Information Systems:Blackberry Enterprise Server (BES)

From uniWIKI
Jump to navigation Jump to search

Design

Since 2005, we have had an on-premise BES server that provided the email middle man between Domino and the Blackberry phones. The BES server also provided us with a way to secure and manage the phones in a very similar way compared to Active Directory does with Windows PC's. Now that the BES server is hosted in Waterloo, all those same functions are accessed from the BES12 Portal.

https://p11002.emm.blackberry.com/admin/index.jsp?tenant=S74188250

Username admin Password NewVisionIT

Yes that is one ugly looking URL but it is the correct one for us. Please bookmark it into your Favourites. The user interface is different from BES version 10 as the portal is based on version 12, however all the same functions and abilities are included. There is a much bigger emphasis on making sure that BES administrators like myself understand that Apple and Android and Windows phones are treated equally to Blackberry devices and this shows up in the policy section where settings are pushed to all the different device types.

I have re-created the policy and settings documents that currently exist on the on-premise BES server into the new BES12 portal. The BES12 portal will work with IBM Traveler in exactly the same way as the on-premise server does. For clarities sake, Traveler is installed on the Power8 and the Traveler website is served from the Power8 on its own public IP using its own SSL certificate. The BES12 portal bundles up all the correct Traveler settings plus the policy settings and then pushes that to the phone when it is provisioned. When the phone gets the bundle it creates the Work/Personal split environments and connects directly to the Traveler website to start syncing email. Non of the above affects any mobile device that is just directly going to the Traveler website to sync email. Although we have the option of managing Android and Apple devices through the BES12 portal, we are not doing so at this time.

There is one application that will need to reside on-premise, and that is the Blackberry Cloud Connecter program which I have installed on the Smithers server. This small program provides an HTTPS connection from our Active Directory to the BES12 portal. This is needed because there is no other way for an externally hosted service to be able to query our user database. Even a migration to Office365 needs a similar way to talk to the on-premise AD server. The Blackberry Cloud Connecter installs two services that autostart on Smithers and there is a shortcut to the program on the Smithers desktop. TCP outbound port 3101 was opened for the Smithers server on the Sophos firewall. The service on Smithers initiates an outbound connection to the Blackberry network in Waterloo and the established connection is used when we do user lookups or when a Blackberry device uses the Network Drives feature to access files on the SuperServer.

Every Day Tasks

The BES12 portal is used when a phone needs to be provisioned or securely wiped. The portal does have a nice dashboard but it does not need to be checked on a daily basis. I do not expect that we will actually be using the portal much after our 11 phones are moved from the on-premise server to the hosted service. If we need to make adjustments to the policies pushed to the phones, they are changed from within the BES12 portal.

Yearly Tasks

The 11 device CALs that we have purchased will expire on March 28, 2017 and a decision to renew will need to be made next year. I expect that we will no longer have access to the BES12 portal after the CALs have expired.

Support

Technical support is included in each device CAL and covers the BES12 portal and the OS on the Blackberry phone. The "Tsupport" number is 52242 and it identifies us when we call 1-877-255-2377 for help.

Next Steps

I will need to make sure the migration from the on-premise server to the hosted service works correctly with the Z10 that Norwin is not using Notify Blackberry users that I will need to take their phone away for at least 1 hour to do the move to the hosted service and to reconnect their email Once all 11 Blackberry phones are moved, the on-premise BES server can be powered off and removed from the server room to be recycled. The decommissioned BES server can be re-used to evaluate VMware if needed but note that it is 5 years old and not too zippy Since Norwin is much speedier at it than me, please copy this email into the wiki so that if I get hit by bus or a lottery ticket, my replacement will know how to BES properly

Bleep Bloop

Kapooweeeeee. The BES does not exist anymore and none of the above matters. (Nuclear explosion sound goes here)

Retrieved from "https://owl.unipharm.com/mediawiki/index.php?title=Information_Systems:Blackberry_Enterprise_Server_(BES)&oldid=12462"