Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.19
  3. UEM Overview and Architecture
  4. Data flows: Sending and receiving work data
  5. Sending and receiving work data using the BlackBerry Infrastructure
  6. Data flow: Accessing an application or content server using BlackBerry Secure Connect Plus

Data flow: Accessing an application or content server using
BlackBerry Secure Connect Plus

This data flow describes how data travels when an app on a device that is configured to use
BlackBerry Secure Connect Plus
 accesses an application or content server in your organization.
This data flow does not apply to
BlackBerry Dynamics
 apps in the work space on
Android Enterprise
 devices or
Samsung Knox Workspace
 devices. For more information see, Data flow: Sending and receiving work data from a BlackBerry Dynamics app on an Android device using BlackBerry Secure Connect Plus
Diagram showing the steps and components mentioned in the following data flow.
  1. The user opens an app to access work data from a content or application server behind your organization's firewall.
    • For
      Android Enterprise
       devices, all work space apps except those you choose to restrict use
      BlackBerry Secure Connect Plus
      .
    • For
      Samsung Knox Workspace
       devices, you specify whether all work space apps or only specified work apps use
      BlackBerry Secure Connect Plus
      .
    • For
      iOS
       devices, you specify whether all apps or only specified apps use
      BlackBerry Secure Connect Plus
      .
  2. The device sends a requests through a TLS tunnel, over port 443, to the
    BlackBerry Infrastructure
     to request a secure tunnel to the work network. The signal is encrypted by default using FIPS-140 certified Certicom libraries. The signaling tunnel is encrypted end-to-end.
  3. BlackBerry Secure Connect Plus
     receives the request from the
    BlackBerry Infrastructure
     through port 3101.
  4. The device and
    BlackBerry Secure Connect Plus
     negotiate the tunnel parameters and establish a secure tunnel for the device through the
    BlackBerry Infrastructure
    . The tunnel is authenticated and encrypted end-to-end with DTLS.
  5. The app uses the tunnel to connect to the application or content server using standard IPv4 protocols (TCP and UDP).
  6. BlackBerry Secure Connect Plus
     transfers the IP data to and from your organization's network.
    BlackBerry Secure Connect Plus
     encrypts and decrypts traffic using FIPS-140 certified Certicom libraries.
  7. The app receives and displays the data on the device.
  8. As long as the tunnel is open, supported apps use it to access network resources. When the tunnel is no longer the best available method to connect to your organization's network,
    BlackBerry Secure Connect Plus
     terminates it.