3 Replies Latest reply on Feb 15, 2017 12:54 PM by Nikolay Karetnikov

    Blueprint via floppy disks

    Nikolay Karetnikov Navigator


      Please consider a scenario shown on the image below.



      The customer has 2 separate network segments.

      Alpha A - local net and Sigma Σ - internet segment - kind of a DMZ.

      All of the users in the A have their corresponding accounts in the Σ. Every one of them has 2 physical machines. The 1st attached to A and the 2nd to Σ.

      The only 2 possible options to transfer the data between the segments are

      1) file share

      2) email

      The aim of the customer is to implement a PrintRelease solution that will allow to put all printers\MFDs into the A segment (print load from the Σ segment is to be somehow transferred into the A and released there)



      The questions are:

      How to architect such a system? Note, our competitors seemed to find a way (attachment), although there are no details in there, just a high-level implementation.



      Email way, though may push the customer to buy MobileLicense and at the same time simplify the design, is unlikely due to several obstacles:


      2.1 not all file formats are supported.

      2.2 the customer does not allow IMAP protocol on its Exchange server in the A domain.

      2.3 SAMAccountName are most certainly different for a user in those two segments.

      In case a workaround is possible for 2.2 and 2.3, please comment!
      Thank you!
        • Re: Blueprint via file share
          Scott Olswold Guide



          OK, I'm partly confused. The goal is to get a job from Domain Σ into Domain A without much fanfare, but the only way to get from Σ into A is via email or file share. Hrmmm.


          I'm confused because file share and print share both use RPC, which implements TCP 445 and is already allowed through the firewall. So in theory, Σ machines can connect to shares on A, they'd just need to provide their A credentials on initial connection. If the PrintScout is installed on their Σ computer, it would pick up the A credential at print so the user would only need to authenticate at the Pharos terminal-controlled device to see jobs and release them.


          Am I missing something?





            • Re: Blueprint via file share
              Nikolay Karetnikov Navigator


              Thanks for the follow-up!

              Unfortunately, the firewall does not allow for TCP 445 to pass through. Instead, a kind of transfer proxy is implemented. Difficult to find an analogy but think of it as floppy drives that put into Σ side, then the data is moved onto them and then is moved into A. Deparments, hundreds of them, have their own outgoing and incoming directories with the DXXXXX name. What you put in the outgoing you get from incoming a bit later. This is the way it is in this client.