Skip Navigation

Data flow: Accessing an application or content server using 
BlackBerry Secure Connect Plus

This data flow describes how data travels when an app on a device that is configured to use 
BlackBerry Secure Connect Plus
 accesses an application or content server in your organization.
This data flow does not apply to 
BlackBerry Dynamics
 apps in the work space on 
Android Enterprise
 devices or 
Samsung Knox Workspace
 devices. For more information see, Data flow: Sending and receiving work data from a BlackBerry Dynamics app on an Android device using BlackBerry Secure Connect Plus
Diagram showing the steps and components mentioned in the following data flow.
  1. The user opens an app to access work data from a content or application server behind your organization's firewall.
    • For 
      Android Enterprise
       devices, all work space apps except those you choose to restrict use 
      BlackBerry Secure Connect Plus
      .
    • For 
      Samsung Knox Workspace
       devices, you specify whether all work space apps or only specified work apps use 
      BlackBerry Secure Connect Plus
      .
    • For 
      iOS
       devices, you specify whether all apps or only specified apps use 
      BlackBerry Secure Connect Plus
      .
    • For 
      BlackBerry 10
       devices and 
      Android Enterprise
       devices, all work space apps use 
      BlackBerry Secure Connect Plus
      .
  2. The device sends a requests through a TLS tunnel, over port 443, to the 
    BlackBerry Infrastructure
     to request a secure tunnel to the work network. The signal is encrypted by default using FIPS-140 certified Certicom libraries. The signaling tunnel is encrypted end-to-end.
  3. BlackBerry Secure Connect Plus
     receives the request from the 
    BlackBerry Infrastructure
     through port 3101.
  4. The device and 
    BlackBerry Secure Connect Plus
     negotiate the tunnel parameters and establish a secure tunnel for the device through the 
    BlackBerry Infrastructure
    . The tunnel is authenticated and encrypted end-to-end with DTLS. 
  5. The app uses the tunnel to connect to the application or content server using standard IPv4 protocols (TCP and UDP).
  6. BlackBerry Secure Connect Plus
     transfers the IP data to and from your organization's network. 
    BlackBerry Secure Connect Plus
     encrypts and decrypts traffic using FIPS-140 certified Certicom libraries.
  7. The app receives and displays the data on the device. 
  8. As long as the tunnel is open, supported apps use it to access network resources. When the tunnel is no longer the best available method to connect to your organization's network, 
    BlackBerry Secure Connect Plus
     terminates it.