05-19-09 08:43 PM
29 12
tools
  1. neanea's Avatar
    hi,

    how can I check if I am connected via BES or BIS when browsing the internet?
    04-27-09 10:29 AM
  2. jackie treehorn's Avatar
    go to manage connections and select service status. Is this a work issued device or personal
    04-27-09 10:32 AM
  3. Reed McLay's Avatar
    It is simple, if you are paying the bill, you have BIS.

    If your employeer is paying the bills, they have BES.
    04-27-09 10:38 AM
  4. neanea's Avatar
    i have both BES and BIS service. How can I ensure that I use BIS for surfing?
    04-27-09 11:04 AM
  5. Garz's Avatar
    i have both BES and BIS service. How can I ensure that I use BIS for surfing?

    If your on BES, then BES will take control. It could stop you from entering certain sites if your company BES blocks.

    It is simple, if you are paying the bill, you have BIS.

    If your employeer is paying the bills, they have BES.

    Thats not always the case. I was on BES and I paid my own bill. It was a tax write off. Once my company BES got too strict, I changed to BIS and wiped my IT policy off.
    04-27-09 11:20 AM
  6. QueenofHe4rts's Avatar
    I am also looking for an answer to this question, the BB is my personal device, but also have BES so I can sync to my corporate email/calendar.

    Can I change which server the browser is using when I go surf because I don't want to be blocked by my company's firewall. Do I need more than 1 browser app to do this, or is it something I can just change manually every time?
    05-15-09 03:29 PM
  7. V1V1D's Avatar
    If your on a BES, everything you do goes through that. Texts, email, surfing etc. There is no way around it, they can see everything you do. There's a Big Brother BES thread you should search, it has everything you Never wanted to know about bes. Be careful if your doing things against your IT policies

    Posted from my CrackBerry at wapforums.crackberry.com
    05-15-09 05:18 PM
  8. neanea's Avatar
    BES sucks........
    05-16-09 07:14 AM
  9. bx2md's Avatar
    to it's just better to use your own berry without restrictions
    now if your employer leaves it open (having access to everything) then thats great but most of the time it is locked to so many things
    05-16-09 07:18 AM
  10. Curve63049's Avatar
    If your on a BES, everything you do goes through that. Texts, email, surfing etc. There is no way around it, they can see everything you do. There's a Big Brother BES thread you should search, it has everything you Never wanted to know about bes. Be careful if your doing things against your IT policies
    Sorry, but that's not correct.

    Source: BlackBerry Enterprise Server (BES) - What Is It? | CrackBerry.com

    Read down to "Hi Craig, I have a question."

    For those too lazy to link: here's the question and the answer.

    Hi Craig:

    I have a question. How do BIS and BES interact, if at all? Here's the reason for my question.

    I have a personally owned BB (Curve 8330) that was added to my employer's BES (a government agency). Other than forcing a "device lock" - there appear to be no IT policies/restrictions. I can use all of the features on my Sprint account (Sprint TV, navigation, personal email, pin to pin, etc.).

    Recently, I upgrade the OS on my Curve to 4.5. My personal BIS email (two gmail accounts) was not bothered by the upgrade (meaning: I continued to get personal emails after the upgrade).

    But, my work/BES email stopped *until* I had my device re-activated on the BES.

    From this, I infer that my personal email doesn't pass through the BES. Is that more or less correct?
    BIS vs BES
    By: Craig Johnston | Date: Mon, 02/16/2009 - 10:11 |

    * reply

    Yes you are correct.

    Your BlackBerry can be on BIS and BES at the same time. The path that your personal email takes to get from your in box to your BlackBerry is via BIS, but the data path could be any number of ways including via the BES MDS.

    In your case, it sounds like your personal email was arriving from BIS via the carrier network and not your BES.
    05-16-09 08:48 AM
  11. V1V1D's Avatar
    I'm not on my cpu so I can't verify but... I read where the IT dept that your BES is through can see everything you do due to the fact it is running through their server. I'm sorry if I gave incorrect info, but that's what I read and also told by an IT employee. I didn't mean that all emails go through one place, just the fact that someone can see what your doing.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-16-09 11:07 AM
  12. jbeachy's Avatar
    But the BES Admin *can* force everything through BES, even BIS mail, as the thread itself points out. I imagine few BES administrators want to review every text message, BBM, GPS long/lat location, and email,but in point of fact they can if they so choose.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-16-09 11:14 AM
  13. V1V1D's Avatar
    That's what I was trying to convey. Our IT dept told me he could see everything we do if he so chooses, I wasn't sure if that was fact, but made a lot of sense. None the less, it is still best not to do things on your BB that you don't want someone else to see.

    Posted from my CrackBerry at wapforums.crackberry.com
    05-16-09 11:44 AM
  14. QueenofHe4rts's Avatar
    This isn't news that makes me very happy. I pay for my phone and my plan, so I should be able to use BES just for work and BIS for all my personal stuff, similar to how I can remotely connect to my work from home on my personal computer, my computer at home is not restricted, only the remote connection when I use it.

    It's ridiculous to not be able to use a browser through the BIS servers just because I also have BES.

    /sigh
    05-18-09 11:00 AM
  15. sniffs's Avatar
    The BES is a proxy between your BB and the internet.

    The BES can control all aspects of a Blackberry, including email flow, SMS, Pin Messaging flow, browsing history, agps coordinates.. A BES can force all data through itself. The MDS creates an encrypted VPN tunnel between your BB and the BES. Once you are on the BES, your Blackberry is behind your corporate firewall.
    05-18-09 11:29 AM
  16. Ronindan's Avatar
    This isn't news that makes me very happy. I pay for my phone and my plan, so I should be able to use BES just for work and BIS for all my personal stuff, similar to how I can remotely connect to my work from home on my personal computer, my computer at home is not restricted, only the remote connection when I use it.

    It's ridiculous to not be able to use a browser through the BIS servers just because I also have BES.

    /sigh
    If you pay for your phone and your plan it is better to have in BIS since you have better control of your BB. I am on BIS and my company have a BES server. But I could not be bothered, to me the only benefit that I will get if i was on the BES server is that I can update my calander over the air.

    So I just have a spare usb cord and DM on my office.
    05-18-09 12:03 PM
  17. sniffs's Avatar
    If you pay for your phone and your plan it is better to have in BIS since you have better control of your BB. I am on BIS and my company have a BES server. But I could not be bothered, to me the only benefit that I will get if i was on the BES server is that I can update my calander over the air.

    So I just have a spare usb cord and DM on my office.
    It's people like you who risk company information for the sake of having some piece of mind to getting your company emails.

    BIS devices cannot be remotely managed.. so if you lose your device, whoever finds it now has your emails, contacts..etc.

    They also have your company attachments in those emails. This is why BIS needs to be closed down from a company standpoint. Block the IP's, and block the BIS connections IMO.
    05-18-09 12:48 PM
  18. Curve63049's Avatar
    BIS devices cannot be remotely managed.. so if you lose your device, whoever finds it now has your emails, contacts..etc.
    Well, that's one way of protecting that information.

    On the other hand, a less draconian way is to require that the device user utilize the "security timeout" function - where the device becomes "locked" after a certain amount of time (which can be as short as 1 minute).

    If the BB device is locked, then the information is unavailable until the proper password is put in.

    You can set the device so that you only get as few as 3 tries to put the correct password in (the maximum is 10). After the maximum number wrong is exceeded, then the BB wipes itself clean.

    It strikes me that IT people "overthink" or "over worry" the whole - they have your contacts and emails thing.

    For the most part (and there are exceptions) what's on most people's BBs is NOT all that interesting or valuable to the world at large or is available on the internet through other means.

    Put simply, forcing everything through BES for privately owned and paid for BBs is an overreaction. Like using the elephant gun to shoot the mouse.

    Presumably there's some benefit to the company/agency/organization to letting people (1) buy their own BBs; (2) pay for their own service plan (including BES service and CALs); and letting them have some access to BES service. It saves the company money, and - frequently - makes the employee more productive (push email, for example).

    By being too restrictive on private (i.e., non-corporate) BB owners, are foregoing an opportunity for a win-win situation with an employee. The employee is picking up the cost of the technology AND improving his work environment (better communications, more efficient, whatever).

    But - as witnessed by this thread - employees will resist (or be told to just forget about) this "benefit" because of the overbearing nature of a few IT Department heads.

    Like it or not, the US is still a culture that values individual liberty. There's a GREAT resistance to Big Brother of all kinds - including work place Big Brotherism. If a person wants to stream Youtube on his personal BB or Pandora on his/her own time, why not let him/her??
    05-18-09 01:56 PM
  19. sniffs's Avatar
    If they are on a BES, that is because that youtube stream, or pandora stream, is coming from data routing through the BES.

    If your company doesn't pay for unlimited BW in the DC, like MOST companies, they pay for what they use.. imagine having 2000 BB's all capable of leeching internet and the company floating the costs for that. You don't think it's much BW used? In 45 days, my BES1 has 169 gigs of data received, and 122 gigs sent. That's just 1 BES, and that one only has 122 users on it. BES2's been up 81 days and has 509 gigs received, and 141 gigs sent. That's all money coming out of this companies pockets.

    I'll give you an example of why BIS is a nono in my company.

    My company is a marketing company.. We have Client A who does some business with us and they do business with our competitor. Well, my company and the other company meets up at conferences, meetings, or whatever that are hosted at Client A locations.

    you now have a situation where my company's BB could end up in the hands of the competing company.

    You may think it's not very valuable.. but the competing companies might. They'd love to get their hands on what our clients are paying us, or any other confidential information that *COULD* be in an emailed attachment.

    IMO, BIS should be kept to personal email.. having it sync to an exchange box is just a disaster/lawsuit looking to happen.

    And incase you don't know, there are license fee's for having a Blackberry on a BES. There's a $99 dollar CAL per Blackberry. If my company pays that, we reserve the right to determine who goes on or off the BES..
    Last edited by sniffs; 05-18-09 at 02:43 PM.
    05-18-09 02:40 PM
  20. Curve63049's Avatar
    My company is a marketing company.. We have Client A who does some business with us and they do business with our competitor. Well, my company and the other company meets up at conferences, meetings, or whatever that are hosted at Client A locations.

    you now have a situation where my company's BB could end up in the hands of the competing company.
    If your BB ends up in "enemy hands," I fail to how BES protects the information. But, I'm willing to be educated and given a logical reason as to why it would be protected under BES, but not BIS.

    It strikes me that the "protection" for that scenario is (as suggested earlier) using the BB's "security timeout" function.
    05-18-09 05:44 PM
  21. sniffs's Avatar
    With BIS, there's absolutly 0 protection other than what's on the device and what's with the carriers. This basically means if you have no password, you're screwed. If your device is lost, the carrier can suspend the service.. that's it.

    Now, introduce a BES and the device can be remotely locked, it can be remotely disabled, it can be remotely wiped.

    I can force a password, I can set it so that every single time the screen turns on it asks for a PW, regardless if you set one or not. I can set it so that at #% battery life it auto wipes, I can set it so that it disables the phone from making calls, or email is disabled. I can do whatever needs to be done to prevent snooping eyes. This cannot be done with BIS or by the carrier. Steal the device and go outside and I will capture it's GPS coordinates..

    I'm a phone call away and always have my session to the Blackberry manager available. In office and out of office.

    I can be driving down the road and do all that needs to be done. =)
    Last edited by sniffs; 05-18-09 at 05:57 PM.
    05-18-09 05:53 PM
  22. Curve63049's Avatar
    With BIS, there's absolutly 0 protection other than what's on the device and what's with the carriers. This basically means if you have no password, you're screwed. If your device is lost, the carrier can suspend the service.. that's it.

    Now, introduce a BES and the device can be remotely locked, it can be remotely disabled, it can be remotely wiped.

    I can force a password, I can set it so that every single time the screen turns on it asks for a PW, regardless if you set one or not. I can set it so that at #% battery life it auto wipes, I can set it so that it disables the phone from making calls, or email is disabled. I can do whatever needs to be done to prevent snooping eyes. This cannot be done with BIS or by the carrier. Steal the device and go outside and I will capture it's GPS coordinates..

    I'm a phone call away and always have my session to the Blackberry manager available. In office and out of office.

    I can be driving down the road and do all that needs to be done. =)
    Yes and ????

    If a BB device is on BOTH BES and BIS -at the same time - I believe that's all possible too.

    I know for sure you can force "security timeout" and password protect the device. I know this because I'm on BOTH BES and BIS and the "security timeout" is forced on my (personally owned) device.

    What's at issue here is IT policies disabling BIS functionality and *forcing* the private BB owner, who is paying his own bill, to go through BES only. A situation which, by the way, makes the bandwith issue, a self-fulfilling problem.
    05-18-09 06:05 PM
  23. jbeachy's Avatar
    I'm on BES and wouldn't have it any other way! Of course our IT department has a very open approach and I might feel differently if I had a highly-locked-down BlackBerry. I don't care if it's a company-issued phone (like mine) or a personal device that you want to put on your company's BES, the company has the absolute right to govern the use of that asset in whatever way it deems fit. That's why BlackBerry rules the corporate world. Someone who can't put up with that has many other options. Knock yourself out :-)

    Posted from my CrackBerry at wapforums.crackberry.com
    05-19-09 07:46 AM
  24. CanuckBB's Avatar
    It strikes me that IT people "overthink" or "over worry" the whole - they have your contacts and emails thing.


    But - as witnessed by this thread - employees will resist (or be told to just forget about) this "benefit" because of the overbearing nature of a few IT Department heads.
    IT admins don't enforce lockdowns just for kicks. We are responsible for the security of the computing assets and data on the network. We will impose whatever restrictions we have been told to impose.
    05-19-09 08:48 AM
  25. sniffs's Avatar
    Yes and ????

    If a BB device is on BOTH BES and BIS -at the same time - I believe that's all possible too.

    I know for sure you can force "security timeout" and password protect the device. I know this because I'm on BOTH BES and BIS and the "security timeout" is forced on my (personally owned) device.

    What's at issue here is IT policies disabling BIS functionality and *forcing* the private BB owner, who is paying his own bill, to go through BES only. A situation which, by the way, makes the bandwith issue, a self-fulfilling problem.

    If you feel you have a viable "need" for work email, than your WORK needs to float the bill for a device for you. If you want to put your personal device onto a corporate network, then you will be subject to any lockdowns or anything else.

    I'm here to protect the data, as are our security admins who push out the group policy.. as is the exchange admin who manages the mailboxes, as are our active directory admins to lock down an account once someone's terminated.

    It's all for security baby.

    EDIT: You may be paying for data from your plan.. but streaming pandora/slacker, or youtube or anything else while on a BES, the company is also paying.. so most companies will websense that stuff. Do it on your own time, or remove yourself from the BES if you have a need for it.
    05-19-09 09:56 AM
29 12
LINK TO POST COPIED TO CLIPBOARD
";