PaperSaveCloud
Deployment Whitepaper
for Blackbaud CRM
PaperSave 7.0
3150 SW 38th Avenue,
4th
Floor, Miami, Florida 33146. USA
877
727 3799
Contents
1.1...... Architecture for PaperSave for Blackbaud CRM
1.1.1...... Blackbaud CRM hosted by Blackbaud
1.1.2...... Blackbaud CRM Web API (On-premise)
2...... PaperSaveCloud™ Software Requirements
2.1 Supported Browsers and Operating Systems for PaperSaveCloud Desktop web app
2.2 Supported Operating Systems for PaperSaveCloud native mobile apps
2.3 Supported Blackbaud CRM versions
3...... Authenticating To PaperSaveCloud
4...... Blackbaud CRM Integration Components
6...... Blackbaud CRM database server
7...... PaperSave Windows Client (Optional)
7.1 Hardware requirements for the PaperSave Windows Client
7.2 Software requirements for the PaperSave Windows Client
8...... PaperSave Recommended Deployment Guidelines
9...... Appendix: Sizing Requirements For Scanning Workstations And Related Scanner Recommendations
9.1 Low/ Medium End Scanning using PaperSave’s web scanning features
9.2 High End Scanning using PaperSave’s web scanning features
9.3 Scanning using a network scanning device
10... Appendix: PaperSaveCloud Security And Compliance
disclaimer
This document is provided for informational purposes only. It represents PaperSave's current product offerings and practices as of the date of issue of this document, which are subject to change without notice. The target audience referring to this document is responsible for making their own independent assessment of the information in this document and any use of PaperSave products or services, each of which is provided “as is” without warranty of any kind, whether express or implied.
1 Introduction
PaperSave provides a complete and secure electronic storage system that seamlessly integrates into Blackbaud CRM by attaching source documents to transactions or records within Blackbaud CRM. Once documents have been associated with a given record, PaperSave allows for the instantaneous on-screen access of those documents.
PaperSaveCloud™ is available as a ‘Platform as a Service (PAAS)’ based solution. PaperSaveCloud and PaperSave on premise share much of the same features. Users enjoy the same user interfaces regardless of where their PaperSave services are being delivered from, with minimal difference in functionality and operation between the two. The infrastructure to support PaperSaveCloud runs within the Tier 1 Microsoft Azure Cloud utilizing industry standard security, compliance and encryption (please refer to the PAPERSAVECLOUD SECURITY AND COMPLIANCES section of this document for more information).
The primary purpose of this whitepaper is to provide PaperSave customers/prospects and/or their consultants with the proper guidance to support a successful PaperSaveCloud implementation. For more information or to ask specific questions, please contact your PaperSave representative at (877) Paper-99 or send an eMail to info@PaperSave.com.
1.1 Architecture for PaperSave for Blackbaud CRM
1.1.1 Blackbaud CRM hosted by Blackbaud
1.1.2 Blackbaud CRM Web API (On-Premise)
2 PaperSaveCloud™ Software Requirements
The following outlines the recommended general system configuration for each PaperSave component under potentially different usage requirements. It includes key information such as supported browsers, operating systems, and supported Blackbaud CRM versions. PaperSave’s user experiences are primarily browser or native mobile OS (iOS and Android) based. You’ll also find information about the authentication options for PaperSaveCloud™.
There are some features (such as interfacing with a TWAIN compatible scanners) in the desktop web user experiences that only work on Microsoft Windows as they require the web app to communicate with a Windows component called the PaperSave Windows Client. See the PAPERSAVE WINDOWS CLIENT section of this document for more information.
2.1 Supported Browsers and Operating Systems for PaperSaveCloud Desktop web app
|
Supported Browsers * |
Supported OS |
|
Google Chrome |
Windows · Windows 8 Professional, Ultimate, Enterprise, Business · Windows 8.1 Professional, Ultimate, Enterprise, Business · Windows 10 · Windows 11 Supported edition for above versions: · 32-bit · 64-bit
|
|
Google Chrome |
macOS 10.14 and above |
|
Minimum Supported Resolution: 1600 x 900 |
|
|
* signifies that PaperSave 7 should work on all modern browsers like Chrome, Chromium Edge, Firefox, Safari, & Opera. However, we have only verified on Chrome for now. Feel free to try PaperSave in browser’s other than Chrome and let us know if you find issues. While we only officially support Chrome, we will accept your feedback as we work toward broader browser support. |
|
2.2 Supported Operating Systems for PaperSaveCloud native mobile apps
The PaperSave mobile experience is delivered through native Android and IOS apps that are freely available for download from the Google Play store and the Apple App Store.
· Android 7.0 (Nougat) and above
· IOS 11.2 +
2.3 Supported Blackbaud CRM versions
PaperSaveCloud successfully integrates with Blackbaud CRM version 4.0, 4.0.180, 4.0.181.2300, 4.0.181.2405, 4.0.182.2501, 4.0.182.2504, 4.0.182.2608, 4.0.182.2702, 4.0.182.2805, 4.0.183.2909, 4.0.184.3003, 4.0.185.3101, 4.0.185.3205, 4.0.186.3212, 4.0.186.3304, and 4.0.186.3403.
2.4 Bandwidth Requirements
|
Bandwidth/Speed |
Minimum of 600kbps per concurrent user |
|
Broadband (business grade cable modem or DSL) or dedicated circuit (fractional/full T1) scaled to aggregate of concurrent Blackbaud CRM users, private line, or frame relay. |
|
3 Authenticating To PaperSaveCloud
PaperSaveCloud provides the following options for user authentication:
1. PaperSaveCloud Native Authentication
2. Microsoft Entra ID based Authentication
PaperSaveCloud Native Authentication requires users to create and manage users and groups within PaperSaveCloud using PaperSave’s User and Group management module. Admins can also perform user management tasks such as resetting passwords from this interface.
When using Microsoft Entra ID based authentication, PaperSave will rely it to provide all Identity Management. That means that your PaperSaveCloud tenant will be authorized for access only by the specific Azure AD directories that you specify can access PaperSave. You can also filter access to PaperSave to only specific groups within Microsoft Entra ID. Basic user and group management tasks such as resetting passwords will be done within Azure AD. Authorization and or other PaperSave specific functions (such as adding tags to users or configuring their notification preferences) are still performed within PaperSave’s User and Group management module. However, the users listed within that module will come from Active Directory and you won’t be able to use that module to add/delete new users/groups, reset passwords, change names, and other basic identity management features. For more information, please refer to MICROSOFT ENTRA ID AUTHENTICATION SETUP FOR PAPERSAVECLOUD document.
4 Blackbaud CRM Integration Components
PaperSave requires the deployment of integration components to take full advantage of its integration into Blackbaud CRM. When deployed these components modifies the user interface of Blackbaud CRM to deliver a seamless transition for users between the Blackbaud CRM’s screens into PaperSave’s screens. This is accomplished through user interface elements such as buttons on toolbars, menu items, system notification and popups. In some cases, the integration components embed complete PaperSave user interfaces within the user interface of Blackbaud CRM. All these user interface elements and the PaperSave screens themselves are themed to look like Blackbaud products to blur the lines between Blackbaud CRM and PaperSave. This provides a very integrated user experience to when working on document driven tasks and or workflows from within Blackbaud CRM. The PaperSave integration component for Blackbaud CRM is centrally installed, one time, and immediately modify Blackbaud CRM’s user interface for all users on all workstations. As a result, PaperSave doesn’t require the deployment of the integration component at each user’s workstation to integrate into the instance of Blackbaud CRM running on those workstations.
5 Blackbaud CRM Web API
PaperSaveCloud™ communicates with Blackbaud CRM via Blackbaud CRM’s Web API. For successful integration of PaperSaveCloud with Blackbaud CRM, the Blackbaud CRM Web API must be securely exposed and accessible to PaperSaveCloud. However, this is not required if the users are hosted by Blackbaud (as Blackbaud already covers this).
6 Blackbaud CRM database server
The Blackbaud CRM database server communicates with PaperSaveCloud for various functionalities. The following PaperSaveCloud addresses should be accessible from Blackbaud CRM database server over HTTPS (Port 443).
· *.cloud.papersave.com
· *.cloud1.papersave.com
· *.cloud2.papersave.com
7 PaperSave Windows Client (Optional)
The PaperSave desktop web application leverages a windows component called the “PaperSave Windows Client” to drive the capabilities listed below. While most of the logic for these capabilities is driven from the browser, there are certain operations that a browser-based application cannot accomplish without coordinating with a component that runs on a user’s workstation and which uses code native to that workstation’s operating system. These operations are currently only supported on a Windows based desktop. We do not have a component like the PaperSave Windows Client to enable these capabilities on macOS or Linux variants. It is important to note that not all users or situations require these capabilities. As a result, the PaperSave Windows Client need only to be installed by users who have the need to use these features. It is also important to note that this component does not require special administrative privileges during install on a Windows workstation. The component installs into users’ profiles, is set to run automatically when a user is logged in and updates itself when needed.
Capabilities that rely on the PaperSave Windows Client component
· Web Scanning with TWAIN Scanners
· Web Scanning with Check Scanners
· Sending a document in an eMail as an attachment.
Note: Sending a link to a document does not require the component.
· Designing a workflow
· Opening a Word, PowerPoint, or Excel document in the Windows based Office Desktop embedded experience.
Note: Opening these documents from within the Office Web App embedded experience in the PaperSave browser-based application does not require the component.
7.1 Hardware requirements for the PaperSave Windows Client
|
PaperSave Windows Client |
|
|
Processor |
CPU with 2.5 GHz Processing Speed or higher |
|
RAM |
3GB or higher |
7.2 Software requirements for the PaperSave Windows Client
|
PaperSave Windows Client |
|
|
Microsoft Windows |
Windows 8 Professional, Ultimate, Enterprise, Business Windows 8.1 Professional, Ultimate, Enterprise, Business Windows 10 Home, Professional
|
|
Microsoft Office |
Office 2019 (64-bit) Office 2016 (32-bit and 64-bit) Office 2013 (32-bit and 64-bit) Office 2010 (32-bit and 64-bit)
|
|
.NET Framework |
Versions 4.7.2+ |
8 PaperSave Recommended Deployment Guidelines
The following outlines how different PaperSave components should be deployed under certain common scenarios or customer requirements.
Scenario:
Specific users need to do one of the following:
· Pull paper into PaperSave’s document acquisition user experience from a direct attached scanner (TWAIN or Check)
· Launch a Microsoft Outlook new eMail window from PaperSave with the document attached to the eMail with a single click
· Design a workflow from within the configuration area
· Opening a Word, PowerPoint, or Excel document in the Windows based Office Desktop embedded experience. By default, PaperSave opens these documents in an embedded Microsoft Office Web App experience.
· Right clicking on a document from within Windows Explorer and using the “Add to PaperSave” option to capture that document into PaperSave.
PaperSave Deployment Guidance and Recommendations:
The PaperSave desktop web application leverages a windows component called the “PaperSave Windows Client” to drive the capabilities listed above. While most of the logic for these capabilities is driven from the browser, there are certain operations that a browser-based application cannot accomplish without coordinating with a component that runs on a user’s workstation and which uses code native to that workstation’s operating system. These operations are currently only supported on a Windows based desktop. We do not have a component like the PaperSave Windows Client to enable these capabilities on macOS or Linux variants. It is important to note that not all users or situations require these capabilities. As a result, the PaperSave Windows Client need only to be installed by users who have the need to use these features. It is also important to note that this component does not require special administrative privileges during install on a Windows workstation. The component installs into users’ profiles, is set to run automatically when a user is logged in and updates itself when needed.
Scenario:
Specific users need to use PaperSave’s TWAIN scanning functionality while the PaperSave desktop web client is running within a browser that is executing from inside a Citrix or Windows Remote Desktop terminal server session.
PaperSave Deployment Guidance and Recommendations:
Most versions of Citrix and all versions of Microsoft Windows Terminal Server Remote-Scan lack support for TWAIN over their respective remote desktop protocols (ICA & RDP respectively). To bridge this gap in peripheral support a third-party TWAIN over ICA or TWAIN over RDP component such as the one sold by Remote-Scan (www.remotescan.com) or TS Scan is required in order to allow ScanNow™ to work over the thin-client session. Note that PaperSave cannot interface with a check scanner that is connected to a workstation when running from a browser that is executing from inside the terminal server session.
Scenario:
Specific users need to use PaperSave’s Microsoft Office Add-Ins to add an open document from within buttons in the toolbar of Microsoft Word, PowerPoint, Outlook, and Excel.
PaperSave Deployment Guidance and Recommendations:
The PaperSave MS Office Add-in must be installed on a workstation running Microsoft Office to enable this capability. This is a separate install and must be performed on individual user workstations that require this capability.
Scenario:
Specific users need to print documents directly to a PaperSave specific Printer Driver which will then add a resulting PDF to PaperSave.
PaperSave Deployment Guidance and Recommendations:
The PaperSave Printer must be installed on a workstation running Microsoft Office to enable this capability. This is a separate install and must be performed on individual user workstations that require this capability.
Scenario:
Specific users need to print documents that have PaperSave Re-Capture compatible barcodes on them directly to a PaperSave specific Printer Driver which will read the barcode and add the document to PaperSave directly related to Blackbaud CRM record whose ID is embedded in the barcode.
PaperSave Deployment Guidance and Recommendations:
The PaperSave Re-Capture Printer must be installed on a workstation running Microsoft Office to enable this capability. This is a separate install and must be performed on individual user workstations that require this capability.
9 Appendix: Sizing Requirements For Scanning Workstations And Related Scanner Recommendations
9.1 Low/ Medium End Scanning using PaperSave’s web scanning features
Low/Medium End Scanning is defined as the scanning under the following configuration/conditions.
· Black and white
· 300 - 600dpi
· Less than 10 pages on average per individual scans into PaperSave’s document acquisition experience
· Output Style setting - Searchable PDF
|
Processor |
Dual Core CPU with 2.5 GHz processing speed or higher |
|
Operating System |
· Windows 8 Professional, Ultimate, Enterprise, Business (x86 and x64 versions) · Windows 8.1 Professional, Ultimate, Enterprise, Business (x86 and x64 versions) · Windows 10 |
|
Memory |
2 GB or more dedicated to PaperSave’s Windows Client and a minimum of 4 GB or more total RAM |
|
Software Requirements |
· .Net Framework 4.7.2 or higher · 10/100 Mbit LAN or higher |
|
Recommended TWAIN Scanners |
· Fujitsu fi-6 series · Fujitsu fi-7 series · Epson DS-860 · Epson DS-530
Note: Other scanners may work. However, these scanners are used in PaperSave’s QA process and as a result are expected to produce optimal results. |
|
Recommended TWAIN Scanner specifications |
Note: The scanners listed above all either meet or exceed these specifications. · 40+ppm Black & White @ 300DPI · Simplex and Duplex · 50+ Page Automatic Document Feeder, Automatic Page Size Detection · TWAIN driver (Windows 8, Windows 8.1, Windows 10, Windows 2008, Windows 2012), with embedded image processing software/features such as those provided by Fujitsu PaperStream IP, or Kofax Virtual Rescan (VRS).
|
|
Supported Check Scanners |
· Canon CR-L1 Check Scanner · Canon CR-120 Check Scanner |
9.2 High End Scanning using PaperSave’s web scanning features
High End Scanning is defined as the scanning under the following configuration/conditions.
· Grayscale, or color
· More than 600dpi
· More than 10 pages on average per individual scans into PaperSave’s document acquisition experience
|
Processor |
Dual Core CPU with 2.5 GHz processing speed or higher |
|
Operating System |
· Windows 8 Professional, Ultimate, Enterprise, Business (x86 and x64 versions) · Windows 8.1 Professional, Ultimate, Enterprise, Business (x86 and x64 versions) · Windows 10 |
|
Memory |
4 GB or more dedicated to PaperSave’s Windows Client and a minimum of 8 GB or more total RAM |
|
Software Requirements |
· .Net Framework 4.7.2 or higher · 10/100 Mbit LAN or higher |
|
Recommended TWAIN Scanners
|
· Fujitsu fi-6 series · Fujitsu fi-7 series · Epson DS-860 · Epson DS-530
Note: Other scanners may work. However, these scanners are used in PaperSave’s QA process and as a result are expected to produce optimal results. |
|
Recommended TWAIN Scanner specifications |
Note: The scanners listed above all either meet or exceed these specifications. · 40+ppm Black & White @ 300DPI · Simplex and Duplex · 50+ Page Automatic Document Feeder, Automatic Page Size Detection · TWAIN driver (Windows 8, Windows 8.1, Windows 10, Windows 2008, Windows 2012), with embedded image processing software/features such as those provided by Fujitsu PaperStream IP, or Kofax Virtual Rescan (VRS).
|
|
Supported Check Scanners |
· Canon CR-L1 Check Scanner · Canon CR-120 Check Scanner |
9.3 Scanning using a network scanning device
PaperSave Workflow and ScanLater features can process stacks of multi-page TIFFs or PDFs by monitoring a network file folder, split them into individual files using a variety of separation mechanism and ingest them as either PaperSave documents (ScanLater) or workflow items (PaperSave Workflow). PaperSave’s Workflow feature can also do the same by monitoring eMail boxes. Scanning stacks of paper using a network scanning device such as a multi-function copier or network attached scanner (except for the Fujitsu NX scanner) and driving that output to either a folder or an eMail box monitored by PaperSave Workflow or ScanLater is also considered scanning. There are no specific workstation requirements to be mindful of because the scanner is not operated by a workstation. However, to maximize document quality and system performance, the network scanner should have embedded image-processing software/features such as those provided by Fujitsu PaperStream IP, or Kofax Virtual Rescan (VRS). The scanner should also be capable of routing documents to folder locations or eMail boxes as CCIT compressed Multi-Page TIFFs or PDFs that are OCR readable. Few network scanning devices have these features. Because of that it is highly recommended to avoid using multi-function copiers and or network attached scanners. The only network scanner that we recommend with such features is the Fujitsu fi-NX 7300.
11 Appendix: PaperSaveCloud Security And Compliance
PaperSaveCloud was developed to ensure that your confidential business data remains safe and secure. Our cloud platform residing in the Tier 1 Microsoft Azure platform, houses your data and systems in world-class facilities with optimal security and reliability. We are committed to protecting the security of your data. We use a variety of industry-standard security technologies and procedures to help protect your data from unauthorized access, use, or disclosure. The following describes some of the encryption and compliance details around PaperSaveCloud.
11.1 Encryption
All connection from Workstations to PaperSaveCloud are made over the Secure HTTPS protocol that utilizes the below industry standards:
|
Note: TLS 1.2 must be enabled at the client's DAS server and Host Database server for successful DAS connection. |
Cryptographic Protocols
· TLS 1.2
Cipher Suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA
TLS_PSK_WITH_AES_256_GCM_SHA384
TLS_PSK_WITH_AES_128_GCM_SHA256
TLS_PSK_WITH_AES_256_CBC_SHA384
TLS_PSK_WITH_AES_128_CBC_SHA256
TLS_PSK_WITH_NULL_SHA384
TLS_PSK_WITH_NULL_SHA256
Encryption at rest is turned on by default for all PaperSaveCloud tenants. PaperSaveCloud leverages Microsoft Azure storage service encryption to deliver encryption at rest. Data is encrypted using 256-bit AES based storage level encryption. AES (Advanced Encryption Standard) is one of the strongest and fastest cipher present today and is used widely as an industry standard. Click here to learn more about AES. Additionally, credentials that are stored in your PaperSaveCloud database are also encrypted using irreversible encryption. Those credentials can only be changed from within the PaperSave application user interface.
11.2 Compliance
The PaperSaveCloud environment is audited periodically by a third-party attestation service for its ability to meet the SOC 2 Type 1 compliance requirements. The scope of the attestation covers the environment and operations used to host and manage PaperSaveCloud, but it does not cover the compliance of customer specific configurations, data and or practice. Your ultimate adherence to compliance requirements while using PaperSaveCloud may be dependent upon how you store your information and how you use the system. As an example: If you do not enter sensitive information, such as a credit card number into PaperSave Document Type and or Workflow fields, then the you may, in your own discretion, determine that you do not have an issue with PCI compliance. You should also consider using PaperSave’s redaction features to permanently block sensitive information that might be contained within a document’s imaged content. You may also want to remove sensitive information that might be contained within non-Image documents (such as Microsoft Office) files before the document is added to PaperSave. Ultimately, you must evaluate and decide whether your use of PaperSave meets your own compliance standards.