BlackBerry UEM regional deployment Skip Navigation

BlackBerry UEM
regional deployment

This diagram shows how the
BlackBerry UEM
components connect together when one or more instances of the
BlackBerry Connectivity Node
are installed in a separate location. You can use server groups to specify the regional instance of the
BlackBerry Connectivity Node
that a device connects to.
Architecture diagram showing a regional installation of BlackBerry UEM
For information about the ports used for connections between components, see the Planning content.
Component name
Description
Primary
BlackBerry UEM
components
The primary
BlackBerry UEM
components include the
BlackBerry UEM Core
and all components installed with it on the same server.
BlackBerry UEM Core
The
BlackBerry UEM Core
is the central component of the
BlackBerry UEM
architecture. It consists of several subcomponents that are responsible for:
  • Logging, monitoring, reporting, and management functions
  • Authentication and authorization services
  • Scheduling and sending commands, IT policies, and profiles to devices
  • Sending user, policy, and other configuration data to
    BlackBerry Dynamics
    apps on devices.
BlackBerry UEM
database
The
BlackBerry UEM
database is a relational database that contains user account information and configuration information that
BlackBerry UEM
uses to manage devices and
BlackBerry Dynamics
apps.
BlackBerry MDS Connection Service
The
BlackBerry MDS Connection Service
provides a secure connection between
BlackBerry 10
devices and your organization's network when the device is not connected to your work
Wi-Fi
network or using a VPN connection.
BlackBerry Dispatcher
The
BlackBerry Dispatcher
provides secure connectivity using IPPP for
BlackBerry 10
devices.
BlackBerry Affinity Manager
The
BlackBerry Affinity Manager
is responsible for maintaining an active SRP connection between
BlackBerry 10
devices and the
BlackBerry Infrastructure
when the devices are not using
BlackBerry Secure Connect Plus
.
BlackBerry Gatekeeping Service
(primary)
The
BlackBerry Gatekeeping Service
sends commands to
Exchange ActiveSync
to add devices to an allowed list when devices are activated on
BlackBerry UEM
. Unmanaged devices that try to connect to an organization's mail server can be reviewed, verified, and blocked or allowed through the
BlackBerry UEM
management console by an administrator.
Management console and
BlackBerry UEM Self-Service
The Management console and
BlackBerry UEM Self-Service
provide a web-based user interface for administrator and user access to
BlackBerry UEM
. It can be installed separately from other
BlackBerry UEM
components.
You use the management console to manage system settings, users, devices, and apps.
Users can access
BlackBerry UEM Self-Service
to set an activation password and send commands, such as set password, lock device, and delete device data, to devices.
BlackBerry Connectivity Node
The
BlackBerry Connectivity Node
installs instances of the
BlackBerry UEM
device connectivity components to your organization’s domain on a different server than the
BlackBerry UEM Core
. Each
BlackBerry Connectivity Node
contains these components:
  • BlackBerry Cloud Connector
  • BlackBerry Proxy
  • BlackBerry Secure Connect Plus
  • BlackBerry Secure Gateway
  • BlackBerry Gatekeeping Service
If you have regional deployments of the
BlackBerry Connectivity Node
you must configure the connection between the
BlackBerry UEM Core
and the server group containing the regional
BlackBerry Connectivity Node
.
BlackBerry Cloud Connector
The
BlackBerry Cloud Connector
allows the
BlackBerry Connectivity Node
components to communicate with the
BlackBerry UEM Core
. All communication between the
BlackBerry Cloud Connector
and
BlackBerry UEM Core
travels through the
BlackBerry Infrastructure
.
BlackBerry Proxy
BlackBerry Proxy
maintains the secure connection between your organization and the
BlackBerry Dynamics NOC
. It also supports
BlackBerry Dynamics
Direct Connect, which allows app data to bypass the
BlackBerry Dynamics NOC
.
BlackBerry Secure Connect Plus
BlackBerry Secure Connect Plus
provides a secure IP tunnel between work apps on devices and your organization's network. One tunnel that supports standard IPv4 (TCP and UDP) data is established for each device through the
BlackBerry Infrastructure
.
BlackBerry Secure Gateway
The
BlackBerry Secure Gateway
provides a secure connection through the
BlackBerry Infrastructure
and
BlackBerry UEM
to your organization's mail server for
iOS
devices.
BlackBerry Gatekeeping Service
(
BlackBerry Connectivity Node
)
BlackBerry UEM
can use instances of
BlackBerry Gatekeeping Service
installed with the
BlackBerry Connectivity Node
to manage gatekeeping for your mail server. Each instance must be able to access your organization’s gatekeeping server.
If you want gatekeeping data to be managed only by the
BlackBerry Gatekeeping Service
that is installed with the primary
BlackBerry UEM
components, you can disable the
BlackBerry Gatekeeping Service
in each
BlackBerry Connectivity Node
BlackBerry Enterprise Mobility Server
BEMS
consolidates several services used to send work data to and from
BlackBerry Dynamics
apps, including:
BlackBerry Push Notifications
,
BlackBerry Connect
,
BlackBerry Presence
, and
BlackBerry Docs
.
BlackBerry Enterprise Mobility Server
databases
The
BEMS
databases store user, app, policy, and configuration information.
BlackBerry Infrastructure and BlackBerry Dynamics NOC
The
BlackBerry Infrastructure
registers user information for device activation, validates licensing information for
BlackBerry UEM
and provides a trusted path between the organization and every user based on strong, cryptographic, mutual authentication.
The
BlackBerry Dynamics NOC
is a separately-located NOC that provides secure communications between
BlackBerry Dynamics
apps on devices and the
BlackBerry UEM Core
,
BlackBerry Proxy
and
BlackBerry Enterprise Mobility Server
.