Firewall
The system must be accessible via the Internet to allow printing, the following table contains the required open ports for the respective components:
| Source System | Source | Port | Target System | Target | Target Port | Protocol |
| Mobile Devices | Internet | 8443 | Load Balancer | Internet | 8443 | IPPS |
| Load Balancer | Internet | 8443 | Print Proxy | DMZ | 8443 | IPPS |
| Print Proxy | DMZ | 8631 | Print Server | DMZ | 8631 | IPP |
| Print Server | DMZ | 515 | Printserver Solution | Intranet | 515 | LPD |
| Print Proxy | DMZ | 443 | EMM System (API-Component) | DMZ | 443 | HTTPS |
| Print Proxy | DMZ | 8443 | Print Proxy Admin Portal | Intranet | 8443 | HTTPS |
Appliance
The solution can be installed using an appliance. EBF provides ISO images used to carry out the application installation and can be provided by EBF for download over the Internet. Alternatively, installation into an existing systems can be achieved with a JAR file installation provided on request at EBF.
The appliances are usually virtual machines (from VMware or other VM providers) and are based on CentOS 7 x64 Linux distribution.
The following specifications for the virtual machines are recommended:
| Hardware | Recommendation |
| CPU | min. 4 Cores |
| RAM | min. 4GB (8GB if on one machine) |
| HDD | min. 50GB |
A high availability (HA) solution can be achieved by integrating a load balancer with round-robin load distribution within the active proxies and the downstream print server systems.
Secured Connection
Certificate
To secure communication appropriate SSL certificates are required, ideally issued to the server names and in an iOS-compatible format. Depending on the implementation, these certificates must be stored directly in the server systems or on the load balancer system (SSL offloading)
Requirements for trusted certificates in iOS 13 and macOS 10.15
Technical users and roles
EBF Print requires the following technical users with the following rights/roles in the following systems:
| System | User | Rights/Roles |
| EBF Print Server | root | Root access within the LINUX appliance to configure the Print Server |
| EBF Print Proxy | root | Root access within the LINUX appliance to configure the Print Server |
| UEM System | Print Admin | API access from Print Proxy to UEM System to read user/device data |
| UEM System | Print Admin | Device Management: View Device/View Device Details |
| UEM System | Print Admin | User Management: View User |
Admin Roles MobileIron
Required Admin Roles in MobileIron are:
- Device Management: View device page, device details
- Label Management: Manage Label
- User Management: View User
- Configuration Management:
- Manage configuration
- Apply and remove configuration label
- Other Roles: API
Admin Permissions Intune
For Intune an admin needs to create an Azure Application ID in the Azure portal and assign several Graph-API permissions to this App. All App permissions must be of type “Application permission”.
This App-ID will then be used in the configuration of the Print Proxy.
Required API permission for EBF Print using MS Intune are:
- DeviceManagementManagedDevices.Read.All
- Directory.Read.All
- User.Read.All
Admin Permissions for Workspace One
An API user to connect EBF Print to a Workspace One instance must have the following permissions:
- REST API Devices Read
- REST API Organizational Units Read
- REST API Smart Groups Read
- REST API Groups Read
- REST API Users Read
- User Details View
Find below an example file with the needed permissions, that can be imported into Workspace One:
Workspace One Example