Install and configure the BlackBerry Connectivity Node
BlackBerry Connectivity Node
- In the management console, on the menu bar, clickSettings > External integration > BlackBerry Connectivity Node setup. Click
and download the setup application for the BlackBerry Connectivity Node. If you want to add theBlackBerry Connectivity Nodeinstance to an existing server group when you activate it, in theServer groupdrop-down list, click the appropriate server group. Generate and save the activation file. The activation file is valid for 60 minutes. - Transfer the setup application and the activation file to the computer that you want host theBlackBerry Connectivity Nodeinstance. Complete the steps below on that computer.
- Run theBlackBerry Connectivity Nodesetup application.
- Choose your language. ClickOK.
- ClickNext.
- Select your country or region. Read and accept the license agreement. ClickNext.
- The installation program verifies that your computer meets the installation requirements. ClickNext.
- To change the installation file path, click...and navigate to the file path that you want to use. ClickInstall.
- When the installation completes, clickNext.The address of theBlackBerry Connectivity Nodeconsole is displayed (http:/localhost:8088). Click the link and save the site in your browser.
- Select your language. ClickNext.
- When you activate theBlackBerry Connectivity Node, it sends data over port 443 (HTTPS) to theBlackBerry Infrastructure(for example na.bbsecure.com or eu.bbsecure.com). After it is activated, theBlackBerry Connectivity Nodeuses port 3101 (TCP) for all other outbound connections through theBlackBerry Infrastructure. If you want to send data from theBlackBerry Connectivity Nodethrough an existing proxy server behind your organization's firewall, clickClick here to configure the proxy settings for your organization’s environment, select theProxy serveroption, and do any of the following:
- To send activation data through a proxy server, in theEnrollment proxyfields, type the FQDN or IP address and the port number of the proxy server. The proxy server must be able to send data over port 443 to bbsecure.com. ClickSave.
- To send other outbound connections from the components of theBlackBerry Connectivity Nodethrough a proxy server, in the appropriate fields, type the FQDN or IP address and the port number of the proxy server. The proxy server must be able to send data over port 3101 to bbsecure.com. ClickSave.
- In theFriendly namefield, type a name for theBlackBerry Connectivity Node. ClickNext.
- ClickBrowse. Select the activation file.
- ClickActivate.If you want to add aBlackBerry Connectivity Nodeinstance to an existing server group when you activate it, your organization's firewall must allow connections from that server over port 443 through theBlackBerry Infrastructureto activate theBlackBerry Connectivity Nodeand to the same bbsecure.com region as the mainBlackBerry Connectivity Nodeinstance.
- Click
and select the type of company directory that you want to configure. - Follow the steps for your organization’s directory type:Directory typeStepsMicrosoft Active Directory
- In theConnection namefield, type a name for the directory connection. If you have aMicrosoft Entra IDdirectory configured, this connection name must be different than the name of theEntradirectory connection.
- In theUsernamefield, type the username of theMicrosoft Active Directoryaccount.
- In theDomainfield, type the FQDN of the domain that hostsMicrosoft Active Directory. For example, domain.example.com.
- In thePasswordfield, type the password of theMicrosoft Active Directoryaccount.
- In theDomain controller discoverydrop-down list, click one of the following:
- If you want to use automatic discovery, clickAutomatic.
- If you want to specify the domain controller computer, clickSelect from list below. Click and type the FQDN of the computer. Repeat this step to add more computers.
- In theGlobal catalog search basefield, type the search base that you want to access (for example, OU=Users,DC=example,DC=com). To search the entire Global Catalog, leave the field blank.
- In theGlobal catalog discoverydrop-down list, click one of the following:
- If you want to use automatic catalog discovery, clickAutomatic.
- If you want to specify the catalog computer, clickSelect from list below. Click and type the FQDN of the computer. If necessary, repeat this step to specify more computers.
- If you want to enable support for linkedMicrosoft Exchangemailboxes, in theSupport for linked Microsoft Exchange mailboxesdrop-down list, clickYes.To configure theMicrosoft Active Directoryaccount for each forest that you wantUEM Cloudto access, in theList of account forestssection, click. Specify the forest name, user domain name (the user can belong to any domain in the account forest), username, and password.
- To synchronize more user details from your company directory, select theSynchronize additional user detailscheck box. The additional details include company name and office phone.
- ClickSave.
LDAP directory- In theConnection namefield, type a name for the directory connection. If you have aMicrosoft Entra IDdirectory configured, this connection name must be different than the name of theEntradirectory connection.
- In theLDAP server discoverydrop-down list, click one of the following:
- If you want to use automatic discovery, clickAutomatic. In theDNS domain namefield, type the DNS domain name.
- If you want to specify the LDAP computer, clickSelect server from list below. Click and type the FQDN of the computer. Repeat this step to add more computers.
- In theEnable SSLdrop-down list, select whether you want to enable SSL authentication for LDAP traffic. If you clickYes, clickBrowseand select the SSL certificate for the LDAP computer.
- In theLDAPport field, type the port number of the LDAP computer.
- In theAuthorization requireddrop-down list, select whetherUEM Cloudmust authenticate with the LDAP computer. If you clickYes, type the username and password of the LDAP account. The username must be in DN format (for example, CN=Megan Ball,OU=Sales,DC=example,DC=com).
- In theSearch basefield, type the search base that you want to access (for example, OU=Users,DC=example,DC=com).
- In theLDAP user search filterfield, type the filter that you want to use for LDAP users. For example: (&(objectCategory=person)(objectclass=user)(memberOf=CN=Local,OU=Users,DC=example,DC=com)).
- In theLDAP user search scopedrop-down list, click one of the following:
- If you want user searches to apply to all levels below the base DN, clickAll levels.
- If you want to limit user searches to one level below the base DN, clickOne level.
- In theUnique identifierfield, type the attribute for each user’s unique identifier (for example, uid). The attribute must be immutable and globally unique for every user.
- In theFirst namefield, type the attribute for each user’s first name (for example, givenName).
- In theLast namefield, type the attribute for each user’s last name (for example, sn).
- In theLogin attributefield, type the attribute for each user’s login attribute (for example, cn). This attribute is used for the value that users type to log in toBlackBerry UEM Self-Servicewith their directory credentials.
- In theEmail addressfield, type the attribute for each user’s email (for example, mail).
- In theDisplay namefield, type the attribute for each user’s display name (for example, displayName).
- To synchronize more user details from your company directory, select theSynchronize additional user detailscheck box. The additional details include company name and office phone.
- To enable directory-linked groups, select theEnable directory-linked groupscheck box. For more information about directory-linked groups, see Enable directory-linked groups.
- ClickSave.
- In the management console, clickSettings > External integration > BlackBerry Connectivity Node setup.
- In theStep 4: Test connectionsection, clickNext.
To view the status of a
BlackBerry Connectivity Node
instance, in the management console, on the menu bar, click Settings > External integration > BlackBerry Connectivity Node status
.- To install additionalBlackBerry Connectivity Nodeinstances, download the installation and activation files again and repeat this task on a different computer. This should be done after the first instance is activated.
- If you install more than oneBlackBerry Connectivity Node, you must configure identical directory connections on each instance. You can use theBlackBerry Connectivity Nodeconsole to export the directory connections for an instance (.txt file), then transfer and import those connections to a differentBlackBerry Connectivity Nodeusing the console for that instance. Remove any existing directory connections from an instance before you import directory configurations.
- Optionally, Create a server group to manage regional connections.
- If you want to send data through an HTTP proxy before it reaches theBlackBerry Dynamics NOC, in theBlackBerry Connectivity Nodeconsole, clickGeneral settings > BlackBerry Router and proxy. Select theEnable HTTP proxycheck box and configure the proxy settings.
- If you want to change the default settings forBlackBerry Connectivity Nodeinstances, in the management console, on the menu bar, clickSettings > External integration > BlackBerry Connectivity Node setupand click
. You can change logging settings, disable instances of the BlackBerry Gatekeeping Service, and configureBlackBerry Secure Gatewaysettings. - When you are notified of an update to theBlackBerry Connectivity Node, repeat this task to upgrade each instance. Use theBlackBerry Connectivity Nodeconsole to record or export directory configurations. You must upgrade all instances of theBlackBerry Connectivity Nodeto the same version. When you upgrade the first instance, directory services are disabled until all of the nodes are upgraded to the same version.
- For instructions for enablingBlackBerry Secure Connect Plus, see Using BlackBerry Secure Connect Plus for connections to work resources in the Administration content.
- For instructions for enabling theBlackBerry Secure Gateway, see Protecting email data sent to iOS devices using the BlackBerry Secure Gateway in the Administration content.
- For instructions for configuring theBlackBerry Gatekeeping Service, see Controlling which devices can access Exchange ActiveSync in the Administration content.