A Network Load Balancer helps to effectively spread the load of incoming print requests across all print servers that sit behind the load balancer. This provides two benefits:
- Benefit 1: SysAdmins can easily increase load capabilities simply by adding print servers.
- Benefit 2: If one of the print servers behind a load balancer fails, users can still print because their print jobs are redirected to the remaining active print servers.
Requirements for load balancing with Mobility Print
In order for Mobility Print to work behind a network load balancer, you need to configure all the Mobility Print servers behind the load balancer to:
- Avoid duplicate printers in the PaperCut NG/MF Admin Interface by configuring all the Mobility Print servers to register their print queues with the same server name.
- Direct users to the address of the load balancer, instead of its own address.
- Configure each Mobility Print Server to use the same JSON Web Token (JWT) key, which is used to authenticate print jobs.
- Configure all the Mobility Print servers to host all the same print queues. Thankfully there are easy methods to migrate print queues from one Windows server to another, and this could be automated with scheduled tasks and PrintBRM.exe
Avoid duplicate printers in PaperCut NG/MF
Do this step before installing print queues on new Mobility Print servers
- Choose the server name under which all the print queues should be registered. If you already configured all your print queues for a production server, then potentially use the same name for the other servers. Alternatively, use a more generic name to not confuse future admins. NOTE, if you use a new name, then you will see new printers in PaperCut NG/MF and you will have to configure your Find Me printing again.
- To duplicate the server name to all your print servers, set the following keys in
[app-path]\providers\print\win\print-provider.conf
:MakeJobIdUniqueToPrintProviderInstallation=true
ServerName=your-server-name-goes-here
- Restart the Print Provider
Network load balancer considerations
Affinity
To avoid user sessions to Mobility Print from flipping between back-end Mobility Print Servers behind a Network Load Balancer affinity should be configured on the Network Load Balancer.
Ensuring that affinity is configured will help to avoid issues such as IPP requests from macOS or Linux devices flipping between servers which otherwise could potentially overwrite existing jobs in flight with the same IS.
Header based affinity using an “Authorization” header is probably sufficient, or if you can guarantee that all users are NOT connecting from behind a NAT then IP based affinity could be used.
Health checks
A suitable endpoint for health checking the Mobility Print server is path /health
from server version 1.0.3400 and above, alternatively /login/
(the admin UI login page). It is a regular page that responds with HTTP 200.
To configure the Mobility Print servers
- Make a copy of the
auth.jwt.key
file from one of the Mobility Print servers. This file is in the[Mobility Print install folder]\data\config
folder. It will be copied to all the other servers so they use this token as well. - Then on each of the other Mobility Print servers perform these steps:
- Stop the Mobility Print Services on each Mobility Print server.
- Navigate to
[Mobility Print install folder]\data\config\
and rename theauth.jwt.key
file toauth.jwt.key_old.
- Copy the
auth.jwt.key
from step 1 into the [Mobility Print install folder]\data\config\
folder on each Mobility Print server. - In the same folder on each Mobility Print server open the file
dns.conf.toml
with a text editor like Notepad. - Edit the line
Accessible IP=“ ”
to put the IP address of the Network Load Balancer in between the quotation marks. - If required to present a different port other than the default 9164 (eg. 443) Find the entry
AccessibleHTTPSPort
and set it to a desired value. - Save the file.
- Restart the Mobility Print Services on each Mobility Print server.
- Windows users may need to re-add Mobility Print queues to their workstations, as their tokens will now likely be invalid.
- Test. The clients should now be able to successfully deliver print jobs to all print servers behind the Network Load Balancer.
Listen ports
Typically, the Mobility Print server would not be directly accessible. The Load Balancer exposes only standard ports (e.g. 443) (this is generally a hard requirement with Cloud providers).
The Mobility Print server allows you to customize the port on which it is accessible externally either by changing its listening port or by presenting its client links using another port such as 443 rather than the default 9164 while continuing to listen on 9164.
- If the Mobility Print server’s HTTPS accessible port needs to be changed, such as with HTTP / L7 load balancer; it can be set via the AccessibleHTTPSPort config entry in
data/config/dns.conf.toml
as shown in the configuration section above. - If the Mobility Print server’s listen port(s) need to be changed, such as with a non-proxying (forwarding) network / TCP / L4 load balancer; they can be changed in the config file found in
[Mobility Print install folder]
In pc-mobility-print.conf
, the section:
"Services": [
{
"Path": "v*/mobility-print",
"Args": ["-dataDir=${ServiceRoot}/data", "-pclog.dev", "-features=\"fullIPPLogging\""],
"GracefulShutdownTimeoutSecs": 10,
"RestartDelaySecs": 5,
"MaxCrashCount": 10
}
],
can have additional Args added to specify the ports, like:
"Services": [
{
"Path": "v*/mobility-print",
"Args": ["-dataDir=${ServiceRoot}/data", "-pclog.dev", "-features=\"fullIPPLogging\"", "-httpPort=80", "-httpsPort=443"],
"GracefulShutdownTimeoutSecs": 10,
"RestartDelaySecs": 5,
"MaxCrashCount": 10
}
],
Save the changes and restart the Mobility service. After applying either port change method and once the configuration takes effect, visiting end-user device /setup
pages will now allow discovery and printing to happen using a different port.
Note that with individual clients there may be slight differences between managed and BYOD deployments that may require further configuration.
Managed Chrome clients
If using managed Chrome client configuration, the following settings are relevant:
- If also using Print Deploy,
PrintDeployServerHosts
should include load balancer hostname (only) for the Print Deploy server, e.g. pd.example.org , andAccessiblePrintDeployTLSPort
should be the port, e.g. 443. - Otherwise,
MobilityPrintServerHosts
should include the load balancer address for the Mobility Print server, e.g.https://mp.example.org:443
.
StrictSSLCheckingEnabled
can be set to true when using CA-signed certificates to ensure that native TLS is used (instead of encrypted HTTP).
App Server connection
By default, the Mobility Print server will look at print-provider.conf
to determine the connection details for the App Server. If the App Server is also behind a load balancer relative to the Mobility Print server (needed to target the active instance in an active/passive HA failover setup), then the load balancer’s hostname and port should be added to data/config/papercut-server.conf
.
e.g.
ApplicationServer=app.example.org
ApplicationServerPort=80
Note that ApplicationServerPort
may be set to 80 for older installations. PaperCut NG/MF Print Provider versions prior to 23.0 only support HTTP - the Mobility Print Server will special-case this and use 443 when connecting.
See Also
For more information, check out the Network Load Balancing page.
Comments