Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® Enterprise Service 10

Reply
Contributor
Posts: 11
Registered: ‎04-18-2013
My Device: z10
My Carrier: bell/rogers/fido

do i need communication modul in DMZ? can i do without

[ Edited ]

We already have active sync working for email (both iphone / android) 

 

i want to install UDS, so we can control android devices (not iphone at the moment).  i already install core BDS on server in LAN, (wokring fine)

 

i am trying to install UDS so we can better manage android and blackberry 10 phones. Do i need communication manager at all (or better yet, does it need to be installed on DMZ??)??

 

please help.

Contributor
Posts: 12
Registered: ‎02-25-2009
My Device: Not Specified

Re: do i need communication modul in DMZ? can i do without

I have the same question. Very confused on UDS architecture and the documentation / installation guides are terrible.

From what the documentation says, you can install Core and Console modules inside your LAN, but the Communication Module needs to be in the DMZ.

I too already have active sync working externally using a VPN virtual hostname directed into our Exchange (no edge server).

From my understanding, this is how the whole process works:
1. User downloads BES10 app on their iPhone or Android.

2. (Just guessing here) From the app, they activate to name.company.com which is an external DNS record pointing to, i'm guessing, the UDS Communication Module?

3. Communication module confirms credentials entered by connecting to the Core, which connects to AD, and then sends the e-mail profile down to the user's device?

4. E-mail is then configured using your regular active sync settings (as if you did it directly)?
Contributor
Posts: 12
Registered: ‎02-25-2009
My Device: Not Specified

Re: do i need communication modul in DMZ? can i do without

[ Edited ]

So just thinking out loud here... if you had some other gateway / vpn / TMG sitting in your DMZ, you could point the external DNS record to that instead of the communication module... and the TMG or whatever you use can tunnel that traffic to the communication module on your internal LAN...

I have NO idea if that is possible as the UDS documentation makes no mention of doing it that way.

 

And then there's the whole issue of certificates... I don't know how that works into this either... would I then need an externally signed certificate for both my UDS connection as well as Active Sync connection on the end user's device?

Contributor
Posts: 11
Registered: ‎04-18-2013
My Device: z10
My Carrier: bell/rogers/fido

Re: do i need communication modul in DMZ? can i do without

[ Edited ]

ok so from what i have been reading (researched) ,, active sync is working without any issue on IOS and android devices. but u meed to have communicatioin manage installed. to control these devices and push policies..

 

my installation will only have communication manager /module installed on dmz. and usd installed on internal lan

 

Setup a static NAT for DMZ

Setup a DNS A record for the box in the DMZ with the communication module installed.

 

all external > DMZ NAT'd address:443

 

allow DMZ > UDSLAN tcp8081

allow UDSLAN  > all external:tcp3101

allow UDSLAN > all external:tcp2195

allow UDSLAN > all external:tcp5223

allow UDSLAN > all external:tcp80

allow UDSLAN > all external:tcp443