How toHow to add Azure Blob Storage

How to add Azure Blob Storage

Enable storage of pending documents in your secure cloud storage. That way, the user's computer does not need to be online to release Print Later and Print Anywhere documents. However, a Printix Client still needs to be online on the printer's network to release the documents.

Create storage account

  1. Open a new browser window and sign in to Microsoft Azure (portal.azure.com) using your work account credentials.
  2. In the portal menu, select All Services.
  3. In the Storage category, select Storage accounts.
  4. Select Create.
  5. On the Basics tab:

    • In the Project details section:

      • In Subscription, select the type of subscription.

      • In Resource group, select a resource group or select Create new.

    • In the Instance details section:

      • In Storage account name, enter the name of the storage account.

        Example: printixcloudstorage

      • In Region, select the data center closest to you.

        Example: (US) East US

      • In Performance, leave it at Standard (default).

      • In Redundancy, select Locally-redudant storage (LRS) to get the lowest-cost option.

  6. Select the Advanced tab or select Next: Advanced.
  7. On the Advanced tab:

    • In the Security section:

      • Leave Require secure transfer for REST API operations selected.

      • Clear Allow enabling anonymous access on individual containers.

      • Leave Enable storage account key access selected.

      • Leave Default to Azure Active Directory authorization in the Azure portal cleared.

      • In Minimum TLS version, leave it on Version 1.2.

      • In Permitted scope for copy operations, select the scope or leave it on the default From any storage account.

    • In the Hierarchical Namespace section:

      • Leave Enable hierarchical namespace cleared.

    • In the Access protocols section:

      • Leave Enable SFTP cleared.

      • Leave Enable network file system v3 cleared.

    • In the Blob storage section:

      • Leave Allow cross-tenant replication cleared.

      • In Access tier, select Hot.

    • In the Azure Files section:

      • Leave Enable large file shares cleared.

  8. Select the Networking tab or select Next: Networking.
  9. On the Networking tab:

    • In the Network connectivity section:

      • In Network access, select Enable public access from all networks or Enable public access from selected virtual networks and IP addresses. Both the Printix Cloud and computers with Printix Client (even when on a public network) must be allowed to access the blob storage.

    • In the Network routing section:

      • In Routing preference, select Microsoft network routing.

  10. Select the Data protection tab or select Next: Data protection.
  11. On the Data protection tab:

    • In the Recovery section:

      • Leave Enable point-in-time restore for containers cleared.

      • Clear Enable soft delete for blobs.

      • Clear Enable soft delete for containers.

      • Clear Enable soft delete for file shares.

    • In the Tracking section:

      • Leave Enable versioning for blobs cleared.

      • Leave Enable blob change feed cleared.

    • In the Access control section:

      • Leave Enable version-level immutability support cleared.

  12. Select the Encryption tab or select Next: Encryption.
  13. On the Encryption tab:

    • In Encryption type, select Microsoft-managed keys (MMK).

    • In Enable support for customer-managed keys, leave the selection on All service types (blobs, files, tables, and queues).

    • Leave Enable infrastructure encryption cleared.

  14. Select the Tags tab or select Next: Tags.
  15. On the Tags tab:

    • Optionally, create tags for the resource.

  16. Select the Review tab or select Next: Review.
  17. On the Review tab:

    • Review the settings.

  18. Select Create.

    It may take a couple of minutes to create the account.

Configure access to cloud storage

If you selected Enable public access from selected virtual networks and IP addresses in step 9 of creating the storage account, perform the following steps to configure Printix to access your cloud storage.

The Azure Blob Storage can not be in the same Microsoft Azure data center as your Printix Home. The reason is that Microsoft does not use the public IP addresses for communication between Printix and the Azure Blob Storage when they are in the same data center.

  1. In the Microsoft Azure portal menu, select All Services.
  2. In the Storage category, select Storage accounts.
  3. Select the storage account you created.
    Example: printixcloudstorage
  4. In the Firewall section, in Address range:

    • Enter the following IP addresses according to your data center where your Printix Home resides:

      • Printix in EU Data Center, Netherlands (West Europe):

        • 51.124.91.26

        • 52.142.203.47

        • 52.142.207.220

    • Enter the static outbound IP of those networks where Printix Client, Printix App for iOS/iPadOS, Printix App for Android, and Printix Chromebook reside.

      When a user prints or runs a capture workflow (using the Printix Client, the Printix App, or Printix Chromebook) from an unknown network (at home or while traveling), and if documents go via the user's own cloud storage:

      • The user must connect via VPN to the Corporate network, and the own cloud storage must be reached via this VPN connection.

      • The static outbound IP of this network must be allowed on the firewall of the own cloud storage.

      Otherwise, the printing or the capture workflow fails.

  5. Select Save to save your modifications.

Get the key

  1. In the Microsoft Azure portal menu, select All Services.
  2. In the Storage category, select Storage accounts.
  3. Select the storage account you created.
    Example: printixcloudstorage
  4. In the left pane, select Access keys to see the access keys for the selected storage account.

    You can use the search bar to quickly find this option.

  5. Select Show next to the Key value of key1, then select Copy to clipboard.

    You need to paste this value in step 6 when adding the Azure Blob Storage.

  6. In Endpoint suffix, specify the storage account endpoint suffix or leave it blank if you use the default core.windows.net value.

Add Azure Blob Storage

  1. Select Menu  > Settings .
  2. Select the Cloud storage tab.
  3. Select Add cloud storage.
  4. Select Azure Blob Storage.
  5. In Name, enter the storage account name you entered in step 5 of creating the storage account.
    Example: printixcloudstorage
  6. In Key, paste the key1 value you copied in step 5 of getting the key.
  7. Select Add cloud storage.
  8. Optionally, check the type of pending documents you want to store.

    If you use a web proxy and/or SSL inspection, you must unblock the URL referencing the storage account:

    https://{storage_account_name}.blob.{endpoint suffix}

    Example: https://printixcloudstorage.blob.core.windows.net

See also:

Permissions needed to access Azure Blob Storage

Printix uses access keys for Azure Blob Storage to generate Shared Access Signatures (SAS) signed read, write, and delete links for the Azure Blob Storage. At regular intervals, Printix Cloud uploads a 4-byte file to test connection to the Azure Blob Storage (links for write, read, delete). If the test fails, it is displayed in Printix Administrator.

  • Allowed services

    Checked Blob, Checked File, Checked Queue, Checked Table.

  • Allowed resource types

    Unchecked Service, Unchecked Container, Unchecked Object.

  • Allowed permissions

    Checked Read, Checked Write, Checked Delete, Checked List, Checked Add, Checked Create, Checked Update, Checked Process, Checked Immutable storage, Checked Permanent delete.

  • Blob versioning permissions

    Checked Enable deletion of versions.

  • Allowed blob index permissions

    Checked Read/write, Checked Filter.