Accounting for Printing and the Cornell Net-Print Service.

Accounting for Accounting for PrintingPrinting

and the Cornell Net-Print Serviceand the Cornell Net-Print Service

Who am I?Who am I?

Rick CochranRick Cochran– Cornell Information TechnologiesCornell Information Technologies

Systems & OperationsSystems & Operations– Designated ServicesDesignated Services

Cornell Physics ’71Cornell Physics ’71 Manager of the Research Computing Manager of the Research Computing

Facilities of the Cornell Center for Facilities of the Cornell Center for Materials Research for c. 20 yearsMaterials Research for c. 20 years– Included printer accountingIncluded printer accounting

Joined CIT as software developer for Joined CIT as software developer for Net-Print in 1998Net-Print in 1998

Road mapRoad map

The Cornell Net-Print Service – how The Cornell Net-Print Service – how we do printer accounting at Cornellwe do printer accounting at Cornell

Printer accounting philosophy and Printer accounting philosophy and decision makingdecision making

ChallengesChallenges Future PossibilitiesFuture Possibilities DemosDemos QuestionsQuestions

The Cornell Net-Print The Cornell Net-Print ServiceService

How we do itHow we do it

Net-Print: Non-technical Net-Print: Non-technical detailsdetails Started in 1996Started in 1996

– Laurie Collinsworth and Mike Hojnowski (design and coding)Laurie Collinsworth and Mike Hojnowski (design and coding)– Carrie Regenstein (politics)Carrie Regenstein (politics)– Student labor (coding)Student labor (coding)

Cornell has no central funding modelCornell has no central funding model– Printing allocations must be done on a per-department basisPrinting allocations must be done on a per-department basis– Students must be able to have multiple printing accountsStudents must be able to have multiple printing accounts– Net-Print must be fully cost-recoveredNet-Print must be fully cost-recovered

Originally developed for CIT student labsOriginally developed for CIT student labs Extended to departmental “Partner Labs”Extended to departmental “Partner Labs”

– The department buys and maintains their own printers and The department buys and maintains their own printers and suppliessupplies

– We do the authentication, print serving, page counting, We do the authentication, print serving, page counting, accounting, and billingaccounting, and billing

– We return 78% of the funds we collect for printing on the We return 78% of the funds we collect for printing on the department’s printers to the departmentdepartment’s printers to the department

– The “Hojnowski” effectThe “Hojnowski” effect You don’t want to be the last lab still offering free printingYou don’t want to be the last lab still offering free printing

Net-Print: Functional Net-Print: Functional diagramdiagram

CIT Student Lab

CIT Student Lab

Departmental Partner Lab

Departmental Partner Lab

Anywhere

Dorm room

Net-Print: Technical DetailsNet-Print: Technical Details

Spooler: LPRng (Spooler: LPRng (http://www.lprng.comhttp://www.lprng.com)) Database: MySQLDatabase: MySQL

– About 1.2GBAbout 1.2GB Server: IBM Power PC/AIXServer: IBM Power PC/AIX

– Moving to Opteron/Linux soonMoving to Opteron/Linux soon Development language: PerlDevelopment language: Perl

– c. 21k linesc. 21k lines Web server: ApacheWeb server: Apache

– CGICGI

Net-Print: Authentication Net-Print: Authentication methodsmethods MacOS X and Unix: LPRng Kerberized MacOS X and Unix: LPRng Kerberized

LPR protocolLPR protocol– CUPS backendCUPS backend– CUPS Printing Dialog Extension (PDE) for CUPS Printing Dialog Extension (PDE) for

MacOS XMacOS X Thanks to NCSU!Thanks to NCSU!

Windows: Sidecar - Cornell’s Kerberos Windows: Sidecar - Cornell’s Kerberos authentication schemeauthentication scheme– Protocol-independent, out-of-band, call-Protocol-independent, out-of-band, call-

back, Kerberos authentication methodback, Kerberos authentication method Workstation sends print job to serverWorkstation sends print job to server Server does call-back to Sidecar process on Server does call-back to Sidecar process on

workstation to get user’s Kerberos credentialsworkstation to get user’s Kerberos credentials

Net-Print: We are Net-Print: We are GreenGreen

Charging for printing is inherently Charging for printing is inherently greengreen– The Net-Print Service will print c. 8 million The Net-Print Service will print c. 8 million

pages this year – which is about 24 million pages this year – which is about 24 million pages less than would be printed if we were pages less than would be printed if we were not charging for printing.not charging for printing.

– That’s about 1,880 trees this year!That’s about 1,880 trees this year! Watermark alternative to banner pagesWatermark alternative to banner pages

– About 100 trees this year!About 100 trees this year! 100% recycled paper (in CIT Labs)100% recycled paper (in CIT Labs) Duplex printingDuplex printing

Net-Print: GrowthNet-Print: Growth

0

20

40

60

80

100

120

140

160

sprin

g-19

96

sum

mer-1

996

fall-1

996

sprin

g-19

97

sum

mer-1

997

fall-1

997

sprin

g-19

98

sum

mer-1

998

fall-1

998

sprin

g-19

99

sum

mer-1

999

fall-1

999

sprin

g-20

00

sum

mer-2

000

fall-2

000

sprin

g-20

01

sum

mer-2

001

fall-2

001

sprin

g-20

02

sum

mer-2

002

fall-2

002

sprin

g-20

03

sum

mer-2

003

fall-2

003

sprin

g-20

04

sum

mer-2

004

fall-2

004

sprin

g-20

05

Nu

mb

er

of

Pri

nte

rs

Net-Print: Printing HistoryNet-Print: Printing History

0.00

1.00

2.00

3.00

4.00

5.00

6.00

7.00

8.00

9.00

1996

1997

1998

1999

2000

2001

2002

2003

2004

2005

Fiscal Year

Mill

ion

s o

f Pa

ge

s P

rinte

d

Partner Labs

CIT Labs

Billing examples – April ‘05Billing examples – April ‘05

Bursar billingBursar billing– $117,153$117,153– 8,699 students8,699 students– $13.47 average$13.47 average

Department Account billingDepartment Account billing– $1,330$1,330

Course Account billingCourse Account billing– $14,521$14,521

Disbursement to Partner LabsDisbursement to Partner Labs– $55,581$55,581

Printer accounting Printer accounting philosophy and decision philosophy and decision makingmaking

Why Charge for Printing?Why Charge for Printing? Because you have to: Printer supply costs will Because you have to: Printer supply costs will

bankrupt youbankrupt you– Charging for printing is the only effective way to Charging for printing is the only effective way to

make a brain cell fire before someone pushes the make a brain cell fire before someone pushes the “print” button“print” button

To reduce usage of natural resourcesTo reduce usage of natural resources– Environmental awareness is becoming increasingly Environmental awareness is becoming increasingly

importantimportant To cover the cost of quality equipmentTo cover the cost of quality equipment

– Quality printersQuality printers– Color printersColor printers– Specialty printers (poster, etc.)Specialty printers (poster, etc.)– Printer maintenance contracts to make sure that Printer maintenance contracts to make sure that

the printers are actually workingthe printers are actually working

Why Not Charge for Why Not Charge for Printing?Printing? You will be placing yourself You will be placing yourself

between the user and their outputbetween the user and their output– Not comfortableNot comfortable

Page counting is complexPage counting is complex Students are cleverStudents are clever Accounting and billing are Accounting and billing are

complex and expensivecomplex and expensive

Why Not Charge for Why Not Charge for Printing?Printing? Refund processing is aggravatingRefund processing is aggravating

– Printing errors are often caused by the Printing errors are often caused by the user or the application – not the serviceuser or the application – not the service

– You will get weary of listening to excusesYou will get weary of listening to excuses ““Somebody else must have printed on my Somebody else must have printed on my

account”account” ““It never printed” (when you know it did)It never printed” (when you know it did) ““The printing system ate my homework”The printing system ate my homework”

Requires a lot of resources (staff, Requires a lot of resources (staff, technology, etc.)technology, etc.)

How does your institution How does your institution work?work? Is there a central funding model Is there a central funding model

which can be used to provide which can be used to provide students with printing allocations?students with printing allocations?– This determines how obsessive you This determines how obsessive you

need to be about page counting need to be about page counting accuracy, refunds, etc.accuracy, refunds, etc.

Is there a strong central IT authority?Is there a strong central IT authority?– This determines whether you can This determines whether you can

dictate client platforms, printer types, dictate client platforms, printer types, etc.etc.

Commercial or in-houseCommercial or in-house

Will a commercial package be Will a commercial package be flexible enough to meet your flexible enough to meet your institution’s and customers’ needs?institution’s and customers’ needs?– Multiple accounts per userMultiple accounts per user– A networked authentication solution A networked authentication solution

is more convenient for your users is more convenient for your users than a commercial “money card” or than a commercial “money card” or “release station” solution“release station” solution

Do you have the resources to build Do you have the resources to build and maintain an in-house solution?and maintain an in-house solution?

Client platformsClient platforms

Which ones to support?Which ones to support?– Windows (9X, ME, XP)Windows (9X, ME, XP)– MacOS XMacOS X– UnixUnix– We support Windows XP and MacOS We support Windows XP and MacOS

X officially, and Unix unofficiallyX officially, and Unix unofficially Single platform is simpler (but Single platform is simpler (but

less fun!)less fun!)

AuthenticationAuthentication

Not necessary with “money card” Not necessary with “money card” solutionsolution

Kerberos, LDAP, Active Directory, NDS, Kerberos, LDAP, Active Directory, NDS, PKIPKI

Things to authenticateThings to authenticate– PrintingPrinting

Windows (“login” or “share”)Windows (“login” or “share”) CustomCustom

– Web pages (signup, account management, Web pages (signup, account management, job management)job management)

AuthorizationAuthorization

Who is authorized toWho is authorized to– PrintPrint– Move or delete print jobsMove or delete print jobs– Submit refund requestsSubmit refund requests– Start or stop print queuesStart or stop print queues– View people’s printing and accounting logsView people’s printing and accounting logs– Add or remove print queuesAdd or remove print queues– Create, remove, or modify accountsCreate, remove, or modify accounts– Create, remove, or modify people’s Create, remove, or modify people’s

authorizationauthorization Roles: end user, operator, manager, etc.Roles: end user, operator, manager, etc.

Network printing protocolsNetwork printing protocols

Client to serverClient to server– SMB, LPR, IPPSMB, LPR, IPP

We use SMB and LPRWe use SMB and LPR

– Windows LPR implementation is Windows LPR implementation is flawedflawed ““Push” bits in TCP reduce throughputPush” bits in TCP reduce throughput

Server to printerServer to printer– LPR, IPP, App socket (port 9100)LPR, IPP, App socket (port 9100)

We use port 9100 because it’s simpler We use port 9100 because it’s simpler and bi-directional, but it has problems and bi-directional, but it has problems with Binary PostScriptwith Binary PostScript

Server architectureServer architecture

Central (simpler) or distributed Central (simpler) or distributed (scales better)(scales better)

Hardware and software platformHardware and software platform

Page countingPage counting

Software (on client or server)Software (on client or server)– Less accurate (assumes the job printed OK)Less accurate (assumes the job printed OK)– Requires more CPU resourcesRequires more CPU resources

Hardware (read the printer’s page Hardware (read the printer’s page counter)counter)– More accurateMore accurate– Delay between print jobsDelay between print jobs– Requires printer-dependent codeRequires printer-dependent code

Requires printer lockdownRequires printer lockdown– IP address restrictions to prevent IP address restrictions to prevent

circumvention of the printing systemcircumvention of the printing system

Page Description Languages Page Description Languages (PDLs)(PDLs) PostScriptPostScript

– Preferred by professionalsPreferred by professionals– The PostScript Printer Description (PPD) spec The PostScript Printer Description (PPD) spec

provides device-independent support for printer provides device-independent support for printer featuresfeatures

– Printers without licensed Adobe PostScript engines Printers without licensed Adobe PostScript engines (HP, Lexmark) may have problems printing (HP, Lexmark) may have problems printing documents generated by Adobe applicationsdocuments generated by Adobe applications

PCLPCL– Less problems printing Adobe documentsLess problems printing Adobe documents– Limited feature control at the server endLimited feature control at the server end

We require PostScriptWe require PostScript– The “watermark” alternative to banner pages is The “watermark” alternative to banner pages is

impossible to implement with PCLimpossible to implement with PCL

Printer monitoring and Printer monitoring and securitysecurity Printer lockdown requires setting and Printer lockdown requires setting and

monitoring printer parameters monitoring printer parameters – Anyone with physical access to the printer can re-Anyone with physical access to the printer can re-

configure itconfigure it Passwords are required to prevent tampering Passwords are required to prevent tampering

via the network (near and far)via the network (near and far) Vendor-supplied solutionsVendor-supplied solutions

– Lack functionality (printing or exporting data!)Lack functionality (printing or exporting data!)– Don’t support other vendors’ printers wellDon’t support other vendors’ printers well– Usually require Windows serversUsually require Windows servers– Are designed to look good in demos so thatAre designed to look good in demos so that

You will buy their printers, andYou will buy their printers, and You will buy their printing suppliesYou will buy their printing supplies

Banner pagesBanner pages

It’s important to separate print jobs and It’s important to separate print jobs and identify their ownersidentify their owners

Average job size = 4.8 pages waste Average job size = 4.8 pages waste 17% of paper17% of paper

Alternative: “watermark” at top of first Alternative: “watermark” at top of first page of outputpage of output– User-selectable (default is “watermark”)User-selectable (default is “watermark”)– Possible only with PostScriptPossible only with PostScript

Where are the costs?Where are the costs?

It’s not the paper!It’s not the paper!

Paper

Toner

Printers

ServersStaff

Overhead

AccountingAccounting Real-time vs. batchReal-time vs. batch Web interfaceWeb interface Types of accountsTypes of accounts

– Credit (unlimited, billed monthly)Credit (unlimited, billed monthly) BursarBursar DepartmentDepartment

– Debit (disallow printing when limit is reached)Debit (disallow printing when limit is reached) CashCash Credit card (pre-paid on-line)Credit card (pre-paid on-line) Course (allocated by student’s department)Course (allocated by student’s department)

AuthorizationAuthorization– Bursar billing eligibility feedBursar billing eligibility feed– Department accountDepartment account

Refund ProcessingRefund Processing Reasons for refundsReasons for refunds

– Printer failuresPrinter failures Toner outages, printer jams, etc.Toner outages, printer jams, etc.

– Configuration failuresConfiguration failures Binary PostScriptBinary PostScript

– Application failuresApplication failures Page selection in WordPage selection in Word

– User failuresUser failures Blank pages in Excel spreadsheets (record: 969!)Blank pages in Excel spreadsheets (record: 969!) Wrong Web “frame” activeWrong Web “frame” active Wanted “6-up” in PowerpointWanted “6-up” in Powerpoint Somebody else picked up the outputSomebody else picked up the output Forgot to log outForgot to log out You name itYou name it

Only the first category above is the “fault” of the Only the first category above is the “fault” of the printing service!printing service!

We grant refunds for all but “forgot to log out”We grant refunds for all but “forgot to log out”

Refund Processing (cont.)Refund Processing (cont.)

If you’re going to offer refunds, If you’re going to offer refunds, the process must be automatedthe process must be automated– Labor intensiveLabor intensive– You need to make sure that all You need to make sure that all

refund requests correspond to actual refund requests correspond to actual charges!charges!

– Logs and statistics are helpfulLogs and statistics are helpful For resolving disputesFor resolving disputes For determining systematic printing For determining systematic printing

problemsproblems

Refund processing (cont.)Refund processing (cont.)

0.00%

0.05%

0.10%

0.15%

0.20%

Paper

man

gled

Printe

d gib

berish

Toner p

roblem

Blank p

ages

Other

All Reas

ons

Reason for Refund

Pe

rce

nt

of

To

tal P

rin

tin

g

BillingBilling Bursar feedBursar feed Department account feedDepartment account feed Cash managementCash management

– SecuritySecurity– Requires audit trailRequires audit trail

Online credit cardOnline credit card– Use a service (eg. VeriSign) which Use a service (eg. VeriSign) which

insulates you from liabilitiesinsulates you from liabilities Billing reportsBilling reports

– Who printed how much on this accountWho printed how much on this account– We send report spreadsheets as e-mail We send report spreadsheets as e-mail

attachmentsattachments

ChallengesChallenges

Challenge - AuthenticationChallenge - Authentication

Sidecar is going awaySidecar is going away– Sidecar is a protocol-independent, Sidecar is a protocol-independent,

out-of-band, call-back, Kerberos out-of-band, call-back, Kerberos authentication schemeauthentication scheme

– Hence it has inherent vulnerabilities Hence it has inherent vulnerabilities (eg. with NATs)(eg. with NATs)

– We would like a Kerberized LPR (or We would like a Kerberized LPR (or other) protocol “port manager” for other) protocol “port manager” for Windows. Please email Windows. Please email [email protected]@cornell.edu if you have one! if you have one!

Challenge - Duplex page Challenge - Duplex page countingcounting Sheets vs. sides (impressions)Sheets vs. sides (impressions) Must charge about the same to print a given Must charge about the same to print a given

document duplexed as for simplexed (you save only document duplexed as for simplexed (you save only 1/3 cent per document page)1/3 cent per document page)

The SNMP page counters in Lexmark, HP, and Xerox The SNMP page counters in Lexmark, HP, and Xerox printers click twice for each duplex pageprinters click twice for each duplex page– A three page document costs $.30 simplexed and $.40 A three page document costs $.30 simplexed and $.40

duplexedduplexed Xerox Phaser job accounting (to the rescue!)Xerox Phaser job accounting (to the rescue!)

– Counts sheets and sidesCounts sheets and sides– Accessible via SNMPAccessible via SNMP

Misbehaved Microsoft appsMisbehaved Microsoft apps– IE, Word append a blank page when duplexing an odd IE, Word append a blank page when duplexing an odd

number of pages – defeating our sophisticated page number of pages – defeating our sophisticated page counting technologycounting technology

– We will document this and wait for Microsoft to fix itWe will document this and wait for Microsoft to fix it

Challenge - Binary Challenge - Binary PostScriptPostScript Generated by default by some apps – notably Generated by default by some apps – notably

Adobe Photoshop, Illustrator, and PagemakerAdobe Photoshop, Illustrator, and Pagemaker Advantage: Half as big as ASCII PostScriptAdvantage: Half as big as ASCII PostScript

– Example: 100MB vs 200MBExample: 100MB vs 200MB When sent via port 9100 causes printers to When sent via port 9100 causes printers to

spew many pages of gibberishspew many pages of gibberish Can be fixed by encoding with TBCPCan be fixed by encoding with TBCP

– Works fine for WindowsWorks fine for Windows– The MacOS X spooler won’t TBCP encode The MacOS X spooler won’t TBCP encode

Photoshop output.Photoshop output. Xerox Phaser printers may be able to deal Xerox Phaser printers may be able to deal

with Binary PostScript if the port 9100 “filter” with Binary PostScript if the port 9100 “filter” option is set to “none”option is set to “none”– Needs more researchNeeds more research

Future PossibilitiesFuture Possibilities


Charging by supply usage instead of by Charging by supply usage instead of by pagespages

– Single printer for both B/W and colorSingle printer for both B/W and color– Charges fairly for small vs. full-page imagesCharges fairly for small vs. full-page images– But: the customer doesn’t get to know their But: the customer doesn’t get to know their

charges in advancecharges in advance Sell “Printing plans” (like cell phone plans) ??Sell “Printing plans” (like cell phone plans) ??


Multiple printers per queue: Load Multiple printers per queue: Load balancingbalancing– Current job prints on whichever Current job prints on whichever

printer is working/not busyprinter is working/not busy– Resolves problems caused by long Resolves problems caused by long

jobs and broken printersjobs and broken printers– Might confuse students: “Where did Might confuse students: “Where did

my output go?”my output go?”


Multiple queues per printerMultiple queues per printer– Separate queues would reduce the Separate queues would reduce the

confusion involved in choosing confusion involved in choosing duplex or simplex printingduplex or simplex printing

– Separate queues would permit Separate queues would permit different charges for different mediadifferent charges for different media Color printer tray 1 - paper at $.25Color printer tray 1 - paper at $.25 Color printer tray 2 - transparency at Color printer tray 2 - transparency at

$1.00$1.00


FAXFAX Specialty printersSpecialty printers

– Printed card-stock front and back Printed card-stock front and back coverscovers

– Hot tape bindingHot tape binding– Low costLow cost


Using a messaging serviceUsing a messaging service– Purpose: To inform users that . . .Purpose: To inform users that . . .

Their account is emptyTheir account is empty Their print job has just printed on Their print job has just printed on

printer xxprinter xx

– Currently using e-mail and a printed Currently using e-mail and a printed sheet for error messagessheet for error messages

– Must be authenticated to avoid Must be authenticated to avoid spam and security issuesspam and security issues

Demos and QuestionsDemos and Questions

Accounting for Printing and the Cornell Net-Print Service.

Documents

Transcript of Accounting for Printing and the Cornell Net-Print Service.