How it Works
Blackberry
Loading...
C
D
E
F
G
H
I
J
K
L
M
Loading...
Loading...
ENTERPRISE SERVER FOR MICROSOFT EXCHANGE
User Manual
175 pgs1.16 Mb0
User Manual
5 pgs71.84 Kb0
User Manual
7 pgs182.57 Kb0
User Manual
75 pgs1.27 Mb0
User Manual
15 pgs135.15 Kb0
User Manual
59 pgs419.71 Kb0
User Manual
7 pgs185.99 Kb0
User Manual
77 pgs520.85 Kb0
User Manual
26 pgs172.2 Kb0
User Manual
4 pgs155.41 Kb0
User Manual
7 pgs91.87 Kb0
User Manual
64 pgs672.77 Kb0
User Manual
5 pgs147.74 Kb0
User Manual
35 pgs330.52 Kb0
User Manual
16 pgs240.66 Kb0
Table of contents
Loading...

Blackberry ENTERPRISE SERVER FOR MICROSOFT EXCHANGE User Manual

Administration Guide
BlackBerry Enterprise Server for Microsoft Exchange
Version: 4.1 | Service Pack: 6
SWD-493311-0708083041-001
Contents
1 Creating administrator accounts..................................................................................................................................... 13
Administrative roles.................................................................................................................................................................... 13
Creating a BlackBerry Enterprise Server administrator in a Microsoft SQL Server environment................................... 14
Configure the BlackBerry Manager to use database authentication in a Microsoft SQL Server environment............ 15
2 Setting up security options............................................................................................................................................... 17
How the BlackBerry Enterprise Solution encrypts data on the transport layer................................................................. 17
Standard encryption algorithms that the BlackBerry Enterprise Solution uses............................................................ 17
Change the encryption type.................................................................................................................................................. 18
Options for extending messaging security.............................................................................................................................. 18
Protection of data using the PGP Support Package for BlackBerry devices.................................................................. 18
Prerequisites: Protecting data using the PGP Support Package for BlackBerry devices............................................. 19
Prerequisites: Protecting data using the S/MIME Support Package for BlackBerry devices...................................... 19
Generating organization-specific encryption keys for PIN-to-PIN message encryption................................................ 20
Generate a new peer-to-peer encryption key.................................................................................................................... 20
Authenticating the BlackBerry MDS Integration Service to the BlackBerry Manager and web services...................... 20
Allow the BlackBerry MDS Integration Service to communicate with the BlackBerry Manager................................ 21
Allow client authentication between the BlackBerry MDS Integration Service and web services............................. 21
3 Setting up proxy servers for BlackBerry Enterprise Server components................................................................. 23
Configuring certain BlackBerry Enterprise Server components to use proxy servers...................................................... 23
Configure a BlackBerry Enterprise Server component to authenticate to a proxy server on behalf of BlackBerry
4 Sharing BlackBerry Enterprise Server components..................................................................................................... 27
Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server
component.................................................................................................................................................................................... 27
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service
.................................................................................................................................................................................................... 27
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Integration Service
.................................................................................................................................................................................................... 28
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service
.................................................................................................................................................................................................... 28
5 Setting up user accounts................................................................................................................................................... 29
Adding user accounts to the BlackBerry Enterprise Server.................................................................................................. 29
Add user accounts to the BlackBerry Enterprise Server.................................................................................................... 29
Creating user groups................................................................................................................................................................... 29
Create a user group................................................................................................................................................................. 29
Add a user account to a user group...................................................................................................................................... 30
6 Sending software and Java applications to BlackBerry devices............................................................................... 31
Making BlackBerry Device Software and Java applications available to users................................................................. 31
Making software and applications available on a network drive......................................................................................... 31
Install the BlackBerry Device Software on a network drive.............................................................................................. 31
Indexing applications on a network drive................................................................................................................................ 33
Create or update a software index for applications on a network drive......................................................................... 33
Share a network drive for applications................................................................................................................................ 33
Defining software configurations............................................................................................................................................. 33
Create a software configuration........................................................................................................................................... 34
Define an application control policy.................................................................................................................................... 34
Send an application to a BlackBerry device over the wireless network.............................................................................. 36
Monitor wireless application push failures.............................................................................................................................. 36
Install the BlackBerry Device Software or BlackBerry Applications on a BlackBerry device using the BlackBerry
Manager........................................................................................................................................................................................ 39
Installing the collaboration client on BlackBerry devices..................................................................................................... 39
7 Setting up the messaging environment......................................................................................................................... 41
Creating email message filters.................................................................................................................................................. 41
Create an email message filter that applies to all users................................................................................................... 41
Turn on an email message filter that applies to a user group.......................................................................................... 43
Create an email message filter that applies to a specific user account......................................................................... 43
Turn on an email message filter that applies to a specific user account........................................................................ 44
Enforcing secure messaging using classifications................................................................................................................. 45
Configure message classifications............................................................................................................................................ 45
Create a message classification............................................................................................................................................ 45
Create a message classification based on an existing classification.............................................................................. 46
Order message classifications.............................................................................................................................................. 46
Delete message classifications............................................................................................................................................. 47
Mapping address book fields for synchronization and address lookups............................................................................ 47
8 Making BlackBerry MDS Runtime Applications available to users.......................................................................... 51
Creating BlackBerry MDS Runtime Applications and sending them to BlackBerry devices........................................... 51
Preparing BlackBerry devices to install BlackBerry MDS Runtime Applications.............................................................. 53
Configuring access to web services and managing signed and unsigned applications.................................................. 54
Allow BlackBerry MDS Runtime Applications to access web services using HTTPS.................................................... 54
Define a BlackBerry MDS Runtime Application as a trusted application...................................................................... 54
Configure whether users can install unsigned BlackBerry MDS Runtime Applications on BlackBerry devices...... 55
Configuring how users access and use BlackBerry MDS Runtime Applications............................................................... 55
Create a BlackBerry MDS Integration Service device policy............................................................................................ 55
Assign a BlackBerry MDS Integration Service device policy to a user group................................................................ 56
Assign a BlackBerry MDS Integration Service device policy to a specific user............................................................. 56
Sending BlackBerry MDS Runtime Applications to BlackBerry devices............................................................................. 56
Install a BlackBerry MDS Runtime Application on BlackBerry devices.......................................................................... 57
Install a BlackBerry MDS Runtime Application on a specific BlackBerry device.......................................................... 57
Applying an application control policy to a BlackBerry MDS Runtime Application......................................................... 58
Add the application launcher file for a BlackBerry MDS Runtime Application to the network drive........................ 58
Assign an application control policy to a BlackBerry MDS Runtime Application......................................................... 59
9 Configuring how users access enterprise applications and web content............................................................... 61
Specifying a BlackBerry MDS Connection Service as the central push server.................................................................. 61
Configuring how BlackBerry devices authenticate to content servers............................................................................... 61
Configure how BlackBerry devices authenticate to content servers.............................................................................. 62
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that
use NTLM.................................................................................................................................................................................. 62
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to the RSA Authentication
Configuring how the BlackBerry MDS Connection Service manages requests for web content.................................... 64
Configure the BlackBerry MDS Connection Service to manage HTTP cookie storage................................................ 64
Configure the timeout limit for HTTP connections with BlackBerry devices................................................................. 64
Configure the timeout limit for HTTP connections to web servers.................................................................................. 65
Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections........................ 65
Allowing push applications to make trusted connections to the BlackBerry MDS Connection Service........................ 65
Create a key store to store certificates for use with HTTPS connections....................................................................... 66
Add a certificate for the BlackBerry MDS Connection Service........................................................................................ 66
Export the BlackBerry MDS Connection Service certificate to make it available to push applications.................... 67
Import the BlackBerry MDS Connection Service certificate to the key store of a push application.......................... 67
Configuring how applications open trusted connections to web servers........................................................................... 68
Allow BlackBerry devices to connect to untrusted web servers....................................................................................... 68
Configure the BlackBerry MDS Connection Service to retrieve certificates for web servers...................................... 68
Configure the BlackBerry MDS Connection Service to retrieve the status of certificates for web servers............... 69
Add retrieved certificates for web servers........................................................................................................................... 70
Configuring how the BlackBerry MDS Connection Service connects to BlackBerry devices.......................................... 70
Specify the maximum amount of data that the BlackBerry MDS Connection Service can send to BlackBerry devices
.................................................................................................................................................................................................... 70
Specify the pending content timeout limit for the BlackBerry MDS Connection Service........................................... 70
Allow Java applications to use persistent socket connections with the BlackBerry MDS Connection Service........ 71
Specify the thread pool size of the BlackBerry MDS Connection Service...................................................................... 71
Specify the maximum number of persistent socket connections.................................................................................... 71
Specify the port number that the web server listens on for push application requests............................................... 72
Specify how often the BlackBerry MDS Connection Service polls for configuration information............................. 72
10 Assigning BlackBerry devices to users........................................................................................................................... 73
Preparing to distribute BlackBerry devices............................................................................................................................. 73
Assigning BlackBerry devices to user accounts...................................................................................................................... 74
Option 1: Activate a BlackBerry device using the BlackBerry Manager......................................................................... 74
Option 2: Activating BlackBerry devices over the wireless network............................................................................... 74
Option 3: Activating BlackBerry devices over the LAN..................................................................................................... 78
11 Managing administrator accounts.................................................................................................................................. 79
Assign a BlackBerry Enterprise Server administrator to a different administrative role................................................. 79
Delete an administrator account from a BlackBerry Enterprise Server.............................................................................. 79
12 Controlling the BlackBerry environment....................................................................................................................... 81
Controlling BlackBerry device access to the BlackBerry Enterprise Server....................................................................... 81
Turn on the Enterprise Service Policy.................................................................................................................................. 81
Permit a user to override the Enterprise Service Policy.................................................................................................... 82
Controlling BlackBerry device behavior using IT policies..................................................................................................... 82
Create an IT policy.................................................................................................................................................................. 82
Assign an IT policy to a group of users................................................................................................................................ 83
Deactivating BlackBerry devices without applied IT policies........................................................................................... 85
Changing the default behavior of the BlackBerry devices and BlackBerry Desktop Software in your organization
.................................................................................................................................................................................................... 85
Returning to the original default behavior of BlackBerry devices and the BlackBerry Desktop Software............... 86
Creating new IT policy rules to control third-party applications..................................................................................... 87
13 Managing user accounts................................................................................................................................................... 89
Managing user groups................................................................................................................................................................ 89
Delete a user group................................................................................................................................................................. 90
Managing user accounts............................................................................................................................................................ 90
Move a user account to a different user group................................................................................................................... 90
Move a user account out of a user group............................................................................................................................. 90
Move a user account from one BlackBerry Enterprise Server to another....................................................................... 91
Delete a user account from the BlackBerry Enterprise Server......................................................................................... 91
Update a user account manually.......................................................................................................................................... 91
14 Protecting and reassigning BlackBerry devices........................................................................................................... 93
Protecting lost, stolen, or replaced BlackBerry devices......................................................................................................... 93
Protect a lost BlackBerry device........................................................................................................................................... 93
Reissuing BlackBerry devices to new users............................................................................................................................. 94
Preparing a BlackBerry device for redistribution............................................................................................................... 95
15 Managing wireless applications...................................................................................................................................... 97
Managing applications on BlackBerry devices....................................................................................................................... 97
Upgrade an application on a BlackBerry device over the wireless network.................................................................. 97
Remove applications from BlackBerry devices over the wireless network..................................................................... 97
Change an application control policy.................................................................................................................................. 97
Managing software configurations........................................................................................................................................... 98
16 Managing organizer data synchronization.................................................................................................................... 99
Turning off organizer data synchronization............................................................................................................................ 99
Turn off synchronization of organizer data for all user accounts.................................................................................... 99
Turn off synchronization of organizer data for a user group............................................................................................ 99
Turn off synchronization of organizer data for a specific user account.......................................................................... 99
Changing how organizer data synchronizes........................................................................................................................... 100
Change the direction of organizer data synchronization for all user accounts............................................................. 100
Change the direction of organizer data synchronization for a user group.................................................................... 100
Change the direction of organizer data synchronization for a specific user account.................................................. 101
Change how conflicts during organizer data synchronization are resolved for all user accounts............................. 101
Change how conflicts during organizer data synchronization are resolved for a user group..................................... 101
Change how conflicts during organizer data synchronization are resolved for a specific user account.................. 102
17 Managing your messaging environment and attachment support........................................................................... 103
Managing message forwarding................................................................................................................................................. 103
Forward messages to a BlackBerry device when no filter rules apply............................................................................ 103
Do not deliver messages to a BlackBerry device when no filter rules apply.................................................................. 103
Forward messages from inbox subfolders to a BlackBerry device................................................................................... 104
Turn off synchronization for messages sent from BlackBerry devices that belong to a user group.......................... 104
Turn off synchronization for messages sent from a BlackBerry device.......................................................................... 104
Managing wireless message reconciliation............................................................................................................................. 105
Managing content in RTF and HTML-formatted messages.................................................................................................. 106
Turn off rich content and inline images for groups of users............................................................................................. 107
Turn off rich content and inline images in messages for individual users..................................................................... 107
Managing access to remote message data............................................................................................................................. 108
Turn off the ability to check meeting invitee availability on the BlackBerry device..................................................... 108
Turn off the ability to search for remote email messages from the BlackBerry device................................................ 108
Managing message signatures and disclaimers..................................................................................................................... 108
Add a signature to all messages sent by members of a user group................................................................................ 108
Add a signature to all messages sent from a user’s BlackBerry device.......................................................................... 109
Add a disclaimer to all messages sent from BlackBerry devices..................................................................................... 109
Add a disclaimer to all messages sent by members of a user group............................................................................... 109
Add a disclaimer to all messages sent from a user’s BlackBerry device......................................................................... 110
Specify conflict rules for disclaimers.................................................................................................................................... 110
Turn off disclaimers................................................................................................................................................................. 111
Monitor messages that users send from their BlackBerry devices...................................................................................... 111
Managing the incoming message queue................................................................................................................................. 111
Delete messages for a specific user from the incoming message queue....................................................................... 111
Managing the wireless backup and recovery of organizer data.......................................................................................... 112
Turn off the wireless backup of organizer data for a user group..................................................................................... 112
Turn off the wireless backup of organizer data for a user account................................................................................. 112
Delete a user’s organizer data from the BlackBerry Enterprise Server........................................................................... 113
Synchronizing contact pictures................................................................................................................................................. 113
Turn off synchronization for contact pictures on a user account.................................................................................... 113
Sending notification messages to users.................................................................................................................................. 113
Send a notification message to all users in the BlackBerry Domain............................................................................... 114
Send a notification message to all users on a BlackBerry Enterprise Server................................................................. 114
Send a notification message to the members of a user group......................................................................................... 114
Send a notification message to a specific user................................................................................................................... 114
Managing instant messaging.................................................................................................................................................... 114
Change the instant messaging server that the BlackBerry Collaboration Service connects to................................. 115
Changing the transport protocol that the BlackBerry Collaboration Service uses to connect to the instant
messaging server..................................................................................................................................................................... 115
Specify the Microsoft Windows domain name for users who log in to the collaboration client................................. 116
Managing instant messaging sessions.................................................................................................................................... 117
Specify the maximum number of instant messaging sessions that can be open at the same time........................... 117
Specify the idle timeout limit for instant messaging sessions......................................................................................... 117
Specify the inactivity timeout limit for instant messaging sessions............................................................................... 117
Managing instant messaging features..................................................................................................................................... 118
Prevent users from sending specific file types to instant messaging contacts using the BlackBerry Client for IBM
Lotus Sametime....................................................................................................................................................................... 118
Specifying the maximum size of file types that users can send using the BlackBerry Client for IBM Lotus Sametime
.................................................................................................................................................................................................... 118
Prevent users from sending instant messaging conversations in email messages...................................................... 118
Prevent users from saving instant messaging conversations........................................................................................... 119
Manage the icon that appears on the BlackBerry device for mobile contacts.............................................................. 119
Make additional contact information and phone numbers available for the BlackBerry Client for IBM Lotus
Sametime users........................................................................................................................................................................ 119
Troubleshooting: Instant messaging........................................................................................................................................ 120
Users cannot view phone numbers for contacts in the BlackBerry Client for IBM Lotus Sametime.......................... 121
Optimizing how the BlackBerry Attachment Service converts attachments..................................................................... 122
BlackBerry Attachment Service optimization settings...................................................................................................... 123
Change the maximum file size for attachments that users can receive......................................................................... 124
Suggested file sizes for attachments................................................................................................................................... 124
Change the maximum dimensions for image attachments that users can view........................................................... 125
Optimizing how the BlackBerry Messaging Agent reconciles attachments to the messaging server........................... 125
Change the maximum file size for attachments that users can send............................................................................. 126
Prevent users from sending large attachments.................................................................................................................. 126
Change the maximum file size of attachments that users can download...................................................................... 126
Turn off support for an attachment file format....................................................................................................................... 127
Add support for additional attachment file formats.............................................................................................................. 127
18 Managing BlackBerry MDS Runtime Applications....................................................................................................... 129
Upgrade a BlackBerry MDS Runtime Application on BlackBerry devices.......................................................................... 129
Remove a trusted certificate from the BlackBerry MDS Integration Service..................................................................... 130
Making installed BlackBerry MDS Runtime Applications unavailable on BlackBerry devices........................................ 130
Make an installed BlackBerry MDS Runtime Application unavailable on BlackBerry devices................................... 130
Make an installed BlackBerry MDS Runtime Application available on BlackBerry devices again............................. 130
Removing BlackBerry MDS Runtime Applications................................................................................................................. 131
Make a BlackBerry MDS Runtime Application unavailable for installation................................................................... 131
Remove an installed BlackBerry MDS Runtime Application from BlackBerry devices................................................. 131
Remove an installed BlackBerry MDS Runtime Application from a specific BlackBerry device................................. 132
Configuring a new connection between a BlackBerry MDS Integration Service and a BlackBerry MDS Connection
Service........................................................................................................................................................................................... 132
Make a BlackBerry MDS Connection Service available to a BlackBerry MDS Integration Service............................ 133
Make a BlackBerry MDS Connection Service unavailable to a BlackBerry MDS Integration Service....................... 133
19 Managing how users access enterprise applications and web content................................................................... 135
Restricting user access to content on web servers................................................................................................................ 135
Restrict requests for content on web servers from BlackBerry devices.......................................................................... 135
Specify web address patterns................................................................................................................................................ 135
Create a pull rule..................................................................................................................................................................... 136
Restrict or allow web address patterns using a pull rule.................................................................................................. 136
Assign a pull rule to a user group......................................................................................................................................... 137
Assign a pull rule to a specific user...................................................................................................................................... 137
Restricting user access to media content in the BlackBerry Browser................................................................................. 137
Prevent users from accessing specific media types........................................................................................................... 138
Configure a maximum file size for media types.................................................................................................................. 138
Restricting the push application content that users can receive........................................................................................ 138
Restrict push applications from sending data to BlackBerry devices............................................................................. 139
Create push initiators for push applications....................................................................................................................... 139
Turn on push authorization.................................................................................................................................................... 140
Create a push rule................................................................................................................................................................... 140
Assign push initiators to a push rule.................................................................................................................................... 141
Assign a push rule to a user group....................................................................................................................................... 141
Assign a push rule to a specific user.................................................................................................................................... 141
Encrypt push requests that push applications send to BlackBerry devices................................................................... 142
Associate a push initiator with the BlackBerry MDS Integration Service...................................................................... 142
Managing push application requests....................................................................................................................................... 143
Specify device ports for application-reliable push requests............................................................................................ 143
Store push application requests in the BlackBerry Configuration Database................................................................ 144
Configure the settings for storing push requests in the BlackBerry Configuration Database................................... 144
Configure the maximum number of active connections that the BlackBerry MDS Connection Service can process
.................................................................................................................................................................................................... 144
Configure the maximum number of queued connections that the BlackBerry MDS Connection Service can process
20 Monitoring a BlackBerry Domain.................................................................................................................................... 147
How the BlackBerry Controller monitors the BlackBerry Enterprise Server components............................................... 147
Changing how the BlackBerry Controller monitors the BlackBerry Enterprise Server components and restarts
services.......................................................................................................................................................................................... 147
Change how the BlackBerry Controller restarts the BlackBerry Messaging Agent...................................................... 147
Monitoring the BlackBerry MDS Integration Service notification messages..................................................................... 152
Set up monitoring of the BlackBerry MDS Integration Service notification messages for a BlackBerry device...... 152
Monitor the BlackBerry MDS Integration Service notification messages for a BlackBerry device............................ 153
Filter the BlackBerry MDS Integration Service notification messages by date and time............................................ 153
Block notification messages from a web services host...................................................................................................... 153
Monitoring PIN messages, SMS text messages, and calls.................................................................................................... 154
Monitor SMS text messages.................................................................................................................................................. 155
Turn off call logging................................................................................................................................................................ 156
Log files for the BlackBerry Enterprise Server components.................................................................................................. 156
Changing where the BlackBerry Enterprise Server components write log files................................................................ 156
Change the location where the BlackBerry Enterprise Server components write log files......................................... 156
Store all of the BlackBerry Enterprise Server component log files in one folder.......................................................... 157
Changing how the BlackBerry Enterprise Server components create log files................................................................. 157
Add a prefix to the file names of all the BlackBerry Enterprise Server component log files....................................... 157
Configure the maximum size for a BlackBerry Enterprise Server component log file.................................................. 157
Create a new BlackBerry Enterprise Server component log file when the current log file reaches the maximum
Changing how the BlackBerry MDS Connection Service creates a log file....................................................................... 160
Change the interval at which the BlackBerry MDS Connection Service writes information to the log file.............. 161
Change the logging level for the UDP log file.................................................................................................................... 161
Change the port number that the BlackBerry MDS Connection Service connects to when sending UDP log file
messages.................................................................................................................................................................................. 161
Change the logging level for the TCP log file..................................................................................................................... 162
Change the port number that the BlackBerry MDS Connection Service connects to when sending TCP log file
messages.................................................................................................................................................................................. 162
Change the logging level for the Event log file.................................................................................................................. 162
Change which BlackBerry MDS Connection Service activities are written to the log file............................................... 162
Change which BlackBerry Collaboration Service activities are written to the log file..................................................... 164
21 Managing a BlackBerry Domain...................................................................................................................................... 165
Managing multiple BlackBerry Domain instances................................................................................................................. 165
Connect the BlackBerry Manager to a different BlackBerry Domain............................................................................. 165
Managing CAL keys..................................................................................................................................................................... 165
Add or delete a CAL key......................................................................................................................................................... 165
Copy a license key to a text file............................................................................................................................................. 166
22 Glossary................................................................................................................................................................................ 167
23 Legal notice.......................................................................................................................................................................... 171
Administration Guide

Creating administrator accounts

Creating administrator accounts

Administrative roles

The BlackBerry® Enterprise Server uses predefined roles, which correspond to common administrative roles in organizations, to control who can perform specific tasks and limit who can access sensitive data in your organization.
You assign each BlackBerry Enterprise Server administrator to an administrative role. If you already manage your organization using Windows® groups, assign those groups to the administrative roles so that you can manage role membership through the group.
When an administrator starts the BlackBerry Manager, the BlackBerry Manager checks the authentication credentials, determines the administrative role, and displays a list of the tasks that the administrator can perform.
Role Description
security administrator (rim_db_admin_security) These administrators can perform all tasks. They are the
only administrators who can manage role membership and change sensitive security properties, such as licenses and encryption keys.
The administrator account that you created during the installation process is assigned the security administrator role automatically.
enterprise administrator (rim_db_admin_enterprise) These administrators can perform all tasks that relate to
user accounts, services, instances of the BlackBerry Enterprise Server, and global application data.
1
These administrators cannot view role membership, licenses, or encryption keys.
device administrator (rim_db_admin_handheld) These administrators can perform all tasks that relate to
user accounts and BlackBerry device management, including:
supporting new user accounts
implementing BlackBerry devices
managing software configurations
13
Administration Guide
Role Description
senior help desk administrator (rim_db_admin_sr_helpdesk)
junior help desk administrator (rim_db_admin_jr_helpdesk)
auditor (rim_db_admin_audit_<role>) These administrators can view all tasks and properties that

Creating a BlackBerry Enterprise Server administrator in a Microsoft SQL Server environment

managing the installation and behavior of third-party applications on BlackBerry devices
These administrators can perform all tasks that relate to user account management, including:
adding, moving, and deleting user accounts
updating and sending IT policies to BlackBerry devices
sending IT administration commands to BlackBerry devices
These administrators can perform tasks that relate to user account management, including:
creating and sending passwords for activating BlackBerry devices over the wireless network
resending service books or IT policies
These administrators cannot add, move, or delete user accounts or send certain IT administration commands.
relate to the role, but they cannot perform the tasks or change the properties. Use this view-only role when training new administrators.
Creating a BlackBerry Enterprise Server administrator in a Microsoft SQL Server environment
BlackBerry® Enterprise Server administrators are database users who can access the BlackBerry Configuration Database using the BlackBerry Manager. This access is restricted to the administrative roles that the BlackBerry Enterprise Server administrators are assigned to.
Only administrators who are assigned to the security administrator role can create other BlackBerry Enterprise Server administrators accounts. When creating administrator accounts, perform one of the following tasks:
assign an administrative role to an existing database account
create a new database account and assign it an administrative role
14
Administration Guide

Configure the BlackBerry Manager to use database authentication in a Microsoft SQL Server environment

Assign an administrative role to a new or existing Microsoft SQL Server database account
Note: Do not assign an administrative role using the Microsoft® SQL Server® consoles or assign more than one administrative
role to an administrator. The BlackBerry® Configuration Database uses the most restrictive settings to determine which tasks the BlackBerry Manager displays, so an administrator who is assigned both enterprise and junior help desk roles sees only the tasks for the junior help desk role.
Before you begin:
Verify that you have the system administrator role on the database server.
If you are assigning an administrator to the security or enterprise administrative role, verify that the administrator has administrative permission on the Microsoft® Exchange messaging server.
If you are creating a new database account and want to use Windows® authentication, verify that the Windows user account or group already exists.
1. In the BlackBerry Manager, in the left pane, click BlackBerry Domain.
2. On the Role Administration tab, click a role.
3. Complete one of the following actions:
• To add an administrative role to an existing Microsoft SQL Server database account, click List Administrators.
• To create a new Microsoft SQL Server database account and assign it to an administrative role, click Add
Administrators.
4. Complete one of the following actions:
• To add an administrative role to an existing administrator account, click the administrator account that you want to
add the role to.
• To create a database account only and add an administrative role to the account, type a user name.
• To create a database account for an existing Windows user account or group and add an administrative role to the
account, type a user name preceded by a domain name (for example, DOMAIN\username).
5. If prompted, type and confirm a password.
6. Click OK.
Configure the BlackBerry Manager to use database authentication in a Microsoft SQL Server environment
During the installation process, if you choose to connect to the BlackBerry® Configuration Database using Windows® authentication, the BlackBerry Manager uses Windows authentication automatically. If you create database accounts for your administrators, you must change the type of authentication that the BlackBerry Manager uses.
1. In the BlackBerry Manager, on the Tools menu, click Options.
2. Click Database.
3. In the Authentication drop-down list, click Database Authentication.
15
Administration Guide
4. Click OK.
5. Restart the BlackBerry Manager.
Configure the BlackBerry Manager to use database authentication in a Microsoft SQL Server environment
16
Administration Guide

Setting up security options

Setting up security options
2

How the BlackBerry Enterprise Solution encrypts data on the transport layer

The BlackBerry® Enterprise Solution uses a symmetric key encryption algorithm (Triple DES or AES) to protect all data that the BlackBerry® Enterprise Server and a BlackBerry device send between them.
The BlackBerry Enterprise Solution uses the symmetric key encryption algorithm to create message keys and master encryption keys, and uses those encryption keys to encrypt all data that the BlackBerry device sends or receives, while the data travels between the BlackBerry device and the BlackBerry Enterprise Server.
This data encryption process occurs automatically and is designed to verify that a message that a user sends from a BlackBerry device, which is outside the organization's firewall, remains protected on the transport layer until the BlackBerry Enterprise Server receives the message.
Standard encryption algorithms that the BlackBerry Enterprise Solution uses
Encryption type Description
Triple DES
AES
Triple DES and AES
default encryption method
uses the Triple DES algorithm to encrypt and decrypt all data that the BlackBerry® Enterprise Server and all BlackBerry devices on the BlackBerry Enterprise Server send between them
uses the AES algorithm to encrypt and decrypt all data that the BlackBerry Enterprise Server and all BlackBerry devices on the BlackBerry Enterprise Server send between them
designed to use a longer encryption key to provide a better combination of security and performance than Triple DES
designed to protect user data and encryption keys from traditional attacks and side-channel attacks
requires BlackBerry® Desktop Software version 4.0 or later and BlackBerry® Device Software version 4.0 or later
permits use of either the Triple DES algorithm or AES algorithm to encrypt and decrypt all data that the BlackBerry Enterprise Server and all BlackBerry devices on the BlackBerry Enterprise Server send between them
17
Administration Guide

Options for extending messaging security

Encryption type Description
uses Triple DES encryption on BlackBerry devices that do not support AES (BlackBerry devices that are running BlackBerry Device Software versions earlier than version 4.0)
by default, uses AES encryption on BlackBerry devices that support AES
Change the encryption type
1. In the BlackBerry® Manager, in the left pane, click a BlackBerry® Enterprise Server.
2. On the Server Configuration tab, click Edit Properties.
3. Click General.
4. In the Security section, click Encryption Algorithm.
5. In the drop-down list, select an encryption type.
6. Click OK.
After you finish: If you changed the encryption type, you must reactivate all of the BlackBerry devices in the BlackBerry Domain so that users can send and receive messages on their BlackBerry devices.
Related topics
Assigning BlackBerry devices to user accounts, 74
Options for extending messaging security
When a user sends a message from the BlackBerry® device, by default, the BlackBerry® Enterprise Server does not encrypt the message when it forwards the message to the message recipient. To extend the messaging security that standard BlackBerry encryption provides, the user must install additional secure messaging technology on the BlackBerry device, and you must set the BlackBerry device to use that secure messaging technology.
To offer an additional layer of messaging security between the sender and recipient of an email message or PIN message, you can turn on S/MIME technology or PGP® technology for BlackBerry devices. When you use either one of these technologies, you allow sender-to-recipient authentication and confidentiality. These technologies also help to maintain the integrity and privacy of the data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the message recipient decrypts and opens the message.
Protection of data using the PGP Support Package for BlackBerry devices
BlackBerry® devices that are running the PGP® Support Package for BlackBerry® devices can digitally sign, encrypt, or sign and encrypt data that they send to the BlackBerry® Enterprise Server.
18
Administration Guide
Options for extending messaging security
With supported versions of the PGP Support Package for BlackBerry devices installed, BlackBerry devices can receive PGP/ MIME format messages. With both the PGP Support Package for BlackBerry devices and the S/MIME Support Package for BlackBerry® devices installed and turned on, BlackBerry devices can download PGP® keys with attached S/MIME X.509 certificates from the PGP® Universal Server and use them in compliance with the PGP Universal Server secure email policy. The PGP Support Package for BlackBerry devices continues to support OpenPGP format messages.
For more information, see the PGP Support Package for BlackBerry Devices Security Technical Overview.
Prerequisites: Protecting data using the PGP Support Package for BlackBerry devices
Set the PGP® Universal Server Address IT policy rule in the IT policy that you assign to BlackBerry® device users.
Instruct the BlackBerry device users to install the PGP® Support Package for BlackBerry® devices on their BlackBerry devices and enroll with the PGP Universal Server so that the BlackBerry devices can process PGP messages.
Instruct the BlackBerry device users to enroll with PGP when the BlackBerry devices prompt them to.
Prerequisites: Protecting data using the S/MIME Support Package for BlackBerry devices
Turn on S/MIME message processing on the BlackBerry® Enterprise Server so that the BlackBerry Enterprise Server can process S/MIME messages.
Instruct BlackBerry® device users to install the S/MIME Support Package for BlackBerry devices on their BlackBerry devices so that the BlackBerry device can process S/MIME messages.
Instruct BlackBerry device users to add the Certificate Synchronization Manager to the BlackBerry® Desktop Manager so that the BlackBerry Desktop Manager can manage certificates for their BlackBerry devices.
Turn on support for processing S/MIME-protected messages on the BlackBerry Enterprise Server
1. In the BlackBerry® Manager, in the left pane, click Servers.
2. On the Server Configuration tab, click Edit Properties.
3. In the left pane, click Messaging.
4. In the Secure Messages section, click Enable S/MIME Message Processing.
5. In the drop-down list, click True.
6. Click OK.
How S/MIME-protected messages on BlackBerry devices discard appended disclaimers
If the S/MIME Support Package for BlackBerry® devices is installed on a BlackBerry device and turned on, the BlackBerry® Enterprise Server does not apply an appended disclaimer to S/MIME-protected messages that the user sends from the BlackBerry device. Digital signatures on S/MIME-protected messages that the BlackBerry device sends are not valid if disclaimers are appended to the messages.
19
Administration Guide
Define encryption options for S/MIME-protected messages
1. In the BlackBerry® Manager, in the left pane, click Servers.
2. On the Server Configuration tab, click Edit Properties.
3. In the left pane, click Messaging.
4. In the Secure Messages section, select the encryption options to include when processing S/MIME-protected messages.
5. Click OK.

Generating organization-specific encryption keys for PIN-to-PIN message encryption

Generating organization-specific encryption keys for PIN-to-PIN message encryption
By default, all BlackBerry® devices store a common peer-to-peer encryption key for protecting PIN-to-PIN messages. To limit the number of BlackBerry devices that can decrypt PIN messages that users in your organization send from their BlackBerry devices, you can generate a new peer-to-peer encryption key that is stored on and known only to BlackBerry devices in your organization. BlackBerry devices with an organization-specific peer-to-peer encryption key can send and receive PIN messages only with other BlackBerry devices that store the same peer-to-peer encryption key.
You should generate a new peer-to-peer encryption key if you know that your current organization-specific peer-to-peer encryption key is compromised.
Generate a new peer-to-peer encryption key
1. In the BlackBerry® Manager, in the left pane, click BlackBerry Domain.
2. On the Global tab, expand Service Control & Customization.
3. Click Update Peer-to-Peer Encryption Key.
4. Click Set or update the Peer-to-Peer encryption key for all devices within this organization.
5. Click Yes.

Authenticating the BlackBerry MDS Integration Service to the BlackBerry Manager and web services

After you install the BlackBerry® MDS Integration Service, you must install a digital certificate for the BlackBerry MDS Integration Service in the key store on the same computer. This certificate allows server-authenticated communication between the BlackBerry MDS Integration Service and the BlackBerry Manager.
20
Administration Guide
Authenticating the BlackBerry MDS Integration Service to the BlackBerry Manager and web services
You can install a self-signed certificate for the BlackBerry MDS Integration Service, or you can get a signed root certificate from a certificate authority and install it in the key store using the Java® keytool. You can replace the self-signed certificate with a signed root certificate at any time, but you should install the certificate that you want to use immediately after you install the BlackBerry MDS Integration Service and before you allow authentication with the BlackBerry Manager or web services using that certificate.
You can also export the certificate for the BlackBerry MDS Integration Service to allow client authentication with external web services.
For more information about using the Java keytool, visit java.sun.com/javase/6/docs/technotes/tools/windows/
keytool.html.
Allow the BlackBerry MDS Integration Service to communicate with the BlackBerry Manager
When the BlackBerry® Manager connects to the BlackBerry MDS Integration Service for the first time after installation, the BlackBerry Manager prompts you to view and install the BlackBerry MDS Integration Service self-signed certificate. This certificate allows server-authenticated communication between the BlackBerry MDS Integration Service and the BlackBerry Manager.
Before you begin: Perform this task immediately after you install the BlackBerry MDS Integration Service.
1. In the BlackBerry Manager, in the left pane, click a BlackBerry MDS Integration Service.
2. In the certificate installation dialog box, click View Certificate.
3. Review the certificate information.
4. Click Install Certificate.
5. Complete the instructions on the screen. Accept the default settings.
6. When prompted, click Cancel.
Allow client authentication between the BlackBerry MDS Integration Service and web services
The self-signed certificate for the BlackBerry® MDS Integration Service allows client authentication between the BlackBerry MDS Integration Service and web services hosts. If the BlackBerry® MDS Runtime Applications in your organization's environment use HTTPS to communicate with web servers to receive application data and application updates, you must export the certificate for the BlackBerry MDS Integration Service to the web services hosts. This allows BlackBerry MDS Runtime Applications that use web services to authenticate to the web services and access them.
Before you begin:
Contact your organization's application developers for information about the web services that the BlackBerry MDS Runtime Applications in your environment use.
If you replaced the self-signed certificate for the BlackBerry MDS Integration Service with a signed root certificate from a certificate authority, the web services must trust the root certificate authority to authenticate to the BlackBerry MDS Integration Service.
21
Administration Guide
Authenticating the BlackBerry MDS Integration Service to the BlackBerry Manager and web services
1. Using Microsoft® Internet Explorer®, export the self-signed certificate for the BlackBerry MDS Integration Service from the trusted root certificate authorities area of the computer's key store.
2. Send the self-signed certificate to the web services servers that the BlackBerry MDS Runtime Applications use.
3. Verify that the certificate is installed in the trusted key store of the web services servers.
After you finish:
If multiple BlackBerry MDS Integration Service servers are installed, export the certificate for each BlackBerry MDS Integration Service.
Allow BlackBerry MDS Runtime Applications to access web services using HTTPS.
22
Administration Guide

Setting up proxy servers for BlackBerry Enterprise Server components

Setting up proxy servers for BlackBerry Enterprise Server
3
components

Configuring certain BlackBerry Enterprise Server components to use proxy servers

You can configure the BlackBerry® MDS Connection Service, BlackBerry MDS Integration Service, and BlackBerry Collaboration Service to use proxy servers to access web addresses on the Internet and your organization's intranet. You should use a proxy method that is consistent with how other applications and servers in your organization access web content.
Since proxy servers typically do not permit traffic between servers on the same side of the firewall, you can configure certain BlackBerry® Enterprise Server components to use a .pac file, or to access the Internet directly through a proxy server. You can also configure multiple proxy servers to manage traffic to specific web addresses, and you can specify URLs that the BlackBerry Enterprise Server components can access without using a proxy server.
The BlackBerry MDS Integration Service sends application updates and data to BlackBerry devices through the BlackBerry MDS Connection Service. The BlackBerry MDS Integration Service can only accept and respond to messages that it receives from a direct connection with the BlackBerry MDS Connection Service. If you configured the BlackBerry MDS Connection Service to use a proxy server, you must configure proxy rules to allow a direct connection between the BlackBerry MDS Connection Service and the BlackBerry MDS Integration Service. You cannot use a proxy server to exchange data between these components of the BlackBerry Enterprise Server. If you use a .pac file configuration, you can change the .pac file to allow a direct connection between the BlackBerry MDS Connection Service and the BlackBerry MDS Integration Service.
Related topics
Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component, 27
Configure a BlackBerry Enterprise Server component to use a .pac file
You can configure the BlackBerry® MDS Connection Service, BlackBerry MDS Integration Service, or BlackBerry Collaboration Service to use a .pac file.
1. In the BlackBerry Manager, in the left pane, click a BlackBerry® Enterprise Server component.
2. On the appropriate tab for a BlackBerry Enterprise Server component, click Edit Properties.
3. In the left pane, click Proxy.
4. Double-click Proxy Mappings.
5. Click New.
6. Double-click Universal Resource Locator.
7. Type the URL regular expression that you want the proxy mapping rule to control.
8. Double-click Proxy String.
9. Click New.
23
Administration Guide
10. In the Proxy Type drop-down list, perform one of the following actions:
• To detect a .pac file automatically, click AUTO. Double-click the Proxy String field and delete the default values.
• To specify the location of the .pac file, click PAC. Double-click the Proxy String field and type the proxy server name,
port number, and location of the .pac file (for example, http://<ProxyServer>:<Port>/<PACFilePath>/ <PACFileName>).
11. Click OK.
Configuring certain BlackBerry Enterprise Server components to use proxy servers
Configure a BlackBerry Enterprise Server component to use a proxy server
You can configure the BlackBerry® MDS Connection Service, BlackBerry MDS Integration Service, or BlackBerry Collaboration Service to access web servers through a proxy server.
You can specify more than one proxy string in a proxy mapping rule for a web address. If the BlackBerry® Enterprise Server component cannot access the web server using the first proxy string, it tries to access the web server using the subsequent proxy strings that you typed, until it accesses the web server successfully.
1. In the BlackBerry Manager, in the left pane, click a BlackBerry Enterprise Server component.
2. On the appropriate tab for a BlackBerry Enterprise Server component, click Edit Properties.
3. In the left pane, click Proxy.
4. Click New.
5. In the Universal Resource Locator field, type the regular expression for the web address that you want the proxy mapping rule to control.
6. Double-click Proxy String.
7. Click New.
8. In the Proxy Type drop-down list, perform any of the following actions:
• To configure a proxy server, click PROXY. Double-click the Proxy String field and type the proxy server name and
port number.
• To exclude the web address from routing through the proxy server, click DIRECT. Double-click the Proxy String
field and delete the default value.
9. Click OK.
Configure a BlackBerry Enterprise Server component to authenticate to a proxy server on behalf of BlackBerry devices
You can configure the BlackBerry® MDS Connection Service, BlackBerry MDS Integration Service, or BlackBerry Collaboration Service to authenticate to a proxy server on behalf of BlackBerry devices.
1. In the BlackBerry Manager, in the left pane, click a BlackBerry® Enterprise Server component.
2. On the appropriate tab, click Edit Properties.
3. In the left pane, click Proxy.
24
Administration Guide
Configuring certain BlackBerry Enterprise Server components to use proxy servers
4. Double-click Proxy Mappings.
5. Click a URL.
6. Click Properties.
7. In the User Name field, type the user name that the BlackBerry Enterprise Server component can use to connect to the proxy server that is defined for the web address.
8. In the Password field, type the password for the user name.
9. In the Password (Confirmation) field, retype the password.
10. Click OK.
25
Administration Guide

Sharing BlackBerry Enterprise Server components

Sharing BlackBerry Enterprise Server components
4

Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component

To help make a BlackBerry® Domain more scalable, you can configure multiple BlackBerry® Enterprise Server instances to use the same BlackBerry MDS Connection Service, BlackBerry MDS Integration Service, or BlackBerry Collaboration Service. If a BlackBerry Domain contains a single BlackBerry Enterprise Server, all BlackBerry Enterprise Server components are associated with that BlackBerry Enterprise Server automatically.
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service
You can configure multiple BlackBerry® Enterprise Server instances to use the same central push server to transfer application data from BlackBerry devices, and to manage HTTP requests from the BlackBerry® Browser.
Before you begin: You must set a BlackBerry MDS Connection Service in your BlackBerry Domain as the central push server.
1. In the BlackBerry Manager, in the left pane, click BlackBerry Domain.
2. On the Global tab, click Service Control & Customization.
3. Click MDS CS to BES Mapping.
4. In the MDS CS to BES Mappings dialog box, in the left pane, click the BlackBerry MDS Connection Service that you have set as the central push server.
5. In the right pane, click the BlackBerry Enterprise Server instances that you want to use the central push server.
6. Click OK.
Related topics
Specifying a BlackBerry MDS Connection Service as the central push server, 61
27
Administration Guide
Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server
component
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Integration Service
You can configure multiple instances of the BlackBerry® Enterprise Server to use the same BlackBerry MDS Integration Service to send BlackBerry MDS Runtime Applications and updates to BlackBerry devices. By associating multiple instances of the BlackBerry Enterprise Server with a single BlackBerry MDS Integration Service, you can make the BlackBerry MDS Runtime Applications that are stored in a single BlackBerry MDS Application Repository available to users on multiple BlackBerry Enterprise Server instances.
Before you begin: You must configure server authentication between the BlackBerry MDS Integration Service and the BlackBerry Manager. Complete the instructions on the screen the first time that you click the BlackBerry MDS Integration Service.
1. In the BlackBerry Manager, in the left pane, click a BlackBerry Enterprise Server.
2. On the Server Configuration tab, click Edit Properties.
3. In the left pane, click MDS Integration Service.
4. Click BlackBerry MDS Integration Service Server URL.
5. In the drop-down list, click the BlackBerry MDS Integration Service that you want to assign to the BlackBerry Enterprise Server.
6. Click OK.
After you finish: Repeat this task for each BlackBerry Enterprise Server that you want to associate with the same BlackBerry MDS Integration Service.
Related topics
Allow the BlackBerry MDS Integration Service to communicate with the BlackBerry Manager, 21
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry Collaboration Service
You can configure multiple BlackBerry® Enterprise Server instances to use the same BlackBerry Collaboration Service to connect to your organization's instant messaging server, and to manage requests from the collaboration client that you use in your organization's BlackBerry Domain.
1. In the BlackBerry Manager, in the left pane, click BlackBerry Domain.
2. On the Global tab, click Service Control & Customization.
3. Click IM to BES Mapping.
4. In the IM to BES Mappings dialog box, in the left pane, click the BlackBerry Collaboration Service that you want multiple BlackBerry Enterprise Server instances to use.
5. In the right pane, select the BlackBerry Enterprise Server instances that you want to have use the BlackBerry Collaboration Service.
6. Click OK.
28
Loading...
+ 145 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use