Celiveo.me

What is Celiveo.me?

Celiveo.me (Mobile Extension) is a SaaS cloud service from Celiveo that enables users to send documents for Pull Printing from any email sending capable device and Chromebook Enterprise laptops, all fully secured.
Celiveo.me is built around Zero Trust architecture, it seamlessly and securely interfaces the cloud services that verify user identity and intake user documents sent by email with the customer on-premise infrastructure with a dedicated Celiveo Mobile Extension enabled Celiveo Shared Virtual Printer that receives these documents, securely stores them and makes them available for release on any Celiveo enabled printer.

Celiveo.me Zero Trust Architecture

Print via Email

This feature allows users to submit documents to pull print as email attachments and can be done from any email client in any Operating System.

1. These documents are sent to a corporate email address created by the customer e.g. celiveome@company.com
2. This email inbox then applies all the corporate policies to validate anti-spoofing, email forwarding, file size limit 25MB and other corporate rules.
3. The email is then redirected to a unique and automatically generated email address by Celiveo.me that is provided when subscribing to the product and shown in the Celiveo Mobile Extension enabled Celiveo Virtual Printer. e.g. CVOME9848418115730863957.2@region.celiveo.me
   

Supported File Types

• pdf, doc, docx, xls, xlsm, xlsx, pps, ppsx, ppt, pptx ,odp, ods, odt (unprotected)
• epub, eml, msg, htm, html, md, tif, tiff
  

Architecture

Print via Celiveo ChromeOS Print Provider

This feature aims to natively perform pull print from chromeOS Enterprise in a secure and seamless fashion using the built-in TPM chip and Google User Validation Services to avoid user identity and password input.
The Celiveo.me Print Provider is installed to manage chromeOS Enterprise devices using ChromeOS Device Management that defines which users will get Celiveo.me Print Provider deployed.
Once installed, users can print from any printing capable application by going to File > Print > Select Celiveo.me Print Provider > Print.

Architecture

Service Scalability

Each Celiveo.me enabled CSVP has an estimated bandwidth to process 60 documents per minute and the processing throughput is shared by both email and chromeOS Print Provider connectors.
Additional Celiveo.me enabled CSVP can be added to increase processing throughput up to 20 CSVPs.
When the Celiveo.me enabled CSVP reaches the processing limit documents are not lost, they remain in the queue and are processed as other documents leave the processing queue to storage. If documents take longer to show in the printer front panel additional Celiveo.me enabled CSVP might be required to improve the overall user experience.

Enabling Zero Trust Access

Celiveo 8 uses a 4-levels certificate chain that protects the Web Admin, the CSVP endpoints – shared print queues – and the Cloud. This protection will be extended to Celiveo agents Celiveo for printers and to CVPs (Serverless) in 2022.
The Celiveo company only has Root CA (level 1) and chain public certificates.
The level 2 certificate is generated with a long random key, never stored at Celiveo, and immediately transferred in an encrypted form by email to the admin defined in the use license.
During the configuration of the Celiveo Shared Virtual Printer CSVP, a new level 4 certificate is generated with an encrypted PFX. Its key is displayed on screen for the last time and will be required during the CSVP installation on the Windows Print Server. This CSVP public key is stored in the installation SQL database and transferred to the Celiveo.me Cloud for this print queue.

To enable Zero Trust Access, the Celiveo.me option needs to be included in the license. Activation is done in the Web Admin settings, by clicking the icon.
Click the tab to access the Zero Trust options.

1. Make sure the email address is correct, the certificate decryption key will be sent to it.
2. Click the icon to request the level 2 certificate generation and receive the key.
3. Open the email and copy the key to the clipboard.
4. Paste the key in the WebAdmin activation field.
5. Click the Save button.
   If the key is correct, the following screen displays:
   
   Once Zero Trust Access is enabled, we recommend that you store the decryption key in a safe place and destroy the email in which it was sent. The key might be needed in case of a server change since level 1 certificate can not be re-issued without revoking all level 3 and 4 sub certificates.

Celiveo.me configuration in the Web Admin

1. In the Printers tab, click the Add Virtual Printer button.
2. Select your operating system, enter the name of your virtual printer and click Next.
   
3. In the virtual printer options, select the Shared Virtual Printer and Celiveo Mobile Extension checkboxes.
   
4. Proceed to the creation of a CSVP as indicated in the Add a Celiveo Shard Virtual Printer chapter.
5. Once the package has been created, the following window displays:
   
6. Click the Upload Test Document button to select a document to send to the Celiveo Mobile Extension.
7. Click the Download Test Document button to see the generated PDF file to be printed.
8. Click the Test button to check the connection.
9. Once the test is successful, click OK.
10. A new tab appears in the printer options: Celiveo Mobile Extension. It contains the email address documents have to be sent to in order to be printed.
    
11. Click the button to copy the email address.

Installing the Celiveo CSVP

The installation package contains all prerequisites, including .Net 5.

The Certificates directory contains intermediate level 1, 2, and 3 public certificates along with the encrypted level 4 PFX that will be installed on the server with the CSVP.
These certificates are automatically installed.

The installation uses the -ztapwd= parameter to install the PFX on the computer. This certificate will be used to authenticate the connection to the Cloud, thanks to the already transferred public certificate.

!Important: the outgoing connection to https://*.celiveo.me:443 needs to be possible from the Windows computer on which the CSVP is installed so that print jobs are transferred. There is no incoming connection.

Configuration in the admin.google portal (ChromeBooks)

The Celiveo Secure Documents Pull Print printer provider needs to be deployed on Chromebooks from the Chrome Enterprise portal. No authentication needs to be configured for this extension except the “Verified Access” since it relies on the Google Zero Trust security.

*Note: The ActiveDirectory attribute userPrincipalName needs to contain the user’s email address (which needs to be the one used to connect to the Chromebook).

Install the “Celiveo Secure Documents Pull Print” extension in the Chrome portal in the Devices / Chrome / Apps&extensions / Users and Browers menu, click the + button, and “Add from Chrome Web Store”.

Click “Select”

Enable access to the Google Zero Trust authentication (Verified Access) for the Celiveo Printer Provider by enabling the “Allow Enterprise Challenge” on the right side of the screen.

Force the Celiveo installation and display in the browser as needed by replacing the “Allow Install” default option with “Force Install + PIN to browser toolbar”.

 
Allow the Celiveo.me Cloud service to check the users’ identity in the Devices / Chrome / Settings / Device menu.

In Verified mode, add the following account: verifiedaccess@celiveo-zta.iam.gserviceaccount.com.

Printing from Chromebook

Just use the Print option in Chrome, make sure that Celiveo is the selected printer, and click “Print”. A confirmation notification displays to indicate that the document has been accepted by Celiveo in the Cloud and is ready to be released on a printer as soon as it is transferred to the CSVP.

Copyright © 2024 Celiveo — Powered by