Install BlackBerry UEM version 12.21 MR1 in a BSI-certified environment
BlackBerry UEM
version 12.21 MR1 in a BSI-certified environment- When you follow the steps below to installUEM, you will enable an encrypted connection betweenUEMandMicrosoft SQL Server. You must export and store the certificate authority signing the SQL Server certificate (.cer) on the computer where you will installUEM.
- Extract the contents of theUEMinstallation package.
- Run a text editor as an administrator and open thedeployer.propertiesfile from the extracted installation package (<drive>:\BlackBerry\UEM\BlackBerry UEM<version>).
- Specify the properties as required for your organization’s environment. For more information about the available properties, see the UEM Installation and Upgrade Guide.For thedb.authentication.typeproperty, use the default value of INTEGRATED to configureUEMto connect to theUEMdatabase usingWindowsauthentication.
- Save and close thedeployer.propertiesfile.
- In the text editor, open thebsi.propertiesfile from the extracted installation package (<drive>:\BlackBerry\UEM\BlackBerry UEM<version>\context).
- Specify the following properties:
- cert.pinning.tenant: Specify the SRP ID for the UEM instance that you will install.
- tenant.country.code: The country code for the location of your tenant (for example, DE).
- Save and close thebsi.propertiesfile.If steps 5 to 7 are not completed, theUEMinstallation process will fail and theUEMdatabase must be deleted before you run the installer again.
- Using the sameWindowsservice account that you will use to run theUEMinstallation process, open the command prompt as an administrator.
- Run the following commands to generate a database encryption key:
- cd<extracted_UEM_installer_package>\db\Database\tools
- beskeytool.bat generatekey
The database encryption key is displayed. Copy and save the key value if you want to install multiple instances ofUEM(instructions are provided below for how to import the generated key to the additionalUEMinstances). - Run the following commands to installUEMfrom the command prompt and enable an encrypted connection betweenUEMandMicrosoft SQL Server:setup.exe --script --iAcceptBESEULA --propertyFiles bsi.properties --properties "db.encrypt=true,db.trustServerCertificate=false,db.trustmanagerclass= mdm.contract.database.ssl.NiapSQLServerTrustManager, db.trustmanagerconstructorarg=<path_to_SQL_certificate>"If you want to use a group Managed Service Account (gMSA) to install or upgradeUEMand run theUEMservices, see Configure permissions for the service account, and Install or upgrade BlackBerry UEM using the command prompt window for the modified commands that you will need to use.
- After the installation process is complete, in theWindowsServices, verify that theUEM Coreand Management console services are running. To verify the version ofUEMthat is installed, including the specific build (catalog) number, open “Add or remove programs” inWindowsand selectBlackBerry UEMto view the version.
- See the Guide to setting up BlackBerry UEM for a reference that walks you through the resources for setting up and administering aUEMenvironment. For additional setup tasks that must be completed for a BSI-certified environment, see Configure BlackBerry UEM for a BSI-certified environment.
- If you want to install multiple instances ofUEM, repeat the installation steps above on a different computer, but at step 9 you must run the following commands instead:
- cd<extracted_UEM_installer_package>\db\Database\tools
- beskeytool.bat importkey -key<key_value>
<key_value>is the database encryption key that was generated in step 9. If you did not save the generated key, you can run the following command on the computer where you installed the firstUEMinstance to display the key:- cd<extracted_UEM_installer_package>\db\Database\tools
- beskeytool.bat printkey