Dispatcher Paragon Site Server pre-installation check list
Dispatcher Paragon Site Server pre-installation check list
Following features has to be installed and available on the server for Site Server installation
-
To see list of supported platforms, please visit Software requirements page.
-
Microsoft .NET 4.5.1 or higher and Windows Installer 4.5 shall be installed.
-
No other software installed, except as agreed by Konica Minolta.
-
IP addresses for the local Dispatcher Paragon Site Server are prepared before the installation of MFDs and terminals.
-
Site Servers (all nodes of the clusters) meets minimum requirements. See Hardware requirements for details.
-
Latest security patches shall be installed on operating systems.
-
See Antivirus Exclusions for Dispatcher Paragon page to make sure system performance is not affected by Antivirus software.
-
There is no other software that can interfere with Dispatcher Paragon installed on the servers or Other Print Solution, except as specified in this document.
-
For automated/silent installation, the Konica Minolta, Inc. codesigning CA (ysoft-codesigning.cer) certificate needs to be present in the system. See Installing Security Certificates for more details.
-
"LPD service" not installed in case "Print Server" role is used.
Following criteria shall be met in order to install Site Server in near roaming group (NRG):
-
Multicast IP address for discovery
-
1 Gbit stable LAN connection
Following criteria shall be met in order to install Site Server with Managed Workflows module:
-
Recommended Windows Updates should be installed, especially KB2919442, KB2919355 and KB3118401 is necessary for highlight/redact feature.
-
Internet connection or network proxy is required for cloud connectors.
Network communication overview
For proper functionality of the Dispatcher Paragon environment following ports have to be opened on the server side.
Network Communication Overview
Workstation to server communication (server inbound rules)
|
Required? |
Type |
Port |
Communication type |
Description (communication from the user) |
|
Mandatory |
TCP |
80/443 |
HTTP/HTTPS |
For access to the Dispatcher Paragon administration/reporting web interface |
|
Mandatory |
TCP |
9090/9443 |
HTTP/HTTPS |
For access to the End User UI web interface |
|
Optional (if using a workstation client) |
TCP |
9100 |
proprietary compressed |
Job reception from client workstations (TCP/raw communication) |
|
Optional (If spooling on a server) |
TCP |
515 |
LPR |
Job reception from client workstations (LPR) |
|
Optional/Recommended from Localhost (monitoring only) |
TCP |
19898 |
JMX |
Management Service system health monitoring via JConsole Configurable by the cmlJmxServerPort property in Dispatcher Paragon system settings. |
|
Optional/Recommended from Localhost (monitoring only) |
TCP |
9696/9002 |
JMX |
Management Service LDAP replicator system health monitoring via JConsole |
|
Optional/Recommended from Localhost (monitoring only) |
TCP |
9898 |
JMX |
SpoolerController system health monitoring via JConsole SpoolerController only: Configurable by the orsJmxServerPort property in Dispatcher Paragon system settings |
|
Optional/Recommended from Localhost (monitoring only) |
TCP |
9999 |
JMX |
SpoolerController group system health monitoring via JConsole |
|
Optional/Recommended from Localhost |
TCP |
9000 |
JMX |
Management Service auxiliary internal port used by JMX server Management service only: Configurable by the jmxRmiServerPort property in Dispatcher Paragon system settings |
|
Optional/Recommended from Localhost |
TCP |
19044 |
JMX |
The SpoolerController group service auxiliary internal port used by JMX server |
|
Optional/Recommended from Localhost |
TCP |
4000 |
HTTP/HTTPS |
Communication between Terminal Server and Workflow Processing System |
|
Optional (If spooling on a server) |
TCP |
5559 |
YMQ |
Communication between Non–spooling FlexiSpooler and Spooling FlexiSpooler |
|
Mandatory on Site Server |
TCP |
5555 |
YMQ |
Communication between FlexiSpooler (and its Desktop Interface) to Spooler Controller |
|
Mandatory for a FlexiSpooler shared folder |
TCP UDP |
137/139/445 137/138 |
SMB |
Shared folder for uploading jobs |
Server to Printer Communication (Server Outbound Rules)
|
Required? |
Type |
Port |
Communication type |
Description (communication from the user) |
|
Optional (required with server spooling) |
TCP |
631/80 |
IPP |
Jobdata delivery to printer (IPP) |
|
Optional (required with server spooling) |
TCP |
9100 |
RAW |
Job data delivery to printer (Raw TCP) |
|
Optional |
TCP |
80/443 |
IPP/SSL |
Job data delivery to printer (IPP over SSL) |
|
Optional |
TCP |
515 |
LPR |
Job data delivery to printer (LPR) |
|
Optional |
TCP |
9100 |
proprietary SSL |
Job data delivery to printer (compressed via YSoft SafeQ Terminal Professional) |
|
Optional |
UDP |
64099 |
proprietary broadcast |
YSoft SafeQ Terminal Professional / UltraLight discovery |
|
Optional |
TCP |
4095 |
proprietary |
YSoft SafeQ Terminal Professional / UltraLight remote configuration |
|
Mandatory for embedded terminals |
TCP |
50001/50003 |
proprietary WS SSL |
Embedded (KM, Xerox, Sharp) remote configuration |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Ricoh |
TCP |
80, 443, 8080, 51443 64098 |
proprietary |
Dispatcher Paragon Embedded Terminal for Ricoh installation and automatic configuration used by RXOP libraries Dispatcher Paragon Embedded Terminal for Ricoh configuration |
|
Mandatory for online print/copy tracking |
UDP |
161 |
SNMP |
Online accounting of network printer MFD |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Toshiba |
TCP |
49629, 49630 |
HTTP/HTTPS |
Dispatcher Paragon Embedded Terminal for Toshiba installation |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Xerox/Fuji–Xerox |
TCP |
80, 443 |
HTTP/HTTPS |
Dispatcher Paragon Embedded Terminal for Xerox/Fuji–Xerox installation |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Konica Minolta |
TCP |
80, 50003 |
HTTP, proprietary WS SSL |
Dispatcher Paragon Embedded Terminal for Konica Minolta installation |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Sharp |
TCP |
80/443 |
HTTP/HTTPS |
Dispatcher Paragon Embedded Terminal for Sharp installation and during authentication on terminal |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Samsung |
TCP |
80 |
HTTP |
Dispatcher Paragon Embedded Terminal for Samsung installation |
|
Mandatory for Dispatcher Paragon Embedded Terminal installation |
UDP |
161 |
SNMP |
Dispatcher Paragon Embedded Terminal installation MFD check |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Lexmark |
TCP |
80, 21 |
HTTP, FTP |
Dispatcher Paragon Embedded Terminal for Lexmark installation |
|
Mandatory with Dispatcher Paragon Embedded Terminal for HP |
TCP |
7627 |
HTTPS |
Dispatcher Paragon Embedded Terminal for HP installation |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Epson |
TCP |
80, 443 |
HTTP/HTTPS |
Dispatcher Paragon Embedded Terminal for Epson installation |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Brother |
TCP |
80, 443 |
HTTP/HTTPS |
Dispatcher Paragon Embedded Terminal for Brother installation |
|
Optional - Active FTP transfers (for embedded terminal scanning) |
TCP |
>1023 |
FTP |
Range of ports for active FTP transfers (choice of passive/active FTP made by MFD, range of port on MFD side controlled by MFD, range of ports on server side defined by operating system - e.g. https://support.microsoft.com/cs-cz/help/929851/the-default-dynamic-port-range-for-tcp-ip-has-changed-in-windows-vista) |
|
Mandatory with Terminal Pro 4 |
TCP |
22 |
SSH |
Manages configuration of Terminal Pro 4/eDEE/SafeQube/FlexiSpooler during terminal installation (communication Site Server to HW appliance) |
Printer to server communication (server inbound rules)
|
Required? |
Type |
Port |
Communication type |
Description (communication from the user) |
|
Mandatory with Terminal Professional / Ultralight / Network Card Reader |
TCP |
4096 |
Proprietary SSL low volume, low latency |
Terminal Professional/UltraLight/Network Card Reader authentication and session control |
|
Optional (if using time synchronization with a Terminal Professional) |
UDP |
37 |
Time protocol |
Time synchronization between a Terminal Professional and the server. When the system parameter timeServerEnable is enabled, the server is listening on UDP port 37. The terminal connects to this port upon restart. |
|
Mandatory with all embedded terminals, Terminal Pro 4 and Mobile Terminal except Dispatcher Paragon Embedded Terminal for KM native and Dispatcher Paragon Embedded Terminal for Samsung |
TCP |
5021, 5022 |
HTTP/HTTPS |
Dispatcher Paragon Terminal Application communication, Dispatcher Paragon Mobile Terminal. |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Sharp, Toshiba, Xerox and Fuji-Xerox |
TCP |
5011, 5012 |
HTTP/HTTPS |
Vendor-specific web services |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Ricoh |
TCP |
5012 |
HTTP/HTTPS |
Accounting and charging |
|
Mandatory with Dispatcher Paragon Embedded Terminal for KM |
TCP |
5014–5019 |
WS SSL low volume, low latency |
Dispatcher Paragon Embedded Terminal (KM) authentication and session control |
|
Mandatory with Dispatcher Paragon Embedded Terminal for HP |
TCP |
5025 |
HTTP/HTTPS |
Webservices for Dispatcher Paragon Embedded Terminal (HP) |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Epson |
TCP |
5023, 5024 |
HTTP/HTTPS |
Webservices for Dispatcher Paragon Embedded Terminal (Epson) |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Brother |
TCP |
5026, 5027 |
HTTP/HTTPS |
Webservices for Dispatcher Paragon Embedded Terminal (Brother) |
|
Mandatory with Dispatcher Paragon Embedded Terminal for Toshiba |
TCP |
389/636 |
LDAP/LDAPS |
Internal LDAP for Dispatcher Paragon Embedded Terminal for Toshiba When 389 is blocked (by an already running AD on a domain controller), Dispatcher Paragon installer will display a warning and use 390 port instead |
|
Optional |
TCP |
25 |
SMTP |
Scanning from MFDs via email (optional, depending on MFD capabilities) |
|
Mandatory for WebDAV scanning |
TCP |
5610 |
Secured WebDAV/HTTPS |
Scanning from MFDs via scan workflow (optional, depending on MFD capabilities, configurable by webdavPort ) |
|
Optional |
TCP |
139 |
SMB |
Scanning from MFDs via scan to folder (optional, depending on MFD capabilities) |
|
Mandatory for embedded terminal scanning |
TCP |
21 |
FTP |
Scanning from MFDs via scan to folder (optional, depending on MFD capabilities, configurable by ftp-port ) |
|
Optional—Passive FTP transfers (for embedded terminal scanning) |
TCP |
>1023 |
FTP |
Range of ports for passive FTP transfers (choice of passive/active FTP made by MFD, range of ports on MFD side controlled by MFD, range of ports on server side inherited by Dispatcher Paragon from the operating system - see https://support.microsoft.com/cs-cz/help/929851/the-default-dynamic-port-range-for-tcp-ip-has-changed-in-windows-vista) |
|
SafeQ infrastructure service |
TCP |
7348 |
HTTP/HTTPS |
Updates, heartbeat and other communication of Terminal Pro 4/eDEE/SafeQube/FlexiSpooler (communication from HW appliances to Site Servers) |
Inter–server communication (inbound and outbound rules)
|
Required? |
Type |
Port |
Communication type |
Description (communication from the user) |
|
Mandatory for Management Service cluster |
TCP |
4099 |
Management Service > Management Service proprietary ~1kB per print job |
Application–level cluster synchronization |
|
Mandatory for SpoolerController |
TCP |
6010 |
SpoolerController > Management Service proprietary ~40–60 kB per print job |
Spooler Controller to Management Service communication and synchronization |
|
Mandatory |
TCP |
5556 |
TerminalServer > SpoolerController proprietary |
Terminal Server (TS) component (required for Dispatcher Paragon Embedded Terminal support), communication with server application |
|
Mandatory for load balancing |
TCP |
6020 |
Management Service > Management Service |
Internal communication between Management Service instances |
|
Mandatory for near job roaming |
UDP Multicast |
configurable |
SpoolerController > SpoolerController |
Near Roaming Group synchronization. Mandatory for roaming groups with 10+ SpoolerController servers. |
|
Mandatory for near job roaming |
TCP |
7800 |
SpoolerController > SpoolerController |
Near Roaming Group synchronization. Required for roaming groups up to 10 SpoolerController servers. |
|
Optional for etcd |
TCP |
2377 |
TerminalServer > etcd |
Default value of port used by the Terminal Server to communicate with the local etcd |
|
Optional for etcd |
TCP |
2378 |
etcd > etcd |
Default value of port for communication between etcd nodes |
|
Mandatory for job roaming |
TCP |
81 |
SpoolerController > SpoolerController |
Job roaming via distributed layer |
|
Mandatory for FlexiSpooler shared folder |
TCP UDP |
137/139/445 137/138 |
SMB |
Shared folder for uploading jobs |
|
Mandatory for Mobile Print and job transfers |
TCP |
5559 |
HTTP/HTTPS |
Exchanging job data between spoolers, sending jobs from Mobile Print |
|
Mandatory on Site Server |
TCP |
5555 |
YMQ |
Communication between FlexiSpooler (and its Desktop Interface), Mobile Print to Spooler Controller |
|
Mandatory for Mobile print |
TCP |
110/143/995/993 |
POP3/IMAP/POP3S/IMAPS |
Mobile Print downloads emails from mail server |
|
Optional for Mobile print |
TCP |
443 |
EWS |
Mobile Print downloads emails using Exchange web services |
|
SafeQ infrastructure service |
TCP |
7348 |
HTTP/HTTPS |
Managment of Terminal Pro 4/eDEE/SafeQube/FlexiSpooler (communication from IMS Proxy on Site Servers to IMS on Management servers) |
|
Mandatory when WPS is installed on different machine than TS |
TCP |
5600 |
HTTP |
Endpoint for communication with between WPS and Terminal Server |
Other communication
|
Required? |
Type |
Port |
Communication type |
Description (communication from the user) |
|
Mandatory for LDAP synchronization |
TCP |
636 |
Management Service > LDAP |
LDAP integration (server > LDAP controller) secured over SSL |
|
Optional |
TCP |
389 |
Management Service > LDAP |
LDAP integration (server > LDAP controller) |
|
Optional |
TCP |
3268 |
Management Service > LDAP |
LDAP integration (server > LDAP controller) |
|
Optional |
TCP |
4196 |
YSoft Payment Machine > Dispatcher Paragon Payment System |
Management connection |
|
Optional |
TCP |
4197 |
YSoft Payment Machine > Dispatcher Paragon Payment System |
Management connection over SSL (e.g. time synchronization) —this port is needed to be set up in Payment Machine service menu during the configuring of the Payment System server address |
|
Optional |
TCP |
4198 |
YSoft Payment Machine > Dispatcher Paragon Payment System |
Main connection |
|
Optional |
TCP |
4199 |
YSoft Payment Machine > Dispatcher Paragon Payment System |
Main connection over SSL |
|
Optional |
TCP |
8080 |
Terminal Server > Dispatcher Paragon Payment System |
Web, rest services (APIs) |
|
Optional |
TCP |
8443 |
Terminal Server > Dispatcher Paragon Payment System |
Web, rest services (APIs) |
|
Optional |
TCP |
25 |
SMTP |
SMTP (Scan job delivery, notifications to administrator and users) |
|
Mandatory |
UDP |
1434 |
Management Service / Payment System > MSSQL DB |
This communication is used to query the SQL server browser service. The SQL browser service will respond with the TCP port number that will be used for the rest of communication. |
|
Mandatory |
TCP |
see description |
Management Service / Payment System > MSSQL DB |
The port number is dynamically assigned by the SQL browser service, see http://technet.microsoft.com/en–us/library/cc646023.aspx for more information. |
|
Mandatory for TerminalServer |
TCP |
5557 |
SpoolerController > TerminalServer |
Requests from SpoolerController to TerminalServer. Always localhost. |
Cluster installation
|
Required |
Type |
Port |
Communication type |
Description (communication from the user) |
|
Mandatory |
TCP |
4001 |
Management Service |
Internode communication |
|
Mandatory for Management Service |
TCP |
2379 |
Management installer > etcd |
Used by Management installer to store/obtain database server configuration |
|
Mandatory for Management Service |
TCP |
2380 |
etcd > etcd |
Communication between etcd nodes |