Enterprise BlackBerry World So You`re Being Deployed within the

Enterprise BlackBerry World
So You're Being Deployed within the
Corporate Perimeter, Now What?
JAM305
John Mutter – BlackBerry
5 February, 2013
@muttejo
Objectives
 Corporate Perimeter Primer
 Testing on the Perimeter
 What You Need to Know
 Selling Apps to the Enterprise
2
The Corporate Perimeter
A Brief Primer and history of the Universe
3
What is the Corporate Perimeter?
 Balance
 Secure App Container
 BlackBerry Connection Service
 BlackBerry World for Enterprise
BlackBerry Balance
Trusted BlackBerry security simplified

Secures corporate data without
restricting a user’s personal experience

Automatically identifies Enterprise
data based on its source
(i.e. corporate email server)

Isolates and prevents work data from
leaking into personal use channels
(i.e. cut and paste, file copy)

Ensures privacy of personal data
for users
Behind the Firewall
 How to connect your Application to services behind-the-firewall:
Step 1. Deploy to device via Enterprise BlackBerry App World
Step 2. Done
BlackBerry 10
Any Port
Any Protocol
Application Server(s)
BlackBerry Device
Service
BlackBerry Protocol –
256 AES Encryption,
Port 3101
Personal
Perimeter
Work
Perimeter
Email/PIM
6
Enterprise BlackBerry World

Only accessible from the
“Work” perimeter

Provides end user access to
company sanctioned optional
applications

Differentiates BlackBerry App
World hosted content from
BlackBerry Device Service hosted
content

Once installed, applications will
appear in ‘Work’ perimeter and will
be available in My World for
application management
BlackBerry Application Deployment

BlackBerry App World Managed Content

Optional


Available in the “BlackBerry App World for work” Catalog. Self Service user installation
Internally Managed Content

Optional


Available in the “BlackBerry App World for work” Catalog. Self Service user installation
Mandatory applications

Silently installed on end user devices
Testing Work Apps
If you’re not interested in just winging it…
You CAN try it out yourself.
9
BlackBerry Enterprise Server 10
 http://us.blackberry.com/business/software/bes-10.html
 60 day Free trial
Need to Know
Walking, Talking, and Chewing Gum.
11
Android
 Not Supported in Work Perimeter
 Can’t be Deployed through BlackBerry World for Enterprise
 Personal App Only
BAR Files
 Enterprise May Ask You For Them
 Can Be Deployed Behind the Firewall
 Licensing Opportunities All Around it
 Best Suited for Site License Agreements
Visibility of the App Icons
 Only Visible in Work Mode
 May be more than one copy
of the app
 If the Corporation removes
the Perimeter, the App in
the Work Perimeter is
uninstalled
File Access
Personal
• Isolated to personal perimeter
• Restricted access to work data
• Installed from App World via personal UI
Work
• Isolated to work perimeter
• Can access personal shared data
(controllable by IT rule)
• Installation controlled by enterprise, either:
• Software configuration  required & optional apps
• Whitelist of apps in App World creating Enterprise
Catalog
Dual
• Operate in both work and personal perimeters
• Simultaneous instances: isolated & independent
Hybrid
 Native RIM apps touch both perimeters
 Secures co-mingling of work and personal data
(adjustable by IT rules)
Work Perimeter
Personal Perimeter
Personal
Apps
Work Apps
Hybrid Apps
Enterprise App
World
Enterprise App 1
Enterprise App 2
Enterprise App 3
Enterprise App 4
Enterprise App ..
Calendar
App World
Contacts
Unified Inbox
Reminder
Universal Search
Social
BBM
Video Chat
Camera
Phone
Dual Apps
Mobile Voice
Service
File
Manager
File
Manager
Other IM &
P2P
Others
Documents
To Go
Documents
To Go
Compass
Browser
Browser
Calculator
Music, Video
& Pictures
Music,
Video &
Pictures
Android
Runtime
Print To Go
Print To Go
Other
Other
NFC Smart
Tag
Other
File System Paths
 Cascades has a class that provides access to the
sandbox:
QDir
 Also provided are static functions that give access to the
different paths
QDir::currentPath() – path to the apps working directory
QDir::homePath() – returns the app’s data directory path
QDir::tempPath() – access to the app’s temp directory
16
File System Permissions
 Not all the directories viewable are accessible

app
 Compiled application, assets, source

data
 This is where you store your data. The $HOME environment variable
is this directory

db
 The application's database files.
17
File System Permissions

logs
 System logs for an application. The application's stderr and stdout are
redirected to this directory.

shared
 Subfolders that contain shared data grouped by type. All applications
can read from this directory. An application can write to this directory
only if the access_shared permission is specified.

tmp
 The application's temporary working files.
18
Policy and Profile Reference Guide
 http://docs.blackberry.com/en/admin/deliverables/48974/
BlackBerry_Device_Service_6.2_Policy_and_Profile_Ref
erence_Guide_en.pdf
 101 Pages of Detailed Information
19
Specific IT Control Policies
Specify whether a BlackBerry device user can purchase applications from the BlackBerry World
storefront using the purchasing plan for your organization's wireless service
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
20
Specific IT Control Policies
Specify whether apps can reset the security timer on a BlackBerry device to prevent the device
from locking after the period of user inactivity that you specify in the Security Timeout rule or the
user specifies in the Password Lock settings on the device elapses. If you set this rule to Disallow,
the device will lock without user interaction when running apps that attempt to reset the security
timer, such as apps that display navigation information, slideshows, and videos. If you set this rule
to Allow, the device will not lock after the period of user inactivity elapses when running apps that
can reset the security timer.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
21
Specific IT Control Policies
Specify whether a BlackBerry device user can back up and restore the apps and data that are
located in the work space of the device using BlackBerry Link. If you set this rule to Allow, the user
can back up and restore the contents of the work space when the user performs a backup or
restore. If you set this rule to Disallow, the option to back up and restore the contents of the work
space is disabled
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
22
Specific IT Control Policies
Specify whether a computer can access work space content on a BlackBerry device using a USB
connection or the file-sharing option with Wi-Fi.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.1
N/A
Possible Values
Allow, Disallow
23
Specific IT Control Policies
Specify whether development mode is restricted for BlackBerry device users. Development mode
allows software development tools to connect to a device and also allows you or a user to install
applications directly on the device using a USB or Wi-Fi connection. If you set this rule to Yes,
users can only download and install applications from the BlackBerry World storefront and you
can also send applications to devices using the BlackBerry Administration Service.
Default
No
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.1
10.0
2.1
Possible Values
Yes, No
24
Specific IT Control Policies
Specify whether a BlackBerry device user can use the voice control commands on a BlackBerry
device. If you set this rule to Allow, the user can use all of the voice control commands on the
device. If you set this rule to Disallow for Email and Calendar, the user cannot use any of the
email and calendar voice control commands on the device. If you set this rule to Disallow, the user
cannot use any of the voice control commands on the device.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow for Email and Calendar,
Disallow
25
Specific IT Control Policies
Specify whether a BlackBerry device user can use voice dictation in work apps. If you set this rule
to Allow, the user can use voice dictation in all apps that support this feature. If you set this rule to
Disallow, the user cannot use voice dictation in work apps.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
26
Specific IT Control Policies
Specify the time in hours that must elapse without a BlackBerry device connecting to your
organization's network before the device deletes the data in the work space. Use this rule to make
the device delete the data in the work space if it cannot receive updates or commands. If you set
this rule to a null value, the device does not delete the data from the work space if it cannot
connect to your organization's network. By default, this rule is set to a null value.
Default
null
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.0
10.0
2.0
Possible Values
27
Specific IT Control Policies
Specify whether personal apps on a BlackBerry device can use your organization’s Wi-Fi or VPN
network to connect to the Internet. If you set this rule to Allow, all personal apps can use your
organization’s network to connect to the Internet. If you set this rule to Disallow, personal apps
cannot use your organization’s network to connect to the Internet.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
28
Specific IT Control Policies
Specify whether work apps on a BlackBerry device must connect to your organization's network
through the BlackBerry Device Service. Setting this rule to Yes also permits BlackBerry PlayBook
tablets to connect to your organization's network through the BlackBerry Enterprise Server using a
BlackBerry Bridge connection to a BlackBerry smartphone running BlackBerry Device Software
5.0 to 7.1.
Default
No
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.0
10.0
2.0
Possible Values
Yes, No
29
Specific IT Control Policies
Specify whether personal apps can access work contacts on a BlackBerry device. If you set this
rule to All, all personal apps can access work contacts. If you set this rule to Only RIM Apps, some
apps developed by Research In Motion (BlackBerry Messenger, Text Messages, visual voice mail,
and voice dialing) can access work contacts. If you set this rule to None, personal apps cannot
access work contacts.
Default
All
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
All, Only RIM Apps, None
30
Specific IT Control Policies
Specify whether data encryption is turned on for the personal space of a BlackBerry device. If you
set this rule to Yes, data is encrypted in the personal space on the device.
Default
No
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.1
10.0
2.1
Possible Values
Yes, No
31
Specific IT Control Policies
Specify whether a BlackBerry device user can share work data on a device using the BBM Video
with Screen Share feature. If you set this rule to Allow, the user can share all work data with other
BBM Video chat participants. If you set this rule to Disallow, the device locks the work space when
the user uses BBM Video with Screen Share and the user cannot unlock the work space until the
screen sharing part of the BBM Video chat is complete.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
32
Specific IT Control Policies
Specify whether work apps on a BlackBerry device can access personal data if a user permits it.
When a user installs a work app, the device displays a message that provides the user with the
option to Allow or Deny the app’s request to access personal data. If you set this rule to Disallow,
work apps cannot access personal data regardless of the user settings on the device and users
cannot attach personal files to messages sent from a work account or share content from the
personal space with applications in the work space.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.1
N/A
Possible Values
Allow, Disallow
33
Specific IT Control Policies
Specify whether the BBM Video feature on a BlackBerry device can use your organization’s Wi-Fi
network, VPN network, or the BlackBerry MDS Connection Service for incoming and outgoing
video chats.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
34
Specific IT Control Policies
Specify whether a BlackBerry device can send work contacts to another Bluetooth enabled device
using the Bluetooth Phone Book Access Profile (PBAP) or Hands-Free Profile (HFP). If you set
this rule to Disallow, users cannot transfer work contacts using PBAP or HFP. Setting this rule to
Disallow also prevents users from transferring work messages using the Bluetooth Message
Access Profile (MAP).
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
35
Specific IT Control Policies
Specify whether a BlackBerry device can send work files and objects such as contacts to another
Bluetooth enabled or NFC-enabled device using the Bluetooth Object Push Profile (OPP).
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
36
Specific IT Control Policies
Specify whether a BlackBerry device can send messages from the work space (for example,
email messages and instant messages) to another Bluetooth enabled device using the Bluetooth
Message Access Profile (MAP). Setting the Transfer Work Contacts Using Bluetooth PBAP or
HFP rule to Disallow also prevents users from sending messages using the Bluetooth MAP,
regardless of the setting for this rule.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
37
Specific IT Control Policies
Specify whether BlackBerry device users can use the browser in the personal space to open links
in work email messages. If you set this rule to Allow, links in work email messages will open in the
browser in the personal space by default and the device displays a message that provides the
user with the option to open the link in the browser in the work space instead. Your organization
may require intranet links to be opened in the browser in the work space. If you set this rule to
Disallow, links in work email messages will always open in the browser in the work space.
Default
Allow
Introduced in
Minimum
Minimum
BlackBerry Device BlackBerry 10 BlackBerry
Service Version
OS Version
PlayBook OS
Version
6.2
10.0
N/A
Possible Values
Allow, Disallow
38
Connectivity
 Carrier Supplied
 BlackBerry Connection Service
The Internet
BlackBerry 10
Any Port
Any Protocol
Application Server(s)
BlackBerry Device
Service
BlackBerry Protocol –
256 AES Encryption,
Port 3101
Personal
Perimeter
Work
Perimeter
Email/PIM
39
Access to Shared Resources
 Camera
 Calendar
 Mail
 Phone
40
What are the Features?
Why again would I want this thingy-ma-jig?
41
Features of Corporate Perimeter
Secure Communication Behind the Firewall
• MDS-CS
• Always On, Bi-Directional VPN
Secure App Container for Corporate Data
• BlackBerry Balance
• Work Perimeter and Personal Perimeter
Enterprise Grade Managed Device (MDM)
• BlackBerry Device Service
• BlackBerry Mobile Fusion
Application Distribution and Management
• Enterprise App World for Corporations, Completely Private.
• Mandatory and Optional Apps with Version Control for Individuals and Groups.
Selling to Enterprise
There’s Gold up in them there hills!
43
Direct Licensing
 Enterprise License Agreements
 Seat Licensing
 Custom App Licensing
Support/Maintenance Contracts
 Enterprise Pays for Support
 Maintenance Updates… Not Free.
45
Don’t Forget…
 Download the Mobile Conference Guide from BlackBerry
World. Search for BlackBerry Jam Europe!
 Complete your session surveys in your conference portal
or on your BlackBerry 10 device using the Mobile
Conference Guide.
 Join us at the BlackBerry Jam Europe Appreciation event
tonight in the Europa Foyer on the RAI’s ground floor.
46
THANK YOU
JAM305
John Mutter – BlackBerry
5 February, 2013
@muttejo