Blackberry Enterprise Server Software Version 5.0.1 Essential Student Manual

BlackBerry Enterprise Server Software Version 5.0.
1 Essential
v1.0 | 716-02046-123 | 2009 Research In Motion Limited
BlackBerry Enterprise Server Software Version 5.0.1 Essential
2009 Research In Motion Limited. All rights reserved. BlackBerry, RIM, Research In Motion, SurePress, SureType and related trademarks, names and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. Apache Tomcat is a trademark of Apache Software Foundation. Bluetooth is a trademark of Bluetooth SIG. IBM, Lotus, and Domino are trademarks of International Business Machines Corporation. Java and JavaScript are trademarks of Sun Microsystems, Inc. Microsoft, Active Directory, ActiveX, Internet Explorer, Outlook, SQL Server, and Windows are trademarks of Microsoft Corporation. RSA SecurID is a trademark of RSA Security. Wi-Fi is a trademark of the Wi-Fi Alliance. All other trademarks are the property of their respective owners. The BlackBerry smartphone and other devices and/or associated software are protected by copyright, international treaties, and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D445,428; D433,460; D416,256. Other patents are registered or pending in the U.S. and in various countries around the world. Visit www.rim.com/patents for a list of RIM (as hereinafter defined) patents. This documentation including all documentation incorporated by reference herein such as those provided or made available by hyperlink is provided or made accessible "AS IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation or warranty of any kind by Research In Motion Limited and its affiliated companies ("RIM") and RIM assumes no responsibility for any typographical, technical, or other inaccuracies, errors or omissions in this documentation. In order to protect RIM proprietary and confidential information and/or trade secrets, this documentation may describe some aspects of RIM technology in generalized terms. RIM reserves the right to periodically change information that is contained in this documentation; however, RIM makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all. This documentation might contain references to third-party sources of information, hardware or software, products or services including components and content such as content protected by copyright and/or third-party web sites (collectively the "Third Party Products and Services" ). RIM does not control, and is not responsible for, any Third Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Services in this documentation does not imply
716-02046-123 v1.0
2009 Research In Motion Limited
endorsement by RIM of the Third Party Products and Services or the third party in any way. EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NONINFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NONPERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL RIM BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH RIM PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF RIM PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES ,WHETHER OR NOT SUCH
716-02046-123 v1.0
DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, RIM SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY. THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B) TO RIM AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED RIM DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES AND INDEPENDENT CONTRACTORS. IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF RIM OR ANY AFFILIATES OF RIM HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION. Prior to subscribing for, installing or using any Third Party Products and Services it is your responsibility to ensure that your airtime service provider has agreed to support all of their features. Some airtime service providers may not offer Internet browsing functionality with a subscription to BlackBerry Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright or other licenses in order to avoid infringement or violation of third party rights. You are solely responsible for determining whether to use, Third Party Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with RIM's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations or warranties of any kind by RIM and RIM assumes no liability whatsoever, in relation thereto. Your use of Third
716-02046-123 v1.0
Party Products and Services shall be governed by and subject to you agreeing to the terms of separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or other agreement with RIM. Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server software, BlackBerry Desktop Software, and/or BlackBerry Device Software and may require additional development or Third Party Products and Services for access to corporate applications. This product includes software developed by the Apache Software Foundation (http://www.apache.org/) and/or licensed pursuant to Apache License, Version 2.0 (http://www.apache.org/licenses/). For more information, see the NOTICE.txt file included with the software. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. The terms of use of any RIM product or service are set out in a separate license or other agreement with RIM applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIES PROVIDED BY RIM FOR PORTIONS OF ANY RIM PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION. This training material was designed under the assumption that all required prerequisites are completed by participants before attending the session. The manual was designed to accompany a presentation delivered by a Research In Motion (RIM) recognized instructor. To avoid negatively impacting the quality of the learning experience, RIM recommends participants complete the prerequisites or that a presentation accompanies the manual.
716-02046-123 v1.0
Contents
Contents
Introducing the BlackBerry Enterprise Server............. 15
Architecture: BlackBerry Enterprise Solution ..................................... 16 Architecture: BlackBerry Enterprise Server..........................................17 Exercise: BlackBerry Enterprise Server architecture ..........................21 Process flow: Sending an email message to a BlackBerry smartphone over the wireless network ...................................................................... 23 Process flow: Sending an email message from a BlackBerry smartphone over the wireless network ................................................24 Process flow: Viewing an email message attachment on a BlackBerry smartphone ..............................................................................................25 Process flow: Sending calendar data to a BlackBerry smartphone over the wireless network ............................................................................... 27 Process flow: Sending calendar data from a BlackBerry smartphone over the wireless network ......................................................................28 Process flow: Starting an instant messaging session on a BlackBerry smartphone ..............................................................................................29 Process flow: Pushing content to a BlackBerry smartphone over the wireless network.......................................................................................31 Process flow: Pulling content to a BlackBerry smartphone over the wireless network...................................................................................... 32 Review: Process flows.............................................................................34
Introducing the BlackBerry Administration Service ................................ 37

Introducing the BlackBerry Administration Service ..........................38 Logging in to the BlackBerry Administration Service for the first time.......................................................................................39
BlackBerry Administration Service authentication options....................... 40
Lab: Log in to the BlackBerry Administration Service .....................42 Exploring the BlackBerry Administration Service ..............................43
BlackBerry solution management menu....................................................... 44 Devices menu.................................................................................................... 45 Servers and components menu ...................................................................... 45 Preferences menu............................................................................................. 46
716-02046-123 v1.0 2009 Research In Motion Limited 7
Contents
Lab: Exploring the BlackBerry Administration Service....................47 Lab: Exploring the Servers and components menu..........................48 Review questions .................................................................................... 49
Lab: Exploring the servers and components menu ..................................... 50 Review questions.............................................................................................. 50
Introducing roles............................................................... 51
Introducing roles .....................................................................................52 Overview: Creating and assigning roles..............................................53 Default roles.............................................................................................54 Exercise: Viewing default role privileges........................................... 64 Viewing and granting privileges ...........................................................65 Creating roles...........................................................................................67
Creating a new role.......................................................................................... 67 Copying an existing role.................................................................................. 67
Assigning a role to an administrator user account .............................71

Creating an administrator user account.........................................................71
Tips for working with roles..................................................................... 73 Lab: Create and assign roles................................................................74 Review questions ..................................................................................... 75 Answers..................................................................................................... 78
Managing user accounts.................................................. 81

Introducing groups..................................................................................82 Creating and managing groups ............................................................83
Creating a group............................................................................................... 83 Configuring group properties......................................................................... 84 Managing the group members........................................................................87
Tips for working with groups ................................................................ 89 Lab: Creating and configuring groups .............................................. 90 Overview: Adding and activating a user account............................... 91 Menu options for adding and managing user accounts in the BlackBerry Administration Service .......................................................92 Adding user accounts to the BlackBerry Enterprise Server ............. 94 Adding a user account by searching for the user...............................95 Adding a user from the directory..........................................................97
Manually updating user data in the BlackBerry Configuration Database.............................................................. 97
8 2009 Research In Motion Limited 716-02046-123 v1.0
Contents
Lab: Adding user accounts to the BlackBerry Enterprise Server ..................................................... 101 Adding multiple user accounts from a file ........................................ 102
Creating the .csv file .......................................................................................102 Importing new user accounts ........................................................................103
Lab: Importing user accounts using a .csv file................................106 Managing user accounts ...................................................................... 107 Lab: Managing user accounts............................................................. 110 Object reconciliation in the BlackBerry Administration Service ..... 111 Review questions .................................................................................... 113 Answers....................................................................................................116
Activating BlackBerry smartphones .............................119

BlackBerry smartphone activation methods ..................................... 120 Activating BlackBerry smartphones using the BlackBerry Administration Service .......................................................................... 121 Activating BlackBerry smartphones using BlackBerry Desktop Manager...................................................................................................122 Activating BlackBerry smartphones using BlackBerry Web Desktop Manager.................................................................................................. 124 Activating BlackBerry smartphones over the wireless network..... 126
Creating activation passwords ...................................................................... 128 Creating and customizing activation messages .........................................130
Activating BlackBerry smartphones over the enterprise Wi-Fi network..........................................................................................132 Lab: Activate BlackBerry smartphones ............................................ 134
Part 1.................................................................................................................. 134 Part 2 ................................................................................................................. 134
Review questions ................................................................................... 135 Answers....................................................................................................137
Troubleshooting issues with BlackBerry smartphone activation..........................................................................139

BlackBerry smartphone activation prerequisites ............................. 140 Data flow for the wired activation of a BlackBerry smartphone using the BlackBerry Administration Service .............................................. 142 Wireless enterprise activation data flow............................................ 145
Contents
BlackBerry Administration Service activation statistics.................. 155 Lab: Searching for activation statistics.............................................157 General troubleshooting reminders ................................................... 158 Exercise: Troubleshooting enterprise activation issues .................160 Review questions ................................................................................... 164 Answers...................................................................................................166
Troubleshooting enterprise activation issues .............................................166 Review questions............................................................................................ 169
Configuring messaging options ................................... 173

Configuring email message filters...................................................... 174
Exporting and importing email message filters.......................................... 177
Lab: Creating email message filters ................................................. 178 Mapping address book fields for synchronization and address book lookups.................................................................................................... 179 Managing wireless organizer data synchronization ......................... 181
Tips for troubleshooting wireless organizer data synchronization issues................................................................................................................. 183
Lab: Managing organizer data synchronization ............................. 185 Managing email message redirection................................................ 186
Tips for managing email message redirection............................................188
Lab: Managing email message redirection ..................................... 189 Managing wireless email message reconciliation............................190
Configuring wireless email message reconciliation ..................................190 Tips for troubleshooting wireless email message reconciliation issues.................................................................................................................192
Managing access to remote email message data ............................ 194 Managing email messages with HTML and rich content................196
Tips for managing email messages with HTML and rich content............197
Managing signatures and disclaimers ...............................................199

Tips for managing signatures and disclaimers ...........................................201
Lab: Creating disclaimers and signatures .......................................202 Managing folder synchronization.......................................................203 Review questions .................................................................................. 206
Configuring deployment jobs ...................................... 209

Introducing deployment jobs .............................................................. 210
Specify job schedule settings ........................................................................ 213
10
716-02046-123 v1.0
Contents
IT policy distribution settings ........................................................................ 213
Managing deployment jobs ................................................................. 216 Lab: Managing deployment jobs....................................................... 219 Review questions ...................................................................................220 Answers....................................................................................................221
Introducing IT policies ...................................................223

About IT policies ....................................................................................224
IT policy distribution ...................................................................................... 226
Creating IT policies ...............................................................................227

Creating a new IT policy.................................................................................227 Creating a new IT policy from an existing IT policy .................................. 228 Importing and exporting IT policy data ...................................................... 229
Assigning IT policies .............................................................................232

Assigning an IT policy to a group................................................................. 232 Assigning an IT policy to a user account .................................................... 233
Creating new IT policy rules to control third-party applications............................................................................................234 Lab: Creating and assigning IT policies ...........................................235 Resending IT policies ........................................................................... 236 Reconciliation rules for IT policies..................................................... 239 Exercise: Determine which IT policy is assigned to the user account.........................................................................242 Troubleshooting IT policy issues ........................................................ 245 Review questions ...................................................................................247 Answers.................................................................................................. 250
Managing software in the BlackBerry Administration Service............................................................................... 251

About software configurations............................................................252 Creating and sharing a network folder............................................. 254
Specifying the location of the shared network folder in the BlackBerry Administration Service .................................................................................. 254
Publishing applications to the application repository.................... 256 Creating software configurations .......................................................257
Creating a software configuration...............................................................259
Assigning software configurations.................................................... 262

Assigning a software configuration to a group ......................................... 262
Contents
Assigning a software configuration to multiple user accounts or a single user account.................................................................................................... 263
Lab: Creating software configurations............................................ 265 Reconciliation rules for software configurations ............................ 266 Exercise: Determine which software configuration is assigned to the user account.........................................................................270 Updating BlackBerry Device Software using the BlackBerry Administration Service .........................................................................272
Reconciliation rules for BlackBerry Device Software bundles ................ 274 Reconciliation rules for standard application settings............................. 275
Review questions ................................................................................... 277 Answers...................................................................................................279

Exercise: Determine which software configuration is assigned to the user account............................................................................................................. 279 Review questions............................................................................................ 279
Administering the BlackBerry Attachment Service.................................... 281

Configuring the BlackBerry Attachment Service .............................282
Changing BlackBerry Attachment Server settings ................................... 283 Changing BlackBerry Attachment Connector settings ............................ 286
Lab: Configuring the BlackBerry Attachment Service.................. 288 Review questions .................................................................................. 289 Answers.................................................................................................. 290
Administering the BlackBerry MDS Connection Service........................... 291

Introducing the BlackBerry MDS Connection Service.................... 292 Restricting BlackBerry smartphone user access to web content........................................................................................... 293
Restricting BlackBerry smartphone user access to content on web servers with pull rules.................................................................................................. 293 Restricting push applications from sending data to BlackBerry smartphones with push rules................................................................................................299
Lab: Creating pull and push rules.................................................... 306 Configuring a BlackBerry MDS Connection Service instance........307 Other BlackBerry MDS Connection Service options........................ 315 Review questions ....................................................................................317
12 2009 Research In Motion Limited 716-02046-123 v1.0
Contents
Answers................................................................................................... 319
Configuring BlackBerry Enterprise Server log file properties ......................................................................... 321

Managing log files in the BlackBerry Administration Service........322 Managing BlackBerry Enterprise Server component log file properties................................................................................................323 Managing BlackBerry MDS Connection Service log file properties............................................................................................... 326 Review questions ...................................................................................328 Answers.................................................................................................. 330
716-02046-123 v1.0
13
Contents
14
716-02046-123 v1.0
Introducing the BlackBerry Enterprise Server

Objectives
Describe the BlackBerry Enterprise Solution architecture Describe the BlackBerry Enterprise Server architecture Explain the functionality of the BlackBerry Enterprise Server components Explain the BlackBerry Enterprise Server process flows
716-02046-123 v1.0
2009 Research In Motion Limited 15
Architecture: BlackBerry Enterprise Solution

The BlackBerry Enterprise Solution is made up of the components and technologies that transfer data between an organization and its BlackBerry smartphone users using the BlackBerry Enterprise Server.
16
716-02046-123 v1.0
Architecture: BlackBerry Enterprise Server

The BlackBerry Enterprise Server is designed to be a highly secure link between an organization's existing infrastructure and BlackBerry smartphones.
Component
BlackBerry Administration Service
Description
The BlackBerry Administration Service is a web service that hosts the BlackBerry Administration Service console and BlackBerry Web Desktop Manager. The BlackBerry Administration Service provides the interface between the BlackBerry Monitoring Service and the BlackBerry Configuration Database. You can use the BlackBerry Administration Service to manage the BlackBerry Enterprise Server and users accounts.
BlackBerry Attachment Service
The BlackBerry Attachment Service converts supported attachments into a format that can be viewed on BlackBerry smartphones. The BlackBerry Attachment Service converts attachments for the BlackBerry Messaging Agent, the BlackBerry MDS Connection Service, and the BlackBerry Collaboration Service.
716-02046-123 v1.0
17
Component
BlackBerry Collaboration Service
Description
The BlackBerry Collaboration Service connects to an organization's instant messaging server to provide instant messaging on BlackBerry smartphones. The BlackBerry Collaboration Service supports the following collaboration clients: BlackBerry Client for use with Microsoft Office Live Communications Server 2005 BlackBerry Client for use with Microsoft Office Communications Server 2007 BlackBerry Client for IBM Lotus Sametime BlackBerry Client for Novell GroupWise Messenger
The BlackBerry Collaboration Service is an optional component. BlackBerry Configuration Database BlackBerry Controller The BlackBerry Configuration Database is a relational database that contains information used by the BlackBerry Enterprise Server. The BlackBerry Controller starts, monitors, and (if needed) restarts BlackBerry Enterprise Server components. The BlackBerry Dispatcher performs the following functions: Transfers data between BlackBerry Enterprise Server components Compresses and encrypts data that is sent to BlackBerry smartphones Decrypts and decompresses data received from BlackBerry smartphones Monitors and communicates the health of BlackBerry Enterprise Server components Starts the processing of BlackBerry smartphone users on the BlackBerry Messaging Agent
BlackBerry Dispatcher
18
716-02046-123 v1.0
Component
BlackBerry Mail Store Service
Description
The BlackBerry Mail Store Service connects to the messaging server to retrieve information from an organization's user directory and places that information in the BlackBerry Configuration Database. The BlackBerry Administration Service uses this information to manage user accounts. The BlackBerry MDS Connection Service processes requests for web content from the BlackBerry Browser or BlackBerry Java Applications on BlackBerry smartphones. The BlackBerry MDS Integration Service integrates BlackBerry MDS Runtime Applications and BlackBerry Browser Applications with BlackBerry smartphones. The BlackBerry MDS Integration Service is an optional component.
BlackBerry MDS Connection Service
BlackBerry MDS Integration Service
BlackBerry Messaging Agent
The BlackBerry Messaging Agent performs the following functions: Connects to the messaging server to provide email messaging, calendar management, address lookups, attachment viewing, and attachment downloading Allows the BlackBerry Synchronization Service to access organizer data on the messaging server Synchronizes configuration data between the BlackBerry Configuration Database and BlackBerry smartphone user mailboxes on the messaging server Monitors the BlackBerry state databases
BlackBerry Monitoring Service
The BlackBerry Monitoring Service collects SNMP data from BlackBerry Enterprise Server components. You can use the BlackBerry Monitoring Service to monitor and troubleshoot issues with your BlackBerry Enterprise Server. The BlackBerry Monitoring Service is an optional component.
716-02046-123 v1.0
19
Component
BlackBerry Policy Service
Description
The BlackBerry Policy Service sends IT policies, IT administration commands, service books, and encryption keys to BlackBerry smartphones. The BlackBerry Policy Service generates encryptions keys that are used by BlackBerry smartphones. The BlackBerry Router connects to the BlackBerry Dispatcher, the BlackBerry Infrastructure, and an organization's LAN to send data between the BlackBerry Enterprise Server and BlackBerry smartphones. The BlackBerry Synchronization Service synchronizes organizer data between BlackBerry smartphones and an organization's messaging server using the BlackBerry Messaging Agent. The BlackBerry Synchronization Service also synchronizes BlackBerry smartphone user data with the BlackBerry Configuration Database. BlackBerry Web Desktop Manager is a web application that allows BlackBerry smartphone users to manage their BlackBerry smartphones using Windows Internet Explorer instead of software installed on their computers. BlackBerry Web Desktop Manager is an optional component.
BlackBerry Router
BlackBerry Synchronization Service
BlackBerry Web Desktop Manager
20
716-02046-123 v1.0
Exercise: BlackBerry Enterprise Server architecture

Plazmic Inc., an organization with 1500 employees, is considering installing a BlackBerry Enterprise Server. In addition to the main functionality of the BlackBerry Enterprise Server, the management of Plazmic Inc. would like to be able to do the following: Monitor the BlackBerry Enterprise Server Allow BlackBerry smartphone users to manage their BlackBerry smartphones using Windows Internet Explorer
1.
List the BlackBerry Enterprise Server components that you need to install to meet the needs of Plazmic Inc.
716-02046-123 v1.0
21
2.
List and describe the functionality of the BlackBerry Enterprise Server components that you do not need to install for Plazmic Inc.
22
716-02046-123 v1.0
Process flow: Sending an email message to a BlackBerry smartphone over the wireless network
1. 2. 3.
An email message arrives in a BlackBerry smartphone user's mailbox on the messaging server. The BlackBerry Messaging Agent retrieves the email message from the messaging server. The BlackBerry Messaging Agent checks the email message filters to determine whether the email message can be forwarded to the BlackBerry smartphone. The BlackBerry Messaging Agent sends the email message to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the email message and sends it to the BlackBerry Router. The BlackBerry Router sends the email message to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the email message to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone sends a delivery confirmation to the BlackBerry Messaging Agent. The BlackBerry smartphone decrypts and decompresses the email message.
4. 5. 6. 7. 8. 9.
716-02046-123 v1.0
23
Process flow: Sending an email message from a BlackBerry smartphone over the wireless network
1. 2.
A BlackBerry smartphone user sends an email message from a BlackBerry smartphone. The BlackBerry smartphone compresses and encrypts the email message and sends it to the BlackBerry Infrastructure over wireless network. The BlackBerry Infrastructure sends the email message to the BlackBerry Router through the firewall. The BlackBerry Router sends the email message to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the email message and sends the email message to the BlackBerry Messaging Agent. The BlackBerry Messaging Agent sends the email message to the messaging server. The messaging server sends the email message to the recipient and places a copy of the email message in the Sent Items folder of the BlackBerry smartphone user's email application.
3. 4. 5.
6. 7.
24
716-02046-123 v1.0
Process flow: Viewing an email message attachment on a BlackBerry smartphone
1.
A BlackBerry smartphone user clicks the Open Attachment menu item on a BlackBerry smartphone to request the attachment. The BlackBerry smartphone compresses and encrypts the attachment request, and sends it to the BlackBerry Infrastructure over the wireless network. The BlackBerry Infrastructure sends the attachment request to the BlackBerry Router through the firewall. The BlackBerry Router sends the attachment request to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the attachment request and sends it to the BlackBerry Messaging Agent. The BlackBerry Messaging Agent sends the attachment request to the BlackBerry Attachment Service. The BlackBerry Attachment Service retrieves the attachment from the messaging server using the BlackBerry Messaging Agent. The BlackBerry Attachment Service coverts the attachment to a format that can be viewed on the BlackBerry smartphone. The BlackBerry Attachment Service sends the attachment to the BlackBerry Messaging Agent. The BlackBerry Messaging Agent sends the attachment to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the attachment and sends it to the BlackBerry Router. The BlackBerry Router sends the attachment to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the attachment to the BlackBerry smartphone over the wireless network.
2.
3. 4. 5.
6. 7.
8. 9. 10. 11. 12.
716-02046-123 v1.0
25
13. 14.
The BlackBerry smartphone sends a delivery confirmation to the BlackBerry Messaging Agent. The BlackBerry smartphone decrypts, decompresses, and displays the attachment.
26
716-02046-123 v1.0
Process flow: Sending calendar data to a BlackBerry smartphone over the wireless network
1. 2. 3. 4. 5. 6. 7. 8.
Calendar data is created or updated on the messaging server. The BlackBerry Messaging Agent retrieves the calendar data from the messaging server. The BlackBerry Messaging Agent sends the calendar data to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the calendar data and sends it to the BlackBerry Router. The BlackBerry Router sends the calendar data to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the calendar data to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone sends a delivery confirmation to the BlackBerry Messaging Agent. The BlackBerry smartphone decrypts and decompresses the calendar data and updates the Calendar application.
716-02046-123 v1.0
27
Process flow: Sending calendar data from a BlackBerry smartphone over the wireless network
1. 2.
A BlackBerry smartphone user creates or updates calendar data on a BlackBerry smartphone. The BlackBerry smartphone compresses and encrypts the calendar data and sends it to the BlackBerry Infrastructure over the wireless network. The BlackBerry Infrastructure sends the calendar data to the BlackBerry Router through the firewall. The BlackBerry Router sends the calendar data to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the calendar data and sends it to the BlackBerry Messaging Agent. The BlackBerry Messaging Agent creates or updates the calendar data on the messaging server.
3. 4. 5.
6.
28
716-02046-123 v1.0
Process flow: Starting an instant messaging session on a BlackBerry smartphone
1. 2.
A BlackBerry smartphone user logs in to a collaboration client on a BlackBerry smartphone. The BlackBerry smartphone compresses and encrypts the user name and password and sends them to the BlackBerry Infrastructure over the wireless network. The BlackBerry Infrastructure sends the user name and password to the BlackBerry Router through the firewall. The BlackBerry Router sends the user name and password to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the user name and password, and sends them to the BlackBerry Collaboration Service. The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to determine whether the maximum number of instant messaging sessions has been reached and whether the BlackBerry smartphone user has permission to use the collaboration client. The BlackBerry Collaboration Service authenticates the BlackBerry smartphone user on the instant messaging server, and sends the login request to the instant messaging server. The instant messaging server accepts the request, processes the user name and password, opens the instant messaging session, and sends the acceptance to the BlackBerry Collaboration Service. The BlackBerry Collaboration Service sends the acceptance to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the acceptance and sends it to the BlackBerry Router. The BlackBerry Router sends the acceptance to the BlackBerry Infrastructure through the firewall.
3. 4. 5.
6.
7.
8.
9. 10. 11.
716-02046-123 v1.0
29
12. 13.
The BlackBerry Infrastructure sends the acceptance to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone decrypts and decompresses the acceptance and starts the instant messaging session.
30
716-02046-123 v1.0
Process flow: Pushing content to a BlackBerry smartphone over the wireless network
1. 2.
The BlackBerry MDS Connection Service receives a push content request. The BlackBerry MDS Connection Service checks the BlackBerry Configuration Database to determine whether the push request is allowed. The BlackBerry MDS Connection Service converts the content to a format that can be viewed on the BlackBerry smartphone and sends the content to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the content and sends it to the BlackBerry Router. The BlackBerry Router sends the content to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the content to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone sends a delivery confirmation to the BlackBerry MDS Connection Service. The BlackBerry smartphone decrypts, decompresses, and displays it on the content.
3.
4. 5. 6. 7. 8.
716-02046-123 v1.0
31
Process flow: Pulling content to a BlackBerry smartphone over the wireless network
1. 2.
A BlackBerry smartphone user requests content using the BlackBerry Browser on a BlackBerry smartphone. The BlackBerry smartphone compresses and encrypts the content request and sends it to the BlackBerry Infrastructure over the wireless network. The BlackBerry Infrastructure sends the content request to the BlackBerry Router through the firewall. The BlackBerry Router sends the content request to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the content request, and sends it to the BlackBerry MDS Connection Service. The BlackBerry MDS Connection Service checks the BlackBerry Configuration Database to determine whether the BlackBerry smartphone user has permission to request content. The BlackBerry MDS Connection Service retrieves the content from the content server, and converts the content to a format that can be viewed on the BlackBerry smartphone. The BlackBerry MDS Connection Service sends the content to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the content and sends it to the BlackBerry Router. The BlackBerry Router sends the content to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the content to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone sends a delivery confirmation to the BlackBerry MDS Connection Service.
3. 4. 5.
6.
7.
8. 9. 10. 11. 12.
32
716-02046-123 v1.0
13.
The BlackBerry smartphone decrypts, decompresses, and displays the content using the BlackBerry Browser.
716-02046-123 v1.0
33
Review: Process flows

Identify the following process flows, label the missing components, and list the steps of the process flow. 1. Process flow:
34
716-02046-123 v1.0
2.
Process flow:
716-02046-123 v1.0
35
3.
Process flow:
36
716-02046-123 v1.0
Introducing the BlackBerry Administration Service

Objectives
Describe the purpose of the BlackBerry Administration Service Describe the steps to log in to the BlackBerry Administration Service for the first time Describe the BlackBerry Administration Service authentication options Describe the main areas of the BlackBerry Administration Service
716-02046-123 v1.0

The BlackBerry Administration Service is a web-based application that manages the BlackBerry Enterprise Server. For example, administrators can use the BlackBerry Administration Service to do the following: Create and manage user accounts Create and manage groups Create and manage roles Create and manage software configurations and IT policies Configure security options, proxy servers, and high availability settings Manage and activate BlackBerry smartphones
38
716-02046-123 v1.0
Logging in to the BlackBerry Administration Service for the first time

An administrator can open the BlackBerry Administration Service in Microsoft Internet Explorer on any computer that has access to the computer that hosts the BlackBerry Administration Service by using the following web address: https://<servername>/webconsole/login where <servername> is the server name of the BlackBerry Administration Service. After the BlackBerry Administration Service has been installed, the administrator must log in using the password created during the installation. After user accounts have been created and roles are assigned in the BlackBerry Administration Service, other administrators can log in to the BlackBerry Administration Service using their specific login credentials.
716-02046-123 v1.0
39
BlackBerry Administration Service authentication options

Administrators can log in to the BlackBerry Administration Service using one of the following authentication methods:
Authentication method
Description
Active Directory
Administrators can log in to the BlackBerry Administration Service using their Windows credentials.
Microsoft Exchange Server

Authentication is delegated to Microsoft Active Directory If an organizations environment includes a resource forest that is dedicated to running its Microsoft Exchange Servers, administrators can configure the BlackBerry Administration Service to use Microsoft Active Directory authentication to log in BlackBerry smartphone users that have user accounts that are located in trusted account forests. Refer to the BlackBerry Enterprise Server for Microsoft Exchange Administration Guide for details. Organizations using IBM Lotus Dominocan also use Microsoft Active Directory authentication. The option to use Microsoft Active Directory must be selected during the BlackBerry Enterprise Server installation. Refer to the BlackBerry Enterprise Server Installation Guide for details.
40
716-02046-123 v1.0
Authentication method
Description
An administrators login credentials are created in the BlackBerry Administration Service and are stored in an encrypted format in the BlackBerry Configuration Database.
Domino mailbox
IBM Lotus Domino

Administrators can log in to the BlackBerry Administration Service using the same credentials that are stored on and used to access the organization's messaging server. Messaging server access is implemented using DIIOP directly in BlackBerry Administration Service Application Server
The browser used to access the BlackBerry Administration Service must allow Microsoft ActiveX controls.
Tip
716-02046-123 v1.0
41
Lab: Log in to the BlackBerry Administration Service

You are the security administrator for Plazmic Inc. and have just completed an installation of the BlackBerry Administration Service. You must now log in to the BlackBerry Administration Service.
Tasks:
1. 2. 3. Using the login information provided by your instructor, log in to the BlackBerry Administration Service. Configure the browser to allow Microsoft ActiveX controls. Add the web address of the BlackBerry Administration Service to the list of trusted web sites, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer.
42
716-02046-123 v1.0
Exploring the BlackBerry Administration Service

The BlackBerry Administration Service consists of the following main areas:
716-02046-123 v1.0
43
BlackBerry solution management menu

Create and manage user accounts. Create and manage groups. Create and manage roles.
Create and manage software configurations, BlackBerry Device Software configurations, and application control policies.
Create and manage IT policies.
Create and manage WLAN, VPN, and VoIP configuration sets. Create and manage administrator user accounts.
44
716-02046-123 v1.0
Devices menu
View information on attached BlackBerry smartphones.
Schedule and manage deployment jobs.
View and manage BlackBerry smartphone activations.
Servers and components menu
View and configure BlackBerry Enterprise Server instances in the BlackBerry Domain. View and configure BlackBerry Enterprise Server components in the BlackBerry Domain.
View and configure high availability for the BlackBerry Enterprise Server.
716-02046-123 v1.0
45
Preferences menu
View and manage an administrators profile and password.
46
716-02046-123 v1.0
Lab: Exploring the BlackBerry Administration Service

Tasks
1. From the Home screen, click on each of the menu options and familiarize yourself with these screens.
716-02046-123 v1.0
47
Lab: Exploring the Servers and components menu

Tasks
1. Change the minimum password length to log in to the BlackBerry Administration Service from 4 characters to 6 characters. Hint: Look at the BlackBerry Administration Service component. Create a friendly name for the BlackBerry Enterprise Server called Plazmic Main. Create a friendly name for the Email component called Plazmic Main Email.
2. 3.
48
716-02046-123 v1.0
Review questions
1. List three tasks that administrators can perform using the BlackBerry Administration Service.
2.
What is the web address to access the BlackBerry Administration Service?
3.
What are the authentication method options for logging in to the BlackBerry Administration Service?
4.
List the command categories available from the BlackBerry Administration Service Home screen.
716-02046-123 v1.0
49
Answers
Answers
Lab: Exploring the servers and components menu
1. On the Servers and components menu, expand BlackBerry Domain. Click BlackBerry Administration Service and click Edit instance. On the Component information tab, change the value of the Minimum password length field. On the Servers and components menu, expand BlackBerry Domain. Expand BlackBerry Enterprise Server, click on a BlackBerry Enterprise Server instance name, and click Edit instance. On the Instance information tab, type a name in the Friendly name field. On the Servers and components menu, expand BlackBerry Domain. Expand Email, click on an email instance name, and click Edit instance. On the Instance information tab, type a name in the Friendly name field.
2.
3.
Review questions
1. Any three of the following: 2. Add new user accounts Assign user accounts to groups Create and manage roles Create and manage administrator user accounts Create and manage software configurations and IT policies Configure security options, proxy servers, and high availability settings Manage and activate BlackBerry smartphones
https://<servername>/webconsole/login, where <servername> is the server name of the BlackBerry Administration Service Microsoft Exchange: BlackBerry Administration Service or Active Directory IBM Lotus Domino: BlackBerry Administration Service, Active Directory, or Domino mailbox
3.
4.
User, Group, Policy, Software configurations, Applications, Servers and components
50
716-02046-123 v1.0
Introducing roles
Objectives
Discuss the purpose of roles Identify tips for working with roles List and describe the default roles Summarize the classifications of role privileges Describe how to create a custom role in the BlackBerry Administration Service Describe how to create an administrator user in the BlackBerry Administration Service Describe how to assign a role to an administrator user in the BlackBerry Administration Service
716-02046-123 v1.0
Introducing roles
Introducing roles
After an administrator has logged in to the BlackBerry Administration Service for the first time, the administrator can begin to create new roles. These roles control what information other administrators can view and which tasks they can perform in the BlackBerry Administration Service and BlackBerry Monitoring Service. Roles are designed to help an organization do the following: Reduce the security risks associated with allowing all administrators to have access to all administrative tasks. Define different types of administrators to better distribute job responsibilities. Increase efficiency by limiting accessible options to job responsibilities so administrators can quickly find options in the BlackBerry Administration Service.
52
716-02046-123 v1.0
Introducing roles
Overview: Creating and assigning roles

Administrators can create and assign roles using the following process:
Create a new role with all privileges turned off and make necessary changes.
OR
Create a role that is based on an existing role and make necessary changes.
OR
Use one of the default roles. Create an administrator user account and assign the role to the administrator user account. Provide the administrator with the login information.
Perform any other administration.

- Add the administrator to a group. - Assign additional roles to administrator user accounts.
Discussion:
When creating a role, in what circumstances would an administrator choose each of the following methods to create a role? Create a new role Create a role based on an existing role
716-02046-123 v1.0
53
Introducing roles
Default roles
The following default roles are available to use in the BlackBerry Administration Service: Privileges are organized into the following categories:
Category
Role information User and device
Description
The name and description of the role Privileges related to administering BlackBerry smartphones and BlackBerry smartphone users, including Viewing and managing groups Adding and deleting user accounts Viewing and managing IT policies and software configurations Activating BlackBerry smartphones
54
716-02046-123 v1.0
Introducing roles
Category
Topology
Description
Privileges related to BlackBerry Enterprise Server instance and component management, including Viewing and managing BlackBerry Enterprise Server instances and components Managing BlackBerry Enterprise Server instance relationships Managing deployment jobs Updating peer-to-peer encryption keys
BlackBerry Administration Service setup
Privileges related to role management, including Viewing and managing roles Sending messages across groups
Organizations
Privileges applied across the organization, including Viewing and managing groups across the organization Adding and removing roles across the organization Viewing and managing BlackBerry smartphones across the organization
Miscellaneous
Privileges related to monitoring, including Viewing and managing monitoring settings
716-02046-123 v1.0
55
Introducing roles
The default roles have the following privileges assigned to them. If necessary, these privileges can be modified. Monitoring View x x
716-02046-123 v1.0
Senior Helpdesk
Junior Helpdesk
Server only
User and device tab Create a group Delete a group View a group Edit a group Create a user Delete a user View a user Edit a user View a device Edit a device View device activation settings Edit device activation settings Create an IT policy Delete an IT policy View an IT policy Edit an IT policy Import an IT policy x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x
x x x x x
x x x x x x x
x x x x x
56
Monitoring
Enterprise
User only
Security
Introducing roles
Export an IT policy Create a userdefined IT policy template Delete a userdefined IT policy template Resend data to devices Edit a userdefined IT policy template Import an IT policy template Create a software configuration View a software configuration Edit a software configuration Delete a software configuration Create an application View an application Edit an application
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x x
x x x
x x x
x x x
x x x x x
x x x
716-02046-123 v1.0
Monitoring View
57
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Delete an application Create an administrator user Add or remove to user configuration Export asset summary data Import or export users Export statistics Import user updates Assign the current device to a user Specify an activation password Turn off and on external services Generate an activation email Clear synchronization backup data Clear user statistics
x x
x x
x x
x x x x x
x x x x x x x x
x x x x x
x x
x x
x x
x x
58
716-02046-123 v1.0
Monitoring View
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Reset user field mapping Turn on redirection Turn off redirection Add user from company directory Import new users Refresh available user list from company directory Import or export email message filters for a user Topology tab View a server Edit a server View a component Edit a component View an instance Edit an instance Change the status of an instance
x x x x
x x x x
x x x x
x x x x
x x
x x x
x x x x x x x
x x x x x x x
x x x x x x x
716-02046-123 v1.0
Monitoring View
59
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Edit an instance relationship View a job Edit a job View default distribution settings for a job Edit default distribution settings for a job Update peerto-peer encryption key Manage deployment job tasks Change the status of a job task Delete an instance Edit license keys View license keys Clear instance statistics Import or export email filters
x x x x
x x x x
x x x x
x x x x x
x x x x x
x x x x x
60
716-02046-123 v1.0
Monitoring View
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Export certificate signature request Import new server certificate Clear statistics for a BlackBerry MDS Connection Service instance View rules for the BlackBerry MDS Connection Service
BlackBerry Administration Service setup tab Send message Create a role Delete a role View a role Edit a role Add and remove a role View BlackBerry Administration Service software management x x x x x x x x x x x x x x x x x
716-02046-123 v1.0
Monitoring View
61
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Edit BlackBerry Administration Service software management Import or export groups within roles Organizations tab View a group across organizations Edit a group across organizations Add and remove a role across organizations View a device across organizations Edit a device across organizations Assign the current device to a user across organizations Miscellaneous tab Edit BlackBerry Enterprise Server internal timers
62
716-02046-123 v1.0
Monitoring View
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Register an event notification Create an event notification View BlackBerry Monitoring Service information Edit BlackBerry Monitoring Service settings x x x
716-02046-123 v1.0
Monitoring View
63
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Exercise: Viewing default role privileges

For the listed default roles, use the privileges table on the previous pages as a reference and specify whether the listed privilege is set to Granted or No Access.
Privilege
Create a user Delete a user Create a software configuration View a server Create a role Specify an activation password
Security Administrator
Junior Helpdesk Administrator
User Only Administrator
64
716-02046-123 v1.0
Introducing roles
Viewing and granting privileges

Administrators with the following privileges granted can make changes to roles or can create custom roles and specify privileges for these custom roles. By default, administrators assigned to the Security Administrator role are the only administrators with privileges to create or make changes to roles.
716-02046-123 v1.0
65
Introducing roles
Roles can be created so that assigned administrators can only administer a defined list of groups. The following example shows some of these settings on the User and device tab.
This role can only view groups listed here.
Groups have not yet been defined for this privilege.
This role can view all user accounts in all groups.
Tips
If an administrator adds a new group after listed groups have been defined, the new group will have to be added as a listed group. Administrators can add groups using the import and export group list feature.
66
716-02046-123 v1.0
Introducing roles
Creating roles
Administrators can create new roles or manage existing roles from the BlackBerry solution management menu in the BlackBerry Administration Service.
Creating a new role

Administrators can create new roles if the existing default roles do not meet an organizations requirements. By default, when an administrator creates a role, all privileges are turned off.
Type the name of the role.
Type a description for the role.
Copying an existing role

Administrators can save time by copying an existing role and making changes to it.
Example: Copying the Security Administrator role to create a custom role

To create a custom role called Plazmic Senior Admin that is based on the Security Administrator default role, complete the following steps:
716-02046-123 v1.0
67
Introducing roles
1. 2.
In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Role. Click Manage roles.
3.
Click Security Administrator.
4.
Click Copy role.
5.
In the Role information section, type the following: Name: Plazmic Senior Admin
68
716-02046-123 v1.0
Introducing roles
Description: All privileges except topology changes
6. 7. 8. 9.
Click Copy role. Click View role list. From the list, click Plazmic Senior Admin. Click Edit Role.
716-02046-123 v1.0
69
Introducing roles
10.
On the Topology tab, change the following privileges:
11.
Click Save all.
Discussion: Why was the Plazmic Senior Admin role copied from the Security Administrator role?
70
716-02046-123 v1.0
Introducing roles
Assigning a role to an administrator user account

Administrators can create new administrator users or manage existing administrator user accounts from the BlackBerry solution management menu in the BlackBerry Administration Service.
Creating an administrator user account
When an administrator adds an administrator user account, the added administrator user is not enabled as a BlackBerry smartphone user. An administrator user can be enabled as a BlackBerry smartphone user after the administrator user account has been created.
716-02046-123 v1.0
71
Introducing roles
72
716-02046-123 v1.0
Introducing roles
Tips for working with roles

An organization can also decide to assign roles to groups. This allows the organization to manage role privileges more efficiently at a group level instead of at an individual level. Multiple roles can be assigned to an administrator user account. The administrator user account inherits all of the privileges granted for each role. For example, an administrator user account that is assigned both the Server Only Administrator and the Monitoring System Administrator roles inherits all of the privileges, including group scoping privileges, of both roles.
716-02046-123 v1.0
73
Introducing roles
Lab: Create and assign roles

As a Security Administrator for Plazmic Inc., you have determined that the following administrator roles must be created.
Role
Plazmic Senior Admin
Directions
Create permissions based on the example explained in Example: Copying the Security Administrator role to create a custom role on page 67. Copy the Junior Helpdesk Administrator role. Allow all privileges on the User and device tab. Create a new role. Allow the following privileges: View device activation settings Edit device activation settings Specify an activation password Generate an activation email
Plazmic Junior Admin Activation Administrator
The following administrator user accounts must be created:
Administrator
Jeanette deBoer Jovanka Buac Lisa Perry Karla Tetzel Julie Palmer Enrico Antonucci Sherisse Da Silva
Assigned role
Security Administrator Plazmic Senior Admin Plazmic Junior Admin Plazmic Junior Admin Plazmic Junior Admin Activation Administrator Activation Administrator
Tasks
1. 2. Create the roles. Create the administrator user accounts and assign the appropriate roles to the new administrator user accounts. Use BlackBerry Administration Service as the authentication method.
74
716-02046-123 v1.0
Introducing roles
Review questions
1. You have a meeting with the Chief Technology Officer of Plazmic Inc. to discuss the advantages of implementing administrative roles in the BlackBerry Administration Service. What advantages would you present?
2.
True or false? Multiple roles can be assigned to a single administrator.
3.
For each of the default roles list below, provide a description of the role. Role Enterprise Administrator Description
716-02046-123 v1.0
75
Introducing roles
Role Monitoring System Administrator
Description
Monitoring View Administrator
Senior Helpdesk Administrator
Server Only Administrator
76
716-02046-123 v1.0
Introducing roles
4.
Describe two ways to create a custom role.
5.
Describe the authentication method choices when creating an administrator user account in the BlackBerry Administration Service.
6.
Find the privilege that must be granted to be able to perform each of the following tasks: Make changes to the Plazmic Senior Admin role. View deployment jobs. Assign an IT policy. Send a message to a group.
716-02046-123 v1.0
77
Introducing roles
Answers
Exercise: Viewing default role privileges
For the listed default roles, use the privileges table on the previous pages as a reference and specify whether the listed privilege is set to Granted or No Access.
Permission
Create a user Delete a user Create a software configuraton View a server Create a role Specify an activation password
Granted Grated Granted Granted Granted Granted

No access No access No access No access No access Granted

Granted Granted Granted No access No access Granted
Review questions
1. Roles are designed to help an organization do the following: Reduce the security risks associated with allowing all administrators to have access to all administrative tasks Define different types of administrators to better distribute job responsibilities Increase efficiency by limiting accessible options to job responsibilities so administrators can quickly find options in the BlackBerry Administration Service
2. 3.
True. For each of the default roles list below, provide a description of the role. Role Enterprise Administrator Junior Helpdesk Administrator Description All privileges are granted, except can only view role assignments. Privileges granted for basic administrative tasks.
78
716-02046-123 v1.0
Introducing roles
Role Monitoring System Administrator Monitoring View Administrator Security Administrator Senior Helpdesk Administrator Server Only Administrator User Only Administrator
Description Privileges granted to configure and manage monitoring jobs. Privileges granted for viewing monitoring information. All privileges granted. Privileges granted for intermediate type tasks. Privileges granted for managing system resources. Privileges granted for managing user accounts.
4. 5.
An administrator can create a new role based on an existing role or create a brand new role.
Authentication type Active Directory
Description The administrator must log in to the BlackBerry Administration Service using the same credentials as Microsoft Active Directory. The administrator must log in to the BlackBerry Administration Service using the credentials specified on the Create an administrator user screen.
6.
The following privileges must be granted to be able to perform the corresponding task: Edit a role on the BlackBerry Administration Service setup tab. View a job on the Topology tab. Edit a user (across Group) on the User and device tab. Send message (across Group) on the BlackBerry Administration Service setup tab.
716-02046-123 v1.0
79
Introducing roles
80
716-02046-123 v1.0
Managing user accounts

Objectives
Discuss the purpose of groups Describe how to create a group Explain how to add a user account to a group Describe the group property tabs Summarize the steps to add and activate a user account Describe how to add user accounts to the BlackBerry Enterprise Server Describe how to manually update the user directory in the BlackBerry Administration Service Describe the menu options for managing user accounts Explain the purpose of object reconciliation in the BlackBerry Administration Service
716-02046-123 v1.0
Introducing groups
A group is a collection of related BlackBerry smartphone users who share commonly configured properties. Administering BlackBerry smartphone users as a group is more efficient than administering individual BlackBerry smartphone users because properties can be set, applied, or changed simultaneously for all members of the group. User assigned objects override any group assigned objects.
Note
Discussion: Discuss best practices for creating groups
82
716-02046-123 v1.0
Creating and managing groups

Administrators can add new groups or manage existing groups from the Home screen or from the BlackBerry solution management menu in the BlackBerry Administration Service.
Creating a group
To create a group, an administrator must click Create group from the Home screen or from the BlackBerry solution management menu.
716-02046-123 v1.0
83
Configuring group properties

To begin configuring group properties, an administrator must click Manage group and choose the group to manage.
After administrators create a group, they can specify properties for the group. The Group information tab displays the name of the group and the optional description.
84
716-02046-123 v1.0
Administrators can add groups as a member of another group to create a parent and child group relationship. The properties of the parent group are inherited by the user accounts in the child groups.
Child groups tab
Select the child group and click Add. The selected group inherits all of the properties of the parent group.
Administrators can also assign roles to groups. The members of the group inherit the administrative privileges of that role.
Roles tab
Select the role and click Add. The administrative privileges are applied to the group.
716-02046-123 v1.0
85
After software configurations have been created, administrators can assign these software configurations to groups.
Software configuration tab
Select the software configuration and click Add. The software configuration is assigned to the selected group.
Administrators can assign IT policies to groups.
Policies tab
Select an IT policy in the drop-down list. The IT policy is assigned to the selected group.
86
716-02046-123 v1.0
Managing the group members

Administrators can add new group members, view current group members, or remove group members from the group.
Menu options for managing group members.
After user accounts have been added to a group, an administrator can view the following information about group members.
Direct members are members of the selected group. Indirect members are members of an associated child group.
716-02046-123 v1.0
87
Administrators can move user accounts to different groups. This is performed from the Manage users menu.
The selected user account is currently assigned to the groups listed here. List of available groups. Options for managing group membership.
88
716-02046-123 v1.0
Tips for working with groups

When a user account is added to a group, the group properties are automatically pushed to the assigned BlackBerry smartphone. User accounts can be assigned to more than one group. Objects assigned to user accounts take precedence over objects assigned to groups.
716-02046-123 v1.0
89
Lab: Creating and configuring groups

You have been asked to create and manage user groups for Plazmic Inc.
Tasks
1. 2. 3. 4. Create a group called Legal. Create a group called Executives. Create a group called Senior Executives. Make the Senior Executives group a child group of the Executives group.
90
716-02046-123 v1.0
Overview: Adding and activating a user account

To add and activate a BlackBerry smartphone user on the BlackBerry Enterprise Server, the following must occur:
1. A new user requires a BlackBerry smartphone.
2. Verify that the user has been added to the messaging server.
3. Verify with the wireless service provider that the BlackBerry smartphone has been provisioned for use with a BlackBerry Enterprise Server. 4. Add the BlackBerry smartphone user to the BlackBerry Enterprise Server and activate the BlackBerry smartphone.
5. Once the activation is complete, the BlackBerry smartphone user can send and receive email messages on the BlackBerry smartphone.
716-02046-123 v1.0
91
Menu options for adding and managing user accounts in the BlackBerry Administration Service
Administrators can add new user accounts or manage existing user accounts from the Home screen or from the BlackBerry solution management menu in the BlackBerry Administration Service. Before an administrator can add a user account to the BlackBerry Enterprise Server, the user account must already exist on the organizations messaging server.
Caution
.
92
716-02046-123 v1.0
716-02046-123 v1.0
93
Adding user accounts to the BlackBerry Enterprise Server

To begin adding a user account, the administrator must click Create user.
The administrator can now add a user account using one of the following methods: Add a user account by searching for a user Add a user from the user directory Import new users from a .csv file
94
716-02046-123 v1.0
Adding a user account by searching for the user

When adding user accounts, administrators can search for a user account or click Search without specifying any search criteria to view all available user accounts. The user must already exist on the messaging server and the user information must also exist in the BlackBerry Configuration Database.
Define search criteria to display specific user accounts.
To view all available user accounts, click Search without specifying any search criteria.
716-02046-123 v1.0
95
After the user has been located, the administrator can perform the following steps:
If applicable, select a BlackBerry Enterprise Server instance
If applicable, assign the user account to a group.
Select an activation option.
The administrator must choose one of the three following methods to set up an activation password: Create an activation password manually. Generate an activation password randomly. Create the user account without an activation password.
If an activation password is not set, a BlackBerry smartphone can be assigned to the user account and activated later.
Tip
96
716-02046-123 v1.0
Adding a user from the directory

Every 24 hours, the BlackBerry Mail Store Service reads tables in the directory and copies the data to the BlackBerry Configuration Database. Users recently added to the messaging server do not immediately appear in the available user list until the users information has been copied to the BlackBerry Configuration Database. Although this process is automatic, it can also be manually started through the BlackBerry Administration Service.
User directory
eiqatoatuaqiotutr nifoahtroigonro shjfkfgjaogihoaihgoiehroiagkgpo skfnaogknaoighaoigaoehgikagoia akgnaokgjaoigokagiahdgoahgoa angkjagjklajdgoajgdoajgajglka naoghnoaidhgoiadjgoiajdgoiaj najgnoagnoaijgopaisgjoapjioa aijgoiajgdiopajgpoagpoapgojag ankgoangoakjgoiajgoijaopdgjapg
BlackBerry Mail Store Service
BlackBerry Configuration Database
The time for this data replication to complete can vary depending on network latency and how close on the network the BlackBerry Configuration Database is to the BlackBerry Mail Store Service. By default, the BlackBerry Administration Service refreshes the list of available user accounts at 4:00AM daily.
Manually updating user data in the BlackBerry Configuration Database

Instead of waiting for an automatic update, there may be instances where administrators must manually start an update to the BlackBerry Configuration Database in the BlackBerry Administration Service. Administrators can choose to update the entire available user list or add a single user. For example, if administrators cannot locate user accounts that they want to add in the BlackBerry Administration Service, they should first check that the user messaging server account exists on the messaging server. If the user accounts have been added to the messaging server recently, administrators can manually refresh the entire available user list in the BlackBerry Administration Service.
716-02046-123 v1.0
97
Updating the entire available user list

To update the entire available user list, the administrator must first click the Email component in the BlackBerry Administration Service.
After clicking the Email component, the administrator must click Refresh available list from company directory.
The amount of time that the BlackBerry Administration Service requires to refresh the user list depends on the size of the user directory.
Note
98
716-02046-123 v1.0
Adding a single user

Instead of updating the entire user list, an administrator can add a single user. To add a single user, an administrator must first click Create a user from the BlackBerry solution management menu.
The administrator can now add a single user by clicking Add user from company directory.
Click Add user from company directory to add the user account from the directory.
716-02046-123 v1.0
99
Next the administrator must type the users email address and click Add user from company directory.
Type the email address, in SMTP format, of the user account to add.
Click Add user from company directory.
Once the user is located, the administrator can click Create a BlackBerry Enabled User and perform the following functions:
100
716-02046-123 v1.0
Lab: Adding user accounts to the BlackBerry Enterprise Server

Plazmic Inc. has asked you to add the following new user accounts to the BlackBerry Enterprise Server: Andrew Paterson Sheena Raj James Lambier Elliot Fung Marc Gervais Hitoshi Hishikura Add the user accounts to the BlackBerry Enterprise Server, but do not create activation passwords.
Tasks
1.
716-02046-123 v1.0
101
Adding multiple user accounts from a file

Administrators can add multiple user accounts by importing a .csv file that contains a list of user accounts and the required information to activate the user accounts on a BlackBerry Enterprise Server.
Creating the .csv file

Administrators can create the .csv file using a text editor application. When creating this file, the administrator must consider the following requirements: The file must be saved with the .csv extension. Use a seperate line for each user account entry. Each user account entry must use the same fields. The fields must be separated by a comma and appear in the following sequence: Email Address , SRP ID , Group Names , Activation Password Operation , Activation Password , Activation Password Expiry
Field Heading
Email Address
Descriptions
Email address associated with the user account
Specifics
Required field This email address must exist on the messaging server Optional field Specify an empty value to indicate a manual assignment to the BlackBerry Enterprise Server by the administrator
SRP ID
SRP ID string
Group Names
One or more group names that is to be assigned to the user account
Optional field Specify multiple group names by separating the group names with a semicolon
102
716-02046-123 v1.0
Field Heading
Activation Password Operation
Descriptions
Method in which activation password is assigned
Specifics
Required field generate : indicates a systemgenerated activation password specify : indicates an activation password that is specified by the administrator none: indicates that no activation password will be assigned to the user
Activation Password Activation Password Expiry
Activation password value Activation password expiry time in hours
Required field if Activation Password Operation is set to specify Required field if Activation Password Operation is set to specify or generate
Importing new user accounts

To add a single user, an administrator must first click Create a user from the BlackBerry solution management menu.
716-02046-123 v1.0
103
Administrators must now click Import new users.
Click Import new users.
Administrators can now navigate to the .csv file and add the user accounts.
Click Browse and navigate to the .csv file that contains the user accounts to import.
Click Continue.
The BlackBerry Administration Service imports data in the order that it appears in the .csv file. If an error occurs while importing data (for example, data is incorrectly formatted in the .csv file), the BlackBerry Administration Service continues to import the remaining data that is included in the file and displays an error message for the data that the BlackBerry Administration Service could not import. Importing data can take a long time (more than 30 minutes) to complete if more than 2000 user accounts are added.
104
716-02046-123 v1.0
If you have not specified a BlackBerry Enterprise Server instance, group, or activation password, you must provide this information to complete the process of creating user accounts.
Note
716-02046-123 v1.0
105
Lab: Importing user accounts using a .csv file

You have been asked to create a .csv file with the following information: Mika Ilvonen email address: milvonen@cdlab.cso.labs.rim.net group: Legal Nicole Lavigne email address: nlavigne@cdlab.cso.labs.rim.net group: Legal Greg Stark email address: gstark@cdlab.cso.labs.rim.net group: Executive Lou Sicoli email address: lsicoli@cdlab.cso.labs.rim.net group: Executive
Tasks
1. 2. 3. Create a .csv file with the following information: User name, email address, group name Save the file as PlazmicUsers.csv. Import the user accounts.
106
716-02046-123 v1.0

After adding a user account to the BlackBerry Enterprise Server, an administrator can configure the user account. To begin, the administrator must click Manage users and then click on the user account to configure.
Administrators can change the following information:
User account property tabs User account information
Menu options for managing user accounts
716-02046-123 v1.0
107
Managing user account properties

Administrators can change the properties on the user account property tabs.
Administrators can only view and change properties that are granted for their roles.
Note
Moving user accounts

Administrators can move user accounts from one BlackBerry Enterprise Server instance to another BlackBerry Enterprise Server instance in the same BlackBerry Domain.
Deleting and disabling user accounts

Administrators can delete or disable user accounts from the BlackBerry Enterprise Server but retain the information in the BlackBerry smartphone users mailboxes. When administrators retain the information, they can add the user account again later with the same settings. To remove the user account from the BlackBerry Configuration Database, an administrator uses the Delete user command.
To keep the user account in the BlackBerry Configuration Database but disable the user account as a BlackBerry smartphone user, an administrator uses the Disable as BlackBerry user command.
To delete or disable a user account and also remove the information in the BlackBerry smartphone users mailbox, administrators use one of the following commands: BlackBerry Enterprise Server for Microsoft Exchange:
108
716-02046-123 v1.0
BlackBerry Enterprise Server for IBM Lotus Domino:
Reloading user accounts

If an administrator moves a hidden mailbox that does not appear in the user directory, the administrator must update the user account manually on the BlackBerry Enterprise Server.
716-02046-123 v1.0
109
Lab: Managing user accounts

Tasks
1. James Lambier is on a six month leave. Disable his user account but do not remove the information from his mailbox so his user account can be added when he returns. Change Greg Starks display name to Greg Stark Jr. Reload Mika Ilvonens user account information.
2. 3.
110
716-02046-123 v1.0
Object reconciliation in the BlackBerry Administration Service

Reconciliation is the process of determining which objects are resolved to user accounts. Reconciliation is necessary because of the possible conflicts that can occur when user accounts belong to multiple groups or when groups belong to multiple groups. Depending on the operation, reconciliation can occur for a single user account, a group, a group with child groups, or all user accounts. For example, when a new IT policy is assigned to a single user account, reconciliation occurs for that user account only. However, if an administrator changes an IT policys priority level, reconciliation must occur for all user accounts with an assigned BlackBerry smartphone. Reconciliation is a background activity and there are various administrative actions that cause reconciliation to occur, including Adding or removing a user account to or from a group Adding or removing a group to or from another group Assigning or unassigning an IT policy or software configuration to or from a group Changing the ranking of IT policies Deleting an IT policy or software configuration
Administrators can view resolved objects. For example, the following screenshot shows the option to view resolved IT policies:
716-02046-123 v1.0
111
An administrator can view all pending reconciliation event counts to see if reconciliation is complete or still running. This menu option appears in the Deployment jobs section.
The following screenshot shows that there are no pending reconciliation events:
112
716-02046-123 v1.0
Review questions
1. True or false? User accounts must exist on an organizations messaging server before they can be added to the BlackBerry Enterprise Server.
2.
Administrators access the Create a user link from which two areas in the BlackBerry Administration Service?
3.
True or False? An activation password must be created when a user account is created.
4.
List two ways to manually update the user list in the BlackBerry Administration Service, and describe why an administrator may have to manually update the user list.
716-02046-123 v1.0
113
5.
Describe how an administrator would move a user account from one BlackBerry Enterprise Server instance to another BlackBerry Enterprise Server instance.
6.
When is it necessary for an administrator to reload a user account?
7.
What is the benefit of organizing user accounts into groups?
8.
True or false? Administrators access the Create a group link from the Manage users screen
114
716-02046-123 v1.0
9.
Are user accounts added to groups using the Create a group link or using the Manage groups link?
10.
List and describe the functions that an administrator can perform on the group property tabs.
11.
What is reconciliation and why is it necessary?
716-02046-123 v1.0
115
Answers
1. 2. 3. 4. True. The Home screen and the BlackBerry solution management menu. False. The user list can be manually updated in the following two ways: From the Email component, an administrator can click Refresh available user list from company directory. When creating a user account, an administrator can click Add user from company directory.
User accounts recently added to the messaging server do not appear in the BlackBerry Administration Service until they are copied to the BlackBerry Configuration Database. 5. 1. 2. 3. 6. Click Manage users. Search for the user account to move Click Switch BlackBerry user to different BlackBerry Enterprise Server.
If an administrator moves a hidden mailbox that does not appear in the user directory, the administrator must manually reload the user account information. Grouping BlackBerry smartphone users allows administrators to set, apply, or change properties simultaneously. False. User accounts can be added from both locations.
7.
8. 9. 10.
Tab
Group information Child groups Roles
Description
Change the name of the group and the description. Add or remove child groups to or from the parent group. Assign roles to groups.
116
716-02046-123 v1.0
Tab
Software configuration Policies 11.
Description
Assign software configurations to groups. Assign IT policies to groups.
Reconciliation is the process of determining which objects apply to user accounts. Reconciliation is necessary because of the possible conflicts that can occur when user accounts belong to multiple groups or when groups belong to multiple groups.
716-02046-123 v1.0
117
118
716-02046-123 v1.0
Activating BlackBerry smartphones

Objectives
Summarize five ways to activate BlackBerry smartphones on a BlackBerry Enterprise Server Discuss the benefits and limitations of each activation method Summarize the four stages of the wireless enterprise activation process Describe how to create a wireless activation password Describe how to create and customize a wireless activation message
716-02046-123 v1.0
BlackBerry smartphone activation methods

Administrators can activate BlackBerry smartphones on a BlackBerry Enterprise Server using one of the following methods:
Using the BlackBerry Administration Service BlackBerry smartphones can be activated by connecting them to a port on a computer that can access the BlackBerry Administration Service and assigning the BlackBerry smartphones to users. Using BlackBerry Desktop Manager BlackBerry smartphone users can activate their own BlackBerry smartphones by connecting them to a port on their computers and running BlackBerry Desktop Manager. Using BlackBerry Web Desktop Manager BlackBerry smartphone users can activate their own BlackBerry smartphones by creating their own wireless activation passwords or by connecting their BlackBerry smartphones to a port on a computer that is running BlackBerry Web Desktop Manager. Over the wireless network BlackBerry smartphone users can activate their own BlackBerry smartphones on the BlackBerry Enterprise Server without a physical network connection. Over the enterprise Wi-Fi network BlackBerry smartphone users can activate their own BlackBerry smartphones on the BlackBerry Enterprise Server using the enterprise Wi-Fi network.
120
716-02046-123 v1.0
Activating BlackBerry smartphones using the BlackBerry Administration Service

The process for activating BlackBerry smartphones using the BlackBerry Administration Service is as follows:
The administrator connects the BlackBerry smartphone to a computer that can access the BlackBerry Administration Service. Under Devices in the BlackBerry Administration Service, the administrator associates the BlackBerry smartphone with a user account.
Benefits and limitations

Benefits
Provides control over the initial BlackBerry smartphone activation and organizer data synchronization processes Uses the serial or USB connection to transfer the initial organizer data from the computer to the BlackBerry smartphone Any application or BlackBerry Device Software bundle that is specified for wired deployment can be installed after reconciliation occurs
Limitations
Limits the number of simultaneous activations based on the number of USB ports on the computer Computer must be on a network and accessible to the BlackBerry Administration Service
716-02046-123 v1.0
121
Activating BlackBerry smartphones using BlackBerry Desktop Manager

To allow BlackBerry smartphone users to control the initial activation of BlackBerry smartphones, they can connect their BlackBerry smartphones to a port on their computers. The computers must have BlackBerry Desktop Software installed and BlackBerry Desktop Manager must be open to complete the activation process. The process for activating BlackBerry smartphones using BlackBerry Desktop Manager is as follows:
122
716-02046-123 v1.0

Benefits
Provides control over the initial BlackBerry smartphone activation and organizer data synchronization processes Any application or BlackBerry Device Software bundle that is specified for wired deployment can be installed after reconciliation occurs Uses the serial or USB connection to transfer the initial organizer data from the computer to the BlackBerry smartphone Allows BlackBerry smartphone user involvement
Limitations
Requires BlackBerry smartphone users to have BlackBerry Desktop Manager installed on their computers Requires the BlackBerry smartphone users computer to be connected to the network and be able to access the messaging server and the BlackBerry Enterprise Server
716-02046-123 v1.0
123
Activating BlackBerry smartphones using BlackBerry Web Desktop Manager

BlackBerry Web Desktop Manager is a web-based version of BlackBerry Desktop Manager. It allows BlackBerry smartphone users to manage and configure their BlackBerry smartphones to receive messages, in addition to performing a variety of maintenance-related tasks. BlackBerry Web Desktop Manager is specifically designed for organizations that would prefer not to deploy and install BlackBerry Desktop Software on all or some of their BlackBerry smartphone users computers. The process for activating BlackBerry smartphones using the BlackBerry Web Desktop Manager is as follows:
124
716-02046-123 v1.0

Benefits
Eliminates many overhead costs typically associated with deploying, supporting, and maintaining new releases of BlackBerry Desktop Software Allows an administrator to display, hide, or specify limitations for BlackBerry Web Desktop Manager Allows BlackBerry smartphone users to set their own activation passwords Allows for more BlackBerry smartphone user involvement
Limitations
Computer must be on a network and accessible to the BlackBerry Web Desktop Manager
716-02046-123 v1.0
125
Activating BlackBerry smartphones over the wireless network

The wireless enterprise activation feature allows a BlackBerry smartphone user to activate a BlackBerry smartphone on the BlackBerry Enterprise Server without a physical network connection. To activate a BlackBerry smartphone over the wireless network, administrators must generate an activation password and then communicate it to the BlackBerry smartphone user.
126
716-02046-123 v1.0
The process for activating BlackBerry smartphones over the wireless network is as follows:
Stage 1: Activation
The administrator adds a BlackBerry smartphone user to the BlackBerry Enterprise Server and sets an enterprise activation password in the BlackBerry Administration Service.
On the Enterprise Activation screen on the BlackBerry smartphone, the BlackBerry smartphone user types the email address and enterprise activation password provided by the administrator.
The BlackBerry smartphone generates an ETP.DAT message and sends it over the wireless network to the BlackBerry smartphone user's mailbox.
Stage 2: Encryption verification
4
Stage 3: Receiving services
The BlackBerry Enterprise Server verifies that the activation password is correct and then generates a new permanent encryption key and sends it to the BlackBerry smartphone.
The BlackBerry Policy Service receives a request to generate service books and then sends out an IT policy update to the BlackBerry smartphone.
Stage 4: Slow synchronization
Data is transferred between the BlackBerry smartphone and the BlackBerry smartphone user's mailbox or the BlackBerry Enterprise Server. Slow synchronization includes the following tasks:
716-02046-123 v1.0
127

Benefits
BlackBerry smartphone users can activate BlackBerry smartphones without connecting them to a computer Allows an administrator to activate multiple BlackBerry smartphones at the same time Allows BlackBerry smartphone users to activate their BlackBerry smartphones while away from their computers
Limitations
Requires adequate signal strength and signal quality to transfer the initial organizer data to BlackBerry smartphones over the wireless network
Creating activation passwords

Administrators can choose one of the following methods for creating an activation password:
Method
Manual activation password generation (Shared Secret method)
Description
Administrators specify an activation password. The BlackBerry smartphone user receives the activation information verbally so the BlackBerry smartphone user can activate the BlackBerry smartphone. Administrators can set a timeout period for the activation password. If the BlackBerry smartphone user does not activate the BlackBerry smartphone within that time period, the administrator must generate a new password. The administrator automatically generates an activation password in the BlackBerry Administration Service and sends it to the BlackBerry smartphone users email account on the messaging server. The BlackBerry smartphone user activates the BlackBerry smartphone using the information and the activationpassword contained in the email message.
Automatic activation password generation
128
716-02046-123 v1.0
Administrators can send activation passwords to a single BlackBerry smartphone user or to multiple BlackBerry smartphone users.
Click Manage users.
Click on a user account to send an activation password to a single BlackBerry smartphone user.
Click Manage multiple users to send activation passwords to multiple BlackBerry smartphone users.
After selecting a user account or multiple user accounts, the administrator can choose one of the following options:
Manually create an activation password and send an activation email message. Automatically generate an activation password and send an activation email message.
716-02046-123 v1.0
129
If the administrator selects Create a user with activation password, the following screen appears:
The administrator can specify the activation password and the number of hours before the password expires.
Creating and customizing activation messages

Administrators can create custom activation messages. For example, an activation message can include troubleshooting information. To customize an activation message, the administrator must click Device activation settings.
130
716-02046-123 v1.0
The following activation settings can be customized:
716-02046-123 v1.0
131
Activating BlackBerry smartphones over the enterprise Wi-Fi network

BlackBerry smartphone users can activate Wi-Fi enabled BlackBerry smartphones over an enterprise Wi-Fi network. To activate BlackBerry smartphones over the enterprise Wi-Fi network, the administrator must configure the BlackBerry Router as an SMTP client, which is also known as a Mail User Agent. As an SMTP client, the BlackBerry Router communicates with an SMTP server, which sends the ETP.DAT message to the BlackBerry smartphone user. The ETP.DAT message is the email message that the BlackBerry Router sends to the BlackBerry smartphone users mailbox during the activation process. The process for activating BlackBerry smartphones over the enterprise Wi-Fi network is as follows:
The administrator installs and configures a dedicated BlackBerry Router for activating BlackBerry smartphones over a Wi-Fi network. The administrator creates an activation password on the BlackBerry Enterprise Server for each BlackBerry smartphone user. The administrator provides the BlackBerry user with the activation password, credentials required for connection to the wireless access point, and BlackBerry Enterprise Server access information.
132
716-02046-123 v1.0

Benefits
Allows BlackBerry smartphone users to activate BlackBerry smartphones without attaching them to a computer Allows an administrator to activate multiple BlackBerry smartphones at the same time Allows BlackBerry smartphone users to activate their BlackBerry smartphones while away from their computers Allows BlackBerry smartphone users to wirelessly activate over their LAN without incurring wireless data charges and without connecting their BlackBerry smartphones to their computers
Limitations
Requires Wi-Fi connectivity information to be populated correctly on the BlackBerry smartphone prior to performing this type of activation Requires that wireless service providers allow this form of activation
716-02046-123 v1.0
133
Lab: Activate BlackBerry smartphones

Part 1
Julie Palmer has just started a new job at Plazmic Inc. and requires a BlackBerry smartphone.
Tasks
1. 2. Add Julie Palmer to the BlackBerry Enterprise Server. Activate a BlackBerry smartphone for Julie Palmer using the BlackBerry Administration Service.
Part 2
Nicole Lavigne requires a new BlackBerry smartphone but is out of the country. She has purchased a new BlackBerry smartphone and now requires that you activate it for her.
Tasks
1. 2. Determine what information you require in order to activate her BlackBerry smartphone over the wireless network. Prepare to activate Nicole Lavignes BlackBerry smartphone over the wireless network by setting the following criteria: Customize the activation message to say the following: Welcome to Plazmic Inc.! Please contact me if you have any issues with your activation. The BlackBerry Administration Service should create the activation password for you. Set the activation password expiration to 24 hours.
134
716-02046-123 v1.0
Review questions
1. Place an x in the box beneath the features of the corresponding BlackBerry smartphone activation method.
Large quantity of Wireless BlackBerry activation of smartphones Serial bypass BlackBerry activated at smartphones the same time
Using BlackBerry Administration Service Using BlackBerry Desktop Manager Using BlackBerry Web Desktop Manager Over the wireless network Over the enterprise Wi-Fi network 2.
Does not require BlackBerry smartphone user involvement
Match the wireless activation stage with its definition. 1. 2. 3. 4. Activation Encryption verification Receiving services Slow synchronization
a.
The BlackBerry Enterprise Server verifies that the activation password is correct and generates a new permanent encryption key. Data is transferred between the BlackBerry smartphone and the BlackBerry smartphone users mailbox or the BlackBerry Enterprise Server.
b.
716-02046-123 v1.0
135
c.
The BlackBerry Policy Service receives a request to generate service books and sends out an IT policy update. The BlackBerry smartphone user is added to the BlackBerry Enterprise Server and the enterprise activation password is created. The BlackBerry smartphone user types an email address and the enterprise activation password on the BlackBerry smartphone and the BlackBerry smartphone generates an ETP.DAT message.
d.
3.
List the options available for creating a wireless activation password.
136
716-02046-123 v1.0
Answers
1. Place an x in the box beneath the features of the corresponding BlackBerry smartphone activation method.
Large quantity of Wireless BlackBerry activation of Serial smartphones BlackBerry bypass activated at smartphones the same time
Using BlackBerry Administration Service Using BlackBerry Desktop Manager Using BlackBerry Web Desktop Manager Over the wireless network Over the enterprise Wi-Fi network 2. x x
Does not require BlackBerry smartphone user involvement

x
x x
x x
x x
Match the wireless activation stage with its definition. 1. 2. 3. 4. Activation: d Encryption verification: a Receiving services: c Slow synchronization: b
3.
Manual activation password generation or automatic password generation.
716-02046-123 v1.0
137
138
716-02046-123 v1.0
Troubleshooting issues with BlackBerry smartphone activation

Objectives
List activation prerequisites Describe the data flow for the wired activation of a BlackBerry smartphone using the BlackBerry Administration Service Describe data flow for a wireless activation Identify and resolve issues that can occur during the four stages of the wireless enterprise activation process Describe where to view activation statistics in the BlackBerry Administration Service Describe how to search for specific activation statistics Identify four possible states of activation listed in the Status field of the View activations screen Identify each of the possible activation statistics listed in the Description field of the View activations screen List general troubleshooting tips to consider when resolving enterprise activation issues
716-02046-123 v1.0
BlackBerry smartphone activation prerequisites

When troubleshooting issues with the activation process, administrators should make sure that the following prerequisites have been met. If these prerequisites have been met, administrators can eliminate incomplete prerequisites as a potential cause for an issue.
Item
Email messaging system
Description
The email messaging system must be fully functional. BlackBerry smartphone users must be able to send and receive external SMTP email messages using their email applications. This includes a proper mail exchange record in DNS and the appropriate ports opened in the firewall. External email message delay should be less than ten minutes. The spam filter should not be blocking or modifying .dat attachments. The BlackBerry smartphone user must know the following information: The work email address The enterprise activation password
BlackBerry smartphone user information
Wireless service provider Wireless network coverage (if using the wireless enterprise activation process)
To activate a BlackBerry smartphone, the BlackBerry smartphone must be provisioned by the wireless service provider for enterprise service. The wireless transceiver on the BlackBerry smartphone must be turned on. The BlackBerry smartphone must be in an area with sufficient wireless network coverage. This means that the wireless coverage level indicator shows one of the following identifiers: GPRS, EDGE, MIKE, NXTL, 1X-EV, 1X-EVDO, WLAN. The BlackBerry smartphone user must have an account on the BlackBerry Enterprise Server.
BlackBerry Enterprise Server
140
716-02046-123 v1.0
Item
BlackBerry smartphone
Description
BlackBerry smartphones based on Java must be running BlackBerry Device Software 4.0 or later. BlackBerry smartphones based on C++ must be running BlackBerry Device Software 2.7a or later. If using serial bypass, port 4101 must be open.
Organizations network
716-02046-123 v1.0
141
Data flow for the wired activation of a BlackBerry smartphone using the BlackBerry Administration Service
The following scenario outlines the data flow when activating a BlackBerry smartphone using the BlackBerry Administration Service.
JavaScript in HTML page
1
BlackBerry Administration Service viewed through Microsoft Internet Explorer
11
12
Microsoft ActiveX control
13 4 10
9 8

BlackBerry Controller
14 5
BlackBerry Administration Service BlackBerry Policy Service BlackBerry Synchronization Service BlackBerry Messaging Agent
15
BlackBerry Dispatcher BlackBerry Router
142
716-02046-123 v1.0
1. 2. 3. 4.
The JavaScript client requests BlackBerry smartphone PIN and capability information from the BlackBerry smartphone. The Microsoft ActiveX control receives the capability information from the BlackBerry smartphone. The JavaScript client receives the capability information and PIN from the Microsoft ActiveX control. The JavaScript client makes an SSL call to the BlackBerry Administration Service, providing the capability data and the PIN. The BlackBerry Administration Service starts the "Begin Wireline Activation" call. The BlackBerry Administration Service makes the necessary remote procedure call to the BlackBerry Messaging Agent, and generates a new master encryption key. The BlackBerry Messaging Agent sends the encryption key data to the BlackBerry Configuration Database. If using Microsoft Exchange, the BlackBerry Messaging Agent also sends the encryption key data to the BlackBerry smartphone users mailbox. If using IBM Lotus Domino, the BlackBerry Messaging Agent also sends the encryption key data to the BlackBerry profiles database.
5. 6.
7.
Note
8. The BlackBerry Administration Service retrieves the necessary data from the BlackBerry Configuration Database and constructs the service book and IT policy packets. Service book and IT policy packets are returned to the BlackBerry Administration Service. The BlackBerry Administration Service returns the service book and IT policy packets to the JavaScript client. The JavaScript client calls the Microsoft ActiveX control with the IT policy packets and the service book data, requesting that these be stored on the BlackBerry smartphone. The Microsoft ActiveX control stores the IT policy and service book data on the BlackBerry smartphone. Upon successful storage, the JavaScript client makes a second SSL call to the BlackBerry Administration Service, stating that the encryption key data was successfully installed on the BlackBerry smartphone.
9. 10. 11.
12. 13.
716-02046-123 v1.0
143
14. 15.
The BlackBerry Administration Service starts the "Complete Wireline Activation" call. The BlackBerry Administration Service makes the necessary remote procedure call to the BlackBerry Messaging Agent and starts the slow synchronization process on the BlackBerry smartphone.
144
716-02046-123 v1.0
Wireless enterprise activation data flow

The following scenario outlines the data flow when activating a BlackBerry smartphone over the wireless network.
erry Administration Service d through Microsoft Internet Explorer

9
BlackBerry Synchronization Service BlackBerry Policy Service BlackBerry Administration Service
14
BlackBerry Controller
13 12
11 10 3 2
8
Instant messaging server BlackBerry Messaging 7 Agent BlackBerry Attachment Service BlackBerry MDS Connection Service BlackBerry Dispatcher BlackBerry Router
6
Microsoft Exchange Server
Application server
716-02046-123 v1.0
145
Stage 1 Activation
1. A BlackBerry smartphone user is added to the BlackBerry Enterprise Server and an activation password is created.
Points of failure
Administrator, BlackBerry Messaging Agent, BlackBerry Configuration Database.
Symptom Cause Resolution
An administrator is unable to add the BlackBerry smartphone user to the BlackBerry Enterprise Server. An error has occurred. Please contact your System Administrator appears on the BlackBerry smartphone.
BlackBerry smartphone user data cannot be written to the BlackBerry Configuration Database due to a full transaction log. An activation password was not created. The activation password was not applied correctly.
Back up the BlackBerry Configuration Database or increase the size if needed. For additional information on how to perform this task, refer to the BlackBery Technical Solution Center at www.blackberry.com/support.
Create an activation password. Confirm that the correct activation password is listed in the BlackBerry smartphone user's properties. If the password is not present, verify that the Microsoft SQL Server permissions are correct. Make sure that there are no network connectivity issues on the Microsoft SQL Server, and then confirm that the correct MDAC version is being used.
2.
The BlackBerry smartphone user types the email address and activation password on the Enterprise Activation screen on the BlackBerry smartphone.
146
716-02046-123 v1.0
Points of failure
BlackBerry smartphone user, BlackBerry smartphone
An error has occurred. Please contact your System Administrator appears on the BlackBerry smartphone.
The BlackBerry smartphone user has typed an incorrect password on the Enterprise Activation screen.
The activation ETP.DAT email message has reached the BlackBerry smartphone users mailbox and the BlackBerry Enterprise Server has processed it, rejected the activation password, and sent the error message to the BlackBerry smartphone. The BlackBerry Enterprise Server will cancel the current activation password after four more unsuccessful activation attempts. The BlackBerry smartphone user must be issued a new activation password if the current one is cancelled. Create an activation password. Confirm that the correct activation password is listed in the BlackBerry smartphone user's properties. If the password is not present, verify that the Microsoft SQL Server permissions are correct. Make sure that there are no network connectivity issues on the Microsoft SQL Server, and then confirm that the correct MDAC version is being used.
The BlackBerry smartphone stops responding at the Activating status for 10 minutes. It may retry every 10 to 15 minutes, displaying a status of Retrying After 40 to 60 minutes, the process terminates, displaying the error message The server is not responding. Please contact your System Administrator.
An activation password was not created. The activation password set in the BlackBerry Administration Service was not applied correctly.
The BlackBerry smartphone users Messaging Agent is not scanning for email messages in the BlackBerry smartphone user's inbox. 3.
Remove and then add the BlackBerry smartphone user to the BlackBerry Enterprise Server. Restart the BlackBerry Dispatcher and the BlackBerry Controller, and then restart the BlackBerry Enterprise Server.
An activation email message is sent to the BlackBerry Infrastructure through the wireless network and sent to the BlackBerry smartphone users mailbox.
716-02046-123 v1.0
147
Points of failure
Wireless network, BlackBerry smartphone provisioning, BlackBerry smartphone users mailbox, messaging server, antivirus or spam scanning software
The BlackBerry smartphone stops responding at the Activating status for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying After 40 minutes, the process terminates, displaying the message The server is not responding. Please contact your System Administrator. During this stage, the activation email messages do not arrive in the BlackBerry smartphone users inbox.
The BlackBerry smartphone is in an area of insufficient wireless network coverage or is not provisioned for enterprise service.
Make sure that the BlackBerry smartphone is provisioned for enterprise service. Confirm that the BlackBerry smartphone has the correct signal type and signal strength for sending data. Test BlackBerry smartphone PIN messaging to confirm this. Send a test activation request to an external email account to confirm that the ETP.DAT activation email messages are being sent.
The BlackBerry smartphone user has typed an incorrect email address on the Enterprise Activation screen. The activation email message was moved to a folder other than the inbox. The BlackBerry smartphone users mailbox is full. The BlackBerry smartphone users email messages are being routed to a personal folder (.pst) or offline folder (.ost). The ETP.DAT email message is not reaching the BlackBerry smartphone users inbox because it is being deleted or modified by a virus scanning application.
The BlackBerry smartphone user must retry the enterprise activation process using the correct email address.
Make sure that there are no filtering rules in the messaging server or the email application that are moving the activation email message to a folder other than the inbox. Make sure that the BlackBerry smartphone users mailbox receives email messages. Make sure that the BlackBerry smartphone users email application is configured to leave copies of email messages on the messaging server. Personal and offline folders are inaccessible to the BlackBerry Enterprise Server, causing the enterprise activation process to fail. Make sure that the organizations antivirus software is not rejecting the activation email message and the corresponding ETP.DAT attachment is not being deleted, flagged, or modified.
148
716-02046-123 v1.0
Symptom
Cause
Resolution
The ETP.DAT attachment is not reaching the BlackBerry smartphone users inbox because it is being identified as spam.
Make sure that the organizations firewall is not filtering email messages from the blackberry.net domain. Make sure that the organizations antispam software is not flagging the activation email message and modifying its title, contents, or ETP.DAT attachment. Make sure that the BlackBerry smartphone users email application is not moving the activation email message to the default junk email message folder. Remove the second BlackBerry smartphone user from the BlackBerry Enterprise Server. When the first BlackBerry smartphone user completes the enterprise activation process, add the second BlackBerry smartphone user to the BlackBerry Enterprise Server again. Before starting the enterprise activation process, turn off email message forwarding until the BlackBerry smartphone user has completed the enterprise activation process.
A BlackBerry smartphone user forwards email messages to a second BlackBerry smartphone user and the ETP.DAT activation email message is sent to both BlackBerry smartphone users. When the BlackBerry Enterprise Server scans all BlackBerry smartphone users mailboxes, it cannot determine which BlackBerry smartphone user is using the BlackBerry smartphone because the ETP.DAT message was sent to two accounts.
Stage 2 Encryption verification

4. The BlackBerry Enterprise Server identifies the new email message in the BlackBerry smartphone users mailbox.
Points of failure
BlackBerry Messaging Agent
716-02046-123 v1.0
149
5.
The BlackBerry Enterprise Server recognizes the ETP.DAT email message and starts the enterprise activation process. Note: At this point, the activation email messages with the ETP.DAT attachments are continuously delivered to the BlackBerry smartphone users mailbox.
Note
Points of failure
Messaging server, BlackBerry Messaging Agent 6. The BlackBerry Enterprise Server generates the public key authentication information.
Points of failure
BlackBerry smartphone user, Enterprise Service Policy
An error has occurred. Please contact your system administrator appears on the BlackBerry smartphone.
The BlackBerry smartphone user has typed an incorrect activation password on the Enterprise Activation screen.
The activation ETP.DAT email message has reached the BlackBerry smartphone users mailbox and the BlackBerry Enterprise Server has processed it, rejected the activation password, and sent the error message to the BlackBerry smartphone. Make sure that the BlackBerry smartphone user is typing the most upto-date activation password. Reset the password if needed before retrying the enterprise activation process.
The Enterprise Service Policy is limiting which BlackBerry smartphones are activated on the BlackBerry Enterprise Server.
Make sure that the Enterprise Service Policy allows the BlackBerry smartphone to be activated on the BlackBerry Enterprise Server. Allow the BlackBerry smartphone PIN or disable the Enterprise Service Policy if needed. For more information about the Enterprise Service Policy, efer to the BlackBery Technical Solution Center at www.blackberry.com/support.
150
716-02046-123 v1.0
Symptom
Cause
Resolution
The BlackBerry smartphone stops responding at the Activating status for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying After 40 minutes, the process terminates, displaying the message The server is not responding. Please contact your System Administrator.
The BlackBerry Enterprise Server service account does not have the correct permissions to access the BlackBerry smartphone user's mailbox and retrieve the ETP.DAT activation email message.
Make sure that the permissions for the BlackBerry Enterprise Server service account are properly configured according to the BlackBerry Enterprise Server for Microsoft Exchange Installation Guide. The ETP.DAT activation email message must arrive in the BlackBerry smartphone users mailbox before the BlackBerry Enterprise Server service account is notified that the email message has been received.
7.
The BlackBerry smartphone generates the master encryption key.
Points of failure
BlackBerry smartphone
Stage 3 Receiving Services

8. The BlackBerry smartphone verifies that the generated key is valid.
Points of failure
BlackBerry smartphone 9. The BlackBerry Enterprise Server generates a master encryption key.
Points of failure
BlackBerry Messaging Agent, BlackBerry Configuration Database 10. The BlackBerry Enterprise Server sends the IT policy and service books to the BlackBerry smartphone.
716-02046-123 v1.0
151
Points of failure
BlackBerry smartphone, BlackBerry Policy Service, BlackBerry Configuration Database
The BlackBerry smartphone stops responding at Waiting for Services...
The BlackBerry Policy Service is not started or not responding. The BlackBerry smartphone is rejecting the IT policy.
Make sure that the BlackBerry Policy Service is started or restart the service if needed. The BlackBerry smartphone user must delete all data using the Security Wipe option on the BlackBerry smartphone to allow the new BlackBerry Enterprise Server to overwrite the IT policy from a previous BlackBerry Enterprise Server. Restart the BlackBerry Policy Service and retry the enterprise activation process.
The BlackBerry Policy Service is not able to create the service books or IT policy. IT Policy Rejected. Please wipe handheld and try again appears on the BlackBerry smartphone. The BlackBerry smartphone was previously active on another BlackBerry Enterprise Server and has a conflicting IT policy. This occurs when the previous BlackBerry Enterprise Server and the current BlackBerry Enterprise Server do not share the same BlackBerry Configuration Database. 11.
Send a blank IT policy to the affected BlackBerry smartphone to delete any existing IT policy settings.
The enterprise activation process is complete and the slow synchronization process begins.
Stage 4 Slow Synchronization

12. The synchronization of calendar entries takes place.
Points of failure
BlackBerry Messaging Agent 13. The rest of the synchronization process takes place.
152
716-02046-123 v1.0
Points of failure
BlackBerry smartphone, BlackBerry Synchronization Service, BlackBerry Configuration Database, BlackBerry smartphone users mailbox
Symptom
The enterprise activation process only completes the synchronization of the Calendar database.
Cause
The BlackBerry Synchronization Service is not started or not responding.
Resolution
Make sure that the BlackBerry Synchronization Service is started or restart the service if needed. Make sure that Microsoft XML Parser is installed. See the BlackBerry Enterprise Server for Microsoft Exchange Installation Guide for details. Make sure that each contact entry has specified a first name, last name, or company name. When a contact entry is missing information in all three fields, the entry is not synchronized and this error message is displayed on the BlackBerry smartphone. Make sure that the IT policy allows for wireless synchronization of organizer data applications.
Not all databases synchronized successfully - Address Book appears on the BlackBerry smartphone. Organizer data databases are not synchronized after the enterprise activation process has finished.
Due to requirements for contacts information, some entries in the Address Book application may have been skipped. The IT policy is disabling wireless bulk load, organizer data synchronization, or individual organizer data applications. The BlackBerry Enterprise Server has network connectivity or database engine errors that prevent the enterprise activation process from finishing properly.
Make sure that there are no network connectivity issues between the BlackBerry Enterprise Server and the BlackBerry Configuration Database.
716-02046-123 v1.0
153
Symptom
The enterprise activation process stops responding and the slow synchronization process is not able to complete.
Cause
The BlackBerry Enterprise Server has network connectivity problems or Microsoft SQL Server errors. Content protection is enabled on the BlackBerry smartphone.
Resolution
Make sure that the Microsoft SQL Server is online and accessible.
Turn off content protection before starting the enterprise activation process. Install the latest BlackBerry Enterprise Server software version (including the current service pack or hotfix). If multiple slow synchronization process attempts are made simultaneously, it may take a long time to complete or the process may time out (depending on BlackBerry Enterprise Server load and messaging server performance). Restore the Desktop [SYNC] service book. On the BlackBerry smartphone, complete the following steps: 1. 2. 3. 4. Go to Options > Advanced Options > Service Book. Click Desktop [Sync]. Display the menu and click Delete. Display the menu again and click Undelete.
Multiple BlackBerry smartphone users are attempting the slow synchronization process simultaneously. The Desktop [SYNC] service book is corrupted.
154
716-02046-123 v1.0
BlackBerry Administration Service activation statistics

Administrators can view activation statistics in the BlackBerry Administration Service.
Administrators can search for specific activation criteria on the following screen:
716-02046-123 v1.0
155
After searching for a user account, administrators can view the following information about the BlackBerry smartphone users activation:
The State field tracks the state of the activation and displays one of the following:
The Description field provides more information on the state of each component
Password Set: The activation password has been set by the administrator. Ongoing: The portion of the activation associated with that BlackBerry Enterprise Server component is in progress. Completed: The portion of the activation associated with that BlackBerry Enterprise Server component has completed. Failed: The portion of the activation associated with that BlackBerry Enterprise Server component has failed.
The following screenshot shows statistics for a failed activation:
The following screenshot shows statistics for an ongoing activation:
156
716-02046-123 v1.0
Lab: Searching for activation statistics

You have received a phone call from Lou Sicoli indictating that his BlackBerry smartphone is not activating. Using the activation status monitoring features in the BlackBerry Administration Service, report the following statistics: Email component state and description
Synchronization component state and description
Policy component state and description
Using these statistics, provide possible causes for the failed activation.
716-02046-123 v1.0
157
General troubleshooting reminders

In addition to the resolutions already provided in this chapter, the following troubleshooting reminders may also help resolve enterprise activation issues: Verify that the BlackBerry smartphone user has been added to a BlackBerry Enterprise Server. Make sure that the wireless network is working by verifying that the BlackBerry smartphone user can send and receive email messages on the BlackBerry smartphone. Verify that the BlackBerry smartphone user is in a wireless network coverage area. Verify that the BlackBerry smartphone user can communicate using PIN messaging. Determine if more than one BlackBerry smartphone user is affected. If more than one BlackBerry smartphone user is affected, the issue is likely with the BlackBerry Enterprise Server. If only one BlackBerry smartphone user is affected, the issue is likely with the BlackBerry smartphone user configuration. If multiple activation email messages are arriving in the BlackBerry smartphone users mailbox on the messaging server, it means that the BlackBerry Enterprise Server and the messaging server are not communicating. It also means that the activation email messages are being removed or modified by the organizations messaging servers. Replicate the issue to see if the enterprise activation process fails for one or multiple BlackBerry smartphone users or one or multiple BlackBerry smartphones. To check the version of the MAPI subsystem installed on the BlackBerry Enterprise Server, search for mapi32.dll across all drives in the BlackBerry Enterprise Server environment. All the files in the search results must be the same version and this version must be the same or higher than the version in the Microsoft Exchange Server instances. To identify the BlackBerry Enterprise Server service account, go to Start > Run and type services.msc. Expand the Log On As column and verify what account is running the BlackBerry Enterprise Server services. Only the following services, if present, do not log on as the BlackBerry Enterprise Server service account: BlackBerry Attachment Service
158
716-02046-123 v1.0
BlackBerry Instant Messaging Connector BlackBerry MDS Integration Services - Apache Tomcat Service
If using BlackBerry Enterprise Server for Microsoft Exchange, check that the Administer Information Store permission has been granted to the BlackBerry Enterprise Server service account by using the IEMSTest utility. To make sure that the BlackBerry Enterprise Server service account has been granted all the required permissions in Microsoft Exchange, use the Exchange System Manager or Exchange Management Shell tools. To make sure that the BlackBerry Policy Service and BlackBerry Synchronization Service are started, go to Start > Run and type services.msc. The Status column should list these services as Started. If a BlackBerry smartphone is disconnected from the computer during a wired enterprise activation, the enterprise activation process will continue if the BlackBerry smartphone is in an area of wireless network coverage.
716-02046-123 v1.0
159
Exercise: Troubleshooting enterprise activation issues

Provide solutions to the following enterprise activation issues. You can use the BlackBerry Technical Solution Center as a reference if necessary. 1. You receive a report that the enterprise activation process has failed for all three BlackBerry smartphone users an administrator has just added to the BlackBerry Enterprise Server. The administrator explains that the activation email messages are continuously delivered to each one of the BlackBerry smartphone users inboxes with the respective ETP.DAT attachments. Upon investigation, you find that the administrator has recently installed Microsoft Outlook on the same computer as the BlackBerry Enterprise Server. Explain how this affects the enterprise activation process and what must be done to resolve the issue.
2.
You receive a report that the enterprise activation process has failed for a single BlackBerry smartphone user. Upon investigation, you find that the BlackBerry smartphone user is in a remote location and his email application is configured to redirect email messages to a .pst file. Explain how this affects the activation process and what must be done to resolve the issue.
160
716-02046-123 v1.0
3.
You receive a report from a BlackBerry smartphone user who says that the enterprise activation process has stopped at Waiting for services... Upon investigation, you find that the BlackBerry smartphone user has already deleted all data using the Security Wipe option on the BlackBerry smartphone but continues to receive the same issue when retrying the enterprise activation process. Explain the possible cause for this issue and what must be done to resolve it.
4.
You receive a report that a BlackBerry smartphone user is attempting to activate her BlackBerry smartphone on a BlackBerry Enterprise Server but does not see an Enterprise Activation icon on her BlackBerry smartphone. Explain possible causes for this issue and what must be done to resolve it.
716-02046-123 v1.0
161
5.
Complete the following table. Refer to the BlackBerry Technical Solution Center for additional information if necessary.
Discussion
Scenario
Action
IT Policy Rejected appears on the BlackBerry smartphone.
Delete all data using the Security Wipe option on the BlackBerry smartphone and retry the enterprise activation process.
If the BlackBerry smartphone was previously activated on a different BlackBerry Enterprise Server, the new IT policy cannot be applied until the BlackBerry smartphone user deletes all data on the BlackBerry smartphone using the Security Wipe option.
The activation email message displays the tag SCANNED in the Subject line.
The enterprise activation process only completes the synchronization of the Calendar database.
162
716-02046-123 v1.0
Scenario
Action
Discussion
Not all databases synchronized successfully Address Book appears on the BlackBerry smartphone during the slow synchronization stage.
716-02046-123 v1.0
163
Review questions
1. Complete the following enterprise activation prerequisites checklist.
164
716-02046-123 v1.0
2.
For each question listed in the following table, identify any actions that must be taken to retrieve the required information, and the reason for asking a particular question.
Question
1. Has the BlackBerry smartphone user typed the correct email address and activation password in the Enterprise Activation screen on the BlackBerry smartphone? Did the organizations firewall, antivirus, or spam filter software modify the enterprise activation request email message? Does the BlackBerry smartphone user have inbox rules that may have filed the activation request email message in a personal folder (.pst)?
Action
Discussion
2.
3.
716-02046-123 v1.0
165
Answers
Troubleshooting enterprise activation issues
1. This is not a supported configuration for the BlackBerry Enterprise Server. The MAPI subsystem installed with Microsoft Outlook is not sufficient for the BlackBerry Enterprise Server to process the activation email message or perform other functions such as email messaging and wireless calendar synchronization. The administrator should remove Microsoft Outlook and install the appropriate MAPI subsystem, as well as verify that all other BlackBerry Enterprise Server prerequisites are met. The administrator should also recreate the MAPI profiles once the correct MAPI subsystem is in place. For information on how to do this, refer to the BlackBerry Technical Solution Center. For more information about BlackBerry Enterprise Server software prerequisites, refer to the BlackBerry Enterprise Server Installation Guide. If the BlackBerry Enterprise Server software is installed on the same computer as the Microsoft Exchange Server, it is recommended that you contact Microsoft support to safely remove Microsoft Outlook.
Note
2.
The BlackBerry Enterprise Server must have access to the BlackBerry smartphone users mailbox to monitor and redirect email messages. If the BlackBerry smartphone users email messages are delivered to a .pst file (personal folder), the BlackBerry Enterprise Server is not able to find the activation email message and start the enterprise activation process. The BlackBerry smartphone user should configure the email application to leave a copy of the email message on the messaging server so that the BlackBerry Enterprise Server can access it. The BlackBerry Policy Service is not running or not responding, or there is an incorrect version of Microsoft XML Parser installed on the BlackBerry Enterprise Server. Make sure that Microsoft XML Parser is installed. See the BlackBerry Enterprise Server Installation Guide for details. The BlackBerry Policy Service must be started or restarted and the BlackBerry smartphone user must retry the enterprise
3.
166
716-02046-123 v1.0
activation process to receive the IT policy and service books and finish the enterprise activation process. 4. This occurs when the BlackBerry smartphone has previously been activated. The BlackBerry smartphone user can access the Enterprise Activation screen at any time on the BlackBerry smartphone by selecting Options > Advanced Options > Enterprise Activation. Another reason she cannot see the Enterprise Activation icon is that the BlackBerry smartphone is not provisioned for enterprise service. To determine if this is the case, select Options > Advanced Options. If the menu item Enterprise Activation is not available, the BlackBerry smartphone is not provisioned for enterprise service. 5.
Scenario Action
Complete the following table:

Discussion
IT Policy Rejected appears on the BlackBerry smartphone.
Delete all data using the Security Wipe option on the BlackBerry smartphone and retry the enterprise activation process.
If the BlackBerry smartphone was previously activated on a different BlackBerry Enterprise Server, the new IT policy cannot be applied until the BlackBerry smartphone user deletes all data on the BlackBerry smartphone using the Security Wipe option. When the activation email message or the ETP.DAT attachment are modified, the BlackBerry Messaging Agent fails to identify the email message as an activation request and it will not start the enterprise activation process. The BlackBerry Synchronization Service takes over the enterprise activation process after the synchronization of the Calendar database is complete and performs a wireless backup and restore of the BlackBerry smartphone, as well as the slow synchronization of the remaining organizer databases. When the BlackBerry Synchronization Service is not started, the enterprise activation process stops at this point.
The activation email message displays the tag SCANNED in the Subject line.
Make sure that the activation email message and the ETP.DAT attachment are not modified by the organizations antivirus or antispam software.
The enterprise activation process only completes the synchronization Calendar database.
Make sure that the BlackBerry Synchronization Service is started and restart it if needed. If the BlackBerry Synchronization Service fails to start, make sure that the appropriate Microsoft XML Parser is installed in the BlackBerry Enterprise Server environment.
716-02046-123 v1.0
167
Scenario
Action
Discussion
Not all databases synchronized successfully Address Book appears on the BlackBerry smartphone during the slow synchronization stage.
Make sure that all contact entries have a first name, a last name, or a company name.
Each contact requires a first name, a last name, or a company name. If a contact is missing values in all three fields, the entry is skipped and this error message appears on the BlackBerry smartphone.
168
716-02046-123 v1.0
Review questions
1.
716-02046-123 v1.0
169
2.
For each question listed in the following table, identify any actions that must be taken to retrieve the required information, and the reason for asking a particular question.
Question
1. Has the BlackBerry smartphone user typed the correct email address and password in the activation screen on the BlackBerry smartphone?
Action
Check if there is an error message on the Enterprise Activation screen on the BlackBerry smartphone. Verify that the BlackBerry smartphone user has not typed the activation password with the Caps Lock on. Verify that the BlackBerry smartphone user did not have issues typing the activation password on a BlackBerry smartphone with SureType technology turned on. Make sure that the SIM card is provisioned. Have the BlackBerry smartphone user type another email address and password. The email address could be the administrators address.
Discussion
If the BlackBerry smartphone user types the wrong activation password, an activation failed error message is received on the BlackBerry smartphone. If the wrong email address is typed, the email message generated by the BlackBerry Infrastructure is not successfully delivered to the BlackBerry smartphone users mailbox on the messaging server. By typing another email address, the ETP.DAT activation email message should be sent to that address and the administrator can confirm that the email message was received.
170
716-02046-123 v1.0
Question
2. Did the organizations firewall, antivirus, or spam filter software modify the enterprise activation request email message?
Action
Verify that .dat files are not being blocked by the firewall. Send an email message with a .dat file attachment to the BlackBerry smartphone. Verify that the email message arrives in the BlackBerry smartphone users mailbox.
Discussion
3.
Does the BlackBerry smartphone user have inbox rules that may have filed the activation request email message in a personal folder (.pst)?
Check the BlackBerry smartphone users inbox rules.
The BlackBerry Enterprise Server only scans the inbox for the activation request email message.
716-02046-123 v1.0
171
172
716-02046-123 v1.0
Configuring messaging options

Objectives
Describe the purpose of email message filters Describe how to create server and user email message filters Describe how to map address book fields for synchronization and address lookups Describe the options for managing wireless organizer data synchronization Identify tips for troubleshooting wireless organizer data synchronization Describe the options for managing email message redirection Identify tips for troubleshooting email message redirection Describe how the BlackBerry Enterprise Server reconciles email messages Describe the options for managing wireless email message reconciliation Explain how to manage access to remote email message data Explain how to manage email messages with HTML and rich content Explain how to manage folder synchronization Explain how to configure signatures and disclaimers
716-02046-123 v1.0
Configuring email message filters

BlackBerry smartphone users and administrators can create and change email message filters. Email message filters determine the actions that the BlackBerry Enterprise Server takes if incoming email messages match specific criteria: forward, forward with priority, or do not forward to BlackBerry smartphones. For example, BlackBerry smartphone users can create email message filters to forward email messages from specific senders to their BlackBerry smartphones with high priority. There are two types of email message filters in the BlackBerry Enterprise Server. The following table describes the two filter types and how to access them in the BlackBerry Administration Service.
Filter type Description

User BlackBerry smartphone user email message filters are filter rules set at an individual BlackBerry smartphone user level. These rules apply to the email messages sent to the BlackBerry smartphone user. To access this type of filter in the BlackBerry Administration Service, go to User > Manage users > Edit user > Default configuration> E-mail Server Server email message filters are email message filters set at a server level. These rules apply to the email messages sent to all BlackBerry smartphone users on the BlackBerry Enterprise Server. To access this type of filter in the BlackBerry Administration Service, go to BlackBerry Solution topology > BlackBerry Domain > Component view > Email > View (ServerName) Email message filters that administrators create and apply take precedence over the email message filters that BlackBerry smartphone users can create.
Did you know
174
716-02046-123 v1.0
The following table describes the conditions that can be configured for email message filters.
Condition
From
Description
The BlackBerry Enterprise Server filters email messages with the email addresses listed in the From field. Note: Separate multiple email addresses with a semicolon. Add a *@ before the email address if using wild cards.
Note: Sent To
The BlackBerry Enterprise Server filters email messages with the email addresses listed in the Sent To field. Note: Separate multiple email addresses with a semicolon. Add a *@ before the email address if using wild cards.
Note: Subject Body Recipient type
The BlackBerry Enterprise Server filters email messages with the specified text in the Subject field. The BlackBerry Enterprise Server filters email messages with the specified text in the body of the email message. The BlackBerry Enterprise Server filters email messages according to the selected recipient types. Sent directly to me CC: to me BCC: to me
Importance
The BlackBerry Enterprise Server filters email messages with the selected levels of importance. Low Normal High
716-02046-123 v1.0
175
Condition
Sensitivity
Description
The BlackBerry Enterprise Server filters email messages with the selected degrees of sensitivity. Normal Personal Private Confidential
Do not forward email messages to the device Forward email messages to the device
When selected, email messages with the criteria defined in the filter are not forwarded to the BlackBerry smartphone. When selected, email messages with the criteria defined in the filter are forwarded to the BlackBerry smartphone. The following criteria can be further defined: Forward with Level 1 notification Forward header only
Example: Creating a server-level email message filter

The following example illustrates how to apply an email message filter to all user accounts on a BlackBerry Enterprise Server.
176
716-02046-123 v1.0
Example: Creating a user-level filter

The following example illustrates how to apply an email message filter to a single user account on a BlackBerry Enterprise Server.
Exporting and importing email message filters

To save time and apply consistent filter rules, administrators can copy existing email message filters on one BlackBerry Enterprise Server instance and then apply them to other BlackBerry Enterprise Server instances. First, an administrator exports existing email message filters for a BlackBerry Enterprise Server instance as a .xml file. Next, the administrator imports the .xml file to use with another BlackBerry Enterprise Server instance.
716-02046-123 v1.0
177
Lab: Creating email message filters

Plazmic Inc. has decided to implement email message filters to make sure that important communications are delivered to employees BlackBerry smartphones. Plazmic Inc. has also asked you to implement email message filters so that these important communications are not lost among the other BlackBerry smartphone email messages.
Tasks
1. Create a server-level filter to make sure that email messages from Ian Dundas always go to the employees BlackBerry smartphones. A policy states that if an employee is going to send a personal email message to the entire organization, NO BB must be added to the subject line. The BlackBerry Enterprise Server can then filter personal email messages and prevent them from being delivered to the BlackBerry smartphones. Create a server-level filter to accomplish this. Create a filter for the following user accounts that forwards email messages with Request for Approval in the subject line to the BlackBerry smartphone with a Level 1 notification: Ian Dundas Mika Ilvonen Matthew Taylor Justin Jones
2.
3.
Export the filter. Import and apply the filter to Ian Dundas.
178
716-02046-123 v1.0
Mapping address book fields for synchronization and address book lookups
By default, the BlackBerry Enterprise Server maps certain fields in contacts entries on the messaging server to fields on a BlackBerry smartphone during wireless organizer data synchronization. Administrators can change these mappings and determine which fields appear in lookup results and which address book fields are synchronized between the messaging server and the BlackBerry smartphone. Up to four of these fields can be user-defined. Administrators can create the following types of field mappings on the BlackBerry Enterprise Server:
Field mapping type

User
Description
Address book field mappings apply to specific user accounts. To access this type of field mapping in the BlackBerry Administration Service, go to User > Manage users > Edit user (username) > Edit message settings > Mappings for organizer data synchronization
Server
Address book field mappings apply to all BlackBerry smartphone users on the BlackBerry Enterprise Server. To access this type of field mapping in the BlackBerry Administration Service, go to BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization
Field mappings set at a BlackBerry smartphone user level override field mappings set at the BlackBerry Domain level.
Did you know
716-02046-123 v1.0
179
The following screenshot shows some of the field mapping options at the global level:
Discussion: Why would an organization want to change address book field mapping options?
180
716-02046-123 v1.0
Managing wireless organizer data synchronization

Administrators can turn wireless organizer data synchronization on or off for the Address Book, MemoPad, and Tasks applications. Administrators can also configure synchronization for the following: Email message filters, which synchronizes the personal and global email message filters applied to the BlackBerry smartphone user Message settings, which synchronizes the folder redirection settings configured for the BlackBerry smartphone user Certificate summary data Organizer data folder list
Using wireless organizer data synchronization, BlackBerry smartphone users do not need to connect their BlackBerry smartphones to their computers to synchronize organizer data. By default, wireless organizer data synchronization is turned on for the BlackBerry Enterprise Server. Administrators can configure wireless organizer data synchronization at the following two levels:
Level
User
Description
Wireless organizer data synchronization settings apply to specific user accounts. To access these wireless organizer data synchronization settings in the BlackBerry Administration Service, go to User > Manage users > Edit user (username) > Default configuration > Organizer data synchronization
Server
Wireless organizer data synchronization settings apply to all BlackBerry smartphone users on the BlackBerry Enterprise Server. To access these wireless organizer data synchronization settings in the BlackBerry Administration Service, go to BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization
716-02046-123 v1.0
181
Administrators can manage the following wireless organizer data synchronization settings at the user level:
182
716-02046-123 v1.0
Administrators can manage the following wireless organizer data synchronization settings at the server level:
Tips for troubleshooting wireless organizer data synchronization issues

Verify that the BlackBerry smartphone user is activated on a BlackBerry Enterprise Server. Make sure that the wireless network is working by verifying that the BlackBerry smartphone user can send and receive PIN messages on the BlackBerry smartphone. Verify that the BlackBerry smartphone user and the BlackBerry Enterprise Server has wireless organizer data synchronization turned on. Verify that an IT policy is not turning off the wireless organizer data synchronization for the BlackBerry smartphone user. Verify that the BlackBerry Synchronization Service is running. Verify that the BlackBerry smartphone user is not trying to synchronize organizer data on the BlackBerry smartphone with a personal folders (.pst) file in Microsoft Exchange. Determine if more than one BlackBerry smartphone user is affected. If more than one BlackBerry smartphone user is affected, the issue is likely with the BlackBerry Enterprise Server. If only one BlackBerry smartphone user is affected,
716-02046-123 v1.0
183
the issue is likely with the BlackBerry smartphone user configuration. If the BlackBerry Enterprise Server is not writing organizer data for a user account from a BlackBerry smartphone to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted. Administrators can delete the organizer data from the BlackBerry Enterprise Server to force BlackBerry smartphones to synchronize the current organizer data with the BlackBerry Enterprise Server.
184
716-02046-123 v1.0
Lab: Managing organizer data synchronization

Plazmic Inc. has asked to manage the following oganizer data synchronization settings. You can use the BlackBerry Enterprise Server Administration Guide for instructions if necessary.
Tasks
1. Change the following settings for Leticia Lopez Tovars account: Turn off certificate summary data synchronization. Memos should be set so that data is synchronized from the BlackBerry smartphone to the BlackBerry Enterprise Server only. Tasks should be set so the BlackBerry smartphone wins if there is a conflict between the BlackBerry smartphone and the BlackBerry Enterprise Server.
2.
Change the following setting at the server level:
716-02046-123 v1.0
185
Managing email message redirection

Administrators can control how the BlackBerry Enterprise Server forwards email messages from BlackBerry smartphone users email applications to their BlackBerry smartphones. When an administrator turns off email message redirection, the affected BlackBerry smartphone users can send email messages from their BlackBerry smartphones but cannot receive email messages. To manage email message redirection, administrators must search for and then select a user acount.
186
716-02046-123 v1.0
After selecting the user account, the administrator must click Default configuration.
On the Services tab, administrators can manage the following email message redirection settings for the selected user account:
716-02046-123 v1.0
187
On the E-mail tab, administrators can manage the following email message redirection settings for the selected user account:
Tips for managing email message redirection

BlackBerry smartphone users can define settings for email message forwarding on their BlackBerry smartphones or by using BlackBerry Web Desktop Manager or BlackBerry Desktop Manager. The settings defined by administrators override the settings defined by BlackBerry smartphone users. Administrators can also turn off email message redirection for a group by performing the following steps: 1. 2. 3. 4. In the BlackBerry Administration Service, on the BlackBerry Solution management menu, expand User. Click Manage users. Click Advanced search. In the Group criteria section, in the Specific group drop-down list, click the group you want to turn off email message forwarding for. Click Search. Click Manage multiple users. Select all user accounts. Under Device services, click Turn off redirection for all devices.
5. 6. 7. 8.
188
716-02046-123 v1.0
Lab: Managing email message redirection

Plazmic Inc. has implemented new email message redirection rules. As a result, you are required to configure the BlackBerry Enterprise Server according to the following email message redirection rules:
Tasks
1. Ian Dundas is travelling in an area without wireless network coverage and does not require email message redirection right now. To manage network resources, turn off email message redirection when the BlackBerry smartphone is connected to the following BlackBerry smartphone users computers: Hitoshi Hishikura Nicole Lavigne Lou Sicoli
2.
716-02046-123 v1.0
189
Managing wireless email message reconciliation

The BlackBerry Enterprise Server automatically reconciles email message status between the messaging server and a BlackBerry smartphone using wireless email message reconciliation. Email message reconciliation starts after three to five minutes of inactivity on the BlackBerry smartphone. If the BlackBerry smartphone is active, email message reconciliation starts every 15 to 20 minutes or after 100 changes to data on the BlackBerry smartphone. The functions associated with email message reconciliation include marking email messages as read or unread, and moving or deleting email messages. When using wireless email message reconciliation, the metadata for each email message is updated, but not the data itself. For example, if a BlackBerry smartphone user moves an email message from one folder to another on the computer, the metadata associated with the email message is updated to reflect that it now belongs in a different folder during email message reconciliation. The email message is not moved to that folder on the BlackBerry smartphone. Email messages that are filed to personal folders can be reconciled using BlackBerry Web Desktop Manager or BlackBerry Desktop Manager when the BlackBerry smartphone is connected to the computer.
Did you know
Configuring wireless email message reconciliation

Administrators can configure wireless email message reconciliation at the server level, by clicking Servers and components > BlackBerry
190
716-02046-123 v1.0
Solution topology > BlackBerry Domain > Component view > Email and then selecting the instance to change.
The following diagram shows the wireless email message reconciliation options on the Messaging tab:
716-02046-123 v1.0
191
What is a hard-deleted email message?

A hard delete occurs when BlackBerry smartphone users use the ShiftDelete key combination in their work email applications to delete an item. The following actions involving the removal of an email message from the BlackBerry smartphone user's mailbox may affect wireless email reconciliation: Moving email messages to personal folders Deleting email messages from the Deleted Items folder before the BlackBerry Enterprise Server has detected and reconciled the email messages. The following scenarios will cause this problem to occur more often: Using the Empty Deleted Items Folder function in Microsoft Outlook Selecting the Empty the Deleted Items Folder upon exiting configuration setting in Microsoft Outlook
When hard delete support is turned on, the BlackBerry Dispatcher must be restarted for the setting to take effect.
Note
Tips for troubleshooting wireless email message reconciliation issues

Verify that the BlackBerry smartphone user is activated on a BlackBerry Enterprise Server. Make sure that the wireless network is working by verifying that the BlackBerry smartphone user can send and receive PIN messages on the BlackBerry smartphone. Verify that the BlackBerry Enterprise Server has email message reconciliation turned on. If using BlackBerry Enterprise Server for IBM Lotus Domino, the reconciliation of read and unread status works only if the BlackBerry smartphone users mail file templates and messaging server use IBM Lotus Domino 6.0 or later. Since read and unread marks are considered private data, the BlackBerry Enterprise Server must also have Manager-level access to the BlackBerry smartphone users mail file.
192
716-02046-123 v1.0
Use the BlackBerry Messaging Agent logs to troubleshoot issues with reconciliation of hard-deleted email messages.
716-02046-123 v1.0
193
Managing access to remote email message data

Administrators can control the ability of BlackBerry smartphone users to perform the following tasks: Check the availability of meeting participants on a BlackBerry smartphone: Organizations may choose to turn this option off to reduce impact on the organizations messaging server. It is turned on by default. Search for remote email messages on a BlackBerry smartphone: Administrators can turn on or turn off the ability for BlackBerry smartphone users to search for email messages that are located on the messaging server from their BlackBerry smartphones. The BlackBerry Enterprise Server must be restarted if these settings are changed.
Note
Administrators can control these options by clicking Servers and components > BlackBerry Solution topology > BlackBerry Domain > Component view > Email and then selecting the instance to change.
194
716-02046-123 v1.0
The following diagram shows the remote email message access options on the Messaging tab.
716-02046-123 v1.0
195
Managing email messages with HTML and rich content

Administrators can manage the following options for email messages with HTML and rich content: Turn support for rich content on or off at the server level. Turn support for inline images on or off at the server level. The BlackBerry Enterprise Server must be restarted if these settings are changed.
Note
Discussion: Why would an organization choose to turn off support for rich content and inline images?
Administrators can turn rich content and inline content on or off by clicking Servers and components > BlackBerry Solution topology > BlackBerry Domain > Component view > Email and then selecting the instance to change.
196
716-02046-123 v1.0
The following diagram shows the rich content and inline images options on the Messaging tab.
Tips for managing email messages with HTML and rich content
BlackBerry smartphone users can also turn support for rich content and inline images on or off on their BlackBerry smartphones. To determine if support for this content is turned on or off, search for the BlackBerry smartphone user, click Default configuration, and view the following settings:
Administrators can also prevent the BlackBerry Enterprise Server from sending email messages with HTML and rich
716-02046-123 v1.0
197
content or inline images to BlackBerry smartphone users by modifying the following IT policy rules: To turn off rich content formatting, set Disable Rich Content Email to True. To turn off inline images, set Inline Content Requests to Disabled.
198
716-02046-123 v1.0
Managing signatures and disclaimers

Administrators can set disclaimers for all user accounts or for individual user accounts on a BlackBerry Enterprise Server.
Managing disclaimers for all user accounts on a BlackBerry Enterprise Server

Administrators can manage disclaimers by clicking Servers and components > BlackBerry Solution topology > BlackBerry Domain > Component view > Email and then selecting the instance to change.
716-02046-123 v1.0
199
The following diagram shows the disclaimer options on the Messaging tab:
Managing disclaimers and signatures for individual user accounts

Administrators can manage disclaimers and signatures for individual user accounts by clicking BlackBerry solution management > Manage users and then searching for the user account to manage.
200
716-02046-123 v1.0
After clicking Default configuration, these options are located on the Email tab.
Tips for managing signatures and disclaimers

BlackBerry smartphone users cannot change disclaimers or signatures that are set by an administrator in the BlackBerry Administration Service.
716-02046-123 v1.0
201
Lab: Creating disclaimers and signatures

Plazmic Inc. requires that the following disclaimers and signatures are configured for the organizations BlackBerry Enterprise Server.
Tasks
1. All email messages sent from all BlackBerry smartphones must have the following appended disclaimer: This email and any files transmitted with it are confidential and intended solely for the intended recipient. 2. Andrew Paterson must have the following appended disclaimer: Please notify the sender immediately if you have received this email by mistake and delete this email from your system. This disclaimer must appear after the server level disclaimer. 3. Ian Dundas must have the following prepended disclaimer: Forwarding or copying this email message is strictly prohibited. 4. Elliot Fung must have the following signature: For more information on Plazmic products, visit www.plazmic.com.
202
716-02046-123 v1.0
Managing folder synchronization

BlackBerry smartphone users can view and use contacts in public and private folders from their BlackBerry smartphones, and copy the contacts to their contact lists. BlackBerry smartphone users can only view the public folders that they have the proper permissions for. BlackBerry smartphone users can choose which public folders that they want to synchronize with their BlackBerry smartphones using BlackBerry Web Desktop Manager or BlackBerry Desktop Manager. Administrators can manage folder synchronization in the following ways: Control which public contact folders a BlackBerry smartphone user can synchronize with the BlackBerry smartphone: By default, a BlackBerry smartphone user can synchronize contacts from all public contact folders to the contact list on the BlackBerry smartphone. To help manage network resources, administrators can select the public folders that a BlackBerry smartphone user can synchronize with. Control which personal contact folders a BlackBerry smartphone user can synchronize with the BlackBerry smartphone: By default, a BlackBerry smartphone user can synchronize all personal contact folders with the contact lists on the BlackBerry smartphone. To help manage network resources, administrators can select the personal contact folders that a BlackBerry smartphone user can synchronize with. Control which public folders a BlackBerry smartphone user can synchronize with the BlackBerry smartphone: To help manage network resources, administrators can select the public folders a BlackBerry smartphone user can synchronize with the BlackBerry smartphone.
Administrators can manage folder synchronization by clicking BlackBerry solution management > Manage users and then searching for the user account to manage.
716-02046-123 v1.0
203
After clicking Default configuration, these options are located on the Email tab in BlackBerry Enterprise Server for Microsoft Exchange.
The following option is available in BlackBerry Enterprise Server for IBM Lotus Domino:
Administrators can also set the maximum number of public contact folders that BlackBerry smartphone user can synchronize with from the server level.
204
716-02046-123 v1.0
The following option is available in BlackBerry Enterprise Server for Microsoft Exchange:
The following option is available in BlackBerry Enterprise Server for IBM Lotus Domino:
716-02046-123 v1.0
205
Review questions
1. What is the purpose of email message filters?
2. 3.
Administrators can create email message filters at the ___________ and _________ levels. List four conditions that can be configured for email message filters.
4.
True or false? Administrators can change which fields appear in address book lookup results and which address book fields are synchronized between the messaging server and the BlackBerry smartphone.
5.
Describe the purpose of the following fields for managing wireless organizer data synchronization: Synchronization type Conflict resolution
6.
True or false? When an administrator turns off email message redirection, the affected BlackBerry smartphone users cannot send or receive email messages on their BlackBerry smartphones.
206
716-02046-123 v1.0
7.
True or false? Wireless email message reconciliation can be turned off at both the server level and the user level.
8.
What is a hard-deleted email message?
716-02046-123 v1.0
207
Answers
Answers
1. Email message filters determine the actions that the BlackBerry Enterprise Server takes if incoming email messages match specific criteria: forward, forward with priority, or do not forward to BlackBerry smartphones. Administrators can create email message filters at the user and server levels. Any four of the following: 4. 5. True. Synchronization type sets the direction of organizer data synchronization. Choices are Server to Device, Device to Server or Bidirectional. Conflict resolution sets how conflicts that occur during organizer data synchronization are resolved. Choices are Server Wins or Device Wins. 6. False. When an administrator turns off email message redirection, the affected BlackBerry smartphone users can send email messages from their BlackBerry smartphones but cannot receive email messages. False. Wireless email reconciliation can only be turned off at the server level. A hard delete occurs when BlackBerry smartphone users use the Shift-Delete key combination in their work email applications to delete an item. From Sent To Subject Body Recipient type Importance Sensitivity Do not forward email messages to the device Forward email messages to the device
2. 3.
7. 8.
208
716-02046-123 v1.0
Configuring deployment jobs

Objectives
Describe the purpose of deployment jobs Explain the available deployment job settings Discuss how to manage deployment jobs
716-02046-123 v1.0
Introducing deployment jobs

The BlackBerry Administration Service creates deployment jobs to deliver objects to user accounts or groups. Deployment jobs are created for wireless deployment only. For example, deployment jobs are created when an administrator performs the following: Creates a software configuration for wireless deployment and assigns it to user accounts Changes a software configuration for wireless deployment that is already assigned to user accounts Assigns or changes an IT policy for wireless deployment
The following diagram describes how deployment jobs are created:

The administrator performs an administrative operation. For example, adds user accounts to a group or assigns a software configuration to a group.
The BlackBerry Administration Service performs any necessary reconciliation.
If the delivery mode is wireless, the BlackBerry Administration Service creates a deployment job.
Based on deployment job scheduling and throttling settings, the BlackBerry Administration Service executes each deployment job task of the deployment job. The object is delivered to the BlackBerry smartphones.
Deployment jobs consist of one or more related deployment job tasks. Each deployment job task delivers one object to one BlackBerry smartphone over the wireless network.
210
716-02046-123 v1.0
The following diagram shows a simplified example of a deployment job with related deployment job tasks:
In the Deployment jobs menu, administrators can change the default settings that control how the BlackBerry Administration Service creates deployment jobs and delivers deployment job tasks to BlackBerry smartphones. Administrators can also change the default settings that the BlackBerry Administration Service uses to deliver IT policies, BlackBerry Java Applications, BlackBerry Device Software, and
716-02046-123 v1.0
211
BlackBerry Device Software application settings to BlackBerry smartphones.
Administrators can use deployment job settings to determine how deployment jobs are completed. This allows organizations to manage system resources and job scheduling.
212
716-02046-123 v1.0
Specify job schedule settings
Setting
Default delay
Description
The amount of time the BlackBerry Administration Service waits before processing a deployment job The number of days that the BlackBerry Administration Service waits before defining a job as failed The number of days that the BlackBerry Administration Service waits before deleting a failed or successfully completed job
Default value
15 minutes
Mark as failed
30 days
Purge job
7 days
IT policy distribution settings
Setting
Scheduled deployment days
Description
The days when IT policy deployment tasks can occur
Default values
All days
716-02046-123 v1.0
213
Setting
Start time
Description
The start time in the time window that IT policy deployment tasks can occur The end time in the time window that IT policy deployment can occur
Default values
All day
End time
All day
Setting
Maximum number of simultaneous tasks per BlackBerry Administration Service instance
Description
The maximum number of IT policy tasks that the BlackBerry Adminstration Service instance processes simultaneously
Default value
1000
214
716-02046-123 v1.0
Setting
Maximum number of simultaneous tasks per BlackBerry Administration Service instance Total number of tasks per time window per BlackBerry Administration Service instance
Description
The maximum number of IT policy tasks that the BlackBerry Adminstration Service instance processes simultaneously The total number of IT policy tasks that the BlackBerry Administration Service instance processes during each time window
Default value
25
150
Application distribution settings, BlackBerry Device Software distribution settings, and BlackBerry Device Software application distribution settings share the same tabs as the IT policy settings.
716-02046-123 v1.0
215
Managing deployment jobs

Administrators can view the status of a deployment job to determine its state.
The Status field can display one of the following statuses:
Status
Ready to run Running Task delivery complete
Description
A deployment job task is waiting to run. Deployment job tasks are currently running. All deployment job tasks have been delivered to the intended BlackBerry smartphones. The BlackBerry Administration Service is waiting for responses from the associated BlackBerry smartphones.
216
716-02046-123 v1.0
Status
Completed with no task failure
Description
All the BlackBerry smartphones have responded that a deployment job has completed without errors. One or more BlackBerry smartphones have responded that a deployment job has completed but with a failure.
Completed with task failure
Administrators can also view the status of a deployment job task.
The Status field can display one of the following statuses:
Status
Ready to Deliver
Description
The BlackBerry Administration Service is ready and waiting to execute this deployment job task. The BlackBerry Administration Service is not currently able to execute this deployment job task because it is waiting on a dependent deployment job task to complete. This deployment job task is redundant and no longer needs to be executed.
Not Ready to Deliver
Optimized out
716-02046-123 v1.0
217
Status
Pending Result
Description
The status of the deployment job task is pending. The BlackBerry Administration Service is waiting for a response from the associated BlackBerry smartphones. The BlackBerry smartphone has responded that the deployment job task has successfully completed. The BlackBerry Administration Service is ready to retry a deployment job task with a previous status of Retriable failure. The deployment job task has failed but can be retried. The BlackBerry smartphone has responded that the deployment job task has failed to complete. The deployment job task has failed because another dependent deployment job task has failed. An administrator has forced the deployment job task to fail.
Success
Ready to retry
Retriable failure Failure
Dependency Failure
Manual Failure
218
716-02046-123 v1.0
Lab: Managing deployment jobs

Plazmic Inc. has asked you to make the following changes to the deployment jobs settings.
Tasks
Change the default delay for each deployment job to be 10 minutes. Change the deployment days for BlackBerry Device Software application distribution to be Saturday and Sunday only. Change the deployment time for BlackBerry Device Software application distribution to be from 5 pm to 6 am.
716-02046-123 v1.0
219
Review questions
1. The BlackBerry Administration Service creates deployment jobs after an administrator performs which tasks?
2.
Administrators can change the default settings that the BlackBerry Administration Service uses to deliver which deployment tasks?
220
716-02046-123 v1.0
Answers
1. The BlackBerry Administration Service creates deployment jobs when an administrator performs one of the following tasks: 2. Creates a software configuration and assigns it to user accounts Changes a software configuration that is already assigned to user accounts Assigns or changes an IT policy Updates BlackBerry Device Software over the wireless network
Administrators can change the default settings that the BlackBerry Administration Service uses to deliver IT policies, BlackBerry Java Applications, BlackBerry Device Software, and standard application settings to BlackBerry smartphones.
716-02046-123 v1.0
221
222
716-02046-123 v1.0
Introducing IT policies
Objectives
Discuss the purpose of IT policies List and describe the preconfigured IT policies Describe how to create IT policies Describe how to copy IT policies Explain how to import and export IT policy data Describe how to resend IT policies Explain how conflicting IT policies are reconciled Identify tips for troubleshooting IT policy issues
716-02046-123 v1.0
About IT policies
An IT policy is a collection of rules an administrator uses to set functionality for the BlackBerry smartphone and BlackBerry Desktop Software. These rules can define many options, including how email messages are handled, and which features the BlackBerry smartphone user can use. BlackBerry smartphone users can be assigned a customized IT policy instead of a preconfigured IT policy, but each BlackBerry smartphone user can only be resolved to one IT policy at a time. The BlackBerry Enterprise Server software includes the following preconfigured IT policies that administrators can change to create IT policies that meet the requirements of the organization.
Preconfigured IT policy
Default
Description
This IT policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server. Similar to the Default IT policy, this IT policy also requires that BlackBerry smartphone users set a basic password on their BlackBerry smartphones. BlackBerry smartphone users must change their passwords regularly. This IT policy includes a security timeout that locks the BlackBerry smartphone after a period of inactivity. Similar to the Default IT policy, this IT policy also requires that BlackBerry smartphone users set a complex password on their BlackBerry smartphones. BlackBerry smartphone users must change their passwords at regular intervals. This IT policy includes a maximum password history and turns off Bluetooth technology on the BlackBerry smartphone.
Basic Password Security
Medium Password Security
224
716-02046-123 v1.0
Medium Security with No 3rd Party Applications
Description
Similar to the Medium Password Security, this IT policy requires a complex password that a BlackBerry smartphone user must change frequently, a security timeout that locks the BlackBerry smartphone after a period of inactivity, and a maximum password history. This IT policy prevents BlackBerry smartphone users from making BlackBerry smartphones discoverable by other Bluetooth enabled devices and turns off the ability to download third-party applications. Similar to the Default IT policy, this IT policy also requires a complex password that a BlackBerry smartphone user must change frequently, a security timeout that locks the BlackBerry smartphone after a period of inactivity, and a maximum password history. This IT policy restricts Bluetooth technology on the BlackBerry smartphone, turns on strong content protection, turns off USB mass storage, and requires the BlackBerry smartphone to encrypt external file systems.
Advanced Security
With the exception of the Default IT policy, It is recommended that administrators do NOT change the preconfigured IT policies. Consider the preconfigured IT policies to be templates. The Default IT policy that is assigned at the BlackBerry Domain level should be modified with the settings that the organization requires for BlackBerry smartphone users resolved to the Default IT policy. IT policy rules appear in the BlackBerry Administration Service in IT policy groups. Each IT policy group tab contains rules that can control common properties or applications on BlackBerry smartphones. The
716-02046-123 v1.0
225
following diagram shows the IT policy tabs and the IT policy rules for the BlackBerry Messenger group:
For a full list of available IT policies, refer to the BlackBerry Enterprise Server Policy Reference Guide in the BlackBerry Technical Solution Center.
Did you know
IT policy distribution
IT policies are a function of the BlackBerry Domain. As a result, the same IT policies are available to all BlackBerry smartphone users within the organization, whether they reside on the same or separate BlackBerry Enterprise Server instances. Administrators can set IT policies at the user account or group levels. The Default IT policy is automatically assigned to the BlackBerry Domain. IT policy settings are synchronized and assigned to the BlackBerry smartphone wirelessly. As a result, administrators who need to facilitate large deployments of BlackBerry smartphones can easily change IT policies on an organization-wide level without BlackBerry smartphone users having to connect their BlackBerry smartphones to their computers.
226
716-02046-123 v1.0
Creating IT policies
Creating a new IT policy
Administrators can create a new IT policy by clicking BlackBerry solution management > Policy > Create an IT policy.
Next, the administrator must type a name and an optional description and click Save.
The administrator can begin assigning IT policy rules by clicking on the IT policy name and then clicking Edit IT policy.
716-02046-123 v1.0
227
Administrators can now begin configuring the IT policy rules.
Creating a new IT policy from an existing IT policy

Instead of creating a new IT policy, it may be quicker to copy a similar existing IT policy and then modify it. Administrators can create a new IT policy from an existing IT policy by clicking BlackBerry solution management > Policy > Manage IT policies.
228
716-02046-123 v1.0
From the list of IT policies, the administrator must click on the IT policy to copy and then click Copy IT policy.
The administrator can now change the necessary IT policy rules.
Importing and exporting IT policy data

Organizations can export IT policy data to quickly set up other BlackBerry Domains. When an administrator exports IT policy data, the administrator must create an encryption password for the data file so it can be imported at a later time.
716-02046-123 v1.0
229
Administrators can export IT policy data by clicking BlackBerry solution management > Policy > Manage IT policies.
To import IT policy data, administrators must click Import IT policy list. To export IT policy data, administrators must click Export IT policy list.
230
716-02046-123 v1.0
716-02046-123 v1.0
231
Assigning IT policies
Assigning an IT policy to a group
To increase efficiency, IT policies can be assigned to members of a group that have the same IT policy requirements. Administrators can assign an IT policy to a group by clicking BlackBerry solution management > User > Manage groups.
The administrator can now click on a group and click Edit group. IT policies are assigned on the Policies tab.
232
716-02046-123 v1.0
Assigning an IT policy to a user account

Administrators can assign an IT policy to a user account by clicking BlackBerry solution management > User > Manage users and then search for a user account.
The administrator can now click on a group and click Edit user. IT policies are assigned on the Policies tab.
716-02046-123 v1.0
233
Creating new IT policy rules to control thirdparty applications

Administrators can create new IT policy rules to control the applications that an organization creates for BlackBerry smartphones.
Only applications that an organization creates can use the new IT policy rule. Administrators cannot create new IT policy rules to control standard BlackBerry smartphone applications and features.
Note
Next, the administrator can specify the following information:
234
716-02046-123 v1.0
Lab: Creating and assigning IT policies

Plazmic Inc. has asked you to create three new IT policies that will help manage its newest BlackBerry smartphone users and the BlackBerry smartphones assigned to them. The following list contains the criteria that has been requested by Plazmic Inc. for the new IT policies. Create an IT policy called Legal_Group that turns off the following items: Phone application SMS text messaging MMS messaging BlackBerry Browser
Create another IT policy that turns off the above items and turns off Bluetooth wireless technology. Name this IT policy Legal_minusBT. Create another IT policy that turns off the Bluetooth serial port profile and the Media Manager tool. Name this IT policy Disable_BT&MM.
Tasks
1. 2. 3. 4. Create the IT policies and use the copy feature, where possible. Assign the Legal_Group IT policy to the Legal group. Assign the Legal_minusBT IT policy to Marc Gervais. Leave the last IT policy unassigned for now.
716-02046-123 v1.0
235
Resending IT policies
The BlackBerry Administration Service monitors the BlackBerry Enterprise Server for changes to IT policies. When a change occurs, the BlackBerry Enterprise Server automatically sends the IT policy to all BlackBerry smartphone users assigned to that IT policy. The BlackBerry Enterprise Server also sends IT policies to a BlackBerry smartphone when it is activated. If necessary, administrators can also resend an IT policy to a specific BlackBerry smartphone manually.
Resending an IT policy manually

Administrators can manually resend an IT policy to a user account by clicking BlackBerry solution management > User > Manage users and then searching for the user account to manage.
236
716-02046-123 v1.0
On the Policies tab, administrators must click View resolved IT policy data.
Administrators can then click Resend IT policy to a device.
716-02046-123 v1.0
237
Resending an IT policy automatically

Administrators can also configure the BlackBerry Enterprise Server to resend IT policies to BlackBerry smartphones at a scheduled interval, regardless of whether the IT policies have changed. Administrators can configure the BlackBerry Enterprise Server to resend IT policies automatically by clicking BlackBerry solution topology > BlackBerry Domain > Components > Policy and clicking on a BlackBerry Policy Service instance.
The administrator can now click Edit instance and change the value of the Policy resend interval field.
238
716-02046-123 v1.0
Reconciliation rules for IT policies

The BlackBerry Administration Service can resolve only one IT policy to a user account. Since administrators can assign IT policies to user accounts and groups, reconciliation resolves possible conflicts that can occur when user accounts belong to multiple groups, or when groups belong to multiple groups. The BlackBerry Administration Service uses predefined rules to determine which IT policy to resolve to a user account. For example, the BlackBerry Administration Service might have to resolve conflicting IT policies if an administrator performs any of the following actions: Assign an IT policy to or remove an IT policy from a user account or group Change an IT policy Change the ranking of IT policies Delete an IT policy
The IT policy that is resolved to a user account is determined by the following reconciliation rules: 1. User-level assigned IT policy: An IT policy assigned to a single user account takes precedence over any IT policies assigned to groups that the user account may belong to. Group-level assigned IT policy: When a user account does not have an assigned IT policy but belongs to a group with an assigned IT policy, the user account is assigned to the highest priority IT policy that is assigned to the group.
2.
716-02046-123 v1.0
239
Administrators can rank IT policies from BlackBerry solution management > Policy > Manage IT policies.
3.
BlackBerry Domain-level assigned Default IT policy: When a user account is created, a user account does not have another assigned IT policy, or does not have an assigned group IT policy, the user account is assigned the Default IT policy.
240
716-02046-123 v1.0
Administrators can view resolved IT policies for user accounts.
In the screenshot above, the user account is assigned to both the Advanced Security IT policy and the Smartphone Password IT policy. After the administrator clicks View resolved IT policy data, the administrator can see which IT policy has been sent (resolved) to this users BlackBerry smartphone.
716-02046-123 v1.0
241
Exercise: Determine which IT policy is assigned to the user account

1. Which IT policy will be assigned to Marc Gervais user account?
Priority 3
3 3 3
Priority 2
3 3 3
Priority 4
3 3 3
Priority 1
3 3 3
IT policy A assigned to Group 1
IT policy B assigned to Group 2
IT policy D assigned to Group 3
Default IT policy assigned to BlackBerry Domain
Group 1 is a child group of Group 2
Group 2
Group 3
Priority 5 Marc is a member of Group 2 and Group 3

3 3 3
Marc Gervais
IT policy C assigned to Marc Gervais
242
716-02046-123 v1.0
2.
Which IT policy will be assigned to Nicole Lavignes user account?
Priority 3
3 3 3
Priority 2
Priority 4
Priority 1
3 3 3
Priority 5
3 3 3
IT policy A assigned to Group 1
IT policy B
IT policy C
IT policy D assigned to Default IT policy Group 2 and Group 3 assigned to BlackBerry Domain
Group 2
Group 3
Nicole is not a member of a group
Nicole Lavigne
716-02046-123 v1.0
243
3.
Which IT policy will be assigned to Matthew Taylors user account?
Priority 3
3 3 3
Priority 2
3 3 3
Priority 1
3 3 3
IT policy A assigned IT policy B assigned to Group 1 to Group 2
IT policy C assigned to Group 3
Group 3
Matthew is a member of Group 1
Matthew Taylor
244
716-02046-123 v1.0
Troubleshooting IT policy issues

The following information should be considered when troubleshooting IT policy issues: Verify that the BlackBerry smartphone can receive email messages and browse the Internet. If the BlackBerry smartphone is unable to perform these functions, it may not have network connectivity. As a result, IT policies cannot be transmitted to the BlackBerry smartphone. The BlackBerry Policy Service must be running for IT policies to be sent to the BlackBerry smartphone. The BlackBerry Policy Service status can be viewed in the BlackBerry Administration Service by clicking on a BlackBerry Policy Service instance. The following diagram shows the selected BlackBerry Policy Service is running:
Review specific BlackBerry Policy Service logs. The following table describes the BlackBerry Policy Service log.
Log name
BlackBerry Policy Service
Identifier
POLC
Description
Records the communications between the BlackBerry Policy Service and the BlackBerry Dispatcher.
716-02046-123 v1.0
245
Sending an IT policy or an IT policy change can take up to the number of minutes specified by the Default delay setting for deployment jobs.
246
716-02046-123 v1.0
Review questions
1. Which of the following IT policies rules should be selected for sales representatives who spend 90% of their time placing phone calls to customers? Suggest IT policy status settings, as well.
Select Policy
Allow Phone Local Country Code Allow outgoing calls when locked Put Auto Signature Show Application Loader 2.
Suggested status
What is an IT policy? Choose the most appropriate answer. a. b. c. An IT policy is a collection of server rules an administrator sets. An IT policy holds the license agreements and expiry dates for all BlackBerry smartphones. An IT policy is a collection of rules an administrator uses to set default configurations for BlackBerry smartphones and BlackBerry Desktop Software. An IT policy is a set of rules that filters email messages.
d. 3.
True or False? All BlackBerry smartphone users are resolved to the default IT policy when they are first added to the BlackBerry Enterprise Server.
4.
Which of the following statements is correct? (Select only one) a. An IT policy can only be applied to BlackBerry smartphones when they are connected to a computer that can access the BlackBerry Administration Service. Wireless IT policies are applied as soon as they are received on the BlackBerry smartphone. Administrators can change a BlackBerry smartphone PIN using an IT policy. An IT policy is disabled by default.
b. c. d.
716-02046-123 v1.0
247
e.
An IT policy is not required for BlackBerry smartphone users that are added to the BlackBerry Enterprise Server.
5.
For each preconfigured IT policy listed in the table below, match the description to the IT policy name.
Default Basic Password Security Medium Password Security Medium Security with No 3rd Party Applications Advanced Security a.
Description
This IT policy requires a complex password that a BlackBerry smartphone user must change frequently, a security timeout that locks the BlackBerry smartphone after a period of inactivity, and a maximum password history. This IT policy prevents BlackBerry smartphone users from making BlackBerry smartphones discoverable by other Bluetooth enabled devices and turns off the ability to download third-party applications. This IT policy requires that BlackBerry smartphone users set a basic password on their BlackBerry smartphones. BlackBerry smartphone users must change their passwords regularly. This IT policy includes a security timeout that locks the BlackBerry smartphone after a period of inactivity. This IT policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server. This IT policy requires a complex password that a BlackBerry smartphone user must change frequently, a security timeout that locks the BlackBerry smartphone after a period of inactivity, and a maximum password history. This IT policy restricts Bluetooth technology on the BlackBerry smartphone, turns on strong content protection, turns off USB mass storage, and requires the BlackBerry smartphone to encrypt external file systems. This policy requires that BlackBerry smartphone users set a complex password on their BlackBerry smartphones. BlackBerry smartphone users must
b.
c. d.
e.
248
716-02046-123 v1.0
change their passwords at regular intervals. This IT policy includes a maximum password history and turns off Bluetooth technology on the BlackBerry smartphone. 6. Why would an administrator choose to copy an IT policy rather than create a new one?
7. 8.
IT policies can be assigned to both _______________ and ____________. Which BlackBerry Enterprise Server component monitors the BlackBerry Enterprise Server for changes to IT policies?
9.
True or False? IT policies assigned to user accounts take precedence over IT policies assigned to groups that user account may belong to.
10.
In the BlackBerry Administration Service, where can an administrator check to see if the BlackBerry Policy Service is running?
11.
How can an administrator determine the ranking of an IT policy?
716-02046-123 v1.0
249
Answers
1.
Select Policy
Allow Phone Local Country Code Allow outgoing calls when locked Put Auto Signature Show Application Loader 2. 3. 4. 5. The correct answer is c. True. The correct answer is b.
Suggested Status
Default Basic Password Security Medium Password Security Medium Security with No 3rd Party Applications Advanced Security 6. 7. 8. 9. 10. 11.
Description
c b e a d
It is quicker to modify a similar IT policy than create a brand new one. IT policies can be assigned to both user accounts and groups. BlackBerry Administration Service True. Click a BlackBerry Policy Service instance and check the Status field. Click Manage IT policies and click Set Priority of IT policies.
250
716-02046-123 v1.0
Managing software in the BlackBerry Administration Service

Objectives
Explain the purpose of software configurations Summarize the process of creating and assigning a software configuration Explain how to share a network folder in the BlackBerry Administration Service Describe how to add applications to the application repository Explain the purpose of application control policies Describe the types of application control policies Describe how administrators create software configurations in the BlackBerry Administration Service Describe how administrators assign software configurations to groups, multiple user accounts, and individual user account Describe how the BlackBerry Administration Service resolves conflicting software configurations for a user account
716-02046-123 v1.0
About software configurations

Administrators can use software configurations to perform the following actions on BlackBerry smartphones: Install or remove BlackBerry Java Application over the wireless network or using BlackBerry Web Desktop Manager Assign access control policies over the wireless network to BlackBerry Java Application to control application permissions and the data that the applications can access Specify a BlackBerry Java Application over the wireless network as not permitted Specify, over the wireless network, whether BlackBerry Java Applications that an administrator does not include in the software configuration are allowed or not permitted Configure the access permissions over the wireless network for BlackBerry Java Applications that an administrator does not include in the software configuration Install or upgrade BlackBerry Device Software over the wireless network or using BlackBerry Web Desktop Manager Specify BlackBerry Device Software settings over the wireless network
252
716-02046-123 v1.0
The following diagram outlines the process of creating and deploying a software configuration:
Creating and deploying a software configuration
Create and share a network folder
Publish the applications to the application repository
Create a software configuration
Assign the software configuration to a user account or group
716-02046-123 v1.0
253
Creating and sharing a network folder

To provide access to applications, administrators must first create a shared network folder on the network that hosts the BlackBerry Enterprise Server and is accessible by every BlackBerry Policy Service instance and BlackBerry Administration Service instance. The Windows account (typically BESAdmin) used for the BlackBerry Administration Service must have write permissions for the shared network folder. The Windows account used for the BlackBerry Policy Service must have read permissions for the shared network folder. The Windows account used by the user that is logged into BlackBerry Administration Service or BlackBerry Web Desktop Manager must have read permissions for the shared network folder. The shared network folder must not be the same network share location that is used for BlackBerry Device Software, and it must not be located in <drive>:\Program Files\Common Files\Research In Motion.
Caution
For more information on creating a shared network folder, see the BlackBerry Enterprise Server Administration Guide and BlackBerry Device Software Update Guide.
Specifying the location of the shared network folder in the BlackBerry Administration Service
Administrators must specify a shared network folder for BlackBerry Java Applications using the BlackBerry Administration Service before adding any BlackBerry Java Applications to the application repository. The application repository stores and manages all versions of the BlackBerry Java Applications that administrators can install or remove from BlackBerry smartphones.
Did you know

The BlackBerry Administration Service must access the shared network folder to install BlackBerry Java Applications on BlackBerry smartphones.
254
716-02046-123 v1.0
To specify the location of the shared network folder in the BlackBerry Administration Service, administrators must click on the BlackBerry Administration Service component in the Servers and components menu.
Administrators must specify the location of the shared network folder in the following location:
716-02046-123 v1.0
255
Publishing applications to the application repository

To permit or deny an application on a BlackBerry smartphone, administrators must first publish the application. To add applications to the application repository, administrators must click Add or update applications from the BlackBerry solution management menu.
Next, administrators must locate the applications to add to the application repository.
The administrator can now publish the application by clicking Publish application.
256
716-02046-123 v1.0
Creating software configurations

After the shared network folder has been created and applications have been published to the application repository, administrators can create software configurations. However, before describing how to create a software configuration, it is important to understand the purpose of application control policies and how they work with software configurations.
About application control policies

Application control policies control the applications that BlackBerry smartphone users can or cannot install and run on their BlackBerry smartphones. There are two types of application control policies: Application control policies that are applied to BlackBerry Java Applications when they are added to a software configuration: When an administrator adds a BlackBerry Java Application to a software configuration to install the application on BlackBerry smartphones, the administrator must specify an application control policy to apply to the BlackBerry Java Application. The BlackBerry Administration Service includes the following three standard, preconfigured application control policies: Standard Required: The application must be installed and run on the assigned BlackBerry smartphones. Standard Optional: The application is optional on the assigned BlackBerry smartphones. Standard Disallowed: The application is not permitted on the assigned BlackBerry smartphones.
Application control policies for unlisted applications: These application control policies control whether the software configuration allows BlackBerry smartphone users to install and use applications that are not included in the software configuration (unlisted applications). The BlackBerry Administration Service includes the following two standard, preconfigured application control policies for unlisted applications: Standard Unlisted Optional: Unlisted applications can be installed on assigned BlackBerry smartphones. Standard Unlisted Disallowed: Unlisted applications cannot be installed on assigned BlackBerry smartphones.
716-02046-123 v1.0
257
If the preconfigured application control policies do not suit an organizations requirements, administrators can change the preconfigured application control policies or create a custom application control policy. For more information about how to configure settings for application control policy rules, see the BlackBerry Enterprise Server Policy Reference Guide and the BlackBerry Enterprise Server Administration Guide.
Ranking of application control policies for unisted applications

Like IT policies, administrators can rank application control policies in order of importance. Using this ranking, the BlackBerry Policy Service can determine which application control policies to resolve to user accounts when multiple software configurations are assigned to user accounts. To rank application control policies for unlisted applications, administrators must click Manage application control policies for unlisted applications from the BlackBerry solution management menu.
The administrator can now click Set priority of application control policies for unlisted applications to set the ranking.
258
716-02046-123 v1.0
For more information about how to configure settings for application control policy rules, see the BlackBerry Enterprise Server Policy Reference Guide and the BlackBerry Enterprise Server Administration Guide.
Creating a software configuration

Administrators can create a software configuration in the following location:
Administrators can define the following information for the software configuration:
After the software configuration has been saved, the administrator can begin adding applications to the software configuration. To begin
716-02046-123 v1.0
259
adding applications, the administrator must click on the name of the software configuration.
On the Applications tab, administrators must click Add applications to software configurations and then search for the application to add to the software configuration.
After selecting the application to add, the administrator can define the following options:
After configuring the necessary options, the administrator can add the application to the software configuration by clicking Add to software configuration. The administrator can then repeat the process until all of
260
716-02046-123 v1.0
the necessary applications have been added to the software configuration.
716-02046-123 v1.0
261
Assigning software configurations

Administrators can assign software configurations to groups, multiple user accounts, or a single user account. Assigning software configurations to groups is the most efficient choice.
Assigning a software configuration to a group
After selecting a group and clicking Edit group, the administrator can assign a software configuration on the Software configuration tab.
262
716-02046-123 v1.0
Assigning a software configuration to multiple user accounts or a single user account
Click a single user account to assign a software configuration to a single user account. Click Manage multiple user to assign a software configuration to multiple user accounts.
716-02046-123 v1.0
263
If the administrator is assigning the software configuration to multiple user accounts, the administrator must click Add software configuration from the Add to user configuration menu group.
The software configuration can now be assigned in the same way as it was assigned to a group.
264
716-02046-123 v1.0
Lab: Creating software configurations

Sheena Raj is receiving a new BlackBerry smartphone. Plazmic Inc. has requested that you create and assign a software configuration to Sheenas BlackBerry smartphone. If you require help, procedures for completing this task are available in the BlackBerry Enterprise Server Administration Guide.
Tasks:
1. In the BlackBerry Administration Service, add the \\localhost\Applications folder to the BlackBerry Administration Service application shared network drive field. Using the application provided by your instructor and add the application to the application repository. Create a new software configuration called Executive Group Required Config with the following criteria: 4. Unlisted applications are not permitted The standard unlisted disallowed application control policy is assigned
2. 3.
Add the application to the software configuration using the following settings: Disposition: Required Deployment: Wireless Application control policy: Standard Required wireless delivery
716-02046-123 v1.0
265
Reconciliation rules for software configurations

It is possible to assign multiple software configurations to user accounts or groups, but multiple software configurations might contain conflicting settings. For example, the BlackBerry Administration Service may have to resolve conflicting software configuration settings when an administrator performs any of the following actions: Activates a user account Assigns a different BlackBerry smartphone to a BlackBerry smartphone user Adds a user account to or remove a user account from a group Adds a group to or remove a group from another group Adds an application to or remove an application from a software configuration Changes the settings for an application in a software configuration Changes the settings for an application control policy
The following example illustrates one way a conflict can occur:

The same BlackBerry Java Application is not permitted in this software configuration that is assigned to the Executives group. John is a member of the Executives group.
A BlackBerry Java Application is required in this software configuration that is assigned to John.
Software configuration 1
John Graham
Executives group
266
716-02046-123 v1.0
There are specific reconciliation rules that determine what applies to a user account.
Reconciliation rules for BlackBerry Java Applications

The version of a BlackBerry Java Application that is in a software configuration that is assigned directly to a user account takes precedence over the version of a BlackBerry Java Application that is in a software configuration that is assigned to a group. If the BlackBerry smartphone user's BlackBerry Device Software does not support a specific BlackBerry Java Application, that application will not be reconciled to the BlackBerry smartphone. The latest version of the BlackBerry Java Application that is supported by the BlackBerry Device Software will not be reconciled to the BlackBerry smartphone. The BlackBerry Administration Service checks the amount of available memory on the BlackBerry smartphone after resolving application conflicts (for example, resolving conflicting disposition and deployment settings) and before installing a BlackBerry Java Application. If there is not enough memory available on the BlackBerry smartphone to support the application, the application is not reconciled. Depending on the amount of available memory, applications are reconciled in the following order: 1. 2. 3. 4. Required applications that are configured for wireless installation Required applications that are configured for wired installation Optional applications that are configured for wireless installation Optional applications that are configured for wired installation
If a BlackBerry Java Application in a software configuration is dependent on another application, and the other application is not included in a software configuration that is assigned to the user account or a group that the user account belongs to, the application is not reconciled to the BlackBerry smartphone. If a BlackBerry Java Application in a software configuration is dependent on another application, and the dependent application is included in a software configuration that is assigned to the user account or a group that the user account
716-02046-123 v1.0
267
belongs to, the dependent application is reconciled first. If the dependent application is reconciled successfully, the application with the dependency is then reconciled. If a software configuration is assigned to a user account and it contains a BlackBerry Java Application that is dependent on another BlackBerry Java Application and the dependent application is not supported on the BlackBerry smartphone, the application is not reconciled to the BlackBerry smartphone. If multiple BlackBerry Java Applications are included in the same software configuration and have a circular dependency (for example, application A is dependent on application B, application B is dependent on application C, and application C is dependent on application A), the applications are not reconciled to the BlackBerry smartphone. If multiple BlackBerry Java Applications have a circular dependency, they can only be reconciled if they exist in separate software configurations and are installed using wired installation.
Reconciliation rules for application control policies for unlisted applications

The application control policy for unlisted applications in a software configuration that is assigned to a user account takes precedence over the application control policy for unlisted applications in a software configuration that is assigned to a group. The disallowed setting takes precedence over the optional setting. If the disposition is optional, the application control policy for unlisted applications that has the highest priority in the BlackBerry Administration Service is reconciled to the BlackBerry smartphone. An application control policy for an application in a software configuration that is assigned to a user account takes precedence over an application control policy for the same application in a software configuration that is assigned to a group. The required setting takes precedence over the optional setting. The optional setting takes precedence over the disallowed setting. If an application is in more than one software configuration, and each software configuration is assigned a different
Reconciliation rules for application control policies
268
716-02046-123 v1.0
custom application control policy with the same disposition (for example, two custom required application control policies), the application control policy that has the highest priority in the BlackBerry Administration Service is applied to the user's BlackBerry smartphone.
716-02046-123 v1.0
269
Exercise: Determine which software configuration is assigned to the user account

Using the reconciliation rules in the previous section as a reference, determine which software configuration is assigned to the user account. 1. Which software configuration will be assigned to Marc Gervais user account?
A BlackBerry Java Application is required in this software configuration that is assigned to John.
The same BlackBerry Java Application is not permitted in this software configuration that is assigned to the Executives group. John is a member of the Executives group.
Marc Gervais
Executives group
270
716-02046-123 v1.0
2.
Which software configuration will be assigned to Matthew Taylors user account?
Application control policy ranked priority 3



Software configuration A for unlisted applications
Software configuration B for unlisted applications
Software configuration C for unlisted applications
Group 1
Matthew is a member of Group 3
Matthew Taylor
716-02046-123 v1.0
271
Updating BlackBerry Device Software using the BlackBerry Administration Service

Administrators can update BlackBerry Device Software on a central computer that can access the BlackBerry Administration Service. The administrator must perform the following steps to update BlackBerry Device Software using the BlackBerry Administration Service: 1. If using a wired deployment, install the BlackBerry Device Software on a computer and create a shared network folder on the computer where the BlackBerry Device Software is installed. This allows BlackBerry smartphone users and the BlackBerry Administration Service to access the BlackBerry Device Software. Configure the BlackBerry Administration Service to display BlackBerry Device Software settings. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > BlackBerry Administration Service. Click BlackBerry Administration Service and change the BlackBerry Device Software deployment managed by BlackBerry Administration Service setting to Yes.
2.
3.
Add the location of the shared network folder in the BlackBerry Administration Service so that the BlackBerry
272
716-02046-123 v1.0
Administration Service can find the BlackBerry Device Software that the administrator installed. 4. Configure the BlackBerry Administration Service to find the BlackBerry Device Software. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software > BlackBerry Device Software. Click Manage shared network drives.
Click a shared network folder and click Execute shared network drive scan. 5. Create a BlackBerry Device Software configuration so that administrators can create a software configuration that includes the BlackBerry Device Software and distribute the BlackBerry Device Software to BlackBerry smartphones. Add a BlackBerry Device Software bundle to the BlackBerry Device Software configuration.
6.
716-02046-123 v1.0
273
7.
Create a software configuration for the BlackBerry Device Software in order to distribute the BlackBerry Device Software to BlackBerry smartphone users.
8. 9.
Attach the BlackBerry Device Software configuration to the software configuration. Assign the software configuration to a group or user account.
For detailed information about how to update BlackBerry Device Software, see the BlackBerry Device Software Update Guide.
Reconciliation rules for BlackBerry Device Software bundles

1. User-level assigned BlackBerry Device Software bundle: The standard application settings in a software configuration that is assigned to a user account take precedence over the standard application settings in a software configuration that is assigned to a group. Group-level assigned BlackBerry Device Software bundle: When a user account does not have an assigned BlackBerry Device Software bundle but belongs to a group with an assigned BlackBerry Device Software bundle, the user account is reconciled to the highest priority BlackBerry Device Software bundle that is assigned to the group. If there
2.
274
716-02046-123 v1.0
are conflicting settings assigned at the group-level, the highest priority BlackBerry Device Software bundle that is supported by the BlackBerry smartphone and the BlackBerry smartphones wireless service provider takes precedence.
Reconciliation rules for standard application settings

1. User-level assigned rules for standard application settings take precedence over group-level assigned rules for standard application settings. The following rules apply when there are conflicting settings for standard application settings: 2.
Setting
Initial View setting for the Calendar application
Rule
The Initial View setting for the Calendar application that is applied to the BlackBerry smartphone is the lowest value that was specified in the multiple software configurations. Values are ordered from day (lowest), week month agenda (highest)
Keep Appointments setting for the Calendar application Confirm Delete setting for the Messages application Hide Sent Messages setting for the Messages application Save Copy in Sent Folder setting in the Messages application
The Keep Appointments setting for the Calendar application that is reconciled to the BlackBerry smartphone is the maximum number of days specified in the multiple software configurations. The Confirm Delete setting of Yes takes precedence over No.
The Hide Sent Messages setting of No takes precedence over Yes.
The Save Copy in Sent Folder setting of Yes takes precedence over No.
716-02046-123 v1.0
275
Setting
Sort By setting in the Address Book application
Rule
The Sort By setting of First Name takes precedence over the Last Name setting, and the Last Name setting takes precedence over the Company Name setting. The Locked and visible setting takes precedence over the Unlocked and visible setting. The Unlocked and visible setting takes precedence over the Unlocked and hidden setting.
The attributes settings for the various standard application settings are configured differently in the software configurations that are assigned to the groups.
276
716-02046-123 v1.0
Review questions
1. Which of the following actions can a software configuration perform? Choose two. a. Prevent BlackBerry smartphone users from activating their BlackBerry smartphones over the wireless network Prevent BlackBerry smartphones users from installing BlackBerry Java Applications Specify standard application settings Prevent BlackBerry smartphone users from using Bluetooth technology
b. c. d. 2.
Fill in the missing steps for the process of creating and deploying a software configuration.
3.
To specify the location of the shared network folder in the BlackBerry Administration Service, administrators must click on an instance of the ______________________________________. Where does an administrator add applications to the application repository in the BlackBerry Administration Service?
4.
716-02046-123 v1.0
277
5.
Which of the following statements are true about application control policies? Choose three. a. They control the applications that BlackBerry smartphone users can install and run on their BlackBerry smartphones Administrators can create custom application control policies It is optional whether an administrator assigns an application control policy to a software configuration Application control policies for unlisted applications control whether the software configuration allows BlackBerry smartphone users to install and use applications that are not included in the software configuration
b. c. d.
6.
Administrator can assign software configurations to which of the following? a. b. c. d. User accounts Multiple user accounts BlackBerry Domain Groups
7.
True or False? If a BlackBerry Java Application in a software configuration is dependent on another application, and the other application is not included in a software configuration that is assigned to a user account, the application is not installed on that BlackBerry smartphone. Software configuration 1 that defines unlisted applications as disallowed is assigned to a user account. Software configuration 2 that defines unlisted applications as optional is also assigned to the user account. Which software configuration will be assigned to the user account?
8.
278
716-02046-123 v1.0
Answers
Exercise: Determine which software configuration is assigned to the user account
1. Software configuration 1. The standard application settings in a software configuration that is assigned to a user account take precedence over the standard application settings in a software configuration that is assigned to a group. Software configuration B. The application control policy for unlisted applications that has the highest priority in the BlackBerry Administration Service is applied to Clydes user account.
2.
Review questions
1. 2. b and c
Create and share a network folder
Publish the applications to the application repository
Create a software configuration
Assign the software configuration to a user account or group
3.
To specify the location of the shared network folder in the BlackBerry Administration Service, administrators must click on an instance of the BlackBerry Administration Service. BlackBerry solution management > Software > Applications > Add or update applications
4.
716-02046-123 v1.0
279
5. 6. 7. 8.
a, b, and d a, b, and d True Software configuration 1
280
716-02046-123 v1.0
Administering the BlackBerry Attachment Service

Objectives
Describe the role of the BlackBerry Attachment Service Explain the roles of the BlackBerry Attachment Connector and the BlackBerry Attachment Server Describe the BlackBerry Attachment Connector settings Describe the BlackBerry Attachment Server settings
716-02046-123 v1.0
Configuring the BlackBerry Attachment Service

The BlackBerry Messaging Agent uses the BlackBerry Attachment Connector to send the attachment data to the BlackBerry Attachment Server. The BlackBerry Attachment Server then processes the request and returns the attachment data back to the BlackBerry Attachment Connector. The BlackBerry Enterprise Server then requests the attachment data from the BlackBerry Attachment Connector and sends the attachment data to the BlackBerry smartphone for viewing. Administrators can create a BlackBerry Attachment Service pool by associating multiple BlackBerry Attachment Service instances with a single BlackBerry Attachment Connector. Administrators can access the BlackBerry Attachment Service from the following location in the BlackBerry Administration Service:
282
716-02046-123 v1.0
Changing BlackBerry Attachment Server settings
716-02046-123 v1.0
283
Diagram Setting number

1 Submit port
Description
The TCP/IP port number that the BlackBerry Attachment Service uses to listen for and receive attachment conversion requests in a predefined XML/binary protocol. Default: 1900
Document cache size
The maximum number of converted documents that can be located in the document cache for a single conversion process. Default: 32
Maximum conversion threads
The number of documents that the BlackBerry Attachment Service can convert simultaneously in a single conversion process. Administrators can use this setting with the Server busy time setting to control thread saturation and manage the BlackBerry Attachment Service workload. Default: 4
Server busy time
The threshold at which the BlackBerry Attachment Service does not accept new conversion requests. Default: 120 seconds
Allow remote services
Permits or prevents remote TCP/IP connections to the BlackBerry Attachment Service. Default: Yes
Configuration port
The TCP/IP port number that can be used with an XML protocol to configure or obtain configuration information for the BlackBerry Attachment Service, including version information, the number of conversion processes, and the number of cached documents. Default: 1999
284
716-02046-123 v1.0
Diagram Setting number

7 Result port
Description
The TCP/IP port number that the BlackBerry Attachment Service returns attachment conversion results to in a predefined XML/ binary protocol. Default: 2000
Maximum number of processes
The number of conversion requests that the BlackBerry Attachment Service can process simultaneously. When specifying this value, consider the amount of available memory and the competing services on the computer that hosts the BlackBerry Attachment Service. Default: 4
Process recycle time
The length of time that an attachment conversion process can reuse system resources to reclaim space and prevent failed processes from occupying memory resources. Default: 25 minutes
10
Maximum archive (ZIP) level
The number of levels of zipped files to process. Default: 1
11 12 13
Attachment size Additional data Allowed
The maximum allowable size, in KB, for each file type. Any file type specific information. Allow or prevent BlackBerry smartphone users from viewing specific file formats. Default: Yes
716-02046-123 v1.0
285
Changing BlackBerry Attachment Connector settings

Administrators can change how a BlackBerry Attachment Connector restores a lost connection to the BlackBerry Attachment Service. Administrators can change BlackBerry Attachment Connector settings in the following location:
286
716-02046-123 v1.0
Administrators can change the following settings on the Instance information tab:
Administrators can add support for additional attachment file types on the Supported Attachment Server instances tab.
716-02046-123 v1.0
287
Lab: Configuring the BlackBerry Attachment Service

Plazmic Inc. has asked you to make the following changes to BlackBerry Attachment Service configuration.
Tasks
1. Change the maximum number of times that the BlackBerry Attachment Connector attempts to retry an unsuccessful attachment delivery attempt to 5. Change the number of conversion requests that the BlackBerry Attachment Service can process simultaneously to 2. Turn off support for MP3, AMR, and audio attachments. Set the following maximum file sizes for attachments: File Format HTML Images RTF ZIP archives Maximum size 100 KB 1500 KB 1000 KB 1500 KB
2.
3. 4.
288
716-02046-123 v1.0
Review questions
1. Describe the role of the following components of the BlackBerry Attachment Service: BlackBerry Attachment Connector
BlackBerry Attachment Server
2.
How would you restrict BlackBerry smartphone users from receiving MP3 attachments on their BlackBerry smartphones?
716-02046-123 v1.0
289
Answers
1. BlackBerry Attachment Connector: Sends and returns attachment data between the BlackBerry Enterprise Server and the BlackBerry Attachment Server. BlackBerry Attachment Server: Processes the attachment data 2. Select a BlackBerry Attachment Server instance. On the Instance information tab, change the value of the Allowed field beside MP3 Attachment to No.
290
716-02046-123 v1.0
Administering the BlackBerry MDS Connection Service

Objectives
Describe the role of the BlackBerry MDS Connection Service Describe how to create and assign pull rules Describe how to create and assign push rules Describe the options for configuring a BlackBerry MDS Connection Service instance Describe the options for configuring the BlackBerry MDS Connection Service component
716-02046-123 v1.0
Introducing the BlackBerry MDS Connection Service

The BlackBerry MDS Connection Service is responsible for Internet and intranet browsing, pushing content to BlackBerry smartphones, and browser push channels. It acts as an intelligent gateway facilitating data flow between BlackBerry smartphone applications, online organization data and applications, and Internet sites. The following table outlines the three common request types:
Source
Browser
Push or Pull
Pull
Example
Web content request Intranet content Requests for data from databases Database updates, such as inventory changes pushed to BlackBerry smartphones Custom browser pages pushed to BlackBerry smartphones
Custom application Custom developer
Pull Push
292
716-02046-123 v1.0
Restricting BlackBerry smartphone user access to web content

The BlackBerry MDS Connection Service assigns rules to the BlackBerry smartphones and push initiators to control activity through the BlackBerry MDS Connection Service.
Restricting BlackBerry smartphone user access to content on web servers with pull rules
Creating and assigning a pull rule
Specify web address patterns
Create a pull rule
Assign the pull rule to user accounts
716-02046-123 v1.0
293
1. Specify web address patterns

When creating a pull rule, an administrator must first specify web address patterns for each web server that an administrator wants to allow BlackBerry smartphones to access.
294
716-02046-123 v1.0
2. Create a pull rule

After specifying web address patterns, administrators can create a pull rules that allows access to the web servers that match the web address patterns.
Type a name for the pull rule. Type a description for the pull rule. Select Pull.
Select the web address pattern group of to assign to the pull rule.
Select the web address pattern to assign to the pull rule.
p 5P QSFWFOU #MBDL#FSSZ TNBSUQIPOF VTFST GSPN BDDFTTJOH XFC TFSWFST UIBU NBUDI UIF TQFDJGJFE XFC BEESFTT QBUUFSO TFMFDU Deny. p 5P BMMPX #MBDL#FSSZ TNBSUQIPOF VTFST UP BDDFTT XFC TFSWFST UIBU NBUDI UIF TQFDJGJFE XFC BEESFTT QBUUFSO TFMFDU Allow.
3. Assign the pull rule to user accounts

Administrators can assign pull rules to a single user account or multiple user accounts.
716-02046-123 v1.0
295
Select the user accounts to assign the pull rule to and click Add pull rule.
296
716-02046-123 v1.0
Administrators can also assign a pull rule to a single user account.
716-02046-123 v1.0
297
Click Add.
Select the pull rule to assign to the selected user account.
298
716-02046-123 v1.0
Restricting push applications from sending data to BlackBerry smartphones with push rules
Creating and assigning a push rule
Turn on push authentication and push authorization
Create a push initiators for push applications
Create a push rule and assign push initiators
Assign push rules to user accounts
716-02046-123 v1.0
299
1. Turn on push authentication and push authorization
300
716-02046-123 v1.0
2. Create push initiators for push applications

Push initiators specify which server-side push applications are authenticated and allowed to send push requests to applications on BlackBerry smartphones.
Type the name of the server-side application to allow to send push requests to BlackBerry smartphones.
Type a description.
Type a password for the server-side push application.
716-02046-123 v1.0
301
3. Create a push rule and assign push initiators

Type a name for the push rule. Type a description for the push rule. Select Push.
Click Add. Select the push initiator to assign to the push rule.
302
716-02046-123 v1.0
4. Assign push rules to user accounts
Select the user accounts to assign the push rule to and click Add push rule.
716-02046-123 v1.0
303
Select the push rule to assign to the selected user accounts.
Click Add.
Administrators can also assign a push rule to a single user account.
304
716-02046-123 v1.0
Select the push rule to assign to the selected user account.
Click Add.
716-02046-123 v1.0
305
Lab: Creating pull and push rules

Plazmic Inc. has decided to implement push and pull rules. As a result, the organization has asked you to set up the following rules:
Tasks
1. Allow access to the following web sites on BlackBerry smartphones: 2. 3. www.plazmic.com www.blackberry.com
Create a pull rule called Permitted web sites. Assign the pull rule created in task 2 to the following user accounts: Nicole Lavigne Ian Dundas Justin Jones Sheena Raj
4. 5. 6. 7.
Turn on push authentication and push authorization. Create a push initiator called Plazmic inventory and create a password. Create a push rule called Plazmic inventory application rule and add the Plazmic inventory push initiator. Assign the push rule created in task 6 to the following user accounts: James Lambier Elliot Fung Leticia Lopez Tovar Greg Stark
306
716-02046-123 v1.0
Configuring a BlackBerry MDS Connection Service instance

To configure a BlackBerry MDS Connection Service instance, administrators select a BlackBerry MDS Connection Service instance from the Servers and components menu.
Select the BlackBerry MDS Connection Service instance to manage.
716-02046-123 v1.0
307
Number in Setting diagram

1 Instance information
Description
Displays BlackBerry MDS Connection Service instance information. Administrators can add a friendly name and description. Configures the currently selected BlackBerry MDS Connection Service push server status. Controls access to web servers using pull rules. When pull authorization is turned on, BlackBerry smartphone users cannot access web content on their BlackBerry smartphones until an administrator allows access to certain web servers using pull rules. Turns on SSL or TLS to encrypt the push requests that server-side push applications send to BlackBerry smartphones. Controls whether content from server-side push applications can be sent to BlackBerry smartphones. When push authorization is turned on, content from server-side push applications cannot be sent to BlackBerry smartphones until an administrator allows specific server-side applications by setting push initiators.
Is centralized push server
Pull authorization
Push encryption
Push authentication
308
716-02046-123 v1.0

6 Push authorization
Description
Controls whether push requests can be received by BlackBerry smartphones. If an administrator has turned on push authentication and created push initiators to specify which push applications are permitted to send push requests, the administrator can create push rules to specify which BlackBerry smartphone users are allowed to receive authenticated push requests. The BlackBerry MDS Connection Service can only apply push rules if an administrator has turned on push authorization for the BlackBerry MDS Connection Service. Stores push requests in the BlackBerry Configuration Database. Configures the maximum number of push connections that a BlackBerry MDS Connection Service instance can queue. The BlackBerry MDS Connection Service sends a "service unavailable" message to BlackBerry smartphones for pending push connections that exceed this limit.
Store push submissions
Maximum number of queued connections
716-02046-123 v1.0
309

9 Maximum number of active connections
Description
Configures the maximum number of push connections that a BlackBerry MDS Connection Service instance can process at the same time. The BlackBerry MDS Connection Service queues the push connections that exceed this limit. Specifies the port numbers that BlackBerry Java Applications listen on for application-reliable push requests. Application developers can create BlackBerry Java Applications to manage application-reliable push requests. When a BlackBerry Java Application receives an application-reliable push request, it sends a delivery confirmation message to the BlackBerry MDS Connection Service, which sends the message to the server-side push application. Administrators must specify the port numbers that the BlackBerry Java Applications listen on for application-reliable push requests.
10
Device ports enabled for reliable pushes
310
716-02046-123 v1.0
Number in diagram 1
Setting
Description
Web server listen port
Specifies the port number that the web server listens on for HTTP requests and HTTPS requests from server-side push applications. Administrators should change the default port parameters only if a port conflict exists with another service on the same computer. Specifies the port number that the web server listens on for SSL requests and SSL requests from server-side push applications. Administrators should change the default port parameters only if a port conflict exists with another service on the same computer. Specifies the maximum amount of data that a BlackBerry MDS Connection Service instance can send to BlackBerry smartphones.
Web server SSL listen
Maximum data amount permitted per connection (KB)
716-02046-123 v1.0
311
Number in diagram 4
Setting
Description
Flow control timeout (milliseconds)
Specifies how long a BlackBerry MDS Connection Service instance waits for acknowledgment from a BlackBerry smartphone before it deletes pending content for that BlackBerry smartphone. Specifies the maximum number of threads that a BlackBerry MDS Connection Service instance can process simultaneously. Permits or prevents BlackBerry Java Applications to use persistent socket connections with a BlackBerry MDS Connection Service instance. Specifies the maximum number of persistent socket connections that can be open simultaneously between BlackBerry smartphones and a BlackBerry MDS Connection Service instance. Specifies how often a BlackBerry MDS Connection Service instance polls the BlackBerry Configuration Database for changes to the BlackBerry MDS Connection Service and BlackBerry Collaboration Service administrative settings. The default interval is 5 minutes.
Thread pool size
Use persistent sockets
Maximum simultaneous persistent sockets
Database admin configuration cycle timer (minutes)
312
716-02046-123 v1.0
Number in diagram 1
Setting
Description
Universal resource locator
Specifies the regular expression for the web address that the proxy mapping rule controls. Describes the regular expression for the web addresses added in the Universal resource locator field. The user name that the BlackBerry MDS Connectin Service can use to connect to the proxy server that is defined for the web address. Specifies the password associated with the user name. Specifies the confirmation of the password. To configure a proxy server, click PROXY. In the Proxy String field, type the proxy server name and port number using the following format: http:// <proxyserver>:<port>. To exclude the web address from routing through the proxy server, click DIRECT.
Description
User name
4 5 6
Password Confirm password Proxy type
716-02046-123 v1.0
313
A BlackBerry MDS Connection Service configuration set is a collection of service configurations that the BlackBerry MDS Connection Service instances in an organization can use to communicate with a remote file system, LDAP server, CRL server, or OCSP server. Administrators must add the communication information to a configuration set so that a BlackBerry MDS Connection Service instance can start using the communication information after assigning the configuration set to the instance.
For more information on remote file systems and BlackBerry MDS Connection Service configuration sets, see the BlackBerry Enterprise Server Administration Guide.
On the Supported Dispatcher instances tab, administrators can assign a BlackBerry MDS Connection Service instance to multiple BlackBerry Enterprise Server instances in the BlackBerry Domain. Administrators must designate at least one BlackBerry MDS Connection Service instance in a BlackBerry Domain to be the central push server. Central push servers receive content push requests from server-side applications that are located on an application server or on a web server. Central push servers also manage push requests and send application data and application updates to BlackBerry smartphone applications.
Note
314
716-02046-123 v1.0
Other BlackBerry MDS Connection Service options

The following table describes other options that can be configured for the BlackBerry MDS Connection Service component. For more detail on any of the options listed below, see the BlackBerry Enterprise Server Administration Guide,
Tab name
LDAP
Description
Define the LDAP server settings and handle query requests Use the LDAP option to configure LDAP parameters, if LDAP queries are to be created from the BlackBerry smartphone Define how the BlackBerry MDS Connection Service handles authentication, cookie storage, timeouts, and redirections Configure security settings for BlackBerry MDS Connection Service connections Contains settings that define whether the BlackBerry MDS Connection Service should encrypt requests that are sent to untrusted servers using HTTPS Configure certificate handling and define how to handle OCSP responders Configure the BlackBerry MDS Connection Service to authenticate to CRL servers on behalf of BlackBerry smartphones and retrieve the status of certificates for web servers Configure security settings for BlackBerry MDS Connection Service connections Contains settings that define whether the BlackBerry MDS Connection Service should encrypt requests that are sent to untrusted servers using TLS
HTTP
HTTPS
OCSP CRL
TLS
716-02046-123 v1.0
315
Tab name
File
Description
Configure the BlackBerry MDS Connection Service to communicate with a remote file system Defines the web address for the remote file system and the type of access (for example, Windows) that the domain supports Note: Windows SMB (Server Message Block or SAMBA) can be implemented in multiple operating systems and not just in Windows.
RSA DSML
Configure two-factor authentication (RSA SecurID) Configure the BlackBerry MDS Connection Service to use DSML to retrieve certificates
316
716-02046-123 v1.0
Review questions
1. The BlackBerry MDS Connection Service is responsible for which of the following tasks? Select all that apply. a. b. c. d. 2. Acts as a gateway for the BlackBerry Synchronization Service Pushes IT policies to BlackBerry smartphones Controls Internet and intranet browsing Pushes custom browser pages to BlackBerry smartphones
Describe the difference between a pull rule and a push rule.
3.
Complete the following flow charts that summarizes the process of creating a pull rule and a push rule.
716-02046-123 v1.0
317
4.
How does an administrator assign a BlackBerry MDS Connection Service instance to multiple BlackBerry Enterprise Server instances?
318
716-02046-123 v1.0
Answers
1. 2. c and d Pull rule: Restricts which server-side push applications can send data to BlackBerry smartphones Push rule: Restricts BlackBerry smartphone users access to content on web servers 3.
Creating and assigning a pull rule
Specify web address patterns
Create a pull rule
Assign the pull rule to user accounts
Turn on push authentication and push authorization
Create a push initiators for push applications
Create a push rule and assign push initiators
Assign push rules to user accounts
716-02046-123 v1.0
319
4.
Select a BlackBerry MDS Connection Service instance and add BlackBerry Enterprise Server instances on the Supported Dispatcher instances tab.
320
716-02046-123 v1.0
Configuring BlackBerry Enterprise Server log file properties

Objectives
List the relevant log files for troubleshooting issues with the BlackBerry Administration Service List the BlackBerry Enterprise Server component log files that administrators can manage in the BlackBerry Administration Service Describe how to manage BlackBerry Enterprise Server component log file properties Describe how to manage BlackBerry MDS Connection Service log file properties
716-02046-123 v1.0
Managing log files in the BlackBerry Administration Service

Administrators can manage the following BlackBerry Enterprise Server component log files from the Server and components menu in the BlackBerry Administration Service: Default log identifier CEXC MAGT EXTS ALRT ASCL ACNV ASRV CBCK SYNC CMNG POLC MDSS CTRL DISP BBAS-AS BBAS-NCC Component description Microsoft Exchange connector BlackBerry Messaging Agent Extension email component BlackBerry Enterprise Server Alert tool BlackBerry Attachment Connector BlackBerry Attachment Server BlackBerry Attachment Server BlackBerry Synchronization Service Backup Connector BlackBerry Synchronization Service BlackBerry Synchronization Service Management Connector BlackBerry Policy Service BlackBerry MDS Integration Service BlackBerry Controller BlackBerry Dispatcher BlackBerry Administration Service Application Server BlackBerry Administration Service Native Code Container
322
716-02046-123 v1.0
Managing BlackBerry Enterprise Server component log file properties

To manage BlackBerry Enterprise Server log files, the administrator must click on an instance of the Logging component:
To change values in log file fields, the administrator must click Edit instance.
716-02046-123 v1.0
323
Administrators can change the following information on the Instance information tab:
Administrators can change the following information on the Logging details tab:
324
716-02046-123 v1.0
716-02046-123 v1.0
325
Managing BlackBerry MDS Connection Service log file properties

To manage BlackBerry MDS Connection Service log files, the administrator must click on an instance of the BlackBerry MDS Connection Service:
Administrators can manage BlackBerry MDS Connection Service log files from the following location:
326
716-02046-123 v1.0
Diagram number
1 2
Field
Logging Log level
Description
Turns the specified logging option on or off Change the logging level to one of the following: Event: Writes events to the log files Error: Writes error messages to the log files Warning: Writes warning messages to the log files Informational: Writes informational activities to the log files Debug: Writes additional information to the log files for troubleshooting purposes
Log timer interval (milliseconds)
Sets the interval that the BlackBerry MDS Connection Service writes information to a log file. Default: 30000 Sets the host and port number that the BlackBerry MDS Connection Service connects to when it sends UDP log file messages Sets the host and port number that the BlackBerry MDS Connection Service connects to when it sends TCP log file messages
Location (Host name: Port number)
Location (Host name: Port number)
716-02046-123 v1.0
327
Review questions
1. For each of the log file identifers listed in the table below, provide a description of the identifier. Default log identifier MAGT Component description
ASCL
ACNV
SYNC
POLC
MDSS
328
716-02046-123 v1.0
Default log identifier CTRL
Component description
DISP
BBAS-AS
BBAS-NCC
2.
List the logging levels available for BlackBerry Enterprise Server components.
3.
Where in the BlackBerry Administration Service does an administrator manage BlackBerry MDS Connection Service log file properties?
716-02046-123 v1.0
329
Answers
1. Default log identifier MAGT ASCL ACNV SYNC POLC MDSS CTRL DISP BBAS-AS BBAS-NCC Component description BlackBerry Messaging Agent BlackBerry Attachment Connector BlackBerry Attachment Server BlackBerry Synchronization Service BlackBerry Policy Service BlackBerry MDS Integration Service BlackBerry Controller BlackBerry Dispatcher BlackBerry Administration Service Application Server BlackBerry Administration Service Native Code Container
2. 3.
Error, Warning, Information, Debug Expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service. Click an instance of the BlackBerry MDS Connection Service. On the Logging tab, click Edit instance.
330
716-02046-123 v1.0
Acronym list
Acronym list
A
AMR Adaptive Multi-Rate
E
EDGE Enhanced Data Rates for Global Evolution ETP Email Transfer Protocol EVDO Evolution Data Optimized
B
BCC blind carbon copy BlackBerry MDS BlackBerry Mobile Data System BTSC BlackBerry Technical Solution Center
G
GAL Global Access List GPRS General Packet Radio Service
C
CC carbon copy CRL certificate revocation list
H
HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol over Secure Sockets Layer
D
DIIOP Domino Internet Inter-ORB Protocol DNS Domain Name System
I
IT information technology
716-02046-123 v1.0
331
Acronym list
K
KB kilobytes
number
R
RTF Rich Text Format
L
LAN local area network LDAP Lightweight Directory Access Protocol
S
SIM Subscriber Identity Module SMS Short Message Service SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SSL Secure Sockets Layer
M
MAPI Messaging Application Programming Interface MDAC Microsoft Data Access Components MMS Multimedia Messaging Service
T
TCP Transmission Control Protocol TLS Transport Layer Security
O
OCSP Online Certificate Status Protocol ORB object request broker
U
UDP User Datagram Protocol USB Universal Serial Bus
P
PIN personal identification
332
716-02046-123 v1.0
Acronym list
V
VoIP Voice over Internet Protocol VPN virtual private network
W
WLAN wireless local area network
X
XML Extensible Markup Language
716-02046-123 v1.0
333
Acronym list
334
716-02046-123 v1.0

Blackberry Enterprise Server Software Version 5.0.1 Essential Student Manual

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Blackberry Enterprise Server Software Version 5.0.1 Essential Student Manual

Caricato da

Copyright:

Formati disponibili

BlackBerry Enterprise Server Software Version 5.0.

BlackBerry Enterprise Server Software Version 5.0.1 Essential

2009 Research In Motion Limited

BlackBerry Enterprise Server Software Version 5.0.1 Essential

2009 Research In Motion Limited

BlackBerry Enterprise Server Software Version 5.0.1 Essential

2009 Research In Motion Limited

BlackBerry Enterprise Server Software Version 5.0.1 Essential

2009 Research In Motion Limited

Introducing the BlackBerry Administration Service ................................ 37

Assigning a role to an administrator user account .............................71

Managing user accounts.................................................. 81

Activating BlackBerry smartphones .............................119

Review questions ................................................................................... 135 Answers....................................................................................................137

Troubleshooting issues with BlackBerry smartphone activation..........................................................................139

Configuring messaging options ................................... 173

Managing signatures and disclaimers ...............................................199

Configuring deployment jobs ...................................... 209

2009 Research In Motion Limited

IT policy distribution settings ........................................................................ 213

Introducing IT policies ...................................................223

Creating IT policies ...............................................................................227

Assigning IT policies .............................................................................232

Managing software in the BlackBerry Administration Service............................................................................... 251

Assigning software configurations.................................................... 262

Review questions ................................................................................... 277 Answers...................................................................................................279

Administering the BlackBerry Attachment Service.................................... 281

Administering the BlackBerry MDS Connection Service........................... 291

Configuring BlackBerry Enterprise Server log file properties ......................................................................... 321

2009 Research In Motion Limited

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

2009 Research In Motion Limited 15

Introducing the BlackBerry Enterprise Server

Architecture: BlackBerry Enterprise Solution

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

Architecture: BlackBerry Enterprise Server

BlackBerry Attachment Service

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

BlackBerry MDS Connection Service

BlackBerry MDS Integration Service

BlackBerry Messaging Agent

BlackBerry Monitoring Service

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

BlackBerry Synchronization Service

BlackBerry Web Desktop Manager

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

Exercise: BlackBerry Enterprise Server architecture

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

2009 Research In Motion Limited

Introducing the BlackBerry Enterprise Server

Process flow: Viewing an email message attachment on a BlackBerry smartphone