Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1 Essential
v1.0 | 716-02046-123 | 2009 Research In Motion Limited
2009 Research In Motion Limited. All rights reserved. BlackBerry, RIM, Research In Motion, SurePress, SureType and related trademarks, names and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. Apache Tomcat is a trademark of Apache Software Foundation. Bluetooth is a trademark of Bluetooth SIG. IBM, Lotus, and Domino are trademarks of International Business Machines Corporation. Java and JavaScript are trademarks of Sun Microsystems, Inc. Microsoft, Active Directory, ActiveX, Internet Explorer, Outlook, SQL Server, and Windows are trademarks of Microsoft Corporation. RSA SecurID is a trademark of RSA Security. Wi-Fi is a trademark of the Wi-Fi Alliance. All other trademarks are the property of their respective owners. The BlackBerry smartphone and other devices and/or associated software are protected by copyright, international treaties, and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D445,428; D433,460; D416,256. Other patents are registered or pending in the U.S. and in various countries around the world. Visit www.rim.com/patents for a list of RIM (as hereinafter defined) patents. This documentation including all documentation incorporated by reference herein such as those provided or made available by hyperlink is provided or made accessible "AS IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation or warranty of any kind by Research In Motion Limited and its affiliated companies ("RIM") and RIM assumes no responsibility for any typographical, technical, or other inaccuracies, errors or omissions in this documentation. In order to protect RIM proprietary and confidential information and/or trade secrets, this documentation may describe some aspects of RIM technology in generalized terms. RIM reserves the right to periodically change information that is contained in this documentation; however, RIM makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all. This documentation might contain references to third-party sources of information, hardware or software, products or services including components and content such as content protected by copyright and/or third-party web sites (collectively the "Third Party Products and Services" ). RIM does not control, and is not responsible for, any Third Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Services in this documentation does not imply
716-02046-123 v1.0
endorsement by RIM of the Third Party Products and Services or the third party in any way. EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NONINFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NONPERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL RIM BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH RIM PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF RIM PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES ,WHETHER OR NOT SUCH
716-02046-123 v1.0
DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, RIM SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY. THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B) TO RIM AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED RIM DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES AND INDEPENDENT CONTRACTORS. IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF RIM OR ANY AFFILIATES OF RIM HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION. Prior to subscribing for, installing or using any Third Party Products and Services it is your responsibility to ensure that your airtime service provider has agreed to support all of their features. Some airtime service providers may not offer Internet browsing functionality with a subscription to BlackBerry Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with RIM's products and services may require one or more patent, trademark, copyright or other licenses in order to avoid infringement or violation of third party rights. You are solely responsible for determining whether to use, Third Party Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with RIM's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations or warranties of any kind by RIM and RIM assumes no liability whatsoever, in relation thereto. Your use of Third
716-02046-123 v1.0
Party Products and Services shall be governed by and subject to you agreeing to the terms of separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or other agreement with RIM. Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server software, BlackBerry Desktop Software, and/or BlackBerry Device Software and may require additional development or Third Party Products and Services for access to corporate applications. This product includes software developed by the Apache Software Foundation (http://www.apache.org/) and/or licensed pursuant to Apache License, Version 2.0 (http://www.apache.org/licenses/). For more information, see the NOTICE.txt file included with the software. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. The terms of use of any RIM product or service are set out in a separate license or other agreement with RIM applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIES PROVIDED BY RIM FOR PORTIONS OF ANY RIM PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION. This training material was designed under the assumption that all required prerequisites are completed by participants before attending the session. The manual was designed to accompany a presentation delivered by a Research In Motion (RIM) recognized instructor. To avoid negatively impacting the quality of the learning experience, RIM recommends participants complete the prerequisites or that a presentation accompanies the manual.
716-02046-123 v1.0
Contents
Contents
Introducing the BlackBerry Enterprise Server............. 15
Architecture: BlackBerry Enterprise Solution ..................................... 16 Architecture: BlackBerry Enterprise Server..........................................17 Exercise: BlackBerry Enterprise Server architecture ..........................21 Process flow: Sending an email message to a BlackBerry smartphone over the wireless network ...................................................................... 23 Process flow: Sending an email message from a BlackBerry smartphone over the wireless network ................................................24 Process flow: Viewing an email message attachment on a BlackBerry smartphone ..............................................................................................25 Process flow: Sending calendar data to a BlackBerry smartphone over the wireless network ............................................................................... 27 Process flow: Sending calendar data from a BlackBerry smartphone over the wireless network ......................................................................28 Process flow: Starting an instant messaging session on a BlackBerry smartphone ..............................................................................................29 Process flow: Pushing content to a BlackBerry smartphone over the wireless network.......................................................................................31 Process flow: Pulling content to a BlackBerry smartphone over the wireless network...................................................................................... 32 Review: Process flows.............................................................................34
Lab: Log in to the BlackBerry Administration Service .....................42 Exploring the BlackBerry Administration Service ..............................43
BlackBerry solution management menu....................................................... 44 Devices menu.................................................................................................... 45 Servers and components menu ...................................................................... 45 Preferences menu............................................................................................. 46
716-02046-123 v1.0 2009 Research In Motion Limited 7
Contents
Lab: Exploring the BlackBerry Administration Service....................47 Lab: Exploring the Servers and components menu..........................48 Review questions .................................................................................... 49
Lab: Exploring the servers and components menu ..................................... 50 Review questions.............................................................................................. 50
Introducing roles............................................................... 51
Introducing roles .....................................................................................52 Overview: Creating and assigning roles..............................................53 Default roles.............................................................................................54 Exercise: Viewing default role privileges........................................... 64 Viewing and granting privileges ...........................................................65 Creating roles...........................................................................................67
Creating a new role.......................................................................................... 67 Copying an existing role.................................................................................. 67
Tips for working with roles..................................................................... 73 Lab: Create and assign roles................................................................74 Review questions ..................................................................................... 75 Answers..................................................................................................... 78
Tips for working with groups ................................................................ 89 Lab: Creating and configuring groups .............................................. 90 Overview: Adding and activating a user account............................... 91 Menu options for adding and managing user accounts in the BlackBerry Administration Service .......................................................92 Adding user accounts to the BlackBerry Enterprise Server ............. 94 Adding a user account by searching for the user...............................95 Adding a user from the directory..........................................................97
Manually updating user data in the BlackBerry Configuration Database.............................................................. 97
8 2009 Research In Motion Limited 716-02046-123 v1.0
Contents
Lab: Adding user accounts to the BlackBerry Enterprise Server ..................................................... 101 Adding multiple user accounts from a file ........................................ 102
Creating the .csv file .......................................................................................102 Importing new user accounts ........................................................................103
Lab: Importing user accounts using a .csv file................................106 Managing user accounts ...................................................................... 107 Lab: Managing user accounts............................................................. 110 Object reconciliation in the BlackBerry Administration Service ..... 111 Review questions .................................................................................... 113 Answers....................................................................................................116
Activating BlackBerry smartphones over the enterprise Wi-Fi network..........................................................................................132 Lab: Activate BlackBerry smartphones ............................................ 134
Part 1.................................................................................................................. 134 Part 2 ................................................................................................................. 134
Contents
BlackBerry Administration Service activation statistics.................. 155 Lab: Searching for activation statistics.............................................157 General troubleshooting reminders ................................................... 158 Exercise: Troubleshooting enterprise activation issues .................160 Review questions ................................................................................... 164 Answers...................................................................................................166
Troubleshooting enterprise activation issues .............................................166 Review questions............................................................................................ 169
Lab: Creating email message filters ................................................. 178 Mapping address book fields for synchronization and address book lookups.................................................................................................... 179 Managing wireless organizer data synchronization ......................... 181
Tips for troubleshooting wireless organizer data synchronization issues................................................................................................................. 183
Lab: Managing organizer data synchronization ............................. 185 Managing email message redirection................................................ 186
Tips for managing email message redirection............................................188
Lab: Managing email message redirection ..................................... 189 Managing wireless email message reconciliation............................190
Configuring wireless email message reconciliation ..................................190 Tips for troubleshooting wireless email message reconciliation issues.................................................................................................................192
Managing access to remote email message data ............................ 194 Managing email messages with HTML and rich content................196
Tips for managing email messages with HTML and rich content............197
Lab: Creating disclaimers and signatures .......................................202 Managing folder synchronization.......................................................203 Review questions .................................................................................. 206
10
716-02046-123 v1.0
Contents
Managing deployment jobs ................................................................. 216 Lab: Managing deployment jobs....................................................... 219 Review questions ...................................................................................220 Answers....................................................................................................221
Creating new IT policy rules to control third-party applications............................................................................................234 Lab: Creating and assigning IT policies ...........................................235 Resending IT policies ........................................................................... 236 Reconciliation rules for IT policies..................................................... 239 Exercise: Determine which IT policy is assigned to the user account.........................................................................242 Troubleshooting IT policy issues ........................................................ 245 Review questions ...................................................................................247 Answers.................................................................................................. 250
Publishing applications to the application repository.................... 256 Creating software configurations .......................................................257
Creating a software configuration...............................................................259
Contents
Assigning a software configuration to multiple user accounts or a single user account.................................................................................................... 263
Lab: Creating software configurations............................................ 265 Reconciliation rules for software configurations ............................ 266 Exercise: Determine which software configuration is assigned to the user account.........................................................................270 Updating BlackBerry Device Software using the BlackBerry Administration Service .........................................................................272
Reconciliation rules for BlackBerry Device Software bundles ................ 274 Reconciliation rules for standard application settings............................. 275
Lab: Configuring the BlackBerry Attachment Service.................. 288 Review questions .................................................................................. 289 Answers.................................................................................................. 290
Lab: Creating pull and push rules.................................................... 306 Configuring a BlackBerry MDS Connection Service instance........307 Other BlackBerry MDS Connection Service options........................ 315 Review questions ....................................................................................317
12 2009 Research In Motion Limited 716-02046-123 v1.0
Contents
Answers................................................................................................... 319
716-02046-123 v1.0
13
Contents
14
716-02046-123 v1.0
716-02046-123 v1.0
16
716-02046-123 v1.0
Component
BlackBerry Administration Service
Description
The BlackBerry Administration Service is a web service that hosts the BlackBerry Administration Service console and BlackBerry Web Desktop Manager. The BlackBerry Administration Service provides the interface between the BlackBerry Monitoring Service and the BlackBerry Configuration Database. You can use the BlackBerry Administration Service to manage the BlackBerry Enterprise Server and users accounts.
The BlackBerry Attachment Service converts supported attachments into a format that can be viewed on BlackBerry smartphones. The BlackBerry Attachment Service converts attachments for the BlackBerry Messaging Agent, the BlackBerry MDS Connection Service, and the BlackBerry Collaboration Service.
716-02046-123 v1.0
17
Component
BlackBerry Collaboration Service
Description
The BlackBerry Collaboration Service connects to an organization's instant messaging server to provide instant messaging on BlackBerry smartphones. The BlackBerry Collaboration Service supports the following collaboration clients: BlackBerry Client for use with Microsoft Office Live Communications Server 2005 BlackBerry Client for use with Microsoft Office Communications Server 2007 BlackBerry Client for IBM Lotus Sametime BlackBerry Client for Novell GroupWise Messenger
The BlackBerry Collaboration Service is an optional component. BlackBerry Configuration Database BlackBerry Controller The BlackBerry Configuration Database is a relational database that contains information used by the BlackBerry Enterprise Server. The BlackBerry Controller starts, monitors, and (if needed) restarts BlackBerry Enterprise Server components. The BlackBerry Dispatcher performs the following functions: Transfers data between BlackBerry Enterprise Server components Compresses and encrypts data that is sent to BlackBerry smartphones Decrypts and decompresses data received from BlackBerry smartphones Monitors and communicates the health of BlackBerry Enterprise Server components Starts the processing of BlackBerry smartphone users on the BlackBerry Messaging Agent
BlackBerry Dispatcher
18
716-02046-123 v1.0
Component
BlackBerry Mail Store Service
Description
The BlackBerry Mail Store Service connects to the messaging server to retrieve information from an organization's user directory and places that information in the BlackBerry Configuration Database. The BlackBerry Administration Service uses this information to manage user accounts. The BlackBerry MDS Connection Service processes requests for web content from the BlackBerry Browser or BlackBerry Java Applications on BlackBerry smartphones. The BlackBerry MDS Integration Service integrates BlackBerry MDS Runtime Applications and BlackBerry Browser Applications with BlackBerry smartphones. The BlackBerry MDS Integration Service is an optional component.
The BlackBerry Messaging Agent performs the following functions: Connects to the messaging server to provide email messaging, calendar management, address lookups, attachment viewing, and attachment downloading Allows the BlackBerry Synchronization Service to access organizer data on the messaging server Synchronizes configuration data between the BlackBerry Configuration Database and BlackBerry smartphone user mailboxes on the messaging server Monitors the BlackBerry state databases
The BlackBerry Monitoring Service collects SNMP data from BlackBerry Enterprise Server components. You can use the BlackBerry Monitoring Service to monitor and troubleshoot issues with your BlackBerry Enterprise Server. The BlackBerry Monitoring Service is an optional component.
716-02046-123 v1.0
19
Component
BlackBerry Policy Service
Description
The BlackBerry Policy Service sends IT policies, IT administration commands, service books, and encryption keys to BlackBerry smartphones. The BlackBerry Policy Service generates encryptions keys that are used by BlackBerry smartphones. The BlackBerry Router connects to the BlackBerry Dispatcher, the BlackBerry Infrastructure, and an organization's LAN to send data between the BlackBerry Enterprise Server and BlackBerry smartphones. The BlackBerry Synchronization Service synchronizes organizer data between BlackBerry smartphones and an organization's messaging server using the BlackBerry Messaging Agent. The BlackBerry Synchronization Service also synchronizes BlackBerry smartphone user data with the BlackBerry Configuration Database. BlackBerry Web Desktop Manager is a web application that allows BlackBerry smartphone users to manage their BlackBerry smartphones using Windows Internet Explorer instead of software installed on their computers. BlackBerry Web Desktop Manager is an optional component.
BlackBerry Router
20
716-02046-123 v1.0
1.
List the BlackBerry Enterprise Server components that you need to install to meet the needs of Plazmic Inc.
716-02046-123 v1.0
21
2.
List and describe the functionality of the BlackBerry Enterprise Server components that you do not need to install for Plazmic Inc.
22
716-02046-123 v1.0
Process flow: Sending an email message to a BlackBerry smartphone over the wireless network
1. 2. 3.
An email message arrives in a BlackBerry smartphone user's mailbox on the messaging server. The BlackBerry Messaging Agent retrieves the email message from the messaging server. The BlackBerry Messaging Agent checks the email message filters to determine whether the email message can be forwarded to the BlackBerry smartphone. The BlackBerry Messaging Agent sends the email message to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the email message and sends it to the BlackBerry Router. The BlackBerry Router sends the email message to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the email message to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone sends a delivery confirmation to the BlackBerry Messaging Agent. The BlackBerry smartphone decrypts and decompresses the email message.
4. 5. 6. 7. 8. 9.
716-02046-123 v1.0
23
Process flow: Sending an email message from a BlackBerry smartphone over the wireless network
1. 2.
A BlackBerry smartphone user sends an email message from a BlackBerry smartphone. The BlackBerry smartphone compresses and encrypts the email message and sends it to the BlackBerry Infrastructure over wireless network. The BlackBerry Infrastructure sends the email message to the BlackBerry Router through the firewall. The BlackBerry Router sends the email message to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the email message and sends the email message to the BlackBerry Messaging Agent. The BlackBerry Messaging Agent sends the email message to the messaging server. The messaging server sends the email message to the recipient and places a copy of the email message in the Sent Items folder of the BlackBerry smartphone user's email application.
3. 4. 5.
6. 7.
24
716-02046-123 v1.0
1.
A BlackBerry smartphone user clicks the Open Attachment menu item on a BlackBerry smartphone to request the attachment. The BlackBerry smartphone compresses and encrypts the attachment request, and sends it to the BlackBerry Infrastructure over the wireless network. The BlackBerry Infrastructure sends the attachment request to the BlackBerry Router through the firewall. The BlackBerry Router sends the attachment request to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the attachment request and sends it to the BlackBerry Messaging Agent. The BlackBerry Messaging Agent sends the attachment request to the BlackBerry Attachment Service. The BlackBerry Attachment Service retrieves the attachment from the messaging server using the BlackBerry Messaging Agent. The BlackBerry Attachment Service coverts the attachment to a format that can be viewed on the BlackBerry smartphone. The BlackBerry Attachment Service sends the attachment to the BlackBerry Messaging Agent. The BlackBerry Messaging Agent sends the attachment to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the attachment and sends it to the BlackBerry Router. The BlackBerry Router sends the attachment to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the attachment to the BlackBerry smartphone over the wireless network.
2.
3. 4. 5.
6. 7.
716-02046-123 v1.0
25
13. 14.
The BlackBerry smartphone sends a delivery confirmation to the BlackBerry Messaging Agent. The BlackBerry smartphone decrypts, decompresses, and displays the attachment.
26
716-02046-123 v1.0
Process flow: Sending calendar data to a BlackBerry smartphone over the wireless network
1. 2. 3. 4. 5. 6. 7. 8.
Calendar data is created or updated on the messaging server. The BlackBerry Messaging Agent retrieves the calendar data from the messaging server. The BlackBerry Messaging Agent sends the calendar data to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the calendar data and sends it to the BlackBerry Router. The BlackBerry Router sends the calendar data to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the calendar data to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone sends a delivery confirmation to the BlackBerry Messaging Agent. The BlackBerry smartphone decrypts and decompresses the calendar data and updates the Calendar application.
716-02046-123 v1.0
27
Process flow: Sending calendar data from a BlackBerry smartphone over the wireless network
1. 2.
A BlackBerry smartphone user creates or updates calendar data on a BlackBerry smartphone. The BlackBerry smartphone compresses and encrypts the calendar data and sends it to the BlackBerry Infrastructure over the wireless network. The BlackBerry Infrastructure sends the calendar data to the BlackBerry Router through the firewall. The BlackBerry Router sends the calendar data to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the calendar data and sends it to the BlackBerry Messaging Agent. The BlackBerry Messaging Agent creates or updates the calendar data on the messaging server.
3. 4. 5.
6.
28
716-02046-123 v1.0
1. 2.
A BlackBerry smartphone user logs in to a collaboration client on a BlackBerry smartphone. The BlackBerry smartphone compresses and encrypts the user name and password and sends them to the BlackBerry Infrastructure over the wireless network. The BlackBerry Infrastructure sends the user name and password to the BlackBerry Router through the firewall. The BlackBerry Router sends the user name and password to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the user name and password, and sends them to the BlackBerry Collaboration Service. The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to determine whether the maximum number of instant messaging sessions has been reached and whether the BlackBerry smartphone user has permission to use the collaboration client. The BlackBerry Collaboration Service authenticates the BlackBerry smartphone user on the instant messaging server, and sends the login request to the instant messaging server. The instant messaging server accepts the request, processes the user name and password, opens the instant messaging session, and sends the acceptance to the BlackBerry Collaboration Service. The BlackBerry Collaboration Service sends the acceptance to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the acceptance and sends it to the BlackBerry Router. The BlackBerry Router sends the acceptance to the BlackBerry Infrastructure through the firewall.
3. 4. 5.
6.
7.
8.
9. 10. 11.
716-02046-123 v1.0
29
12. 13.
The BlackBerry Infrastructure sends the acceptance to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone decrypts and decompresses the acceptance and starts the instant messaging session.
30
716-02046-123 v1.0
Process flow: Pushing content to a BlackBerry smartphone over the wireless network
1. 2.
The BlackBerry MDS Connection Service receives a push content request. The BlackBerry MDS Connection Service checks the BlackBerry Configuration Database to determine whether the push request is allowed. The BlackBerry MDS Connection Service converts the content to a format that can be viewed on the BlackBerry smartphone and sends the content to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the content and sends it to the BlackBerry Router. The BlackBerry Router sends the content to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the content to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone sends a delivery confirmation to the BlackBerry MDS Connection Service. The BlackBerry smartphone decrypts, decompresses, and displays it on the content.
3.
4. 5. 6. 7. 8.
716-02046-123 v1.0
31
Process flow: Pulling content to a BlackBerry smartphone over the wireless network
1. 2.
A BlackBerry smartphone user requests content using the BlackBerry Browser on a BlackBerry smartphone. The BlackBerry smartphone compresses and encrypts the content request and sends it to the BlackBerry Infrastructure over the wireless network. The BlackBerry Infrastructure sends the content request to the BlackBerry Router through the firewall. The BlackBerry Router sends the content request to the BlackBerry Dispatcher. The BlackBerry Dispatcher decrypts and decompresses the content request, and sends it to the BlackBerry MDS Connection Service. The BlackBerry MDS Connection Service checks the BlackBerry Configuration Database to determine whether the BlackBerry smartphone user has permission to request content. The BlackBerry MDS Connection Service retrieves the content from the content server, and converts the content to a format that can be viewed on the BlackBerry smartphone. The BlackBerry MDS Connection Service sends the content to the BlackBerry Dispatcher. The BlackBerry Dispatcher compresses and encrypts the content and sends it to the BlackBerry Router. The BlackBerry Router sends the content to the BlackBerry Infrastructure through the firewall. The BlackBerry Infrastructure sends the content to the BlackBerry smartphone over the wireless network. The BlackBerry smartphone sends a delivery confirmation to the BlackBerry MDS Connection Service.
3. 4. 5.
6.
7.
32
716-02046-123 v1.0
13.
The BlackBerry smartphone decrypts, decompresses, and displays the content using the BlackBerry Browser.
716-02046-123 v1.0
33
34
716-02046-123 v1.0
2.
Process flow:
716-02046-123 v1.0
35
3.
Process flow:
36
716-02046-123 v1.0
716-02046-123 v1.0
38
716-02046-123 v1.0
716-02046-123 v1.0
39
Authentication method
Description
Active Directory
Administrators can log in to the BlackBerry Administration Service using their Windows credentials.
40
716-02046-123 v1.0
Authentication method
Description
An administrators login credentials are created in the BlackBerry Administration Service and are stored in an encrypted format in the BlackBerry Configuration Database.
Domino mailbox
The browser used to access the BlackBerry Administration Service must allow Microsoft ActiveX controls.
Tip
716-02046-123 v1.0
41
Tasks:
1. 2. 3. Using the login information provided by your instructor, log in to the BlackBerry Administration Service. Configure the browser to allow Microsoft ActiveX controls. Add the web address of the BlackBerry Administration Service to the list of trusted web sites, and install the certificate for the BlackBerry Administration Service in the certificate store of your computer.
42
716-02046-123 v1.0
716-02046-123 v1.0
43
Create and manage software configurations, BlackBerry Device Software configurations, and application control policies.
Create and manage WLAN, VPN, and VoIP configuration sets. Create and manage administrator user accounts.
44
716-02046-123 v1.0
Devices menu
View information on attached BlackBerry smartphones.
View and configure BlackBerry Enterprise Server instances in the BlackBerry Domain. View and configure BlackBerry Enterprise Server components in the BlackBerry Domain.
View and configure high availability for the BlackBerry Enterprise Server.
716-02046-123 v1.0
45
Preferences menu
View and manage an administrators profile and password.
46
716-02046-123 v1.0
716-02046-123 v1.0
47
2. 3.
48
716-02046-123 v1.0
Review questions
1. List three tasks that administrators can perform using the BlackBerry Administration Service.
2.
3.
What are the authentication method options for logging in to the BlackBerry Administration Service?
4.
List the command categories available from the BlackBerry Administration Service Home screen.
716-02046-123 v1.0
49
Answers
Answers
Lab: Exploring the servers and components menu
1. On the Servers and components menu, expand BlackBerry Domain. Click BlackBerry Administration Service and click Edit instance. On the Component information tab, change the value of the Minimum password length field. On the Servers and components menu, expand BlackBerry Domain. Expand BlackBerry Enterprise Server, click on a BlackBerry Enterprise Server instance name, and click Edit instance. On the Instance information tab, type a name in the Friendly name field. On the Servers and components menu, expand BlackBerry Domain. Expand Email, click on an email instance name, and click Edit instance. On the Instance information tab, type a name in the Friendly name field.
2.
3.
Review questions
1. Any three of the following: 2. Add new user accounts Assign user accounts to groups Create and manage roles Create and manage administrator user accounts Create and manage software configurations and IT policies Configure security options, proxy servers, and high availability settings Manage and activate BlackBerry smartphones
https://<servername>/webconsole/login, where <servername> is the server name of the BlackBerry Administration Service Microsoft Exchange: BlackBerry Administration Service or Active Directory IBM Lotus Domino: BlackBerry Administration Service, Active Directory, or Domino mailbox
3.
4.
50
716-02046-123 v1.0
Introducing roles
Objectives
Discuss the purpose of roles Identify tips for working with roles List and describe the default roles Summarize the classifications of role privileges Describe how to create a custom role in the BlackBerry Administration Service Describe how to create an administrator user in the BlackBerry Administration Service Describe how to assign a role to an administrator user in the BlackBerry Administration Service
716-02046-123 v1.0
Introducing roles
Introducing roles
After an administrator has logged in to the BlackBerry Administration Service for the first time, the administrator can begin to create new roles. These roles control what information other administrators can view and which tasks they can perform in the BlackBerry Administration Service and BlackBerry Monitoring Service. Roles are designed to help an organization do the following: Reduce the security risks associated with allowing all administrators to have access to all administrative tasks. Define different types of administrators to better distribute job responsibilities. Increase efficiency by limiting accessible options to job responsibilities so administrators can quickly find options in the BlackBerry Administration Service.
52
716-02046-123 v1.0
Introducing roles
Create a new role with all privileges turned off and make necessary changes.
OR
Create a role that is based on an existing role and make necessary changes.
OR
Use one of the default roles. Create an administrator user account and assign the role to the administrator user account. Provide the administrator with the login information.
Discussion:
When creating a role, in what circumstances would an administrator choose each of the following methods to create a role? Create a new role Create a role based on an existing role
716-02046-123 v1.0
53
Introducing roles
Default roles
The following default roles are available to use in the BlackBerry Administration Service: Privileges are organized into the following categories:
Category
Role information User and device
Description
The name and description of the role Privileges related to administering BlackBerry smartphones and BlackBerry smartphone users, including Viewing and managing groups Adding and deleting user accounts Viewing and managing IT policies and software configurations Activating BlackBerry smartphones
54
716-02046-123 v1.0
Introducing roles
Category
Topology
Description
Privileges related to BlackBerry Enterprise Server instance and component management, including Viewing and managing BlackBerry Enterprise Server instances and components Managing BlackBerry Enterprise Server instance relationships Managing deployment jobs Updating peer-to-peer encryption keys
Privileges related to role management, including Viewing and managing roles Sending messages across groups
Organizations
Privileges applied across the organization, including Viewing and managing groups across the organization Adding and removing roles across the organization Viewing and managing BlackBerry smartphones across the organization
Miscellaneous
716-02046-123 v1.0
55
Introducing roles
The default roles have the following privileges assigned to them. If necessary, these privileges can be modified. Monitoring View x x
716-02046-123 v1.0
Senior Helpdesk
Junior Helpdesk
Server only
User and device tab Create a group Delete a group View a group Edit a group Create a user Delete a user View a user Edit a user View a device Edit a device View device activation settings Edit device activation settings Create an IT policy Delete an IT policy View an IT policy Edit an IT policy Import an IT policy x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x
x x x x x
x x x x x x x
x x x x x
56
Monitoring
Enterprise
User only
Security
Introducing roles
Export an IT policy Create a userdefined IT policy template Delete a userdefined IT policy template Resend data to devices Edit a userdefined IT policy template Import an IT policy template Create a software configuration View a software configuration Edit a software configuration Delete a software configuration Create an application View an application Edit an application
x x
x x
x x
x x
x x
x x
x x
x x
x x
x x x
x x x
x x x
x x x
x x x x x
x x x
716-02046-123 v1.0
Monitoring View
57
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Delete an application Create an administrator user Add or remove to user configuration Export asset summary data Import or export users Export statistics Import user updates Assign the current device to a user Specify an activation password Turn off and on external services Generate an activation email Clear synchronization backup data Clear user statistics
x x
x x
x x
x x x x x
x x x x x x x x
x x x x x
x x
x x
x x
x x
58
716-02046-123 v1.0
Monitoring View
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Reset user field mapping Turn on redirection Turn off redirection Add user from company directory Import new users Refresh available user list from company directory Import or export email message filters for a user Topology tab View a server Edit a server View a component Edit a component View an instance Edit an instance Change the status of an instance
x x x x
x x x x
x x x x
x x x x
x x
x x x
x x x x x x x
x x x x x x x
x x x x x x x
716-02046-123 v1.0
Monitoring View
59
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Edit an instance relationship View a job Edit a job View default distribution settings for a job Edit default distribution settings for a job Update peerto-peer encryption key Manage deployment job tasks Change the status of a job task Delete an instance Edit license keys View license keys Clear instance statistics Import or export email filters
x x x x
x x x x
x x x x
x x x x x
x x x x x
x x x x x
60
716-02046-123 v1.0
Monitoring View
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Export certificate signature request Import new server certificate Clear statistics for a BlackBerry MDS Connection Service instance View rules for the BlackBerry MDS Connection Service
BlackBerry Administration Service setup tab Send message Create a role Delete a role View a role Edit a role Add and remove a role View BlackBerry Administration Service software management x x x x x x x x x x x x x x x x x
716-02046-123 v1.0
Monitoring View
61
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Edit BlackBerry Administration Service software management Import or export groups within roles Organizations tab View a group across organizations Edit a group across organizations Add and remove a role across organizations View a device across organizations Edit a device across organizations Assign the current device to a user across organizations Miscellaneous tab Edit BlackBerry Enterprise Server internal timers
62
716-02046-123 v1.0
Monitoring View
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Register an event notification Create an event notification View BlackBerry Monitoring Service information Edit BlackBerry Monitoring Service settings x x x
716-02046-123 v1.0
Monitoring View
63
Senior Helpdesk
Junior Helpdesk
Server only
Monitoring
Enterprise
User only
Security
Introducing roles
Privilege
Create a user Delete a user Create a software configuration View a server Create a role Specify an activation password
Security Administrator
64
716-02046-123 v1.0
Introducing roles
716-02046-123 v1.0
65
Introducing roles
Roles can be created so that assigned administrators can only administer a defined list of groups. The following example shows some of these settings on the User and device tab.
Tips
If an administrator adds a new group after listed groups have been defined, the new group will have to be added as a listed group. Administrators can add groups using the import and export group list feature.
66
716-02046-123 v1.0
Introducing roles
Creating roles
Administrators can create new roles or manage existing roles from the BlackBerry solution management menu in the BlackBerry Administration Service.
716-02046-123 v1.0
67
Introducing roles
1. 2.
In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Role. Click Manage roles.
3.
4.
5.
In the Role information section, type the following: Name: Plazmic Senior Admin
68
716-02046-123 v1.0
Introducing roles
6. 7. 8. 9.
Click Copy role. Click View role list. From the list, click Plazmic Senior Admin. Click Edit Role.
716-02046-123 v1.0
69
Introducing roles
10.
11.
Discussion: Why was the Plazmic Senior Admin role copied from the Security Administrator role?
70
716-02046-123 v1.0
Introducing roles
When an administrator adds an administrator user account, the added administrator user is not enabled as a BlackBerry smartphone user. An administrator user can be enabled as a BlackBerry smartphone user after the administrator user account has been created.
716-02046-123 v1.0
71
Introducing roles
72
716-02046-123 v1.0
Introducing roles
716-02046-123 v1.0
73
Introducing roles
Role
Plazmic Senior Admin
Directions
Create permissions based on the example explained in Example: Copying the Security Administrator role to create a custom role on page 67. Copy the Junior Helpdesk Administrator role. Allow all privileges on the User and device tab. Create a new role. Allow the following privileges: View device activation settings Edit device activation settings Specify an activation password Generate an activation email
Administrator
Jeanette deBoer Jovanka Buac Lisa Perry Karla Tetzel Julie Palmer Enrico Antonucci Sherisse Da Silva
Assigned role
Security Administrator Plazmic Senior Admin Plazmic Junior Admin Plazmic Junior Admin Plazmic Junior Admin Activation Administrator Activation Administrator
Tasks
1. 2. Create the roles. Create the administrator user accounts and assign the appropriate roles to the new administrator user accounts. Use BlackBerry Administration Service as the authentication method.
74
716-02046-123 v1.0
Introducing roles
Review questions
1. You have a meeting with the Chief Technology Officer of Plazmic Inc. to discuss the advantages of implementing administrative roles in the BlackBerry Administration Service. What advantages would you present?
2.
3.
For each of the default roles list below, provide a description of the role. Role Enterprise Administrator Description
716-02046-123 v1.0
75
Introducing roles
Description
Security Administrator
76
716-02046-123 v1.0
Introducing roles
4.
5.
Describe the authentication method choices when creating an administrator user account in the BlackBerry Administration Service.
6.
Find the privilege that must be granted to be able to perform each of the following tasks: Make changes to the Plazmic Senior Admin role. View deployment jobs. Assign an IT policy. Send a message to a group.
716-02046-123 v1.0
77
Introducing roles
Answers
Exercise: Viewing default role privileges
For the listed default roles, use the privileges table on the previous pages as a reference and specify whether the listed privilege is set to Granted or No Access.
Permission
Create a user Delete a user Create a software configuraton View a server Create a role Specify an activation password
Security Administrator
Granted Grated Granted Granted Granted Granted
Review questions
1. Roles are designed to help an organization do the following: Reduce the security risks associated with allowing all administrators to have access to all administrative tasks Define different types of administrators to better distribute job responsibilities Increase efficiency by limiting accessible options to job responsibilities so administrators can quickly find options in the BlackBerry Administration Service
2. 3.
True. For each of the default roles list below, provide a description of the role. Role Enterprise Administrator Junior Helpdesk Administrator Description All privileges are granted, except can only view role assignments. Privileges granted for basic administrative tasks.
78
716-02046-123 v1.0
Introducing roles
Role Monitoring System Administrator Monitoring View Administrator Security Administrator Senior Helpdesk Administrator Server Only Administrator User Only Administrator
Description Privileges granted to configure and manage monitoring jobs. Privileges granted for viewing monitoring information. All privileges granted. Privileges granted for intermediate type tasks. Privileges granted for managing system resources. Privileges granted for managing user accounts.
4. 5.
An administrator can create a new role based on an existing role or create a brand new role.
Description The administrator must log in to the BlackBerry Administration Service using the same credentials as Microsoft Active Directory. The administrator must log in to the BlackBerry Administration Service using the credentials specified on the Create an administrator user screen.
6.
The following privileges must be granted to be able to perform the corresponding task: Edit a role on the BlackBerry Administration Service setup tab. View a job on the Topology tab. Edit a user (across Group) on the User and device tab. Send message (across Group) on the BlackBerry Administration Service setup tab.
716-02046-123 v1.0
79
Introducing roles
80
716-02046-123 v1.0
716-02046-123 v1.0
Introducing groups
A group is a collection of related BlackBerry smartphone users who share commonly configured properties. Administering BlackBerry smartphone users as a group is more efficient than administering individual BlackBerry smartphone users because properties can be set, applied, or changed simultaneously for all members of the group. User assigned objects override any group assigned objects.
Note
82
716-02046-123 v1.0
Creating a group
To create a group, an administrator must click Create group from the Home screen or from the BlackBerry solution management menu.
716-02046-123 v1.0
83
After administrators create a group, they can specify properties for the group. The Group information tab displays the name of the group and the optional description.
84
716-02046-123 v1.0
Administrators can add groups as a member of another group to create a parent and child group relationship. The properties of the parent group are inherited by the user accounts in the child groups.
Child groups tab
Select the child group and click Add. The selected group inherits all of the properties of the parent group.
Administrators can also assign roles to groups. The members of the group inherit the administrative privileges of that role.
Roles tab
Select the role and click Add. The administrative privileges are applied to the group.
716-02046-123 v1.0
85
After software configurations have been created, administrators can assign these software configurations to groups.
Software configuration tab
Select the software configuration and click Add. The software configuration is assigned to the selected group.
Policies tab
Select an IT policy in the drop-down list. The IT policy is assigned to the selected group.
86
716-02046-123 v1.0
After user accounts have been added to a group, an administrator can view the following information about group members.
Direct members are members of the selected group. Indirect members are members of an associated child group.
716-02046-123 v1.0
87
Administrators can move user accounts to different groups. This is performed from the Manage users menu.
The selected user account is currently assigned to the groups listed here. List of available groups. Options for managing group membership.
88
716-02046-123 v1.0
716-02046-123 v1.0
89
Tasks
1. 2. 3. 4. Create a group called Legal. Create a group called Executives. Create a group called Senior Executives. Make the Senior Executives group a child group of the Executives group.
90
716-02046-123 v1.0
2. Verify that the user has been added to the messaging server.
3. Verify with the wireless service provider that the BlackBerry smartphone has been provisioned for use with a BlackBerry Enterprise Server. 4. Add the BlackBerry smartphone user to the BlackBerry Enterprise Server and activate the BlackBerry smartphone.
5. Once the activation is complete, the BlackBerry smartphone user can send and receive email messages on the BlackBerry smartphone.
716-02046-123 v1.0
91
Menu options for adding and managing user accounts in the BlackBerry Administration Service
Administrators can add new user accounts or manage existing user accounts from the Home screen or from the BlackBerry solution management menu in the BlackBerry Administration Service. Before an administrator can add a user account to the BlackBerry Enterprise Server, the user account must already exist on the organizations messaging server.
Caution
.
92
716-02046-123 v1.0
716-02046-123 v1.0
93
The administrator can now add a user account using one of the following methods: Add a user account by searching for a user Add a user from the user directory Import new users from a .csv file
94
716-02046-123 v1.0
To view all available user accounts, click Search without specifying any search criteria.
716-02046-123 v1.0
95
After the user has been located, the administrator can perform the following steps:
The administrator must choose one of the three following methods to set up an activation password: Create an activation password manually. Generate an activation password randomly. Create the user account without an activation password.
If an activation password is not set, a BlackBerry smartphone can be assigned to the user account and activated later.
Tip
96
716-02046-123 v1.0
User directory
eiqatoatuaqiotutr nifoahtroigonro shjfkfgjaogihoaihgoiehroiagkgpo skfnaogknaoighaoigaoehgikagoia akgnaokgjaoigokagiahdgoahgoa angkjagjklajdgoajgdoajgajglka naoghnoaidhgoiadjgoiajdgoiaj najgnoagnoaijgopaisgjoapjioa aijgoiajgdiopajgpoagpoapgojag ankgoangoakjgoiajgoijaopdgjapg
The time for this data replication to complete can vary depending on network latency and how close on the network the BlackBerry Configuration Database is to the BlackBerry Mail Store Service. By default, the BlackBerry Administration Service refreshes the list of available user accounts at 4:00AM daily.
716-02046-123 v1.0
97
After clicking the Email component, the administrator must click Refresh available list from company directory.
The amount of time that the BlackBerry Administration Service requires to refresh the user list depends on the size of the user directory.
Note
98
716-02046-123 v1.0
The administrator can now add a single user by clicking Add user from company directory.
Click Add user from company directory to add the user account from the directory.
716-02046-123 v1.0
99
Next the administrator must type the users email address and click Add user from company directory.
Type the email address, in SMTP format, of the user account to add.
Once the user is located, the administrator can click Create a BlackBerry Enabled User and perform the following functions:
100
716-02046-123 v1.0
Tasks
1.
716-02046-123 v1.0
101
Field Heading
Email Address
Descriptions
Email address associated with the user account
Specifics
Required field This email address must exist on the messaging server Optional field Specify an empty value to indicate a manual assignment to the BlackBerry Enterprise Server by the administrator
SRP ID
SRP ID string
Group Names
Optional field Specify multiple group names by separating the group names with a semicolon
102
716-02046-123 v1.0
Field Heading
Activation Password Operation
Descriptions
Method in which activation password is assigned
Specifics
Required field generate : indicates a systemgenerated activation password specify : indicates an activation password that is specified by the administrator none: indicates that no activation password will be assigned to the user
Required field if Activation Password Operation is set to specify Required field if Activation Password Operation is set to specify or generate
716-02046-123 v1.0
103
Administrators can now navigate to the .csv file and add the user accounts.
Click Browse and navigate to the .csv file that contains the user accounts to import.
Click Continue.
The BlackBerry Administration Service imports data in the order that it appears in the .csv file. If an error occurs while importing data (for example, data is incorrectly formatted in the .csv file), the BlackBerry Administration Service continues to import the remaining data that is included in the file and displays an error message for the data that the BlackBerry Administration Service could not import. Importing data can take a long time (more than 30 minutes) to complete if more than 2000 user accounts are added.
104
716-02046-123 v1.0
If you have not specified a BlackBerry Enterprise Server instance, group, or activation password, you must provide this information to complete the process of creating user accounts.
Note
716-02046-123 v1.0
105
Tasks
1. 2. 3. Create a .csv file with the following information: User name, email address, group name Save the file as PlazmicUsers.csv. Import the user accounts.
106
716-02046-123 v1.0
716-02046-123 v1.0
107
Administrators can only view and change properties that are granted for their roles.
Note
To keep the user account in the BlackBerry Configuration Database but disable the user account as a BlackBerry smartphone user, an administrator uses the Disable as BlackBerry user command.
To delete or disable a user account and also remove the information in the BlackBerry smartphone users mailbox, administrators use one of the following commands: BlackBerry Enterprise Server for Microsoft Exchange:
108
716-02046-123 v1.0
716-02046-123 v1.0
109
2. 3.
110
716-02046-123 v1.0
Administrators can view resolved objects. For example, the following screenshot shows the option to view resolved IT policies:
716-02046-123 v1.0
111
An administrator can view all pending reconciliation event counts to see if reconciliation is complete or still running. This menu option appears in the Deployment jobs section.
The following screenshot shows that there are no pending reconciliation events:
112
716-02046-123 v1.0
Review questions
1. True or false? User accounts must exist on an organizations messaging server before they can be added to the BlackBerry Enterprise Server.
2.
Administrators access the Create a user link from which two areas in the BlackBerry Administration Service?
3.
True or False? An activation password must be created when a user account is created.
4.
List two ways to manually update the user list in the BlackBerry Administration Service, and describe why an administrator may have to manually update the user list.
716-02046-123 v1.0
113
5.
Describe how an administrator would move a user account from one BlackBerry Enterprise Server instance to another BlackBerry Enterprise Server instance.
6.
7.
8.
True or false? Administrators access the Create a group link from the Manage users screen
114
716-02046-123 v1.0
9.
Are user accounts added to groups using the Create a group link or using the Manage groups link?
10.
List and describe the functions that an administrator can perform on the group property tabs.
11.
716-02046-123 v1.0
115
Answers
1. 2. 3. 4. True. The Home screen and the BlackBerry solution management menu. False. The user list can be manually updated in the following two ways: From the Email component, an administrator can click Refresh available user list from company directory. When creating a user account, an administrator can click Add user from company directory.
User accounts recently added to the messaging server do not appear in the BlackBerry Administration Service until they are copied to the BlackBerry Configuration Database. 5. 1. 2. 3. 6. Click Manage users. Search for the user account to move Click Switch BlackBerry user to different BlackBerry Enterprise Server.
If an administrator moves a hidden mailbox that does not appear in the user directory, the administrator must manually reload the user account information. Grouping BlackBerry smartphone users allows administrators to set, apply, or change properties simultaneously. False. User accounts can be added from both locations.
7.
8. 9. 10.
Tab
Group information Child groups Roles
Description
Change the name of the group and the description. Add or remove child groups to or from the parent group. Assign roles to groups.
116
716-02046-123 v1.0
Tab
Software configuration Policies 11.
Description
Assign software configurations to groups. Assign IT policies to groups.
Reconciliation is the process of determining which objects apply to user accounts. Reconciliation is necessary because of the possible conflicts that can occur when user accounts belong to multiple groups or when groups belong to multiple groups.
716-02046-123 v1.0
117
118
716-02046-123 v1.0
716-02046-123 v1.0
Using the BlackBerry Administration Service BlackBerry smartphones can be activated by connecting them to a port on a computer that can access the BlackBerry Administration Service and assigning the BlackBerry smartphones to users. Using BlackBerry Desktop Manager BlackBerry smartphone users can activate their own BlackBerry smartphones by connecting them to a port on their computers and running BlackBerry Desktop Manager. Using BlackBerry Web Desktop Manager BlackBerry smartphone users can activate their own BlackBerry smartphones by creating their own wireless activation passwords or by connecting their BlackBerry smartphones to a port on a computer that is running BlackBerry Web Desktop Manager. Over the wireless network BlackBerry smartphone users can activate their own BlackBerry smartphones on the BlackBerry Enterprise Server without a physical network connection. Over the enterprise Wi-Fi network BlackBerry smartphone users can activate their own BlackBerry smartphones on the BlackBerry Enterprise Server using the enterprise Wi-Fi network.
120
716-02046-123 v1.0
The administrator connects the BlackBerry smartphone to a computer that can access the BlackBerry Administration Service. Under Devices in the BlackBerry Administration Service, the administrator associates the BlackBerry smartphone with a user account.
Limitations
Limits the number of simultaneous activations based on the number of USB ports on the computer Computer must be on a network and accessible to the BlackBerry Administration Service
716-02046-123 v1.0
121
122
716-02046-123 v1.0
Limitations
Requires BlackBerry smartphone users to have BlackBerry Desktop Manager installed on their computers Requires the BlackBerry smartphone users computer to be connected to the network and be able to access the messaging server and the BlackBerry Enterprise Server
716-02046-123 v1.0
123
124
716-02046-123 v1.0
Limitations
Computer must be on a network and accessible to the BlackBerry Web Desktop Manager
716-02046-123 v1.0
125
126
716-02046-123 v1.0
The process for activating BlackBerry smartphones over the wireless network is as follows:
Stage 1: Activation
The administrator adds a BlackBerry smartphone user to the BlackBerry Enterprise Server and sets an enterprise activation password in the BlackBerry Administration Service.
On the Enterprise Activation screen on the BlackBerry smartphone, the BlackBerry smartphone user types the email address and enterprise activation password provided by the administrator.
The BlackBerry smartphone generates an ETP.DAT message and sends it over the wireless network to the BlackBerry smartphone user's mailbox.
4
Stage 3: Receiving services
The BlackBerry Enterprise Server verifies that the activation password is correct and then generates a new permanent encryption key and sends it to the BlackBerry smartphone.
The BlackBerry Policy Service receives a request to generate service books and then sends out an IT policy update to the BlackBerry smartphone.
Data is transferred between the BlackBerry smartphone and the BlackBerry smartphone user's mailbox or the BlackBerry Enterprise Server. Slow synchronization includes the following tasks:
716-02046-123 v1.0
127
Limitations
Requires adequate signal strength and signal quality to transfer the initial organizer data to BlackBerry smartphones over the wireless network
Method
Manual activation password generation (Shared Secret method)
Description
Administrators specify an activation password. The BlackBerry smartphone user receives the activation information verbally so the BlackBerry smartphone user can activate the BlackBerry smartphone. Administrators can set a timeout period for the activation password. If the BlackBerry smartphone user does not activate the BlackBerry smartphone within that time period, the administrator must generate a new password. The administrator automatically generates an activation password in the BlackBerry Administration Service and sends it to the BlackBerry smartphone users email account on the messaging server. The BlackBerry smartphone user activates the BlackBerry smartphone using the information and the activationpassword contained in the email message.
128
716-02046-123 v1.0
Administrators can send activation passwords to a single BlackBerry smartphone user or to multiple BlackBerry smartphone users.
Click on a user account to send an activation password to a single BlackBerry smartphone user.
Click Manage multiple users to send activation passwords to multiple BlackBerry smartphone users.
After selecting a user account or multiple user accounts, the administrator can choose one of the following options:
Manually create an activation password and send an activation email message. Automatically generate an activation password and send an activation email message.
716-02046-123 v1.0
129
If the administrator selects Create a user with activation password, the following screen appears:
The administrator can specify the activation password and the number of hours before the password expires.
130
716-02046-123 v1.0
716-02046-123 v1.0
131
The administrator installs and configures a dedicated BlackBerry Router for activating BlackBerry smartphones over a Wi-Fi network. The administrator creates an activation password on the BlackBerry Enterprise Server for each BlackBerry smartphone user. The administrator provides the BlackBerry user with the activation password, credentials required for connection to the wireless access point, and BlackBerry Enterprise Server access information.
132
716-02046-123 v1.0
Limitations
Requires Wi-Fi connectivity information to be populated correctly on the BlackBerry smartphone prior to performing this type of activation Requires that wireless service providers allow this form of activation
716-02046-123 v1.0
133
Tasks
1. 2. Add Julie Palmer to the BlackBerry Enterprise Server. Activate a BlackBerry smartphone for Julie Palmer using the BlackBerry Administration Service.
Part 2
Nicole Lavigne requires a new BlackBerry smartphone but is out of the country. She has purchased a new BlackBerry smartphone and now requires that you activate it for her.
Tasks
1. 2. Determine what information you require in order to activate her BlackBerry smartphone over the wireless network. Prepare to activate Nicole Lavignes BlackBerry smartphone over the wireless network by setting the following criteria: Customize the activation message to say the following: Welcome to Plazmic Inc.! Please contact me if you have any issues with your activation. The BlackBerry Administration Service should create the activation password for you. Set the activation password expiration to 24 hours.
134
716-02046-123 v1.0
Review questions
1. Place an x in the box beneath the features of the corresponding BlackBerry smartphone activation method.
Large quantity of Wireless BlackBerry activation of smartphones Serial bypass BlackBerry activated at smartphones the same time
Using BlackBerry Administration Service Using BlackBerry Desktop Manager Using BlackBerry Web Desktop Manager Over the wireless network Over the enterprise Wi-Fi network 2.
Match the wireless activation stage with its definition. 1. 2. 3. 4. Activation Encryption verification Receiving services Slow synchronization
a.
The BlackBerry Enterprise Server verifies that the activation password is correct and generates a new permanent encryption key. Data is transferred between the BlackBerry smartphone and the BlackBerry smartphone users mailbox or the BlackBerry Enterprise Server.
b.
716-02046-123 v1.0
135
c.
The BlackBerry Policy Service receives a request to generate service books and sends out an IT policy update. The BlackBerry smartphone user is added to the BlackBerry Enterprise Server and the enterprise activation password is created. The BlackBerry smartphone user types an email address and the enterprise activation password on the BlackBerry smartphone and the BlackBerry smartphone generates an ETP.DAT message.
d.
3.
136
716-02046-123 v1.0
Answers
1. Place an x in the box beneath the features of the corresponding BlackBerry smartphone activation method.
Large quantity of Wireless BlackBerry activation of Serial smartphones BlackBerry bypass activated at smartphones the same time
Using BlackBerry Administration Service Using BlackBerry Desktop Manager Using BlackBerry Web Desktop Manager Over the wireless network Over the enterprise Wi-Fi network 2. x x
x x
x x
x x
Match the wireless activation stage with its definition. 1. 2. 3. 4. Activation: d Encryption verification: a Receiving services: c Slow synchronization: b
3.
716-02046-123 v1.0
137
138
716-02046-123 v1.0
716-02046-123 v1.0
Item
Email messaging system
Description
The email messaging system must be fully functional. BlackBerry smartphone users must be able to send and receive external SMTP email messages using their email applications. This includes a proper mail exchange record in DNS and the appropriate ports opened in the firewall. External email message delay should be less than ten minutes. The spam filter should not be blocking or modifying .dat attachments. The BlackBerry smartphone user must know the following information: The work email address The enterprise activation password
Wireless service provider Wireless network coverage (if using the wireless enterprise activation process)
To activate a BlackBerry smartphone, the BlackBerry smartphone must be provisioned by the wireless service provider for enterprise service. The wireless transceiver on the BlackBerry smartphone must be turned on. The BlackBerry smartphone must be in an area with sufficient wireless network coverage. This means that the wireless coverage level indicator shows one of the following identifiers: GPRS, EDGE, MIKE, NXTL, 1X-EV, 1X-EVDO, WLAN. The BlackBerry smartphone user must have an account on the BlackBerry Enterprise Server.
140
716-02046-123 v1.0
Item
BlackBerry smartphone
Description
BlackBerry smartphones based on Java must be running BlackBerry Device Software 4.0 or later. BlackBerry smartphones based on C++ must be running BlackBerry Device Software 2.7a or later. If using serial bypass, port 4101 must be open.
Organizations network
716-02046-123 v1.0
141
Data flow for the wired activation of a BlackBerry smartphone using the BlackBerry Administration Service
The following scenario outlines the data flow when activating a BlackBerry smartphone using the BlackBerry Administration Service.
1
BlackBerry Administration Service viewed through Microsoft Internet Explorer
11
12
13 4 10
9 8
BlackBerry Configuration Database
14 5
BlackBerry Administration Service BlackBerry Policy Service BlackBerry Synchronization Service BlackBerry Messaging Agent
15
BlackBerry Dispatcher BlackBerry Router
142
716-02046-123 v1.0
1. 2. 3. 4.
The JavaScript client requests BlackBerry smartphone PIN and capability information from the BlackBerry smartphone. The Microsoft ActiveX control receives the capability information from the BlackBerry smartphone. The JavaScript client receives the capability information and PIN from the Microsoft ActiveX control. The JavaScript client makes an SSL call to the BlackBerry Administration Service, providing the capability data and the PIN. The BlackBerry Administration Service starts the "Begin Wireline Activation" call. The BlackBerry Administration Service makes the necessary remote procedure call to the BlackBerry Messaging Agent, and generates a new master encryption key. The BlackBerry Messaging Agent sends the encryption key data to the BlackBerry Configuration Database. If using Microsoft Exchange, the BlackBerry Messaging Agent also sends the encryption key data to the BlackBerry smartphone users mailbox. If using IBM Lotus Domino, the BlackBerry Messaging Agent also sends the encryption key data to the BlackBerry profiles database.
5. 6.
7.
Note
8. The BlackBerry Administration Service retrieves the necessary data from the BlackBerry Configuration Database and constructs the service book and IT policy packets. Service book and IT policy packets are returned to the BlackBerry Administration Service. The BlackBerry Administration Service returns the service book and IT policy packets to the JavaScript client. The JavaScript client calls the Microsoft ActiveX control with the IT policy packets and the service book data, requesting that these be stored on the BlackBerry smartphone. The Microsoft ActiveX control stores the IT policy and service book data on the BlackBerry smartphone. Upon successful storage, the JavaScript client makes a second SSL call to the BlackBerry Administration Service, stating that the encryption key data was successfully installed on the BlackBerry smartphone.
9. 10. 11.
12. 13.
716-02046-123 v1.0
143
14. 15.
The BlackBerry Administration Service starts the "Complete Wireline Activation" call. The BlackBerry Administration Service makes the necessary remote procedure call to the BlackBerry Messaging Agent and starts the slow synchronization process on the BlackBerry smartphone.
144
716-02046-123 v1.0
14
BlackBerry Controller
13 12
11 10 3 2
8
Instant messaging server BlackBerry Messaging 7 Agent BlackBerry Attachment Service BlackBerry MDS Connection Service BlackBerry Dispatcher BlackBerry Router
6
Microsoft Exchange Server
Application server
716-02046-123 v1.0
145
Stage 1 Activation
1. A BlackBerry smartphone user is added to the BlackBerry Enterprise Server and an activation password is created.
Points of failure
Administrator, BlackBerry Messaging Agent, BlackBerry Configuration Database.
Symptom Cause Resolution
An administrator is unable to add the BlackBerry smartphone user to the BlackBerry Enterprise Server. An error has occurred. Please contact your System Administrator appears on the BlackBerry smartphone.
BlackBerry smartphone user data cannot be written to the BlackBerry Configuration Database due to a full transaction log. An activation password was not created. The activation password was not applied correctly.
Back up the BlackBerry Configuration Database or increase the size if needed. For additional information on how to perform this task, refer to the BlackBery Technical Solution Center at www.blackberry.com/support.
Create an activation password. Confirm that the correct activation password is listed in the BlackBerry smartphone user's properties. If the password is not present, verify that the Microsoft SQL Server permissions are correct. Make sure that there are no network connectivity issues on the Microsoft SQL Server, and then confirm that the correct MDAC version is being used.
2.
The BlackBerry smartphone user types the email address and activation password on the Enterprise Activation screen on the BlackBerry smartphone.
146
716-02046-123 v1.0
Points of failure
BlackBerry smartphone user, BlackBerry smartphone
Symptom Cause Resolution
An error has occurred. Please contact your System Administrator appears on the BlackBerry smartphone.
The BlackBerry smartphone user has typed an incorrect password on the Enterprise Activation screen.
The activation ETP.DAT email message has reached the BlackBerry smartphone users mailbox and the BlackBerry Enterprise Server has processed it, rejected the activation password, and sent the error message to the BlackBerry smartphone. The BlackBerry Enterprise Server will cancel the current activation password after four more unsuccessful activation attempts. The BlackBerry smartphone user must be issued a new activation password if the current one is cancelled. Create an activation password. Confirm that the correct activation password is listed in the BlackBerry smartphone user's properties. If the password is not present, verify that the Microsoft SQL Server permissions are correct. Make sure that there are no network connectivity issues on the Microsoft SQL Server, and then confirm that the correct MDAC version is being used.
The BlackBerry smartphone stops responding at the Activating status for 10 minutes. It may retry every 10 to 15 minutes, displaying a status of Retrying After 40 to 60 minutes, the process terminates, displaying the error message The server is not responding. Please contact your System Administrator.
An activation password was not created. The activation password set in the BlackBerry Administration Service was not applied correctly.
The BlackBerry smartphone users Messaging Agent is not scanning for email messages in the BlackBerry smartphone user's inbox. 3.
Remove and then add the BlackBerry smartphone user to the BlackBerry Enterprise Server. Restart the BlackBerry Dispatcher and the BlackBerry Controller, and then restart the BlackBerry Enterprise Server.
An activation email message is sent to the BlackBerry Infrastructure through the wireless network and sent to the BlackBerry smartphone users mailbox.
716-02046-123 v1.0
147
Points of failure
Wireless network, BlackBerry smartphone provisioning, BlackBerry smartphone users mailbox, messaging server, antivirus or spam scanning software
Symptom Cause Resolution
The BlackBerry smartphone stops responding at the Activating status for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying After 40 minutes, the process terminates, displaying the message The server is not responding. Please contact your System Administrator. During this stage, the activation email messages do not arrive in the BlackBerry smartphone users inbox.
The BlackBerry smartphone is in an area of insufficient wireless network coverage or is not provisioned for enterprise service.
Make sure that the BlackBerry smartphone is provisioned for enterprise service. Confirm that the BlackBerry smartphone has the correct signal type and signal strength for sending data. Test BlackBerry smartphone PIN messaging to confirm this. Send a test activation request to an external email account to confirm that the ETP.DAT activation email messages are being sent.
The BlackBerry smartphone user has typed an incorrect email address on the Enterprise Activation screen. The activation email message was moved to a folder other than the inbox. The BlackBerry smartphone users mailbox is full. The BlackBerry smartphone users email messages are being routed to a personal folder (.pst) or offline folder (.ost). The ETP.DAT email message is not reaching the BlackBerry smartphone users inbox because it is being deleted or modified by a virus scanning application.
The BlackBerry smartphone user must retry the enterprise activation process using the correct email address.
Make sure that there are no filtering rules in the messaging server or the email application that are moving the activation email message to a folder other than the inbox. Make sure that the BlackBerry smartphone users mailbox receives email messages. Make sure that the BlackBerry smartphone users email application is configured to leave copies of email messages on the messaging server. Personal and offline folders are inaccessible to the BlackBerry Enterprise Server, causing the enterprise activation process to fail. Make sure that the organizations antivirus software is not rejecting the activation email message and the corresponding ETP.DAT attachment is not being deleted, flagged, or modified.
148
716-02046-123 v1.0
Symptom
Cause
Resolution
The ETP.DAT attachment is not reaching the BlackBerry smartphone users inbox because it is being identified as spam.
Make sure that the organizations firewall is not filtering email messages from the blackberry.net domain. Make sure that the organizations antispam software is not flagging the activation email message and modifying its title, contents, or ETP.DAT attachment. Make sure that the BlackBerry smartphone users email application is not moving the activation email message to the default junk email message folder. Remove the second BlackBerry smartphone user from the BlackBerry Enterprise Server. When the first BlackBerry smartphone user completes the enterprise activation process, add the second BlackBerry smartphone user to the BlackBerry Enterprise Server again. Before starting the enterprise activation process, turn off email message forwarding until the BlackBerry smartphone user has completed the enterprise activation process.
A BlackBerry smartphone user forwards email messages to a second BlackBerry smartphone user and the ETP.DAT activation email message is sent to both BlackBerry smartphone users. When the BlackBerry Enterprise Server scans all BlackBerry smartphone users mailboxes, it cannot determine which BlackBerry smartphone user is using the BlackBerry smartphone because the ETP.DAT message was sent to two accounts.
Points of failure
BlackBerry Messaging Agent
716-02046-123 v1.0
149
5.
The BlackBerry Enterprise Server recognizes the ETP.DAT email message and starts the enterprise activation process. Note: At this point, the activation email messages with the ETP.DAT attachments are continuously delivered to the BlackBerry smartphone users mailbox.
Note
Points of failure
Messaging server, BlackBerry Messaging Agent 6. The BlackBerry Enterprise Server generates the public key authentication information.
Points of failure
BlackBerry smartphone user, Enterprise Service Policy
Symptom Cause Resolution
An error has occurred. Please contact your system administrator appears on the BlackBerry smartphone.
The BlackBerry smartphone user has typed an incorrect activation password on the Enterprise Activation screen.
The activation ETP.DAT email message has reached the BlackBerry smartphone users mailbox and the BlackBerry Enterprise Server has processed it, rejected the activation password, and sent the error message to the BlackBerry smartphone. Make sure that the BlackBerry smartphone user is typing the most upto-date activation password. Reset the password if needed before retrying the enterprise activation process.
The Enterprise Service Policy is limiting which BlackBerry smartphones are activated on the BlackBerry Enterprise Server.
Make sure that the Enterprise Service Policy allows the BlackBerry smartphone to be activated on the BlackBerry Enterprise Server. Allow the BlackBerry smartphone PIN or disable the Enterprise Service Policy if needed. For more information about the Enterprise Service Policy, efer to the BlackBery Technical Solution Center at www.blackberry.com/support.
150
716-02046-123 v1.0
Symptom
Cause
Resolution
The BlackBerry smartphone stops responding at the Activating status for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying After 40 minutes, the process terminates, displaying the message The server is not responding. Please contact your System Administrator.
The BlackBerry Enterprise Server service account does not have the correct permissions to access the BlackBerry smartphone user's mailbox and retrieve the ETP.DAT activation email message.
Make sure that the permissions for the BlackBerry Enterprise Server service account are properly configured according to the BlackBerry Enterprise Server for Microsoft Exchange Installation Guide. The ETP.DAT activation email message must arrive in the BlackBerry smartphone users mailbox before the BlackBerry Enterprise Server service account is notified that the email message has been received.
7.
Points of failure
BlackBerry smartphone
Points of failure
BlackBerry smartphone 9. The BlackBerry Enterprise Server generates a master encryption key.
Points of failure
BlackBerry Messaging Agent, BlackBerry Configuration Database 10. The BlackBerry Enterprise Server sends the IT policy and service books to the BlackBerry smartphone.
716-02046-123 v1.0
151
Points of failure
BlackBerry smartphone, BlackBerry Policy Service, BlackBerry Configuration Database
Symptom Cause Resolution
The BlackBerry Policy Service is not started or not responding. The BlackBerry smartphone is rejecting the IT policy.
Make sure that the BlackBerry Policy Service is started or restart the service if needed. The BlackBerry smartphone user must delete all data using the Security Wipe option on the BlackBerry smartphone to allow the new BlackBerry Enterprise Server to overwrite the IT policy from a previous BlackBerry Enterprise Server. Restart the BlackBerry Policy Service and retry the enterprise activation process.
The BlackBerry Policy Service is not able to create the service books or IT policy. IT Policy Rejected. Please wipe handheld and try again appears on the BlackBerry smartphone. The BlackBerry smartphone was previously active on another BlackBerry Enterprise Server and has a conflicting IT policy. This occurs when the previous BlackBerry Enterprise Server and the current BlackBerry Enterprise Server do not share the same BlackBerry Configuration Database. 11.
Send a blank IT policy to the affected BlackBerry smartphone to delete any existing IT policy settings.
The enterprise activation process is complete and the slow synchronization process begins.
Points of failure
BlackBerry Messaging Agent 13. The rest of the synchronization process takes place.
152
716-02046-123 v1.0
Points of failure
BlackBerry smartphone, BlackBerry Synchronization Service, BlackBerry Configuration Database, BlackBerry smartphone users mailbox
Symptom
The enterprise activation process only completes the synchronization of the Calendar database.
Cause
The BlackBerry Synchronization Service is not started or not responding.
Resolution
Make sure that the BlackBerry Synchronization Service is started or restart the service if needed. Make sure that Microsoft XML Parser is installed. See the BlackBerry Enterprise Server for Microsoft Exchange Installation Guide for details. Make sure that each contact entry has specified a first name, last name, or company name. When a contact entry is missing information in all three fields, the entry is not synchronized and this error message is displayed on the BlackBerry smartphone. Make sure that the IT policy allows for wireless synchronization of organizer data applications.
Not all databases synchronized successfully - Address Book appears on the BlackBerry smartphone. Organizer data databases are not synchronized after the enterprise activation process has finished.
Due to requirements for contacts information, some entries in the Address Book application may have been skipped. The IT policy is disabling wireless bulk load, organizer data synchronization, or individual organizer data applications. The BlackBerry Enterprise Server has network connectivity or database engine errors that prevent the enterprise activation process from finishing properly.
Make sure that there are no network connectivity issues between the BlackBerry Enterprise Server and the BlackBerry Configuration Database.
716-02046-123 v1.0
153
Symptom
The enterprise activation process stops responding and the slow synchronization process is not able to complete.
Cause
The BlackBerry Enterprise Server has network connectivity problems or Microsoft SQL Server errors. Content protection is enabled on the BlackBerry smartphone.
Resolution
Make sure that the Microsoft SQL Server is online and accessible.
Turn off content protection before starting the enterprise activation process. Install the latest BlackBerry Enterprise Server software version (including the current service pack or hotfix). If multiple slow synchronization process attempts are made simultaneously, it may take a long time to complete or the process may time out (depending on BlackBerry Enterprise Server load and messaging server performance). Restore the Desktop [SYNC] service book. On the BlackBerry smartphone, complete the following steps: 1. 2. 3. 4. Go to Options > Advanced Options > Service Book. Click Desktop [Sync]. Display the menu and click Delete. Display the menu again and click Undelete.
Multiple BlackBerry smartphone users are attempting the slow synchronization process simultaneously. The Desktop [SYNC] service book is corrupted.
154
716-02046-123 v1.0
Administrators can search for specific activation criteria on the following screen:
716-02046-123 v1.0
155
After searching for a user account, administrators can view the following information about the BlackBerry smartphone users activation:
The State field tracks the state of the activation and displays one of the following:
The Description field provides more information on the state of each component
Password Set: The activation password has been set by the administrator. Ongoing: The portion of the activation associated with that BlackBerry Enterprise Server component is in progress. Completed: The portion of the activation associated with that BlackBerry Enterprise Server component has completed. Failed: The portion of the activation associated with that BlackBerry Enterprise Server component has failed.
156
716-02046-123 v1.0
Using these statistics, provide possible causes for the failed activation.
716-02046-123 v1.0
157
158
716-02046-123 v1.0
BlackBerry Instant Messaging Connector BlackBerry MDS Integration Services - Apache Tomcat Service
If using BlackBerry Enterprise Server for Microsoft Exchange, check that the Administer Information Store permission has been granted to the BlackBerry Enterprise Server service account by using the IEMSTest utility. To make sure that the BlackBerry Enterprise Server service account has been granted all the required permissions in Microsoft Exchange, use the Exchange System Manager or Exchange Management Shell tools. To make sure that the BlackBerry Policy Service and BlackBerry Synchronization Service are started, go to Start > Run and type services.msc. The Status column should list these services as Started. If a BlackBerry smartphone is disconnected from the computer during a wired enterprise activation, the enterprise activation process will continue if the BlackBerry smartphone is in an area of wireless network coverage.
716-02046-123 v1.0
159
2.
You receive a report that the enterprise activation process has failed for a single BlackBerry smartphone user. Upon investigation, you find that the BlackBerry smartphone user is in a remote location and his email application is configured to redirect email messages to a .pst file. Explain how this affects the activation process and what must be done to resolve the issue.
160
716-02046-123 v1.0
3.
You receive a report from a BlackBerry smartphone user who says that the enterprise activation process has stopped at Waiting for services... Upon investigation, you find that the BlackBerry smartphone user has already deleted all data using the Security Wipe option on the BlackBerry smartphone but continues to receive the same issue when retrying the enterprise activation process. Explain the possible cause for this issue and what must be done to resolve it.
4.
You receive a report that a BlackBerry smartphone user is attempting to activate her BlackBerry smartphone on a BlackBerry Enterprise Server but does not see an Enterprise Activation icon on her BlackBerry smartphone. Explain possible causes for this issue and what must be done to resolve it.
716-02046-123 v1.0
161
5.
Complete the following table. Refer to the BlackBerry Technical Solution Center for additional information if necessary.
Discussion
Scenario
Action
Delete all data using the Security Wipe option on the BlackBerry smartphone and retry the enterprise activation process.
If the BlackBerry smartphone was previously activated on a different BlackBerry Enterprise Server, the new IT policy cannot be applied until the BlackBerry smartphone user deletes all data on the BlackBerry smartphone using the Security Wipe option.
The activation email message displays the tag SCANNED in the Subject line.
The enterprise activation process only completes the synchronization of the Calendar database.
162
716-02046-123 v1.0
Scenario
Action
Discussion
Not all databases synchronized successfully Address Book appears on the BlackBerry smartphone during the slow synchronization stage.
716-02046-123 v1.0
163
Review questions
1. Complete the following enterprise activation prerequisites checklist.
164
716-02046-123 v1.0
2.
For each question listed in the following table, identify any actions that must be taken to retrieve the required information, and the reason for asking a particular question.
Question
1. Has the BlackBerry smartphone user typed the correct email address and activation password in the Enterprise Activation screen on the BlackBerry smartphone? Did the organizations firewall, antivirus, or spam filter software modify the enterprise activation request email message? Does the BlackBerry smartphone user have inbox rules that may have filed the activation request email message in a personal folder (.pst)?
Action
Discussion
2.
3.
716-02046-123 v1.0
165
Answers
Troubleshooting enterprise activation issues
1. This is not a supported configuration for the BlackBerry Enterprise Server. The MAPI subsystem installed with Microsoft Outlook is not sufficient for the BlackBerry Enterprise Server to process the activation email message or perform other functions such as email messaging and wireless calendar synchronization. The administrator should remove Microsoft Outlook and install the appropriate MAPI subsystem, as well as verify that all other BlackBerry Enterprise Server prerequisites are met. The administrator should also recreate the MAPI profiles once the correct MAPI subsystem is in place. For information on how to do this, refer to the BlackBerry Technical Solution Center. For more information about BlackBerry Enterprise Server software prerequisites, refer to the BlackBerry Enterprise Server Installation Guide. If the BlackBerry Enterprise Server software is installed on the same computer as the Microsoft Exchange Server, it is recommended that you contact Microsoft support to safely remove Microsoft Outlook.
Note
2.
The BlackBerry Enterprise Server must have access to the BlackBerry smartphone users mailbox to monitor and redirect email messages. If the BlackBerry smartphone users email messages are delivered to a .pst file (personal folder), the BlackBerry Enterprise Server is not able to find the activation email message and start the enterprise activation process. The BlackBerry smartphone user should configure the email application to leave a copy of the email message on the messaging server so that the BlackBerry Enterprise Server can access it. The BlackBerry Policy Service is not running or not responding, or there is an incorrect version of Microsoft XML Parser installed on the BlackBerry Enterprise Server. Make sure that Microsoft XML Parser is installed. See the BlackBerry Enterprise Server Installation Guide for details. The BlackBerry Policy Service must be started or restarted and the BlackBerry smartphone user must retry the enterprise
3.
166
716-02046-123 v1.0
activation process to receive the IT policy and service books and finish the enterprise activation process. 4. This occurs when the BlackBerry smartphone has previously been activated. The BlackBerry smartphone user can access the Enterprise Activation screen at any time on the BlackBerry smartphone by selecting Options > Advanced Options > Enterprise Activation. Another reason she cannot see the Enterprise Activation icon is that the BlackBerry smartphone is not provisioned for enterprise service. To determine if this is the case, select Options > Advanced Options. If the menu item Enterprise Activation is not available, the BlackBerry smartphone is not provisioned for enterprise service. 5.
Scenario Action
Delete all data using the Security Wipe option on the BlackBerry smartphone and retry the enterprise activation process.
If the BlackBerry smartphone was previously activated on a different BlackBerry Enterprise Server, the new IT policy cannot be applied until the BlackBerry smartphone user deletes all data on the BlackBerry smartphone using the Security Wipe option. When the activation email message or the ETP.DAT attachment are modified, the BlackBerry Messaging Agent fails to identify the email message as an activation request and it will not start the enterprise activation process. The BlackBerry Synchronization Service takes over the enterprise activation process after the synchronization of the Calendar database is complete and performs a wireless backup and restore of the BlackBerry smartphone, as well as the slow synchronization of the remaining organizer databases. When the BlackBerry Synchronization Service is not started, the enterprise activation process stops at this point.
The activation email message displays the tag SCANNED in the Subject line.
Make sure that the activation email message and the ETP.DAT attachment are not modified by the organizations antivirus or antispam software.
The enterprise activation process only completes the synchronization Calendar database.
Make sure that the BlackBerry Synchronization Service is started and restart it if needed. If the BlackBerry Synchronization Service fails to start, make sure that the appropriate Microsoft XML Parser is installed in the BlackBerry Enterprise Server environment.
716-02046-123 v1.0
167
Scenario
Action
Discussion
Not all databases synchronized successfully Address Book appears on the BlackBerry smartphone during the slow synchronization stage.
Make sure that all contact entries have a first name, a last name, or a company name.
Each contact requires a first name, a last name, or a company name. If a contact is missing values in all three fields, the entry is skipped and this error message appears on the BlackBerry smartphone.
168
716-02046-123 v1.0
Review questions
1.
716-02046-123 v1.0
169
2.
For each question listed in the following table, identify any actions that must be taken to retrieve the required information, and the reason for asking a particular question.
Question
1. Has the BlackBerry smartphone user typed the correct email address and password in the activation screen on the BlackBerry smartphone?
Action
Check if there is an error message on the Enterprise Activation screen on the BlackBerry smartphone. Verify that the BlackBerry smartphone user has not typed the activation password with the Caps Lock on. Verify that the BlackBerry smartphone user did not have issues typing the activation password on a BlackBerry smartphone with SureType technology turned on. Make sure that the SIM card is provisioned. Have the BlackBerry smartphone user type another email address and password. The email address could be the administrators address.
Discussion
If the BlackBerry smartphone user types the wrong activation password, an activation failed error message is received on the BlackBerry smartphone. If the wrong email address is typed, the email message generated by the BlackBerry Infrastructure is not successfully delivered to the BlackBerry smartphone users mailbox on the messaging server. By typing another email address, the ETP.DAT activation email message should be sent to that address and the administrator can confirm that the email message was received.
170
716-02046-123 v1.0
Question
2. Did the organizations firewall, antivirus, or spam filter software modify the enterprise activation request email message?
Action
Verify that .dat files are not being blocked by the firewall. Send an email message with a .dat file attachment to the BlackBerry smartphone. Verify that the email message arrives in the BlackBerry smartphone users mailbox.
Discussion
3.
Does the BlackBerry smartphone user have inbox rules that may have filed the activation request email message in a personal folder (.pst)?
The BlackBerry Enterprise Server only scans the inbox for the activation request email message.
716-02046-123 v1.0
171
172
716-02046-123 v1.0
716-02046-123 v1.0
174
716-02046-123 v1.0
The following table describes the conditions that can be configured for email message filters.
Condition
From
Description
The BlackBerry Enterprise Server filters email messages with the email addresses listed in the From field. Note: Separate multiple email addresses with a semicolon. Add a *@ before the email address if using wild cards.
Note: Sent To
The BlackBerry Enterprise Server filters email messages with the email addresses listed in the Sent To field. Note: Separate multiple email addresses with a semicolon. Add a *@ before the email address if using wild cards.
The BlackBerry Enterprise Server filters email messages with the specified text in the Subject field. The BlackBerry Enterprise Server filters email messages with the specified text in the body of the email message. The BlackBerry Enterprise Server filters email messages according to the selected recipient types. Sent directly to me CC: to me BCC: to me
Importance
The BlackBerry Enterprise Server filters email messages with the selected levels of importance. Low Normal High
716-02046-123 v1.0
175
Condition
Sensitivity
Description
The BlackBerry Enterprise Server filters email messages with the selected degrees of sensitivity. Normal Personal Private Confidential
Do not forward email messages to the device Forward email messages to the device
When selected, email messages with the criteria defined in the filter are not forwarded to the BlackBerry smartphone. When selected, email messages with the criteria defined in the filter are forwarded to the BlackBerry smartphone. The following criteria can be further defined: Forward with Level 1 notification Forward header only
176
716-02046-123 v1.0
716-02046-123 v1.0
177
Tasks
1. Create a server-level filter to make sure that email messages from Ian Dundas always go to the employees BlackBerry smartphones. A policy states that if an employee is going to send a personal email message to the entire organization, NO BB must be added to the subject line. The BlackBerry Enterprise Server can then filter personal email messages and prevent them from being delivered to the BlackBerry smartphones. Create a server-level filter to accomplish this. Create a filter for the following user accounts that forwards email messages with Request for Approval in the subject line to the BlackBerry smartphone with a Level 1 notification: Ian Dundas Mika Ilvonen Matthew Taylor Justin Jones
2.
3.
Export the filter. Import and apply the filter to Ian Dundas.
178
716-02046-123 v1.0
Mapping address book fields for synchronization and address book lookups
By default, the BlackBerry Enterprise Server maps certain fields in contacts entries on the messaging server to fields on a BlackBerry smartphone during wireless organizer data synchronization. Administrators can change these mappings and determine which fields appear in lookup results and which address book fields are synchronized between the messaging server and the BlackBerry smartphone. Up to four of these fields can be user-defined. Administrators can create the following types of field mappings on the BlackBerry Enterprise Server:
Description
Address book field mappings apply to specific user accounts. To access this type of field mapping in the BlackBerry Administration Service, go to User > Manage users > Edit user (username) > Edit message settings > Mappings for organizer data synchronization
Server
Address book field mappings apply to all BlackBerry smartphone users on the BlackBerry Enterprise Server. To access this type of field mapping in the BlackBerry Administration Service, go to BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization
Field mappings set at a BlackBerry smartphone user level override field mappings set at the BlackBerry Domain level.
716-02046-123 v1.0
179
The following screenshot shows some of the field mapping options at the global level:
Discussion: Why would an organization want to change address book field mapping options?
180
716-02046-123 v1.0
Using wireless organizer data synchronization, BlackBerry smartphone users do not need to connect their BlackBerry smartphones to their computers to synchronize organizer data. By default, wireless organizer data synchronization is turned on for the BlackBerry Enterprise Server. Administrators can configure wireless organizer data synchronization at the following two levels:
Level
User
Description
Wireless organizer data synchronization settings apply to specific user accounts. To access these wireless organizer data synchronization settings in the BlackBerry Administration Service, go to User > Manage users > Edit user (username) > Default configuration > Organizer data synchronization
Server
Wireless organizer data synchronization settings apply to all BlackBerry smartphone users on the BlackBerry Enterprise Server. To access these wireless organizer data synchronization settings in the BlackBerry Administration Service, go to BlackBerry Solution topology > BlackBerry Domain > Component view > Synchronization
716-02046-123 v1.0
181
Administrators can manage the following wireless organizer data synchronization settings at the user level:
182
716-02046-123 v1.0
Administrators can manage the following wireless organizer data synchronization settings at the server level:
716-02046-123 v1.0
183
the issue is likely with the BlackBerry smartphone user configuration. If the BlackBerry Enterprise Server is not writing organizer data for a user account from a BlackBerry smartphone to the BlackBerry Configuration Database correctly, the organizer data on the BlackBerry Enterprise Server might be corrupted. Administrators can delete the organizer data from the BlackBerry Enterprise Server to force BlackBerry smartphones to synchronize the current organizer data with the BlackBerry Enterprise Server.
184
716-02046-123 v1.0
Tasks
1. Change the following settings for Leticia Lopez Tovars account: Turn off certificate summary data synchronization. Memos should be set so that data is synchronized from the BlackBerry smartphone to the BlackBerry Enterprise Server only. Tasks should be set so the BlackBerry smartphone wins if there is a conflict between the BlackBerry smartphone and the BlackBerry Enterprise Server.
2.
716-02046-123 v1.0
185
186
716-02046-123 v1.0
After selecting the user account, the administrator must click Default configuration.
On the Services tab, administrators can manage the following email message redirection settings for the selected user account:
716-02046-123 v1.0
187
On the E-mail tab, administrators can manage the following email message redirection settings for the selected user account:
5. 6. 7. 8.
188
716-02046-123 v1.0
Tasks
1. Ian Dundas is travelling in an area without wireless network coverage and does not require email message redirection right now. To manage network resources, turn off email message redirection when the BlackBerry smartphone is connected to the following BlackBerry smartphone users computers: Hitoshi Hishikura Nicole Lavigne Lou Sicoli
2.
716-02046-123 v1.0
189
190
716-02046-123 v1.0
Solution topology > BlackBerry Domain > Component view > Email and then selecting the instance to change.
The following diagram shows the wireless email message reconciliation options on the Messaging tab:
716-02046-123 v1.0
191
When hard delete support is turned on, the BlackBerry Dispatcher must be restarted for the setting to take effect.
Note
192
716-02046-123 v1.0
Use the BlackBerry Messaging Agent logs to troubleshoot issues with reconciliation of hard-deleted email messages.
716-02046-123 v1.0
193
Note
Administrators can control these options by clicking Servers and components > BlackBerry Solution topology > BlackBerry Domain > Component view > Email and then selecting the instance to change.
194
716-02046-123 v1.0
The following diagram shows the remote email message access options on the Messaging tab.
716-02046-123 v1.0
195
Note
Discussion: Why would an organization choose to turn off support for rich content and inline images?
Administrators can turn rich content and inline content on or off by clicking Servers and components > BlackBerry Solution topology > BlackBerry Domain > Component view > Email and then selecting the instance to change.
196
716-02046-123 v1.0
The following diagram shows the rich content and inline images options on the Messaging tab.
Tips for managing email messages with HTML and rich content
BlackBerry smartphone users can also turn support for rich content and inline images on or off on their BlackBerry smartphones. To determine if support for this content is turned on or off, search for the BlackBerry smartphone user, click Default configuration, and view the following settings:
Administrators can also prevent the BlackBerry Enterprise Server from sending email messages with HTML and rich
716-02046-123 v1.0
197
content or inline images to BlackBerry smartphone users by modifying the following IT policy rules: To turn off rich content formatting, set Disable Rich Content Email to True. To turn off inline images, set Inline Content Requests to Disabled.
198
716-02046-123 v1.0
716-02046-123 v1.0
199
The following diagram shows the disclaimer options on the Messaging tab:
200
716-02046-123 v1.0
After clicking Default configuration, these options are located on the Email tab.
716-02046-123 v1.0
201
Tasks
1. All email messages sent from all BlackBerry smartphones must have the following appended disclaimer: This email and any files transmitted with it are confidential and intended solely for the intended recipient. 2. Andrew Paterson must have the following appended disclaimer: Please notify the sender immediately if you have received this email by mistake and delete this email from your system. This disclaimer must appear after the server level disclaimer. 3. Ian Dundas must have the following prepended disclaimer: Forwarding or copying this email message is strictly prohibited. 4. Elliot Fung must have the following signature: For more information on Plazmic products, visit www.plazmic.com.
202
716-02046-123 v1.0
Administrators can manage folder synchronization by clicking BlackBerry solution management > Manage users and then searching for the user account to manage.
716-02046-123 v1.0
203
After clicking Default configuration, these options are located on the Email tab in BlackBerry Enterprise Server for Microsoft Exchange.
The following option is available in BlackBerry Enterprise Server for IBM Lotus Domino:
Administrators can also set the maximum number of public contact folders that BlackBerry smartphone user can synchronize with from the server level.
204
716-02046-123 v1.0
The following option is available in BlackBerry Enterprise Server for Microsoft Exchange:
The following option is available in BlackBerry Enterprise Server for IBM Lotus Domino:
716-02046-123 v1.0
205
Review questions
1. What is the purpose of email message filters?
2. 3.
Administrators can create email message filters at the ___________ and _________ levels. List four conditions that can be configured for email message filters.
4.
True or false? Administrators can change which fields appear in address book lookup results and which address book fields are synchronized between the messaging server and the BlackBerry smartphone.
5.
Describe the purpose of the following fields for managing wireless organizer data synchronization: Synchronization type Conflict resolution
6.
True or false? When an administrator turns off email message redirection, the affected BlackBerry smartphone users cannot send or receive email messages on their BlackBerry smartphones.
206
716-02046-123 v1.0
7.
True or false? Wireless email message reconciliation can be turned off at both the server level and the user level.
8.
716-02046-123 v1.0
207
Answers
Answers
1. Email message filters determine the actions that the BlackBerry Enterprise Server takes if incoming email messages match specific criteria: forward, forward with priority, or do not forward to BlackBerry smartphones. Administrators can create email message filters at the user and server levels. Any four of the following: 4. 5. True. Synchronization type sets the direction of organizer data synchronization. Choices are Server to Device, Device to Server or Bidirectional. Conflict resolution sets how conflicts that occur during organizer data synchronization are resolved. Choices are Server Wins or Device Wins. 6. False. When an administrator turns off email message redirection, the affected BlackBerry smartphone users can send email messages from their BlackBerry smartphones but cannot receive email messages. False. Wireless email reconciliation can only be turned off at the server level. A hard delete occurs when BlackBerry smartphone users use the Shift-Delete key combination in their work email applications to delete an item. From Sent To Subject Body Recipient type Importance Sensitivity Do not forward email messages to the device Forward email messages to the device
2. 3.
7. 8.
208
716-02046-123 v1.0
716-02046-123 v1.0
If the delivery mode is wireless, the BlackBerry Administration Service creates a deployment job.
Based on deployment job scheduling and throttling settings, the BlackBerry Administration Service executes each deployment job task of the deployment job. The object is delivered to the BlackBerry smartphones.
Deployment jobs consist of one or more related deployment job tasks. Each deployment job task delivers one object to one BlackBerry smartphone over the wireless network.
210
716-02046-123 v1.0
The following diagram shows a simplified example of a deployment job with related deployment job tasks:
In the Deployment jobs menu, administrators can change the default settings that control how the BlackBerry Administration Service creates deployment jobs and delivers deployment job tasks to BlackBerry smartphones. Administrators can also change the default settings that the BlackBerry Administration Service uses to deliver IT policies, BlackBerry Java Applications, BlackBerry Device Software, and
716-02046-123 v1.0
211
Administrators can use deployment job settings to determine how deployment jobs are completed. This allows organizations to manage system resources and job scheduling.
212
716-02046-123 v1.0
Setting
Default delay
Description
The amount of time the BlackBerry Administration Service waits before processing a deployment job The number of days that the BlackBerry Administration Service waits before defining a job as failed The number of days that the BlackBerry Administration Service waits before deleting a failed or successfully completed job
Default value
15 minutes
Mark as failed
30 days
Purge job
7 days
Setting
Scheduled deployment days
Description
The days when IT policy deployment tasks can occur
Default values
All days
716-02046-123 v1.0
213
Setting
Start time
Description
The start time in the time window that IT policy deployment tasks can occur The end time in the time window that IT policy deployment can occur
Default values
All day
End time
All day
Setting
Maximum number of simultaneous tasks per BlackBerry Administration Service instance
Description
The maximum number of IT policy tasks that the BlackBerry Adminstration Service instance processes simultaneously
Default value
1000
214
716-02046-123 v1.0
Setting
Maximum number of simultaneous tasks per BlackBerry Administration Service instance Total number of tasks per time window per BlackBerry Administration Service instance
Description
The maximum number of IT policy tasks that the BlackBerry Adminstration Service instance processes simultaneously The total number of IT policy tasks that the BlackBerry Administration Service instance processes during each time window
Default value
25
150
Application distribution settings, BlackBerry Device Software distribution settings, and BlackBerry Device Software application distribution settings share the same tabs as the IT policy settings.
716-02046-123 v1.0
215
Status
Ready to run Running Task delivery complete
Description
A deployment job task is waiting to run. Deployment job tasks are currently running. All deployment job tasks have been delivered to the intended BlackBerry smartphones. The BlackBerry Administration Service is waiting for responses from the associated BlackBerry smartphones.
216
716-02046-123 v1.0
Status
Completed with no task failure
Description
All the BlackBerry smartphones have responded that a deployment job has completed without errors. One or more BlackBerry smartphones have responded that a deployment job has completed but with a failure.
Status
Ready to Deliver
Description
The BlackBerry Administration Service is ready and waiting to execute this deployment job task. The BlackBerry Administration Service is not currently able to execute this deployment job task because it is waiting on a dependent deployment job task to complete. This deployment job task is redundant and no longer needs to be executed.
Optimized out
716-02046-123 v1.0
217
Status
Pending Result
Description
The status of the deployment job task is pending. The BlackBerry Administration Service is waiting for a response from the associated BlackBerry smartphones. The BlackBerry smartphone has responded that the deployment job task has successfully completed. The BlackBerry Administration Service is ready to retry a deployment job task with a previous status of Retriable failure. The deployment job task has failed but can be retried. The BlackBerry smartphone has responded that the deployment job task has failed to complete. The deployment job task has failed because another dependent deployment job task has failed. An administrator has forced the deployment job task to fail.
Success
Ready to retry
Dependency Failure
Manual Failure
218
716-02046-123 v1.0
Tasks
Change the default delay for each deployment job to be 10 minutes. Change the deployment days for BlackBerry Device Software application distribution to be Saturday and Sunday only. Change the deployment time for BlackBerry Device Software application distribution to be from 5 pm to 6 am.
716-02046-123 v1.0
219
Review questions
1. The BlackBerry Administration Service creates deployment jobs after an administrator performs which tasks?
2.
Administrators can change the default settings that the BlackBerry Administration Service uses to deliver which deployment tasks?
220
716-02046-123 v1.0
Answers
1. The BlackBerry Administration Service creates deployment jobs when an administrator performs one of the following tasks: 2. Creates a software configuration and assigns it to user accounts Changes a software configuration that is already assigned to user accounts Assigns or changes an IT policy Updates BlackBerry Device Software over the wireless network
Administrators can change the default settings that the BlackBerry Administration Service uses to deliver IT policies, BlackBerry Java Applications, BlackBerry Device Software, and standard application settings to BlackBerry smartphones.
716-02046-123 v1.0
221
222
716-02046-123 v1.0
Introducing IT policies
Objectives
Discuss the purpose of IT policies List and describe the preconfigured IT policies Describe how to create IT policies Describe how to copy IT policies Explain how to import and export IT policy data Describe how to resend IT policies Explain how conflicting IT policies are reconciled Identify tips for troubleshooting IT policy issues
716-02046-123 v1.0
Introducing IT policies
About IT policies
An IT policy is a collection of rules an administrator uses to set functionality for the BlackBerry smartphone and BlackBerry Desktop Software. These rules can define many options, including how email messages are handled, and which features the BlackBerry smartphone user can use. BlackBerry smartphone users can be assigned a customized IT policy instead of a preconfigured IT policy, but each BlackBerry smartphone user can only be resolved to one IT policy at a time. The BlackBerry Enterprise Server software includes the following preconfigured IT policies that administrators can change to create IT policies that meet the requirements of the organization.
Preconfigured IT policy
Default
Description
This IT policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server. Similar to the Default IT policy, this IT policy also requires that BlackBerry smartphone users set a basic password on their BlackBerry smartphones. BlackBerry smartphone users must change their passwords regularly. This IT policy includes a security timeout that locks the BlackBerry smartphone after a period of inactivity. Similar to the Default IT policy, this IT policy also requires that BlackBerry smartphone users set a complex password on their BlackBerry smartphones. BlackBerry smartphone users must change their passwords at regular intervals. This IT policy includes a maximum password history and turns off Bluetooth technology on the BlackBerry smartphone.
224
716-02046-123 v1.0
Introducing IT policies
Preconfigured IT policy
Medium Security with No 3rd Party Applications
Description
Similar to the Medium Password Security, this IT policy requires a complex password that a BlackBerry smartphone user must change frequently, a security timeout that locks the BlackBerry smartphone after a period of inactivity, and a maximum password history. This IT policy prevents BlackBerry smartphone users from making BlackBerry smartphones discoverable by other Bluetooth enabled devices and turns off the ability to download third-party applications. Similar to the Default IT policy, this IT policy also requires a complex password that a BlackBerry smartphone user must change frequently, a security timeout that locks the BlackBerry smartphone after a period of inactivity, and a maximum password history. This IT policy restricts Bluetooth technology on the BlackBerry smartphone, turns on strong content protection, turns off USB mass storage, and requires the BlackBerry smartphone to encrypt external file systems.
Advanced Security
With the exception of the Default IT policy, It is recommended that administrators do NOT change the preconfigured IT policies. Consider the preconfigured IT policies to be templates. The Default IT policy that is assigned at the BlackBerry Domain level should be modified with the settings that the organization requires for BlackBerry smartphone users resolved to the Default IT policy. IT policy rules appear in the BlackBerry Administration Service in IT policy groups. Each IT policy group tab contains rules that can control common properties or applications on BlackBerry smartphones. The
716-02046-123 v1.0
225
Introducing IT policies
following diagram shows the IT policy tabs and the IT policy rules for the BlackBerry Messenger group:
For a full list of available IT policies, refer to the BlackBerry Enterprise Server Policy Reference Guide in the BlackBerry Technical Solution Center.
IT policy distribution
IT policies are a function of the BlackBerry Domain. As a result, the same IT policies are available to all BlackBerry smartphone users within the organization, whether they reside on the same or separate BlackBerry Enterprise Server instances. Administrators can set IT policies at the user account or group levels. The Default IT policy is automatically assigned to the BlackBerry Domain. IT policy settings are synchronized and assigned to the BlackBerry smartphone wirelessly. As a result, administrators who need to facilitate large deployments of BlackBerry smartphones can easily change IT policies on an organization-wide level without BlackBerry smartphone users having to connect their BlackBerry smartphones to their computers.
226
716-02046-123 v1.0
Introducing IT policies
Creating IT policies
Creating a new IT policy
Administrators can create a new IT policy by clicking BlackBerry solution management > Policy > Create an IT policy.
Next, the administrator must type a name and an optional description and click Save.
The administrator can begin assigning IT policy rules by clicking on the IT policy name and then clicking Edit IT policy.
716-02046-123 v1.0
227
Introducing IT policies
228
716-02046-123 v1.0
Introducing IT policies
From the list of IT policies, the administrator must click on the IT policy to copy and then click Copy IT policy.
716-02046-123 v1.0
229
Introducing IT policies
Administrators can export IT policy data by clicking BlackBerry solution management > Policy > Manage IT policies.
To import IT policy data, administrators must click Import IT policy list. To export IT policy data, administrators must click Export IT policy list.
230
716-02046-123 v1.0
Introducing IT policies
716-02046-123 v1.0
231
Introducing IT policies
Assigning IT policies
Assigning an IT policy to a group
To increase efficiency, IT policies can be assigned to members of a group that have the same IT policy requirements. Administrators can assign an IT policy to a group by clicking BlackBerry solution management > User > Manage groups.
The administrator can now click on a group and click Edit group. IT policies are assigned on the Policies tab.
232
716-02046-123 v1.0
Introducing IT policies
The administrator can now click on a group and click Edit user. IT policies are assigned on the Policies tab.
716-02046-123 v1.0
233
Introducing IT policies
Only applications that an organization creates can use the new IT policy rule. Administrators cannot create new IT policy rules to control standard BlackBerry smartphone applications and features.
Note
Next, the administrator can specify the following information:
234
716-02046-123 v1.0
Introducing IT policies
Create another IT policy that turns off the above items and turns off Bluetooth wireless technology. Name this IT policy Legal_minusBT. Create another IT policy that turns off the Bluetooth serial port profile and the Media Manager tool. Name this IT policy Disable_BT&MM.
Tasks
1. 2. 3. 4. Create the IT policies and use the copy feature, where possible. Assign the Legal_Group IT policy to the Legal group. Assign the Legal_minusBT IT policy to Marc Gervais. Leave the last IT policy unassigned for now.
716-02046-123 v1.0
235
Introducing IT policies
Resending IT policies
The BlackBerry Administration Service monitors the BlackBerry Enterprise Server for changes to IT policies. When a change occurs, the BlackBerry Enterprise Server automatically sends the IT policy to all BlackBerry smartphone users assigned to that IT policy. The BlackBerry Enterprise Server also sends IT policies to a BlackBerry smartphone when it is activated. If necessary, administrators can also resend an IT policy to a specific BlackBerry smartphone manually.
236
716-02046-123 v1.0
Introducing IT policies
On the Policies tab, administrators must click View resolved IT policy data.
716-02046-123 v1.0
237
Introducing IT policies
The administrator can now click Edit instance and change the value of the Policy resend interval field.
238
716-02046-123 v1.0
Introducing IT policies
The IT policy that is resolved to a user account is determined by the following reconciliation rules: 1. User-level assigned IT policy: An IT policy assigned to a single user account takes precedence over any IT policies assigned to groups that the user account may belong to. Group-level assigned IT policy: When a user account does not have an assigned IT policy but belongs to a group with an assigned IT policy, the user account is assigned to the highest priority IT policy that is assigned to the group.
2.
716-02046-123 v1.0
239
Introducing IT policies
Administrators can rank IT policies from BlackBerry solution management > Policy > Manage IT policies.
3.
BlackBerry Domain-level assigned Default IT policy: When a user account is created, a user account does not have another assigned IT policy, or does not have an assigned group IT policy, the user account is assigned the Default IT policy.
240
716-02046-123 v1.0
Introducing IT policies
In the screenshot above, the user account is assigned to both the Advanced Security IT policy and the Smartphone Password IT policy. After the administrator clicks View resolved IT policy data, the administrator can see which IT policy has been sent (resolved) to this users BlackBerry smartphone.
716-02046-123 v1.0
241
Introducing IT policies
Priority 3
3 3 3
Priority 2
3 3 3
Priority 4
3 3 3
Priority 1
3 3 3
Group 2
Group 3
Marc Gervais
242
716-02046-123 v1.0
Introducing IT policies
2.
Priority 3
3 3 3
Priority 2
Priority 4
Priority 1
3 3 3
Priority 5
3 3 3
IT policy B
IT policy C
IT policy D assigned to Default IT policy Group 2 and Group 3 assigned to BlackBerry Domain
Group 2
Group 3
Nicole Lavigne
716-02046-123 v1.0
243
Introducing IT policies
3.
Priority 3
3 3 3
Priority 2
3 3 3
Priority 1
3 3 3
Group 3
Matthew Taylor
244
716-02046-123 v1.0
Introducing IT policies
Review specific BlackBerry Policy Service logs. The following table describes the BlackBerry Policy Service log.
Log name
BlackBerry Policy Service
Identifier
POLC
Description
Records the communications between the BlackBerry Policy Service and the BlackBerry Dispatcher.
716-02046-123 v1.0
245
Introducing IT policies
Sending an IT policy or an IT policy change can take up to the number of minutes specified by the Default delay setting for deployment jobs.
246
716-02046-123 v1.0
Introducing IT policies
Review questions
1. Which of the following IT policies rules should be selected for sales representatives who spend 90% of their time placing phone calls to customers? Suggest IT policy status settings, as well.
Select Policy
Allow Phone Local Country Code Allow outgoing calls when locked Put Auto Signature Show Application Loader 2.
Suggested status
What is an IT policy? Choose the most appropriate answer. a. b. c. An IT policy is a collection of server rules an administrator sets. An IT policy holds the license agreements and expiry dates for all BlackBerry smartphones. An IT policy is a collection of rules an administrator uses to set default configurations for BlackBerry smartphones and BlackBerry Desktop Software. An IT policy is a set of rules that filters email messages.
d. 3.
True or False? All BlackBerry smartphone users are resolved to the default IT policy when they are first added to the BlackBerry Enterprise Server.
4.
Which of the following statements is correct? (Select only one) a. An IT policy can only be applied to BlackBerry smartphones when they are connected to a computer that can access the BlackBerry Administration Service. Wireless IT policies are applied as soon as they are received on the BlackBerry smartphone. Administrators can change a BlackBerry smartphone PIN using an IT policy. An IT policy is disabled by default.
b. c. d.
716-02046-123 v1.0
247
Introducing IT policies
e.
An IT policy is not required for BlackBerry smartphone users that are added to the BlackBerry Enterprise Server.
5.
For each preconfigured IT policy listed in the table below, match the description to the IT policy name.
Preconfigured IT policy
Default Basic Password Security Medium Password Security Medium Security with No 3rd Party Applications Advanced Security a.
Description
This IT policy requires a complex password that a BlackBerry smartphone user must change frequently, a security timeout that locks the BlackBerry smartphone after a period of inactivity, and a maximum password history. This IT policy prevents BlackBerry smartphone users from making BlackBerry smartphones discoverable by other Bluetooth enabled devices and turns off the ability to download third-party applications. This IT policy requires that BlackBerry smartphone users set a basic password on their BlackBerry smartphones. BlackBerry smartphone users must change their passwords regularly. This IT policy includes a security timeout that locks the BlackBerry smartphone after a period of inactivity. This IT policy includes all the standard IT policy rules that are set on the BlackBerry Enterprise Server. This IT policy requires a complex password that a BlackBerry smartphone user must change frequently, a security timeout that locks the BlackBerry smartphone after a period of inactivity, and a maximum password history. This IT policy restricts Bluetooth technology on the BlackBerry smartphone, turns on strong content protection, turns off USB mass storage, and requires the BlackBerry smartphone to encrypt external file systems. This policy requires that BlackBerry smartphone users set a complex password on their BlackBerry smartphones. BlackBerry smartphone users must
b.
c. d.
e.
248
716-02046-123 v1.0
Introducing IT policies
change their passwords at regular intervals. This IT policy includes a maximum password history and turns off Bluetooth technology on the BlackBerry smartphone. 6. Why would an administrator choose to copy an IT policy rather than create a new one?
7. 8.
IT policies can be assigned to both _______________ and ____________. Which BlackBerry Enterprise Server component monitors the BlackBerry Enterprise Server for changes to IT policies?
9.
True or False? IT policies assigned to user accounts take precedence over IT policies assigned to groups that user account may belong to.
10.
In the BlackBerry Administration Service, where can an administrator check to see if the BlackBerry Policy Service is running?
11.
716-02046-123 v1.0
249
Introducing IT policies
Answers
1.
Select Policy
Allow Phone Local Country Code Allow outgoing calls when locked Put Auto Signature Show Application Loader 2. 3. 4. 5. The correct answer is c. True. The correct answer is b.
Suggested Status
Preconfigured IT policy
Default Basic Password Security Medium Password Security Medium Security with No 3rd Party Applications Advanced Security 6. 7. 8. 9. 10. 11.
Description
c b e a d
It is quicker to modify a similar IT policy than create a brand new one. IT policies can be assigned to both user accounts and groups. BlackBerry Administration Service True. Click a BlackBerry Policy Service instance and check the Status field. Click Manage IT policies and click Set Priority of IT policies.
250
716-02046-123 v1.0
716-02046-123 v1.0
252
716-02046-123 v1.0
The following diagram outlines the process of creating and deploying a software configuration:
716-02046-123 v1.0
253
Caution
For more information on creating a shared network folder, see the BlackBerry Enterprise Server Administration Guide and BlackBerry Device Software Update Guide.
Specifying the location of the shared network folder in the BlackBerry Administration Service
Administrators must specify a shared network folder for BlackBerry Java Applications using the BlackBerry Administration Service before adding any BlackBerry Java Applications to the application repository. The application repository stores and manages all versions of the BlackBerry Java Applications that administrators can install or remove from BlackBerry smartphones.
254
716-02046-123 v1.0
To specify the location of the shared network folder in the BlackBerry Administration Service, administrators must click on the BlackBerry Administration Service component in the Servers and components menu.
Administrators must specify the location of the shared network folder in the following location:
716-02046-123 v1.0
255
Next, administrators must locate the applications to add to the application repository.
The administrator can now publish the application by clicking Publish application.
256
716-02046-123 v1.0
Application control policies for unlisted applications: These application control policies control whether the software configuration allows BlackBerry smartphone users to install and use applications that are not included in the software configuration (unlisted applications). The BlackBerry Administration Service includes the following two standard, preconfigured application control policies for unlisted applications: Standard Unlisted Optional: Unlisted applications can be installed on assigned BlackBerry smartphones. Standard Unlisted Disallowed: Unlisted applications cannot be installed on assigned BlackBerry smartphones.
716-02046-123 v1.0
257
If the preconfigured application control policies do not suit an organizations requirements, administrators can change the preconfigured application control policies or create a custom application control policy. For more information about how to configure settings for application control policy rules, see the BlackBerry Enterprise Server Policy Reference Guide and the BlackBerry Enterprise Server Administration Guide.
The administrator can now click Set priority of application control policies for unlisted applications to set the ranking.
258
716-02046-123 v1.0
For more information about how to configure settings for application control policy rules, see the BlackBerry Enterprise Server Policy Reference Guide and the BlackBerry Enterprise Server Administration Guide.
Administrators can define the following information for the software configuration:
After the software configuration has been saved, the administrator can begin adding applications to the software configuration. To begin
716-02046-123 v1.0
259
adding applications, the administrator must click on the name of the software configuration.
On the Applications tab, administrators must click Add applications to software configurations and then search for the application to add to the software configuration.
After selecting the application to add, the administrator can define the following options:
After configuring the necessary options, the administrator can add the application to the software configuration by clicking Add to software configuration. The administrator can then repeat the process until all of
260
716-02046-123 v1.0
716-02046-123 v1.0
261
After selecting a group and clicking Edit group, the administrator can assign a software configuration on the Software configuration tab.
262
716-02046-123 v1.0
Click a single user account to assign a software configuration to a single user account. Click Manage multiple user to assign a software configuration to multiple user accounts.
716-02046-123 v1.0
263
If the administrator is assigning the software configuration to multiple user accounts, the administrator must click Add software configuration from the Add to user configuration menu group.
The software configuration can now be assigned in the same way as it was assigned to a group.
264
716-02046-123 v1.0
Tasks:
1. In the BlackBerry Administration Service, add the \\localhost\Applications folder to the BlackBerry Administration Service application shared network drive field. Using the application provided by your instructor and add the application to the application repository. Create a new software configuration called Executive Group Required Config with the following criteria: 4. Unlisted applications are not permitted The standard unlisted disallowed application control policy is assigned
2. 3.
Add the application to the software configuration using the following settings: Disposition: Required Deployment: Wireless Application control policy: Standard Required wireless delivery
716-02046-123 v1.0
265
A BlackBerry Java Application is required in this software configuration that is assigned to John.
Software configuration 1
Software configuration 2
John Graham
Executives group
266
716-02046-123 v1.0
There are specific reconciliation rules that determine what applies to a user account.
If a BlackBerry Java Application in a software configuration is dependent on another application, and the other application is not included in a software configuration that is assigned to the user account or a group that the user account belongs to, the application is not reconciled to the BlackBerry smartphone. If a BlackBerry Java Application in a software configuration is dependent on another application, and the dependent application is included in a software configuration that is assigned to the user account or a group that the user account
716-02046-123 v1.0
267
belongs to, the dependent application is reconciled first. If the dependent application is reconciled successfully, the application with the dependency is then reconciled. If a software configuration is assigned to a user account and it contains a BlackBerry Java Application that is dependent on another BlackBerry Java Application and the dependent application is not supported on the BlackBerry smartphone, the application is not reconciled to the BlackBerry smartphone. If multiple BlackBerry Java Applications are included in the same software configuration and have a circular dependency (for example, application A is dependent on application B, application B is dependent on application C, and application C is dependent on application A), the applications are not reconciled to the BlackBerry smartphone. If multiple BlackBerry Java Applications have a circular dependency, they can only be reconciled if they exist in separate software configurations and are installed using wired installation.
268
716-02046-123 v1.0
custom application control policy with the same disposition (for example, two custom required application control policies), the application control policy that has the highest priority in the BlackBerry Administration Service is applied to the user's BlackBerry smartphone.
716-02046-123 v1.0
269
A BlackBerry Java Application is required in this software configuration that is assigned to John.
The same BlackBerry Java Application is not permitted in this software configuration that is assigned to the Executives group. John is a member of the Executives group.
Software configuration 1
Software configuration 2
Marc Gervais
Executives group
270
716-02046-123 v1.0
2.
Group 1
Matthew Taylor
716-02046-123 v1.0
271
2.
3.
Add the location of the shared network folder in the BlackBerry Administration Service so that the BlackBerry
272
716-02046-123 v1.0
Administration Service can find the BlackBerry Device Software that the administrator installed. 4. Configure the BlackBerry Administration Service to find the BlackBerry Device Software. In the BlackBerry Administration Service, on the BlackBerry solution management menu, expand Software > BlackBerry Device Software. Click Manage shared network drives.
Click a shared network folder and click Execute shared network drive scan. 5. Create a BlackBerry Device Software configuration so that administrators can create a software configuration that includes the BlackBerry Device Software and distribute the BlackBerry Device Software to BlackBerry smartphones. Add a BlackBerry Device Software bundle to the BlackBerry Device Software configuration.
6.
716-02046-123 v1.0
273
7.
Create a software configuration for the BlackBerry Device Software in order to distribute the BlackBerry Device Software to BlackBerry smartphone users.
8. 9.
Attach the BlackBerry Device Software configuration to the software configuration. Assign the software configuration to a group or user account.
For detailed information about how to update BlackBerry Device Software, see the BlackBerry Device Software Update Guide.
2.
274
716-02046-123 v1.0
are conflicting settings assigned at the group-level, the highest priority BlackBerry Device Software bundle that is supported by the BlackBerry smartphone and the BlackBerry smartphones wireless service provider takes precedence.
Setting
Initial View setting for the Calendar application
Rule
The Initial View setting for the Calendar application that is applied to the BlackBerry smartphone is the lowest value that was specified in the multiple software configurations. Values are ordered from day (lowest), week month agenda (highest)
Keep Appointments setting for the Calendar application Confirm Delete setting for the Messages application Hide Sent Messages setting for the Messages application Save Copy in Sent Folder setting in the Messages application
The Keep Appointments setting for the Calendar application that is reconciled to the BlackBerry smartphone is the maximum number of days specified in the multiple software configurations. The Confirm Delete setting of Yes takes precedence over No.
The Save Copy in Sent Folder setting of Yes takes precedence over No.
716-02046-123 v1.0
275
Setting
Sort By setting in the Address Book application
Rule
The Sort By setting of First Name takes precedence over the Last Name setting, and the Last Name setting takes precedence over the Company Name setting. The Locked and visible setting takes precedence over the Unlocked and visible setting. The Unlocked and visible setting takes precedence over the Unlocked and hidden setting.
The attributes settings for the various standard application settings are configured differently in the software configurations that are assigned to the groups.
276
716-02046-123 v1.0
Review questions
1. Which of the following actions can a software configuration perform? Choose two. a. Prevent BlackBerry smartphone users from activating their BlackBerry smartphones over the wireless network Prevent BlackBerry smartphones users from installing BlackBerry Java Applications Specify standard application settings Prevent BlackBerry smartphone users from using Bluetooth technology
b. c. d. 2.
Fill in the missing steps for the process of creating and deploying a software configuration.
3.
To specify the location of the shared network folder in the BlackBerry Administration Service, administrators must click on an instance of the ______________________________________. Where does an administrator add applications to the application repository in the BlackBerry Administration Service?
4.
716-02046-123 v1.0
277
5.
Which of the following statements are true about application control policies? Choose three. a. They control the applications that BlackBerry smartphone users can install and run on their BlackBerry smartphones Administrators can create custom application control policies It is optional whether an administrator assigns an application control policy to a software configuration Application control policies for unlisted applications control whether the software configuration allows BlackBerry smartphone users to install and use applications that are not included in the software configuration
b. c. d.
6.
Administrator can assign software configurations to which of the following? a. b. c. d. User accounts Multiple user accounts BlackBerry Domain Groups
7.
True or False? If a BlackBerry Java Application in a software configuration is dependent on another application, and the other application is not included in a software configuration that is assigned to a user account, the application is not installed on that BlackBerry smartphone. Software configuration 1 that defines unlisted applications as disallowed is assigned to a user account. Software configuration 2 that defines unlisted applications as optional is also assigned to the user account. Which software configuration will be assigned to the user account?
8.
278
716-02046-123 v1.0
Answers
Exercise: Determine which software configuration is assigned to the user account
1. Software configuration 1. The standard application settings in a software configuration that is assigned to a user account take precedence over the standard application settings in a software configuration that is assigned to a group. Software configuration B. The application control policy for unlisted applications that has the highest priority in the BlackBerry Administration Service is applied to Clydes user account.
2.
Review questions
1. 2. b and c
3.
To specify the location of the shared network folder in the BlackBerry Administration Service, administrators must click on an instance of the BlackBerry Administration Service. BlackBerry solution management > Software > Applications > Add or update applications
4.
716-02046-123 v1.0
279
5. 6. 7. 8.
280
716-02046-123 v1.0
716-02046-123 v1.0
282
716-02046-123 v1.0
716-02046-123 v1.0
283
Description
The TCP/IP port number that the BlackBerry Attachment Service uses to listen for and receive attachment conversion requests in a predefined XML/binary protocol. Default: 1900
The maximum number of converted documents that can be located in the document cache for a single conversion process. Default: 32
The number of documents that the BlackBerry Attachment Service can convert simultaneously in a single conversion process. Administrators can use this setting with the Server busy time setting to control thread saturation and manage the BlackBerry Attachment Service workload. Default: 4
The threshold at which the BlackBerry Attachment Service does not accept new conversion requests. Default: 120 seconds
Permits or prevents remote TCP/IP connections to the BlackBerry Attachment Service. Default: Yes
Configuration port
The TCP/IP port number that can be used with an XML protocol to configure or obtain configuration information for the BlackBerry Attachment Service, including version information, the number of conversion processes, and the number of cached documents. Default: 1999
284
716-02046-123 v1.0
Description
The TCP/IP port number that the BlackBerry Attachment Service returns attachment conversion results to in a predefined XML/ binary protocol. Default: 2000
The number of conversion requests that the BlackBerry Attachment Service can process simultaneously. When specifying this value, consider the amount of available memory and the competing services on the computer that hosts the BlackBerry Attachment Service. Default: 4
The length of time that an attachment conversion process can reuse system resources to reclaim space and prevent failed processes from occupying memory resources. Default: 25 minutes
10
11 12 13
The maximum allowable size, in KB, for each file type. Any file type specific information. Allow or prevent BlackBerry smartphone users from viewing specific file formats. Default: Yes
716-02046-123 v1.0
285
286
716-02046-123 v1.0
Administrators can change the following settings on the Instance information tab:
Administrators can add support for additional attachment file types on the Supported Attachment Server instances tab.
716-02046-123 v1.0
287
Tasks
1. Change the maximum number of times that the BlackBerry Attachment Connector attempts to retry an unsuccessful attachment delivery attempt to 5. Change the number of conversion requests that the BlackBerry Attachment Service can process simultaneously to 2. Turn off support for MP3, AMR, and audio attachments. Set the following maximum file sizes for attachments: File Format HTML Images RTF ZIP archives Maximum size 100 KB 1500 KB 1000 KB 1500 KB
2.
3. 4.
288
716-02046-123 v1.0
Review questions
1. Describe the role of the following components of the BlackBerry Attachment Service: BlackBerry Attachment Connector
2.
How would you restrict BlackBerry smartphone users from receiving MP3 attachments on their BlackBerry smartphones?
716-02046-123 v1.0
289
Answers
1. BlackBerry Attachment Connector: Sends and returns attachment data between the BlackBerry Enterprise Server and the BlackBerry Attachment Server. BlackBerry Attachment Server: Processes the attachment data 2. Select a BlackBerry Attachment Server instance. On the Instance information tab, change the value of the Allowed field beside MP3 Attachment to No.
290
716-02046-123 v1.0
716-02046-123 v1.0
Source
Browser
Push or Pull
Pull
Example
Web content request Intranet content Requests for data from databases Database updates, such as inventory changes pushed to BlackBerry smartphones Custom browser pages pushed to BlackBerry smartphones
Pull Push
292
716-02046-123 v1.0
Restricting BlackBerry smartphone user access to content on web servers with pull rules
Creating and assigning a pull rule
716-02046-123 v1.0
293
294
716-02046-123 v1.0
Select the web address pattern group of to assign to the pull rule.
p 5P QSFWFOU #MBDL#FSSZ TNBSUQIPOF VTFST GSPN BDDFTTJOH XFC TFSWFST UIBU NBUDI UIF TQFDJGJFE XFC BEESFTT QBUUFSO TFMFDU Deny. p 5P BMMPX #MBDL#FSSZ TNBSUQIPOF VTFST UP BDDFTT XFC TFSWFST UIBU NBUDI UIF TQFDJGJFE XFC BEESFTT QBUUFSO TFMFDU Allow.
716-02046-123 v1.0
295
Select the user accounts to assign the pull rule to and click Add pull rule.
296
716-02046-123 v1.0
716-02046-123 v1.0
297
Click Add.
298
716-02046-123 v1.0
Restricting push applications from sending data to BlackBerry smartphones with push rules
Creating and assigning a push rule
716-02046-123 v1.0
299
300
716-02046-123 v1.0
Type the name of the server-side application to allow to send push requests to BlackBerry smartphones.
Type a description.
716-02046-123 v1.0
301
Click Add. Select the push initiator to assign to the push rule.
302
716-02046-123 v1.0
Select the user accounts to assign the push rule to and click Add push rule.
716-02046-123 v1.0
303
Click Add.
304
716-02046-123 v1.0
Click Add.
716-02046-123 v1.0
305
Tasks
1. Allow access to the following web sites on BlackBerry smartphones: 2. 3. www.plazmic.com www.blackberry.com
Create a pull rule called Permitted web sites. Assign the pull rule created in task 2 to the following user accounts: Nicole Lavigne Ian Dundas Justin Jones Sheena Raj
4. 5. 6. 7.
Turn on push authentication and push authorization. Create a push initiator called Plazmic inventory and create a password. Create a push rule called Plazmic inventory application rule and add the Plazmic inventory push initiator. Assign the push rule created in task 6 to the following user accounts: James Lambier Elliot Fung Leticia Lopez Tovar Greg Stark
306
716-02046-123 v1.0
716-02046-123 v1.0
307
Description
Displays BlackBerry MDS Connection Service instance information. Administrators can add a friendly name and description. Configures the currently selected BlackBerry MDS Connection Service push server status. Controls access to web servers using pull rules. When pull authorization is turned on, BlackBerry smartphone users cannot access web content on their BlackBerry smartphones until an administrator allows access to certain web servers using pull rules. Turns on SSL or TLS to encrypt the push requests that server-side push applications send to BlackBerry smartphones. Controls whether content from server-side push applications can be sent to BlackBerry smartphones. When push authorization is turned on, content from server-side push applications cannot be sent to BlackBerry smartphones until an administrator allows specific server-side applications by setting push initiators.
Pull authorization
Push encryption
Push authentication
308
716-02046-123 v1.0
Description
Controls whether push requests can be received by BlackBerry smartphones. If an administrator has turned on push authentication and created push initiators to specify which push applications are permitted to send push requests, the administrator can create push rules to specify which BlackBerry smartphone users are allowed to receive authenticated push requests. The BlackBerry MDS Connection Service can only apply push rules if an administrator has turned on push authorization for the BlackBerry MDS Connection Service. Stores push requests in the BlackBerry Configuration Database. Configures the maximum number of push connections that a BlackBerry MDS Connection Service instance can queue. The BlackBerry MDS Connection Service sends a "service unavailable" message to BlackBerry smartphones for pending push connections that exceed this limit.
716-02046-123 v1.0
309
Description
Configures the maximum number of push connections that a BlackBerry MDS Connection Service instance can process at the same time. The BlackBerry MDS Connection Service queues the push connections that exceed this limit. Specifies the port numbers that BlackBerry Java Applications listen on for application-reliable push requests. Application developers can create BlackBerry Java Applications to manage application-reliable push requests. When a BlackBerry Java Application receives an application-reliable push request, it sends a delivery confirmation message to the BlackBerry MDS Connection Service, which sends the message to the server-side push application. Administrators must specify the port numbers that the BlackBerry Java Applications listen on for application-reliable push requests.
10
310
716-02046-123 v1.0
Number in diagram 1
Setting
Description
Specifies the port number that the web server listens on for HTTP requests and HTTPS requests from server-side push applications. Administrators should change the default port parameters only if a port conflict exists with another service on the same computer. Specifies the port number that the web server listens on for SSL requests and SSL requests from server-side push applications. Administrators should change the default port parameters only if a port conflict exists with another service on the same computer. Specifies the maximum amount of data that a BlackBerry MDS Connection Service instance can send to BlackBerry smartphones.
716-02046-123 v1.0
311
Number in diagram 4
Setting
Description
Specifies how long a BlackBerry MDS Connection Service instance waits for acknowledgment from a BlackBerry smartphone before it deletes pending content for that BlackBerry smartphone. Specifies the maximum number of threads that a BlackBerry MDS Connection Service instance can process simultaneously. Permits or prevents BlackBerry Java Applications to use persistent socket connections with a BlackBerry MDS Connection Service instance. Specifies the maximum number of persistent socket connections that can be open simultaneously between BlackBerry smartphones and a BlackBerry MDS Connection Service instance. Specifies how often a BlackBerry MDS Connection Service instance polls the BlackBerry Configuration Database for changes to the BlackBerry MDS Connection Service and BlackBerry Collaboration Service administrative settings. The default interval is 5 minutes.
312
716-02046-123 v1.0
Number in diagram 1
Setting
Description
Specifies the regular expression for the web address that the proxy mapping rule controls. Describes the regular expression for the web addresses added in the Universal resource locator field. The user name that the BlackBerry MDS Connectin Service can use to connect to the proxy server that is defined for the web address. Specifies the password associated with the user name. Specifies the confirmation of the password. To configure a proxy server, click PROXY. In the Proxy String field, type the proxy server name and port number using the following format: http:// <proxyserver>:<port>. To exclude the web address from routing through the proxy server, click DIRECT.
Description
User name
4 5 6
716-02046-123 v1.0
313
A BlackBerry MDS Connection Service configuration set is a collection of service configurations that the BlackBerry MDS Connection Service instances in an organization can use to communicate with a remote file system, LDAP server, CRL server, or OCSP server. Administrators must add the communication information to a configuration set so that a BlackBerry MDS Connection Service instance can start using the communication information after assigning the configuration set to the instance.
For more information on remote file systems and BlackBerry MDS Connection Service configuration sets, see the BlackBerry Enterprise Server Administration Guide.
On the Supported Dispatcher instances tab, administrators can assign a BlackBerry MDS Connection Service instance to multiple BlackBerry Enterprise Server instances in the BlackBerry Domain. Administrators must designate at least one BlackBerry MDS Connection Service instance in a BlackBerry Domain to be the central push server. Central push servers receive content push requests from server-side applications that are located on an application server or on a web server. Central push servers also manage push requests and send application data and application updates to BlackBerry smartphone applications.
Note
314
716-02046-123 v1.0
Tab name
LDAP
Description
Define the LDAP server settings and handle query requests Use the LDAP option to configure LDAP parameters, if LDAP queries are to be created from the BlackBerry smartphone Define how the BlackBerry MDS Connection Service handles authentication, cookie storage, timeouts, and redirections Configure security settings for BlackBerry MDS Connection Service connections Contains settings that define whether the BlackBerry MDS Connection Service should encrypt requests that are sent to untrusted servers using HTTPS Configure certificate handling and define how to handle OCSP responders Configure the BlackBerry MDS Connection Service to authenticate to CRL servers on behalf of BlackBerry smartphones and retrieve the status of certificates for web servers Configure security settings for BlackBerry MDS Connection Service connections Contains settings that define whether the BlackBerry MDS Connection Service should encrypt requests that are sent to untrusted servers using TLS
HTTP
HTTPS
OCSP CRL
TLS
716-02046-123 v1.0
315
Tab name
File
Description
Configure the BlackBerry MDS Connection Service to communicate with a remote file system Defines the web address for the remote file system and the type of access (for example, Windows) that the domain supports Note: Windows SMB (Server Message Block or SAMBA) can be implemented in multiple operating systems and not just in Windows.
RSA DSML
Configure two-factor authentication (RSA SecurID) Configure the BlackBerry MDS Connection Service to use DSML to retrieve certificates
316
716-02046-123 v1.0
Review questions
1. The BlackBerry MDS Connection Service is responsible for which of the following tasks? Select all that apply. a. b. c. d. 2. Acts as a gateway for the BlackBerry Synchronization Service Pushes IT policies to BlackBerry smartphones Controls Internet and intranet browsing Pushes custom browser pages to BlackBerry smartphones
3.
Complete the following flow charts that summarizes the process of creating a pull rule and a push rule.
716-02046-123 v1.0
317
4.
How does an administrator assign a BlackBerry MDS Connection Service instance to multiple BlackBerry Enterprise Server instances?
318
716-02046-123 v1.0
Answers
1. 2. c and d Pull rule: Restricts which server-side push applications can send data to BlackBerry smartphones Push rule: Restricts BlackBerry smartphone users access to content on web servers 3.
Creating and assigning a pull rule
716-02046-123 v1.0
319
4.
Select a BlackBerry MDS Connection Service instance and add BlackBerry Enterprise Server instances on the Supported Dispatcher instances tab.
320
716-02046-123 v1.0
716-02046-123 v1.0
322
716-02046-123 v1.0
To change values in log file fields, the administrator must click Edit instance.
716-02046-123 v1.0
323
Administrators can change the following information on the Instance information tab:
Administrators can change the following information on the Logging details tab:
324
716-02046-123 v1.0
716-02046-123 v1.0
325
Administrators can manage BlackBerry MDS Connection Service log files from the following location:
326
716-02046-123 v1.0
Diagram number
1 2
Field
Logging Log level
Description
Turns the specified logging option on or off Change the logging level to one of the following: Event: Writes events to the log files Error: Writes error messages to the log files Warning: Writes warning messages to the log files Informational: Writes informational activities to the log files Debug: Writes additional information to the log files for troubleshooting purposes
Sets the interval that the BlackBerry MDS Connection Service writes information to a log file. Default: 30000 Sets the host and port number that the BlackBerry MDS Connection Service connects to when it sends UDP log file messages Sets the host and port number that the BlackBerry MDS Connection Service connects to when it sends TCP log file messages
716-02046-123 v1.0
327
Review questions
1. For each of the log file identifers listed in the table below, provide a description of the identifier. Default log identifier MAGT Component description
ASCL
ACNV
SYNC
POLC
MDSS
328
716-02046-123 v1.0
Component description
DISP
BBAS-AS
BBAS-NCC
2.
List the logging levels available for BlackBerry Enterprise Server components.
3.
Where in the BlackBerry Administration Service does an administrator manage BlackBerry MDS Connection Service log file properties?
716-02046-123 v1.0
329
Answers
1. Default log identifier MAGT ASCL ACNV SYNC POLC MDSS CTRL DISP BBAS-AS BBAS-NCC Component description BlackBerry Messaging Agent BlackBerry Attachment Connector BlackBerry Attachment Server BlackBerry Synchronization Service BlackBerry Policy Service BlackBerry MDS Integration Service BlackBerry Controller BlackBerry Dispatcher BlackBerry Administration Service Application Server BlackBerry Administration Service Native Code Container
2. 3.
Error, Warning, Information, Debug Expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service. Click an instance of the BlackBerry MDS Connection Service. On the Logging tab, click Edit instance.
330
716-02046-123 v1.0
Acronym list
Acronym list
A
AMR Adaptive Multi-Rate
E
EDGE Enhanced Data Rates for Global Evolution ETP Email Transfer Protocol EVDO Evolution Data Optimized
B
BCC blind carbon copy BlackBerry MDS BlackBerry Mobile Data System BTSC BlackBerry Technical Solution Center
G
GAL Global Access List GPRS General Packet Radio Service
C
CC carbon copy CRL certificate revocation list
H
HTML Hypertext Markup Language HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol over Secure Sockets Layer
D
DIIOP Domino Internet Inter-ORB Protocol DNS Domain Name System
I
IT information technology
716-02046-123 v1.0
331
Acronym list
K
KB kilobytes
number
R
RTF Rich Text Format
L
LAN local area network LDAP Lightweight Directory Access Protocol
S
SIM Subscriber Identity Module SMS Short Message Service SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SSL Secure Sockets Layer
M
MAPI Messaging Application Programming Interface MDAC Microsoft Data Access Components MMS Multimedia Messaging Service
T
TCP Transmission Control Protocol TLS Transport Layer Security
O
OCSP Online Certificate Status Protocol ORB object request broker
U
UDP User Datagram Protocol USB Universal Serial Bus
P
PIN personal identification
332
716-02046-123 v1.0
Acronym list
V
VoIP Voice over Internet Protocol VPN virtual private network
W
WLAN wireless local area network
X
XML Extensible Markup Language
716-02046-123 v1.0
333
Acronym list
334
716-02046-123 v1.0