SafeQ ORS Server pre-installation check list
SafeQ ORS Server pre-installation check list
Following features has to be installed and available on the server for ORS server installation
To see list of supported platforms, please visit Software requirements page.
Microsoft .NET 4.5.1 and Windows Installer 4.5 shall be installed.
No other software installed, except as agreed by YSOFT.
IP addresses for the local SafeQ ORS server are prepared before the installation of MFPs and terminals.
ORS servers (all nodes of the clusters) meets minimum requirements. See Hardware requirements for details.
Latest security patches shall be installed on operating systems.
See Antivirus Settings page to make sure system performance is not affected by Antivirus software.
There is no other software that can interfere with SafeQ installed on the servers or Other Print Solution, except as specified in this document.
"LPD service" not installed in case "Print Server" role is used.
Following criteria shall be met in order to install ORS in near roaming group (NRG):
Multicast IP address for discovery
1 Gbit stable LAN connection
Following criteria shall be met in order to install ORS on a server with several network interfaces
Server is configured as described in: SafeQ ORS on a server with two or more network interfaces
Network communication overview
For proper functionality of the SafeQ environment following ports have to be opened on the server side.
Network communication overview
Workstation to server communication (server inbound rules)
Required? | Type | Port | Communication type | Description (communication from the user) |
Mandatory | TCP | 80/443 | HTTP/HTTPS | for access to YSoft SafeQ administration/reporting web interface |
Optional (if using workstation client) | TCP | 9100 | proprietary compressed | job reception from client workstations (YSoft SafeQ Client Protocol) |
Optional (if using Local Monitor) | TCP | 9100 | proprietary | accounting information from Local Monitor installed on workstation or server |
Optional (if using workstation client) | TCP | 515 | LPR | job reception from client workstations (LPR) |
Optional | TCP | 4097 | proprietary SSL | Access verification and data transfer with job print from client workstations (YSoft SafeQ Port Protocol Level 1-3 only) Used when YSoft SafeQ configuration property useSSLProxy is enabled. The property can be disabled when YSoft SafeQ Client protocol level 4 is used. |
Optional (if using central reporting) | TCP | 2382/2383 | OLAP | for access to Central Reporting Services OLAP interface (MS SQL Analysis service) |
Optional / Recommended from Localhost (monitoring only) | TCP | 19898 | JMX | CML system health monitoring via JConsole. Port number is configurable by cmlJmxServerPort property and port binding via cmlJmxNetworkInterface property in SafeQ system settings. By default bound to localhost (127.0.0.1) network interface. |
Optional / Recommended from Localhost (monitoring only) | TCP | 9797 | JMX | CML DBSync system health monitoring via JConsole. Port number is configurable by dbSyncJmxServerPort property and port binding via dbSyncJmxNetworkInterface property in DBSync configuration file (cmldb-cluster.conf). By default bound to localhost (127.0.0.1) network interface. |
Recommended from Localhost | TCP | 9696 | JMX | CML LDAP Replicator system health monitoring via JConsole and communication between CML and LDAP Replicator itself. Port number is configurable by ldapReplicatorServicePort property and port binding via ldapJmxNetworkInterface property in SafeQ system settings. By default bound to localhost (127.0.0.1) network interface. |
Recommended from Localhost | TCP | 9002 | JMX | CML LDAP Replicator auxiliary internal port used by JMX server. Port number is configurable by ldapJmxRmiServerPort property and port binding via ldapJmxNetworkInterface property in SafeQ system settings. By default bound to localhost (127.0.0.1) network interface. |
Optional / Recommended from Localhost (monitoring only) | TCP | 9898 | JMX | ORS, CRS system health monitoring via JConsole. ORS only: Port number is configurable by orsJmxServerPort property and port binding via orsJmxNetworkInterface property in SafeQ system settings. CRS only: Port number is configurable by crsJmxServerPort property and port binding via crsJmxNetworkInterface property in CRS configuration file (crs.conf). By default bound to localhost (127.0.0.1) network interface. |
Optional / Recommended from Localhost (monitoring only) | TCP | 9999 | JMX | ORS Web (distributed layer) system health monitoring via JConsole. By default bound to localhost (127.0.0.1) network interface. |
Optional / Recommended from Localhost | TCP | 9000 | JMX | CML, ORS, CRS auxiliary internal port used by JMX server. CML only: Port number is configurable by jmxRmiServerPort property and port binding via cmlJmxNetworkInterface property in SafeQ system settings. ORS only: Port number is configurable by jmxRmiServerPort
property and port binding via orsJmxNetworkInterface property
in SafeQ system settings. CRS only: Port number is configurable by jmxRmiServerPort
property and port binding via crsJmxNetworkInterface property
in CRS configuration file (crs.conf). By default bound to localhost (127.0.0.1) network interface. |
Optional / Recommended from Localhost
| TCP | 9005 | JMX | CML DBSync auxiliary internal port used by JMX server. Port number is configurable by dbSyncRmiServerPort property and port binding via dbSyncJmxNetworkInterface property in DBSync configuration file (cmldb-cluster.conf). By default bound to localhost (127.0.0.1) network interface. |
Optional / Recommended from Localhost | TCP | 19044 | JMX | ORS Web auxiliary internal port used by JMX server . |
Optional (if using workstation client) | TCP | 4096 | proprietary 1kB - per request | Information regarding queues for YSoft SafeQ Client configuration |
Server to printer communication (server outbound rules)
Required? | Type | Port | Communication type | Description (communication from the user) |
Mandatory | TCP | 9100 | proprietary | Job data delivery to printer (Raw TCP) |
Mandatory | TCP | 515 | LPR | Job data delivery to printer (LPR) |
Optional | TCP | 80/443 | IPP/SSL | Job data delivery to printer (IPP over SSL) |
Optional | TCP | 9100 | proprietary SSL | Job data delivery to printer (compressed via Terminal Professional) |
Optional | UDP | 64099 | proprietary broadcast | Terminal Professional/UltraLight discovery |
Optional | TCP | 4095 | proprietary | Terminal Professional/UltraLight remote configuration |
Mandatory for embedded terminals | TCP | 50001/50003 | proprietary WS SSL | Embedded (KM, Xerox, Sharp) remote configuration |
Mandatory with YSoft SafeQ Embedded Terminal for Ricoh ESA | TCP | 80, 443, 8080, 51443 64098 | proprietary | YSoft SafeQ Embedded Terminal for Ricoh installation and automatic configuration used by RXOP libraries YSoft SafeQ Embedded Terminal for Ricoh configuration |
Mandatory for online print/copy tracking | UDP | 161 | SNMP | Online accounting of network printer MFP |
Mandatory with YSoft SafeQ Embedded Terminal for Toshiba | TCP | 49629, 49630 | HTTP/HTTPS | YSoft SafeQ Embedded Terminal for Toshiba installation |
Mandatory with YSoft SafeQ Embedded Terminal for Xerox/Fuji-Xerox | TCP | 80, 443 | HTTP/HTTPS | YSoft SafeQ Embedded Terminal for Xerox/Fuji-Xerox installation |
Mandatory with YSoft SafeQ Embedded Terminal for Konica Minolta | TCP | 80, 50003 | HTTP, proprietary WS SSL | YSoft SafeQ Embedded Terminal for Konica Minolta installation |
Mandatory with YSoft SafeQ Embedded Terminal for Sharp | TCP | 80/443 | HTTP/HTTPS | YSoft SafeQ Embedded Terminal for Sharp installation and during authentication |
Mandatory with YSoft SafeQ Embedded Terminal for Samsung | TCP | 80 | HTTP | YSoft SafeQ Embedded Terminal for Samsung installation |
Mandatory with YSoft SafeQ Embedded Terminal for HP | TCP | 7627 | HTTPS | YSoft SafeQ Embedded Terminal for HP installation |
Mandatory for YSoft SafeQ Embedded Terminal installation | UDP | 161 | SNMP | YSoft SafeQ Embedded Terminal installation MFP check |
Optional - Active FTP transfer (for embedded terminal scanning) | TCP | >1023 | FTP | Range of ports for active FTP transfers (whether passive or active transfer is used is controlled by MFD, range of port on MFD side controlled by MFD, range of ports on server side defined by operating system - e.g. https://support.microsoft.com/cs-cz/help/929851/the-default-dynamic-port-range-for-tcp-ip-has-changed-in-windows-vista) |
Printer to server communication (server inbound rules)
Required? | Type | Port | Communication type | Description (communication from the user) |
Mandatory with Terminal Professional | TCP | 4096 | Proprietary SSL low volume, low latency | Terminal Professional/UltraLight authentication and session control |
Optional (if using time synchronization with Terminal Professional) | UDP | 37 | Time protocol | Time synchronization between Terminal Professional and the server. When the system parameter timeServerEnable is enabled, server is listening on UDP port 37. Terminal connects to this port upon restart. |
Mandatory with YSoft SafeQ Embedded Terminal for Ricoh | TCP | 5012, 5021, 5022 | Proprietary low volume, low latency | YSoft SafeQ Embedded Terminal (Accounting and charging) YSoft SafeQ Terminal Application communication |
Mandatory with YSoft SafeQ Embedded Terminal for Browser | TCP | 5011, 5012, 5013 | HTTP/HTTPS | YSoft SafeQ Embedded Terminal browser communication |
Mandatory with YSoft SQTA or YSoft SafeQ Embedded Terminal for Browser (HP/Sharp/Toshiba EAL) | TCP | 5021, 5022 | HTTP/HTTPS | YSoft SafeQ Terminal Application communication |
Mandatory with YSoft SafeQ Embedded Terminal for KM | TCP | 5014-5019 | WS SSL low volume, low latency | YSoft SafeQ Embedded Terminal (KM) authentication and session control |
Mandatory with YSoft SafeQ Embedded Terminal for HP | TCP | 5025 | HTTP/HTTPS | Webservices for YSoft SafeQ Embedded Terminal (HP) |
Mandatory with YSoft SafeQ Embedded Terminal for Xerox/Toshiba | TCP | 389 | LDAP | Internal LDAP for YSoft SafeQ Embedded Terminal for Toshiba When 389 is blocked (by already running AD on a domain controller), SafeQ 5 GUI installer will display warning and use 390 port instead |
Mandatory with Network Card Reader | TCP | 5011/5012 | Proprietary SSL | Network Card Reader authentication |
Optional | TCP | 5020 | Proprietary | Preview provider for Terminal Professional (optional, depending on SafeQ setting, configurable by preview-provider-port) |
Optional | TCP | 25 | SMTP | Scanning from MFPs via e-mail (optional, depending on MFP capabilities) |
Mandatory for WebDAV scanning | TCP | 443 | Secured WebDAV/HTTPS | Scanning from MFPs via scan workflow (optional, depending on MFP capabilities) |
Optional | TCP | 139 | SMB | Scanning from MFPs via scan to folder (optional, depending on MFP capabilities) |
Mandatory for embedded terminal scanning | TCP | 21 | FTP | Scanning from MFPs via scan to folder (optional, depending on MFP capabilities) |
Optional - Passive FTP transfer (for embedded terminal scanning) | TCP | >1023 | FTP | Range of ports for passive FTP transfers (optional, whether passive or active transfer is used is controlled by MFD - range of ports depending on SafeQ configuration parameter ftpPassivePorts) |
Inter-server communication (inbound and outbound rules)
Required? | Type | Port | Communication type | Description (communication from the user) |
Mandatory for cluster | TCP | 4099 | CML > CML proprietary ~1kB per print job | Application-level cluster synchronization |
Mandatory for cluster | TCP | 4111, | CML > CML proprietary ~1kB per print job | Application-level cluster DB synchronization |
Mandatory for ORS | TCP | 6010 | ORS > CML proprietary ~40 - 60 kB per print job | ORS-to-CML communication and synchronization |
Mandatory for Central Reporting | TCP | 4139 | CML > CRS proprietary ~1kB per print job | Reporting data collection asdf |
Mandatory | TCP | 5556 | TS > server (CML/ORS) (localhost) proprietary | Terminalserver (TS) component (required for YSoft SafeQ embedded terminal support), communication with server application |
Mandatory for job roaming | TCP | 8000 | ORS > ORS | Job data transfer for roaming jobs (uncompressed) |
Mandatory for load balancing | TCP | 6020 | CML > CML | Internal communication between CMLs |
Mandatory for near job roaming | UDP Multicast | configurable | ORS > ORS | Near Roaming Group synchronization. |
Mandatory for near job roaming | TCP | 7800 | ORS > ORS | Near Roaming Group synchronization. Required for roaming groups up to 10 ORS servers. |
Mandatory for web status information | TCP | 20222 | CML/MPS > CML | RMI registry port used by web for SafeQRemote listening and binding. This port is opened upon installation, consider blocking it for inbound connections, see firewall settings. |
Mandatory for web status information | TCP | 20223 | CML/MPS > CML | RMI registry port used by web for incoming connections. This port is opened upon installation, consider blocking it for inbound connections, see firewall settings. |
Mandatory for web status information | TCP | 20224 | CML/MPS > CML | RMI registry port used by web for UserManagerRemote binding and listening. This port is opened upon installation, consider blocking it for inbound connections, see firewall settings. |
Mandatory for web status information | TCP | 20225 | CML/MPS > CML | RMI registry port used by web for PaymentManagerRemote binding and listening. This port is opened upon installation, consider blocking it for inbound connections, see firewall settings. |
Mandatory for AP Connector | TCP | 9100 | AP > CML, ORS | AP Connector to CML/ORS via client protocol |
Mandatory for AP Connector | TCP | 5556 | AP > CML, ORS | AP Connector (AP) component, communication with server application |
Optional for etcd | TCP | 2380 | etcd > etcd | Default value of port for communication between etcd nodes (either between CML nodes in the cluster or between ORS nodes in near roaming group) |
Optional for etcd | TCP | 2379 | TS > etcd | Default value of port used by the Terminal Server to communicate with the local etcd |
Mandatory for roaming groups with 10+ ORS servers.Other communication
Required? | Type | Port | Communication type | Description (communication from the user) |
Mandatory for LDAP synchronization | TCP | 636 | CML > LDAP | LDAP integration (server > LDAP controller) secured over SSL |
Optional | TCP | 389 | CML > LDAP | LDAP integration (server > LDAP controller) |
Optional | TCP | 3268 | CML > LDAP | LDAP integration (server > LDAP controller) |
Optional | TCP | 4100 | Terminal > SafeQ | Port where the terminal update service is running (configurable by rs-terminal-update-port) |
Optional | TCP | 4444 | Rech. Station > CML | YSoft SafeQ Payment Machine (QuickChip); not supported by YSoft SafeQ5 |
Optional | TCP | 4196 | YSoft SafeQ Payment Machine > YSoft Payment System | Management connection |
Optional | TCP | 4197 | YSoft SafeQ Payment Machine > YSoft Payment System | Management connection over SSL (e.g. time synchronization) - this port is needed to setup in SPM service menu during configuring of Payment System server address |
Optional | TCP | 4198 | YSoft SafeQ Payment Machine > YSoft Payment System | Main connection |
Optional | TCP | 4199 | YSoft SafeQ Payment Machine > YSoft Payment System | Main connection over SSL |
Optional | TCP | 8080 | CML/TS > YSoft Payment System | web, rest services (APIs) |
Optional | TCP | 8443 | CML/TS > YSoft Payment System | web, rest services (APIs) |
Optional | TCP | 25 | SMTP | SMTP (Scan job delivery, notifications to administrator and users) |
Optional | TCP | 80 | SafeQ Client -> ORS web | ORS web communication with client (billing codes etc.) |
Mandatory | UDP | 1434 | CML > DB | This communication is used to query the SQL server browser service. SQL browser service will respond with the TCP port number that shall be used for the rest of communication. |
Mandatory | TCP | see description | CML > DB | The port number is dynamically assigned by SQL browser service, see http://technet.microsoft.com/en-us/library/cc646023.aspx for more information. |
Mandatory for AP Connector | UDP | 5353 | AP Connector > subnet | AP Connector (AP) component multicast to subnet using Bonjour |
Mandatory for AP Connector | TCP | 8050 | client > AP Connector | Job delivery from iOS or MAC client to AP Connector (AP) over IPPS. 8050 is default but configurable port. |
Cluster installation
Required | Type | Port | Communication type | Description (communication from the user) |
Mandatory | TCP | 4111 | CML > CML | Proprietary DB Sync |
Mandatory | TCP | 6020 | CML > CML | Inter node communication |
Mandatory | TCP | 443 | CML > CML | First replication of CML database |