Blackberry Admins - a question?
Discussion
If we had a dedicated server to install Blackberry Express server on (VM so this part is easy), how complicated is the setup and removal process?
I'm trying to get an idea how easy/practical it would be from the IT side of things to trial Blackberry should our mobile provider let us do so.
Thanks.
I'm trying to get an idea how easy/practical it would be from the IT side of things to trial Blackberry should our mobile provider let us do so.
Thanks.
manic47 said:
It's very easy to install - when you are finished just kill the BES box, and delete the BES account you were using to access the mailboxes.
Thanks, bit of a lazy bd approach I appreciate, but so long as I know that I can RTFM if/when the time actually comes that's good enough.OK so the feedback that seems to be coming back from within the business is that Nokia's are crap and so is Vodafone and the people who have used Blackberry's want Blackberry's.
From what I can see, the free Express Server software looks to do what we want, which is nothing special, just to be able to do basic management of devices, remote wipe etc. as well as pushing out applications (though I have no idea what applications yet).
I know data is encrypted over the air to Blackberry's, is it encrypted on the device, or more to the point, if someone loses their phone, before you're able to remote wipe it, what's the scope for someone to pilfer data off it? Their website suggests phone contents and even add-in media cards are/can be encrypted?
Also I've had feedback that the Nokia hands free/in-car is crap, something long the lines of voice dialling being useless and if you have a mandatory PIN set, you have to unlock the phone even in a car kit if you want to make a call?
From what I can see, the free Express Server software looks to do what we want, which is nothing special, just to be able to do basic management of devices, remote wipe etc. as well as pushing out applications (though I have no idea what applications yet).
I know data is encrypted over the air to Blackberry's, is it encrypted on the device, or more to the point, if someone loses their phone, before you're able to remote wipe it, what's the scope for someone to pilfer data off it? Their website suggests phone contents and even add-in media cards are/can be encrypted?
Also I've had feedback that the Nokia hands free/in-car is crap, something long the lines of voice dialling being useless and if you have a mandatory PIN set, you have to unlock the phone even in a car kit if you want to make a call?
BES Express comes with a limited number of IT policies capable of forcing a password and security time out. This means you are pretty safe. You also have the ability to remote wipe. Also worth looking at the dual persona settings. These allow you to remote wipe corporate data and not touch the personal stuff.
As for encryption, you can choose to encrypt the microSD cards. The OTA encrption happens at the point a message is sent (in or out) and is encrpyted using 3DES or AES or both between device and BES. These cannot be decrypted along the way.
Also worth pushing the use of BBM in the organisation. Free contextual text messaging (delivered/read etc) and you can create groups within BBM.
Apps, at the very least, the BA App is nice, Poynt is good if your people travel, as is WorldMate (pops your itinerary into your calendar).
PM me if you want more info on BES Express or any apps...
As for encryption, you can choose to encrypt the microSD cards. The OTA encrption happens at the point a message is sent (in or out) and is encrpyted using 3DES or AES or both between device and BES. These cannot be decrypted along the way.
Also worth pushing the use of BBM in the organisation. Free contextual text messaging (delivered/read etc) and you can create groups within BBM.
Apps, at the very least, the BA App is nice, Poynt is good if your people travel, as is WorldMate (pops your itinerary into your calendar).
PM me if you want more info on BES Express or any apps...
Thanks, really appreciate that. The OTA encryption is good to know, but the main thing is that you can encrypt all the data stored on the thing - we do this on all laptops yet you can have a smartphone with a 32gb micro-SD and god alone knows how much could be on that if you go and lose it...
BBM is a new one on me as I've not really gotten in depth yet, it's basically Blackberry to Blackberry IM though isn't it? Is it free between your "site" or can you IM anyone with a Blackberry free of charge?
My one concern so far is our VPN (Juniper SSL) but from what I can see so far, it has it's own VPN of sorts built into the phones and BES?
BBM is a new one on me as I've not really gotten in depth yet, it's basically Blackberry to Blackberry IM though isn't it? Is it free between your "site" or can you IM anyone with a Blackberry free of charge?
My one concern so far is our VPN (Juniper SSL) but from what I can see so far, it has it's own VPN of sorts built into the phones and BES?
paddyhasneeds said:
Thanks, really appreciate that. The OTA encryption is good to know, but the main thing is that you can encrypt all the data stored on the thing - we do this on all laptops yet you can have a smartphone with a 32gb micro-SD and god alone knows how much could be on that if you go and lose it...
BBM is a new one on me as I've not really gotten in depth yet, it's basically Blackberry to Blackberry IM though isn't it? Is it free between your "site" or can you IM anyone with a Blackberry free of charge?
My one concern so far is our VPN (Juniper SSL) but from what I can see so far, it has it's own VPN of sorts built into the phones and BES?
The Blackberry connects directly back to the BES server via it's own VPN based connection. The added benefit of this is you can force all browsing off the devices through your own internal content/proxy filter so users can't get to dodgy sites on their devices.BBM is a new one on me as I've not really gotten in depth yet, it's basically Blackberry to Blackberry IM though isn't it? Is it free between your "site" or can you IM anyone with a Blackberry free of charge?
My one concern so far is our VPN (Juniper SSL) but from what I can see so far, it has it's own VPN of sorts built into the phones and BES?
You can indeed force encryption of the media card via the security policy so everything is encrypted on the device.
BBM is unusual in that is the only protocal that goes outside the BB infrastructure unless you set the IT policy to log then it logs all communication from between the devices. It is free of charge worldwide as it utilises the data connection and it's extremely lightweight on data so users can chat as much as they please and use virtually no data.
Wow, that VPN could be the killer (in the good sense) blow. Looks like it's available in BES Express too.
Is it a proper IP level VPN i.e. could you use Citrix/TS over it?
I'm also liking the idea of being able to route browsing via our firewalls as one of the issues we've had in the past is huge data bills and (apparently) no way of getting visibility of who did what and when from the current network provider.
How do the usernames/passwords work too, is it all AD integrated so when you access, say, files via the inbuilt VPN it passes through your credentials for username/password?
Seems like Blackberry are the only company who seem to have sat down and thought "What do IT people want from a smartphone?" and who have also come up with something that the users seem to like judging from the feedback I've had so far.
Is it a proper IP level VPN i.e. could you use Citrix/TS over it?
I'm also liking the idea of being able to route browsing via our firewalls as one of the issues we've had in the past is huge data bills and (apparently) no way of getting visibility of who did what and when from the current network provider.
How do the usernames/passwords work too, is it all AD integrated so when you access, say, files via the inbuilt VPN it passes through your credentials for username/password?
Seems like Blackberry are the only company who seem to have sat down and thought "What do IT people want from a smartphone?" and who have also come up with something that the users seem to like judging from the feedback I've had so far.
paddyhasneeds said:
Wow, that VPN could be the killer (in the good sense) blow. Looks like it's available in BES Express too.
Is it a proper IP level VPN i.e. could you use Citrix/TS over it?
I'm also liking the idea of being able to route browsing via our firewalls as one of the issues we've had in the past is huge data bills and (apparently) no way of getting visibility of who did what and when from the current network provider.
How do the usernames/passwords work too, is it all AD integrated so when you access, say, files via the inbuilt VPN it passes through your credentials for username/password?
Seems like Blackberry are the only company who seem to have sat down and thought "What do IT people want from a smartphone?" and who have also come up with something that the users seem to like judging from the feedback I've had so far.
Blackberry are still by a huge margin the most effective business devices and are loved by the majority.Is it a proper IP level VPN i.e. could you use Citrix/TS over it?
I'm also liking the idea of being able to route browsing via our firewalls as one of the issues we've had in the past is huge data bills and (apparently) no way of getting visibility of who did what and when from the current network provider.
How do the usernames/passwords work too, is it all AD integrated so when you access, say, files via the inbuilt VPN it passes through your credentials for username/password?
Seems like Blackberry are the only company who seem to have sat down and thought "What do IT people want from a smartphone?" and who have also come up with something that the users seem to like judging from the feedback I've had so far.
The VPN is a secured connection that will ensure data services off the device remain encrypted end-to-end (bes to device and back). As of running citrix/ts over it I've not tried it but I can get to internal servers using my device and also things like internal websites (intranets etc) and I know there are ts clients for BB.
You can also do things like make internal file shares available to the devices for accessing and editing documents and the like.
As for usernames, the device can be secured with passwords and once the device is unlocked it will communicate with the network like it's plugged in directly.
If by passwords you mean to go through a proxy, it is supported in most configurations. So when the user tries to access a website the device can be prompt for a AD account and password.
Getting the device through the proxy is a killer feature though that only Blackberry have nailed.
Ordinary_Chap said:
paddyhasneeds said:
Wow, that VPN could be the killer (in the good sense) blow. Looks like it's available in BES Express too.
Is it a proper IP level VPN i.e. could you use Citrix/TS over it?
I'm also liking the idea of being able to route browsing via our firewalls as one of the issues we've had in the past is huge data bills and (apparently) no way of getting visibility of who did what and when from the current network provider.
How do the usernames/passwords work too, is it all AD integrated so when you access, say, files via the inbuilt VPN it passes through your credentials for username/password?
Seems like Blackberry are the only company who seem to have sat down and thought "What do IT people want from a smartphone?" and who have also come up with something that the users seem to like judging from the feedback I've had so far.
Blackberry are still by a huge margin the most effective business devices and are loved by the majority.Is it a proper IP level VPN i.e. could you use Citrix/TS over it?
I'm also liking the idea of being able to route browsing via our firewalls as one of the issues we've had in the past is huge data bills and (apparently) no way of getting visibility of who did what and when from the current network provider.
How do the usernames/passwords work too, is it all AD integrated so when you access, say, files via the inbuilt VPN it passes through your credentials for username/password?
Seems like Blackberry are the only company who seem to have sat down and thought "What do IT people want from a smartphone?" and who have also come up with something that the users seem to like judging from the feedback I've had so far.
The VPN is a secured connection that will ensure data services off the device remain encrypted end-to-end (bes to device and back). As of running citrix/ts over it I've not tried it but I can get to internal servers using my device and also things like internal websites (intranets etc) and I know there are ts clients for BB.
You can also do things like make internal file shares available to the devices for accessing and editing documents and the like.
As for usernames, the device can be secured with passwords and once the device is unlocked it will communicate with the network like it's plugged in directly.
If by passwords you mean to go through a proxy, it is supported in most configurations. So when the user tries to access a website the device can be prompt for a AD account and password.
Getting the device through the proxy is a killer feature though that only Blackberry have nailed.
By "passwords" what I meant is Joe Bloggs has a domain account, let's say it's "DOMAIN\Joe Bloggs". When the Blackberry accesses files or anything NTLM/domain aware back at base, how transparent is it that the blackberry client and person connecting is "DOMAIN\Joe Bloggs"?
All resources are accessed using the BES account unless you have something to prompt for a password like through a website/proxy.
So if you want to send them out of a proxy you'd have it so they were prompted for a password as a way of identifying them as the connection is sent and received by the BES server.
It's fairly unusual to have the users access anything other than a special share for a document. Most companies use a intranet to publish content or something like sharepoint.
So if you want to send them out of a proxy you'd have it so they were prompted for a password as a way of identifying them as the connection is sent and received by the BES server.
It's fairly unusual to have the users access anything other than a special share for a document. Most companies use a intranet to publish content or something like sharepoint.
Thanks, that is a bit of a black mark as we (rightly or wrongly) do use file shares not a CMS/sharepoint, and it would be useful to be able to access shares with distinct user permissions rather than having to add the BES service account all over the place.
Still, on the whole that doesn't seem terrible, it's potentially a huge step forward.
Still, on the whole that doesn't seem terrible, it's potentially a huge step forward.
paddyhasneeds said:
Thanks, that is a bit of a black mark as we (rightly or wrongly) do use file shares not a CMS/sharepoint, and it would be useful to be able to access shares with distinct user permissions rather than having to add the BES service account all over the place.
Still, on the whole that doesn't seem terrible, it's potentially a huge step forward.
There's probably a way of forcing authentication on the share using the device. I'm not sure how it is done but most things bb can be done.Still, on the whole that doesn't seem terrible, it's potentially a huge step forward.
We added single sign on in to 5.0.2 and just released BES Express for Donino this week. 5.0.2 also allows dual persona, a single device can carry a work and personal email for example and you can wipe just the corporate data when the person leaves.
I have some slides showing end to end communications including encryption and others on the benefits of BES and BES Express. To the OP, drop me a PM if you have some specific BlackBerry questions.
I have some slides showing end to end communications including encryption and others on the benefits of BES and BES Express. To the OP, drop me a PM if you have some specific BlackBerry questions.
MuffDaddy said:
We added single sign on in to 5.0.2 and just released BES Express for Donino this week. 5.0.2 also allows dual persona, a single device can carry a work and personal email for example and you can wipe just the corporate data when the person leaves.
I have some slides showing end to end communications including encryption and others on the benefits of BES and BES Express. To the OP, drop me a PM if you have some specific BlackBerry questions.
Thanks, PM sent.I have some slides showing end to end communications including encryption and others on the benefits of BES and BES Express. To the OP, drop me a PM if you have some specific BlackBerry questions.
OK so from a chat with Blackberry today most of my questions appear to be answered.
One interesting point that was raised is that Blackberry apparently compress data sent between the BES and your phone, the implication being you use less data, but they don't seem to have that stated in writing anywhere.
I wondered if anyone's any experience/evidence of that claim as the potential for reduced data bills is potentially appealing.
One interesting point that was raised is that Blackberry apparently compress data sent between the BES and your phone, the implication being you use less data, but they don't seem to have that stated in writing anywhere.
I wondered if anyone's any experience/evidence of that claim as the potential for reduced data bills is potentially appealing.
paddyhasneeds said:
OK so from a chat with Blackberry today most of my questions appear to be answered.
One interesting point that was raised is that Blackberry apparently compress data sent between the BES and your phone, the implication being you use less data, but they don't seem to have that stated in writing anywhere.
I wondered if anyone's any experience/evidence of that claim as the potential for reduced data bills is potentially appealing.
Yeah one of the biggest strenghts is encryption and compression.One interesting point that was raised is that Blackberry apparently compress data sent between the BES and your phone, the implication being you use less data, but they don't seem to have that stated in writing anywhere.
I wondered if anyone's any experience/evidence of that claim as the potential for reduced data bills is potentially appealing.
The rule of thumb is the BB will transmit 1/3 less data than a windows mobile device doing the same process.
The Iphone/Android devices are again massively heavier than winmob.
Sucks that this is so difficult to prove - the idea of being able to say "our data bills will be a third less" is clearly appealing, but if there's little to back it up, and the things use more data to begin with because they're "always on" it seems the data bills could increase, so we'd want to understand that a little better.
One thing I forgot to ask, and not a show stopper but I believe you can't do tethering with Blackberry, at least not in a simple, supported way?
One thing I forgot to ask, and not a show stopper but I believe you can't do tethering with Blackberry, at least not in a simple, supported way?
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff