Messaging Process Flow

Process flow: Sending a message to a BlackBerry device

1.      A message arrives in a user’s mailbox. Microsoft® Exchange notifies the BlackBerry® Messaging Agent.

2.      The BlackBerry Messaging Agent applies global filter rules to the messages in the user’s mailbox and filters the messages that match the filter criteria.

If no global filter rules apply, the BlackBerry Messaging Agent applies filter rules that are user defined to the messages in the user’s mailbox.

3.      The BlackBerry Messaging Agent sends the first 2 KB of the message (plain text, or in an HTML message, the equivalent to 2 KB of plain text) to the BlackBerry Dispatcher.

4.      The BlackBerry Dispatcher compresses the first 2 KB of the message, encrypts it using the device transport key of the BlackBerry device, and sends the encrypted data to the BlackBerry Router.

5.      The BlackBerry Router sends the encrypted data to the wireless network over port 3101, or over port 4101 if the BlackBerry device is a Wi-Fi® enabled BlackBerry device that is connected to the enterprise Wi-Fi network.

6.      The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network, and sends the message data to the BlackBerry device.

7.      The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher. The BlackBerry Dispatcher sends the delivery confirmation to the BlackBerry Messaging Agent.

If the BlackBerry Messaging Agent does not receive a delivery confirmation within four hours, it sends the message to the wireless network again.

The delivery confirmation verifies that the wireless network delivered the message to the BlackBerry device, but it does not verify that the user received or opened the message.

8.      The BlackBerry device decrypts and decompresses the message so that the user can view it, and notifies the user that the message has arrived.

Process flow: Sending a message from a BlackBerry device

This process flow applies to new messages, reconciled messages (messages that a user moved, deleted, or marked as read or unread), and wireless calendar entries.

1.      A user sends a message from a BlackBerry® device.

The BlackBerry device assigns a RefId to the message. If the message is a meeting invitation or calendar entry, the BlackBerry device appends the calendar information to the message. The BlackBerry device compresses and encrypts the message, and sends the message to the wireless network over port 3101, or over port 4101 if the BlackBerry device is a Wi-Fi® enabled BlackBerry device that is connected to the enterprise Wi-Fi network.

2.      The wireless network sends the message to the BlackBerry® Enterprise Server.

The BlackBerry Enterprise Server accepts only encrypted messages from the BlackBerry device.

3.      The BlackBerry Dispatcher uses the device transport key of the BlackBerry device to decrypt and decompress the message.

If the BlackBerry Dispatcher cannot decrypt the message using the device transport key, the BlackBerry Enterprise Server ignores the message and sends an error message to the BlackBerry device.

4.      The BlackBerry Messaging Agent sends the message to the user’s email application.

5.      The BlackBerry Messaging Agent sends a copy of the message to the Sent Items view in the user’s email application.

6.      The messaging server delivers the message to the recipients.

Process flow: Sending a message that contains an attachment from a BlackBerry device

1.      A user attaches a file to a message on a BlackBerry® device and sends the message.

o    If the BlackBerry device is not running BlackBerry® Device Software version 4.2 or later, and if the BlackBerry device does not have a CMIME service book that indicates that the BlackBerry® Enterprise Server supports attachment uploads, the Add Attachment menu item does not appear on the BlackBerry device.

o    If the user tries to attach a file that exceeds the maximum file size that you specified, a notification appears and the user cannot attach the file.

2.      The BlackBerry device compresses and encrypts the message, and sends the message to the wireless network over port 3101.

The BlackBerry device formats the header of the message to indicate that a large attachment is part of the message. The BlackBerry device does not send the attachment content.

3.      The wireless network sends the message to the BlackBerry Enterprise Server.

4.      The BlackBerry Dispatcher decrypts and decompresses the message using the device transport key of the BlackBerry device.

If the BlackBerry Dispatcher cannot decrypt the message using the device transport key, the BlackBerry Enterprise Server ignores the message and sends an error message to the BlackBerry device.

5.      The BlackBerry Messaging Agent stores the message properties in the user’s mailbox.

The BlackBerry Messaging Agent sends a request for the attachment content through the BlackBerry Dispatcher to the BlackBerry device.

6.      The BlackBerry device sends the attachment content through the BlackBerry Dispatcher to the BlackBerry Messaging Agent.

If the file size of the attachment content exceeds a single data packet, the BlackBerry device divides the content into multiple data packets and sends the data packets to the BlackBerry Messaging Agent.

7.      The BlackBerry Messaging Agent verifies the validity of the attachment content, and stores the content in memory as the content arrives.

During the delivery of the attachment content, if the BlackBerry Messaging Agent does not receive content from the BlackBerry device for 15 minutes, the BlackBerry Messaging Agent cancels the message, deletes the partial attachment content from temporary storage, and sends an error message to the BlackBerry device.

After all of the attachment content arrives, the BlackBerry Messaging Agent checks for other attachments that might be part of the same message.

o    If other attachments exist, the BlackBerry Messaging Agent requests the attachment content.

• If no additional attachments exist, the BlackBerry Messaging Agent finishes processing the message and sends the message to the user’s email application.

The messaging server delivers the message to the intended recipients.

Process flow: Searching an organization's address book from a BlackBerry device

1.      A user searches for a contact on a BlackBerry® device.

2.      The BlackBerry device assigns a RefId to the search request, compresses and encrypts the request, and sends the request to the BlackBerry® Enterprise Server over port 3101.

3.      The BlackBerry Dispatcher decrypts and decompresses the request using the device transport key of the BlackBerry device, and sends the request to the BlackBerry Messaging Agent.

4.      The BlackBerry Messaging Agent searches the GAL on the Microsoft® Exchange server and retrieves the 20 closest matches for the contact lookup request.

The BlackBerry Messaging Agent sends the contact lookup results to the BlackBerry Dispatcher.

5.      The BlackBerry Dispatcher encrypts the results using the device transport key of the BlackBerry device, compresses the encrypted data, and sends it to the BlackBerry Router for delivery to the BlackBerry device.

6.      The BlackBerry Router sends the encrypted data to the wireless network over port 3101.

7.      The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network, and sends the encrypted data to the BlackBerry device.

8.      The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher, which sends it to the BlackBerry Messaging Agent.

If the BlackBerry Enterprise Server does not receive a delivery confirmation within four hours, it resubmits the contact lookup results to the wireless network.

9.      The BlackBerry device decrypts and decompresses the contact lookup results with the device transport key so that the user can view them on the BlackBerry device or add them to the contact list on the BlackBerry device.

BlackBerry Enterprise Solution security

BlackBerry Enterprise Solution security

The BlackBerry® Enterprise Solution consists of various products and components that are designed to extend your organization’s communication methods to BlackBerry devices. The BlackBerry Enterprise Solution is designed to protect data that is in transit at all points between a BlackBerry device and BlackBerry® Enterprise Server. To protect data that is in transit over the wireless network, the BlackBerry Enterprise Server and BlackBerry device use symmetric key cryptography to encrypt the data. Only the BlackBerry Enterprise Server and BlackBerry device can decrypt the data that they send between each other. The BlackBerry Enterprise Server is designed to prevent third parties, including wireless service providers, from accessing your organization's potentially sensitive information in a decrypted format.

The BlackBerry Enterprise Solution uses confidentiality, integrity, and authenticity, which are principles for information security, to help protect your organization from data loss or alteration.

Principles	Description
confidentiality	The BlackBerry Enterprise Solution uses symmetric key cryptography to help make sure that only intended recipients can view the contents of email messages.
integrity	The BlackBerry Enterprise Solution uses symmetric key cryptography to help protect every email message that the BlackBerry device sends and to help prevent third parties from decrypting or altering the message data. Only the BlackBerry Enterprise Server and BlackBerry device know the value of the keys that they use to encrypt messages and recognize the format of a decrypted and decompressed message. The BlackBerry Enterprise Server or BlackBerry device reject a message automatically that is not encrypted with keys that they recognize as valid.
authenticity	Before the BlackBerry Enterprise Server sends data to the BlackBerrydevice, the BlackBerry device authenticates with the BlackBerry Enterprise Server to prove that the BlackBerry device knows the device transport key that is used to encrypt data.

Blackberry Enterprise Server Arcitecture

Architecture: BlackBerry Enterprise Server

A BlackBerry® Enterprise Server consists of various components that are designed to perform the following actions:

• Ø  provide productivity tools and data from your organization's applications for your BlackBerry device users
• Ø  monitor other BlackBerry Enterprise Server components
• Ø  process, route, compress, and encrypt data
• Ø  communicate with the wireless network

Component	Description
BlackBerry Administration Service	The BlackBerry Administration Service connects to the BlackBerry Configuration Database. You can use the BlackBerry Administration Serviceto manage the BlackBerry Domain, which includes BlackBerry Enterprise Server components, user accounts, and features for BlackBerry device administration.
BlackBerry Mail Store Service	The BlackBerry Mail Store Service connects to the messaging servers in your organization's environment and retrieves the contact information that the BlackBerry Administration Service requires to search for user accounts on the messaging servers. You install a BlackBerry Mail Store Service when you install a BlackBerry Enterprise Server. The BlackBerry Mail Store Service connects to the messaging server using the same connection information that theBlackBerry Enterprise Server uses. The BlackBerry Administration Service is designed to communicate with the BlackBerry Mail Store Service using RPC.
BlackBerry Attachment Service	The BlackBerry Attachment Service converts supported message attachments to a format that users can view on their BlackBerry devices.
BlackBerry Collaboration Service	The BlackBerry Collaboration Service provides a connection between your organization's instant messaging server and the collaboration client onBlackBerry devices.
BlackBerry Configuration Database	The BlackBerry Configuration Database is a relational database that contains configuration information that BlackBerry Enterprise Servercomponents use. For example, the BlackBerry Configuration Databaseincludes the following information: ·         details about the connection from a BlackBerry Enterprise Server to the wireless network ·         user list ·         address mappings between PINs and email addresses for BlackBerry MDS Connection Service push features
BlackBerry Controller	The BlackBerry Controller monitors BlackBerry Enterprise Servercomponents and restarts them if they stop responding.
BlackBerry Dispatcher	The BlackBerry Dispatcher compresses and encrypts all data thatBlackBerry devices send and receive. The BlackBerry Dispatcher sends the data through the BlackBerry Router, to and from the wireless network.
BlackBerry MDS Application Console	The BlackBerry MDS Application Console is a web-based administration console that you can use to manage BlackBerry MDS Runtime Applications and BlackBerry® Browser Applications that reside in the BlackBerry MDS Application Repository. You can use the BlackBerry MDS Application Consoleto send requests to a BlackBerry MDS Integration Service to install, update, and manage BlackBerry MDS Runtime Applications and BlackBerry Browser Applications on BlackBerry devices.
BlackBerry MDS Connection Service	The BlackBerry MDS Connection Service permits users to access web content, the Internet, or your organization's intranet, and also permits applications on BlackBerry devices to connect to your organization's application servers or content servers for application data and updates.
BlackBerry MDS Integration Service	The BlackBerry MDS Integration Service provides application-level integration for BlackBerry MDS Runtime Applications and BlackBerry Browser Applications on BlackBerry devices. You can use the BlackBerry MDS Integration Service to install BlackBerry MDS Runtime Applications andBlackBerry Browser Applications on BlackBerry devices. The BlackBerry MDS Application Repository is a service hosted by theBlackBerry MDS Integration Service. The BlackBerry MDS Application Repository stores BlackBerry MDS Runtime Applications and BlackBerry Browser Applications. Your organization's developers can create and publish BlackBerry MDS Runtime Applications using the BlackBerry® MDS Studio or the BlackBerry® Plug-in for Microsoft® Visual Studio® developer tools. Your organization's developers can create BlackBerry Browser Applications using standard text editors and publish BlackBerry Browser Applications in the BlackBerry MDS Application Repository using the BlackBerry MDS Application Console.
BlackBerry Messaging Agent	The BlackBerry Messaging Agent connects to your organization's messaging server to provide messaging services, calendar management, address lookups, attachment viewing, attachment downloading, and encryption key generation. The BlackBerry Messaging Agent also acts as a gateway for the BlackBerry Synchronization Service to access organizer data on the messaging server. The BlackBerry Messaging Agentsynchronizes configuration data between the BlackBerry Configuration Database and user mailboxes.
BlackBerry Monitoring Service	The BlackBerry Monitoring Service is a web-based application that is designed to help you monitor your organization's BlackBerry Domain. Administrators can use the BlackBerry Monitoring Service to troubleshoot issues and proactively monitor the health of your organization's BlackBerry Domain.
BlackBerry Monitoring Servicedatabase	The BlackBerry Monitoring Service database stores information that it collects about your organization's BlackBerry Enterprise Serverenvironment in a Microsoft® SQL Server® database for 57 weeks. You can access the information from the database using standard SQL call operations.
BlackBerry Policy Service	The BlackBerry Policy Service performs administration services over the wireless network. It sends IT policies and IT administration commands and provisions service books. IT policies and IT administration commands define BlackBerry device security, settings for synchronizing data over the wireless network, and other configuration settings on BlackBerry devices. The BlackBerry Policy Service also sends service books to configure settings for features and components on BlackBerry devices.
BlackBerry Router	The BlackBerry Router connects to the wireless network to send data to and from BlackBerry devices. It also sends data over your organization's network to BlackBerry devices that are connected to computers that host the BlackBerry® Device Manager.
BlackBerry Synchronization Service	The BlackBerry Synchronization Service synchronizes organizer data between BlackBerry devices and the messaging server over the wireless network.
BlackBerry® Web Desktop Manager	The BlackBerry Web Desktop Manager is a web-based application that permits users to manage their BlackBerry devices. For example, users can activate BlackBerry devices, back up and restore data, select messaging options, synchronize data, and install applications. The BlackBerry Web Desktop Manager includes the BlackBerry Device Manager.
organization's application server or content server	Your organization's application server or content server provides push applications and intranet content that the BlackBerry MDS Services use.
instant messaging server	The instant messaging server stores instant messaging accounts.
messaging server	The messaging server stores email accounts.
user's computer with the BlackBerry Device Manager	The user's computer that hosts the BlackBerry Device Manager permits users to connect their BlackBerry devices to their computers using a serial or USB connection. The BlackBerry Enterprise Server and BlackBerrydevices use the connection to send data between them. Data traffic from BlackBerry devices bypasses the wireless network whenBlackBerry devices are connected to users' computers. The BlackBerry Device Manager connects to the BlackBerry Router, which sends data directly to BlackBerry devices. Users can install the BlackBerry Device Manager when they install theBlackBerry® Desktop Software or at another time. The BlackBerry Device Manager is an optional component, but it is required to support a bypass connection to the BlackBerry Router.