Skip Navigation

BlackBerry UEM Cloud
architecture and data flows

BlackBerry UEM Cloud
is a unified endpoint management solution from
BlackBerry
. With
BlackBerry UEM Cloud
you can manage
iOS
,
macOS
,
Android
, and
Windows 10
devices using a simple web-based interface and protect business information on BYOD, COPE, and COBO devices.
The
BlackBerry UEM Cloud
architecture was designed to help you manage mobile devices for your organization in a cloud environment and provide a secure link for data to travel between your organization's mail and content servers and your user's devices.

Architecture:
BlackBerry UEM Cloud
solution

Diagram that shows the components used in the in the BlackBerry UEM Cloud solution
Component
Description
BlackBerry UEM Cloud
BlackBerry UEM Cloud
is a service that allows you to manage devices used in your organization's environment.
BlackBerry Infrastructure and BlackBerry Dynamics NOC
The
BlackBerry Infrastructure
registers user information for device activation and validates licensing information for
BlackBerry UEM Cloud
. If you enable
BlackBerry Secure Connect Plus
or the
BlackBerry Secure Gateway
, data in transit that uses these services passes through the
BlackBerry Infrastructure
.
The
BlackBerry Dynamics NOC
is a separately located NOC that provides secure communications between
BlackBerry Dynamics
apps on devices and
BlackBerry Proxy
installed behind the firewall as part of the
BlackBerry Connectivity Node
.
Devices
BlackBerry UEM Cloud
supports
iOS
,
macOS
,
Android
, and
Windows 10
devices.
Notification services
BlackBerry UEM Cloud
sends notifications to devices to contact
BlackBerry UEM
for updates and to report information for your organization's device inventory. These notifications are sent to the
BlackBerry Infrastructure
, where they are sent to the devices using the appropriate notification service:
  • APNs is a service that
    Apple
    provides to send notifications to
    iOS
    and
    macOS
    devices.
  • FCM is a service that
    Google
    provides to send notifications to
    Android
    devices.
  • WNS is a service that
    Microsoft
    provides to send notifications to
    Windows 10
    devices.
BlackBerry Connectivity Node
The
BlackBerry Connectivity Node
is an optional component that you install inside your organization's firewall. It includes five components that add functionality to
BlackBerry UEM Cloud
:
  • The
    BlackBerry Cloud Connector
    connects
    BlackBerry UEM Cloud
    to your company directory behind the firewall to allow basic attribute synchronization, search functionality, and user authentication services. If you don't install the
    BlackBerry Connectivity Node
    and your company directory is behind the firewall, you must create local user accounts in
    BlackBerry UEM Cloud
    instead of using the user accounts in your company directory. The
    BlackBerry Cloud Connector
    is not required for
    BlackBerry UEM Cloud
    to connect to
    Microsoft Azure
    Active Directory
    .
  • BlackBerry Proxy
    maintains a secure connection between your organization and the
    BlackBerry Dynamics NOC
    , which allows
    BlackBerry Dynamics
    apps to communicate securely with your organization's resources behind the firewall. It also supports
    BlackBerry Dynamics Direct Connect
    , which allows app data to bypass the
    BlackBerry Dynamics NOC
    .
  • The
    BlackBerry Gatekeeping Service
    sends commands to
    Exchange ActiveSync
    to add devices to an allowed list when devices are activated on
    BlackBerry UEM Cloud
    . Unmanaged devices that try to connect to an organization's mail server can be reviewed, verified, and blocked or allowed by an administrator using the
    BlackBerry UEM
    management console.
  • BlackBerry Secure Connect Plus
    provides a secure IP tunnel between work apps on devices and your organization's network. One tunnel that supports standard IPv4 (TCP and UDP) data is established for each device through the
    BlackBerry Infrastructure
    .
  • The
    BlackBerry Secure Gateway
    provides a secure connection through the
    BlackBerry Infrastructure
    and
    BlackBerry UEM Cloud
    to your organization's mail server for
    iOS
    devices.
The
BlackBerry Connectivity Node
uses port 3101 to communicate with
BlackBerry UEM Cloud
.
BlackBerry Enterprise Mobility Server
If you have installed the
BlackBerry Connectivity Node
, you can also install an on-premises
BEMS
.
BEMS
consolidates several services used to send work data to and from
BlackBerry Dynamics
apps:
  • BlackBerry Connect
    provides secure instant messaging, company directory look-up, and user presence information to
    iOS
    and
    Android
    devices.
  • BlackBerry Presence
    provides real-time presence status to
    BlackBerry Dynamics
    apps.
  • BlackBerry Docs
    lets your
    BlackBerry Dynamics
    app users access, synchronize, and share documents using their work file server,
    SharePoint
    ,
    Box
    , and content management systems supporting CMIS, without the need for VPN software, firewall reconfiguration, or duplicate data stores.
BlackBerry Enterprise Mobility Server
databases
The
BEMS
databases store user, app, policy, and configuration information.
Company directory
BlackBerry UEM Cloud
supports connectivity with your organization's
Microsoft Active Directory
or LDAP company directory behind the firewall using the
BlackBerry Connectivity Node
.
Microsoft Azure
Active Directory
Microsoft Azure
Active Directory
is a cloud-based directory management service. If your organization uses
Azure
Active Directory
you can connect to it instead of, or in addition to, a company directory behind the firewall.
Content, application, and mail servers
When you enable
BlackBerry Secure Connect Plus
or when users have
BlackBerry Dynamics
apps, devices can connect to your organization's servers without requiring you to open a direct connection between the server and the Internet. Work data in transit between your servers and devices is sent through
BlackBerry Secure Connect Plus
and the
BlackBerry Infrastructure
.
BlackBerry Dynamics
app data is sent through
BlackBerry Proxy
and the
BlackBerry Dynamics NOC
.
The
BlackBerry Secure Gateway
provides a secure connection through the
BlackBerry Infrastructure
and
BlackBerry Connectivity Node
between your organization's mail server and
iOS
devices.
BlackBerry
plug-ins and
BEMS
The cloud version of
BlackBerry Enterprise Mobility Server
provides
BlackBerry Push Notifications
, which accepts push registration requests from
iOS
and
Android
devices and then communicates with
Microsoft Exchange
to monitor the user's work mail account for changes. When you specify the on-premises Microsoft Exchange Server or Microsoft Office 365 server information, you specify the settings to create the BEMS Cloud tenant for your organization.
You can also integrate the cloud version of BEMS with
BlackBerry Docs
, which lets your
BlackBerry Dynamics
app users access, synchronize, and share documents using their work file server,
SharePoint
,
Box
, and content management systems supporting CMIS, without the need for VPN software, firewall reconfiguration, or duplicate data stores.
BlackBerry UEM Cloud
works with additional
BlackBerry
enterprise products such as
BlackBerry Enterprise Identity
,
BlackBerry 2FA
, and
BlackBerry Workspaces
, to allow you to extend
UEM
capabilities in your organization.