Australia's DoD breaking Blackberry monopoly in 2014...
- Wouldn't it be more than 100% then?
Anyways, by a dumbphone you mean any other smartphone on the market such as droids or iphones, right?
Is my understanding correct that when NOC is down, you would still be able to operate personal email accounts, browse internet and connect to enterprise servers if VPN is installed from the personal side of the balance?
I hope VPN doesn't need BES or NOC, it should be direct communication like IMAP, POP3 protocols, no?
'['12-05-13 08:51 PMLike 0 - BlackBerry offers another significant benefit to companies: All traffic from BlackBerry devices goes encrypted to the BlackBerry NOCs (Network Operations Centers) from where it goes to a company's (or ISP's) BES. This arrangement also provides for emails, contacts, task entries, memopad entries and calendar entries to be pushed actively out to the user rather than to wait for the user's device to initiate a synch operation.
EDIT: From here: BlackBerry Can Set EMM Standard With BES 10 - InformationWeekBigBadWulf and Sith_Apprentice like this.12-05-13 09:29 PMLike 2 - Actually, it's the Brits who aren't using the correct spellings.
English came to America in the 16th and 17th Centuries, and was essentially identical to what was spoken in England. The reign of Louis XIV of France during the late 17th Century was hugely influential in Europe, and during the late 1680s, England was essentially governed by Louis XIV, with the British king being virtually appointed by him and in great debt to him. So powerful, successful, rich, and influential was Louis that all things French became extremely fashionable in England (London especially), and during this period, even the written language was altered to be "more French". This is where all of those extra letters come from.
Americans didn't take anything out; destitute England added them in, wanting to be more like the wealthy, powerful French of the day.
Squircle device powered by 10.2.1.105512-05-13 09:34 PMLike 0 - BlackBerry offers another significant benefit to companies: All traffic from BlackBerry devices goes encrypted to the BlackBerry NOCs (Network Operations Centers) from where it goes to a company's (or ISP's) BES. This arrangement also provides for emails, contacts, task entries, memopad entries and calendar entries to be pushed actively out to the user rather than to wait for the user's device to initiate a synch operation.
EDIT: From here: BlackBerry Can Set EMM Standard With BES 10 - InformationWeek
I'm still not clear on the issue that if NOC goes down then every BB device becomes unusable.
My impression is that BB10 'personal' traffic goes directly (wifi or cellular) while 'enterprise' traffic would go through something else (either NOC or VPN).
And it's also unclear on what type of extra security NOC provides.
Some day I used VPN at home from my desktop computer. In my mind the data was encrypted on my side and decrypted on the enterprise side.
Wouldn't BB10 with personal side only achieve the same level of protection by activating VPN in settings?
This is so complicated for me but I hope my Z10 won't let me down when NOC or something else goes down.12-05-13 09:54 PMLike 0 - If I understand how things work correctly, mist services (non BBID), would continue to function, up until you're required to sign in again. Typically that would be after OS upgrade, or any variety of phone failure.
Once you're BES though, I would defer to the expert, who really does know what he's talking about.
Edit - maybe the BL team could work on provisioning the OS, so it didn't require BBID sign in.12-05-13 11:09 PMLike 0 - Sith_ApprenticeMod Team EmeritusEven on VPN BES NEEDS NOC. That is why you MUST have those ports open and a valid Srp, valid licenses etc. You would get email but literally nothing else. No data browsing, no apps, no policies, no password resets, no MDM of any kind. And if you use SCEP you would lose your email too. Actually, the more I think about it, the more you need BES for email too. That is where your email profile is held so the device gets even that from BES, which requires NOC.
So even VPN and internal WiFi configurations very much need the NOC.
Posted via CB1012-06-13 04:57 AMLike 0 - Even on VPN BES NEEDS NOC. That is why you MUST have those ports open and a valid Srp, valid licenses etc. You would get email but literally nothing else. No data browsing, no apps, no policies, no password resets, no MDM of any kind. And if you use SCEP you would lose your email too. Actually, the more I think about it, the more you need BES for email too. That is where your email profile is held so the device gets even that from BES, which requires NOC.
So even VPN and internal WiFi configurations very much need the NOC.
Posted via CB1012-06-13 05:43 AMLike 0 - On page 16 about activating a device. Here is the quote.
Note This data path is used only if communication over the BlackBerry Infrastructure is not allowed. In this scenario, the device requires a direct connection to the organization using a work Wi-Fi or VPN connection.
On page 18 again here is the documentation about email.
When users send and receive email and organizer data on a BlackBerry device, there are two communication paths that
can be used:
•Connectivity through the BlackBerry Infrastructure to the mail server that is running Microsoft ActiveSync to provide security for devices that are not connected to the organization's internal network or do not have a VPN connection
•Direct connection from the device to the mail server that is running Microsoft ActiveSync, through the VPN or over the work Wi-Fi network
Now iOS and Android devices require the NOC for activation and most functions, but BB10 devices don't.12-06-13 05:56 AMLike 0 - Sith_ApprenticeMod Team EmeritusOn page 16 about activating a device. Here is the quote.
This means that a device can be activated without the NOC.
On page 18 again here is the documentation about email.
No where in the documentation does it state where VPN or WiFi requires the NOC for email, activation, app distribution or policy push. If you don't agree with the documentation, don't come to me, talk to Blackberry. I am only reading the documentation that Blackberry has provided for BES 10.2. If you don't agree with the docs (they are pretty clear on how it works), I'm not to blame.
The BES requires the NOC, period. Without access to the NOC it will fail. Perhaps they need to be more clear in the documents, but I can tell you it certainly needs the NOC.
Posted via CB1012-06-13 06:00 AMLike 0 - Sith_ApprenticeMod Team EmeritusJust for example
Service Name: BlackBerry Infrastructure
Start Date/Time: 16-Nov-2013 03:38:00 GMT
Duration: Ongoing
Region of Impact: EMEA
State of Service: Degraded
% of Subscribers Affected (estimated): 10
Service Impact: BlackBerry OS 10: Impacted users will be unable to use BES email and BBM.
Posted via CB1012-06-13 06:03 AMLike 0 - You are missing that the BES Needs the NOC for all that. It also specifically states you need the ports open to the infrastructure for even internal WiFi. The documentation has always been rubbish (heck it doesn't even show in the diagrams that you need the infrastructure for the BES itself)
The BES requires the NOC, period. Without access to the NOC it will fail. Perhaps they need to be more clear in the documents, but I can tell you it certainly needs the NOC.
Posted via CB10
Note This data path is used only if communication over the BlackBerry Infrastructure is not allowed. In this scenario, the device requires a direct connection to the organization using a work Wi-Fi or VPN connection.12-06-13 06:10 AMLike 0 - Actually, it's the Brits who aren't using the correct spellings.
English came to America in the 16th and 17th Centuries, and was essentially identical to what was spoken in England. The reign of Louis XIV of France during the late 17th Century was hugely influential in Europe, and during the late 1680s, England was essentially governed by Louis XIV, with the British king being virtually appointed by him and in great debt to him. So powerful, successful, rich, and influential was Louis that all things French became extremely fashionable in England (London especially), and during this period, even the written language was altered to be "more French". This is where all of those extra letters come from.
Americans didn't take anything out; destitute England added them in, wanting to be more like the wealthy, powerful French of the day.
So since England was essentially governed by Louis XIV by the late 1680's The Glorious Revolution never happened and everyone wore berets....
Feel It, Swipe It, Love It. BlackBerry Z1012-06-13 06:13 AMLike 0 - Just for example
Service Name: BlackBerry Infrastructure
Start Date/Time: 16-Nov-2013 03:38:00 GMT
Duration: Ongoing
Region of Impact: EMEA
State of Service: Degraded
% of Subscribers Affected (estimated): 10
Service Impact: BlackBerry OS 10: Impacted users will be unable to use BES email and BBM.
Posted via CB10
BES email is dependent on how the are connecting. Does it state that if you connect via WiFi or VPN that BES email won't work? No. You are making assumptions.
Just do like I did and setup a test environment of a 10.2 server and block 3101 traffic after you have setup the server and running with NOC, then see what you lose. I think it will surprise you.
Just follow the documentation.12-06-13 06:14 AMLike 0 - Sith_ApprenticeMod Team EmeritusBBM is a NOC service and will not work without it.
BES email is dependent on how the are connecting. Does it state that if you connect via WiFi or VPN that BES email won't work? No. You are making assumptions.
Just do like I did and setup a test environment of a 10.2 server and block 3101 traffic after you have setup the server and running with NOC, then see what you lose. I think it will surprise you.
Just follow the documentation.
Page 13-15 of the Security Technical Overview..
How the BlackBerry Device Service and the BlackBerry Infrastructure authenticate with each other
The BlackBerry Infrastructure and BlackBerry Device Service must authenticate with each other before they can transfer data. The BlackBerry Device Service uses SRP to authenticate with and connect to the BlackBerry Infrastructure.
SRP is a point-to-point protocol that runs over TCP/IP. The BlackBerry Device Service uses SRP to contact the BlackBerry Infrastructure and open a connection. When the BlackBerry Device Service and BlackBerry Infrastructure open a connection, they can perform the following actions:
1.Authenticate with each other
2.Exchange configuration information
3.Send and receive data
The BlackBerry Device Service and BlackBerry Infrastructure use the SRP authentication key when they authenticate with each other. The SRP authentication key is a 20-byte encryption key that the BlackBerry Device Service and BlackBerry Infrastructure share.What happens when the BlackBerry Device Service and the BlackBerry Infrastructure open an initial connection
After the BlackBerry Device Service and the BlackBerry Infrastructure open an initial connection over the Internet, the BlackBerry Device Service sends a basic information packet to the BlackBerry Infrastructure immediately. A basic information packet includes the BlackBerry Device Service version information, SRP identifiers, and other information that is required to open an SRP connection. Both the BlackBerry Device Service and BlackBerry Infrastructure can recognize the basic information packet. The BlackBerry Device Service and BlackBerry Infrastructure can use the basic information packet to configure the parameters of the SRP implementation.
Data flow: Authenticating the BlackBerry Device Service with the BlackBerry Infrastructure
1.The BlackBerry Device Service sends a data packet that contains its unique SRP identifier to the BlackBerry Infrastructure to claim the SRP identifier.
2.The BlackBerry Infrastructure sends a random challenge string to the BlackBerry Device Service.
3.The BlackBerry Device Service sends a challenge string to the BlackBerry Infrastructure.
4.The BlackBerry Infrastructure hashes the challenge string it received from the BlackBerry Device Service with the SRP authentication key using HMAC with the SHA-1 algorithm. The BlackBerry Infrastructure sends the resulting 20-byte value to the BlackBerry Device Service as a challenge response.
5.The BlackBerry Device Service hashes the challenge string it received from the BlackBerry Infrastructure with the SRP authentication key, and sends the result as a challenge response to the BlackBerry Infrastructure.
6.The BlackBerry Infrastructure performs one of the following actions:
•Accepts the challenge response and sends a confirmation to the BlackBerry Device Service to complete the authentication process and configure an authenticated SRP connection
•Rejects the challenge response
If the BlackBerry Infrastructure rejects the challenge response, the authentication process is not successful. The BlackBerry Infrastructure and BlackBerry Device Service close the SRP connection.
If the BlackBerry Device Service uses the same SRP authentication key and SRP identifier to connect to (and then disconnect from) the BlackBerry Infrastructure five times in one minute, the BlackBerry Infrastructure deactivates the SRP identifier to help prevent an attacker from using the SRP identifier to create conditions for a DoS attack.
How the BlackBerry Device Service protects a TCP/IP connection to the BlackBerry Infrastructure
After the BlackBerry Device Service and the BlackBerry Infrastructure open an SRP connection, the BlackBerry Device Service uses a persistent TCP/IP connection to send data to the BlackBerry Infrastructure.
The TCP/IP connection between the BlackBerry Device Service and BlackBerry Infrastructure is secure because the BlackBerry Device Service and device encrypt the data that they send to each other. No intermediate point decrypts and encrypts the data again.
After the activation process begins, no data traffic of any kind can occur between the BlackBerry Device Service and an activated device unless the BlackBerry Device Service can decrypt the data using a valid device transport key. Only the BlackBerry Device Service and the device have the correct device transport key.
You must configure your organization’s firewall or proxy server to permit the BlackBerry Device Service to start and maintain an outgoing connection to the BlackBerry Infrastructure over TCP port 3101.
You seem to be missing the forest for the trees here. Yes, devices can connect directly to BDS without the use of the NOC. However, the BES MUST maintain connection to the BlackBerry Infrastructure in order to function properly (and in many cases at all).12-06-13 07:30 AMLike 0 - Ok, lets try this again...
Page 13-15 of the Security Technical Overview..
How the BlackBerry Device Service and the BlackBerry Infrastructure authenticate with each other
The BlackBerry Infrastructure and BlackBerry Device Service must authenticate with each other before they can transfer data. The BlackBerry Device Service uses SRP to authenticate with and connect to the BlackBerry Infrastructure.
SRP is a point-to-point protocol that runs over TCP/IP. The BlackBerry Device Service uses SRP to contact the BlackBerry Infrastructure and open a connection. When the BlackBerry Device Service and BlackBerry Infrastructure open a connection, they can perform the following actions:
1.Authenticate with each other
2.Exchange configuration information
3.Send and receive data
The BlackBerry Device Service and BlackBerry Infrastructure use the SRP authentication key when they authenticate with each other. The SRP authentication key is a 20-byte encryption key that the BlackBerry Device Service and BlackBerry Infrastructure share.What happens when the BlackBerry Device Service and the BlackBerry Infrastructure open an initial connection
After the BlackBerry Device Service and the BlackBerry Infrastructure open an initial connection over the Internet, the BlackBerry Device Service sends a basic information packet to the BlackBerry Infrastructure immediately. A basic information packet includes the BlackBerry Device Service version information, SRP identifiers, and other information that is required to open an SRP connection. Both the BlackBerry Device Service and BlackBerry Infrastructure can recognize the basic information packet. The BlackBerry Device Service and BlackBerry Infrastructure can use the basic information packet to configure the parameters of the SRP implementation.
Data flow: Authenticating the BlackBerry Device Service with the BlackBerry Infrastructure
1.The BlackBerry Device Service sends a data packet that contains its unique SRP identifier to the BlackBerry Infrastructure to claim the SRP identifier.
2.The BlackBerry Infrastructure sends a random challenge string to the BlackBerry Device Service.
3.The BlackBerry Device Service sends a challenge string to the BlackBerry Infrastructure.
4.The BlackBerry Infrastructure hashes the challenge string it received from the BlackBerry Device Service with the SRP authentication key using HMAC with the SHA-1 algorithm. The BlackBerry Infrastructure sends the resulting 20-byte value to the BlackBerry Device Service as a challenge response.
5.The BlackBerry Device Service hashes the challenge string it received from the BlackBerry Infrastructure with the SRP authentication key, and sends the result as a challenge response to the BlackBerry Infrastructure.
6.The BlackBerry Infrastructure performs one of the following actions:
•Accepts the challenge response and sends a confirmation to the BlackBerry Device Service to complete the authentication process and configure an authenticated SRP connection
•Rejects the challenge response
If the BlackBerry Infrastructure rejects the challenge response, the authentication process is not successful. The BlackBerry Infrastructure and BlackBerry Device Service close the SRP connection.
If the BlackBerry Device Service uses the same SRP authentication key and SRP identifier to connect to (and then disconnect from) the BlackBerry Infrastructure five times in one minute, the BlackBerry Infrastructure deactivates the SRP identifier to help prevent an attacker from using the SRP identifier to create conditions for a DoS attack.
How the BlackBerry Device Service protects a TCP/IP connection to the BlackBerry Infrastructure
After the BlackBerry Device Service and the BlackBerry Infrastructure open an SRP connection, the BlackBerry Device Service uses a persistent TCP/IP connection to send data to the BlackBerry Infrastructure.
The TCP/IP connection between the BlackBerry Device Service and BlackBerry Infrastructure is secure because the BlackBerry Device Service and device encrypt the data that they send to each other. No intermediate point decrypts and encrypts the data again.
After the activation process begins, no data traffic of any kind can occur between the BlackBerry Device Service and an activated device unless the BlackBerry Device Service can decrypt the data using a valid device transport key. Only the BlackBerry Device Service and the device have the correct device transport key.
You must configure your organization’s firewall or proxy server to permit the BlackBerry Device Service to start and maintain an outgoing connection to the BlackBerry Infrastructure over TCP port 3101.
You seem to be missing the forest for the trees here. Yes, devices can connect directly to BDS without the use of the NOC. However, the BES MUST maintain connection to the BlackBerry Infrastructure in order to function properly (and in many cases at all).
You also seem to be focused on BDS. You do know that BDS doesn't handle email transport.12-06-13 08:11 AMLike 0 - Sith_ApprenticeMod Team EmeritusI take it you will be telling Blackberry that they are wrong with the data flow documentation. I guess you also didn't actually try disabling port 3101 and connecting via WiFi or VPN to see if they will still function. Try it.
You also seem to be focused on BDS. You do know that BDS doesn't handle email transport.
Read up, I DID say that you can get Email (and to include PIM) without the infrastructure. It is literally everything else. I am also curious what will happen to your email profiles once BES goes kaput. They may continue to function but any changes/new profiles wont be pushed. SRP connection is absolutely necessary.
(and yes, they have corrected documentation many times prior to release based on my suggestions lol) The data flow only shows device to BDS, doesnt show BDS to Infrastructure12-06-13 08:17 AMLike 0 -
- Actually, it's the Brits who aren't using the correct spellings.
English came to America in the 16th and 17th Centuries, and was essentially identical to what was spoken in England. The reign of Louis XIV of France during the late 17th Century was hugely influential in Europe, and during the late 1680s, England was essentially governed by Louis XIV, with the British king being virtually appointed by him and in great debt to him. So powerful, successful, rich, and influential was Louis that all things French became extremely fashionable in England (London especially), and during this period, even the written language was altered to be "more French". This is where all of those extra letters come from.
Americans didn't take anything out; destitute England added them in, wanting to be more like the wealthy, powerful French of the day.12-06-13 11:06 AMLike 4 - Oh yes! You can thanx frenchies for "programme"
Actually, it's the Brits who aren't using the correct spellings.
English came to America in the 16th and 17th Centuries, and was essentially identical to what was spoken in England. The reign of Louis XIV of France during the late 17th Century was hugely influential in Europe, and during the late 1680s, England was essentially governed by Louis XIV, with the British king being virtually appointed by him and in great debt to him. So powerful, successful, rich, and influential was Louis that all things French became extremely fashionable in England (London especially), and during this period, even the written language was altered to be "more French". This is where all of those extra letters come from.
Americans didn't take anything out; destitute England added them in, wanting to be more like the wealthy, powerful French of the day.
Q10 ? OS 10.2.1.17612-07-13 03:36 AMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Australia's DoD breaking Blackberry monopoly in 2014...
Similar Threads
-
Things I Hate In OS 10.2.1.1055 !!!
By ronniell in forum General BlackBerry News, Discussion & RumorsReplies: 37Last Post: 01-19-14, 03:07 AM -
BlackBerry Express: where does my presentations save?
By don_poky in forum BlackBerry 10 AppsReplies: 3Last Post: 12-06-13, 01:56 AM -
Will BlackBerry every return keyboard shortcuts...
By mbranscum in forum BlackBerry Q10Replies: 8Last Post: 12-05-13, 10:36 PM -
[Article] Ex-Apple chief Sculley may eye BlackBerry again
By propeller10 in forum General BlackBerry News, Discussion & RumorsReplies: 4Last Post: 12-05-13, 04:36 PM -
WOW, Blackberry sales zero?!?!?!
By raggdoll in forum General BlackBerry News, Discussion & RumorsReplies: 2Last Post: 12-04-13, 10:15 PM
LINK TO POST COPIED TO CLIPBOARD