Blackberry blackberry enterprise server for microsoft exchange manual Principles Description

Page 48

Feature and Technical Overview

BlackBerry Enterprise Solution security

BlackBerry Enterprise Solution 6 security

The BlackBerry Enterprise Solution consists of various products and components that are designed to extend your organization’s communication methods to BlackBerry devices. The BlackBerry Enterprise Solution is designed to help protect data that is in transit at all points between a device and the BlackBerry Enterprise Server. To help protect data that is in transit over the wireless network, the BlackBerry Enterprise Server and device use symmetric key cryptography to encrypt the data sent between them. The BlackBerry Enterprise Solution is designed to prevent third parties, including wireless service providers, from accessing your organization's potentially sensitive information in a decrypted format.

The BlackBerry Enterprise Solution uses confidentiality, integrity, and authenticity, which are principles for information security, to help protect your organization from data loss or alteration.

Principles	Description

confidentiality	The BlackBerry Enterprise Solution uses symmetric key cryptography to help
	make sure that only intended recipients can view the contents of email
	messages.

integrity	The BlackBerry Enterprise Solution uses symmetric key cryptography to help
	protect every email message that the device sends and to help prevent third
	parties from decrypting or altering the message data.
	Only the BlackBerry Enterprise Server and the device know the value of the keys
	that they use to encrypt messages and recognize the format of a decrypted and
	decompressed message. The BlackBerry Enterprise Server or the device rejects
	a message automatically if it is not encrypted with keys that they recognize as
	valid.

authenticity	Before the BlackBerry Enterprise Server sends data to the device, the device
	authenticates with the BlackBerry Enterprise Server to prove that the device
	knows the device transport key that is used to encrypt data.

48

Image 48

Contents Feature and Technical Overview Published 2013-11-07 SWD-20131107160132924 Contents BlackBerry Enterprise Solution security 103 Document revision history Date DescriptionFeature Description Whats New in BlackBerry Enterprise Server 5.0 SP4Enhancements to security features Enhancements to access controlIncreased efficiency of reconciliation ProcessOverview BlackBerry Enterprise Server BlackBerry Enterprise Server Architecture Architecture BlackBerry Enterprise ServerFeature and Technical Overview Component Description BlackBerry Synchronization Service Database and the message store databasesDevices BlackBerry Web Desktop ManagerArchitecture Remote BlackBerry Collaboration Service ComponentDescriptionBlackBerry Administration Service BlackBerry Collaboration ServiceMessaging data that BlackBerry devices send Architecture Remote BlackBerry MDS Connection Service Architecture Remote BlackBerry Router Component Description Architecture Remote BlackBerry Administration Service Architecture Remote BlackBerry Attachment Service Enterprise Server, user accounts, and BlackBerry devicesBlackBerry device for viewing Architecture BlackBerry Web Desktop Manager Details and user informationComponent Description BlackBerry Enterprise Server Components and features BlackBerry Administration ServiceBlackBerry Configuration Panel BlackBerry Mail Store ServiceDomain Using the server view or component view Options for viewing the BlackBerryTable name Description Page BlackBerry messaging and collaboration services BlackBerry Messaging AgentYou can turn off wireless email reconciliation Contact list updatesEmail reconciliation Appear with the same status on their BlackBerry devicesIf an attachment exceeds 64 KB, the BlackBerry device sends Attachment in multiple data packetsApplication on their BlackBerry devices BlackBerry devicesBlackBerry Collaboration Service Using the BlackBerry Administration ServiceCan synchronize to their BlackBerry devices Session management Sessions automatically and permits new sessions to startConversations with multiple contacts Contacts on their BlackBerry devicesFormats on their BlackBerry devices Contact list on BlackBerry devicesMessages to contacts directly from their contact lists User is linked to an existing contact list entryBlackBerry Synchronization Service BlackBerry Attachment Service Format ExtensionBlackBerry MDS Connection Service Audio Amr, .mp3, .wav, .wma Corel WordPerfect WpdHtm, .html RtfAuthentication methods Service requests user information and caches cookiesProxy auto-configuration .pac file Access controlBlackBerry Applications BlackBerry Browser ApplicationsBlackBerry Java Applications Type DescriptionFeature and Technical Overview BlackBerry Policy Service BlackBerry device managementControlling third-party applications on BlackBerry devices Configurations on the BlackBerry device automatically User account to the Default IT policy automaticallyBlackBerry Router Computer that can access the intranet BlackBerry Web Desktop ManagerApplication management Suite installed, to BlackBerry devices Simplified administrationService statistics Over the wireless networkNotifies the users when a newer Devices are connected Users cannot generate encryptionKeys Users cannot override emailUsers can synchronize the following Wireless activation BlackBerry Enterprise Solution 6 security Principles DescriptionSecurity features of the BlackBerry Enterprise Solution Data protectionConnect to the BlackBerry Enterprise Server Feature and Technical Overview Extending messaging security to a BlackBerry device Encrypting user data on a locked deviceManaging device access to the BlackBerry Enterprise Server Encrypting the device transport key on a locked deviceFeature and Technical Overview IT administration command Description Protection, you cannot use this commandDelete only the organization data Application data BlackBerry Enterprise Server High availability Feature and Technical Overview How a primary BlackBerry Enterprise Server self-demotes Feature and Technical Overview BlackBerry Configuration Database high availability BlackBerry Configuration Database mirroring Feature and Technical Overview High availability in a distributed environment Component High availability type DescriptionCollaboration Service instance Configuration DatabaseConnection Service instance Using information that is stored in the BlackBerryWi-Fi enabled devices Types of Wi-Fi networksSupport the authentication type that your organization uses Home Wi-Fi networksWireless access points Component Description Internet content Across multiple radio technologiesFeature and Technical Overview GSM/EDGE Feature and Technical OverviewWi-Fi enabled devices Characteristic Description Characteristic Description Security features of a Wi-Fi enabled device Direct access to the BlackBerry Infrastructure over a Wi-Fi connectionExpanded groups of Wi-Fi and VPN Multiple Wi-Fi and VPN profilesBlackBerry Enterprise Server Process flows Messaging process flowsProcess flow Sending a message to a BlackBerry device Process flow Sending a message from a BlackBerry device Feature and Technical Overview Feature and Technical Overview Instant messaging process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Message attachment process flows Process flow Viewing a message attachmentProcess flow Viewing an attachment using a link Feature and Technical Overview Organizer data process flows Feature and Technical Overview Process flow Adding a contact picture on a BlackBerry device Mobile data process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview 100 BlackBerry device management process flows Feature and Technical Overview Glossary10 Enterprise Service Generic access networkGeneric access network controller Destination service to route the data toService books Kerberos protocolMessage keys Messaging serverUniversal Content Stream Unlicensed Mobile AccessUniversal Serial Bus Virtual private networkProvide feedback 107Legal notice 108109 Feature and Technical Overview