I wanted to share some imaging and printing resources in Windows Terminal Server (WTS) and Citrix environments. HP and its partner community have a number of helpful resources which can be useful for those new to administering these shared server computing architectures.

If you take a look at anything, bookmark the “HP printers supported in Citrix Presentation Server environments” whitepaper. This is an amazing document which is published regularly (usually 2 to 4 times a year). The document covers the types of devices supported, versions of the OS, middleware and drivers supported, etc. The title would seem to indicate support for print only (which is the primary focus), but topics also cover twain redirection for scanners and all-in-one devices as well. A URL at the end of the document invites customers to participate by providing feedback. The format is quite easily used for administrators who are new to managing printing assets in a shared server computing environment. Seasoned administrators will likely appreciate the consolidated list of open and resolved issues.

For those comfortable with WTS and Citrix environments and have an optimal infrastructure which is relatively well managed, consider moving to the next step by optimizing workflow:

• Consider ThinPrint Solutions to compress and optimize print streams. This can be especially important for location with low bandwidth to remote sites (dial-up, 56K frame relay, ISDN, low-bandwidth DSL, etc.)
• Sometimes prints need to be sent to users behind other firewalls outside of the corporate environment where redirecting the print stream through the RDP or ICA session is not desirable. While the Internet Printing Protocol (IPP) can help, frankly customers demand more security-wise from their devices. Often we see customers choosing solutions like Capella’s SD-Express which looks and feels like normal print, but is transparently encrypted, transmitted using SMTP and decrypted in-printer and can even confirm prints through SMTP messages.
• Inevitably scanning becomes a consideration where TWAIN redirection may be helpful, but a more locked-down workflow oriented solution is preferred. Technology partners like Omtool with their AccuRoute platform can help and fully support these shared server computing environments. These solutions make for ideal capture platforms when working with shared multifunction printers and Digital Senders.
• For environments where job tracking becomes a consideration (whether that’s billing back departments or simply used as an audit mechanism for security practices) we have a number of solution partners which can help. This includes embedding tracking agents in print servers or the client sessions. For simplicity in these environments it is usually best to embed an agent at the device using technology such as Capella MegaTrack In Printer Agent (MIPA) or other tracking solution partners.
• Take a look at the devices hosting the RDP or ICA sessions themselves. HP has a number of low-cost devices including Windows XP/Vista desktops, laptops and thin client terminals. The most recent offering is a thin client laptop called the HP Compaq 6720t Mobile Thin Client.

This is just a quick note to let people know that HP MFP Digital Sending Software (DSS) 4.11.11 has been launched. This is a free update for existing DSS 3.0 and 4.0 customers and is available from http://www.hp.com/go/dss_software. Trial versions (such as the one on the URL) are identical to the full versions. We call it a trial version since it doesn’t have license keys and by default goes into a 50-device, 60-day evaluation mode but will accept any of your existing DSS 3.0 and 4.0 license keys.

Key Enhancements:
Extract from Readme File in the ZIP you would download

Optical Character Recognition (OCR) for Send To Email and Send To Folder

This revision includes the capability to have documents sent to email or folder destinations OCR processed. In previous revisions of DSS it has only been possible to use OCR processing within the Workflow application.

This new capability is disabled by default. The administrator can enable the feature in the DSS Configuration Utility by entering the Send To Email or Send To Folder configuration of the device. Multiple devices can be configured simultaneously by selecting several devices in the list. When the new feature is enabled it adds new file types to the front panel of the Digital Sending device. If the user selects a file type ending with “(OCR)” the output will be OCR processed.

IMPORTANT: This feature requires firmware support in the Digital Sending device. The below table indicates the minimum firmware revision required per supported device. Devices with older firmware revisions, or device models not listed, will NOT show the new OCR file types.

Better integration with the device Authentication Manager
This revision includes an improved authentication tab that integrates better with the Authentication Manager in the Embedded Web Server (EWS) of Digital Sending devices. There is a new look-and-feel that resembles the device EWS Authentication Manager and DSS is now capable of managing the authentication settings for non-DSS features (such as “Sign In At Walk Up”). Also, DSS can now assign 3^rd party authentication methods to the various device features.

Important: DSS will only read back the authentication settings from the device when it is added to DSS (read: added to the ‘Mfp Configuration’ list). Therefore, if e.g. a 3^rd party authentication solution is installed on the device after it was added to DSS the device will need to be first removed, then added back into DSS for the new authentication solution to be selectable.

Support for Edgeline devices
DSS can now manage the configuration of HP Edgeline devices (CM8050/8060 Color MFP). Note that Edgeline devices have a complete set of Digital Sending functionality embedded and cannot use any of the service-based features in DSS, such as LANFax, authentication and addressing. However, DSS will now configure all the Digital Sending features within the Edgeline device. More information.

Ability to designate DSS administrators
Previous revisions of DSS require that the operator of the Configuration Utility is an Administrator on the server where DSS is installed. This is still the default behavior in the current revision, but it is now possible to allow users without administrator privileges to operate the Configuration Utility. The below steps outline how:

1. Create a user group locally on the DSS server named “DSSAdmins”
2. Add the users that will operate DSS to the group.

The following steps apply if you want to use a different name for the group:

• Locate the hpbs2e.ini file in the DSS install directory.
• Locate the setting named ConfigUtilityAdminGroup and replace “DSSAdmins” with the desired group name.
• Save and close the file
• Follow steps 1-2 above using the name specified in ‘ii’.
  Note: It is not possible to use global/domain groups for this purpose. The group must be local on the DSS server. HP is planning to allow use of global/domain groups in a future release of DSS.

Several other patches have been included contained within the readme of the ZIP download, please review it plus upgrade instructions before applying the software update. Get your latest version of HP MFP Digital Sending software now.

Just a quick news release posted to HP.com I figure I’d link to here. On Jan 22^nd, HP signed a definitive agreement to acquire Exstream Software, LLC. I wouldn’t be doing the solutions justice trying to simplify them in a paragraph or two here. So take a look at the press release as well as visit the company website. There are some very interesting online demos that are worth the investment of time.

I get a few of these questions from time to time about how to control printing costs (specifically colour printing). Of course I can’t help but point out the benefits of lower-cost colour output on devices like HP EdgeLine. However, there are times when organizations place Colour devices where there is concern about abuse. There’s really a few different ways to do this, addressed at a high-level below.

Secure the device for limited access

For almost a decade now, network administrators have typically limited access to colour devices by locking down permissions at the print queue on a print server. In Windows print servers, this is done from the “Security” tab (only allow the “print” for groups or users you wish to give access to). If you want to take the extra step to protect against crafty users bypassing the shared print queue, take advantage of “Access Control Lists” in the JetDirect print server. This is one of many recommendations for print security recommendations using Web Jetadmin.

Enable Color Access Controls

With commercial Color LaserJets and EdgeLine devices introduced 2004 and later, advanced Color Access Control is available. Rather than go into full detail here, anyone interested in this should visit the main “Color Access Control” website. There are a number of configuration options including restricting by user, application, time-of-day, etc. While many smaller organizations may find it preferable to use the hardware controls, there are advanced driver controls for the HP Universal Print Driver as well. For commercial colour multifunction devices, enable some form of authentication to limit color copying if desired as well like device or user pins.

Adopt enterprise solutions

What about organizations who want more? A number of HP’s solution partners offer things pull-print solutions, low-cost re-routing and clustering solutions through partners like Capella/JetMobile, Equitrac, Ringdale, Safecom, Pharos, LBM Systems, etc. Take a look at the HP Global Solutions Catalog for more details.

I’d encourage you to chat with your HP sales representative around your particular needs whether limiting access, purchasing devices with color access controls or looking at adopting an enterprise solution. At some point in the future (depending on feedback) we may delve into more detail on these topics in this blog.