Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

New Contributor
Posts: 2
Registered: ‎11-02-2013
My Device: Q10
My Carrier: Swisscom

BES not as a member server

Hi guy's


we are planing to install a bes 5 in our enviroment. the server is planed to be placed in a separate network (dmz), in the main network zone we have 2 ad servers, 4 exchange and 1 sql server. i'm looking for some reason, to make the bes a ad member server. is it a good idea to have the bes separated? or is it best practice to have just a blackberry role in the dmz and all the other roles in the main network.


thanks for your help




Guru III
Posts: 32,244
Registered: ‎06-25-2008
My Device:

I'm rockin the BlackBerry DTEK60, Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook,BT Headset HS-700

My Carrier: I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: BES not as a member server

BES in a DMZ is a bad idea and yes its needs to be joined to domain.


You can put the BlackBerry router in the DMZ but it really does not offer any security benefit.


more info here

Support for placing the BlackBerry Enterprise Server in the DMZ   


Click here to Backup the data on your BlackBerry Device! It's important, and FREE!

Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info.

SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope

Want to thank me? Buy my KnottyRope App here

BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V

Posts: 36
Registered: ‎09-17-2013
My Device: Curve 9300
My Carrier: Swisscom

Re: BES not as a member server

Hi knottyrope


thanks for your fast answer. that's what i was looking for. So best practice is to install a blackberry router in the dmz which is not part of the ad. then just open the port 3101 from the core zone to the dmz and install a bes in the core zone whitch is a ad member server, right?


many thanks