Xerox Workplace Cloud 5.6.1 Security Guide
Xerox® Workplace Cloud
5.6.1
Security Guide
© 2021 Xerox® Corporation. All rights reserved. Xerox®, AltaLink®, ConnectKey®, Global Print
Driver®, and VersaLink® are trademarks of Xerox® Corporation in the United States and/or other
countries. BR32181
Apache OpenOffice™ is a trademark of the Apache Software Foundation in the United States and/or
other countries.
®
Apple
and Mac® are trademarks of Apple, Inc. registered in the United States and/or other
countries.
Chrome™ is a trademark of Google Inc.
Firefox
Intel
IOS
®
is a registered trademark of Mozilla Corporation.
®
Core™ is a trademark of the Intel Corporation in the United States and/or other countries.
®
is a trademark or registered trademark of Cisco in the United States and other countries and
is used under license.
Microsoft®, SQL Server®, Microsoft®.NET, Windows®, Windows Server®, Windows 8®, Office®,
®
Excel
and Internet Explorer® are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries.
Xerox® PDF Reader Powered by Foxit Software Company (http://www.foxitsoftware.com).
This product includes software developed by Aspose (http://www.aspose.com).
Other company trademarks are also acknowledged.
Document Version: 1.0 (March 2021). BR32181
Copyright protection claimed includes all forms and matters of copyrightable material and
information now allowed by statutory or judicial law or hereinafter granted including without
limitation, material generated from the software programs which are displayed on the screen, such
as icons, screen displays, looks, etc.
Changes are periodically made to this document. Changes, technical inaccuracies, and
typographic errors will be corrected in subsequent editions.
Conventions in this Document
Throughout this document, you will find tags that will indicate when the content is unique to a
specific solution of the platform. These tags will include:
[PMM] Content applies only to Print Management and Mobility
[FM] Content applies only to Fleet Management
These tags will typically be found on section titles; however, they may be found at other points in
the documentation.
NOTE: Any section not showing a tag should be assumed to follow the tags of any higher-level
sections. If there are no tags on the section or on the higher-level sections then the section applies
to all solutions.
For example, if you are implementing just Fleet Management, you will want to read sections tagged
[FM] and all untagged sections (but you can skip the [PMM] tagged sections)
Xerox® Workplace Cloud 5.6.1 – Security Guide i
Table of Contents
1. Introduction ....................................................................................................................................... 6
Purpose ............................................................................................................................................... 6
Target Audience .................................................................................................................................. 6
Disclaimer ........................................................................................................................................... 6
2. Product Description .......................................................................................................................... 7
Overview ............................................................................................................................................. 7
Printing and Print Management .......................................................................................................... 7
Submission Methods ....................................................................................................................... 7
Release Methods ............................................................................................................................ 7
Combined Submission/Release Methods ....................................................................................... 7
Printer Authentication Methods ....................................................................................................... 8
Xerox® @PrintByXerox................................................................................................................... 8
Xerox® Workplace Cloud Printing and Print Management ........................................................... 10
Xerox® Workplace Cloud (Agentless) [PMM] ............................................................................... 11
Description of System Components [PMM] .................................................................................. 11
Xerox® Workplace Cloud Fleet Management (with an Agent) [FM] .............................................. 13
Xerox® Workplace Cloud Fleet Management (Agentless) [FM] .................................................... 14
Description of System Components [FM] ..................................................................................... 14
3. System Architecture ....................................................................................................................... 16
Xerox® Workplace Cloud ................................................................................................................... 16
Xerox® Workplace Cloud Volatile Memory .................................................................................... 16
Xerox® Workplace Cloud Non-Volatile Memory ............................................................................ 16
Workplace Cloud Agent .................................................................................................................... 17
Workplace Cloud Agent Volatile Memory ..................................................................................... 17
Workplace Cloud Agent Non-Volatile Memory .............................................................................. 17
Desktop Print Client [PMM] ............................................................................................................... 18
Desktop Print Client Volatile Memory ........................................................................................... 18
Desktop Print Client Non-Volatile Memory .................................................................................... 18
Xerox® Workplace App [PMM] .......................................................................................................... 19
Workplace App Volatile Memory ................................................................................................... 19
Workplace App Non-Volatile Memory ........................................................................................... 19
Open-Source Components ............................................................................................................... 19
Xerox® Workplace Cloud 5.6.1 – Security Guide ii
4. System Interaction .......................................................................................................................... 20
System Components ......................................................................................................................... 20
Xerox® Workplace App [PMM] ...................................................................................................... 20
Xerox® Workplace Cloud ............................................................................................................... 20
LDAP/ADS Server ......................................................................................................................... 25
Azure AD ....................................................................................................................................... 25
OKTA ............................................................................................................................................. 27
Third Party Public Print Provider [PMM] ....................................................................................... 29
Workplace Cloud Agent ................................................................................................................ 30
Server Based Print Queues .......................................................................................................... 31
Printer ............................................................................................................................................ 32
Xerox® @PrintByXerox App [PMM] .............................................................................................. 33
Customer Email Server ................................................................................................................. 33
User Workstation (Workplace Cloud Client) [PMM] ...................................................................... 33
Microsoft Office 365 – Email Service ............................................................................................ 36
Network Appliance [PMM] ............................................................................................................. 36
Xerox® Services Manager ............................................................................................................. 36
Content Delivery Network (CDN) [PMM] ....................................................................................... 36
App in the Gallery [PMM] .............................................................................................................. 37
App Server [PMM] ......................................................................................................................... 37
Xerox® Device Agent [FM] ............................................................................................................ 37
Xerox Auto Update Service [FM]................................................................................................... 37
System Component Interfaces .......................................................................................................... 38
Communication between the Workplace App and Workplace Cloud [PMM] ................................ 38
Communication between the Workplace App and the Customer Email Server [PMM] ................ 38
Communication between the Customer Email Server and Workplace Cloud .............................. 38
Communication between Workplace Cloud and the Workplace Cloud Agent .............................. 38
Communication between the Workplace Cloud Agent and the Printer ......................................... 39
Communication between the Workplace Cloud Agent and a Third-Party Print Queue [PMM] ..... 40
Communication between the Workplace Cloud Client and Workplace Cloud [PMM] ................... 40
Communication between the Workplace Cloud Client and the Printer [PMM] ............................. 42
Communication between the Workplace Cloud Client and the Azure IoT Hub [PMM] ................. 42
Communication between the Workplace Cloud Agent and the Customer ADS (LDAP) Server ... 42
Communication between Workplace Cloud and Xerox® Services Manager................................. 42
Communication between LPR or Shared Windows Print (SMB) Clients and the Workplace Cloud
Agent [PMM].................................................................................................................................. 43
Xerox® Workplace Cloud 5.6.1 – Security Guide iii
Communication between the App from the Gallery, the App Server, and Workplace Cloud [PMM]
...................................................................................................................................................... 43
Communication between Workplace Cloud and the Printer ......................................................... 43
Communication between the Printer and the IoT Hub .................................................................. 44
Communication between the Xerox® Device Agent and Workplace Cloud [FM] .......................... 44
Communication between the Xerox® Device Agent and the Xerox Auto Update Service [FM] .... 44
5. Logical Access, Network Protocol Information ........................................................................... 45
Protocols and Ports ........................................................................................................................... 45
Xerox® Workplace App Ports [PMM] ............................................................................................. 45
Workplace Cloud Agent Ports ....................................................................................................... 45
Xerox® @PrintByXerox App Ports [PMM] .................................................................................... 46
Printer Ports .................................................................................................................................. 47
Workplace Cloud Client Ports [PMM] ............................................................................................ 48
Network Appliance Ports [PMM] ................................................................................................... 48
Xerox® Device Agent Ports [FM] ................................................................................................... 49
Firewall Rules .................................................................................................................................... 49
Port Diagrams ................................................................................................................................... 50
Print Management Port Diagram [PMM] ....................................................................................... 50
Fleet Management Port Diagram [FM] .......................................................................................... 52
6. System Access ................................................................................................................................ 54
User Accounts ................................................................................................................................... 54
Web Portal ........................................................................................................................................ 54
Workplace Cloud Agent .................................................................................................................... 54
Xerox® Workplace App [PMM] .......................................................................................................... 55
Workplace Cloud Client for Windows and Mac [PMM] ..................................................................... 55
Printer ................................................................................................................................................ 56
Xerox® @PrintByXerox App [PMM].................................................................................................. 56
Content Delivery Network (CDN) [PMM] ........................................................................................... 57
7. Additional Security Items ............................................................................................................... 59
Xerox® Workplace Cloud Endpoint Table ......................................................................................... 59
Cloud Endpoints ............................................................................................................................ 59
Cloud Endpoint Descriptions ......................................................................................................... 60
Certificate Validation ......................................................................................................................... 62
Connection Details ........................................................................................................................ 62
Auto Release Using Network Appliance Workflow [PMM] ................................................................ 63
Xerox® Workplace Cloud 5.6.1 – Security Guide iv
Models ........................................................................................................................................... 63
Audit Log ........................................................................................................................................... 63
Azure Data Centers ........................................................................................................................... 64
Usage Tracking and Reporting [PMM] .............................................................................................. 64
Single Sign-On [PMM] ....................................................................................................................... 65
User Import via CSV File................................................................................................................... 66
Packet Inspection .............................................................................................................................. 66
File Encryption using Keys [PMM] ................................................................................................... 66
Content Security [PMM] ................................................................................................................... 67
Microsoft Azure Universal Print [PMM] ............................................................................................ 68
8. Additional Information and Resources ......................................................................................... 70
Security @ Xerox® ............................................................................................................................ 70
Responses to Known Vulnerabilities ................................................................................................. 70
Additional Resources ........................................................................................................................ 70
Xerox® Workplace Cloud 5.6.1 – Security Guide v
1. Introduction
Xerox® Workplace Cloud (WC) is a workflow solution that connects a corporation mobile workforce
to new productive ways of printer management, printing, and controlling user access to Xerox®
Multifunction Printers (MFP). Customers can manage the configuration of their printers and ensure
settings are consistent across their fleet of devices. Printing is easy and convenient from any
mobile device without needing standard drivers and cables. This solution also supports Desktop
Printing, allowing printing to a common queue with the ability to release jobs to any printer. This
reduces waste from uncollected jobs and provides security for sensitive information, since jobs are
only printed when the user is standing at the printer.
WC provides a Single Sign-On (SSO) infrastructure. Apps in the Xerox App Gallery which have
been modified to support this new infrastructure may use WC as a storage vault for user login
information (e.g., credentials or tokens). After logging into WC, a user may select an SSO enabled
Gallery App, which queries WC to obtain the user’s login information for that app. If available (and
valid – e.g., not expired), the app uses that information to log the user into the Gallery App without
the need to provide additional login credentials.
Purpose
The purpose of the Security Guide is to disclose information for Xerox® Workplace Cloud with
respect to application security. Application security, in this context, is defined as how data is stored
and transmitted, how the product behaves in a networked environment, and how the product may
be accessed, both locally and remotely. This document describes design, functions, and features of
the Xerox® Workplace Cloud relative to Information Assurance (IA) and the protection of customer
sensitive information. Please note that the customer is responsible for the security of their network
and the Xerox® Workplace Cloud does not establish security for any network environment.
This document does not provide tutorial level information about security, connectivity or Xerox®
Workplace Suite features and functions. This information is readily available elsewhere. We
assume that the reader has a working knowledge of these types of topics.
Target Audience
The target audience for this document is Xerox field personnel and customers concerned with IT
security. It is assumed that the reader is familiar with the solution; as such, some user actions are
not described in detail.
Disclaimer
The content of this document is provided for information purposes only. Performance of the
products referenced herein is exclusively subject to the applicable Xerox Corporation terms and
conditions of sale and/or lease. Nothing stated in this document constitutes the establishment of
any additional agreement or binding obligations between Xerox Corporation and any third party.
Xerox® Workplace Cloud 5.6.1 – Security Guide 6
2. Product Description
Overview
Workplace Cloud supports two different cloud solutions:
1. Printing and Print Management – Includes mobile and desktop printing, printer authentication / access
and reporting.
2. Fleet Management – Which includes the ability to configure and manage settings on a set of devices.
Printing and Print Management
This workflow can be limited to just mobile printing, or it can be extended to include desktop printing,
printer authentication (such as badge access) and advanced reporting.
The workflow of mobile printing is quite simple. A user using a mobile device such as a smart phone,
tablet, or laptop sends a document to the Workplace Cloud. Depending on the submission method, the
job is either printed without any further user action or the user manually releases the job to print.
For desktop printing, the user installs the Workplace Cloud Client. The client will help with printer install
and also manages communication with the Workplace Cloud solution. With this service in place, users
can submit pull-print jobs as well as direct print jobs.
Workplace Cloud provides a Single Sign-On (SSO) infrastructure. The Apps in the Xerox App Gallery,
which were modified to support this new infrastructure, can use Workplace Cloud as a storage vault for
user login information. User login information can be user credentials or tokens. After logging into the
Workplace Cloud, a user can select an SSO enabled Gallery App, which queries Workplace Cloud to
obtain the login information of the user for that app. If the login information is available and valid, the app
uses that information to log in the user into the Gallery App without the need to provide additional login
credentials.
There are several methods for a user to submit or release a job to print. The Submission method is
technically decoupled from the release method. However, certain submission/release pairs make more
sense than other pairs.
S U B M I S S IO N M E TH O D S
Email
Workplace App
Desktop Print Client (upload)
RE L E AS E M E T H O D S
Printing device UI (using EIP)
Workplace App
Auto Release using Authentication
Auto Release using Network Appliance
CO M B I N E D S UB M I S S IO N / R E LE A SE ME T H O DS
Note: Job will print without any explicit user action after submission.
Xerox® Workplace Cloud 5.6.1 – Security Guide 7
Email
Workplace App
Web Portal (Web browser interface to Workplace Cloud)
Desktop Print Client (upload and print)
Desktop Print Client (direct print)
P R I N TE R A U TH E NT I C A T IO N M E TH O DS
Card Access (Proximity Cards, Magnetic Stripe Cards, NFC on Android)
Alternate Login (Cloud Authentication, LDAP or PIN) [Note: OKTA and Azure AD do not support
this method]
Mobile Phone Unlock (using the Xerox® Workplace App for iOS or Android: NFC, QR Code, or
Manual Code Entry)
The common link between all submission and release methods is the Xerox® Workplace Cloud.
Documents are stored in the cloud until they are deleted or until an administrative timeout has passed.
With release 5.6, Xerox® Workplace Cloud added the ability to support an Agentless method of Printer
Authentication. This feature makes use of the Azure IoT Hub capability to provide this functionality and
is supported by Xerox AltaLink devices (A special firmware release is required).
X E R O X® @P R I N T BY X ER O X
The Xerox® @PrintByXerox App, available using the Xerox App Gallery and included as an “In-Box” App
on some devices is designed to give customers an introduction to the Workplace Cloud system. Users are
able to submit jobs using Email, by sending them to print@printbyxerox.com, and then release them
using the Xerox® @PrintByXerox App. Below is a diagram outlining the different components used as
part of this workflow.
Xerox® Workplace Cloud 5.6.1 – Security Guide 8
Figure 2–1: @PrintByXerox
Xerox® Workplace Cloud 5.6.1 – Security Guide 9
X E R O X® WO R KP L A C E C L OU D P R I N T IN G A N D P RI N T M A N AG E M EN T
Xerox® Workplace Cloud (with an Agent) [PMM]
The following diagram shows the system components used for the full Xerox® Workplace Cloud
for Printing and Print Management solution using an Agent.
Figure 2–2: Xerox® Workplace Cloud with an Agent
Xerox® Workplace Cloud 5.6.1 – Security Guide 10
X E R O X® WO R KP L A C E C L OU D ( A G E N TL E S S ) [ P M M ]
The following diagram shows the system components used for the full Xerox® Workplace Cloud (Printing
and Print Management) without an Agent.
Figure 2–3: Xerox® Workplace Cloud Agentless
DE S C RI P T I O N O F S Y S T E M C O MP O N E N T S [P M M]
Component Description
User A user of the Xerox® Workplace Cloud.
Xerox® Workplace App Mobile application for iOS, Android, and Chrome that allows the user to
find printers and upload / send print jobs to Workplace Cloud.
Xerox® Workplace Cloud The Azure hosted cloud service that provides the Workplace Cloud
functionality.
Customer ADS/LDAP Server Used for user authentication.
Azure AD [Optional] May be used for user authentication. Microsoft’s Azure AD
may in turn forward authentication requests to the customer’s hosted
AD system.
Xerox® Workplace Cloud 5.6.1 – Security Guide 11
Component Description
Azure IoT Hub [Optional] Is used for the desktop client “Local Print Optimization” feature
and for Agentless Authentication.
OKTA [Optional] May be used for user authentication.
Third-Party Public Print Provider Allows print jobs to be submitted to Third-Party Providers.
Workplace Cloud Agent On-premise application that runs on customer provided hardware, which
supports Printer Discovery, Print transmission, Convenience
Authentication and Network Accounting. Also provides LPR and
Windows printer listening ports for systems that do not support a desktop
client (e.g. Linux).
Server Based Print Queues Allows print jobs to be forwarded to other 3rd Party Solutions for added
job tracking, accounting, and so on.
Printer Any printing device (Xerox or Non-Xerox) that is enabled to support
Workplace Cloud.
Customer Email Server The Customer Email Server is used to get print jobs to the
Workplace Cloud.
User Workstation User’s system on which the Workplace Cloud Client can be installed,
which allows print jobs to be submitted to Workplace Cloud Printers from
a PC or Mac. Also supports the Home Worker Print Tracker feature
which monitors a user’s print history, even when printing to printers not
enabled in Workplace Cloud.
Microsoft Office 365 Email Service Used to send email responses back to users of Workplace Cloud.
Network Appliance External hardware device that supports card-based document release at
Non-Xerox or Non-EIP Devices.
Xerox® Services Manager External Xerox application used in managed service accounts.
Content Delivery Network (CDN) Enabled high-bandwidth print job streaming from Azure to local printers
in the customer environment.
App from Gallery An App found in the Xerox App Gallery that is modified to support SSO.
App Server A backend system that handles the browser-based calls and processing
needed by the App. Maintains knowledge and information about the
SSO server.
Microsoft Azure Universal Print Microsoft’s Universal Print infrastructure hosted in Azure.
Xerox® Workplace Cloud 5.6.1 – Security Guide 12
Fleet Management
The Fleet Management functionality allows the administrator to define configuration sets, push these to a
printer and monitor the configuration of devices to ensure settings do not change. Different configurations
can be defined for different sets of printers. Customers that use the Fleet Management feature can link
their account to Xerox® Services Manager. This allows the same set of devices being monitored using
Xerox® Device Agent(s) to also be managed using Workplace Cloud Fleet Management.
X E R O X® W O R KP L AC E C L OU D F L E E T M AN A G E M E N T ( W I TH A N AG E NT ) [ F M ]
The following diagram shows the system components used for the Xerox® Workplace Cloud Fleet
Management only functionality using an Agent.
Figure 2–4: Xerox® Workplace Cloud Fleet Management – With an Agent
Xerox® Workplace Cloud 5.6.1 – Security Guide 13
X E R O X® W O R KP L AC E C L OU D F L E E T M AN A G E M E N T ( A G EN T LE S S ) [F M ]
The following diagram shows the system components used for the Xerox® Workplace Cloud Fleet
Management only functionality without an Agent.
Figure 2–5: Xerox® Workplace Cloud Fleet Management – Agentless
DE S C RI P T I O N O F S Y S T E M C O MP O N E N T S [F M ]
Component Description
User A user of the Xerox® Workplace Cloud.
Xerox® Workplace Cloud
Azure IoT Hub Is used for Fleet Management requests sent to the Agent.
Workplace Cloud Agent On-premise application that runs on customer provided hardware, which
Printer Any printing device (Xerox or Non-Xerox) that is enabled to support
Microsoft Office 365 Email Service Used to send email responses back to users of Workplace Cloud.
Xerox® Services Manager External Xerox application used in managed service accounts.
Xerox® Device Agent External Xerox application for device monitoring that has been extended
Xerox® Workplace Cloud 5.6.1 – Security Guide 14
The Azure hosted cloud service that provides the Workplace Cloud
functionality.
supports Printer Discovery, and Fleet Management.
Workplace Cloud.
to support the installation of the WC Agent for managed print service
environments using Xerox® Services Manager.
Component Description
Xerox Auto Update Service External Xerox application hosted by Xerox (internet accessible). Used
to update the Device Agent.
Xerox® Workplace Cloud 5.6.1 – Security Guide 15
3. System Architecture
Xerox® Workplace Cloud
The Xerox® Workplace Cloud consists of number of different services that run as an Azure role
(Web Role or Worker Role). The type of role used depends upon the function of the service. If the
service is interfacing externally using some type of API or interface, it’s typically a Web Role and if
the service performs internal processing, then it’s typically a Worker Role. Each role runs on its
own Azure VM instance, and the number of such instances will vary based on the system load.
Each service is assigned a fixed size set of RAM and HDD for the given VM, which varies based on
the service and its needs.
X E R O X® W O R KP L AC E C L OU D V O L A T IL E M E M O R Y
Type (SRAM,
DRAM, etc.)
Azure
storage –
System
Memory
Size User Modifiable
(Y/N)
Varies
N Executable code,
Based on
Service
Function or Use Contains
temporary storage
for messages
processing
related data,
variables, state
information, and
so on.
X E R O X® W O R KP L AC E C L OU D N O N - V O L A T I L E M EM O R Y
Type (Flash,
EEPROM,
etc.)
HDD Varies
Size User
Modifiable
(Y/N)
N Storage of
Based on
Service
Function or Use Contains
binaries, libraries,
graphic images,
HTML pages,
JavaScript pages,
certs,
configuration, logs,
user documents,
print drivers,
installers,
templates, job
metadata
Process to
Customer Data
Clear:
Y Power Off
or Exit of
the Service
Process to
Customer
Data
Clear:
Y Requires
removal of
Xerox roles
Xerox® Workplace Cloud 5.6.1 – Security Guide 16
Workplace Cloud Agent
WO R K P L A CE CL O UD AG E NT V O L A T I L E M E M O R Y
Type
(SRAM,
DRAM, etc.)
RAM Customer
Size User Modifiable
(Y/N)
N Executable code,
Provided
Function or Use Contains
temporary
storage for
processing
related data,
variables, state
information, and
so on.
WO R K P L A CE CL O UD AG E NT N O N - V O L A T IL E M E M O RY
Type (Flash,
EEPROM,
etc.)
HDD Customer
Size User
Modifiable
(Y/N)
N Storage of
Provided
Function or Use Contains
binaries,
libraries, logs,
printer
information
Process to
Customer Data
Clear:
Y Power Off
or Exit of
the Service
Process to
Customer
Data
Clear:
N Removal /
Un-install of
the Agent.
Data may be
manually
deleted by
users with
access rights
to the PC on
which the
Agent is
running.
Periodic
removal of
some data
based on
time.
Xerox® Workplace Cloud 5.6.1 – Security Guide 17
Desktop Print Client [PMM]
DE S K TO P P R I N T C L I E N T V O L AT I LE ME M OR Y
Type
(SRAM,
DRAM, etc.)
RAM Customer
Size User Modifiable
(Y/N)
N Executable code,
Provided
Function or Use Contains
temporary
storage for
processing
related data,
variables, state
information, and
so on.
DE S K TO P P R I N T C L I E N T N O N - V O L A T I L E M E MO R Y
Type (Flash,
EEPROM,
etc.)
HDD Customer
Size User
Modifiable
(Y/N)
N Storage of
Provided
Function or Use Contains
binaries,
libraries, logs,
printer
information
Process to
Customer Data
Clear:
Y Power Off
or Exit of
the Service
Process to
Customer
Data
Clear:
N Removal /
Un-install of
the Agent.
Data may be
manually
deleted by
users with
access rights
to the PC on
which the
Agent is
running.
Periodic
removal of
some data
based on
time.
Xerox® Workplace Cloud 5.6.1 – Security Guide 18
Xerox® Workplace App [PMM]
WO R K P L A CE AP P V O LA T IL E M E M O RY
Type
(SRAM,
DRAM, etc.)
RAM Customer
Size User Modifiable
(Y/N)
N Executable code,
Provided
WO R K P L A CE AP P N O N- V OL A T I L E M E M O R Y
Type (Flash,
EEPROM,
etc.)
ROM Customer
Size User
Modifiable
(Y/N)
N Storage of
Provided
Function or Use Contains
Customer Data
Y Power Off
temporary
storage for
processing
related data,
variables, state
information, and
so on.
Function or Use Contains
Customer
Data
Y Removal /
binaries,
libraries, printer
information, print
job data
Process to
Clear:
Process to
Clear:
Un-install of
the App.
Open-Source Components
Xerox® Workplace Cloud uses Open-Source software modules in its different components, such as
the Cloud hosted Workplace Cloud, the Desktop Client, and so on. An up-to-date bill of materials
for this solution is available upon request from Xerox.
Xerox® Workplace Cloud 5.6.1 – Security Guide 19
4. System Interaction
System Components
X E R O X® W O R KP L AC E A P P [P M M ]
The Xerox® Workplace App is the main user interface to the Xerox® Workplace Cloud.
The application requires users to authenticate with the Workplace Cloud before using the
application. When authenticated, the user’s credentials and authentication token are stored in the
application until they log out. For more information about authentication and communicationsrelated security information, refer to Communication between the Workplace App and Workplace
Cloud.
The Xerox® Workplace App does not provide the capability to remotely wipe the mobile device.
It is ultimately the responsibility of the user to secure their mobile device. Users can enable device
level passwords and manage physical access to the device. If the mobile device is lost or stolen,
the user can access the webpage to change their password making the device unable to access
the Workplace Cloud solution.
X E R O X® W O R KP L AC E C L OU D
The Workplace Cloud runs in the Microsoft® Windows Azure Platform and utilizes the SQL Azure
Database for storage. There are a number of considerations for security based on this architecture
as follows:
Windows Azure Platform specific security information
SQL Azure Database specific security information
Workplace Cloud specific security
Workplace Cloud Printer Client Application specific security
Workplace Cloud Client
Workplace Cloud Web Portal
Workplace Cloud Email Service
Each consideration is covered below.
Windows Azure Platform Specific
The Windows Azure Platform operates in the Microsoft® Global Foundation Services (GFS)
infrastructure, portions of which are ISO27001-certified.
Windows Azure Security Highlights:
Built-in Identity Management for administrator access
Dedicated hardware firewall
Stateful packet inspection technology employed
Application-layer firewalls
Hypervisor firewalls
Host-based firewalls
SSL termination / load balancing / application layer content switching
Each deployed hosted service is segmented in its own VLAN, preventing compromised
node access
Xerox® Workplace Cloud 5.6.1 – Security Guide 20
Loading...