BlackBerry Wireless Solution

Slide *

BlackBerry Overview

Slide *

About BlackBerryBlackBerry is the leading wireless solution

Keeps mobile professionals connected to people, data and resources that drive their day

Proven platformSecureAccess to a large suite of business applicationsWell known worldwide as a wireless leader

Website: www.BlackBerry.com

Slide *

BlackBerry Productivity?What can you do with a BlackBerry?Keep in track with email, calendar etc.Access your secure corporate intranet anytime anywhereCorporate Messenger like LCS, Sametime, Groupwise messengerYahoo Messenger, Google TalkAccess corporate data like sales records, CRM information, tech. support ticketsPrint to a wired/blue-tooth enabled printerSwipe credit cards or scan barcodesKeep track of your stock exchangeOnline bankingCreate or edit Word/Excel documentsAdminister servers/computers remotelyProject PowerPoint presentations directly to a projectorPlay gamesAnd much more

Slide *

BlackBerry OverviewTwo basic solutions:Enterprise solution with BESUsing BlackBerry Enterprise Server (BES)Software installed on the server in customers networkDesigned for business and government customersWorks with Ms Exchange, Lotus Domino and Novel GroupWiseNote : SIM card must be Enterprise Provisioned

Prosumer solution with BIS Using BlackBerry Internet Service (BIS)Internet based solution, hence no server software requiredDesigned for consumers or customers without supported email platformsUses various email accounts like Yahoo, POP3, Hotmail, AOL etc.Note : SIM card must be Prosumer Provisioned

Slide *

BlackBerry Enterprise Solution

Slide *

BES: BlackBerry Enterprise ServerEnterprise solution intended for medium to large size organizationsWorks with Ms Exchange, IBM Lotus Domino and Novel GroupWiseSeamless integration with existing corporate email accountSecureDelivers push Always On, Always Connected emailWireless email and PIM reconciliationAccess to corporate data (via MDS)Centralized control for IT departments

Slide *

Email and PIM Flow

Slide *

Message Flow

PIN to PIN

Slide *

P2P MessagingUser A sends a PIN message from their BlackBerry. The message is encrypted using a public key and compressed.

Slide *

P2P MessagingThe PIN message is sent through the wireless network.

Slide *

P2P MessagingThe wireless network recognizes the PIN message as BlackBerry data and the message is delivered to the BlackBerry Infrastructure.

Slide *

P2P MessagingThe P2P Servers verify the PIN number of the sender and recipient, and determine if the sender is authorized to send PIN messages. The recipients PIN number is verified as well to make sure they are authorized to receive PIN messages. Once this information has been gathered, it is transferred to Relay.

Slide *

P2P MessagingThe message leaves the BlackBerry Infrastructure as the Relay component delivers the message to the appropriate wireless network.

Slide *

P2P MessagingThe wireless network then routes the PIN message to User Bs BlackBerry.

Slide *

P2P MessagingThe message then arrives on User Bs BlackBerry where it is decompressed and decrypted. Now the user is able to view and read the message.

Slide *

BES: Architecture SummaryFundamentally BES provides a SECURE PIPE between your firewall and your handheld capable of delivering reliable push dataBES uses the SRP ID & Key information to authenticate with networkBES monitors for new email and then compresses and encrypt the data to send over the air to the handheldOnly 2 Kb is sent to the handheldUse more to get additional text.

MDS (Mobile Data Services) is a free component of BESProvides secure access to corporate data e.g. SAP, intranets etc.Provides internet capabilities for the secure BlackBerry BrowserAccess to corporate data via XML, WML, HTML or other HTTP(S) data using the browser or MDS Studio/J2ME applicationHuge number of 3rd Party solutions already available e.g. Excel editors, SAP apps, support ticket handling, portfolio management etc.

Slide *

BES ComponentsBlackBerry Messaging AgentProcesses the propagation of email and calendar messages to/from deviceServices requests for attachments and address lookups Synchronizes configuration data between the database and user mailboxesGenerates and persists encryption keys

BlackBerry Synchronization ServiceSynchronizes PIM application and device data

BlackBerry Policy ServicePerforms administration services such as wireless IT Policy, wireless IT commands and wireless service book provisioning

BlackBerry Attachment ServiceConverts supported attachments into format that can be viewed on the deviceOption to remotely install

Slide *

BES ComponentsBlackBerry Collaboration ServiceProvides an encrypted connection between the instant messaging serverOption to remotely install

BlackBerry Dispatcher ServicePerforms data de/encryption and de/compressionRelays data through BlackBerry Router

BlackBerry Router ServiceRoutes BlackBerry traffic to/from BlackBerry InfrastructureAlternatively, routes to device via serial by-passOption to remotely install

BlackBerry ControllerDesigned to monitor the BlackBerry components and to restart them if they stop responding

Slide *

BES ComponentsBlackBerry MDS Connection ServiceIt permits users to access web content on your organization's intranet or on the Internet. It also permits applications on BlackBerry devices to connect to your organization's application and content servers for data and updates

BlackBerry MDS Integration ServiceThe BlackBerry MDS Integration Service allows you to install, update, and manage BlackBerry MDS Runtime Applications on BlackBerry devices.

Configuration DatabaseRelational database that contains configuration information that is used by the BlackBerry components that do not connect to the messaging server directlyIncludes the information specific to user (e.g. PIN-to-email address mapping)

Slide *

Wireless Enterprise ActivationEasy StepsUser gets new unassigned handheld and contacts ITIT adds user to the BlackBerry Enterprise Server and provides a password to the userUser goes to Enterprise Activation screen and enters email address and given password.Enterprise Activation is done automatically OTA!Security key exchange then service books followed by calendar, address book, tasks etc.If existing user (with a new device) then backup settings retrievedNo Initial Cradle requiredBuilt On SPEKESimple Password-authenticated Exponential Key ExchangeZero Knowledge Password Proof (ZNPP)IEEE P1363.2 Password Based Public Key Cryptographic StandardPassword Based Mutually-Authenticated Session Key

Slide *

Enterprise Activation SequenceFrom the Home screen of the BlackBerry device, click on the Enterprise Activation icon or go to Options and click on Enterprise Activation.

Enter email address* and Enterprise Activation password. This will be set by the BlackBerry Enterprise Server Admin and is valid for 48 hours from the time that it is set or the predetermined time set by the BES Admin.

Once the user has entered the required authentication information, they must click the track ball and select Activate from the menu that appears.

Note : If the email address entered does not match the current email address for the BlackBerry device (assuming the device has been activated on a BlackBerry Enterprise Server before), then you will be asked on the screen of the BlackBerry device to wipe the device.

Slide *

Enterprise Activation Sequence4. A secure activation email (SPEKE) will be sent to the BlackBerry Infrastructure (network@etp message).

5.ETP servers will forward this email to the email address that was entered in the Enterprise Activation screen on the BlackBerry device.

The email messages sent to the users email account contains a .DAT attachment. Specific routing information and the public keys for the handheld are contained in this .DAT attachment. The body of the email also contains this information, in the event that the .DAT attachment is stripped, so that the Enterprise Activation (EA) will continue.

6.The BlackBerry Enterprise Server, which is monitoring the users mailbox, will pick up the ETP.DAT email and begin the activation process, sending an activation response with the BlackBerry Enterprise Server routing info and public keys.

Slide *

Enterprise Activation Sequence7.At this point, BlackBerry Enterprise Server pushes down the new Encryption key and then sends a request to the BlackBerry Policy Server to send down the Service Books. 8.The Policy Server then has to send the IT Policy first and make sure it has been applied successfully. It will then send the Service Books.

Slide *

Enterprise Activation Sequence9.Once the device has received the Service Books, the EA is over you receive the Activation Complete message on your device.

Slide *

Enterprise Activation Sequence Logs1. MESSAGING AGENT Enterprise Activation e-mail is picked up by the BlackBerry Enterprise Server:[40282] (07/22 10:12:29):{0x13B8} {User@Domain.com} Queuing DATA from network@etp08.etp.na.blackberry.net, Tag=-181814878, EntryId=6

2. MESSAGING AGENT Encryption Key is generated:[40000] (10/13 10:18:47):{0xAB8} {User@Domain.com} Generating 3DES key

3. MESSAGING AGENT Service Book request is sent to the Policy Server:[40000] (10/26 09:14:10):{0x173C} {User@Domain.com} *** OTAKEYGEN *** Queuing service book data to Policy Server

Slide *

Enterprise Activation Sequence LogsPOLICY SERVER Policy Server sent the IT Policy to the BlackBerry device:[30000] (10/26 09:30:57):{0xC10} {User@Domain.com, PIN:2006D269, ID:1}RequestHandler::SendQueuedITAdminCommandToDevice Sending data to device, contentType=ITADMIN, size=296, RefId=0, TransactionId=-1049021622, Tag=7

POLICY SERVERIT Policy was successfully delivered to the BlackBerry device:[40000] (10/26 09:31:03):{0x1C50} {User@Domain.com, PIN:2006D269,ID:1}RequestHandler::HandleITADMINDataCommand - ITPolicy Success Ack for the command SET_IT_POLICY_COMMAND - Processing packet, Tag=5867068

6. POLICY SERVER Policy Server sends the Service Books to the BlackBerry device:[40000] (10/26 09:31:03):{0x2228} {User@Domain.com, PIN:2006D269, ID:1}RequestHandler::SendServiceBooks - Sending service book data to device

Slide *

Enterprise Activation Sequence Logs7.POLICY SERVERService books have been delivered to the BlackBerry device:[40000] (11/18 09:01:33):{0x12F0} {User@Domain.com} ***OTAKEYGEN *** received packet was successfully decrypted

8a. MESSAGING AGENT The BlackBerry device should be active and able to send and receive: [40446] (10/26 09:14:10):{0x173C} {User@Domain.com} Device just activated on this server

8b. MESSAGING AGENT Email pre-population triggered for the user: [20477] (11/18 09:00:39):{0x12F0} {User@Domain.com} New or Changed Device; email pre-population triggered

Slide *

Enterprise Activation Sequence Logs9.MESSAGING AGENT: The Calendar slow-sync is started:[40753] (10/26 09:15:00):{0x173C} {User@Domain.com} Receiving CICAL_SLOW_SYNC request from device, Tag=55, TransactionId= 456888726

10. SYNC SERVER: Slow-Sync has been initiated by the BlackBerry device: [46046] (11/18 09:01:39):{0xC38} [SYNC-DSession] Received "GetConfig" command from device. [Joe User:7]

11. SYNC SERVER: Slow-Sync has completed and activation should now be done: [36023] (10/15 11:03:45):{0xAC0} [SYNC-DSession] *** SLOWSYNC COMPLETE *** [User, Joe:7]

Slide *

Questions & AnswersThank You

* Welcome and IntroductionsInvite others to introduce themselvesThank them for their interest in the program

Discuss HousekeepingBreaks in morning and afternoonCurrently targeting 45-1 hour for lunch with a targeted stop time of : 4:30Lunch will be. . . Washrooms are located. . . Testing***********BlackBerry Enterprise Software v4.0 will offer the ability to wirelessly provision the device. Your user buys a BlackBerry handheld, but they dont have to bring it into the office to cradle it to get it provisioned.In fact, nobody in IT has to touch it. You do it over the air and in 15-20 minutes, theyre up and running with a BlackBerry handheld, never having cradled it.The security is based on using something called SPEKE, Simple Password-authenticated Exponential Key Exchange. It says Im going to prove that Im a BlackBerry user on your server and youre going to accept that I have enough information to prove that I am.

*********