Blackberry blackberry enterprise server for microsoft exchange manual

Page 52

Feature and Technical Overview

BlackBerry Enterprise Solution security

if you use software tokens, contents of the .sdtid file seed that is stored in flash memory

all data that is associated with third-party applications that a user installs on the device

in the BlackBerry Browser, content that web sites or third-party applications push to the device, any web sites that the user saves on the device, and the browser cache

all text that replaces the text automatically that the user types on the device

You can change the Content Protection of Contact List IT policy rule to Required to prevent the user from turning off content protection for the contact list on the device. If you change the Content Protection of Contact List IT policy rule to Required, the device does not permit call display and does not share contacts over a Bluetooth connection when the device is locked.

Encrypting the device transport key on a locked device

If you turn on content protection for device transport keys, a BlackBerry device uses the principal encryption key to encrypt the device transport keys that are stored in flash memory. The device encrypts the principal encryption key using the content protection key. When a locked device receives data that is encrypted using the device transport key, it uses the decrypted principal encryption key to decrypt the device transport key in flash memory and then uses the decrypted device transport key to decrypt data.

When you, a user, or a password timeout locks the device, the wireless transceiver remains on and the device does not delete the memory that is associated with the principal encryption key or device transport key. The device is designed to prevent the decrypted principal encryption key and the decrypted device transport key from appearing in flash memory.

You can turn on content protection for device transport keys on the device when you configure the Force Content Protection of Master Keys IT policy rule. When you turn on content protection of device transport keys, the device uses the ECC key strength that you specified in the Content Protection Strength IT policy rule to encrypt the device transport keys.

Managing device access to the BlackBerry Enterprise Server

You can use the Enterprise Service Policy to control which BlackBerry devices can connect to a BlackBerry Enterprise Server. By default, after you turn on the Enterprise Service Policy, the BlackBerry Enterprise Server permits connections from any device that you previously associated with the BlackBerry Enterprise Server. The BlackBerry Enterprise Server also prevents connections from any device that you associate with the BlackBerry Enterprise Server after you turn on the Enterprise Service Policy.

52

Page 51 Page 53
Image 52
Page 51 Page 53
Contents Feature and Technical Overview Published 2013-11-07 SWD-20131107160132924 Contents BlackBerry Enterprise Solution security 103 Document revision history Date DescriptionFeature Description Whats New in BlackBerry Enterprise Server 5.0 SP4Enhancements to security features Enhancements to access controlIncreased efficiency of reconciliation ProcessOverview BlackBerry Enterprise Server BlackBerry Enterprise Server Architecture Architecture BlackBerry Enterprise ServerFeature and Technical Overview Component Description BlackBerry Synchronization Service Database and the message store databasesDevices BlackBerry Web Desktop ManagerArchitecture Remote BlackBerry Collaboration Service ComponentDescriptionBlackBerry Collaboration Service BlackBerry Administration ServiceMessaging data that BlackBerry devices send Architecture Remote BlackBerry MDS Connection Service Architecture Remote BlackBerry Router Component Description Architecture Remote BlackBerry Administration Service Architecture Remote BlackBerry Attachment Service Enterprise Server, user accounts, and BlackBerry devicesBlackBerry device for viewing Architecture BlackBerry Web Desktop Manager Details and user informationComponent Description BlackBerry Enterprise Server Components and features BlackBerry Administration ServiceBlackBerry Configuration Panel BlackBerry Mail Store ServiceDomain Using the server view or component view Options for viewing the BlackBerryTable name Description Page BlackBerry messaging and collaboration services BlackBerry Messaging AgentYou can turn off wireless email reconciliation Contact list updatesEmail reconciliation Appear with the same status on their BlackBerry devicesIf an attachment exceeds 64 KB, the BlackBerry device sends Attachment in multiple data packetsApplication on their BlackBerry devices BlackBerry devicesUsing the BlackBerry Administration Service BlackBerry Collaboration ServiceCan synchronize to their BlackBerry devices Session management Sessions automatically and permits new sessions to startConversations with multiple contacts Contacts on their BlackBerry devicesFormats on their BlackBerry devices Contact list on BlackBerry devicesMessages to contacts directly from their contact lists User is linked to an existing contact list entryBlackBerry Synchronization Service BlackBerry Attachment Service Format ExtensionBlackBerry MDS Connection Service Audio Amr, .mp3, .wav, .wma Corel WordPerfect WpdHtm, .html RtfAuthentication methods Service requests user information and caches cookiesProxy auto-configuration .pac file Access controlBlackBerry Applications BlackBerry Browser ApplicationsBlackBerry Java Applications Type DescriptionFeature and Technical Overview BlackBerry device management BlackBerry Policy ServiceControlling third-party applications on BlackBerry devices User account to the Default IT policy automatically Configurations on the BlackBerry device automaticallyBlackBerry Router BlackBerry Web Desktop Manager Computer that can access the intranetApplication management Suite installed, to BlackBerry devices Simplified administrationService statistics Over the wireless networkNotifies the users when a newer Devices are connected Users cannot generate encryptionKeys Users cannot override emailUsers can synchronize the following Wireless activation BlackBerry Enterprise Solution 6 security Principles DescriptionData protection Security features of the BlackBerry Enterprise SolutionConnect to the BlackBerry Enterprise Server Feature and Technical Overview Extending messaging security to a BlackBerry device Encrypting user data on a locked deviceManaging device access to the BlackBerry Enterprise Server Encrypting the device transport key on a locked deviceFeature and Technical Overview Protection, you cannot use this command IT administration command DescriptionDelete only the organization data Application data BlackBerry Enterprise Server High availability Feature and Technical Overview How a primary BlackBerry Enterprise Server self-demotes Feature and Technical Overview BlackBerry Configuration Database high availability BlackBerry Configuration Database mirroring Feature and Technical Overview High availability in a distributed environment Component High availability type DescriptionCollaboration Service instance Configuration DatabaseConnection Service instance Using information that is stored in the BlackBerryWi-Fi enabled devices Types of Wi-Fi networksSupport the authentication type that your organization uses Home Wi-Fi networksWireless access points Component Description Internet content Across multiple radio technologiesFeature and Technical Overview GSM/EDGE Feature and Technical OverviewWi-Fi enabled devices Characteristic Description Characteristic Description Security features of a Wi-Fi enabled device Direct access to the BlackBerry Infrastructure over a Wi-Fi connectionExpanded groups of Wi-Fi and VPN Multiple Wi-Fi and VPN profilesMessaging process flows BlackBerry Enterprise Server Process flowsProcess flow Sending a message to a BlackBerry device Process flow Sending a message from a BlackBerry device Feature and Technical Overview Feature and Technical Overview Instant messaging process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Message attachment process flows Process flow Viewing a message attachmentProcess flow Viewing an attachment using a link Feature and Technical Overview Organizer data process flows Feature and Technical Overview Process flow Adding a contact picture on a BlackBerry device Mobile data process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview 100 BlackBerry device management process flows Feature and Technical Overview Glossary10 Enterprise Service Generic access networkGeneric access network controller Destination service to route the data toService books Kerberos protocolMessage keys Messaging serverUniversal Content Stream Unlicensed Mobile AccessUniversal Serial Bus Virtual private networkProvide feedback 107Legal notice 108109 Feature and Technical Overview
Top Page Image Contents