Application Deployment, Security And Management Best Practices

Welcome to The Next Level BlackBerry Technical Seminar 2007

Application Deployment, Security and Management Best Practices Phil Roche Technical Account Manager Global Strategic Accounts

Agenda

Welcome to The Next Level BlackBerry Technical Seminar 2007

Overview of BlackBerry MDS and configuration Browser Applications •BlackBerry MDS Access Control •Where/What your users can connect to •Controlling Browser Applications Custom Java and third party Applications •Deployment •Software Configurations •Allow/Disallow Third Party Applications •Creating and managing Application Policies Managing Web Service Applications

Types of Applications that Leverage BlackBerry Welcome to The Next Level MDS v4.0 & BlackBerry MDS v4.1 BlackBerry Technical Seminar 2007

BlackBerry Browser – Request/Response • Access internal web sites or the Internet via BlackBerry MDS • Access existing HTML pages or design new optimized HTML or WML pages for BlackBerry users BlackBerry Browser – Push Applications • Develop custom server-side applications to push web pages, alerts or URL links to devices via MDS Custom Client / Server Applications: Java™ ME • Develop custom Java application for the device • Communicate with server-side applications on the intranet via BlackBerry MDS • Leverage push in custom server-side apps Client / Server Applications from Third Party Vendors • Third party vendor provides rich Java client for the device • May also provide server-side middleware for integration 5. Web Service Applications (new in BlackBerry MDS v.4.1)

BlackBerry MDS v4.0 & BlackBerry MDS v4.1 Architecture: Protocols & Connectivity

Welcome to The Next Level BlackBerry Technical Seminar 2007

HTTP and TCP connection requests utilize the existing BlackBerry Enterprise Server™ connection over port 3101 •Data sent between device and BlackBerry MDS looks just like BlackBerry email packets Device and MDS communicate using standard BlackBerry protocols plus the BlackBerry IP Proxy Protocol (IPPP) •IPPP service book required on device, provisioned when MDS is enabled BlackBerry MDS communicates with the requested web or application server using protocols requested by the application on the device BlackBerry MDS supports common protocols and mark up languages •Connections from the BlackBerry Browser: •HTTP, HTTPS •HTML, XHTML Basic, cHTML, JavaScript 1.3; WML, WML Script •Connections from Rich-Client Applications: •HTTP, HTTPS, TCP Sockets, SSL •Any Content Type (XML, Plain Text, Binary, etc.)

BlackBerry MDS v4.0 & BlackBerry MDS v4.1 Architecture: Security – Encryption & Authentication

Welcome to The Next Level BlackBerry Technical Seminar 2007

Data Encryption: •All browser or application traffic passing through BlackBerry MDS is 3DES or AES encrypted between the device and BlackBerry MDS •HTTPS (SSL/TLS) is also supported from the BlackBerry MDS to the destination web/application server Browser Authentication: •BlackBerry MDS also supports a variety of corporate authentication schemes: •HTTP Basic, Kerberos, NT LAN Manager (NTLM) •If authentication is required for internal web site access, user will be challenged for credentials •MDS can optionally cache credentials for future browsing sessions by that user •LTPA (Lightweight Third Party Authentication) Cookies for Domino and WebSphere •Web users can log on to an IBM® Lotus® Domino® or WebSphere server once and leverage Single Sign-On capabilities

BlackBerry MDS v4.0 & BlackBerry MDS v4.1 Architecture: Security – Using an HTTP Proxy

Welcome to The Next Level BlackBerry Technical Seminar 2007

BlackBerry MDS can be configured to pass connections through a proxy server

Proxy Authentication: •Automatic: Specify user ID and password for proxy server in BlackBerry MDS •Manual: User must enter credentials Proxy Auto Configuration (PAC) •Enables BlackBerry MDS to access intranet sites without going through proxy •PAC file must be on a web server that is accessible by BlackBerry MDS Support for URL Exclusion Lists

Agenda

Welcome to The Next Level BlackBerry Technical Seminar 2007

Overview of BlackBerry MDS and configuration Browser Applications •BlackBerry MDS Access Control •Where/What your users can connect to •Controlling Browser Applications Custom Java and third party Applications •Software Configurations •Allow/Disallow Third Party Applications •Creating and managing Application Policies Managing Web Service Applications

BlackBerry Browser Restricting Web Content

Welcome to The Next Level BlackBerry Technical Seminar 2007

Restriction Internet or Intranet Access •Proxy rules will also apply Set Rules to allow/deny specific sites or URL pattern Maintain by user or by group Restrict the resources that can Push to BlackBerry Users Authorize push initiators to only be able to push to a group of users

BlackBerry MDS Access Control Global Settings

Welcome to The Next Level BlackBerry Technical Seminar 2007

•To configure BlackBerry MDS to restrict URLs connecting to Intranet or Internet, you first must enable Pull Authorization for each BlackBerry Enterprise Server •Go to Connection Service Tab •Select Edit Properties •Select Access Control •Set Pull Authorization to true •Set Push Settings •Authentication •Authorization •Encryption

BlackBerry MDS Access Control Creating Rules

Create rules to allow/deny access to a specific URL Create a URL pattern •WWW* (default) •Sales.domain.com •Domain.com/sales Specify if the pattern is to allow or deny Apply these rules to individual Users or Groups Step by Step instructions in the Admin Guide

Welcome to The Next Level BlackBerry Technical Seminar 2007

MDS Access Control Managing push initiators

Create rules for Push initiators •Require authentication to Push •Limit users they can push to

Welcome to The Next Level BlackBerry Technical Seminar 2007

BlackBerry Browser Application Deployment

User Initiated •Provide URL •Email •Other Provided to User •Pushed to BlackBerry •Channel Push – pushed to main ribbon as new icon •Message Push – pushed to message list •Cache push – pushed to browser cache Other methods •User initiated subscription service

Welcome to The Next Level BlackBerry Technical Seminar 2007

URL Management Application

Welcome to The Next Level BlackBerry Technical Seminar 2007

A Sample application has been developed to manage the Push of Blackberry Browser applications • Channel push, message push, cache push • Define web content and deploy

Demo

Welcome to The Next Level BlackBerry Technical Seminar 2007

Restricting WEB Content and push initiators

Agenda

Welcome to The Next Level BlackBerry Technical Seminar 2007

Overview of BlackBerry MDS and configuration Browser Applications •BlackBerry MDS Access Control •Where/What your users can connect to •Controlling Browser Applications Custom Java and third party Applications •Deployment •Software Configurations •Allow/Disallow Third Party Applications •Creating and managing Application Policies Managing Web Service Applications

Java Applications Deployment

Old Methods Desktop Manager Wireless Download (.Jad file) New Methods Web Loader Software Configuration •Wirelessly pushing apps •Make them Required

Welcome to The Next Level BlackBerry Technical Seminar 2007

Web Loader

Welcome to The Next Level BlackBerry Technical Seminar 2007

Features •Central web server for applications •Uses Internet Explorer and Active-X control •No Desktop Manager or Handheld Manager Versions •4.0+ Pros •Easy centralized management of applications Cons •User must initiate web connection •Uses network bandwidth

Web Loader

Welcome to The Next Level BlackBerry Technical Seminar 2007

URL to application • C:\Program Files\Research In Motion\BlackBerry Application Web Loader 1.0\sample\webloader_sample.html

Device connected via USB

Software Configurations

Welcome to The Next Level BlackBerry Technical Seminar 2007

Used to control applications •Deployment •Access •Prevent unwanted applications •Control Application Access to APIs •Phone •Addressbook •Etc

Software configurations

Welcome to The Next Level BlackBerry Technical Seminar 2007

Defining Software Locations •4.1 application loader must be present •BlackBerry Enterprise Server •File Server user for Remote application loader •Create Share for •C:\program files\common files\research in motion •Create folders Shared and Applications •C:\Program Files\Common Files\Research In Motion\Shared\Applications •Create Folders in Applications for each application you are planning to deploy •Copy alx and cod files to appropriate folder

Software Configurations

Welcome to The Next Level BlackBerry Technical Seminar 2007

Once Software is copied to the locations •Run Index •C:\program files\common files\research in motion\apploader\loader.exe/index •Index creates two files to index the applications •PkgDBCache.xml •specification.pkg •Once complete you can create Software Configurations

Welcome to The Next Level

Creating Software Configurations Define location by UNC path Select applications you choose to deploy Select distribution method Wireless Wireline Apply Application policies

BlackBerry Technical Seminar 2007

1 2

3

4

Application Policies

Welcome to The Next Level BlackBerry Technical Seminar 2007

Create policies on how you plan on controlling apps •Basic Level •Optional •Required •Not allowed •Advanced •Allow bluetooth •Allow phone •Allow addressbook •Etc Once policies are created you can apply them to applications

Application Policies

Welcome to The Next Level BlackBerry Technical Seminar 2007

Example Policy: - This policy makes an application required Name Required Set Disposition to Required Defaults for all other settings

Application Policies

Welcome to The Next Level BlackBerry Technical Seminar 2007

Software Configuration/ Application Policy

After you create a software configuration • Apply Policies • Define deployment method - Wireless - Wireline

Application Policies

Welcome to The Next Level BlackBerry Technical Seminar 2007

Example: A common Request is to deny all applications, but allow only approved This can be accomplished by: 1.Creating a policy to disallow and apply to the main application software row 2.Creating policies to allow applications and applying to approved applications

1.

2.

Deployment

Welcome to The Next Level BlackBerry Technical Seminar 2007

After software configurations and policies are set Apply software configurations to groups or individual Software will deploy to users •Wirelessly will be in a 4 hour window

Demo

Welcome to The Next Level BlackBerry Technical Seminar 2007

Software configurations & Policies Application Deployment

Agenda

Welcome to The Next Level BlackBerry Technical Seminar 2007

Overview of BlackBerry MDS and configuration Browser Applications •BlackBerry MDS Access Control •Where/What your users can connect to •Controlling Browser Applications Custom Java and third party Applications •Deployment •Software Configurations •Allow/Disallow Third Party Applications •Creating and managing Application Policies Managing Web Service Applications

BlackBerry MDS v4.1: MDS Services Architecture

Welcome to The Next Level BlackBerry Technical Seminar 2007

BlackBerry MDS Application BlackBerry MDS Studio (IDE)

• Visa • Amex

Web Services described by WSDL

MDS Studio Application Repository

BUILD & DEPLOY

Enterprise Applications ERP

SOAP

BlackBerry Device with MDS Runtime

BlackBerry Server with MDS Services

CRM Custom

HTTP (Java Apps & Browser)

App / Web Server

BlackBerry MDS Application Management

Welcome to The Next Level BlackBerry Technical Seminar 2007

The admin console displays the status of BlackBerry MDS Services, including: • Overall status • Messages status • Devices status • Applications status • Connection services status

BlackBerry MDS Application Management

Welcome to The Next Level BlackBerry Technical Seminar 2007

Diagnose: •View server status •View and/or purge pending messages •View message traffic for a particular device and/or applications •View and search logs

BlackBerry MDS Application Management

Welcome to The Next Level BlackBerry Technical Seminar 2007

Manage applications and devices •View applications that have been published by BlackBerry MDS Studio™ to the Application Registry •View applications that have been installed on devices •Install, upgrade or remove an application from a single device or group of devices •Configure non-default device policies

BlackBerry MDS Application Deployment

Welcome to The Next Level BlackBerry Technical Seminar 2007

BlackBerry MDS Application Management

Welcome to The Next Level BlackBerry Technical Seminar 2007

Configure BlackBerry MDS Services •Add, remove or disable BlackBerry MDS Connection services •Configure accounts for administering BlackBerry MDS Services •Configure certificates used to verify signed applications •Block notifications from specified hosts •View general BlackBerry MDS Services settings

Thank You

Welcome to The Next Level BlackBerry Technical Seminar 2007

Questions