Transcription
Comprehensive Enterprise Fleet ManagementAn Overview of Remote Communication Gate S Pro(RCG-S Pro) for @Remote Enterprise Pro with the@Remote Connector OptionDetailed information on capabilitiesand functionality of RCG-S Pro withthe @Remote Connector OptionProduced by the Global Technology Support SectionRicoh Company, Ltd.May 2010[A companion @Remote Enterprise Pro On-Sitewhite paper is also available.]
Table of Contents1.0 Overview1.1 Today’s Customer Environment1.2 @Remote and IT1.3 Advantages of RCG-S Pro with the @Remote ConnectorOption for Network-Connected Printing Devices1.4 RCG-S Pro OnSite and @Remote Connector Option Specifications2.0 System Structure Of RCG-S Pro With @Remote Connector Option3.0 Communication Methods and Information Security3.1 HTTPS Communication Between RCG-S Pro and Connected Devices3.2 SNMP Communication Between RCG-S Pro and Connected Devices3.3 Communication Between RCG-S Pro and the Center Communication Server3.4 Device Connection Check3.5 Updating Firmware3.6 AutoDiscovery4.0 Appendix4.1 Device Information4.2 @Remote Protocols and Open Ports4.3 Cryptographic Algorithms of HTTPS4.4 Network Traffic and Communication Timing5.0 Frequently Asked QuestionsThe content of this document, and the appearance, features and specifications of Ricoh products and services are subjectto change from time to time without notice. While care has been taken to ensure the accuracy of this information, Ricohmakes no representation or warranties about the accuracy, completeness or adequacy of the information contained herein,and shall not be liable for any errors or omissions in these materials. Your actual results will vary depending upon your useof the products and services, and the conditions and factors affecting performance. THERE ARE NO GUARANTEES THATYOU WILL ACHIEVE RESULTS SIMILAR TO OURS. The only warranties for Ricoh products and services are as set forth in theexpress warranty statements accompanying them. Nothing herein shall be construed as constituting an additional warranty.Ricoh does not provide legal, tax, accounting or auditing advice, or represent or warrant that our products orservices will GUARANTEE OR ENSURE COMPLIANCE WITH ANY LAW, REGULATION OR SIMILAR REQUIREMENT. Customeris responsible for making the final selection of products, solutions and technical architectures, and for ensuring its owncompliance with various laws such as the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act and the Health InsurancePortability and Accountability Act (HIPAA).
Section 1.0Overview1.1 Today’s Customer EnvironmentAlthough potential for growth has never been larger, this is a challenging time for companieseverywhere. Worldwide opportunities mean global competition, and businesses that want to stayahead face complex tasks. Not the least of which is how to cut costs while staying abreast with therelentless pace of changing technology.Business is under ever-growing pressure to improve the quality and decrease the turnaround timeof their products and services. Much of the success or failure of a business depends directly on thequality of the equipment and services at its disposal. In a large business environment especially,administration of the print fleet is becoming more and more important. Weak maintenance and lackof intelligent system management can negate the advantages of quality equipment and staff.Add to this the fact that the IT manager’s workload is increasingly complex, as administration dutiesand IT development expand. Pressure to get the maximum from networked print devices has neverbeen greater. Control over devices is an elemental factor of network efficiency, since this is key toTCO (Total Cost of Ownership – the sum of three costs: start up, control/administration, and operation).Also, as competition intensifies, business system costs have grown in significance and are now amajor management priority.The challenge for IT is to reduce time lost on equipment maintenance, configuring, servicing,supplying and monitoring. It is to relieve dependencies on users for reports on device population,utilization trending status or malfunctions. Reports that unfailingly come after the problem hasoccurred and understandably often lack the technical detail necessary for a prompt assessmentand solution.To counter precisely these obstacles, an ideal remote servicing system would be capableof the following: Detecting problems before users will become aware of them — to tackle firmware and rebootremotely, with minimal user intervention. Identifying and pre-diagnosing potential breakdowns or shortages. Technicians could then bedispatched, fully equipped with the necessary parts. Monitoring device population, trending performance and making whatever modifications necessaryto optimize productivity and efficiency. Watching over toner consumption, and enabling re-order before toner runs out. Providing TCO-relevant data to the administrator. Establishing an automated, usage-based meter submission and billing system to streamlinerunning costs.1
Section 1.01.2 @Remote and IT@Remote is designed to be capable of exactly these functions. Its purpose is to provide five relatedenhancements to your fleet of networked printing devices:1. IT equipment maintenance capabilities, including status, critical service event notification, toneralert notification and supply ordering and delivering.2. IT equipment productivity improvement, by maximizing device utilization and aligning the rightdevices with applications.3. IT cost reduction, including initial outlay for equipment, maintenance and operation costs suchas monitoring device monthly volumes.4. IT usability to the networked print population at the fleet or device level.5. Green Reporting to determine whether the networked print fleet meets environmental andcost-saving expectations.The solution is the Ricoh Remote Communication Gate S Pro (also known as RCG-S Pro or @RemoteEnterprise Pro) with the @Remote Connector Option.To limit the downtime of each kind of networked device (multifunction products, laser printers), it is ofgrowing necessity that IT deploys systems and tools to help manage these devices. RCG-S Pro with the@Remote Connector Option provides for this, allowing users to benefit from improved business productivity,automation of select maintenance processes and the reduced costs associated with these activities.Utilizing RCG-S Pro with the @Remote Connector Option, IT administrators can map, monitor andconfigure devices, as well as automate service alerts, toner alerts, meter collection and submission andperform remote firmware upgrades. This option also provides secure, Web-based access to fleet reports.Green Reports provide a view to select environmental aspects of print activity —such as paper and energy usage — for Ricoh managed devices.2
Section 1.01.3 Advantages of RCG-S Pro with the @Remote Connector Option for NetworkConnected Printing DevicesThere are four broad features of RCG-S Pro with the @Remote Connector Option that make itparticularly advantageous for users:1. Reduced Device Downtime via automated email notification of critical service events to theservice provider through an Internet connection. Users can print or copy with little worry aboutincomplete jobs or being delayed due to maintenance and repairs. And the organization is freedfrom time-consuming manual device monitoring and expenses associated with downtime. Thesolution can also perform remote firmware upgrades or, if necessary, alert dispatch personnel.2. Automated Meter Collection and Submission so that users no longer have to manually collectand report meter figures. This means production efficiency can be measured directly, meter figuresconfirmed and TCO-relevant data obtained and acted upon. In the past, the traditional metercollection procedure involved:1. The service provider requests the user to check the meter(s).2. The user checks the device’s meter.3. The user reports the meter figure by postcard, telephone or online.4. The service provider sends an invoice for actual usage.3
Section 1.0With RCG-S Pro and the @Remote Connector Option, workload is dramatically reduced and efficiencyis greatly increased.1. RCG-S Pro collects and submits the meter information to the service providerautomatically. Human touch is eliminated.2. The service provider sends an invoice for actual usage.3. Receive Alerts when Toner Nears End automatically when toner levels are at near end ordepleted. Formerly, the process was:1. Device runs out of toner. User calls the service provider.2. The service provider requests toner delivery from the delivery center.3. The delivery center delivers the toner to the user.With RCG-S Pro, the @Remote Connector Option and a qualified service provider, the user nolonger has to worry about devices running out of toner. The device can alert the service providerwhen 10% of toner is remaining. Depending on the capabilities of the service provider, even moreautomation is available.4
Section 1.04. Device Monitoring by RCG-S Pro to gather information on device/fleet population, utilization,operational status and trending. In many cases, IT managers have to utilize each vendor’s managementsoftware to monitor devices and prevent potential issues. RCG-S Pro not only automaticallymonitors Ricoh devices but also those of other providers to keep track of device/fleet population.AtRemote.net device monitoring reports offer a variety of print fleet viewsincluding vendor population by units and prints.Monthly trending reports from AtRemote.net show page volumes by vendor withdrill down detail to an individual device.5
Section 1.01.4 RCG-S Pro OnSite and @Remote Connector Option Specifications@Remote Enterprise Pro (RCG-S Pro) OnSiteSNMP TrapReal-TimeDatabaseSQL Express 2005GroupingManualBatch ConfigurationYesCountersDetailed (for most Ricoh devices); Total Print Counter for third-partynetworked devicesDevice MappingYes, with user-supplied .jpg fileOnSite Dedicated ServerHardwareCPU: Pentium 4 2.8GHz Hyper-Threading support or better recommendedMemory: 1 GB or more minimum; 2 GB or more recommended whenmanaging 1,000 devices or when using the optional @Remote ConnectorFree disk space: OS recommended space 10 GBServer must utilize an intelligent UPS (Uninterruptible Power Source).The server running the @Remote Connector should not be powereddown without completing the normal Windows Server operating systemshutdown procedure.Operating SystemsWindows Server 2003 Standard Edition/Enterprise Edition SP2or later; Windows Server 2003 R2 Standard Edition/Enterprise Edition SP2 orlater; Windows Server 2008 Standard Edition/Enterprise Edition (only 32 bitOS is supported)BrowserMicrosoft Internet Explorer 6 (SP1), 7 with Java ScriptScreen Resolution1024 x 768 or moreNetworkTCP/IP must be installed and configured correctly (only IPv4 is supported);100Mbps or more network speed is recommended; Internet connection isrequired to use the RFU and @Remote functionsVirtual ServerVMware Infrastructure 3 Standard EditionDatabaseSQL Server 2005 Express Edition SP2 or later; .NET Framework2.0 must be installed before installing SQL Server 2005; .NET Framework 2.0is not included in the server installer; Please download it using WindowsUpdate or from Microsoft’s Web siteWeb ServerApache 2.0.48; Apache is included in the server installerIIS 6.0 or later; IIS is not included with the server installer;install IIS before installing the serverFlash Player6Adobe Flash Player 9.0 or later
Section 1.0OnSite ClientCPU: Pentium 500MHz recommendedHardwareMemory: 128 MB recommendedOperating SystemsWindows 2000 Professional/Server/Advanced Server SP4 or later;Windows XP Home/Professional SP2 or later; Windows Server 2003Standard Edition/Enterprise Edition SP2 or later; Windows 2003 R2Standard Edition/Enterprise Edition SP2 or later; Windows VistaUltimate/Enterprise/Business/Home Premium/Home Basic; WindowsServer 2008 Standard Edition/Enterprise Edition SP2 or laterSupported BrowserMicrosoft Internet Explorer 6 (SP1), 7Screen Resolution1024 x 768 recommendedFlash PlayerAdobe Flash Player 9.0 or laterPrinter and Multi-function Device RequirementsNetwork ProtocolTCP/IPStandard MIBPrinter MIB (RFC 1759); MIB-II (RFC 1213); Host Resource MIB (RFC 2790)Interfaces10/100MB Ethernet (802.x.x compatible); Wireless LAN devices(802.x.x compatible); IP over 1394@Remote Connector OptionsToner AlertsService AlertsAutomated Meter SubmissionRemote Firmware UpgradeAccess to Fleet Reports (for most Ricoh devices)Communicate to atremote.net7
Section 2.0System Structure of RCG-S Pro with the @Remote Connector OptionRCG-S Pro with the @Remote Connector Option is an interactive system, allowing data to flowbetween two main components:1. The RCG-S Pro software installed on a server at the customer’s location. This server acts as a relayunit through which all networked devices (MFPs, printers, copiers) communicate.2. The Center Communication Server, a Ricoh facility where the RCG-S Pro data is received andhosted.Note that communication to and from the RCG-S Pro server to the Center is limited only to @Remotetechnology systems. No other system will communicate with the RCG-S Pro server. Also, no system,including the Center Communication Server, can initiate communication to the RCG-S Pro server.The RCG-S Pro server always initiates outbound communication.8
Section 3.0Communication Methods and Information SecurityRCG-S Pro utilizes two communication methods to communicate between devices and the CenterCommunication Server – HTTPS (Hyper Text Transfer Protocol Security) and SNMP (Simple NetworkManagement Protocol).It is also important to note that communication between the RCG-S Pro server and the devices isavailable in two modes: Monitored or Managed. In Monitored mode the RCG-S Pro server providesAutoDiscovery, automates meter collection/submission and allows access to the atremote.net securefleet reporting Web portal for discovered devices. Managed mode includes the same capabilities asMonitored mode plus automated alerts for critical service events, automated toner alerts, remotefirmware upgrades and “Green Reports” via the atremote.net Web portal for managed, networkconnected Ricoh devices.3.1 HTTPS Communication Between RCG-S Pro and Connected DevicesHTTPS communication takes two forms:I. Access from devices to the RCG-S Pro server via HTTPS PKI (Public Key Infrastructure). For example,a service emergency alert such as device failure or low toner/toner out.1. When there is a device alarm, the device initiates authentication in real time via electroniccertificate with RCG-S Pro.2. Devices send device failure call information to RCG-S Pro by HTTPS Post Request.3. The RCG-S Pro confirms receipt of device failure call information by sending back theresult via HTTPS Response.9
Section 3.0II. Access from the RCG-S Pro server to device via HTTPS PKI. For example, meter counter informationand service information (device settings, historical data, etc.)1. When the RCG-S Pro is initiating, authentication via electronic certificate takes placebetween RCG-S Pro and the devices.2. The RCG-S Pro sends the obtain counter information request to devices using HTTPSPost Request.3. Devices confirm receipt of the counter information request by sending back the meterinformation via HTTPS Response.HTTPS-related information for connected Ricoh-compatible devices includes:1. RCG-S Pro to device communication (and vice versa) is in Secure Socket Layer (SSL) format.2. Data is encrypted. RCG-S Pro supports cipher RC4-MD5 128 bits. However, if the device supportsonly a DES 56 bits key, the encryption level will be reduced to a DES 56 bits key. This key is createdand changed for every session.3. Both RCG-S Pro and the devices have RSA 512 bit certificates for @Remote and use securityauthentication checks.4. For each communication, a mutual authentication procedure is completed before the data is sent.The RCG-S Pro server recognizes and communicates only with devices that have a printer MIB(Management Information Base). Also, print devices connected to print servers or client PCsare not discovered.10
Section 3.03.2 SNMP Communication Between RCG-S Pro and Connected DevicesUtilizing SNMP communication, device MIB information is obtained by periodic polling from theRCG-S Pro server to the device. For example, meter counter information and a service emergencyalert such as device failure or lower toner/toner out. The default setting for polling is 10 minutes.1. Devices obtain counter information request OIDs from the RCG-S Pro via SNMP Request.2. Devices send back their counter information via SNMP Response.11
Section 3.03.3 Communication Between RCG-S Pro and the Center Communication ServerOnly one type of communication method is used between the RCG-S Pro server and the serviceprovider’s Center Communication Server – an HTTPS Internet connection. As with HTTPScommunication between the RCG-S Pro server and connected devices, HTTPS communicationbetween the RCG-S Pro server and Center Communication Server utilizes encrypted data in an SSLformat. Both servers perform security authentication checks. Before communicating, a mutualverification procedure is completed before the data is sent. Also, because communication can only beinitiated from the RCG-S Pro server to the Center Communication Server, it is not necessary to openan additional port for HTTPS reception from outside the customer’s firewall. HTTPS communicationutilizes Port 443 (See Appendix 4.2).HTTPS communication is initiated from the RCG-S Pro server to the Center Communication Server fortwo reasons:I. Critical Service Alerts such as device failure or low toner/toner out.1. RCG-S Pro initiates communication.2. Mutual authentication via electronic certificate takes place between RCG-S Pro and theCenter Communication Server.3. The RCG-S Pro sends device failure call information to the Center Communication Servervia HTTPS Post Request.4. The Center Communication Server confirms receipt of device failure call information bysending back the result via HTTPS Response.Note: Normally, polling between the RCG-S Pro server and Center Communication Server is performedonce an hour. However, when the Center Communication Server receives specific call information(such as a device service call), the polling interval is changed to once a minute. After the CenterCommunication Server receives a Service Call Reset, the polling interval is reset to once an hour.12
Section 3.0II. Meter Counter Collection1. RCG-S Pro initiates communication.2. Mutual authentication via electronic certificate takes place between RCG-S Pro and theCenter Communication Server.3. The RCG-S Pro sends polling information to the Center Communication Server viaHTTPS Post Request.4. The Center Communication Server confirms receipt of polling information by sendingback the result to the RCG-S Pro via HTTPS Response along with further counterinformation request commands.5. The RCG-S Pro, when the counter information request commands in the HTTPS Responseare processed, responds to the Center Communication Server after initializing mutualelectronic certificate authentication.6. The RCG-S Pro send its response to meter information back to the CenterCommunication Server via HTTPS Post Request.7. The Center Communication Server confirms receipt of response by sending back theresult via HTTPS Response.13
Section 3.03.4 Device Connection CheckBetween RCG-S Pro and devices via HTTPS:1. Mutual authentication takes place between RCG-S Pro and the device.2. An ID2 request is sent from RCG-S Pro to the device via HTTPS Post Request.3. The device sends back ID2 information to RCG-S Pro via HTTPS Response.Between RCG-S Pro and devices via SNMP:1. RCG-S Pro performs serial number information request OIDs via SNMP Request. (Ricohdevices provide serial number information. Third-party devices provide
administration of the print fleet is becoming more and more important. Weak maintenance and lack of intelligent system management can negate the advantages of quality equipment and staff. Add to this the fact
