Using a segmented network to prevent the spread of malware
To help prevent the spread of malware in your organization’s network, you can use firewalls to divide your organization’s network or LAN into segments and create a segmented network. Each segment can manage the network traffic for a specific BlackBerry® Enterprise Solution component. A segmented network is designed to improve the security and performance of the segments by filtering out data that is not sent to the correct segment.
To configure the BlackBerry Enterprise Solution in a segmented network, you must install each BlackBerry Enterprise Solution component on a computer that is separate from the computers that host other components and then place each computer in its own network segment. When you configure the BlackBerry Enterprise Solution in a segmented network, you create an architecture that is designed to prevent the spread of potential attacks from one computer that hosts a BlackBerry Enterprise Solution component to another computer within your organization’s LAN. A segmented network architecture is designed to isolate attacks and contain them on one computer. When you install each BlackBerry Enterprise Solution component in its own segment, to permit communication with other components, you open only the port numbers that the BlackBerry Enterprise Solution components use.
The BlackBerry Enterprise Server and BlackBerry Enterprise Server components, with the exception of the BlackBerry Router, do not support installation in a DMZ. For more information about configuring the BlackBerry Router in the DMZ, see Placing the BlackBerry Router in the DMZ.