Exploring the ways to activate your BlackBerry on a BES
Back when the new BB7 devices launched I wrote an article about the Enterprise Activation application compatibility issues with OS7. The article stirred up quite a bit of controversy and some really "interesting" comments, some of which told me that there is a need for some clarification on the different methods of activating a BlackBerry on a BlackBerry Enterprise Server (BES).
So let's look at the many options for activating on a BES and what actually occurs duing this mysterious Enterprise Activation. Are you sitting comfortably? Than we'll begin.
Activating your BlackBerry on a BES
Wired Activation
This is the old school way to activate a BlackBerry on a BES. Prior to version 4.0 this was the only way to activate. In order to activate a BlackBerry via the USB cable you will need your BlackBerry connected and either BlackBerry Desktop Software (DM) or BlackBerry Web Desktop Manager (WDM). If you're unfamiliar with WDM, it was introduced with BES 5.0 and it allows you to do many of the housekeeping parts of the standard DM but without the need of installing any software. WDM won't allow you to reload an OS but you can provision a new BlackBerry on the BES yourself and even initiate a device wipe.
The downside to WDM is that it requires a LAN connection to the BES. This means you must be either local behind the corporate firewall or have VPN access. This is generally not a problem for standard corporate users but for users like myself who are on a hosted Exchange BES solution, we get VPN access. To use WDM you will be given a local internal IP from the IT department which you plug into your web browser from inside the corporate firewall and login with you standard active directory credentials.
Standard DM offers you the option to connect from outside the corporate firewall using Remote Procedure Call over HTTPS. OK for those who don't have an MCSC, RPC over HTTPS is just a secure MAPI connection from your PC to the exchange server without the need of a dedicated VPN connection. This is useful to reduce bandwidth on a company with many remote users. Instead of a constant data connection via VPN you can operate Outlook in a cached mode and periodically query the exchange server for data requests. Translation more users can efficiently access the mail server remotely.
If you have your Outlook configured for RPC of HTTPS the BlackBerry DM software will use the same connection to allow your BlackBerry connect to the BES and allow for a cable activation. At this point one may want to ask why would a cable connection be required?
Why not just wireless activate? Imagine you lost your BlackBerry while traveling. Your carrier sends you a new device to your hotel and now you want to activate on the BES. If this happened overseas that would be a serious roaming bill. My carrier, Rogers charges $30/mb for data roaming - I find that option to be unacceptable. So the cable activation is quite necessary here. What if you are in a 2G only coverage area? If you're on AT&T that is a real possibility and that could take quite some time depending on the size of your information store.
Wireless Activation
As mentioned previously, wireless activation was introduced back with BES 4.0 and what a welcome addition this was! Imagine not having to live tethered to a USB cable for provisioning your BlackBerry. I've also been in corporate environments where it's been necessary to activate 50 to 100 devices at the same time, the USB option is simply unrealistic for this.
Although data usage applies, most would agree that this is the preferred activation method. When RIM first introduced the BES Express last year carriers were blocking the ability to do a wireless activation if you didn't subscribe to the higher cost BES data plans. Thankfully RIM decided to end that madness and introduced the Enterprise Activation App back in March.
But some may ask, if you don't have a secure connection the BES how does this mysterious type of activation happen? Great question! Let's look at how it happens.
The very first step is to obtain an Enterprise Activation password from your BES Admin.
Next step is to access the Enterprise Activation screen.
- OS 4.0 and 5.0 under Options, Advanced Options
- OS 6.0+ using Universal Search type "Enterprise Activation" and tap on the wrench
- If you don't have a BES data plan download the Enterprise Activation App from App World and tap on it from the home screen
Next is to enter your corporate email address and assigned password in the appropriate fields. Click "Activate"
The next process happens behind the scenes. Your BlackBerry will simply send an email to the address you typed. It will be a very bizzare looking email which will mean nothing except to the BES.
As long as the password your BES admin provided you was correctly entered into the activation screen you will quickly see the activation process begin to unfold.
The BlackBerry and the BES will exchange a common key that each will hold for data encryption and decryption. Once the email is setup all the services will begin downloading.
At this point you can sit back and relax, the BlackBerry will do all the work from here out. If you are activating as a brand new BES user the process will be very quick as you have little or no data to populate. If you are an existing BES user it could take some time, especially for databases like Phone Call Logs and Address Book.
Well that in a nutshell is how a BlackBerry Activates on a BES. In an article in the near future I'll share a couple of fun hacks that can be done with the Enterprise Activation screen.
Read more
BlackBerry's President of Enterprise talks about why they're opening up on MDM
BlackBerry's announcement today that they are opening BB10 to outside MDM platforms came as something of a surprise, so John Sims, President of Global Enterprise Services, took to explaining why BlackBerry is taking this route, and it all comes down to getting more customers who use mobile device management systems other than BES. MDM is no longer a meaningful point of...
BlackBerry warns of TIFF-based BES vulnerability
BlackBerry has recently issued a warning that enterprise servers could be remotely accessed when they process images in a TIFF format. Attackers would need to craft a specific web page and get someone with sufficient privileges to click on a link to that page on their BlackBerry. Alternatively, they could send an e-mail or an instant message with this image, and they wouldn't even have...
BlackBerry 10 Jam Enterprise Edition: My Perspective
Earlier this week I spent the day at the BlackBerry 10 JamEnterprise Edition that took place in London, UK. I will be totally honest with you and say that my knowledge of BES is pretty much zero, but I'm not one to miss out on a BlackBerry event because as well as learning new stuff there are always interesting people to meet and chat with. Chris did a great post after he attended the...
BoxTone launches first automated mobile device policy and compliance management engine
As any IT Admin will tell you, working with multiple platforms in a deployment stage can be rather tedious especially if you are working on a larger scale. Controlling and authorizing all those devices and different platforms with IT policies and security settings is no easy task. Larger organizations have managed to do it for years now without very much help from management systems but...