Get the PDF

Configuring BlackBerry UEM
Changing the certificates that BlackBerry UEM uses for authentication
- Considerations for changing BlackBerry Dynamics certificates
- Change a BlackBerry UEM certificate
Installing the BlackBerry Connectivity Node to connect to resources behind your organization's firewall
- Steps to install and activate the BlackBerry Connectivity Node
- Requirements: BlackBerry Connectivity Node
- Install and configure the BlackBerry Connectivity Node
- Create a server group to manage regional connections
- Troubleshooting: BlackBerry Connectivity Node
Configuring BlackBerry UEM to send data through a proxy server
- Sending data through a TCP proxy server to the BlackBerry Infrastructure
  - Configure BlackBerry UEM to use a transparent TCP proxy server
  - Enable SOCKS v5 on a TCP proxy server
- Install a standalone BlackBerry Router in a UEM Cloud environment
Configure connections through internal proxy servers
Connect to an SMTP server to send email notifications
Connecting to your company directories
- Connect to a Microsoft Active Directory instance
- Connect to an LDAP directory
- Enable directory-linked groups
- Enable and configure onboarding and offboarding
- Synchronize a directory connection
Connect BlackBerry UEM to Entra ID to create directory user accounts
Configuring BlackBerry UEM to manage Microsoft Intune app protection profiles
- Prerequisites to support Intune app protection
- Create an app registration in Entra
- Configure BlackBerry UEM to synchronize with Microsoft Intune
Configuring BlackBerry UEM as an Intune compliance partner in Entra
- Prerequisites to configure Entra ID conditional access
- Configure Entra ID conditional access
Obtaining an APNs certificate to manage iOS and macOS devices
- Request and register an APNs certificate
- Troubleshooting: APNs
Configure BlackBerry UEM for DEP
Configuring BlackBerry UEM to support Android Enterprise devices
- Configure BlackBerry UEM to support Android Enterprise devices
Configuring BlackBerry UEM to support Android Management devices
- Configure Android Management in the Google Cloud console
- Configure Android Management in BlackBerry UEM
Extending the management of Chrome OS devices to BlackBerry UEM
- Create a service account to authenticate with the Google domain
- Enable UEM to synchronize Chrome OS data
- Integrate UEM with the Google domain
Simplifying Windows 10 activations
- Integrate UEM with Entra ID join
  - Configure Windows Autopilot for device activation
- Deploy a discovery service to simplify Windows 10 activations
Migrating users, devices, groups, and other data from a source server
- Prerequisites: Migrating users, devices, groups, and other data from a source BlackBerry server
- UEM migration best practices and considerations
- Connect to a source server
- Migrate IT policies, profiles, and groups from a source server
- Migrate users from a source server
- Migrate devices from a source server
Configuring network communication and properties for BlackBerry Dynamics apps
- Manage BlackBerry Proxy clusters
- Configure Direct Connect using port forwarding
- Configure BlackBerry Dynamics properties
- Configure communication settings for BlackBerry Dynamics apps
- Sending BlackBerry Dynamics app data through an HTTP proxy
  - Considerations for using a PAC file with BlackBerry Proxy
  - Configure BlackBerry Dynamics app proxy settings
- Methods for routing traffic for BlackBerry Dynamics apps
  - Example routing scenarios for BlackBerry Dynamics traffic
- Configuring Kerberos authentication for BlackBerry Dynamics apps
Encrypt the connection between BlackBerry UEM and Microsoft SQL Server
Integrating BlackBerry UEM with Cisco ISE
- Managing network access and device controls using Cisco ISE
- Requirements: Integrating BlackBerry UEM with Cisco ISE
- Connect BlackBerry UEM to Cisco ISE
Set up VPN using Knox StrongSwan for UEM dark site environments

Encrypt the connection between
BlackBerry UEM
and
Microsoft SQL Server

You can configure an encrypted connection between

BlackBerry UEM

and

Microsoft SQL Server

. By default, the connection is not encrypted.

When you upgrade

UEM

, the encryption settings are not retained. After the upgrade, you must repeat steps 3 and on to encrypt the connection again.

Please note that the encrypted connection can result in an increase in the UOS CPU on the computer that hosts the

BlackBerry UEM Core

On the computer that hosts the

SQL Server

, in the

Microsoft

Management Console, use the certificates snap-in to request the computer certificate (select the computer account, Certificates (Local Computer) > right-click Personal > All Tasks > Request New Certificate). You should see the certificate in Certificates (Local Computer) > Personal > Certificates.

Depending on how

SQL Server

is configured, you may need to grant permissions to the certificate to the

SQL Server

account.

In the

SQL Server

Configuration Manager, navigate to the Network Configuration and open the Properties for the

SQL Server

Protocols. On the Certificate tab, select the computer certificate. Restart the

SQL Server

service.

In the

Microsoft

Management Console, use the certificates snap-in to export the computer certificate from the personal store (personal.cer). Copy the certificate to each computer that hosts a

UEM

instance.

Complete these steps on every computer that hosts a

UEM Core

instance:

Navigate to and double-click the personal certificate (personal.cer). View the parent certificate (parent.cer) and export and save it to the same folder that contains the personal certificate (for example, C:\blackberry\certs\).

Open the command prompt and run the following commands to import the personal and parent certificates to the

Java

keystore and generate a trust store:

keytool -importcert -keystore "<path_to_Java_CA_certs_store>" -storepass <CA_certs_store_password> -file <path_to_personal_cert> -alias personal

keytool -importcert -keystore "<path_to_Java_CA_certs_store>" -storepass <CA_certs_store_password> -file <path_to_parent_cert> -alias parent

keytool -import -v -trustcacerts -alias personal -file <path_to_personal_cert> -keystore <path_to_folder_with_personal_and_parent_certs>\truststore.jks -storepass <password_to_set_for_trust_store> -storetype JKS

For example:

keytool -importcert -keystore "c:\Program Files\Eclipse Adoptium\jre-17.0.11.9-hotspot\lib\security\cacerts" -storepass changeit -file c:\blackberry\certs\personal.cer -alias personal

keytool -importcert -keystore "c:\Program Files\Eclipse Adoptium\jre-17.0.11.9-hotspot\lib\security\cacerts" -storepass changeit -file c:\blackberry\certs\parent.cer -alias parent

keytool -import -v -trustcacerts -alias personal -file c:\blackberry\certs\personal.cer -keystore c:\blackberry\certs\truststore.jks -storepass password -storetype JKS

Stop all

UEM

services.

In C:\Program Files\BlackBerry\UEM\common-settings, copy and rename

db.properties

to create a backup database properties file.

Open

db.properties

In the

SQL Server

encryption settings section, configure the following settings (you do not need to change any other settings):

configuration.database.ng.encrypt=true
configuration.database.ng.trustservercertificate=false
configuration.database.ng.truststore=<path_to_the_jks_trust_store_generated_in_step_2>
configuration.database.ng.truststorepassword=<password_for_jks_trust_store_generated_in_step_2>

Save and close

db.properties

Restart the

UEM

services.

Encrypt the connection between BlackBerry UEM and Microsoft SQL Server

Encrypt the connection between
BlackBerry UEM
and
Microsoft SQL Server