Skip Navigation

Data flow: Accessing an application or content server using
BlackBerry Secure Connect Plus

This data flow describes how data travels when an app on a device that is configured to use
BlackBerry Secure Connect Plus
accesses an application or content server in your organization.
This data flow does not apply to
BlackBerry Dynamics
apps in the work space on
Android Enterprise
devices or
Samsung Knox Workspace
devices. For more information see, Data flow: Sending and receiving work data from a BlackBerry Dynamics app on an Android device using BlackBerry Secure Connect Plus
Diagram showing the steps and components mentioned in the following data flow.
  1. The user opens an app to access work data from a content or application server behind your organization's firewall.
    • For
      Android Enterprise
      devices, all work space apps except those you choose to restrict use
      BlackBerry Secure Connect Plus
      .
    • For
      Samsung Knox Workspace
      devices, you specify whether all work space apps or only specified work apps use
      BlackBerry Secure Connect Plus
      .
    • For
      iOS
      devices, you specify whether all apps or only specified apps use
      BlackBerry Secure Connect Plus
      .
  2. The device sends a requests through a TLS tunnel, over port 443, to the
    BlackBerry Infrastructure
    to request a secure tunnel to the work network. The signal is encrypted by default using FIPS-140 certified Certicom libraries. The signaling tunnel is encrypted end-to-end.
  3. BlackBerry Secure Connect Plus
    receives the request from the
    BlackBerry Infrastructure
    through port 3101.
  4. The device and
    BlackBerry Secure Connect Plus
    negotiate the tunnel parameters and establish a secure tunnel for the device through the
    BlackBerry Infrastructure
    . The tunnel is authenticated and encrypted end-to-end with DTLS.
  5. The app uses the tunnel to connect to the application or content server using standard IPv4 protocols (TCP and UDP).
  6. BlackBerry Secure Connect Plus
    transfers the IP data to and from your organization's network.
    BlackBerry Secure Connect Plus
    encrypts and decrypts traffic using FIPS-140 certified Certicom libraries.
  7. The app receives and displays the data on the device.
  8. As long as the tunnel is open, supported apps use it to access network resources. When the tunnel is no longer the best available method to connect to your organization's network,
    BlackBerry Secure Connect Plus
    terminates it.