Introduction
This article describes about the hybrid cloud printing.
Means connect the on-premises printer device to azure cloud and make it
available anywhere to the employees of organization. Let us deep dive into this
article.
Overview
On Premises Printer Server (Windows Server 2016 and above)
Let us assume that our organization has a printer and
certain user group has access to that printer. we will have active directory
for on-premises from where we control their identity and authorization
functionality.
Even the printer can be shared within on-premises server
between user groups.so, their intranet applications can able to easily access.
This total functionality of resource sharing to users can be
controlled by IT administrator.
Why Azure Hybrid cloud print
Think that if the organization wants to share their printer
resource to their users outer to premises, they need expose their printer to internet.
If they explore their printer without restrictions, maybe they must appoint one
printer mechanic to repair then and there as they receive anonymous request
from unknown users.
They can restrict this by providing authentication,
authorization and including some policies by means of Hybrid cloud print.
How Hybrid cloud print works
As the name suggests, it is the combination of two different
networks involved in printer operation which is nothing but on-premises and
azure cloud.
Any printer request comes to internet, it must be processed
by Azure cloud and then routed to corresponding printer in on-premises.
Imagine how the azure cloud knows that there is on-premises
device and it must serve. This will be explored by means of Azure AD Proxy.
What Azure AD Proxy will do
As the name suggests, it acts on behalf of something which
is nothing but Enterprise application in Azure. Whatever request comes to proxy
it will route to corresponding enterprise application in azure cloud.
Why Enterprise application in azure for cloud print
As we are dealing with on-premises printer resource it must
be discovered to the azure cloud.so here comes windows printer discovery
service in on-premises and it will explore to azure enterprise application by
means of IIS endpoint .This is possible by installing the cloud printer package
in printer server and this must be above windows server 2016 and above.
After installing the package, we will get the IIS Services
in printer server and where we can do slight modification according to our
domain in web.config.
The same process will be applicable for printer service too.
We must configure two IIS Endpoints in enterprise
application in azure.
Once after this, install Proxy connector in printer server
where it acts like azure AD proxy.
Why Azure Active Directory
We must set security restriction to the printer device in
the internet and this can applicable by means of azure active directory.
Think that we want provide access to printer user group in
our premises worldwide anywhere.
The user group is already available in Active Directory of
our windows server. Just I can move that information to azure active directory.
How can I do that? Just by using Azure Ad Connect. Download and install this
component in your windows 2016 printer server. The authentication option is up
to us. For my case, I will prefer passthrough authentication where it can
automatically sync the credential changes in on premises to azure active
directory.
How to apply printer policies
Any kind of MDM device, we can manage the device from here.
In our case azure has Intune to do that.
Go to Intune and apply the policies for the printer.
That’s It we are ready to go for cloud printing.
Deployment Sequence
1.
Install Azure Ad Connect on print server
2.
Install Hybrid Cloud Package on the Print Server
3.
Install Azure Application Proxy with Passthrough
Authentication
4.
Configure MDM (Mobile device management)
policies in Intune
5.
Publish shared printers in print server
Azure Active Directory (AD) Connect
This tool used us to sync Active directory credentials form
on-premises to Azure AD.
The authentication here is pass-through authentication
and so we need not worry about the credential policies within organization. It
will take care of itself whenever password policies change within on premises
and make it on sync to the azure active directory.
For detail steps on installation, refer the following link
Install cloud Printer package on the on-premises printer server
1.
Install Hybrid cloud print PowerShell modules
2.
Install Hybrid print solution
3.
Configure two IIS Endpoints discovery and
windows printer service to support SSL.
4.
Install SQLLITE Package
5.
Copt sqllite Dlls to MopriaCloudService Webapp
<bin> folder (C:\inetpub\wwwroot\MopriaCloudService\bin)
6.
Update the
c:\inetpub\wwwroot\MopriaCloudService\web.config file to include the SQLite
version x.x.x.x
7.
Create SQLLite Database
8.
Register the 2 IIS Endpoints (web app) to
support OAuth2 authentication
Install Azure application proxy with Passthrough Authentication
1.
Login to your azure portal
2.
Check for application proxy menu and enable
application proxy in that. Here download and Install Application proxy
connector to the printer server on premises and it will act list web
application proxy machine (WAP)
3.
Now again in azure portal add application
proxies.to do that,
a.
Check for enterprise application tab
b.
Create new application
c.
Select on premises application and fill the
fields like Name, Internal URL (for WAP Machine), External URL (suits for the organization)
d.
Choose passthrough authentication method.
Configure MDM Policies Intune
In Azure Intune, we need to add the printer that ad-joined and
set policies to access the on-premises printer anywhere outside the
organization.
Publish Shared Printer in the Print server (on-premises)
1.
Install the desired printer like barcode printer
in print server on premises.
2.
Share the printer in properties UI
3.
Select the User Group and grant access in
security tab
Search for Cloud Printers from the client Device
Login to your account and search for device like this
Then add your cloud device and so on-premises printer is
available to user ad-joined device.
How Ad-Join Printer Device Works?
·
Client or ad-joined user can add cloud shared
printer in their device.
·
If they want to print anything like barcode
label or any other contents. They can do from the corresponding application
·
Note: Their application must populate the Local
printers in their machine.so that they can able to select their corresponding
printer and process their printer command.
Reference for this article:
·
https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-join-device-on-network
Requirements
·
Windows 10 1703 (Creators Update) or higher
·
Windows Server 2016 on your print servers
on-premises.
·
An Azure AD tenant for printer user group with
administrator privileges.
·
Azure AD Connect, to synchronize your Active
Directory with Azure AD.
·
An MDM service, e.g. Intune, to configure the
print settings on each device.
Conclusion
Though printing to on-premises printer from azure ad-joined
devices can achieved in windows platform.
It comes to limelight after lot of configurations and setup
in windows printer server, Azure portal and client machine (ad-joined device).
This must meet requirement specification and security setup. If anything fails
in above, we can’t able to print.so, practice for configuration and setup is
very important for this approach.
Comments
Post a Comment