Results 1 to 21 of 21
Like Tree2Likes
  • 1 Post By smoothrunnings
  1. smoothrunnings's Avatar
    CrackBerry Master

    Posts
    1,357 Posts
    Global Posts
    1,358 Global Posts
    Thread AuthorThread Author   #1  

    Default BES 10 info

    I am not sure if this has been discussed here or not yet?

    I just finished viewing a new webinar from BBRY on the facts of BDS and MGT Studio and UDS and how they work today. What I found interesting is that BBRY did say that BES10 works on the ActiveSync protocol, it no longer works on the API protocols. With respect to ActiveSync BES10 doesn't allow Microsoft's servers to communicate directly with the device, instead BES10 talks to BBRY's servers over port 3101 those servers to talk Exchange over ActiveSync and the data which is being transmitted to the device from BBRY's servers is encrypted at AES-256bit
    Thanked by:
    webmeister (02-28-2013) 
    webmeister likes this.
  2. webmeister's Avatar
    CrackBerry Addict

    Posts
    589 Posts
    #2  

    Default

    Quote Originally Posted by smoothrunnings View Post
    I am not sure if this has been discussed here or not yet?

    I just finished viewing a new webinar from BBRY on the facts of BDS and MGT Studio and UDS and how they work today. What I found interesting is that BBRY did say that BES10 works on the ActiveSync protocol, it no longer works on the API protocols. With respect to ActiveSync BES10 doesn't allow Microsoft's servers to communicate directly with the device, instead BES10 talks to BBRY's servers over port 3101 those servers to talk Exchange over ActiveSync and the data which is being transmitted to the device from BBRY's servers is encrypted at AES-256bit
    Interesting. Do you have a link please?
    I'm trying to break this down. So BES10 communicates via ActiveSync to the Microsoft Exchange server to retrieve email and sync PIM data, etc., and then relays this info through the BBRY NOC on port 3101? I'm with you so far, but what does the BlackBerry phone use? ActiveSync to the BBRY servers or is this, too, using a proprietary protocol? Or, put another way, what is "(?)" in the path below?

    Exchange <----ActiveSync----->BES 10<------port 3101------->BBRY NOC <----(?)--->BlackBerry
    chronic BlackBerry addict and abuser
  3. smoothrunnings's Avatar
    CrackBerry Master

    Posts
    1,357 Posts
    Global Posts
    1,358 Global Posts
    Thread AuthorThread Author   #3  

    Default

    Quote Originally Posted by webmeister View Post
    Interesting. Do you have a link please?
    I'm trying to break this down. So BES10 communicates via ActiveSync to the Microsoft Exchange server to retrieve email and sync PIM data, etc., and then relays this info through the BBRY NOC on port 3101? I'm with you so far, but what does the BlackBerry phone use? ActiveSync to the BBRY servers or is this, too, using a proprietary protocol? Or, put another way, what is "(?)" in the path below?

    Exchange <----ActiveSync----->BES 10<------port 3101------->BBRY NOC <----(?)--->BlackBerry
    BES10 ---->port 3101--->BBRY NOC--->Exchange ActiveSync--->BBRY NOC->BB10 Device (all going over AES/3DES 256 bit encryption)

    The NOC re-encrypts the SSL patches from Exchange which ware usually only 128bit for that extra added security before sending them to the device.
    Last edited by smoothrunnings; 02-28-2013 at 07:37 PM.
  4. Thunderbuck's Avatar

    Posts
    5,282 Posts
    Global Posts
    5,283 Global Posts
    PIN
    2B6927F7
    #4  

    Default

    I would really like to see this as well. My understanding was that the device connected directly with Exchange ActiveSync but that BES10 controlled and extended the relationship.





    "Max Power doesn't 'cuddle'! You strap yourself in and feel the Gs!"
  5. webmeister's Avatar
    CrackBerry Addict

    Posts
    589 Posts
    #5  

    Default

    Very nice. I haven't seen it articulated this clearly before. I noticed that when my BES 10 on my Windows Server 2012 vm was down, I wasn't receiving email. Now I know why. I thought when I activated my Z10 and PlayBook on my BES that email and PIM data was synchronizing directly with Exchange via ActiveSync. Clearly I was mistaken! Thanks.
    chronic BlackBerry addict and abuser
  6. smoothrunnings's Avatar
    CrackBerry Master

    Posts
    1,357 Posts
    Global Posts
    1,358 Global Posts
    Thread AuthorThread Author   #6  

    Default

    Quote Originally Posted by Thunderbuck View Post
    I would really like to see this as well. My understanding was that the device connected directly with Exchange ActiveSync but that BES10 controlled and extended the relationship.
    This isn't true as RIM/BBRY said today in the webinar that they re-encrypt the ActiveSync packet they retrieve before its received by the device. Since BES 10 does not talk directly to exchange while running in the same environment their internal network diagram which I really should have taken a picture of with my Z10, shows the path I posted above. Meaning that they are doing from the BBRY noc.
  7. webmeister's Avatar
    CrackBerry Addict

    Posts
    589 Posts
    #7  

    Default

    Quote Originally Posted by smoothrunnings View Post
    This isn't true as RIM/BBRY said today in the webinar that they re-encrypt the ActiveSync packet they retrieve before its received by the device. Since BES 10 does not talk directly to exchange while running in the same environment their internal network diagram which I really should have taken a picture of with my Z10, shows the path I posted above. Meaning that they are doing from the BBRY noc.
    Your point seems to be supported by the fact that my email stopped flowing when my BES 10 vm was rebooted. I'd still like a link to that webinar, though. ;-)
    chronic BlackBerry addict and abuser
  8. Sith_Apprentice's Avatar

    Posts
    9,738 Posts
    Global Posts
    9,740 Global Posts
    PIN
    Changes way too often
    #8  

    Default

    Currently:
    Exchange <->ActiveSync <-> BES10 BDS <-> 3101 <-> Firewall <-> NOC <->Wireless Network <->BB10 Device

    UDS currently uses additional ports.

    Anything other would be covered under NDA
    ~S_A
    Thanked by:
    webmeister (03-01-2013) 
  9. webmeister's Avatar
    CrackBerry Addict

    Posts
    589 Posts
    #9  

    Default

    Pretty much what I surmised in my first post. The value-added being that the BES10 server acts as a broker/proxy to the Exchange Server using ActiveSync. The BB10 device reaches across the carrier's network using an encryption to the BES10 server. The encryption keys are negotiated (and reside) at the end points (BB10 device and the BES10 server) and the BBRY NOC acts as a tunnel broker. Cool. The screenshot below is on my Cisco firewall, behind which reside both my BESx 5.04 server and my BES10 server. Note that there are two connections on port 3101 from the respective BES servers to the BBRY NOC.
    BES 10 info-bes_conns.jpg
    chronic BlackBerry addict and abuser
  10. VariisNetworks's Avatar
    CrackBerry User

    Posts
    15 Posts
    #10  

    Default

    Ah, I think people are confusing BDS and UDS. As Sith said, "UDS currently uses additional ports." - appears UDS may be a pass through while BlackBerry BDS data still flows encrypted from BES through RIM infrastructure to the device?
    I am a Mobile Device Management consultant, focusing primarily on BlackBerry Enterprise Server with Exchange & Lotus Domino e-mail.
  11. Sith_Apprentice's Avatar

    Posts
    9,738 Posts
    Global Posts
    9,740 Global Posts
    PIN
    Changes way too often
    #11  

    Default

    Quote Originally Posted by VariisNetworks View Post
    Ah, I think people are confusing BDS and UDS. As Sith said, "UDS currently uses additional ports." - appears UDS may be a pass through while BlackBerry BDS data still flows encrypted from BES through RIM infrastructure to the device?
    Wait for it

    Posted via CB10
    ~S_A
  12. webmeister's Avatar
    CrackBerry Addict

    Posts
    589 Posts
    #12  

    Default

    Quote Originally Posted by Sith_Apprentice View Post
    Wait for it

    Posted via CB10
    It's not like this information is a secret. KB31309-List of ports that are used by the BlackBerry Universal Device Service
    chronic BlackBerry addict and abuser
  13. Sith_Apprentice's Avatar

    Posts
    9,738 Posts
    Global Posts
    9,740 Global Posts
    PIN
    Changes way too often
    #13  

    Default

    Quote Originally Posted by webmeister View Post
    Wait for it to change.

    Posted via CB10
    ~S_A
  14. kill_9's Avatar
    Banned

    Posts
    5,168 Posts
    Global Posts
    5,169 Global Posts
    #14  

    Default

    Quote Originally Posted by webmeister View Post
    Interesting. Do you have a link please?
    I'm trying to break this down. So BES10 communicates via ActiveSync to the Microsoft Exchange server to retrieve email and sync PIM data, etc., and then relays this info through the BBRY NOC on port 3101? I'm with you so far, but what does the BlackBerry phone use? ActiveSync to the BBRY servers or is this, too, using a proprietary protocol? Or, put another way, what is "(?)" in the path below?

    Exchange <----ActiveSync----->BES 10<------port 3101------->BBRY NOC <----(?)--->BlackBerry
    With the exception of Microsoft Exchange Active Sync instead of MAPI the BlackBerry Enterprise Server has always been the intermediary between Microsoft Exchange Server and have BlackBerry smartphones. The only situation where Microsoft Exchange Server and BlackBerry Z10 communicate directly is in the absence of a BlackBerry Enterprise Service 10 server.

    Posted via CB10 on the BlackBerry Z10
  15. smoothrunnings's Avatar
    CrackBerry Master

    Posts
    1,357 Posts
    Global Posts
    1,358 Global Posts
    Thread AuthorThread Author   #15  

    Default

    Quote Originally Posted by Sith_Apprentice View Post
    Currently:
    Exchange <->ActiveSync <-> BES10 BDS <-> 3101 <-> Firewall <-> NOC <->Wireless Network <->BB10 Device

    UDS currently uses additional ports.

    Anything other would be covered under NDA
    BES10 doesn't work that way. It doesn't talk to Microsoft Exchange on any level on your LAN. If you read the installation notes carefully BES10 runs on an AD user that only has domain user privilages. Unlike BES Admin which required more in order to talk to Exchange. Thus simply doesn't talk to Exchange. All packets are also encapsulated in AES/3DES 256bit, even the packes coming from ActiveSync which are generally only 128bit.
    Last edited by smoothrunnings; 03-06-2013 at 06:41 AM.
  16. heinci's Avatar
    CrackBerry User

    Posts
    16 Posts
    #16  

    Default

    Quote Originally Posted by smoothrunnings View Post
    BES10 doesn't work that way. It doesn't talk to Microsoft Exchange on any level on your LAN. If you read the installation notes carefully BES10 runs on an AD user that only has domain user privilages. Unlike BES Admin which required more in order to talk to Exchange. Thus simply doesn't talk to Exchange. All packets are also encapsulated in AES/3DES 256bit, even the packes coming from ActiveSync which are generally only 128bit.
    BDS talks directly to Exchange server via ActiveSync protocol internally, but for UDS Exchange ActiveSync has to be opened from Internet.

    Posted via CB10
  17. smoothrunnings's Avatar
    CrackBerry Master

    Posts
    1,357 Posts
    Global Posts
    1,358 Global Posts
    Thread AuthorThread Author   #17  

    Default

    Quote Originally Posted by heinci View Post
    BDS talks directly to Exchange server via ActiveSync protocol internally, but for UDS Exchange ActiveSync has to be opened from Internet.

    Posted via CB10
    Not according BBRY's documentation, webinar's on how BES10 works, and from what the T-Support tech's who are trained on BES10 are saying.
  18. heinci's Avatar
    CrackBerry User

    Posts
    16 Posts
    #18  

    Default

    Quote Originally Posted by smoothrunnings View Post
    Not according BBRY's documentation, webinar's on how BES10 works, and from what the T-Support tech's who are trained on BES10 are saying.
    Please read the documentation carefully.
    BES 10 includes two major components, BDS for managing PlayBook and BB10 devices, and UDS for managing iOS and Android devices.
    According to BlackBerry's documentation BDS communicates to Exchange CAS server internally. Anyway I am writing this message from a Z10 activated against BDS which was installed by me.
    Our Exchange server is not open from Internet, and I created the mail profile on BDS server using the Exchange server internal hostname. This is how it works.

    Exchange ActiveSync has to be opened from Internet only for the UDS server for iOS and Android management. This is 100%.

    Please do not write any other false information here.

    Posted via CB10
    Last edited by heinci; 03-07-2013 at 11:39 PM.
  19. Sith_Apprentice's Avatar

    Posts
    9,738 Posts
    Global Posts
    9,740 Global Posts
    PIN
    Changes way too often
    #19  

    Default

    BES10 most definitely talks to Exchange. How else would it pull your mail profile information? It talks to the servers on the LAN only, and your devices do not reach back and directly talk to Exchange (otherwise there would be no additional security?). UDS reaches directly back over port 443 to your Exchange server and to BES 10 (over 443). BDS is ALWAYS through BES to Exchange.
    Attached Thumbnails Attached Thumbnails BES 10 info-image6_1.jpg  
    ~S_A
  20. Sith_Apprentice's Avatar

    Posts
    9,738 Posts
    Global Posts
    9,740 Global Posts
    PIN
    Changes way too often
    #20  

    Default

    Also page 20-21 of the Installation and Configuration guide state:

    Quote Originally Posted by "BB Documentation
    Software requirements: Email app, Calendar app, and Contacts app

    To allow users to use the Email app, Calendar app, and Contacts app to connect to your organization's messaging server, you can enable Microsoft ActiveSync for any of the following messaging servers that support Microsoft ActiveSync.


    Microsoft Exchange

    For Microsoft Exchange, any of the following messaging servers:

    • Microsoft Exchange Server 2003

    • Microsoft Exchange Server 2007 (Microsoft ActiveSync enabled by default)

    • Microsoft Exchange Server 2010 (Microsoft ActiveSync enabled by default)

    For more information, visit technet.microsoft.com to read Managing an
    Exchange ActiveSync Server.





    IBM Lotus Domino

    For Lotus Domino, any messaging server that supports IBM Lotus Notes
    Traveler.

    For more information, visit www.ibm.com/support to read about IBM Lotus
    Notes Traveler.

    ~S_A
  21. smoothrunnings's Avatar
    CrackBerry Master

    Posts
    1,357 Posts
    Global Posts
    1,358 Global Posts
    Thread AuthorThread Author   #21  

    Default

    Ah okay thanks for the clarification.

Similar Threads

  1. BES 10 in the enterprise -- news articles
    By VerryBestr in forum News & Rumors
    Replies: 0
    Last Post: 10-10-2012, 06:20 PM
  2. BES 10 announced [Official]
    By Tenkawa in forum News & Rumors
    Replies: 3
    Last Post: 09-01-2012, 05:43 AM
  3. RIM making BES 10 to support all devices.
    By rolltide78 in forum General BlackBerry Discussion
    Replies: 2
    Last Post: 08-22-2012, 03:09 PM
  4. Will there ever be user info and PM ability on WAP site?
    By Pi Guy 3.14 in forum Site News, Feedback, Help
    Replies: 0
    Last Post: 06-25-2010, 09:55 AM
  5. Exporting BES User info to a contact list
    By BaRTiMuS in forum BlackBerry Administrators
    Replies: 0
    Last Post: 03-13-2009, 08:56 AM

Posting Permissions