It was a decade or more ago that the BlackBerry mobile email device really changed the mobile user’s experience. At the time, you needed the BlackBerry for email and a mobile phone for voice, but it sure wasn’t long before RIM was able to migrate from the standalone packet data services and execute an integrated email/phone device as the original smartphone using the GSM or CDMA mobile operator networks.

bes3The power of their model was the careful relationships established between mobile operators, users and IT departments. Users just wanted their emails with them all the time. IT was told to go get the BES software and make it work, which of course they did. There are now some 28.5 million BlackBerry users (as of May 30, 2009). Mobile operators share the revenues of the monthly BlackBerry service fee with RIM. The BES sits adjacent to the company’s email server farm and polls the supported users’ email inboxes for undelivered mail. Any undelivered messages including attachments are compressed and encrypted by the BES and forwarded to the appropriate BlackBerry Data Centers in Waterloo Canada, Plano TX, London UK and Asia, where your message is passed over a dedicated MPLS virtual circuit to your favorite mobile operator. They do a lookup on their HLR-VLR databases to determine if you are within their network footprint or roaming, and then forward the message to the appropriate service provider or to your BlackBerry directly. The reverse path is followed when you send an email so that your enterprise email account has a record of your reply, generated from your BlackBerry.

[span class=inset-left]BlackBerry Enterprise Server 5.0 is the latest release from RIM, which introduces several major upgraded capabilities centered around high availability, security and management tools to improve the reliability of the BlackBerry email and data service.[/span] The BES 5.0 server software is optimized for your firm’s chosen brand of email server – Exchange, Notes or GroupWise. Administrators use a web-browser, pointed at the BES to perform administration, management and engineering tasks. The administrator function can be apportioned to the specific roles of specific administrator classes, as appropriate. For example, help desk people can be segmented as a certain class of BlackBerry Administration Service user provided only the tools to add a user, reset a user’s password or data-wipe a lost or stolen BlackBerry remotely. These classes of users are called groups in the BES nomenclature, and common features and capabilities are defined for each group. Controlled access to powerful system-wide features are not only wise, but also contributed to higher reliability, something that this release is totally about.

Security policies can be established through a simple process of creating the policy object, giving it a name and then assigning attributes to it. Among the predefined security attributes include the selection of basic password security policy that requires users to have passwords to login to the BlackBerry with change management timers and the maximum attempts before lockout. The Medium Password Security policy applies the basic password option above and turns off Bluetooth technology as an enterprise-wide policy. More sophisticated security features such as Advanced Security policy defines the requirement for a complex password, periodic changes, maximum attempt lockout, Bluetooth restrictions, disables USB mass storage support and requires the encryption of external files such as email attachments. And, there are more, ever-tighter security options too.

In support of high availability service, the browser-based BAS allows the definition of primary and standby BES. Each of these servers exchange health information such that whenever some threshold of service degradation occurs the services will switch roles, unless the standby server is not able to operate effectively. All administrative and policy changes implemented on one server are instantly available on the standby. With the click of a mouse, the administrator can also institute a manual switchover so that maintenance can be performed without service degradation and without the nasty midnight-2 am scheduled windows.

Push apps to users too

Administrators can create software configuration objects that accept specific applications and attributes such as the prerequisites, the scope of user groups and schedule. The object leverages the push-email technology to signal the appropriate BlackBerries to automatically accept the new software. This OTA technique seamlessly updates BlackBerry users without their intervention or knowledge for that matter. Taking the user out of the maintenance equation means that maintenance happens more quickly and that there are fewer helpdesk calls and complaints as users used to struggle with their self-administered maintenance. As well, application automation workflows or jobs can be similarly defined, scheduled, prioriitized and executed. The BAS also enables thresholds of a maximum number of jobs or tasks so that the mobile business will not stop while all BlackBerries update, for example. Management tools for reporting, statistics and server status and configuration that mobile users depend on are also available in the AJAX-supported BAS.

RIM has learned a lot from the company’s recent and infamous outages. The latest release of BES certainly takes many of those lessons and implements them for enterprise administrators and BlackBerry users. RIM has also implemented a BlackBerry Enterprise Transporter that moves users en masse to another domain. In some maintenance procedures, it is necessary to move users to a new domain and this feature can automatically execute that process. Users can also seamless move between production and test environments which no doubt reduces risk of developer contamination of production with incomplete product.