BlackBerry Enterprise Server version 3.6 for Microsoft Exchange

BlackBerry Enterprise Server version 3.6 for Microsoft Exchange Research In Motion

© 2003 Research In Motion Limited. All Rights Reserved.

Contents Overview.......................................................................................................................................................................1

Mobile computing..................................................................................................................................................1 The BlackBerry solution........................................................................................................................................1

BlackBerry innovations in wireless connectivity ......................................................................................................1 End-to-end security....................................................................................................................................................1 Push architecture........................................................................................................................................................1 Email and calendar ....................................................................................................................................................2

Integrated email address ........................................................................................................................................2 Wireless email reconciliation ................................................................................................................................2 Attachment service ................................................................................................................................................2 Wireless calendar synchronization ........................................................................................................................2

Corporate data access ................................................................................................................................................2 Mobile Data Service ..............................................................................................................................................2

BlackBerry Connect License Program.......................................................................................................................3 BlackBerry synchronization features.........................................................................................................................3

Wireless email reconciliation ................................................................................................................................3 Wireless calendar synchronization ........................................................................................................................4 PIM synchronization..............................................................................................................................................4 Managing mail with filters.....................................................................................................................................4

BlackBerry security.....................................................................................................................................................5 Degree of security..................................................................................................................................................5 Confidentiality .......................................................................................................................................................5 Authentication .......................................................................................................................................................5 Data integrity .........................................................................................................................................................5

BlackBerry system architecture .................................................................................................................................5 Wireless email .......................................................................................................................................................5 Message flow to a handheld ..................................................................................................................................6 Message flow from a handheld..............................................................................................................................7 Calendar items .......................................................................................................................................................7 Corporate data access ............................................................................................................................................7

BlackBerry Enterprise Server Management.............................................................................................................8 Administration ...........................................................................................................................................................8

Server-level administration....................................................................................................................................8 User-level administration ......................................................................................................................................9 Administration through IT policy files ..................................................................................................................9 Logging ...............................................................................................................................................................10 Monitoring...........................................................................................................................................................10 Mobile Data Service monitor page ......................................................................................................................10 SNMP agent.........................................................................................................................................................10

BlackBerry Enterprise Server deployment .............................................................................................................10 System requirements................................................................................................................................................10

BlackBerry Enterprise Server hardware requirements.........................................................................................11 BlackBerry Enterprise Server software requirements..........................................................................................11 Files required by the BlackBerry Enterprise Server ............................................................................................11 Files required for Mobile Data Service................................................................................................................11

Firewall and proxy server configuration..................................................................................................................12 Performance impact ..................................................................................................................................................12

Microsoft Exchange performance........................................................................................................................12 Network performance ..........................................................................................................................................12

Serving multiple Microsoft Exchange Servers ........................................................................................................13 Network connectivity ..........................................................................................................................................13 Windows NT security..........................................................................................................................................13 Microsoft Exchange 5.5 inter-site communication..............................................................................................14 Microsoft Exchange 2000 inter-site communication...........................................................................................14

Scaling.........................................................................................................................................................................15 BlackBerry Enterprise Server disaster recovery plan............................................................................................15

Database ..............................................................................................................................................................15 Microsoft Exchange 5.5.......................................................................................................................................15 Microsoft Exchange 2000....................................................................................................................................15

BlackBerry Enterprise Server version 3.6 for Microsoft Exchange

Overview This document provides an overview of the BlackBerry Enterprise Server version 3.6 for Microsoft Exchange and can be used as a tool to assess the suitability of the BlackBerry solution for your Microsoft Exchange corporate environment.

Mobile computing Several wireless products attempt to remove the need for mobile professionals to travel with laptops. Although product characteristics vary greatly, these offerings are often fragmented and incomplete.

Market research reveals the following common complaints with wireless solutions, which result from the inability to integrate with existing enterprise systems:

!

!

!

!

!

!

!

difficulty assembling components from different vendors to wirelessly access corporate data

difficulty defining and addressing security issues in multiple-vendor wireless solutions

difficulty determining a solution’s impact on the mail system

The BlackBerry solution The BlackBerry solution, by Research In Motion (RIM), is the leading wireless solution for accessing corporate email. The BlackBerry solution also enables mobile professionals to access corporate data and personal information management (PIM) applications, such as contacts, appointments, and tasks. This end-to-end solution supports an industry leading security standard called Triple DES encryption and has a low impact on network and mail server resources.

The BlackBerry solution consists of the following components:

The BlackBerry Enterprise Server manages messaging redirection, enables wireless access to corporate data, provides encryption, and enables administrators to centrally manage BlackBerry deployment.

The BlackBerry Wireless Handheld provides an intuitive interface to access corporate data and email wirelessly.

BlackBerry Desktop Software enables users to synchronize personal data.

Wireless data and voice services are available from wireless network providers.

BlackBerry innovations in wireless connectivity The BlackBerry solution introduces several innovations in wireless connectivity.

End-to-end security Unlike most mobile corporate data solutions, the BlackBerry solution provides a secure, end-to-end link between the handheld and corporate email, data, and PIM applications. The BlackBerry solution is the first wireless solution to have a handheld awarded FIPS-140 certification, the US government's standard for wireless data transfer. The BlackBerry solution does not compromise the security provided by corporate firewalls and includes security for the data that is transmitted between the handheld and the enterprise.

Push architecture The BlackBerry wireless push architecture eliminates the inconvenience of dialling in or initiating a connection to access corporate email or data. In the traditional pull model, the user must periodically connect to their information source to determine whether anything has changed.

In the BlackBerry solution, when an email message arrives at the user’s corporate inbox, a copy is immediately pushed, or sent, to the user’s handheld. Similarly, corporate data can be sent to handhelds without the user requesting it. The BlackBerry push model is a significant differentiator because it eliminates the effort that users

© 2003 Research In Motion Limited www.blackberry.com Page 1 of 16


exert to pull information, and it offers a high return on investment (ROI) by enabling mobile professionals to maintain a virtual presence in the workplace, while on the go.

Email and calendar

Integrated email address Unlike other wireless connectivity solutions, BlackBerry does not require a separate email address for the wireless handheld; it enables mobile professionals to gain access to their corporate email without needing to manage a second mailbox.

Wireless email reconciliation This feature reconciles changes to messages and folders without requiring the user to connect the handheld to the computer. After the user upgrades the handheld to a software version that supports wireless email reconciliation, changes that are made to messages on the user’s handheld are reflected on the user’s desktop within a short period of time.

Attachment service Using the attachment service feature, handheld users can open attachments with the following file name extensions: .doc, .xls, .ppt, .pdf, .wpd, and .txt. The attachment service converts the file formats to the Universal Content Stream (UCS) format and delivers the files as email attachments to the handheld. The attachment service generates content, which is received by the handheld based on requests by the handheld user for a table of contents or full content.

Since the BlackBerry Enterprise Server handles attachments, the attachment content is also encrypted by Triple DES encryption.

Wireless calendar synchronization The BlackBerry solution’s push technology keeps users’ handheld calendars wirelessly synchronized with their desktop calendars.

Corporate data access

Mobile Data Service In addition to wireless email and calendar functionality, the BlackBerry Enterprise Server also includes the Mobile Data Service feature, which enables wireless access to corporate data. The Mobile Data Service enables always-on, push-based access to enterprise applications and information using the BlackBerry handheld, BlackBerry Browser, and software development tools.

The Mobile Data Service has the following major features:

!

!

!

!

!

standard HTTP/HTTPS connectivity

XML language support

HTTP data push support

standard BlackBerry Enterprise Server data compression and connection security

ability to use Kerberos and (NT LAN Manager) NTLM network authentication

By utilizing the existing architecture and end-to-end security model of BlackBerry Enterprise Server, corporations have the ability to readily deploy additional wireless applications to BlackBerry handhelds with the same security as its wireless email. The BlackBerry Enterprise Server supports multiple wireless networks using standard protocols and languages (including XML, HTTP, and Java), which means that corporate application developers and independent software vendors (ISVs) can quickly deploy wireless applications without learning new middleware or operating systems.



Push applications

The Mobile Data Service provides capabilities for push applications. Push applications send content from a server to a handheld without being prompted by a handheld user. The centralized push server functionality is part of the Mobile Data Service installation, and can be configured on a single Mobile Data Service. This means that custom push applications that manage data sent from a corporate server only need to communicate with a single BlackBerry Enterprise Server that has the Mobile Data Service feature enabled to push data to the handhelds.

Network authentication

Network (handheld-to-server) authentication can be used to limit handheld requests for server interaction to approved web and application servers. Using an extensible platform that adds support for third-party servers through plug-ins, users can access approved web and application servers.

When network authentication is enabled, the handheld uses Triple-DES and HTTP authentication to link to the BlackBerry Enterprise Server, as usual. The BlackBerry Enterprise Server, with the Mobile Data Service feature enabled, then proxies the network authentication to a server using the native method of that server.

NTLM and Kerberos network authentication protocols are supported for Internet Information Services (IIS) Web Server. The intranet or IIS grants access authority. NTLM works with Microsoft NT 4.0 and Microsoft Windows 2000, and Kerberos works with Microsoft Windows 2000.

BlackBerry Connect License Program The BlackBerry Connect License Program offers users, IT departments, carriers, and licensees access to an open, global platform. It enables mobile device manufacturers to equip handhelds with the integrated ability to connect to the BlackBerry Enterprise Server. Using the secure, push-based BlackBerry wireless architecture and infrastructure, a variety of handhelds can be managed and supported on the BlackBerry Enterprise Server Management console and other BlackBerry Enterprise Server administration and monitoring tools. BlackBerry Connect integrates with the handhelds’ existing hardware and software and leverages the existing user interface while enabling access to an extensible platform that is supported by multiple carriers worldwide.

For more information on the BlackBerry Connect License Program, refer to http://www.blackberry.com/blackberryconnect/.

BlackBerry synchronization features Wireless email reconciliation Wireless email reconciliation includes the following benefits:

!

!

!

!

Users can read, move, or delete email messages on either their handheld or their computer and have the changes synchronized wirelessly.

The user does not have to connect the handheld to the computer to synchronize messages that have been filed, changed status, or been deleted. When a user reads, files or deletes a message on the handheld, the change is automatically reflected on the desktop and vice versa.

One-way folder synchronization enables users to create, delete, rename, or move a folder on their computer, and synchronize these changes wirelessly so that they appear on the handheld. When a user moves a folder to the Deleted Items folder on the desktop, the messages in the folder are also deleted and the deletes are synchronized on the handheld.

If pending changes on the user’s handheld require immediate reconciliation, the user can reconcile the email messages from the handheld manually using the Reconcile Now option.

If administrators want to disable the wireless email reconciliation feature, the same synchronization features are available when the user connects the handheld to the computer. The following are examples of this type of email reconciliation:

If a user deletes a message on the handheld, this change is noted and updated on the desktop the next time that the user connects the handheld to the computer and synchronizes data.



! The user’s desktop message folders are available on the handheld, which means that the user can move a message from the handheld inbox to another message folder. This message move is completed the next time that the user connects the handheld to the computer and synchronizes handheld and desktop data.

Wireless calendar synchronization Changes made to the calendar from a user’s desktop email program or BlackBerry handheld are synchronized wirelessly. Users can accept or reject meeting requests from the BlackBerry handheld to quickly convey availability in their online calendar. Because calendar changes are wirelessly synchronized, the user’s calendar is always current. From the BlackBerry handheld, the user can also create a meeting request, invite attendees from the handheld Address Book, and send the invitation.

Wireless calendar synchronization is particularly useful for users who have an assistant or co-worker schedule appointments on their behalf. This feature means travelling users can quickly receive calendar adjustments without having to communicate the updates through email messages or phone calls.

PIM synchronization

The BlackBerry solution uses Pumatech Intellisync software to synchronize PIM information between Microsoft Exchange and the handheld, and provides the following features for memos, tasks, calendar, and address book entries:

!

!

!

!

!

!

!

!

!

!

!

!

!

determines database equivalencies

performs field mapping and translation

recognizes and reflects recurring items

synchronizes only user-selected fields

detects and reports additions, deletions, conflicts, and duplicates

enables users to immediately resolve conflicts

maintains a synchronization history

Managing mail with filters The BlackBerry solution push architecture allows for prompt responsiveness, but users might not want to receive all messages on their handheld. Users and system administrators can define which messages are sent to the handheld by assigning the following actions to messages that meet specific filter criteria:

forward the message to the handheld

do not forward the message to the handheld

forward the message with priority to the handheld

Note: Priority messages appear on the handheld differently and users can set specific notifications for them.

User-defined filters

In the BlackBerry Desktop Manager, users can define filters that are stored on the BlackBerry Enterprise Server. Filters provide the following benefits to users:

users can set filters to leave “bulk” mailings on their computer, which they can view and address at a later time

users can set filters to notify them immediately of messages from specific people, such as superiors or co-workers

users can set filters to forward only important email to their handheld

Global filters

The BlackBerry Enterprise Server enables system administrators to set company-wide filters. For example, administrators can set global filters that prevent external junk email from being sent to the handheld or that determine notification priority. If a global filter conflicts with a user-defined filter, the global filter is applied.



BlackBerry security Few wireless solutions provide reliable security, but because BlackBerry was designed for corporate users, security is a core part of the solution. The BlackBerry solution security architecture provides a secure link between the enterprise and the handheld and does not compromise the security provided by the company’s firewall.

Degree of security BlackBerry uses the US government-created Triple DES encryption algorithm. The National Institute of Standards and Technology awarded BlackBerry handhelds the FIPS 140 certification for their embedded encryption technology, which is an important and often mandatory purchasing criteria for many organizations, especially in the government sector.

Confidentiality As part of the BlackBerry solution, only the user’s handheld and the BlackBerry Enterprise Server have copies of the user’s Triple DES encryption key. When data is in transit, it is encrypted from the moment that it leaves the handheld to the moment that the BlackBerry Enterprise Server receives it.

Authentication The BlackBerry Enterprise Server is protected from an external attack by the same shared-key encryption that is used to protect information sent and received by BlackBerry handhelds. The BlackBerry Enterprise Server has a unique random shared-key with each handheld. The BlackBerry Enterprise Server will only accept datagrams that are encrypted with the correct shared-key, and the BlackBerry Enterprise Server will not accept unencrypted datagrams. Because the shared encryption key is only known to the BlackBerry Enterprise Server and the handheld, if the BlackBerry Enterprise Server can successfully decrypt the command, then it must have come from the correct handheld. Thus, a malicious BlackBerry user (or a hacker emulating a BlackBerry user) cannot cause data to be sent from or forwarded from another BlackBerry user’s account because it does not have the correct shared-key, and thus, the BlackBerry Enterprise Server will ignore the false command.

Data integrity The end-to-end encryption also protects data integrity. If data is intercepted as it travels between the desktop and the handheld, an interceptor cannot unnoticeably alter the data. If attempts are made to alter the data in transit, the decryption engine at the receiving end rejects it.

BlackBerry system architecture Wireless email The BlackBerry Enterprise Server provides a secure, two-way link between the user’s Microsoft Exchange account and BlackBerry handheld. The BlackBerry Enterprise Server acts more as a message redirector than repository, because the Microsoft Exchange Server performs all message storage. The BlackBerry Enterprise Server maintains a link to the messages in the user’s desktop email program mailbox, and offers the following features:

!

!

!

When a user forwards a message from the handheld, the entire original message is forwarded, including all attachments.

After the first portion of the message is delivered to the handheld, the user can request more of the message to be delivered (up to 32 KB). The first portion of the message ranges from 1.5 KB to 3 KB depending on the wireless network.

When a user includes the original message in a reply from the handheld, the entire original message is appended to the reply.

The illustration below provides an overview of the BlackBerry system architecture. The main system components include the BlackBerry handheld, the BlackBerry Enterprise Server, the Microsoft Exchange Server, the user’s computer, and the wireless network.



BlackBerry Enterprise Server system architecture

The BlackBerry Enterprise Server for Microsoft Exchange uses the Messaging Application Program Interface (MAPI) protocol to monitor user’s mailboxes for new items. To push messages to the handheld, the BlackBerry Enterprise Server uses a direct TCP/IP connection to the wireless network. Achieving this connection requires a one-time configuration of the company firewall to allow the BlackBerry Enterprise Server to connect through port 3101. This is not a “hole” in the firewall, because only an outbound-initiated connection is required.

Message flow to a handheld 1. New message arrives: The Microsoft message transfer agent (MTA) delivers a new message to the user’s

desktop email mailbox.

2. Message notification: The BlackBerry Enterprise Server maintains a MAPI connection to the user’s mailbox. This connection enables the server to use the same notification for new mail that the desktop uses. Using this notification means that the server processes messages as soon as they are delivered to the user’s mailbox.

3. Message filters are applied: The BlackBerry Enterprise Server checks the message fields against global filter rules and filters the messages that meet the filter criteria. After it applies the global filter rules, the BlackBerry Enterprise Server applies any user-defined filters to messages that meet the filter criteria.

4. Message ID is assigned: The BlackBerry Enterprise Server randomly generates a Reference ID (RefId) and tag. If the message is a meeting invitation or calendar entry, the BlackBerry Enterprise Server appends calendar information to the message.

Note: The RefId is used for message identification between the BlackBerry Enterprise Server and the handheld. The tag is used for message identification between the BlackBerry Enterprise Server and the wireless network. The message tag is stored in the outbound queue until the BlackBerry Enterprise Server processes the message.

5. Message is compressed and encrypted: The BlackBerry Enterprise Server encrypts the message with the user’s encryption key, compresses it, and stores it in the memory of the BlackBerry Enterprise Server.

6. Message sent to the wireless network: The BlackBerry Enterprise Server sends the first portion of the message through port 3101 to the wireless network, which verifies that the PIN belongs to a valid handheld that is registered on the wireless network. The size of the first part of the message that is delivered to the handheld ranges from 1.5KB to 3KB and depends on the wireless network.

7. Confirmation is returned: The wireless network locates the user’s BlackBerry handheld and delivers the message. The handheld sends delivery confirmation to the BlackBerry Enterprise Server. If the BlackBerry Enterprise Server does not receive confirmation within four hours, it resubmits the message to the wireless network. Messages are maintained on the wireless network for 7 days before they expire.



8. Arrives on the handheld: The handheld decrypts and decompresses the message so that the user can view it, and notifies the user of its arrival.

Message flow from a handheld 1. Message sent from handheld: The user sends a message from the handheld. On the handheld, the message is

assigned a RefId. If the message is a meeting invitation or calendar entry, the handheld appends the calendar information to the message.

2. Message is compressed and encrypted: The handheld compresses and encrypts the entire message using Triple DES encryption.

3. Message is sent to the BlackBerry Enterprise Server: The message is sent through the wireless network, through port 3101, to the BlackBerry Enterprise Server.

4. Message is decrypted and decompressed: The BlackBerry Enterprise Server decrypts and decompresses the message. If the message cannot be decrypted using the user’s unique Triple DES encryption key, the message is discarded.

5. Message is placed in the Outbox: If the message is a Reply with text or forwarded message, the BlackBerry Enterprise Server performs a lookup using the message ID and appends the original message. Because only the first portion of a message is redirected to the handheld, the BlackBerry Enterprise Server must locate and retrieve the full message text to forward or reply with text. The message is then placed in the Outbox on the Microsoft Exchange store.

6. Message delivery: The Microsoft Exchange MTA delivers the message.

7. Copied to Sent Items folder: A copy of the message is placed in the user’s desktop email program Sent Items folder. This step does not occur if the user selects the Don’t save a copy to the Sent Items folder option in the BlackBerry Desktop Software.

Calendar items Calendar items are managed in a similar manner to email messages. The BlackBerry Enterprise Server uses MAPI, enhanced through the use of Collaboration Data Objects (CDO) for some functions, to routinely scan a user’s desktop calendar for new items. As new items are discovered, they are forwarded to the handheld over the wireless network. In reverse, as the user creates calendar items on the handheld, they are sent over the wireless network to the BlackBerry Enterprise Server to be placed in the user’s desktop calendar. After the handheld and desktop software are configured for this, all synchronization of calendar items occurs over the wireless network.

Corporate data access The BlackBerry platform for corporate data access consists of the following key components:

!

!

!

!

BlackBerry Wireless Handheld

BlackBerry Enterprise Server with the Mobile Data Service for secure network access to the enterprise

BlackBerry Browser for access to wireless web content and services

BlackBerry Java Development Environment for custom application development

Each BlackBerry Enterprise Server includes a Mobile Data Service that manages intranet data. The Mobile Data Service, as part of the BlackBerry Enterprise Server solution, provides a secure two-way gateway between the BlackBerry handheld and corporate data on Internet Protocol (IP) networks. The gateway’s standard HTTP connectivity enables BlackBerry handheld users to enjoy remote access to corporate custom application services and Internet and intranet services (using the BlackBerry Browser).

Multiple BlackBerry Enterprise Servers and multiple Mobile Data Services can be installed in a corporate system. Each Mobile Data Service has its own settings, functions, and purpose in the corporate architecture, and each Mobile Data Service receives, processes, and directs information based on configuration settings, handheld application requirements, and content server availability.



This topic is more fully explored in the BlackBerry Corporate Data Access white paper that is available at http://www.blackberry.com/support.

BlackBerry Enterprise Server Management The BlackBerry Enterprise Server administration occurs through the BlackBerry Enterprise Server Management console, which functions as a snap-in to the Microsoft Management Console. BlackBerry Enterprise Server Management enables administration of the BlackBerry Enterprise Server(s) and its users in a native environment (Microsoft Exchange 2000 or Microsoft Exchange 5.5), or mixed (both Microsoft Exchange 2000 and Microsoft Exchange 5.5) environment

From the BlackBerry Enterprise Server Management console, administrators can administer users at a server level and a mailbox level. The BlackBerry Enterprise Server Management Software requires a Microsoft Database Engine (MSDE) or SQL database (to store data relevant to the BlackBerry Enterprise Server(s) and administration mailboxes).

Administration The primary administrative tool in the BlackBerry solution, BlackBerry Enterprise Server Management, enables administrators to perform the following tasks through a management console:

!

!

!

!

!

!

!

!

add and remove BlackBerry Enterprise Servers

start and stop the BlackBerry Enterprise Server service

create, delete, and modify user accounts

apply IT policies and IT Admin commands

import multiple user accounts

define global filters

monitor user and server statistics

monitor the incoming and outgoing queues for system performance

Server-level administration The BlackBerry Enterprise Server Management console provides a consolidated view of all installed BlackBerry Enterprise Servers for Microsoft Exchange, presents data on BlackBerry Enterprise Server status and helps identify potential problems. This global view enables administrators to review the BlackBerry Servers simultaneously and accelerates the troubleshooting process.

BlackBerry Enterprise Server Management – server-level administration



User-level administration When a BlackBerry Enterprise Server icon is selected in the BlackBerry Enterprise Server Management console, the users that are assigned to that server are listed in the right pane. In the right results pane, administrators can view and modify user level properties. The console provides a centralized way to modify user settings such as filters and redirection settings. The console is configurable and customizable so that data can be sorted based on importance.

BlackBerry Enterprise Server Management – User-level administration

Administration through IT policy files IT policy files are a key feature of the BlackBerry solution. They are server-based tools that enable system administrators to implement group and individual policies for users’ handhelds and desktop software.

For example, an administrator could set a default policy for a server that applies to all users that belong to or are added to that server. Some examples of IT policy settings include enforcing the use of a password or removing the Application Loader from the desktop manager.

IT Admin commands are available for common administrative tasks. These tasks include the following commands:

!

!

!

!

!

!

!

!

!

!

!

Set Password and Lock: resets the handheld to display the password prompt screen and create a new password

Set Owner Info: sets the owner information that is stored on the handheld

Kill Handheld: disables the handheld and deletes all information that is stored on the handheld

Resending the Peer-to-Peer encryption key: resends the peer-to-peer encryption key after it has been updated

Administrators can apply IT Admin commands and add or change IT policy items and push these changes to the users’ handhelds wirelessly if the users’ handhelds support wireless synchronization of IT policies and IT Admin commands. The user might need to connect the handheld to the computer to have certain desktop policy changes applied.

IT policy items are now categorized in the BlackBerry Enterprise Server Management user interface in the following groups:

Non-Grouped Device-Only Items

Non-Grouped Desktop-Only Items

Non-Grouped Global Items

Password Policy Group

CMIME Application Policy Group

Security Policy Group

TLS Application Policy Group



! WTLS Application Policy Group

!

!

!

!

!

!

Browser Policy Group

Desktop Policy Group

New policy items have been added in this release. Users can add third-party policy items to the User-Defined and Other Policy Items group.

Logging The Microsoft Exchange logging functions place system information in a Microsoft Exchange database, which administrators can view and analyze. BlackBerry users can view these databases, but can only access information specific to their account.

Monitoring The BlackBerry Enterprise Server and its connection to the wireless network can be monitored through the BlackBerry Enterprise Server Management console. The BlackBerry Enterprise Server Management console can also be configured to inform (either through an email or a console message) defined users when events at a specified level are logged to the Windows NT Event Log.

Administrators can monitor the state of the Mobile Data Service in the following ways:

viewing the system debug log files

viewing logs in the Event Viewer

viewing the Mobile Data Service monitor page

using a Simple Network Management Protocol (SNMP) agent

Mobile Data Service monitor page Administrators can now verify the status of the Mobile Data Service and monitor the activity of the Mobile Data Service through an improved HTML page that displays configurable information from the Mobile Data Service computer’s Web Server Listen Port. Administrators can view the Mobile Data Service monitoring page with the handheld or desktop browser.

The Mobile Data Service monitoring page provides statistics on the operational state and condition of the Mobile Data Service, such as whether or not the service is running, currently in use, or experiencing any errors. Statistics on this page can be purged.

SNMP agent SNMP counters and traps have been added in this release of BlackBerry Enterprise Server, and are supported with Microsoft Windows NT 4.0 Server. Values for Mobile Data Service and Mobile Data Service event-driven traps are included.

An SNMP agent requires a running SNMP service and an SNMP browser. SNMP read-only support is automatically added as part of the BlackBerry Enterprise Server installation to enable users to view server redirection statistics.

Using SNMP, administrators can easily assess the configuration and status of the BlackBerry Enterprise Server and its users. The BlackBerry Enterprise Server stores information about its configuration and current state that can be accessed by querying with SNMP values. The BlackBerry Enterprise Server supports functions including Get requests, Get Next requests, Walk requests, and Trap messages.

BlackBerry Enterprise Server deployment

System requirements Complete system requirements are available in the Installation and Getting Started Guide that is included with the BlackBerry Enterprise Server software, and at http://www.blackberry.com/.



The following system requirements are the minimum requirements for the BlackBerry Enterprise Server version 3.6 for Microsoft Exchange. The actual system requirements might be more stringent, depending on the network configuration, structure of the mail environment, number of users, and their usage profile.

BlackBerry Enterprise Server hardware requirements Intel® Pentium® 3 processor or compatible (500 MHz or later, 256-MB RAM (plus 300-MB RAM if the attachment service feature is installed), 1-GB hard disk drive)

BlackBerry Enterprise Server software requirements BlackBerry Enterprise Server works in Microsoft Exchange 5.5, Microsoft Exchange 2000 native environments, or in a mixed (Microsoft Exchange 5.5 and Microsoft Exchange 2000) environment.

Files required by the BlackBerry Enterprise Server The BlackBerry Enterprise Server installation requires a database to store information needed for redirecting items. The BlackBerry Enterprise Server is compatible with MSDE, SQL 7.0, or SQL 2000. The database can be created directly on the BlackBerry Enterprise Server or any existing SQL server. The BlackBerry Enterprise Server software package includes Microsoft MSDE.

Files required for Mobile Data Service The following software is required for the Mobile Data Service to function:

!

!

!

Open Database Connectivity (ODBC) 2.6 or later on the Mobile Data Service computer: ODBC is installed with SQL Server (7.0 or 2000) or MSDE

for browsers on Mobile Data Service-enabled handhelds to function properly, the Mobile Data Service must be able to send HTTP requests over TCP/IP Port 80 (default port) or through a proxy server

Java Runtime Environment (JRE) 1.4 (which includes Java Secure Socket Extension [JSSE]): The BlackBerry Enterprise Server software ships with JRE 1.4.



Firewall and proxy server configuration The BlackBerry Enterprise Server can be located anywhere on the LAN and routes its TCP/IP traffic through a firewall or proxy server in the same manner as any computer on the network with web-browsing capabilities. The only requirement is that the firewall, or proxy server, must enable the BlackBerry Enterprise Server to connect to port 3101. Similar to a web browser’s HTTP connection to port 80 or through a proxy server, this is an outbound-initiated connection. No inbound connection “holes” are required that would create a risk of unauthorized access to the corporate network.

The BlackBerry Enterprise Server is responsible for opening the connection to the wireless network that remains open for two-way traffic. Both sides of the connection authenticate the connection, so that the BlackBerry Enterprise Server does not connect to an intervening party.

Performance impact Microsoft Exchange performance The BlackBerry Enterprise Server for Microsoft Exchange integrates well with existing Microsoft Exchange deployments and centralizes the system load that is associated with providing users with ‘Always On, Always Connected®’ wireless connectivity to their corporate email and data. Initial load testing with the BlackBerry Enterprise Server version 3.6 for Microsoft Exchange indicates that impact on the mail server is negligible.

Network performance A common misconception is that BlackBerry Enterprise Server for Microsoft Exchange doubles network traffic because it replicates Microsoft Outlook email. This mistaken impression overlooks the fact that only the text of each message is retrieved from the Microsoft Exchange Server. Because the server does not process email attachments*, bandwidth savings can be substantial. A typical 10-Mbps or 100-Mbps Ethernet connection between the BlackBerry Enterprise Server and the Microsoft Exchange Server generates negligible BlackBerry Enterprise Server traffic.

Although the customer’s link to the Internet is likely a lower-capacity T1 or T3 connection, the BlackBerry Enterprise Server only transmits 1 to 2 KB (post compression) for each message that it sends or receives over this link. Comparatively, this is equivalent to the bandwidth that a web browser expends to receive a single web page, however, the BlackBerry wireless email load occurs over an entire day.

*With the attachment service feature installed (which is available in BlackBerry Enterprise Server version 3.5 or later), attachments are processed only when the user requests them. With BlackBerry Enterprise Server version 3.5 and later, a standalone version of the attachment service is available to be installed on top of the BlackBerry Enterprise Server computer and is supported on C++-enabled handhelds. In BlackBerry Enterprise Server version 3.6, the attachment service feature is part of the Typical installation type. This feature requires an additional 300 MB of RAM on the BlackBerry Enterprise Server computer. This topic is more fully explored in the Attachment Service white paper that is available at http://www.blackberry.com/support.



Serving multiple Microsoft Exchange Servers The BlackBerry Enterprise Server is scalable and can serve multiple Microsoft Exchange Servers. However, before adding users from multiple Microsoft Exchange sites to the BlackBerry Enterprise Server, administrators should consider the following factors.

!

!

!

!

!

!

!

network connectivity

Windows NT security

Microsoft Exchange inter-site communications

Network connectivity The BlackBerry Enterprise Server requires a connection to a Microsoft Exchange Server over a standard MAPI connection, similar to a Microsoft Outlook client session. Session connectivity is required for both single and multiple-site applications of the BlackBerry Enterprise Server. Certain elements of the connectivity must be considered for the multiple-site configuration to succeed.

Persistent inter-site connectivity

Continuous connectivity between the BlackBerry Enterprise Server and the Microsoft Exchange Server must exist for data redirection to occur. This is true for single and multiple-site applications of the BlackBerry Enterprise Server.

Available bandwidth

For the BlackBerry Enterprise Server to filter messages, it must read every message that is received in each BlackBerry user’s mailbox. The BlackBerry Enterprise Server only reads the first 32 KB of a message to apply the user-defined filter criteria. This fact should be considered, because it affects the load on the network that connects the BlackBerry Enterprise Server to the Microsoft Exchange Server on which the mailbox resides. The extent of this load is determined by the following factors:

number of users being monitored remotely

volume of messages received by those users

available bandwidth supplied by the network connection

committed information rate (CIR) of the network connection

Note: Specific recommendations for network requirements or the maximum number of users that can be supported are not provided in this document. This information cannot be generalized, as it is based on numerous variable values that are specific to the operating environment in which the BlackBerry solution is installed. A thorough analysis of these variables is required to accurately determine this information.

Windows NT security Microsoft Exchange uses Windows NT domain accounts as the basis of its user community and security. To be a Microsoft Exchange user, or to have administrative rights within Microsoft Exchange, a user must have a valid Windows NT account. Microsoft Exchange users in a specific site must be members of a specific Windows NT domain or one of its trusted domains.

Because of this Windows NT security feature, the BlackBerry Enterprise Server service account must be able to have rights assigned to it in the remote Microsoft Exchange site. With complex domain models and complex Microsoft Exchange environments, this fact cannot be assumed in spite of the fact that data and directory information are exchanged seamlessly.



For a BlackBerry Enterprise Server service account to be granted access to a remote Microsoft Exchange site, the account must possess one of following attributes:

!

!

The account is a valid Windows NT account in the domain in which the remote Microsoft Exchange Server resides.

The account is a valid Windows NT account in a domain that is trusted by the domain in which the remote Microsoft Exchange Server resides.

If the account does not meet either of these conditions, it cannot be granted access to the remote Microsoft Exchange site’s Site and Configuration containers.

Microsoft Exchange 5.5 inter-site communication Microsoft Exchange makes use of a communication mechanism called a connector to facilitate the transfer of data and directory information between sites. The exchange of directory information between Microsoft Exchange sites is called directory replication. Directory replication is an ongoing process that continuously strives to make sure that the Global Address List (GAL) accurately reflects the address information of all users in all sites within a Microsoft Exchange organization.

The frequency at which sites exchange directory information is determined by the schedule that is set in the directory replication connector’s properties page. The time that it takes for a change in one site to be reflected in a second site is a variable period of time that depends on the schedules of all of the directory replication connectors that must process the change in its travel from one site to another. This time is known as the convergence time.

With respect to BlackBerry Enterprise Server implementation, there exists a potential for issues to arise if account changes are made in the remote Microsoft Exchange site. In theory, a change could be made to an account in the remote site that would not be reflected in the copy of the GAL that the BlackBerry Server uses as its reference.

In summary, it is important to understand the convergence time of directory replication between the sites that are being considered for single BlackBerry Enterprise Server integration. Specifically, there is the potential for administrative tasks that are performed on the mailbox in the remote site to have an impact on that user’s ability to receive data. This potential becomes much greater when the task alters the directory definition of the remote mailbox object.

The key success factor for administrators implementing this type of scenario is to be aware of the concerns that are listed here and to be aware of them when making changes to the BlackBerry-enabled accounts.

Microsoft Exchange 2000 inter-site communication With Microsoft Exchange 2000, the directory portion of Microsoft Exchange has moved to the Windows 2000 Active Directory. Active Directory is also replicated between Active Directory Sites, and Microsoft Exchange Servers depend on Global Catalog Servers for accurate mailbox information to route data. Administrators must be aware of the replication topology between Active Directory Sites when considering adding users to a BlackBerry Enterprise Server that resides in another site.

Note: For optimal performance and reliability, it is recommended that administrators architect the BlackBerry Enterprise Server deployment such that each BlackBerry Enterprise Server only services Microsoft Exchange users that are in the same Microsoft Exchange Administrative Group. This means that the same care must be taken when designing the environment whether working in a Microsoft Exchange 2000 or Microsoft Exchange 5.5 environment.



Scaling By using the multiple instance feature of the BlackBerry Enterprise Server for Microsoft Exchange, system administrators can support an increased number of users on a single server.

BlackBerry focuses on lowering the total cost of ownership (TCO) for a BlackBerry deployment by minimizing the hardware requirements to support more BlackBerry users. The target is to support up to 2000 users on one server to increase user density, therefore reducing the number of servers that are required.

BlackBerry understands the costs that are associated with multiple servers in the data center and is working diligently to reduce that cost. With BlackBerry, up to four instances of the BlackBerry Enterprise Server can be configured to run as individual Windows NT/ Windows 2000 services on one server. Each BlackBerry Enterprise Server service has a unique SRP identifier and maintains separate MAPI profiles with the Microsoft Exchange Server. This new feature addresses the need for companies with many users that would rather not have to deploy additional hardware for each BlackBerry Enterprise Server that they operate.

The BlackBerry Enterprise Server version 3.6 for Microsoft Exchange was load tested to confirm that the system can handle 2000 heavy email users. Using the MMB2 performance standard developed by Microsoft and Hewlett Packard to test Microsoft Exchange, it was confirmed that 2000 enterprise users are easily sustainable on one hardware server that supports four instances of the BlackBerry Enterprise Server. The testing used multiple variables and found minimal decline in performance, even on different wireless networks and fluctuations in usage by end users. When Mobile Data Service applications were added, no significant decrease in performance was found. Overall, the BlackBerry Enterprise Server has been proven to support 2000 users for each hardware server.

BlackBerry Enterprise Server disaster recovery plan Disaster recovery planning for the BlackBerry wireless solution is a natural extension of the planning that organizations must undertake for their Microsoft Windows NT, Windows 2000, and Microsoft Exchange environments.

The following aspects of the BlackBerry wireless solution aid in disaster recovery planning:

Database In the BlackBerry Enterprise Server version 3.6 for Microsoft Exchange, the database that is created is used extensively to perform administration tasks. This database stores information that is related to the BlackBerry Enterprise Server as well as IT policy files and settings. As such, this database should be included in the backup of the server. The information that is stored in the database is fairly static so a nightly backup should provide a reasonable recovery option. If the database becomes corrupted or lost, the information can be re-created without end-user impact.

Microsoft Exchange 5.5 In the Microsoft Exchange 5.5 environment, each BlackBerry handheld maintains its own user information through the desktop software. This information is stored in the user’s desktop email program mailbox in hidden folders. The name of the BlackBerry Enterprise Server and the license information is all stored in the Microsoft Exchange directory. If the BlackBerry Enterprise Server administrative mailbox is hosted on a Microsoft Exchange 5.5 server, disaster recovery is simple. A spare server can be kept online with BlackBerry Enterprise Server software installed, but not running, and the name of the server and the license information can be entered to match the Microsoft Exchange directory, and the server can be brought up very quickly, without a noticeable delay to the users.

Microsoft Exchange 2000 Due to the more advanced nature of Microsoft Exchange 2000 and Active Directory, the BlackBerry Enterprise Server administrative mailbox, when hosted on a Microsoft Exchange 2000 server, does not rely on any information being stored in the directory, but rather utilizes the SQL or MSDE database that is created during initial installation. The protection of this database is crucial and should be part of a regular backup process. Users still keep vital information in their desktop email program hidden folders as before.




Part number: WPE-00032-002

© 2003 Research In Motion Limited. All rights reserved. The BlackBerry and RIM families of related marks, images and symbols are the exclusive properties of Research In Motion Limited. RIM, Research In Motion, 'Always On, Always Connected', the “envelope in motion” symbol and the BlackBerry logo are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners. The handheld and/or associated software are protected by copyright, international treaties and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D,445,428; D,433,460; D,416,256. Other patents are registered or pending in various countries around the world. Please visit www.rim.com/patents.shtml for a current listing of applicable patents.

RESEARCH IN MOTION LIMITED (RIM) ON BEHALF OF ITSELF AND ITS AFFILIATES MAKES NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION OR GRAPHICS CONTAINED IN THIS ADVISORY FOR ANY PURPOSE. THE CONTENT CONTAINED IN THIS DOCUMENT, INCLUDING RELATED GRAPHICS, ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. RIM HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL RIM BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION CONTAINED HEREIN. THIS DOCUMENT, INCLUDING ANY GRAPHICS CONTAINED WITHIN THE DOCUMENT, MAY CONTAIN TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. UPDATES ARE PERIODICALLY MADE TO THE INFORMATION HEREIN AND RIM MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED HEREIN AT ANY TIME WITHOUT NOTICE.

Documents

BlackBerry Enterprise Server version 3.6 for Microsoft Exchange