Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.21
  3. UEM Overview and Architecture
  4. Data flows: Sending and receiving work data
  5. Sending and receiving work data using the BlackBerry Infrastructure
  6. Data flow: Sending and receiving work data from a BlackBerry Dynamics app on an Android device using BlackBerry Secure Connect Plus

Data flow: Sending and receiving work data from a
BlackBerry Dynamics
 app on an
Android
 device using
BlackBerry Secure Connect Plus

This data flow describes how data travels when a
BlackBerry Dynamics
 app on an
Android Enterprise
 or
Samsung Knox Workspace
 device uses
BlackBerry Secure Connect Plus
.
If you are using
BlackBerry Secure Connect Plus
 with
BlackBerry Dynamics
 apps on an
Android Enterprise
 device, it is recommended that you restrict
BlackBerry Dynamics
 apps from using
BlackBerry Secure Connect Plus
 to avoid network latency. You can't restrict specific apps on
Samsung Knox Workspace
 devices.
If you are using
BlackBerry Secure Connect Plus
 with
BlackBerry Dynamics
 apps on an
Android Enterprise
 device or a
Samsung Knox Workspace
 device, it is recommended that you configure
UEM
 not to send
BlackBerry Dynamics
 app data through the
BlackBerry Infrastructure
 to reduce network latency.
Diagram showing the steps and components mentioned in the following data flow.
  1. The user opens a
    BlackBerry Dynamics
     app to access work data.
  2. The device sends a request through a TLS tunnel, over port 443, to the
    BlackBerry Infrastructure
     to request a secure tunnel to the work network. The signal is encrypted by default using FIPS-140 certified
    Certicom
     libraries. The signaling tunnel is encrypted end to end.
  3. BlackBerry Secure Connect Plus
     receives the request from the
    BlackBerry Infrastructure
     through port 3101.
  4. The device and
    BlackBerry Secure Connect Plus
     negotiate the tunnel parameters and establish a secure tunnel for the device through the
    BlackBerry Infrastructure
    . The tunnel is authenticated and encrypted end to end with DTLS.
  5. BlackBerry Secure Connect Plus
     establishes a connection with
    BlackBerry Proxy
    .
  6. The
    BlackBerry Dynamics
     app establishes a connection to
    BlackBerry Proxy
     using the
    BlackBerry Secure Connect Plus
     tunnel.
  7. BlackBerry Proxy
     authenticates with the
    BlackBerry Dynamics
     app using its server certificate.
    BlackBerry Proxy
     validates the app using a MAC keyed with a session key known only to
    BlackBerry Proxy
     and the app.
  8. When the secure connection is established between
    BlackBerry Proxy
     and the app, work data can travel between the device and application or content servers behind the firewall using the
    BlackBerry Secure Connect Plus
     tunnel to
    BlackBerry Proxy
    .
    BlackBerry Secure Connect Plus
     encrypts and decrypts traffic using FIPS-140 certified Certicom libraries.