background image

Security and Network Setup

System Guide

4-20

Common Controller

In order to determine what security options have been 
implemented in the past, whenever configure-xdss is run, it logs 
all of the actions into the /opt/XRXnps/log/xdss_log.txt.  View this 
file to view options that have been implemented.

Summary of Contents for DocuPrint 115

Page 1: ...Xerox Document Services Platform Series Common Controller System Guide 701P38837 DocuSP 3 6 August 2002...

Page 2: ...lays looks and so on Printed in the U S A U K and France XEROX XEROX Europe and XEROX Canada Limited The Document Company the stylized X and all names identifying numbers used in connection with Xerox...

Page 3: ...ration variables 2 3 Printer and job messages 2 4 SNMP MIB Support 2 4 NDS Setup 2 6 3 Backup and Restore 3 1 Backup 3 1 Restore 3 2 Xerox Backup Restore XBR Utility for a DP100 115 135 180 EPS System...

Page 4: ...net services daemons 4 11 Remote Diagnostics 4 12 Disabling secure name service databases 4 12 Multicast routing 4 13 Securing the sendmail daemon 4 13 Securing the network parameters 4 13 Restricting...

Page 5: ...PCL Offset Separator Subset Finishing command 6 3 PCL Paper Source Command 6 4 Mixed Stacking 6 4 Additional finishing information 6 5 7 Fonts 7 1 How to choose fonts 7 1 Fonts 7 1 Resident Fonts 7 2...

Page 6: ...5 Inoperable system problems 9 6 Job flow problems 9 6 Job Integrity problems 9 8 PDL problems 9 8 PostScript problems 9 8 TIFF problems 9 9 PDF problems 9 9 Restore password 9 10 Restart DocuSP soft...

Page 7: ...0 2 General Comments 10 2 Time used to generate the PDL 10 2 Time used to transfer PDL 10 2 Time required to RIP PDL 10 3 Time required to print PDL 10 3 Job Submission Hints 10 3 Number of Images 10...

Page 8: ...TABLE OF CONTENTS vi SYSTEM GUIDE...

Page 9: ...n workstation and be familiar with Solaris 2 x and basic UNIX commands This includes the use of text editors such as vi or textedit and the ability to maneuver within the Solaris environment The Syste...

Page 10: ...nclosed within angle brackets for example Unable to copy filename Square brackets Names of options you select are shown in square brackets for example OK and Cancel Notes are hints that help you perfo...

Page 11: ...the configuration 2 Perform the following to set up the Internet Services HTTP Gateway Enter the name of the gateway to be configured Internet Services Configure the Internet Services Gateway Y N y E...

Page 12: ...you may want to configure the SNMP gateway using gwConfig and the information that follows NOTE SNMP requires a standard FlexLm license The System Administrator must enable SNMP in License Manager Xe...

Page 13: ...ster Printer Administrator Location Room 409 Printer Administrator Phone 122 0001 Printer Location Room 444 Table 2 1 Parameter Name Description Value Range Default Value CommandLine Turn on off the f...

Page 14: ...printer on the DocuSP Controller Those Managers that do not support loading of Management Information Bases MIBs will only display the printer and job status that they support SNMP MIB Support DocuSP...

Page 15: ...dtc XEROX PRODUCT ID TC The following is a listing of MIBs that are supported RFC 1213 MIB file The system Group The Interface Group The at address translation Group The ip Group The icmp Group The tc...

Page 16: ...e there is more than one server on the network If you are running NDS in an environment with more than one NDS server to ensure optimal operation you should specify a preferred server To do this perfo...

Page 17: ...make sure your preferred server was added successfully 8 Restart the DocuSP software NOTE If logging is enabled you can check opt XRXnps log QServer Debug Log to make sure that connection is made wit...

Page 18: ...Gateway Configuration System Guide 2 8 Common Controller...

Page 19: ...ces settings printer set up and queue set up files If a software upgrade or new software installation is required a representative will perform the software installation In each case certain portions...

Page 20: ...tem image Restore If only a software upgrade is performed on the DocuSP controller the system configuration information will typically be retained During the upgrade the Xerox Customer Service Represe...

Page 21: ...tem has to be shutdown before the backup operation can be performed 1 Open a Terminal window 2 In the terminal window log in as root 3 At the command prompt type init 0 4 and press Enter 5 At the Ok p...

Page 22: ...at the beginning of the tape numbering sequence and not at the number with which it left off 20 After the backup is complete restart the system by typing reboot 21 and pressing Enter Restoring a Syst...

Page 23: ...nswer y 18 for yes to the question that comes up 19 The system will then reboot 20 Insert each tape as they are asked for and Press Enter 21 Repeat the previous step twice 22 The system will reboot Lo...

Page 24: ...Backup and Restore System Guide 3 6 Common Controller...

Page 25: ...the root account password should be changed as soon as the Xerox service personnel have completed the installation The Xerox user name is the account from which the Xerox software runs Use the Xerox u...

Page 26: ...ve the following on the DocuSP controller Network home directory Meaningful home directory at the DocuSP controller An enabled password The same user identification uid as used for the client workstat...

Page 27: ...tion on security regarding the DocuSP controller and the Solaris Operating System This section explains the new DocuSP Security Script feature that allows security for the system against unauthorized...

Page 28: ...and some additional Solaris patches required by DocuSP Several scripts are used to provide additional security for the DocuSP Not all scripts are public knowledge only those that are public are defin...

Page 29: ...ry rare event When the DocuSP software and system was installed Xerox provided a default root password for the UNIX environment In addition default passwords may have been created for the DocuSP Trust...

Page 30: ...Customer Support Center NOTE Security changes are not saved during an installation or upgrade of the DocuSP software When a software install or upgrade is performed the Xerox Service Representative r...

Page 31: ...igiPath Solaris services disabled S40llc2 S47asppp remote diagnostics S70uucp S711dap client LDAP daemon S72autoinstall S72slpd S74xntpd S80spc S90wbem S15nfs server NFS Server must be enabled for Dig...

Page 32: ...wo questions 1 Do you want to disable DigiPath If you answer yes both FTP and the bwnfs daemon are disabled The bwnfs daemon is not required by DigiPath when NetAgent is being used to share files that...

Page 33: ...s may disable if DocuSP security is enabled You must have FTP enabled to install any client software or when using a Continuous Feed system To temporarily enable the FTP services to load client softwa...

Page 34: ...ermissions for Solaris only When this command is run a file called var sadm install content mods is left Do not delete this file it contains valuable information needed by fix modes to revert the chan...

Page 35: ...bility to export DocuSP server file systems This service is enabled if DigiPath and Decomp Services are enabled S76snmpdx Sun Solstice Enterprise Master Agent Solaris SNMP services are disabled This d...

Page 36: ...ibrary service daemon allows the KCMS library to access profiles on remote machines rquotad Remote quota server Used by the quota 1M command to display user quotas for remote file systems sadmind Dist...

Page 37: ...secured For additional information view the etc init d nddconfig file as well as Sun s document Solaris Operating Environment Settings for Security Disabling executable stacks When security is enable...

Page 38: ...rver This message explains that only authorized users should be using the system Any others face the possibility of being monitored by law enforcement officials Example of etc inetd conf file after se...

Page 39: ...n rexecdin rexecd comsatdgram udp wait root usr sbin in comsatin comsat talk dgram udp wait root usr sbin in talkdin talkd Must run as root to read etc shadow n turns off logging in utmp wtmp uucp str...

Page 40: ...root internal echo dgram udp wait root internal discardstream tcp nowait root internal discarddgram udp wait root internal daytimestream tcp nowait root internal daytimedgram udp wait root internal ch...

Page 41: ...ind Rquotad supports UFS disk quotas for NFS clients rquotad 1tli rpc datagram_vwait root usr lib nfs rquotadrquotad The rusers service gives out user information Sites concerned with security may cho...

Page 42: ...ufs ufsdufsd p Sun KCMS Profile Server 100221 1tli rpc tcp wait root usr openwin bin kcms_serverkcms_server Sun Font Server fs stream tcp wait nobody usr openwin lib fs autofs CacheFS Daemon 100235 1...

Page 43: ...age A search for Answerbook should return hundreds of sites If you are unfamiliar with the vi editor you can use the GUI based editor usr openwin bin textedit To launch the editor login as root enter...

Page 44: ...mmon Controller In order to determine what security options have been implemented in the past whenever configure xdss is run it logs all of the actions into the opt XRXnps log xdss_log txt View this f...

Page 45: ...printing To set up the system to perform in a FIFO manner perform the following 1 Logon as System Administrator 2 In DocuSP Print Services window select Options Preferences Job Policy Resources Requi...

Page 46: ...sequence destroying the original FIFO order The controller is not designed to wait for corrective action by an operator for a faulted job before advancing to the next job which has already been sched...

Page 47: ...FIFO Job Scheduling by typing y for yes The following message will appear Disabling FIFO Job Scheduling You will need to Restart the DocuSP Software for changes to take effect If n for no is entered t...

Page 48: ...e a de facto standard for ASCII formatting However users often have the requirement to match a specific format The utility below helps enable this formatting flexibility along with the feature in Queu...

Page 49: ...ainframe and UNIX environments typically requite some form of CR LF FF adjustment This utility allows you to set a custom paper size to map to the PCL escape sequence esc 101A which denotes print on c...

Page 50: ...prcopycount utility The setlpcopycount utility allows the DocuSP customer to modify the behavior of how the lp lpr gateway should handle a copy count of one Beginning with DocuSP version 1 41 06 the d...

Page 51: ...to be configured at one time Regardless of the port number assigned on the Socket Configuration Utility the socket port configured on the first port will always be Port 1 and the second line is always...

Page 52: ...entation relative to the PostScript image MICR Enablement Magnetic Ink Character Recognition Definition MICR is a standard character set which when printed with magnetic ink allows machine recognition...

Page 53: ...ument format from ASCII to PostScript If this is not done all VIPP jobs will be run as ASCII unless the data file begins with 3 Select the PDF PostScript tab and select Start File Browse to the startu...

Page 54: ...Printing System Guide 5 10 Common Controller...

Page 55: ...ing or no finishing within the same job The ability to finish subsets independently is a critical feature for many variable data applications This product allows more than one type of finishing within...

Page 56: ...sent as one larger file with page level offset commands The term Jog is used to initiate an offset behavior setpagedevice jog 0 The offset command is OFF setpagedevice jog 3 The offset command is ON A...

Page 57: ...parator command must be placed on the current page before any image data Placement should be within the job page control section or before Next Page Offset If the next page in the document is to be of...

Page 58: ...Source use the following guidelines Standard ESC 11H Manual Paper Feed ESC 13H Manual Envelope Feed ESC 13H Lower ESC 14H Large Capacity ESC 15H Envelope Feed ESC 16H Mixed Stacking Mixed stacking al...

Page 59: ...he DocuSP is unable to dual staple 3 hole punched stock If dual staple is selected when using pre drilled paper improper registration will occur Select to single staple the job or print on non drilled...

Page 60: ...Finishing System Guide 6 6 Common Controller...

Page 61: ...cript Type 1 and Type 3 fonts PCL scalable and bitmap fonts and TrueType fonts Fonts The most important thing to remember is that the font used to create a document must also be available to the DocuS...

Page 62: ...ostScript Resident Fonts The PostScript Type 1 typeface families listed in Table 7 1 are scalable which means that all point sizes are supported even intermediate point sizes These include the typefac...

Page 63: ...lack Oblique Bold Bold Oblique Oblique Light Light Oblique Condensed Condensed Bold Condensed Bold Oblique Condensed Oblique Narrow Narrow Bold Narrow Bold Oblique Narrow Oblique HoeflerText Black Bla...

Page 64: ...Bold Times Bold Bold Italic Italic Roman TimesNewRomanPS Bold Italic MT Bold MT Italic MT MT Trajan Bold Univers Regular Bold BoldExt BoldExtObl BoldOblique Condensed CondensedBold CondensedBoldObliq...

Page 65: ...on on downloading fonts in your document If you are using a font in your application that has the same name as a resident font but is a different version it must be downloaded with the job The DocuSP...

Page 66: ...he requested font is not available font substitution will take place PostScript fonts A single default font set by the System Administrator in the DocuSP software will be substituted for any font requ...

Page 67: ...ue level NOTE Multipage TIFF files are now supported Single TIFF files can now contain multiple TIFF images to be processed and printed Performance considerations Optimum performance can be achieved f...

Page 68: ...d DocuSP supports bi level values of 0 and 1 only Resolution Units Default 2 DocuSP supports values of 2 inches and 3 centimeters Rows Per Strip Default none DocuSP supports single and multiple strip...

Page 69: ...ectory NOTE When purging the oldest entry is purged first Accounting exported values The Accounting feature tracks all jobs that have been processed and printed enabling your site to charge for use of...

Page 70: ...he exported value for Trapping The number displayed will be the total number of pages trapped within a job Billing Billable Events NOTE For Continuous Feed CF printing systems the DocuSP billing meter...

Page 71: ...ration Pages Meter B Total impressions for each image of the job up to and including the last sheet of the 10th set Does not include Administration Pages Region 2 RX UK Meter 1 Total impressions to an...

Page 72: ...eter 1 Total impressions to an output destination including Administration Pages Meter 2 Total impressions for each image of the job up to and including the last sheet of the 10th set Does not include...

Page 73: ...ter phone number Your site representative can supply you with the telephone number for the Customer Service Support Center in your area The Xerox Welcome Center number is 800 821 2797 Before calling f...

Page 74: ...tructions on the window to clear the job fault To avoid common job faults ensure that the paper that is programmed for the job is available and that the finishing programmed is acceptable and availabl...

Page 75: ...ly Productivity and performance The job takes an excessive amount of time to complete Save problems A job was submitted from a client with a Save destination but the job is not saved Client problems C...

Page 76: ...Select OK to continue or cancel to stop the print job is displayed perform the following 1 Place the queue on hold that the DigiPath jobs are being sent to Do this by changing the accept status to no...

Page 77: ...Selecting Reset sets the Image Quality parameters to the most recently applied setting To determine the print quality problem and possibly fix the problem perform the following 1 Retrieve the error pa...

Page 78: ...nts from a proof printer ensure that the same PDL file was used to make the prints on both printers 6 If small fonts are printing ragged change the default font renderer in Print Manager from the Adob...

Page 79: ...art the Xerox software If the job is small store it on a server and resubmit the job from the client Delete any faulted ineligible or held jobs that are no longer needed Also delete any completed jobs...

Page 80: ...the job Make changes and resubmit the job PDL problems If a problem exists with a PDL job the System Administrator can ask the job submitter specific questions to identify the problem Possible questi...

Page 81: ...stScript error page list the error as Decomposition Task Failed to indicate that the tags and compression formats of this file are not supported What type of client and application were used to submit...

Page 82: ...ller Restore password To restore the default password if a Trusted User or System Administrator forgets the system password perform the following 1 Open a terminal window 2 Logon as the root user by t...

Page 83: ...n init Productivity and performance problems If a job takes longer to process than anticipated and a performance problem is suspected perform the following to check the system 1 Check the job status i...

Page 84: ...er information to recover various system problems Logs are used to gather second level information on the operation of the system These should only be used when directed by this guide or but the Custo...

Page 85: ...d ep_primary_log These logs contain a list of faults The ep_exception_log contains a listing of all logged faults The ep_primary_log contains exceptions that are the primary cause of the problem The f...

Page 86: ...ground outside of the DocuSP Print Services window 2 Right click and select Programs 3 Select Terminal 4 Put your mouse cursor in the window and type su 5 Select Enter 6 Type in your root password 7 S...

Page 87: ...that is to be compiled The JSL filename is required to terminate with the suffix jsl or JSL The filename may contain path information Many options may be specified and shown in the above example The o...

Page 88: ...XRXnps bin contains default parameters for the invocation of XDJC The text file can be edited using any simple text editor The first line of the configuration file must not be edited it contains XDJC...

Page 89: ...er case and are written to the directory outpath VM10 where outpath is the output path specified Files are overwritten if the REPLACE option is selected otherwise they are renamed to xx where xx is th...

Page 90: ...click menu select Eject Unload This dismounts the floppty media and protects the platform from damage caused by attempting to eject the media manually 5 Select OK to close the Removable Media Manager...

Page 91: ...rent Power Saver Scheme pull down menu select Disable 8 Select OK and close the Terminal window Common Desktop Environment CDE Front Panel Removal and Workaround The purpose of this procedure is to de...

Page 92: ...engine can use Time required to write the RIPped bit maps to the print engine and generate paper Time used to generate the PDL These components is strongly influenced by the speed of the client works...

Page 93: ...rformance of the printer as it generates paper Job Submission Hints Number of Images The number and resolution of the images that are embedded within a job will be a big driver of the PDL size and the...

Page 94: ...o any of the following the color space transformation will probably take more time and the RIP will be slower Define own media Include input or output ICC color profiles in the PDL file Change any of...

Page 95: ...increase in RIP time will be visible as a significant fraction of the total job processing time When printing documents with a large a number of copies then the majority of the processing time will b...

Page 96: ...bank switches or between jobs Each cycle may take 10 40 seconds to complete before the print engine is ready to print again To avoid unnecessary print engine cycling you can perform the following Disa...

Page 97: ...needs to be changed modify the opt XRXnps XRXXJDC data CONFIG TXT file Otherwise the default setting in the CONFIG TXT file will take effect An example for the syntax opt XRXnps bin XJDC filename wou...

Page 98: ...in as Administrator 2 Select System Online Manager 3 Select Channel Gateway Enable Input Device Online Input Control Start 4 Submit a job from the host 5 After the job is completely received by the Co...

Page 99: ...following 1 Insert a blank formatted floppy into the floppy drive 2 Type volrmmount i 3 and press Enter 4 If you used the compress command above type cp FileName txt Z floppy floppy0 5 and press Enter...

Page 100: ...Hints and Tips System Guide 10 10 Common Controller...

Reviews: