Home » Blackberry Manuals » Computer Software » Blackberry PRD-10459-035 » Manual Viewer

Blackberry PRD-10459-035 Administration Guide - Page 14

Configuring security options

View all Blackberry PRD-10459-035 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

Administration Guide Configuring security options Configuring security options 2 How the BlackBerry Enterprise Solution encrypts data on the transport layer The BlackBerry® Enterprise Solution uses a symmetric key encryption algorithm (Triple DES or AES) to protect all data that the BlackBerry® Enterprise Server and a BlackBerry device send between them. The BlackBerry Enterprise Solution uses the symmetric key encryption algorithm to create message keys and master encryption keys, and uses those encryption keys to encrypt all data that the BlackBerry device sends or receives, while the data travels between the BlackBerry device and the BlackBerry Enterprise Server. This data encryption process occurs automatically and is designed to verify that a message that a user sends from a BlackBerry device, which is outside the organization's firewall, remains protected on the transport layer until the BlackBerry Enterprise Server receives the message. Symmetric key encryption algorithms that the BlackBerry Enterprise Solution uses Encryption type AES Description • uses the AES algorithm to encrypt and decrypt all of the data that the BlackBerry Enterprise Server and BlackBerry devices that are associated with the BlackBerry Enterprise Server send between each other • designed to use a longer encryption key to provide a better combination of security and performance than Triple DES • designed to protect user data and encryption keys from traditional attacks and side-channel attacks • requires BlackBerry® Desktop Software version 4.0 or later and BlackBerry® Device Software version 4.0 or later Change the encryption type 1. In the BlackBerry® Manager, in the left pane, click a BlackBerry® Enterprise Server. 2. On the Server Configuration tab, click Edit Properties. 3. Click General. 4. In the Security section, click Encryption Algorithm. 12

Section	Page
Creating administrator accounts	11
Administrative roles	11
Creating a BlackBerry Enterprise Server administrator in a Microsoft SQL Server environment	12
Assign an administrative role to a new or existing Microsoft SQL Server database account	12
Configure the BlackBerry Manager to use database authentication in a Microsoft SQL Server environment	13
Configuring security options	14
How the BlackBerry Enterprise Solution encrypts data on the transport layer	14
Symmetric key encryption algorithms that the BlackBerry Enterprise Solution uses	14
Change the encryption type	14
Generating organization-specific encryption keys for PIN message encryption	15
Generate a new peer-to-peer encryption key	15
Authenticating the BlackBerry MDS Integration Service to the BlackBerry Manager and web services	15
Allow the BlackBerry MDS Integration Service to communicate with the BlackBerry Manager	16
Allow client authentication between the BlackBerry MDS Integration Service and web services	16
Setting up proxy servers for BlackBerry Enterprise Server components	18
Configuring certain BlackBerry Enterprise Server components to use proxy servers	18
Configure a BlackBerry Enterprise Server component to use a .pac file	18
Configure a BlackBerry Enterprise Server component to use a proxy server	19
Configure a BlackBerry Enterprise Server component to authenticate to a proxy server on behalf of BlackBerry devices	19
Sharing BlackBerry Enterprise Server components	21
Configuring multiple BlackBerry Enterprise Server instances to use the same BlackBerry Enterprise Server component	21
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Connection Service	21
Configure multiple BlackBerry Enterprise Server instances to use the same BlackBerry MDS Integration Service	22
Configuring user accounts	23
Adding user accounts to the BlackBerry Enterprise Server	23
Add user accounts to the BlackBerry Enterprise Server	23
Creating user groups	23
Create a user group	23
Add a user account to a user group	24
Sending software and BlackBerry Java Applications to BlackBerry devices	25
Making BlackBerry Device Software and Java applications available to users	25
Making software and applications available on a network drive	25
Install the BlackBerry Device Software on a network drive	25
Add a Java application to a network drive	26
Add the BlackBerry MDS Runtime to a network drive	26
Indexing applications on a network drive	26
Create or update a software index for applications on a network drive	26
Share a network drive for applications	27
Defining software configurations	27
Create a software configuration	27
Define an application control policy	28
Assign an application control policy to an application	28
Assign a software configuration to a user group	29
Assign a software configuration to a user account	29
Send an application to a BlackBerry device over the wireless network	29
Monitor wireless application push failures	30
Error messages: Wireless application push	30
Install the BlackBerry Device Software or BlackBerry Applications on a BlackBerry device using the BlackBerry Manager	32
Making BlackBerry MDS Runtime Applications available to users	34
Creating BlackBerry MDS Runtime Applications and sending them to BlackBerry devices	34
Preparing BlackBerry devices to install BlackBerry MDS Runtime Applications	36
Configuring access to web services and managing signed and unsigned applications	37
Allow BlackBerry MDS Runtime Applications to access web services using HTTPS	37
Define a BlackBerry MDS Runtime Application as a trusted application	37
Configure whether users can install unsigned BlackBerry MDS Runtime Applications on BlackBerry devices	38
Configuring how users access and use BlackBerry MDS Runtime Applications	38
Create a BlackBerry MDS Integration Service device policy	38
Assign a BlackBerry MDS Integration Service device policy to a user group	39
Assign a BlackBerry MDS Integration Service device policy to a specific user	39
Sending BlackBerry MDS Runtime Applications and BlackBerry Browser Applications to BlackBerry devices	40
Install a BlackBerry MDS Runtime Application on BlackBerry devices	40
Install a BlackBerry MDS Runtime Application on a specific BlackBerry device	40
Applying an application control policy to a BlackBerry MDS Runtime Application	41
Add the application launcher file for a BlackBerry MDS Runtime Application to the network drive	41
Assign an application control policy to a BlackBerry MDS Runtime Application	42
Configuring how users access enterprise applications and web content	44
Specifying a BlackBerry MDS Connection Service as the central push server	44
Specify the central push server	44
Configuring how BlackBerry devices authenticate to content servers	44
Configure how BlackBerry devices authenticate to content servers	45
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use NTLM	45
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use Kerberos	46
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to content servers that use LTPA	46
Configure the BlackBerry MDS Connection Service to authenticate BlackBerry devices to the RSA Authentication Manager	46
Configuring how the BlackBerry MDS Connection Service manages requests for web content	47
Configure the BlackBerry MDS Connection Service to manage HTTP cookie storage	47
Configure the timeout limit for HTTP connections with BlackBerry devices	48
Configure the timeout limit for HTTP connections to web servers	48
Configure the maximum number of times that the BlackBerry Browser accepts HTTP redirections	48
Permitting push applications to make trusted connections to a BlackBerry MDS Connection Service	49
Create a key store to store certificates for use with HTTPS connections	49
Add a certificate for the BlackBerry MDS Connection Service	49
Export the BlackBerry MDS Connection Service certificate to make it available to push applications	50
Import the BlackBerry MDS Connection Service certificate to the key store of a push application	50
Configuring a BlackBerry MDS Connection Service to trust web servers	51
Allow BlackBerry devices to connect to untrusted web servers	51
Configure the BlackBerry MDS Connection Service to retrieve certificates for web servers	51
Configure the BlackBerry MDS Connection Service to retrieve the status of certificates for web servers	52
Add a retrieved certificate for a web server to the key store	53
Configuring how the BlackBerry MDS Connection Service connects to BlackBerry devices	53
Specify the maximum amount of data that the BlackBerry MDS Connection Service can send to BlackBerry devices	53
Specify the pending content timeout limit for the BlackBerry MDS Connection Service	53
Allow Java applications to use persistent socket connections with the BlackBerry MDS Connection Service	54
Specify the thread pool size of the BlackBerry MDS Connection Service	54
Specify the maximum number of persistent socket connections	54
Specify the port number that the web server listens on for push application requests	55
Specify how often the BlackBerry MDS Connection Service polls for configuration information	55
Assigning BlackBerry devices to users	56
Assigning BlackBerry devices to user accounts	56
Option 1: Activate a BlackBerry device using the BlackBerry Manager	56
Option 2: Activating BlackBerry devices over the wireless network	56
Managing administrator accounts	59
Assign a BlackBerry Enterprise Server administrator to a different administrative role	59
Delete an administrator account from a BlackBerry Enterprise Server	59
Controlling the BlackBerry Enterprise Solution	60
Controlling BlackBerry device access to the BlackBerry Enterprise Server	60
Turn on the Enterprise Service Policy	60
Permit a user to override the Enterprise Service Policy	61
Controlling BlackBerry device behavior using IT policies	61
Create an IT policy	61
Assign an IT policy to a group of users	62
Assign an IT policy to a user account	63
Enforcing IT policy changes over the wireless network	63
Deactivating BlackBerry devices without applied IT policies	64
Changing the default behavior of BlackBerry devices and the BlackBerry Desktop Software	65
Returning to the default behavior of BlackBerry devices and the BlackBerry Desktop Software	66
Creating new IT policy rules to control third-party applications	66
Managing user accounts	68
Managing user groups	68
Change the properties of a user group	68
Rename a user group	68
Delete a user group	69
Managing user accounts	69
Move a user account to a different user group	69
Move a user account out of a user group	69
Move a user account from one BlackBerry Enterprise Server to another	70
Delete a user account from the BlackBerry Enterprise Server	70
Protecting and reassigning BlackBerry devices	71
Protecting lost, stolen, or replaced BlackBerry devices	71
Protect a lost BlackBerry device	71
Protect a lost BlackBerry device that a user might recover	72
Protect a stolen BlackBerry device	72
Reissuing BlackBerry devices to new users	72
Preparing a BlackBerry device for redistribution	73
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices	74
Managing BlackBerry Java Applications on BlackBerry devices	74
Upgrade an application on a BlackBerry device over the wireless network	74
Remove applications from BlackBerry devices over the wireless network	74
Change an application control policy	74
Managing software configurations	75
Delete a software configuration from a user account	75
Create a software configuration based on an existing software configuration	75
Managing attachment support	76
Changing how a BlackBerry Attachment Service converts attachments	76
Optimize how the BlackBerry Attachment Service converts attachments	76
BlackBerry Attachment Service optimization settings	77
Change the maximum file size for attachments that users can receive	78
Suggested file sizes for attachments	78
Change the maximum dimensions for image attachments that users can view	78
Changing how the BlackBerry Messaging Agent reconciles attachments to the messaging server	79
Change the maximum file size for attachments that users can send	79
Prevent users from sending large attachments	80
Change the maximum file size of attachments that users can download	80
Turn off support for an attachment file format	80
Add support for additional attachment file formats	81
Managing BlackBerry MDS Runtime Applications and BlackBerry Browser Applications	82
Upgrade a BlackBerry MDS Runtime Application on BlackBerry devices	82
Remove a trusted certificate from the BlackBerry MDS Integration Service	83
Making installed BlackBerry MDS Runtime Applications unavailable on BlackBerry devices	83
Make an installed BlackBerry MDS Runtime Application unavailable on BlackBerry devices	83
Make an installed BlackBerry MDS Runtime Application available on BlackBerry devices again	83
Removing BlackBerry MDS Runtime Applications and BlackBerry Browser Applications	84
Make a BlackBerry MDS Runtime Application unavailable for installation	84
Remove an installed BlackBerry MDS Runtime Application from BlackBerry devices	84
Remove an installed BlackBerry MDS Runtime Application from a specific BlackBerry device	85
Configuring a new connection between a BlackBerry MDS Integration Service and a BlackBerry MDS Connection Service	85
Make a BlackBerry MDS Connection Service available to a BlackBerry MDS Integration Service	86
Make a BlackBerry MDS Connection Service unavailable to a BlackBerry MDS Integration Service	86
Managing how users access enterprise applications and web content	87
Restricting user access to content on web servers	87
Restrict requests for content on web servers from BlackBerry devices	87
Specify web address patterns	87
Create a pull rule	88
Restrict or allow web address patterns using a pull rule	88
Assign a pull rule to a user group	89
Assign a pull rule to a specific user	89
Restricting user access to media content in the BlackBerry Browser	89
Prevent users from accessing specific media types	90
Configure a maximum file size for media types	90
Restricting the push application content that users can receive	90
Restrict push applications from sending data to BlackBerry devices	91
Create push initiators for push applications	91
Turn on push authorization	92
Create a push rule	92
Assign push initiators to a push rule	93
Assign a push rule to a user group	93
Assign a push rule to a specific user	93
Encrypt push requests that push applications send to BlackBerry devices	94
Associate a push initiator with the BlackBerry MDS Integration Service	94
Managing push application requests	95
Specify device ports for application-reliable push requests	95
Store push application requests in the BlackBerry Configuration Database	96
Configure the settings for storing push requests in the BlackBerry Configuration Database	96
Configure the maximum number of active connections that the BlackBerry MDS Connection Service can process	96
Configure the maximum number of queued connections that the BlackBerry MDS Connection Service can process	97
Delete requests from the push request queue manually	97
Monitoring a BlackBerry Domain	98
How the BlackBerry Controller monitors the BlackBerry Enterprise Server components	98
Changing how the BlackBerry Controller monitors the BlackBerry Enterprise Server components and restarts services	98
Change how the BlackBerry Controller restarts the BlackBerry Messaging Agent	98
Change how the BlackBerry Controller restarts the BlackBerry Enterprise Server services	101
Monitoring the BlackBerry MDS Integration Service notification messages	102
Set up monitoring of the BlackBerry MDS Integration Service notification messages for a BlackBerry device	102
Monitor the BlackBerry MDS Integration Service notification messages for a BlackBerry device	103
Filter the BlackBerry MDS Integration Service notification messages by date and time	103
Block notification messages from a web services host	103
Remove all notification messages for the BlackBerry MDS Integration Service	104
Monitoring PIN messages, SMS text messages, and calls	104
Change the default location for the PIN message, SMS text message, and phone log files	104
Monitor PIN messages	104
Monitor SMS text messages	105
Turn off call logging	106
Log files for the BlackBerry Enterprise Server components	106
Changing where the BlackBerry Enterprise Server components write log files	106
Change the location where the BlackBerry Enterprise Server components write log files	106
Store all of the BlackBerry Enterprise Server component log files in one folder	107
Changing how the BlackBerry Enterprise Server components create log files	107
Add a prefix to the file names of all the BlackBerry Enterprise Server component log files	107
Configure the maximum size for a BlackBerry Enterprise Server component log file	107
Change the logging level for a BlackBerry Enterprise Server component	108
Create a new BlackBerry Enterprise Server component log file when the current log file reaches the maximum size	108
Change the identifier for a BlackBerry Enterprise Server component log file	109
Prevent a BlackBerry Enterprise Server component from creating a daily log file	109
Configure when to delete BlackBerry Enterprise Server component log files	109
Changing how the BlackBerry MDS Connection Service creates a log file	110
Change the logging level for the BlackBerry MDS Connection Service	110
Change the location where the BlackBerry MDS Connection Service writes log files	110
Change the interval at which the BlackBerry MDS Connection Service writes information to the log file	111
Change the logging level for the UDP log file	111
Change the port number that the BlackBerry MDS Connection Service connects to when sending UDP log file messages	111
Change the logging level for the TCP log file	112
Change the port number that the BlackBerry MDS Connection Service connects to when sending TCP log file messages	112
Change the logging level for the Event log file	112
Change which BlackBerry MDS Connection Service activities are written to the log file	113
Managing a BlackBerry Domain	115
Managing multiple BlackBerry Domain instances	115
Connect the BlackBerry Manager to a different BlackBerry Domain	115
Managing CAL keys	115
Add or delete a CAL key	116
Copy a license key to a text file	116
Glossary	117