Thank you for your feedback



White Paper: Best Practices for Cloud Fleet Management (CFM)

Document ID:RE284

Usergroup :External
  Languages  
08/05/20 Properties  

Solution

Overview:

This document is a collection of “best practices” and tips to ensure the successful management of customers’ printers in Cloud Fleet Management (CFM).

Choosing the Fleet Agent or the Printer Agent

Lexmark provides two mean of remotely managing printers through Cloud Fleet Management: The Fleet Agent and the Printer Agent.  Which to choose depends upon the printers to be managed and the customer’s setup.  Both can be used within the same customer environment.

Fleet Agent

The Fleet Agent is a data collector designed to reside within the premises environment to enroll and manage multiple devices from a single Fleet Agent.
The Fleet Agent runs on a server or hosted computer within the premises network.  Only one Fleet Agent is needed for each customer WAN.

The Fleet Agent aggregates the data from all printers it manages for submission to CFM.  The Fleet Agent supports Lexmark and 3rd-party printers.
The Fleet Agent is a better choice if a mixed printer fleet is to be managed.
 

Printer Agent

The Printer Agent installs the Printer Configuration Agent on each printer to be managed.  Each printer Configuration Agent submit its data directly to CFM.
The Printer Agent only supports Lexmark printers.  The Printer Agent is a better choice if there is an issue placing a dedicated server or host computer within the customer’s network.

 
Fleet Agent vs. Printer Agent

Fleet Agent

  • Fleet Agent runs on a server or hosted computer within the customer’s network.
     
    • Only one Fleet Agent is needed for each customer WAN.
    • A Fleet Agent aggregates printer data for transfer to CFM.
    • Automatically enrolls discovered printers
       
  • Manages Lexmark printers
     
    • See the Lexmark Cloud Services Administrator’s Guide for details
       
  • Supports data collection from legacy Lexmark and 3rd-party printers
     
    • Data collected varies by model and vendor.
        
  • Uses Management Information Base (MiB) over SNMP.

Printer Agent

  • Installs the Printer Configuration Agent eSF application on each printer.
     
    • Each printer communicates individually with CFM.
    • Printer Enrollment Tool required for printer discovery and enrollment.
       
  • Manages Lexmark printers
    • See the Lexmark Cloud Services Administrator’s Guide for details

    
Before Enrolling

To ensure the successful enrollment of printers:

  • If the printer was previously used at another customer site:
     
    • Unenroll the printer from its current organization in the CFM portal.
       
    • Perform an “Out of Service Erase”. [Optional]
       
      • This should be performed the first time a printer is being enrolled with a customer.
         
      • Any configuration settings or customer data related to a prior installation will be removed.
         
  • Make sure all printers are on-line and in the Ready state with no unresolved errors, such as paper jams or incorrect e-mail configuration.
     
  • Printer firmware is updated to the latest recommended version.
     
  • Printer permissions are set correctly.
     
  • Printer login credentials for secured printers are available.
     
  • DHCP and DNS settings are correct.
     
  • The date and time are configured correctly preferably using a network time protocol server.
     
  • If possible, enrollment should be done during off hours when the printers are not being used.
     
    • Configuration deployments from CFM following enrollment may briefly take the printer off-line.
       

Lexmark Cloud Services Status Dashboard 

The Lexmark Cloud Services Dashboard provides a means for staying up to date with the latest service updates and notices from Lexmark Cloud Services.
The Status dashboard can be found at
https://status.one.lexmark.com.

You can subscribe for e-mail notifications of status updates by clicking the Subscribe link at the top right of the page and entering you e-mail address.

Lexmark Cloud Services Documentation

The Documentation can be found on Lexmark Support site which provides links to the latest Lexmark Cloud Services information and documentation.

 

Firewalls

If a firewall is used, these URLs must be added to the firewall’s whitelist.  All Cloud communications are over port 443.

 
CFM URLs for US Data Center
*.us.iss.lexmark.com
ccs.lexmark.com
ccs-cdn.lexmark.com
*.s3.us-east-2.amazonaws.com
 
CFM URLs for EU Data Center
*.eu.iss.lexmark.com
ccs.lexmark.com
ccs-cdn.lexmark.com
*.s3.eu-centre-1.amazonaws.com
 
CPM URLs for US Data Center
*.us.iss.lexmark.com
*.s3.us-east-2.amazonaws.com
 
CPM URLs for EU Data Center
*.eu.iss.lexmark.com
*.s3.eu-central-1.amazonaws.com

    
Fleet Agent

The Fleet Agent requires a dedicated, high-availability, on-premises server, or hosted computer.  It must have a constant Internet connection.

The Fleet Agent should not be placed on a computer that is routinely shut down or routinely disconnected from the Internet. 
A single Fleet Agent can manage 1000s printers. Only one is needed per customer WAN.

Minimum computer specifications

Operating System x86-64
Processor 1Ghz dual core
RAM  2GB
Storage1 32GB

1Fleet Agent requires 12 GB of storage
 

Discovery Criteria option: Transfer management of discovered printers…

When this Discovery Criteria is set in the Fleet Agent’s configuration, all printers that are discovered by this Fleet Agent will be transferred to and managed by this Fleet Agent.

Note: Care should be taken when defining the Printer Discovery settings using the Printer Agent and the Fleet Agent or multiple Fleet Agents within the same organization. A printer is managed by either a Printer Agent or a single Fleet Agent, not both.  If overlapping Printer Discovery criteria are used, printers may not be managed by the intended Agent.

 
Printer Agent

Date and Time Settings

Keeping the printer’s date and time correct is important.  If it is not set correctly, printer enrollment or the processing of CFM tasks may fail. 
It is best to configure the printer’s date and time by enabling the use of a Network Time Protocol (NTP) server.

NTP servers are usually available from domain servers.  Publicly-available NTP servers can be found through an Internet search.
If the Enable NTP is no checked and the printer’s date and time are not correct, the printer’s date and time will be set to the
Printer Enrollment Tool (PET) workstation’s date and time when the printer is enrolled.

 
eTask printers,version 5 and later           eTask printers prior to version 5
 
An error such as this will be shown in the Printer Enrollment Tool during if the date and time are not correct.

If a configuration bundle is being imported, verify that time settings are set correctly in the imported configuration. The NTP settings are in the bundle.xml file.

<setting name="timemgr.timesource">On</setting>
<setting name="timemgr.ntpserver">[NTP ServerURL or IP Address]</setting>

User Accounts and Printer Permissions

If the printer’s embedded web server (EWS) is protected with login credentials, or changes have been made to the permissions or Function Access Controls (FACs) settings, there are several points to consider:

  • The login credentials must be supplied when the printer is enrolled.
     
    • Credentials must be obtained from or coordinated with the end customer.
       
  • If the login credentials are changed or applied after the printer is enrolled, the printer must be re-enrolled.
     
    • This only applies to eTask printers prior to version 5.
       
  • Certain permission or Function Access Control settings are required.
     
    • See the appropriate eTask section below for specific settings requirements.
       

eTask printers, version 5 and later

Secured printers

If the Public permission have been restricted, EWS login credentials must be provided in the Printer Enrollment Tool during the device enrollment process. That account must have the following permissions enabled. Failure to enable these permissions will cause the enrollment to fail.

Access Controls Menu Access Controls
Administration Menus Security Menus
Device Management Remote Management 

 

 

 

Open printers

On printers that do not have their EWS secured with login credentials, the following permissions must be enabled under both the Public permission and the Local Accounts, All Users group. Failure to enable these permissions will cause the enrollment to fail.

Access Controls Menu Access Controls
Administration Menus Security Menus
Device Management Remote Management 

  

   

 

Lexmark_PCA_User account

When the PCA is installed on an eTask v5 and later printer, a Lexmark_PCA_User account and an Admin group are created. This account is used to process requests from CFM.

If any of the following have occurred after the printer is enrolled, CFM functionality may be restored without re-enrolling the printer.
 

Action Resolution
Lexmark_PCA_User account has been deleted.
  • Recreate the Lexmark_PCA_User account
  • Open the Printer Configuration Agent application.
  • Click <Test Agent Connection>
  • Click <Update Credentials> and the Lexmark_PCA_User account and its password.
Lexmark_PCA_User account name has been changed.
  • Reset the account name to: Lexmark_PCA_User.
Lexmark_PCA_User account’s password has been changed.
  • Open the Printer Configuration Agent application.
  • Click <Test Agent Connection>
  • Click <Update Credentials> and enter the password for the Lexmark_PCA_User account.
Admin group has been deleted.
  • Recreate the Admin group with all permissions enabled.
  • Assign the recreated Admin group with the Lexmark_PCA_User account.
Admin Group permissions have been changed.
  • Re-enable all permission under the Admin group.
Lexmark_PCA_User account removed from the Admin group.
  • Re-assign the Lexmark_PCA_User to the Admin group.

 

eTask printers prior to version 5

Secured printers

If a Basic Security Setup Template has been applied, its credentials must be provided during the device enrollment process. If this protection was applied or modified after the printer was initially enrolled, the printer to will not process requests from CFM.

The following access controls must be set to either Basic Security Setup Template or No Security.
 

eTask Versions Access Controls Menu Access Controls
e3 and e4 Administration Menus  SE Menu Remotely
e3 and e4 Management Remote Management
e3 and e4 Management Firmware Updates
e4 Management Configuration File Import / Export

 

Open printers

On printers that do not have their EWS secured with login credentials, the following must access controls be set to No Security. Failure to make this setting will cause the enrollment to fail.

eTask Versions Access Controls Menu Access Controls
e3 and e4 Administration Menus  SE Menu Remotely
e3 and e4 Management Remote Management
e3 and e4 Management Firmware Updates
e4 Management Configuration File Import / Export
     

Importing Printer Configurations

Importing configuration bundles is an easy method for replicating or cloning printer settings across a fleet.

There are situations to be aware of when doing this on eTask printers, version 5 and later.

Importing the Address Book

Importing a configuration bundle to an enrolled printer can disable the Lexmark_PCA_User account if the ContactManager.xml file is included in the imported bundle.  To prevent this either

  • If Address Book contacts are not being cloned, export the configuration using the Custom option and do not select the Address Book Contacts.
  • If cloning of the Address Book contact is required, the address book “clear” command in the contactmanager.xml file must be set to “false”.

<addressbook clear="false">

Note: If a contactmanager.xml file has been imported with the address book “clear” command set to “true”, the printer must be re-enrolled.

   
Importing time settings

Time settings in the imported configuration bundle will overwrite any previously configured time settings. Verify that time settings are set correctly in the imported configuration. The NTP settings are in the Bundle.xml file.

<setting name="timemgr.timesource">On</setting>
<setting name="timemgr.ntpserver">[NTP ServerURL or IP Address]</setting>


Ports and Protocols

Fleet Agent: Printer Discovery

Port Protocol Function  Data Flow
443 HTTPS Fleet Agent Setup Fleet Agent ↔ CFM

161
5353
 
6100 UDP

6110 TCP
 

9300
5000

SNMP
mDNS
 
Lexmark Secure Transport1 (LST)
 
 
NPA Network Transport1 (NPANT)
Object Store1 (OS)

Printer Discovery Fleet Agent ↔ Printer
 443 HTTPS Printer Enrollment  Fleet Agent ↔ CFM

 1Used by some legacy Lexmark printers

 
Fleet Agent: Printer configuration/management

Port Protocol Function  Data Flow
443 HTTPS Data collection
Printer configuration
Printer management
Fleet Agent ↔ CFM

161
5000
5353

6100 UDP
6110 TCP

9300 

SNMP
Object Store1 (OS)
mDNS

Lexmark Secure Transport1 (LST)


NPA Network Transport1 (NPANT)

Data collection
Printer configuration
Printer management 
Fleet Agent ↔ Printer

1Used by older Lexmark printer models
  

Printer Agent: Printer Discovery

Port Protocol Function  Data Flow

161
5000
5353
 

6100 UDP
6110 TCP
 

9300

SNMP
Object Store1 (OS)
mDNS
 

Lexmark Secure Transport1 (LST)
  
 
NPA Network Transport1 (NPANT)

Printer Discovery PET ↔ Printer
443
9100
HTTPS
HTTP
Printer enrollment PET ↔ CFM
Printer ↔ CFM
443 HTTPS Printer Setup Printer ↔ CFM

1Used by older Lexmark printer models
  

Printer Agent: Printer configuration/management

Port Protocol Function  Data Flow
443 HTTPS Data collection
Printer configuration
Printer management
Fleet Agent ↔ CFM

mDNS and SNMP

Printer Agent

mDNS is used by the PET to discover printers. If it has been disabled on the printers, then SNMP be used. At least one of these must be enabled.
 

Fleet Agent and SNMP v3

  • The Fleet Agent requires that SNMP v3 be enabled on eTask 5 and later printers.
  • SNMP v3 does not have to be configures, but it must be enabled.
  • SNMP v3 is enabled by default on these printer models.

Please refer to KB Article SO8954 for additional information.
 

Checking Printer’s Enrollment Status

Checking from the Fleet Management Portal

When checking the status of enrolled printers in CFM portal, the Activity Status of “On schedule” by itself should not be used to determine if an enrolled printer can successfully process CFM tasks.
On schedule” only indicates that the printer has successfully checked in on its set schedule, but not that task requests from the CFM can be processed. 


To verify that an enrolled printer can process CFM tasks, send a “Refresh Printer Information” task from that printer’s Printer Details page of the CFM portal.
The completion status of the request can be determined by checking the Event History at the bottom of the Printer Details page.

Note: The printer’s enrollment status is should be verified when a printer is placed on the customer’s network.

 
Checking from the Printer Configuration Agent Application

From the printer’s EWS, the Printer Configuration Agent application can also be used to determine the connection status of a printer when the Printer Agent is being used.

Test Agent Connection

The Test Agent Connection option checks for

  • Network connectivity to CFM
  • Required printer Function Access Controls 
     

Using the Printer Enrollment Tool

Downloading the Printer Enrollment Tool

Before enrolling printers, obtain a copy of the Printer Enrollment Tool (PET) from the Cloud Fleet Management website.

  • If you do not have a copy of the PET, download it from the Cloud Fleet Management portal.
     
    • If no printers are currently enrolled, click Download the Printer Enrollment Tool.
       
    • If printers have already been enrolled, click Printer > Enroll new printers; then click Download the Printer Enrollment Tool.
       
  • Accept the End-User License Agreement to begin the download.
     
  • Extract the compressed folder.
     

Printer Enrollment Tool Application Updates

When a newer version of the PET is available, you will be prompted to download the newer version the next time the PET is opened.

Activity Logging

The Printer Enrollment Tool (PET) provides an activity log. It is best to set the PET’s “Logging detail” level to “Detailed” before attempting to reproduce an issue. This will provide the most complete logs for determining the cause.
The “Logging detail” can be set by accessing the PET’s Settings by clicking on the  in the upper-right corner of the PET UI.

Discovery Tips

The PET supports multiple Discovery Types.  It is best to narrow the search criteria as much as possible. If the “Search local subnet” mode is selected, or wildcards are used in the “Advanced search” mode, it may take an extended period of time to traverse the IP address range.

Note: Care should be taken when defining the Printer Discovery settings using the Printer Agent and the Fleet Agent or multiple Fleet Agents within the same organization. A printer is managed by either a Printer Agent or a single Fleet Agent, not both.  If overlapping Printer Discovery criteria are used, printers may not be managed by the intended Agent.

 

Managing Accounts in Lexmark Cloud Services

All user access to CFM and Lexmark Cloud Services (LCS) is managed through the Accounts Management application within LCS.
Click on the Account Management card on the LCS dashboard to access the Account Management application.

When your organization was created, a Fleet Management group was created preconfigured with the necessary system roles for CFM.
Any users that will be using CFM must be added to the Fleet Management group before they can access to CFM or enroll printers.

 

Organization management

Customer Organizational Structure

There are two ways of organizing your customers’ printers; a hierarchical structure (recommended) or a flat structure.

Hierarchical structure

A hierarchical structure is recommended. It uses a child organization for each of your customers. The printers of each customer are grouped in that customer’s organization. This provides the greatest separation for printer information between customers.
Also, a hierarchical structure provides the ability to selectively grant access to future LCS capabilities on a customer-by-customer basis.

Flat structure

A flat structure places all printers from all customers in a single structure. Any future LCS capabilities added to one customer are available to all.  

Hierarchical vs. Flat Structures

  Hierarchical Flat
Identifying a customer’s printers Printers for each customer are separated into different child organizations. Printers must be “tagged” with an identifier to determine which customer is using it.
Finding a specific printer The customer must be known, or each child organization must be individually searched for the specific printer. All printers are in one list.
Print activity reporting A customer’s printer activity can be easily determined by reporting on the print activity of the entire child organization. A customer’s printer activity must be determined by filtering printers by customer-identifiable means (e.g. tags).
Future LCS functionality Future LCS functionality can be selectively granted to individual customers Future LCS functionality made available to one customer is available to all.
Account management by customers A customer administrator can be added where needed in individual customer organizations without sharing access to information of other customers. A customer administrator added can see all printer information for all customers.


Creating Customer Organizations

Customer organizations are created from partner’s Account Management portal by clicking the Child Organizations card and entering the name of the new customer organization.

Deleting customer organizations

If a customer organization is no longer needed, it can be deleted by selecting the organization and clicking the Delete button. This action will permanently delete all user and printer activity information associated with that organization.
This data cannot be restored once deleted. To prevent the unintentional deletion of an organization, the name of the organization being deleted must be typed in the deletion confirmation dialog.
 



 



Link:
Please enter the email address you would like to send a copy of this page to.