Accounting for Accounting for PrintingPrinting
and the Cornell Net-Print Serviceand the Cornell Net-Print Service
Who am I?Who am I?
Rick CochranRick Cochran– Cornell Information TechnologiesCornell Information Technologies
Systems & OperationsSystems & Operations– Designated ServicesDesignated Services
Cornell Physics ’71Cornell Physics ’71 Manager of the Research Computing Manager of the Research Computing
Facilities of the Cornell Center for Facilities of the Cornell Center for Materials Research for c. 20 yearsMaterials Research for c. 20 years– Included printer accountingIncluded printer accounting
Joined CIT as software developer for Joined CIT as software developer for Net-Print in 1998Net-Print in 1998
Road mapRoad map
The Cornell Net-Print Service – how The Cornell Net-Print Service – how we do printer accounting at Cornellwe do printer accounting at Cornell
Printer accounting philosophy and Printer accounting philosophy and decision makingdecision making
ChallengesChallenges Future PossibilitiesFuture Possibilities DemosDemos QuestionsQuestions
Net-Print: Non-technical Net-Print: Non-technical detailsdetails Started in 1996Started in 1996
– Laurie Collinsworth and Mike Hojnowski (design and coding)Laurie Collinsworth and Mike Hojnowski (design and coding)– Carrie Regenstein (politics)Carrie Regenstein (politics)– Student labor (coding)Student labor (coding)
Cornell has no central funding modelCornell has no central funding model– Printing allocations must be done on a per-department basisPrinting allocations must be done on a per-department basis– Students must be able to have multiple printing accountsStudents must be able to have multiple printing accounts– Net-Print must be fully cost-recoveredNet-Print must be fully cost-recovered
Originally developed for CIT student labsOriginally developed for CIT student labs Extended to departmental “Partner Labs”Extended to departmental “Partner Labs”
– The department buys and maintains their own printers and The department buys and maintains their own printers and suppliessupplies
– We do the authentication, print serving, page counting, We do the authentication, print serving, page counting, accounting, and billingaccounting, and billing
– We return 78% of the funds we collect for printing on the We return 78% of the funds we collect for printing on the department’s printers to the departmentdepartment’s printers to the department
– The “Hojnowski” effectThe “Hojnowski” effect You don’t want to be the last lab still offering free printingYou don’t want to be the last lab still offering free printing
Net-Print: Functional Net-Print: Functional diagramdiagram
CIT Student Lab
CIT Student Lab
Departmental Partner Lab
Departmental Partner Lab
Anywhere
Dorm room
Net-Print: Technical DetailsNet-Print: Technical Details
Spooler: LPRng (Spooler: LPRng (http://www.lprng.comhttp://www.lprng.com)) Database: MySQLDatabase: MySQL
– About 1.2GBAbout 1.2GB Server: IBM Power PC/AIXServer: IBM Power PC/AIX
– Moving to Opteron/Linux soonMoving to Opteron/Linux soon Development language: PerlDevelopment language: Perl
– c. 21k linesc. 21k lines Web server: ApacheWeb server: Apache
– CGICGI
Net-Print: Authentication Net-Print: Authentication methodsmethods MacOS X and Unix: LPRng Kerberized MacOS X and Unix: LPRng Kerberized
LPR protocolLPR protocol– CUPS backendCUPS backend– CUPS Printing Dialog Extension (PDE) for CUPS Printing Dialog Extension (PDE) for
MacOS XMacOS X Thanks to NCSU!Thanks to NCSU!
Windows: Sidecar - Cornell’s Kerberos Windows: Sidecar - Cornell’s Kerberos authentication schemeauthentication scheme– Protocol-independent, out-of-band, call-Protocol-independent, out-of-band, call-
back, Kerberos authentication methodback, Kerberos authentication method Workstation sends print job to serverWorkstation sends print job to server Server does call-back to Sidecar process on Server does call-back to Sidecar process on
workstation to get user’s Kerberos credentialsworkstation to get user’s Kerberos credentials
Net-Print: We are Net-Print: We are GreenGreen
Charging for printing is inherently Charging for printing is inherently greengreen– The Net-Print Service will print c. 8 million The Net-Print Service will print c. 8 million
pages this year – which is about 24 million pages this year – which is about 24 million pages less than would be printed if we were pages less than would be printed if we were not charging for printing.not charging for printing.
– That’s about 1,880 trees this year!That’s about 1,880 trees this year! Watermark alternative to banner pagesWatermark alternative to banner pages
– About 100 trees this year!About 100 trees this year! 100% recycled paper (in CIT Labs)100% recycled paper (in CIT Labs) Duplex printingDuplex printing
Net-Print: GrowthNet-Print: Growth
0
20
40
60
80
100
120
140
160
sprin
g-19
96
sum
mer-1
996
fall-1
996
sprin
g-19
97
sum
mer-1
997
fall-1
997
sprin
g-19
98
sum
mer-1
998
fall-1
998
sprin
g-19
99
sum
mer-1
999
fall-1
999
sprin
g-20
00
sum
mer-2
000
fall-2
000
sprin
g-20
01
sum
mer-2
001
fall-2
001
sprin
g-20
02
sum
mer-2
002
fall-2
002
sprin
g-20
03
sum
mer-2
003
fall-2
003
sprin
g-20
04
sum
mer-2
004
fall-2
004
sprin
g-20
05
Nu
mb
er
of
Pri
nte
rs
Net-Print: Printing HistoryNet-Print: Printing History
0.00
1.00
2.00
3.00
4.00
5.00
6.00
7.00
8.00
9.00
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
Fiscal Year
Mill
ion
s o
f Pa
ge
s P
rinte
d
Partner Labs
CIT Labs
Billing examples – April ‘05Billing examples – April ‘05
Bursar billingBursar billing– $117,153$117,153– 8,699 students8,699 students– $13.47 average$13.47 average
Department Account billingDepartment Account billing– $1,330$1,330
Course Account billingCourse Account billing– $14,521$14,521
Disbursement to Partner LabsDisbursement to Partner Labs– $55,581$55,581
Why Charge for Printing?Why Charge for Printing? Because you have to: Printer supply costs will Because you have to: Printer supply costs will
bankrupt youbankrupt you– Charging for printing is the only effective way to Charging for printing is the only effective way to
make a brain cell fire before someone pushes the make a brain cell fire before someone pushes the “print” button“print” button
To reduce usage of natural resourcesTo reduce usage of natural resources– Environmental awareness is becoming increasingly Environmental awareness is becoming increasingly
importantimportant To cover the cost of quality equipmentTo cover the cost of quality equipment
– Quality printersQuality printers– Color printersColor printers– Specialty printers (poster, etc.)Specialty printers (poster, etc.)– Printer maintenance contracts to make sure that Printer maintenance contracts to make sure that
the printers are actually workingthe printers are actually working
Why Not Charge for Why Not Charge for Printing?Printing? You will be placing yourself You will be placing yourself
between the user and their outputbetween the user and their output– Not comfortableNot comfortable
Page counting is complexPage counting is complex Students are cleverStudents are clever Accounting and billing are Accounting and billing are
complex and expensivecomplex and expensive
Why Not Charge for Why Not Charge for Printing?Printing? Refund processing is aggravatingRefund processing is aggravating
– Printing errors are often caused by the Printing errors are often caused by the user or the application – not the serviceuser or the application – not the service
– You will get weary of listening to excusesYou will get weary of listening to excuses ““Somebody else must have printed on my Somebody else must have printed on my
account”account” ““It never printed” (when you know it did)It never printed” (when you know it did) ““The printing system ate my homework”The printing system ate my homework”
Requires a lot of resources (staff, Requires a lot of resources (staff, technology, etc.)technology, etc.)
How does your institution How does your institution work?work? Is there a central funding model Is there a central funding model
which can be used to provide which can be used to provide students with printing allocations?students with printing allocations?– This determines how obsessive you This determines how obsessive you
need to be about page counting need to be about page counting accuracy, refunds, etc.accuracy, refunds, etc.
Is there a strong central IT authority?Is there a strong central IT authority?– This determines whether you can This determines whether you can
dictate client platforms, printer types, dictate client platforms, printer types, etc.etc.
Commercial or in-houseCommercial or in-house
Will a commercial package be Will a commercial package be flexible enough to meet your flexible enough to meet your institution’s and customers’ needs?institution’s and customers’ needs?– Multiple accounts per userMultiple accounts per user– A networked authentication solution A networked authentication solution
is more convenient for your users is more convenient for your users than a commercial “money card” or than a commercial “money card” or “release station” solution“release station” solution
Do you have the resources to build Do you have the resources to build and maintain an in-house solution?and maintain an in-house solution?
Client platformsClient platforms
Which ones to support?Which ones to support?– Windows (9X, ME, XP)Windows (9X, ME, XP)– MacOS XMacOS X– UnixUnix– We support Windows XP and MacOS We support Windows XP and MacOS
X officially, and Unix unofficiallyX officially, and Unix unofficially Single platform is simpler (but Single platform is simpler (but
less fun!)less fun!)
AuthenticationAuthentication
Not necessary with “money card” Not necessary with “money card” solutionsolution
Kerberos, LDAP, Active Directory, NDS, Kerberos, LDAP, Active Directory, NDS, PKIPKI
Things to authenticateThings to authenticate– PrintingPrinting
Windows (“login” or “share”)Windows (“login” or “share”) CustomCustom
– Web pages (signup, account management, Web pages (signup, account management, job management)job management)
AuthorizationAuthorization
Who is authorized toWho is authorized to– PrintPrint– Move or delete print jobsMove or delete print jobs– Submit refund requestsSubmit refund requests– Start or stop print queuesStart or stop print queues– View people’s printing and accounting logsView people’s printing and accounting logs– Add or remove print queuesAdd or remove print queues– Create, remove, or modify accountsCreate, remove, or modify accounts– Create, remove, or modify people’s Create, remove, or modify people’s
authorizationauthorization Roles: end user, operator, manager, etc.Roles: end user, operator, manager, etc.
Network printing protocolsNetwork printing protocols
Client to serverClient to server– SMB, LPR, IPPSMB, LPR, IPP
We use SMB and LPRWe use SMB and LPR
– Windows LPR implementation is Windows LPR implementation is flawedflawed ““Push” bits in TCP reduce throughputPush” bits in TCP reduce throughput
Server to printerServer to printer– LPR, IPP, App socket (port 9100)LPR, IPP, App socket (port 9100)
We use port 9100 because it’s simpler We use port 9100 because it’s simpler and bi-directional, but it has problems and bi-directional, but it has problems with Binary PostScriptwith Binary PostScript
Server architectureServer architecture
Central (simpler) or distributed Central (simpler) or distributed (scales better)(scales better)
Hardware and software platformHardware and software platform
Page countingPage counting
Software (on client or server)Software (on client or server)– Less accurate (assumes the job printed OK)Less accurate (assumes the job printed OK)– Requires more CPU resourcesRequires more CPU resources
Hardware (read the printer’s page Hardware (read the printer’s page counter)counter)– More accurateMore accurate– Delay between print jobsDelay between print jobs– Requires printer-dependent codeRequires printer-dependent code
Requires printer lockdownRequires printer lockdown– IP address restrictions to prevent IP address restrictions to prevent
circumvention of the printing systemcircumvention of the printing system
Page Description Languages Page Description Languages (PDLs)(PDLs) PostScriptPostScript
– Preferred by professionalsPreferred by professionals– The PostScript Printer Description (PPD) spec The PostScript Printer Description (PPD) spec
provides device-independent support for printer provides device-independent support for printer featuresfeatures
– Printers without licensed Adobe PostScript engines Printers without licensed Adobe PostScript engines (HP, Lexmark) may have problems printing (HP, Lexmark) may have problems printing documents generated by Adobe applicationsdocuments generated by Adobe applications
PCLPCL– Less problems printing Adobe documentsLess problems printing Adobe documents– Limited feature control at the server endLimited feature control at the server end
We require PostScriptWe require PostScript– The “watermark” alternative to banner pages is The “watermark” alternative to banner pages is
impossible to implement with PCLimpossible to implement with PCL
Printer monitoring and Printer monitoring and securitysecurity Printer lockdown requires setting and Printer lockdown requires setting and
monitoring printer parameters monitoring printer parameters – Anyone with physical access to the printer can re-Anyone with physical access to the printer can re-
configure itconfigure it Passwords are required to prevent tampering Passwords are required to prevent tampering
via the network (near and far)via the network (near and far) Vendor-supplied solutionsVendor-supplied solutions
– Lack functionality (printing or exporting data!)Lack functionality (printing or exporting data!)– Don’t support other vendors’ printers wellDon’t support other vendors’ printers well– Usually require Windows serversUsually require Windows servers– Are designed to look good in demos so thatAre designed to look good in demos so that
You will buy their printers, andYou will buy their printers, and You will buy their printing suppliesYou will buy their printing supplies
Banner pagesBanner pages
It’s important to separate print jobs and It’s important to separate print jobs and identify their ownersidentify their owners
Average job size = 4.8 pages waste Average job size = 4.8 pages waste 17% of paper17% of paper
Alternative: “watermark” at top of first Alternative: “watermark” at top of first page of outputpage of output– User-selectable (default is “watermark”)User-selectable (default is “watermark”)– Possible only with PostScriptPossible only with PostScript
Where are the costs?Where are the costs?
It’s not the paper!It’s not the paper!
Paper
Toner
Printers
ServersStaff
Overhead
AccountingAccounting Real-time vs. batchReal-time vs. batch Web interfaceWeb interface Types of accountsTypes of accounts
– Credit (unlimited, billed monthly)Credit (unlimited, billed monthly) BursarBursar DepartmentDepartment
– Debit (disallow printing when limit is reached)Debit (disallow printing when limit is reached) CashCash Credit card (pre-paid on-line)Credit card (pre-paid on-line) Course (allocated by student’s department)Course (allocated by student’s department)
AuthorizationAuthorization– Bursar billing eligibility feedBursar billing eligibility feed– Department accountDepartment account
Refund ProcessingRefund Processing Reasons for refundsReasons for refunds
– Printer failuresPrinter failures Toner outages, printer jams, etc.Toner outages, printer jams, etc.
– Configuration failuresConfiguration failures Binary PostScriptBinary PostScript
– Application failuresApplication failures Page selection in WordPage selection in Word
– User failuresUser failures Blank pages in Excel spreadsheets (record: 969!)Blank pages in Excel spreadsheets (record: 969!) Wrong Web “frame” activeWrong Web “frame” active Wanted “6-up” in PowerpointWanted “6-up” in Powerpoint Somebody else picked up the outputSomebody else picked up the output Forgot to log outForgot to log out You name itYou name it
Only the first category above is the “fault” of the Only the first category above is the “fault” of the printing service!printing service!
We grant refunds for all but “forgot to log out”We grant refunds for all but “forgot to log out”
Refund Processing (cont.)Refund Processing (cont.)
If you’re going to offer refunds, If you’re going to offer refunds, the process must be automatedthe process must be automated– Labor intensiveLabor intensive– You need to make sure that all You need to make sure that all
refund requests correspond to actual refund requests correspond to actual charges!charges!
– Logs and statistics are helpfulLogs and statistics are helpful For resolving disputesFor resolving disputes For determining systematic printing For determining systematic printing
problemsproblems
Refund processing (cont.)Refund processing (cont.)
0.00%
0.05%
0.10%
0.15%
0.20%
Paper
man
gled
Printe
d gib
berish
Toner p
roblem
Blank p
ages
Other
All Reas
ons
Reason for Refund
Pe
rce
nt
of
To
tal P
rin
tin
g
BillingBilling Bursar feedBursar feed Department account feedDepartment account feed Cash managementCash management
– SecuritySecurity– Requires audit trailRequires audit trail
Online credit cardOnline credit card– Use a service (eg. VeriSign) which Use a service (eg. VeriSign) which
insulates you from liabilitiesinsulates you from liabilities Billing reportsBilling reports
– Who printed how much on this accountWho printed how much on this account– We send report spreadsheets as e-mail We send report spreadsheets as e-mail
attachmentsattachments
Challenge - AuthenticationChallenge - Authentication
Sidecar is going awaySidecar is going away– Sidecar is a protocol-independent, Sidecar is a protocol-independent,
out-of-band, call-back, Kerberos out-of-band, call-back, Kerberos authentication schemeauthentication scheme
– Hence it has inherent vulnerabilities Hence it has inherent vulnerabilities (eg. with NATs)(eg. with NATs)
– We would like a Kerberized LPR (or We would like a Kerberized LPR (or other) protocol “port manager” for other) protocol “port manager” for Windows. Please email Windows. Please email [email protected]@cornell.edu if you have one! if you have one!
Challenge - Duplex page Challenge - Duplex page countingcounting Sheets vs. sides (impressions)Sheets vs. sides (impressions) Must charge about the same to print a given Must charge about the same to print a given
document duplexed as for simplexed (you save only document duplexed as for simplexed (you save only 1/3 cent per document page)1/3 cent per document page)
The SNMP page counters in Lexmark, HP, and Xerox The SNMP page counters in Lexmark, HP, and Xerox printers click twice for each duplex pageprinters click twice for each duplex page– A three page document costs $.30 simplexed and $.40 A three page document costs $.30 simplexed and $.40
duplexedduplexed Xerox Phaser job accounting (to the rescue!)Xerox Phaser job accounting (to the rescue!)
– Counts sheets and sidesCounts sheets and sides– Accessible via SNMPAccessible via SNMP
Misbehaved Microsoft appsMisbehaved Microsoft apps– IE, Word append a blank page when duplexing an odd IE, Word append a blank page when duplexing an odd
number of pages – defeating our sophisticated page number of pages – defeating our sophisticated page counting technologycounting technology
– We will document this and wait for Microsoft to fix itWe will document this and wait for Microsoft to fix it
Challenge - Binary Challenge - Binary PostScriptPostScript Generated by default by some apps – notably Generated by default by some apps – notably
Adobe Photoshop, Illustrator, and PagemakerAdobe Photoshop, Illustrator, and Pagemaker Advantage: Half as big as ASCII PostScriptAdvantage: Half as big as ASCII PostScript
– Example: 100MB vs 200MBExample: 100MB vs 200MB When sent via port 9100 causes printers to When sent via port 9100 causes printers to
spew many pages of gibberishspew many pages of gibberish Can be fixed by encoding with TBCPCan be fixed by encoding with TBCP
– Works fine for WindowsWorks fine for Windows– The MacOS X spooler won’t TBCP encode The MacOS X spooler won’t TBCP encode
Photoshop output.Photoshop output. Xerox Phaser printers may be able to deal Xerox Phaser printers may be able to deal
with Binary PostScript if the port 9100 “filter” with Binary PostScript if the port 9100 “filter” option is set to “none”option is set to “none”– Needs more researchNeeds more research
Future PossibilitiesFuture Possibilities
Charging by supply usage instead of by Charging by supply usage instead of by pagespages
– Single printer for both B/W and colorSingle printer for both B/W and color– Charges fairly for small vs. full-page imagesCharges fairly for small vs. full-page images– But: the customer doesn’t get to know their But: the customer doesn’t get to know their
charges in advancecharges in advance Sell “Printing plans” (like cell phone plans) ??Sell “Printing plans” (like cell phone plans) ??
Future PossibilitiesFuture Possibilities
Multiple printers per queue: Load Multiple printers per queue: Load balancingbalancing– Current job prints on whichever Current job prints on whichever
printer is working/not busyprinter is working/not busy– Resolves problems caused by long Resolves problems caused by long
jobs and broken printersjobs and broken printers– Might confuse students: “Where did Might confuse students: “Where did
my output go?”my output go?”
Future PossibilitiesFuture Possibilities
Multiple queues per printerMultiple queues per printer– Separate queues would reduce the Separate queues would reduce the
confusion involved in choosing confusion involved in choosing duplex or simplex printingduplex or simplex printing
– Separate queues would permit Separate queues would permit different charges for different mediadifferent charges for different media Color printer tray 1 - paper at $.25Color printer tray 1 - paper at $.25 Color printer tray 2 - transparency at Color printer tray 2 - transparency at
$1.00$1.00
Future PossibilitiesFuture Possibilities
FAXFAX Specialty printersSpecialty printers
– Printed card-stock front and back Printed card-stock front and back coverscovers
– Hot tape bindingHot tape binding– Low costLow cost
Future PossibilitiesFuture Possibilities
Using a messaging serviceUsing a messaging service– Purpose: To inform users that . . .Purpose: To inform users that . . .
Their account is emptyTheir account is empty Their print job has just printed on Their print job has just printed on
printer xxprinter xx
– Currently using e-mail and a printed Currently using e-mail and a printed sheet for error messagessheet for error messages
– Must be authenticated to avoid Must be authenticated to avoid spam and security issuesspam and security issues