Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Dynamics
  3. Configuring Direct Connect with BlackBerry UEM
  4. Deployment options
  5. Proxy forwarding

Proxy forwarding

You can install an HTTP forward proxy server that supports HTTP Connect in the DMZ. The 
BlackBerry Connectivity Node
 remains inside the corporate network. In this configuration, only the 
BlackBerry Connectivity Node
 is reachable from the DMZ proxy instead of exposing multiple app servers to the DMZ. 
BlackBerry Dynamics
 apps make an HTTP Connect request to the DMZ proxy and request a connection to the 
BlackBerry Connectivity Node
. The DMZ proxy then makes the connection to the 
BlackBerry Connectivity Node
. When it is connected to the 
BlackBerry Connectivity Node
, the 
BlackBerry Dynamics
 app establishes a TLS connection and authenticates to the 
BlackBerry Proxy
You can configure one DMZ proxy for multiple 
BlackBerry Connectivity Node
 instances, or configure a unique DMZ proxy for each 
BlackBerry Connectivity Node
 instance. You must provide the FQDN of the DMZ proxy in the 
BlackBerry UEM
 management console for each 
BlackBerry Connectivity Node
.
 The benefits of this approach are:
  • You don't need to port forward directly from the edge network to the internal corporate network as with the port forwarding option. You can set up a DMZ. The web proxy in the DMZ connects to the 
    BlackBerry Connectivity Node
     servers in the internal corporate network.
  • The internal 
    BlackBerry Connectivity Node
     address is not exposed to the internet as it is in the port forwarding option.
BlackBerry Dynamics
 apps make an HTTP Connect request to the DMZ proxy and request a connection to 
BlackBerry Connectivity Node
. The DMZ proxy then makes the connection to the 
BlackBerry Connectivity Node
. When connected to the 
BlackBerry Connectivity Node
, the 
BlackBerry Dynamics
 app establishes a TLS connection and authenticates to the 
BlackBerry Proxy
Forward proxy servers used for 
Direct Connect
 must meet the following requirements:
  • Support the HTTP Connect method
  • Be able to communicate with the 
    BlackBerry Proxy
     server via TCP port 17533
  • Be able to resolve the 
    BlackBerry Proxy
     server's hostname
  • Allow an inbound port (this port is arbitrary)
  • Have a publicly resolvable DNS hostname
Direct Connect using DMZ proxy