BLACKBERRY ENTERPRISE SERVER SERVICES.

• Blackberry Attachment Service: Blackberry Attachment Service converts supported message attachments into format users can view on their Blackberry Devices.
  
• Blackberry Collaboration Service: Blackberry Collaboration Service provides connection between organizations IM Server and Enterprise IM application on devices.
  
• Blackberry Configuration Database: Blackberry Configuration Database is a relational Database that contains configuration data that BES components use. It includes :
  
  • Details about the connection from BES to wireless network.
    
  • User list.
    
  • Address mappings between PINS and email address for Blackberry MDS Connection Service push features.
    
  • Read only copy of each master encryption key.
    

  
   

• Blackberry Controller:
  Blackberry Controller monitors the BES Services and restarts them if they stop responding.
  
• Blackberry Dispatcher:
  Blackberry Dispatcher compresses and encrypts all the data that is sent to and from BB devices. It sends the data through the Blackberry Router to and from wireless network.
  
• Blackberry Manager:
  Blackberry Manager connects to the Blackberry Configuration DB. It's used to manage the BB Domain, including user accounts and device administration. The BB Domain consists of a single BB Configuration Database and all the BES Servers instances that use it.
  
• Blackberry MDS Connection Service: BB MDS Connection Service allows BB devices to access web content, Internet, Organization's Intranet. It allows BB devices to connect to the intranet application or content servers for application data.
  
• Blackberry MDS Integration Service:
  BB Integration Service provides application level integration for BB MDS runtime applications on BB devices. You can use MDS Integration Service to install BB MDS runtime applications that are stored in MDS Application Repository on BB Devices. You can also use Integration Service to add, remove, and update applications.
  
• Blackberry MDS Application Repository: Blackberry MDS Application Repository stores BB MDS runtime applications that developers can create and publish the MDS Studio or the BB plug in for MS Visual Studio Developer tools.
  
• Blackberry Messaging Agent: BB Messaging Agent connects to your organizations messaging Server to provide messaging services, calendar management, address lookups attachment viewing, attachment download, and encryption key generation. It also acts as a gateway for BB synchronization service to access organizer data on messaging server. BB Messaging Agent synchronizes configuration DB and user mailboxes.
  
• BB Policy Service:
  BB Policy Service performs administrative service over wireless network. It sends IT Policies and IT Administration commands and provisions Service Books. It also sends service books to configure feature and component setting on BB Devices.
  
• Blackberry Router:
  BB Router connects to wireless network to send data to and from BB Devices. It also sends data within organization's network to BB devices that are connected to computers BB Device Manager.
  
• Blackberry Synchronization Service:
  BB synchronization service synchs organizer data between BB Devices and messaging server over wireless networks.
  

 

 

 

Architecture:

 

 

 

 

Blackberry Enterprise Server Message Flow:

 

 

 

 

Message Flow from Messaging Server to BB Device:

    

1. New Email message arrives in a user email box. Microsoft Exchange notifies the BB Messaging Agent.
   
2. BB Messaging Agent applies global filter rules to the message in the user's mailbox and filters the message which doesn't match the criteria.
   
3. BB Messaging Agent sends the first 2KB of the message to the BB Dispatcher.
   
4. BB Dispatcher compresses the first 2KB of the message, encrypts it with master encryption key of the BB device, and sends the encrypted message to BB Router.
   
5. BB Router sends the encrypted data to the wireless network over port 3101.
   
6. Wireless network verifies that the PIN belongs to a valid BB Device that's registered with the wireless network and sends the message data to the BB Device.
   
7. BB Device sends a confirmation to the BB Dispatcher. BB Dispatcher sends confirmation to the BB Agent. If the Messaging Agent did not receive any confirmation in 4 hours the Messaging Agent resends the message to wireless network again.
   
8. BB Device decrypts the message and decompresses the message so that the user can view it, and notifies user that new message has arrived.
   

 

Message flow from BB Device to Messaging Server:

 

1. A user sends message from BB Device. The BB Device assigns a "Refld" to the message. If the message is a meeting request, or calendar entry, BB Device appends the calendar information to a message.
   
2. BB Device encrypts the message and sends the message to the wireless network over port 3101.
   
3. The wireless network sends the message to the BES Enterprise server.
   
4. BB Dispatcher uses the master encryption key of the BB Device to decrypt and decompresses the message.
   
5. The BB Messaging Agent sends the message to the user's application.
   
6. BB Messaging Agent sends a copy of the message to the Sent Items view in the users email application.
   
7. The Messaging server delivers the message to the recipients.
   

 

Instant Messaging Session with BB Client and LCS 2005 Server:

 

 

 

1. User logs on to a collaboration client on a BB Device.
   
2. BB device compresses and encrypts the user ID and password and sends them through the BB Router to the Dispatcher over port 3101.
   
3. BB Dispatcher Service sends the request to the BB Collaboration Service over port 3200. If the BB Collaboration Service is located on remote computer, then the requests still remains encrypted using RIM proprietary protocol.
   
4. The BlackBerry Collaboration Service checks the BlackBerry Configuration Database to find out if the maximum number
   
5. of instant messaging sessions has been reached, and performs one of the following actions:
   
6. If the maximum number of sessions has been reached and a timeout limit is set, the BlackBerry Collaboration Service logs out any instant messaging sessions on BlackBerry devices that are out of coverage, and any instant messaging sessions that are no longer sending status messages to the BlackBerry Collaboration Service. If there are no idle sessions, the BlackBerry Collaboration Service sends a "Server Busy" status message to the BlackBerry device and rejects the login request. If the maximum number of sessions is not set and the number of sessions equals the total number that the Microsoft® Real-Time Communications API supports, the BlackBerry Collaboration Service sends a "Failed" status message to the BlackBerry device and rejects the login request
   
7. BB Collaboration Service then checks with Configuration Database to check whether the user has permission to use the collaboration client and places the request in queue for IM Connector.
   
8. On the computer that hosts the Blackberry Collaboration Service the MSMQ software version 3.0 or later sends the request in XMPP format, encrypted with AES to IM Connector. BB Collaboration Service opens the connection using TLS.
   
9. BB IM Connector creates a RTC client object for the session which maintains an open TLS connection between the collaboration client and LCS Server 2005 for the duration of the session.
   
10. BB IM Connector returns the acceptance to the local queue on the BB Collaboration Service.
    
11. The BlackBerry Collaboration Service returns the acceptance, in encrypted and compressed format, through the BlackBerry Dispatcher to the BlackBerry device, and creates a cache of the connectivity information to maintain the new instant messaging session.
    
12. The collaboration client on the BlackBerry device starts the instant messaging session using the RTC connection object.
    

 

Message Attachment Flow:

1. A user receives a message with an attachment on a BB Device.
   
2. BB Messaging Agent verifies that the format of the attachment is valid for conversion.
   
3. IF the format is not valid "Open Attachment" Option does not appear on the BB Device. If valid then the user clicks "Open Attachment" option.
   
4. Attachment viewer sends a request to the BB Messaging Agent which connects to BB Attachment Service over port 1900.
   
5. BB Attachment Service retrieves the attachment in binary format from the user's message stores using BB Messaging Agent link to the Messaging Server. The BlackBerry Attachment Service distills the attachment and extracts the content, layout, appearance, and navigation information from it.
   
6. The BlackBerry Attachment Service organizes, stores, and links the information in a proprietary DOM in a binary XML style.
   
7. The BlackBerry Attachment Service formats the attachment for the BlackBerry device and converts the formatting is based on the request for content (for example, page and paragraph information, or the available BlackBerry device information (for example, screen size, display, or available space).
   
8. The BlackBerry Attachment Service sends the UCS data to the BlackBerry Messaging Agent using a TCP/IP connection over port 1900.
   
9. The BlackBerry Messaging Agent sends the converted attachment to the BlackBerry Dispatcher.
   
10. The BlackBerry Dispatcher compresses the first portion of the attachment, encrypts it with the master key of the BlackBerry device, and sends the first portion of the attachment to the BlackBerry Router.
    
11. The BlackBerry Router sends the first portion of the attachment to the wireless network over port 3101, which verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network.
    
12. The wireless network delivers the attachment to the BlackBerry device. The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher, which sends it to the BlackBerry Messaging Agent. If the BlackBerry Enterprise Server does not receive a delivery confirmation within 4 hours, it sends the attachment data to the wireless network again.
    

 

Activating Blackberry device over wireless network.

 

1. User contacts IT to activate the BB Device.
   
2. Administrator uses BB Manager to create a temporary activation password for the user account and communicates the password to the user.
   
3. To activate the device over wireless network, the user opens the activation application on BB Device and types the appropriate email address and the activation password.
   
4. BB Device sends an activation request message to the email account. The message contains information about the BB device, such as routing information and the public keys for the BB Device.
   
5. BES sends the BB device an activation response that contains routing information about the BES server and the public keys for the BES Server.
   
6. BES and the BB Device establish a master encryption key. BES and BB Device confirm knowledge of the master encryption key to one another. If the confirmation succeeds, the activation proceeds and further communication between BES and the BB device is encrypted.
   
7. BES sends the IT Policy to the BB Device. If the BB Device cannot accept the IT Policy the activation does not complete.
   
8. BES sends the appropriate service books to BB Device. The user now can send and receive messages on the BB device.