05-29-2013 05:44 PM - edited 05-29-2013 05:46 PM
We've got an interesting setup functioning here at our office and I'm not 100% sure how this actually works.
We have a BES10 server behind our firewall on our internal network. We have Exchange 2003 with 1 front end server and 2 back end servers, both behind our firewall as well. Active-sync is turned on and configured with SSL as per normal.
We are able to successfully activate a Z10/Q10 to our BES. The E-mail profile that gets pushed down is using the internal server name of our front-end server as the active-sync server name. There is no routable external DNS name being used at all (e.g. no sync.companyname.com).
Is the BES server creating some kind of tunnel to our Exchange server via the BES server address? (e.g. s1234567)? Is it using the Blackberry infrastructure to do this? I'm just confused how this is able to work, considering we don't have a direct path into our activesync environment. And, is this secure?
Solved! Go to Solution.
05-30-2013 02:18 AM
05-30-2013 12:36 PM
conito68: no I believe we're still on 10.0.0; I've looked everywhere to find the version. Programs & features on the server lists Blackberry Device Service as 6.2.1 (bundle 11).
oliwer: thanks for the reply. We're mainly concerned about someone's username/password getting compromised and then someone setting up an activesync account with stolen credentials. It seems most companies don't share these concerns as a lot of others we've talked to don't use two-factor authentication and just leave their active-sync portals open to anyone with username/pass only. With our current setup, it appears we don't need an external active-sync portal, so this eliminates that threat, and since you'd need an activation code to get onto the BES, that provides a basic form of two-factor auth. As for whether the traffic itself is secure... I would hope so, as the encryption should be sufficient (I haven't heard many arguments otherwise).