Professional Documents
Culture Documents
Subject:
New Models information (5020i/5020N/6020i)
Reason:
A group of new machines will soon be introduced. They will come equipped with MEAP functions, and differ from
existing models (iR5000/6000) as described in this bulletin.
!
Description:
1.Major Differences
a.Hardware-Related Differences
- The size of the SDRAM (work memory) that comes standard on the main controller PCB has been increased from
192 MB to 256 MB. (2 memory slots -> 1 memory slot)
- The size of the boot ROM has been increased from 1 MB to 2 MB to support network downloading.
- Changes have been made to the counter memory PCB so as to accommodate increases in capacity. (no compatibility
with existing models)
- A change has been made so that the default is now '1' for the following service mode used to switch the message to
indicate that the fixing web has run out (also indicated on the User screen): COPIER>OPTION>USER>WEB-DISP.
- A change has been made so that the default is now '1' (for the following service mode used to switch the message
to indicate that the waste toner case is full (also indicated on the User screen): COPIER>OPTION>USER>W-
TONER.
- A change has been made so that the name of the service system used at time of downloading is now "iR5020."
- A change has been made so that the LCD on the control panel is now color 1/1VGA, instead of black-and-white 1/
4VGA.
- An option has been made available designed to support the host machine; i.e., Network Multi-PDL Printer Kit-D1
(8743A002AA).
- An option has been made available to support MEAP USB applications; i.e., MEAP Application Interface Board-
B1 (8749A001AA). The board is to be added when using an MEAP application that supports USB peripherals. It
serves no purpose in the absence of a MEAP application. The board adds 2 extra Series A connectors for upstream
equipment.
- An option has been made available to support the use of MEAP functions; i.e., Resolution Switching Board-B1
(8731A002AA). It must be added when using a MEAP application that requires it.
- The iR Security Kit refers to the machine in question as "iR5020i."
(1/30)
iR6000-026
b.Functional Changes Not Related to MEAP
Major changes are in relation to the iR C3200's SEND function. Herein, the iR2200i and iR5000i are used as
reference machines when describing the SEND function.
Important!
iR C3200 is called CLC3200 in Europe.
- LDAP
The machine also comes with LDAP (Light-Weight Database Access Protocol), which was introduced with the iR
C3200. The machine offers access to the server database for information on targets of transmission. If the address is
a new one and transmission is by direct reference to an LDAP server address, the machine's resources will limit the
number of targets to 16, unlike the iR C3200, which permits broadcasting to as many as 64 targets.
- Preview
This function came first with the iR C3200. The machine differs from the iR C3200 in that its preview function offers
a choice of deleting the page.
- Forwarding
The specifications have been modified so that they are now identical to those of the iR C3200. With the newly added
following functions, making transfer settings has been made simpler:
transfer in the event of a mismatch in conditions storage of a transfer error file in the system box end-of-transfer
notice limited to transfer error transfer processing timer call key priority setting for e-mail transfer
(2/30)
iR6000-026
- FTP Default Port Number Setting
The specifications have been modified so that they are now identical to those of the iR C3200. (This function is not
found in the iR5000i.) To select a port number, type a colon and the desired number to follow the IP address;
e.g., 192.168.110.3:1000, if port 1000 is designed.
With the addition of this function. the said information will be indicated in the transmission log and reception log
using the said format. It will also be indicated in the body text as sender information (only if the sender field exists
at time of transmission).
e.g., from:user1<user@test.canon.co.jp>
- SMB/FTP/NCP Transmission
When MEAP authentication is used, the login-in user name will be indicated in the transmission history; i.e., the date/
time column of the communications report will have a list of log-in user names for reference.
(3/30)
iR6000-026
- Authentication at Time of Transmission
The machine supports NTLM authentication (NTLM 0.12)/use of long file names.
The specifications have been modified so that they are identical to those of the iR C3200. This function is absent in
the iR 2200i.
At time of SMB transmission, NTLM-based encrypted authentication is supported in place of natural language
authentication.
Because of the change, transmission is now possible using the user right (of the selected domain; by specifying
'domain name/user name' as the user name for file transfer). It is also possible to send to a common folder in access
mode at the user level of Win 9x. The function supports the use of a long file name, which previous models fail to
display.
Important!
Unlike in the previous models, this function may permit transmission to a folder based on SAMBA of NAS (Network
Attached Storage) or Linux. Since the use in all environments cannot be guaranteed, be sure to run a test in the user
environment before delivery.
c.MEAP
<What is MEAP?>
MEAP stands for "Multifunctional Embedded Application Platform", and is a software platform often built into a
peripheral device (e.g., MFP). MEAP is based on Java (J2ME: Java 2 Platform Micro Edition), and is intended to
run a Java application (i.e., MEAP application). Any MEAP application is independent of the device system software
and, as such, it may be installed or uninstalled using SMS (Service Management Service), which is a browser-based
interface on a PC) as long as the device supports the use of MEAP, permitting the addition of MEAP applications in
the field.
At time of shipment from the factory, the machine is ready to run 18 applications to run all at once; i.e., 1 of the 19
applications is used by the portal service (pre-installed; used to link the remote UI and MEAP service applications;
may be uninstalled; described later).
(4/30)
iR6000-026
The version of the system software and the version of MEAP content files must be in keeping with each other, calling
for care to avoid malfunction of MEAP functions otherwise occurring as the result of a Mismatch. Appropriate
information will be found in the Service Information bulletin to be released to coincide with the release of a system
CD.
The following is a diagram of MEAP viewed in its relation to its component entities.
MEAP platform
figure 1
!
<MEAP Application and Counter>
In addition to the existing copy counters, a MEAP-based device offers MEAP counters that may be used to find out
how much of the functions have been used according to individual MEAP applications. The readings of the MEAP
counters may be checked by pressing the Counter Check key on the copier's control panel and then selecting a check
on the counter reading.
The following table shows the MEAP counters; which counters to use depends on the specifications of the
application in question. An invoice may be prepared for scanning and printing by taking advantage of these counters.
(Some Sales Companies may opt to prepare a period-based contract instead of a counter-based contact.)
(5/30)
iR6000-026
<Types of MEAP Counters>
A counter reading may be incremented without exception, may be incremented according to instructions from the
application, or may not be incremented at all (leaving the task to the application). For details, study the following
table:!
total (black-and-white; 1)
scan (total 1)
black-and-white scan 3
black-and-white scan 4
application-free Free1
Free2
Free3
Free4
Free5
Free6
Free7
Free8
Free9
Free10
Free11
Free12
!!
always: Incremented by the device without exception in keeping with the execution of a job.
when instructed by the application:Incremented only if and when so instructed by the application.
application-free: Operates in keeping with the specifications of the application.
The counter readings shown in the table are available for individual MEAP applications (maximum of 19
applications; with 1 used for the SEND function).
(6/30)
iR6000-026
<SEND Function and MEAP Counter>
The SEND function was used by a non-MEAP machine in relation to the number of scans made. A MEAP machine
offers a counter for the SEND function; this counter is treated as a MEAP application, but cannot be installed/
uninstalled as an application because the SEND function is hardwired to the device (as a native function).
When the SEND function is used, the readings are incremented as follows:
black-and-white total scan 1 all SEND scans including faxing and i-faxing
<Counter History>
As many as 20 readings are generated by the MEAP counters (including the reading used by the SEND function); no
additional counter readings can be created. If a MEAP application is removed, its counter reading will be retained on
the hard disk in the form of a "counter history." A total of 24 histories may be kept at a time; however, if 20 MEAP
counters exist (including any histories occurring as a result of removing applications), only 4 may be used for
additional histories.
User Mode
- A user mode item has been added to permit turning on/off of the MEAP HTTP server (port 8000): System
Settings>MEAP Settings>Use HTTP.
- A user mode item has been added to enable printing of a report on the installed MEAP applications: System
Settings>MEAP Settings>Print System Infomation. It is important to keep in mind that this mode item cannot be
used in the absence of a PDL function.
- A user mode item has been added to enable using MEAP as the Initial screen: Common Settings>Initial
Function>Select Initial Function>MEAP.
Service Mode
- A service mode item has been added to enable checking the version of Java VM:
COPIER>DISPLAY>VERSION>Java-VM.
- A service mode item has been added to enable checking the version of MEAP contents:
COPIER>DISPLAY>VERSION>MEAP.
- A service mode item has been added to enable checking the connection of a MEAP application interface board-B1:
COPIER>DISPLAY>ACC-STS>USB-host.
1: iR2200i/2800i/3300i series board connected; 2: iR5000/6000 series board connected
(7/30)
iR6000-026
- A service mode item has been added to permit initialization of the display, used when a switchover of languages
causes the text of transmission/fax read settings to become garbled: COPIER>FUNCTION>CLEAR>SEND-STUP.
The device must be restarted after clicking [OK].
<Functions of SMS>
SMS has the following functions:
- installs/uninstalls a MEAP application from a PC on the network.
- starts/stops a MEAP application that has been installed.
- enables/disables a license file that has been installed.
- checks information on a MEAP application that has been installed.
- changes the order of applets that have been installed for display.
- installs/uninstalls the system application.
- starts/stops the system application.
- sets up/uninstalls the log-in service.
- checks MEAP system information.
- checks information on the license file (before installation)
- changes the log-in password to SMS.
<Access to SMS>
SMS is a Web application with its URL being http://IPaddress:8000/sms. Upon a visit, a message will appear,
prompting input of a password; SMS functions are offered in response to a successful log-in. If the following of the
user mode settings have been disabled, however, the URL of SMS will be changed as indicated to accommodate a
change from port 8000 to port 80 as the access port: System Settings>Network Settings>TCP/IP settings>Use HTTP.
(When disabled, the URL will be http://IPaddress/sms.)
<MEAP-Compatible Browsers>
A MEAP device requires browsers of the following types. Take care, as an SMS client environment is under stricter
restrictions than remote log-in and RemoteUI environments.
(8/30)
iR6000-026
Default Authentication and Client Environment (SDL remote log-in, RUI, Portal Service)
(JavaScript must be enabled)
<Log-In>
To use SMS, type in the appropriate password on the Log-In page. Make sure that the password is the one set up
initially as 'MeapSmsLogin'. (It is case sensitive.)
Simply type the password in the Password field of the Log-In page, and click [log in]. You will not be able to log in
if SMS is already in a log-in state as in the following cases:
- another user has already logged on to SMS.
- the browser has previously been closed without a log-out operation (i.e., SMS is waiting for a time-out to occur
expected in about 15 min).
If an attempt is made to access SMS from a different browser while a log-in has already been made, the Log-In page
will appear but the attempt will fail even if the password is correct.
If the message 'Type Password' appears on the Log-In page in spite of input of a correct password, the browser
settings (e.g., Java script setting is disable.) may not be in keeping with SMS operating conditions. It is also important
to keep in mind that access by way of a proxy has not bee verified; as necessary, remove the device IP addresses from
the list of addresses for which the use of the proxy is specified.
(9/30)
iR6000-026
SMS Login
figure 2
If the attempt to log in fails because of input of the wrong password, there will be a message asking for the correct
password. In addition to the message "Password is incorrect. Enter correct password." there will be an area for a
license file used to initialize the password to 'MeapSmsLogin'. (A separate communication will be issued for
instructions on how to obtain a license file used to initialize SMS password.) As a matter of course, access to SMS
will be given in response to an appropriate password entered in the input text field.
(10/30)
iR6000-026
Login error
figure 3
The license file contains information needed to install MEAP applications: serial number of the device (to prevent
illegal copying), period and number of uses (e.g., without a limit, with a limit on the period, with a limit on the
number of users), application ID (for identification of applications). These pieces of information are used to protect
against illegal copying and uses beyond imposed limits. The MEAP counter used to control the period/number of
uses holds current reading and upper limit data, offering a choice of disabling operations beyond limits.
(11/30)
iR6000-026
Installation of MEAP Application
figure 4
A click on [invalidate] will create a license file inside the device as a completely new license. An invalidated license
will be indicated as an icon on the screen, which may be downloaded to a PC or removed from it. (Take care not to
inadvertently remove an invalidated license that has been downloaded to the PC inadvertently; otherwise, you will
have to purchase a new license.)
The license that has been invalidated and downloaded to a PC may be installed back to the MEAP device from which
it has been removed; this is a consideration made to enable uninstalling of a MEAP application for checks in the event
of a fault during service work. The file, however, cannot be installed to a different MEAP device. If limits (in terms
of a period or number of uses) are imposed on the application in question, the balance (remaining length or uses) will
be written to the invalidated license so that the user will have the full remaining use after reinstalling the application
using the invalidated license file.
(12/30)
iR6000-026
<Portal Service>
Thanks to the support of MEAP, an iR device can now accommodate multiple MEAP applications (known as
"servlet") that may be used through a Web browser from a PC (as in the case of the SMS and in addition to the use
of a remote user interface). To show these applications in a browser, each application must be identified by its own
URL. Portal Service is a collection of services, one of which offers a list of application URLs to free you from having
to type in individual URLs.
Simultaneously with installation, Servlet type Application is designed so that a link may be automatically registered
into Portal Service. The link of RemoteUI is registered by the default. The link button to the "Sys. Admin
applications" is also prepared for Portal Service in addition to the link to Application. If "Sys. Admin applications"
button of Portal Service is clicked when SDL is chosen as login service, user management page of SDL mentioned
later will be displayed.
Portal Service
figure 5
!
<MEAP Login>
MEAP supports the following log-in services; in addition to the existing group-based control, it provides log-in
authentication to certify individual users. To use the log-in function, select any of 3 choices by making the following
selections: SMS>system control>expansion system application>log-in service.
(13/30)
iR6000-026
SDL and SSO are installed as system applications so that they may be removed if there is no need for them from
SMS. (On the other hand, there is no need for uninstalling them.)
For details of the MEAP log-in service, see the attached file to MEAP SMS Administrator Guide.
figure 6
<Default Authentication>
The default authentication function is used to provide some of the existing functions: "no authentication" (i.e., no
log-in screen will be shown) ad "Department ID management". If the user wants to have the existing authentication
environment (i.e., no authentication or group ID control), this will be the appropriate choice. (This also is the default
setting.)
(14/30)
iR6000-026
If the group ID control mechanism has been enabled, there will be a dialog used to prompt registration of an ID
number when logging into the local UI or the remote UI. It is also possible to use a Card Reader-C1 in place of input
of a group ID, in which case the installation will be as is done in the past.
<SDL>
SDL is a log-in service that holds such authentication data as user names and passwords within the device, and it
does not require another MEAP application or outside server for operation. In SDL, authentication is based on user
names and passwords, and as many as 1000 users may be put under control.
SDL is a type of user authentication application, and has the following functions:
figure 7
(15/30)
iR6000-026
<Introduction of SDL>
Before introducing SDL, it is important to be sure of the following:
Normally, access is made through a browser to the SDL User Register/Edit screen to register/edit users. It is
necessary to decide in advance which users may be given the right to register/edit users. Those users who will be
serving as administrators must be registered as such; access may be made using the following URL: http://
deviceIPaddress:8000/sdl. The log-in screen for SDL will appear in response, asking for log-in as an administrator
user. If log-in is made as a general user, there will be an error message to indicate that the screen is not available and
that log-in as an administrator is required. The User Register/Edit screen permits the following:
figure 8
(16/30)
iR6000-026
In addition to manually registering users through a browser, user information of an SDL format (LDIF) from another
device may be imported or user information of an NSA format (csv format) from NetSpot Accountant Server may
be imported. For details of the User Register/Edit screen, see the attached Guide to MEAP Authentication System
Settings (included with the device).
At time of shipment from the factory, the following user accounts are registered:
SDL user information may be imported or exported, and you need to keep the following in mind when doing so:
- user types are not exported; when they are imported, the users will all be registered as general users.
- if the same user name already exists, the existing name will be replaced with the name being imported.
The following 2 methods may be used. Use the one better suited to the nature of the work.
If 'person' is used for 'object class' of a record, the information is user information; on the other hand, if 'canon card'
is used for 'object class', the information is card ID information. The user passwords are encrypted for export,
department passwords are exported without encryption.
(17/30)
iR6000-026
The following shows how individual items are imported/exported:
SDL import Specification
1 Parent Department O
ID not registered
5 null department
numerals of 7 characters max. password/
Password (no 2-byte characters) password
*1:If multiple cards are assigned to a single department ID, use the # symbol to divide individual pieces of
information within a single field.
(18/30)
iR6000-026
SDL export Specification
No. NSA item name Quota tion Description Data exported from SDL
marks
4 account name O character string of 32 display name (if omitted, log-in user
bytes max. name)
*1:If multiple cards are assigned to a single department ID, use the # symbol to divide individual pieces of
information within a single field.
(19/30)
iR6000-026
(2) if department ID control is to be used side by side
If, for instance, statistics are to be compiled in conjunction with department ID control, a department ID and
password must be registered for each user to link the user with the department ID set up on the device. The control
mechanism on department IDs and passwords is dependent on the department ID control mechanism of the device,
not that of MEAP. When a log-in is made as a user set up in SDL, the department ID registered for the user
information in question will automatically be set up, thus eliminating the need to certify the user twice and saving
the user both time and effort. It is important to register the appropriate department ID information in the SDL user
information before enabling the department ID control mechanism (part of user data settings).
Repeat steps 3 and 4 to add users. Be sure, however, to type in the card numbers for the card ID columns.
(20/30)
iR6000-026
Disconnecting the Card Reader-C1
1.Turn off the device, and disconnect the connector of the Card Reader-C1.
2.Make the following selections in service mode and click [OK]; COPIER>FUNCTION>CLEAR>CARD.
3.Turn off and then on the device. (An error code will appear.)
4.Make the following selections in service mode once again, and click [OK]: COPIER>FUNCTION>CLEAR>ERR.
5.Turn off and then on the device.
!
Points to Note When Combining the SDL and NSA Methods
If you want to use both SDL and NSA methods, the recommended procedure is as follows: register the control
information using NSA; using the user collective registration tool, export the csv file; import the file using SDL.
When doing so, it is important that you keep the following in mind:
- An error will occur if the user department ID you export using SDL already exists in NSA as a department ID. it
must always be a new department ID.
- The relationship between card and department will not be respected when import is executed using the user
collective registration tool of NSA.
- If you want to compile statistics using NSA according to individual cards, you must set the relationship among card,
user, and department ID as 1:1:1 on using SDL; on the side of NSA, compile the statistics according to individual
departments.
- If multiple users exist using the same department ID, only one of them can be imported using NSA.
- If the e-mail address consists of 49 characters or more or if the log-in name consists of 25 characters or more, export
from the SDL is possible, but there will be an error when importing to NSA.
A comma (,) in an e-mail address will prevent proper export from NSA.
- If an account ID is used and an administrator account has been registered in the NSA, writing over the existing
account ID will not change its security level.
- Passwords are not saved to the file being exported; if passwords are needed, they must be newly set up after import.
<SSO>
SSO Log-In is a log-in service in which authentication data is on an external server. It enables database log-in based
on a single-sign on method. The authentication data is controlled on the server, and is not retained on the device.
Authentication takes place with reference to log-in name and log-in password for collection of user information.
There is no limit to how many users may be controlled; in other words, as many users as allowed by the Active
Directory may be controlled.
(21/30)
iR6000-026
The conceptual figure of SSO
figure 9
SSO is a type of user authentication application designed for MEAP, and possesses the following functions:
(1) shows a log-in screen on the local user interface for authentication of users
(2) shows a log-in page on a Web browser, for authentication of users
(3) serves as an intermediary between Active Directory and log-in service (SA:Security Agent)
To make use of SSO, it is important to install SA to the operating system (Windows 2000/Pro/Server/Widows XP
Pro) in the same domain as the iR machine. Thereafter, changing the log-in method to SSO in SMS will enable the
use of SSO for log-in. When SSO operates normally, the iR machine's local or remote user interface uses the user
name and password managed by Windows 2000 Active Directory to initiate a log-in operation. For SSO to operate
correctly, the iR machine's network settings, time zone, and clock must correctly be set up (where applicable,
daylight saving time must also be considered). If there is a discrepancy of 30min or more between iR machine and
domain control, SSO may not operate. If you want to combine SSO and department ID/Card Reader-C1, you must
also bring in NSA, as Active Directory does not associate a log-in user with any specific card number.
The client environments guaranteed for remote log-in to an iR machine using SSO must be as follows; Java VM and
JavaScript must be enabled:
(22/30)
iR6000-026
Keep in mind that environments other than the following are not guaranteed for proper operation.
- Hardware
memory: 256 MB or more (RAM)
hard disk: 20 GB or more
CPU: Intel Celeron 800 MHz or equivalent (processor)
- Software
OS: Microsoft windows 2000 Professional/Server
Microsoft Windows XP Professional
To install SA, you must be authorized as local administrator for the PC to which you are planning the installation.
SA uses Install Shield 8 as its installer, and the PC must be restarted if the installer has not been used in the past. (The
fact relates to the specifications of the installer, and cannot be avoided.)
To start SA services after installation, you must be authorized as domain administrator. Select SA, and make the
following selections: properties>log-on>account. Then, type in a user name possessing the domain administrator
authorization. The following Input screen will appear if you use 'Canon' for the domain name and 'Administrator' for
the administrator account.
(23/30)
iR6000-026
Logon account setting
figure 10
Outline of SA Operation
At time of start-up, SA uses the framework of Dynamic DNS to register record A to the DNS server under the name
of 'SecurityAgent._tcp.' When an iR machine is started up, it contacts the DNS using the name 'SecurityAgent._tcp'
to obtain the IP address of the PC to which SA has been installed.
When a request for a log-in to the iR machine is made, the machine will ask SA for a user name and password. In
response, SA executes authentication for encryption (NTLM) using the domain controller, and sends the result to the
iR machine. All communications among the iR machine, SA, and domain controller are encrypted, and the absence
of plain language keeps user names and passwords safe. SA may be running at the same time on multiple PCs, as
when distributing work loads and expanding services; if this is the case, authentication will be by SA that first
responds to a query.
(24/30)
iR6000-026
Security Agent Manager
figure 11
When installing the SA, be sure also to refer to the ReadMe file that comes tithe SA's Installer.
(25/30)
iR6000-026
- The machine's system software contains environments to be used by developers of MEAP applications and, as such,
its file size is about twice as large as the system software of existing machines. When upgrading it using the Service
Support Tool, it is strongly recommended that files be copied through downloading from the network by means of a
cross-cable. As in the case of the iR C3200(CLC3200), the machine enters download mode in response to
simultaneous presses on the 2 and 8 keys or starts up in an FIXIP state in response to simultaneous presses on the 1
and 7 keys. Take advantage of these considerations so that the device may be temporarily started using the IP address
172.16.1.100.
Both these methods produces the same information. It is important to collect the information at all times when
reporting a fault, as it serves as a comprehensive report on all applications installed in the device.
- Application Name
i.e., name of the application declared in the declaration in the application program (bundle-name); the name does
not necessarily corresponds to the product name.
- Application Version
i.e., version of the application; the name (bundle-version) declared in the declaration in the application program is
printed.
- Status
i.e., the activities of the application are printed;
e.g., Installed, Active, Resolved.
Resolved means stopped.
- Installed On
i.e., the date of installing the application.
(26/30)
iR6000-026
- Vendor
i.e., the name of the application vendor (developer); the name (bundle-vendor) declared in the declaration of the
application program is printed.
- License Status
i.e., the status of the license is printed;
e.g., None, Not Installed; Installed; Invalid; Over Limit.
- Counter Value
i.e., the current value of individual counters; if the status of the license is None, nothing will be printed.
- Registered Service
i.e., the services that are registered in the MEAP framework by the application; not all items contain data to print.
To recover the pre-replacement conditions, there must be a special license file (containing the current counter
readings and period of validity for full remaining service after reinstallation). A license file is handled as a service
tool, and is not sold to users. In the event of a fault on the hard disk, the service person is expected to access the
MAMS server for downloading (after August 2003; until then, a license file may be obtained in ways indicated in a
separate communication soon to be made available). The following steps assume that the file is downloaded from
the MAMS server:
(1)In advance, access the MAMS server, and download the appropriate license file, and copy it to the service
notebook PC. The information needed to download a license file includes the application ID and device serial
number.
(2)Register the following to the Service Support Tool: System file, Language file, Remote UI file, HDD format file,
MEAP contents file. (Be sure that these files all are compatible in respect of version.)
(3)Prepare the hard disk (service part) for replacement.
(4)Replace the hard disk at the user's.
(27/30)
iR6000-026
(5)While holding the 2 and 8 keys at the same time, turn on the power to start the device in download mode. (As is
the case with the iR C3200, the IP address 172.16.1.10 will automatically be set up for downloading from a network).
Using the Service Support Tool, format the hard disk, and install the necessary files: System, MEAP contents, HDD
format, Language, Remote UI.
Important!
When the device is started up for the first time after formatting of its hard disk, it performs special processing so that
the MEAP content files may appropriately be expanded. Be sure not to turn off the power until the MEAP screen has
appeared after start-up; otherwise, a hard disk-related error (E602) may occur. In the event of E602-0004, turn off
and then on the main power to recover; for E602-0003, on the other hand, hold down the 1 and 9 keys at the same
time and turn on the power so that the device will perform a hard disk write abort error recovery session. This
processing requires checking the entire HDD in units of sectors, and will take several tens of minutes.
(6) Obtain the MEAP application jar file from the user; using the license file, reinstall the MEAP application as you
would when installing the application for the first time.
To initialize an SMS password, you must download the SMS password initialization license file from the MAMS
server. As in the case of downloading a license file designed for reinstallation of an application, obtain the SMS
password initialization license file by downloading it from the MAMS server (after August 2003; until then, the
license file may be obtained in ways indicated in a separate communication soon to be made available; the license
file is handled as a service tool, and is not offered to users).
The following steps assume that the license file may be downloaded from the MAMS server:
(1) download the SMS password initialization license file from the MAMS server, and copy it to the notebook PC.
(2) At the user's, make an intentional mistake logging into SMS by typing in an incorrect user name and password to
bring up the Error page.
(28/30)
iR6000-026
SMS Login error
figure 12
(3)On the page, specify the path to the SMS password initialization license file, and click [OK] to start initialization.
(A separate communication will be issued to describe how to obtain the SMS initialization license file.)
3.Service Parts
For differences that exist among service parts and detailed descriptions of the differences, see the following
attachments; for service parts other than those indicated in the attachments, see the iR5000/6000 Parts Catalog
(FY8-31EV-000).
(29/30)
iR6000-026
4.Product Code, Serial Number, and Power Supply Voltage
5.Appending data
MEAP SMS Administrator Guide
This is a document prepared to describe how MEAP applications and log-in services may be managed. It is intended
for end users, and it comes with the product package.
(30/30)
Readme.txt
===============================================================================
Security Agent / Security Agent Manager Version 1.00
Supplementary Instructions
===============================================================================
Canon, the Canon logo, imageRUNNER, MEAP, and the MEAP logo are trademarks of
Canon Inc.
Microsoft, Windows, and Windows NT are registered trademarks of Microsoft
Corporation in the United States and other countries.
Other product and company names herein may be the trademarks of their respective
owners.
In this manual, Microsoft(R) Windows(R) 2000 is abbreviated as Windows 2000,
and Microsoft(R) Windows(R) XP is abbreviated as Windows XP.
Contents
Before You Start
1. Introduction
2. System Requirements
3. Installation
Using Security Agent
1. Starting Security Agent
2. Settings
===============================================================================
Before You Start
===============================================================================
1. Introduction----------------------------------------------------------------
"Security Agent" is the required companion software package for using the
SSO (Single Sign-On) function with MEAP devices. Make sure you install
"Security Agent" before using the SSO function with an MEAP device. Also,
you can use the "Security Agent Manager" to start and stop "Security Agent"
services and to set links etc. to user data registered in NetSpot Accountant.
2. System Requirements -----------------------------------------------
This software can be used in the following system environments.
*Computer
- Memory: 256MB RAM minimum
- Hard disk space: 20GB minimum
- CPU: Intel Celeron 800 MHz equivalent processor or faster.
*Software
- OS: Microsoft Windows 2000 Professional/Server
Microsoft Windows XP Professional
(Important)
- If using Windows 2000, install Service Pack 2 or later.
- The computer where Security Agent is installed and the MEAP device used
must be in the same network domain.
3. Installation -----------------------------------------------------------------
Install this software according to the following procedure.
(Important)
- Before installation, log onto Windows as an administrator.
- Make sure you close all other applications before installing this software.
- When you start a Security Agent service, "SecurityAgent._tcp" is
automatically registered on the DNS server. The name of the MEAP
device can be reconciled under the registered DNS name.
Page 1
Readme.txt
- To install Security Agent in a computer, set the computer to use a DNS server
for accessing network.
- If you install Security Agent in a computer in which a DNS server is already
installed, Security Agent may not start automatically. In this case, start
Security Agent Manager, and then start the service manually.
- If you obtain the IP address automatically (DHCP), you must obtain
static IP address for the computer where you are installing Security Agent,
not the dynamic IP address.
- Do not change the IP address for your computer while Security Agent is running.
If you want to change the IP address for your computer, first stop the Security
Agent services.
1) Insert the CD-ROM supplied with the Security Agent package CD-ROM drive.
2) Double-click the [SAInstall.exe] icon in the [Security Agent] folder to
begin the installation.
(*) - The [SAInstall.exe] icon may appear as [SAInstall], depending on
the system environment you are using.
3) Click [Next].
4) The user license agreement dialog box is displayed. If you agree to the
terms, click [Yes].
5) Select the folder you want to install Security Agent into --> click [Next].
Installation is started.
6) When installation is finished, check the verification dialog box --> click
[Finish].
Security Agent is now installed. Next, you need to start the Security Agent services.
7) On the [Start] menu, click [Control Panels] --> [Management Tools] -->
[Services] --> right-click [SA] --> click [Properties].
The [Properties] window is displayed.
8) Click the [Log On] page --> select [Accounts].
9) Specify the domain name and enter the name of a user with Administrator
privileges registered in the domain in [Accounts].
Example: Server1\administrator
10) Enter a password in [Password] and [Confirm Password].
11) Click [OK].
Installation and settings for Security Agent services are complete.
===============================================================================
Using Security Agent
===============================================================================
1. Starting Security Agent-----------------------------------------------------
You can edit Security Agent settings with the Security Agent Manager. Start
the Security Agent Manager by following the procedure below.
1) On the [Start] menu, point to [Programs] --> [Canon] --> [Security Agent]
--> click [Security Agent Manager].
Page 2
Readme.txt
*Command (Start/Stop Security Agent)
You can specify start and stop settings for the Security Agent automatic
detection service.
*Configuration
-Connect to NetSpot Accountant Server
If you want to use the same data (user name, password, etc.) that has
already been registered in NetSpot Accountant, place a checkmark in the
appropriate boxes and enter the computer name or IP address and database
name of the NetSpot Accountant server.
-Sync Period
You can set data acquisition intervals for obtaining data from NetSpot
Accountant. A maximum of 65535 hours can be set.
IMPORTANT: When using user data registered in NetSpot Accountant, the
following settings must be made in NetSpot Accountant beforehand.
*Connections
You can set the number of users that can login or access the SSO from web
browsers at the same time when you are using SSO. A maximum of 9999 users
can be set.
*Error Logs
You can display errors that occur in Security Agent, as well as service
start and stop data.
(*) - Error Logs display data obtained by the Windows Event Viewer. Event
Logs are updated by clicking [Refresh] - they are not updated automatically.
If the Windows Event Viewer is full and data cannot be updated, the
Security Agent Event Logs also cannot be updated.
===============================================================================
Copyright(C) CANON INC.2003
Page 3
Point of difference in service parts
iR5020/6020
iR5000/6000
FIG & KEY /5020i/6020i Q'TY DESCRIPTION REMARKS
1 100-28 - FB5-3359-000 0<-1 EMBLEM IR5000 EXCEPT
NRF,MPL
2 100-28 - FB6-2746-000 0<-1 EMBLEM IR5000 NRF,MPL
III - 2 COPYRIGHT C 2000 CANON INC. CANON iR5000/iR6000 REV.0 JUNE 2000 PRINTED IN JAPAN [IMPRIME AU JAPON]
LIST OF ORDER AND SERIAL NUMBERS
COPYRIGHT C 2000 CANON INC. CANON iR5000/iR6000 REV.0 JUNE 2000 PRINTED IN JAPAN [IMPRIME AU JAPON] III - 3
LIST OF ORDER AND SERIAL NUMBERS
III - 4 COPYRIGHT C 2000 CANON INC. CANON iR5000/iR6000 REV.0 JUNE 2000 PRINTED IN JAPAN [IMPRIME AU JAPON]