Transcript
[ Music ]
>> Hi. I'm Todd Ritland,
AirPrint engineer
and the lead engineer
on iOS printing.
And this is Deploying
AirPrint in Enterprise.
AirPrint is Apple's
total printing solution.
It's a technology that helps you
to create full-quality
printed output without the need
to download or install drivers.
If you're an app developer
and want to add printing
to your app, see
developer.apple.com/airprint
for a previous talk I gave at
WWDC titled Advances in AirPrint
and download the sample
code to get started.
If you are a printer
manufacturer
or a print server
developer and wish
to license AirPrint
technology for your product,
to license AirPrint
technology for your product,
please email airprint@apple.com.
This talk will focus on
those who are responsible
for deploying AirPrint
and want to learn more
about all the enterprise
features
that make AirPrint work great
in enterprise environments.
Printing in enterprise has
many unique requirements.
Our enterprise customers
are dealing with a fleet
of printers, often
from many manufacturers
and with different features,
across floors of buildings
or across many different
buildings,
and in many locations.
These can be hugely
complex printers as well.
The network infrastructure
is often very complex.
Often they're wireless
and wired clients
and their network
structure may be unrelated
to the physical location
in a building.
IT departments also have
varying network requirements,
such as no access
to software update,
no multicast packet
traffic allowed,
and certain ports blocks, which
all have impact on printers.
and certain ports blocks, which
all have impact on printers.
Enterprise customers also may
have accounting requirements
since every page
printed costs money.
And of course security
requirements are essential
and are increasingly important
in enterprise printing.
The top requests we get from
enterprise are the ability
to create PDF and have more
paper-free workflows, security,
access control and accounting,
and better discovery
of printers.
So let's go into
what AirPrint offers
for each of these in detail.
First, create PDF
from the Print panel.
Mac OS has long had the ability
to get a PDF anywhere
you can print.
And now in iOS 10, all iOS
devices have this ability
as well and I'd like to
show you how this works.
Here we have an iPad running
iOS 10, and when I tap Print,
Here we have an iPad running
iOS 10, and when I tap Print,
I just pinch out with my two
fingers on the Print Preview.
And from here, I have a Share
button at the top corner.
Any app can accept PDFs will
appear under the Share menu,
as well as AirDrop and other
system-sharing options.
This also works with the Managed
Open In Enterprise feature
that keeps business items
and personal items separate.
On devices with 3D Touch, you
can alternatively use the Peek
and Pop gesture to
access this same view
from the Print Preview.
We think enterprise users will
love having this new paper-free
workflow on all of
their iOS devices.
Next onto a hugely
important topic, security.
AirPrint on iOS and Mac
OS support full end-to-end
encryption so your documents
are protected on the network.
AirPrint supports the latest
industry standard TLS 1.2
AirPrint supports the latest
industry standard TLS 1.2
encryption on top of HTTP.
This encryption technology
is a requirement
for all new AirPrint
printers and servers.
Next, for additional security,
many enterprise customers don't
want printed pages sitting
around in the output
bin of a printer,
where an unauthorized person
can pick it up and view it.
iOS and Mac OS support PIN
Release for printers and servers
that support it, where the user
will enter a PIN at the printer
to receive their output.
On iOS, when a PIN is required,
the Print panel has a
label explaining that.
And when the user taps
Print, an alert is displayed
with the PIN to release the job.
On Mac OS, the user can
type the PIN they want
to use to release the job.
Mac OS also supports
PIN when PIN is optional
and not required to print.
Next, Access Control
and Accounting.
AirPrint has always
supported printers and servers
that require authentication
with a username and password.
We store the username and
password entered in the keychain
so the user never has
to enter it again.
iOS 10 now supports
the ability to forget
that stored authentication
information to support workflows
where a different
user name is needed.
Also new this year is support
for password-only authentication
so printer can be protected
with just a simple
password, as shown here.
When an enterprise
needs to have billing
or account information
added to each print job,
iOS and Mac OS both support
printers and servers that take
that account information.
If the account information
is required for every job,
the user will be
required to enter
that information before
the job continues.
And iOS and Mac OS
support either optional
or required account
ID for print jobs,
and this is what the UI
looks like on Mac OS X.
Next, Better Discovery.
AirPrint has many supportive
ways to find and use printers.
The main method which
most people associate
with AirPrint is Local Bonjour.
There is no setup required.
The printer automatically
appears as an available printer
in the list without any setup.
AirPrint has also always
supported Wide-Area Bonjour.
Bonjour is based on
DNS Service Discovery.
And if a DNS server
is configured
with the correct records,
printers can be discovered
this way
and I'll go over how to do this.
Both iOS and Mac OS also now
support Mobile Device Management
or MDM profiles with a
configured AirPrint payload.
or MDM profiles with a
configured AirPrint payload.
And new in iOS 10, we have
AirPrint Bluetooth Beacons
as a way to discover
printers using Bluetooth
low-energy beacons.
Configuring a DNS server
to advertise AirPrint
printers is easy.
First, the configured DNS
server must be in the list
of DNS servers used
by the iOS devices
and Macs you want
printers to appear.
There are lots of ways to
manage which DNS servers
and search domains are used,
such as DHCP or MDM profiles.
And next you want to add A
or AAAA records to the name
of the printer and the printer
setup with a static IP address.
Add a PTR record for the
main IPPS service type
and one additional PTR record
for the universal subtype.
This is key for AirPrint
because AirPrint isn't just an
IPPS service.
It has a subtype of universal
and that's what iOS
devices and Mac search for.
You'll add a SRV record for
the service and than a TXT
or text record that
describes many capabilities
and information about
the printer.
It's super important to
find the TXT or text record
of the printer or server,
which can easily be accomplished
using the Command Line tool Mac
OS, dns-sd.
To use dns-sd to figure out the
records, just run this command
on the same subnet as the
printer you're setting up.
You run with the -Z option
to display the records
in zone file format and
you'll use the underscore tcp.
underscore ipps.service
type in the local domain,
like shown here in blue.
This is the output you'll get
for each printer that's
discovered locally.
These are almost the PTR, SRV,
and TXT records you'll need
to add to DNS server
with a couple additions.
to add to DNS server
with a couple additions.
The changes are highlighted
here in green.
As I mentioned, you'll add
an additional PTR record
for the universal subtype, like
this one on the second line.
You'll also replace the local
printer name in the SRV record
with the fully-qualified
domain name,
the A record I mentioned
earlier, and you'll also need
to replace any other instances
of the local Bonjour name
with this fully-qualified domain
name, like I have shown here
in green, with the
printer's administration URL.
If this isn't fixed, users
won't be able to use the button
in Mac OS that quickly
takes them
to the printer's admin webpage.
And so this is the text here
that could be copied right
into a zone file and a
printer will appear in the list
of printers for your users,
if they have this
DNS server configured
as one of their DNS servers.
So the key to setting up
Wide-Area Bonjour printers is
to get some help from the
dns-sd Command Line tool.
MDM profiles are very
popular and a super easy way
to configure printers
for your users.
The AirPrint payload can
be added to any profile
and that payload
consists of a host
or IP address and
a resource path.
The resource path is ipp/print
for most AirPrint printers,
and for an AirPrint server,
this will be the queue.
And the screenshot shown
here is Apple Configurator,
one of the most popular Mobile
Device Management tools.
Next we have a new
technology we're really excited
about that's new in iOS 10
and that's the AirPrint
Bluetooth Beacon.
So what is an AirPrint Bluetooth
Beacon, and how does it work?
Well, it can be configured
using one
of the many third-party
Bluetooth beacon devices
available on the market and
set next to or near a printer
or can it be built into the
printer itself using the
printer's built-in
radios and antennas.
And future AirPrint printers
will have this capability built
And future AirPrint printers
will have this capability built
right in.
What it does is beacon out
the connection information.
And if the iPhone can
reach that IP address,
the printer will be
accessible to send jobs to.
This is really powerful
because the network complexities
don't matter.
All that matters is that
the IP address is reachable.
This could even be a public
IP address on the Internet.
So long as the iOS device
is in Bluetooth range
and the IP address
is accessible,
the printer will show up
as an available printer
on the list for users.
And the AirPrint Beacon works
great with print servers too.
Here we have an AirPrint server
on the right, and each printer
on the network has an
AirPrint Bluetooth Beacon
which is advertising
the server's IP address
and the Queue ID
associated with that printer.
When the user prints, the
job goes to the print server
with the queue information, and
then the server sends the job
with the queue information, and
then the server sends the job
to the associated printer that
the user has chosen in the UI.
Let's go into detail about what
the AirPrint Bluetooth Beacon
format is so you can set
these up for your printers.
First, we have a header.
This is what identifies this BLE
beacon as an AirPrint Beacon.
It's the same for all
AirPrint Bluetooth Beacons,
so this can just be copied.
Next, we have the
connection information.
This tells whether the
IP address found later
in the beacon is an IPv4
address or an IPv6 address.
It also tells whether the
IP address is for a server
or identifies a printer
and this byte identifies
if the connection
must be TLS encrypted.
For this example, the
connection is TLS encrypted,
the IP address is
an IPv6 address,
and this is not a server.
See the specification
published on developer.apple.com
See the specification
published on developer.apple.com
for how this byte is set up.
Next we have a printer
ID if this job should go
to a print server or information
about the resource path
if this is directly
to a printer.
This printer has ipp/print
as the resource path.
Again, see the specification
published for more details
about specifying resource paths.
Next we have the port
for the connection;
631 is the standard IPP port.
Port 443 is often used for
TLS secure connections.
For this example, 277
is hexadecimal for 631,
which is the standard IPP port.
And next we have the IP address.
If you're using a non-updatable
external beacon for the printer,
make sure the printer
has a static IP address.
Otherwise, this IP in the
beacon will become stale
Otherwise, this IP in the
beacon will become stale
when the IP address changes.
And last, like iBeacon, we have
a measured signal strength value
at 1 meter.
This uses the same methodology
as Apple iBeacon measured power.
This gives the iOS
device better information
about the physical
distance of the printer.
For this example, the
transmission power was found
to be on average 64 decibels,
which is 40 in hexadecimal.
The format of the AirPrint
Bluetooth Beacon is somewhat
similar to iBeacon.
iBeacon format is
one byte shorter,
but the beginning
header is very similar.
If you're following setup
instructions for a device
with iBeacon technology,
you may be able to adjust
and use a similar setup for
the AirPrint Bluetooth Beacon,
and many manufacturers of
Bluetooth hardware have
or will have specific
AirPrint Bluetooth Beacon
setup procedures.
So for enterprise users, iOS
and Mac OS provides
many great technologies
to support PDF workflows for
an increasingly digital world.
And AirPrint provides great
security, access control,
accounting, and new
discovery technologies
to make printing great
in any environment.
And as always, let
us know your feedback
about what specific enterprise
needs are by submitting feedback
on apple.com/feedback.
For more information
about this presentation
and for referenced
specs, please check
out
developer.apple.com/wwdc16/725.
You may also want to
check out the What's New
in Apple Device Management
session in Nob Hill
at Wednesday 11:00 a.m. and also
Taking Core Location Indoors
in the Marina at
Wednesday at 3:15 p.m.