How BlackBerry 10 connects to your enterprise
by Volker Weber
If you understand German, read this. Otherwise, read on.
There is some confusion about the use of ActiveSync in BlackBerry 10 and how you would provision BlackBerry 10 devices with Exchange and Domino. So I sat down with RIM last week and drew up some architecture charts. Here is what I learned.
BB10 devices have a personal perimeter and a work perimeter. The personal perimeter is controlled by the user, the work perimeter is managed by the enterprise. Both perimeters have their own file system and apps. And they don't touch.
The user can set up email accounts to connect to GMail, or any other public server. They can also set up an Exchange ActiveSync account and provision themselves, if their enterprise lets them do that. However, all data will reside in the personal perimeter.
The work perimeter works similar to the current BlackBerry architecture. It connects to the RIM infrastructure. On the enterprise side you have a server, that also connects to that infrastructure. BB10 devices talk to your server through an end-to-end encrypted connection just like your current BlackBerrys do.
However, there is one important change. The current BlackBerry Enterprise Server (BES) has a sync component that connects BES with your Exchange, Domino or Groupwise Server, and it will forward mail, contacts and calendars to your BlackBerry. With BB10 that sync component goes away. Instead, the BB10 device talks Exchange ActiveSync, through that secure connection, directly to your collaboration server. For Exchange that means, BB10 devices will connect like any iPhone, just from inside the company. For Domino that means, you will have to run Traveler to support your BB10 devices. And yes, IBM will need to support BB10 devices on Traveler. Ask IBM about it.
If your security requirements are low, you don't need a RIM server at all. You can just let users connect the BB10 device to Exchange or to Traveler and you are good to go. If you need the security that RIM provides with current BlackBerry devices, you install a server, buy BlackBerry service from your carrier, and then you manage BB10 devices just like you do today.
Dropping the sync component gives you one additional benefit. You can manage multiple BB10 devices for one user. Currently it's one BlackBerry per user.
What about iPhones and Android devices in that scenario? RIM will provide container apps next year, that let iPhones (or iPads) and Androids use the same secure BlackBerry connection.
I still have some open questions that RIM cannot answer yet, since the answers involve contract issues with the mobile operators. For instance: how do you provide BlackBerry Messenger (BBM) for personal use. BBM depends on the RIM infrastructure.
The biggest benefit of the BB10 architecture is in the BYOD space. Enterprise can manage the work perimeter witout touching the personal perimeter. If you set up a draconian password policy, users will only need to unlock the work perimeter, not their personal perimeter. They can install Facebook, Twitter, etc. without ever touching your business data.
Now the BB10 device just have to be sexy enough that users actually bring their own.
Comments
Since Exchange 2013 is the last version with MAPI/CDO support, RIM had to change the syncing interface anyway. And MAPI/CDO errors are often the cause of many problems in exchange enviroments (the keyword is "throttling policy")
Merging RIM Architecture with ActiveSync sounds like a very, very good idea.
"For Domino that means, you will have to run Traveler to support your BB10 devices. And yes, IBM will need to support BB10 devices on Traveler. Ask IBM about it."
We've publicly stated a plan to support BB10 through Traveler, when used with the server on the enterprise side as you describe, using Exchange ActiveSync. Expected and planned for in the Traveler release in Q1 2013
Thank you, Ed. RIM launches BB10 on Jan 30. Should you release Traveler at Connect-o-sphere, that would be very timely.
Hi,
When you say "RIM will provide container apps next year, that let iPhones (or iPads) and Androids use the same secure BlackBerry connection." do you mean that iOS and Android devices will have access to the same email system/infrastructure or BBM as RIM devices?
I ask because one of the things that is most missed on iOS is the reliability of the BB email, for example the experience in areas of low bandwidth (for one). A BB experience app would be superb.
Thanks
Yes, that is what I mean.
What about alternative ActiveSync implementations like Z-Push, will they possibly work?
I have no information, but I would expect them to work. The BB infrastructure provides a very robust VPN connection. If a PlayBook works with Z-Push, so will BB10.
Fantastic!
That would be an amazing benefit to iOS users. The iOS platform is so much richer but does not play well with corporate email -- a blend of the two would be incredible.
Thanks for the response!
Kambiz, don't overlook the word "container". I am pretty sure that it will contain not only the endpoint for the VPN but also mail, calendar, contacts. Much like Good for Enterprise.
Hopefully this container solution supports tasks like "Phone app can use contact info from Container" - or are there two phone apps - one for work and one for private?
We face similar challenges at the moment...
No specifics yet.
Volker, if I understand you correctly, the sync component for Domino or Exchange at the BES level depends on the BES version.
So if you keep your BES at release 5, the sync component at the BES will stay, and you could serve BB10 devices with the BES 5 server, without the need for Traveler and alike then? Or I am mixing something up here?
Bear in mind that enterprise IT does not always upgrade to the latest BES level so quickly.
BES 5 retains the sync component. It will continue to support legacy BlackBerrys up to 7.x.
BES 10 is a new server, which does not support legacy BlackBerrys. This one comes without the sync component and serves BB10 devices.
If you have a mix of BB10 and legacy BlackBerrys, you are running two servers.
thanks for the clarification.
The key question is whether you can serve BB10 devices from a BES 5 at all or whether a BES 10 server is mandatory for them.
If BES 10 is required, this might slow down adoption of BB10, because the user depends on corporate IT upgrade plans to BES 10.
As I tried to explain, you don't need BES 10 at all. Exactly as you do not need it for iPhones and Androids. It is optional. And no, BES 5 will not support BB10 devices.
If you want to manage and securely connect BB10 devices, you will need BES 10.
It was precisely "container" that I was focused upon! I think a solution like this is a good move for RIM and a huge benefit to iOS and android customers. iOS is so limited and buggy when it comes to corporate environments from my experience as an end user -- great consumer device but frustrating to use for corp communications, particularly in low bandwidth/reception areas. Some step towards BB's functionality, albeit in a self-contained app, would be phenomenal...
Excellent Volker
Mixed OS support from RIM is already here in BlackBerry Mobile Fusion
Mobile Fusion is modular
1. Your existing BlackBerry 5 server (Enterprise and/or Enterprise Express) will continue to support OS 7 and below
2. Install BDS BlackBerry Device service - PlayBooks and BB10 BlackBerry
3. Install UDS Universal Device Service - Ios and Android Smaryphones and Tablets
4. Install Mobile Fusion Studio - Mobile Fusion Studio is a further installation which connects to the web-based admin sites of each module giving you a one-stop admin site to monitor/deploy all. (Fusion Studio can be installed on either BES/BDS/UDS)
BDS and UDS modules cannot be installed onto a server containing BES or BESx but can be installed together if you pay close attention to port conflicts - see this KB http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=96C018DE1E91C864CE5B6CEF9E6148B8?externalId=KB32547&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
Mobile Fusion will be re-branded as BES10 - it will still contain the BES/BESX, BDS and UDS modules http://bizblog.blackberry.com/2012/08/blackberry-enterprise-service-1/
Mobile Fusion software is free - each device on BDS or UDS requires a cal (approx same price as a BES CAL)
http://uk.blackberry.com/business/software/blackberry-mobile-fusion-emea.html
RIM have stated a trade-in will exist for CALS from BES to BDS
Much easier. It will be a per user CAL.
Good info & was wondering if there is update to this with some diagrams as well. I can share some after I remove company related information if you are interested to upload here.
Thanks,
Ashok
