Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Dynamics
  3. Configuring Direct Connect with BlackBerry UEM
  4. Deployment options
  5. Proxy forwarding

Proxy forwarding

You can install an HTTP forward proxy server that supports HTTP Connect in the DMZ. The
BlackBerry Connectivity Node
 remains inside the corporate network. In this configuration, only the
BlackBerry Connectivity Node
 is reachable from the DMZ proxy instead of exposing multiple app servers to the DMZ.
BlackBerry Dynamics
 apps make an HTTP Connect request to the DMZ proxy and request a connection to the
BlackBerry Connectivity Node
. The DMZ proxy then makes the connection to the
BlackBerry Connectivity Node
. When it is connected to the
BlackBerry Connectivity Node
, the
BlackBerry Dynamics
 app establishes a TLS connection and authenticates to the
BlackBerry Proxy
.
You can configure one DMZ proxy for multiple
BlackBerry Connectivity Node
 instances, or configure a unique DMZ proxy for each
BlackBerry Connectivity Node
 instance. You must provide the FQDN of the DMZ proxy in the
BlackBerry UEM
 management console for each
BlackBerry Connectivity Node
.
The benefits of this approach are:
  • You don't need to port forward directly from the edge network to the internal corporate network as with the port forwarding option. You can set up a DMZ. The web proxy in the DMZ connects to the
    BlackBerry Connectivity Node
     servers in the internal corporate network.
  • The internal
    BlackBerry Connectivity Node
     address is not exposed to the internet as it is in the port forwarding option.
BlackBerry Dynamics
 apps make an HTTP Connect request to the DMZ proxy and request a connection to
BlackBerry Connectivity Node
. The DMZ proxy then makes the connection to the
BlackBerry Connectivity Node
. When connected to the
BlackBerry Connectivity Node
, the
BlackBerry Dynamics
 app establishes a TLS connection and authenticates to the
BlackBerry Proxy
.
Forward proxy servers used for
Direct Connect
 must meet the following requirements:
  • Support the HTTP Connect method
  • Be able to communicate with the
    BlackBerry Proxy
     server via TCP port 17533
  • Be able to resolve the
    BlackBerry Proxy
     server's hostname
  • Allow an inbound port (this port is arbitrary)
  • Have a publicly resolvable DNS hostname
Direct Connect using DMZ proxy