24
BLACKBERRY ENTERPRISE SERVER INSTALLATION GUIDE Prepared by Muhammad Waqas Sr. Blackberry Support Engineer
BLACKBERRY ENTERPRISE SERVER INSTALLATION GUIDE
Prepared by
Muhammad Waqas
Sr. Blackberry Support Engineer
TABLE OF CONTENTS BES Installation
Planning of a BES installation System Requirement Best Practices Database Requirement BlackBerry Service account & mailbox Installing the BES Software
Hosted Blackberry Enterprise Server Comparing BES 4.1.6 and 5.0
PLANNING OF A BLACKBERRY ENTERPRISE SERVER INSTALLATION Installing the BES components on same computer:
You can install all BlackBerry Enterprise Server components on one computer, or you can install specific components on separate computers.
Consider installing all components on one computer if you do not plan to activate many BlackBerry devices, if you have determined that the computer can handle the traffic volume for the BlackBerry Enterprise Server components, or if you do not mind that the computer has direct access to the wireless network.
PLANNING OF A BLACKBERRY ENTERPRISE SERVER INSTALLATION Installing the BES components on separate computers:
BlackBerry Attachment Service Converts supported attachments into a format that users can
view on their BlackBerry devices BlackBerry Collaboration Service
Provides an encrypted connection between your organization's instant messaging server and the collaboration client on the BlackBerry device
BlackBerry Manager Allows administrators to manage a BlackBerry® Domain
BlackBerry MDS Connection Service Provides users with access to online content and applications
on the corporate intranet or the Internet BlackBerry MDS Integration Service
Provides connectivity between the BlackBerry MDS Runtime Application on BlackBerry devices and enterprise applications
BlackBerry Router Connects to the wireless network and routes data to and from
BlackBerry devices
SYSTEM REQUIREMENTS FOR BLACKBERRY ENTERPRISE SERVER
Components RequirementsHardware • Intel® Pentium® IV processor (2 GHz or higher)
• 1.5 GB RAM• 60GB Available Hard Disk space
Environment It is not recommended to put the BlackBerry Enterprise Server in the DMZ
Software • Windows® 2000 SP4 Server or Advanced Server• Windows Server® 2003 or later• Windows Server 2003 or later (64-bit)• Windows Server 2003 R2 SP2• Windows Server 2003 R2 SP2 (64-bit)• Windows® Small Business Server 2003 Standard or Premium• Microsoft Internet Explorer 6.0 or higher
Firewall Your corporate firewall settings must allow the BlackBerry Enterprise Servercomputer to initiate a TCP/IP connection to the RIM Relay on outbound port 3101Your corporate firewall must be able to resolve internet addressing using DomainName System(DNS) srp.eu.blackberry.net
Messaging • Microsoft® Exchange version 5.5• Microsoft Exchange 2000• Microsoft Exchange 2003 or later• Microsoft Exchange 2007• Microsoft Exchange mixed environment (any combination of Microsoft• Exchange version 5.5, Microsoft Exchange 2000, Microsoft Exchange 2003, and Microsoft Exchange 2007)
BEST PRACTICES A separate physical server is required for the
Blackberry Enterprise Server. The BES CANNOT be installed on a Domain
Controller or Exchange Server. The service account creates a MAPI connection with the Exchange Server, having the BES on the same machine would conflict with the actual Exchange Server.
It is recommended to install the BES on a separate machine, which should be on the same VLAN as the e-mail server.
The service account should NOT be part of the Domain Admin Group
It is recommended to add the service account to the Domain Users group only.
DATABASE REQUIREMENT
All configuration data like email-to-pin mapping, user profiles, IT policies etc are stored in the database. The MDSE although being easily installed, and difficult to manage and control. Database backup is not very easy to do, and in case of failures, recovering the database would be a tedious task.
It is recommended to install SQL Server. Taking database backup, recovering databases after failures or troubleshooting permissions would be easier and more identifiable.
CREATING A BLACKBERRY SERVICE ACCOUNT & MAILBOX
While logged into Active Directory® as Microsoft Exchange administrator, create an account with the following attributes : Name : BESAdmin User location: Select the Create an Exchange mailbox
check box. Assign Local Administrator Permissions
1. Log in to the BlackBerry Enterprise Server machine using an administrator account.
2. On the taskbar, click Start > Settings > Control Panel > Administrative Tools > Computer Management.
3. Expand the System Tools object, and then click Local Users and Groups.
4. Click Groups.5. Double-click the Administrators group.6. In the Administrators Properties dialog box, click Add.7. From the Name list, select the service account. Click Add.8. Click OK. The name appears in the Members list as
confirmation that it was added to the Administrators group.
9. Click OK to return to the main Computer Management window.
Assigning Exchange Permissions
Grant the BlackBerry Enterprise Server administration account the View Only Administrator permission to enable read access of the Microsoft Active Directory®:
Open the Microsoft Exchange System Manager.
1. Right-click an administrative group folder and select Delegate control.
2. Click Next. 3. Click Add. Click Browse. 4. Select your BlackBerry Enterprise Server administration
account from the list and click OK. 5. In the Delegate Control dialog box, select Exchange View
Only Administrator from the drop-down list and click OK.
Grant Send As, Receive As, and Administer Information store Permissions
1. In the Microsoft Exchange System Manager, expand Administrative Groups.
2. Right-click the Exchange Server(s) that will be hosting the BlackBerry® users’ mailboxes.
3. Click Properties.
4. Click the Security tab.
5. Click Add.
6. Select the BlackBerry Enterprise Server administration account.
7. In the Permissions window, verify that Send As, Receive As, and Administer Information store permissions are granted.
NETWORK ENVIRONMENT SETTINGS
1. The Corporate firewall setting must allow the Blackberry Enterprise Server computer to initiates a TCP/IP connection to RIM Relay on outbound port 3101.
2. Verify the corporate firewall can resolve Internet addresses using the Domain Name System (DNS). srp.eu.blackberry.net
3. The connection through port 3101 is outbound-initiated, bi-directional.
INSTALLING THE BES SOFTWARE Applications installed with the BlackBerry Enterprise
Server components
Item Version Components with which this item is installed
J2SE™ Runtime Environment
5.0 update 9
ALL
JRE™ 16 • BlackBerry® MDS Connection Service• BlackBerry Collaboration Service
Microsoft® XML Parser
4.0 SP2 • BlackBerry Messaging Agent• BlackBerry Attachment Service• BlackBerry Manager• BlackBerry Router
Microsoft® .NET Framework
1.1 or 1.1 SP1
• BlackBerry Messaging Agent• BlackBerry Manager• BlackBerry Collaboration Service
MSDE database 2000 BlackBerry® Enterprise Server
PREREQUISITES: INSTALLING THE BLACKBERRY ENTERPRISE SERVER
Item Requirement
credentials from the BlackBerryEnterprise Server installation media
• CAL key• SRP identifier• SRP key • SRP host
installation credentials from yourEnvironment
• Computer name and port number of the instant messaging server (use the virtual server name and port number where the AJAX Service is installed, if applicable)• Computer name and port number of the proxy server (optional)
allowed lists for anti-virus and anti-spam software applications
Add the blackberry.net domain to the allowed lists in the anti-virus and anti-spam software applications that the messaging server or gateway uses.
INSTALLATION PROCESS
1. Log in to the computer using the BESAdmin account that you created.
2. In the BlackBerry® Enterprise Server installation media, double-click the setup.exe file.
3. Complete the instructions on the screen.
4. When prompted to restart the computer, click Yes.
5. Log in to the computer using the same account that you used in Step 1 to start the setup application.
6. Complete the instructions on the screen.
HOSTED BES Hosted BlackBerry Enterprise Server is the ideal wireless
solution for businesses that have already embraced subscription-based, outsourced services or are looking to grow beyond their current email/mobility solution. The best prospects for Hosted BlackBerry Enterprise Server are companies that:
Cannot afford to support in-house email and mobility solutions. Hosted BlackBerry Enterprise Server allows them to access enterprise grade functionality on a per month, per user pricing basis.
Have already outsourced their email systems. Hosted BlackBerry Enterprise Server seamlessly integrates with their corporate email and provides wireless access to email and organizer functionality.
Wish to smartly apply their financial resources. Hosted BlackBerry Enterprise Server allows them to spend on their core business without any upfront software costs while paying as they go for wireless capabilities.
COMPARING BES 4.1.6 AND 5.0BES 4.1.6 BES 5.0
Access to Regular Exchange Email - Send/Receive Email Wirelessly
Yes Yes
Push Message Delivery Yes Yes
Wireless Email Reconciliation Yes Yes
Sent Item Synchronization Yes Yes
Wireless email settings Yes Yes
Wireless email reconciliations Hard-Delete support
Yes Yes
Email Server Search and Download Yes Yes
HTML Support Yes Yes
Device Side Folder Management No Yes*
Flag for Follow Up No Yes*
* BlackBerry Device Software v5.0 or higher required
BES 4.1.6 BES 5.0
Instant Messaging
Support for Windows® Messenger Yes Yes
Support for Microsoft® Office Communications Server 2007 Yes Yes
IM Contact Linking to Address Book Contact
Yes Yes
Emoticons Yes Yes
Calendar/PIM
Forward Calendar Entries No Yes*
Calendar Attachment Support No Yes*
Synchronization of Public and Private Contacts
No Yes*
Synchronization of Multiple Contact Folders
No Yes*
Free/Busy Availability Lookup Yes Yes
Remote Address Lookup Yes Yes
Wireless Calendar Synchronization Yes Yes* BlackBerry Device Software v5.0 or higher required
BES 4.1.6 BES 5.0
Attachments
Attachment Service Support for .ZIP Yes Yes
Attachment Service Support Image Viewing (JPG, BMP, GIF, PNG and TIFF) Yes Yes
Attachment Edit (.DOC, .PPT) Yes Yes
Support for Audio WMA Files No Yes
Support for Open Document Text (ODT) No Yes
Corporate Data Access
BlackBerry Browser Yes Yes
BlackBerry® Browser JavaScript® v1.3 Support
Yes Yes
BlackBerry® Browser Enhancements (Enhanced HTML Tables Support, Ability to Email a URL, Animated GIF Support)
Yes Yes
Remote File Explorer No Yes*
* BlackBerry Device Software v5.0 or higher required
BES 4.1.6 BES 5.0
Device Choice
Support for devices with BlackBerry® Connect™ software and BlackBerry® Built-In™ software
Yes Yes
Enterprise Device Authorization Yes Yes
Support
Automatic Wireless Backup of Smartphone Data
Yes Yes
On-Device Help Yes* Yes*
Ability to Delete BlackBerry Applications from the Smartphone
Yes Yes
Archiving SMS, PIN-to-PIN and Call Logs Yes Yes
* Supported by Java-enabled devices with 16MB or more memory only
IT FEATURESBES 4.1.6 BES 5.0
Security
End-to-end Security Yes Yes
Triple DES Encryption Support Yes Yes
AES Encryption Support Yes Yes
Support for Secure/Multipurpose Internet Mail Extensions (S/MIME)
Yes Yes
Device Content Protection, Content Compression
Yes Yes
Wireless Encryption Key Regeneration Yes* Yes*
* BlackBerry Device Software v2.7 or higher (C++ enabled handhelds) OR BlackBerry Device Software v4.0 or higher (Java-enabled devices)
IT FEATURESBES 4.1.6 BES 5.0
Deployment
Automated BlackBerry® Desktop Software Deployment (Silent Install)
Yes Yes
Cradle-less Provisioning Yes Yes
BlackBerry Router® and BlackBerry® Device Manager
Yes Yes
Wireless Third Party Application Provisioning and Control
Yes* Yes*
* BlackBerry Device Software v4.0 or higher (10MB or higher, Java-enabled devices)
IT FEATURESBES 4.1.6 BES 5.0
Management and Administration
BlackBerry® Enterprise Server Management Console
Yes Yes
Web-Based BlackBerry® Adminstration Service Console
No Yes
Multiple BlackBerry Enterprise Server Instances on One Physical Machine
Yes Yes
Wireless IT Policies and Commands Yes* Yes*
Support for Microsoft® Exchange 2007 Yes Yes
Custom Roles with Different Levels of Access According to Employee's Roles and Permissions
No Yes
Built in Monitoring with Threshold Analysis Tool and Maintenance Window Support
No Yes
* BlackBerry Device Software v2.5 or higher (C++ enabled handhelds) OR BlackBerry Device Software v3.6 or higher (Java enabled handhelds)
IT FEATURESBES 4.1.6 BES 5.0
BlackBerry® Monitoring Service Dashboards View *
No No
Handheld BlackBerry® Monitoring Service Dashboards Views (browser-based)1
No No
Job Management for Applications No Yes
Throttling No Yes
Scheduled Upgrades No Yes
BlackBerry® Enterprise Transporter No Yes
High Availability No Yes
Enhanced Enterprise Activation Diagnostics/Troubleshooting
No Yes
Active Directory Resource Forest Authentication Support *
No No
Automatic Domain Controller Discovery * No No
* This is available in BES 5.0 with Service pack 1
