Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

Reply
New Contributor
jacksors
Posts: 8
Registered: ‎08-15-2008
My Device: Not Specified

Best way to deploy BES

Hello,

 

I am new to BES and we are going to be deploying an environment and wanted to get some feedback, thoughts, opinions on how to setup the BES server.

 

Do any of the components need to be deployed in the DMZ for security reasons? If not, what do I need to have open on my firewall to NAT communications down to the BES server?

 

I understand there is no HA available yet. Can anyone offer up what solutions you have in place to keep the environment running if you have a system failure or you have to take the machine down for maintenance?

 

In general, is it best to deploy all roles to one server? We will be supporting about 150 total users, right now we'd probably only be starting out with about 50. This will be running in a VM.

 

If anyone out there would like to describe how they have their environment configured and how its working for them, I would love to hear about it. Any suggestions you can offer about what to do or what not to do it would be greatly appreciated. Thanks.

Forums Veteran II
AndyDufresne
Posts: 2,744
Registered: ‎04-01-2008
My Device: Bold

Re: Best way to deploy BES

I've put my comments inline with your questions in bold.

jacksors wrote:

Hello,

 

I am new to BES and we are going to be deploying an environment and wanted to get some feedback, thoughts, opinions on how to setup the BES server.

 

Do any of the components need to be deployed in the DMZ for security reasons? If not, what do I need to have open on my firewall to NAT communications down to the BES server?

 

>> It depends on your internal IT requirements.  Generally, I never recommend anyone deploy the one supported component in the DMZ (The BlackBerry Router service), but recommend that the service be installed on the BES (which is the default when installing).  If you need to have anything that touches the Internet be in the DMZ this is one way to do it ... if it isn't an absolute requirement, I wouldn't do it, nor would I recommend doing it.  KB03735 - Firewall and connection requirements for the BlackBerry Enterprise Server

 

I understand there is no HA available yet. Can anyone offer up what solutions you have in place to keep the environment running if you have a system failure or you have to take the machine down for maintenance?

 

>> Again, this really depends on your environment.  What are your SLA requirements for BES services?  What is your RPO and RTO?  RIM offers several options, and there are 3rd party vendors that offer additional solutions.  I generally recommend using the native solutions as they're easiest to work with and get support at 2am if you need it from RIM, but again, it depends on your requirements.

 

In general, is it best to deploy all roles to one server? We will be supporting about 150 total users, right now we'd probably only be starting out with about 50. This will be running in a VM.

 

>> For the number of users you have, I would deploy everything on a single server behind your firewall ... including the database components.  I'd allocate 1.5GB of RAM to start on the server, and then monitor it to see where your utilization is.

 

If anyone out there would like to describe how they have their environment configured and how its working for them, I would love to hear about it. Any suggestions you can offer about what to do or what not to do it would be greatly appreciated. Thanks.


Hope that helps

------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/
New Contributor
jacksors
Posts: 8
Registered: ‎08-15-2008
My Device: Not Specified

Re: Best way to deploy BES

Thank you, that was helpful.

 

Can I ask why you would recommend agains t deploying in the DMZ? What kind of problems are there with this deployment?


Can you explain what RPO and RTO are?

 

We currently don't have any SLA's defined.

 

Can you let me know what options are available that RIM offers? The supportable ones :smileyhappy:. What would you recommened? Thank you.

Forums Veteran II
AndyDufresne
Posts: 2,744
Registered: ‎04-01-2008
My Device: Bold

Re: Best way to deploy BES

In bold again ...

jacksors wrote:

Thank you, that was helpful.

 

Can I ask why you would recommend agains t deploying in the DMZ? What kind of problems are there with this deployment?

 

>> It is more effort, more complex to manage, and from a security perspective marginally beneficial

 

Can you explain what RPO and RTO are?

 

>> RPO - Recovery Point Objective :: RTO - Recovery Time Objective

 

We currently don't have any SLA's defined.

 

>> Well ... it is time to do that. Even if you don't have an official policy defined that you publish, having something that you can measure internally will certainly help place a value on resources.

 

Can you let me know what options are available that RIM offers? The supportable ones :smileyhappy:. What would you recommened?

 

>> Disaster Recovery Guide ...  give that a read.  Personally I would recommend making sure you have your environment documented and that you're taking a backup of the SQL database on a nightly basis.  Use the backup script I put together as a starting point.  Once you have a good backup of the BESMgmt, you can restore from a failure.

 

Thank you.


 

------------------------------
If you've found a solution through a post; please mark it as a solution.
If someone's was particularly helpful, give them kudo's!.


Get busy living, or get busy dying.

http://blog.port3101.org/hdawg/