Blackberry Home Theater Server blackberry enterprise server for microsoft exchange User Manual |
BlackBerry Enterprise Server for
Microsoft Exchange
Version: 5.0
Service Pack: 4
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
1
2
3
4
5
BlackBerry Messaging Agent.......................................................................................................................................28
BlackBerry Attachment Service...................................................................................................................................35
Download from Www.Somanuals.com. All Manuals Search And Download.
6
Managing device access to the BlackBerry Enterprise Server..............................................................................................52
7
BlackBerry Enterprise Server high availability..................................................................................56
8
Wi-Fi enabled devices.....................................................................................................................65
Characteristics of the IEEE 802.11b wireless networking standard that Wi-Fi enabled BlackBerry devices support........73
Security features of a Wi-Fi enabled device.........................................................................................................................74
9
BlackBerry Enterprise Server process flows.....................................................................................76
Download from Www.Somanuals.com. All Manuals Search And Download.
Messaging process flows....................................................................................................................................................76
Process flow: Synchronizing organizer data for the first time on a BlackBerry device.....................................................91
Process flow: Authenticating data on a BlackBerry device without connecting to the BlackBerry Infrastructure ..........102
10
11
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
What's New in BlackBerry Enterprise Server 5.0 SP4
2
What's New in BlackBerry
Enterprise Server 5.0 SP4
Feature
Description
Upgrade paths
Administrators can upgrade to BlackBerry Enterprise Server 5.0 SP4 from the
following software versions:
•
•
BlackBerry Enterprise Server 5.0 SP2
BlackBerry Enterprise Server 5.0 SP3
Administrators can upgrade to BlackBerry Enterprise Server 5.0 SP4 for Novell
GroupWise from BlackBerry Enterprise Server 5.0 SP1 for Novell GroupWise.
There is no direct upgrade path from BlackBerry Enterprise Server 4.x.
BlackBerry Enterprise Server 5.0 SP4 supports JRE v6.31 or higher
Upgraded Java support
BlackBerry Monitoring Service
removed
BlackBerry Enterprise Server 5.0 SP4 does not include the BlackBerry
Monitoring Service. No version of the BlackBerry Monitoring Service works with
BlackBerry Enterprise Server 5.0 SP4.
Character set support
BlackBerry Enterprise Server 5.0 SP4 includes support for sending messages
that use Latin characters along with Hebrew or Arabic characters.
Increased message size limit
Increased attachment size limit
Enhancements to email prepopulation
BlackBerry Enterprise Server 5.0 SP4 increases the maximum size of HTML
email messages from 32KB to 300KB.
BlackBerry Enterprise Server 5.0 SP4 increases the default maximum
attachment size from 3MB to 10MB.
BlackBerry Enterprise Server 5.0 SP4 enhances the email prepopulation
process in the following ways:
•
•
Includes both header and body information in prepopulated messages
Increases the default number of messages to prepopulate to 1000 or 14
days of messages
•
Performs prepopulation at every activation, not just when a PIN changes (for
example if all data and applications are deleted and the smartphone is
activated again)
7
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
What's New in BlackBerry Enterprise Server 5.0 SP4
Feature
Description
Increased efficiency of reconciliation
process
BlackBerry Enterprise Server 5.0 SP4 includes enhancements that reduce the
workload on the computer that hosts the BlackBerry Configuration Database.
Enhancements to security features
BlackBerry Enterprise Server 5.0 SP4 includes security enhancements that are
designed to allow verification of data integrity and authenticity for organizations
that use multiple layers of encryption.
BlackBerry Enterprise Server 5.0 SP4 synchronizes the full body of sent
messages to the BlackBerry smartphone.
Full synchronization of sent email
messages
Canceled meeting options
BlackBerry Enterprise Server 5.0 SP4 allows you to leave canceled meetings in
the calendar on your BlackBerry smartphone instead of automatically removing
them.
Enhancements to access control
policies
BlackBerry Enterprise Server 5.0 SP4 allows administrators to assign access
control policies to both individuals and groups.
Support for password-protected
attachments
The BlackBerry Attachment Service in BlackBerry Enterprise Server 5.0 SP4
supports password-protected attachments.
Changes to sent message timestamps BlackBerry Enterprise Server 5.0 SP4 uses the time from the BlackBerry
smartphone to indicate the time a message was sent instead of using the time
on the server. Sent messages now display the correct sent time even if the
BlackBerry smartphone is in a time zone that is different from the BlackBerry
Enterprise Server.
Support for additional shapes in
Microsoft PowerPoint
The BlackBerry Attachment Service for BlackBerry Enterprise Server 5.0 SP4
displays more shapes from Microsoft PowerPoint attachments.
The BlackBerry Enterprise Transporter, a tool available in the BlackBerry
Enterprise Server Resource Kit 5.0 SP4 includes online help.
Online help for BlackBerry Enterprise
Transporter
BlackBerry Domain Search tool
removed
The BlackBerry Enterprise Server Resource Kit 5.0 SP4 does not include the
BlackBerry Domain Search tool because BlackBerry Management Studio
includes the features the tool offered.
Improvements to certificate
administration
Administrators can configure VPN profile certificates for BlackBerry
smartphones so that the user does not need to perform this task.
8
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Overview: BlackBerry Enterprise Server
3
Overview: BlackBerry
Enterprise Server
The BlackBerry Enterprise Server is designed to be a secure, centralized link between an organization's wireless network,
communications software, applications, and BlackBerry smartphones. The BlackBerry Enterprise Server integrates with
your organization's existing infrastructure to provide smartphone users with mobile access to your organization's
resources.
You can manage the BlackBerry Enterprise Server, smartphones, and user accounts using the BlackBerry Administration
Service. You can access the BlackBerry Administration Service web application from any computer that can access the
computer that hosts the BlackBerry Administration Service.
You can optionally install BlackBerry Management Studio in your organization's environment to provide a simplified
administrative console for your organization's helpdesk administrators and an integrated view of the BlackBerry Enterprise
Server and other MDM domains. For more information, visit http://www.blackberry.com/go/serverdocs to see the
BlackBerry Management Studio Feature and Technical Overview.
9
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
4
BlackBerry Enterprise Server
architecture
Architecture: BlackBerry Enterprise Server
The BlackBerry Enterprise Server consists of various components that are designed to perform the following actions:
•
Permit BlackBerry device users to access your organization's tools and data from BlackBerry devices and run your
organization's applications on devices
•
•
Process, route, compress, and encrypt data
Communicate with the wireless network
10
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
BlackBerry Administration Service
The BlackBerry Administration Service connects to the BlackBerry
Configuration Database. You can use the BlackBerry Administration Service to
manage the BlackBerry Domain, which includes BlackBerry Enterprise Server
components, user accounts, and features for BlackBerry device administration.
BlackBerry Mail Store Service
The BlackBerry Mail Store Service connects to the messaging servers in your
organization's environment and retrieves the contact information that the
BlackBerry Administration Service requires to search for user accounts on the
messaging servers.
You install a BlackBerry Mail Store Service when you install a BlackBerry
Enterprise Server. The BlackBerry Mail Store Service connects to the messaging
server using the same connection information that the BlackBerry Enterprise
Server uses. The BlackBerry Administration Service is designed to communicate
with the BlackBerry Mail Store Service using RPC.
BlackBerry Attachment Service
BlackBerry Collaboration Service
BlackBerry Configuration Database
The BlackBerry Attachment Service converts supported message attachments
to a format that users can view on their devices.
The BlackBerry Collaboration Service provides a connection between your
organization's instant messaging server and the collaboration client on devices.
The BlackBerry Configuration Database is a relational database that contains
configuration information that BlackBerry Enterprise Server components use.
For example, the BlackBerry Configuration Database includes the following
information:
•
details about the connection from a BlackBerry Enterprise Server to the
wireless network
•
•
user list
address mappings between PINs and email addresses for BlackBerry MDS
Connection Service push features
BlackBerry Controller
BlackBerry Dispatcher
The BlackBerry Controller monitors the BlackBerry Enterprise Server
components and restarts them if they stop responding.
The BlackBerry Dispatcher compresses and encrypts all data that devices send
and receive. The BlackBerry Dispatcher sends the data through the BlackBerry
Router, to and from the wireless network.
BlackBerry MDS Connection Service
BlackBerry Messaging Agent
The BlackBerry MDS Connection Service permits users to access web content,
the Internet, or your organization's intranet, and also permits applications on
devices to connect to your organization's application servers or content servers
for application data and updates.
The BlackBerry Messaging Agent connects to the IMAP server so that users can
activate their devices over the wireless network. The BlackBerry Messaging
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
Agent connects to your organization's messaging server to provide messaging
services, calendar management, address lookups, attachment viewing,
attachment downloading, and encryption key generation. The BlackBerry
Messaging Agent also acts as a gateway so that the BlackBerry Synchronization
Service can access organizer data on the messaging server. The BlackBerry
Messaging Agent synchronizes configuration data between the BlackBerry
Configuration Database and the BlackBerry profiles database. The BlackBerry
Messaging Agent synchronizes configuration data between the BlackBerry
Configuration Database and user mailboxes. The BlackBerry Messaging Agent
synchronizes configuration data between the BlackBerry Configuration
Database and the message store databases.
BlackBerry Policy Service
The BlackBerry Policy Service performs administration services over the
wireless network. It sends IT policies and IT administration commands and
provisions service books. IT policies and IT administration commands specify
security, settings for synchronizing data over the wireless network, and other
configuration settings on devices. The BlackBerry Policy Service also sends
service books to devices to configure settings for features and components on
devices.
BlackBerry Router
The BlackBerry Router connects to the wireless network to send data to and
from devices. It also sends data over your organization's network to devices that
users connected to computers that host the BlackBerry Device Manager.
BlackBerry Synchronization Service
BlackBerry Web Desktop Manager
The BlackBerry Synchronization Service synchronizes organizer data between
BlackBerry devices and the messaging server over the wireless network.
The BlackBerry Web Desktop Manager is a web-based application that permits
users to manage their devices. For example, users can activate devices, back up
and restore data, select messaging options, synchronize data, and install
applications. The BlackBerry Web Desktop Manager includes the BlackBerry
Device Manager.
organization's application server or
content server
Your organization's application server or content server provides push
applications and intranet content that the BlackBerry MDS Services use.
instant messaging server
messaging server
The instant messaging server stores instant messaging accounts.
The messaging server stores email accounts.
user's computer that hosts the
BlackBerry Device Manager
The user's computer that hosts the BlackBerry Device Manager permits users to
connect their devices to their computers using a serial connection or USB
connection. The BlackBerry Enterprise Server and devices use the connection
to send data between each other.
Data traffic from devices bypasses the wireless network when devices are
connected to users' computers. The BlackBerry Device Manager connects to
the BlackBerry Router, which sends data directly to devices.
13
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
Users can install the BlackBerry Device Manager when they install the
BlackBerry Desktop Software or at another time. The BlackBerry Device
Manager is an optional component, but it is required to support a bypass
connection to the BlackBerry Router.
Architecture: Remote BlackBerry
Collaboration Service
You can install the BlackBerry Collaboration Service on a computer that is separate from the computer that hosts the
BlackBerry Enterprise Server. You can install the BlackBerry Collaboration Service on a remote computer to support
multiple BlackBerry Enterprise Server instances, configure high availability for the BlackBerry Enterprise Server but
exclude the BlackBerry Collaboration Service, or create a BlackBerry Collaboration Service pool that can support multiple
BlackBerry Enterprise Server instances. For more information about configuring the BlackBerry Collaboration Service high
availability, see the BlackBerry Enterprise Server Planning Guide.
The BlackBerry Collaboration Service uses a persistent socket connection for each instant messaging session. You can
install the BlackBerry Collaboration Service on a remote computer to maximize the number of available sockets.
You can install only one type of BlackBerry Collaboration Service (for example, IBM Sametime). Users can use only one
type of collaboration client on their BlackBerry devices.
14
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
BlackBerry Administration Service
The BlackBerry Administration Service permits you to manage the BlackBerry
Collaboration Service and configure instant messaging features.
BlackBerry Collaboration Service
BlackBerry Configuration Database
BlackBerry Enterprise Server
The BlackBerry Collaboration Service delivers messages between the instant
messaging server, BlackBerry Enterprise Server, and BlackBerry devices.
The BlackBerry Configuration Database contains configuration data that the
BlackBerry Collaboration Service uses.
The BlackBerry Enterprise Server encrypts and compresses instant messaging
data that BlackBerry devices receive, and decompresses and decrypts instant
messaging data that BlackBerry devices send.
BlackBerry Router
The BlackBerry Router connects to the wireless network to send instant
messaging data to and from BlackBerry devices.
15
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Architecture: Remote BlackBerry MDS
Connection Service
You can install the BlackBerry MDS Connection Service on a computer that is separate from the computer that hosts the
BlackBerry Enterprise Server. The BlackBerry MDS Connection Service can use increased system resources when it
processes requests for content. You can install the BlackBerry MDS Connection Service on a remote computer to minimize
the impact on the delivery of messages and data, support multiple BlackBerry Enterprise Server instances, or create a
BlackBerry MDS Connection Service pool that can support multiple BlackBerry Enterprise Server instances.
For information about configuring BlackBerry MDS Connection Service high availability, see the BlackBerry Enterprise
Server Planning Guide.
16
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
BlackBerry Administration Service
The BlackBerry Administration Service permits you to manage the BlackBerry
MDS Connection Service, configure the central push server, and configure the
browsing and application features.
BlackBerry Configuration Database
BlackBerry Enterprise Server
The BlackBerry Configuration Database contains the configuration data that the
BlackBerry MDS Connection Service uses.
The BlackBerry Enterprise Server encrypts and compresses content data that
BlackBerry devices receive, and decompresses and decrypts content data that
BlackBerry devices send.
BlackBerry MDS Connection Service
The BlackBerry MDS Connection Service processes requests for web content
from the BlackBerry Browser or a BlackBerry Java Application, and it manages
the connections between a BlackBerry Application and the application that is
located on your organization’s application servers, web servers, or databases.
BlackBerry Router
The BlackBerry Router connects to the wireless network to send content to and
from BlackBerry devices.
organization's application servers or
content servers
Your organization's application servers or content server provide push
applications and intranet content for the BlackBerry MDS Services.
proxy servers
Proxy servers authenticate the BlackBerry Browser or a BlackBerry Java
Application before they can access push applications or content data.
Architecture: Remote BlackBerry Router
You can install the BlackBerry Router on a computer that is separate from the computer that hosts the BlackBerry
Enterprise Server. You can install the BlackBerry Router on a remote computer if you want to support multiple BlackBerry
Enterprise Server instances, create a remote BlackBerry Router pool, or if your organization's security policy requires that
internal systems cannot make connections directly to the Internet and all systems must connect through another system in
the DMZ.
The BlackBerry Router does not use many system resources, but it is a critical connection point for the BlackBerry
Enterprise Solution. You can install multiple BlackBerry Router instances for high availability if the primary BlackBerry
Router becomes unavailable.
If you install the BlackBerry Router in the DMZ, you can permit users to log in to your organization's LAN remotely and you
can deploy BlackBerry devices through a computer that is running the BlackBerry Device Manager.
17
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
BlackBerry Configuration Database
The BlackBerry Configuration Database contains configuration data that the
BlackBerry Administration Service manages.
BlackBerry Device Manager
BlackBerry Enterprise Server
The BlackBerry Device Manager permits BlackBerry devices to connect to the
BlackBerry Router.
The BlackBerry Enterprise Server encrypts and compresses data that
BlackBerry devices receive, and decompresses and decrypts data that
BlackBerry devices send.
BlackBerry Router
The BlackBerry Router connects to the wireless network to send data to and
from BlackBerry devices.
18
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Architecture: Remote BlackBerry
Administration Service
You can install the BlackBerry Administration Service on a computer that is separate from the computer that hosts the
BlackBerry Enterprise Server. The BlackBerry Administration Service can use increased system resources when it
processes requests. You can install the BlackBerry Administration Service remotely to minimize the impact on the delivery
of messages and data, or to create a BlackBerry Administration Service pool to support multiple BlackBerry Enterprise
Server instances.
For more information about configuring BlackBerry Administration Service high availability, see the BlackBerry Enterprise
Server Planning Guide.
You can install the BlackBerry Web Desktop Manager with the BlackBerry Administration Service. You can install the
BlackBerry Web Desktop Manager separately to make sure that BlackBerry device users cannot access the computer that
hosts the BlackBerry Enterprise Server.
19
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
BlackBerry Administration Service
The BlackBerry Administration Service permits you to manage the BlackBerry
Enterprise Server, user accounts, and BlackBerry devices.
BlackBerry Configuration Database
BlackBerry Enterprise Server
The BlackBerry Configuration Database contains configuration data that the
BlackBerry Administration Service manages.
The BlackBerry Enterprise Server encrypts and compresses data that
BlackBerry devices receive, and decompresses and decrypts data that
BlackBerry devices send.
BlackBerry Router
The BlackBerry Router connects to the wireless network to send data to and
from BlackBerry devices.
BlackBerry Web Desktop Manager
The BlackBerry Web Desktop Manager permits users to activate and manage
their BlackBerry devices, back up and restore data, configure email settings,
update the BlackBerry Device Software, and install new applications.
Architecture: Remote BlackBerry
Attachment Service
You can install the BlackBerry Attachment Service on a computer that is separate from the computer that hosts the
BlackBerry Enterprise Server. You can install the BlackBerry Attachment Service remotely if you want to increase the
number of conversion requests that can occur concurrently without impacting message delivery, support multiple
BlackBerry Enterprise Server instances, or create a BlackBerry Attachment Service pool that can support multiple
BlackBerry Enterprise Server instances.
For more information about how to configure the BlackBerry Attachment Service for high availability, see the BlackBerry
Enterprise Server Planning Guide.
20
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
BlackBerry Administration Service
The BlackBerry Administration Service permits you to manage the BlackBerry
Attachment Service instances and set up attachment conversion features.
BlackBerry Attachment Service
BlackBerry Configuration Database
BlackBerry Enterprise Server
The BlackBerry Attachment Service converts the attachment and returns the
attachment data to the BlackBerry Attachment Connector.
The BlackBerry Configuration Database contains the conversion data that the
BlackBerry Attachment Service uses when processing attachment data.
The BlackBerry Enterprise Server receives requests to convert message
attachments from BlackBerry devices and uses the BlackBerry Attachment
Connector to send the attachment data to a BlackBerry Attachment Service
instance for conversion. After the BlackBerry Attachment Service instance
returns the converted attachment to the BlackBerry Attachment Connector, the
BlackBerry Enterprise Server sends the attachment data to the user's
BlackBerry device for viewing.
BlackBerry Router
The BlackBerry Router connects to the wireless network to send email
messages and attachments to and from BlackBerry devices.
21
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Architecture: BlackBerry Web Desktop
Manager
The BlackBerry Web Desktop Manager consists of server-side services that are installed with the BlackBerry
Administration Service and Microsoft ActiveX controls that are installed on the browser of the BlackBerry device user's
computer. HTTPS authentication secures the connection between the server and the browser.
Component
Description
BlackBerry Administration Service
The BlackBerry Administration Service is a web application that is a required
component of the BlackBerry Enterprise Server. Administrators use the
BlackBerry Administration Service to manage user accounts; assign user
groups, administrator roles, software configurations, and IT policies to user
accounts; and manage servers and components in a BlackBerry Domain.
BlackBerry Enterprise Server
BlackBerry Configuration Database
messaging server
The BlackBerry Enterprise Server encrypts and compresses data that
BlackBerry devices receive, and decompresses and decrypts data that
BlackBerry devices send.
The BlackBerry Configuration Database is a relational database that contains
configuration information, such as BlackBerry Enterprise Server connection
details and user information.
The messaging server stores the email accounts of the BlackBerry device users.
22
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server architecture
Component
Description
user's computer with BlackBerry Web The BlackBerry Web Desktop Manager browser application is the Microsoft
Desktop Manager browser application ActiveX controls that a user installs in a browser to manage the BlackBerry
device.
BlackBerry Administration Service and The BlackBerry Administration Service and BlackBerry Web Desktop Manager
BlackBerry Web Desktop Manager
services
services provide the server-side services for the BlackBerry Web Desktop
Manager browser application.
23
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
5
BlackBerry Enterprise Server
components and features
BlackBerry Administration Service
The BlackBerry Administration Service is a web application you use to manage user accounts; assign user groups,
administrative roles, and software configurations and apply IT policies to user accounts; and manage servers and
component instances in a BlackBerry Domain. You can open the BlackBerry Administration Service in a browser on any
computer that can access the computer that hosts the BlackBerry Administration Service. You can share administrative
duties with multiple administrators who can access the BlackBerry Administration Service simultaneously using unique
user names and passwords. When Microsoft ActiveX controls are turned on in your browser, you can connect BlackBerry
devices to your computers and manage the BlackBerry devices while you are logged in to the BlackBerry Administration
Service.
Feature
Description
high availability of BlackBerry
Enterprise Server components
You can install standby instances of BlackBerry Enterprise Server components
and configure a manual or automatic failover to a standby instance.
ability to assign users to multiple
groups
Groups permit you to share administrative roles, IT policies, and other
configuration settings among similar user accounts so that properties can be set
once instead of for every user. You can assign a user account to more than one
group so that the user inherits the properties of every group that the user
belongs to. You can also assign groups to other groups to share the properties of
the parent group with all of the user accounts in the child groups.
custom server and component names To help you identify servers and component instances, you can define a friendly
using friendly names
name for each BlackBerry Enterprise Server and component instance that
displays in the BlackBerry Administration Service. Each regional language that
the BlackBerry Administration Service supports can have unique friendly
names.
custom administrative roles
Each action that you perform in the BlackBerry Administration Service is
associated with a privilege. You can specify the actions that administrators can
perform by changing the privilege that you assign to administrative roles.
BlackBerry Administration Service
authentication or external
authentication
Administrators that log in to the BlackBerry Administration Service must provide
their user names and passwords. A user name and a password is a unique
combination that is stored securely in the BlackBerry Configuration Database
24
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
and known only to the BlackBerry Administration Service. Alternatively, you can
use external authentication, which permits administrators to log in to the
BlackBerry Administration Service using the same information that
administrators use to access your organization's messaging server.
options for viewing the BlackBerry
Domain
You can find and manage BlackBerry Enterprise Server component instances
using the server view or component view.
BlackBerry Configuration Panel
The BlackBerry Configuration Panel displays data, such as BlackBerry Configuration Database settings, that the
BlackBerry Enterprise Server setup application detected during the installation process. You can use the BlackBerry
Configuration Panel to change configuration data after you install the BlackBerry Enterprise Server.
BlackBerry Mail Store Service
The BlackBerry Mail Store Service connects to the messaging servers in your organization's environment and retrieves the
contact information that the BlackBerry Administration Service requires to search for user accounts on the messaging
servers.
The BlackBerry Mail Store Service performs the following actions:
•
•
•
synchronizes your organization's contact list to the BlackBerry Configuration Database
updates the contact list in the BlackBerry Configuration Database every 24 hours automatically
permits the BlackBerry Administration Service to access user account information that is stored in the mailbox or mail
file on the messaging servers
•
•
exposes an API that the BlackBerry Administration Service can use to connect to the BlackBerry Mail Store Service
searches for contact information on behalf of the BlackBerry Administration Service
You install a BlackBerry Mail Store Service when you install a BlackBerry Enterprise Server. The BlackBerry Mail Store
Service connects to the messaging server using the same connection information that the BlackBerry Enterprise Server
uses. The BlackBerry Administration Service is designed to communicate with the BlackBerry Mail Store Service using
RPC.
25
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Database tables in the BlackBerry Configuration
Database that store contact information
The BlackBerry Mail Store Service synchronizes contact information to two database tables in the BlackBerry Configuration
Database.
Table name
Description
MsDomains
This table contains a list of domains and messaging servers that are located in
your organization's environment.
MsAddresses
This table contains a list of the email addresses that are included in your
organization's contact list.
Contact information that the BlackBerry Mail Store
Service stores in the BlackBerry Configuration
Database
The BlackBerry Mail Store Service synchronizes contact information that is stored in the messaging environment to the
BlackBerry Configuration Database. To compare the contact information changes that occurred between synchronization
processes, the BlackBerry Mail Store Service maintains two copies of the contact information.
The BlackBerry Mail Store Service synchronizes contact information that is stored in the messaging environment to the
BlackBerry Configuration Database. The contact information is stored in database properties in the BlackBerry
Configuration Database.
Database property name
Database property
name
in BlackBerry
Configuration Database
version 4.1
Contact information
Description
address type
display name
email address
Type
—
This property specifies whether this is the
address for a user or distribution list.
DisplayName
MailboxSMTP
UserConfig.DisplayName This property specifies the display name for
the user account.
UserConfig.MailboxSMTP This property specifies the email address for
Addr
the user account.
26
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Database property name
in BlackBerry
Configuration Database
version 4.1
Database property
name
Contact information
Description
mailbox path
MailboxKey
ServerName
UserConfig.MailboxDN
This property specifies the unique mailbox
path.
messaging server
path
UserConfig.ServerDN
This property specifies the path to the
messaging server.
How the BlackBerry Mail Store Service accesses
contact information that is stored on the messaging
server
In a Microsoft Exchange environment, the BlackBerry Mail Store Service can connect to the messaging server and search
for contact information using MAPI or LDAP. By default, the BlackBerry Mail Store Service uses MAPI to search for contact
information. If you configure the BlackBerry Enterprise Server to use LDAP to search for contact information, the
BlackBerry Mail Store Service can also use LDAP to search for contact information.
For more information about how the BlackBerry Enterprise Server uses LDAP, visit www.blackberry.com/support to read
article KB05174.
Configuring the BlackBerry Mail Store Service instance
that updates the contact list
The BlackBerry Configuration Database contains your organization's contact list and a list of BlackBerry Enterprise Server
instances. By default, the BlackBerry Mail Store Service instance that you installed with the first BlackBerry Enterprise
Server instance that appears in the list updates the contact list. If you prevent the BlackBerry Mail Store Service that you
installed with the first BlackBerry Enterprise Server instance from updating the contact list, the next available BlackBerry
Mail Store Service instance in the list updates the contact list.
By default, if you install multiple BlackBerry Mail Store Service instances, each instance can update the contact list in the
BlackBerry Configuration Database. The first BlackBerry Mail Store Service instance that updates the contact list prevents
the other instances from also updating the contact list. Each BlackBerry Mail Store Service instance searches for time
stamp information in the BlackBerry Configuration Database to determine if another BlackBerry Mail Store Service
instance is updating the contact list already before it starts to update the contact list.
You must verify that at least one BlackBerry Mail Store Service instance can update the contact list in the BlackBerry
Configuration Database so that the BlackBerry Administration Service can access the latest contact list information when
you create and manage user accounts. If you prevent all of the BlackBerry Mail Store Service instances from updating the
27
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
contact list, the BlackBerry Configuration Database might not contain the contact information for all user accounts on your
organization's messaging server.
If the BlackBerry Configuration Database does not contain contact information for a user account, you cannot create the
user account by searching for the contact information in the BlackBerry Administration Service. You can only create the
user account if you use the Add from company directory option in the BlackBerry Administration Service. The Add from
company directory option permits the BlackBerry Mail Store Service to search the contact information that is stored in the
messaging environment so that you can create the user account even if the BlackBerry Configuration Database does not
contain the contact information for the user account.
BlackBerry messaging and collaboration
services
The BlackBerry messaging and collaboration services provide a wireless extension of your organization's messaging
environment. These services include the BlackBerry Messaging Agent, BlackBerry Collaboration Service, BlackBerry
Synchronization Service, and BlackBerry Attachment Service.
BlackBerry Messaging Agent
The BlackBerry Messaging Agent connects to your organization's messaging server and provides messaging services,
calendar management, address lookups, attachment viewing, attachment downloading, and encryption key generation.
The BlackBerry Messaging Agent acts as a gateway for the BlackBerry Synchronization Service to access organizer data on
the messaging server. The BlackBerry Messaging Agent synchronizes configuration data between the BlackBerry
Configuration Database and user mailboxes.
The BlackBerry Messaging Agent integrates with existing email accounts in your organization. The BlackBerry Messaging
Agent redirects messages from users’ email applications to their BlackBerry devices automatically. If users configure
identical signatures on their BlackBerry devices and in their email accounts, recipients cannot distinguish between
messages that users send from BlackBerry devices and messages that they send from email applications.
When users move or delete messages or mark messages as read or unread on their BlackBerry devices or in their email
applications, the BlackBerry Messaging Agent reconciles changes over the wireless network between BlackBerry devices
and email applications. By default, BlackBerry devices and the BlackBerry Enterprise Server reconcile email messages
over the wireless network.
Wireless messaging features
BlackBerry device users can use many of the same messaging features that are available in the email applications on their
computers.
28
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
email reconciliation
The BlackBerry Enterprise Server reconciles the status of messages between
users' BlackBerry devices and their email applications. If users delete, archive,
or move messages to personal folders in their email applications, the messages
are deleted from the message list on the users' BlackBerry devices. If users
mark messages as read or unread in their email applications, the messages
appear with the same status on their BlackBerry devices.
You can turn off wireless email reconciliation.
email message filters
You or users can create and change email message filters. Email message filters
determine the actions that the BlackBerry Enterprise Server takes if incoming
messages match specific criteria: forward, forward with priority, or do not
forward to BlackBerry devices. For example, users can create email message
filters to forward messages from specific senders to their BlackBerry devices
with high priority.
message forwarding
signature
Users can turn off message forwarding to their BlackBerry devices (for example,
if users are outside of a wireless coverage area). You can also turn off message
forwarding to users' BlackBerry devices.
Users can add a signature to all messages that they send from their BlackBerry
devices. You can add a signature and disclaimers to all messages that the
members of a user group send or a specific user sends.
out-of-office reply
contact lookup
Users can set and change their out-of-office replies using their BlackBerry
devices.
Users can search for a contact’s first name, last name, or both in their
organization's directory. The BlackBerry Enterprise Server returns results for a
maximum of 20 of the closest matches.
contact list updates
When users select contacts from the contact lookup results, they can add the
contacts to the contact lists on their BlackBerry devices.
custom fields in the contact list
If your organization maintains custom fields in users’ personal contact lists, you
can map these fields to corresponding fields that appear in the contact list on
BlackBerry devices. Users can use these custom fields to search for contacts on
their BlackBerry devices.
attachments
Users can send messages that contain attachments from their BlackBerry
devices. The BlackBerry Attachment Service does not convert these messages;
the BlackBerry Messaging Agent processes them only. Attachments must meet
the following requirements:
•
If a user sends one attachment in a message, the file size of the attachment
cannot exceed 3 MB.
•
If a user sends multiple attachments in a message, the total file size of the
attachments cannot exceed 5 MB.
29
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
•
If an attachment exceeds 64 KB, the BlackBerry device sends the
attachment in multiple data packets.
Users can send messages with attachments only from supported BlackBerry
devices that are running BlackBerry Device Software version 4.2 or later. If you
want to manage the system resources that the BlackBerry Messaging Agent
uses to upload and send attachments, you can limit the file size of attachments
or prevent users from attaching files to messages. For example, if too many
users are sending large attachments, such as pictures or videos, you might want
to limit the file size of supported attachments or turn off support for message
attachments.
downloading attachments
Users with BlackBerry devices that are running BlackBerry Device Software
version 4.5 or later can download attachments and store them on their
BlackBerry devices. Users can open and make changes to the downloaded
attachments using an appropriate third-party application on their BlackBerry
devices. Users can open supported attachment file formats using the media
application on their BlackBerry devices.
To manage network resources in your organization's environment, you can
change the maximum file size of attachments that users can download to their
BlackBerry devices.
save sent messages
Users can configure their BlackBerry devices to save copies of messages that
they send from their BlackBerry devices in the sent items folder in their email
applications.
personal distribution lists
Users with BlackBerry Device Software version 5.0 or later can view personal
distribution lists in their contact lists. Users can send messages to the personal
distribution lists and delete personal distribution lists from their BlackBerry
devices.
public folders
Users with BlackBerry Device Software version 5.0 or later can view and use
contacts in public folders from their BlackBerry devices, and copy the contacts
to their contact lists. Users can only view the public folders that they have the
appropriate permissions for.
Users can specify which public folders they want to synchronize to their
BlackBerry devices using the BlackBerry Desktop Manager or BlackBerry Web
Desktop Manager. You can limit the number of public folders that users can
synchronize to their BlackBerry devices.
personal folders
follow up flag
Users with BlackBerry devices that are running BlackBerry Device Software
version 5.0 or later can add, delete, move, and rename personal folders from
their BlackBerry devices.
Users with BlackBerry devices that are running BlackBerry Device Software
version 5.0 or later can flag messages from their BlackBerry devices and set
reminder times.
30
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
personal contact subfolders
Users with BlackBerry devices that are running BlackBerry Device Software
version 5.0 or later can view personal contact subfolders on their BlackBerry
devices and change contact information.
Users can specify which contact subfolders that they want to synchronize to
their BlackBerry devices using BlackBerry Desktop Manager or BlackBerry Web
Desktop Manager. You can limit the number of contact subfolders that a user
can synchronize to their BlackBerry devices.
forwarding calendar entries
Users with BlackBerry devices that are running BlackBerry Device Software
version 5.0 or later can forward meeting invitations and calendar entries from
their BlackBerry devices.
availability of meeting participants
Users with BlackBerry devices that are running BlackBerry Device Software
version 4.5 or later can view the availability of meeting invitees on their
BlackBerry devices. You can turn off this feature using the BlackBerry
Administration Service.
remote search for email messages
rich content email messages
Users with BlackBerry devices that are running BlackBerry Device Software
version 4.5 or later can search for email messages that are located on the
messaging server from their BlackBerry devices. You can turn off this feature
using the BlackBerry Administration Service.
Users with BlackBerry devices that are running BlackBerry Device Software
version 4.5 or later can view HTML and rich content email messages. You can
turn off this feature using the BlackBerry Administration Service.
Access to documents on a network from BlackBerry devices
Users with BlackBerry devices that are running BlackBerry Device Software version 5.0 or later can use a file browser on
their BlackBerry devices to access documents that are located in a shared location such as a network drive. Users can view
document information such as the file name, file type, file size, author, and date the file was last changed. Users must have
access to the shared location using their network credentials, or you must configure the BlackBerry Enterprise Server to
access the documents for the users.
Users can send the documents as attachments in messages or instant messages, view supported document types using
the attachment viewer, download copies of the documents, or open and make changes to the documents using an
appropriate third-party application on their BlackBerry devices. They can also add attachments from messages or
documents that they access using the BlackBerry Browser to the network drive.
BlackBerry Collaboration Service
The BlackBerry Collaboration Service provides a connection between your organization's instant messaging server and the
collaboration client on BlackBerry devices. The BlackBerry Collaboration Service integrates with existing instant messaging
applications. The BlackBerry Enterprise Server supports the following collaboration clients:
•
BlackBerry Client for use with Microsoft Office Live Communications Server 2005
31
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
•
•
•
•
•
BlackBerry Client for use with Microsoft Office Communications Server 2007
BlackBerry Client for use with Microsoft Office Communications Server 2007 R2
BlackBerry Client for use with Microsoft Lync Server 2010
BlackBerry Client for IBM Sametime
BlackBerry Client for Novell GroupWise Messenger
The BlackBerry Collaboration Service sends instant messages between your organization's instant messaging server,
BlackBerry Enterprise Server, and devices using public APIs, a Research In Motion proprietary protocol, and protocols that
IBM, Microsoft, and Novell specify.
Instant messaging features
Using the collaboration clients on their BlackBerry devices, users can use many of the same features that are available in
the instant messaging applications on their computers.
Feature
Description
session management
You can specify the number of simultaneous instant messaging sessions that
the BlackBerry Collaboration Service supports. You can also specify a timeout
threshold, after which the BlackBerry Collaboration Service ends inactive
sessions automatically and permits new sessions to start.
You can control whether users of specific versions of the BlackBerry Client for
IBM Sametime or the BlackBerry Client for Novell GroupWise Messenger can
see an icon on their BlackBerry devices when contacts in their contact lists are
using the same collaboration clients. By default, the icon appears.
conversations with multiple contacts
availability status
Users can start and manage conversations with multiple instant messaging
contacts on their BlackBerry devices.
Users can change their availability status when they are logged in to their
collaboration clients. For example, users can set their availability status to away
or busy.
presence updates
access levels
Using the latest versions of the collaboration clients, users can set their
availability status to display as away if they do not use their BlackBerry devices
for a specified period of time.
Using the latest version of the BlackBerry Client for use with Microsoft Office
Communications Server 2007, users can set the access level of contacts in their
contact lists. Each access level consists of rules that define how contacts can
interact with a user through the instant messaging application. For example,
users can assign the Personal access level to their contacts.
contact pictures
Using the latest versions of the collaboration clients, users can add pictures to
the contacts in their contact lists. The pictures that users add using the
collaboration clients on their BlackBerry devices are not synchronized with the
instant messaging applications on users' computers.
32
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
synchronized contact lists
The instant messaging contact lists on users' BlackBerry devices are
synchronized with the contact lists in their organization's instant messaging
application.
contact alerts
file transfer
Users can request alerts when specific contacts become available.
Using the latest version of the BlackBerry Client for IBM Sametime, users can
send files to contacts in their contact lists. Recipients can open supported file
formats on their BlackBerry devices.
link instant messaging contacts to the Using the latest versions of the collaboration clients, users can link instant
contact list on BlackBerry devices
messaging contacts to existing contact list entries on their BlackBerry devices.
They can also create new contact list entries for instant messaging contacts and
populate them with information from their organization's messaging server.
send email messages from contact list Using the latest versions of the collaboration clients, users can send email
messages to contacts directly from their contact lists.
call contacts
Using the latest versions of the collaboration clients, users can call instant
messaging contacts directly from their contact lists. After a user starts an instant
messaging conversation with a contact, the user can make a call to that contact
from the conversation window. Phone numbers for contacts are retrieved from
the messaging server or from the contact list on the BlackBerry device if the
user is linked to an existing contact list entry.
email conversation history
Using the latest versions of the collaboration clients, users who participate in an
instant messaging conversation can send the history of the conversation as an
email message to other participants of the conversation and to additional
contacts from their contact lists on their BlackBerry devices.
embedded links
public groups
Users can click phone numbers in instant messages to make calls. They can
also click links in instant messages to view web pages.
Using the latest version of the BlackBerry Client for IBM Sametime, users can
add public groups to their instant messaging contact lists.
location information
Using the latest version of the BlackBerry Client for IBM Sametime or the
BlackBerry Client for use with Microsoft Office Communications Server 2007,
users can set their current location to display in their contact information. For
example, users can set their current location to "In the office". This feature is
not available if your organization's environment uses IBM Sametime version
6.5.1.
announcements
Using the latest version of the BlackBerry Client for IBM Sametime or
BlackBerry Client for Novell GroupWise Messenger, users can send
announcements to groups or multiple contacts in their contact lists.
send messages to contacts who are not Using the latest version of the BlackBerry Client for IBM Sametime, BlackBerry
included in a contact list
Client for use with Microsoft Office Live Communications Server 2005, or
33
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
BlackBerry Client for use with Microsoft Office Communications Server 2007,
users can send instant messages to contacts that are not included in their
contact lists.
dormant mode
The collaboration clients enter dormant mode after five minutes of inactivity. In
dormant mode, the applications do not receive presence updates for contacts.
Dormant mode is designed to reduce wireless network traffic in an
organization's messaging environment. The collaboration clients turn off
dormant mode when users open or use the applications, or receive conference
requests, alerts, or messages from contacts.
BlackBerry Synchronization Service
The BlackBerry Synchronization Service synchronizes organizer data such as tasks, memos, and contacts over the wireless
network so that the entries on BlackBerry devices are consistent with the entries in the email applications. With wireless
data synchronization and wireless email reconciliation, users are not required to connect their BlackBerry devices to the
BlackBerry Desktop Software to synchronize organizer data and reconcile email messages.
The BlackBerry Synchronization Service backs up user settings and data over the wireless network from BlackBerry
devices to the BlackBerry Configuration Database. You can restore the user settings and data to BlackBerry devices when
the BlackBerry devices are activated over the wireless network. By default, the BlackBerry Enterprise Server automatically
backs up the user settings and data over the wireless network.
Synchronization features
You can change the settings for synchronization features so that users can manage the user experience and system
resources in your organization's environment.
Feature
Description
initial synchronization
When the BlackBerry Enterprise Server sends service books to BlackBerry
devices to turn on wireless data synchronization, an initial data synchronization
process starts. The process synchronizes the data for calendar items and
messages between users' BlackBerry devices and the email applications on
their computers. It also resolves conflicting or duplicate entries to prevent data
loss.
By default, the calendar on the BlackBerry device synchronizes up to 31 days in
the past from the activation date, and up to 28 years into the future from the
activation date.
synchronization settings
You can configure settings for wireless data synchronization that apply to
specific users, user groups, or all users on all BlackBerry Enterprise Server
instances. You can define which organizer data items the BlackBerry
Synchronization Service synchronizes, how data conflicts are resolved, and
whether changes are synchronized in both directions or in one direction only
34
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
between BlackBerry devices and email applications. You can use IT policies to
configure the settings for wireless data synchronization.
support for different types of user
access
The BlackBerry Enterprise Server requires access to the organizer application
databases for all users. You can define the location of the database replicas in
each user’s profile, create roaming user profiles, or use web access templates in
your organization's messaging environment.
synchronization of contact pictures
The BlackBerry Synchronization Service synchronizes contact pictures between
users’ BlackBerry devices and the email applications on their computers. If
users use their BlackBerry devices to add, change, or delete contact pictures,
the contact lists in their email applications reflect the changes.
The BlackBerry Synchronization Service cannot synchronize contact pictures
that exceed 32 KB.
BlackBerry Attachment Service
The BlackBerry Attachment Service converts supported message attachments into a format that users can view on their
BlackBerry devices. The BlackBerry Attachment Service processes attachments and converts them into a binary format
that retains most of the layout, appearance, and navigation of the original attachments. You do not have to install the
applications that are associated with the attachment formats on BlackBerry devices. The attachment viewer installs
automatically with the BlackBerry Device Software.
The BlackBerry Attachment Service receives attachments that are embedded in messages from the messaging server,
through the BlackBerry Messaging Agent. The BlackBerry Attachment Service also receives attachments that are
accessed through links in the BlackBerry Browser.
The BlackBerry Attachment Service enables users to play supported audio attachments on supported BlackBerry devices
that are running BlackBerry Device Software version 4.2 or later. The BlackBerry Attachment Service can convert .wav files
into an audio format that a BlackBerry device series supports (for example, .mp3 files on BlackBerry 8700 Series devices).
If the BlackBerry Attachment Service is hosted on a computer that uses Windows Server 2008, the BlackBerry Attachment
Service does not support .mp3 audio files on BlackBerry devices, and the BlackBerry Attachment Service does not support
any audio file formats on BlackBerry 7100 Series devices that support CDMA networks. You must host the BlackBerry
Attachment Service on a computer that uses Windows Server 2003 if you want the BlackBerry Attachment Service to
support .mp3 audio files on BlackBerry devices and all audio formats on BlackBerry 7100 Series devices that support
CDMA networks.
Attachment file formats that the BlackBerry Attachment Service supports
Format
Extension
Adobe Acrobat
ASCII text
.pdf
.txt
35
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Format
Extension
audio
.amr, .mp3, .wav, .wma
.wpd
Corel WordPerfect 7-10
HTML
.htm, .html
images
.bmp, .gif, .jpeg, .jpg, .png, .ppm, .tif, .t
iff, .wmf
Microsoft Excel 97-2003, 2007, 2013*, and XP
Microsoft PowerPoint 97-2003, 2007, 2013*, and XP
Microsoft Word 97-2003, 2007, 2013*, and XP
OpenOffice Format version 1.1
RTF
.xls, .xlsx
.pps, .ppsx, .ppt, .pptx
.doc, .dot, .dotx, .docx
.odp, .ods, .odt, .ott
.rtf
ZIP archives
.zip
* Some new features in Microsoft Office 2013 attachment files may not be viewable with BlackBerry devices. BlackBerry
will provide limited support for Microsoft Office 2013 attachment files.
BlackBerry MDS Connection Service
The BlackBerry MDS Connection Service connects wireless applications on BlackBerry devices to the applications on an
organization’s application servers or web servers. After a wireless application is installed on BlackBerry devices, the
application can receive data from push applications that are located on application servers or web servers. The application
can also receive data by sending pull requests from BlackBerry devices to applications that are located on application
servers or web servers. The BlackBerry MDS Connection Service processes push and pull requests and delivers data and
updates to BlackBerry Applications.
The BlackBerry MDS Connection Service also receives and responds to web requests from the BlackBerry Browser and
other BlackBerry Applications, so that users can view Internet and intranet content on their BlackBerry devices. The
BlackBerry MDS Connection Service sends login requests and requests for instant messaging sessions from BlackBerry
devices to the BlackBerry Collaboration Service. If you stop the BlackBerry MDS Connection Service, you also stop the
BlackBerry Collaboration Service.
36
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
protocol connections
You can define connections to the web servers on your organization’s intranet or
the Internet using standard Internet protocols such as HTTP, HTTPS, and
TCP/IP.
encrypted communications
data conversion
The BlackBerry MDS Connection Service encrypts content using the same
standard BlackBerry encryption that the BlackBerry Dispatcher uses to encrypt
messages and other data.
The BlackBerry MDS Connection Service converts data from application servers
and web servers to a format that BlackBerry Applications can interpret and
display.
data optimization
The BlackBerry MDS Connection Service processes content that users can view
in the BlackBerry Browser. For example, the BlackBerry MDS Connection
Service can change the data format or remove extraneous data to reduce
network traffic.
authentication methods
You can configure authentication requirements that match your organization's
sign-on scheme using standard methods such as NTLM, Kerberos, and LTPA.
You can also define a period of time after which the BlackBerry MDS Connection
Service requests user information and caches cookies.
You can use two-factor authentication to create VPN connections between
wireless applications on BlackBerry devices and your organization’s application
servers and web servers.
integration with proxy servers
You can provide access to specific content through your organization's proxy
servers using the following items:
•
proxy exclusion list, which defines the organization-specific URLs that the
BlackBerry MDS Connection Service uses to connect directly to external web
services instead of routing the connections through your organization's
proxy server
•
proxy auto-configuration (.pac) file
access control
You can configure push initiators and push rules that define which server-side
push applications can send application data and updates to BlackBerry devices,
and which users can receive push requests. You can configure pull rules to
specify which web servers users can access using the BlackBerry Browser and
other applications on BlackBerry devices.
media content management
You can control which media files users can receive and access using the
BlackBerry Browser and BlackBerry Applications. You can prevent users from
receiving specific media types (for example, video files) or specific subtypes of
media (for example, .mp3 files). You can also configure size limits for media files
that users can receive on their BlackBerry devices.
37
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
BlackBerry Applications
BlackBerry devices support BlackBerry Applications and BlackBerry Browser Applications. Application developers in your
organization can create BlackBerry Applications using BlackBerry development tools or third-party development tools. You
can install and manage BlackBerry Java Applications on BlackBerry devices using the BlackBerry Administration Service.
For more information about the options for developing BlackBerry Applications, visit www.blackberry.com/developers.
BlackBerry Browser Applications
BlackBerry Browser Applications are simplified, web-based applications that you can use to push web content to the
BlackBerry Browser on BlackBerry devices. Developers can create BlackBerry Browser Applications using BlackBerry
templates or standard web development tools.
The BlackBerry Enterprise Server supports the following types of BlackBerry Browser Applications.
Type
Description
browser channel push applications
An icon displays on the Home screens of users' BlackBerry devices to indicate
whether users viewed the latest version of the web content that the Browser
Push Engine has pushed to their BlackBerry devices.
browser cache push applications
browser message push applications
The Browser Push Engine pushes web content to the cache of the BlackBerry
Browser on users' BlackBerry devices. To view the web content, users browse to
the appropriate web address using the BlackBerry Browser.
A message appears in the message list on users' BlackBerry devices to provide a
link to new or updated web content.
For more information about developing BlackBerry Browser Applications and sending BlackBerry Browser Applications to
BlackBerry Java Applications
BlackBerry Applications can range from simple applications, such as a game on BlackBerry devices, to complex
applications with advanced UIs and various options for data management, storage, and network communication.
BlackBerry Java Applications can use a client-only architecture (the applications do not send data to or receive data from a
content server) or they can use a client/server application model (the applications send data to and receive data from a
content server). For example, a developer can create a BlackBerry Java Application so that users can send data to and
receive data from a central sales database.
38
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Developers can create BlackBerry Java Applications using BlackBerry developer tools or other Java authoring tools.
BlackBerry devices run BlackBerry Java Applications using BlackBerry APIs and Java ME, which are standard on
BlackBerry devices.
For more information about developing and customizing BlackBerry Applications, visit www.blackberry.com/developers.
Managing BlackBerry Java Applications and
BlackBerry Device Software
You can use the BlackBerry Administration Service to install and manage the BlackBerry Device Software and BlackBerry
Java Applications on BlackBerry devices.
To send BlackBerry Java Applications to devices, you must first add the applications to the application repository. You can
use the application repository to store and manage all versions of the BlackBerry Java Applications that you want to install
on, update on, or remove from devices.
In the BlackBerry Administration Service, you create software configurations to specify the versions of the BlackBerry
Device Software and BlackBerry Java Applications that you want to install on, update on, or remove from devices. You also
use software configurations to specify which applications are required, optional, or not permitted. When you create a
software configuration, you must also specify whether users can install applications that are not listed in the software
configuration.
When you add a BlackBerry Java Application to a software configuration, you must assign an application control policy to
the application to specify what resources the application can access. You can use default application control policies or
you can create and use custom application control policies. If you permit users to install unlisted applications, you must
create an application control policy for unlisted applications that specifies what resources the applications can access.
When you assign a software configuration to a group or individual user accounts, the BlackBerry Administration Service
creates a deployment job to install the BlackBerry Device Software and BlackBerry Java Applications on devices and to
apply application control policies to the devices. A deployment job consists of a number of tasks. Each task manages the
delivery of a specific object (for example, a BlackBerry Java Application or an application control policy) by communicating
with the appropriate BlackBerry Enterprise Server components.
If you assign more than one software configuration to a user account, all of the settings in the multiple software
configurations are applied to the user's device. The BlackBerry Enterprise Server resolves conflicting settings using
predefined reconciliation rules and prioritized rankings that you can specify using the BlackBerry Administration Service.
After you install the BlackBerry Device Software and BlackBerry Java Applications on devices, you can view details about
how the BlackBerry Administration Service resolved software configuration conflicts.
For more information about installing and managing the BlackBerry Device Software on devices, visit
39
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
BlackBerry device management
You can use the BlackBerry Enterprise Server to control how you implement, maintain, and upgrade BlackBerry devices
across your organization.
Controlling third-party applications on BlackBerry
devices
Feature
Description
control the installation and removal of You can use the BlackBerry Administration Service to install applications on
third-party applications
BlackBerry devices over the wireless network, or you can permit users to
download and install third-party applications on their BlackBerry devices. You
can remove applications from BlackBerry devices over the wireless network, and
you can also prevent users from downloading applications.
control the resources that third-party
applications can access
You can use standard application control policies or create custom application
control policies to specify the resources that third-party applications can access
on BlackBerry devices (for example, message, phone, and key store).
You can create IT policies that specify the types of connections that third-party
applications on BlackBerry devices can establish (for example, opening network
connections inside the firewall).
BlackBerry Policy Service
The BlackBerry Policy Service sends IT policies and IT administration commands to BlackBerry devices and provisions
service books over the wireless network. When you activate a BlackBerry device, change an IT policy, or request that a
BlackBerry Enterprise Server resend service books, the BlackBerry Enterprise Server uses the BlackBerry Policy Service to
send the updates to the BlackBerry device.
An IT policy consists of rules that define BlackBerry device security, settings for synchronizing data over the wireless
network, and other behaviors for the individual groups or user accounts that you define. You can configure IT policies using
the BlackBerry Administration Service.
40
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
wireless delivery
When you configure an IT policy, all rules take effect when the BlackBerry
Policy Service delivers the IT policy to a BlackBerry device over the wireless
network. The BlackBerry device stores new IT policy rule values in the user
configurations on the BlackBerry device automatically.
To keep the IT policy rules current, a BlackBerry Enterprise Server sends the
IT policy to the BlackBerry device over the wireless network periodically.
IT policy coverage
When you add a user account to a BlackBerry Enterprise Server, the
BlackBerry Policy Service applies the Default IT policy to the user account
automatically. The user account is not active on the BlackBerry Enterprise
Server until a BlackBerry device accepts the IT policy.
You can apply a different IT policy to a user account. If you delete an IT policy
that you applied to a user account, the BlackBerry Policy Service applies the
user account to the Default IT policy automatically.
IT policy assignment
resend options
You can apply an IT policy to a group or an individual user account.
If a BlackBerry Enterprise Server cannot send an updated IT policy to a
BlackBerry device immediately (for example, if a user is outside of a wireless
coverage area), you can resend the IT policy manually or configure when the
BlackBerry Policy Service resends the IT policy. The BlackBerry Enterprise
Server continues to resend the IT policy until it delivers the IT policy.
security enforcement
You can configure IT polices that define security settings for BlackBerry
devices, the BlackBerry Desktop Software and the BlackBerry Web Desktop
Manager, and that override security settings that users define on their
BlackBerry devices. For example, you can configure whether a password is
required for a BlackBerry device, the length of time that the password can
exist before it becomes invalid, and the length and composition of the
password. You can also use IT policies to specify encryption key details.
BlackBerry Router
The BlackBerry Router connects to the wireless network and sends data to and receives data from the BlackBerry
Infrastructure on behalf of the BlackBerry Enterprise Server. The BlackBerry Router also sends data to and receives data
from BlackBerry devices that are connected to the BlackBerry Device Manager or a Wi-Fi network. The BlackBerry Device
Manager is included with the BlackBerry Device Software, BlackBerry Web Desktop Manager, and BlackBerry
Administration Service.
41
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
When the BlackBerry Enterprise Server detects a BlackBerry Router, it identifies the IP address of the computer that hosts
the BlackBerry Router and writes the IP address to the BlackBerry Configuration Database. When BlackBerry device users
activate devices that are running BlackBerry Device Software 4.0 or later, the BlackBerry Router sends the IP address to
the devices in a service book.
If you change the IP address of the computer that hosts the BlackBerry Router, devices detect the change automatically.
Users do not need to reconnect devices to the BlackBerry Device Manager to receive the new IP address and a new service
book. However, a delay occurs before devices detect the change. During the delay, devices cannot connect to the
BlackBerry Device Manager or a Wi-Fi network.
The BlackBerry Router supports the use of multiple network cards on users’ computers, which is also known as
multihoming.
BlackBerry Web Desktop Manager
The BlackBerry Web Desktop Manager is a web application that provides many of the same features that the BlackBerry
Desktop Manager does. Users can connect their BlackBerry devices to their computers using a USB connection or
Bluetooth connection, and log in to BlackBerry Web Desktop Manager to activate and manage their BlackBerry devices,
back up and restore data, define email settings, and update the BlackBerry Device Software.
Feature
Description
access
Users can access device management and configuration capabilities from any
computer that can access the intranet.
application management
Users can use the BlackBerry Web Desktop Manager to install, manage, and
remove the applications that are installed on their BlackBerry devices.
42
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Feature
Description
BlackBerry Device Software
management
Users can use the BlackBerry Web Desktop Manager to update the BlackBerry
Device Software on their BlackBerry devices.
control user's access to features
customizable interface
device activation
You can specify the BlackBerry Web Desktop Manager features that users can
access using IT policies and settings in the BlackBerry Administration Service.
You can customize the appearance of the UI to match your organization's
requirements. You can customize the font colors, logo, and the help.
Users can use the BlackBerry Web Desktop Manager to set activation
passwords and activate their BlackBerry devices.
switch devices
Users can use the BlackBerry Web Desktop Manager to switch BlackBerry
devices, and migrate from third-party devices that have BlackBerry Application
Suite installed, to BlackBerry devices.
folder redirection
language support
Users can use the BlackBerry Web Desktop Manager to select the folders that
the BlackBerry Enterprise Server redirects messages from.
The BlackBerry Web Desktop Manager is available in English, French, German,
Italian, Spanish, and Japanese. Users can select a language before they log in to
the BlackBerry Web Desktop Manager.
simplified administration
service statistics
The web UI does not require you to deploy, support, and maintain client-side
software such as the BlackBerry Desktop Manager.
The BlackBerry Web Desktop Manager provides users with statistics about the
message status (forwarded, sent, pending, expired, filtered), last contact time,
and information about the last message sent or received.
synchronization of contact folders
Users can use the BlackBerry Web Desktop Manager to select the public or
private contact folders that they want to synchronize to their BlackBerry devices
over the wireless network.
Comparison of BlackBerry Web Desktop Manager and
BlackBerry Desktop Software features
Supported feature
BlackBerry Web Desktop Manager
BlackBerry Desktop Software
ability to view the BlackBerry Desktop supported
Software that is installed on the users'
computers
supported
application loader tool
supported with the following
conditions:
supported with the following
conditions:
43
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Supported feature
BlackBerry Web Desktop Manager
BlackBerry Desktop Software
•
•
option to choose not to save the
backup file
•
•
no option to choose whether to
save the backup file
BlackBerry services are not
maintained if the users disconnect
their BlackBerry devices before
completing the process
BlackBerry services are maintained
if the users disconnect their
BlackBerry devices before clicking
the Close button in the Load was
successful dialog box
BlackBerry Desktop Redirector
not included
included
BlackBerry Device Software updates
supported with the following
conditions:
supported with the following
conditions:
•
you install the software on a shared
network drive
•
users install the software on their
computers and run the application
loader tool
•
BlackBerry Web Desktop Manager
forces users to update the
BlackBerry Device Software when a
software configuration is assigned
to the user accounts
•
BlackBerry Desktop Manager
notifies the users when a newer
version of BlackBerry Device
Software is available on their
computers
certificate synchronization
not supported
not supported
supported
supported
changing the email profile options
connections to BlackBerry devices
supported with the following
conditions:
supported with the following
conditions:
•
users can connect to multiple
BlackBerry devices at the same
time
•
users can connect to only one
BlackBerry device at a time
•
BlackBerry Desktop Software
prompts users if they want to
switch from using a Bluetooth
connection to using a USB
connection
•
BlackBerry Web Desktop Manager
does not prompt users if they want
to switch from using a Bluetooth
connection to using a USB
connection
device activation
supported with the following
conditions:
supported with the following
conditions:
•
•
occurs automatically for new users
•
occurs automatically each time
users plug in a BlackBerry device
if users without active BlackBerry
devices connect BlackBerry
44
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Supported feature
BlackBerry Web Desktop Manager
BlackBerry Desktop Software
devices that belong to other users,
the BlackBerry Web Desktop
Manager prompts the users who
connected the BlackBerry devices
if they want to switch to the
BlackBerry devices
•
if users without active BlackBerry
devices connect BlackBerry
devices that belong to other users,
the BlackBerry Desktop Software
notifies the users who connected
the BlackBerry devices that an
activation process is underway by
asking the users whether an
encryption key should be created
switching devices
supported with the following
conditions:
supported with the following
conditions:
•
users can switch from third-party
devices that are running
•
users can switch from third-party
devices to BlackBerry devices
BlackBerry Application Suite to
BlackBerry devices
•
BlackBerry services are maintained
if users disconnect their BlackBerry
devices before clicking the Close
button in the Switch was successful
dialog box
•
•
users can switch between
BlackBerry devices
BlackBerry services are not
maintained if users disconnect
their BlackBerry devices before
completing the process
email message settings
supported with the following
conditions:
supported with the following
conditions:
•
users can import data from the
address book when creating or
changing a filter
•
•
users can import data for filtering
users can turn off message
redirection while their BlackBerry
device are connected
•
users cannot turn off message
redirection while their BlackBerry
devices are connected
•
•
users can generate encryption keys
users can override email addresses
•
•
users cannot generate encryption
keys
users cannot override email
addresses
media management
not supported
not supported
supported
supported
modem support for devices
45
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Supported feature
BlackBerry Web Desktop Manager
BlackBerry Desktop Software
prompt for BlackBerry device
password
BlackBerry devices can connect
without a prompt for the device
password
required before BlackBerry devices
can connect to the users' computers
statistics for user accounts
supported with the following
conditions:
supported with the following
conditions:
•
•
•
all supported messaging
environments
•
•
•
Microsoft Exchange environments
only
users cannot clear the redirection
queue
users can clear the redirection
queue
users cannot clear the redirection
statistics
users can clear the redirection
statistics
supported BlackBerry Device Software BlackBerry Device Software version
all
versions
4.0 and later
supported IT policies
•
•
•
•
•
•
•
•
•
Auto Backup Enabled
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Auto Backup Enabled
Auto Backup Exclude Messages
Auto Backup Exclude Sync
Auto Backup Frequency
Auto Backup Exclude Messages
Auto Backup Exclude Sync
Auto Backup Frequency
Auto Backup Include All
Desktop Allow Device Switch
Desktop Password Cache Timeout
Disable Media Manager
Do Not Save Sent Messages
Force Load Count
Auto Backup Include All
Desktop Allow Device Switch
Desktop Password Cache Timeout
Do Not Save Sent Messages
Force Load Message
Forward Message In Cradle
Message Prompt
Show AppLoader
Show Web Link
synchronization over a serial
connection
users cannot synchronize the following users can synchronize the following
data over a serial connection: data over a serial connection:
•
•
•
•
organizer data
•
•
•
•
organizer data
email messages
email messages
third-party application data
date and time
third-party application data
date and time
46
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server components and features
Managing a distributed environment for
BlackBerry Enterprise Server components
You can install the BlackBerry Enterprise Server components on multiple computers so that you can manage the size of
your organization's BlackBerry Domain. For example, you can install the BlackBerry Attachment Service and BlackBerry
MDS Connection Service on separate computers to provide the computer that hosts the BlackBerry Enterprise Server with
additional resources that the BlackBerry Enterprise Server can use to process email messages.
Wireless activation
The wireless activation process activates BlackBerry devices that are associated with a BlackBerry Enterprise Server over
the wireless network. Neither you nor the BlackBerry device users are required to connect the BlackBerry devices to a
computer in your organization's network to complete the activation process.
You can use wireless activation to activate a large number of BlackBerry devices over the wireless network. When
BlackBerry device users want to activate new or replacement BlackBerry devices that are associated with the BlackBerry
Enterprise Server over the wireless network, they must notify you or access the provisioning server console. You or the
BlackBerry device user can create activation passwords.
The BlackBerry Enterprise Solution can begin the wireless activation process automatically or when BlackBerry device
users open the activation application on their BlackBerry devices and type their activation passwords and email addresses.
When the activation process completes, the BlackBerry device users are activated and can send email messages from and
receive email messages on their BlackBerry devices.
If users purchase BlackBerry devices, you must make sure that the BlackBerry devices can be associated with the
BlackBerry Enterprise Server and not the BlackBerry Internet Service. You must create user accounts and activate
BlackBerry devices so that you can associate the BlackBerry devices with a BlackBerry Enterprise Server.
47
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Solution security
6
BlackBerry Enterprise Solution
security
The BlackBerry Enterprise Solution consists of various products and components that are designed to extend your
organization’s communication methods to BlackBerry devices. The BlackBerry Enterprise Solution is designed to help
protect data that is in transit at all points between a device and the BlackBerry Enterprise Server. To help protect data that
is in transit over the wireless network, the BlackBerry Enterprise Server and device use symmetric key cryptography to
encrypt the data sent between them. The BlackBerry Enterprise Solution is designed to prevent third parties, including
wireless service providers, from accessing your organization's potentially sensitive information in a decrypted format.
The BlackBerry Enterprise Solution uses confidentiality, integrity, and authenticity, which are principles for information
security, to help protect your organization from data loss or alteration.
Principles
Description
confidentiality
The BlackBerry Enterprise Solution uses symmetric key cryptography to help
make sure that only intended recipients can view the contents of email
messages.
integrity
The BlackBerry Enterprise Solution uses symmetric key cryptography to help
protect every email message that the device sends and to help prevent third
parties from decrypting or altering the message data.
Only the BlackBerry Enterprise Server and the device know the value of the keys
that they use to encrypt messages and recognize the format of a decrypted and
decompressed message. The BlackBerry Enterprise Server or the device rejects
a message automatically if it is not encrypted with keys that they recognize as
valid.
authenticity
Before the BlackBerry Enterprise Server sends data to the device, the device
authenticates with the BlackBerry Enterprise Server to prove that the device
knows the device transport key that is used to encrypt data.
48
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Solution security
Security features of the BlackBerry
Enterprise Solution
Feature
Description
data protection
The BlackBerry Enterprise Solution is designed to protect data that is in transit
between the BlackBerry Enterprise Server and a BlackBerry device and data
that is in transit between your organization’s messaging server and the email
application on a user’s computer. The BlackBerry Enterprise Solution encrypts
data that is stored on the device and in the BlackBerry Configuration Database.
To help protect data that is stored on the device, you can require a user to
authenticate to the device using a password, a smart card, or both.
encryption key protection
The device is designed to protect the encryption keys that are stored on the
device. The device encrypts the encryption keys when the device is locked.
control of device connections
The BlackBerry Enterprise Solution is designed to control the following
connections:
•
•
connections using Bluetooth technology to and from the device
connections from a Wi-Fi enabled device to enterprise Wi-Fi networks
The BlackBerry Enterprise Solution is designed to control which devices can
connect to the BlackBerry Enterprise Server.
control of the behavior of the device
and BlackBerry Desktop Software
To control the behavior of the device and BlackBerry Desktop Software, you can
send IT administration commands, IT policies, and application control policies
to the device. You can use IT administration commands, IT policies, and
application control policies to perform the following actions:
•
•
•
You can send IT administration commands to lock the device, permanently
delete work data, permanently delete user information and application data,
and return the device settings to the default values.
You can send an IT policy to a device to change security settings. You can
use the IT policy to enforce the device password and BlackBerry Smart Card
Reader password.
You can send an application control policy to a device to control whether
third-party applications are available and can connect to the device and
whether third-party applications or add-on applications developed by
Research In Motion can access work data.
49
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Solution security
Encrypting data that the BlackBerry
Enterprise Server and a BlackBerry device
send to each other
To encrypt data that is in transit between the BlackBerry Enterprise Server and a BlackBerry device in your organization,
the BlackBerry Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is
designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when
the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a
message to when the BlackBerry device receives the message.
Before the BlackBerry device sends a message, it compresses and encrypts the message using the device transport key.
When the BlackBerry Enterprise Server receives a message from the BlackBerry device, the BlackBerry Dispatcher
decrypts the message using the device transport key, and then decompresses the message.
Algorithms that the BlackBerry Enterprise Solution
uses to encrypt data
The BlackBerry Enterprise Solution uses AES or Triple DES as the symmetric key cryptographic algorithm for encrypting
data. By default, the BlackBerry Enterprise Server uses the strongest algorithm that both the BlackBerry Enterprise Server
and the BlackBerry device support for BlackBerry transport layer encryption.
If you configure the BlackBerry Enterprise Server to support AES and Triple DES, by default, the BlackBerry Enterprise
Solution generates device transport keys using AES encryption. If a BlackBerry device uses BlackBerry Device Software
version 3.7 or earlier or BlackBerry Desktop Software version 3.7 or earlier, the BlackBerry Enterprise Solution generates
the device transport keys of the BlackBerry device using Triple DES.
How the BlackBerry Enterprise Solution uses AES to encrypt data
By default, when a BlackBerry device supports AES, the BlackBerry Enterprise Solution uses AES for BlackBerry transport
layer encryption. The BlackBerry Enterprise Solution uses AES in CBC mode to generate the message keys and device
transport keys. The keys consist of 256 bits of data.
BlackBerry Enterprise Server version 4.0 or later, BlackBerry Device Software version 4.0 or later, and BlackBerry Desktop
Software version 4.0 or later support AES.
For more information about how the BlackBerry Enterprise Server uses AES for BlackBerry transport layer encryption to
50
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Solution security
How the BlackBerry Enterprise Solution uses Triple DES to encrypt data
The BlackBerry Enterprise Solution uses a two-key Triple DES encryption algorithm to generate message keys and device
transport keys. In the three iterations of the DES algorithm, the first 56-bit key in outer CBC mode encrypts the data, the
second 56-bit key decrypts the data, and the first key encrypts the data again.
The BlackBerry Enterprise Solution stores the message keys and device transport keys as 128-bit binary strings with each
parity bit in the least significant bit of each of the 8 bytes of key data. The message keys and device transport keys have
overall key lengths of 112 bits and include 16 bits of parity data.
All versions of the BlackBerry Enterprise Server, BlackBerry Device Software, and BlackBerry Desktop Software support
Triple DES.
For more information about Triple DES, see Federal Information Processing Standard - FIPS PUB 81 [3].
Extending messaging security to a
BlackBerry device
If your organization's messaging environment supports secure messaging technology such as PGP encryption or S/MIME
encryption, you can configure the BlackBerry Enterprise Solution to encrypt a message using PGP encryption or S/MIME
encryption so that the message remains encrypted when the BlackBerry Enterprise Server forwards the message to the
email applications of recipients. To extend messaging security, the sender and recipient must install highly secure
messaging technology on the computers that host the email applications and on their BlackBerry devices, and you must
configure the BlackBerry devices to use the highly secure messaging technology.
Encrypting user data on a locked device
If you or a BlackBerry device user turns on content protection, you or the user can configure a locked device to encrypt
stored user data and data that the locked device receives. When you or a user turns on content protection, a locked device
is designed to use AES-256 encryption to encrypt stored data and an ECC public key to encrypt data that the locked device
receives.
For example, the locked device uses content protection to encrypt the following items:
•
•
•
•
•
subject, location, meeting organizer, attendees, and any notes in all appointments or meeting requests
all contact information in the contact list except for the contact title and category
subject, email addresses of intended recipients, message body, and attachments in all email messages
title and information that is included in the body of a note for all memos (also known as posted messages)
subject and all information that is included in the body of tasks (also known as posted all day appointments)
51
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Solution security
•
•
•
if you use software tokens, contents of the .sdtid file seed that is stored in flash memory
all data that is associated with third-party applications that a user installs on the device
in the BlackBerry Browser, content that web sites or third-party applications push to the device, any web sites that the
user saves on the device, and the browser cache
•
all text that replaces the text automatically that the user types on the device
You can change the Content Protection of Contact List IT policy rule to Required to prevent the user from turning off
content protection for the contact list on the device. If you change the Content Protection of Contact List IT policy rule to
Required, the device does not permit call display and does not share contacts over a Bluetooth connection when the
device is locked.
Encrypting the device transport key on a
locked device
If you turn on content protection for device transport keys, a BlackBerry device uses the principal encryption key to encrypt
the device transport keys that are stored in flash memory. The device encrypts the principal encryption key using the
content protection key. When a locked device receives data that is encrypted using the device transport key, it uses the
decrypted principal encryption key to decrypt the device transport key in flash memory and then uses the decrypted device
transport key to decrypt data.
When you, a user, or a password timeout locks the device, the wireless transceiver remains on and the device does not
delete the memory that is associated with the principal encryption key or device transport key. The device is designed to
prevent the decrypted principal encryption key and the decrypted device transport key from appearing in flash memory.
You can turn on content protection for device transport keys on the device when you configure the Force Content
Protection of Master Keys IT policy rule. When you turn on content protection of device transport keys, the device uses the
ECC key strength that you specified in the Content Protection Strength IT policy rule to encrypt the device transport keys.
Managing device access to the BlackBerry
Enterprise Server
You can use the Enterprise Service Policy to control which BlackBerry devices can connect to a BlackBerry Enterprise
Server. By default, after you turn on the Enterprise Service Policy, the BlackBerry Enterprise Server permits connections
from any device that you previously associated with the BlackBerry Enterprise Server. The BlackBerry Enterprise Server
also prevents connections from any device that you associate with the BlackBerry Enterprise Server after you turn on the
Enterprise Service Policy.
52
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Solution security
You can configure an allowed list to determine which devices can access a BlackBerry Enterprise Server. A device that
meets the criteria that you specify in the allowed list can associate with the BlackBerry Enterprise Server when the device
activates over the wireless network.
You can define the following types of criteria:
•
•
•
•
specific device PINs
range of device PINs
specific manufacturers
specific device models
The BlackBerry Administration Service includes lists of permitted manufacturers and models of devices that you
associated with the BlackBerry Enterprise Server previously.
You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise
Server even if you configure the allowed list with criteria that exclude that device.
For more information, see the BlackBerry Enterprise Server Administration Guide.
Using an IT policy to manage BlackBerry
Enterprise Solution security
You can use an IT policy to control and manage BlackBerry devices, the BlackBerry Desktop Software, and the BlackBerry
Web Desktop Manager in your organization's environment. An IT policy consists of multiple IT policy rules that manage the
security and behavior of the BlackBerry Enterprise Solution. For example, you can use IT policy rules to manage the
following security features and behaviors of the device:
•
encryption (for example, encryption of user data and messages that the BlackBerry Enterprise Server forwards to
message recipients) and encryption strength
•
•
•
•
use of a password or pass phrase
connections that use Bluetooth wireless technology
protection of user data and device transport keys on the device
control of device resources, such as the camera or GPS, that are available to third-party applications
The BlackBerry Enterprise Server includes preconfigured IT policies that you can use to manage the security of the
BlackBerry Enterprise Solution. The Default IT policy includes IT policy rules that are configured to indicate the default
behavior of the device or BlackBerry Desktop Software.
After a device user activates a device, the BlackBerry Enterprise Server automatically sends to the device the IT policy that
you assigned to the user account or group. By default, if you do not assign an IT policy to the user account or group, the
BlackBerry Enterprise Server sends the Default IT policy. If you delete an IT policy that you assigned to the user account or
group, the BlackBerry Enterprise Server automatically re-assigns the Default IT policy to the user account and resends the
Default IT policy to the device.
53
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Solution security
For more information, see the BlackBerry Enterprise Server Policy Reference Guide.
Using IT administration commands to
protect a lost or stolen device
The BlackBerry Enterprise Server includes IT administration commands that you can send over the wireless network to
protect sensitive data on a BlackBerry device. You can use the commands to lock the device, permanently delete work
data, permanently delete user information and application data, and return the device settings to the default values.
IT administration command
Description
Specify new device password and lock This command creates a new password and locks a device over the wireless
device
network. You can communicate the new password to the user verbally when the
BlackBerry device user locates the device. When the user unlocks the device,
the device prompts the user to accept or reject the new password.
You can use this command if the device is lost. If you or a user turned on content
protection and a device is running BlackBerry Device Software 4.3.0 or later,
you can use this command. If you or a user turned on two-factor content
protection, you cannot use this command.
Delete only the organization data and
remove device
This command permanently deletes all work data that the device stores and
removes the device from the BlackBerry Enterprise Server. All personal data
remains on the device.
You can send this command to a personal device when a user no longer works at
your organization and you want to delete work data from the device.
You can also specify whether you want to delete or disable a user account from
the BlackBerry Enterprise Server after the device deletes all work data.
Delete all device data and remove
device
This command permanently deletes all user information and application data
that the device stores. You can configure the following options when you use this
command:
•
•
•
specify a delay, in hours, that must occur before the device starts to delete
all the user information and application data
require the device to return to its factory default settings when it receives
this command
specify whether to permit the user to stop permanently deleting data from
the device and making the device unavailable during the delay period
You can send this command to a device that you want to distribute to another
user in your organization, or to a device that is lost and that the user might not
recover.
54
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Solution security
IT administration command
Description
You can also specify whether you want to delete or disable a user account from
the BlackBerry Enterprise Server after the device deletes all user information
and application data.
55
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
7
BlackBerry Enterprise Server
high availability
High availability permits you to provide minimum downtime for BlackBerry services if BlackBerry Enterprise Server
components stop responding or if they require maintenance. BlackBerry Enterprise Server high availability consists of a
minimum of two BlackBerry Enterprise Server instances and the BlackBerry Configuration Database which is replicated
across two database servers. High availability is designed so that no single point of failure exists in the BlackBerry
Enterprise Solution that could break the messaging data flow and application data flow to and from BlackBerry devices.
When you configure the BlackBerry Enterprise Server for high availability, you install a primary BlackBerry Enterprise
Server and a standby BlackBerry Enterprise Server on different computers within the same network segment. These
BlackBerry Enterprise Server instances create a BlackBerry Enterprise Server pair. Both BlackBerry Enterprise Server
instances use the same SRP credentials and BlackBerry Configuration Database. You can configure an automatic failover
process or a manual failover process.
The standby BlackBerry Enterprise Server connects to the primary BlackBerry Enterprise Server and checks periodically
that the primary BlackBerry Enterprise Server is healthy. The health of a BlackBerry Enterprise Server is determined by
thresholds that you can configure. If the health of the primary BlackBerry Enterprise Server falls below the failover
threshold or if the primary BlackBerry Enterprise Server stops responding, the standby BlackBerry Enterprise Server tries
to promote itself. If the messaging server and the BlackBerry Configuration Database remain available during the failover
process, the message delays that device users might experience are similar to the delays that users experience when you
start a BlackBerry Enterprise Server instance.
BlackBerry Enterprise Server high
availability in a small-scale environment
The following diagram shows how you can configure a BlackBerry Enterprise Server for high availability in a small-scale
environment. Each primary BlackBerry Enterprise Server instance requires its own standby BlackBerry Enterprise Server
instance. You install the primary BlackBerry Enterprise Server and standby BlackBerry Enterprise Server on different
computers. You can install all BlackBerry Enterprise Server components on both computers to minimize the number of
computers that the BlackBerry Enterprise Server environment requires.
56
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
Both BlackBerry Enterprise Server instances in the BlackBerry Enterprise Server pair include, by default, the BlackBerry
Attachment Service, BlackBerry Dispatcher, BlackBerry MDS Connection Service, BlackBerry Messaging Agent,
BlackBerry Policy Service, BlackBerry Router, and BlackBerry Synchronization Service. By default, if you choose to install
the BlackBerry Collaboration Service with both instances, the BlackBerry Collaboration Service is included in the
BlackBerry Enterprise Server pair.
To administer the BlackBerry Enterprise Server pair, you can install the BlackBerry Administration Service with both
BlackBerry Enterprise Server instances and configure high availability for the BlackBerry Administration Service
separately.
In a large-scale environment, you can add any number of BlackBerry Enterprise Server pairs that use the same BlackBerry
Configuration Database.
How the BlackBerry Enterprise Server
calculates health scores
Certain BlackBerry Enterprise Server components calculate a health score that indicates how well the component can
provide specific services. The components send their health scores to the BlackBerry Dispatcher, which combines the
health scores of the components to calculate the overall health score of the BlackBerry Enterprise Server. The BlackBerry
Dispatcher writes the information to the BlackBerry Configuration Database, and it provides the information to a
BlackBerry Enterprise Server that requests it.
57
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
The BlackBerry Enterprise Server components calculate their health scores by examining their operating health, the
stability of their connections to other components, and the health scores of the other components.
The health score of the BlackBerry Enterprise Server consists of various health parameters. Each health parameter
indicates whether a particular service or feature is available. If you turn on the automatic failover feature for the BlackBerry
Enterprise Server, you can configure health parameters so that the BlackBerry Enterprise Server fails over automatically
when critical services or features are no longer available.
Conditions for failover to a standby
BlackBerry Enterprise Server
Failover between the primary and standby BlackBerry Enterprise Server instances occurs when the standby BlackBerry
Enterprise Server determines that its health score is above the promotion threshold and one or more of the following events
occurred:
•
•
•
•
The standby BlackBerry Enterprise Server receives a health score from the primary BlackBerry Enterprise Server that is
below the failover threshold.
The standby BlackBerry Enterprise Server reads, in the BlackBerry Configuration Database, a health score for the
primary BlackBerry Enterprise Server that is below the failover threshold.
The standby BlackBerry Enterprise Server does not receive a response when it checks the BlackBerry Dispatcher for
the health score of the primary BlackBerry Enterprise Server.
The standby BlackBerry Enterprise Server pings the BlackBerry Dispatcher on the network but cannot determine
whether the primary BlackBerry Enterprise Server is running.
How a primary BlackBerry Enterprise Server
self-demotes
After the primary BlackBerry Enterprise Server receives a request from a standby BlackBerry Enterprise Server to self-
demote, the primary BlackBerry Enterprise Server performs the following actions:
•
•
•
closes its SRP connection to the BlackBerry Infrastructure
stops the flow of all messages
stops the Novell GroupWise SOAP connector if your organization's environment includes the BlackBerry Enterprise
Server for Novell GroupWise
•
demotes its connections to the messaging server and BlackBerry Configuration Database to standby connections
58
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
•
informs the standby BlackBerry Enterprise Server that it self-demoted
Scenario: What happens after a primary
BlackBerry Enterprise Server stops
responding
If a primary BlackBerry Enterprise Server stops responding, the standby BlackBerry Enterprise Server performs one of two
actions depending on whether its health score is above or below the promotion threshold.
The standby BlackBerry Enterprise Server can perform the following actions if the messaging server, BlackBerry
Infrastructure, and BlackBerry Configuration Database are available.
Action that the standby BlackBerry Enterprise Server performs when its
health score is above the promotion threshold
1. The standby BlackBerry Enterprise Server determines that the primary BlackBerry Enterprise Server stopped
responding.
2. The standby BlackBerry Enterprise Server checks its own health score and determines that the health score is above
the promotion threshold.
3. The standby BlackBerry Enterprise Server opens active connections to the BlackBerry Configuration Database and
messaging server.
4. If your organization's environment includes the BlackBerry Enterprise Server for Novell GroupWise, the standby
BlackBerry Enterprise Server starts the GroupWise SOAP connector.
5. The standby BlackBerry Enterprise Server tries to open an SRP connection to the BlackBerry Infrastructure.
6. When the connection to the BlackBerry Infrastructure is stable, the standby BlackBerry Enterprise Server writes its
identity as the primary BlackBerry Enterprise Server to the BlackBerry Configuration Database.
Action that the standby BlackBerry Enterprise Server performs when its
health score is below the promotion threshold
1. The standby BlackBerry Enterprise Server determines that the primary BlackBerry Enterprise Server stopped
responding.
2. The standby BlackBerry Enterprise Server checks its own health score and determines that the health score is below
the promotion threshold.
The standby BlackBerry Enterprise Server cannot become the primary instance. You must resolve any issues before the
standby BlackBerry Enterprise Server can recover.
59
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
Scenario: What happens after the health
score of a primary BlackBerry Enterprise
Server falls below the failover threshold
The following scenario can occur if the messaging server, BlackBerry Infrastructure, and BlackBerry Configuration
Database are available.
1. The standby BlackBerry Enterprise Server determines that the health score of the primary BlackBerry Enterprise Server
fell below the failover threshold.
2. The standby BlackBerry Enterprise Server checks its own health score and determines that its health score is above the
promotion threshold and higher than the health score of the primary BlackBerry Enterprise Server.
3. The standby BlackBerry Enterprise Server sends a demotion request to the primary BlackBerry Enterprise Server.
4. The primary BlackBerry Enterprise Server self-demotes.
5. If your organization's environment includes the BlackBerry Enterprise Server for Novell GroupWise, the primary
BlackBerry Enterprise Server stops the Novell GroupWise SOAP connector.
6. The standby BlackBerry Enterprise Server opens active connections to the BlackBerry Configuration Database and
messaging server.
7. If your organization's environment includes the BlackBerry Enterprise Server for Novell GroupWise, the standby
BlackBerry Enterprise Server starts the GroupWise SOAP connector.
8. The standby BlackBerry Enterprise Server tries to open an SRP connection to the BlackBerry Infrastructure.
9. The standby BlackBerry Enterprise Server writes its identity as the primary BlackBerry Enterprise Server to the
BlackBerry Configuration Database.
BlackBerry Configuration Database high
availability
The type of BlackBerry Configuration Database high availability that you can configure depends on the type of database
server that is in your organization's environment.
If your organization's environment includes Microsoft SQL Server 2005 SP2 or later, you can configure database mirroring.
Database mirroring requires a principal database, a mirror database, and a witness. Although the BlackBerry Enterprise
Server can contact the mirror database, it opens active connections to the principal database only. If the principal
60
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
database stops responding, the BlackBerry Enterprise Server opens an active connection to the mirror database
automatically. Database mirroring provides fault tolerance for the BlackBerry Enterprise Solution.
If your organization's environment includes a version of Microsoft SQL Server that is earlier than version 2005 SP2, you can
configure transactional replication of the BlackBerry Configuration Database and create a replicated BlackBerry
Configuration Database. If the BlackBerry Configuration Database stops responding, you must fail over the BlackBerry
Enterprise Server to the replicated BlackBerry Configuration Database manually.
BlackBerry Configuration Database mirroring
The following diagram shows how you can configure the BlackBerry Configuration Database with principal and mirror
instances and a witness for high availability. The BlackBerry Enterprise Server connects to the principal BlackBerry
Configuration Database directly, and can fail over to the mirror BlackBerry Configuration Database if the principal
BlackBerry Configuration Database stops responding.
The primary BlackBerry Enterprise Server connects to the principal BlackBerry Configuration Database and accesses data
from it. The name of the mirror BlackBerry Configuration Database is stored in the Windows registry of the computers that
hosts the primary and standby BlackBerry Enterprise Server instances. The BlackBerry Enterprise Server instances do not
connect to the mirror BlackBerry Configuration Database until after the principal BlackBerry Configuration Database stops
responding.
61
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
The primary BlackBerry Enterprise Server connects to the messaging server and processes the messaging data that it
sends to and receives from BlackBerry devices.
The standby BlackBerry Enterprise Server opens standby connections to the principal BlackBerry Configuration Database
and the messaging server.
Scenario: What happens after the principal BlackBerry
Configuration Database stops responding
If a principal BlackBerry Configuration Database stops responding, the response of the primary BlackBerry Enterprise
Server depends on whether it can connect to the mirror BlackBerry Configuration Database.
The following responses assume that the messaging server and BlackBerry Infrastructure are available.
Response of a primary BlackBerry Enterprise Server that can connect to
the mirror BlackBerry Configuration Database
1. The primary BlackBerry Enterprise Server loses its connection to the principal BlackBerry Configuration Database.
2. The primary BlackBerry Enterprise Server connects to the mirror BlackBerry Configuration Database.
3. The primary BlackBerry Enterprise Server remains the primary instance.
Response of a primary BlackBerry Enterprise Server that cannot connect
to the mirror BlackBerry Configuration Database
1. The primary BlackBerry Enterprise Server loses its connection to the principal BlackBerry Configuration Database.
2. The primary BlackBerry Enterprise Server tries to connect to the mirror BlackBerry Configuration Database, but is
unsuccessful.
3. The primary BlackBerry Enterprise Server lowers its health score and continues to provide limited services.
One of the following events occurs:
•
If the standby BlackBerry Enterprise Server can open a connection to the principal or mirror BlackBerry
Configuration Database, it demotes the primary BlackBerry Enterprise Server and promotes itself to become the
primary instance.
•
If the standby BlackBerry Enterprise Server cannot open a connection to the principal or mirror BlackBerry
Configuration Database, it cannot promote itself. You must resolve any issues before the BlackBerry Enterprise
Server pair can recover.
62
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
High availability in a distributed
environment
If you install multiple BlackBerry Enterprise Server components on different computers to create a distributed
environment, you can configure the components for high availability. High availability for a distributed component requires
that you install two or more instances of the component in your organization's environment. When an instance stops
responding, the other instances can take over.
When you install multiple BlackBerry Enterprise Server components in a distributed environment, each BlackBerry
Enterprise Server component implements high availablility differently.
Component
High availability type
Description
BlackBerry Administration
Service
load balancing using DNS
round robin, or a hardware
load balancer
When you install two or more BlackBerry Administration
Service instances, you can create a BlackBerry
Administration Service pool. You can access the BlackBerry
Administration Service instances using a single web
address. The load is distributed across the instances. If a
BlackBerry Administration Service instance stops
responding, the pool routes requests to the available
instances.
BlackBerry Attachment
Service
load-balancing with primary When you install two or more BlackBerry Attachment
and secondary groups
Service instances, you can create a BlackBerry Attachment
Service pool for each BlackBerry Enterprise Server
instance. You can configure a pool with a primary group of
instances and, optionally, a secondary group of instances.
The BlackBerry Enterprise Server sends all requests to the
primary group. If the primary group cannot convert a
specific file format, the BlackBerry Enterprise Server
forwards conversion requests for the specific file format to
the secondary group.
BlackBerry Collaboration
Service
failover with an active
connection to one instance
and standby connections to Collaboration Service pool for each BlackBerry Enterprise
When you install two or more BlackBerry Collaboration
Service instances, you can create a BlackBerry
other instances
Server instance. Each BlackBerry Enterprise Server assigns
one of the connections to the BlackBerry Collaboration
Service instances as the active connection, and the other
connections as standby connections. If the BlackBerry
Collaboration Service that the active connection is assigned
to stops responding, the BlackBerry Enterprise Server
63
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server high availability
Component
High availability type
Description
assigns the active connection to another BlackBerry
Collaboration Service instance.
BlackBerry Configuration
Database
database mirroring
If you install the BlackBerry Configuration Database on
Microsoft SQL Server 2005 SP2 or later, you can configure
database mirroring. If the principal BlackBerry
Configuration Database stops responding, the BlackBerry
Enterprise Server fails over to the mirror BlackBerry
Configuration Database.
BlackBerry MDS Connection failover with an active
When you install two or more BlackBerry MDS Connection
Service instances, you can create a BlackBerry MDS
Service
connection to one instance
and standby connections to Connection Service pool for each BlackBerry Enterprise
other instances
Server instance. Each BlackBerry Enterprise Server assigns
one of the connections to the BlackBerry MDS Connection
Service instances as the active connection, and the other
connections as standby connections. If the BlackBerry MDS
Connection Service that the active connection is assigned
to stops responding, the BlackBerry Enterprise Server
assigns the active connection to another BlackBerry MDS
Connection Service instance.
BlackBerry Router
failover
When you install two or more BlackBerry Router instances,
you can create a BlackBerry Router pool for each
BlackBerry Enterprise Server or BlackBerry Enterprise
Server pair. If a BlackBerry Router stops responding, the
BlackBerry Enterprise Server selects another instance
using information that is stored in the BlackBerry
Configuration Database.
64
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
8
Wi-Fi enabled devices
Wi-Fi enabled BlackBerry devices permit users with qualifying data plans to access BlackBerry services over a mobile
network, Wi-Fi network, or both networks simultaneously.
When users can access a mobile network and Wi-Fi network simulaneously, users can perform multiple tasks over both
networks. For example, a user with a BlackBerry 8820 smartphone can send messages over a Wi-Fi network and can make
a call over the mobile network at the same time.
If users' mobile network providers make UMA technology (GAN technology) available, and users have subscribed to the
UMA feature, Wi-Fi enabled devices can access the mobile network providers' voice services and data services over a
mobile network or a Wi-Fi network.
Wi-Fi enabled devices can open a Wi-Fi connection from an enterprise Wi-Fi network or, with a VPN session, from a home
Wi-Fi network or Wi-Fi hotspot to connect directly to the BlackBerry Router.
Wi-Fi enabled devices are designed to open a connection to the BlackBerry Internet Service to access the BlackBerry MDS
Connection Service, BlackBerry Messenger, and other devices for PIN messaging. You can verify with your organization's
wireless service provider whether your organization's service plan provides access to these services over a Wi-Fi network.
Types of Wi-Fi networks
Wi-Fi enabled BlackBerry devices can access BlackBerry services using enterprise Wi-Fi networks, home Wi-Fi networks,
or hotspots.
Type
Description
Enterprise Wi-Fi networks
An enterprise Wi-Fi network has multiple wireless access points to provide
ubiquitous coverage, hotspot coverage, or ubiquitous and hotspot coverage. You
can use a Wi-Fi enabled BlackBerry device in any coverage area.
You can configure an enterprise Wi-Fi network to require layer 2 authentication.
An organization might consider an enterprise Wi-Fi network to be untrusted and
require that all Wi-Fi connections to the organization's network occur through a
VPN concentrator. You must configure Wi-Fi enabled BlackBerry devices to
support the authentication type that your organization uses.
An enterprise Wi-Fi network permits optimized access to the BlackBerry
Enterprise Server over a direct IP connection to the BlackBerry Router.
Home Wi-Fi networks
A home Wi-Fi network uses a single access point to provide Internet access
through a broadband gateway. The broadband gateway can implement NAT and
65
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
Type
Description
permit VPN connections through the firewall. You can configure a home Wi-Fi
network with layer 2 security and password authentication. You must configure
BlackBerry devices to support the authentication that the home Wi-Fi network
requires.
A home Wi-Fi network permits users to access all BlackBerry services from Wi-Fi
enabled BlackBerry devices using the BlackBerry Infrastructure.
Hotspots
A hotspot offered by an ISP, a mobile network provider, or a property owner can
provide a Wi-Fi connection in public and semipublic areas. The network can be
an open network without layer 2 security and use a captive portal for
authentication. The captive portal blocks all network traffic except traffic that
uses HTTP and it redirects HTTP requests to a login page.
After a user logs in to the hotspot, the captive portal permits the user to access
wireless network services.
Hotspots can use a firewall and they can permit VPN connections. A hotspot
permits users to access all BlackBerry services from their Wi-Fi enabled
BlackBerry devices using the BlackBerry Infrastructure.
Wireless access points
Wi-Fi enabled BlackBerry devices use wireless access points to connect to the Wi-Fi network. An access point must
conform to the IEEE 802.11a, IEEE 802.11b, or IEEE 802.11g wireless networking standard.
Type
Description
thin access point
A thin access point (or controller-based access point) is part of an enterprise Wi-
Fi network that you can manage from a central location. This type of access
point requires an external controller to manage network traffic. You can
administer one or more thin access points through the controller.
Thin access points with an external controller can provide a more seamless
roaming experience for users with Wi-Fi enabled BlackBerry devices during data
and voice sessions.
thick access point
A thick access point (or intelligent or autonomous access point), has the
intelligence to operate as a standalone component without a controller.
66
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
Connections that BlackBerry devices make
to mobile and Wi-Fi networks
Wi-Fi enabled BlackBerry devices connect to different components in the mobile and Wi-Fi networks so that they can
communicate with the BlackBerry Enterprise Server and provide BlackBerry services for users.
Component
Description
BlackBerry Enterprise Server
The BlackBerry Enterprise Server provides productivity tools and data from an
organization's applications to BlackBerry devices over the wireless network, and
processes, routes, compresses, and encrypts data.
BlackBerry Infrastructure
The BlackBerry Infrastructure is designed to communicate with the BlackBerry
Enterprise Server using a RIM proprietary protocol SRP.
67
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
Component
Description
BlackBerry Internet Service
The BlackBerry Internet Service is an email and Internet service for BlackBerry
devices that is designed to provide subscribers with automatic delivery of email
messages, mobile access to email message attachments, and convenient access to
Internet content.
UNC/GANC
The UNC/GANC is the gateway for Wi-Fi or mobile communications. The UNC/GANC
exists in your organization’s gateway only if the wireless service provider supports
UMA.
wireless access point for a home An access point for a home Wi-Fi network or hotspot permits the BlackBerry device to
Wi-Fi network or hotspot
connect to a home Wi-Fi network or hotspot.
wireless access point for an
enterprise Wi-Fi network
An access point for an enterprise Wi-Fi network permits a BlackBerry device to
connect to an enterprise Wi-Fi network using strong authentication and link layer
security.
wireless service provider
A wireless service provider is a telephone company that provides services for
BlackBerry devices.
Wi-Fi enabled BlackBerry device A Wi-Fi enabled BlackBerry device permits a user to access voice and data services
across multiple radio technologies.
Connecting Wi-Fi enabled BlackBerry
devices to the BlackBerry Enterprise Server
over a Wi-Fi connection
Direct connections between BlackBerry devices and
the BlackBerry Router over an enterprise Wi-Fi network
Wi-Fi enabled BlackBerry devices can open a direct connection to the BlackBerry Router over an enterprise Wi-Fi network
after you configured a Wi-Fi profile for the user accounts. You can use direct connections to the BlackBerry Router when
Wi-Fi enabled BlackBerry devices are located in your organization’s existing Wi-Fi environment. When BlackBerry devices
connect to the BlackBerry Router, they can bypass SRP connectivity and authentication to connect to the BlackBerry
Enterprise Server directly.
68
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
After BlackBerry devices connect to the Wi-Fi network using a Wi-Fi profile, the BlackBerry devices try to make a direct IP
connection to the BlackBerry Router. With some network architectures, a VPN session might be required to complete the
direct connection to the BlackBerry Router.
Wi-Fi enabled BlackBerry devices include a built-in VPN client that you can configure and assign to any Wi-Fi profile on the
BlackBerry devices. If a direct connection to the BlackBerry Router is possible (with or without a VPN session), the
BlackBerry Enterprise Server starts sending data.
Wi-Fi connection when a VPN connection or direct
connection between BlackBerry devices and the
BlackBerry Router is not possible
If Wi-Fi enabled BlackBerry devices cannot connect directly to the BlackBerry Router (with or without a VPN connection)
over a Wi-Fi network that can access the Internet (for example, a home Wi-Fi network or hotspot), the Wi-Fi enabled
BlackBerry devices open SSL connections over the Internet to the BlackBerry Infrastructure. After the Wi-Fi enabled
BlackBerry devices connect to the BlackBerry Infrastructure, the users' provisioned data services start to send data to the
Wi-Fi enabled BlackBerry devices.
Priority for connections that BlackBerry devices make
over a Wi-Fi network
Wi-Fi enabled BlackBerry devices connect over a Wi-Fi network to the BlackBerry Router or BlackBerry Infrastructure
using the best possible connection or combination of available connections in the following order:
•
connection to the BlackBerry Enterprise Server or BlackBerry MDS Connection Service over a serial, USB, or Bluetooth
connection that uses the BlackBerry Device Manager
•
•
•
connection to the BlackBerry Router from a Wi-Fi network, with or without a VPN connection
SSL connection through the Internet to the BlackBerry Infrastructure over a Wi-Fi network
connection to the BlackBerry Infrastructure provided by a wireless service provider that uses the GSM network, EDGE
network, or UMA
The order of connections assumes that all routes to the BlackBerry Router and Internet are available when the Wi-Fi
enabled BlackBerry devices connect to the Wi-Fi network.
69
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
BlackBerry services that are available over
Wi-Fi connections
For more information about supported services and features, contact your organization's wireless service provider. Not all
BlackBerry data plans support Wi-Fi access to BlackBerry data services.
When you configure a Wi-Fi network to open a connection (with or without a VPN connection) to the BlackBerry Router, you
can keep all data transfers entirely within the enterprise Wi-Fi network and reduce the routing required.
BlackBerry
services
Service provider
with GSM/EDGE
network or UMA
network
Wi-Fi network and Wi-Fi network and Enterprise Wi-Fi
Enterprise Wi-Fi
network and no
service provider
with GSM/EDGE
network, and no
UMA available
service provider
with GSM/EDGE
network
no service
provider with
GSM/EDGE
network and
service provider
with GSM/EDGE
network or UMA, network, and no
and no UMA
available
UMA, and no
UMA available
services from the
BlackBerry
X
X
X
X
X
Enterprise Server
(for example,
messaging,
organizer data
synchronization)
services from the
BlackBerry
Internet Service
(for example,
messaging,
X
X
X
X
X
X
X
X
X
X
browsing)
services from the
BlackBerry MDS
Connection
Service (for
example,
application push,
application
access, browsing)
70
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
BlackBerry
services
Service provider
Wi-Fi network and Wi-Fi network and Enterprise Wi-Fi
Enterprise Wi-Fi
network and no
service provider
with GSM/EDGE
network, and no
UMA available
with GSM/EDGE
network or UMA
network
service provider
with GSM/EDGE
network
no service
provider with
GSM/EDGE
network and
service provider
with GSM/EDGE
network or UMA, network, and no
and no UMA
available
UMA, and no
UMA available
BlackBerry
Messenger
X
X
X
X
X
PIN messaging
X
X
X
X
X
X
X
X
X
X
instant messaging
using a
collaboration
client (for
example,
Microsoft Office
Live
Communications
Server)
instant messaging
using a third-party
instant messaging
application (for
example, Windows
Messenger)
X
X
X
X
X
X
X
BlackBerry Maps
X
X
X
X
X
X
service provider
messaging (for
example, SMS)
content
X
X
X
downloading
provided by a
wireless service
provider (for
example, ring
tones)
web browsing
provided by a
X
X
X
71
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
BlackBerry
services
Service provider
Wi-Fi network and Wi-Fi network and Enterprise Wi-Fi
Enterprise Wi-Fi
network and no
service provider
with GSM/EDGE
network, and no
UMA available
with GSM/EDGE
network or UMA
network
service provider
with GSM/EDGE
network
no service
provider with
GSM/EDGE
network and
service provider
with GSM/EDGE
network or UMA, network, and no
and no UMA
available
UMA, and no
UMA available
wireless service
provider (for
example, WAP)
voice plan
X
X
X
provided by a
wireless service
provider
IEEE 802.11 wireless networking standards
that Wi-Fi enabled BlackBerry devices
support
Wi-Fi enabled BlackBerry devices support the IEEE 802.11a, IEEE 802.11b, and IEEE 802.11g wireless networking
standards.
Characteristics of the IEEE 802.11a wireless
networking standard that Wi-Fi enabled BlackBerry
devices support
Characteristic
fallback speeds
frequency
Description
48, 36, 24, 18, 12, 9, and 6 Mbps
5 GHz
maximum speed
54 Mbps
72
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
Characteristic
Description
nonoverlapping channels
sources of interference
up to 19
•
•
•
Bluetooth wireless technology
some satellite systems
5 GHz cordless phones
throughput speed
23 Mbps
Characteristics of the IEEE 802.11b wireless
networking standard that Wi-Fi enabled BlackBerry
devices support
Characteristic
Description
5.5, 2, and 1 Mbps
2.4 GHz
fallback speeds
frequency
maximum speed
nonoverlapping channels
sources of interference
11 Mbps
3
•
•
•
Bluetooth wireless technology
microwave ovens
2.4 GHz cordless phones
throughput speed
4.5 Mbps
73
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
Characteristics of the IEEE 802.11g wireless
networking standard that Wi-Fi enabled BlackBerry
devices support
Characteristic
Description
fallback speeds
48, 36, 24, 18, 12, 9, and 6 Mbps
frequency
2.4 GHz
54 Mbps
3
maximum speed
nonoverlapping channels
sources of interference
•
•
•
Bluetooth wireless technology
microwave ovens
2.4 GHz cordless phones
throughput speed
19 Mbps
Security features of a Wi-Fi enabled device
Feature
Description
Activation of BlackBerry devices over an Activation of devices over an enterprise Wi-Fi network is designed to simplify
enterprise Wi-Fi network
the actions of activating or updating devices.
Authenticated connection with
BlackBerry Router
An authenticated connection with a BlackBerry Router permits devices to open
a direct connection to the BlackBerry Enterprise Server after they authenticate
with the BlackBerry Router.
Devices connected to an enterprise Wi-Fi network do not use an SRP
connection to send data to the BlackBerry Enterprise Server.
BlackBerry transport layer encryption
BlackBerry transport layer encryption is designed to encrypt messages that the
device and the BlackBerry Enterprise Server send between each other after
they open an authenticated connection.
74
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Wi-Fi enabled devices
Feature
Description
Direct access to the BlackBerry
Infrastructure over a Wi-Fi connection
Direct access to the BlackBerry Infrastructure over a Wi-Fi connection permits
Wi-Fi enabled devices to access BlackBerry services over the Internet, even if
UMA is not available.
You can verify with your organization's wireless service provider that your
organization's service plan supports access to BlackBerry services over a Wi-Fi
connection.
Encrypted communication over the Wi- Devices support multiple security methods that are designed to encrypt
Fi network
communication over the enterprise Wi-Fi network between the device and
wireless access points or a network firewall on the enterprise Wi-Fi network.
Expanded groups of Wi-Fi and VPN
configuration settings
Expanded groups of Wi-Fi and VPN configuration settings permit you to control
Wi-Fi connections from devices.
Limited connections
Wi-Fi enabled devices are designed to reject incoming connections, to support
limited connections in infrastructure mode only, and to prevent ad-hoc mode
(also known as peer-to-peer) connections.
Multiple Wi-Fi and VPN profiles
Proxy server
Multiple Wi-Fi and VPN profiles are designed to address user requirements in a
variety of different environments.
Devices supports the use of a transparent proxy server that you can configure
between the enterprise Wi-Fi network and the device.
Software token provisioning
Software token provisioning is designed to permit you to provision and manage
the seed for software token authentication on devices. You can use software
token authentication for VPN connections.
The BlackBerry Enterprise Server is designed to work with the RSA
Authentication Manager to provide software token support for use with layer 2
and layer 3 authentication on supported devices.
User-specific configuration settings and User-specific configuration settings and IT policy rules are designed to simplify
IT policy rules
the configuration of user-specific Wi-Fi and VPN information (such as user IDs
and passwords).
Wireless backup of Wi-Fi and VPN
profiles
Backup of Wi-Fi and VPN profiles on devices over a Wi-Fi connection permits
users to restore the profiles, if necessary.
75
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
9
BlackBerry Enterprise Server
process flows
Messaging process flows
Process flow: Sending a message to a BlackBerry
device
1. A message arrives in a user’s mailbox. Microsoft Exchange notifies the BlackBerry Messaging Agent.
2. The BlackBerry Messaging Agent applies global filter rules to the messages in the user’s mailbox and filters the
messages that match the filter criteria.
If global filter rules do not apply, the BlackBerry Messaging Agent applies filter rules that the user specified to the
messages in the user’s mailbox.
3. The BlackBerry Messaging Agent sends the first 2 KB of the message (plain text, or in an HTML message, the
equivalent to 2 KB of plain text) to the BlackBerry Dispatcher.
4. The BlackBerry Dispatcher compresses the first 2 KB of the message, encrypts it using the device transport key of the
BlackBerry device, and sends the encrypted data to the BlackBerry Router.
5. The BlackBerry Router sends the encrypted data to the wireless network over port 3101, or over port 4101 if the
BlackBerry device is a Wi-Fi enabled BlackBerry device that is connected to the enterprise Wi-Fi network.
6. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless
network, and sends the message data to the BlackBerry device.
76
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
7. The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher. The BlackBerry Dispatcher sends
the delivery confirmation to the BlackBerry Messaging Agent.
If the BlackBerry Messaging Agent does not receive a delivery confirmation within four hours, it sends the message to
the wireless network again.
The delivery confirmation verifies that the wireless network delivered the message to the BlackBerry device, but it does
not verify that the user received or opened the message.
8. The BlackBerry device decrypts and decompresses the message so that the user can view it, and notifies the user that
the message arrived.
Process flow: Sending a message from a BlackBerry
device
This process flow applies to new messages, reconciled messages (messages that a user moved, deleted, or marked as read
or unread), and wireless calendar entries.
1. A user sends a message from a BlackBerry device.
The BlackBerry device assigns a RefId to the message. If the message is a meeting invitation or calendar entry, the
BlackBerry device appends the calendar information to the message. The BlackBerry device compresses and encrypts
the message, and sends the message to the wireless network over port 3101, or over port 4101 if the BlackBerry device
is a Wi-Fi enabled BlackBerry device that is connected to the enterprise Wi-Fi network.
2. The wireless network sends the message to the BlackBerry Enterprise Server.
The BlackBerry Enterprise Server accepts only encrypted messages from the BlackBerry device.
3. The BlackBerry Dispatcher uses the device transport key of the BlackBerry device to decrypt and decompress the
message.
If the BlackBerry Dispatcher cannot decrypt the message using the device transport key, the BlackBerry Enterprise
Server ignores the message and sends an error message to the BlackBerry device.
4. The BlackBerry Messaging Agent sends the message to the user’s email application.
5. The BlackBerry Messaging Agent sends a copy of the message to the Sent Items view in the user’s email application.
6. The messaging server delivers the message to the recipients.
77
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
Process flow: Sending a message that contains an
attachment from a BlackBerry device
1. A user attaches a file to a message on a BlackBerry device and sends the message.
•
If the BlackBerry device is not running BlackBerry Device Software version 4.2 or later, and if the BlackBerry device
does not have a CMIME service book that indicates that the BlackBerry Enterprise Server supports attachment
uploads, the Add Attachment menu item does not appear on the BlackBerry device.
•
If the user tries to attach a file that exceeds the maximum file size that you specified, a notification appears and the
user cannot attach the file.
2. The BlackBerry device compresses and encrypts the message, and sends the message to the wireless network over
port 3101.
The BlackBerry device formats the header of the message to indicate that a large attachment is part of the message.
The BlackBerry device does not send the attachment content.
3. The wireless network sends the message to the BlackBerry Enterprise Server.
4. The BlackBerry Dispatcher decrypts and decompresses the message using the device transport key of the BlackBerry
device.
If the BlackBerry Dispatcher cannot decrypt the message using the device transport key, the BlackBerry Enterprise
Server ignores the message and sends an error message to the BlackBerry device.
5. The BlackBerry Messaging Agent stores the message properties in the user’s mailbox.
The BlackBerry Messaging Agent sends a request for the attachment content through the BlackBerry Dispatcher to the
BlackBerry device.
6. The BlackBerry device sends the attachment content through the BlackBerry Dispatcher to the BlackBerry Messaging
Agent.
If the file size of the attachment content exceeds a single data packet, the BlackBerry device divides the content into
multiple data packets and sends the data packets to the BlackBerry Messaging Agent.
78
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
7. The BlackBerry Messaging Agent verifies the validity of the attachment content, and stores the content in memory as
the content arrives.
During the delivery of the attachment content, if the BlackBerry Messaging Agent does not receive content from the
BlackBerry device for 15 minutes, the BlackBerry Messaging Agent cancels the message, deletes the partial
attachment content from temporary storage, and sends an error message to the BlackBerry device.
After all of the attachment content arrives, the BlackBerry Messaging Agent checks for other attachments that might
be part of the same message.
•
•
If other attachments exist, the BlackBerry Messaging Agent requests the attachment content.
If no additional attachments exist, the BlackBerry Messaging Agent finishes processing the message and sends the
message to the user’s email application.
The messaging server delivers the message to the intended recipients.
Process flow: Searching an organization's address
book from a BlackBerry device
1. A user searches for a contact on a BlackBerry device.
2. The BlackBerry device assigns a RefId to the search request, compresses and encrypts the request, and sends the
request to the BlackBerry Enterprise Server over port 3101.
3. The BlackBerry Dispatcher decrypts and decompresses the request using the device transport key of the BlackBerry
device, and sends the request to the BlackBerry Messaging Agent.
4. The BlackBerry Messaging Agent searches the GAL on the Microsoft Exchange server and retrieves the 20 closest
matches for the contact lookup request.
The BlackBerry Messaging Agent sends the contact lookup results to the BlackBerry Dispatcher.
5. The BlackBerry Dispatcher encrypts the results using the device transport key of the BlackBerry device, compresses
the encrypted data, and sends it to the BlackBerry Router for delivery to the BlackBerry device.
6. The BlackBerry Router sends the encrypted data to the wireless network over port 3101.
7. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless
network, and sends the encrypted data to the BlackBerry device.
79
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
8. The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher, which sends it to the BlackBerry
Messaging Agent.
If the BlackBerry Enterprise Server does not receive a delivery confirmation within four hours, it resubmits the contact
lookup results to the wireless network.
9. The BlackBerry device decrypts and decompresses the contact lookup results with the device transport key so that the
user can view them on the BlackBerry device or add them to the contact list on the BlackBerry device.
Instant messaging process flows
Process flow: Starting an instant messaging session
using the BlackBerry Client for use with Microsoft
Office Live Communications Server 2005 (Microsoft
Office Communicator)
1. A user logs in to a collaboration client on a BlackBerry device.
2. The device compresses and encrypts the user ID and password, and sends them through the BlackBerry Router to the
BlackBerry Dispatcher over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry Collaboration Service over port 3200. If the BlackBerry
Collaboration Service is located on a remote computer, the request remains encrypted using a Research In Motion
proprietary protocol.
80
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
4. The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to find out if the maximum
number of sessions has been reached, and performs one of the following actions:
•
If the maximum number of sessions has been reached and a timeout limit is set, the BlackBerry Collaboration
Service logs out any instant messaging sessions on devices that are out of coverage, and any instant messaging
sessions that are no longer sending status messages to the BlackBerry Collaboration Service.
•
•
If no idle sessions exist, the BlackBerry Collaboration Service sends a Server Busy status message to the device and
rejects the login request.
If the maximum number of sessions is not set and the number of sessions equals the total number that the HTTP
persistent connection supports, the BlackBerry Collaboration Service sends a Failed status message to the device
and rejects the login request.
The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to verify that the user has
permission to use the collaboration client, and tries to authenticate the user using Integrated Windows Authentication.
If the authentication is not successful, the BlackBerry Collaboration Service tries a forms-based login process instead.
The BlackBerry Collaboration Service sends a login request in JSON, a lightweight data-interchange format, to the
Microsoft Office Communicator Web Access server.
The BlackBerry Collaboration Service opens the connection using HTTPS over port 443. You can also configure the
connection to use HTTP, the transport protocol that the AJAX service uses, or a custom port number.
5. The Microsoft Office Communicator Web Access server formats the request using a Microsoft API and sends the
request to the Microsoft Office Live Communications Server over an MTLS connection.
6. The Microsoft Office Live Communications Server accepts the request, processes the login information, and sends the
acceptance to the Microsoft Office Communicator Web Access server.
7. The Microsoft Office Communicator Web Access server sends the acceptance to the BlackBerry Collaboration Service.
8. The BlackBerry Collaboration Service sends the acceptance message, in encrypted and compressed format, through
the BlackBerry Dispatcher to the device, and creates a cache of the connectivity information to maintain the instant
messaging session.
The BlackBerry Collaboration Service receives events that the server initiates from the Microsoft Office Communicator Web
Access server using an HTTP GET or HTTPS GET request, and sends the events to the collaboration client over the session.
The BlackBerry Collaboration Service sends events that the BlackBerry device initiates to the Microsoft Office
Communicator Web Access server using an HTTP POST or HTTPS POST request.
Process flow: Starting an instant messaging session
using the BlackBerry Client for use with Microsoft
Office Communications Server 2007
81
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
1. A user logs in to a collaboration client on a BlackBerry device.
2. The device compresses and encrypts the user ID and password, and sends them through the BlackBerry Router to the
BlackBerry Dispatcher over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry Collaboration Service over port 3200. If the BlackBerry
Collaboration Service is located on a remote computer, the request remains encrypted using a Research In Motion
proprietary protocol.
4. The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to find out if the maximum
number of sessions has been reached, and performs one of the following actions:
•
If the maximum number of sessions has been reached and a timeout limit is set, the BlackBerry Collaboration
Service logs out any instant messaging sessions on devices that are out of coverage, and any instant messaging
sessions that are no longer sending status messages to the BlackBerry Collaboration Service.
•
•
If no idle sessions exist, the BlackBerry Collaboration Service sends a Server Busy status message to the device and
rejects the login request.
If the maximum number of sessions is not set and the number of sessions equals the total number that the HTTP
persistent connection supports, the BlackBerry Collaboration Service sends a Failed status message to the device
and rejects the login request.
The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to verify that the user has
permission to use the collaboration client, and tries to authenticate the user using Integrated Windows Authentication.
If the authentication is not successful, the BlackBerry Collaboration Service tries a forms-based login process instead.
The BlackBerry Collaboration Service sends a login request in XML format to the Microsoft Office Communicator Web
Access server.
The BlackBerry Collaboration Service opens the connection using HTTPS over port 443. You can also configure the
connection to use HTTP, the transport protocol that the AJAX service uses, or a custom port number.
5. The Microsoft Office Communicator Web Access server formats the request using a Microsoft API and sends the
request to the Microsoft Office Communications Server 2007 over an MTLS connection.
6. The Microsoft Office Communications Server 2007 accepts the request, processes the login information, and sends the
acceptance to the Microsoft Office Communicator Web Access server.
82
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
7. The Microsoft Office Communicator Web Access server sends the acceptance to the BlackBerry Collaboration Service.
8. The BlackBerry Collaboration Service sends the acceptance message, in encrypted and compressed format, through
the BlackBerry Dispatcher to the device, and creates a cache of the connectivity information to maintain the instant
messaging session.
The BlackBerry Collaboration Service receives events that the server initates from the Microsoft Office Communicator Web
Access server using an HTTP GET or HTTPS GET request, and sends the events to the collaboration client over the session.
The BlackBerry Collaboration Service sends events that the device initiates to the Microsoft Office Communicator Web
Access server using an HTTP POST or HTTPS POST request.
Process flow: Starting an instant messaging session
using the BlackBerry Client for use with Microsoft
Office Communications Server 2007 R2 or Microsoft
Lync Server 2010
1. A BlackBerry device user logs in to a collaboration client on a BlackBerry device.
2. The device compresses and encrypts the user ID and password, and sends them through the BlackBerry Router to the
BlackBerry Dispatcher over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry Collaboration Service over port 3200. If the BlackBerry
Collaboration Service is located on a remote computer, the request remains encrypted using a Research In Motion
proprietary protocol.
4. The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to find out if the maximum
number of sessions was reached, and performs one of the following actions:
83
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
•
If the maximum number of sessions was reached and you configured a timeout limit, the BlackBerry Collaboration
Service logs out any instant messaging sessions on devices that are outside of a wireless coverage area, and any
instant messaging sessions that are no longer sending status messages to the BlackBerry Collaboration Service.
•
•
If no idle sessions exist, the BlackBerry Collaboration Service sends a Server Busy status message to the device and
rejects the login request.
If you did not configure a maximum number of sessions and the number of sessions equals the total number that
the HTTP persistent connection supports, the BlackBerry Collaboration Service sends a Failed status message to
the device and rejects the login request.
The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to verify that the user has
permission to use the collaboration client, and tries to authenticate the user using Integrated Windows authentication.
The BlackBerry Collaboration Service sends a login request in SIP format to the Microsoft Communication server and,
for Microsoft Office Communications Server 2007 R2, sends a login request to Microsoft Active Directory directly.
The BlackBerry Collaboration Service opens the connection using TLS over port 5061.You can also configure the
connection to use TCP for Microsoft Office Communications Server 2007 R2.
5. The BlackBerry Collaboration Service formats the request using a Microsoft API and sends the request to the Microsoft
Communication server over an MTLS connection.
6. The Microsoft Communications Server accepts the request, processes the login information, and sends the acceptance
to the BlackBerry Collaboration Service.
7. The BlackBerry Collaboration Service sends the message that contains the acceptance through the BlackBerry
Dispatcher to the device in encrypted and compressed format, and creates a cache of the connectivity information to
maintain the instant messaging session.
Process flow: Starting an instant messaging session
using the BlackBerry Client for IBM Sametime
84
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
1. A user logs in to a collaboration client on a BlackBerry device.
2. The BlackBerry device compresses and encrypts the user ID and password, and sends them through the BlackBerry
Router to the BlackBerry Dispatcher over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry Collaboration Service over port 3200. If the BlackBerry
Collaboration Service is located on a remote computer, the request remains encrypted using a Research In Motion
proprietary protocol.
4. The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to find out if the maximum
number of sessions has been reached, and performs one of the following actions:
•
If the maximum number of sessions has been reached and a timeout limit is set, the BlackBerry Collaboration
Service logs out any instant messaging sessions on BlackBerry devices that are out of coverage, and any instant
messaging sessions that are no longer sending status messages to the BlackBerry Collaboration Service.
•
•
If no idle sessions exist, the BlackBerry Configuration Database sends a Server Busy status message to the
BlackBerry device and rejects the login request.
If the maximum number of sessions is not set and the number of sessions equals the total number that the IBM
Sametime API supports, the BlackBerry Configuration Database sends a Failed status message to the BlackBerry
device and rejects the login request.
The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to verify that the user has
permission to use the collaboration client, and connects to the IBM Sametime server. The BlackBerry Collaboration
Service starts an encrypted proxy connection over TCP/IP using the IBM Sametime API, reformats the request from the
RIM proprietary protocol format into one that the IBM Sametime API supports, and sends the request.
By default, the BlackBerry Collaboration Service starts the connection over port 1533 unless you specify a custom port
number.
5. The IBM Sametime server accepts the login request from the BlackBerry device, starts a dedicated TCP/IP connection
for the session, and listens for requests from the BlackBerry device for the session.
6. The BlackBerry Collaboration Service sends the acceptance, in encrypted and compressed format, through the
BlackBerry Dispatcher to the BlackBerry device, and creates a cache of the connectivity information to maintain the
instant messaging session.
Process flow: Starting an instant messaging session
using the BlackBerry Client for Novell GroupWise
Messenger
85
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
1. A user logs in to a collaboration client on a BlackBerry device.
2. The BlackBerry device compresses and encrypts the user ID and password and sends them through the BlackBerry
Router to the BlackBerry Dispatcher over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry Collaboration Service over port 3200. If the BlackBerry
Collaboration Service is located on a remote computer, the request remains encrypted using a Research In Motion
proprietary protocol.
4. The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to find out if the maximum
number of sessions has been reached, and performs one of the following actions:
•
If the maximum number of sessions has been reached and a timeout limit is set, the BlackBerry Collaboration
Service logs out any instant messaging sessions on BlackBerry devices that are out of coverage, and any instant
messaging sessions that are no longer sending status messages to the BlackBerry Collaboration Service.
•
•
If there are no idle sessions, the BlackBerry Configuration Database sends a Server Busy status message to the
BlackBerry device and rejects the login request.
If the maximum number of sessions is not set and the number of sessions equals the total number that the Novell
GroupWise protocol supports, the BlackBerry device sends a Failed (300) status message to the BlackBerry device
and rejects the login request.
The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to verify that the user has
permission to use the collaboration client, and connects to the Novell GroupWise Messenger server.
The BlackBerry Collaboration Service starts an encrypted proxy (SSL) connection using the Novell GroupWise protocol
and sends the request. By default, the BlackBerry Collaboration Service opens the connection over port 8300, but it
can also open the connection over a custom port number.
5. The Novell GroupWise Messenger server accepts the login request from the BlackBerry device, opens a dedicated SSL
connection for the session, and listens for requests from the BlackBerry device.
6. The BlackBerry Collaboration Service sends the acceptance, in encrypted and compressed format, through the
BlackBerry Dispatcher to the BlackBerry device, and creates a cache of the connectivity information to maintain the
instant messaging session.
86
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
Process flow: Sending a file to a contact using the
BlackBerry Client for IBM Sametime
1. A user opens a conversation with a contact, clicks Send File on the menu, and selects a file to send to the contact.
2. The BlackBerry Client for IBM Sametime creates an invitation request and sends it to the BlackBerry Collaboration
Service.
3. The BlackBerry Collaboration Service checks the size of the file to verify that it does not exceed the maximum file size
that you configure on the BlackBerry Enterprise Server, associates the file extension and the conversation ID with the
invitation request, and sends the request to the IBM Sametime server.
4. The IBM Sametime server checks the file size to verify that it does not exceed the maximum file size that you configured
on the IBM Sametime server (by default, 1 MB), associates the file with the conversation that is open between the
sender and recipient, and sends the request to the BlackBerry Collaboration Service.
5. The BlackBerry Collaboration Service converts the request into an instant messaging invitation and sends it to the client
on the recipient's BlackBerry device.
6. In the conversation window on the recipient's client, the recipient receives a request to accept or decline the file. The
recipient can also select an option to optimize the file for viewing on the BlackBerry device.
The BlackBerry Collaboration Service can optimize files for viewing on the BlackBerry device only if it has access to the
BlackBerry Attachment Service in your organization's environment.
7. The recipient accepts the request.
If the recipient selected the optimize option, the file will be downloaded to the memory of the BlackBerry device. If the
recipient did not select the optimize option, the client prompts the recipient to save the file to a location in the file
system on the BlackBerry device.
8. The recipient's client sends a content request packet to the BlackBerry Collaboration Service.
87
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
9. The BlackBerry Collaboration Service requests the file size from the IBM Sametime server, and sends data to the IBM
Sametime server to begin the file transfer process.
By default, the media transfer state on the BlackBerry Collaboration Service is set to transfer.
10. The sender's client sends the data for the file in content message packets to the BlackBerry Collaboration Service.
11. The BlackBerry Collaboration Service checks the order of the content message packets and sends them to the
recipient's client using a BlackBerry instant messaging protocol.
12. The recipient's client receives the first content message packet, sends an acknowledgement message to the
BlackBerry Collaboration Service, and requests the next content message packet from the BlackBerry Collaboration
Service. This continues until the client receives all of the content message packets.
If the recipient selected the option to optimize the file for viewing, the BlackBerry Attachment Service converts the file
into a format that is optimized for viewing on the BlackBerry device.
13. When the BlackBerry Collaboration Service receives an acknowledgement message for the last content message
packet from the recipient's client, it changes its media transfer state to done and stops the file transfer process on the
IBM Sametime server.
14. In the conversation window, the client notifies the recipient that the file has been received.
The recipient can open the file from the conversation window or from the file system on the BlackBerry device. The
BlackBerry device uses the BlackBerry Browser to render supported files. If the recipient selected the option to
optimize the file for viewing, the recipient can open and view supported files in the attachment viewer on the
BlackBerry device. The recipient can also save the optimized file to a location in the file system on the BlackBerry
device.
Message attachment process flows
Process flow: Viewing a message attachment
88
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
1. A user receives a message with an attachment on a BlackBerry device.
2. The BlackBerry Messaging Agent verifies that the format of the attachment is valid for conversion.
If the format is not valid and the user’s BlackBerry device is based, the Open Attachment menu item does not appear
on the user’s BlackBerry device.
3. The user clicks the Open Attachment menu item to view the attachment on the BlackBerry device.
4. The attachment viewer sends the request to the BlackBerry Messaging Agent.
5. The BlackBerry Messaging Agent connects to the BlackBerry Attachment Service over port 1900.
6. The BlackBerry Attachment Service retrieves the attachment in binary format from the user’s message store using the
BlackBerry Messaging Agent link to the messaging server.
The BlackBerry Attachment Service distills the attachment and extracts the content, layout, appearance, and
navigation information from the attachment.
The BlackBerry Attachment Service organizes, stores, and links the information in a proprietary DOM in a binary XML
style.
The BlackBerry Attachment Service formats the attachment for the BlackBerry device and converts it to UCS format.
The formatting is based on the request for content (for example, page and paragraph information, or search words) and
the available BlackBerry device information (for example, screen size, display, or available space).
The BlackBerry Attachment Service sends the UCS data to the BlackBerry Messaging Agent using a TCP/IP connection
over port 1900.
7. The BlackBerry Messaging Agent sends the converted attachment to the BlackBerry Dispatcher.
8. The BlackBerry Dispatcher compresses the first portion of the attachment, encrypts it using the device transport key of
the BlackBerry device, and sends the first portion of the attachment to the BlackBerry Router.
9. The BlackBerry Router sends the first portion of the attachment to the wireless network over port 3101.
10. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless
network.
11. The wireless network delivers the attachment to the BlackBerry device.
12. The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher, which sends it to the BlackBerry
Messaging Agent. If the BlackBerry Enterprise Server does not receive a delivery confirmation within 4 hours, it sends
the attachment data to the wireless network again.
13. The BlackBerry device uses its device transport key to decrypt and decompress the attachment so that the user can
view the attachment.
14. The user views the attachment on the BlackBerry device by selecting a section from the table of contents, or by viewing
the full attachment. The original formatting of the attachment, including indents, tables, fonts, and bullets, is reflected
on the BlackBerry device.
Process flow: Viewing an attachment using a link
89
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
1. A user clicks the Get Link menu item to view an attachment on a BlackBerry device.
2. The BlackBerry device sends the request to the BlackBerry Enterprise Server over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.
4. The BlackBerry MDS Connection Service creates an HTTP session for the user and sends the request to the web server.
The BlackBerry MDS Connection Service retrieves the requested content and sends it to the BlackBerry Attachment
Service.
5. The BlackBerry Attachment Service extracts the content, layout, appearance, and navigation information from the
attachment and organizes, stores, and links the information in a proprietary DOM in a binary XML style.
6. The BlackBerry Attachment Service formats the attachment for the BlackBerry device and converts it to UCS format.
The formatting is based on the request for content (for example, page and paragraph information, or search words) and
the available BlackBerry device information (for example, screen size, display, or available space).
7. The BlackBerry Attachment Service sends the converted attachment to the BlackBerry MDS Connection Service using
HTTP.
8. The BlackBerry MDS Connection Service sends the first 250 KB of content to the BlackBerry Dispatcher over port
3200.
9. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry
device, and sends the encrypted content to the BlackBerry Router.
10. The BlackBerry Router sends the encrypted content to the BlackBerry device.
11. The BlackBerry device uses its device transport key to decrypt and decompress the attachment content so that the
user can view the attachment.
12. The user views the attachment on the BlackBerry device using the browser plug-in for the attachment viewer. The
attachment viewer processes 3 KB at a time.
90
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
Organizer data process flows
Process flow: Synchronizing organizer data for the first
time on a BlackBerry device
1. A user activates a new BlackBerry device or upgrades an existing BlackBerry device and receives the service book for
the BlackBerry Synchronization Service.
2. The BlackBerry device requests the synchronization configuration information from the BlackBerry Synchronization
Service.
The configuration information indicates whether wireless data synchronization on the BlackBerry Enterprise Server is
turned on, and which database can be synchronized. The configuration information also provides database
synchronization types and conflict resolution settings. All data that the BlackBerry device and BlackBerry Enterprise
Server send between each other is compressed and encrypted.
3. The BlackBerry Synchronization Service returns the configuration information and synchronizes the databases using
that information.
A synchronization agent on the BlackBerry device tracks which databases can be synchronized over the wireless
network. If data already exists on both the BlackBerry device and BlackBerry Enterprise Server, the BlackBerry
Synchronization Service merges, adds, or updates the records during the synchronization process. If data exists on only
the BlackBerry device or BlackBerry Enterprise Server, the BlackBerry Synchronization Service restores the data from
91
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
the appropriate location. The BlackBerry device and BlackBerry Enterprise Server do not delete records during the
initial synchronization process.
After the BlackBerry Synchronization Service registers a database for wireless data synchronization, it can no longer be
synchronized or restored using the BlackBerry Desktop Software.
The initial synchronization process is complete when the data on the BlackBerry device and the data on the BlackBerry
Enterprise Server are synchronized. Future changes on the BlackBerry device or BlackBerry Enterprise Server are
synchronized over the wireless network.
If the user changes data on the BlackBerry device or in the organizer application on the user's computer during the initial
synchronization process, the BlackBerry Synchronization Service synchronizes the changes after the initial synchronization
completes.
If the user connects the BlackBerry device to a computer that is running the BlackBerry Device Manager, the initial
synchronization process can occur over the connection to the BlackBerry Router instead of over the wireless network.
Process flow: Synchronizing subsequent changes to
organizer data
1. A user saves a change to the organizer data or BlackBerry device settings (for example, a new AutoText entry) on a
BlackBerry device or in the organizer application on the user's computer.
2. Depending on where the user made the change, the BlackBerry device or the BlackBerry Enterprise Server adds the
change to a changelist and sends the changelist to the BlackBerry Synchronization Service.
The changelist includes the target database and record information for the organizer application.
3. The BlackBerry Synchronization Service sends a change to organizer data over the wireless network, along with other
entries in the changelist for the user.
92
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
The BlackBerry Synchronization Service sends other changes, including BlackBerry device information, time zone
information, and backup and restore data, at the batch synchronization interval that is set on the BlackBerry Enterprise
Server. By default, the batch synchronization interval is 10 minutes.
To prevent synchronization errors, the BlackBerry Enterprise Server and BlackBerry device can send only a single
changelist at a time for a user account.
The BlackBerry Synchronization Service writes a synchronization request entry to the SynchRequest table of the
BlackBerry Configuration Database, and sends the changed records to the BlackBerry Dispatcher.
4. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry
device, and sends the encrypted content to the BlackBerry Router for delivery to the BlackBerry device.
5. The BlackBerry device sends a delivery confirmation to the BlackBerry Synchronization Service for each record that it
receives.
6. The BlackBerry Synchronization Service receives delivery confirmations, deletes the corresponding synchronization
request entries from the SyncRequest table, and writes an entry to the SyncRecordState table for each delivery
confirmation.
Each organizer database record has a unique identifier that is mapped to a corresponding record on the BlackBerry
device.
Process flow: Adding a contact picture on a BlackBerry
device
1. A user adds a picture to a contact in the address book on a BlackBerry device and saves the change.
2. The BlackBerry device creates a changelist request to synchronize the changed record. The changelist request
includes the updated record information and identifies the address book as the target for the update.
93
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
The BlackBerry device compresses and encrypts the request, and sends the request to the BlackBerry Dispatcher over
port 3101.
3. The BlackBerry Dispatcher uses the device transport key of the BlackBerry device to decrypt and decompress the
request, and sends the request to the BlackBerry Synchronization Service.
4. The BlackBerry Synchronization Service receives the changelist request, writes a synchronization request entry in the
SynchRequest table of the BlackBerry Configuration Database, and sends the changed record to the BlackBerry
Dispatcher.
5. The BlackBerry Dispatcher sends the changed record, in XML format, to the BlackBerry Messaging Agent.
If the file size of the picture exceeds 32 KB, the BlackBerry Messaging Agent rejects the synchronization request.
6. The BlackBerry Messaging Agent sends the changed record to the messaging server.
7. The messaging server updates the user’s personal contact list.
8. The BlackBerry Messaging Agent sends a delivery confirmation to the BlackBerry Dispatcher.
9. The BlackBerry Dispatcher sends the delivery confirmation to the BlackBerry Synchronization Service.
10. The BlackBerry Synchronization Service deletes the synchronization request entry from the SyncRequest table, writes
an entry in the SyncRecordState table, and sends the delivery confirmation to the BlackBerry Dispatcher.
11. The BlackBerry Dispatcher encrypts the results using the device transport key of the BlackBerry device, compresses
them, and sends them to the BlackBerry Router.
12. The BlackBerry Router sends the results to the wireless network over port 3101.
13. The wireless network verifies that the PIN belongs to a valid BlackBerry device and sends the delivery confirmation to
the BlackBerry device.
If the BlackBerry device does not receive the delivery confirmation from the wireless network within 20 minutes, it
sends the synchronization request to the wireless network again. If the BlackBerry device does not receive the delivery
confirmation within 8 hours, it stops resending the synchronization request to the wireless network.
Mobile data process flows
Process flow: Requesting BlackBerry Browser content
on a BlackBerry device
94
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
1. A user requests Internet or intranet content from your organization's content server using the BlackBerry Browser on a
BlackBerry device.
2. The BlackBerry device sends the request to the BlackBerry Enterprise Server over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.
4. The BlackBerry MDS Connection Service creates an HTTP session for the user and retrieves the requested Internet or
intranet content from the content server.
The BlackBerry MDS Connection Service converts the content so that the user can view it on the BlackBerry device,
and sends the content to the BlackBerry Dispatcher over port 3200.
5. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry
device, and sends the encrypted content to the BlackBerry Router.
6. The BlackBerry Router sends the encrypted content to the wireless network over port 3101.
7. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless
network and sends the encrypted content to the BlackBerry device.
8. The BlackBerry device sends a delivery confirmation to the BlackBerry Router, and decrypts and decompresses the
content so that the user can view it in the BlackBerry Browser.
If the BlackBerry MDS Connection Service does not receive a delivery confirmation within the flow control timeout limit,
it sends a message to the wireless network to delete the pending content.
95
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
Process flow: Requesting BlackBerry Browser content
while access control is turned on for the BlackBerry
MDS Connection Service
1. A user requests Internet or intranet content from your organization's content server using the BlackBerry Browser on a
BlackBerry device.
2. The BlackBerry device sends the request to the BlackBerry Enterprise Server over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.
4. The BlackBerry MDS Connection Service checks the BlackBerry Configuration Database to verify whether pull
authorization is turned on, and whether the user has permission to pull content from the specified content server.
If the user does not have permission to pull content from the specified content server, the BlackBerry MDS Connection
Service rejects the request and sends an error message to the BlackBerry device.
5. The BlackBerry MDS Connection Service creates an HTTP session for the user and sends the user’s authentication
credentials to the content server. If the user authenticates, the BlackBerry MDS Connection Service sends the HTTP
request to the content server. If the user does not authenticate, the BlackBerry Browser displays an HTTP 403 Error
message, and prompts the user to type the correct credentials.
6. The BlackBerry MDS Connection Service retrieves the content from the content server, converts it so that the user can
view it on the BlackBerry device, and sends the content to the BlackBerry Dispatcher over port 3200.
7. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry
device, and sends the encrypted content to the BlackBerry Router.
8. The BlackBerry Router sends the encrypted content to the wireless network over port 3101.
96
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
9. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless
network and sends the encrypted content to the BlackBerry device.
10. The BlackBerry device sends a delivery confirmation to the BlackBerry Router, and decrypts and decompresses the
content so that the user can view it in the BlackBerry Browser.
If the BlackBerry MDS Connection Service does not receive a delivery confirmation within the flow control timeout limit,
it sends a message to the wireless network to delete the pending content.
Process flow: Requesting BlackBerry Browser content
with two-factor authentication turned on
1. A user requests Internet or intranet content from your organization's content server using the BlackBerry Browser on a
BlackBerry device.
2. The BlackBerry device sends the request to the BlackBerry Enterprise Server over port 3101.
3. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.
4. The BlackBerry MDS Connection Service checks whether the user's BlackBerry device is running an authenticated
connection that can support the content request.
If the BlackBerry device is not running an authenticated connection, the BlackBerry MDS Connection Service redirects
the user to a login web page. If the user logs in, using an RSA SecurID user name and passcode, the BlackBerry MDS
Connection Service creates a connection to the content server. By default, the BlackBerry device caches the user’s
information for 24 hours of activity on the authenticated connection, or 60 minutes of inactivity.
The BlackBerry MDS Connection Service creates an HTTP session for the user and retrieves the Internet or intranet
content from the content server. The BlackBerry MDS Connection Service converts the content so that the user can
view it on the BlackBerry device, and sends the content to the BlackBerry Dispatcher over port 3200.
97
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
5. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry
device, and sends the encrypted content to the BlackBerry Router.
6. The BlackBerry Router sends the encrypted content to the wireless network over port 3101.
7. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless
network and sends the encrypted content to the BlackBerry device.
8. The BlackBerry device sends a delivery confirmation to the BlackBerry Router, and decrypts and decompresses the
content so that the user can view it in the BlackBerry Browser.
If the BlackBerry MDS Connection Service does not receive a delivery confirmation within the flow control timeout limit,
it sends a message to the wireless network to delete the pending content.
Process flow: Pushing application content to a
BlackBerry device
1. A push application on an application server or a content server behind your organization's firewall sends an HTTP POST
request to a central push server over the listen port for the content server. The default port number is 8080.
You can define one or more instances of the BlackBerry MDS Connection Service in a BlackBerry Domain as a central
push server. A push application specifies the BlackBerry Enterprise Server host name and the connection port number
that the BlackBerry MDS Connection Service listens on.
2. The central push server checks the BlackBerry Configuration Database for the following information about the intended
recipients of the application content: the PINs that are associated with the user accounts, whether the PINs are
enabled for the BlackBerry MDS Connection Service, and the active BlackBerry Enterprise Server instances that the
users are located on.
98
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
User accounts that do not appear in the BlackBerry Configuration Database, or that are pending deletion, cannot
receive the push content.
The central push server responds to the push application to acknowledge that it is processing the request, and sends
the push content to the BlackBerry MDS Connection Service instances that have active, primary connections to the
BlackBerry Enterprise Server instances.
3. The BlackBerry MDS Connection Service converts the content so that the user can view it on the BlackBerry device,
and sends the content to the BlackBerry Dispatcher over port 3200.
4. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry
device, and sends the encrypted content to the BlackBerry Router.
5. The BlackBerry Router sends the encrypted content to the wireless network over port 3101.
The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless
network, and sends the encrypted content to the BlackBerry device.
6. The BlackBerry device sends a delivery confirmation to the BlackBerry Router.
If the BlackBerry MDS Connection Service does not receive a delivery confirmation within the flow control timeout limit,
it sends a message to the wireless network to delete the pending content.
7. The BlackBerry device decrypts and decompresses the content.
The BlackBerry Application detects the incoming content by listening on a port number that the application developer
specified. For example, the BlackBerry Browser listens for push application connections on port 7874. The application
displays the content on the BlackBerry device when the user runs the application.
Process flow: Installing a BlackBerry Java Application
on a BlackBerry device over the wireless network
1. A developer creates a BlackBerry Java Application using the BlackBerry Java Development Environment or another
Java authoring tool. The developer produces an application bundle.
The application bundle contains an .alx file that stores information about the attributes of the BlackBerry Java
Application, including the author name, a description of the application, and copyright information.
2. In the BlackBerry Administration Service, you publish the application bundle to the application repository.
99
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
3. You create a software configuration and add the BlackBerry Java Application to the software configuration. You specify
that the application is required, assign an application control policy to the application, and specify wireless delivery to
BlackBerry devices.
You assign the software configuration to a group.
4. The BlackBerry Administration Service creates a deployment job.
A deployment job represents the objects that must be sent to each user's BlackBerry device and consists of multiple
tasks. Each task manages the delivery of an object (for example, a BlackBerry Java Application, an access control
policy, or an IT policy) to a BlackBerry device.
5. The delivery manager component of the BlackBerry Administration Service receives tasks to send a BlackBerry Java
Application to BlackBerry devices.
6. The BlackBerry Administration Service exports the files for the BlackBerry Java Application to a shared network folder.
7. The delivery manager converts the tasks into send module commands, queues send module commands into logical
groups for each user, and sends the send module commands to the BlackBerry Policy Service. Separate applications
are queued in separate groups.
8. The BlackBerry Policy Service processes the send module commands in the queue in sequence. When the BlackBerry
Policy Service processes a group of send module commands, it retrieves the data for the BlackBerry Java Application
from the shared network folder, and sends the send module commands with the application data to the BlackBerry
Dispatcher.
If the send module commands are less than 56 KB, the BlackBerry Policy Service sends them in one data packet. If the
send module commands exceed 56 KB, the BlackBerry Policy Service sends them in multiple data packets.
9. The BlackBerry Dispatcher sends the send module commands to the BlackBerry Router.
10. The BlackBerry Router sends the send module commands to a BlackBerry device over the wireless network.
11. The BlackBerry device installs the BlackBerry Java Application. The BlackBerry device sends an acknowledgement
packet for the BlackBerry Java Application to the BlackBerry Router.
12. The BlackBerry Router sends the acknowledgement packet to the BlackBerry Dispatcher.
13. The BlackBerry Dispatcher delivers the acknowledgement packet to the BlackBerry Policy Service.
14. The BlackBerry Policy Service clears the send module commands for the BlackBerry device from the queue and
processes the next group of send module commands that are in the queue.
15. The BlackBerry Administration Service displays that the BlackBerry Java Application was delivered to the BlackBerry
device.
If the BlackBerry device does not receive all of the send module commands within 4 hours, the BlackBerry device sends a
failure acknowledgement packet to the BlackBerry Policy Service. The BlackBerry Administration Service detects the
failure acknowledgement packet and displays an installation failure message for the BlackBerry device.
100
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
BlackBerry device management process
flows
Process flow: Activating a BlackBerry device over the
wireless network
A user receives or purchases a new BlackBerry device.
1. The user contacts your organization's IT department to activate the BlackBerry device.
2. You create a temporary activation password for the user account and communicate the password to the user. The
password applies to the user account only.
3. To activate the BlackBerry device over the wireless network, the user opens the activation application on the
BlackBerry device and types the appropriate email address and activation password.
4. The BlackBerry device sends an activation request message to the email account. The message contains information
about the BlackBerry device, such as routing information and the public keys for the BlackBerry device.
5. The BlackBerry Enterprise Server sends the BlackBerry device an activation response that contains routing information
about the BlackBerry Enterprise Server and the public keys for the BlackBerry Enterprise Server.
The BlackBerry Enterprise Server and BlackBerry device establish a device transport key. The BlackBerry Enterprise
Server and BlackBerry device confirm knowledge of the device transport key to each other. If the confirmation is
successful, the activation proceeds and further communication between the BlackBerry Enterprise Server and
BlackBerry device is encrypted.
The BlackBerry Enterprise Server sends an IT policy to the BlackBerry device. If the BlackBerry device cannot accept
the IT policy, the activation process does not complete.
The BlackBerry Enterprise Server sends the appropriate service books (for example, the messaging service book,
wireless calendar service book, browser service book, and other service books) to the BlackBerry device. The user can
now send messages from and receive messages on the BlackBerry device.
6. If the user account is configured for wireless synchronization, and if wireless backup and wireless calendar
synchronization on the BlackBerry device are turned on, the BlackBerry Enterprise Server sends user data to the
BlackBerry device.
101
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
BlackBerry Enterprise Server process flows
Process flow: Resending an IT policy to a BlackBerry
device manually
1. You click a user account, and then click Resend IT Policy.
2. The BlackBerry Policy Service reads the current IT policy settings for the user account from the BlackBerry
Configuration Database to determine which IT policy to send to the BlackBerry device.
The BlackBerry Policy Service prepares to send the IT policy using the GME protocol by adding the unique identifier
and BlackBerry Enterprise Server version.
The BlackBerry Policy Service adds the unique key that the BlackBerry Domain uses to sign IT policy data packets to
the IT policy data packet.
The BlackBerry Policy Service sends the IT policy data packet to the BlackBerry Dispatcher.
3. The BlackBerry Dispatcher encrypts the IT policy data packet using the device transport key of the BlackBerry device,
compresses the content, and sends it to the BlackBerry Router for delivery to the BlackBerry device.
4. The BlackBerry Router sends the encrypted IT policy data packet to the wireless network over port 3101. The wireless
network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network.
Process flow: Authenticating data on a BlackBerry
device without connecting to the BlackBerry
Infrastructure
1. A user connects a BlackBerry device to a computer that the BlackBerry Device Manager is running on.
2. The BlackBerry Router uses a unique authentication protocol to verify that the user is a valid BlackBerry device user.
The authentication sequence uses the same authentication information for the BlackBerry Enterprise Server and
BlackBerry device that the SRP authentication sequence uses to validate the BlackBerry Enterprise Server before
permitting it to connect to the BlackBerry Infrastructure. The BlackBerry Router cannot access the value of the device
transport key of the BlackBerry device and BlackBerry Enterprise Server.
3. The BlackBerry device and BlackBerry Router use the BlackBerry Device Manager to send data to each other over the
physical connection, behind the firewall. All the data that the BlackBerry device and BlackBerry Enterprise Server send
to each other is compressed and encrypted. This data bypasses the wireless network.
The transfer of wireless data over an SRP connection is restored when the user disconnects the BlackBerry device from
the computer or closes the BlackBerry Device Manager.
102
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Glossary
10
Glossary
AES
Advanced Encryption Standard
AJAX
Asynchronous JavaScript and XML
API
application programming interface
ASCII
American Standard Code for Information Interchange
BlackBerry Domain
A BlackBerry Domain consists of the BlackBerry Configuration Database with its users and any
BlackBerry Enterprise Server instances that connect to it.
BlackBerry MDS
BlackBerry Mobile Data System
BlackBerry
transport layer
encryption
BlackBerry transport layer encryption (formerly known as standard BlackBerry encryption) uses
a symmetric key encryption algorithm to help protect data that is in transit between a BlackBerry
device and the BlackBerry Enterprise Server when the data is outside an organization's firewall.
®
CBC
cipher block chaining
CDMA
Code Division Multiple Access
CMIME
Compressed Multipurpose Internet Mail Extensions
content protection
Content protection helps protect user data on a locked BlackBerry device by encrypting the user
data using the content protection key and ECC private key.
DES
Data Encryption Standard
device transport key
The device transport key (formerly known as the master encryption key) is unique to a
BlackBerry device. The BlackBerry device and BlackBerry Enterprise Server use the device
transport key to encrypt the message keys.
DMZ
DNS
A demilitarized zone (DMZ) is a neutral subnetwork outside of an organization's firewall. It exists
between the trusted LAN of the organization and the untrusted external wireless network and
public Internet.
A Domain Name System (DNS) is an Internet database that translates domain names that are
meaningful and recognizable by people into the numeric IP addresses that the Internet uses.
DOM
ECC
Document Object Model
Elliptic Curve Cryptography
EDGE
Enhanced Data Rates for Global Evolution
103
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Glossary
Enterprise Service
Policy
The Enterprise Service Policy controls which BlackBerry devices can connect to a BlackBerry
Enterprise Server.
GAL
Global Address List
GAN
GANC
generic access network
generic access network controller
gateway message
envelope
The gateway message envelope protocol is a Research In Motion proprietary protocol that allows
the transfer of compressed and encrypted data between the wireless network and BlackBerry
devices. The protocol defines a routing layer that specifies the types of message contents
allowed and the addressing information for the data. Gateways and routing components use this
information to identify the type and source of the BlackBerry device data, and the appropriate
destination service to route the data to.
GPS
Global Positioning System
GSM
Global System for Mobile Communications
Hypertext Markup Language
HTML
HTTP
HTTPS
IEEE
Hypertext Transfer Protocol over Secure Sockets Layer
Hypertext Transfer Protocol over Secure Sockets Layer
Institute of Electrical and Electronics Engineers
Internet Message Access Protocol
Internet service provider
IMAP
ISP
IP
Internet Protocol
IP address
An Internet Protocol (IP) address is an identification number that each computer or mobile
device uses when it sends or receives information over a network, such as the Internet. This
identification number identifies the specific computer or mobile device on the network.
IT administration
command
An IT administration command is a command that you can send over the wireless network to
protect sensitive information on a BlackBerry device or delete all BlackBerry device data.
IT policy
An IT policy consists of various IT policy rules that control the security features and behavior of
BlackBerry smartphones, BlackBerry PlayBook tablets, the BlackBerry Desktop Software, and
the BlackBerry Web Desktop Manager.
IT policy rule
An IT policy rule permits you to customize and control the actions that BlackBerry smartphones,
BlackBerry PlayBook tablets, the BlackBerry Desktop Software, and the BlackBerry Web
Desktop Manager can perform.
Java ME
JDBC
Java Platform, Micro Edition
Java Database Connectivity
JavaScript Object Notation
JSON
104
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Glossary
Kerberos protocol
LAN
The Kerberos protocol is a Microsoft Active Directory authentication protocol that permits a
trusted third-party application to authenticate clients by exchanging encrypted service tickets
with Microsoft Active Directory.
A local area network (LAN) is a computer network shared by a group of computers in a small
area, such as an office building. Any computer in this network can communicate with another
computer that is part of the same network.
LDAP
Lightweight Directory Access Protocol
LTPA
Lightweight Third-Party Authentication
MAPI
Messaging Application Programming Interface
The message keys encrypt the data that is sent to and from a BlackBerry device.
message keys
messaging server
A messaging server sends and processes messages and provides collaboration services, such as
updating and communicating calendar and address book information.
MSDE
MTLS
NAT
Microsoft SQL Server Desktop Engine
Mutual Transport Layer Security
network address translation
NT LAN Manager
NTLM
PIN
personal identification number
principal encryption
key
The principal encryption key encrypts the device transport key when a BlackBerry device is
locked if content protection is turned on.
RPC
remote procedure call
RTF
Rich Text Format
service books
SIP
Service books determine which services are available on BlackBerry devices.
Session Initiation Protocol
S/MIME
SMS
Secure Multipurpose Internet Mail Extensions
Short Message Service
SNMP
SQL
Simple Network Management Protocol
Structured Query Language
SRP
Server Routing Protocol
SSL
Secure Sockets Layer
TCP/IP
Transmission Control Protocol/Internet Protocol (TCP/IP) is a set of communication protocols
that is used to transmit data over networks, such as the Internet.
Triple DES
Triple Data Encryption Standard
105
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Glossary
UCS
UMA
UNC
USB
VPN
WAP
XML
Universal Content Stream
Unlicensed Mobile Access
Universal Naming Convention
Universal Serial Bus
virtual private network
Wireless Application Protocol
Extensible Markup Language
106
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Legal notice
12
Legal notice
©
®
2013 BlackBerry. All rights reserved. BlackBerry and related trademarks, names, and logos are the property of
BlackBerry Limited and are registered and/or used in the U.S. and countries around the world.
Adobe and Acrobat are trademarks of Adobe Systems Incorporated. Bluetooth is a trademark of Bluetooth SIG. Corel and
WordPerfect are trademarks of Corel Corporation. GSM is a trademark of the GSM MOU Association. IBM, Lotus, Domino
and Sametime are trademarks of International Business Machines Corporation. IEEE 802.11a, IEEE 802.11b, and IEEE are
trademarks of the Institute of Electrical and Electronics Engineers, Inc. Java, JDBC, and JavaScript Kerberosis a trademark
of the Massachusetts Institute of Technology. Microsoft, Hyper-V, ActiveX, Active Directory, Excel, PowerPoint, SQL Server,
Visual Studio, RSA Authentication Manager, Microsoft Lync Server, Windows, and Windows Server are trademarks of
Microsoft Corporation. Novell and GroupWise are trademarks of Novell, Inc. PGP is a trademark of PGP Corporation. RSA
and RSA SecurID are trademarks of RSA Security. Wi-Fi is a trademark of the Wi-Fi Alliance. All other trademarks are the
property of their respective owners.
This documentation including all documentation incorporated by reference herein such as documentation provided or
made available at www.blackberry.com/go/docs is provided or made accessible "AS IS" and "AS AVAILABLE" and without
condition, endorsement, guarantee, representation, or warranty of any kind by BlackBerry Limited and its affiliated
companies ("BlackBerry") and BlackBerry assumes no responsibility for any typographical, technical, or other
inaccuracies, errors, or omissions in this documentation. In order to protect BlackBerry proprietary and confidential
information and/or trade secrets, this documentation may describe some aspects of BlackBerry technology in generalized
terms. BlackBerry reserves the right to periodically change information that is contained in this documentation; however,
BlackBerry makes no commitment to provide any such changes, updates, enhancements, or other additions to this
documentation to you in a timely manner or at all.
This documentation might contain references to third-party sources of information, hardware or software, products or
services including components and content such as content protected by copyright and/or third-party websites
(collectively the "Third Party Products and Services"). BlackBerry does not control, and is not responsible for, any Third
Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility,
performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The
inclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement by
BlackBerry of the Third Party Products and Services or the third party in any way.
EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS,
ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR
WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE
QUALITY, NON-INFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A
COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE
OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES
REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR
PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND
CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE
108
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Legal notice
DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE
HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM
THAT IS THE SUBJECT OF THE CLAIM.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL
BLACKBERRY BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR
PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY
PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING
DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED
DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS,
BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION
OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY
APPLICATIONS USED IN CONJUNCTION WITH BLACKBERRY PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF
THE USE OF BLACKBERRY PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST
OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR
PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF
BLACKBERRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, BLACKBERRY SHALL HAVE NO
OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING
ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY.
THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF
THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT,
NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL
BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY
CONTAINED HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS,
AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSO
INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT
CONTRACTORS.
IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR,
EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF BLACKBERRY OR ANY AFFILIATES OF
BLACKBERRY HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION.
Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that
your airtime service provider has agreed to support all of their features. Some airtime service providers might not offer
®
Internet browsing functionality with a subscription to the BlackBerry Internet Service. Check with your service provider for
availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with
BlackBerry's products and services may require one or more patent, trademark, copyright, or other licenses in order to
avoid infringement or violation of third party rights. You are solely responsible for determining whether to use Third Party
Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring
them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any
Third Party Products and Services that are provided with BlackBerry's products and services are provided as a
convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees,
representations, or warranties of any kind by BlackBerry and BlackBerry assumes no liability whatsoever, in relation
thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of
109
Download from Www.Somanuals.com. All Manuals Search And Download.
Feature and Technical Overview
Legal notice
separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a
license or other agreement with BlackBerry.
Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server, BlackBerry
Desktop Software, and/or BlackBerry Device Software.
The terms of use of any BlackBerry product or service are set out in a separate license or other agreement with BlackBerry
applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN
AGREEMENTS OR WARRANTIES PROVIDED BY BLACKBERRY FOR PORTIONS OF ANY BLACKBERRY PRODUCT OR
SERVICE OTHER THAN THIS DOCUMENTATION.
Certain features outlined in this documentation might require additional development or Third Party Products and Services
for access to corporate applications.
BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario
Canada N2K 0A7
BlackBerry UK Limited
200 Bath Road
Slough, Berkshire SL1 3XE
United Kingdom
Published in Canada
110
Download from Www.Somanuals.com. All Manuals Search And Download.
|