Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
squishmike
Posts: 17
Registered: ‎03-14-2012
My Device: Curve 9300
Accepted Solution

How exactly does this setup work?

[ Edited ]

Hi

 

We've got an interesting setup functioning here at our office and I'm not 100% sure how this actually works.

 

We have a BES10 server behind our firewall on our internal network. We have Exchange 2003 with 1 front end server and 2 back end servers, both behind our firewall as well. Active-sync is turned on and configured with SSL as per normal.

 

We are able to successfully activate a Z10/Q10 to our BES. The E-mail profile that gets pushed down is using the internal server name of our front-end server as the active-sync server name. There is no routable external DNS name being used at all (e.g. no sync.companyname.com).

 

Is the BES server creating some kind of tunnel to our Exchange server via the BES server address? (e.g. s1234567)? Is it using the Blackberry infrastructure to do this? I'm just confused how this is able to work, considering we don't have a direct path into our activesync environment. And, is this secure?

Please use plain text.
Contributor
conito68
Posts: 30
Registered: ‎10-12-2010
My Device: Not Specified

Re: How exactly does this setup work?

You must be running BES 10.1?  Can you confirm the exact version?

Please use plain text.
Forums Advisor I
oliwer
Posts: 581
Registered: ‎05-23-2008
My Device: BB10 and WiFi PB

Re: How exactly does this setup work?

The traffic is routed via BlackBerry Infrastructure (BBI) to your BES to your ActiveSync Server.
If it is secure? I would say yes, some others would say no. Depends on how you define security and what you afraid of.
If you come to the conclusion that encrypted traffic that goes via the BBI is not secure, you can use VPN on your devices. They will use VPN -> BES -> ActiveSync route instead.

Was my answer helpful? - Like it please!
Did my answer solved your request? - Mark it as solution :smileyhappy:
Please use plain text.
Contributor
squishmike
Posts: 17
Registered: ‎03-14-2012
My Device: Curve 9300

Re: How exactly does this setup work?

conito68: no I believe we're still on 10.0.0; I've looked everywhere to find the version. Programs & features on the server lists Blackberry Device Service as 6.2.1 (bundle 11).

 

oliwer: thanks for the reply. We're mainly concerned about someone's username/password getting compromised and then someone setting up an activesync account with stolen credentials. It seems most companies don't share these concerns as a lot of others we've talked to don't use two-factor authentication and just leave their active-sync portals open to anyone with username/pass only. With our current setup, it appears we don't need an external active-sync portal, so this eliminates that threat, and since you'd need an activation code to get onto the BES, that provides a basic form of two-factor auth. As for whether the traffic itself is secure... I would hope so, as the encryption should be sufficient (I haven't heard many arguments otherwise).

Please use plain text.
Forums Advisor I
oliwer
Posts: 581
Registered: ‎05-23-2008
My Device: BB10 and WiFi PB

Re: How exactly does this setup work?

Just want to say that your posting is right.

If it is 6.2.1 you are running BES10. Otherwise you would have a BES10.1 entry in Programs and features.
Please use plain text.