Implementing BlackBerry in an Exchange Environment

  • Article

In many large organizations, the infamous BlackBerry has almost become de rigueur among executives. Increasingly, Exchange organizations may find that senior management has requested them get BlackBerry up and running--quickly.

In this article I will discuss issues of interest to those who want to know more about how BlackBerry works with Exchange. If you are implementing BlackBerry, the key items outlined in this article will help you get a jump start.

How BlackBerry Enterprise Server works with Exchange

Let’s get down to the details. A BlackBerry implementation, in most large organizations, will be using—

 

- A BlackBerry Enterprise Server (BES)

- A carrier that provides a BlackBerry wireless service

- BlackBerry handhelds

A BlackBerry Enterprise Server by Research in Motion acts as a proxy between a user’s Exchange mailbox and the handheld. BES pulls emails from an Exchange mailbox and pushes them over a cellular data network to the BlackBerry handheld device.

 

Here is how the flow of email works. Once a BES is installed on a Windows server and user accounts are added to it, users can install the BlackBerry Desktop Manager software with their handheld cradled to their workstation. After the users are set up, the BES monitors each Exchange mailbox using a persistent MAPI connection. When a new message appears in the user’s mailbox--

1. BES picks up a plain text copy of the message.

2. Using a private key stored in the user’s mailbox, BES encrypts the message using a triple DES algorithm.

3. BES sends the message over the internet to Research in Motion who routes it to the user’s cellular carrier.

4. The carrier sends the message to your device using its PIN number.

5. When the message is opened on the BlackBerry, it is decrypted using the same private key.

BlackBerry does some unusual things that you will want to know about. When the BlackBerry Desktop Manager software is installed, it creates a hidden folder in the user’s mailbox. An encryption key unique to the user is stored there, as well as desktop software settings.

 

When installing the BES, you will need a mail-enabled service account. The Exchange mailbox for the BlackBerry account acts as a kind of database which stores the list of user mailboxes to monitor and the list of BES servers in your environment. This mailbox is critical to BlackBerry—if it is unavailable for any reason, BlackBerry will no longer deliver mail. In addition, BES also uses a real database. Either MSDE or SQL Server will be used to store Client access licenses, policy information, and data for the BES management console. Version 4.0 now uses SQL or MSDE to store all its configuration settings.

 

Exchange Rights. You are probably wondering what rights the BlackBerry service account needs for accessing mailboxes. Exchange administrators may not be happy about it, but the BlackBerry account needs the following rights:

 

Administrative Group or Organization Level

View Only Administrator

Store Level

Administer Information Store

Send As

Receive AS

Local Rights

Administrator

 

Firewall Ports. Of course, BES needs a connection to RIM across the Internet so it requires an open port on your firewall.  You will need to open port 3101 as an outbound connection to connect to the RIM network—the server initiates a persistent connection to RIM. Research in Motion does not recommend putting the BES in a perimeter network (DMZ).

 

BES uses the cdo.dll and mapi32.dll. To avoid problems, you will need to ensure that you have on the BES the cdo.dll of the newest version of Exchange that is running in your environment. For example, if you are running Exchange 2003 SP1, be sure you have the cdo.dll and mapi32.dll from that version on your BES. If you do not, you may experience odd problems, particularly with calendars.

 

Standarizing. Standardize firmware and software versions on the devices--manage them as you would your laptops. Roll out upgrades as you would for any managed release.

 

Using BES over a WAN. If at all possible, keep the BlackBerry Enterprise Sever on the same physical site as the Exchange servers. Because BlackBerry uses MAPI, running it over a WAN can cause connections to hang and affect the BlackBerry server. It can be done, but requires attention to the effect of BES on network traffic.  The number of mailboxes it connects to, the amount and frequency of email, and of course business-critical applications that require a known amount of bandwidth--all must be considered.

 

Training. Training is extremely important. BlackBerrys are different from PDAs, yet users expect them to work like a PDA. It is common for users to have trouble getting used to the BlackBerry keyboard. Give VIPs one-on-one training. If you have special on-site staff that supports VIPs, be sure to train them well on BlackBerry. You don’t want to be spending two hours on the phone with the CIO trying to find out why she is not getting her email.

 

Whether or not you like BlackBerry or its architecture, you may find that executives in your company are demanding that it be implemented. Once installed, it grows quickly, so plan your implementation carefully.