Active Management Services



Similar documents
Print Audit Facilities Manager Technical Overview

Minimal network traffic is the result of SiteAudit s design. The information below explains why network traffic is minimized.

Simple Network Management Protocol

A Guide to Understanding SNMP

Simple Network Management Protocol (SNMP) Primer

PrintFleet Enterprise Security Overview

Configuring SNMP Cisco and/or its affiliates. All rights reserved. 1

Network Monitoring with SNMP

PrintFleet Enterprise 2.2 Security Overview

Network Monitoring with SNMP

Features Overview Guide About new features in WhatsUp Gold v14

SNMP Simple Network Management Protocol

SyncThru TM Web Admin Service Administrator Manual

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

ITEC310 Computer Networks II

Management, Logging and Troubleshooting

TELE 301 Network Management

Alternatives to SNMP and Challenges in Management Protocols. Communication Systems Seminar Talk 10 Francesco Luminati

Using WhatsUp IP Address Manager 1.0

SNMP Extensions for a Self Healing Network

PagePack Assistant 3.10 Security and Evaluation Guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Version 4.1 June Xerox Device Agent (XDA) Lite Security and Evaluation Guide

Simple Network Management Protocol

Know the signs of potential problems. Prevent problems before they occur. This unit contains the following three lessons:

SNMP Network Management Concepts

DNA. White Paper. DNA White paper Version: 1.08 Release Date: 1 st July, 2015 Expiry Date: 31 st December, Ian Silvester DNA Manager.

Konica Minolta s Optimised Print Services (OPS)

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

IBM. Vulnerability scanning and best practices

Assignment One. ITN534 Network Management. Title: Report on an Integrated Network Management Product (Solar winds 2001 Engineer s Edition)

Jean Parrend 1/6 SNMP. Content. 1. Introduction...1

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Using RMON to Manage Remote Networks Gilbert Held

NMS300 Network Management System

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Rapid Assessment Key v2 Technical Overview

Chapter 8 Router and Network Management

SNMP and Network Management

WhatsUpGold. v3.0. WhatsConnected User Guide

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

These options allow you to define baseline settings for how scanning will occur on your network

UPSTREAMCONNECT SECURITY

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Configuration Guide BES12. Version 12.2

Iowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup. Version 1.1 Last Updated: April 14, 2014

WebStore Guide. The Uniform Solution

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Network Configuration Settings

Simple Network Management Protocol

PerleVIEW Device Management System User s Guide

MANAGING NETWORK COMPONENTS USING SNMP

Configuration Guide BES12. Version 12.1

Configuration Guide BES12. Version 12.3

Preparing for GO!Enterprise MDM On-Demand Service

ANS Monitoring as a Service. Customer requirements

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

PANDORA FMS NETWORK DEVICES MONITORING

HP Remote Monitoring. How do I acquire it? What types of remote monitoring tools are in use? What is HP Remote Monitoring?

Network Management 2. Learning Objectives. Centralized network management? School of Business Eastern Illinois University

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Tutorial on Network Management and Measurements. Tasos Alexandridis

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

SNMP Protocol for Easy Network Management

What communication protocols are used to discover Tesira servers on a network?

Barracuda SSL VPN Administrator s Guide

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

Simple Network Management Protocol

Clearswift Information Governance

Network Power Manager. User Manual

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

PANDORA FMS NETWORK DEVICE MONITORING

11.1. Performance Monitoring

THE SNMP PROTOCOL THE SNMP REQUEST MIB SATELLAR 2DS/20DS SIMPLE NETWORK MANAGEMENT PROTOCOL SATELLAR MANAGEMENT WITH SNMP GET AND SET SMART RADIO

How To Understand and Configure Your Network for IntraVUE

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

EXPLORER. TFT Filter CONFIGURATION

Network Defense Tools

Network Management. Jaakko Kotimäki. Department of Computer Science Aalto University, School of Science. 21. maaliskuuta 2016

Websense Web Security Gateway: What to do when a Web site does not load as expected

WhatsUp Gold v11 Features Overview

Configuration Guide. BES12 Cloud

Tik-109/ Telecommunications architectures:

NETASQ MIGRATING FROM V8 TO V9

Instructions on TLS/SSL Certificates on Yealink Phones

Network device management solution

Table of Contents. OpenDrive Drive 2. Installation 4 Standard Installation Unattended Installation

SolarWinds Certified Professional. Exam Preparation Guide

Cisco Application Networking Manager Version 2.0

Synology QuickConnect

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

DEPLOYMENT OF I M INTOUCH (IIT) IN TYPICAL NETWORK ENVIRONMENTS. Single Computer running I m InTouch with a DSL or Cable Modem Internet Connection

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Transcription:

Active Management Services White Paper 2.0 for Ricoh Customers Prepared by Professional Services department of Ricoh International B.V. Monday, 14 January 2013

TABLE OF CONTENT 1. Introduction... 4 2. Document Information... 5 2.1 Document Revision Information... 5 2.2 Document Quality Control... 5 2.3 Contact Details... 5 3. General information... 6 3.1 Minimum Requirements... 6 3.2 SNMP Principles... 6 3.3 Management Information Base (MIB)... 7 4. Network traffic... 7 4.1 Incoming Traffic... 7 4.2 Outgoing Traffic... 7 5. Active Management SNMp Agent... 8 5.1 Discovery... 8 5.2 Polling... 8 5.3 Network Traffic Bandwidth... 8 6. protocols used... 9 6.1 General... 9 6.2 Security Protocol (SSL) explained... 9 Sources... 11 Appendix I Remote Protocols and Open Ports... 11 2013 Ricoh International B.V. Company Proprietary & Confidential - 3 -

1. INTRODUCTION Active Management Services (AMS) is a hosted MPS (Manage Print Services) solution supporting Sales and CSR teams for sales and environmental tracking. AMS is a Cloud based solution that includes: - A web Portal: to report data on the Portal The web Portal (main) server is hosted in Denmark - A client Agent: in order to use AMS for a Customer an SMNP agent (to detect network devices) needs to be installed at the customer s environment. This SNMP agent collects the data and reports it to the Web server. The AMS agent communicates with printers/mfd s on the network. The MIB data (Managed Information Base) will be analyzed, relevant data will be retrieved and processed in the web application. This document is intended for anyone who would get a clear understanding in the Technical part of AMS; specifically for IT Engineers with a good understanding of IT Technologies and protocols. Picture 1.0: Active Management Services - 4-2013 Ricoh International B.V. Company Proprietary & Confidential

2. DOCUMENT INFORMATION 2.1 Document Revision Information Author / Reviser Date Version No. Description Jorni Kastawi 14.01.2013 2.0 Updated Version 2.2 Document Quality Control Checked By Date Version Checked 2.0 Description 2.3 Contact Details Consultant Jorni Kastawi Jorni.Kastawi@ricoh-int.eu 2013 Ricoh International B.V. Company Proprietary & Confidential - 5 -

3. GENERAL INFORMATION 3.1 Minimum Requirements In order to run AMS customer need to have the following Hardware and Software running on a central server: 1. Windows Operation Systems (Windows XP, Vista, 2003 and 2008) 2. Latest updates of the windows server: to ensure that all windows components are installed 3. Latest Microsoft.Net 3.5 and.net.4 Framework 4. Local admin rights when installing SNMP Agent on the Windows Server 5. Port 80 (Standard SNMP port; already open for email and internet in most customers environment) or 6. Port 443 (when SSL encryption is required to be used) 7. Proxy server information ready (if used; If proxy is used it must be compliant with HTTP 1.1 protocol) 3.2 SNMP Principles The SNMP management protocol 1 is an asynchronous command/response polling protocol: all the management traffic is initiated by the SNMP-based network management station (except for trap messages), which addresses the managed entities in its management domain. Only the addressed managed entity answers the polling of the management station. The managed entities include a function called an SNMP agent, which is responsible for interpretation and handling of the management station requests to the managed entity, and the generation of properly-formatted responses to the management station. The SNMP protocol includes four types of operations: getrequest Command for retrieving specific management information from the managed entity. The managed entity responds with a getresponse message. getnextrequest setrequest trap Command for retrieving sequentially specific management information from the managed entity. The managed entity responds with a getresponse message. Command for manipulating specific management information within the managed entity. The managed entity responds with a setresponse message. Management message carrying unsolicited information on extraordinary events (e.g., alarms) reported by the managed entity. 1 For a thorough understanding on SNMP protocol, please consult the chapter Source on subject SNMP. - 6-2013 Ricoh International B.V. Company Proprietary & Confidential

Picture 2.0: Principle of SNMP communication In order to retrieve data on the Web server Portal, an SNMP agent (data collection tool) needs to be installed on customer s network. The agent reports the data to the Web server Portal. 3.3 Management Information Base (MIB) The management information base (MIB) includes a collection of managed objects. A managed object is defined as a parameter that can be managed, such as a performance statistics value. The MIB includes the definitions of relevant managed objects. Various MIBs can be defined for various management purposes, types of equipment, etc. 4. NETWORK TRAFFIC 4.1 Incoming Traffic The SNMP agent will download the latest configuration when changed and it will check the MIB library to get the latest MIB information of the detected devices; Check for new configuration 2 : Use latest MIB library 2 : Software update 2 : Checks for new configuration every 10 minutes Online check is following the frequency of the polling Checks for new version every 2 hours 2 The SNMP agent will contact the web portal: the web portal will not produce any incoming traffic. The frequency of exchanging information can be adjusted (if Low, Medium or High Network Bandwidth applies). 4.2 Outgoing Traffic The SNMP agent sends XML reports after a configured frequency. All from every 15 minutes to daily. Data is send as HTTP or encrypted HTTPS to service.3manager.net. This traffic point will route data to either the hosted server or local hosted server. 2013 Ricoh International B.V. Company Proprietary & Confidential - 7 -

5. ACTIVE MANAGEMENT SNMP AGENT If you have printer devices attached to the network and willing to use AMS, install the SMNP agent on your network (on a Central Printer Server); the agent uses a SNMP (simple network management protocol) to communicate with printers / MFD s on the network. IMPORTANT: SNMP must be enabled on the printer MIB, or else the SNMP agent will not get any information. This is normally enabled as standard on every printer. The MIB (Managed Information Base) will be analyzed; all relevant data will be retrieved and processed in the AMS web Portal. The SNMP agent has 2 running services: 1. Discovery 2. Polling 5.1 Discovery If given an IP-address during the setup and installation of the SNMP agent, the SNMP agent will search for devices within the IP-range example: 192.168.1.1-192.168.1.255. All devices discovered or found in that range will be reported to the customers Portal. This can be scheduled in any frequency. Our advice is to schedule it once a day or twice per week. During discovery the agent sends packets to each IP in the specified range. It sends about 500-800 packets a second, with packet size 85-100 bytes. The total bandwidth used is 50-200KB/s. The total data sent depends on the IP address count in the discovered IP range(s). 5.2 Polling The agent gets status every 15 minutes on devices found during discovery phase. MIB data, such as meters and toner status will be updated in this frequency. Devices are scanned using SNMP protocol. The data is sent as UDP packets. During polling agent queries configuration server via HTTP and sends SNMP queries for each discovered printer. There is one HTTP request for the configuration server for each printer 1-10KB in size. SNMP query count depends on the printer, but it ranges in 15-50 queries with 1-5KB in size, total bandwidth used is 15-250KB for each printer. 5.3 Network Traffic Bandwidth You can choose between the following scanning outputs: What Why Scanned Area Low If Scanning 256 IP-addresses simultaneously with 15 milliseconds delay If you have sites with low bandwidth which is a part of the network search Medium If Scanning 512 IP-addresses simultaneously with 10 If you have sites with medium bandwidth which is a part of the - 8-2013 Ricoh International B.V. Company Proprietary & Confidential

High milliseconds delay If Scanning 1024 IP-addresses simultaneously with 5 milliseconds delay network search Recommended in normal 10/100/1000 networks 6. PROTOCOLS USED 6.1 General When using AMS the following ports can be used: What Port Description For SNMP communication 161 and 162 Port 162 in common environments When sending data without encryption 80 Standard SNMP Port; already open for email and internet in most customers When sending data with 443 Optional; SSL encryption The SNMP agent supports the use of Proxy server. 6.2 Security Protocol (SSL) explained The Secure Socket Layer, SSL for short, is a protocol by which many services that communicate over the Internet can do so in a secure way. Most Internet services support the use of SSL as a mechanism for securing communications. To illustrate how SSL works, let us use another analogy. Customer wants to communicate with a company to send important information back and forth. Customer wants to be 100% sure that s/he is communicating with this particular company and that no one can eavesdrop on or intercept the communications. How can customer do this? Customer sends a courier to the company s address. The company has envelopes that, when closed, can only be opened by the company. The company and the courier go together to a trusted third party a notary which makes the company provides documentation to prove its identity. The notary certifies the company s secure envelopes and the courier takes these back to the customer. The customer gets the envelopes and, if it trusts the notary s reputation, can be sure that they are actually from the company indicated. The customer also has secure envelopes that once sealed, only the customer can open. It puts some of these in one of the company s secure envelopes and sends them back to the company. The company gets the sealed secure envelope. It opens the envelope (as only it can). It now has the customer s secure envelopes. The company has another kind of envelope that can be opened and sealed only by using a special combination. The company puts this special envelope with the combination lock, together with the combination, into one of the customer s secure envelopes. The company seals the envelope. The company has another type of secure envelope that anyone can open, but which only the company can seal. If you open one of these sealed envelopes, you know for sure that it was sent by the company. The company puts the whole package inside this and sends it to the customer. 2013 Ricoh International B.V. Company Proprietary & Confidential - 9 -

When the customer gets the secure envelope, it opens it and thus knows that it came from the company. It then opens the next secure envelope inside that can only be opened by the customer. Inside it gets out the combination-envelope and the combination itself. The customer the puts his data in the combination envelope, seals it and sends it to the company. The company receives it, opens it, and puts the response in the same secure envelope and sends it back. The procedure is repeated as often as necessary for required communications. SSL relies on the concept of public key cryptography to accomplish these tasks. In normal encryption, the two parties communicating share a password and that password is used to both encrypt and decrypt messages. While this is fast and efficient, how do you communicate these passwords to people you have not yet met in a way that is itself secure? In public key cryptography, each person has two keys a public key and a private key. Anything encrypted with the user s public key can only be decrypted with the private key and vice versa. Each person then tells the world what his public key is and keeps his private key safe and secure, and private. If John sends Mary a message encrypted with Mary s public key, then only Mary can open it, as only she has her private key. This is like an envelope that anyone can seal but which only Mary can open. If John sends Mary a message encrypted with John s private key, then anyone can open it, as everyone has access to John s public key. However, successfully opening the message proves that it was sent by John and no one else, as only John has access to his private key. This is like an envelope that only John can seal, but which anyone can open and thus prove that John sealed it. - 10-2013 Ricoh International B.V. Company Proprietary & Confidential

SOURCES SNMP: UDP: http://oreilly.com/catalog/esnmp/chapter/ch02.html http://oreilly.com/catalog/esnmp/chapter/ch02.html APPENDIX I REMOTE PROTOCOLS AND OPEN PORTS Port Usage and Communication Methodologies : No Occasion Communication Direction Port.No. Protocol Type 1 SNMP Agent is capturing Devices => Web Server 161/162 SNMP *UDP MIB information of device. 2 SNMP Agent is capturing Devices => Web Server 80 HTTP *UDP MIB information of device. 3 SNMP Agent is sending Devices => Web Server 443 HTTPS TCP notification to communication Server via HTTPS. Device is sending notification such as Alerts. Device => Web Server *UDP: User Datagram Protocol 2013 Ricoh International B.V. Company Proprietary & Confidential - 11 -

2013 Ricoh International B.V. Company Proprietary & Confidential

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information