Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Developer
Posts: 61
Registered: ‎04-04-2008
My Device: BlackBerry
My Carrier: Vodafone

Must the "Blackberry Universal Device Service" connect to ActiveSync?

We have a MS Exchange 2010 Server, which could be accessed from external (via a MS TMG). We would like to use the "Blackberry Universal Device Service" now, but I couldn´t understand from the installation manual, at which point the device (or the server) will connect to ActiveSync.

 

So must I open the internal firewall so, that the "Blackberry Universal Device Service" can reach our internal Exchange CAS server? Or is that only a plugin on the device, which allows me to manage the device, and the "real" activesync traffic is still going via the MS TMG over the old way?

Bastian W.
BlackBerry Employee
Posts: 212
Registered: ‎04-01-2008
My Device: Not Specified

Re: Must the "Blackberry Universal Device Service" connect to ActiveSync?

Hi BastianW

 

The Blackberry Universal Device Service does not connect to the mail platform so you wont have to open any internal ports for that. Main purpose of UDS is to manage / secure iOS/Android devices.

 

UDS also allows you to create profiles and push them to device so end users wont have to manually enter the details (i.e.. Wifi, ActiveSync, VPN)

 

If you push out an ActiveSync profile to device via UDS, the device will connect to your Exchange CAS the same way it would if you were to manually enter the ActiveSync profile on a device.

 

Hope that helps.

Developer
Posts: 61
Registered: ‎04-04-2008
My Device: BlackBerry
My Carrier: Vodafone

Re: Must the "Blackberry Universal Device Service" connect to ActiveSync?

Hello

 

Bastian W.
Highlighted
BlackBerry Employee
Posts: 212
Registered: ‎04-01-2008
My Device: Not Specified

Re: Must the "Blackberry Universal Device Service" connect to ActiveSync?

No problem. Looking at the Feature Guide  (page 6) you can enable Certificate-based authentication

 

Here is a quick summary.


You can use the Universal Device Service to send certificates to devices using certificate
profiles or SCEP profiles. The Universal Device Service helps to restrict access to Microsoft
ActiveSync, Wi-Fi connections, or VPN connections to devices that use certificate-based
authentication. Also, this feature helps you to control Microsoft ActiveSync, Wi-Fi connections,
or VPN connections on devices because the Universal Device Service is designed to
automatically remove profiles and certificates when a device violates one of the predefined
compliance policies, for example, compliance policies for jailbroken devices or rooted
devices. Certificate-based authentication does not require a proxy server between the device
and your organization's messaging server

 

With this enabled, it looks like profiles sent to device will be used and anything else would be considered non compliant and removed.

 

Hope this helps.