Skip to main content

Hybrid Cloud Print Design


Introduction

This article describes about the hybrid cloud printing. Means connect the on-premises printer device to azure cloud and make it available anywhere to the employees of organization. Let us deep dive into this article.

Overview



On Premises Printer Server (Windows Server 2016 and above)

Let us assume that our organization has a printer and certain user group has access to that printer. we will have active directory for on-premises from where we control their identity and authorization functionality.
Even the printer can be shared within on-premises server between user groups.so, their intranet applications can able to easily access.
This total functionality of resource sharing to users can be controlled by IT administrator.

Why Azure Hybrid cloud print

Think that if the organization wants to share their printer resource to their users outer to premises, they need expose their printer to internet. If they explore their printer without restrictions, maybe they must appoint one printer mechanic to repair then and there as they receive anonymous request from unknown users.
They can restrict this by providing authentication, authorization and including some policies by means of Hybrid cloud print.

How Hybrid cloud print works

As the name suggests, it is the combination of two different networks involved in printer operation which is nothing but on-premises and azure cloud.
Any printer request comes to internet, it must be processed by Azure cloud and then routed to corresponding printer in on-premises.
Imagine how the azure cloud knows that there is on-premises device and it must serve. This will be explored by means of Azure AD Proxy.

What Azure AD Proxy will do

As the name suggests, it acts on behalf of something which is nothing but Enterprise application in Azure. Whatever request comes to proxy it will route to corresponding enterprise application in azure cloud.

Why Enterprise application in azure for cloud print

As we are dealing with on-premises printer resource it must be discovered to the azure cloud.so here comes windows printer discovery service in on-premises and it will explore to azure enterprise application by means of IIS endpoint .This is possible by installing the cloud printer package in printer server and this must be above windows server 2016 and above.
After installing the package, we will get the IIS Services in printer server and where we can do slight modification according to our domain in web.config.
The same process will be applicable for printer service too.
We must configure two IIS Endpoints in enterprise application in azure.
Once after this, install Proxy connector in printer server where it acts like azure AD proxy.

Why Azure Active Directory

We must set security restriction to the printer device in the internet and this can applicable by means of azure active directory.
Think that we want provide access to printer user group in our premises worldwide anywhere.
The user group is already available in Active Directory of our windows server. Just I can move that information to azure active directory. How can I do that? Just by using Azure Ad Connect. Download and install this component in your windows 2016 printer server. The authentication option is up to us. For my case, I will prefer passthrough authentication where it can automatically sync the credential changes in on premises to azure active directory.

How to apply printer policies

Any kind of MDM device, we can manage the device from here. In our case azure has Intune to do that.
Go to Intune and apply the policies for the printer.
That’s It we are ready to go for cloud printing.

Deployment Sequence

1.       Install Azure Ad Connect on print server
2.       Install Hybrid Cloud Package on the Print Server
3.       Install Azure Application Proxy with Passthrough Authentication
4.       Configure MDM (Mobile device management) policies in Intune
5.       Publish shared printers in print server

Azure Active Directory (AD) Connect

This tool used us to sync Active directory credentials form on-premises to Azure AD.
The authentication here is pass-through authentication and so we need not worry about the credential policies within organization. It will take care of itself whenever password policies change within on premises and make it on sync to the azure active directory.
For detail steps on installation, refer the following link
https://blogs.technet.microsoft.com/mniehaus/2018/01/19/afraid-of-windows-10-with-azure-ad-join-try-it-out-part-1/

Install cloud Printer package on the on-premises printer server

1.       Install Hybrid cloud print PowerShell modules
2.       Install Hybrid print solution
3.       Configure two IIS Endpoints discovery and windows printer service to support SSL.
4.       Install SQLLITE Package
5.       Copt sqllite Dlls to MopriaCloudService Webapp <bin> folder (C:\inetpub\wwwroot\MopriaCloudService\bin)
6.       Update the c:\inetpub\wwwroot\MopriaCloudService\web.config file to include the SQLite version x.x.x.x
7.       Create SQLLite Database
8.       Register the 2 IIS Endpoints (web app) to support OAuth2 authentication

Install Azure application proxy with Passthrough Authentication

1.       Login to your azure portal
2.       Check for application proxy menu and enable application proxy in that. Here download and Install Application proxy connector to the printer server on premises and it will act list web application proxy machine (WAP)
3.       Now again in azure portal add application proxies.to do that,
a.       Check for enterprise application tab
b.       Create new application
c.       Select on premises application and fill the fields like Name, Internal URL (for WAP Machine), External URL (suits for the organization)
d.       Choose passthrough authentication method.


Configure MDM Policies Intune

In Azure Intune, we need to add the printer that ad-joined and set policies to access the on-premises printer anywhere outside the organization.

Publish Shared Printer in the Print server (on-premises)

1.       Install the desired printer like barcode printer in print server on premises.
2.       Share the printer in properties UI
3.       Select the User Group and grant access in security tab

Search for Cloud Printers from the client Device

Login to your account and search for device like this


Then add your cloud device and so on-premises printer is available to user ad-joined device.

How Ad-Join Printer Device Works?



·         Client or ad-joined user can add cloud shared printer in their device.
·         If they want to print anything like barcode label or any other contents. They can do from the corresponding application
·         Note: Their application must populate the Local printers in their machine.so that they can able to select their corresponding printer and process their printer command.
Reference for this article:
·         https://docs.microsoft.com/en-us/windows-server/administration/hybrid-cloud-print/hybrid-cloud-print-deploy-passthrough
·         https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
·         https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-join-device-on-network
·         https://blogs.technet.microsoft.com/mniehaus/2018/04/04/printing-to-on-prem-printers-from-azure-ad-joined-devices/
·         https://blogs.technet.microsoft.com/mniehaus/2018/01/19/afraid-of-windows-10-with-azure-ad-join-try-it-out-part-1/
·         https://blogs.technet.microsoft.com/nzedu/2018/02/07/hybrid-cloud-printing-via-azuread-is-here/

Requirements

·         Windows 10 1703 (Creators Update) or higher
·         Windows Server 2016 on your print servers on-premises.
·         An Azure AD tenant for printer user group with administrator privileges.
·         Azure AD Connect, to synchronize your Active Directory with Azure AD.
·         An MDM service, e.g. Intune, to configure the print settings on each device.

Conclusion

Though printing to on-premises printer from azure ad-joined devices can achieved in windows platform.
It comes to limelight after lot of configurations and setup in windows printer server, Azure portal and client machine (ad-joined device). This must meet requirement specification and security setup. If anything fails in above, we can’t able to print.so, practice for configuration and setup is very important for this approach.

Labels:

Comments

Post a Comment

Popular posts from this blog

How to resolve ASP.NET core web API 2 mins timeout issue

Introduction We are in the new world of microservices and cross-platform applications which will be supported for multiple platforms and multiple heterogeneous teams can work on the same application. I like ASP.NET Core by the way its groomed to support modern architecture and adhere to the software principles. I am a big fan of dot net and now I become the craziest fan after seeing the sophisticated facility by dot net core to support infrastructure level where we can easily perform vertical and horizontal scaling. It very important design aspect is to keep things simple and short and by the way, RESTFul applications are build and it is a powerful mantra for REST-based application and frameworks. Some times we need to overrule some principles and order to handle some situations. I would like to share my situation of handling HTTP long polling to resolve the ASP.Net core 2 mins issue. What is HTTP Long polling? In the RESTFul term, when a client asks for a query from the serv
6 comments
Read more

How to Resolve ASP.NET Core Key Protection Ring Problem in AWS Lambda

Introduction When it comes to server less web application design using asp.net core razor pages, we definitely need to consider a factor of data protection key management and its lifetime in asp.net core. I developed a site using AWS toolkit of ASP.NET Core Razor Pages. The main advantage of ASP.NET Core is cross-platform from where we can deploy our application in MAC, Linux or windows. I deployed my site initially in IIS Server from which I got the results as expected .but later period I decided to host my site in AWS Lambda in order to meet our client requirement. Strangely, I got unexpected behavior from my site. I just refer the cloud information Lambda Log to identify or pinpoint the case, I got the error Information like “Error Unprotecting the session cookie” from the log. In this article, I tried to explain the root cause of the problem and its solution to overcome such kind of issue. Data Protection in ASP.NET Core This is feature in ASP.NET Core which acts as repl
4 comments
Read more

Which linq method performs better: Where(expression).FirstorDefault() vs .FirstOrDefault(expression)

 Introduction When it comes to LINQ, we always have multiple options to execute the query for the same scenario. Choosing correct one is always challenging aspect and debatable one. In one of our previous articles   Any Vs Count  , we have done performance testing about best LINQ methods over .NET types. In this article, I would like to share about  Where(expression).FirstorDefault() vs .FirstOrDefault(expression) Approaches Performance testing for  Where(expression).FirstorDefault() vs .FirstOrDefault(expression) is very interesting IEnumerable<T> or ICollcetion<T>  .FirstOrDefault(expression) is better than  Where(expression).FirstorDefault() Public API To check the performance, I need some amount of data which should already available. So I decided to choose this  public api . Thanks to publicapis Public API Models Entry class using System ; using System.Collections.Generic ; using System.Text ;   namespace AnyVsCount { public class Entry { pub
Post a Comment
Read more