Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.19
  3. Managing secure connections
  4. Managing work connections using profiles
  5. Using BlackBerry Secure Connect Plus for connections to work resources
  6. Server and device requirements for BlackBerry Secure Connect Plus

Server and device requirements for
BlackBerry Secure Connect Plus

To use
BlackBerry Secure Connect Plus
, your organization's environment must meet the following requirements.
For the
BlackBerry UEM
 domain:
Environment
Requirements
All
UEM
 environments
  • Your organization's firewall must allow outbound connections over port 3101 to
    <region>
    .turnb.bbsecure.com and
    <region>
    .bbsecure.com. If you configure
    UEM
     to use a proxy server, verify that the proxy server allows connections over port 3101 to these subdomains.
  • In each
    UEM
     instance, the
    BlackBerry Secure Connect Plus
     component must be running.
  • By default,
    Android Enterprise
     devices are restricted from using
    BlackBerry Secure Connect Plus
     to connect to
    Google Play
     and underlying services (com.android.providers.media, com.android.vending, and com.google.android.apps.gcs).
    Google Play
     does not have proxy support.
    Android Enterprise
     devices use a direct connection over the Internet to
    Google Play
    . These restrictions are configured in the Default enterprise connectivity profile and in any new enterprise connectivity profiles that you create. It is recommended to keep these restrictions in place. If you remove these restrictions, you must contact
    Google Play
     support for the firewall configuration required to allow connections to
    Google Play
     using
    BlackBerry Secure Connect Plus
    .
  • If you use an email profile to enable the
    BlackBerry Secure Gateway
     for
    iOS
     devices, it is a best practice to configure per-app VPN for
    BlackBerry Secure Connect Plus
    .
UEM
 on-premises
  • If your environment includes
    Knox Workspace
     or
    Android Enterprise
     devices with
    BlackBerry Dynamics
     apps, see Optimize secure tunnel connections for Android devices that use BlackBerry Dynamics apps.
  • Optionally, you can install additional
    BlackBerry Secure Connect Plus
     instances by installing more than one
    BlackBerry Connectivity Node
    .
  • Optionally, you can create a server group to direct
    BlackBerry Secure Connect Plus
     traffic to a specific regional path to the BlackBerry Infrastructure.
UEM Cloud
  • You must install the
    BlackBerry Connectivity Node
     or upgrade to the latest version. When you install or upgrade the
    BlackBerry Connectivity Node
    ,
    BlackBerry Secure Connect Plus
     is also installed or upgraded. You must make sure that you activate the
    BlackBerry Connectivity Node
     before you enable
    BlackBerry Secure Connect Plus
    .
  • If you route the data that travels between
    BlackBerry Secure Connect Plus
     and the
    BlackBerry Infrastructure
     through a TCP proxy server (transparent or SOCKS v5), you can configure the proxy settings using the
    BlackBerry Connectivity Node
     management console (General settings > Proxy).
For supported devices:
Profile
Description
iOS
 and
iPadOS
  • Devices must be activated using the
    BlackBerry UEM Client
    ; for
    Apple
     DEP devices, you must distribute the
    UEM Client
     to users from
    UEM
    , then instruct users to open the
    UEM Client
     and complete the setup process
  • MDM controls activation type
Android Enterprise
Any of the following activation types:
  • Work space only (Premium)
  • Work and personal - full control (Premium)
  • Work and personal - user privacy (Premium)
Samsung Knox Workspace
  • A supported version of
    Samsung Knox
  • Any of the following activation types:
    • Work and personal - full control (
      Samsung Knox
      )
    • Work and personal - user privacy (
      Samsung Knox
      )