BlackBerry Enterprise Server Express for Microsoft Exchange Feature and Technical Overview

BlackBerry Enterprise Server Express for Microsoft Exchange Feature and Technical Overview

Feature and Technical Overview

BlackBerry Enterprise Server process flows

BlackBerry Enterprise Server process flows

Messaging process flows

Process flow: Sending a message to a BlackBerry device

6

1. A message arrives in a user’s mailbox. Microsoft® Exchange notifies the BlackBerry® Messaging Agent.

2. The BlackBerry Messaging Agent applies global filter rules to the messages in the user’s mailbox and filters the messages that match the filter criteria.

If global filter rules do not apply, the BlackBerry Messaging Agent applies filter rules that the user specified to the messages in the user’s mailbox.

3. The BlackBerry Messaging Agent sends the first 2 KB of the message (plain text, or in an HTML message, the equivalent to 2 KB of plain text) to the BlackBerry Dispatcher.

4. The BlackBerry Dispatcher compresses the first 2 KB of the message, encrypts it using the device transport key of the BlackBerry device, and sends the encrypted data to the BlackBerry Router.

5. The BlackBerry Router sends the encrypted data to the wireless network over port 3101, or over port 4101 if the BlackBerry device is a Wi-Fi® enabled BlackBerry device that is connected to the enterprise Wi-Fi network.

6. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network, and sends the message data to the BlackBerry device.

7. The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher. The BlackBerry Dispatcher sends the delivery confirmation to the BlackBerry Messaging Agent.

If the BlackBerry Messaging Agent does not receive a delivery confirmation within four hours, it sends the message to the wireless network again.

The delivery confirmation verifies that the wireless network delivered the message to the BlackBerry device, but it does not verify that the user received or opened the message.

8. The BlackBerry device decrypts and decompresses the message so that the user can view it, and notifies the user that the message arrived.

54

Feature and Technical Overview

Process flow: Sending a message from a BlackBerry device

Messaging process flows

This process flow applies to new messages, reconciled messages (messages that a user moved, deleted, or marked as read or unread), and wireless calendar entries.

1. A user sends a message from a BlackBerry® device.

The BlackBerry device assigns a RefId to the message. If the message is a meeting invitation or calendar entry, the BlackBerry device appends the calendar information to the message. The BlackBerry device compresses and encrypts the message, and sends the message to the wireless network over port 3101, or over port 4101 if the

BlackBerry device is a Wi-Fi® enabled BlackBerry device that is connected to the enterprise Wi-Fi network.

2. The wireless network sends the message to the BlackBerry® Enterprise Server Express.

The BlackBerry Enterprise Server Express accepts only encrypted messages from the BlackBerry device.

3. The BlackBerry Dispatcher uses the device transport key of the BlackBerry device to decrypt and decompress the message.

If the BlackBerry Dispatcher cannot decrypt the message using the device transport key, the BlackBerry

Enterprise Server Express ignores the message and sends an error message to the BlackBerry device.

4. The BlackBerry Messaging Agent sends the message to the user’s email application.

5. The BlackBerry Messaging Agent sends a copy of the message to the Sent Items view in the user’s email application.

6. The messaging server delivers the message to the recipients.

Process flow: Sending a message that contains an attachment from a

BlackBerry device

1. A user attaches a file to a message on a BlackBerry® device and sends the message.

55

Feature and Technical Overview

Messaging process flows

• If the BlackBerry device is not running BlackBerry® Device Software version 4.2 or later, and if the BlackBerry device does not have a CMIME service book that indicates that the BlackBerry® Enterprise Server Express supports attachment uploads, the Add Attachment menu item does not appear on the BlackBerry device.

• If the user tries to attach a file that exceeds the maximum file size that you specified, a notification appears and the user cannot attach the file.

2. The BlackBerry device compresses and encrypts the message, and sends the message to the wireless network over port 3101.

The BlackBerry device formats the header of the message to indicate that a large attachment is part of the message. The BlackBerry device does not send the attachment content.

3. The wireless network sends the message to the BlackBerry Enterprise Server Express.

4. The BlackBerry Dispatcher decrypts and decompresses the message using the device transport key of the

BlackBerry device.

If the BlackBerry Dispatcher cannot decrypt the message using the device transport key, the BlackBerry

Enterprise Server Express ignores the message and sends an error message to the BlackBerry device.

5. The BlackBerry Messaging Agent stores the message properties in the user’s mailbox.

The BlackBerry Messaging Agent sends a request for the attachment content through the BlackBerry Dispatcher to the BlackBerry device.

6. The BlackBerry device sends the attachment content through the BlackBerry Dispatcher to the BlackBerry

Messaging Agent.

If the file size of the attachment content exceeds a single data packet, the BlackBerry device divides the content into multiple data packets and sends the data packets to the BlackBerry Messaging Agent.

7. The BlackBerry Messaging Agent verifies the validity of the attachment content, and stores the content in memory as the content arrives.

During the delivery of the attachment content, if the BlackBerry Messaging Agent does not receive content from the BlackBerry device for 15 minutes, the BlackBerry Messaging Agent cancels the message, deletes the partial attachment content from temporary storage, and sends an error message to the BlackBerry device.

After all of the attachment content arrives, the BlackBerry Messaging Agent checks for other attachments that might be part of the same message.

• If other attachments exist, the BlackBerry Messaging Agent requests the attachment content.

• If no additional attachments exist, the BlackBerry Messaging Agent finishes processing the message and sends the message to the user’s email application.

The messaging server delivers the message to the intended recipients.

56

Feature and Technical Overview

Messaging process flows

Process flow: Searching an organization's address book from a BlackBerry device

1. A user searches for a contact on a BlackBerry® device.

2. The BlackBerry device assigns a RefId to the search request, compresses and encrypts the request, and sends the request to the BlackBerry® Enterprise Server Express over port 3101.

3. The BlackBerry Dispatcher decrypts and decompresses the request using the device transport key of the

BlackBerry device, and sends the request to the BlackBerry Messaging Agent.

4. The BlackBerry Messaging Agent searches the GAL on the Microsoft® Exchange server and retrieves the 20 closest matches for the contact lookup request.

The BlackBerry Messaging Agent sends the contact lookup results to the BlackBerry Dispatcher.

5. The BlackBerry Dispatcher encrypts the results using the device transport key of the BlackBerry device, compresses the encrypted data, and sends it to the BlackBerry Router for delivery to the BlackBerry device.

6. The BlackBerry Router sends the encrypted data to the wireless network over port 3101.

7. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network, and sends the encrypted data to the BlackBerry device.

8. The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher, which sends it to the

BlackBerry Messaging Agent.

If the BlackBerry Enterprise Server Express does not receive a delivery confirmation within four hours, it resubmits the contact lookup results to the wireless network.

9. The BlackBerry device decrypts and decompresses the contact lookup results with the device transport key so that the user can view them on the BlackBerry device or add them to the contact list on the BlackBerry device.

57

Feature and Technical Overview

Message attachment process flows

Process flow: Viewing a message attachment

Message attachment process flows

1. A user receives a message with an attachment on a BlackBerry® device.

2. The BlackBerry Messaging Agent verifies that the format of the attachment is valid for conversion.

If the format is not valid and the user’s BlackBerry device is Java® based, the Open Attachment menu item does not appear on the user’s BlackBerry device.

3. The user clicks the Open Attachment menu item to view the attachment on the BlackBerry device.

4. The attachment viewer sends the request to the BlackBerry Messaging Agent.

5. The BlackBerry Messaging Agent connects to the BlackBerry Attachment Service over port 1900.

6. The BlackBerry Attachment Service retrieves the attachment in binary format from the user’s message store using the BlackBerry Messaging Agent link to the messaging server.

The BlackBerry Attachment Service distills the attachment and extracts the content, layout, appearance, and navigation information from the attachment.

The BlackBerry Attachment Service organizes, stores, and links the information in a proprietary DOM in a binary

XML style.

The BlackBerry Attachment Service formats the attachment for the BlackBerry device and converts it to UCS format. The formatting is based on the request for content (for example, page and paragraph information, or search words) and the available BlackBerry device information (for example, screen size, display, or available space).

The BlackBerry Attachment Service sends the UCS data to the BlackBerry Messaging Agent using a TCP/IP connection over port 1900.

7. The BlackBerry Messaging Agent sends the converted attachment to the BlackBerry Dispatcher.

8. The BlackBerry Dispatcher compresses the first portion of the attachment, encrypts it using the device transport key of the BlackBerry device, and sends the first portion of the attachment to the BlackBerry Router.

9. The BlackBerry Router sends the first portion of the attachment to the wireless network over port 3101.

10. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network.

58

Feature and Technical Overview

Message attachment process flows

11. The wireless network delivers the attachment to the BlackBerry device.

12. The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher, which sends it to the

BlackBerry Messaging Agent. If the BlackBerry® Enterprise Server Express does not receive a delivery confirmation within 4 hours, it sends the attachment data to the wireless network again.

13. The BlackBerry device uses its device transport key to decrypt and decompress the attachment so that the user can view the attachment.

14. The user views the attachment on the BlackBerry device by selecting a section from the table of contents, or by viewing the full attachment. The original formatting of the attachment, including indents, tables, fonts, and bullets, is reflected on the BlackBerry device.

Process flow: Viewing an attachment using a link

1. A user clicks the Get Link menu item to view an attachment on a BlackBerry® device.

2. The BlackBerry device sends the request to the BlackBerry® Enterprise Server Express over port 3101.

3. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.

4. The BlackBerry MDS Connection Service creates an HTTP session for the user and sends the request to the web server.

The BlackBerry MDS Connection Service retrieves the requested content and sends it to the BlackBerry

Attachment Service.

5. The BlackBerry Attachment Service extracts the content, layout, appearance, and navigation information from the attachment and organizes, stores, and links the information in a proprietary DOM in a binary XML style.

6. The BlackBerry Attachment Service formats the attachment for the BlackBerry device and converts it to UCS format.

The formatting is based on the request for content (for example, page and paragraph information, or search words) and the available BlackBerry device information (for example, screen size, display, or available space).

7. The BlackBerry Attachment Service sends the converted attachment to the BlackBerry MDS Connection Service using HTTP.

8. The BlackBerry MDS Connection Service sends the first 250 KB of content to the BlackBerry Dispatcher over port

3200.

59

Feature and Technical Overview

Organizer data process flows

9. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry device, and sends the encrypted content to the BlackBerry Router.

10. The BlackBerry Router sends the encrypted content to the BlackBerry device.

11. The BlackBerry device uses its device transport key to decrypt and decompress the attachment content so that the user can view the attachment.

12. The user views the attachment on the BlackBerry device using the browser plug-in for the attachment viewer.

The attachment viewer processes 3 KB at a time.

Organizer data process flows

Process flow: Synchronizing organizer data for the first time on a BlackBerry device

1. A user activates a new BlackBerry® device or upgrades an existing BlackBerry device and receives the service book for the BlackBerry Synchronization Service.

2. The BlackBerry device requests the synchronization configuration information from the BlackBerry

Synchronization Service.

The configuration information indicates whether wireless data synchronization on the BlackBerry® Enterprise

Server Express is turned on, and which database can be synchronized. The configuration information also provides database synchronization types and conflict resolution settings. All data that the BlackBerry device and

BlackBerry Enterprise Server Express send between each other is compressed and encrypted.

3. The BlackBerry Synchronization Service returns the configuration information and synchronizes the databases using that information.

A synchronization agent on the BlackBerry device tracks which databases can be synchronized over the wireless network. If data already exists on both the BlackBerry device and BlackBerry Enterprise Server Express, the

BlackBerry Synchronization Service merges, adds, or updates the records during the synchronization process. If data exists on only the BlackBerry device or BlackBerry Enterprise Server Express, the BlackBerry Synchronization

Service restores the data from the appropriate location. The BlackBerry device and BlackBerry Enterprise Server

Express do not delete records during the initial synchronization process.

After the BlackBerry Synchronization Service registers a database for wireless data synchronization, it can no longer be synchronized or restored using the BlackBerry® Desktop Software.

60

Feature and Technical Overview

Organizer data process flows

The initial synchronization process is complete when the data on the BlackBerry device and the data on the BlackBerry

Enterprise Server Express are synchronized. Future changes on the BlackBerry device or BlackBerry Enterprise Server

Express are synchronized over the wireless network.

If the user changes data on the BlackBerry device or in the organizer application on the user's computer during the initial synchronization process, the BlackBerry Synchronization Service synchronizes the changes after the initial synchronization completes.

If the user connects the BlackBerry device to a computer that is running the BlackBerry® Device Manager, the initial synchronization process can occur over the connection to the BlackBerry Router instead of over the wireless network.

Process flow: Synchronizing subsequent changes to organizer data

1. A user saves a change to the organizer data or BlackBerry® device settings (for example, a new AutoText entry) on a BlackBerry device or in the organizer application on the user's computer.

2. Depending on where the user made the change, the BlackBerry device or the BlackBerry® Enterprise Server

Express adds the change to a changelist and sends the changelist to the BlackBerry Synchronization Service.

The changelist includes the target database and record information for the organizer application.

3. The BlackBerry Synchronization Service sends a change to organizer data over the wireless network, along with other entries in the changelist for the user.

The BlackBerry Synchronization Service sends other changes, including BlackBerry device information, time zone information, and backup and restore data, at the batch synchronization interval that is set on the BlackBerry

Enterprise Server Express. By default, the batch synchronization interval is 10 minutes.

To prevent synchronization errors, the BlackBerry Enterprise Server Express and BlackBerry device can send only a single changelist at a time for a user account.

The BlackBerry Synchronization Service writes a synchronization request entry to the SynchRequest table of the

BlackBerry Configuration Database, and sends the changed records to the BlackBerry Dispatcher.

4. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry device, and sends the encrypted content to the BlackBerry Router for delivery to the BlackBerry device.

5. The BlackBerry device sends a delivery confirmation to the BlackBerry Synchronization Service for each record that it receives.

61

Feature and Technical Overview

Organizer data process flows

6. The BlackBerry Synchronization Service receives delivery confirmations, deletes the corresponding synchronization request entries from the SyncRequest table, and writes an entry to the SyncRecordState table for each delivery confirmation.

Each organizer database record has a unique identifier that is mapped to a corresponding record on the

BlackBerry device.

Process flow: Adding a contact picture on a BlackBerry device

1. A user adds a picture to a contact in the address book on a BlackBerry® device and saves the change.

2. The BlackBerry device creates a changelist request to synchronize the changed record. The changelist request includes the updated record information and identifies the address book as the target for the update.

The BlackBerry device compresses and encrypts the request, and sends the request to the BlackBerry Dispatcher over port 3101.

3. The BlackBerry Dispatcher uses the device transport key of the BlackBerry device to decrypt and decompress the request, and sends the request to the BlackBerry Synchronization Service.

4. The BlackBerry Synchronization Service receives the changelist request, writes a synchronization request entry in the SynchRequest table of the BlackBerry Configuration Database, and sends the changed record to the

BlackBerry Dispatcher.

5. The BlackBerry Dispatcher sends the changed record, in XML format, to the BlackBerry Messaging Agent.

If the file size of the picture exceeds 32 KB, the BlackBerry Messaging Agent rejects the synchronization request.

6. The BlackBerry Messaging Agent sends the changed record to the messaging server.

7. The messaging server updates the user’s personal contact list.

8. The BlackBerry Messaging Agent sends a delivery confirmation to the BlackBerry Dispatcher.

9. The BlackBerry Dispatcher sends the delivery confirmation to the BlackBerry Synchronization Service.

10. The BlackBerry Synchronization Service deletes the synchronization request entry from the SyncRequest table, writes an entry in the SyncRecordState table, and sends the delivery confirmation to the BlackBerry Dispatcher.

11. The BlackBerry Dispatcher encrypts the results using the device transport key of the BlackBerry device, compresses them, and sends them to the BlackBerry Router.

12. The BlackBerry Router sends the results to the wireless network over port 3101.

62

Feature and Technical Overview

Mobile data process flows

13. The wireless network verifies that the PIN belongs to a valid BlackBerry device and sends the delivery confirmation to the BlackBerry device.

If the BlackBerry device does not receive the delivery confirmation from the wireless network within 20 minutes, it sends the synchronization request to the wireless network again. If the BlackBerry device does not receive the delivery confirmation within 8 hours, it stops resending the synchronization request to the wireless network.

Mobile data process flows

Process flow: Requesting BlackBerry Browser content on a BlackBerry device

1. A user requests Internet or intranet content from your organization's content server using the BlackBerry®

Browser on a BlackBerry device.

2. The BlackBerry device sends the request to the BlackBerry® Enterprise Server Express over port 3101.

3. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.

4. The BlackBerry MDS Connection Service creates an HTTP session for the user and retrieves the requested Internet or intranet content from the content server.

The BlackBerry MDS Connection Service converts the content so that the user can view it on the BlackBerry device, and sends the content to the BlackBerry Dispatcher over port 3200.

5. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry device, and sends the encrypted content to the BlackBerry Router.

6. The BlackBerry Router sends the encrypted content to the wireless network over port 3101.

7. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network and sends the encrypted content to the BlackBerry device.

8. The BlackBerry device sends a delivery confirmation to the BlackBerry Router, and decrypts and decompresses the content so that the user can view it in the BlackBerry Browser.

If the BlackBerry MDS Connection Service does not receive a delivery confirmation within the flow control timeout limit, it sends a message to the wireless network to delete the pending content.

63

Feature and Technical Overview

Mobile data process flows

Process flow: Requesting BlackBerry Browser content while access control is turned on for the BlackBerry MDS Connection Service

1. A user requests Internet or intranet content from your organization's content server using the BlackBerry®

Browser on a BlackBerry device.

2. The BlackBerry device sends the request to the BlackBerry® Enterprise Server Express over port 3101.

3. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.

4. The BlackBerry MDS Connection Service checks the BlackBerry Configuration Database to verify whether pull authorization is turned on, and whether the user has permission to pull content from the specified content server.

If the user does not have permission to pull content from the specified content server, the BlackBerry MDS

Connection Service rejects the request and sends an error message to the BlackBerry device.

5. The BlackBerry MDS Connection Service creates an HTTP session for the user and sends the user’s authentication credentials to the content server. If the user authenticates, the BlackBerry MDS Connection Service sends the

HTTP request to the content server. If the user does not authenticate, the BlackBerry Browser displays an "HTTP

403 Error" message, and prompts the user to type the correct credentials.

6. The BlackBerry MDS Connection Service retrieves the content from the content server, converts it so that the user can view it on the BlackBerry device, and sends the content to the BlackBerry Dispatcher over port 3200.

7. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry device, and sends the encrypted content to the BlackBerry Router.

8. The BlackBerry Router sends the encrypted content to the wireless network over port 3101.

9. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network and sends the encrypted content to the BlackBerry device.

10. The BlackBerry device sends a delivery confirmation to the BlackBerry Router, and decrypts and decompresses the content so that the user can view it in the BlackBerry Browser.

If the BlackBerry MDS Connection Service does not receive a delivery confirmation within the flow control timeout limit, it sends a message to the wireless network to delete the pending content.

64

Feature and Technical Overview

Mobile data process flows

Process flow: Requesting BlackBerry Browser content with two-factor authentication turned on

1. A user requests Internet or intranet content from your organization's content server using the BlackBerry®

Browser on a BlackBerry device.

2. The BlackBerry device sends the request to the BlackBerry® Enterprise Server Express over port 3101.

3. The BlackBerry Dispatcher sends the request to the BlackBerry MDS Connection Service over port 3200.

4. The BlackBerry MDS Connection Service checks whether the user's BlackBerry device is running an authenticated connection that can support the content request.

If the BlackBerry device is not running an authenticated connection, the BlackBerry MDS Connection Service redirects the user to a login web page. If the user logs in, using an RSA SecurID® user name and passcode, the

BlackBerry MDS Connection Service creates a connection to the content server. By default, the BlackBerry device caches the user’s information for 24 hours of activity on the authenticated connection, or 60 minutes of inactivity.

The BlackBerry MDS Connection Service creates an HTTP session for the user and retrieves the Internet or intranet content from the content server. The BlackBerry MDS Connection Service converts the content so that the user can view it on the BlackBerry device, and sends the content to the BlackBerry Dispatcher over port

3200.

5. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry device, and sends the encrypted content to the BlackBerry Router.

6. The BlackBerry Router sends the encrypted content to the wireless network over port 3101.

7. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network and sends the encrypted content to the BlackBerry device.

8. The BlackBerry device sends a delivery confirmation to the BlackBerry Router, and decrypts and decompresses the content so that the user can view it in the BlackBerry Browser.

If the BlackBerry MDS Connection Service does not receive a delivery confirmation within the flow control timeout limit, it sends a message to the wireless network to delete the pending content.

65

Feature and Technical Overview

Mobile data process flows

Process flow: Pushing application content to a BlackBerry device

1. A push application on an application server or a content server behind your organization's firewall sends an

HTTP POST request to a central push server over the listen port for the content server. The default port number is 8080.

You can define one or more instances of the BlackBerry® MDS Connection Service in a BlackBerry Domain as a central push server. A push application specifies the BlackBerry® Enterprise Server Express host name and the connection port number that the BlackBerry MDS Connection Service listens on.

2. The central push server checks the BlackBerry Configuration Database for the following information about the intended recipients of the application content: the PINs that are associated with the user accounts, whether the

PINs are enabled for the BlackBerry MDS Connection Service, and the active BlackBerry Enterprise Server Express instances that the users are located on.

User accounts that do not appear in the BlackBerry Configuration Database, or that are pending deletion, cannot receive the push content.

The central push server responds to the push application to acknowledge that it is processing the request, and sends the push content to the BlackBerry MDS Connection Service instances that have active, primary connections to the BlackBerry Enterprise Server Express instances.

3. The BlackBerry MDS Connection Service converts the content so that the user can view it on the BlackBerry device, and sends the content to the BlackBerry Dispatcher over port 3200.

4. The BlackBerry Dispatcher compresses the content, encrypts it using the device transport key of the BlackBerry device, and sends the encrypted content to the BlackBerry Router.

5. The BlackBerry Router sends the encrypted content to the wireless network over port 3101.

The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network, and sends the encrypted content to the BlackBerry device.

6. The BlackBerry device sends a delivery confirmation to the BlackBerry Router.

If the BlackBerry MDS Connection Service does not receive a delivery confirmation within the flow control timeout limit, it sends a message to the wireless network to delete the pending content.

7. The BlackBerry device decrypts and decompresses the content.

66

Feature and Technical Overview

Mobile data process flows

The BlackBerry Application detects the incoming content by listening on a port number that the application developer specified. For example, the BlackBerry® Browser listens for push application connections on port

7874. The application displays the content on the BlackBerry device when the user runs the application.

Process flow: Installing a BlackBerry Java Application on a BlackBerry device over the wireless network

1. A developer creates a BlackBerry® Java® Application using the BlackBerry® Java® Development Environment or another Java authoring tool. The developer produces an application bundle.

The application bundle contains an .alx file that stores information about the attributes of the BlackBerry Java

Application, including the author name, a description of the application, and copyright information.

2. In the BlackBerry Administration Service, you publish the application bundle to the application repository.

3. You create a software configuration and add the BlackBerry Java Application to the software configuration. You specify that the application is required, assign an application control policy to the application, and specify wireless delivery to BlackBerry devices.

You assign the software configuration to a group.

4. The BlackBerry Administration Service creates a deployment job.

A deployment job represents the objects that must be sent to each user's BlackBerry device and consists of multiple tasks. Each task manages the delivery of an object (for example, a BlackBerry Java Application, an access control policy, or an IT policy) to a BlackBerry device.

5. The delivery manager component of the BlackBerry Administration Service receives tasks to send a BlackBerry

Java Application to BlackBerry devices.

6. The BlackBerry Administration Service exports the files for the BlackBerry Java Application to a shared network folder.

7. The delivery manager converts the tasks into send module commands, queues send module commands into logical groups for each user, and sends the send module commands to the BlackBerry Policy Service. Separate applications are queued in separate groups.

8. The BlackBerry Policy Service processes the send module commands in the queue in sequence. When the

BlackBerry Policy Service processes a group of send module commands, it retrieves the data for the BlackBerry

Java Application from the shared network folder, and sends the send module commands with the application data to the BlackBerry Dispatcher.

67

Feature and Technical Overview

BlackBerry device management process flows

If the send module commands are less than 56 KB, the BlackBerry Policy Service sends them in one data packet.

If the send module commands exceed 56 KB, the BlackBerry Policy Service sends them in multiple data packets.

9. The BlackBerry Dispatcher sends the send module commands to the BlackBerry Router.

10. The BlackBerry Router sends the send module commands to a BlackBerry device over the wireless network.

11. The BlackBerry device installs the BlackBerry Java Application. The BlackBerry device sends an acknowledgement packet for the BlackBerry Java Application to the BlackBerry Router.

12. The BlackBerry Router sends the acknowledgement packet to the BlackBerry Dispatcher.

13. The BlackBerry Dispatcher delivers the acknowledgement packet to the BlackBerry Policy Service.

14. The BlackBerry Policy Service clears the send module commands for the BlackBerry device from the queue and processes the next group of send module commands that are in the queue.

15. The BlackBerry Administration Service displays that the BlackBerry Java Application was delivered to the

BlackBerry device.

If the BlackBerry device does not receive all of the send module commands within 4 hours, the BlackBerry device sends a failure acknowledgement packet to the BlackBerry Policy Service. The BlackBerry Administration Service detects the failure acknowledgement packet and displays an installation failure message for the BlackBerry device.

BlackBerry device management process flows

Process flow: Activating a BlackBerry device over the wireless network

A user receives or purchases a new BlackBerry® device.

1. The user contacts your organization's IT department to activate the BlackBerry device.

2. You create a temporary activation password for the user account and communicate the password to the user.

The password applies to the user account only.

3. To activate the BlackBerry device over the wireless network, the user opens the activation application on the

BlackBerry device and types the appropriate email address and activation password. If the device is associated with the BlackBerry® Internet Service, the user must download and install the Enterprise Activation application for BlackBerry® smartphones from the BlackBerry App World™ storefront. The user must run the application and type the appropriate work email address and activation password.

4. The BlackBerry device sends an activation request message to the email account. The message contains information about the BlackBerry device, such as routing information and the public keys for the BlackBerry device.

5. The BlackBerry® Enterprise Server Express sends the BlackBerry device an activation response that contains routing information about the BlackBerry Enterprise Server Express and the public keys for the BlackBerry

Enterprise Server Express.

The BlackBerry Enterprise Server Express and BlackBerry device establish a device transport key. The BlackBerry

Enterprise Server Express and BlackBerry device confirm knowledge of the device transport key to each other.

If the confirmation is successful, the activation proceeds and further communication between the BlackBerry

Enterprise Server Express and BlackBerry device is encrypted.

68

Feature and Technical Overview

BlackBerry device management process flows

The BlackBerry Enterprise Server Express sends an IT policy to the BlackBerry device. If the BlackBerry device cannot accept the IT policy, the activation process does not complete.

The BlackBerry Enterprise Server Express sends the appropriate service books (for example, the messaging service book, wireless calendar service book, browser service book, and other service books) to the BlackBerry device. The user can now send messages from and receive messages on the BlackBerry device.

6. If the user account is configured for wireless synchronization, and if wireless backup and wireless calendar synchronization on the BlackBerry device are turned on, the BlackBerry Enterprise Server Express sends user data to the BlackBerry device.

Process flow: Resending an IT policy to a BlackBerry device manually

1. You click a user account, and then click Resend IT Policy.

2. The BlackBerry® Policy Service reads the current IT policy settings for the user account from the BlackBerry

Configuration Database to determine which IT policy to send to the BlackBerry device.

The BlackBerry Policy Service prepares to send the IT policy using the GME protocol by adding the unique identifier and BlackBerry® Enterprise Server Express version.

The BlackBerry Policy Service adds the unique key that the BlackBerry Domain uses to sign IT policy data packets to the IT policy data packet.

The BlackBerry Policy Service sends the IT policy data packet to the BlackBerry Dispatcher.

3. The BlackBerry Dispatcher encrypts the IT policy data packet using the device transport key of the BlackBerry device, compresses the content, and sends it to the BlackBerry Router for delivery to the BlackBerry device.

4. The BlackBerry Router sends the encrypted IT policy data packet to the wireless network over port 3101. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network.

Process flow: Authenticating data on a BlackBerry device without connecting to the BlackBerry Infrastructure

1. A user connects a BlackBerry® device to a computer that the BlackBerry® Device Manager is running on.

2. The BlackBerry Router uses a unique authentication protocol to verify that the user is a valid BlackBerry device user.

The authentication sequence uses the same authentication information for the BlackBerry® Enterprise Server

Express and BlackBerry device that the SRP authentication sequence uses to validate the BlackBerry Enterprise

Server Express before permitting it to connect to the BlackBerry® Infrastructure. The BlackBerry Router cannot access the value of the device transport key of the BlackBerry device and BlackBerry Enterprise Server Express.

3. The BlackBerry device and BlackBerry Router use the BlackBerry Device Manager to send data to each other over the physical connection, behind the firewall. All the data that the BlackBerry device and BlackBerry

Enterprise Server Express send to each other is compressed and encrypted. This data bypasses the wireless network.

69

Feature and Technical Overview

BlackBerry device management process flows

The transfer of wireless data over an SRP connection is restored when the user disconnects the BlackBerry device from the computer or closes the BlackBerry Device Manager.

70

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Related manuals

Download PDF

advertisement

Table of contents