Integrating the BlackBerry MVS with a BlackBerry Enterprise Server
The BlackBerry Enterprise Server is designed to be a secure, centralized link between your organization's wireless network, communications software, applications, and BlackBerry devices. The BlackBerry MVS uses the BlackBerry Enterprise Server solution to provide security and authentication between BlackBerry devices and your organization's voice infrastructure. The BlackBerry Enterprise Server supports AES and Triple DES encryption to help protect and make sure the integrity of wireless data that is transmitted between the BlackBerry Enterprise Server components and devices.
BlackBerry Configuration Database
The BlackBerry Mobile Voice System uses an existing BlackBerry Configuration Database to obtain all configuration and provisioning information for the BlackBerry MVS users. During the installation of the BlackBerry MVS software, in the BlackBerry MVS set up application, you type the Microsoft SQL Server name, IP address, database name and port number of the BlackBerry Configuration Database. If you specify a port number for communication with the BlackBerry Configuration Database, this port number must match the port number that the BlackBerry MVS software uses. For more information about communication with the BlackBerry Configuration Database, see the BlackBerry MVS Installation guide.
The BlackBerry Mobile Voice System uses a security model that is designed to make sure that all communications between the BlackBerry MVS Server the BlackBerry Enterprise Server are encrypted. This model uses the BlackBerry inter-process protocol (BIPP), which is used to transmit data between the BlackBerry Enterprise Server and the BlackBerry MVS.
BlackBerry inter-process protocol encryption (BIPPe) is intended to encrypt inter-process communication between various BlackBerry solution components in order to help prevent outside parties from viewing transmitted data. The encryption is based on a password that the system administrator sets in the BlackBerry Configuration Panel after the BlackBerry Enterprise Server is installed. Before you install the BlackBerry MVS software, you should find out if this password is set and if a password is set, make sure that you use the same password during the configuration of the BlackBerry MVS software. For more information about setting or changing the secure communications password, refer to the BlackBerry MVS Administration Guide.
The BlackBerry solution includes the ability to create and distribute Wi-Fi settings to the BlackBerry device users that connect to an organization's Wi-Fi network. This can help reduce the number of actions that the user has to complete on the device to connect to the organization's network, and it can help reduce the number of calls to the support desk.
The BlackBerry Enterprise Server is designed to provide a centralized way to create, administrator, and assign Wi-Fi network settings to your organization's users. To deploy Wi-Fi network settings and authentication using the BlackBerry Enterprise Server , you create the Wi-Fi profiles on the BlackBerry Enterprise Server and assign them to users, which is intended to make sure that when the BlackBerry Mobile Voice System users are within range of the organization's Wi-Fi network, they are automatically connected and are able to use voice and data communication over the organization's Wi-Fi network. For more information about configuring Wi-Fi profiles and assigning them to users, see the BlackBerry Enterprise Server Administration Guide. For more information about creating a BlackBerry MVS Class of Service to make sure that users can use Voice over Wi-Fi, see the BlackBerry MVS Configuration Guide.
Before deploying the BlackBerry MVS, your organization should consider whether its Wi-Fi network supports Voice over Wi-Fi. For more information about planning your organization's Wi-Fi infrastructure, visit http://us.blackberry.com/ataglance/networks/deploying_wireless_lan.pdf to see the Considerations for Planning and Deploying a Wireless LAN document.
Your organization should also consider whether the BlackBerry MVS should connect to a separate Wi-Fi network than other endpoints, such as laptop computers, or use a different authentication process. All enterprise capable Wi-Fi equipment can support networks (distinguished by the SSID) and authentication mechanism by network. These types of Wi-Fi infrastructure considerations will help you determine what needs to be configured on the BlackBerry Enterprise Server.
All Wi-Fi enabled BlackBerry devices have a built-in IPSec-based VPN client that supports several types of VPN concentrators (which your organization owns). While using the integrated VPN client when connecting to other Wi-Fi networks, such as a home network or a Wi-Fi hotspot, you can still make Voice over Wi-Fi calls using the BlackBerry Mobile Voice System. The settings that are required for a VPN client to authenticate with a VPN concentrator depend on the type of VPN concentrator and its configuration settings. You can use the BlackBerry Enterprise Server to create a VPN configuration profile that you can send to BlackBerry devices remotely and over the wireless network, which helps eliminate the need for your organization's users to configure VPN settings. Your organization's BlackBerry Enterprise Server administrator should work with your security organization to configure the VPN profile, and then assign the VPN profile to the users that make Voice over Wi-Fi calls. When a BlackBerry MVS user wants to use BlackBerry MVS Voice over Wi-Fi calling, the user must assign the VPN profile to the Wi-Fi profile or to an existing saved Wi-Fi profile. For more information about configuring VPN profiles and assigning them to users, see the BlackBerry Enterprise Server Administration Guide.
BlackBerry Enterprise Server 5.0 SP3 introduced the ability to assign Wi-Fi and VPN profiles to a group. This feature allows administrators to create and configure the profiles once, assign them to a group, and then add users to that group as necessary. This is intended to reduce the administrative task of assigning profiles to users individually.
The integration of the BlackBerry Enterprise Server into the administration of device configuration is designed to provide the tools and mechanisms for the organization to reduce end-user setup, leading to fewer support calls. When an administrator configures the Wi-Fi and VPN profiles and pushes them over the wireless network from the BlackBerry Enterprise Server, users automatically receive the necessary settings to connect and authenticate with the organization’s Wi-Fi and VPN infrastructure with little or no end-user interaction. The settings appear on the device and users can connect to the appropriate networks and in conjunction with the remote BlackBerry MVS administration and configuration, they can automatically begin using the BlackBerry MVS after the remote provisioning process completes.
Making the BlackBerry MVS Client available
You can make the BlackBerry MVS Client available to BlackBerry Mobile Voice System users in the following ways:
- Using the BlackBerry Desktop Manager
- Hosting the BlackBerry MVS Client on an internal web server so that users can use the BlackBerry Browser to download the BlackBerry MVS Client manually
- Pushing the BlackBerry MVS Client using the BlackBerry Enterprise Server
You should consider using the BlackBerry Enterprise Server to push the BlackBerry MVS Client to your users because it permits you to schedule the software push and provides a seamless experience for both administrators and users.
For more information about making applications available to users, see the BlackBerry Enterprise Server Administration Guide.