Blackberry blackberry enterprise server for microsoft exchange manual Data protection

Page 49

Feature and Technical Overview

BlackBerry Enterprise Solution security

Security features of the BlackBerry Enterprise Solution

Feature	Description

data protection	The BlackBerry Enterprise Solution is designed to protect data that is in transit
	between the BlackBerry Enterprise Server and a BlackBerry device and data
	that is in transit between your organization’s messaging server and the email
	application on a user’s computer. The BlackBerry Enterprise Solution encrypts
	data that is stored on the device and in the BlackBerry Configuration Database.
	To help protect data that is stored on the device, you can require a user to
	authenticate to the device using a password, a smart card, or both.

encryption key protection	The device is designed to protect the encryption keys that are stored on the
	device. The device encrypts the encryption keys when the device is locked.

control of device connections	The BlackBerry Enterprise Solution is designed to control the following
	connections:
	• connections using Bluetooth technology to and from the device
	• connections from a Wi-Fi enabled device to enterprise Wi-Fi networks
	The BlackBerry Enterprise Solution is designed to control which devices can
	connect to the BlackBerry Enterprise Server.

control of the behavior of the device and BlackBerry Desktop Software

To control the behavior of the device and BlackBerry Desktop Software, you can send IT administration commands, IT policies, and application control policies to the device. You can use IT administration commands, IT policies, and application control policies to perform the following actions:

•You can send IT administration commands to lock the device, permanently delete work data, permanently delete user information and application data, and return the device settings to the default values.

•You can send an IT policy to a device to change security settings. You can use the IT policy to enforce the device password and BlackBerry Smart Card Reader password.

•You can send an application control policy to a device to control whether third-party applications are available and can connect to the device and whether third-party applications or add-on applications developed by Research In Motion can access work data.

49

Image 49

Contents Feature and Technical Overview Published 2013-11-07 SWD-20131107160132924 Contents BlackBerry Enterprise Solution security 103 Date Description Document revision historyWhats New in BlackBerry Enterprise Server 5.0 SP4 Feature DescriptionEnhancements to access control Enhancements to security featuresIncreased efficiency of reconciliation ProcessOverview BlackBerry Enterprise Server Architecture BlackBerry Enterprise Server BlackBerry Enterprise Server ArchitectureFeature and Technical Overview Component Description Database and the message store databases BlackBerry Synchronization ServiceDevices BlackBerry Web Desktop ManagerComponentDescription Architecture Remote BlackBerry Collaboration ServiceBlackBerry Collaboration Service BlackBerry Administration ServiceMessaging data that BlackBerry devices send Architecture Remote BlackBerry MDS Connection Service Architecture Remote BlackBerry Router Component Description Architecture Remote BlackBerry Administration Service Enterprise Server, user accounts, and BlackBerry devices Architecture Remote BlackBerry Attachment ServiceBlackBerry device for viewing Details and user information Architecture BlackBerry Web Desktop ManagerComponent Description BlackBerry Administration Service BlackBerry Enterprise Server Components and featuresBlackBerry Mail Store Service BlackBerry Configuration PanelDomain Using the server view or component view Options for viewing the BlackBerryTable name Description Page BlackBerry Messaging Agent BlackBerry messaging and collaboration servicesContact list updates You can turn off wireless email reconciliationEmail reconciliation Appear with the same status on their BlackBerry devicesAttachment in multiple data packets If an attachment exceeds 64 KB, the BlackBerry device sendsApplication on their BlackBerry devices BlackBerry devicesUsing the BlackBerry Administration Service BlackBerry Collaboration ServiceCan synchronize to their BlackBerry devices Sessions automatically and permits new sessions to start Session managementConversations with multiple contacts Contacts on their BlackBerry devicesContact list on BlackBerry devices Formats on their BlackBerry devicesMessages to contacts directly from their contact lists User is linked to an existing contact list entryBlackBerry Synchronization Service Format Extension BlackBerry Attachment ServiceAudio Amr, .mp3, .wav, .wma Corel WordPerfect Wpd BlackBerry MDS Connection ServiceHtm, .html RtfService requests user information and caches cookies Authentication methodsProxy auto-configuration .pac file Access controlBlackBerry Browser Applications BlackBerry ApplicationsBlackBerry Java Applications Type DescriptionFeature and Technical Overview BlackBerry device management BlackBerry Policy ServiceControlling third-party applications on BlackBerry devices User account to the Default IT policy automatically Configurations on the BlackBerry device automaticallyBlackBerry Router BlackBerry Web Desktop Manager Computer that can access the intranetApplication management Simplified administration Suite installed, to BlackBerry devicesService statistics Over the wireless networkNotifies the users when a newer Users cannot generate encryption Devices are connectedKeys Users cannot override emailUsers can synchronize the following Wireless activation Principles Description BlackBerry Enterprise Solution 6 securityData protection Security features of the BlackBerry Enterprise SolutionConnect to the BlackBerry Enterprise Server Feature and Technical Overview Encrypting user data on a locked device Extending messaging security to a BlackBerry deviceEncrypting the device transport key on a locked device Managing device access to the BlackBerry Enterprise ServerFeature and Technical Overview Protection, you cannot use this command IT administration command DescriptionDelete only the organization data Application data BlackBerry Enterprise Server High availability Feature and Technical Overview How a primary BlackBerry Enterprise Server self-demotes Feature and Technical Overview BlackBerry Configuration Database high availability BlackBerry Configuration Database mirroring Feature and Technical Overview Component High availability type Description High availability in a distributed environmentConfiguration Database Collaboration Service instanceConnection Service instance Using information that is stored in the BlackBerryTypes of Wi-Fi networks Wi-Fi enabled devicesSupport the authentication type that your organization uses Home Wi-Fi networksWireless access points Component Description Across multiple radio technologies Internet contentFeature and Technical Overview GSM/EDGE Feature and Technical OverviewWi-Fi enabled devices Characteristic Description Characteristic Description Security features of a Wi-Fi enabled device Infrastructure over a Wi-Fi connection Direct access to the BlackBerryExpanded groups of Wi-Fi and VPN Multiple Wi-Fi and VPN profilesMessaging process flows BlackBerry Enterprise Server Process flowsProcess flow Sending a message to a BlackBerry device Process flow Sending a message from a BlackBerry device Feature and Technical Overview Feature and Technical Overview Instant messaging process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Process flow Viewing a message attachment Message attachment process flowsProcess flow Viewing an attachment using a link Feature and Technical Overview Organizer data process flows Feature and Technical Overview Process flow Adding a contact picture on a BlackBerry device Mobile data process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview 100 BlackBerry device management process flows Feature and Technical Overview Glossary10 Generic access network Enterprise ServiceGeneric access network controller Destination service to route the data toKerberos protocol Service booksMessage keys Messaging serverUnlicensed Mobile Access Universal Content StreamUniversal Serial Bus Virtual private network107 Provide feedback108 Legal notice109 Feature and Technical Overview