So with the successful introduction of our BYOD project at school; the most requested addition from our students was the ability to print to the network printers from their personal devices.

Normally this would be a no-go area as ensuring the compatibility of devices with your printers and installing drivers, or asking users to install drivers to access the printers would be an administrative nightmare. An additional complication is the fact that the BYOD devices are separated from our main network for security and management reasons. So how could we securely allow any users personal device the ability to print to our network?

Fortunately our print management software PaperCut, has a solution available to us; web printing. This involves allowing your users to log into your PaperCut server through a web-page, upload their document which is then transferred to a Windows 7 machine with all of the network printers mapped to it, which then renders and spools the job for the user and accounts it against the users PaperCut credit.

Here is PaperCut’s diagram of the service:

The real beauty with this is that we can just bridge port 80 and / or 443 from the PaperCut server into our BYOD network and then provide instructions on how to use the service.

The main downside here is that this solution will not work on iOS. As iOS sandboxes all of its Apps from each other, you cannot use Safari to upload any file other than photos and videos from your Photo Roll. I guess it really is true that iOS is not a productivity platform! I will not get into the ins and outs of that here; but there is a good article here about App Sandboxing in iOS, for those who are interested.

I carried a quick poll of the girls at my school and it turns out they are not that interested in printing from their iPads and iPhones anyway; so we can safely ignore the iOS issue (although PaperCut do also have a solution for that too)!

Installation Choices

The documentation over at PaperCut does a really good job at guiding you through setting this up, so I will just detail the choices and tweaks we made here.

Web print offers two modes; Default Mode or Sandbox Mode. The Default mode only allows the printing of PDF files whereas the sandbox mode offers the ability to upload and print PDF, XLS, XLSX, PPT, PPTX, DOC, DOCX and XPS files. For this reason we went with the Sandbox Mode set up.

For our Web Print Server we installed a domain Windows 7 machine in our VMware infrastructure. we then created a domain user called “webprint” and followed the steps in the PaperCut documentation to get the server set up. After we followed all the steps and had our web print server up and running it was time test it out! Initial tests went really well; so now we had to think about rolling it out across the BYOD network, polishing the appearance of it and documenting it for everyone.

Access from the BYOD Network

We are using a DNS server in our BYOD Network to direct users accessing external web addresses to the IP address of the server on the internal network. We then use our Smoothwall firewall to bridge the traffic from the BYOD network to the internal network on the ports we specify; so for most of our web servers that is port 443 only.

Access to the PaperCut server would be no different. We first created an A Record in our public facing DNS for access to our PaperCut Server and then we create the same A Record in the internal DNS for each of our networks (BYOD and Main Network). Now we set up a zone bridge in the Networking section of our Smoothwall firewall for the BYOD network to allow traffic from the BYOD network to traverse into our main network if it is directed to the PaperCut server on port 443 only. We also had to ensure that the main network knew where to route traffic for the BYOD network back to.

Now we have the basic network routing and firewall set up, we need to get the PaperCut server to answer on port 443 and to use a trusted SSL cert. Fortunately the good people over at PaperCut have this well covered in their Knowledge Base!

This guide shows you how to get your PaperCut server responding to ports 80 and 443 – this will save your users having to remember to include port numbers on the URL they need to visit for printing; and this guide talks through the process of importing a SSL certificate into your PaperCut install so that users BYOD devices do not throw a certificate validation error when they access your website. We have a wildcard SSL certificate for the domain we were adding the PaperCut server to, so we made use of that certificate here.

Polishing the user interface

Now that we had all the networking and web server stuff sorted out, our test group could access the web print module of PaperCut from the BYOD network and test each printer further. However, the default interface for PaperCut did not really fit with our school branding so we looked at styling the user interface.

Yet again the PaperCut Knowledge Base comes to the rescue with a guide on how to customise the web user interface. You will need good to advanced HTML and CSS skills to get this done; but there should be someone in your school who can do it for you!

Here is how ours looks now:

Documenting and going live

So now we were happy that the system was ready to go live; we produced this documentation, made it available to all through an internal web server and launched the service.

So far so good! 😉