- 04-27-09 10:32 AMLike 0
- Reed McLayRetired ModeratorIt is simple, if you are paying the bill, you have BIS.
If your employeer is paying the bills, they have BES.04-27-09 10:38 AMLike 0 - GarzRetired Mod
If your on BES, then BES will take control. It could stop you from entering certain sites if your company BES blocks.
Thats not always the case. I was on BES and I paid my own bill. It was a tax write off. Once my company BES got too strict, I changed to BIS and wiped my IT policy off.04-27-09 11:20 AMLike 0 - I am also looking for an answer to this question, the BB is my personal device, but also have BES so I can sync to my corporate email/calendar.
Can I change which server the browser is using when I go surf because I don't want to be blocked by my company's firewall. Do I need more than 1 browser app to do this, or is it something I can just change manually every time?05-15-09 03:29 PMLike 0 - If your on a BES, everything you do goes through that. Texts, email, surfing etc. There is no way around it, they can see everything you do. There's a Big Brother BES thread you should search, it has everything you Never wanted to know about bes. Be careful if your doing things against your IT policies
Posted from my CrackBerry at wapforums.crackberry.com05-15-09 05:18 PMLike 0 - If your on a BES, everything you do goes through that. Texts, email, surfing etc. There is no way around it, they can see everything you do. There's a Big Brother BES thread you should search, it has everything you Never wanted to know about bes. Be careful if your doing things against your IT policies
Source: BlackBerry Enterprise Server (BES) - What Is It? | CrackBerry.com
Read down to "Hi Craig, I have a question."
For those too lazy to link: here's the question and the answer.
Hi Craig:
I have a question. How do BIS and BES interact, if at all? Here's the reason for my question.
I have a personally owned BB (Curve 8330) that was added to my employer's BES (a government agency). Other than forcing a "device lock" - there appear to be no IT policies/restrictions. I can use all of the features on my Sprint account (Sprint TV, navigation, personal email, pin to pin, etc.).
Recently, I upgrade the OS on my Curve to 4.5. My personal BIS email (two gmail accounts) was not bothered by the upgrade (meaning: I continued to get personal emails after the upgrade).
But, my work/BES email stopped *until* I had my device re-activated on the BES.
From this, I infer that my personal email doesn't pass through the BES. Is that more or less correct?
BIS vs BES
By: Craig Johnston | Date: Mon, 02/16/2009 - 10:11 |
* reply
Yes you are correct.
Your BlackBerry can be on BIS and BES at the same time. The path that your personal email takes to get from your in box to your BlackBerry is via BIS, but the data path could be any number of ways including via the BES MDS.
In your case, it sounds like your personal email was arriving from BIS via the carrier network and not your BES.05-16-09 08:48 AMLike 0 - I'm not on my cpu so I can't verify but... I read where the IT dept that your BES is through can see everything you do due to the fact it is running through their server. I'm sorry if I gave incorrect info, but that's what I read and also told by an IT employee. I didn't mean that all emails go through one place, just the fact that someone can see what your doing.
Posted from my CrackBerry at wapforums.crackberry.com05-16-09 11:07 AMLike 0 - But the BES Admin *can* force everything through BES, even BIS mail, as the thread itself points out. I imagine few BES administrators want to review every text message, BBM, GPS long/lat location, and email,but in point of fact they can if they so choose.
Posted from my CrackBerry at wapforums.crackberry.com05-16-09 11:14 AMLike 0 - That's what I was trying to convey. Our IT dept told me he could see everything we do if he so chooses, I wasn't sure if that was fact, but made a lot of sense. None the less, it is still best not to do things on your BB that you don't want someone else to see.
Posted from my CrackBerry at wapforums.crackberry.com05-16-09 11:44 AMLike 0 - This isn't news that makes me very happy. I pay for my phone and my plan, so I should be able to use BES just for work and BIS for all my personal stuff, similar to how I can remotely connect to my work from home on my personal computer, my computer at home is not restricted, only the remote connection when I use it.
It's ridiculous to not be able to use a browser through the BIS servers just because I also have BES.
/sigh05-18-09 11:00 AMLike 0 - The BES is a proxy between your BB and the internet.
The BES can control all aspects of a Blackberry, including email flow, SMS, Pin Messaging flow, browsing history, agps coordinates.. A BES can force all data through itself. The MDS creates an encrypted VPN tunnel between your BB and the BES. Once you are on the BES, your Blackberry is behind your corporate firewall.05-18-09 11:29 AMLike 0 - This isn't news that makes me very happy. I pay for my phone and my plan, so I should be able to use BES just for work and BIS for all my personal stuff, similar to how I can remotely connect to my work from home on my personal computer, my computer at home is not restricted, only the remote connection when I use it.
It's ridiculous to not be able to use a browser through the BIS servers just because I also have BES.
/sigh
So I just have a spare usb cord and DM on my office.05-18-09 12:03 PMLike 0 - If you pay for your phone and your plan it is better to have in BIS since you have better control of your BB. I am on BIS and my company have a BES server. But I could not be bothered, to me the only benefit that I will get if i was on the BES server is that I can update my calander over the air.
So I just have a spare usb cord and DM on my office.
BIS devices cannot be remotely managed.. so if you lose your device, whoever finds it now has your emails, contacts..etc.
They also have your company attachments in those emails. This is why BIS needs to be closed down from a company standpoint. Block the IP's, and block the BIS connections IMO.05-18-09 12:48 PMLike 0 - BIS devices cannot be remotely managed.. so if you lose your device, whoever finds it now has your emails, contacts..etc.
On the other hand, a less draconian way is to require that the device user utilize the "security timeout" function - where the device becomes "locked" after a certain amount of time (which can be as short as 1 minute).
If the BB device is locked, then the information is unavailable until the proper password is put in.
You can set the device so that you only get as few as 3 tries to put the correct password in (the maximum is 10). After the maximum number wrong is exceeded, then the BB wipes itself clean.
It strikes me that IT people "overthink" or "over worry" the whole - they have your contacts and emails thing.
For the most part (and there are exceptions) what's on most people's BBs is NOT all that interesting or valuable to the world at large or is available on the internet through other means.
Put simply, forcing everything through BES for privately owned and paid for BBs is an overreaction. Like using the elephant gun to shoot the mouse.
Presumably there's some benefit to the company/agency/organization to letting people (1) buy their own BBs; (2) pay for their own service plan (including BES service and CALs); and letting them have some access to BES service. It saves the company money, and - frequently - makes the employee more productive (push email, for example).
By being too restrictive on private (i.e., non-corporate) BB owners, are foregoing an opportunity for a win-win situation with an employee. The employee is picking up the cost of the technology AND improving his work environment (better communications, more efficient, whatever).
But - as witnessed by this thread - employees will resist (or be told to just forget about) this "benefit" because of the overbearing nature of a few IT Department heads.
Like it or not, the US is still a culture that values individual liberty. There's a GREAT resistance to Big Brother of all kinds - including work place Big Brotherism. If a person wants to stream Youtube on his personal BB or Pandora on his/her own time, why not let him/her??05-18-09 01:56 PMLike 0 - If they are on a BES, that is because that youtube stream, or pandora stream, is coming from data routing through the BES.
If your company doesn't pay for unlimited BW in the DC, like MOST companies, they pay for what they use.. imagine having 2000 BB's all capable of leeching internet and the company floating the costs for that. You don't think it's much BW used? In 45 days, my BES1 has 169 gigs of data received, and 122 gigs sent. That's just 1 BES, and that one only has 122 users on it. BES2's been up 81 days and has 509 gigs received, and 141 gigs sent. That's all money coming out of this companies pockets.
I'll give you an example of why BIS is a nono in my company.
My company is a marketing company.. We have Client A who does some business with us and they do business with our competitor. Well, my company and the other company meets up at conferences, meetings, or whatever that are hosted at Client A locations.
you now have a situation where my company's BB could end up in the hands of the competing company.
You may think it's not very valuable.. but the competing companies might. They'd love to get their hands on what our clients are paying us, or any other confidential information that *COULD* be in an emailed attachment.
IMO, BIS should be kept to personal email.. having it sync to an exchange box is just a disaster/lawsuit looking to happen.
And incase you don't know, there are license fee's for having a Blackberry on a BES. There's a $99 dollar CAL per Blackberry. If my company pays that, we reserve the right to determine who goes on or off the BES..Last edited by sniffs; 05-18-09 at 02:43 PM.
05-18-09 02:40 PMLike 0 - My company is a marketing company.. We have Client A who does some business with us and they do business with our competitor. Well, my company and the other company meets up at conferences, meetings, or whatever that are hosted at Client A locations.
you now have a situation where my company's BB could end up in the hands of the competing company.
It strikes me that the "protection" for that scenario is (as suggested earlier) using the BB's "security timeout" function.05-18-09 05:44 PMLike 0 - With BIS, there's absolutly 0 protection other than what's on the device and what's with the carriers. This basically means if you have no password, you're screwed. If your device is lost, the carrier can suspend the service.. that's it.
Now, introduce a BES and the device can be remotely locked, it can be remotely disabled, it can be remotely wiped.
I can force a password, I can set it so that every single time the screen turns on it asks for a PW, regardless if you set one or not. I can set it so that at #% battery life it auto wipes, I can set it so that it disables the phone from making calls, or email is disabled. I can do whatever needs to be done to prevent snooping eyes. This cannot be done with BIS or by the carrier. Steal the device and go outside and I will capture it's GPS coordinates..
I'm a phone call away and always have my session to the Blackberry manager available. In office and out of office.
I can be driving down the road and do all that needs to be done. =)Last edited by sniffs; 05-18-09 at 05:57 PM.
05-18-09 05:53 PMLike 0 - With BIS, there's absolutly 0 protection other than what's on the device and what's with the carriers. This basically means if you have no password, you're screwed. If your device is lost, the carrier can suspend the service.. that's it.
Now, introduce a BES and the device can be remotely locked, it can be remotely disabled, it can be remotely wiped.
I can force a password, I can set it so that every single time the screen turns on it asks for a PW, regardless if you set one or not. I can set it so that at #% battery life it auto wipes, I can set it so that it disables the phone from making calls, or email is disabled. I can do whatever needs to be done to prevent snooping eyes. This cannot be done with BIS or by the carrier. Steal the device and go outside and I will capture it's GPS coordinates..
I'm a phone call away and always have my session to the Blackberry manager available. In office and out of office.
I can be driving down the road and do all that needs to be done. =)
If a BB device is on BOTH BES and BIS -at the same time - I believe that's all possible too.
I know for sure you can force "security timeout" and password protect the device. I know this because I'm on BOTH BES and BIS and the "security timeout" is forced on my (personally owned) device.
What's at issue here is IT policies disabling BIS functionality and *forcing* the private BB owner, who is paying his own bill, to go through BES only. A situation which, by the way, makes the bandwith issue, a self-fulfilling problem.05-18-09 06:05 PMLike 0 - I'm on BES and wouldn't have it any other way! Of course our IT department has a very open approach and I might feel differently if I had a highly-locked-down BlackBerry. I don't care if it's a company-issued phone (like mine) or a personal device that you want to put on your company's BES, the company has the absolute right to govern the use of that asset in whatever way it deems fit. That's why BlackBerry rules the corporate world. Someone who can't put up with that has many other options. Knock yourself out :-)
Posted from my CrackBerry at wapforums.crackberry.com05-19-09 07:46 AMLike 0 - It strikes me that IT people "overthink" or "over worry" the whole - they have your contacts and emails thing.
But - as witnessed by this thread - employees will resist (or be told to just forget about) this "benefit" because of the overbearing nature of a few IT Department heads.05-19-09 08:48 AMLike 0 - Yes and ????
If a BB device is on BOTH BES and BIS -at the same time - I believe that's all possible too.
I know for sure you can force "security timeout" and password protect the device. I know this because I'm on BOTH BES and BIS and the "security timeout" is forced on my (personally owned) device.
What's at issue here is IT policies disabling BIS functionality and *forcing* the private BB owner, who is paying his own bill, to go through BES only. A situation which, by the way, makes the bandwith issue, a self-fulfilling problem.
If you feel you have a viable "need" for work email, than your WORK needs to float the bill for a device for you. If you want to put your personal device onto a corporate network, then you will be subject to any lockdowns or anything else.
I'm here to protect the data, as are our security admins who push out the group policy.. as is the exchange admin who manages the mailboxes, as are our active directory admins to lock down an account once someone's terminated.
It's all for security baby.
EDIT: You may be paying for data from your plan.. but streaming pandora/slacker, or youtube or anything else while on a BES, the company is also paying.. so most companies will websense that stuff. Do it on your own time, or remove yourself from the BES if you have a need for it.05-19-09 09:56 AMLike 0
LINK TO POST COPIED TO CLIPBOARD