Skip Navigation

Outbound connections:
BlackBerry UEM
to the
BlackBerry Infrastructure

BlackBerry UEM
must connect with and receive data from the
BlackBerry Infrastructure
to perform tasks.
BlackBerry UEM
connects with the
BlackBerry Infrastructure
over the outbound-initiated, two-way port 3101 (TCP).
Your organization's firewall must allow outbound two-way connections over port 3101 to
<region>
.srp.blackberry.com,
<region>
.bbsecure.com, and
<region>
.turnb.bbsecure.com.
If you install the device connectivity components (the
BlackBerry Connectivity Node
) on a separate computer, your organization's firewall must allow connections from that computer over port 443 through the
BlackBerry Infrastructure
(
<region>
.bbsecure.com) to activate the
BlackBerry Connectivity Node
. All other outbound connections from the
BlackBerry Connectivity Node
use port 3101 through the
BlackBerry Infrastructure
(
<region>
.bbsecure.com). To add a
BlackBerry Connectivity Node
instance to an existing server group when you activate it, your organization's firewall must allow connections from that server over port 443 through the
BlackBerry Infrastructure
(
<region>
.bbsecure.com) and to the same bbsecure.com region as the Core server.
You have the option of routing data from
BlackBerry UEM
through your organization's TCP proxy server to the
BlackBerry Infrastructure
. If you choose to send data through a proxy server, configure the firewall to allow the following outbound two-way connections:
  • Use port 3102 as the default listening port to connect the
    BlackBerry UEM
    components to the TCP proxy server
  • Use port 3101 as the default listening port to connect the components that manage
    BlackBerry
    OS devices to the TCP proxy server
If you configure
BlackBerry UEM
to use a TCP proxy server, verify that the proxy allows connections over port 3101 to
<region>
.srp.blackberry.com,
<region>
.bbsecure.com, and
<region>
.turnb.bbsecure.com.
This diagram shows how BlackBerry UEM connects to the BlackBerry Infrastructure over port 3101
Activities initiated by the
BlackBerry UEM Core
over the port 3101 connection to the
BlackBerry Infrastructure
Purpose
Description
Authenticate
BlackBerry UEM
Connect to the authentication service to authenticate the
BlackBerry UEM
installation and allow the components to use the
BlackBerry Infrastructure
services.
Enable licenses
Connect to the licensing infrastructure to activate your organization’s server licenses and to enable
iOS
,
Android
, and
Windows
devices to use SIM licenses obtained from your service provider.
Request a signed CSR
Connect to the signing infrastructure so you can request a certificate signing request (CSR) from
BlackBerry
. You use the signed CSR to obtain and register an
Apple
Push Notification Service (APNs) certificate, which you require to manage
iOS
devices.
Communicate with notification services
Connect to the
BlackBerry Infrastructure
to send data to the appropriate notification service for supported device types (APNs, FCM, or WNS).
Discover server connection during activation
Connect to the discovery service so that
BlackBerry UEM
can find and use the server connection automatically when users activate devices. If you turn off this connection, users must specify the server manually when they activate devices.
Update device OS data
Connect to the
BlackBerry Infrastructure
every 24 hours to check a hosted metadata file for new device or OS data. Updates are downloaded to the
BlackBerry UEM
database.
Search for apps
Connect to the
BlackBerry Infrastructure
and then to the
App Store
or
BlackBerry World
so that you can search for apps to add to the available app list.
Purchase and push apps to
iOS
devices
Connect to the
BlackBerry Infrastructure
and then to the
App Store
to allow you to buy and push apps to
iOS
devices.
Activities initiated by
BlackBerry Secure Connect Plus
over the port 3101 connection to the
BlackBerry Infrastructure
Purpose
Description
Secure connection from work apps to work resources
Connect to the
BlackBerry Infrastructure
to provide
Android Enterprise
, and
Samsung Knox
devices with a secure connection to work resources using
BlackBerry Secure Connect Plus
.
Activities initiated by the components of the
BlackBerry Connectivity Node
over the port 3101 connection to the
BlackBerry Infrastructure
Purpose
Description
Establish secure device connections to work resources
You can install one or more instances of the
BlackBerry Connectivity Node
to add additional instances of the device connectivity components to your organization’s domain. Each
BlackBerry Connectivity Node
contains the following
BlackBerry UEM
components:
  • BlackBerry Secure Connect Plus
    : Connects to the
    BlackBerry Infrastructure
    to provide devices with a secure connection to work resources
  • BlackBerry Secure Gateway
    : connects to the
    BlackBerry Infrastructure
    to provide
    iOS
    devices with the
    MDM controls
    activation type with a secure connection to your organization’s mail server
  • BlackBerry Gatekeeping Service
    : Connects through the
    BlackBerry Infrastructure
    to the primary
    BlackBerry UEM
    components and the
    Microsoft Exchange Server
    or
    Microsoft Office 365
    for
    Exchange ActiveSync
    gatekeeping
  • BlackBerry Cloud Connector
    : Connects to the
    BlackBerry Infrastructure
    to allow the
    BlackBerry Connectivity Node
    components to communicate with the primary
    BlackBerry UEM
    components
The
BlackBerry Connectivity Node
also includes the
BlackBerry Proxy
, which maintains the secure connection between your organization and the
BlackBerry Dynamics NOC
. The
BlackBerry Proxy
does not use the 3101 connection.