BlackBerry Enterprise Server (BES) – What Is It?
Research In Motion announced a new version of BES, version 5.0 on February 11th. It improves upon the existing BES platform in many ways which make administering a BES easier and more flexible. It brings a few new handheld features too which I know users will love.
However, before we get into what’s new, let’s go over what a BES is. In a future article I’ll discuss the differences between a BES and the Microsoft mobile strategy using System Center Mobile Device Manager (SCMDM) and Windows Mobile 6.1.
This is where it all started back in 1999. The first BlackBerrys were corporate devices that allowed employees to get their email on the road in real time. The architecture is quite simple. Your BES administrator adds you to a BES, then your BlackBerry associates with that BES by performing an activation process. This activation process used to be done via the USB cable connected to your PC, but now it can be done wirelessly. The activation process essentially sets up the BlackBerry to communicate with the BES it is assigned to by first establishing an encryption key (which is then used to encrypt all data [using 3DES or AES] that is sent and received from the BlackBerry in the same way as a Virtual Private Network [VPN]). Then the BES sends a few Service Books to the BlackBerry which tell it who to communicate with when it needs to do certain things. For example who to talk to when sending email, who to talk to when browsing the web, etc.
After that data is synchronized down to the BlackBerry. This could be the last 5 days of email, the last 90 days of calendar entries, the entire address book, etc. In the mean time, the BES starts watching the BlackBerry user’s corporate mailbox for changes. When it sees them, they are instantly sent to the BlackBerry. Depending on the email system being used (Novell GroupWise, Lotus Domino, or Microsoft Exchange) the mechanism used to figure out what has changed is different. In an Exchange environment for example, the BES makes a request to the Exchange server and asks that it be told whenever a new email arrives. The Exchange server duly obeys and when a new email arrives it notifies the BES, which in turn grabs a copy of that new email and sends it to the BlackBerry. It all happens within seconds.
RIM Network Operation Center (NOC)
The RIM NOC is a key part of the BlackBerry BES solution. When a BES is first installed it is assigned a unique address called a Server Relay Protocol (SRP) ID or number. This SRP ID uniquely identifies the BES and in fact no two BESs can use the same SRP ID.
When the BES starts up, it actually logs into the RIM NOC using its unique SRP ID or address. The RIM NOC accepts the login if the SRP address is valid, and becomes aware of the BES. As we discussed earlier, any BlackBerry that activated against this BES will have the Service Book that includes this SRP ID or address on it. When the BlackBerry itself is turned on, it registers with the RIM NOC using its PIN number. Now the RIM NOC is aware of the BlackBerry and it is aware of the BES. This allows the BlackBerry and BES to communicate with one another via the RIM NOC.
Figure 1: BlackBerry Architecture
Please note that in Figure 1 above, the NOC is not shown, however it fits between the Wireless Networks and the Internet. Figure 1 also shows that it is not only BlackBerry Smartphones that can be associated with a BES, it is also other Smartphones that have BlackBerry Connect installed, or phones that have BlackBerry Built-In.
So the RIM NOC is the point where BlackBerry and BES can find each other and communicate. The NOC takes care of handling individual BlackBerry connections and also queues up data that is destined for a BlackBerry when it is out of coverage or turned off. This means that the BES itself doesn’t need to worry about doing that extra work.
In fact the BlackBerry architecture itself allows any company to add an infinite number of BlackBerry users without the need to ramp up remote connectivity capacity, since the only connection being used for all communication is the one that is established between BES and NOC. RIM has some customers who have 100,000 BlackBerry users which proves the point. The NOC also removes the need to run a 100% uptime remote connectivity environment since RIM takes care of this at the NOC.
In a corporate environment when your BlackBerry is associated with a BES, you have more available features than a BlackBerry registered with a carrier only. In addition, administrators have tools that allow them to control the BlackBerry experience.
As a BlackBerry BES user you can:
- Receive email in real time
- Have a message that you read on your BlackBerry show up as read back in your corporate inbox (and vice versa) automatically
- Move a message to an existing folder within your corporate inbox from your BlackBerry
- Have a message that you delete on your BlackBerry be moved to the Trash folder in your corporate inbox automatically
- Have your corporate address book bi-directionally synchronized wirelessly with your BlackBerry
- Have your corporate calendar bi-directionally synchronized wirelessly with your BlackBerry
- Setup meetings from your BlackBerry, invite attendees, and see their free/busy status
- Have your BlackBerry Memo Pad bi-directionally synchronized with your corporate Note taking application (for example Outlook’s Notes folder) wirelessly
- Look people up in the company global address book when composing new email in real time
- Setup or change your Out Of Office message and enable or disable it
- Browse the internal company web sites
- Login to your corporate Instant Messaging (IM) application (like Microsoft Office Communicator or Lotus SameTime)
- View or download email attachments
As you can see, the BES/BlackBerry combination offers a wide variety of features compared to the BIS/BlackBerry combination which is used by carriers.
Because the BlackBerry is a true Smartphone with corporate and personal features, the BES administrator needs to be able to control what their users can and cannot do. The main reasons for this are security and compliance. Here are some of the features available to a BES administrator:
- Ability to fully control every aspect of the BlackBerry via something called the IT Policy. There are over 450 IT Policy settings, but here are a few examples:
- Disable features like the GPS and camera
- Disable the external media (or allow it but force it to be encrypted)
- Force the BlackBerry to encrypt its on-board memory
- Only allow web browsing via the corporate network and ultimately through a proxy so that the web sites can be filtered the same way they are at the desktop
- Force passwords, their complexity, timeout, and age
- Disable the phone or other features like SMS and MMS
- Block personal email and IM (including PIN to PIN and BlackBerry Messenger)
- If you lose your BlackBerry or forget the password, the administrator can remotely kill your BlackBerry or reset the password
- The administrator can remotely install third party BlackBerry applications and even prevent you from removing them
- The BES can be configured to log your SMS and PIN messages (sent and received) and also log your phone calls (not the audio of the calls but who you called or who called you and the duration of the call)
The BES allows even more BlackBerry functionality which further enhances the BlackBerry user experience.
Mobile Data System (MDS)
MDS has three components. One is a mechanism of send and receiving IP data between your BlackBerry and the BES. This mechanism uses the existing secure connection that is established between your BlackBerry and BES via the RIM NOC. Remember that this secure connection is like a VPN since it is an unbreakable tunnel of data.
The second part of MDS is a service that runs on the BES. This service acts as an IP Proxy for your BlackBerry. The MDS service also acts as a web proxy. What this means is that when you type in a URL on your BlackBerry, your BlackBerry doesn’t actually go to that web site. It asks to go to that web site, but MDS does it on behalf of the BlackBerry. This allows the BES to crunch down the web page(s) before sending them on to the BlackBerry. It will resize images and remove any formatting or code that it knows the BlackBerry will not be able to handle. Interestingly it does the image resizing based on the screen size of the individual BlackBerry being used (yes it keeps track of that).
Probably one of the best features of MDS is the ability for it to send web content to your BlackBerry. You can send an instruction to MDS and make it grab two icons and a web page and send them to your BlackBerry. The icon shows up on the BlackBerry home screen and when it is clicked, it loads the web page that has been pre-cached on the BlackBerry. This is very useful in a disaster recovery situation when you want to have certain information (like call trees, lists of people’s PIN numbers, congregation points, etc.) pre-loaded on the BlackBerry with an icon so that when the cell networks are down or your internal networks are down, that information is already pre-loaded and accessible. It is a very simple and cost effective way to handle disaster recovery without spending lots of money doing it.
You can also instruct MDS to send a message to the inbox on the BlackBerry. It looks like an email, but when the user opens it, it actually loads a pre-cached web page. A great way to deliver daily reports until you upgrade your BES and devices to handle HTML email.
The third part of MDS is a service that runs on the BES that acts as middleware. It allows developers to quickly build BlackBerry applications that allow the BlackBerry user to interact with corporate databases to either extract information from them, or add information to them. The developers get a tool that allows them to build the interfaces or forms, and control how that data is accessed via MDS. These applications are not full blown BlackBerry applications but are rather more forms based in nature. It really allows developers to build something quickly without having to build a BlackBerry application from scratch using Java and having to build their own middleware.
Mobile Voice System (MVS)
MVS is a feature that allows a corporate BlackBerry user to change the way they deal with the phone. It has number of BlackBerry user benefits including:
- The ability to have only one phone number as opposed to office and mobile numbers
- When someone calls you MVS can ring all of your phones at once to find you
- When you call someone your office number displays on caller ID as opposed to your BlackBerry number
- Since you only ever give out the one number, even if you switch the SIM card in your BlackBerry so that your number changes, it doesn’t matter since the person calling you calls the office number and MVS finds you
- It allows your BlackBerry to become your office desk phone
- This allows extension dialing, call transfer, putting calls on hold, etc.
- It allows you to move a call between your office phone and BlackBerry (or the reverse) so that you can get on the move without dropping the call
Extra MVS phone features
The way that MVS works is that you install an MVS server that communicates with your existing PBX (or PABX). The MVS server then communicates with the BES bridging the two systems together. When you make a call on your BlackBerry, unbeknown to you, your BlackBerry actually sends a command to the MVS server via the RIM NOC and the BES (actually using MDS). The MVS server then commands the PBX to call your BlackBerry and the number that you dialed. It then bridges the two calls together. On your BlackBerry you have no idea this is happening and you do not hear the incoming call. All you know is that you dialed a number and it started ringing.
This approach is beneficial to the company in a few ways. Firstly it can save on mobile phone bills in countries that have adopted the notion that incoming mobile calls are paid for by the calling party. Because the call you make from your BlackBerry is actually an incoming call, it is free. Of course your company is charged for the two outgoing calls but those are typically much cheaper because of the higher volume in land line plans. It is also beneficial for compliance. Since both calls actually originated via the PBX, they can be logged.
Another scenario that it can be seen as beneficial is when the company has multiple PBXs in different countries that are internally connected via VoIP (meaning that calls stay inside the company’s network) and it makes use of intelligent routing. This means that if you are in the US and dial a number in the UK from your desk, the PBXs decide amongst themselves who should actually place the call. In this example the UK PBX places the call since it would end up being a local call for the UK.
When you add MVS to that picture, now the BlackBerry user in the US calls a BlackBerry user (or any number) in the UK, the MVS commands the PBX to dial the US BlackBerry and the destination number in the UK. The PBXs decide to place the UK call from the UK PBX. This now means that a costly mobile international call becomes two local land line calls.
What is New in BES 5.0?
Now that you have a good understanding of what the BES is and what features it offers corporate BlackBerry users and administrators, let’s see what new features RIM has added to BES 5.0.
The overriding message that RIM wants to convey as they approach the release of BES 5.0 in the second quarter of this year, is that they have concentrated mostly on the administration and support side of the BES. They have made many changes to the architecture so that IT staff have more flexibility when configuring and administering BES. They have had a handful of large customers running BES 5.0 in production for a year already and this very long Beta has allowed RIM to continually tweak BES 5.0. RIM has not forgotten about the BlackBerry user features and there are a few, but most of the effort has been on the “back-end”.
BES 5.0 User Features
Once BES 5.0 is running in a corporate environment, BlackBerry users will have the following new features once their BlackBerrys are running handheld code 5.0 or later.
- Users will be able to access files stored on network volumes from their BlackBerry.
- If you happen to use BlackBerry Unite! you will know what this looks like already.
- Based on past experience with RIM releases, you know that this new functionality will be implemented in the most secure way (remember back to Bluetooth and external memory as two “insecure technologies” that RIM delivered in a very secure way).
- Users will now be able to download and/or view attachments to Meeting Requests in the same way they can with email attachments today.
- Today any attachments to meeting requests are not sent to the BlackBerry.
- Email folder management has been improved so that you can now create, rename, and delete mailbox folders.
- Today you can only move emails between existing folders.
- Users will be able to flag messages for follow-up.
- While this functionality exists in the different email clients, they do not on the BlackBerry.
- The functionality will include the ability to color code the flags and label them.
- Users will be able to create mailbox filters from the BlackBerry.
- Today you can create mailbox filters on the BlackBerry that effect emails coming to the BlackBerry itself, but they do not synchronize back to your corporate inbox. This means that you have two sets of filters.
- This feature allows them to be synchronized.
Network Access to Files
Folders on BlackBerry
View Calendar Attachments
Flag Emails Settings
BES 5.0 Administration Features
As I mentioned earlier, this is where RIM concentrated the most and it shows when you see what they have accomplished.
- The management console is now web based.
- Today the management console is a Windows executable that needs to be installed on any support person’s desktop. Their AD login must also have SQL server privileges to allow for certain kinds of access.
- With a web console, there is no need for multiple installs (or upgrade upon a BES upgrade) and each support person’s AD login no longer needs to get SQL permissions.
- The Desktop Manager is now web based
- For those companies who still use the Desktop Manager, it will become web based so there is no need to install or upgrade this in the future.
- New more granular administrator roles and the ability to create your own or modify existing ones.
- Today there are a set number of roles and their permissions are hard coded. These do not always translate into a support function which can be limiting.
- This new scheme allows administrators to completely customize each role to suite their organization and even create new ones.
- Administrators will be able to schedule tasks.
- This would allow administrators to say, push out a new application to a BlackBerry at a specific time of day (or night). This cuts down on administrator overtime coming in at midnight to perform a task.
- The BES Groups have been improved and can be cascaded.
- Today BES Groups (which allow you to group users) is very rigid. For example users can be members of only one group.
- This new feature allows users to be members of multiple groups and therefore adopt the attributes of all groups (IT Policy and Software Config. assignments).
- The ability to have a group within a group also provides great flexibility.
- The administrator will have greater visibility into the Enterprise Activation.
- Today an Enterprise Activation could stall but there is no way to see why.
- BES 5.0 will allow you to see the status of every activation, where it may be stalled, and why.
- In BES 5.0 administrators will be able to push out device handheld software updates over the air.
- The device must be running handheld code 4.5 or later for this feature to work.
- In BES 5.0 the fail-over of BES is now built in.
- You will be able to run BES 5.0 in a master/slave configuration where the standby BES can automatically pick up the users if the primary fails or becomes too busy.
BES 5.0 Web Admin Console
BES 5.0 is a year late as it was announced at WES 2007 and promised to be available by WES 2008. It seems it will be available around the time of WES 2009 now.
It is late, but it seems that RIM has made sure that this is release is rock solid after a year of production testing, and it has all the right administrator enhancements to save enterprises time (which ultimately translates to money), with just enough user side enhancements to keep everyone happy … Until BES 6.0.
[ Craig Johnston is the author of Professional BlackBerry and is CrackBerry.com’s Podcast co-host and resident enterprise guru and all-round BlackBerry expert. If you have an enterprise application or topic that you would like to have addressed by Craig, send him an email at crackberrycraig @ crackberry.com. ]