BlackBerry UEM on-premises distributed installation Skip Navigation

BlackBerry UEM
on-premises distributed installation

This diagram shows how the
BlackBerry UEM
components connect together when the
BlackBerry Connectivity Node
and the user interface are both installed separately from the primary
UEM
components.
Architecture diagram showing the BlackBerry UEM components when they are not all installed on the same computer.
Component name
Description
Primary
UEM
components
The primary
UEM
components include the
BlackBerry UEM Core
and all components installed with it on the same server.
BlackBerry UEM Core
The
UEM Core
is the central component of the
UEM
architecture. It consists of several subcomponents that are responsible for:
  • Logging, monitoring, reporting, and management functions
  • Authentication and authorization services
  • Scheduling and sending commands, IT policies, and profiles to devices
  • Sending user, policy, and other configuration data to
    BlackBerry Dynamics
    apps on devices.
BlackBerry UEM
database
The
UEM
database is a relational database that contains user account information and configuration information that
UEM
uses to manage devices and
BlackBerry Dynamics
apps.
BlackBerry Gatekeeping Service
(primary)
The
BlackBerry Gatekeeping Service
sends commands to
Exchange ActiveSync
to add devices to an allowed list when devices are activated on
UEM
. Unmanaged devices that try to connect to an organization's mail server can be reviewed, verified, and blocked or allowed through the management console.
Remote UI components
The management console and
BlackBerry UEM Self-Service
can be installed separately from other
UEM
components. If you install them separately, an instance of the
BlackBerry Management Console Core
is also installed.
BlackBerry Management Console Core
If installed, the
BlackBerry Management Console Core
processes only UI requests from the management console and
UEM Self-Service
. This ensures that these interfaces are responsive even when the load on the
UEM Core
is high.
Management console and
BlackBerry UEM Self-Service
The management console and
UEM Self-Service
provide a web-based user interface for administrator and user access to
UEM
. It can be installed separately from other components.
You use the management console to manage system settings, users, devices, and apps.
Users can access
UEM Self-Service
to set an activation password and send commands, such as set password, lock device, and delete device data, to devices.
BlackBerry Connectivity Node
The
BlackBerry Connectivity Node
installs instances of the
UEM
device connectivity components in your organization’s domain on a different server than the
UEM Core
. Each
BlackBerry Connectivity Node
contains these components:
  • BlackBerry Cloud Connector
    : Allows the
    BlackBerry Connectivity Node
    components to communicate with the
    UEM Core
    . All communication between the
    BlackBerry Cloud Connector
    and the
    UEM Core
    travels through the
    BlackBerry Infrastructure
    .
  • BlackBerry Proxy
    : Maintains the secure connection between your organization and the
    BlackBerry Dynamics NOC
    . It also supports
    BlackBerry Dynamics
    Direct Connect, which allows app data to bypass the
    BlackBerry Dynamics NOC
    .
  • BlackBerry Secure Connect Plus
    : Provides a secure IP tunnel between work apps on devices and your organization's network. One tunnel that supports standard IPv4 (TCP and UDP) data is established for each device through the
    BlackBerry Infrastructure
    .
  • BlackBerry Secure Gateway
    : Provides a secure connection through the
    BlackBerry Infrastructure
    and
    UEM
    to your organization's mail server for
    iOS
    devices.
  • BlackBerry Gatekeeping Service
    : Manage gatekeeping for your mail server. If you want gatekeeping data to be managed only by the
    BlackBerry Gatekeeping Service
    that is installed with the primary
    UEM
    components, you can disable the
    BlackBerry Gatekeeping Service
    in each
    BlackBerry Connectivity Node
    .
BlackBerry Enterprise Mobility Server
BEMS
consolidates several services used to send work data to and from
BlackBerry Dynamics
apps, including:
  • BlackBerry Push Notifications
    : Accepts push registration requests from
    iOS
    and
    Android
    devices and then communicates with
    Microsoft Exchange
    to monitor the user's work mail account for changes.
  • BlackBerry Connect
    : Provides secure instant messaging, company directory look-up, and user presence information to
    iOS
    and
    Android
    devices.
  • BlackBerry Presence
    : Provides real-time presence status to
    BlackBerry Dynamics
    apps.
  • BlackBerry Docs
    : Allows your
    BlackBerry Dynamics
    app users to access, synchronize, and share documents using their work file server,
    SharePoint
    ,
    Box
    , and content management systems supporting CMIS, without the need for VPN software, firewall reconfiguration, or duplicate data stores.
The
BEMS
databases store user, app, policy, and configuration information.
BlackBerry Infrastructure
and
BlackBerry Dynamics NOC
The
BlackBerry Infrastructure
registers user information for device activation, validates licensing information, and provides a trusted path between the organization and every user based on strong cryptographic mutual authentication.
The
BlackBerry Dynamics NOC
is a separately-located NOC that provides secure communications between
BlackBerry Dynamics
apps on devices and the
UEM Core
,
BlackBerry Proxy
, and
BEMS
.