Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.17
  3. Planning and Architecture
  4. BlackBerry UEM Cloud Architecture and Data Flows
  5. Sending and receiving work data
  6. Sending and receiving work data using BlackBerry UEM Cloud and the BlackBerry Infrastructure
  7. Data flow: Sending and receiving work data from a BlackBerry Dynamics app on an Android device using BlackBerry Secure Connect Plus

Data flow: Sending and receiving work data from a 
BlackBerry Dynamics
 app on an 
Android
 device using 
BlackBerry Secure Connect Plus

This data flow describes how data travels when a 
BlackBerry Dynamics
 app on an 
Android Enterprise
 or 
Samsung Knox Workspace
 device uses 
BlackBerry Secure Connect Plus
.
If you are using 
BlackBerry Secure Connect Plus
 with 
BlackBerry Dynamics
 apps on an 
Android Enterprise
 device, it is recommended that you restrict 
BlackBerry Dynamics
 apps from using 
BlackBerry Secure Connect Plus
 to avoid network latency. You can't restrict specific apps on 
Samsung Knox Workspace
 devices.
If you are using 
BlackBerry Secure Connect Plus
 with 
BlackBerry Dynamics
 apps on an 
Android Enterprise
 device or a 
Samsung Knox Workspace
 device, it is recommended that you configure 
BlackBerry UEM
 not to send 
BlackBerry Dynamics
 app data through the 
BlackBerry Dynamics NOC
 to reduce network latency.
Diagram showing the steps and components mentioned in the following data flow.
  1. The user opens a 
    BlackBerry Dynamics
     app to access work data.
  2. The device sends a request through a TLS tunnel, over port 443, to the 
    BlackBerry Infrastructure
     to request a secure tunnel to the work network. The signal is encrypted by default using FIPS-140 certified 
    Certicom
     libraries. The signaling tunnel is encrypted end to end.
  3. BlackBerry Secure Connect Plus
     receives the request from the 
    BlackBerry Infrastructure
     through port 3101.
  4. The device and 
    BlackBerry Secure Connect Plus
     negotiate the tunnel parameters and establish a secure tunnel for the device through the 
    BlackBerry Infrastructure
    . The tunnel is authenticated and encrypted end to end with DTLS. 
  5. BlackBerry Secure Connect Plus
     establishes a connection with 
    BlackBerry Proxy
    .
  6. The 
    BlackBerry Dynamics
     app establishes a connection to 
    BlackBerry Proxy
     using the 
    BlackBerry Secure Connect Plus
     tunnel.
  7. BlackBerry Proxy
     authenticates with the 
    BlackBerry Dynamics
     app using its server certificate. 
    BlackBerry Proxy
     validates the app using a MAC keyed with a session key known only to 
    BlackBerry Proxy
     and the app.
  8. When the secure connection is established between 
    BlackBerry Proxy
     and the app, work data can travel between the device and application or content servers behind the firewall using the 
    BlackBerry Secure Connect Plus
     tunnel to 
    BlackBerry Proxy
    BlackBerry Secure Connect Plus
     encrypts and decrypts traffic using FIPS-140 certified Certicom libraries.