Net-Print at Cornell
Download
Report
Transcript Net-Print at Cornell
Accounting for Printing
and the Cornell Net-Print Service
Who am I?
Rick Cochran
– Cornell Information Technologies
Systems & Operations
– Designated Services
Cornell Physics ’71
Manager of the Research Computing
Facilities of the Cornell Center for Materials
Research for c. 20 years
– Included printer accounting
Joined CIT as software developer for NetPrint in 1998
Road map
The Cornell Net-Print Service – how
we do printer accounting at Cornell
Printer accounting philosophy and
decision making
Challenges
Future Possibilities
Demos
Questions
The Cornell Net-Print Service
How we do it
Net-Print: Non-technical details
Started in 1996
– Laurie Collinsworth and Mike Hojnowski (design and coding)
– Carrie Regenstein (politics)
– Student labor (coding)
Cornell has no central funding model
– Printing allocations must be done on a per-department basis
– Students must be able to have multiple printing accounts
– Net-Print must be fully cost-recovered
Originally developed for CIT student labs
Extended to departmental “Partner Labs”
– The department buys and maintains their own printers and supplies
– We do the authentication, print serving, page counting, accounting, and
billing
– We return 78% of the funds we collect for printing on the department’s
printers to the department
– The “Hojnowski” effect
You don’t want to be the last lab still offering free printing
Net-Print: Functional diagram
CIT Student Lab
Anywhere
CIT Student Lab
Departmental Partner Lab
Departmental Partner Lab
Dorm room
Net-Print: Technical Details
Spooler: LPRng (http://www.lprng.com)
Database: MySQL
– About 1.2GB
Server: IBM Power PC/AIX
– Moving to Opteron/Linux soon
Development language: Perl
– c. 21k lines
Web server: Apache
– CGI
Net-Print: Authentication methods
MacOS X and Unix: LPRng Kerberized LPR
protocol
– CUPS backend
– CUPS Printing Dialog Extension (PDE) for MacOS
X
Thanks to NCSU!
Windows: Sidecar - Cornell’s Kerberos
authentication scheme
– Protocol-independent, out-of-band, call-back,
Kerberos authentication method
Workstation sends print job to server
Server does call-back to Sidecar process on
workstation to get user’s Kerberos credentials
Net-Print: We are Green
Charging for printing is inherently green
– The Net-Print Service will print c. 8 million pages
this year – which is about 24 million pages less
than would be printed if we were not charging
for printing.
– That’s about 1,880 trees this year!
Watermark alternative to banner pages
– About 100 trees this year!
100% recycled paper (in CIT Labs)
Duplex printing
sp
su ring
m -1
m 99
er 6
-1
fa 9 9
sp ll-1 6
su ring 996
m -1
m 99
er 7
-1
fa 9 9
sp ll-1 7
su ring 997
m -1
m 99
er 8
-1
fa 9 9
l
l
sp -1 8
9
su ring 98
m -1
m 99
er 9
-1
fa 9 9
sp ll-1 9
su ring 999
m -2
m 00
er 0
-2
fa 0 0
sp ll-2 0
su ring 000
m -2
m 00
er 1
-2
fa 0 0
l
l
sp -2 1
0
r
su ing 01
m 2
m 00
er 2
-2
fa 0 0
sp ll-2 2
su ring 002
m -2
m 00
er 3
-2
fa 0 0
l
sp l-2 3
su ring 003
m -2
m 00
er 4
-2
fa 0 0
sp ll-2 4
rin 00
g- 4
20
05
Number of Printers
Net-Print: Growth
160
140
120
100
80
60
40
20
0
Net-Print: Printing History
8.00
7.00
6.00
5.00
Partner Labs
CIT Labs
4.00
3.00
2.00
1.00
0.00
19
96
19
97
19
98
19
99
20
00
20
01
20
02
20
03
20
04
20
05
Millions of Pages Printed
9.00
Fiscal Year
Billing examples – April ‘05
Bursar billing
– $117,153
– 8,699 students
– $13.47 average
Department Account billing
– $1,330
Course Account billing
– $14,521
Disbursement to Partner Labs
– $55,581
Printer accounting philosophy
and decision making
Why Charge for Printing?
Because you have to: Printer supply costs will
bankrupt you
– Charging for printing is the only effective way to make a
brain cell fire before someone pushes the “print” button
To reduce usage of natural resources
– Environmental awareness is becoming increasingly
important
To cover the cost of quality equipment
–
–
–
–
Quality printers
Color printers
Specialty printers (poster, etc.)
Printer maintenance contracts to make sure that the
printers are actually working
Why Not Charge for Printing?
You will be placing yourself between
the user and their output
– Not comfortable
Page counting is complex
Students are clever
Accounting and billing are complex
and expensive
Why Not Charge for Printing?
Refund processing is aggravating
– Printing errors are often caused by the user or
the application – not the service
– You will get weary of listening to excuses
“Somebody else must have printed on my account”
“It never printed” (when you know it did)
“The printing system ate my homework”
Requires a lot of resources (staff,
technology, etc.)
How does your institution work?
Is there a central funding model which
can be used to provide students with
printing allocations?
– This determines how obsessive you need
to be about page counting accuracy,
refunds, etc.
Is there a strong central IT authority?
– This determines whether you can dictate
client platforms, printer types, etc.
Commercial or in-house
Will a commercial package be flexible
enough to meet your institution’s and
customers’ needs?
– Multiple accounts per user
– A networked authentication solution is
more convenient for your users than a
commercial “money card” or “release
station” solution
Do you have the resources to build
and maintain an in-house solution?
Client platforms
Which ones to support?
– Windows (9X, ME, XP)
– MacOS X
– Unix
– We support Windows XP and MacOS X
officially, and Unix unofficially
Single platform is simpler (but less
fun!)
Authentication
Not necessary with “money card” solution
Kerberos, LDAP, Active Directory, NDS, PKI
Things to authenticate
– Printing
Windows (“login” or “share”)
Custom
– Web pages (signup, account management, job
management)
Authorization
Who is authorized to
–
–
–
–
–
–
–
–
Print
Move or delete print jobs
Submit refund requests
Start or stop print queues
View people’s printing and accounting logs
Add or remove print queues
Create, remove, or modify accounts
Create, remove, or modify people’s authorization
Roles: end user, operator, manager, etc.
Network printing protocols
Client to server
– SMB, LPR, IPP
We use SMB and LPR
– Windows LPR implementation is flawed
“Push” bits in TCP reduce throughput
Server to printer
– LPR, IPP, App socket (port 9100)
We use port 9100 because it’s simpler and bidirectional, but it has problems with Binary
PostScript
Server architecture
Central (simpler) or distributed (scales
better)
Hardware and software platform
Page counting
Software (on client or server)
– Less accurate (assumes the job printed OK)
– Requires more CPU resources
Hardware (read the printer’s page counter)
– More accurate
– Delay between print jobs
– Requires printer-dependent code
Requires printer lockdown
– IP address restrictions to prevent circumvention
of the printing system
Page Description Languages (PDLs)
PostScript
– Preferred by professionals
– The PostScript Printer Description (PPD) spec provides
device-independent support for printer features
– Printers without licensed Adobe PostScript engines (HP,
Lexmark) may have problems printing documents
generated by Adobe applications
PCL
– Less problems printing Adobe documents
– Limited feature control at the server end
We require PostScript
– The “watermark” alternative to banner pages is impossible
to implement with PCL
Printer monitoring and security
Printer lockdown requires setting and monitoring
printer parameters
– Anyone with physical access to the printer can reconfigure it
Passwords are required to prevent tampering via
the network (near and far)
Vendor-supplied solutions
–
–
–
–
Lack functionality (printing or exporting data!)
Don’t support other vendors’ printers well
Usually require Windows servers
Are designed to look good in demos so that
You will buy their printers, and
You will buy their printing supplies
Banner pages
It’s important to separate print jobs and
identify their owners
Average job size = 4.8 pages
waste 17%
of paper
Alternative: “watermark” at top of first page
of output
– User-selectable (default is “watermark”)
– Possible only with PostScript
Where are the costs?
It’s not the paper!
Overhead
Paper
Toner
Staff
Printers
Servers
Accounting
Real-time vs. batch
Web interface
Types of accounts
– Credit (unlimited, billed monthly)
Bursar
Department
– Debit (disallow printing when limit is reached)
Cash
Credit card (pre-paid on-line)
Course (allocated by student’s department)
Authorization
– Bursar billing eligibility feed
– Department account
Refund Processing
Reasons for refunds
– Printer failures
Toner outages, printer jams, etc.
– Configuration failures
Binary PostScript
– Application failures
Page selection in Word
– User failures
Blank pages in Excel spreadsheets (record: 969!)
Wrong Web “frame” active
Wanted “6-up” in Powerpoint
Somebody else picked up the output
Forgot to log out
You name it
Only the first category above is the “fault” of the printing
service!
We grant refunds for all but “forgot to log out”
Refund Processing (cont.)
If you’re going to offer refunds, the
process must be automated
– Labor intensive
– You need to make sure that all refund
requests correspond to actual charges!
– Logs and statistics are helpful
For resolving disputes
For determining systematic printing problems
Reason for Refund
em
lR
ea
so
ns
O
th
er
pa
ge
s
pr
ob
l
an
k
Al
Bl
an
gl
ed
gi
bb
er
ish
m
To
ne
r
Pr
in
te
d
Pa
pe
r
Percent of Total Printing
Refund processing (cont.)
0.20%
0.15%
0.10%
0.05%
0.00%
Billing
Bursar feed
Department account feed
Cash management
– Security
– Requires audit trail
Online credit card
– Use a service (eg. VeriSign) which insulates you
from liabilities
Billing reports
– Who printed how much on this account
– We send report spreadsheets as e-mail
attachments
Challenges
Challenge - Authentication
Sidecar is going away
– Sidecar is a protocol-independent, out-ofband, call-back, Kerberos authentication
scheme
– Hence it has inherent vulnerabilities (eg.
with NATs)
– We would like a Kerberized LPR (or other)
protocol “port manager” for Windows.
Please email [email protected] if you have
one!
Challenge - Duplex page counting
Sheets vs. sides (impressions)
Must charge about the same to print a given document
duplexed as for simplexed (you save only 1/3 cent per
document page)
The SNMP page counters in Lexmark, HP, and Xerox printers
click twice for each duplex page
– A three page document costs $.30 simplexed and $.40 duplexed
Xerox Phaser job accounting (to the rescue!)
– Counts sheets and sides
– Accessible via SNMP
Misbehaved Microsoft apps
– IE, Word append a blank page when duplexing an odd number
of pages – defeating our sophisticated page counting technology
– We will document this and wait for Microsoft to fix it
Challenge - Binary PostScript
Generated by default by some apps – notably
Adobe Photoshop, Illustrator, and Pagemaker
Advantage: Half as big as ASCII PostScript
– Example: 100MB vs 200MB
When sent via port 9100 causes printers to spew
many pages of gibberish
Can be fixed by encoding with TBCP
– Works fine for Windows
– The MacOS X spooler won’t TBCP encode Photoshop
output.
Xerox Phaser printers may be able to deal with
Binary PostScript if the port 9100 “filter” option is
set to “none”
– Needs more research
Future Possibilities
Future Possibilities
Charging by supply usage instead of by
pages
– Single printer for both B/W and color
– Charges fairly for small vs. full-page images
– But: the customer doesn’t get to know their
charges in advance
Sell “Printing plans” (like cell phone plans) ??
Future Possibilities
Multiple printers per queue: Load
balancing
– Current job prints on whichever printer is
working/not busy
– Resolves problems caused by long jobs
and broken printers
– Might confuse students: “Where did my
output go?”
Future Possibilities
Multiple queues per printer
– Separate queues would reduce the
confusion involved in choosing duplex or
simplex printing
– Separate queues would permit different
charges for different media
Color printer tray 1 - paper at $.25
Color printer tray 2 - transparency at $1.00
Future Possibilities
FAX
Specialty printers
– Printed card-stock front and back covers
– Hot tape binding
– Low cost
Future Possibilities
Using a messaging service
– Purpose: To inform users that . . .
Their account is empty
Their print job has just printed on printer xx
– Currently using e-mail and a printed
sheet for error messages
– Must be authenticated to avoid spam and
security issues
Demos and Questions