Using a segmented network to prevent the spread of malware
To help prevent the spread of malware in your organization’s network, you can use firewalls to divide your organization’s network or LAN into segments to create a segmented network. Each segment can manage the network traffic for a specific BlackBerry® Enterprise Server component. A segmented network is designed to improve the security and performance of the segments by filtering out data that is not sent to the correct segment.
To configure the BlackBerry Enterprise Server in a segmented network, you must install each BlackBerry Enterprise Server component on a computer that is separate from the computers that host other components and then place each computer in its own network segment. If you configure the BlackBerry Enterprise Server in a segmented network, you create an architecture that is designed to prevent the spread of potential attacks from one computer that hosts a component to another computer within your organization’s LAN. A segmented network architecture is designed to isolate attacks and contain them on one computer. To permit communication with other components, when you install each component in its own segment, you open only the port numbers that the components use.
The BlackBerry Enterprise Server and components, with the exception of the BlackBerry Router, do not support installation in a DMZ. For more information about configuring the BlackBerry Router in the DMZ, see Placing the BlackBerry Router in the DMZ.