Enterprise customers host the BlackBerry® Enterprise Server behind their corporate firewall to enable access from BlackBerry devices to the corporate intranet. The BlackBerry® Mobile Data System component of the BlackBerry Enterprise Server includes the BlackBerry® MDS Services, which provides an HTTP and TCP/IP proxy service to let third-party Java® applications use it as a secure gateway for managing HTTP and TCP/IP connections to the intranet. When you use the BlackBerry Enterprise Server as an intranet gateway, all traffic between your application and the BlackBerry Enterprise Server is automatically encrypted using AES or triple DES encryption. Because the BlackBerry Enterprise Server resides behind the corporate firewall and provides inherent data encryption, applications can communicate with application servers and web servers that reside on the corporate intranet.

If your application connects to the Internet rather than to the corporate intranet, you might be able to use the BlackBerry Enterprise Server that belongs to the customer as a gateway. In this case, network requests travel behind the corporate firewall to the BlackBerry Enterprise Server, which makes the network request to the Internet through the corporate firewall. However, enterprise customers can set an IT policy to enforce that the BlackBerry Enterprise Server is the gateway for all wireless network traffic, including traffic destined for the Internet.

If your application connects to the Internet, and you are targeting non-enterprise customers, you can also use either the BlackBerry® Internet Service or the Internet gateway of the wireless server provider to manage connections.