HP DSS 5 User Manual
Have a look at the manual HP DSS 5 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Figure 3-22 Device Configuration tab 2.Click Add Device.... The Add Devices dialog box appears. Figure 3-23 Add Devices dialog box 3.If you know the hostname or TCP/IP address of the device, you can type it in the Hostname or IP Address text box under Manually enter a device's network name heading. Click the right- arrow > or press the Enter key to add the device to the Device List. -or- Select a device from the Devices on the network list, and then click the right-arrow > or press the Enter key to add the device to the Device List. 4.Click the OK button to close the Add Devices dialog box. NOTE:You can add only as many DSS-enabled devices as there are seats available in the DSS license. The number of seats available appears near the top of the Add Devices dialog box. Remove a device 1.On the DSS server, open the Configuration Utility, and then click the Device Configuration tab. ENWWConfiguration 53
Figure 3-24 Device Configuration tab 2.In the Device List, click to select the device you want to remove, and then click Remove Device. The Remove Device dialog box appears. Figure 3-25 Remove Device dialog box 3.Click Yes to remove DSS-enabled devices. Device configuration After adding a new device (or group of devices), use the following procedure to configure the Digital Sending features for the device or group. 1.On the DSS server, open the Configuration Utility and click the Device Configuration tab. 2.Select a device from the Device List. 3.Click Configure Device. The dialog box that appears looks similar to the main Configuration program interface. Use this interface to customize the specific Digital Sending settings for this device. NOTE:Use this interface to enable the Digital Sending features for the individual devices. Even if a feature is enabled on the DSS configuration tabs, it is not available on the device until it has been enabled in the Configure Device interface. 54 Chapter 3 Installation and configuration ENWW
4.On the General tab, server administrators name, phone number, e-mail address, and optional location. 5.On the Authentication tab, click to select the check box for the authentication method you want to use to enable authentication for the selected device. Select the check boxes next to the features that are being enabled. Enabling authentication requires the user to log in before using the selected features. Select the network domain from the Default Domain drop-down menu. 6.On the Send to E‑mail tab, select the Enable Send to E‑mail check box, and then select either Directly from the device or via the Digital Sender service in the Send E‑mail drop-down list. When sending e-mail directly from the device, specify the SMTP server, port number, and server usage settings to use. Then use the controls in the Address and Message Field Control and File Settings sections to customize the Send to E‑mail settings for the selected device. 7.On the Fax tab, select the Enable Fax Send check box to enable the fax feature. Select the desired fax method in the drop-down menu. 8.On the Send to Folder tab, select the Enable Send to Folder check box to enable this feature. 9.On the Send to Workflows tab, select the Enable Send to Workflows check box to enable workflows and configure settings. 10.On the Addressing tab, select the Enable Network Contacts (use LDAP server) check box if DSS should retrieve e‑mail addresses directly from an LDAP server. Enter the LDAP server Hostname or IP address, or click the "Auto Find" button. Then enter the LDAP port number (usually 389). 11.The Log tab will show a list of job logs for jobs that have been sent from that device. 12.On the Preferences tab, set the default scanner settings and the timeout settings for digital sending operations. The Preferences tab is only available for pre-FutureSmart devices. 13.Click Apply to save all of the changes. NOTE:The settings are not propagated to the device until Apply is selected. Understanding the Device List icons The Device List on the Device Configuration tab shows the DSS-enabled devices that are currently being served by DSS. The icon to the left of the device name indicates the status of the device. Table 3-8 Device List icons Icon Description Communication with the device is established and the configuration settings are known. The device configuration has not been retrieved since the Configuration Utility was loaded. DSS can communicate with the device but the device is no longer configured to be managed by DSS. It is possible that device settings have been reset by an administrator or service technician from the control panel or using the Embedded Web Server. ENWWConfiguration 55
Table 3-8 Device List icons (continued) Icon Description The device was seized by another computer that is running the Configuration Utility. The TCP/ IP address of the other computer is available under the Status heading on the Device List. To reclaim ownership of a seized device, right-click the crossbones icon and click OK in the two dialog boxes that appear. DSS is unable to establish communication with the device and the settings are unknown. Device grouping Device grouping provides the ability to organize devices for more efficient configuration and management. Figure 3-26 Device grouping Create a device group 1.Open the Configuration Utility, and then click the Device Configuration tab. 2.Select the group in which you want to add a new group or select All Devices. Device groups can be nested within other groups. 3.Click Add group. 4.Type a name for the new group. Add devices to a group 1.Right-click on a device and select Add to Group. 2.Click the desired group for this device. 56 Chapter 3 Installation and configuration ENWW
Remove devices from a group 1.Right-click on a device and select Remove. 2.Click Remove from Group. Authentication Authentication is a security feature that requires users to provide a network username and password before using Digital Sending features. Authentication can be turned on or off for individual features within each device that DSS supports. NOTE:At no time are the credentials that are used to authenticate at the device written to either the DSS server or the device hard disk. In addition, although the credentials that the DSS administrator uses to configure authentication or LDAP addressing are written to the DSS server hard disk, encryption is incorporated to ensure that these credentials cannot be recovered. Configure DSS This section contains the following topics: ● Authentication methods Authentication methods This section describes the two methods of authentication: ●LDAP authentication ●Windows Active Directory LDAP Server Many modern computer systems store and organize data in Directories. A Directory is a set of data where the data for a particular entity is kept in a container and all the containers are organized in a tree structure. Microsoft's Active Directory, the database associated with Windows Domain Controllers, is a Directory based database, but there are many implementations of Directories from different vendors. Directories not only store data but provide other services such as security and the ability to authenticate users for Directory access. LDAP, or Lightweight Directory Access Protocol, is an industry standard protocol for interacting with Directories. Servers that host a directory which supports the LDAP protocol are called LDAP servers. The LDAP configuration tab is where DSS is configured with all of the information it needs to interact with an LDAP server in order to authenticate a user that has entered LDAP credentials at the device control panel. ENWWConfiguration 57
Figure 3-27 Authentication tab – LDAP Server 1 3 2 The LDAP Server option on the Authentication tab contains the following elements. Table 3-9 Authentication tab – LDAP Server Callout Component Description 1Authentication methodSelect LDAP Server from the drop-down menu. 58 Chapter 3 Installation and configuration ENWW
Table 3-9 Authentication tab – LDAP Server (continued) Callout Component Description 2LDAP Sign In SetupUse the following fields to set up the sign-in method. Provide the appropriate LDAP attribute name for your environment. ●LDAP Server address ●Port number NOTE:Select Use a secure connection (SSL) to enable an SSL (Secure Sockets Layer) connection. ●Bind prefix: This is the attribute that guarantees uniqueness between any container in the Directory and other containers at the same level in the directory tree. The is commonly the attribute 'cn', but can be configured by the LDAP administrator to be any attribute. ●Bind and Search Root: The search root is the distinguished name (DN) of the entry in the LDAP directory where the search is to begin. A DN is made up of ' attribute=value' pairs separated by commas. In Windows Active Directory Services, the search root normally takes the form: CN=Users,DC=domain_name,DC=domain_suffix. To limit the address search even more, for example, to a single organizational unit (OU), add components to the search root. For example, to search for users in the "accounting" OU, add "OU=accounting" to the search root (OU=accounting,CN=Users,DC=domain_name,DC=domain_suf fix). By using these methods to configure the search root that is used in authentication, access to Digital Sending features can be limited to a subset of users in an organization. Several methods can be used to determine the search root. NOTE:On some LDAP servers, the search root can remain blank. In this case, the root node is assumed to be the starting place. ●Match the name entered with this attribute ●Retrieve the user's e‑mail address using this attribute ●Retrieve the device user's name using this attribute ●Retrieve the device user's group using this attribute To allow an exact match only, click to select the Exact match on Group attribute check box. 3Test LDAP Sign inType information into the following fields, and then click Test to test the LDAP Server sign-in setup. ●Username ●Password ENWWConfiguration 59
Figure 3-28 LDAP authentication HP DSS serverLDAP server 1. User credentials (DSMP-encrypted) 6. Authenticated user’s e-mail addresses5. Query results 3. Authentication result 4. LDAP query 2. User credentials (simple bind) Encrypted using SSL Microsoft Windows When a user signs-in for Windows authentication, they provide a domain, user name, and password. DSS communicates with the domain controller associated with the domain provided by the user to authenticate the user. In addition to domain controller authentication, DSS also retrieves some data items about the user, such as e-mail address, from an LDAP database. By default, the LDAP database that DSS gathers user information from is the Active Directory database associated with the domain controller being used to authenticate the user. Figure 3-29 Authentication tab – Microsoft Windows 1 3 2 The Microsoft Windows option on the Authentication tab contains the following elements. Table 3-10 Authentication tab – Microsoft Windows Callout Component Description 1Authentication methodSelect Microsoft Windows from the drop-down menu. 60 Chapter 3 Installation and configuration ENWW
Table 3-10 Authentication tab – Microsoft Windows (continued) Callout Component Description 2Windows Sign in Setup (Kerberos and NTLM)Click Add to add domains to the Trusted Domains list. Click Remove to remove domains from the list. Select the Default Windows Domain from the drop-down menu. Use the following fields to set up the sign-in method. ●Match the name entered with this attribute ●Retrieve the user's e‑mail address using this attribute 3Test Windows Sign InType information into the following fields, and then click Test to test the Microsoft Windows sign-in setup. ●Domain ●Username ●Password As shown in Figure 3-30 Windows Active Directory authentication on page 62, the following steps occur during Windows authentication: 1.The user types his or her username and password at the device. This information is securely transmitted to the DSS server. 2.The DSS program authenticates to the domain through the Windows API to validate the user's credentials. 3.If the user's credentials are correct, the Domain Controller returns either the security identifier (SID) or the BSID (Binary SID). 4.Using the LDAP interface, DSS queries the LDAP directory for the authenticated user's e‑mail address. 5.The LDAP directory returns the authenticated user's e‑mail address. 6.DSS inserts the authenticated user's e‑mail address in the From: text box of the e‑mail and prohibits the user from changing the field. ENWWConfiguration 61
Figure 3-30 Windows Active Directory authentication HP DSS server LDAP server Domain controller 1. User credentials (DSMP-encrypted) 6. Authentication user’s e-mail address3. Authentication result (API-encrypted) 2. User credentials (API-encrypted) 4. LDAP quer y 5. Query re sults Windows Two Server authentication DSS can be configured to use an LDAP database other than the Active Directory database for user data retrieval. The configuration for Two Server authentication is partially done using the Windows authentication user interface and partially done using a configuration file. All of the fields in the user interface are still used except for the Match the name entered with this attribute and Retrieve the user's e-mail address using this attribute fields. The Trusted Domains and Windows default domain settings from the user interface are still required. The configuration used for Windows Two Server authentication is: \FileSystems\Product\Dss\Configuration \HP.Dss.App.Utilities.TwoServerAuthentication.xml Use this file to configure information DSS needs to find and access the LDAP database and which attributes to retrieve. See the documentation in the file for further configuration information. 62 Chapter 3 Installation and configuration ENWW