The role of Control Center is to define Web Printing users and to host their solution files.
When a Web Printing user logs in to the server, the application (solution) runs using the NiceLabel Web Client application.
Tip
You can print solution files (.nsln) and label files (.nlbl) with the Web Printing application. If you print label files (.nlbl), NiceLabel creates a predefined printing form.
Typically, Web Printing users print labels that contain variable data. The selected label template takes the provided data and displays the label preview in a printing form. Labels print with the selected data. The data usually originates from a Microsoft SQL database hosted within the company’s information infrastructure.
Note
The data source is not limited to Microsoft SQL. Data can be stored using any type of database.
The application running in Web Client doesn’t communicate directly with the database. All communication is channeled through the Web Printing site on the server. When a database record is required, the application sends a request to the Web Printing site, which redirects it to the database server. The response travels in the opposite direction. In the same way, the Web Printing site records print events and stores the data in a database.
Note
Web Printing can access 32-bit databases even if the Web Printing site runs under 64 bits. Web Printing works with 32-bit databases via Web Printing proxy service.
Depending on the architecture of the solution as well as on the hardware being used, the server components (NiceLabel Control Center, Web Printing site, and Microsoft SQL Server) can all be installed on the same computer or on separate systems.
Note
Web Printing and Control Center must be installed on the same computer.
Installation options depend on a number of factors, such as:
Can you allow the Web Printing application to be installed as a part of the corporate information infrastructure at all? If the company policy prevents you from any local installation, Web Printing will be hosted outside the company network. In this case, the relevant databases (those which are used for label printing) are copied into the hosted environment.
Does the company infrastructure support the installation of server components on dedicated servers?
Who are the Web Printing users that are connecting to the server? Can you trust these users by default (e.g., are they domain users, or company staff) or are they external users connecting to the server using an Internet connection?
Can the existing Microsoft SQL server be used for Web Printing data or do you need to use a new Microsoft SQL server?
Do you plan to allow Web Printing to connect to the company’s database? If not, the existing data must be offloaded to a dedicated Microsoft SQL server. You will have to make sure the databases are synchronized.
This section gives recommendations on how to protect the connecting users and the integrity of data and infrastructure.
In most cases, your Web Printing site will allow external users to connect and print labels, so it will be exposed to the Internet. You don’t want to reveal any confidential information to unwanted users. With security taken as the highest priority, the application must be reliable and trustworthy, minimizing the risk of security breaches. The Web Printing site encrypts important configuration data on the disk and secures the communication to the application running in the browser.
However, it’s not just how the Web Printing product was developed and tested but also how you install it and place it into action.
Best security practices:
Regularly install security updates from Microsoft Windows Update. Updates for the IIS are particularly important because you expose the Web Printing site to the Internet.
Set up a firewall/proxy. Only open the services/ports which must be opened to the public, such as port 80 for IIS.
Limit access privileges to the Documents storage in Control Center. This is a WebDAV-based file repository running on the same server as NiceLabel Control Center. It hosts the solution files. By default, anybody can access Documents storage at
\\server@8080\DavWWWRootLimit the SQL user permissions. Microsoft SQL Server user account that the Web Printing site will use to connect to the database should have access to the Control Center database (NiceAN by default) only. If somebody gains access to the Microsoft SQL Server, it will be limited to the database, and other parts of the Microsoft SQL Server will not be reachable by this user's privileges.
Enable user authentication for Control Center. Only allow a login for trustworthy administrative users. By default, anybody that connects has administrative privileges.
Set up the Web Printing site to be accessible over a secure link only. Enable the HTTPS/SSL protocol so that nobody can eavesdrop on the communication between the user and the server. For more details, see the chapter Installing Web Printing Site with HTTPS/SSL Support.
SCENARIO |
DESCRIPTION |
All server components are installed on the same server |
In this case you either:
|
Control Center and Web Printing site installed on the same server, Microsoft SQL installed on a separate server |
In this case, the Microsoft SQL server is installed on a separate server. This can either be an existing Microsoft SQL server which already hosts some databases, or a new server. You expect a busy web server and/or Microsoft SQL server, and plan to use dedicated machines for web and data processing. Enable firewall/proxy rules so both servers can see each other. Control Center must have access to the Microsoft SQL server (Windows authentication, local Control Center Windows users (EPM_USER, EPM_DBADMIN) are created on the server where Microsoft SQL Server is installed) |