Whitepaper Secure, Centralized, Simple Multi-platform Enterprise Mobility Management
2 Controlling it all from one place BlackBerry Enterprise Service 10 (BES10) is a unified, multi-platform, device, application, and content management solution with integrated security and connectivity, enabling you to effectively manage complex fleets of mobile devices. BES10 makes it simple to manage corporate and BYOD ios, Android, and BlackBerry users from a single management console. You can perfectly balance employee and enterprise needs without compromise, by seamlessly separating work and personal content across all managed devices while preserving the native user experience. This document provides an IT-level overview of the management capabilities of BES10 for ios, Android and BlackBerry devices. You ll also find out about Secure Work Space (SWS) a BES10 licensing option that provides IT with additional control and security for BYOD ios and Android devices. Secure Work Space protects corporate data at rest and data in transit using the global and secure BlackBerry infrastructure while keeping users personal content separate and private.
3 The big picture: Components of a well thought out mobile strategy ENTERPRISE MOBILITY MANAGEMENT BYOD / CORPORATE APPS APPS CONTENT CONTENT WORK PERSONAL MANAGEMENT UNIFIED ADMIN CONSOLE DEVICE APPS USER SELF SERVICE SECURITY NETWORK + INFRASTRUCTURE SERVICES + SUPPORT
4 What s new in the latest update to BES10 (version 10.2) 2 First, a quick overview of what s new in the latest version of BES10, version 10.2, including new and enhanced capabilities. Enterprise security and management: Secure Work Space support for BYOD enrollment enabling ios and Android devices to be activated in true BYOD mode, where IT controls only the work-related container Dual Perimeter (BlackBerry Balance) for Enterprise Mobility Management (EMM) Regulated devices, delivering a best-in-class Corporate Owned Personal Enabled (COPE) management solution Scalability extended to support up to 50,000 ios and Android devices per domain API support for ios and Android through BlackBerry Web Services Dynamic support for ios and Android updates Generic LDAP directory integration for integration of corporate directories into BES10 Empower end users: Users can now address their critical support needs through a graphical self-service user interface
5 Manage your entire mobile fleet from a unified console Given the complexity of managing a multi-platform mobile environment, consolidation and simplification are top priorities for most mobile IT administrators. With BES10, most day-to-day administration tasks, across all devices, can be taken care of using the userfriendly BlackBerry Management Studio interface without having to go deeper into the service consoles that lie beneath it. For example, you can use BlackBerry Management Studio for these key tasks: Universal user search across all devices Creating users and adding additional devices Exploring users/devices in a unified view Exposing common data elements for all device types (IT policy, last contact, SIM etc.) Assigning users to a group Wiping work data only or an entire device Specifying passwords Locking devices Sending out device activation settings (via activation email) Moving users from one intra-domain server to another (BlackBerry only) Accessing a reporting dashboard 1 Signing in to underlying service consoles with a single log-in (SSO) 1 For ios and Android management tasks that do require a deeper dive into the interface, BES10 provides you with the following features, among others: A browser-based UI Unified user and device view User and group management A profile library Drag & drop assignment Management of service settings
6 Through this service console that provides deeper control from a userfriendly interface, administrators can manage a wide range of advanced functions and features for ios and Android devices. They can: Set Wi-Fi and VPN settings Configure email settings Create IT policies Define allowed devices and operating systems Lock/unlock/wipe devices Reset device passwords Remove work profiles and data Synchronize with Active Directory Import and sync users Manage by user or by group Sync with Active Directory groups Administer multi-level support roles from helpdesk to security admin Provision identity and CA certificates Roll out certificates via SCEP Leverage integration with Microsoft CA Control data and voice roaming policies Identify public applications as mandatory or optional for work purposes Deploy internally-developed apps Protect ActiveSync from access by non-compliant devices (Gatekeeping) Manage device whitelists for Microsoft Exchange The BES10 client (which users install on their device) for ios and Android is available in public storefronts including the App Store and Google Play. IT can also push a link out to users within an activation email. The BES10 client displays the application catalog, provides notifications to the user, detects jailbreak (ios) and rooting (Android), and helps with troubleshooting.
7 Advanced Mobile Application Management (MAM) capabilities for ios and Android Secure Work Space for ios and Android: Extra control and security for ios and Android devices Mobile Application Management is a critical component of any EMM strategy. With BES10, administrators can define managed applications for ios and Android users, regardless of whether those apps are from the App Store or Google Play, and can distribute applications developed in-house, too. They can build individual app catalogs by assigning apps to users or groups via drag and drop. And, they can designate applications as mandatory or optional, define allowed applications, and enforce compliance. As we ve seen, BlackBerry delivers comprehensive device management for ios and Android devices through BlackBerry Enterprise Service 10. Secure Work Space, an additional license option that goes further, easily and cost effectively extends these capabilities by adding containerization, application-wrapping, and secure connectivity for ios and Android devices. Secured apps for email, calendar and contacts (PIM), web browsing, and document viewing/editing (Documents To Go) are included Data in Secure Work Space apps is encrypted and separated from personal data and apps, and users can t copy or paste corporate data into personal channels Enterprises can easily deploy additional apps to the Secure Work Space APPS CONTENT SECURE WORK SPACE IT administrators can configure and manage the Secure Work Space container and its contents through the BlackBerry Enterprise Service 10 management console. Through a selection of controls and settings, the Secure Work Space can be configured for an individual user or group of users.
8 Assigning a Secure Work Space The Secure Work Space can be assigned like other profiles and can be applied to a user or a group via simple drag and drop. Administrators can choose what conditions to apply. Among the options: Set password complexity Lock/wipe following login failures Lock the Secure Work Space following a certain period of inactivity Lock/wipe the device after a long period of inactivity Session login duration for Secure Work Space Once the Secure Work Space has been assigned, several further commands are available. These include: Locking the Secure Work Space Resetting the Secure Work Space password Wiping the Secure Work Space Disabling/Enabling the Secure Work Space Deploying secure enterprise applications Additional apps can be securely wrapped and deployed to the Secure Work Space on ios and Android devices. No custom development is necessary to enable applications for secure deployment All deployed applications are subject to the same security controls and application data is encrypted Deployed applications are able to directly access data behind the firewall via BlackBerry secure connectivity Leveraging BlackBerry secure connectivity BlackBerry secure connectivity provides built-in AES-256-bit encryption for ios and Android devices. Apps deployed to the Secure Work Space can securely access behindthe-firewall application servers No separate VPN infrastructure is required Requires a single outbound port (3101) in BlackBerry Enterprise Service 10 (v10.1 and higher) Allows secure browsing of web pages on a corporate intranet on ios and Android devices
9 SERVICE & SUPPORT Get the level of support you need Full Service Support: BlackBerry Technical Support Services BlackBerry Technical Support Services offers a unique blend of technical expertise, rapid issue resolution and proactive, relationship-based support to help you minimize costly downtime and realize the full value of enterprise mobility. Our services support all of your users managed through BlackBerry Enterprise Service 10, including those using ios and Android devices. Plus, software updates and upgrades are included as part of this offer as long as your Client Access License (CAL) is covered under a Software Assurance subscription. Free Basic Support: Care Support Care Support is included with your BES10 deployment, giving you 12x5 access to our experts, responsive online support, access to training, and access to productivity and diagnostic tools. For more information visit blackberry.com/btss
Getting started with BES10 Getting up and running on BlackBerry Enterprise Service 10 is fast and straightforward. Importantly, it does not impact your existing BlackBerry Enterprise Server infrastructure. 3 Easy Steps to BES10 3 easy steps to BES10 Step 1 Install BES10 (server software is free) to support ios, Android and BlackBerry users (corporate & BYOD) Step 2 Set up BES10 to manage your existing BES 5.0.4 environments and BlackBerry OS device users through the single management console Step 3 Add new devices (ios, Android and BlackBerry 10) to the BES10 management environment Tablets and Smartphones Step 1 Activating devices through BES10 enables email and PIM to be securely synchronized and managed OTA Step 2 Push mandatory apps and curate a corporate app storefront for recommended ios, Android and BlackBerry apps all from the BES10 console Step 3 For users who need added device, app and content controls and security, deploy Secure Work Space for ios and Android and Regulated-level EMM for BlackBerry 10 users To find out more, and to sign up for a FREE 60 day BES10 trial, head to blackberry.com/business 1 Requires BES10 v10.1 (or higher) 2 BlackBerry Enterprise Service 10 version 10.2 server software will be available as a free download at BES10.com. The purchase of a BES10 EMM Secure Work Space v10.1 (or higher) Annual Client Access License (CAL) is required to deploy Secure Work Space for ios and Android devices. BES10 EMM Secure Work Space v10.2 CALs must be purchased through ecommerce 2.0. Customers cannot exchange existing CALs for BES10 EMM Secure Work Space v10.2 CALs. BlackBerry Enterprise Service 10 version 10.2 server software is also available as a sixty (60) day free trial including 50 BES10 EMM Secure Work Space v10.2 CALs and 50 BES10 EMM Corporate v10.2 CALs. ios is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. ios is used under license by Apple Inc. Apple Inc does not sponsor, authorize or endorse this brochure. Android is a trademark of Google Inc. which does not sponsor, authorize or endorse this brochure. 2014 BlackBerry. All rights reserved. BlackBerry, BBM and related trademarks, names and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. All other trademarks are the property of their respective owners.