[cups] CUPS application in Cloud

Michael Sweet msweet at apple.com
Mon Mar 26 08:51:39 PDT 2018 

Toerless,

The cloud functionality is defined in PWG 5100.18-2015: IPP Shared Infrastructure Extensions (INFRA):

    https://ftp.pwg.org/pub/pwg/candidates/cs-ippinfra10-20150619-5100.18.pdf <https://ftp.pwg.org/pub/pwg/candidates/cs-ippinfra10-20150619-5100.18.pdf>

There is one additional operation (Register-Output-Device) being prototyped as part of the (draft) IPP System Service specification that provides dynamic provisioning of printers via a cloud service - that is the key work left to be done for this public prototype to turn it into something more generally useful (and to advance this particular specification beyond the prototype draft stage and to an adopted spec with a number...)

WRT the VPN tunneling model, that is (sadly) the current "state of the art" for this kind of SaaS/IaaS deployment and mirrors the prior central office with secure satellite office data links model.  As you note below, there are a lot of things that can go wrong... :/


> On Mar 26, 2018, at 10:17 AM, Toerless Eckert <tte at cs.fau.de> wrote:
> 
> Michael,
> 
> Is there any doc explaining what "cloud" function this
> ippsample project is implementing ? Or am i down to RTFS ?
> 
> Rashi,
> 
> Unless i am overlooking something, all the openly documented
> printing options on printers like IPP are based on printers
> waiting to receive connections from print software, but not
> the other way around. Thats the main issue for cloud
> printing.
> 
> One option is then to have a strict firewall close to the printer
> supporting connections only from a well-known cloud-sever
> IP-address. And if your cloud-server changes IP address
> you'll run into a nightmare changing those firewalls. Or you
> find firewalls capable of DNS-name based firewall rules and
> hope your cloud service DNS-name can stay constant and is
> not attackable.  And you also would need to know the IP-addresses
> of the printers, which may not be permanent either, but you
> could not pass DNS-SD easily through this setup.
> 
> The VPN option Michael mentioned is a way to solve the
> problem, but if you have to rely on VPN equipment/configuration
> that you do not configure yourself, its going to be a similar 
> nightmare as firewall rules - you have to tell someone else what
> to set up, and its likely not working. And if the printers use
> dynamic IP addresses that may change over time, you need
> mDNS proxying to learn their IP addresses in the cloud. 
> 
> I think its hard to find an easily administrable solution
> without dropping some box local to the printer (same LAN).
> What that box should do is subject to a couple considerations.
> It could simply be a VPN client box configured to proxy also
> mDNS, but then you need to send through the WAN the rasterfiles
> for the printer. If the printer renders itself, this will
> be "fine", otherwise these could be huge and you
> may want to have the local box do rendering (aka: run cups
> on the box). Does not have to be as fast as a cloud-server
> could render.  Just faster than the printer.
> 
> If you go with the printer vendors cloud print solutions
> (or similarily google cloud print) you will likely more
> easily solve issues, but then those vendors
> know all your printed files because your files will go
> through their servers. Not much an issue if you
> already trust similar documents to their cloud storage
> or similar services though. AFAIK, none of these services
> are documented and allow for the printers cloud print support
> functions to connect to an alternate cloud server like yours
> (or mine). I wish i was wrong. 
> 
> Toerless
> 
> On Mon, Mar 26, 2018 at 09:22:47AM -0400, Michael Sweet wrote:
>> I should also note that IPP does provide cloud extensions to properly support this kind of architecture - prototyping is happening in the "ippsample" project here:
>> 
>>    https://github.com/istopwg/ippsample
>> 
>> although this is nothing I would use for production yet...
>> 
>> 
>>> On Mar 26, 2018, at 9:17 AM, Michael Sweet <msweet at apple.com> wrote:
>>> 
>>> Rasha,
>>> 
>>>> On Mar 26, 2018, at 3:45 AM, Sonthalia, Rashi <rashi.sonthalia at mheducation.com> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> 
>>>> We are currently using CUPS version 1.1.21 software and our requirement is to move it to cloud. Could you please let us know if it is possible with the current version or an upgrade to other version of the CUPS software  is required?
>>> 
>>> First, CUPS 1.1.21 is ancient (14 years old) and unsupported.  Any Linux cloud solution will run a more recent version...
>>> 
>>> Second, the issue you will run into is remote access to your printers - generally speaking you *don't* want to make your printers accessible over the Internet...  Some people use VPN tunnels, although you'll need to ask in another forum for help with that... :)
>>> 
>>> _________________________________________________________
>>> Michael Sweet, Senior Printing System Engineer
>>> 
>> 
>> _________________________________________________________
>> Michael Sweet, Senior Printing System Engineer
>> 
>> _______________________________________________
>> cups mailing list
>> cups at cups.org
>> https://lists.cups.org/mailman/listinfo/cups
> 
> -- 
> ---
> tte at cs.fau.de
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups

_________________________________________________________
Michael Sweet, Senior Printing System Engineer

More information about the cups mailing list