BES 10 info
I am not sure if this has been discussed here or not yet?
I just finished viewing a new webinar from BBRY on the facts of BDS and MGT Studio and UDS and how they work today. What I found interesting is that BBRY did say that BES10 works on the ActiveSync protocol, it no longer works on the API protocols. With respect to ActiveSync BES10 doesn't allow Microsoft's servers to communicate directly with the device, instead BES10 talks to BBRY's servers over port 3101 those servers to talk Exchange over ActiveSync and the data which is being transmitted to the device from BBRY's servers is encrypted at AES-256bit
- 02-28-2013, 07:58 PM #2
I'm trying to break this down. So BES10 communicates via ActiveSync to the Microsoft Exchange server to retrieve email and sync PIM data, etc., and then relays this info through the BBRY NOC on port 3101? I'm with you so far, but what does the BlackBerry phone use? ActiveSync to the BBRY servers or is this, too, using a proprietary protocol? Or, put another way, what is "(?)" in the path below?
Exchange <----ActiveSync----->BES 10<------port 3101------->BBRY NOC <----(?)--->BlackBerrychronic BlackBerry addict and abuser
The NOC re-encrypts the SSL patches from Exchange which ware usually only 128bit for that extra added security before sending them to the device.
Last edited by smoothrunnings; 02-28-2013 at 08:37 PM.
02-28-2013, 08:26 PM #4
- 4,971 Posts
I would really like to see this as well. My understanding was that the device connected directly with Exchange ActiveSync but that BES10 controlled and extended the relationship.
"Max Power doesn't 'cuddle'! You strap yourself in and feel the Gs!"
- 02-28-2013, 08:31 PM #5
Very nice. I haven't seen it articulated this clearly before. I noticed that when my BES 10 on my Windows Server 2012 vm was down, I wasn't receiving email. Now I know why. I thought when I activated my Z10 and PlayBook on my BES that email and PIM data was synchronizing directly with Exchange via ActiveSync. Clearly I was mistaken! Thanks.chronic BlackBerry addict and abuser
- 03-01-2013, 08:29 PM #8
Exchange <->ActiveSync <-> BES10 BDS <-> 3101 <-> Firewall <-> NOC <->Wireless Network <->BB10 Device
UDS currently uses additional ports.
Anything other would be covered under NDA~S_A
- 03-01-2013, 09:38 PM #9
Pretty much what I surmised in my first post. The value-added being that the BES10 server acts as a broker/proxy to the Exchange Server using ActiveSync. The BB10 device reaches across the carrier's network using an encryption to the BES10 server. The encryption keys are negotiated (and reside) at the end points (BB10 device and the BES10 server) and the BBRY NOC acts as a tunnel broker. Cool. The screenshot below is on my Cisco firewall, behind which reside both my BESx 5.04 server and my BES10 server. Note that there are two connections on port 3101 from the respective BES servers to the BBRY NOC.
chronic BlackBerry addict and abuser
- CrackBerry User
03-02-2013, 07:18 AM #10
- 15 Posts
Ah, I think people are confusing BDS and UDS. As Sith said, "UDS currently uses additional ports." - appears UDS may be a pass through while BlackBerry BDS data still flows encrypted from BES through RIM infrastructure to the device?I am a Mobile Device Management consultant, focusing primarily on BlackBerry Enterprise Server with Exchange & Lotus Domino e-mail.
- 03-02-2013, 10:42 PM #12chronic BlackBerry addict and abuser
03-05-2013, 01:59 PM #14
- 5,168 Posts
Posted via CB10 on the BlackBerry Z10
Last edited by smoothrunnings; 03-06-2013 at 07:41 AM.
- CrackBerry User
03-08-2013, 12:28 AM #18
- 16 Posts
BES 10 includes two major components, BDS for managing PlayBook and BB10 devices, and UDS for managing iOS and Android devices.
According to BlackBerry's documentation BDS communicates to Exchange CAS server internally. Anyway I am writing this message from a Z10 activated against BDS which was installed by me.
Our Exchange server is not open from Internet, and I created the mail profile on BDS server using the Exchange server internal hostname. This is how it works.
Exchange ActiveSync has to be opened from Internet only for the UDS server for iOS and Android management. This is 100%.
Please do not write any other false information here.
Posted via CB10
Last edited by heinci; 03-08-2013 at 12:39 AM.
- 03-08-2013, 07:13 AM #19
BES10 most definitely talks to Exchange. How else would it pull your mail profile information? It talks to the servers on the LAN only, and your devices do not reach back and directly talk to Exchange (otherwise there would be no additional security?). UDS reaches directly back over port 443 to your Exchange server and to BES 10 (over 443). BDS is ALWAYS through BES to Exchange.~S_A
- By VerryBestr in forum News & RumorsReplies: 0Last Post: 10-10-2012, 07:20 PM
- By Tenkawa in forum News & RumorsReplies: 3Last Post: 09-01-2012, 06:43 AM
- By rolltide78 in forum General BlackBerry DiscussionReplies: 2Last Post: 08-22-2012, 04:09 PM
- By Pi Guy 3.14 in forum Site News, Feedback, HelpReplies: 0Last Post: 06-25-2010, 10:55 AM
- By BaRTiMuS in forum BlackBerry AdministratorsReplies: 0Last Post: 03-13-2009, 09:56 AM