The goal of this article is to explain how to magnify the capabilities of MS Print Server by making it massively scalable and by setting it up in high availability in order to be tolerant to failures, and how to reinforce cybersecurity.
What is high availability?
High availability is a quality of a system or component that assures a high level of operational performance, usually uptime, for a higher than normal period of time. By setting up MS print server in high availability, we solve the following issues:
A single server loses efficiency when handling a large amount of requests.
Session data is preserved in case of server failure.
Updating application without discontinuing service.
What is a print server?
A print server or printer server, is a server in charge of connecting printers to client computers over a network. Print servers usually work in TCP and UDP port 170. In this guide we will focus on Microsoft printer server. The following are the protocols provided by Windows Server for network print services. Some protocols might not be used, depending on the needs of the client computers.
Server Message Block (SMB)
Line Printer Remote (LPR)
Line Printer Daemon (LPD)
Remote procedure call (RPC)
Internetwork Packet Exchange (IPX)
Internet Printing Protocol (IPP)
Transmission Control Protocol/Internet Protocol (TCP/IP)
Simple Network Management Protocol (SNMP)
For further information about these protocols, please check How network printing works .
Setting up Zevenet Load Balancer
To follow these instructions it’ll be required to install an instance of Zevenet Load Balancer and several instances of Windows Server. Other vendors only offer a single configuration of this service through DSR (Direct Server Return), but in this article we will offer an alternate solution, where we will avoid the DSR drawbacks, which are:
Backend servers have to increase the amount of work that they must do, responding to health check requests with their own IP address and to content requests with the VIP assigned by the load balancer..
ARP requests must be ignored by the backends. If this is not the case, the VIP traffic routing would be bypassed as the backend will establish a direct two way connection with the client.
Application acceleration is not an option. The load balancer does nothing regarding the handling of outbound traffic.
No way to implement cookie insertion and port translation
There is no way to handle SOAP/Error/Exception issues.
Protocol vulnerabilities are not protected.
Caching needs to take place on the routers using WCCP. This solution adds complexity and it is error-prone.
The environment we are going to describe is the following:
Step 1: Create virtual IP
To create a new virtual IP, from the ZLB main menu, select Settings >> Interfaces .
Find the physical interface where you want to create a virtual ip and under Actions click on the button add virtual network interface:
Type the address and bitmask of your new virtual IP, it must be in the same subnet as the physical device. Save it by clicking on Save.
Step 2: Create L4XNAT farm
A farm is a collection of computer servers that provide server functionality increasing significantly its capability. This way, by setting up a farm of application servers, we will increase its performance, which is essential for high availability. In order to achieve this go to Manage >> Farms .
Click on Add new farm and in the new window, select a name and L4xNAT as profile. We select this profile because it is a high performance load balancing system at routing layer 4 which combines multiple load balancing methods like, for example, Source NAT and Destination NAT.
Two more options will be displayed. Select the virtual IP created on step 1 and set * as port. By setting the port as *, the farm will be available at any port. Once done, click on the Save button. This particular settings allows the printing service to be offered by several different protocols.
Step 3: Farm parameters
Once the farm has been created, we have to edit it in order to set up more parameters. Please locate your new farm and click on the button Edit Farm.
We want to avoid server commutation: if during our session we jump from one server to another, we might end up printing in several printers, which would lead to chaos, so avoiding this situation is critical, so we will set up the Persistence choosing IP Client address. This way, the same client will connect always to the same server.
Next parameter to be configured is the NAT type. NAT stands for Network Address Translation, and it is a method of remapping one IP address space into another. This is achieved by modifying network address information in the IP datagram packet headers while they are in transit across a traffic routing device. In simpler words, it translates the IP addresses of computers in a local network to a single IP address.
In our example we will set this parameter as NAT as well known as source NAT. If the user needs transparency (client’s IP in the backend service) then we should set up DNAT.
Click on Modify and a new parameter will show up: Source IP Address Persistence time to limit. By default is set 120 seconds. This parameter is the time out of the persistence.
In this example, the Protocol type is set to TCP, but it can be also set to UDP with all ports available (with *).
Step 4: Advanced checking
We will now set up the farm guardian in order to perform advanced health checks to the backends ensuring that they’re up, running and the print server correct behavior. Please locate the Farm Guardian within your Service we have set up in step 3. Click on Use FarmGuardian to check Backend Servers, you can also modify the time between checks with the option Check interval and finally, in the Command to check textbox, type the following command:
check_tcp -H HOST -p 135 -t 10 -c 10 -w 10
Finally, click on Modify.
The command check_tcp tests TCP connections with the specified host. In our case, we are using the following options:
-H HOST: IP or address name, in our case, name is HOST.
-p 135: port to check, in the case of L4xNAT with all ports defined in the backends it can’t be PORT, we need to define a specific port like 135.
-t 10: 10 seconds before connection times out. This parameter should be customized in regards to the response times you’ve obtained for your backends.
-c 10: response time to critical status, by default 10 seconds.
-w 10: response time to result in warning status, by default 10 seconds.
Step 5: Add the backends
This is where we will add the IP addresses of the MS print servers. Locate the section Edit real IP servers configuration and click on Add real server, then type the server IP address and in this case, we leave the port field empty as we will be using several ports (one for login and other ports for printing and queues) according to the Microsoft Print Services specification. Finally, we include the weight and priority paramenters and click on Save real server.
Step 6: MS Print Server setup
Everything is done in Zevenet Load Balancer. Now it is time to apply some changes in the MS Print Server. By other hand, in each backend server the file hosts should be modified. Take into account that the DNS must resolve printserver.mydomain.com, what we are going to do here is to force this resolution to the local IP. The hosts file is located in C:\windows\system32\drivers\etc.
In every backend please add:
<OWN_BACKEND_IP> <SERVICE_DOMAIN> <SERVICE_NAME>
In our example, on the server 192.168.56.101, add the following line:
192.168.56.101 printserver.mydomain.com printserver
and on server 192.168.56.102:
192.168.56.102 printserver.mydomain.com printserver
And restart both print services.
With these steps, the client is ready to configure the print in high availability service.