Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.18
  3. Planning and Architecture
  4. BlackBerry UEM Cloud Architecture and Data Flows
  5. BlackBerry UEM Cloud architecture and data flows

BlackBerry UEM Cloud
 architecture and data flows

BlackBerry UEM Cloud
 is a unified endpoint management solution from
BlackBerry
. With
BlackBerry UEM Cloud
 you can manage
iOS
,
macOS
,
Android
, and
Windows 10
 devices using a simple web-based interface and protect business information on BYOD, COPE, and COBO devices.
The
BlackBerry UEM Cloud
 architecture was designed to help you manage mobile devices for your organization in a cloud environment and provide a secure link for data to travel between your organization's mail and content servers and your user's devices.

Architecture:
BlackBerry UEM Cloud
 solution

Diagram that shows the components used in the in the BlackBerry UEM Cloud solution
Component
Description
BlackBerry UEM Cloud
BlackBerry UEM Cloud
 is a service that allows you to manage devices used in your organization's environment.
BlackBerry Infrastructure and BlackBerry Dynamics NOC
The
BlackBerry Infrastructure
 registers user information for device activation and validates licensing information for
BlackBerry UEM Cloud
. If you enable
BlackBerry Secure Connect Plus
 or the
BlackBerry Secure Gateway
, data in transit that uses these services passes through the
BlackBerry Infrastructure
.
The
BlackBerry Dynamics NOC
 is a separately located NOC that provides secure communications between
BlackBerry Dynamics
 apps on devices and
BlackBerry Proxy
 installed behind the firewall as part of the
BlackBerry Connectivity Node
.
Devices
BlackBerry UEM Cloud
 supports
iOS
,
macOS
,
Android
, and
Windows 10
devices.
Notification services
BlackBerry UEM Cloud
 sends notifications to devices to contact
BlackBerry UEM
 for updates and to report information for your organization's device inventory. These notifications are sent to the
BlackBerry Infrastructure
, where they are sent to the devices using the appropriate notification service:
  • APNs is a service that
    Apple
     provides to send notifications to
    iOS
     and
    macOS
     devices.
  • FCM is a service that
    Google
     provides to send notifications to
    Android
     devices.
  • WNS is a service that
    Microsoft
     provides to send notifications to
    Windows 10
     devices.
BlackBerry Connectivity Node
The
BlackBerry Connectivity Node
 is an optional component that you install inside your organization's firewall. It includes five components that add functionality to
BlackBerry UEM Cloud
:
  • The
    BlackBerry Cloud Connector
     connects
    BlackBerry UEM Cloud
     to your company directory behind the firewall to allow basic attribute synchronization, search functionality, and user authentication services. If you don't install the
    BlackBerry Connectivity Node
     and your company directory is behind the firewall, you must create local user accounts in
    BlackBerry UEM Cloud
     instead of using the user accounts in your company directory. The
    BlackBerry Cloud Connector
     is not required for
    BlackBerry UEM Cloud
     to connect to
    Microsoft Azure
    Active Directory
    .
  • BlackBerry Proxy
     maintains a secure connection between your organization and the
    BlackBerry Dynamics NOC
    , which allows
    BlackBerry Dynamics
     apps to communicate securely with your organization's resources behind the firewall. It also supports
    BlackBerry Dynamics Direct Connect
    , which allows app data to bypass the
    BlackBerry Dynamics NOC
    .
  • The
    BlackBerry Gatekeeping Service
     sends commands to
    Exchange ActiveSync
     to add devices to an allowed list when devices are activated on
    BlackBerry UEM Cloud
    . Unmanaged devices that try to connect to an organization's mail server can be reviewed, verified, and blocked or allowed by an administrator using the
    BlackBerry UEM
     management console.
  • BlackBerry Secure Connect Plus
     provides a secure IP tunnel between work apps on devices and your organization's network. One tunnel that supports standard IPv4 (TCP and UDP) data is established for each device through the
    BlackBerry Infrastructure
    .
  • The
    BlackBerry Secure Gateway
     provides a secure connection through the
    BlackBerry Infrastructure
     and
    BlackBerry UEM Cloud
     to your organization's mail server for
    iOS
     devices.
The
BlackBerry Connectivity Node
 uses port 3101 to communicate with
BlackBerry UEM Cloud
.
BlackBerry Enterprise Mobility Server
If you have installed the
BlackBerry Connectivity Node
, you can also install an on-premises
BEMS
.
BEMS
 consolidates several services used to send work data to and from
BlackBerry Dynamics
 apps:
  • BlackBerry Connect
     provides secure instant messaging, company directory look-up, and user presence information to
    iOS
     and
    Android
     devices.
  • BlackBerry Presence
     provides real-time presence status to
    BlackBerry Dynamics
     apps.
  • BlackBerry Docs
     lets your
    BlackBerry Dynamics
     app users access, synchronize, and share documents using their work file server,
    SharePoint
    ,
    Box
    , and content management systems supporting CMIS, without the need for VPN software, firewall reconfiguration, or duplicate data stores.
BlackBerry Enterprise Mobility Server
 databases
The
BEMS
 databases store user, app, policy, and configuration information.
Company directory
BlackBerry UEM Cloud
 supports connectivity with your organization's
Microsoft Active Directory
 or LDAP company directory behind the firewall using the
BlackBerry Connectivity Node
.
Microsoft Azure
Active Directory
Microsoft Azure
Active Directory
 is a cloud-based directory management service. If your organization uses
Azure
Active Directory
 you can connect to it instead of, or in addition to, a company directory behind the firewall.
Content, application, and mail servers
When you enable
BlackBerry Secure Connect Plus
 or when users have
BlackBerry Dynamics
 apps, devices can connect to your organization's servers without requiring you to open a direct connection between the server and the Internet. Work data in transit between your servers and devices is sent through
BlackBerry Secure Connect Plus
 and the
BlackBerry Infrastructure
.
BlackBerry Dynamics
 app data is sent through
BlackBerry Proxy
 and the
BlackBerry Dynamics NOC
.
The
BlackBerry Secure Gateway
 provides a secure connection through the
BlackBerry Infrastructure
 and
BlackBerry Connectivity Node
 between your organization's mail server and
iOS
 devices.
BlackBerry
 plug-ins and
BEMS
The cloud version of
BlackBerry Enterprise Mobility Server
 provides
BlackBerry Push Notifications
, which accepts push registration requests from
iOS
 and
Android
 devices and then communicates with
Microsoft Exchange
 to monitor the user's work mail account for changes. When you specify the on-premises Microsoft Exchange Server or Microsoft Office 365 server information, you specify the settings to create the BEMS Cloud tenant for your organization.
You can also integrate the cloud version of BEMS with
BlackBerry Docs
, which lets your
BlackBerry Dynamics
 app users access, synchronize, and share documents using their work file server,
SharePoint
,
Box
, and content management systems supporting CMIS, without the need for VPN software, firewall reconfiguration, or duplicate data stores.
BlackBerry UEM Cloud
 works with additional
BlackBerry
 enterprise products such as
BlackBerry Enterprise Identity
,
BlackBerry 2FA
, and
BlackBerry Workspaces
, to allow you to extend
UEM
 capabilities in your organization.