Action Description
Printer
selection
Printer status Shows printer status. (Only in case the on-line accounting is used)
When Finishing options are set click on the printer name, the job will be printed and a following message will
be displayed.
Mobile Print web interface is simplified web interface for easy management of print jobs on mobile devices.
Link with web interface address is part of confirmation email.
NOTE:
if a third party payment gateway (e.g. PayPal, DIBS) is not correctly configured, Recharge
button can redirect to PageNotFound (404).
In case this feature is enabled, the option to register a new user is displayed as a link on the mobile
web Login screen. Continue the registration by clicking on Sign up.
The registration screen is displayed. A user has to enter a username and password, optionally also an email
address can be entered.
If the option to create temporary users is enabled, the registration screen is displayed with the expiration
time and the switch enables a user to choose between temporary or permanent account type.
Confirmation is displayed after successful registration. In case the money account is created as well, the
option to recharge is offered to the user.
Once the user is successfully authenticated, the main screen of Mobile Print web interface is displayed.
Guest users can see a link to the Account settings page. In case the YSoft Payment System is installed with
an integrated 3rd party payment gateway, a link to the YSoft Payment System gateway integration page is
displayed as well.
ACCOUNT MANAGEMENT
The user can change his/her password, email or delete his/her account. To do any of this, the user will
have to enter the actual password for verification.
DELETE ACCOUNT
When a user selects the option to delete his/her account, it is required to enter the existing password and
click on the button "Delete my account now". SafeQ will try to delete it.
If the guest user does NOT have an existing money account, the SafeQ account is deleted.
If the user has an existing money account, the further steps depend on the remaining credit balance
the account:
Negative balance - the system displays warning and asks the user to settle the debt either at a
cash desk or by recharging. A link to the payment gateway integration page will be displayed
for user convenience. On the payment gateway, the missing amount will be pre-filled.
Zero balance - the money account is deleted and then the SafeQ account as well.
Positive balance - the SafeQ warns the user about money being lost and offers the option to cancel
the operation. If he/she chooses to "Delete account", money account is deleted and the SafeQ
account is deleted as well.
After the guest account is deleted, the user is logged out of the mobile web and redirected back the Login
page. Any unreleased jobs of the given user are deleted.
SWITCH TO PERMANENT
A temporary guest user can switch to permanent account in Account settings.
Confirmation is displayed to verify that the user really wants to switch from temporary to permanent
account.
Once the user is switched to permanent, the user settings is inherited from the template user for permanent
accounts.
This chapter provides instructions for using Apple devices with YSoft SafeQ Connector for AP. Following
steps will describe how to send a print job from Mac OS X device and iDevices (iPad, iPhone).
All jobs will be sent to secure queue in YSoft SafeQ. It is also required to create user with valid credentials
(username and password) in YSoft SafeQ in order to use YSoft SafeQ Connector for AP.
NOTE: If you do not want to add the printer and you print through "Nearby printers" then
continue with step 1 chapter Send print job....
Click on '+', click on the printer with name set in YSoft SafeQ Connector for AP and click on the Add
button.
5.3.2 SEND PRINT JOB TO SECURE QUEUE ON DEVICES WITH MAC OS X OPERATING SYSTEM
1 Print a document from any application. Use printer that was selected in previous step or use printer
with name set in YSoft SafeQ Connector for AP.
Send print job to secure queue on devices with iOS operating system
1 Open the document you want to print and click on "Print" icon.
2 Select the printer with name set in YSoft SafeQ Connector for AirPrint.
4 If you are printing for the first time, provide required credentials.
NOTE: iDevices cache credentials. Next print jobs won't require reentering
credentials.
1 Open the document you want to print and click on "Print" icon.
2 If the printer is not selected automatically, select the printer with name set in YSoft SafeQ Connector
for AirPrint.
Copies
Single-sided / double-sided
Color / Black & White
1 After you submit a print job, the VIP shared queues page appears. Note: This feature may not be
available, it depends on way how your YSoft SafeQ system is configured.
1. Click Private Print to print to a private, unshared (secure) queue. These print jobs won't be
available to other users.
2. Click Shared Print to print to a shared queue. Your print job will be available to members of
the shared queue.
Note: When you don't have a shared queue already created, the queue should be
automatically created.
3. Click Select people to define which users will have access to your VIP Shared queue. You'll
be redirected to application where you can delegate persons with privilege to print your shared
print jobs.
You have to enter your login and password to manage the queue.
Note: Select people might not be available for you. In that case administrators can provide
you with web link where you can manage your shared queue.
2 Now you or delegate persons can authenticate at the terminal on the printer and print the print job.
5.4.2 VIEWING INFORMATION ABOUT JOBS SUBMITTED TO DELEGATION PRINT (VIP SHARED
QUEUES) - ADMINISTRATORS ONLY
On the Reports > Job list page, double click to one print job and navigate to an Information tab.
The name of the shared queue is shown in the Assigned to queue field.
2 The YSoft SafeQ Web Interface also displays information about shared queues on the Devices >
Shared queues page. For more details see: Shared Queues.
OVERVIEW
There is two main ways how SafeQ Client application can behave from user view:
Without pop-up windows - after clicking print, document is sent to print server and no SafeQ Client
pop-up windows will be shown.
With pop-up windows - after clicking print, document is sent to print server and SafeQ Client pop-up
windows will be displayed. Depends on the administrator settings, you can edit print settings like
billing code, job queue or other finishing options. For more information continue in following guide.
NOTE: Some of the screens and options displayed in following steps, can vary from screens displayed
on your workstation. Displaying SafeQ Client pop-up windows depends on administrator settings on SafeQ
server and SafeQ print port on your workstation. For more information about SafeQ Client pop-up windows
behavior contact your local administrator.
2 When authentication screen will be displayed, depends on settings, you can authenticate yourself by:
3 When billing code selection window will be displayed, you can select one of the billing codes by
clicking it. Your job will be accounted to this billing code.
For more information about selecting billing codes see: Selecting billing codes in SafeQ Client
2. Assigned billing codes (list of all assigned billing code in tree hierarchy). Here you can also
search in a list of assigned billing codes.
4 When job queue selection window will be displayed, you can select job queue for your job by clicking:
Private print - job will be assigned to the secured queue, then job will be released after
authentication and print confirmation on device.
Shared print - job will be assigned to the shard queue, then selected users can also see
and print this job in their job lists. You can add users to your shared queue by clicking
Select people.
For more information about Shared queues see: Using Delegation Print (VIP shared
queues) and Configuring and using Shared Queues.
5 Finally the Price estimation windows will be displayed. Here you can see price estimation for your job
for all available printers and you can also use:
Additionally current balance on users money account is displayed, if YSoft Payment System is
enabled. Then prices higher than current balance are grayed out.
Please note that price estimation has only informative character and final job price may differ.
Following aspects can change job price after job reception on device:
rules defined in Rule-based Engine with trigger "Before job is released to the printer" or "On
job's delivery to the printer".
changes in finishing options on terminal
paper type used for print
device capabilities (e.g. format or color limitations)
OVERVIEW
There is two main ways how SafeQ Client application can behave from user view:
Without pop-up windows - after clicking print, document is sent to print server and no SafeQ Client
pop-up windows will be shown.
With pop-up windows - after clicking print, document is sent to print server and SafeQ Client pop-up
windows will be displayed. Depends on the administrator settings, you can edit print settings like
billing code, job queue or other finishing options. For more information continue in following guide.
NOTE: Some of the screens and options displayed in following steps, can vary from screens displayed
on your workstation. Displaying SafeQ Client pop-up windows depends on administrator settings on SafeQ
server and SafeQ print port on your workstation. For more information about SafeQ Client pop-up windows
behavior contact your local administrator.
2 When authentication screen will be displayed, depends on settings, you can authenticate yourself by:
3 When billing code selection window will be displayed, you can select one of the billing codes by
clicking it. Your job will be accounted to this billing code.
For more information about selecting billing codes see: Selecting billing codes in SafeQ Client
2. Assigned billing codes (list of all assigned billing code in tree hierarchy). Here you can also
search in a list of assigned billing codes.
4 When job queue selection window will be displayed, you can select job queue for your job by clicking:
Private print - job will be assigned to the secured queue, then job will be released after
authentication and print confirmation on device.
Shared print - job will be assigned to the shard queue, then selected users can also see
and print this job in their job lists. You can add users to your shared queue by clicking
Select people.
For more information about Shared queues see: Using Delegation Print (VIP shared
queues) and Configuring and using Shared Queues.
5 Finally the Price estimation windows will be displayed. Here you can see price estimation for your job
for all available printers and you can also use:
OVERVIEW
There is two main ways how SafeQ Client application can behave from user view:
Without pop-up windows - after clicking print, document is sent to print server and no SafeQ Client
pop-up windows will be shown.
With pop-up windows - after clicking print, document is sent to print server and SafeQ Client pop-up
windows will be displayed. Depends on the administrator settings, you can edit print settings like
billing code, job queue or other finishing options. For more information continue in following guide.
NOTE: Some of the screens and options displayed in following steps, can vary from screens displayed
on your workstation. Displaying SafeQ Client pop-up windows depends on administrator settings on SafeQ
server and SafeQ print port on your workstation. For more information about SafeQ Client pop-up windows
behavior contact your local administrator.
2 When authentication screen will be displayed, depends on settings, you can authenticate yourself by:
You can select Remember me checkbox to preserve login information for next print job.
You can select Remember me checkbox to preserve login information for next print job.
3 When billing code selection window will be displayed, you can select one of the billing codes by
clicking it. Your job will be accounted to this billing code.
For more information about selecting billing codes see: Selecting billing codes in SafeQ Client
2. Assigned billing codes (list of all assigned billing code in tree hierarchy). Here you can also
search in a list of assigned billing codes.
4 When job queue selection window will be displayed, you can select job queue for your job by clicking:
Private print - job will be assigned to the secured queue, then job will be released after
authentication and print confirmation on device.
Shared print - job will be assigned to the shard queue, then selected users can also see
and print this job in their job lists. You can add users to your shared queue by clicking
Select people.
For more information about Shared queues see: Using Delegation Print (VIP shared
queues) and Configuring and using Shared Queues.
5 Finally the Price estimation windows will be displayed. Here you can see price estimation for your job
for all available printers and you can also use:
Current balance on users money account is displayed, if YSoft Payment System is enabled. Prices
lower than current balance are grayed out.
Please note that price estimation has only informative character and final job price may differ.
Following aspects can change job price after job reception on device:
rules defined in Rule-based Engine with trigger "Before job is released to the printer" or "On
job's delivery to the printer".
changes in finishing options on terminal
paper type used for print
device capabilities (e.g. format or color limitations)
You can select a billing code (project code) for each print job you send to a YSoft SafeQ secure or direct
queue.
SELECTING A BILLING CODE IN YSOFT SAFEQ CLIENT WITH RECENT BILLING CODES ENABLED
When Recent Billing Codes are enabled you can see the list of recently selected billing codes on the first
screen. Information about this extension: Recent Billing Codes Extension
If you choose Show assigned billing codes then you will see list of assigned billing codes. You can follow
information in next chapter: Selecting a billing code in YSoft SafeQ Client
On the Billing codes page, select a billing code, or click to display more billing codes; then navigate
to the billing code you need and select it.
NOTE: If the page includes Price estimation or VIP shared queue options, you can see how to use those
options here:
On the Billing codes page, select the billing code, or click to display more billing codes; then
navigate to the billing code you need and select it.
At a Glance
1 Place your card on the card reader attached to the printer and go to step 3.
OR
Press the Alternate Login button and continue with the next step.
NOTE: You can also use the numeric keyboard on the printer.
3 You can select to print all your unprinted jobs immediately after login. Click Yes to do so, otherwise
click No.
1 Place your card on the card reader attached to the printer and go to step 3.
OR
Press the Alternate Login button and continue with the next step.
4 You can select to print all your unprinted jobs immediately after login. Click Yes to do so, otherwise
click No.
LOG OUT
You can use any of these methods to log out from the device:
NOTE: You can use this access button anytime. After pressing this button you will be immediately
logged out.
OR
2b Press your username in the top right corner and select Log Out.
OR
3 After 3 minutes (note that this can be configured differently in your environment), you will be
automatically logged out.
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
1 Place your card on the card reader and/or enter other login information (PIN or Login and password).
3 When the message "Print all new jobs now?" appears, touch Yes.
YSoft SafeQ logs you in and the printer prints all your compatible waiting prints.
The first time you use a card, use one of the methods described below to register it.
NOTE: The method you use may depend on the way your system administrator has configured SafeQ.
2 Type your login name and confirm it with the Enter button.
4 When the assignment process will be successful, you will be logged to the printer and new card will
be assigned to your user account.
If Card Activation Code has been assigned to you (it was received by email or it is displayed on SafeQ Web
Interface Dashboard), you can use this simple method to register your card.
2 Insert the Card Activation Code and confirm it with the Enter button.
3 When the assignment process will be successful, you will be logged to the printer and new card will
be assigned to your user account.
REGISTER A NEW CARD BY ENTERING YOUR CARD ACTIVATION CODE OR LOGIN NAME AND PASSWORD
2 Insert the Card Activation Code and confirm it with the Enter button. New card will be assigned to
your user account.
OR
Touch the Enter button without entering the Card Activation Code to skip to username and
password assignment. Continue to next step.
5 When the assignment process will be successful, you will be logged to the printer and new card will
be assigned to your user account.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
jobs to print at the Xerox printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
jobs to print at the Xerox printer.
3 Job details and preview of the first page of print job displays.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
jobs to print at the Xerox printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Save.
4 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Once billing code is selected you can continue to Scan menu to start scanning
OR
COPY
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start (typically a green button) on the printer panel to start copying.
SCAN
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
1 Log in to Embedded Terminal: Log in and log out at the Xerox printer and navigate to YSoft SafeQ
application
2 The current credit balance is written in bottom close to your User name.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: Only print jobs for which you have enough credit balance will be printed.
3a When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
3b When you try to print jobs, for which you don't have enough credit balance, job is not printed and
stays in the waiting folder. You are informed about insufficient credit.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
NOTE: Only copy jobs for which you have enough credit balance will be copied.
2 When you try to copy job, for which you don't have enough credit balance, the whole copy job is
refused.
NOTE: When you have available credit balance only for few pages, you can copy them one by
one until your credit balance is consumed.
1 Select scan workflow which you want to use and start scanning.
NOTE: Only scan jobs for which you have enough credit balance will be performed.
2 When you try to scan job, for which you don't have enough credit balance, the whole scan job is
refused.
NOTE: When you have available credit balance only for few pages, you can scan them one by
one until your credit balance is consumed.
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start (typically a green button) on the printer panel to start copying.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
jobs to print at the Xerox printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
jobs to print at the Xerox printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
1 Place your card on the card reader attached to the printer and go to step 3.
OR
Press the Alternate Login button and continue with the next step.
NOTE: You can also use the numeric keyboard on the printer.
You can select to print all your unprinted jobs immediately after login. Click Yes to do so, otherwise
click No.
1 Place your card on the card reader attached to the printer and go to step 3.
OR
Press the Alternate Login button and continue with the next step.
4 You can select to print all your unprinted jobs immediately after login. Click Yes to do so, otherwise
click No.
LOG OUT
You can use any of these methods to log out from the device:
NOTE: You can use this access button anytime. After pressing this button you will be immediately
logged out.
OR
2b Press your username in the top right corner and select Log Out.
OR
3 After 3 minutes (note that this can be configured differently in your environment), you will be
automatically logged out.
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
1 Place your card on the card reader and/or enter other login information (PIN or Login and password).
3 When the message "Print all new jobs now?" appears, touch Yes.
YSoft SafeQ logs you in and the printer prints all your compatible waiting prints.
The first time you use a card, use one of the methods described below to register it.
NOTE: The method you use may depend on the way your system administrator has configured SafeQ.
2 Type your login name and confirm it with the Enter button.
4 When the assignment process will be successful, you will be logged to the printer and new card will
be assigned to your user account.
2 Insert the Card Activation Code and confirm it with the Enter button.
3 When the assignment process will be successful, you will be logged to the printer and new card will
be assigned to your user account.
REGISTER A NEW CARD BY ENTERING YOUR CARD ACTIVATION CODE OR LOGIN NAME AND PASSWORD
2 Insert the Card Activation Code and confirm it with the Enter button. New card will be assigned to
your user account.
OR
Touch the Enter button without entering the Card Activation Code to skip to username and
password assignment. Continue to next step.
5 When the assignment process will be successful, you will be logged to the printer and new card will
be assigned to your user account.
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Save.
4 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Once billing code is selected you can continue to Scan menu to start scanning
OR
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
1 Log in to Terminal Embedded: Log in and log out at the Xerox printer and navigate to joblist: Select
jobs to print at the Xerox printer.
3 Job details and preview of the first page of print job displays.
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE XEROX PRINTER
1 Log in to Embedded Terminal: Log in and log out at the Xerox printer and navigate to YSoft SafeQ
application
2 The current credit balance is written in bottom close to your User name.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: Only print jobs for which you have enough credit balance will be printed.
3a When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
3b When you try to print jobs, for which you don't have enough credit balance, job is not printed and
stays in the waiting folder. You are informed about insufficient credit.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
NOTE: Only copy jobs for which you have enough credit balance will be copied.
2 When you try to copy job, for which you don't have enough credit balance, the whole copy job is
refused.
NOTE: When you have available credit balance only for few pages, you can copy them one by
one until your credit balance is consumed.
1 Select scan workflow which you want to use and start scanning.
NOTE: Only scan jobs for which you have enough credit balance will be performed.
2 When you try to scan job, for which you don't have enough credit balance, the whole scan job is
refused.
NOTE: When you have available credit balance only for few pages, you can scan them one by
one until your credit balance is consumed.
5.6.2 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR KONICA MINOLTA (OPENAPI)
There are two different modes in which the the terminal can operate:
These two manuals are also applicable for Develop and Olivetti devices.
At a Glance
To use the YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how
the system is set up at your location.
Your system may be configured so that you can choose to log in either with a PIN or a card.
NOTE: The first time you use your card, register it as described in Register a new card at the KM printer.
1 To log in, place your card on the card reader attached to the printer and go to next chapter.
OR
NOTE: You can also use the numeric keyboard on the printer.
3 Touch Login.
NOTE: You can also set Print all value to print all compatible waiting jobs after logging in or not.
For more information see: Print all your print jobs at the KM printer below.
Your system may be configured so that you can choose to log in by entering your login name and password
or by placing your card on the card reader.
NOTE: The first time you use your card, register it as described in Register a new card at the KM printer.
1 To log in, place your card on the card reader attached to the printer and go to next chapter.
OR
3 Touch Password.
5 Touch Login.
NOTE: You can also set Print all value to print all compatible waiting jobs after logging in or not.
For more information see: Print all your print jobs at the KM printer below.
LOG OUT
To log out, touch the Access button (highlighted in the image) on the printer panel.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by
your system administrator (typically 3 minutes).
If you want to print all your unprinted jobs automatically after you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
2 Now you can fill in requred login information and touch Login or swipe card. YSoft SafeQ logs you in
and the printer prints all your compatible waiting prints.
The first time you use a card, use one of the methods described below to register it.
NOTE: The method you can use may depend on the way your system administrator has configured
YSoft SafeQ.
2 When card assignment screen is displayed, touch Login to assign card by entering username and
password.
4 Touch Password.
6 Now touch OK. You will be logged in and new card will be assigned to your user account.
If Card Activation Code has been assigned to you (it was received by email or it is displayed on YSoft
SafeQ Web Interface Dashboard), you can use this simple method to register your card.
2 When card assignment screen is displayed, touch Card Activation to assign card by entering Card
Activation Code.
Now touch OK. You will be logged in and new card will be assigned to your user account.
Your system may be set up to for you to select a billing code (project code) for the copies and scans you
make. If this is the case, after you log in, the Billing code selection page opens. Use either of the methods
described below to select your project.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013 (default billing code)
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
1 When billing code screen appears and you want to use default billing code, which is displayed at the
top of the screen, just touch OK and continue to device application main menu.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
NOTE: In the YSoft SafeQ Web Interface, you can define your own default billing code. See Quick
Start Guide for End Users.
1 If you want to select billing code from a list touch List button at the end of a Browse field to show
list of billing codes assigned to you.
2 If you want to select billing code from the current level, tap this billing code, touch OK and skip to step
4.
If you want to know how to browse billing codes tree, tap 1: Financial, then OK and continue to step
3a.
NOTE: You can move between pages with billing codes by tapping arrow buttons.
3a For best demonstration of browsing billing code we will go from "1: Financial" to "131: invoices
2013" back to the "13: 2013".
We've selected billing code "1: Financial". To show children of this billing code tap List button.
NOTE: In the billing code tree you can see selected/displayed billing codes as highlighted. Then
you can easily see current level.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3b Children of "1: Finance" billing code displays. Tap "13:2013" billing code and tap OK.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3d Children of "13: 2013" billing code displays. Now we are at the lowest level of billing code tree.
Our target is to select "13:2013" billing code, then we have to go one level up, then parent level
represented by first line and tap OK.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3e Now billing code "1: Finance" billing code was selected, then we have to tap List button again to
display children of this billing codes.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3f Now finally we can select "13: 2013" billing code and touch OK to confirm it.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
4 If the selected billing code you want to use, tap OK to continue to device application main menu.
Otherwise go back to step 2.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
1 If you want to search for billing code touch keyboard button on the left from search button.
2 Type ID (number) or description (name) of billing code, which you want to search for and touch OK.
(In this example "2013").
4 Results which match your searching phase will be displayed. In brackets after billing code name, you
can see path of all parental billing codes.
NOTE: In our case the path of all parental billing codes is represented by numbers of billing
codes, but it depends on the way, how the SafeQ system is configured.
Select one of the billing codes from the search result, touch OK and continue to next step.
OR
Touch Cancel, if you want to change your searching phase and repeat steps 1 to 4.
5 Now your billing code is selected. Touch OK to continue to device application main menu.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
Konica Minolta devices offers another way how to select billing code. If you know exact ID (number) or
description (name) of billing code, you can enter it in search window and touch and confirming it without
searching of browsing lists.
1 If you want to enter exact ID or description of billing code, touch keyboard button.
2 Type exact ID (number) or description (name) of billing code, which you want to search for and touch
OK. (In this example "131" as a ID or "invoices 2013" as a description).
OR
OR
4 If your input will match any ID (number) or description (name) of billing code, device menu will be
displayed and matched billing code will be selected. Otherwise an error message appears and you
have to repeat these steps again.
1 Log in to Terminal Embedded: Logging in and logging out at the KM Zeus printer.
If billing code screen appears, follow steps in Selecting a billing code at the KM Zeus printer - KM
interface.
NOTE: Your screen may looks like different as shown here, depends on administrator settings.
3 An screen with job folder selection will be displayed. Touch one of the folder buttons.
NOTE: Your screen may include different options as shown here, depends on administrator settings.
5 If you have selected jobs to print, touch Start button on the printer panel and selected jobs will be
printed. For more information about HW buttons on device panel see: Hardware buttons on KM Zeus
printer.
6 The history with all types of jobs performed in this session displays.
Touch Close.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer - KM interface
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture above the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer - KM interface
2 Touch ". . ." button next to the job to view jobs details.
OR
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer - KM interface
NOTE: If you delete a job, you will not be able to reprint it in future.
COPY
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
If billing code screen appears follow steps in Select a billing code at the KM printer - KM interface.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start button on the printer panel to start copying. For more information about HW buttons
on device panel see: Hardware buttons on KM printer
SCAN
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Logging in and logging out at the KM Zeus printer.
If billing code screen appears, follow steps in Selecting a billing code at the KM Zeus printer - KM
interface.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 The scan workflows screen displays. Availability of scan workflows may vary according to the YSoft
SafeQ configuration at your location. To learn about your available scanning options, contact your
system administrator.
NOTE: The example shown here is for Scan to e-mail workflow, but the process is similar for
editing other workflows.
Touch one of scan workflows and now you can and touch Parameters button next to workflow, to
change parameters like sender, recipient, scan file name, etc.
4 After touching Parameters button, screen with scan workflow parameters displays. Now you can
change parameters of scan workflow.
NOTE: The example shown here is for Scan to e-mail workflow, but the process is similar for
editing other workflows.
NOTE: Parameters with asterisk * are mandatory and must be filled. Otherwise scan wouldn't be
performed.
5 Type the sender e-mail address / recipient e-mail address / name of the scanned file depends on
selected parameter.
6 Now your parameters was saved. If you want to set another parameters, repeat steps 4 and 5.
7 Now touch Scan settings to change settings like resolution, color, etc.
8 After touching Scan settings, screen with available scan settings will be displayed.
After setting workflow parameters and scan settings press Start button on the printer panel and
selected jobs will be printed. For more information about HW buttons on device panel see: Hardware
buttons on KM Zeus printer.
The history contains a list of print, copy and scan jobs which were performed during one user's session
(from user's login to user's logout).
1 Touch Job History button on the SafeQ Print or the SafeQ Scan application.
NOTE: You can enter Job history screen anytime during working with printer.
2 The history with all types of jobs performed in this session is displayed.
NOTE: When Payment System is used and the user has a money account assigned, there also
should be displayed prices for jobs.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to YSoft SafeQ print
or scan application.
2 The current credit balance is written in the upper part for copy, print and scan menu.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: Only print jobs for which you have enough credit balance will be printed.
NOTE: The credit balance is not automatically refreshed after performing print job. You should
leave the job list and enter it again to see your current credit balance.
3a When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
When you have credit balance only for few pages of the print job, only those pages are printed and
the rest of the print job is not printed.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
NOTE: If the print job costs exactly the same as your current available credit balance, then the
print job is finished and following screen will appear.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
3b When you try to print jobs, for which you don't have enough credit balance, jobs will not be printed.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
3c
When you try to print jobs for which you do not have enough credit balance using the Print All from
the Authentication Screen, the jobs will not be printed and a warning message will be displayed.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
After performing the copy job, your credit balance will be decreased.
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
When you have enough credit balance only for few copies, then only those copies will be performed
and the rest of the copy job will be refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If the copy job costs exactly the same as your current available credit balance, then the
copy job is finished and following screen will appear.
1 Select scan workflow which you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If the scan job costs exactly the same as your current available credit balance, then the
scan job is finished and following screen will appear.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer - KM interface
NOTE: If you delete a job, you will not be able to reprint it in future.
The history contains a list of print, copy and scan jobs which were performed during one user's session
(from user's login to user's logout).
1 Touch Job History button on the SafeQ Print or the SafeQ Scan application.
NOTE: You can enter Job history screen anytime during working with printer.
2 The history with all types of jobs performed in this session is displayed.
NOTE: When Payment System is used and the user has a money account assigned, there also
should be displayed prices for jobs.
Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer - KM interface
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture above the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Logging in and logging out at the KM Zeus printer.
If billing code screen appears, follow steps in Selecting a billing code at the KM Zeus printer - KM
interface.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 The scan workflows screen displays. Availability of scan workflows may vary according to the YSoft
SafeQ configuration at your location. To learn about your available scanning options, contact your
system administrator.
NOTE: The example shown here is for Scan to e-mail workflow, but the process is similar for
editing other workflows.
Touch one of scan workflows and now you can and touch Parameters button next to workflow, to
change parameters like sender, recipient, scan file name, etc.
4 After touching Parameters button, screen with scan workflow parameters displays. Now you can
change parameters of scan workflow.
NOTE: The example shown here is for Scan to e-mail workflow, but the process is similar for
editing other workflows.
NOTE: Parameters with asterisk * are mandatory and must be filled. Otherwise scan wouldn't be
performed.
5 Type the sender e-mail address / recipient e-mail address / name of the scanned file depends on
selected parameter.
6 Now your parameters was saved. If you want to set another parameters, repeat steps 4 and 5.
7 Now touch Scan settings to change settings like resolution, color, etc.
8 After touching Scan settings, screen with available scan settings will be displayed.
After setting workflow parameters and scan settings press Start button on the printer panel and
selected jobs will be printed. For more information about HW buttons on device panel see: Hardware
buttons on KM Zeus printer.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013 (default billing code)
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
1 When billing code screen appears and you want to use default billing code, which is displayed at the
top of the screen, just touch OK and continue to device application main menu.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
NOTE: In the YSoft SafeQ Web Interface, you can define your own default billing code. See Quick
Start Guide for End Users.
1 If you want to select billing code from a list touch List button at the end of a Browse field to show
list of billing codes assigned to you.
2 If you want to select billing code from the current level, tap this billing code, touch OK and skip to step
4.
If you want to know how to browse billing codes tree, tap 1: Financial, then OK and continue to step
3a.
NOTE: You can move between pages with billing codes by tapping arrow buttons.
3a For best demonstration of browsing billing code we will go from "1: Financial" to "131: invoices
2013" back to the "13: 2013".
We've selected billing code "1: Financial". To show children of this billing code tap List button.
NOTE: In the billing code tree you can see selected/displayed billing codes as highlighted. Then
you can easily see current level.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3b Children of "1: Finance" billing code displays. Tap "13:2013" billing code and tap OK.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3d Children of "13: 2013" billing code displays. Now we are at the lowest level of billing code tree.
Our target is to select "13:2013" billing code, then we have to go one level up, then parent level
represented by first line and tap OK.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3e Now billing code "1: Finance" billing code was selected, then we have to tap List button again to
display children of this billing codes.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3f Now finally we can select "13: 2013" billing code and touch OK to confirm it.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
4 If the selected billing code you want to use, tap OK to continue to device application main menu.
Otherwise go back to step 2.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
1 If you want to search for billing code touch keyboard button on the left from search button.
2 Type ID (number) or description (name) of billing code, which you want to search for and touch OK.
(In this example "2013").
4 Results which match your searching phase will be displayed. In brackets after billing code name, you
can see path of all parental billing codes.
NOTE: In our case the path of all parental billing codes is represented by numbers of billing
codes, but it depends on the way, how the SafeQ system is configured.
Select one of the billing codes from the search result, touch OK and continue to next step.
OR
Touch Cancel, if you want to change your searching phase and repeat steps 1 to 4.
5 Now your billing code is selected. Touch OK to continue to device application main menu.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
Konica Minolta devices offers another way how to select billing code. If you know exact ID (number) or
description (name) of billing code, you can enter it in search window and touch and confirming it without
searching of browsing lists.
1 If you want to enter exact ID or description of billing code, touch keyboard button.
2 Type exact ID (number) or description (name) of billing code, which you want to search for and touch
OK. (In this example "131" as a ID or "invoices 2013" as a description).
OR
OR
4 If your input will match any ID (number) or description (name) of billing code, device menu will be
displayed and matched billing code will be selected. Otherwise an error message appears and you
have to repeat these steps again.
1 Log in to Terminal Embedded: Logging in and logging out at the KM Zeus printer.
If billing code screen appears, follow steps in Selecting a billing code at the KM Zeus printer - KM
interface.
NOTE: Your screen may looks like different as shown here, depends on administrator settings.
3 An screen with job folder selection will be displayed. Touch one of the folder buttons.
NOTE: Your screen may include different options as shown here, depends on administrator settings.
If you have selected jobs to print, touch Start button on the printer panel and selected jobs will be
printed. For more information about HW buttons on device panel see: Hardware buttons on KM Zeus
printer.
6 The history with all types of jobs performed in this session displays.
Touch Close.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer - KM interface
2 Touch ". . ." button next to the job to view jobs details.
OR
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE KM PRINTER - KM INTERFACE
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to YSoft SafeQ print
or scan application.
2 The current credit balance is written in the upper part for copy, print and scan menu.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: Only print jobs for which you have enough credit balance will be printed.
NOTE: The credit balance is not automatically refreshed after performing print job. You should
leave the job list and enter it again to see your current credit balance.
3a When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
When you have credit balance only for few pages of the print job, only those pages are printed and
the rest of the print job is not printed.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
NOTE: If the print job costs exactly the same as your current available credit balance, then the
print job is finished and following screen will appear.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
3b When you try to print jobs, for which you don't have enough credit balance, jobs will not be printed.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
3c
When you try to print jobs for which you do not have enough credit balance using the Print All from
the Authentication Screen, the jobs will not be printed and a warning message will be displayed.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
After performing the copy job, your credit balance will be decreased.
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
When you have enough credit balance only for few copies, then only those copies will be performed
and the rest of the copy job will be refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If the copy job costs exactly the same as your current available credit balance, then the
copy job is finished and following screen will appear.
1 Select scan workflow which you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If the scan job costs exactly the same as your current available credit balance, then the
scan job is finished and following screen will appear.
At a Glance
To use the YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how
the system is set up at your location.
Your system may be configured so that you can choose to log in either with a PIN or a card.
NOTE: The first time you use your card, register it as described in Register a new card at the KM printer.
1 To log in, place your card on the card reader attached to the printer and go to next chapter.
OR
NOTE: You can also use the numeric keyboard on the printer.
3 Touch Login.
NOTE: You can also set Print all value to print all compatible waiting jobs after logging in or not.
For more information see: Print all your print jobs at the KM printer below.
Your system may be configured so that you can choose to log in by entering your login name and password
or by placing your card on the card reader.
NOTE: The first time you use your card, register it as described in Register a new card at the KM printer.
1 To log in, place your card on the card reader attached to the printer and go to next chapter.
OR
3 Touch Password.
5 Touch Login.
NOTE: You can also set Print all value to print all compatible waiting jobs after logging in or not.
For more information see: Print all your print jobs at the KM printer below.
LOG OUT
To log out, touch the Access button (highlighted in the image) on the printer panel.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by
your system administrator (typically 3 minutes).
If you want to print all your unprinted jobs automatically after you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
2 Now you can fill in requred login information and touch Login or swipe card. YSoft SafeQ logs you in
and the printer prints all your compatible waiting prints.
The first time you use a card, use one of the methods described below to register it.
NOTE: The method you can use may depend on the way your system administrator has configured
YSoft SafeQ.
2 When card assignment screen is displayed, touch Login to assign card by entering username and
password.
4 Touch Password.
6 Now touch OK. You will be logged in and new card will be assigned to your user account.
If Card Activation Code has been assigned to you (it was received by email or it is displayed on YSoft
SafeQ Web Interface Dashboard), you can use this simple method to register your card.
2 When card assignment screen is displayed, touch Card Activation to assign card by entering Card
Activation Code.
Now touch OK. You will be logged in and new card will be assigned to your user account.
NOTE: It is possible to select billing codes later in SafeQ Application menu (See: Selecting a billing code
at the KM printer). Then for now, you can use default billing code and continue to the next chapter.
Your system may be set up to for you to select a billing code (project code) for the copies and scans you
make. If this is the case, after you log in, the Billing code selection page opens. Use either of the methods
described below to select your project.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013 (default billing code)
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
1 When billing code screen appears and you want to use default billing code, which is displayed at the
top of the screen, just touch OK and continue to device application main menu.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
NOTE: In the YSoft SafeQ Web Interface, you can define your own default billing code. See Quick
Start Guide for End Users.
1 If you want to select billing code from a list touch List button at the end of a Browse field to show
list of billing codes assigned to you.
2 If you want to select billing code from the current level, tap this billing code, touch OK and skip to step
4.
If you want to know how to browse billing codes tree, tap 1: Financial, then OK and continue to step
3a.
NOTE: You can move between pages with billing codes by tapping arrow buttons.
3a For best demonstration of browsing billing code we will go from "1: Financial" to "131: invoices
2013" back to the "13: 2013".
We've selected billing code "1: Financial". To show children of this billing code tap List button.
NOTE: In the billing code tree you can see selected/displayed billing codes as highlighted. Then
you can easily see current level.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3b Children of "1: Finance" billing code displays. Tap "13:2013" billing code and tap OK.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3d Children of "13: 2013" billing code displays. Now we are at the lowest level of billing code tree.
Our target is to select "13:2013" billing code, then we have to go one level up, then parent level
represented by first line and tap OK.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3e Now billing code "1: Finance" billing code was selected, then we have to tap List button again to
display children of this billing codes.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
3f Now finally we can select "13: 2013" billing code and touch OK to confirm it.
0: Default Project
1: Financial
11: 2011
111: invoices 2011
112: orders 2011
12: 2012
121: invoices 2012
122: orders 2012
13: 2013
131: invoices 2013
132: orders 2013
2: Development
21: Project 1
22: Project 2
23: Project 3
24: Project 4
3: Management
4 If the selected billing code you want to use, tap OK to continue to device application main menu.
Otherwise go back to step 2.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
1 If you want to search for billing code touch keyboard button on the left from search button.
2 Type ID (number) or description (name) of billing code, which you want to search for and touch OK.
(In this example "2013").
4 Results which match your searching phase will be displayed. In brackets after billing code name, you
can see path of all parental billing codes.
NOTE: In our case the path of all parental billing codes is represented by numbers of billing
codes, but it depends on the way, how the SafeQ system is configured.
Select one of the billing codes from the search result, touch OK and continue to next step.
OR
Touch Cancel, if you want to change your searching phase and repeat steps 1 to 4.
5 Now your billing code is selected. Touch OK to continue to device application main menu.
NOTE: You can use also Access button to continue to device application menu. For more
information about HW buttons on device panel see: Hardware buttons on KM printer
Konica Minolta devices offers another way how to select billing code. If you know exact ID (number) or
description (name) of billing code, you can enter it in search window and touch and confirming it without
searching of browsing lists.
1 If you want to enter exact ID or description of billing code, touch keyboard button.
2 Type exact ID (number) or description (name) of billing code, which you want to search for and touch
OK. (In this example "131" as a ID or "invoices 2013" as a description).
OR
OR
4 If your input will match any ID (number) or description (name) of billing code, device menu will be
displayed and matched billing code will be selected. Otherwise an error message appears and you
have to repeat these steps again.
If billing code screen appears, follow steps in Select a billing code at the KM printer - KM interface.
NOTE: Your screen may looks like different as shown here, depends on administrator settings.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer.
3 Job details and preview of the first page of print job displays.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
1 In YSoft SafeQ print application select Billing codes from the menu.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch OK.
4 The searched phrase appears in text filed. Start searching by tapping Magnifier button.
5 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Once billing code is selected you can continue to Scan menu or Copy menu to scan or copy to
selected Billing code.
COPY
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
If billing code screen appears follow steps in Select a billing code at the KM printer - KM interface.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start button on the printer panel to start copying. For more information about HW buttons
on device panel see: Hardware buttons on KM printer
SCAN
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
If billing code screen appears, follow steps in Select a billing code at the KM printer - KM interface.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameter and scan
settings. You scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to YSoft SafeQ print
or scan application
2 The current credit balance is written in bottom close to your User name for Print and Scan application.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
The current credit balance is written in the upper part for copy menu.
NOTE: Only pages for which you have enough credit balance will be printed. It might happen that
only half of your print job will be printed, if you don't have enough credit.
NOTE: The credit balance is automatically refreshed after performing print job.
3a When you try to print jobs, for which you don't have enough credit balance, only those pages are
printed, for which you have credit balance.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
NOTE: If print job costs exactly the same as your current available credit balance, then the print
job is finished and following screen will appear.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
3b When you try to print jobs, for which you don't have enough credit balance, jobs will not be printed.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
3c When you try to print jobs for which you do not have enough credit balance using the Print All from
the Authentication Screen, the jobs will not be printed and a warning message will be displayed.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
After performing the copy job, your credit balance will be decreased.
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If copy job costs exactly the same as your current available credit balance, then the copy
job is finished and following screen will appear.
1 Select scan workflow which you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If scan job costs exactly the same as your current available credit balance, then the job is
finished and following screen will appear.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
If billing code screen appears, follow steps in Select a billing code at the KM printer - KM interface.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameter and scan
settings. You scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
If billing code screen appears, follow steps in Select a billing code at the KM printer - KM interface.
NOTE: Your screen may looks like different as shown here, depends on administrator settings.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
1 In YSoft SafeQ print application select Billing codes from the menu.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch OK.
4 The searched phrase appears in text filed. Start searching by tapping Magnifier button.
5 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Once billing code is selected you can continue to Scan menu or Copy menu to scan or copy to
selected Billing code.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to joblist: Select jobs
to print at the KM printer.
3 Job details and preview of the first page of print job displays.
1 Log in to Terminal Embedded: Log in and log out at the KM printer and navigate to YSoft SafeQ print
or scan application
2 The current credit balance is written in bottom close to your User name for Print and Scan application.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
The current credit balance is written in the upper part for copy menu.
NOTE: Only pages for which you have enough credit balance will be printed. It might happen that
only half of your print job will be printed, if you don't have enough credit.
NOTE: The credit balance is automatically refreshed after performing print job.
3a When you try to print jobs, for which you don't have enough credit balance, only those pages are
printed, for which you have credit balance.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
NOTE: If print job costs exactly the same as your current available credit balance, then the print
job is finished and following screen will appear.
NOTE: This message is displayed only when job parser is disabled or only job analyzer is used in
YSoft SafeQ configuration.
3b When you try to print jobs, for which you don't have enough credit balance, jobs will not be printed.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
3c When you try to print jobs for which you do not have enough credit balance using the Print All from
the Authentication Screen, the jobs will not be printed and a warning message will be displayed.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
After performing the copy job, your credit balance will be decreased.
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If copy job costs exactly the same as your current available credit balance, then the copy
job is finished and following screen will appear.
1 Select scan workflow which you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If scan job costs exactly the same as your current available credit balance, then the job is
finished and following screen will appear.
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
If billing code screen appears follow steps in Select a billing code at the KM printer - KM interface.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start button on the printer panel to start copying. For more information about HW buttons
on device panel see: Hardware buttons on KM printer
There are only two buttons related to usage of YSoft SafeQ system on Konica Minolta Zeus or
Minerva devices:
Start button (big blue one) - after pressing copying / scanning / printing action will start.
Access button (highlighted one) - user is immediately logged out from the device after
pressing this button.
To use the YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how
the system is set up at your location.
NOTE: The first time you use your card, register it as described in Register a new card at the KM printer.
1 To log in, place your card on the card reader attached to the printer and go to next chapter.
OR
NOTE: You can also use the numeric keyboard on the printer.
3 Touch Login.
NOTE: You can also set Print all value to print all compatible waiting jobs after logging in or not.
For more information see: Print all your print jobs at the KM printer below.
NOTE: The first time you use your card, register it as described in Register a new card at the KM printer
.
1 To log in, place your card on the card reader attached to the printer and go to next chapter.
OR
3 Touch Password.
5 Touch Login.
NOTE: You can also set Print all value to print all compatible waiting jobs after logging in or not.
For more information see: Print all your print jobs at the KM printer below.
LOG OUT
To log out, touch the Access button (highlighted in the image) on the printer panel.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by
your system administrator (typically 3 minutes).
If you want to print all your unprinted jobs automatically after you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
2 Now you can fill in requred login information and touch Login or swipe card. YSoft SafeQ logs you in
and the printer prints all your compatible waiting prints.
NOTE: The method you can use may depend on the way your system administrator has configured
YSoft SafeQ.
2 When card assignment screen is displayed, touch Login to assign card by entering username and
password.
4 Touch Password.
6 Now touch OK. You will be logged in and new card will be assigned to your user account.
2 When card assignment screen is displayed, touch Card Activation to assign card by entering Card
Activation Code.
4 Now touch OK. You will be logged in and new card will be assigned to your user account.
At a Glance
To use YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how the
system is set up at your location.
Your system may be configured so that you can choose to log in either with a PIN or a card.
NOTE: The first time you use your card, register it as described in Register a new card at Ricoh printer.
1 To log in, place your card on the card reader attached to the printer.
OR
If you want the printer to print all your unprinted jobs after you log in, check Print all.
If you do not want the printer to print all your jobs, uncheck Print all.
3 Touch PIN text field or directly type your PIN using the printer's numeric keypad. (2 to 20
numbers). You can confirm inserted PIN by Login.
HINT: You can enter PIN using the printer's numeric keypad confirm the entrance with # key
directly on this screen.
Your system may be configured so that you can choose to log in by entering your username and password
or by swiping your card on the card reader.
NOTE: The first time you use your card, register it as described in Register a new card at Ricoh printer.
1 To log in, place your card on the card reader attached to the printer.
OR
If you want the printer to print all your unprinted jobs after you log in, check Print all.
If you do not want the printer to print all your jobs, uncheck Print all.
Touch OK.
Touch OK.
LOG OUT
To log out, touch the Exit button in the right corner or place any card on the card reader (if a card reader is
attached to the printer).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
Touch Exit.
The first time you use a card, use one of the methods described below to register it.
NOTE:: The method you use may depend on the way your system administrator has configured SafeQ.
The terminal should ask you for a Activation Code or for a Username and password. This depends on
SafeQ system configuration.
1 Your Card Activation Code may appear in an email from SafeQ after sending first job to SafeQ or
generated manually by administrator.
2 If your Card Activation Code was generated, it may appear in SafeQ web interface when you log in.
If you have a Card Activation Code, you can use this simple method to register your card.
3 Touch Activation Code text field to get software keyboard or use hardware keyboard to insert Card
Activation Code and then press Confirm.
4 If you have taken the first option then insert your Card activation code and confirm it with the OK
button.
5 When the assignment process will be successful, you will be logged to the printer.
7 When the assignment process will be successful, you will be logged to the printer.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
Navigate to billing code children (Only billing codes with + symbol have children)
2 Once the billing code is confirmed, it is displayed at the bottom of the screen.
Navigate to billing code children (Only billing codes with + symbol have children)
3 Type name or number or text of billing code, which you want to search for and touch OK.
NOTE: The path from root level is displayed for each billing code in bracket.
Navigate to billing code children (Only billing codes with + symbol have children)
1 Once billing code is selected you can continue to Scan menu to start scanning with selected billing
code.
2 OR
Navigate to Copy menu and perform a copy job for selected billing code.
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
3 YSoft SafeQ logs you in and the printer prints all your waiting prints.
1 Log in to Terminal Embedded: Log in and log out at the Ricoh printer.
3 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Navigate to Waiting /
Printed / Favorite folders.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Ricoh printer
2 When you have selected Print all option, only compatible jobs will be printed
OR
3 Navigate to joblist
You will see incompatible jobs grey out and marked with [ I ] symbol. You can print only compatible
jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
2
Select the job and touch Info icon
Log in to Terminal Embedded: Log in and log out at the Ricoh printer and navigate to joblist: Select
jobs to print at the Ricoh printer.
3
Touch Delete icon
NOTE: If you delete a job, you will not be able to reprint it in future.
COPY
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Ricoh printer.
2 When the Main menu appears, touch the Copy button on the printer panel.
3 OR
Press Home button on the printer panel and select copy feature.
4 Configure the copy options and start copying by pressing Start button.
SCAN
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
Select the billing code and confirm selection with accept button
NOTE: Your Main menu may not look exactly like the one shown here.
NOTE: Your screen may include different options from the ones shown here.
Available scanning options vary according to the YSoft SafeQ configuration at your location. To learn about
your available scanning options, contact your system administrator.
To select scan options and make a scan, then follow these steps:
2 Touch the scan workflow you want to use (for example, Scan to my folder) and start scanning by
NOTE: The workflow shown here is only a sample. Your menu may include this or different
options.
Your system may allow you to change scan workflow parameters. For example, if your available scan
workflows include Scan to e-mail, you may be able to change the e-mail address to send the scan from or
to.
Your system also allow to change scan workflow settings. For example the resolution, the file format of the
scanned document, duplex / simplex settings or the color settings.
The available workflows and whether or not you can change their settings vary according to the way YSoft
SafeQ is configured at your location. For more information, contact your system administrator.
NOTE: The example shown here is for Scan to e-mail, but the process is similar for editing other
workflows.
Edit scan settings (file format, color, resolution, simplex/duplex) described in step 2a.
Edit scan parameters (scan sender, scan recipient, filename, ...) described in step 2b.
2a
Touch scan settings button.
Select required settings for Color, File type, Duplex mode and Resolution.
OR
2b
Touch scan parameters button.
OR
NOTE:
This feature is currently available only under Early Access Program and therefore requires special
license.
The session summary window displays the total amount of print/copy/scan jobs performed in user's session.
Together with this also the number of pages and price for each job category is displayed. The total price
displays the sum of prices for each category.
NOTE: Job summary can be enabled by a configuration property "Enable YSoft SafeQ embedded
terminal for Ricoh to show session summary before the user logs out " ( srteShowSessionSummary )
that can be found in System Settings / Terminal UI.
1 Log out of the Terminal Embedded: Log in and log out at the Ricoh printer.
3 Tap on OK to close the session summary window and logout from the terminal. The session
summary window is also closed automatically after 20 seconds.
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Ricoh printer.
2 When the Main menu appears, touch the Copy button on the printer panel.
3 OR
Press Home button on the printer panel and select copy feature.
4 Configure the copy options and start copying by pressing Start button.
1 Log in to Terminal Embedded: Log in and log out at the Ricoh printer and navigate to joblist: Select
jobs to print at the Ricoh printer.
3
Touch Delete icon
NOTE: If you delete a job, you will not be able to reprint it in future.
2
Select the job and touch Info icon
Log in to Terminal Embedded: Log in and log out at the Ricoh printer
2 When you have selected Print all option, only compatible jobs will be printed
OR
3 Navigate to joblist
You will see incompatible jobs grey out and marked with [ I ] symbol. You can print only compatible
jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
To use YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how the
system is set up at your location.
NOTE: The first time you use your card, register it as described in Register a new card at Ricoh printer.
1 To log in, place your card on the card reader attached to the printer.
OR
If you want the printer to print all your unprinted jobs after you log in, check Print all.
If you do not want the printer to print all your jobs, uncheck Print all.
3 Touch PIN text field or directly type your PIN using the printer's numeric keypad. (2 to 20
numbers). You can confirm inserted PIN by Login.
HINT: You can enter PIN using the printer's numeric keypad confirm the entrance with # key
directly on this screen.
NOTE: The first time you use your card, register it as described in Register a new card at Ricoh printer.
1 To log in, place your card on the card reader attached to the printer.
OR
If you want the printer to print all your unprinted jobs after you log in, check Print all.
If you do not want the printer to print all your jobs, uncheck Print all.
Touch OK.
Touch OK.
LOG OUT
To log out, touch the Exit button in the right corner or place any card on the card reader (if a card reader is
attached to the printer).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
Touch Exit.
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
3 YSoft SafeQ logs you in and the printer prints all your waiting prints.
The first time you use a card, use one of the methods described below to register it.
NOTE:: The method you use may depend on the way your system administrator has configured SafeQ.
The terminal should ask you for a Activation Code or for a Username and password. This depends on
SafeQ system configuration.
1 Your Card Activation Code may appear in an email from SafeQ after sending first job to SafeQ or
generated manually by administrator.
2 If your Card Activation Code was generated, it may appear in SafeQ web interface when you log in.
3 Touch Activation Code text field to get software keyboard or use hardware keyboard to insert Card
Activation Code and then press Confirm.
4 If you have taken the first option then insert your Card activation code and confirm it with the OK
button.
5 When the assignment process will be successful, you will be logged to the printer.
7 When the assignment process will be successful, you will be logged to the printer.
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
Select the billing code and confirm selection with accept button
NOTE: Your Main menu may not look exactly like the one shown here.
NOTE: Your screen may include different options from the ones shown here.
To select scan options and make a scan, then follow these steps:
2 Touch the scan workflow you want to use (for example, Scan to my folder) and start scanning by
NOTE: The workflow shown here is only a sample. Your menu may include this or different
options.
The available workflows and whether or not you can change their settings vary according to the way YSoft
SafeQ is configured at your location. For more information, contact your system administrator.
NOTE: The example shown here is for Scan to e-mail, but the process is similar for editing other
workflows.
Edit scan settings (file format, color, resolution, simplex/duplex) described in step 2a.
Edit scan parameters (scan sender, scan recipient, filename, ...) described in step 2b.
2a
Touch scan settings button.
Select required settings for Color, File type, Duplex mode and Resolution.
OR
2b
Touch scan parameters button.
OR
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application. You can choose
different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
Navigate to billing code children (Only billing codes with + symbol have children)
2 Once the billing code is confirmed, it is displayed at the bottom of the screen.
Navigate to billing code children (Only billing codes with + symbol have children)
3 Type name or number or text of billing code, which you want to search for and touch OK.
NOTE: The path from root level is displayed for each billing code in bracket.
Navigate to billing code children (Only billing codes with + symbol have children)
1 Once billing code is selected you can continue to Scan menu to start scanning with selected billing
code.
2 OR
Navigate to Copy menu and perform a copy job for selected billing code.
1 Log in to Terminal Embedded: Log in and log out at the Ricoh printer.
3 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Navigate to Waiting /
Printed / Favorite folders.
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE RICOH PRINTER
1 Log in to Embedded Terminal: Log in and log out at the Ricoh printer and navigate to YSoft SafeQ
application
2 The current credit balance is written in bottom close to your User name.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: Only print jobs for which you have enough credit balance will be printed.
3a
If job parser is disabled or set to only analyze jobs, users are allowed to continue printing even after
their credit balance is insufficient.
NOTE: When the current balance is not sufficient for the print job, a debt is registered for the user
(in case debt registering is enabled in YSoft Payment System).
3b When you try to print jobs, for which you don't have enough credit balance, job is not printed and
stays in the waiting folder. You are informed about insufficient credit.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
NOTE: Some minimal credit is necessary to be able to enter the copy menu. The amount is
configured by your administrator.
NOTE: You can copy only a few more pages than your credit allows. For these pages a debt is
registered (in case debt registering is enabled in YSoft Payment System).
1 Select scan workflow which you want to use and start scanning.
NOTE: Only scan jobs for which you have enough credit balance will be performed.
2 When you try to scan job, for which you don't have enough credit balance, the whole scan job is
refused.
NOTE: When you have available credit balance only for few pages, you can scan them one by
one until your credit balance is consumed.
5.6.4 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR FUJI XEROX APEOS
At a Glance
NOTE: When the unknown card assignment feature is enabled, the assignment screen is
displayed also for swiping with known card, so the assignment screen has to be skipped. This can be
done just by leaving the input field empty and pressing Enter.
OR
Press the Log In / Out physical button and continue with the next step.
NOTE: When the unknown card assignment feature is enabled, the assignment screen is
displayed also for swiping with known card, so the assignment screen has to be skipped. This can be
done just by leaving the input field empty and pressing Enter.
OR
Press the Log In / Out physical button and continue with the next step.
LOG OUT
To log out from the printer swipe with card on the card reader, press the physical button Log In / Out
button or tap the software Logout button shown on the screenshot below.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set for the
MFP by your system administrator (typically 3 minutes).
NOTE: If you are inside SafeQ application and inactive for period of time defined within SafeQ by
your system administrator, you will automatically leave from the SafeQ application to the device main
menu first. After another period of time (based on MFP settings) you will be also automatically logged
out from the device main menu.
If Card Activation Code has been assigned to you (it was received by email or it is displayed on SafeQ Web
Interface Dashboard), you can use this simple method to register your card.
2 Insert the Card Activation Code and confirm it with the Enter button.
3 When the assignment process is successful, you will be logged to the printer and new card will be
assigned to your user account.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
Select jobs to print at the Fuji Xerox printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
Select jobs to print at the Fuji Xerox printer.
3 Job details and preview of the first page of print job displays.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
Select jobs to print at the Fuji Xerox printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
With YSoft SafeQ Embedded Terminal, you can choose billing (project) codes in the application menu for
copying and scanning in one session (no need to log out and log in again).
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Enter.
4 A result which matches your searching phase displays. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Once billing code is selected you can continue to Scan menu to start scanning
OR
COPY
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start (typically a green button) on the printer panel to start copying.
SCAN
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a) Display another
pages of your scan workflows.
4a After touching Scan setting button, screen with scan workflow settings is displayed.
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
NOTE: When scanning in Duplex mode from the feeder a native prompt window appears on a
Fuji Xerox printer with Apeos JF SCLIPTLanguage Version 3.1.1 or earlier. Tap on the Last
Original button on the native Fuji Xerox screen to finish the scanning. This action is not required for
the devices with Apeos JF SCLIPTLanguage 3.1.2 and higher.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE FUJI XEROX PRINTER
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to YSoft
SafeQ Print or Scan application
2 In the Print and Scan application there is the current credit balance written at the bottom of the screen
next to your username.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: On every log in, SafeQ makes a reservation of an amount, which is based on rules
described in Credit handling on Fuji Xerox.
NOTE: The credit balance is refreshed in a few seconds after performing a print job. You need to
refresh the screen (e.g. by switching to other folder) to see the updated balance.
3a Users are allowed to continue printing even after their credit balance is insufficient when job parser is
disabled or only job analyzer is used. This is a limitation of the printer.
NOTE: When the current balance is not sufficient for the print job, a debt is registered for the user
(in case debt registering is enabled in YSoft Payment System).
3b When you try to print jobs, for which you don't have enough credit balance, job is not printed and
stays in the waiting folder. You are informed about insufficient credit.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
After performing the copy job, your credit balance will be decreased.
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
1 Select scan workflow which you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
NOTE: The credit balance is refreshed in a few seconds after performing a print job. You need to
refresh the screen (e.g. by switching to Print application) to see the updated balance.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
NOTE:The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start (typically a green button) on the printer panel to start copying.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
Select jobs to print at the Fuji Xerox printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
Select jobs to print at the Fuji Xerox printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
NOTE: When the unknown card assignment feature is enabled, the assignment screen is
displayed also for swiping with known card, so the assignment screen has to be skipped. This can be
done just by leaving the input field empty and pressing Enter.
OR
Press the Log In / Out physical button and continue with the next step.
NOTE: When the unknown card assignment feature is enabled, the assignment screen is
displayed also for swiping with known card, so the assignment screen has to be skipped. This can be
done just by leaving the input field empty and pressing Enter.
OR
Press the Log In / Out physical button and continue with the next step.
LOG OUT
To log out from the printer swipe with card on the card reader, press the physical button Log In / Out
button or tap the software Logout button shown on the screenshot below.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set for the
MFP by your system administrator (typically 3 minutes).
NOTE: If you are inside SafeQ application and inactive for period of time defined within SafeQ by
your system administrator, you will automatically leave from the SafeQ application to the device main
menu first. After another period of time (based on MFP settings) you will be also automatically logged
out from the device main menu.
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a) Display another
pages of your scan workflows.
4a After touching Scan setting button, screen with scan workflow settings is displayed.
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
NOTE: When scanning in Duplex mode from the feeder a native prompt window appears on a
Fuji Xerox printer with Apeos JF SCLIPTLanguage Version 3.1.1 or earlier. Tap on the Last
Original button on the native Fuji Xerox screen to finish the scanning. This action is not required for
the devices with Apeos JF SCLIPTLanguage 3.1.2 and higher.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to joblist:
Select jobs to print at the Fuji Xerox printer.
3 Job details and preview of the first page of print job displays.
2 Insert the Card Activation Code and confirm it with the Enter button.
3 When the assignment process is successful, you will be logged to the printer and new card will be
assigned to your user account.
With YSoft SafeQ Embedded Terminal, you can choose billing (project) codes in the application menu for
copying and scanning in one session (no need to log out and log in again).
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Enter.
4 A result which matches your searching phase displays. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Once billing code is selected you can continue to Scan menu to start scanning
OR
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE FUJI XEROX PRINTER
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer and navigate to YSoft
SafeQ Print or Scan application
2 In the Print and Scan application there is the current credit balance written at the bottom of the screen
next to your username.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: On every log in, SafeQ makes a reservation of an amount, which is based on rules
described in Credit handling on Fuji Xerox.
NOTE: The credit balance is refreshed in a few seconds after performing a print job. You need to
refresh the screen (e.g. by switching to other folder) to see the updated balance.
3a Users are allowed to continue printing even after their credit balance is insufficient when job parser is
disabled or only job analyzer is used. This is a limitation of the printer.
NOTE: When the current balance is not sufficient for the print job, a debt is registered for the user
(in case debt registering is enabled in YSoft Payment System).
3b When you try to print jobs, for which you don't have enough credit balance, job is not printed and
stays in the waiting folder. You are informed about insufficient credit.
NOTE: This message is displayed only when job parser with image rendering is enabled in YSoft
SafeQ configuration.
After performing the copy job, your credit balance will be decreased.
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
1 Select scan workflow which you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
NOTE: The credit balance is refreshed in a few seconds after performing a print job. You need to
refresh the screen (e.g. by switching to Print application) to see the updated balance.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
NOTE:The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
5.6.5 USING YSOFT SAFEQ EMBEDDED TERMINAL FOR FUJI XEROX WITH XCP
At a Glance
1 Optional: If enabled by you administrator, you can choose to print all waiting print jobs right after
logging in. In order to do so, tap the check-box to make the tick black.
Place your card onto the card reader attached to the printer.
OR
Tap text fields to enter your Username and Password and tap Login.
1 Optional: If enabled by you administrator, you can choose to print all waiting print jobs right after
logging in. In order to do so, tap the check-box to make the tick black.
OR
Type in your PIN using the external keyboard and tap Login.
For other authentication methods just follow the instructions written on the screen.
With authentication method PIN and Card, Username and password and Card, be sure to first
enter your credentials and swipe your card afterwards.
LOG OUT
To log out from the printer swipe with card on the card reader, press the physical button Log In / Out
button or tap the green area and choose Logout shown on the screenshot below.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set for the
MFP by your system administrator (typically 3 minutes).
NOTE: If you are inside SafeQ application and inactive for period of time defined by your system
administrator, you will automatically be exited from the SafeQ application to the device main menu
first. After another period of time (based on the MFP's settings) you will also be automatically logged
If Card Activation Code has been assigned to you (it was received by email or it is displayed on SafeQ Web
Interface Dashboard), you can use this simple method to register your card.
3 Insert the Card Activation Code and confirm it with the Activate button.
4 When the assignment process is successful, you will be logged into the printer and new card will be
assigned to your user account.
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP.
2 Optional: If you are prompted, select Print at the Quota selection screen.
NOTE: You will not be able to perform any other operation until you log out and log in again.
3 If not redirected automatically, touch the YSoft SafeQ application in the device main menu.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in the Printed folder. This job can be reprinted in the future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer with XCP and navigate to
joblist: Select jobs to print at the Fuji Xerox printer with XCP.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
1 Log in to Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP and navigate to
joblist: Select jobs to print at the Fuji Xerox printer with XCP.
3 Job details and preview of the first page of print job displays.
1 Log in to Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP and navigate to
joblist: Select jobs to print at the Fuji Xerox printer with XCP.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
With YSoft SafeQ Embedded Terminal, you can switch between billing (project) codes for copying and
scanning.
1 In the YSoft SafeQ application select Billing codes from the menu.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Enter.
4 A result which matches your searching phase displays. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1a Once billing code is selected you can continue to Scan menu to start scanning
COPY
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP.
2 Optional: If you are prompted, select Copy at the Quota selection screen.
NOTE: You will not be able to perform any other operation until you log out and log in again.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start (typically a green button) on the printer panel to start copying.
SCAN
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP
2 Optional: If you are prompted, select Scan at the Quota selection screen.
NOTE: You will not be able to perform any other operation until you log out and log in again.
3 If not redirected automatically, touch YSoft SafeQ application in the device main menu.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 5b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a) Display another
pages of your scan workflows.
6a After touching Scan setting button, screen with scan workflow settings is displayed.
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
NOTE: When scanning in Duplex mode from the feeder a native prompt window appears on a
Fuji Xerox printer with Apeos JF SCLIPTLanguage Version 3.1.1 or earlier. Tap on the Last
Original button on the native Fuji Xerox screen to finish the scanning. This action is not required for
the devices with Apeos JF SCLIPTLanguage 3.1.2 and higher.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
7b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE FUJI XEROX PRINTER
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer with XCP and navigate to
YSoft SafeQ Print or Scan application
2 In the Print and Scan application there is the currently available balance written at the bottom of the
screen next to your username.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: On every log in, SafeQ makes a reservation of an amount, which is based on rules
described in Credit handling on Fuji Xerox with XCP.
NOTE: The credit balance is refreshed in a few seconds after performing a print job. You need to
refresh the screen (e.g. by switching to other folder) to see the updated balance.
3a Users are allowed to continue printing even after their credit balance is insufficient when job parser is
disabled or only job analyzer is used. This is a limitation of the printer.
NOTE: When the current balance is not sufficient for the print job, a debt is registered for the user
(in case debt registering is enabled in YSoft Payment System).
3b If the print job parser is enabled to render jobs, when you try to print jobs, for which you don't have
enough credit balance, job is not printed and stays in the waiting folder. You are informed about
insufficient credit.
After performing the copy job, your credit balance will be decreased.
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
1 Select scan workflow which you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
NOTE: The credit balance is refreshed in a few seconds after performing a print job.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP.
2 Optional: If you are prompted, select Copy at the Quota selection screen.
NOTE: You will not be able to perform any other operation until you log out and log in again.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
Then press Start (typically a green button) on the printer panel to start copying.
1 Log in to Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP and navigate to
joblist: Select jobs to print at the Fuji Xerox printer with XCP.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer with XCP and navigate to
joblist: Select jobs to print at the Fuji Xerox printer with XCP.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
LOG IN AND LOG OUT AT THE FUJI XEROX PRINTER WITH XCP
1 Optional: If enabled by you administrator, you can choose to print all waiting print jobs right after
logging in. In order to do so, tap the check-box to make the tick black.
Place your card onto the card reader attached to the printer.
OR
Tap text fields to enter your Username and Password and tap Login.
1 Optional: If enabled by you administrator, you can choose to print all waiting print jobs right after
logging in. In order to do so, tap the check-box to make the tick black.
OR
Type in your PIN using the external keyboard and tap Login.
For other authentication methods just follow the instructions written on the screen.
With authentication method PIN and Card, Username and password and Card, be sure to first
enter your credentials and swipe your card afterwards.
LOG OUT
To log out from the printer swipe with card on the card reader, press the physical button Log In / Out
button or tap the green area and choose Logout shown on the screenshot below.
NOTE: If you do not log out, the printer automatically logs you out after a period of time set for the
MFP by your system administrator (typically 3 minutes).
NOTE: If you are inside SafeQ application and inactive for period of time defined by your system
administrator, you will automatically be exited from the SafeQ application to the device main menu
first. After another period of time (based on the MFP's settings) you will also be automatically logged
out from the device main menu.
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP
2 Optional: If you are prompted, select Scan at the Quota selection screen.
NOTE: You will not be able to perform any other operation until you log out and log in again.
3 If not redirected automatically, touch YSoft SafeQ application in the device main menu.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 5b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a) Display another
pages of your scan workflows.
6a After touching Scan setting button, screen with scan workflow settings is displayed.
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
NOTE: When scanning in Duplex mode from the feeder a native prompt window appears on a
Fuji Xerox printer with Apeos JF SCLIPTLanguage Version 3.1.1 or earlier. Tap on the Last
Original button on the native Fuji Xerox screen to finish the scanning. This action is not required for
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
7b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
NOTE: When arrows are grey colored, the value is locked and cannot be changed.
NOTE: Text field marked with asterisk * is mandatory and must be filled in before scanning starts
1 Log in to the Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP.
2 Optional: If you are prompted, select Print at the Quota selection screen.
NOTE: You will not be able to perform any other operation until you log out and log in again.
3 If not redirected automatically, touch the YSoft SafeQ application in the device main menu.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in the Printed folder. This job can be reprinted in the future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
DISPLAY DETAILED INFORMATION ABOUT PRINT JOBS AT THE FUJI XEROX PRINTER WITH XCP
1 Log in to Embedded Terminal: Log in and log out at the Fuji Xerox printer with XCP and navigate to
joblist: Select jobs to print at the Fuji Xerox printer with XCP.
3 Job details and preview of the first page of print job displays.
3 Insert the Card Activation Code and confirm it with the Activate button.
4 When the assignment process is successful, you will be logged into the printer and new card will be
assigned to your user account.
With YSoft SafeQ Embedded Terminal, you can switch between billing (project) codes for copying and
scanning.
1 In the YSoft SafeQ application select Billing codes from the menu.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Enter.
4 A result which matches your searching phase displays. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1a Once billing code is selected you can continue to Scan menu to start scanning
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE FUJI XEROX PRINTER WITH XCP
1 Log in to Terminal Embedded: Log in and log out at the Fuji Xerox printer with XCP and navigate to
YSoft SafeQ Print or Scan application
2 In the Print and Scan application there is the currently available balance written at the bottom of the
screen next to your username.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: On every log in, SafeQ makes a reservation of an amount, which is based on rules
described in Credit handling on Fuji Xerox with XCP.
NOTE: The credit balance is refreshed in a few seconds after performing a print job. You need to
refresh the screen (e.g. by switching to other folder) to see the updated balance.
3a Users are allowed to continue printing even after their credit balance is insufficient when job parser is
disabled or only job analyzer is used. This is a limitation of the printer.
NOTE: When the current balance is not sufficient for the print job, a debt is registered for the user
(in case debt registering is enabled in YSoft Payment System).
3b If the print job parser is enabled to render jobs, when you try to print jobs, for which you don't have
enough credit balance, job is not printed and stays in the waiting folder. You are informed about
insufficient credit.
After performing the copy job, your credit balance will be decreased.
2 When you try to copy job, for which you don't have enough credit balance, the copy job is refused.
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
1 Select scan workflow which you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
NOTE: The credit balance is refreshed in a few seconds after performing a print job.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
At a Glance
1 Place your card on the card reader attached to the printer and go to step 3.
OR
2 Type your personal PIN code and close the keyboard or touch anywhere on the screen.
3 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Sharp printer.
1 Place your card on the card reader attached to the printer and go to step 3.
OR
5 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Sharp printer.
LOG OUT
To log out, touch the hardware or software Logout button (depends on your printer).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
3 YSoft SafeQ logs you in and the printer prints all your waiting prints.
The first time you use a card, use one of the methods described below to register it.
NOTE:: The method you use may depend on the way your system administrator has configured SafeQ.
The terminal should ask you for a Activation Code or for a Username and password. This depends on
SafeQ system configuration.
1 Your Card Activation Code may appear in an email from SafeQ after sending first job to SafeQ or
generated manually by administrator.
2 If your Card Activation Code was generated, it may appear in SafeQ web interface when you log in.
If you have a Card Activation Code, you can use this simple method to register your card.
4 Insert your Card activation code and close the keyboard or touch anywhere on the screen.
6 When the assignment process will be successful, you will be logged to the printer.
8 When the assignment process will be successful, you will be logged to the printer.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
jobs to print at the Sharp printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
jobs to print at the Sharp printer
3 Job details and preview of the first page of print job are displayed.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
jobs to print at the Sharp printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 121: invoices 2013)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Save.
4 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
If your system allows you to scan and/or copy, follow these instructions to access these functions.
NOTE: These functions could be accesible in several ways. Use either of the methods described below
enter to scan or copy.
ENTER SCAN
OR
2 If Scan menu is disabled you can enable it by selecting Other functions ...
ENTER COPY
OR
2 If Copy menu is not displayed you can select Other functions ...
COPY
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
SCANNING
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
NOTE: When you see two tabs Quick scan workflow and Expert scan workflow, it is possible:
In Quick scan workflow tab touch one of scan workflows and your scanning
starts immediately.
In Expert workflows tab, configure scan settings and start scanning.
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to YSoft SafeQ
print or scan application
2 The current credit balance is written in bottom close to your User name for Print and Scan application.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: Only pages for which you have enough credit balance will be printed. It might happen that
only half of your print job will be printed, if you don't have enough credit.
NOTE: The credit balance is automatically refreshed after performing print job.
When you try to print jobs, for which you don't have enough credit balance, only those pages for
which you have credit balance are printed. Then the print stops and the job is suspended.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: It is not possible to print, copy or scan on the device, unless the suspended job is
deleted.
4) If you have enough credit balance, rest of job will printed and accounted
When you try to print jobs, for which you don't have enough credit balance, then the print stops and
the job is not printed.
b) Print only jobs for which you have enough credit balance.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: It is not possible to print, copy or scan on the device, unless the suspended job is
deleted.
After performing the copy job, your credit balance will be decreased.
NOTE: The current credit balance is not possible to show in Copy menu.
2 When you try to copy a job, for which you don't have enough credit balance, the copy job is refused.
In this case you have options:
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
1 Select the scan workflow you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
1) Deposit credit balance and continue copying with Back > Scan.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
jobs to print at the Sharp printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
jobs to print at the Sharp printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
1 Place your card on the card reader attached to the printer and go to step 3.
OR
2 Type your personal PIN code and close the keyboard or touch anywhere on the screen.
3 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Sharp printer.
1 Place your card on the card reader attached to the printer and go to step 3.
OR
5 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Sharp printer.
LOG OUT
To log out, touch the hardware or software Logout button (depends on your printer).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
3 YSoft SafeQ logs you in and the printer prints all your waiting prints.
NOTE:: The method you use may depend on the way your system administrator has configured SafeQ.
The terminal should ask you for a Activation Code or for a Username and password. This depends on
SafeQ system configuration.
1 Your Card Activation Code may appear in an email from SafeQ after sending first job to SafeQ or
generated manually by administrator.
2 If your Card Activation Code was generated, it may appear in SafeQ web interface when you log in.
4 Insert your Card activation code and close the keyboard or touch anywhere on the screen.
6 When the assignment process will be successful, you will be logged to the printer.
8 When the assignment process will be successful, you will be logged to the printer.
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
NOTE: When you see two tabs Quick scan workflow and Expert scan workflow, it is possible:
In Quick scan workflow tab touch one of scan workflows and your scanning
starts immediately.
In Expert workflows tab, configure scan settings and start scanning.
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 121: invoices 2013)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Save.
4 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to joblist: Select
jobs to print at the Sharp printer
3 Job details and preview of the first page of print job are displayed.
PRINT, COPY AND SCAN WITH CREDIT BALANCE AT THE SHARP PRINTER
1 Log in to Terminal Embedded: Log in and log out at the Sharp printer and navigate to YSoft SafeQ
print or scan application
2 The current credit balance is written in bottom close to your User name for Print and Scan application.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
NOTE: Only pages for which you have enough credit balance will be printed. It might happen that
only half of your print job will be printed, if you don't have enough credit.
NOTE: The credit balance is automatically refreshed after performing print job.
When you try to print jobs, for which you don't have enough credit balance, only those pages for
which you have credit balance are printed. Then the print stops and the job is suspended.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: It is not possible to print, copy or scan on the device, unless the suspended job is
deleted.
4) If you have enough credit balance, rest of job will printed and accounted
When you try to print jobs, for which you don't have enough credit balance, then the print stops and
the job is not printed.
b) Print only jobs for which you have enough credit balance.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: It is not possible to print, copy or scan on the device, unless the suspended job is
deleted.
After performing the copy job, your credit balance will be decreased.
NOTE: The current credit balance is not possible to show in Copy menu.
2 When you try to copy a job, for which you don't have enough credit balance, the copy job is refused.
In this case you have options:
NOTE: In the case you have available credit balance only for few copies, these copies will be
performed and charged and the rest will be refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
1 Select the scan workflow you want to use and start scanning.
After performing the scan job, your credit balance will be decreased.
2 When you try to scan job, for which you don't have enough credit balance, the scan job is refused.
1) Deposit credit balance and continue copying with Back > Scan.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
NOTE: These functions could be accesible in several ways. Use either of the methods described below
enter to scan or copy.
ENTER SCAN
OR
2 If Scan menu is disabled you can enable it by selecting Other functions ...
ENTER COPY
OR
2 If Copy menu is not displayed you can select Other functions ...
At a Glance
FCC statements
Overview
Changing the terminal's language
Logging in at the printer
Logging in with a PIN or a card
Logging in with a username/password or a card
Logging out
Logging in with SmartCard
Logging out with SmartCard
Registering a new card
Printing all your print jobs in the queue
Selecting jobs to print
Incompatible jobs at Terminal Professional
Deleting a print job
Selecting a billing code
Selecting a billing code
Copying and scanning
Print, copy and scan with credit balance
Display the current credit balance
Print with credit balance
Copy / scan with credit balance
FCC STATEMENTS
OVERVIEW
This chapter provides instructions for using YSoft SafeQ® Terminal Professional, firmware version 3.8.0
and higher.
Depending on how your SafeQ administrator has set up the terminal, you can use the terminal to:
OR
To use the YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how
the system is set up at your location.
Your system may be configured so that you can choose to log in either with a PIN or a card.
NOTE: The first time you use your card, register it as described in Registering a new card at Terminal
Professional
To log in, swipe your card on the card reader embedded in the terminal.
OR
1 Touch PIN.
3 Touch OK.
4 If you want the printer to print all your unprinted jobs, touch Print.
Your system may be configured so that you can choose to log in by entering your username and password
or by swiping your card on the card reader embedded in the terminal.
NOTE: The first time you use your card, register it as described in Registering a new card at Terminal
Professional
To log in, swipe your card on the card reader embedded in the terminal.
OR
1 Touch Login.
2 Type your username. The keypad works like phone keypads. To enter a lowercase or uppercase
letter, touch a key more than once.
3 Touch OK.
5 Touch OK.
6 If you want the printer to print all your unprinted jobs, touch Print.
LOGGING OUT
1 To log out, on the Main menu, touch End, or swipe any card (if available). NOTE: If you do not
log out, the terminal automatically logs you out after a period of time set by your system administrator
(typically 1 minute).
Your system may be configured so that you can choose to log in by inserting SmartCard into card reader
embedded in the terminal.
1 To log in with Smardcard, insert your card into card reader embedded in the
terminal.
OR
OR
NOTE: If you do not log out, the terminal automatically logs you out after a period of time set by
your system administrator (typically 1 minute).
If YSoft SafeQ does not recognize your ID card, the terminal displays a message asking you to enter your
username and password or Card Activation Code.
2 To assign the card via your username and password, touch LOGIN.
OR
To assign the card via Card Activation Code, touch Act. Code.
NOTE: The terminal should ask you only for a Card Activation Code or only for a username and
password. This depends on SafeQ system configuration.
OR
OR
3 When you have selected assigning by username and password, enter your username and password.
OR
When you have selected assigning by Card Activation Code, enter your Card Activation Code.
4 NOTE: Your Card Activation Code appears in an e-mail you receive from YSoft SafeQ.
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
NOTE: Depending on how your administrator has set up the terminal, the print all jobs functionality could
be disabled. Pressing print button enters joblist, where you can individually select jobs to print.
1 Swipe your card on the card reader and/or enter other login information.
NOTE: The Print button displays the number of print jobs you have waiting to be printed. In the
example shown here, three ( 3 ) jobs are waiting.
3 The printer/MFP begins to print all your jobs. The Print screen shows the progress.
4 When all your jobs have been printed, the terminal displays information and then automatically logs
you out.
NOTE: Price and pages information may or may not appear, depending on how the terminal has
been configured.
1 Place your card on the card reader and/or enter login information.
3 Depending on the way terminal has been set up, a sub-menu may appear.
Touch the button for the type of job you want to print.
To print the selected job(s): touch the Print button and the printer prints the job(s).
5 Touch the icon hand; then select one of the following options:
NOTE: Depending on how your administrator has set up the terminal, the Select all item in
context menu could be disabled.
6 Touch Print.
3 When you select Print option (print all), only compatible jobs will be printed.
Terminal Professional informs you, that there are also incompatible jobs, which were not printed.
OR
4 Navigate to joblist
Example: As displayed on picture above the printer supports only normal (A5/A4/letter) page print, so
large (A3/legal/tabloid) pages print jobs are incompatible and it is not possible to print them.
5 It is possible that another printer supports such kind of your print jobs.
So it is recommended to try another printer in your company (in this case of example above: Try to
login and print on the normal (A5/A4/letter) / large (A3/legal/tabloid) printer).
1 Swipe your card on the card reader and/or enter other login information.
Touch the button for the type of job you want to delete.
NOTE: If you delete a job, you will not be able to reprint it in future.
NOTE: Your system may be set up to for you to select a project for the copies and scans you make. If
this is the case, after you log in and touch Copying/Scanning, the Project selection screen appears.
1 Select Copying/Scanning
If you have a default billing code, it is highlighted ("Project B" is default billing code in this case).
NOTE: You can define your own default billing code in the YSoft SafeQ Web Interface. See Quick
Start Guide for End Users for details.
OR
You can search billing codes by Code number or Code name/description or use exit button to show
Project selection screen.
OR
To search throught all the billing codes, touch Filter; then type part of the billing code and touch OK.
3 If billing code entry screen opens, select or search for a billing code; then you are moved to copy
screen.
4 On the MFP's control panel, select the options you want; then make the copies or scan your
document.
When you finish, touch End. The terminal automatically logs you out.
NOTE: The terminal displays information about the copies or scans you made.
The terminal may or may not display more information about your session, depending on the way the
terminal has been configured.
1 Swipe your card on the card reader and/or enter other login information.
2 The current credit balance is written in the Main menu or Job menu close to your User name.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
1 Print all your waiting jobs by pressing Print button or navigate to Job list to select jobs you want to
print.
2 Once the job is printed, there is displayed consumed price and the credit balance is decreased.
HINT: You could authenticate again to check your current credit balance.
3 When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
NOTE: Only the jobs that you have credit balance for are printed. The ones you do not have
sufficient credit balance for are refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
After performing the copy / scan job, your credit balance will be decreased.
2 When you try to copy / scan job, for which you don't have enough credit balance, the copy / scan job
is refused.
NOTE: Only the pages that you have credit balance for are copied / scanned. The ones you do
not have sufficient credit balance for are refused. There are some limitations depending on MFP
blocking technology / cable .
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
3 If billing code entry screen opens, select or search for a billing code; then you are moved to copy
screen.
4 On the MFP's control panel, select the options you want; then make the copies or scan your
document.
When you finish, touch End. The terminal automatically logs you out.
NOTE: The terminal displays information about the copies or scans you made.
5 The terminal may or may not display more information about your session, depending on the way the
terminal has been configured.
1 Swipe your card on the card reader and/or enter other login information.
Touch the button for the type of job you want to delete.
NOTE: If you delete a job, you will not be able to reprint it in future.
3 When you select Print option (print all), only compatible jobs will be printed.
Terminal Professional informs you, that there are also incompatible jobs, which were not printed.
OR
4 Navigate to joblist
Example: As displayed on picture above the printer supports only normal (A5/A4/letter) page print, so
large (A3/legal/tabloid) pages print jobs are incompatible and it is not possible to print them.
5 It is possible that another printer supports such kind of your print jobs.
So it is recommended to try another printer in your company (in this case of example above: Try to
login and print on the normal (A5/A4/letter) / large (A3/legal/tabloid) printer).
To use the YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how
the system is set up at your location.
To log in, swipe your card on the card reader embedded in the terminal.
OR
1 Touch PIN.
3 Touch OK.
4 If you want the printer to print all your unprinted jobs, touch Print.
NOTE: The first time you use your card, register it as described in Registering a new card at Terminal
Professional
To log in, swipe your card on the card reader embedded in the terminal.
OR
1 Touch Login.
2 Type your username. The keypad works like phone keypads. To enter a lowercase or uppercase
letter, touch a key more than once.
3 Touch OK.
5 Touch OK.
6 If you want the printer to print all your unprinted jobs, touch Print.
LOGGING OUT
1 To log out, on the Main menu, touch End, or swipe any card (if available). NOTE: If you do not
log out, the terminal automatically logs you out after a period of time set by your system administrator
(typically 1 minute).
To log in with Smardcard, insert your card into card reader embedded in the
terminal.
OR
OR
NOTE: If you do not log out, the terminal automatically logs you out after a period of time set by
your system administrator (typically 1 minute).
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
NOTE: Depending on how your administrator has set up the terminal, the print all jobs functionality could
be disabled. Pressing print button enters joblist, where you can individually select jobs to print.
1 Swipe your card on the card reader and/or enter other login information.
NOTE: The Print button displays the number of print jobs you have waiting to be printed. In the
example shown here, three ( 3 ) jobs are waiting.
The printer/MFP begins to print all your jobs. The Print screen shows the progress.
4 When all your jobs have been printed, the terminal displays information and then automatically logs
you out.
NOTE: Price and pages information may or may not appear, depending on how the terminal has
been configured.
If YSoft SafeQ does not recognize your ID card, the terminal displays a message asking you to enter your
username and password or Card Activation Code.
2 To assign the card via your username and password, touch LOGIN.
OR
To assign the card via Card Activation Code, touch Act. Code.
NOTE: The terminal should ask you only for a Card Activation Code or only for a username and
password. This depends on SafeQ system configuration.
OR
OR
3 When you have selected assigning by username and password, enter your username and password.
OR
When you have selected assigning by Card Activation Code, enter your Card Activation Code.
4 NOTE: Your Card Activation Code appears in an e-mail you receive from YSoft SafeQ.
Code again.
NOTE: Your system may be set up to for you to select a project for the copies and scans you make. If
this is the case, after you log in and touch Copying/Scanning, the Project selection screen appears.
1 Select Copying/Scanning
If you have a default billing code, it is highlighted ("Project B" is default billing code in this case).
NOTE: You can define your own default billing code in the YSoft SafeQ Web Interface. See Quick
Start Guide for End Users for details.
OR
You can search billing codes by Code number or Code name/description or use exit button to show
Project selection screen.
OR
To search throught all the billing codes, touch Filter; then type part of the billing code and touch OK.
1 Place your card on the card reader and/or enter login information.
3 Depending on the way terminal has been set up, a sub-menu may appear.
Touch the button for the type of job you want to print.
To print the selected job(s): touch the Print button and the printer prints the job(s).
5 Touch the icon hand; then select one of the following options:
NOTE: Depending on how your administrator has set up the terminal, the Select all item in
context menu could be disabled.
6 Touch Print.
1 Swipe your card on the card reader and/or enter other login information.
2 The current credit balance is written in the Main menu or Job menu close to your User name.
NOTE: The available balance consists of your personal balance and virtual balance minus the
minimum balance set for your money account. If you are in a debt, zero is displayed.
1 Print all your waiting jobs by pressing Print button or navigate to Job list to select jobs you want to
print.
2 Once the job is printed, there is displayed consumed price and the credit balance is decreased.
HINT: You could authenticate again to check your current credit balance.
3 When you try to print jobs, for which you don't have enough credit balance, the printing is refused.
NOTE: Only the jobs that you have credit balance for are printed. The ones you do not have
sufficient credit balance for are refused.
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
After performing the copy / scan job, your credit balance will be decreased.
2 When you try to copy / scan job, for which you don't have enough credit balance, the copy / scan job
is refused.
NOTE: Only the pages that you have credit balance for are copied / scanned. The ones you do
not have sufficient credit balance for are refused. There are some limitations depending on MFP
blocking technology / cable .
NOTE: The negative account balance can be enabled. Contact your YSoft SafeQ administrator for
more details.
At a Glance
FCC statements
Overview
Using the keypad
Logging in at the printer
Logging out
Printing all print jobs
Print all jobs
Print with Credit balance
Copying
Copy and scan
Copy and scan with Credit balance
Terminal specifications
Terminal UltraLight beep and LED code sequences
Beep code sequences
LED code sequences
FCC STATEMENTS
OVERVIEW
YSoft SafeQ Terminal UltraLight provides a compact, fast, and easy-to-use interface for users to access
multifunction printers (MFPs) and network printers to perform print, copy, and scan operations. The terminal
supports Print roaming and Authorized copying.
The terminal has a touch keypad for user interaction. Users can authenticate with an ID card and/or by
entering a PIN.
Terminal UltraLight Print & Copy can provide authentication for printing and copying.
Terminal UltraLight Print Only can provide authentication only for printing.
When logging in with a PIN, touch the keys to enter your PIN; then touch OK.
Terminal UltraLight is equipped with a 2-port Ethernet switch — the MFP or printer connects to the Ethernet
network via the terminal. The terminal communicates with the YSoft SafeQ server over the Ethernet
network. MFPs and other printers communicate with the YSoft SafeQ server via the terminal.
The terminal also includes an Emergency button for performing service procedures.
Microcomputer
Flash ROM
(Optional) Card reader – Various optional card readers are available to meet the compatibility
requirements of your existing identification cards. (PINs can be used instead of the card reader.)
NOTE: Do not touch the keypad when the terminal is starting up. The keypad is calibrated every time
the terminal starts up --- essential for proper operation — and touching the keypad during startup interferes
with this process.
Use fingerpads — not fingertips. Fingerpads cover a larger area, enabling better detection by the
terminal.
Use a light touch.
Use only fingers — not instruments such as nails, pens, or screwdrivers.
Do not wear gloves (other than latex gloves such as those used in the medical or food industries).
The keypad may become more sensitive or less sensitive after a long period of use or when electrostatic or
electromagnetic properties in the surrounding area change. If this occurs, reboot the terminal or turn the
power off/on to automatically recalibrate the keypad.
To use the YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how
the system is set up at your location.
Your system may be configured so that you can choose to log in either with a PIN or a card.
OR
2 Press the keys to enter your PIN (2 to 8 numbers); then press OK.
If authentication is successful:
If authentication is unsuccessful:
This LED sequence indicates that the terminal did not recognize
your ID card:
Place the card again. If authentication is still not successful, contact your SafeQ
administrator.
LOGGING OUT
To log out, touch the X button or OK button on the terminal or swipe any card (if available).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
After you log in, press the Print icon to print all your jobs waiting in the queue. If your terminal is Terminal
UltraLight Print Only, your waiting jobs are printed automatically after you log in.
When you are using Credit (Payment system) your print jobs are printed only when you have sufficient
credit balance. Once your jobs are printed, the credit balance is automatically decreased.
When you don't have sufficient balance for your jobs, the printing is not possible and the Terminal UltraLight
informs you with . - - beep code.
When you have sufficient balance only for few waiting jobs, these jobs are printed and the remaining jobs
are refused. In this case Terminal UltraLight informs you with . - - beep code.
COPYING
If your terminal is the Terminal UltraLight Print & Copy model, you can make copies or scans (depends on
your SafeQ system configuration).
Press the Copy icon; then use the copier's panel to choose copy or scan options and make copies or
scans.
NOTE: If you have no waiting jobs in the queue when you log in, then terminal goes automatically to
copy mode. Pressing Copy icon will log you out.
When you are using Credit (Payment system) your copy / scan jobs are performed only when you have
sufficient credit balance. Once your copy / scan jobs are finished, the credit balance is automatically
decreased.
When you don't have sufficient balance for your copy / scan jobs, the copying / scanning is not possible and
the Terminal UltraLight informs you with . - - beep code.
When you have sufficient balance only for few copy / scan jobs, these jobs are performed and the remaining
copy / scan jobs are refused. In this case Terminal UltraLight informs you with . - - beep code.
TERMINAL SPECIFICATIONS
Item Specification
no added resistance
Item Specification
Resistance to magnetic
field
RAM 64KB
The Terminal Ultralight contains status LEDs that serve for interaction with user. This chapter describes the
beeps the terminal emits and LED codes it displays to notify the user about various status conditions.
In the following table, a period ( . ) represents a short beep and a dash (-) represents a long beep.
Sequence Description
- Card read error. Place the card again or use a different card.
.- Terminal validation failed. Server reports that the terminal is not registered on SafeQ.
..- User quota has been exceeded or user has no billing code assigned.
-.- User authentication failed. The PIN is not valid or the ID card is not registered in SafeQ. If
YSoft Payment System is used, it can indicate account is disabled.
.-- The terminal received an error or warning message from the SafeQ server.
If YSoft Payment System is used, it can indicate insufficient credit balance for current user
(according SafeQ system settings for YSoft Payment System -
pricePerPageReservationStrategyForCopyOnHwTerminal ) to perform copies/scans.
...- Hardware configuration is corrupt and the terminal cannot continue booting.
- .. - Maximum number of firmware update attempts reached but no valid firmware detected.
Sequence Description
-.-- Maximum number of firmware update attempts reached and the terminal is resuming normal
boot.
.-.. Firmware update failed. Error in server response. SafeQ server is probably not configured
correctly.
The following table shows the various LED code sequences and explains what they indicate.
Sequence Description
Animated
Unsuccessful authentication. The terminal does not recognize
the card, PIN, or Card Activation Code code.
Sequence Description
Animated
Terminal is processing; please wait.
Animated
Firmware upgrade in progress; please wait.
Flashing
Copying in progress. To cancel, press X or OK, or place a
card.
NOTE: This code appears only on SafeQ Terminal UltraLight
Print & Copy.
Flashing
Copying in progress. Server issued a warning. See the MFP
Sequence Description
Flashing
Printing in progress. Please wait until the print job is finished.
Flashing
Printing in progress. Server issued a warning. See the MFP
display panel for details.
Flashing
An error occurred. See beep codes for details (page ).
Sequential...
Sequence that appears as a user enters a PIN.
During boot
WARNING: Do not perform this action unless instructed
to do so by Y Soft.
Enter the terminal model. For UltraLight Print & Copy, press 1
. For UltraLight Print Only, press 3.
Press the Copy icon; then use the copier's panel to choose copy or scan options and make copies or
scans.
NOTE: If you have no waiting jobs in the queue when you log in, then terminal goes automatically to
copy mode. Pressing Copy icon will log you out.
When you don't have sufficient balance for your copy / scan jobs, the copying / scanning is not possible and
the Terminal UltraLight informs you with . - - beep code.
When you have sufficient balance only for few copy / scan jobs, these jobs are performed and the remaining
copy / scan jobs are refused. In this case Terminal UltraLight informs you with . - - beep code.
To use the YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how
the system is set up at your location.
Your system may be configured so that you can choose to log in either with a PIN or a card.
OR
2 Press the keys to enter your PIN (2 to 8 numbers); then press OK.
If authentication is successful:
If authentication is unsuccessful:
This LED sequence indicates that the terminal did not recognize
your ID card:
Place the card again. If authentication is still not successful, contact your SafeQ
administrator.
LOGGING OUT
To log out, touch the X button or OK button on the terminal or swipe any card (if available).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
When you don't have sufficient balance for your jobs, the printing is not possible and the Terminal UltraLight
informs you with . - - beep code.
When you have sufficient balance only for few waiting jobs, these jobs are printed and the remaining jobs
are refused. In this case Terminal UltraLight informs you with . - - beep code.
1 If you want to recharge you money account registered in YSoft Payment System via YSoft Payment
Machine, locate the device in your building first.
2 Login by swiping card, touching Login or PIN. We are using PIN in this example.
NOTE: This option depends on administrator settings, then it don't have to be displayed.
4 Now screen with recharged value, users name and last last balance is displayed.
5 To recharge your account put money into coin or banknote acceptor. To exit recharging session touch
End button.
NOTE: YSoft Payment machine is accepting coins and banknotes based on administrator
settings. Then it can happen, that some coins/notes will be rejected.
6 Now receipt will be printed, if you touched Yes in step 3. Then please take the printed receipt.
At a Glance
To use YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how the
system is set up at your location.
3 Press password.
5 Press OK.
2 Press OK.
LOGGING OUT
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
1 Log in to Terminal Embedded: Log in and log out at the Toshiba printer.
3 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
1 Log in to Terminal Embedded: Log in and log out at the Toshiba printer and navigate to joblist: Select
jobs to print at the Toshiba printer.
3 Job details and preview of the first page of print job displays.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ print menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you make.
Use either of the methods described below to select your billing code.
1 In YSoft SafeQ print application select Billing codes from the menu.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch OK.
4 The searched phrase appears in text filed. Start searching by tapping Magnifier button.
5 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
COPY
Note: If you have questions about whether or not you can make copies, contact your system
administrator.
5 If you want to navigate back to YSoft SafeQ application, press MENU button
SCAN
If your system allows you to scan, follow the instructions in this chapter. If you have questions about
whether or not you can scan, contact your system administrator.
NOTE: Scanning multiple sheets (simplex or duplex) in one scan job is supported only from automatic
document feeder (ADF).
NOTE: TIFF scan job with Black and white color combination is not supported.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
Note: If you have questions about whether or not you can make copies, contact your system
administrator.
5 If you want to navigate back to YSoft SafeQ application, press MENU button
1 Log in to Terminal Embedded: Log in and log out at the Toshiba printer and navigate to joblist: Select
jobs to print at the Toshiba printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
1 Log in to Terminal Embedded: Log in and log out at the Toshiba printer and navigate to joblist: Select
jobs to print at the Toshiba printer.
3 Job details and preview of the first page of print job displays.
To use YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how the
system is set up at your location.
3 Press password.
5 Press OK.
2 Press OK.
LOGGING OUT
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
If your system allows you to scan, follow the instructions in this chapter. If you have questions about
whether or not you can scan, contact your system administrator.
NOTE: Scanning multiple sheets (simplex or duplex) in one scan job is supported only from automatic
document feeder (ADF).
NOTE: TIFF scan job with Black and white color combination is not supported.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ print menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
1 In YSoft SafeQ print application select Billing codes from the menu.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch OK.
4 The searched phrase appears in text filed. Start searching by tapping Magnifier button.
5 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Log in to Terminal Embedded: Log in and log out at the Toshiba printer.
3 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
At a Glance
To use YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how the
system is set up at your location.
3 Press password.
5 Press OK.
2 Press OK.
LOGGING OUT
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
1 Log in to Terminal Embedded: Log in and log out at the OKI printer.
3 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
1 Log in to Terminal Embedded: Log in and log out at the OKI printer and navigate to joblist: Select jobs
to print at the OKI printer.
3 Job details and preview of the first page of print job displays.
1 Log in to Terminal Embedded: Log in and log out at the OKI printer and navigate to joblist: Select jobs
to print at the OKI printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ print menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you make.
Use either of the methods described below to select your billing code.
1 In YSoft SafeQ print application select Billing codes from the menu.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch OK.
4 The searched phrase appears in text filed. Start searching by tapping Magnifier button.
5 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
COPY
Note: If you have questions about whether or not you can make copies, contact your system
administrator.
5 If you want to navigate back to YSoft SafeQ application, press MENU button
SCAN
If your system allows you to scan, follow the instructions in this chapter. If you have questions about
whether or not you can scan, contact your system administrator.
NOTE: Scanning multiple sheets (simplex or duplex) in one scan job is supported only from automatic
document feeder (ADF).
NOTE: TIFF scan job with Black and white color combination is not supported.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
Note: If you have questions about whether or not you can make copies, contact your system
administrator.
5 If you want to navigate back to YSoft SafeQ application, press MENU button
1 Log in to Terminal Embedded: Log in and log out at the OKI printer and navigate to joblist: Select jobs
to print at the OKI printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
1 Log in to Terminal Embedded: Log in and log out at the OKI printer and navigate to joblist: Select jobs
to print at the OKI printer.
3 Job details and preview of the first page of print job displays.
To use YSoft SafeQ functions at the printer, you must first log in. The method you use depends on how the
system is set up at your location.
3 Press password.
5 Press OK.
2 Press OK.
LOGGING OUT
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
If your system allows you to scan, follow the instructions in this chapter. If you have questions about
whether or not you can scan, contact your system administrator.
NOTE: Scanning multiple sheets (simplex or duplex) in one scan job is supported only from automatic
document feeder (ADF).
NOTE: TIFF scan job with Black and white color combination is not supported.
NOTE: When you see Quick scan workflow and Expert scan workflow, skip to step 3b.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Quick scan workflows screen does not have possibility to change scan settings:
You can:
Touch one of scan workflows and scan setting screen will be displayed.
5b After touching Scan workflow from the Expert workflows screen, scan settings screen is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ print menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
1 In YSoft SafeQ print application select Billing codes from the menu.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 0: Default Project)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch OK.
4 The searched phrase appears in text filed. Start searching by tapping Magnifier button.
5 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Log in to Terminal Embedded: Log in and log out at the OKI printer.
3 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
At a Glance
OR
2 Type your personal PIN code and close the keyboard or touch anywhere on the screen.
3 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Samsung printer.
OR
5 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Samsung printer.
LOG OUT
To log out, touch the hardware or software Logout button (depends on your printer).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
If you want the printer to automatically print all your unprinted jobs when you log in, follow these steps:
NOTE: This option may not be available at your location. For more information, contact your system
administrator.
3 YSoft SafeQ logs you in and the printer prints all your waiting prints.
The first time you use a card, use one of the methods described below to register it.
NOTE:: The method you use may depend on the way your system administrator has configured SafeQ.
The terminal should ask you for a Activation Code or for a Username and password. This depends on
SafeQ system configuration.
1 Your Card Activation Code may appear in an email from SafeQ after sending first job to SafeQ or
generated manually by administrator.
2 If your Card Activation Code was generated, it may appear in SafeQ web interface when you log in.
4 Insert your Card activation code and confirm it with the OK button.
6 When the assignment process will be successful, you will be logged to the printer.
8 When the assignment process will be successful, you will be logged to the printer.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
INCOMPATIBLE JOBS
Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
Select jobs to print at the Samsung printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
Select jobs to print at the Samsung printer
3 Job details and preview of the first page of print job are displayed.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
Select jobs to print at the Samsung printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you make.
Use either of the methods described below to select your billing code.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 121: invoices 2013)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Save.
4 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Once billing code is selected you can continue to Scan menu to start scanning
OR
2 Click on return button to enter main menu screen and after that continue to Copy menu to start
copying
COPY
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
SCANNING
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
NOTE: When you see two tabs Quick scan workflow and Expert scan workflow, it is possible:
In Quick scan workflow tab touch one of scan workflows and your scanning
starts immediately.
In Expert workflows tab, configure scan settings and start scanning.
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
NOTE: If you have questions about whether or not you can make copies, contact your system
administrator.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer
3 Select number of copies by pressing number on keypad and select copy settings by touching
available options.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
Select jobs to print at the Samsung printer.
2 Touch the job(s) you want to delete and touch Delete icon .
NOTE: If you delete a job, you will not be able to reprint it in future.
Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
Select jobs to print at the Samsung printer.
2 If you have incompatible jobs, they will be marked with red cross. You cannot print incompatible jobs.
As displayed on picture below the printer supports only BW print, so color print jobs are incompatible
and it is not possible to print them.
NOTE: It is possible that another printer supports such kind of your print jobs (depends on
administrator settings for each printer). So it is recommended to try another printer in your company
and repeat steps above.
OR
2 Type your personal PIN code and close the keyboard or touch anywhere on the screen.
3 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Samsung printer.
OR
5 Touch Login.
NOTE: You can also check Print all check box to print all compatible waiting jobs after log in. For
more information see: Print all your print jobs at the Samsung printer.
LOG OUT
To log out, touch the hardware or software Logout button (depends on your printer).
NOTE: If you do not log out, the printer automatically logs you out after a period of time set by your
system administrator (typically 3 minutes).
If your system allows you to scan, follow the instructions in this chapter.
NOTE: If you have questions about whether or not you can scan, contact your system administrator.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer.
NOTE: Availability of scan workflows may vary according to the YSoft SafeQ configuration at your
location. To learn about your available scanning options, contact your system administrator.
Touch Scan button to perform scan with default workflow parameters and scan
settings. Your scanning starts immediately.
Touch Scan settings button, if you want to change parameters like sender, recipient,
scan file name, resolution, color, etc. (described in step 4a)
NOTE: When you see two tabs Quick scan workflow and Expert scan workflow, it is possible:
In Quick scan workflow tab touch one of scan workflows and your scanning
starts immediately.
In Expert workflows tab, configure scan settings and start scanning.
4a After touching Scan setting button, screen with scan workflow settings is displayed.
Change value of scan settings. NOTE: When arrows are grey colored, the
value is locked and cannot be changed.
In SafeQ Embedded Terminal, you can change billing codes in YSoft SafeQ application menu, then you can
choose different billing codes for different copy and scan jobs in one session.
NOTE: Your system may be set up to for you to select a billing code for the copies and scans you
make. Use either of the methods described below to select your billing code.
Touch Back button to see list of parent billing codes (higher level).
Touch Cancel button to stop searching and return to Billing codes list.
3 If you have found your billing code in the list, just press the billing code name to select it.
4 Now you can see newly selected billing code in the bottom of the screen.
1 The default billing code is preselected immediately after login (in this case: 121: invoices 2013)
Until you change it, all copies and scans will be accounted to your default billing code.
NOTE: Your default billing code can be changed in YSoft SafeQ web administration interface.
If you want to search billing codes, touch text field to enter searched phrase.
3 Type name or number or text of billing code, which you want to search for and touch Save.
4 A result which matches your searching phase is displayed. Now you can:
Touch Cancel button to stop searching and return to Billing codes list.
1 Once billing code is selected you can continue to Scan menu to start scanning
OR
2 Click on return button to enter main menu screen and after that continue to Copy menu to start
copying
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer.
NOTE: Your Main Menu screen may not look exactly like the one shown here.
4 Once the job is printed, it appears in Printed folder. This job can be reprinted in future.
NOTE: This behavior may not be available. It depends on configuration of your YSoft SafeQ.
Display more information and print job preview about selected job.
1 Log in to Terminal Embedded: Log in and log out at the Samsung printer and navigate to joblist:
Select jobs to print at the Samsung printer
3 Job details and preview of the first page of print job are displayed.
6.1 OVERVIEW
YSoft Payment System is a key requirement for customers from education sector, but also libraries and
other institutions that make their services available to a wide range of users. YSoft Payment System allows
user to purchase a credit and use it for purchase of services, like printing, from our customer.
YSoft Payment System is a standalone system, which integrates with YSoft SafeQ. YSoft Payment System
contains all information about money accounts, acting as a payment gateway for YSoft SafeQ. YSoft SafeQ
is extending its functionality to charge users from credit with help of YSoft Payment System.
Mozilla Firefox
Google Chrome
Internet Explorer 9 or higher (compatibility view is not supported)
6.4 INSTALLATION
This section describes installation of YSoft Payment System and its components.
There are more interactive installers for different system components in YSoft Payment System:
Main installer contains all mandatory components (system core, APIs, Administration and Cash Desk
web applications).
See Installing YSoft Payment System for more info.
This page describes how to use the interactive installer to perform YSoft Payment System.
1 Run the installation file ysf-ps-install.exe on the target server computer to begin YSoft Payment
System installation.
3 It is recommended to close all other running applications in order to avoid any issues during the
installation. Click Next to proceed.
4 Click I Agree to accept the license agreement. Clicking on Cancel will decline the license agreement
and stop the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This procedure
checks several conditions and determines if the server meets all requirements for YSoft Payment
System installation.
If any of these conditions are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, installation can continue. If there
are problems, installation cannot continue. If any warnings or problems are indicated, review the
warnings and resolve the problems, then continue.
7 Select database server type you want to use for YSoft Payment System.
TCP port Specify TCP port for database connection. Use port 5433 to
connect to already installed embedded PostgreSQL database
(installed with YSoft SafeQ 5).
Database name YSoft Payment System database name (e.g. YPS_DB). The
installer will attempt to create a new database using the specified
credentials if a database of the given name does not exist.
9 Enter the hostname or IP address of YSoft SafeQ and click Install to start installation.
10 The installer begins to copy all the files required by YSoft Payment System and the database system
you chose to the selected destination folder on the server.
In case you wish to see detailed installation progress, press Show details button (or D key).
11 Once installation is complete, click Finish when you are ready to close the installation wizard.
Now installation is complete and you can continue with Integration of YSoft Payment System with
YSoft SafeQ.
This page describes how to use the interactive installer to perform YSoft Payment System update.
1 Run the installation file ysf-ps-install.exe on the target server computer to begin YSoft Payment
System update.
It is recommended to close all other running applications in order to avoid any issues during the
installation. Click Next to proceed.
Click I Agree to accept the license agreement. Clicking on Cancel will decline the license agreement
and stop the installation.
5 After you accept the license agreement, the installer runs a preinstallation check. This procedure
checks several conditions and determines if the server meets all requirements for YSoft Payment
System update.
If any of these conditions are not met, they will be displayed in either the Show warnings or Show
problems area, depending on their severity. If there are warnings, update can continue. If there
are problems, update cannot continue. If any warnings or problems are indicated, review the
warnings and resolve the problems, then continue.
10
In case you wish to see detailed update progress, press Show details button (or D key).
11
Once update is complete, click Finish when you are ready to close the installation wizard.
Now update is complete and you can continue with Integration of YSoft Payment System with YSoft
SafeQ.
Page content
Integration of YSoft Payment System with YSoft SafeQ provides you with ability to charge end users for
operations such as print, copy and scan.
1 Install YSoft SafeQ 5 and YSoft Payment System. For more info see: Installing YSoft Payment System
and Installing YSoft SafeQ CML
NOTE: For proper integration of YSoft SafeQ with YSoft Payment System, sufficient license have
to be used in YSoft SafeQ.
Login SafeQ web interface and go to System Settings > YSoft Payment System.
enablePaymentSystem = Enabled
paymentSystemApiUrl = IP address of YSoft Payment Server (Example: https://10.0.11.52:
8443)
Click Save changes and restart services as required when saving new settings.
1. Login SafeQ web interface and go to Web interface - Payments tab. If tab is correctly displayed
and you are able to create new money account or periodic recharge, both systems are fully
integrated.
2. Login Administration web interface and go to Licence tab. If you can see text "YSoft Payment
System is fully activated", both systems are fully integrated.
1. Log in to YSoft
SafeQ web interface
and navigate to
Users tab
2. Create new users or
edit existing ones (
Web Interface -
Users)
3. Open users details
and display Roles
tab
4. Click Add role and
add following roles:
safeq
admins role
for to grant
access to
Administration
web interface
cash desk
operators
role to grant
access to
Cashdesk
web interface
SELECT CURRENCY
Currency settings for YSoft Payment System are inherited from YSoft SafeQ, without need of additional
steps like restarting services etc.
To setup currency in YSoft SafeQ go to System settings > Regional settings and setup necessary
properties, or edit all settings using Welcome to SafeQ widget on SafeQ Dashboard (Widgets - Welcome
to YSoft SafeQ ).
LIMITATIONS
YSoft SafeQ requires numeric GUIDs for accounts in YSoft Payment System, while YSoft Payment
System supports alphanumeric format. Accounts with alphanumeric GUIDs cannot be managed
using YSoft SafeQ web interface.
Due to this limitation it is highly recommended to create YSoft Payment System accounts only via
YSoft SafeQ web interface.
Page content
This page describes how to use the interactive installer to perform Payment Gateway Plugins installation as
additional components of YSoft Payment System.
PayPal
DIBS
This particular guide will show installation of PayPal gateway plugin, but can be applied for all other gateway
plugins.
1 Run the installation file on the target computer where YSoft Payment System is installed.
3 It is recommended to close all other running applications in order to avoid any issues during the
installation. Click Next to proceed.
4 Click I Agree to accept the license agreement. Clicking on Cancel will decline the license agreement
and stop the installation.
5 Installer now runs a pre-installation check, to ensure YSoft Payment System is installed on the local
computer.
If any previous version of Payment Gateways Plugin has been installed on the local computer, this
plugin will be updated.
6 Provide username and password for API user with access to Payment gateway API. You can find or
create this user in Administration web interface#APIUsers.
7 Fill in required settings for connection to payment gateway according payment gateway provider.
NOTE: Information is available on your PayPal business account profile, please follow these
instructions to obtain it.
Allowed Card, that will be accepted by the DIBS gateway. See link http://tech.dibspayment.
Cards com/toolbox/paytypes for possible values
8 The installer begins to copy all the required files into destination folder defined by the location of the
YSoft Payment System on the local machine.
In case you wish to see detailed installation progress, press Show details button (or D key).
9 Once installation is complete, click Finish when you are ready to close the installation wizard.
Installation is now complete and you can connect YSoft Payment System to installed gateway by
following guide Administration web interface#PaymentGateways
This page describes how to get API access for your business PayPal account.
1 Sign up for PayPal Business Account on PayPal home page (the process depends on your region
legislation).
In profile sub-tab navigate to "My selling tools" and open "API access" section, click "Update".
4 Generate the Certificate set by clicking "Request API credentials" from "Option 2".
5 Check "Request API signature" radio button and then click the "Agree and Submit" button.
6 After you receive an email with your API signature, you can use it during installation of Payment
Gateway Plugins.
6.5 CONFIGURATION
This section describes advanced settings of YSoft Payment System and its components. Settings
and features described here cannot be set using any available UI, but requires manual intervention
e.g. in configuration files.
Page content
Introduction
SSL Certificate customization
Step 1. Get the certificate
Option 1.a Generate self-signed certificate
Option 1.b Use existing certificate
Step 2. Configure YSoft Payment System
This guide provides information about the certificates used in the YSoft Payment System and its clients.
INTRODUCTION
By default, YSoft Payment System uses a built-in certificate generated by the Y Soft CA and accepts secure
SSL connections only. This applies to both web interfaces (Cashdesk, Wallet and Payment administration)
and API access.
YSoft SafeQ CML, ORS and Terminal Server are configured to accept this certificate exclusively when
communicating with the YSoft Payment System server.
With the knowledge/access to the private key, it's possible to decrypt traffic and get
administration access to the YSoft Payment System API (including possibilities to make money
transactions). This may be a potential danger, as all YSoft Payment System installation packages
contain the same certificate and private key, but this security issue can be prevented by using a
custom certificate (more details below).
Serial number: 8
Valid from: Tue Feb 04 14:30:21 CET 2014 until: Thu Dec 17 15:15:17 CET 2099
Certificate fingerprints:
MD5: 54:11:E0:7A:7F:A5:E9:D6:BB:42:2D:39:B4:0B:EB:34
SHA1: 06:12:14:1D:4F:61:F6:22:55:09:DD:0F:BD:60:F2:62:B7:00:41:FC
SHA256: C8:60:69:27:51:B9:53:34:8E:AF:EA:48:27:54:B4:58:54:05:8A:C5:80:68:4F:3A:B9:F4:96:
1F:AF:A1:87:0C
Version: 3
PEM certificates are supported (including self-signed, signed by commercial certificate authority or similar).
1. The private key has to be imported into the YSoft Payment System keystore
2. The certificate (containing the corresponding public key) has to be saved to the CML, ORS (if used)
and Terminal Server
Certificate change will affect both Cashdesk and Payment administration web interfaces and API
communication.
To generate a self signed certificate, run the following commands in the command line.
cd <payment_system_folder>\payment-conf
keytool -server -genkey -keyalg RSA -alias yps-tomcat -keystore keystore.jks -validity 365
keytool -server -exportcert -rfc -alias yps-tomcat -file YPSClient.crt -keystore keystore.
NOTE: Validity is in days and can be customized, same as key alias and keysize.
NOTE: You can use Java from YSoft SafeQ CML located at <SafeQ_installation_folder>/java/bin. So the
command may look like:
Or, because keytool is part of standard Java installation, you can find this tool in the Java bin folder and in
that case you can run something like this:
NOTE: JKS and CRT files could be generated on desktop and later just copied to
<payment_system_folder>\payment-conf.
NOTE: The Common Name (CN parameter) is typically composed of Host + Domain Name and will look
like "www.yoursite.com" or "yoursite.com". SSL Server Certificates are specific to the Common Name that
they have been issued to at the Host level. The Common Name must be the same as the Web address you
will be accessing when connecting to a secure site.
OPTION 1.B USE EXISTING CERTIFICATE
As YSoft Payment System system uses Java keystore, it's usually required to convert certificates from the
common PEM files (.crt and .key) to the p12 file.
Suppose you have a certificate and key in PEM format. The key is named YPSClient.key and the
certificate YPSClient.crt. It can be done using OpenSSL:
openssl pkcs12 -export -in YPSClient.crt -inkey YPSClient.key -out keystore.p12 -name "yps
NOTE: OpenSSL can be downloaded and installed from following link: http://slproweb.com/products
/Win32OpenSSL.html. You can run command openssl from installation bin folder or add it to system Path
system environment variables.
cd <payment_system_folder>\payment-conf
keytool -server -importkeystore -srckeystore keystore.p12 -destkeystore keystore.jks -srcs
NOTE: This must be a single certificate in PEM format, not a truststore in PKCS#12 format. The
certificate must belong to the issuer (CA) of the certificate used for YSoft Payment System.
3. Start Payment System, CML, ORS and TS services
TROUBLESHOOTING
You can get a list of imported certificates in the keystore:
In case that you already have alias present in keystore you can delete it with following command:
Page content
Configuration procedure
Configuration options
Default cron rules for generating notifications
This page described advanced configuration of Credit-based Notifications feature for YSoft Payment
System. This feature requires manual intervention to configuration files, as described below.
CONFIGURATION PROCEDURE
SMTP configuration should be configured through "SMTP configuration" tab on "Notification configuration"
CONFIGURATION OPTIONS
Except properties named in the bottom, all email settings moved from properties file to GUI.
"Use STARTTLS" - Enable/disable the use of the STARTTLS command (if supported by the server)
to switch the connection to a TLS-protected connection before issuing any login commands. Note
that an appropriate trust store must configured so that the client will trust the server's certificate.
"Wait for QUIT" - If disabled, the QUIT command is sent and the connection is immediately closed. If
enabled, causes the transport to wait for the response to the QUIT command.
"Sending interval" - cron format interval specify how often emails will be sent (default: sends emails
every 5 minutes)
# cron format interval specify how often emails will be sent (default: sends emails every 5
minutes)
notification.send-emails.cron=0 0/5 * * * ?
Account balance and Transaction notifications are generated right after the transaction has been
performed. Account statement and Transaction history notifications are generated at 1:00 AM. The
interval of sending of all generated notifications is related to notification.send-emails.cron settings.
Page content
Overview
Prerequisites
Configuration
YSoft Payment System configuration
Browser configuration
Firefox
Internet Explorer
Chrome
Usage
Local access
Remote access
Change signed in user
Sign in back via SSO
Limitations
SSO only in combination with YSoft SafeQ
Possibility to open a cash desk of another Cash Desk operator
OVERVIEW
This article describes the steps that has to be performed in order to set up the Single Sign-on (SSO) to
YSoft Payment System web interface. The configuration of SSO requires advanced knowledge about the
system configuration and working with the configuration files.
PREREQUISITES
YSoft Payment System has to be:
installed on a server which is a part of the domain. SSO is asking the system for the user
authentication.
connected with YSoft SafeQ - SSO is not supported by standalone mode of YSoft Payment System
all users which want to use SSO must have created user named by their username in YSoft SafeQ (e.
g. domain name = MY_COMPANY/dvader => YSoft SafeQ user name = dvader)
CONFIGURATION
For use of YSoft Payment System SSO functionality, you have to configure the system and used browser.
1. open <ysoft-payment-system-home>/payment-conf/environment-configuration.properties
2. add/change property sign-on.type and set it to value sso-sign-on
sign-on.type=sso-sign-on
BROWSER CONFIGURATION
FIREFOX
INTERNET EXPLORER
1. Open the Control Panel -> Network and Internet -> Internet Options
2. Click the Advanced tab.
3. Scroll down to Security
4. Check Enable Integrated Windows Authentication.
5. Restart the browser.
1. Open the Control Panel -> Network and Internet -> Internet Options
2. Click the Security.
3. Click the Local Intranet icon.
4. Click the Sites button.
5. (only for Windows 8) Check Automatically detect intranet network.
a. For localhost, click Advanced.
6. Add your server name as the value of the list. (e.g. https://localhost)
7. Restart the browser.
CHROME
USAGE
LOCAL ACCESS
You have to only set your environment according to "Configuration" part and start using of the system. You
are automatically signed in with your domain credentials.
REMOTE ACCESS
When you accessing YSoft Payment System from outer world by browser and the SSO is used then a
popup window with a form to fill your credentials to the domain is displayed. So you type your domain
credentials into the form and then you do not need to sign in the system, your domain credentials are used
for it.
When you want to sign in again via your domain account, then you click the sign out button and on the sign
in page (see below) click link "Sign in as current Windows user".
LIMITATIONS
Page content
General
Proxy setting
Payment system
Certificate watchdog
Payment machines
Performance statistics
License portal setting
Notification support
Javascript localization
Database configuration
Main YSoft Payment System database
Connection pool
Database schema
UI/API configuration
Cashdesk UI
Administration UI
REST API
Authorization/Authentication
User management
Sign-on authentication
Payment gateways
Payment gateway availability
Open deposit periodic jobs
GENERAL
PROXY SETTING
PAYMENT SYSTEM
CERTIFICATE WATCHDOG
certificate.watchdog. 120 number Days to certificate expiration. After this time the system
warnDays starts notifying administrator.
certificate.watchdog. 30 number Days to certificate expiration. After this time the system
errorDays starts warning administrator.
PAYMENT MACHINES
spm.statistics. 0 */15 * cron Configuration for payment machines statistics logging. Defines
dump.cron *** expression how often a statistics about payment machine are generated.
spm.timeout. 0**** cron Defines how often the system try to disconnect timeouted
check.cron * expression payment machines. (default every minute)
PERFORMANCE STATISTICS
statistics.dump. 0 */15 * * cron System performance statistics logging. How often a period
cron.period ** expression statistics are performed.
statistics.dump. 0 0 0,12 cron System performance statistics logging. How often a total
cron.total *** expression statistics are performed.
NOTIFICATION SUPPORT
This section is describer on the separate page - Configuring Credit-based Notifications
JAVASCRIPT LOCALIZATION
javascript. js_messages filename Javascript has its own localization files. (validation
localization. messages, datepicker, select boxes, ...) This
bundleName property defines bundle name of localization file.
DATABASE CONFIGURATION
CONNECTION POOL
database. 60000 number The minimum amount of time a connection may sit
minEvictableIdleTimeMillis idle in the pool before it is eligible for eviction.
DATABASE SCHEMA
database. changelog. liquibase Mainly it is used for default initialization of database structure
changelog xml changelog and default configuration records . This file can contain also
filepath updates of database schema and records. This file has to be
according to rules of Liquibase (http://www.liquibase.org/).
UI/API CONFIGURATION
CASHDESK UI
cashdesk. https The channel clients are required to communicate through with
channel http cash desk.
https WARNING: setting this property to anything other than
any https bypasses SSL!
ADMINISTRATION UI
web.customer. https The channel clients are required to communicate through with
channel http customer web.
https WARNING: setting this property to anything other than
any https bypasses SSL!
web. https The channel clients are required to communicate through with
administration. http administration.
channel https WARNING: setting this property to anything other than
any https bypasses SSL!
REST API
restApi. https The channel clients are required to communicate through the
channel http REST API
https WARNING: setting this property to anything other than
any https bypasses SSL!
AUTHORIZATION/AUTHENTICATION
USER MANAGEMENT
authentication. 0 */2 * * * * cron expression How often should be user management checked.
watchdog. (2 min default) Indicates that a user management
cron is reachable. In case the user management is
unreachable, then new incident is reported. New
incident is reported in case the user management
is reachable again.
SIGN-ON AUTHENTICATION
PAYMENT GATEWAYS
pendingDeposits.retry. 10 number How long after the deposit start should PS retry
delayMinutes pending deposits.
openDeposits.expiration. 000*** cron How often should open deposits be cleaned up.
cron expression
Page content
Configuration procedure
Configuration options
All mandatory configuration could be managed during installation (Installing Payment Gateway Plugins
). Once the PayPal Gateway Plugin is installed, you can use this guide to change existing or set advanced
options.
CONFIGURATION PROCEDURE
CONFIGURATION OPTIONS
Option Description
paypal.paymentSystemUrl
Option Description
paypal.paymentExpirationDays The number of days after which retrying of PayPal payments stops. 30
is the number of days after which PayPal itself expires its payments.
default: 30
paypal. The number of hours after which completed deposits are removed
completedDepositCleanupHours from the database.
default: 1
paypal.depositCleanupDays Number of days after which deposits are removed from the database.
default: 60
paypal.useHttpProxy If set to true, PayPal will be contacted through a proxy (note that
Payment System will always be contacted directly)
default: false
paypal.database.url
Option Description
paypal.returnUrlPrefix The string that URLs sent to PayPal get prefixed with. For example if
this property is set to 'https://example.com' than the confirmation URL
sent to PayPal will look like this: 'https://example.com/deposit/123
/payment-confirmed-by-paypal'. This is done to allow the integration
module to sit behind a proxy with a public name without URL rewriting.
(required)
paypal. PS' username. (the user has to have the appropriate rights set up in
paymentSystemUsername PS)
(required)
Page content
Configuration procedure
Configuration options
All mandatory configuration could be managed during installation (Installing Payment Gateway Plugins).
Once the DIBS Gateway Plugin is installed, you can use this guide to change existing or set advanced
options.
CONFIGURATION PROCEDURE
CONFIGURATION OPTIONS
Option Description
dibs.paymentSystemUrl URL pointing to PS REST API used for Payment Gateway integrations
default: https://localhost:8443/payment-system/api/v1/paymentgateway
/deposit
dibs.paymentExpirationDays The number of days after which retrying ofDIBS payments stops.
default: 30
dibs. The number of hours after which completed deposits are removed
completedDepositCleanupHours from the database.
default: 1
dibs.depositCleanupDays Number of days after which deposits are removed from the database.
default: 60
dibs.useHttpProxy If set to true, DIBS will be contacted through a proxy (note that
Payment System will always be contacted directly)
default: false
Option Description
dibs.returnUrlPrefix The string that URLs sent to DIBS get prefixed with. For example if this
property is set to 'https://example.com' than the confirmation URL sent
to DIBS will look like this: 'https://example.com/deposit/123/payment-
confirmed-by-dibs'. This is done to allow the integration module to sit
behind a proxy with a public name without URL rewriting.
(required)
dibs.merchantId (required)
dibs.gateway.allowedCards
Option Description
dibs.currencyUnit The smallest unit of an amount in the selected currency (e.g. 0.01)
(required)
dibs.paymentSystemUsername PS' username. (the user has to have the appropriate rights set up in
PS)
(required)
dibs.testMode true/false. Tell to DIBS that the requests are in test mode.
default: false
6.6 USAGE
This section describes basic workflows, features of YSoft Payment System and it's usage. All
features described here can be maintained using Administration web interface dedicated for
system administrators and Cashdesk web interface dedicated for cash desk operators.
Page content
Overview
Logging in/out
Logging in
Logging out
Management
Accounts
Cash desks
Payment Machines
Periodic recharges
API Users
Payment Gateways
System incidents
Reports
Filter description
Vouchers
Configuration
License
Notifications
Cash desks
YSoft Payment System
OVERVIEW
Administration web interface is dedicated for system administrators. It is divided into two main sections:
Management – allows administrators to manage (create, modify, delete) any objects that are in YSoft
Payment System
Configuration – allows administrators to configure different settings and features for YSoft Payment
System and for Cash Desk as well.
Payment System application is installed as part of YSoft Payment System. See Installing YSoft Payment
System for more details.
Following table describes elements that are used globally in this UI.
Element Description
Language selection Language can be selected in the top right corner of the page. Currently selected
language is indicated by country flag. Selected language is not applied to whole
system, just on YSoft Payment System Administration web interface.
Filtering Filtering is available on pages where is presumption of having many items (e.g.
Accounts). Filters are always located in the top of the page.
Sorting Sorting is also available only on pages where we expect high number of items.
Sorting can be done almost by any column by clicking column header. Arrow is
indicating ascending ( ) or descending ( ) sorting.
Items per page and Some of the pages also contains option to limit number of items displayed per
pagination page (10, 25, 50 or 100) and pagination.
Limit for items per page can be set easily by clicking on these numbers.
Pagination can be used to list items in cases they cannot fit on one page.
Bulk actions
Element Description
On pages with list view of items, there are bulk actions available. Type of the
actions are based on buttons located under the items list.
To perform bulk select items on the page by clicking check boxes next to the
items you want to edit and use one of the action buttons located under the list.
Object details by View On pages with list view of items, there are also View button on the right side of
the item line. By clicking this button, you can display item details.
LOGGING IN/OUT
LOGGING IN
1. Go to URL https://<server-ip-
address>:8443/payment-system
or click shortcut created on
desktop on computer where
YSoft Payment System is
installed
2. Enter credentials of user with
administrator rights
For more info see: Integration of
YSoft Payment System with
YSoft SafeQ
3. Click Sing in
LOGGING OUT
MANAGEMENT
This section describes all tabs available in Administration web interface related to management of items and
usage of features in YSoft Payment System.
ACCOUNTS
Customer accounts which can be managed on this tab are representing users and should be mapped to the
users of external system (e.g. user in YSoft SafeQ) based on unique ID.
Do not use this tab for creating, deleting or editing customer accounts if YSoft Payment System is
used together with YSoft SafeQ. In such cases follow this guide: Managing money accounts
CASH DESKS
Cash desks in YSoft Payment System represent places where users can ask responsible person to charge
/withdraw credit, check balance/transaction history or refund transaction. To use this cash desks, you have
to log into Cash Desk web interface. For more info see: Cashdesk web interface
Type: type of cash desk. General allows to view all customer virtual account balances. Merchant
is limited to display of virtual accounts bound to selected Merchant.
Initial balance: initial balance, for cash desk as equal operation to Deposit into cash desk. Leave it
blank, if you don't want to deposit money into cash desk now.
Enable display of account history: if allowed, transaction history for money account can be
displayed in Cash Desk web interface.
Initial status: status of newly created cash desk. Disabled cash desks are not visible in Cash Desk
web interface.
Assigned operators: users with access to Cash Desk web interface, which will be able to use this
cash desk.
Now all assigned operator will see this cash desk in Cash Desk web interface if has status Enabled.
PAYMENT MACHINES
This section contains list of all YSoft SafeQ Payment Machines registered to YSoft Payment System. You
can authorize or deauthorize specific YSoft SafeQ Payment Machine using action buttons. By clicking
"view" you can see details of selected YSoft SafeQ Payment Machine.
The details contain authorization status and list of closures. You can rename or change authorization status
using action buttons.
To connect new Payment Machine follow this guide: Configuring Payment Machine
PERIODIC RECHARGES
Periodic recharges represent a rule that adds defined amount of credit to selected user's virtual money
account on periodic basis.
Assigned merchant: merchant to which is the periodic recharge bound. Periodic recharge adds
amount to selected user's virtual account which is bound to this merchant.
Type: defines whether periodic recharge recharges by amounts (adds money to virtual money
account) or recharges to amount (sets virtual money account balance to specific value)
Recurrence: defines frequency metric the account will be recharged. Based on the type of
recurrence selected, the field the next field is chosen from alternatives (Period in days, Day of the
week, Day of month, Month + day of month or none)
NOTE: Users can be assigned from periodic recharge details using "view assigned" button in
Customers field
API USERS
This section represents list of merchants (users) that have access to YSoft Payment System API. Using
action buttons you can enable, disable, remove or create new API user.
Status: initial status new API user will have, can be disabled or enabled
Access to: defines permission for different REST APIs of YSoft Payment System - Merchant API,
Cashdesk API, Admin API, Balance Management API.
enabled - Is allowed to do operations. Can be disabled (by administrator using action button) or
locked (automatically by system in case of multiple unsuccessful login attempts)
disabled - Is not allowed to do operations. Can be enabled (by administrator using action button) or
locked (automatically by system in case of multiple unsuccessful login attempts)
locked - Is not allowed to do operations. Can be enabled (by administrator using action button)
PAYMENT GATEWAYS
Payment Gateways tab allows you to manage or connect YSoft Payment System Plugins if installed. For
more info about installation see Installing Payment Gateway Plugins.
Fill in required values. Replace <server-ip-address> with actual payment system IP address ( do not
use localhost):
Name: any text, but take into mind that this name will be displayed to a user on money deposit page
Icon URL: you can use any valid URL of your favorite icon, here are examples of our default icons
(you can change it to https if you wish)
Status: status of newly connected Payment Gateway Plugin. Disabled gateways cannot be used for
money deposit.
Require confirmation of Terms and Conditions: Check when Terms and Conditions are required.
New gateway will be saved only if your URL is valid and it can connect to a running plugin.
SYSTEM INCIDENTS
System incidents section is used as:
1. Early warning system - to notify system administrator about urgent situations needed to be fixed
ASAP (for example "payment gateway is down" - sysadmin should fix it before first user would be
affected)
2. Suspicious activity detection - to detect risky or unusual activity in system and let admin check the
risks related
Every incident has its importance level (severity), source (where it occurred - e.g., SafeQ transactions,
YSoft SafeQ Payment Machine, Payment Gateway, Cash desk), date of occurrence, description and detail.
Detail contains more information about incident (e.g., session ids, customer info) and error_id - reference to
log (allowing administrator to search for more details about problem).
The list grouped incidents contains list of all incidents grouped by severity, incident source and
descriptions. You can see list of specific incidents by clicking to "view" or "view all" button.
REPORTS
Section reports contain list of all transactions happening in YSoft Payment System. Each
transaction contains information about balance change the column Balance change and balance value
"personal balance (virtual balance)" after this transaction in the column Final balance.
You can narrow the search using specific dates, types of transactions, user accounts or specific API users.
FILTER DESCRIPTION
Type
Filter transactions by their types. Different transactions has a different type.
Customer
Suggestion select box for filtering of transactions by customer's username or name.
Start typing customer's username/name and list of customers is displayed. Then select the correct
customer.
Merchant
Suggestion select box for filtering of transactions by merchant's name.
Start typing merchant's name and list of merchants is displayed. Then select the correct customer.
Creation date
Filter transactions by date range. Transaction creation date has to be between the selected dates. If a date
field is empty then there is no restriction for filtering by from or to date.
Filter
Filter transactions by selected filtering options.
Reset
Reset the filtering.
VOUCHERS
Vouchers represent a smart way of recharging user accounts, connecting easy setup and low cost of
ownership with self-service.
Please learn how to set up and process vouchers by following Vouchers guide.
CONFIGURATION
This section describes all tabs available in Administration web interface related to general configuration
YSoft Payment System or specific settings for applied e.g. for Cash Desk web interface.
LICENSE
License tab will provide you with information about activation of whole YSott Payment System.
For full activation YSoft Payment System proper integration have to be set with YSoft SafeQ5. For more info
see: Integration of YSoft Payment System with YSoft SafeQ
NOTIFICATIONS
YSoft Payment System provides you with possibility to receive regular notifications as a administrator or as
a account owner.
Account balance – notification is issued once, when credit balance on money account goes under
defined balance limit
Transaction – notification is issued once, when any transaction is performed on money account
Account statement – notification is issued periodically and informs about all transactions performed
on money account for defined period
Transaction history – notification is issued periodically and informs administrator about all realized
transactions in YSoft Payment System for defined period
Each notification can be customized using WYSIWYG editor and variables related to current type of
notification. To apply changes in notifications configuration or email body, Save button have to be clicked for
each notification separately.
NOTE: This feature requires advanced configuration like SMTP servers, cron rules, etc. For more info
see: Configuring Credit-based Notifications
CASH DESKS
Defines configuration for usage of Cash desks. You can define rules for rounding, minimal amount for
withdrawal. You can also define the format of receipts.
NOTE: You can hover your cursor over the (tooltip) icon for more info about each option.
NOTE: You can hover your cursor over the (tooltip) icon for more info about each option.
Page content
Overview
Types of cash desks
Logging in/out
Operating cash desks
List of cash desks
Open and close cash desk, cash desk details
Money deposit and withdrawal to/from cash desk
Cash desk closures
Operating customer accounts
Open money account
Money deposit and withdrawal to/from customer account
Refund transaction
Redeem voucher
Transaction history
OVERVIEW
Cash Desk web interface is dedicated for cash desk operators as front desk agents, who manipulates with
cash and can provide basic operations with customer accounts (cash deposit or withdrawal, transaction
refunds, vouchers redemption, etc) and cash desk (opening and closing cash desks, money deposit or
withdrawal, financial closures, etc).
Cash Desk application is installed as part of YSoft Payment System. See Installing YSoft Payment System
for more details.
To change language click flash in top menu right corner and select any available language.
Operator operating a General cash desk can see customer's personal and all virtual accounts. Operator can
perform deposit and withdraw operations on personal account and deposit operation on virtual accounts.
Operator operating a Merchant cash desk can see only total balance consisting of personal account balance
and virtual account (bound to configured merchant) balance. Operator can only deposit to virtual account or
do refunds.
LOGGING IN/OUT
LOGGING IN
1. Go to URL https://<server-ip-
address>:8443/payment-system
/cash-desk
or click shotcut created on
desktop on computer where
YSoft Payment System is
installed
2. Enter credentials of user with
cash desk operator rights
For more info see: Integration of
YSoft Payment System with
YSoft SafeQ
3. Click Sing in
LOGGING OUT
This part describes all possible operations with assigned cash desks in Cash Desk web interface.
Name –
name
defined
for cash
desk
Current
balance
–
balance
of cash
desk
should
reflect
amount
of
physical
money in
cash
desk
Status –
Open –
you or
other
operator
has
opened
the cash
desk and
did not
close it
yet. In
operating
in this
cash
desk
Close –
nobody
is
operating
in cash
desk,
that it
can be
opened
and used
by
clicking
Open
cash
desk
Current
operator
– name
of the
operator
who
opened
and did
not close
the cash
desk yet
If you want
to use any
of available
cash desk,
click Open
cash desk.
If cash
desk was
already
opened you
can get
back into
cash desk
by clicking
Return to
cash desk
button .
In top right
corner you
can see
cash desk
balance. In
order to
check last
activity in
cash desk
click
Activity log
at the
bottom of
the screen.
List of
activities
will be
displayed
ordered by
date and
time.
After you
are done
with
currently
opened
cash desk
click Leave
cash desk.
Cash desk
will be
properly
closed and
you will be
redirected
back to list
of cash
desks.
To deposit money to
cash desk follow, these
steps:
1. Click Deposit
into cash desk
button and
window Deposit
money into cash
desk will appear
2. Fill in the
amount and
optionally the
purpose
3. Click Deposit
and transaction
will be saved
To withdrawal money
from cash desk, follow
these steps:
1. Click Withdraw
from cash
desk button and
window
Withdraw money
from cash desk
will appear
2. Fill in the
amount and the
purpose,
alternatively use
Select
everything
button
3. Click Withdraw
and transaction
will be saved
After
successful deposit or
withdrawal, cash desk
balance is decreased
and transaction is
visible in Activity log.
When using
YSoft
Payment
System with
YSoft SafeQ,
it might not be
possible to
withdraw all
money visible
on customer's
account. This
is caused by
very small
value missing
on customer's
account.
The behavior
is caused by
limitation of
YSoft SafeQ
described
here.
1. Click
Perform
cash desk
closure
button
2. In following
screen, click
Perform
closure
button to
proceed
closure.
List of all
closures performed
by currently logged
in operator for all
assigned cash
desks can be
viewed by clicking
Closures in top
page menu.
Entering username
– enter user’s name
to the field and click
Open button. Writing
down first two
characters cash desk
will display list of
users who match
written string.
Identify user with
card number – you
can also identifying
user by card (in case
card is assigned to
him) by following
these steps:
Click
Identify
user
with
card
and
window
"Enter
card
number"
will
appear
Swipe
users
card on
reader
attached
to the
computer
or
Enter
user's
card
number
and
click
Open
After opening
customer account
you can see
account details
and also perform
various actions
which are
described below.
Click Close to
close customer
account and you
will be redirected
back to cash
desks.
To deposit money to
customer account,
follow these steps:
1. Click Deposit
button and
window Deposit
money will
appear
2. You have
possibility to
select where
deposit should
be performed by
radio buttons
Deposit into
(this option is not
available for
merchant type of
a cash desk,
there is possible
to deposit
money only on a
virtual account)
a. Personal
account -
an
amount is
deposit
on the
personal
account
of the
customer
b. Virtual
account -
an
amount is
deposit
on a
virtual
account
of the
customer
based on
selected
merchant
3. Fill in the
amount you
want to add to
customer
account
4. Click Deposit
and transaction
will be saved
5. When deposit is
processed
deposit receipt (
it is displayed
only for a
deposit on a
personal
account) is
displayed with
receipt number,
cash desk name,
customer name,
deposit amount
and date.
Print receipt by
clicking Print
receipt button or
close without
printing by
clicking Close
button.
To withdrawal money
from customer account,
follow these steps:
1. Click Withdraw
and window
Withdraw money
will appear
2. Fill in the
amount you
want to
withdrawal from
customer
account,
alternatively use
Select
everything
button.
3. Click Withdraw
and transaction
will be saved
4. When withdrawal
is processed
deposit receipt is
displayed with
receipt number,
cash desk name,
customer name,
deposit amount
and date.
Print receipt by
clicking Print
receipt button or
close without
printing by
clicking Close
button.
REFUND TRANSACTION
claimed for,
reason, refunded
amount and date.
Print receipt by
clicking Print
receipt button or
close without
printing by
clicking Close
button.
REDEEM VOUCHER
Redeem voucher
Click
Redeem
voucher
button
and
window
Redeem
voucher
will
appear
Enter
voucher
code
and
click
Redeem
button
After successful
redemption account
balance is increased,
voucher number is
deactivated and
transaction is in
Activity log.
TRANSACTION HISTORY
Cash desk
operator can see
also transaction
history for opened
customer account,
in case this feature
is enabled for
particular cash
desk which you are
operating in.
Click Account
history and list of
all transactions
performed for this
account will
appear.
Page content
Reservations
Manual reservation cancellation
Automatic reservation cancellation
Overdrawn transactions
Deny overdrawing
Allow if enough credit on account
Allow and register debt if necessary
Debt tracking
Session timeout
Transaction timeout
RESERVATIONS
Reservation represents money blocked on user's money account – this money stays on the money account,
but cannot be used by any user, process or for another reservation.
The purpose of reservations is to block a reasonable amount of money before a transaction happens, so
there is lower risk of account with not enough money to settle transaction. If such a situation happens
anyway, a debt is created.
In certain cases reservation is not cancelled by receiving settlement call . In such cases, administrator has
following possibilities to unblock the reserved amount of money and make it available for other processes.
In Administration web interface, administrator can open user's account and list through existing
reservations. Clicking on Cancel button, reservation will be cancelled.
In Administration web interface, administrator can define value for Expiration of reservations as the
maximum age of any reservation. When this age is exceeded, the reservation is cancelled automatically.
Default value is 168 hours (7 days).
OVERDRAWN TRANSACTIONS
Defines the overdrawn option for print, copy or scan operations. Overdrawing of transactions can be set into
the 3 overdrawing modes:
Deny overdrawing
Allow if enough credit on account
Allow and register debt if necessary
These settings can be set in the administration part of YSoft Payment System -> YSoft Payment System ->
Overdrawn transactions.
DENY OVERDRAWING
Transaction settlements higher than the total sum of reservations are not allowed.
Use case:
Situation: Customer account balance is 30 and minimum balance of the account is set to -15. Customer also
doesn't have any registered debt or reservation.
Use case:
Prerequisites => Customer account balance is 30 and minimum balance of the account is set to -15.
Customer also doesn't have any registered debt or reservation.
2.
Use case:
Prerequisites => Customer account balance is 30 and minimum balance of the account is set to -15.
Customer also doesn't have any registered debt or reservation.
DEBT TRACKING
When a transaction settlement is made for an amount higher than the amount of reservation and there is not
enough money on the user's account to cover the settlement, a debt is registered to user. The amount
registered as debt represents amount that was not able to be settled in other way - through settlement of
reservation, remaining money on account or allowed minimal balance. The registered amount equals
settlement amount - reservation amount.
Debt is partially settled anytime money is deposited to the account or made available on account.
The exception is in case YSoft Payment System is used in connection with external payment system,
when YSoft Payment System does not hold actual user balance, but it works as a proxy for external
payment system. Debt settlement in this case does not happen immediately, but in following interval:
5 seconds, 1 minute, 1 hour, 12 hours, 1 day, and then on daily basis. This is to prevent external
payment system from denial of service.
In case there is a debt on the account, the account balance is typically 0 (or equal to minimal
balance) and there is a debt record visible in the YSoft Payment System interface in the user's
account overview.
SESSION TIMEOUT
For security reasons, YSoft Payment System will automatically log out users logged into Administration,
Cash Desk or YSoft Wallet web after 30 minutes of inactivity or in other words no communication with
server. User will see dialog "Your session is about to expire" 5 minutes before reaching this limit. This dialog
includes two buttons:
"Reload page" button will effectively close this dialog, reset the counter, refresh the page and close
all unsubmitted forms (e.g. new periodic recharge in Administration)
"Logout" button will log out current user. It has the same effect as automatic log out.
This means that if you leave unsubmitted form inactive for at least 25 minutes, you will lose filled
information, because of timeout dialog, from which you cannot return to the form! Moving mouse or
filling the form still counts as inactivity, unless it triggers communication with server.
TRANSACTION TIMEOUT
YSoft Payment System has a default timeout of 5 seconds for all transaction based operations. Examples
would be listing of transactions in UI or sending a transaction reservation request.
In case you experience occasional timeout error during execution of such transaction based operations, it
is possible that your system infrastructure is not able to finish these operations within 5 seconds. Especially
vulnerable are systems connected to an external payment provider.
Page content
Software solutions
Hardware solutions
This page lists all available options for users to recharge their money accounts in YSoft Payment System.
SOFTWARE SOLUTIONS
Supported functions:
Notes:
VOUCHERS
Vouchers represent smart way how to recharge user money accounts via self-service and with low cost of
ownership. It allows to define codes that are printed and distributed via any means - kiosks, existing vending
machines or other means.
Supported functions:
Notes:
PAYMENT GATEWAYS
YSoft Payment System allows to recharge user money accounts via payment gateways. It is a good way to
recharge in tech-savvy environment.
Supported functions:
Deposit money via supported Payment Gateway (PayPal, DIBS, or other via stand-alone plugin)
Notes:
HARDWARE SOLUTIONS
The YSoft Payment Machine is significantly modernized YSoft SafeQ Recharging Station (RCSv2).
Supported functions:
Notes:
For more information about supported hardware see: Product Lifecycle Information
Supported functions:
Notes:
Legend
YSoft Payment Machine
Self-Service Recharging Station v2
LEGEND
Supported
Not supported
This is a limitation by our supplier. Date tells the last check of availability. Some currencies may have
become possible ( ) since then.
Support is possible
Currency could be supported but without 100% guarantee. Currency could be supported by SPM firmware,
however Y Soft cannot guarantee 100% functionality without tests with real currency of respective type.
Bulgaria BGN
Croatia HRK
Denmark DKK
Georgia GEL
Hungary HUF
Israel ILS
Norway NOK
Poland PLN
Qatar QAR
Romania RON
Russia RUB
Sweden SEK
Switzerland CHF
UAE AED
Brazil BRL
Chile CLP
Colombia COP
Mexico MXN
Peru PEN
Venezuela VEF
China CNY
India INR
Japan JPY
Kazakhstan KZT
Korea KRW
Malaysia MYR
Singapore SGD
Taiwan TWD
Thailand THB
Turkey TRY
Ukraine UAH
Currencies not listed in the table can be checked by R&D upon request. Their availability will be
added once we have more information.
Hungary HUF
Israel ILS
Poland PLN
Romania RON
NOTES
YSoft SafeQ Recharging Station v2 (RCS v2) could have one of three notes acceptors: GBA HR1, GBA
HR1+ and GBA ST2.
CAD - CANADIAN DOLLAR
Banknotes
Device type GBA ST2
3 5 2006, pr OK 23.5.2013
2008
1 10 2005, pr OK 23.5.2013
2007
1 20 2004, pr OK 23.5.2013
2006
Supported items: value 5(2002), 5(2006), 5(2013), 10(2001), 10(2005), 10(2013), 20(2004), 20
(revision) (2012)
3 5 2006, pr OK 19.8.2014
2008
1 10 2005, pr OK 19.8.2014
2007
1 20 2004, pr OK 19.8.2014
2006
Banknotes
Device type GBA HR1
Supported items: value 100, 200, 500(old), 500(2009), 1000(1996), 1000(2008), 2000(1996), 2000
(revision) (1999), 2000(2007), 5000
Supported items: value 100, 200, 500(old), 500(2009), 1000(1996), 1000(2008), 2000(1996), 2000
(revision) (2007), 5000
Supported items: value 100(1995), 200(1996), 500(1995), 500(2009), 1000(1996), 1000(2008), 2000
(revision) (1996), 2000(2007), 5000(1999)
EUR - EURO
Banknotes
Device type GBA HR1
Supported items: value 5(2002), 5(2013), 10(2002), 20(2002), 50(2002), 100(2002), 200
(revision) (2002)
2 5 2002 1pcs OK; 1 pcs has medium errors in orientation A, rest 23.5.2013
OK
2 5 2013 OK 7.6.2013
2 10 2002 1pcs OK; 1 pcs has medium errors in orientation C, rest 23.5.2013
OK
2 20 2002 OK 23.5.2013
2 50 2002 1pcs OK; 1 pcs has medium errors in all orientations 23.5.2013
Supported items: value 5(2002), 5(2013), 10(2002), 20(2002), 50(2002), 100(2002), 200(2002),
(revision) 500(2002)
2 5 2002 OK 23.5.2013
2 5 2013 OK 7.6.2013
2 10 2002 OK 23.5.2013
2 20 2002 OK 23.5.2013
2 50 2002 1pcs OK; 1 pcs has few errors in all orientation C, rest 23.5.2013
OK
Supported items: value 5(2002), 5(2013), 10(2002), 10(2014), 20(2002), 50(2002), 100(2002), 200
(revision) (2002), 500(2002)
1 5 2002 OK 19.8.2014
3 5 2013 OK 19.8.2014
1 10 2002 OK 19.8.2014
1 20 2002 OK 19.8.2014
1 50 2002 OK 19.8.2014
Banknotes
Device type GBA HR1
1 5 2002 OK 23.5.2013
1 10 2000 OK 23.5.2013
1 20 2006 OK 23.5.2013
1 5 2002 OK 23.5.2013
1 10 2000 OK 23.5.2013
1 20 2006 OK 23.5.2013
1 5 2002 OK 19.8.2014
1 10 2000 OK 19.8.2014
1 20 2006 OK 19.8.2014
Banknotes
Device type GBA HR1
Supported items: value 200(old), 500(old), 500(2009), 1000(old), 1000(2009), 2000(old), 2000(2009),
(revision) 5000(old), 5000(2009), 10000(old), 10000(2009), 20000(old), 20000(2009)
Supported items: value 500(1998), 500(2006), 500(2007), 1000(2005), 1000(2008), 2000(1998), 2000
(revision) (2007), 5000(1998), 5000(2008), 10000(1997), 10000(2008), 20000(1999),
20000(2009)
Supported items: value 500(1998), 500(2006), 500(2007), 1000(2005), 1000(2008), 2000(1998), 2000
(revision) (2007), 5000(1998), 5000(2008), 10000(1997), 10000(2008), 20000(1999),
20000(2009)
Banknotes
Device type GBA ST2
1 20 2008 OK 23.5.2013
1 50 2007 OK 23.5.2013
1 20 2008 OK 19.8.2014
1 50 2007 OK 19.8.2014
Banknotes
Device type GBA HR1
2 10 1994 OK 23.5.2013
2 20 1994 OK 23.5.2013
2 50 1994 OK 23.5.2013
2 10 1994 OK 23.5.2013
2 20 1994 OK 23.5.2013
2 50 1994 OK 23.5.2013
Supported items: value 10(1994), 10(2012), 20(1994), 20(2012), 50(1994), 50(2012), 100(1994), 100
(revision) (2012), 200(1994)
1 10 1994 OK 19.8.2014
1 20 1994 OK 19.8.2014
1 50 1994 OK 19.8.2014
Banknotes
Device type GBA HR1
2 1 2005 OK 23.5.2013
2 5 2005 OK 23.5.2013
2 10 2005 OK 23.5.2013
2 50 2005 OK 23.5.2013
2 1 2005 OK 23.5.2013
2 5 2005 OK 23.5.2013
2 10 2005 OK 23.5.2013
2 50 2005 OK 23.5.2013
Supported items: value 1(2005), 5(2005), 10(2005), 10(2008), 50(2005), 100(2005), 200(2006),
(revision) 500(2005)
1 1 2005 OK 19.8.2014
1 5 2005 OK 19.8.2014
1 10 2005 OK 19.8.2014
1 50 2005 OK 19.8.2014
Banknotes
Device type GBA ST2
2 1 4th OK 23.5.2013
series
2 1 2007 OK 23.5.2013
2 5 OK 23.5.2013
4th
series
2 5 2007 OK 23.5.2013
2 10 4th OK 23.5.2013
series
2 10 2007 OK 23.5.2013
1 1 2007 OK 19.8.2014
1 5 2007 OK 19.8.2014
1 10 2007 OK 19.8.2014
Banknotes
Device type GBA HR1
Supported items: value 1, 2, 5(1986), 5(old), 5(new), 10(old), 10(new), 10(2004), 20(old), 20(new), 20
(revision) (2004), 50(old), 50(new), 50(2004), 100(old), 100(new)
2 1 2006 OK 23.5.2013
1 5 2006 OK 23.5.2013
1 10 2006 OK 23.5.2013
1 20 2004 OK 23.5.2013
1 20 2006 OK 23.5.2013
1 50 2006 OK 23.5.2013
Supported items: value 1, 2, 5(1999), 5(2006), 10(1996), 10(2004), 20(1996), 20(2004), 50(1996), 50
(revision) (2004), 100(1996)
2 1 2006 OK 23.5.2013
1 5 2006 OK 23.5.2013
1 10 2006 OK 23.5.2013
1 20 2004 OK 23.5.2013
1 50 2006 OK 23.5.2013
Supported items: value 1(1963), 2(1976), 5(1999), 5(2006), 10(1999), 10(2004), 20(1996), 20(2004),
(revision) 50(1996), 50(2004), 100(1996), 100(2013)
2 1 2006 OK 19.8.2014
1 5 2006 OK 19.8.2014
1 10 2006 OK 19.8.2014
1 20 2004 OK 19.8.2014
1 20 2006 OK 19.8.2014
1 50 2006 OK 19.8.2014
Coins
Device type CPS v2 Colibri
Banknotes
Device type JCM UBA-10
Supported items: value 0.5(97), 0.5(08), 1(93), 1(08), 5(98), 5(08), 10(98), 10(new), 20(01), 20
(revision) (new)
2 1 2008 OK 25.6.2014
1 5 2008 OK 25.6.2014
(xxx393)
2 10 2008 OK 25.6.2014
2 20 2008 OK 25.6.2014
Banknotes
Device type JCM UBA-10
Supported items: value 2(99), 5(99), 5(09), 10(99), 10(08), 20(99), 20(07), 50(99), 50(06), 100
(revision) (03)
2 2 2005 OK 26.4.2013
2 5 2009 OK 26.4.2013
2 10 2008 OK 26.4.2013
2 20 2007 OK 26.4.2013
Coins
Device type NRI G13.mft
2 0.50 OK 17.6.2014
1993,
2007
2 1 1995, OK 17.6.2014
1999
2 2 2003, OK 17.6.2014
2011
2 5 1996, OK 17.6.2014
2009
Banknotes
Device type JCM UBA-10
Supported items: value 10(01), 10(04), 20(01), 50(02), 100(02), 200(02), 500(93), 1000
(revision) (93)
2 10 2012 OK 11.6.2014
2 20 2012 OK 11.6.2014
2 50 2002 OK 11.6.2014
Coins
Device type CPS v2 Colibri
Supported items: value 1(A, a), 2(A, a), 5(A, a), 10(A, a), 20(A, a), 50(A, a)
(revision)
Notes We recommend to disable wide channel for CZK20 (channel no. 5 on coinslot
or "CZK 20.00 A" in configuration) to reject foreign coins. CZK20 coins will be
accepted through narrow channel.
1 1 2001 OK 6.8.2013
1 2 1997 OK 6.8.2013
1 5 2002 OK 6.8.2013
1 10 2003 OK 6.8.2013
1 20 2002 OK 6.8.2013
1 50 1993 OK 6.8.2013
16 GBP 1989, 1993, 2000, 2001, 2002, 2003, OK rejected with disabled wide 6.8.2013
0.02 2006, 2007, 2009, 2010, 2011 channel 5
5 GBP 1994, 2001, 2003, 2009 OK rejected with disabled wide 6.8.2013
0.02 channel 5
EUR - EURO
Coins
Device type CPS v2 Colibri
2 1 2002 OK 6.8.2013
2 2 2002 OK 6.8.2013
Banknotes
Device type JCM UBA-10
Supported items: value 5(02), 5(13), 10(02), 20(02), 50(02), 100(02), 200(02), 500
(revision) (02)
1 5 2002 OK 7.6.2013
2 5 2013 OK 7.6.2013
1 10 2002 OK 7.6.2013
1 20 2002 OK 7.6.2013
1 50 2002 OK 7.6.2013
Supported items: value 5(02), 5(13), 10(02), 10(14), 20(02), 50(02), 100(02), 200(02), 500
(revision) (02)
1 5 2002 OK 17.10.2014
3 5 2013 OK 17.10.2014
1 10 2002 OK 17.10.2014
2 10 2014 OK 17.10.2014
1 20 2002 OK 17.10.2014
1 50 2002 OK 17.10.2014
Coins
Device type CPS v2 Colibri
Notes We recommend to disable wide channel for 1N (channel no. 7) to reject foreign
coins. 1N coins will be accepted through narrow channel (no. 12).
7 1 2007 OK 30.7.2013
3 1 2012 OK 30.7.2013
Banknotes
Device type JCM UBA-10
Supported items: value 5(93-95), 5(00-01), 10(93-95), 10(98,01), 10(09), 20(97, 00), 20(09), 50(95-
(revision) 96), 50(98), 50(04-11), 100(93-95), 100(98), 100(03-06), 100(08), 100(12), 200
(89), 200(04), 200(08), 500(96), 500(98-00), 500(04), 500(06-08), 500(11),
1000(98-00), 1000(06), 1000(08), 1000(12)
Notes The width of 5 Dirhams notes is out of specification for the acceptor, so the
usage is only at own risk. Y Soft recommend to disable acceptance of it and
will not be responsible for any damages caused by this denomination.
2 10 2009 OK 4.6.2013
2 20 2009 OK 4.6.2013
1 50 2008 OK 4.6.2013
1 50 2011 OK 4.6.2013
Coins
Device type CPS v2 Colibri
Supported items: value US: 0.01(B), 0.05(A), 0.10(A), 0.25(A), 0.50(A), 1(A) EC: 0.05(B), 0.10(B),
(revision) 0.25(A), 0.50(B)
Coins
Device type NRI G13.mft
1 1 1993 OK 10.6.2014
1 1 2011 OK 10.6.2014
1 2 1991 OK 10.6.2014
1 2 1995 OK 10.6.2014
1 5 2010 OK 10.6.2014
1 5 2011 OK 10.6.2014
Banknotes
Device type JCM UBA-10
Supported items: value 10(93), 10(05), 10(12), 20(93), 20(05), 20(12), 50(92), 50(05), 50(12), 100(94),
(revision) 100(05), 100(12), 200(05), 200(12)
1 20 5th issue 2012 (EBxxxxxxx Fail, mostly rejected in all orientations 10.6.2014
B)
Coins
Device type CPS v2 Colibri
1 1 1994 OK 26.3.2014
1 1 2000 OK 26.3.2014
1 2 2006 OK 26.3.2014
1 2 2008 OK 26.3.2014
1 PHP 2003 Fail, accepted as AUD 0.10. The only possible solution is to 26.3.2014
1 disable the acceptance of AUD 0.10.
Banknotes
Device type JCM UBA-10
2 5 Current OK 6.2.2014
polymer
2 10 Current OK 6.2.2014
polymer
2 20 Current OK 6.2.2014
polymer
2 50 Current OK 6.2.2014
polymer
Banknotes
Device type JCM UBA-10
Supported items: value 1(00), 1(12), 2(96), 5(99), 5(04), 5(12), 10(98), 10(03), 10(12), 20(12), 50(98),
(revision) 50(07), 100(98), 100(12)
1 1 old OK 26.4.2013
Supported items: value 1(00), 1(12), 2(96), 5(99), 5(04), 5(12), 10(98), 10(03), 10(12), 20(12), 50(98),
(revision) 50(07), 100(98), 100(12)
1 1 old OK 17.10.2014
Banknotes
Device type JCM UBA-10
Supported items: value 2(99), 2(05), 2(06), 5(99), 5(99), 5(07), 10(99), 10(04), 50(99), 50(99,04), 50
(revision) (99), 50(99), 100(99), 1000(99)
Coins
2 1 N/A OK 26.4.2013
1 5 N/A OK 26.4.2013
3 10 N/A OK 26.4.2013
Banknotes
Device type JCM UBA-10
VOUCHERS
DESCRIPTION
Vouchers represent an alternative way of recharging money accounts in YSoft Payment System. It
allows admin to define offline codes that represent certain amount of money, distribute these codes
offline and recharge specified amount of money to user that redeems the code.
New vouchers can be generated via functionality "Generate Vouchers" accessible from "Vouchers" tab.
number of vouchers - mandatory field, defines number of vouchers created in one batch. The
maximum number is 10.000.
voucher amount - mandatory field, defines amount of money in used currency that will be
assigned to vouchers. Minimal value is 0.0001 and maximum value is 1.000.000.000.
expiration date - optional field, defines date when voucher is automatically disabled for security
reasons.
VOUCHERS TO TEMPLATE
New vouchers can be exported into Microsoft Word template using functionality "Vouchers to template"
accessible from "Vouchers" tab.
IMPORT VOUCHERS
New vouchers can be imported from CSV file via functionality "Import Vouchers" accessible from
"Vouchers" tab.
System will ask to select file containing definitions of new vouchers. The format of file requires
following information:
EXPORT VOUCHERS
Vouchers can be exported to CSV file via functionality "Export Vouchers" accessible from "Vouchers"
tab.
Vouchers can be redeemed through Cash Desk application or through Self-service portal.
CASH DESK
Voucher redemption functionality can be accessed via "Redeem voucher" functionality on money
account page in Cash desk.
Voucher can be redeemed by entering valid voucher code in the provided field.
SELF-SERVICE PORTAL
https://<YPS server>/payment-system/customer
https://<YPS server>/payment-system/customer/login
https://<YPS server>/payment-system/customer/voucher-redemption
6.6.7 LICENSING
User's version of YSoft Payment System may contain more payment gateways where user can charge his
or her account. Two basic supported payment gateways are PayPal and DIBS.
2 Click link 'Deposit money' on your SafeQ dashboard widget "my credit". Go to new window with
payment gateway deposit. Fill 'Amount' and choose 'Payment gateway'.
Depending on your country, you may be required to confirm 'Terms and conditions'.
User, who chose PayPal payment gateway, is redirected to the PayPal portal login page.
1 Log into the PayPal. You should be redirected to payment 'review' page.
2 Click 'Continue' button. You should be redirected back to YSoft Payment System result page.
Click 'Finish' button. The window should close and balance on your account will increase by the given
amount.
User, who chose DIBS payment gateway, is redirected to the DIBS portal page.
1 Fill in all mandatory information about your card. Click 'Validate payment' button. You should be
redirected to DIBS's payment result page.
Click 'Next' button. You should be redirected back to YSoft Payment System result page.
3 Click 'Finish' button. The window should close and balance on your account will increase by the given
amount.
Following Payment Gateways are supported for recharging of user money accounts. In case you are
already using other Payment Gateway or you seek alternative payment methods, contact us directly.
Credit card
http://www.dibspayment.com
/solutions
http://payment-services.
ingenico.com/~/media/files
/Ingenico-Acquirers-
Payment-Methods.ashx
PROVIDED ENDPOINTS
USAGE EXAMPLES
GET https://<host>:<port>/payment-system/api/v2/audit
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"type" : "MONEY_TRANSFER",
"date" : "2014-09-20T21:14:53.855Z",
"amount" : 3.00,
"balanceChange" : -3.00,
"description" : "Payment for: candy bar",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/transacti
}, {
"type" : "TRANSACTION_SETTLEMENT",
"date" : "2014-09-26T10:20:58.481Z",
"amount" : 10.00,
"balanceChange" : -10.00,
"description" : "Printing: private-document.doc",
"links" : [
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/transaction/75d
]
}
FINDACCOUNTEVENTS
Method
GET
URL
/v2/audit
Required
[ROLE_API_ADMIN]
Privileges
REQUEST ARGUMENTS
toDate No
String (ISO8601
formatted date)
fromAmount Decimal No
toAmount Decimal No
RESPONSE BODY
{
"page" : <number>,
"pageSize" : <number>,
"totalCount" : <number>,
"results" : <array of objects>, // events
"links" : <array of links>
}
LINKS
RESULT OBJECTS
{
"customerGuid" : <string>, // Globally unique identifier of the customer
"tax" : <number>, // Value of tax for the transaction. Only for MONEY
LINKS (RESULTS)
cash- link to the cash desk through which the for types: CASH_DESK_DEPOSIT,
desk action was performed CASH_DESK_WITHDRAWAL
The cash desk API is intended to be used by 3rd party cash desk software and serves as a integration point
with Payment System.
Cash desk operators use this software to perform actions on cash desks. Each action performed must be
associated with a concrete operator. This means that the 3rd party cash desk software sends requests to
Payment System on behalf of the operator.
To identify the operator performing the action Payment System requires the 3rd party software to send a
special header named 'YPS-CASH-DESK-OPERATOR-GUID' to be sent with each request. Its value needs
to be set to the globally unique identifier of the operator who performs the action.
PROVIDED ENDPOINTS
GET Retrieving
/v2/cash-desk
list of
operator's
cash desks
GET Retrieving
/v2/cash-desk/{cashDeskId}
details
about 1
particular
cash desk
PUT Changing
/v2/cash-desk/{cashDeskId}
cash desk
state
POST Depositing
/v2/cash-desk/{cashDeskId}/account-deposit
money into
customer's
personal
money
account
GET Viewing
/v2/cash-desk/{cashDeskId}/account-deposit/{depositId}
details
about a
cash desk
deposit
POST Withdrawing
/v2/cash-desk/{cashDeskId}/account-withdrawal
money from
customer's
personal
money
account
GET Viewing
/v2/cash-desk/{cashDeskId}/account-withdrawal/{withdrawalId}
details
about a
cash desk
withdrawal
POST Performing
/v2/cash-desk/{cashDeskId}/closure
a cash desk
closure
GET View
/v2/cash-desk/closure/{closureId}/operations
operations
that were
performed
during the
closure
interval
USAGE EXAMPLES
GET https://<host>:<port>/payment-system/api/v2/cash-desk
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
If all preconditions are met (e.g. operator has cash desks assigned) payment system responds with:
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"name" : "Library",
"state" : "CLOSED",
"balance": 100.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk
}, {
"name" : "COPY1",
"state" : "OPEN",
"balance": 500.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/cashdesk/1" },
]
}
Things to note:
GET https://<host>:<port>/payment-system/api/v2/cash-desk/1
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
If all preconditions are met (e.g. operator has the cash desk assigned) payment system responds with:
200 Ok
-- body --
{
"name" : "Library",
"state" : "CLOSED",
"balance": 500.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk/1"
Things to note:
PUT https://<host>:<port>/payment-system/api/v2/cash-desk/1
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
-- body --
{
"state": "OPEN"
}
If all preconditions are met (e.g. operator has cash desk assigned) payment system responds with:
200 Ok
Things to note:
POST https://<host>:<port>/payment-system/api/v2/cash-desk/1/account-deposit
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
-- body --
{
customerGuid: "jdoe",
amount: 100.00
}
If all preconditions are met (e.g. operator has cash desk assigned) payment system responds with:
201 Created
-- response headers --
Location = https://<host>:<port>/payment-system/api/v2/cash-desk/1/account-deposit/23
Things to note:
POST https://<host>:<port>/payment-system/api/v2/cash-desk/1/account-withdrawal
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
-- body --
{
customerGuid: "jdoe",
amount: 100.00
}
If all preconditions are met (e.g. operator has cash desk assigned) payment system responds with:
201 Created
-- response headers --
Location = https://<host>:<port>/payment-system/api/v2/cash-desk/1/account-withdrawal/24
Things to note:
POST https://<host>:<port>/payment-system/api/v2/cash-desk/1/closure
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
If all preconditions are met (e.g. operator has cash desk assigned) payment system performs the closure,
closes the cash desk and responds with:
201 Created
-- response headers --
Location = https://<host>:<port>/payment-system/api/v2/cash-desk/closure/24
Things to note:
GET https://<host>:<port>/payment-system/api/v2/cash-desk/closure/24
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
200 Ok
-- body --
{
"fromDate" : "2014-07-03T14:12:45.023Z",
"toDate" : "2014-07-03T14:31:29.001Z",
"finalBalance" : 0.00,
"operator" : {
"name" : "John the Operator",
"guid" : "johnOp"
}
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk/1"
]
}
Things to note:
GET https://<host>:<port>/payment-system/api/v2/cash-desk/closure/24/operations
-- request headers --
YPS-CASH-DESK-OPERATOR-GUID = johnOp
200 Ok
-- body --
{
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/cash-desk/1/ac
],
"content" : [{
"type" : "CASH_DESK_DEPOSIT",
"amount" : 10.00,
"rounding" : null,
"date" : "2014-07-03T14:24:45.023Z",
"operator" : {
"name" : "John the Operator",
"guid" : "johnOp"
},
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-des
]
}, {
"type" : "CASH_DESK_WITHDRAWAL",
"amount" : 10.00,
"rounding" : null,
"date" : "2014-07-03T14:30:40.209Z",
"operator" : {
"name" : "John the Operator",
"guid" : "johnOp"
},
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/cash-des
]
}]
}
Things to note:
FINDCASHDESKS
Method
GET
URL
/v2/cash-desk
Required
[ROLE_API_CASHDESK]
Privileges
REQUEST HEADERS
YPS-CASH-DESK- String Yes Globally unique identification of the cash desk operator
OPERATOR-GUID on behalf of whom this request is sent
REQUEST ARGUMENTS
RESPONSE BODY
{
"page" : <number>,
"pageSize" : <number>,
"totalCount": <number>,
"results" : <array of objects>, // cash desks
"links" : <array of links>
}
LINKS
RESULTS
{
"name" : <string>, // cash desk name
"state" : <string>, // cash desk state (OPEN or CLOSED)
"balance" : <number> // current cash desk balance
"links" : <array of links>
}
LINKS (RESULTS)
account-deposit link to the endpoint used to perform account deposits using the cash desk always
account- link to the endpoint used to perform account withdrawals using the cash always
withdrawal desk
closure link to the endpoint used to perform a closure on the cash desk always
GETCASHDESK
Method
GET
URL
/v2/cash-desk/{cashDeskId}
Required
[ROLE_API_CASHDESK]
Privileges
REQUEST HEADERS
YPS-CASH-DESK- String Yes Globally unique identification of the cash desk operator
OPERATOR-GUID on behalf of whom this request is sent
RESPONSE BODY
{
"name" : <string>, // cash desk name
LINKS
account-deposit link to the endpoint used to perform account deposits using the cash desk always
account- link to the endpoint used to perform account withdrawals using the cash always
withdrawal desk
closure link to the endpoint used to perform a closure on the cash desk always
CHANGECASHDESKSTATE
Method
PUT
URL
/v2/cash-desk/{cashDeskId}
Required
[ROLE_API_CASHDESK]
Privileges
REQUEST HEADERS
YPS-CASH-DESK- String Yes Globally unique identification of the cash desk operator
OPERATOR-GUID on behalf of whom this request is sent
REQUEST BODY
{
"state" : <string> // requested cash desk state (OPEN or CLOSED)
}
CREATEACCOUNTDEPOSIT
Method
POST
URL
/v2/cash-desk/{cashDeskId}/account-deposit
Required
[ROLE_API_CASHDESK]
Privileges
REQUEST HEADERS
YPS-CASH-DESK- String Yes Globally unique identification of the cash desk operator
OPERATOR-GUID on behalf of whom this request is sent
REQUEST BODY
{
"customerGuid" : <string>, // globally unique identifier of the customer
"amount" : <number> // a positive decimal number (the precision depends on payme
RESPONSE
When an HTTP CREATED status code is returned the response Location header points to the newly
created deposit.
GETACCOUNTDEPOSIT
Method
GET
URL
/v2/cash-desk/{cashDeskId}/account-deposit/{accountDepositId}
Required
[ROLE_API_CASHDESK]
Privileges
RESPONSE BODY
{
"date" : <string>, // ISO8601 formatted date
"operator" : <object>, // information about the operator who performed the operati
OPERATOR OBJECT
{
"name" : <string>, // first name and last name of the operator
"guid" : <string> // globally unique identifier of the operator
}
LINKS
cash- link to the cash desk through which the deposit was always
desk performed
customer link to the customer for whom the deposit was performed always
CREATEACCOUNTWITHDRAWAL
Method
POST
URL
/v2/cash-desk/{cashDeskId}/account-withdrawal
Required
[ROLE_API_CASHDESK]
Privileges
Withdraw money from a customer's personal money account through a cash desk.
REQUEST HEADERS
YPS-CASH-DESK- String Yes Globally unique identification of the cash desk operator
OPERATOR-GUID on behalf of whom this request is sent
REQUEST BODY
{
"customerGuid" : <string>, // globally unique identifier of the customer
RESPONSE
When an HTTP CREATED status code is returned the response Location header points to the newly
created withdrawal.
GETACCOUNTWITHDRAWAL
Method
GET
URL
/v2/cash-desk/{cashDeskId}/account-withdrawal/{accountWithdrawalId}
Required
[ROLE_API_CASHDESK]
Privileges
RESPONSE BODY
{
"date" : <string>, // ISO8601 formatted date
"amount" : <number>, // a positive decimal number (the precision depends on paym
"operator" : <object>, // information about the operator who performed the operati
OPERATOR OBJECT
{
"name" : <string>, // first name and last name of the operator
"guid" : <string> // globally unique identifier of the operator
}
LINKS
cash- link to the cash desk through which the withdrawal was always
desk performed
customer link to the customer for whom the withdrawal was performed always
CREATECLOSURE
Method
POST
URL
/v2/cash-desk/{cashDeskId}/closure
Required
[ROLE_API_CASHDESK]
Privileges
A cash desk closure is a report of all activity performed on the cash desk since the last closure.
REQUEST HEADERS
YPS-CASH-DESK- String Yes Globally unique identification of the cash desk operator
OPERATOR-GUID on behalf of whom this request is sent
RESPONSE
When an HTTP CREATED status code is returned the response Location header points to the newly
created closure.
GETCLOSURE
Method
GET
URL
/v2/cash-desk/closure/{closureId}
Required
[ROLE_API_CASHDESK]
Privileges
RESPONSE BODY
{
"fromDate" : <string>, // ISO8601 formatted date
"toDate" : <string>, // ISO8601 formatted date
"finalBalance" : <number>, // a decimal number (the precision depends on payment syste
"operator" : <object>, // information about the operator who performed the operati
OPERATOR OBJECT
{
"name" : <string>, // first name and last name of the operator
"guid" : <string> // globally unique identifier of the operator
}
LINKS
GETCLOSUREOPERATIONS
Method
GET
URL
/v2/cash-desk/closure/{closureId}/operations
Required
[ROLE_API_CASHDESK]
Privileges
RESPONSE BODY
{
"content" : <array of objects>, // cash desk operations
"links" : <array of links>
}
LINKS
<number> link to each cash desk deposit or withdrawal in the if the operation is a deposit or a
results withdrawal
CONTENT
{
"type" : <string>, // type of the operation. One of: "INITIAL_MONEY_BOX_DEPOSIT
"operator" : <object>, // information about the operator who performed the operatio
OPERATOR OBJECT
{
"name" : <string>, // first name and last name of the operator
"guid" : <string> // globally unique identifier of the operator
}
LINKS (CONTENTS)
customer link to the customer for whom the for operation types: CASH_DESK_DEPOSIT and
operation was performed for CASH_DESK_WITHDRAWAL
PROVIDED ENDPOINTS
PUT
POST Decreasing
/v2/customer/{customerGuid}/virtual-balance-decrease
customer's virtual
balance
USAGE EXAMPLES
FINDING CUSTOMERS
To find customers based on search criteria the administrator sends the following request to payment
system:
GET https://<host>:<port>/payment-system/api/v2/customer?state=ENABLED
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"name" : "John Doe",
"guid" : "jdoe",
"lookupKey" : "jdoe",
"state" : "ENABLED",
"personalBalance" : 100.00,
"availableBalance" : 110.00,
"paymentProviderAccountId" : "123xyz",
"virtualBalances" : {},
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/customer
}, {
"name" : "Jane Doe",
"guid" : "jdoe2",
"lookupKey" : "jdoe2",
"state" : "ENABLED",
"personalBalance" : 25.00,
"availableBalance" : 25.00,
"paymentProviderAccountId" : "456xyz",
"virtualBalances" : {
"safeq" : 100
},
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/customer
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/customer/jdoe"
]
}
Things to note:
GET https://<host>:<port>/payment-system/api/v2/customer/123
200 Ok
-- body --
{
"name" : "John Doe",
"guid" : "jdoe",
"lookupKey" : "jdoe",
"state" : "ENABLED",
"personalBalance" : 100.00,
"availableBalance" : 110.00,
"paymentProviderAccountId" : "123xyz",
"links" : [
]
}
Things to note:
POST https://<host>:<port>/payment-system/api/v2/customer
-- body --
{
"guid" : "dvader",
"name" : "Darth Vader",
"lookupKey" : "dvader,
"paymentProviderAccountId" : "123xyz",
"minimumBalance" : 0.00,
"state" : "ENABLED"
}
If the input is correct payment system creates a new customer and replies with:
201 Created
-- response headers --
Location = https://<host>:<port>/payment-system/api/v2/customer/dvader
Things to note:
UPDATING A CUSTOMER
To update a customer the administrator sends the following request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/customer/dvader
-- body --
{
"paymentProviderAccountId" : "123xyz",
"minimumBalance" : -10.00,
"state" : "DISABLED"
}
If the input is correct payment system updates the customer and replies with:
200 Ok
Things to note:
DELETING A CUSTOMER
To delete a customer the administrator sends the following request to payment system:
DELETE https://<host>:<port>/payment-system/api/v2/customer/dvader
If the input is correct payment system updates the customer and replies with:
200 Ok
Things to note:
PUT https://<host>:<port>/payment-system/api/v2/customers
-- body --
{
"guids" : ["jdoe", "jdoe2"]
"paymentProviderAccountId" : null,
"minimumBalance" : null,
"state" : "DISABLED"
}
If the input is correct payment system updates the customer and replies with:
200 Ok
Things to note:
POST https://<host>:<port>/payment-system/api/v2/customer/jdoe/virtual-balance-increase
-- body --
{
"amount": 100.00,
"requestId": "123",
"description": "payment gateway failure claim"
}
If all preconditions are met payment system processes the request and replies with:
200 Ok
Things to note:
POST https://<host>:<port>/payment-system/api/v2/customer/jdoe/virtual-balance-decrease
-- body --
{
"amount": 100.00,
"requestId": "456",
"description": "debt collection"
}
If all preconditions are met payment system processes the request and replies with:
200 Ok
Things to note:
PUT https://<host>:<port>/payment-system/api/v2/customer/jdoe/virtual-balance
-- body --
{
"amount": 100.00,
"requestId": "456",
"description": "resetting balance"
}
If all preconditions are met payment system processes the request and replies with:
200 Ok
Things to note:
GETCUSTOMER
Method
GET
URL
/v2/customer/{customerGuid}
Required
[ROLE_API_MERCHANT]
Privileges
RESPONSE BODY
{
"name" : <string>, // first name and last name of the customer
LINKS
open- link to a list of customer's current open transactions if the merchant can administrate
transactions reservations
increase- link to the endpoint used to increase the customer's if the merchant can increase
virtual-balance virtual balance virtual balances
decrease- link to the endpoint used to decrease the if the merchant can decrease
virtual-balance customer's virtual balance virtual balances
virtual-balance link to the endpoint used to set the customer's if the merchant can decrease
virtual balance to a concrete value virtual account balances
FINDCUSTOMERS
Method
GET
URL
/v2/customer
Required
[ROLE_API_ADMIN]
Privileges
List all customers. This list is paged. The list is sorted by customer's name.
REQUEST ARGUMENTS
RESPONSE BODY
{
"page" : <number>,
"pageSize" : <number>,
"totalCount": <number>,
"results" : <array of objects>, // customers
"links" : <array of links>
}
LINKS
RESULTS
{
"name" : <string>, // first name and last name of the customer
{
"safeq" : 50,
"library" : 20
}
LINKS
reservations link to a list of customer's current reservations if the merchant can administrate
reservations
increase- link to the endpoint used to increase the customer's if the merchant can increase
virtual-balance virtual balance virtual balances
decrease- link to the endpoint used to decrease the if the merchant can decrease
virtual-balance customer's virtual balance virtual balances
virtual-balance link to the endpoint used to set the customer's if the merchant can decrease
virtual balance to a concrete value virtual account balances
CREATECUSTOMER
Method
POST
URL
/v2/customer
Required
[ROLE_API_ADMIN]
Privileges
REQUEST BODY
{
"guid" : <string>, // globally unique identifier of the customer
RESPONSE
When an HTTP CREATED status code is returned the response Location header points to the newly
created customer.
UPDATECUSTOMER
Method
PUT
URL
/v2/customer/{customerGuid}
Required
[ROLE_API_ADMIN]
Privileges
Update a customer.
All arguments are optional. Any missing parameters will not be changed.
REQUEST BODY
{
"name" : <string>, // customer's name
"lookupKey" : <string>, // customer's lookup key
"paymentProviderAccountId" : <string>, // the account id of customer's personal account
DELETECUSTOMER
Method
DELETE
URL
/v2/customer/{customerGuid}
Required
[ROLE_API_ADMIN]
Privileges
Remove a customer.
BULKUPDATECUSTOMERS
Method
PUT
URL
/v2/customers
Required
[ROLE_API_ADMIN]
Privileges
All arguments are optional. Any missing parameters will not be changed.
REQUEST BODY
{
"guids" : <list of string>, // list of globally unique identifier of
INCREASEVIRTUALBALANCE
Method
POST
URL
/v2/customer/{customerGuid}/virtual-balance-increase
Required
[ROLE_API_BALANCE_MANAGEMENT]
Privileges
REQUEST BODY
{
"amount" : <number>, // positive decimal number (the precision depends on payment
"requestId" : <string> // identifier of the request for tracking and idempotency che
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. the operation is performed only once even when
duplicate requests are sent by the merchant system. This means that in case of network problems when the
merchant system is unsure if the operation has been performed or not it can simply resend the exact same
request without worrying about duplicating the operation.
A request is considered a duplicate if the payment system has already performed a operation with the same
parameters.
DECREASEVIRTUALBALANCE
Method
POST
URL
/v2/customer/{customerGuid}/virtual-balance-decrease
Required
[ROLE_API_BALANCE_MANAGEMENT]
Privileges
REQUEST BODY
{
"amount" : <number>, // positive decimal number (the precision depends on payment
"requestId" : <string> // identifier of the request for tracking and idempotency che
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. the operation is performed only once even when
duplicate requests are sent by the merchant system. This means that in case of network problems when the
merchant system is unsure if the operation has been performed or not it can simply resend the exact same
request without worrying about duplicating the operation.
A request is considered a duplicate if the payment system has already performed a operation with the same
parameters.
UPDATEVIRTUALBALANCE
Method
PUT
URL
/v2/customer/{customerGuid}/virtual-balance
Required
[ROLE_API_BALANCE_MANAGEMENT]
Privileges
REQUEST BODY
{
"amount" : <number>, // positive decimal number (the precision depends on payment
"requestId" : <string> // identifier of the request for tracking and idempotency che
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. the operation is performed only once even when
duplicate requests are sent by the merchant system. This means that in case of network problems when the
merchant system is unsure if the operation has been performed or not it can simply resend the exact same
request without worrying about duplicating the operation.
A request is considered a duplicate if the payment system has already performed a operation with the same
parameters.
UPDATELICENSE
Method
PUT
URL
/v1/entitlement-system/license
Required
[ROLE_API_ADMIN]
Privileges
GETENTITLEMENT
Method
GET
URL
/v1/entitlement
Required
[ROLE_API_MERCHANT]
Privileges
The micro transaction API is intended to be used for aggregating multiple reservations (micro transactions)
into one aggregated transaction. The micro transactions are settled as a single transaction from a
customer's account to a merchant's account. All requests to the payment system during the payment
process are done by the merchant on behalf of the customer. This implies that the customer trusts the
merchant to handle micro transactions transactions correctly.
MICRO TRANSACTIONS
A micro transaction is another name for a reservation within transactions that aggregate multiple
reservations into one settlement. They are part of a multi step process within multiple reservations are
created prior to their settlement as a group.
A multi step process is required when there is a time gap between the order of goods/services and their
delivery. The merchant wants to have an assurance at the time of the order that the user can pay for the
goods/services once they are delivered. And the customer wants to pay for the goods/services only after
they have been delivered.
Micro transactions handle the multi step process by having the following steps:
1. reservation - the merchant system requests that payment system reserve a certain amount on
customer's account (assurance of payment). This step can be repeated multiple times.
2. settlement - after the delivery the merchant system requests that payment system settle the
aggregated transaction transferring the sum of the reserved amounts to the merchant's account
Note: the settled amount can differ the sum of the reserved amount.
PROVIDED ENDPOINTS
POST Creating
/v2/transaction/micro
micro
transactions
PUT Settling or
/v2/transaction/micro/{transactionId}
cancelling
aggregated
transactions.
(final step of
the multi
step
payment
process)
DELETE Removing
/v2/transaction/micro/{transactionId}/reservation/{reservationId}
micro
transactions
USAGE EXAMPLES
POST https://<host>:<port>/payment-system/api/v2/transaction/micro
-- body --
{
"customerGuid" : "jdoe",
"transactionId" : "123456",
"reservationId" : "book 456",
"amount" : 100.00,
"description" : "reservation for book 456"
}
If all preconditions are met (e.g. customer has sufficient balance for the transaction) payment system
processes the micro transaction and replies with a newly created resource location that points to the created
micro transaction:
201 Created
-- headers --
Location: https://<host>:<port>/payment-system/api/v2/transaction/micro/123456/reservatio
Content-Location: https://<host>:<port>/payment-system/api/v2/transaction/micro/123456
Things to note:
The merchant system is encouraged to store the location of the transaction and/or the micro transaction
URL for further interactions such as settling or cancelling transactions.
PUT https://<host>:<port>/payment-system/api/v2/transaction/micro/123456
-- body --
{
"state" : "CANCELLED",
"description" : "Customer requested order cancellation"
}
Payment system will cancel the aggregated transaction making the sum of reserved amounts available to
the customer and respond with:
200 Ok
Things to note:
DELETE https://<host>:<port>/payment-system/api/v2/transaction/micro/123456/reservation/1
Payment system will remove the micro transaction making the reserved amount available to the customer
and respond with:
200 Ok
Things to note:
PUT https://<host>:<port>/payment-system/api/v2/transaction/micro/123456
-- body --
{
"state": "SETTLED",
"amount": 100.00,
"description": "Transaction settlement"
}
Payment system will transfer the sum of the reserved amounts to the merchant's account and respond with:
200 Ok
-- response headers --
Content-Location = https://<host>:<port>/payment-system/api/v2/transaction/123456
Things to note:
CREATEMICROTRANSACTION
Method
POST
URL
/v2/transaction/micro
Required
[ROLE_API_MERCHANT]
Privileges
Creates a new micro transaction reserving the given amount on the customer's account to the benefit of the
merchant performing the request.
REQUEST BODY
{
"customerGuid" : <string>, // globally unique identifier of the customer
"transactionId" : <string>, // a merchant defined identifier of the aggregated transact
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. only one micro transaction is created even when
duplicate requests are sent by the merchant system. This means that in case of network problems when the
merchant system is unsure if a transaction has been created or not it can simply resend the exact same
request without worrying about creating duplicate micro transactions.
A request is considered a duplicate if the payment system has already created a micro transaction with the
same parameters.
Duplicate requests are not considered as errors but the merchant system is informed about the fact that the
transaction has already been created by a previous request.
POSSIBLE RESPONSES
Response Meaning
Code
200 Ok The request is a duplicate. The micro transaction already exists. No new micro
transaction has been created. The response body contains information about when the
micro transaction has been created and in what state it is currently in.
409 Conflict Micro transaction could not be processed because of insufficient balance on the
customer's account.
When a micro transaction is successfully processed the Location header of the response points to the newly
created resource representing the micro transaction. The merchant system is encouraged to store the
location of the transaction for further interactions such as cancelling of the micro transaction. The Content-
Location header points to the aggregated transaction. The merchant system is encouraged to store the
location of the aggregated transaction for further interaction such as cancellation or settlement of the
aggregated transaction.
CHANGETRANSACTIONSTATE
Method
PUT
URL
/v2/transaction/micro/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
REQUEST BODY
{
"state" : <string>, // SETTLED or CANCELLED
"amount" : <number>, // positive decimal number (the precision depends on payment
REQUEST IDEMPOTENCY
Payment system ensures request idempotency. This means that in case of network problems when the
merchant system is unsure if a transaction has been created or not settled (cancelled) it can simply resend
the exact same request without worrying about side-effects.
Things to note:
POSSIBLE RESPONSES
Response Meaning
Code
409 Conflict Transaction could not be processed because of insufficient balance on the customer's
account or the transaction is already settled/cancelled.
RESPONSE
When an HTTP CREATED status code is returned for settlement requests the response Location header
points to the newly concluded transaction.
CANCELRESERVATION
Method
DELETE
URL
/v2/transaction/micro/{transactionId}/reservation/{reservationId}
Required
[ROLE_API_MERCHANT]
Privileges
POSSIBLE RESPONSES
Response Meaning
Code
404 Not Found The referenced aggregated transaction or micro transaction was not found.
409 Conflict The referenced aggregated transaction or micro transaction is already settled
/cancelled.
The one-step transaction API is intended to be used for one-time payments from a customer's account to a
merchant's account. The payment is requested by the merchant on behalf of the customer. This implies that
the customer trusts the merchant to request the payment correctly.
PROVIDED ENDPOINTS
USAGE EXAMPLE
POST https://<host>:<port>/payment-system/api/v2/transaction/one-step
-- body --
{
"customerGuid" : "jdoe",
"transactionId" : "123456",
"amount" : 100.00,
"description" : "reservation for book 456"
}
If all preconditions are met payment system processes the payment and replies with a newly created
resource location that points to the created transaction:
201 Created
-- headers --
Location: https://<host>:<port>/payment-system/api/v2/transaction/123456
Things to note:
The merchant system is encouraged to store the location of the payment for further interactions such as
refunding a payment.
CREATEONESTEPTRANSACTION
Method
POST
URL
/v2/transaction/one-step
Required
[ROLE_API_MERCHANT]
Privileges
Creates a new one-step transaction for the customer and the given amount to the benefit of the merchant
performing the request.
REQUEST ARGUMENTS
REQUEST BODY
{
"customerGuid" : <string>, // globally unique identifier of the customer
"transactionId" : <string>, // a merchant defined identifier of the transaction. This i
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. only one one-step transaction is created even when
duplicate requests are sent by the merchant system.This means that in case of network problems when the
merchant system is unsure if a payment has been created or not it can simply resend the exact same
request without worrying about creating duplicate payments.
A request is considered a duplicate if payment system has already performed a one-step transaction with
the same parameters.
Duplicate requests are not considered as errors but the merchant system is informed about the fact that the
payment has already been processed by a previous request.
POSSIBLE RESPONSES
Response Meaning
Code
200 Ok The request is a duplicate. The one-step transaction already exists. No new One-step
transaction has been created.
409 Conflict One-step transaction could not be processed because of insufficient balance on the
customer's account.
When a one-step transaction is successfully processed the Location header of the response points to the
newly created resource representing it. The merchant system is encouraged to store the location of the
payment for further interactions such as displaying a payment.
REST API for open (not settled 2-step and micro) transaction management.
PROVIDED ENDPOINTS
Endpoint
/v2/open-transaction
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}
Endpoint
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}/reservation/{reser
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}/reservation/{reser
USAGE EXAMPLES
GET https://<host>:<port>/payment-system/api/v2/open-transaction
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 1,
"results" : [{
"transactionId" : "75dc7380-4566-11e4-916c-0800200c9a66",
"date" : "2014-09-20T21:14:53.855Z",
"amount" : 5.00,
"virtualAmount" : 4.00,
"personalAmount" : 1.00,
"merchantId" : 3,
"reservations" : [
{
"reservationId" : "1",
"amount" : 3.00,
"virtualAmount" : 2.00,
"personalAmount" : 1.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-t
]
},
{
"reservationId" : "2",
"amount" : 2.00,
"virtualAmount" : 2.00,
"personalAmount" : 0.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-t
]
}
],
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-tran
]
}]
}
Things to note:
GET https://<host>:<port>/payment-system/api/v2/open-transaction/merchant/{merchantId}/tr
200 Ok
-- body --
{
"transactionId" : "75dc7380-4566-11e4-916c-0800200c9a66",
"date" : "2014-09-20T21:14:53.855Z",
"amount" : 5.00,
"virtualAmount" : 4.00,
"personalAmount" : 1.00,
"merchantId" : 3,
"reservations" : [
{
"reservationId" : "1",
"amount" : 3.00,
"virtualAmount" : 2.00,
"personalAmount" : 1.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-tra
]
},
{
"reservationId" : "2",
"amount" : 2.00,
"virtualAmount" : 2.00,
"personalAmount" : 0.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-tra
]
}
],
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-transac
]
}
Things to note:
DELETE https://<host>:<port>/payment-system/api/v2/open-transaction/merchant/{merchantId}
200 Ok
Things to note:
GET https://<host>:<port>/payment-system/api/v2/open-transaction/merchant/{merchantId}/tr
200 Ok
-- body --
{
"reservationId" : "1",
"amount" : 3.00,
"virtualAmount" : 2.00,
"personalAmount" : 1.00,
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/open-trans
]
}
Things to note:
DELETE https://<host>:<port>/payment-system/api/v2/open-transaction/merchant/{merchantId}
200 Ok
Things to note:
FINDOPENTRANSACTIONS
Method
GET
URL
/v2/open-transaction
Required
[ROLE_API_ADMIN]
Privileges
REQUEST ARGUMENTS
RESPONSE BODY
{
"page" : <number>,
"pageSize" : <number>,
"totalCount" : <number>,
"results" : <array of open transaction objects>,
"links" : <array of links>
}
LINKS
{
"transactionId" : <string>, // A merchant defined transaction id
"date" : <string>, // ISO8601 formatted date, date when transaction ha
RESERVATION OBJECT
{
"reservationId" : <string>, // A merchant defined reservation id
"amount" : <number>, // Total reserved amount. A decimal number (the pre
GETTRANSACTION
Method
GET
URL
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}
Required
[ROLE_API_ADMIN]
Privileges
RESPONSE BODY
{
"transactionId" : <string>, // A merchant defined transaction id
"date" : <string>, // ISO8601 formatted date, date when transaction ha
RESERVATION OBJECT
{
"reservationId" : <string>, // A merchant defined reservation id
"amount" : <number>, // Total reserved amount. A decimal number (the pre
DELETETRANSACTION
Method
DELETE
URL
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}
Required
[ROLE_API_ADMIN]
Privileges
GETRESERVATION
Method
GET
URL
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}/reservati
Required
[ROLE_API_ADMIN]
Privileges
RESPONSE BODY
{
"reservationId" : <string>, // A merchant defined reservation id
"amount" : <number>, // Total reserved amount. A decimal number (the pre
DELETERESERVATION
Method
DELETE
URL
/v2/open-transaction/merchant/{merchantId}/transaction/{transactionId}/reservati
Required
[ROLE_API_ADMIN]
Privileges
Removes a reservation.
REST API for preparing Payment System deposits through Payment Gateways.
The deposit API is intended to be used by merchants preparing deposits to Payment System for their
customers. The merchant system first issues a call to the deposit API. Payment System tells the merchant
system where to redirect the customer in the response. The merchant system then redirects the client to the
prepared deposit and Payment System handles the rest.
PROVIDED ENDPOINTS
POST Prepare a
/v2/payment-gateway/deposit
deposit
USAGE EXAMPLE
PREPARING A DEPOSIT
To request a deposit the merchant system sends a deposit request to payment system:
POST https://<host>:<port>/payment-system/api/v2/payment-gateway/deposit
-- body --
{
"customerGuid" : "jdoe",
"amount" : 100.00,
"currency" : "USD",
"description" : "Deposit to allow usage of merchant service",
"returnUrl" : "http://mymerchant.com/shopping-cart/payed?id=123",
"language" : "en_US"
}
If all preconditions are met payment system processes the deposit request and replies with a newly created
resource location that points to the prepared deposit.
201 Created
-- headers --
Location: https://<host>:<port>/payment-system/payment-gateway/deposit/ebae4ba0-3360-46bd
-- body --
Things to note:
CREATEDEPOSIT
Method
POST
URL
/v2/payment-gateway/deposit
Required
[ROLE_API_MERCHANT]
Privileges
REQUEST BODY
{
"customerGuid" : <string>, // globally unique identifier of the customer
"amount" : <number>, // a positive decimal number (the precision depends on payme
"currency" : <string>, // currency code according to ISO 4217 ("USD", "EUR", ...)
RESPONSE
When an HTTP CREATED status code is returned the response Location header points to the URL the
customer should be redirected to to continue the deposit.
GETPAYMENTGATEWAYS
Method
GET
URL
/v2/payment-gateway/list
Required
[ROLE_API_MERCHANT]
Privileges
RESPONSE
List of payment gateway objects
RESULT OBJECTS
{
"gatewayId" : <number>, // id of a payment gateway
"name" : <string>, // name of the payment gateway
"termsAndConditionsEnabled" : <boolean>, // indicates if a payment gateway has a te
PROVIDED ENDPOINTS
PUT
USAGE EXAMPLES
GET https://<host>:<port>/payment-system/api/v2/payment-system/configuration
200 OK
-- body --
{
"holdsMoneyAccountBalance": true,
"supportsRefunds": true,
"currencyCode": "EUR",
"paymentGatewaysAvailable" : true
}
Things to note:
GET https://<host>:<port>/payment-system/api/v2/payment-system/configuration?key=currency
200 OK
-- body --
{
"currencyCode": "EUR"
}
Things to note:
paymentGatewaysAvailable
PUT https://<host>:<port>/payment-system/api/v2/payment-system/configuration
-- body --
{
"currencyCode": "EUR"
}
200 OK
Things to note:
PUT https://<host>:<port>/payment-system/api/v2/payment-system/license
-- body --
{
"license": "<license_body>"
}
If all preconditions are met payment system processes the request and responds with:
200 Ok
Things to note:
GETCONFIGURATION
Method
GET
URL
/v2/payment-system/configuration
Required
[ROLE_API_ADMIN]
Privileges
REQUEST ARGUMENTS
key List<String> No Values of key define subset of returned configuration parameters. (...
/configuration?key=currencyCode; .../configuration?
key=currencyCode&key=supportsRefunds; ...)
POSSIBLE BODY
{
"holdsMoneyAccountBalance" : <boolean>, // if true payment system holds money of money
UPDATECONFIGURATION
Method
PUT
URL
/v2/payment-system/configuration
Required
[ROLE_API_ADMIN]
Privileges
REQUEST BODY
{
"currencyCode" : <string> // currency code according to ISO 4217 ("USD", "EUR", ...) in
UPDATELICENSE
Method
PUT
URL
/v2/payment-system/license
Required
[ROLE_API_ADMIN]
Privileges
REQUEST BODY
{
"license" : "<string>" // encoded license string
}
PROVIDED ENDPOINTS
GET Retrieving
/v2/periodic-recharge
a list of
periodic
recharges
GET Retrieving
/v2/periodic-recharge/{rechargeId}
details
about 1
particular
periodic
recharge
POST Creating a
/v2/periodic-recharge
new
periodic
recharge
PUT Updating a
/v2/periodic-recharge/{rechargeId}
periodic
recharge
DELETE Deleting a
/v2/periodic-recharge/{rechargeId}
periodic
recharge
PUT Bulk
/v2/periodic-recharges
update
periodic
recharges
POST Assigning
/v2/periodic-recharge/{rechargeId}/recharged-customer
customers
to a
periodic
recharge
GET Retrieving
/v2/periodic-recharge/{rechargeId}/recharged-customer
the
assigned
customers
of a
periodic
recharge
GET Retrieving
/v2/periodic-recharge/{rechargeId}/recharged-customer/{customerGuid}
information
about a
customer
assigned
to a
periodic
recharge
DELETE Remove a
/v2/periodic-recharge/{rechargeId}/recharged-customer/{customerGuid}
customer
from a
periodic
recharge
DELETE Removing
/v2/periodic-recharge/{rechargeId}/recharged-customer
customers
from a
periodic
recharge
USAGE EXAMPLES
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge
If all preconditions are met (e.g. operator has cash desks assigned) payment system responds with:
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"rechargeId" : 1,
"name" : "Monthly Allowance",
"state" : "ENABLED",
"dayOfMonth" : 1,
"description" : "$50 each month",
"amount" : 50.00,
"strategy" : "RECHARGE_BY_AMOUNT",
"startDate" : "2014-08-29T11:55:31.308Z",
"periodType" : "MONTH",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-
}, {
"rechargeId" : 2,
"name" : "Yearly Bonus",
"state" : "ENABLED",
"month" : "JANUARY",
"dayOfMonth" : 1,
"description" : "$300 each month",
"amount" : 300.00,
"strategy" : "RECHARGE_TO_AMOUNT",
"startDate" : "2014-08-29T11:55:31.308Z",
"periodType" : "YEAR",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-rechar
]
}
Things to note:
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge/1
If all preconditions are met (e.g. periodic recharge exists) payment system responds with:
200 OK
-- body --
{
"rechargeId" : 1,
"name" : "Monthly Allowance",
"state" : "ENABLED",
"dayOfMonth" : 1,
"description" : "$50 each month",
"amount" : 50.00,
"strategy" : "RECHARGE_BY_AMOUNT",
"startDate" : "2014-08-29T11:55:31.308Z",
"periodType" : "MONTH",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-re
Things to note:
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
If all preconditions are met (e.g. periodic recharge exists) payment system responds with:
200 Ok
-- body --
{
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-recha
],
"content" : [{
"customerGuid" : "jdoe",
"customerName" : "John Doe",
"customerLookupKey" : "jdoe",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic
]
}, {
"customerGuid" : "jdoe2",
"customerName" : "Jane Doe",
"customerLookupKey" : "jdoe2",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic
]
}]
}
POST https://<host>:<port>/payment-system/api/v2/periodic-recharge
-- body --
{
"name" : "Monthly Recharge",
"strategy" : "RECHARGE_BY_AMOUNT",
"amount" : 100.00,
"periodType" : "MONTH",
"dayOfMonth" : 1,
"startDate" : "2014-07-03T14:30:40.209Z",
"state" : "ENABLED",
"description" : "Monthly recharge executed on the 1st of Month"
}
201 Created
-- response headers --
Location = https://<host>:<port>/payment-system/api/v2/periodic-recharge/3
Things to note:
PUT https://<host>:<port>/payment-system/api/v2/periodic-recharge/1
-- body --
{
"amount": 200.00
}
200 Ok
Things to note:
DELETE https://<host>:<port>/payment-system/api/v2/periodic-recharge/1
200 Ok
Things to note:
PUT https://<host>:<port>/payment-system/api/v2/periodic-recharges
-- body --
{
"rechargeIds": [1, 2, 3],
"state" : "DISABLED"
}
200 Ok
Things to note:
To remove a periodic recharge the administrator sends the following request to payment system:
DELETE https://<host>:<port>/payment-system/api/v2/periodic-recharge/jdoe
200 Ok
Things to note:
POST https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
-- body --
{
"customerGuids" : ["dvader", "jdoe"]
}
201 Created
-- response headers --
Content-Location = https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/rechar
Things to note:
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
200 Ok
-- body --
{
"page" : 1,
"pageSize" : 10,
"totalCount": 2,
"results" : [{
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic
],
"customerGuid" : "jdoe",
],
"customerGuid" : "jdoe2",
"customerName" : "Jane Doe",
"customerLookupKey" : "jdoe2"
}],
"links" : [
{ "rel" : "0", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-rechar
]
}
Things to note:
GET https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer/1
200 Ok
-- body --
{
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/periodic-re
],
"customerGuid" : "jdoe",
"customerName" : "John Doe",
"customerLookupKey" : "jdoe"
}
Things to note:
DELETE https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
200 Ok
Things to note:
DELETE https://<host>:<port>/payment-system/api/v2/periodic-recharge/1/recharged-customer
-- body --
{
"customerGuids" : ["dvader", "jdoe"]
}
200 Ok
Things to note:
FINDPERIODICRECHARGES
Method
GET
URL
/v2/periodic-recharge
Required
[ROLE_API_ADMIN]
Privileges
REQUEST ARGUMENTS
RESPONSE BODY
{
"page" : <number>,
"pageSize" : <number>,
"totalCount" : <number>,
"results" : <array of objects>,
"links" : <array of links>
}
LINKS
RESULT OBJECTS
{
"rechargeId" : <number>, // id of the recharge
"name" : <string>, // name of the periodic recharge
"startDate" : <string>, // ISO8601 formatted date
"amount" : <number>, // a positive decimal number (the precision depends on payme
"dayOfMonth" : <number>, // specifies day of month when the recharge should be proces
"dayOfWeek" : <string>, // specifies day of week when the recharge should be process
"numberOfDays" : <number>, // specifies the number of days in which the recharge should
LINKS (RESULTS)
CREATEPERIODICRECHARGE
Method
POST
URL
/v2/periodic-recharge
Required
[ROLE_API_ADMIN]
Privileges
REQUEST BODY
{
"name" : <string>, // name of the periodic recharge
"startDate" : <string>, // ISO8601 formatted date. Must be a date in future (tomorro
"dayOfMonth" : <number>, // specifies day of month when the recharge should be proces
"dayOfWeek" : <string>, // specifies day of week when the recharge should be process
"numberOfDays" : <number>, // specifies the number of days in which the recharge should
RESPONSE
When an HTTP CREATED status code is returned the response Location header points to the newly
created periodic recharge.
GETPERIODICRECHARGE
Method
GET
URL
/v2/periodic-recharge/{rechargeId}
Required
[ROLE_API_ADMIN]
Privileges
RESPONSE BODY
{
"rechargeId" : <number>, // id of the recharge
"name" : <string>, // name of the periodic recharge
"startDate" : <string>, // ISO8601 formatted date
"dayOfMonth" : <number>, // specifies day of month when the recharge should be proces
"dayOfWeek" : <string>, // specifies day of week when the recharge should be process
"numberOfDays" : <number>, // specifies the number of days in which the recharge should
REMOVEPERIODICRECHARGE
Method
DELETE
URL
/v2/periodic-recharge/{rechargeId}
Required
[ROLE_API_ADMIN]
Privileges
UPDATEPERIODICRECHARGE
Method
PUT
URL
/v2/periodic-recharge/{rechargeId}
Required
[ROLE_API_ADMIN]
Privileges
All arguments are optional. Any missing parameters will not be changed.
REQUEST BODY
{
"name" : <string>, // name of the periodic recharge
"startDate" : <string>, // ISO8601 formatted date
"amount" : <number>, // a positive decimal number (the precision depends on payme
"dayOfMonth" : <number>, // specifies day of month when the recharge should be proces
"dayOfWeek" : <string>, // specifies day of week when the recharge should be process
"numberOfDays" : <number>, // specifies the number of days in which the recharge should
UPDATEPERIODICRECHARGES
Method
PUT
URL
/v2/periodic-recharges
Required
[ROLE_API_ADMIN]
Privileges
REQUEST BODY
{
"rechargeIds" : <array of number>, // ids of recharges
"state" : <string>, // ENABLED or DISABLED
}
GETRECHARGEDCUSTOMERS
Method
GET
URL
/v2/periodic-recharge/{rechargeId}/recharged-customer
Required
[ROLE_API_ADMIN]
Privileges
REQUEST ARGUMENTS
RESPONSE BODY
{
"page" : <number>,
"pageSize" : <number>,
"totalCount" : <number>,
"results" : <array of objects>,
"links" : <array of links>
}
LINKS
RESULT OBJECTS
{
"customerName" : <string>, // first name and last name of the customer
LINKS (CONTENT)
CREATERECHARGEDCUSTOMERS
Method
POST
URL
/v2/periodic-recharge/{rechargeId}/recharged-customer
Required
[ROLE_API_ADMIN]
Privileges
REQUEST BODY
{
"customerGuid" : <list of strings> // a list of globally unique identifiers of the cust
RESPONSE
When assignment was successful an HTTP status Created is returned.
GETRECHARGEDCUSTOMER
Method
GET
URL
/v2/periodic-recharge/{rechargeId}/recharged-customer/{customerGuid}
Required
[ROLE_API_ADMIN]
Privileges
RESPONSE BODY
{
"customerName" : <string>, // first name and last name of the customer
"customerGuid" : <string>, // globally unique identifier of the customer
"customerLookupKey" : <number>, // a key by which the customer can be looked up
LINKS
REMOVERECHARGEDCUSTOMER
Method
DELETE
URL
/v2/periodic-recharge/{rechargeId}/recharged-customer/{customerGuid}
Required
[ROLE_API_ADMIN]
Privileges
RESPONSE
When removal was successful an HTTP status Ok is returned.
REMOVERECHARGEDCUSTOMERS
Method
DELETE
URL
/v2/periodic-recharge/{rechargeId}/recharged-customer
Required
[ROLE_API_ADMIN]
Privileges
REQUEST BODY
{
"customerGuid" : <list of strings> // a list of globally unique identifiers of the cust
RESPONSE
When removal was successful an HTTP status Ok is returned.
CREATERESERVATION
Method
POST
URL
/v1/reservation
Required
[ROLE_API_MERCHANT]
Privileges
INCREMENTRESERVATION
Method
POST
URL
/v1/reservation/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
CHANGERESERVATIONSTATE
Method
PUT
URL
/v1/reservation/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
GETRESERVATION
Method
GET
URL
/v1/reservation/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
CANCELRESERVATION
Method
DELETE
URL
/v1/reservation/{transactionId}/chunk/{reservationId}
Required
[ROLE_API_MERCHANT]
Privileges
PROVIDED ENDPOINTS
Things to note:
GET https://<host>:<port>/payment-system/api/v2/transaction/75dc7380-4566-11e4-916c-08002
200 Ok
-- body --
{
"type" : "MONEY_TRANSFER",
"date" : "2014-09-20T21:14:53.855Z",
"transactionId" : "75dc7380-4566-11e4-916c-0800200c9a66",
"amount" : 3.00,
"balanceChange" : -3.00,
"description" : "Payment for: candy bar",
"links" : [
{ "rel" : "self", "href" : "https://<host>:<port>/payment-system/api/v2/transaction/
Things to note:
POST https://<host>:<port>/payment-system/api/v2/transaction/75dc7380-4566-11e4-916c-0800
-- body --
{
"refundId": "full refund",
"amount": 3.00,
"description": "Candy bar was stale"
}
If all preconditions are met payment system processes the refund and replies with:
201 Created
-- response headers --
TDB
GETTRANSACTION
Method
GET
URL
/v2/transaction/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
RESPONSE BODY
{
"type" : <string>, // Type of the transaction. Possible values are MON
"tax" : <number>, // Value of tax for the transaction. Only for MONEY
LINKS
refund link to the resource used for creating refunds on this if refunds are
transaction supported
CREATEREFUND
Method
POST
URL
/v2/transaction/{transactionId}/refund
Required
[ROLE_API_MERCHANT]
Privileges
Refund a transaction returning the given amount to the customer's account from the merchant's account.
REQUEST BODY
{
"refundId" : <string>, // A merchant defined refund id, used for idempotency checkin
POSSIBLE RESPONSES
Response Meaning
Code
200 Ok The request is a duplicate. The refund already exists. No new refund has been created.
The response body contains a representation of the refund created by the previous
request i.e. the one the current request duplicates.
409 Conflict Refund could not be processed because it would violate the refunding rules configured
within payment system.
The two-step transaction API is intended to be used as clearing transactions from a customer's account to a
merchant's account. All requests to payment system during the payment process are done by the merchant
on behalf of the customer. This implies that the customer trusts the merchant to handle two-step
transactions correctly.
TWO-STEP TRANSACTIONS
A two step process is required when there is a time gap between the order of goods/services and their
delivery. The merchant wants to have an assurance at the time of the order that the user can pay for the
goods/services once they are delivered. And the customer wants to pay for the goods/services only after
they have been delivered.
1. reservation - the merchant system requests that payment system reserve a certain amount on
customer's account (assurance of payment)
2. settlement - after the delivery the merchant system requests that payment system settle the two-step
transaction transferring the reserved amount to the merchant's account
PROVIDED ENDPOINTS
USAGE EXAMPLES
CREATING RESERVATIONS
To start a two-step transaction the merchant system sends a reservation request to payment system:
POST https://<host>:<port>/payment-system/api/v2/transaction/two-step
-- body --
{
"customerGuid" : "jdoe",
"transactionId" : "123456",
"amount" : 100.00,
"description" : "reservation for book 456"
}
If all preconditions are met (e.g. customer has sufficient balance for the transaction) payment system
processes the reservation and replies with a newly created resource location that points to the created
transaction in progress:
201 Created
-- headers --
Location: https://<host>:<port>/payment-system/api/v2/transaction/two-step/123456
Things to note:
The merchant system is encouraged to store the location of the reservation for further interactions such as
settling or cancelling transactions.
PUT https://<host>:<port>/payment-system/api/v2/transaction/two-step/123456
-- body --
{
"state" : "CANCELLED",
"description" : "Customer requested order cancellation"
}
Payment system will cancel the reservation making the reserved amount available to the customer and
respond with:
200 Ok
Things to note:
PUT https://<host>:<port>/payment-system/api/v2/transaction/two-step/123456
-- body --
{
"state" : "SETTLED",
"amount" : 100.00,
"description" : "Transaction settlement"
}
Payment system will transfer the reserved amount to the merchant's account and respond with:
200 Ok
-- response headers --
Content-Location = https://<host>:<port>/payment-system/api/v2/transaction/123456
Things to note:
The merchant system is encouraged to store the location of the payment for further interactions such as
refunding a payment.
CREATERESERVATION
Method
POST
URL
/v2/transaction/two-step
Required
[ROLE_API_MERCHANT]
Privileges
Create a new two-step transaction reserving the given amount on the customer's account to the benefit of
the merchant performing the request.
REQUEST BODY
{
"customerGuid" : <string>, // globally unique identifier of the customer
"transactionId" : <string>, // a merchant defined identifier of the aggregated transact
REQUEST IDEMPOTENCY
Payment system ensures request idempotency i.e. only one clearing transaction is created even when
duplicate requests are sent by the merchant system. This means that in case of network problems when the
merchant system is unsure if a transaction has been created or not it can simply resend the exact same
request without worrying about creating duplicate transactions.
A request is considered a duplicate if the payment system has already created a transaction with the same
parameters.
Duplicate requests are not considered as errors but the merchant system is informed about the fact that the
transaction has already been created by a previous request.
POSSIBLE RESPONSES
200 Ok Clearing transaction The request is a duplicate. The transaction already exists. No new
created response transaction has been created. The response body contains
information about when the transaction has been created and in
what state it is currently in.
When a reservation is successfully processed the Location header of the response points to the newly
created resource representing the clearing transaction. The merchant system is encouraged to store the
location of the transaction for further interactions such as cancelling or settling the transaction.
CHANGESTATE
Method
PUT
URL
/v2/transaction/two-step/{transactionId}
Required
[ROLE_API_MERCHANT]
Privileges
REQUEST BODY
{
"state" : <string>, // SETTLED or CANCELLED
"amount" : <number>, // positive decimal number (the precision depends on payment
REQUEST IDEMPOTENCY
Payment system ensures request idempotency. This means that in case of network problems when the
merchant system is unsure if a transaction has been created or not settled (cancelled) it can simply resend
the exact same request without worrying about side-effects.
Things to note:
POSSIBLE RESPONSES
409 Error message Transaction could not be processed because of insufficient balance
Conflict on the customer's account or the transaction is already settled
/cancelled.
RESPONSE
When an HTTP CREATED status code is returned for settlement requests the response Location header
points to the newly concluded transaction.
PROVIDED ENDPOINTS
PUT Redeem
/v2/voucher/{voucherCode}
voucher
USAGE EXAMPLES
CREATE VOUCHER
To create a voucher, administrator sends the following request to payment system:
POST https://<host>:<port>/payment-system/api/v2/voucher
-- body --
{
"code" : "ASDFXYZ123",
"amount" : 10,
"expirationDate" : "2015-09-26T10:20:58.481Z"
}
201 Created
Things to note:
REDEEM VOUCHER
To redeem a voucher, administrator sends the following request to payment system:
PUT https://<host>:<port>/payment-system/api/v2/voucher/ASDFXYZ123
-- body --
{
"customerGuid" : "jdoe",
"state" : "REDEEMED"
}
200 Ok
Things to note:
CREATEVOUCHER
Method
POST
URL
/v2/voucher
Required
[ROLE_API_ADMIN]
Privileges
REQUEST BODY
{
"code" : <string>, // unique voucher code
"amount" : <number>, // a decimal number (the precision depends on payment syst
REDEEMVOUCHER
Method
PUT
URL
/v2/voucher/{voucherCode}
Required
[ROLE_API_ADMIN]
Privileges
Redeem a voucher.
REQUEST BODY
{
"customerGuid" : <string>, // unique identifier of a customer who will redeem the vouch
User information contains an the identifier that is used as a customer reference within Payment
System.
To retrieve user information the merchant sends a HTTP GET request to user management:
GET https://<host>:<port>/user-management/api/v1/user/johndoe
If all preconditions are met (e.g. user exists) user management responds with a JSON object describing the
user
200 OK
-- body --
{
userId: 1024,
username: "jdoe",
displayName: "John Doe",
email: "jdoe@gmail.com"
}
Things to note:
AUTHENTICATING USERS
To authenticate a user by username and password or card number or pin the merchant sends a HTTP
POST request to user management:
POST https://<host>:<port>/user-management/api/v1/user/authentication?method=username-and
-- body --
{
username: 'jdoe',
password: '12345'
}
If the user is authenticated user management responds with a JSON object describing the user
200 OK
{
userId: 1024,
username: "jdoe",
displayName: "John Doe",
email: "jdoe@gmail.com"
}
Things to note:
6.8.3 GETUSERBYUSERNAME
Method
GET
URL
/user/{username:.*}
POSSIBLE RESPONSES
userId Positive integer within range Internal user identity. Used as a customer reference within
(0, 263-1) Payment System.
6.8.4 AUTHENTICATEBYUSERNAMEANDPASSWORD
Method
POST
URL
/user/authentication
REQUEST ARGUMENTS
POSSIBLE RESPONSES
400 Bad List of Authentication could not be attempted because of bad input. Detailed
Request causes information can be found in the response body
userId Positive integer within range Internal user identity. Used as a customer reference within
(0, 263-1) Payment System.
6.8.5 AUTHENTICATEBYCARD
Method
POST
URL
/user/authentication
REQUEST ARGUMENTS
POSSIBLE RESPONSES
400 Bad List of Authentication could not be attempted because of bad input. Detailed
Request causes information can be found in the response body
userId Positive integer within range Internal user identity. Used as a customer reference within
(0, 263-1) Payment System.
6.8.6 AUTHENTICATEBYPIN
Method
POST
URL
/user/authentication
REQUEST ARGUMENTS
POSSIBLE RESPONSES
400 Bad List of Authentication could not be attempted because of bad input. Detailed
Request causes information can be found in the response body
userId Positive integer within range Internal user identity. Used as a customer reference within
(0, 263-1) Payment System.
6.8.7 PING
Method
GET
URL
/ping
The following documents describe the YSoft Payment machine installation and use:
Page content
Warning: Changing the communication protocol may erase the charging logs so unfinished recharges
will be lost. Perform this configuration only when you are sure that there are no unfinished items.
Note: Protocol version 1 is intended only for interconnection with a version of YSoft SafeQ
server prior to version 3.6
Note: Protocol version 2 is intended only for interconnection with YSoft SafeQ server version 3.6
Note: The protocol YSoft Payment System is intended only for interconnection with YSoft
Payment System server and YSoft SafeQ 5
3 Enter the YSoft Payment System server host name or IP address; then tap .
Note: The YSoft Payment System server address may be different from the YSoft SafeQ server
address.
When YSoft Payment Machine has been configured correctly, it automatically connects to YSoft Payment
System. To make YSoft Payment Machine fully functional with YSoft Payment System, please follow these
steps.
1 When the correct server address is configured in the YSoft Payment Machine service menu, the
device will display a "not authorized" message.
Select the YSoft Payment Machine, which you want to authorize and click Authorize selected.
4 You can also change the name of the YSoft Payment Machine by clicking View to display details and
then click Rename payment machine.
After saving the new name, it will be visible in YSoft Payment System administration; you can then
identify each YSoft Payment Machine easily.
Note: Performing a system date reset is not necessary in normal situations. It is useful only when the
device date is accidentally the past and the certificates for encrypted communication could not be verified.
3 Tap YES.
NOTE: It is recommended to perform a date reset without network connection to prevent date
synchronization over the network.
4 The date is restored to the build date of the firmware and the device will reboot.
Page content
4 Confirm.
6 While the door is open, a timer is in effect. As the timeout period nears the end, the terminal begins to
beep. To continue
with the door open, touch WAIT. When the money removal is finished, press DONE.
7 Perform closure.
Note: The closure can be performed only when connection to Payment system is available.
8 Confirmation screen will be displayed. Touch screen to return back to Service menu.
9 The closure details can be displayed on YSoft Payment System administration. Log in and go to
Payment machines.
Click on View for the Payment machine, where closure was performed.
10 Details (list of deposits) for each closure can be then displayed by clicking on View for the particular
closure.
Check for correct date on Payment System server and also on Payment machine. (Network connection is
strongly encrypted SSL connection with certificate verification. Verification will fail if devices has older date
then creation time of certificates.) There is possibility to reset system date of Payment Machine in it's
service menu.
ACCESS DENIED
When user is not able to access recharging screen on Payment machine due to Access denied error, it can
be caused by using currency in Payment System which is not supported by Payment machine.
Data sets contain firmwares for the bank note acceptation unit and printer (used for receipts).
Only supported currencies are listed, however data set package contains also other files which are not
intended for general use.
Updated:
CAD-253-50
EUR5-270-50
GBPNIRL1-270-51
GBPSCO2-272-51
KZT1-270-51
PEN-270-50
PLN-270-51
RUB-270-50
USD-270-51
AED2-251- United 2.51-49 30.4.2013 5(93-95), 5(00-01), 10(93- The width 59mm of 5
49 Arab 95), 10(98,01), 10(09), 20 Dirhams is out of device
Emirates - (97, 00), 20(09), 50(95- specification.2)
Dirham 96), 50(98), 50(04-11),
100(93-95), 100(98), 100
(03-06), 100(08), 100
(12), 200(89), 200(04),
200(08), 500(96), 500(98-
00), 500(04), 500(06-08),
500(11), 1000(98-00),
1000(06), 1000(08), 1000
(12)
BGN-206- Bulgaria - 2.06-40 8.5.2012 2(99), 5(99), 5(09), 10 The length 116mm of 2
40 Leva (99), 10(08), 20(99), 20 Leva is out of device
(07), 50(99), 50(06), 100 specification.2)
(03)
CZK-206- Czech 2.06-24 15.3.2011 100(95), 100(97), 200 The length 170mm of
24 Republic - (96), 200(98), 500(95), 5000 Korun is out of
Korun 500(97), 500(09), 1000 device specification.3)
(96), 1000(08), 2000(96),
2000(99), 2000(07), 5000
(99), 5000(09)
EUR5-270- European 2.70-50 19.03.2014 5(02), 5(13), 10(02), 10 Added support for EUR10
50 Union - (14), 20(02), 50(02), 100 (2014) note. Improved
Euro (02), 200(02), 500(02) acceptance of EUR5,
EUR10, EUR20 and
EUR50 notes.
GBPNIRL1- England 2.70-51 4.4.2014 BofE: 5(02), 10(00), 20 Removed BofE 50(94)
270-51 /North (06), 50(10) BofI: 5(08), 5
Ireland - (13), 10(08), 10(13), 20
Pounds (91-99), 20(99-07), 20
(08), 20(13) NB: 10(08),
20(05), 20(09) UB: 5(90-
93), 5(98-01), 5(07), 10
(97), 10(07), 20(96-06),
20(07), 50(97) DB: 10
(13), 20(13) FTB: 10(94-
96), 10(98), 20(94,96), 20
(98), 50(94)
GBPSCO2- England 2.72-51 16.5.2014 BofE: 5(02), 10(00), 20 Removed BofE 50(94),
272-51 /Scotland - (06), 50(11) CB: 5(90), 5 Minor improvements
Pounds (09), 10(97), 10(06), 10
(09), 20(97), 20(99), 20
(09), 50(09) RBofS: 5
CHF2-230- Switzerland 2.30-43 11.9.2012 10(97), 20(96), 50(95), The length 170mm of
43 - Franc 100(98), 200(97) 200 Franc is out of
device specification.3)
CHF3-205- Switzerland 2.05-40 30.4.2012 10(97), 20(96), 50(95), The length 170mm of
40 - Franc 100(98), 200(97), 1000 200 Franc is out of
(98) device specification.3)
The length 182mm of
1000 Franc is out of
device specification.2)
KZT1-270- Kazakhstan 2.70-51 8.5.2014 200(06), 500(06), 1000 Added 1000(13) note
51 - Tenge (06), 1000(10), 1000(11),
1000(13), 2000(06), 2000
(11), 2000(12), 5000(06),
5000(08), 5000(11),
10000(06), 10000(11),
10000(12)
PEN-270- Peru - 2.70-50 10.2.2014 10(95-06), 10(09), 20(95- Added 100(12) note
50 Soles 06), 20(09), 50(92-06), 50
(09), 100(92-06), 100(09-
12), 200(95), 200(09)
PLN-270- Poland - 2.70-51 30.4.2014 10(94), 10(12), 20(94), 20 Added new banknotes -
51 Zlotych (12), 50(94), 50(06), 50 revision 2012
(12), 100(94), 100(12),
200(94) The width 60mm of 10
(94) Zlotych is out of
device specification.2)
SGD-205- Singapore - 2.05-24 4.5.2011 2(99), 2(05), 2(06), 5(99), The length 170mm of
24 Singapore 5(99), 5(07), 10(99), 10 1000 Dollar is out of
Dollar (04), 50(99), 50(99,04), device specification.3)
50(99), 50(99), 100(99),
1000(99)
Notes:
2) Note is out of device specification (Width 62-85mm, Length 120-165mm, Length up to 170mm when
using Steel Cash Box). Y Soft recommends to disable acceptance of it. Y Soft will not be responsible for any
damages caused by this denomination.
3) Note is out of device specification with Plastic Cash Box, Steel Cash box required (Width 62-85mm,
Length 120-165mm, Length up to 170mm when using Steel Cash Box). Y Soft recommends to disable
acceptance of it or obtain Steel Cash Box. Y Soft will not be responsible for any damages caused by this
denomination with Plastic Cash Box.
OVERVIEW
YSoft Payment Machine is now connected directly to YSoft Payment System instead of YSoft SafeQ server
and this connection is automatically negotiated and kept in place the whole time to allow the better
monitoring of YSoft Payment Machine.
For interconnection, we have developed a new communication protocol, which is strongly encrypted with
low bandwidth requirements and many future benefits.
For its proper functioning, YSoft Payment Machine has to be correctly configured. Mainly the
communication protocol (the new one for YSoft Payment System), the YSoft Payment System server
address (hostname or IP address), and other items as in the previous version (for example currency,
enabled notes/coins, etc.) have to be set correctly. Due to direct communication to YSoft Payment System
there is a separate configuration of the YSoft Payment System server address and YSoft SafeQ server IP.
Connection to a YSoft SafeQ server is not needed during normal operation, it is only useful for maintenance
(for example, an emergency update of firmware).
MIGRATION PROCEDURE
If customer needs to reconfigure YSoft Payment Machine from YSoft SafeQ 3.6 to YSoft SafeQ 5 with YSoft
Payment System there are only a few steps required on the SPM side:
2.
NETWORK COMMUNICATION
The YSoft Payment System server in its default configuration has these TCP ports dedicated for YSoft
Payment Machine connections:
4197 - Management connection over SSL - this port is needs to be set up in the YSoft Payment
Machine service menu during the configuration of the YSoft Payment System server address
4199 - Main connection over SSL
4196 and 4198 - Reserved for future use (connections over plain TCP)
Both connections are permanently connected to ensure full YSoft Payment Machine monitoring from the
server and quick responses to user login. First the management connection is negotiated and then, if YSoft
Payment Machine is authorized to connect to the server, the main connection is established.