Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.19
  3. BlackBerry UEM Installation and Upgrade
  4. Installing or upgrading the BlackBerry UEM software
  5. Installing or upgrading BlackBerry UEM in a dark site environment

Installing or upgrading
BlackBerry UEM
 in a dark site environment

BlackBerry UEM
 for dark sites provides a secure mobile device management solution without requiring
UEM
 to connect to the
BlackBerry Infrastructure
 and other services on the Internet. Because
UEM
 does not connect to the Internet, some features are not supported. The following are some considerations to note when you set up
UEM
 in a dark-site environment:
Item
Consideration
Supported components
Only the following components are enabled for
UEM
 installed in a dark site environment:
  • UEM
     management console
  • BlackBerry UEM Core
  • BlackBerry Gatekeeping Service
     to control which devices can access
    Exchange ActiveSync
Supported activation types
UEM
 for dark sites supports activation of only
iOS
 and
Samsung Knox
 devices. You can activate devices with the following activation types:
  • MDM controls (
    iOS
     only)
  • Work space only (
    Android Enterprise
     fully managed device)
  • Work and personal - full control (
    Android Enterprise
     fully managed device with work profile)
  • Work and personal - user privacy (
    Android Enterprise
     with work profile)
  • Work and personal - full control (
    Samsung Knox
    )
UEM
 for dark sites does not support
Knox Mobile Enrollment
.
Unsupported components
Features that require devices to connect to your organization's resources through the
BlackBerry Infrastructure
 are not supported, including:
  • BlackBerry Secure Connect Plus
  • BlackBerry Secure Gateway
  • Using
    UEM
     as a proxy for SCEP requests
  • BlackBerry Proxy
Unsupported device features
  • BlackBerry Dynamics
     is not supported.
  • For supported activation types, not all all device features are supported. In activation profiles, do not enable the following options:
    • Enable MDM controls activation type for Android devices
    • Turn on registration with the BlackBerry Infrastructure
  • Google Play Integrity
     is not supported.
  • Compliance profiles are not supported for
    iOS
     devices because the
    BlackBerry UEM Client
     for
    iOS
     cannot be installed in dark site environments.
  • The default email app on
    Samsung Knox
     devices needs to connect to the
    Samsung
     infrastructure before it will send and receive data. You can choose to allow this connection or use a different email app on
    Samsung Knox
     devices.
Licensing
You must manually import license information into
UEM
.
If your organization is using
Samsung Knox
 devices in a dark site environment, an on-premises
Samsung Knox
 License On-Premises server was installed with
UEM
.
Devices communicate with the
Knox
 License On-Premises server using your work 
Wi-Fi
 network. If you are activating devices with
Android Enterprise
 activation types and the
Knox
 License On-Premises server certificate is signed by an internal CA, you need to send the
Knox
 License On-Premises server certificate to devices using a CA certificate profile.
APNs
To manage
iOS
 devices,
UEM
 must send notifications to devices through an APNs server. When devices receive a notification from APNs, they contact
UEM
 for updates.
For more information about securing connections to APNs or possible alternatives to using the public APNs infrastructure, contact your
Apple
 support representative.
VPN
After activation,
iOS
 devices connect to
UEM
 and your resources using a VPN connection. To use VPN, you must install an appropriate VPN app on devices and set up a VPN profile in
UEM
.
Samsung Knox
 can connect to
UEM
 and your resources over a VPN connection. For information, see Set up VPN using Knox StrongSwan in the Configuration content.