How Does Zeno’s RemoteManagementSystem (RMS) Work?

May 27, 2015
Jamie

The past couple of weeks, we’ve talked about What Can Managed Print Solutions Do For Your Business? and What is RemoteManagementSystem (RMS)? and today we’re discussing how it works, concerns about security and how it can help your business. LINKS

Microsoft Word - FM Audit White Paper2013.docx

How It Works
The application identifies networked printers, copiers, and MFPs using the Simple Network Management Protocol (SNMP), an application layer protocol that facilitates the exchange of Management Information Base (MIB) between networked devices. A MIB is a collection of hierarchically organized characteristics of a managed device comprised of one or more object instances, which are essentially values. An object ID uniquely identifies a managed object in the MIB and extracts meter values, supply levels, and service error codes from the device and securely transmits it via an encoded XML stream.

In short, the application resides on a server or a workstation, looks at a set IP range of devices and uses SNMP to pull the metrics into a single encrypted file and sends that data to Zeno Imaging.

Requirements
The devices must have SNMP protocol enabled; therefore, a network using the TCP/IP protocol which allows communication via the SNMP port 161 is a base requirement. By default the “public” SNMP community name is used, but may be modified to support your environment. The target devices must reply to a ping from the install location so that communication won’t be blocked during an audit.

Zeno’s RMS will run in the background as a Windows Service called “FMAudit Onsite”. This application may be run on any modern Windows operating system (in 32 and 64 bit modes) including: Windows 2000, XP, Vista, 7, Server 2003, 2008 and 2008 R2. Further details may be found here under the “Onsite” portion: http://help.fmaudit.com/fmac/sysreq.html

Security Concerns
Although SNMP commands support both read and write operations, the application can only read information and cannot modify any device settings. The software allows audit information to be sent from the network as an attachment to an email (default port 25) or an XML stream (default port 80). By default this information is securely encrypted, and requires a user and pass authentication. Only the information which is extracted during an audit may be saved or transferred to our server. Confidential data files from the end-users cannot be viewed or saved.

Though the main viewer page displays in web page fashion, it does not communicate over the internet except for obtaining a license. The application has been digitally signed to prevent virus execution.

WAN and Network Traffic
We use a default timeout setting of 1000ms. Using unicast settings, each IP within the range will be queried and if no response is received within 1 second, a timeout will occur. Depending on the amount of traffic and latency, the timeout may need to be adjusted.

The audits use an intelligent system that extracts minimal information for each print device and sends only the relevant queries no more than a few kb in size. To further reduce bandwidth use during an audit, we communicate with no more than 20 devices at a single time. The amount of network traffic at any given time is minimal as a result.

HIPAA Compliance
This application is fully compliant with HIPAA regulations as it does not store, process, monitor or manage any patient records or any records or information that is specific to any one patient or group of patients. The product only reports the usage counts (meter readings) and status of print devices on the network. It does not communicate any information about specific print jobs.

The software cannot in any way be configured to perform a task beyond the ones for which it was designed. All communication originates with this application and there is no way to contact and access the software from outside the network. The communication outside the network uses a proprietary, compressed data stream and is sent using industry standard SSL over HTTPS. No patient information ever leaves the network via this application.

Communication
SNMP versions v1 and v2 are supported. This communication will occur across port 80 by default. The application works with Internet proxies which can be configured using Internet Explorer settings.

Firewalls and other network hardware may prevent or limit the discovery of the network configuration. Networks with multiple physical locations typically have firewalls in between each LAN and the public via a WAN. The network IP ranges (segments) may be manually added to the RMS, with the minimum requirement that the devices can be pinged from the installed location.

Zeno’s Managed Print Services offering provides our customers with the workload reduction, increase in efficiency, and cost-savings they need to reach their organizational objectives. There is no customer too small. Every client can benefit from the ability to manage their printing through an MPS partnership with Zeno Imaging! For more information on our solutions or to schedule an MPS appointment for your client, email Ric Torres at rtorres@zenoimaging.com.