Managing configurations

A configuration is a collection of settings that can be assigned to a device or a group of devices of the same model. You can perform a conformance check to make sure that a device or a group of devices is compliant with a configuration. If the device does not conform with the configuration, then you can enforce the configuration on the device or group of devices.

Creating a configuration

Note: You can manage security settings only when creating a configuration from a selected device. For more information, see Creating a configuration from a device.

  1. From the Configurations tab, click Configurations > the plus icon, and then assign a unique name for the configuration.

  2. Select a device, and then click OK.

  3. From the Device Settings tab, select a configuration type, and then do either of the following:

    • Select one or more settings, and then specify the values.

    • To apply variable settings, do the following:

      1. From the Variable Setting Data File menu, select a file. If necessary, click Import, and then browse to the CSV file.

        Note: Changing the file may affect the device settings that are using variables.

      2. Select a setting, and then type the variable in the setting field.

        For example, type ${Contact_Name} in the Contact Name field, where ${Contact_Name} is the variable that represents the Contact_Name token defined in the CSV file. When the configuration is enforced, the variable is replaced with its corresponding value.

        Note: Tokens are case sensitive. For more information, see Understanding variable settings.

  4. From the Firmware tab, select a transfer method, and then select a firmware file.

    To import a firmware file, see Importing files to the library.

    Note: If you select HTTPS and your printer only supports HTTP, then the application uses HTTP.

  5. From the Solutions tab, select one or more solutions to deploy. For more information, see Preparing solutions for enforcement.

  6. Click Save.

Creating a configuration from a device

Note: When you create a standalone configuration, you cannot modify its security settings. Creating a configuration from a selected device lets you modify the security settings. For more information, see Managing security settings.

  1. From the Configurations tab, select a device.

  2. Click Configurations > the create policies from selected device icon, and then assign a unique name for the configuration.

  3. Click OK.

    4. Notes:

Assigning a configuration

  1. From the Configurations tab, click Configurations, and then select a configuration.

  2. Select one or more devices.

  3. Click the assign icon.

Editing a configuration

  1. From the Configurations tab, click Configurations.

  2. Select a configuration, and then click the edit icon.

  3. If necessary, rename the configuration, and then modify the settings.

  4. Apply the changes.

    5. Note: Configurations that appear in red text and begin with an exclamation point contain one or more invalid settings, and cannot be enforced on a device.

Importing files to the library

  1. From the Configurations tab, click Library.

  2. Import the file.

    Notes:

    • When importing firmware, use only .fls files.
    • Some solutions require a license. Click Properties to view the licenses included in the solutions package.

Understanding variable settings

You can use variable settings in running conformance check or enforcing a configuration to a device. When creating or editing a configuration, you can select a CSV file to be associated with the configuration.

Each row in the CSV file contains a set of tokens that are used as an identifier or a value for the configuration settings.

Sample CSV format:

IP_ADDRESS,Contact_Name,Address,Disp_Info
1.2.3.4,John Doe,1600 Penn. Ave., Blue
4.3.2.1,Jane Doe,1601 Penn. Ave., Red
2.3.6.5,"Joe, Jane and Douglas",1601 Penn. Ave.,Yellow
2.3.6.7,"Joe, Jane and Douglas",1600 Penn. Ave.,He is 6’7” tall

In the header row, the first column is a “special device identifier” token denoting which device identifier is being used. It should be one of the following and unique in each row:

Each subsequent column in the header row is a “replacement” token that is user-defined. This token is replaced with the values in the subsequent rows when the configuration is enforced. Make sure that the tokens do not contain any spaces.

To obtain the correct CSV format, export a CSV file from MVE using Data Export.

  1. From the Header area, click the export data icon.

  2. From the Include Printers menu, select a device group.

  3. Create or edit a Data Export template.

  4. From the Possible Fields section, in the Identification menu, select a device identifier (such as IP Address).

  5. Add the selected device identifier to the Exported Fields section.

  6. Click Generate File > Finalize Export.

  7. Save the file, and then open it using a text editor.

    Note: To make sure that the device identifier from the exported file is in the correct CSV format, remove spaces and use capital letters. For example, if the exported data contains IP Address, then change it to IP_ADDRESS.

  8. Add the variable settings, and then save the file.

You can import the CSV file containing variable settings when creating or editing a configuration. For more information, see Creating a configuration or Editing a configuration.

Understanding secured devices

There may be various configurations for a secured device. However, MVE only supports devices that are either fully unrestricted or fully restricted.

 

Fully unrestricted

Fully restricted

Device settings

Remote Management permission or Remote Management Function Access Control (RM FAC)

Note: For a list of devices that support security settings, see the Release Notes.

No authentication or no security

An authentication method is configured to restrict public access to the Remote Management and Security Menu permissions, or a security template is assigned to RM FAC.

Significant ports

The following ports are open:

  • UDP 161 (SNMP)

  • UDP 9300/9301/9302 (NPAP)

The UDP 161 (SNMP) port is open.

Security-related ports

The following ports are open:

  • UDP 5353 (mDNS)

  • TCP 6110

  • TCP/UDP 6100 (LST)

The following ports are open:

  • UDP 5353 (mDNS)

  • TCP 6110

  • TCP/UDP 6100 (LST)

MVE settings

Discovery profile

The Include secured printers in the discovery option is cleared.

The Include secured printers in the discovery option is selected.

Are secure channels used for communication between MVE and the network devices?

No

Note: In some printer models, secure channels are used even on fully unrestricted devices.

Yes

How do I determine the security configuration of the devices in my network?

In the main data grid in MVE, an open padlock icon appears beside the IP address of a fully unrestricted device.

In the main data grid in MVE, a closed padlock icon appears beside the IP address of a fully restricted device.

Note: If MVE cannot identify the communication credentials of the device, then the closed padlock icon has a red slash through it. To remove the red slash, set the correct communication credentials for the security settings in the configuration before enforcing it to the restricted device.

How do I search for devices that have this type of configuration?

  1. From the “Bookmarks and Advanced Search” area, select All Printers.

  2. From the Search Results Summary area, scroll down to the Communications category, and then select Unsecured.

  1. From the “Bookmarks and Advanced Search” area, select All Printers.

  2. From the Search Results Summary area, scroll down to the Communications category, and then select Secured.


Managing security settings

Managing device settings

Note: Before you begin, make sure that the device security settings are configured to let MVE manage the device securely.

  1. Obtain the printer IP address. Do either of the following:

    • Locate the IP address on the top or upper-left corner of the printer home screen.

    • View the IP address in the Network Overview section or TCP/IP section of the Network/Ports menu.

  2. Open a Web browser, and then type the printer IP address.

  3. Depending on your printer model, do either of the following:

    • Click Settings > Security > Login Methods.

      From the Public section, click Manage Permissions, and then clear Remote Management and Security Menu. Depending on the authentication method used, navigate to the Remote Management and Security Menu permissions, and then allow secure access to them.

    • Click Settings > Security > Security Setup > Access Controls, and then assign a security template to RM FAC.

  4. Click Save or Submit.

    5. Note: For more information on managing permissions or function access controls, see the Embedded Web Server—Security Administrator’s Guide for your printer.

Managing MVE settings

Notes:

  1. From the Configurations tab, edit a configuration.

  2. From the Security tab, manage the security settings available for your device.

    Note: Some security settings may not be available, depending on your printer model.

  3. Click Save.

Preparing solutions for enforcement

Creating a solutions package

  1. Export the device list from MVE using Data Export.

    1. From the Header area, click the export data icon.

    2. From the Include Printers menu, select a device group.

    3. Select the Device List template, and then run Data Export.

      Note: When creating a custom template, add only Model and Serial Number to the Exported Fields section.

    4. Click Finalize Export.

  2. Access Package Builder.

    Note: If you need access to Package Builder, contact your administrator.

    1. Log in to Package Builder at https://cdp.lexmark.com/package-builder/.

    2. Import the device list.

    3. Type the package description, and then if necessary, type your e-mail address.

    4. From the Product menu, select a solution or solutions, and then if necessary, add licenses.

    5. Click Next > Finish. The package download link is sent to your e-mail.

  3. Download the package.

Adding solutions to a configuration

Note: Solutions that are not compatible with a device assigned to a configuration do not appear in the Configurations view.

  1. Import the solutions package downloaded from Package Builder. For more information, see Importing files to the library.

  2. From the Configurations tab, add or edit a configuration.

  3. From the Solutions tab, select one or more solutions to deploy.

    Notes:

    • For a Solutions bundle, select the components that you want to include.
    • Licenses are automatically retrieved from the imported solutions package.
    • For new configurations, MVE checks for licenses as you assign the configuration to devices. For configurations that are already assigned to devices, MVE checks for licenses as you select the solutions.

  4. From the General Settings section, set the license type and transfer method.

  5. Apply the changes.

Checking conformance with a configuration

  1. From the Configurations tab, select one or more devices.

  2. Assign a configuration, and then click Conformance.

  3. If a question mark or X appears, then click the log icon to view specific details.

    4. Note: A configuration conformance check can be scheduled to occur regularly or at a predetermined time. For more information, see Scheduling tasks.

Enforcing a configuration

  1. From the Configurations tab, select one or more devices.

  2. Assign a configuration, and then click Enforce.

  3. Click the log icon to check that the configuration enforcement is complete.

    4. Note: A configuration enforcement task can be scheduled to occur regularly or at a predetermined time. For more information, see Scheduling tasks.

Removing a configuration

  1. From the Configurations tab, select one or more devices.

  2. Click Configurations > the remove icon.