TCP/IP PrintDirect

This article describes how to customize your application for TCP/IP PrintDirect support and contains the following information:
This article describes how to customize your application for TCP/IP PrintDirect support and contains the following information:
TCP/IP Print Drivers
To fully utilize the PJL4/PJL5 print driver support, see the HP
5021-0380 Printer Job Language - Technical Reference Manual
To fully utilize the PCL5 print driver support, see the HP LaserJet Printer Commands - PCL in your HP LaserJet user's reference guide; for example,
C2010-90901 HP LaserJet 4Si Printer - User's Reference Manual.
Nameserver/Symbolic Name Resolution
In a TCP/IP environment, interacting processes are uniquely identified to each other by a combination of IP address and port number. Port numbers are inherently defined as part of the various protocols, but a system administrator must explicitly assign the IP addresses.
IPv4 addresses are 32-bit addresses represented in dotted-decimal format (for example, 123.456.789.0). IPv6 addresses are 128-bit addresses represented in colon-hexadecimal format (for example 2001:DB8::8:800:200C:4).
Symbolic names can also be defined in a one-to-one relationship with IP addresses, letting users reference destinations with symbolic names such as "" or "UTAH.Sales," rather than using raw IP addresses.
TCP/IP name resolution is used as follows:
  • To determine the symbolic name of the local host (that is, the MVS mainframe) so that the request can be identified to the receiving LPD.
  • To find the IP address of the receiving host (that is, the one running LPD) or printer, in the event that users specify a symbolic name for the destination.
CA Spool
Consider activating one or more of the following DD statements to the JCL procedure for
CA Spool
//*-------------------------------------------------------------------* //* CA Spool Print formatting resource libraries. * //*-------------------------------------------------------------------* //*PJLLIB DD DISP=SHR,DSN=**YOUR**.PJL.RESOURCE.LIBRARY //*PCLLIB DD DISP=SHR,DSN=**YOUR**.PCL.RESOURCE.LIBRARY //*BINLIB DD DISP=SHR,DSN=**YOUR**.BIN.RESOURCE.LIBRARY //*OVLYLIB DD DISP=SHR,DSN=**YOUR**.OVLY.RESOURCE.LIBRARY //*HTMLIB DD DISP=SHR,DSN=**YOUR**.HTML.RESOURCE.LIBRARY //*MAILLIB DD DISP=SHR,DSN=**YOUR**.MAILBOOK.RESOURCE.LIBRARY
The TCPSERV, TCPRESO, and TCPHOST datasets and the ESFLPRP module are no longer being used.
The optional PJLLIB, PCLLIB, BINLIB, OVLYLIB, HTMLIB and MAILLIB resource libraries must be allocated as RECFM=VB partition data sets, with, for example, LRECL=259 and BLKSIZE=2594.
PJLLIB might contain predefined FCB, Form, and Chars PJL commands in EBCDIC, which are automatically included in front of the print data if print driver options F, G, H, lower case g, or lower case r are specified for print driver PJL4 or PJL5. For example, TCPDRIV=PJL4F or TCPDRIV=PJL5F. A sample PJLLIB member is in CBQ4OPTN(ESFPJL00).
PCLLIB might contain predefined FCB, Form, and Chars PCL commands, which are automatically included in front of the print data if print driver options F, G, H, lowercase g, or lowercase r are specified on the TCPDRIV parameter for the target node, for example, TCPDRIVE=PCL5F.
The following list describes the options that you can use for each print driver.
  • PCL5
    F, G, H, lowercase g, and lowercase r
  • PJL
  • PJL4
    F, G, H, lowercase g, and lowercase r
  • PJL5
    Lowercase g, and lowercase r
  • LPR (default print driver)
    Lowercase g, and lowercase r
  • DSO
    Lowercase g, and lowercase r
PCLLIB commands are entered in EBCDIC. An asterisk or blank in column 1 indicates a comment line. A blank terminates the command string on each line. Data after the first blank is ignored. DEVICE statements are supported. PCL and Non PCL commands can exist in the same PCLLIB member when lowercase g is used. A sample PCLLIB member is in CBQ4OPTN(ESFPCL00).
BINLIB can contain predefined FCB, Form, and Chars binary printer commands in ASCII, which are automatically included in front of the print data, if print driver option B is specified. A sample BINLIB member is in CBQ4OPTN(ESFBIN00).
OVLYLIB can contain predefined Form binary PCL commands in ASCII, which are included as an automatic page overlay, if print driver option O is specified.
HTMLIB can contain predefined HTMLFORM or FORM specified HTML skeletons used included by the Email print driver if MSGTYPE=HTML is specified. A sample HTMLIB form is in CBQ4OPTN(IQHTML01). To demonstrate the use of HTML forms, review and execute the JCL in CBQ4OPTN(IQHTSAMP).
MAILLIB can contain predefined MAILBOOK or Writer specified email parameters included by the Email print driver.
TCPIP Data File
The SYSTCPD DD statement lets you pre-allocate your TCPIP.DATA file to eliminate the overhead of performing dynamic allocation of this file for every print request.
You can use the SYSTCPD DD statement to test a new TCPIP.DATA data set before putting it into production. It lets you to replace the installation default TCPIP.DATA file with your version.
The use of DCB=BUFNO=n, where n is any number, is not recommended. This can increase storage use and result in storage abends.
Your TCPIP data file can include the following definitions.
TCP/IP Source Ports
The RFC 1179 Line Printer Daemon Protocol specifies that the target port is 515, and the source port must be in the range 721 to 731, inclusive. Ports cannot be reused until after 1 minute; a printer is limited to receive 11 print files per minute. To work around this problem, most printers and printer servers allow use of other source ports. Ports are selected using the following communication options:
  • A
    -- Expand the source ports range to 721-1023, instead of the default LPD source ports range of 721-731.
  • E
    -- Have TCP/IP automatically assign an ephemeral (short-lived) source port.
Installations can have certain port ranges reserved for printing. You can control the port ranges using the LPORT parameter on the printer’s DRIVPRM1-4 parameters, as follows:
Print Data Encryption
Advanced Encryption Standard (AES) Rijndael print data encryption is supported. It lets you send print data securely encrypted over the public TCP/IP network. This encryption prevents unauthorized reading or use of the data.
Each piece of data of a print file is encrypted by the IBM Integrated Cryptographic Service Facility (ICSF) before it is sent over TCP/IP. ICSF is part of the z/OS base product.
Add the ICSF load library CSF.SCSFMOD0 to the LNKLST or to the
CA Spool
STEPLIB concatenation.
To activate print data encryption, specify the 16/24/32 bytes hexadecimal encryption key using the printer node KEY parameter, and specify printer TCPDRIV option '4'.
Capella's SecureDIMM card
Capella's SecureDIMM II (Dual Inline Memory Module) card supports (AES) Rijndael decryption on selected Hewlett-Packard (HP) printer models. This means that
CA Spool
can send print data securely over the public TCP/IP network to remote HP printers. SecureDIMM uses 16 bytes persistent encryption keys.
The SecureDIMM package includes a Printed SecureDIMM User Guide and a SecureDIMM CD which contains:
  • The CryptTst.prn test file, which prints a picture of a Volkswagen if the encryption card functions.
  • The aesCrypt Utility to encrypt a file and change the printer encryption key.
  • The Windows SecureDIMM Print Driver Extension to specify the encryption key and enable encryption.
The following is a sample print data encryption HP printer node definition:
DEFNODE PJL5,HP-PJL5 NODE HP65,PJL5,TCPPORT=9100,TCPHOST=731.225.65.331,TCPDRIV=PJL5F4, KEY=010102030405060708090a0b0c0d0e0f, GROUP=1
To change or reset a Capella SecureDIMM card decryption key, create and print a
CA Spool
file named AESCRYPT as follows:
//* //O1 OUTPUT CLASS=A,DEST=HP6, // USERDATA=(-C, -C / -R // 000102030405060708090A0B0C0D0E0F, OLD-KEY // 010102030405060708090A0B0C0D0E0F) NEW-KEY //STEP1 EXEC PGM=IEBGENER //SYSPRINT DD SYSOUT=* //SYSUT2 DD SUBSYS=(ESF,A,AESCRYPT),OUTPUT=*.O1 //SYSIN DD DUMMY //SYSUT1 DD * ====> Encryption Key changed. Call 99 999 999 <=== /*
CA LPD Support
CA Spool
CA Spool LPD/IPP Print Server Interface supports decryption of (AES) Rijndael encrypted print data, so that you can send print files securely over the public TCP/IP network to remote
CA Spool
systems. The
CA Spool
CA Spool LPD/IPP Print Server Interface supports 16/24/32 bytes persistent encryption keys.
A sample print data encryption CA LPD printer node definition follows:
The corresponding CA LPD LPDDEST definition follows:
IPSec Support
Data sent from
CA Spool
to printers and print servers can be encrypted by Internet Protocol Security (IPSec) if the target node supports it. IPSec is a standard suite of protocols by Internet Engineering Task Force (IETF) that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. No changes are required to
CA Spool
to enable IPSec. The IPSec function in z/OS is provided by z/OS Communication Server since z/OS V1R7.
For more information, see these guides:
  • z/OS Communications Server:
    IP Configuration Guide
  • IBM RedBook:
    IBM z/OS V2R1 Communications Server TCP/IP Implementation Volume 4: Security and Policy-Based Networking
  • The printer documentation provided by the manufacturer
TCP/IP Printer Node Parameters
The following parameters are supported for TCP/IP-attached printers:
NODE nodename, device-type, GROUP=nnnn, ACQUIRE=NO |WORK |TIME |SNET, ALIAS=cccccccc, AUTO=YES | NO, CKPTPGS=nnnn,, COMP=YES | NO, DRIVPRM1=cccccccccccccccc, DRIVPRM2=cccccccccccccccc, DRIVPRM3=cccccccccccccccc, DRIVPRM4=cccccccccccccccc, DUPLEX=YES | NO, ENDFF=NO | YES, FCB=cccc, FILTER=c, FORM=cccc, INITFF=NO | FILE, INTRAY=nnn, LINECNT=nnn, LOCATION=cccccccccccccccc, NJEDEST=cccccccc, OUTLIM=nnnnnnn, PURGE=YES | NO, RELEASE=NO | NOWORK, REST=YES | NO | PRINTER, RETAIN=nnnnn, SEP= 0 - 9, SEPOPT=nn, SHARED=NO | YES | MASTER, TCPDRIV=cccccccccc, TCPHOST=cccccccccccccccc, TCPPORT=nnnn, TCPPRT=cccccccccccccccc, TIMEOUT=nnnnn, TRANS=cccccccc, TRANSFRM=cccccccccc, USEFCB=FILE | PRINTER, USEREXIT= BSESSION | ASESSION, USEREXNO=n, USERPARM=cccccccccccccccc, VPS=cccccccc, VPSCAPPL=cccccccc, VPSERROR=ERROR | BLANK | IGNORE | NULL | PASS, VPSFILE= CHAIN | BRACKET | nnnnnn, VPSFNFF=YES | NO, VPSMPP=NEW | OLD, VPSOPT=nn, VPSPMPP=nnn, VPSTRACE= *ALL | cccccccc, WS=CLASS|FORM|FCB|PRIO|AGE|GROUP, XFERNODE=BOTH | NODE | ALIAS | OFF