Download   Report
  1. Ingeniería

BlackBerry Enterprise Service 10 version 10.2.4 Installation Guide

Version: 10.2.4
Installation Guide
BlackBerry Enterprise Service 10
Published: 2015-01-29
SWD-20150129134004353
Contents
1
About this guide................................................................................................................................5
2
What is BlackBerry Enterprise Service 10?.........................................................................................6
Key features of BlackBerry Enterprise Service 10..................................................................................................................6
3
Planning a BlackBerry Enterprise Service 10 installation....................................................................8
Installing all BlackBerry Enterprise Service 10 components on one computer........................................................................8
Installing the BlackBerry Enterprise Service 10 core components......................................................................................... 9
Installing the BlackBerry Enterprise Service 10 consoles.......................................................................................................9
4
Requirements.................................................................................................................................11
System requirements: Your organization's environment...................................................................................................... 11
System requirements: Firewall.....................................................................................................................................12
System requirements: VPN hardware...........................................................................................................................12
Hardware requirements..................................................................................................................................................... 13
Log files...................................................................................................................................................................... 13
Projected database growth.......................................................................................................................................... 13
Hardware requirements: BlackBerry Enterprise Service 10.......................................................................................... 13
Hardware requirements: BlackBerry Router.................................................................................................................16
Hardware requirements: BlackBerry Collaboration Service...........................................................................................16
Software requirements....................................................................................................................................................... 17
Applications that are installed with BlackBerry Enterprise Service 10........................................................................... 17
Software requirements: BlackBerry Enterprise Service 10 core components................................................................ 18
Software requirements: Remote consoles.................................................................................................................... 19
Software requirements: BlackBerry Router.................................................................................................................. 19
Software requirements: Database server......................................................................................................................19
Software requirements: Browser..................................................................................................................................20
Installation considerations..................................................................................................................................................22
Supported features and environments......................................................................................................................... 22
Unsupported environments......................................................................................................................................... 23
5
Preinstallation tasks........................................................................................................................24
Configuring ports for the external firewall............................................................................................................................ 24
Outbound ports: Managing BlackBerry devices............................................................................................................24
Outbound ports: Managing iOS and Android devices.................................................................................................... 25
Outbound ports: Device data....................................................................................................................................... 27
Outbound ports: Work space-enabled devices on a work Wi-Fi network........................................................................ 27
Configure permissions for the service account.................................................................................................................... 28
Configuring connections for the BlackBerry Enterprise Service 10 databases...................................................................... 29
Specifying database permissions to create the BlackBerry Enterprise Service 10 databases......................................... 29
Create the BlackBerry Enterprise Service 10 databases............................................................................................... 30
DBMgmt.cfg properties............................................................................................................................................... 31
Remove the WebDAV Publishing role service...................................................................................................................... 32
Configuring a BlackBerry Administration Service pool......................................................................................................... 32
Create a DNS record for each BlackBerry Administration Service instance in a pool......................................................33
6
Installing the BlackBerry Enterprise Service 10 software..................................................................34
Prerequisites: Installing the BlackBerry Enterprise Service 10 software............................................................................... 34
Specifying a name for the BlackBerry Administration Service pool during the installation process........................................35
Install all BlackBerry Enterprise Service 10 components on one computer.......................................................................... 35
Installing BlackBerry Enterprise Service 10 components on separate computers.................................................................38
Install the BlackBerry Enterprise Service 10 core components..................................................................................... 38
Install the BlackBerry Enterprise Service 10 consoles.................................................................................................. 40
7
Installing a standby instance of the core components...................................................................... 42
Prerequisites: Installing a standby instance of the core components................................................................................... 42
Install a standby instance of the core components.............................................................................................................. 43
Post-installation tasks................................................................................................................................................. 45
8
Installing a standalone BlackBerry Router....................................................................................... 46
Determining which service account to use to install and run the BlackBerry Router............................................................. 46
Install a standalone BlackBerry Router............................................................................................................................... 46
Connecting to the BlackBerry Router..................................................................................................................................48
Connect the BlackBerry Device Service to the BlackBerry Router.................................................................................48
9
Postinstallation tasks...................................................................................................................... 49
Test the BlackBerry Enterprise Service 10 installation.........................................................................................................49
Test the connection to the BlackBerry Infrastructure.......................................................................................................... 49
Best practice: Running BlackBerry Enterprise Service 10................................................................................................... 50
Configuring database permissions using Microsoft SQL Server roles.................................................................................... 51
Configure minimum database permissions for the service account or Microsoft SQL Server account............................. 52
10
Removing the BlackBerry Enterprise Service 10 software................................................................ 53
Remove the BlackBerry Enterprise Service 10 software...................................................................................................... 53
11
Product documentation.................................................................................................................. 54
12
Glossary......................................................................................................................................... 57
13
Legal notice ................................................................................................................................... 59
Installation Guide
About this guide
About this guide
1
BlackBerry Enterprise Service 10 helps you manage BlackBerry devices, Android devices, and iOS devices for your
organization. This guide provides instructions on how to install BlackBerry Enterprise Service 10.
This guide is intended for senior IT professionals who are responsible for installing the product. After you complete the
tasks in this guide, you must activate licenses and configure your BlackBerry Enterprise Service 10. You can find
instructions for activating licenses in the BlackBerry Enterprise Service 10 Licensing Guide. You can find instructions on
configuring BlackBerry Enterprise Service 10 in the BlackBerry Enterprise Service 10 Configuration Guide.
5
Installation Guide
What is BlackBerry Enterprise Service 10?
What is BlackBerry Enterprise
Service 10?
2
BlackBerry Enterprise Service 10 helps you manage mobile devices for your organization. You can manage BlackBerry
devices and BlackBerry PlayBook tablets, as well as iOS and Android devices, all from a unified interface. BlackBerry
Enterprise Service 10 is designed to help protect business information, keep mobile workers connected with the
information they need, and provide administrators with efficient tools that help keep business moving forward.
BlackBerry Enterprise Service 10 includes the following components:
Component
Description
BlackBerry Device Service
Provides advanced administration for BlackBerry 10 devices and BlackBerry
PlayBook tablets
Universal Device Service
Provides advanced administration for iOS and Android devices
BlackBerry Management Studio
Provides a unified interface to administer common tasks for BlackBerry 10
devices, BlackBerry PlayBook tablets, BlackBerry 7.1 and earlier devices, iOS
devices, and Android devices
BES10 Self-Service
Provides a console to users so that they can perform some self-service tasks.
For example, users can create activation passwords, remotely change the
password on their device, or delete data from the device.
Key features of BlackBerry Enterprise
Service 10
The table below describes some of the key features for BlackBerry Enterprise Service 10.
6
Feature
Description
Management of most types of devices
BlackBerry Enterprise Service 10 supports all types of BlackBerry devices
and tablets, as well as iOS devices and Android devices.
Installation Guide
What is BlackBerry Enterprise Service 10?
Feature
Description
Single, unified interface
BlackBerry Management Studio is a single, web-based interface where you
can view all devices in one place and access the most common
management tasks across multiple domains. These tasks include creating
and managing groups, managing device controls, and activating mobile
devices.
Trusted and secure experience
Device controls give you precise management of how devices connect to
your network, what capabilities are enabled, and what apps are available.
Whether the devices are owned by your organization or your users, you can
protect your organization's information.
Balance of work and personal needs
BlackBerry Balance and Secure Work Space technology are designed to
ensure that personal and work information are kept separate and secure on
devices. If the device is lost or the employee leaves the organization, you
can delete only work-related information or all information from the device.
Additional security features are available depending on the device type.
7
Installation Guide
Planning a BlackBerry Enterprise Service 10 installation
Planning a BlackBerry
Enterprise Service 10
installation
3
You can install all BlackBerry Enterprise Service 10 components on one computer, or you can install specific components
on separate computers. The computer that hosts BlackBerry Enterprise Service 10 requires a valid DNS suffix and a
multisegment host name.
You should consider any effect on system resources before you decide where to install the components. For example, you
can install all components on one computer if you plan to activate up to 1000 devices, and if you determine that the
computer can manage the volume of traffic for the BlackBerry Enterprise Service 10 components.
BlackBerry Enterprise Service 10 stores data in its own databases. You can install multiple BlackBerry Enterprise Service
10 instances that connect to the same BlackBerry Enterprise Service 10 databases. You must host the BlackBerry
Enterprise Service 10 databases on the same database instance.
You can install the BlackBerry Enterprise Service 10 on a computer that hosts a BlackBerry Enterprise Server 5.0 SP4
instance or BlackBerry Enterprise Server Express 5.0 SP4 instance.
BlackBerry Management Studio can manage multiple BlackBerry Enterprise Service 10 domains and BlackBerry
Enterprise Server domains (version 5.0 SP3 or later).
Installing all BlackBerry Enterprise Service
10 components on one computer
You can install the BlackBerry Enterprise Service 10 core components and the BlackBerry Enterprise Service 10 consoles
on one computer.
You can use the BlackBerry Enterprise Service 10 Performance Calculator to determine whether the computer can
accommodate the needs of your organization.
Consider a distributed installation of BlackBerry Enterprise Service 10 if:
•
Your computer has system resource limitations
•
Your organization wants to prevent internal servers from accessing the Internet
•
You are considering the high availability or disaster recovery options
8
Installation Guide
Planning a BlackBerry Enterprise Service 10 installation
Installing the BlackBerry Enterprise Service
10 core components
BlackBerry Enterprise Service 10 consists of the following core components: the BlackBerry Controller, the BlackBerry
Dispatcher, the BlackBerry MDS Connection Service, the Enterprise Management Web Service, the Core Module, and the
Communication Module. You can install the core components on one computer.
For more information about BlackBerry Enterprise Service 10 core components, refer to the BlackBerry Enterprise Service
10 Product Overview.
Installing the BlackBerry Enterprise Service
10 consoles
BlackBerry Enterprise Service 10 includes four consoles that you can use to manage the system and devices. The
BlackBerry Enterprise Service 10 setup application automatically adds the BlackBerry Device Service and the Universal
Device Service to BlackBerry Management Studio.
Console
Description
BlackBerry Management Studio
BlackBerry Management Studio allows you to manage
licenses, view reports of your system, and perform some
management tasks for BlackBerry 10 devices, BlackBerry
PlayBook tablets, iOS devices, Android devices, and
BlackBerry 7.1 and earlier devices.
BES10 Self-Service
BES10 Self-Service is a web-based application that you can
make available to users so that they can perform some
administrative tasks on their devices. Using BES10 SelfService, users can, for example, create activation
passwords, remotely change the password on their device,
or delete data from the device. Users do not need to install
any software on their computers to use BES10 Self-Service.
You provide the web address and login information to users
so that they can log in to BES10 Self-Service.
BlackBerry Device Service console
Also known as the BlackBerry Administration Service, the
BlackBerry Device Service console allows you to manage
9
Installation Guide
Console
Planning a BlackBerry Enterprise Service 10 installation
Description
BlackBerry Device Service components, BlackBerry 10
devices, and BlackBerry PlayBook tablets.
Universal Device Service console
10
Also known as the Administration Console, the Universal
Device Service console allows you to manage iOS devices
and Android devices.
Installation Guide
Requirements
Requirements
4
System requirements: Your organization's
environment
Item
Requirement
Company directory
One of the following to access the list of users in your organization when you
create user accounts:
•
Microsoft Active Directory, running at a domain functional level that is set to
Windows Server 2003 or later
•
LDAP with anonymous authentication or simple bind authentication, with or
without SSL
Exchange ActiveSync
•
Exchange ActiveSync enabled on your organization's messaging server to
use the native email, calendar, and contacts apps on devices. For minimum
requirements, refer to the BlackBerry Enterprise Service 10 Compatibility
Matrix.
Exchange ActiveSync gatekeeping
To configure gatekeeping, the following conditions:
Devices
•
Microsoft Exchange Server 2010
•
Windows PowerShell 2.0 or later installed on the computer that hosts the
BlackBerry Enterprise Service 10 core components.
Any of the mobile operating systems listed in the BlackBerry Enterprise Service
10 Compatibility Matrix
11
Installation Guide
Requirements
System requirements: Firewall
Item
Requirement
DNS
Support for resolving IP addresses into host names
System requirements: VPN hardware
If your organization's environment includes VPNs, you can configure a device to authenticate with the VPN so that it can
access your organization's network. BlackBerry devices can use the BlackBerry Infrastructure if a VPN or work Wi-Fi
connection is not available.
For information about VPN hardware for iOS, visit www.apple.com.
BlackBerry PlayBook OS 2.0 or later and BlackBerry 10 OS support the following IPsec VPN hardware:
•
Any gateway from Check Point
•
Cisco VPN 3000 Series Concentrator
•
Cisco PIX Firewall
•
Cisco IOS Easy VPN
•
Any appliance in the Cisco ASA Series
•
Any gateway in the Juniper SRX Series
•
Any gateway in the Juniper NetScreen Series
•
Any Windows Server with RRAS and IPsec configured that supports IKEv2
•
Any VPN server that supports IKEv2
PlayBook OS 2.0 or later and BlackBerry 10 OS support the following SSL VPN hardware:
•
Any gateway in the Juniper SA Series
•
Any gateway in the Juniper MAG Series
For more information, visit www.blackberry.com/go/kbhelp to read article KB28128.
12
Installation Guide
Requirements
Hardware requirements
To determine the memory and disk space requirements for BlackBerry Enterprise Service 10, you must consider the
number of devices that you plan to activate, the type of connection that devices use, and the level and type of user activity
on devices. For more information about calculating hardware requirements for a BlackBerry Enterprise Service 10
environment, visit docs.blackberry.com/BES10 to see the BlackBerry Enterprise Service 10 Performance Calculator.
Log files
The size of log files for BlackBerry Enterprise Service 10 and BlackBerry Enterprise Service 10 components varies based on
the number of devices in your organization's environment, the level of user activity on devices, and the logging levels that
BlackBerry Enterprise Service 10 uses. It is a best practice to monitor and control the amount of disk space that the
BlackBerry Enterprise Service 10 log files take up. For more information about configuring logging, visit
docs.blackberry.com/BES10 to read the BlackBerry Device Service Advanced Administration Guide and the Universal
Device Service Advanced Administration Guide.
Projected database growth
The size of the Microsoft SQL Server database used by BlackBerry Enterprise Service 10 will initially increase by
approximately 500 KB per user per day. The size of the database will stabilize after approximately 30 days because
BlackBerry Enterprise Service 10 removes historical data from the database at regular intervals. The maximum expected
concurrent database connections at any one time is 120. At peak times, the database IO per second (IOPS) projection is
200 IOPS.
Hardware requirements: BlackBerry Enterprise Service
10
The following guidelines apply to a BlackBerry Enterprise Service 10 environment that supports email messages and app
downloads. The environment can include BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS devices, Android
devices, and optionally, BlackBerry 7.1 and earlier devices.
For more information about using the Secure Work Space feature with iOS devices and Android devices, visit
www.blackberry.com/go/kbhelp to read article KB34591.
Note: If you plan to activate BlackBerry 10 work space only devices, the processor, memory, and disk space requirements
are higher. For more specific sizing information, visit docs.blackberry.com/BES10 to see the BlackBerry Enterprise Service
10 Performance Calculator.
13
Installation Guide
Requirements
Hardware requirements for 1 to 500 devices
If BlackBerry Enterprise Service 10 is installed on a computer that hosts BlackBerry Enterprise Server 5.0 SP4, up to 500
total devices are supported. Any combination of BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS devices, Android
devices, and BlackBerry 7.1 and earlier devices are supported up to a combined maximum of 500 devices.
Environment
Requirement
All BlackBerry Enterprise Service 10
components, Microsoft SQL Server
Express, and BlackBerry Enterprise
Server 5.0 SP4 (optional)
•
One processor, 2.2 GHz Intel Xeon ES-2400 Series (Quad Core)
•
12 GB of available memory
•
40 GB of disk space
Hardware requirements for 500 to 100,000 devices
For 500 to 100,000 devices, install the BlackBerry Enterprise Service 10 core components, consoles, and databases on
separate computers.
Requirements for core components
Each instance of BlackBerry Enterprise Service 10 core components can support up to 15,000 BlackBerry 10 devices and
BlackBerry PlayBook tablets, and up to 7500 iOS and Android devices. Deploy as many instances of the core components
as required to support the number of devices in your organization.
The number of instances of core components required depends on the combination of device types and workload. To
obtain a more accurate estimate of the required hardware, go to docs.blackberry.com/BES10 to see the BlackBerry
Enterprise Service 10 Performance Calculator.
Number of activated devices
Number of instances of core components
500 to 5000
1
5000 to 10,000
1 to 2
10,000 to 22,500
1 to 4
22,500 to 100,000
2 to 10
Following are some examples of computer configurations that could support an instance of the BlackBerry Enterprise
Service 10 core components.
Number of activated devices
Configuration example
500 to 5000
•
One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)
•
12 GB of available memory
14
Installation Guide
Number of activated devices
5000 to 10,000
10,000 to 22,500
Requirements
Configuration example
•
40 GB of disk space
•
One processor, 2 GHz Intel Xeon E5-2600 Series (Six Core)
•
12 GB of available memory
•
80 GB of disk space
•
Two processors, 2 GHz Intel Xeon E5-2600 Series (Six Core)
•
12 GB of available memory
•
120 GB of disk space
Requirements for consoles
The computer that the BlackBerry Enterprise Service 10 consoles reside on must meet the following requirements.
Number of activated devices
Requirement
500 to 22,500
•
One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)
•
6 GB of available memory
•
40 GB of disk space
•
Two processors, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)
•
8 GB of available memory
•
80 GB of disk space
22,500 to 100,000
Requirements for databases
The computer that the BlackBerry Enterprise Service 10 databases reside on must meet the following requirements.
Number of activated devices
Requirement
500 to 5000
•
One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)
•
4 GB of available memory
•
40 GB of disk space
•
One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)
•
6 GB of available memory
5000 to 22,500
15
Installation Guide
Number of activated devices
22,500 to 100,000
Requirements
Requirement
•
80 GB of disk space
•
One processor, 2 GHz Intel Xeon E5-2600 Series (Six Core)
•
8 GB of available memory
•
120 GB of disk space
Hardware requirements: BlackBerry Router
The following requirements apply to the computer that you install a standalone BlackBerry Router on. To support more
devices or a large number of app downloads, install more processing cores or use a more powerful processor.
Number of activated devices
Requirement
1 to 10,000
•
One processor, 2 GHz Single Core
•
0.5 GB of available memory (above the requirements for the operating
system)
•
500 KB of disk space (above the requirements for the operating system)
Hardware requirements: BlackBerry Collaboration
Service
The following requirements apply to the computer that you install the BlackBerry Collaboration Service on. For more
information about calculating hardware requirements, visit www.blackberry.com/go/serverdocs to see the BlackBerry
Enterprise Service 10 Performance Calculator.
Item
Description
Hardware requirements
•
One processor, 2.4 GHz Intel Xeon 5600 Series (Quad Core)
•
8 GB of available memory (for 1000 users or fewer)
•
100 GB of disk space
16
Installation Guide
Requirements
Item
Description
Notes
•
Supports up to 5000 devices that go through the BlackBerry Infrastructure if
installed on the same computer as the BlackBerry Enterprise Service 10
core components
•
Supports up to 5000 devices per BlackBerry Collaboration Service instance,
per computer
•
Install an additional 3 GB of memory for each 1000 users beyond the first
1000
Software requirements
Before you install BlackBerry Enterprise Service 10, your organization's environment must meet certain requirements for
software.
Applications that are installed with BlackBerry
Enterprise Service 10
You can use the BlackBerry Enterprise Service 10 installation process to install third-party applications.
If you want to install Microsoft SQL Server 2008 R2 Express on a computer that does not host the BlackBerry Enterprise
Service 10 core components, you can copy the BlackBerry Enterprise Service 10 installation files to the computer that you
want to install Microsoft SQL Server 2008 R2 Express on, navigate to the Tools folder and run the Sqlexpr.exe file (32-bit or
64-bit).
Application
Items that the application is installed with
JRE 7 Update 55
•
BlackBerry Enterprise Service 10 core components
•
BlackBerry Enterprise Service 10 consoles
Microsoft .NET Framework 3.5 SP1 (if
it is available for the setup application
to enable through the Windows Server
Manager)
•
BlackBerry Enterprise Service 10 core components
•
BlackBerry Enterprise Service 10 consoles
Microsoft XML Core Services 6.0 SP2
•
BlackBerry Enterprise Service 10 consoles
17
Installation Guide
Requirements
Application
Items that the application is installed with
Microsoft IIS 7.0, 7.5, or 8.0
•
BlackBerry Enterprise Service 10 core components
Microsoft Web Deploy 3.0
•
BlackBerry Enterprise Service 10 core components
Microsoft SQL Server 2008 R2 Express •
(if it is selected during the installation
process)
BlackBerry Enterprise Service 10 core components
Software requirements: BlackBerry Enterprise Service
10 core components
The following requirements apply when you install all BlackBerry Enterprise Service 10 components on one computer, or
when you install the BlackBerry Enterprise Service 10 core components on a separate computer.
Item
Requirement
Operating system
Any of the operating systems listed in the BlackBerry Enterprise Service 10
Compatibility Matrix
Software framework
All of the following:
•
Microsoft .NET Framework 3.5 SP1
•
Microsoft .NET Framework 4 (Standalone Installer or Web Installer)
Note:
Web server
•
You must install the full Microsoft .NET Framework 4 instead of
Microsoft .NET Framework 4 Client Profile.
•
If you plan to install the BlackBerry Collaboration Service on the same
computer as the BlackBerry Enterprise Service 10 core components, you
must install Microsoft Unified Communications Managed API 2.0 Core
Redistributable 64-bit before you install Microsoft .NET Framework 4. For
more information, visit support.microsoft.com to read article 2224981.
Any of the web servers listed in the BlackBerry Enterprise Service 10
Compatibility Matrix
Note: For Microsoft IIS, the following role services must be installed:
18
Installation Guide
Item
Requirements
Requirement
•
Management Tools: IIS Management Console, IIS Management Scripts and
Tools, Management Service, IIS 6 Management Compatibility (all
subcomponents)
Software requirements: Remote consoles
The following requirements apply if you are installing the BlackBerry Enterprise Service 10 consoles on a separate
computer.
Item
Requirement
Operating system
Any of the operating systems listed in the BlackBerry Enterprise Service 10
Compatibility Matrix at docs.blackberry.com/BES10.
Software framework
Microsoft .NET Framework 3.5 SP1; installed by the setup application.
Software requirements: BlackBerry Router
The following requirements apply to the computer that you install a standalone BlackBerry Router on. If you do not install
the BlackBerry Router, you can connect the BlackBerry Device Service to an existing standalone BlackBerry Router in your
organization's environment. You can use a standalone BlackBerry Router that you installed with BlackBerry Enterprise
Server 5.0 SP4 or BlackBerry Device Service 6.2.
Item
Requirement
Operating system
Any of the operating systems listed in the BlackBerry Enterprise Service 10
Compatibility Matrix
Software requirements: Database server
Item
Requirement
Database management system
Any of the database management systems listed in the BlackBerry Enterprise
Service 10 Compatibility Matrix
Collation setting
To configure collation settings, the following conditions:
19
Installation Guide
Item
Requirements
Requirement
•
Database server collation configured to default case-insensitive
•
BlackBerry Enterprise Service 10 database collation configured to default
case-insensitive
Note: Default collations are suggested but non-default collations are supported
(for more information, visit www.blackberry.com/go/kbhelp to read articles
KB04785 and KB15534).
Database connectivity
•
TCP/IP network protocols turned on
•
No count option turned off
Nested triggers
Nested triggers support turned on to allow triggers to perform actions that
initiate other triggers. For more information, visit msdn.microsoft.com to read
article ms178101.
Database mirroring
To configure database mirroring, the following conditions:
•
A version of Microsoft SQL Server that supports database mirroring
•
High-safety mode with automatic failover
•
A witness server for automatic failover
•
A mirror database on a different computer than the principal database
•
The same version and edition of Microsoft SQL Server to host the mirror
database and the principal database
Software requirements: Browser
The following requirements apply to the browser that you use to log in to the BlackBerry Enterprise Service 10 consoles.
Item
Requirement
Browser
Any of the browsers listed in the BlackBerry Enterprise Service 10 Compatibility
Matrix.
Windows Internet Explorer 8 or later provides optimal support for BlackBerry
Administration Service features.
Note: If users use a wired connection to activate or manage their BlackBerry devices,
they must use Windows Internet Explorer and allow incoming TCP/IP connections to
RIMProxy.exe. The default port number for RIMProxy.exe is 5666.
20
Installation Guide
Item
Requirements
Requirement
To support browser access, you must configure the following settings:
Browser settings for Windows
Internet Explorer
•
Support for JavaScript
•
Cookies turned on
•
Support for TLS or SSL
•
The SSL certificate is installed to permit trusted connections to the consoles
To support browser access using Windows Internet Explorer, you must configure the
following settings:
•
The latest Microsoft hotfixes installed
•
Language preferences that display encoded web pages
•
To support Microsoft ActiveX, the following settings are enabled:
•
Automatic prompting for Microsoft ActiveX controls
•
Download signed Microsoft ActiveX controls
•
Run Microsoft ActiveX controls and plug-ins
•
Script Microsoft ActiveX controls marked safe for scripting
•
The console websites are assigned to the trusted websites security zone
•
If you configure single sign-on authentication for the consoles, Enable Integrated
Windows Authentication is selected
Note: If Windows Internet Explorer Enhanced Security Configuration is turned on,
some areas of the Universal Device Service console might not function correctly.
21
Installation Guide
Requirements
Installation considerations
Supported features and environments
Item
Description
Virtual environment
Current in-market releases of VMware and Microsoft Hyper-V are supported with
the latest BlackBerry Enterprise Service 10 version. For more information, visit
www.blackberry.com/go/kbhelp to read article KB29661.
IP
The BlackBerry Enterprise Service 10 components support only IPv4 for TCP/IP
connections.
Installation on a computer that hosts
BlackBerry Enterprise Server 5.0
BlackBerry Enterprise Service 10 can be installed on a computer that already
hosts BlackBerry Enterprise Server 5.0 SP4 or BlackBerry Enterprise Server
Express 5.0 SP4.
You cannot connect BlackBerry Enterprise Service 10 and the BlackBerry
Enterprise Server or BlackBerry Enterprise Server Express to the same
databases. To run BlackBerry Enterprise Service 10 and the BlackBerry
Enterprise Server or BlackBerry Enterprise Server Express in the same
organization, you must configure the BlackBerry Enterprise Service 10
databases for the BlackBerry Enterprise Service 10 instances, and a BlackBerry
Configuration Database for the BlackBerry Enterprise Server instances or
BlackBerry Enterprise Server Express instances.
Remote access
Administrators who use Remote Desktop Connection can access BlackBerry
Enterprise Service 10 components remotely.
Certificate keystores
The setup application generates and stores an SSL certificate in two passwordprotected keystore files: as.web.keystore and ncc.web.keystore. These
keystores replace the web.keystore that was used in previous releases. The
following components use the SSL certificate to authenticate with browsers:
22
•
BlackBerry Administration Service
•
BlackBerry Management Studio
•
BES10 Self-Service
•
Enterprise Management Web Service
Installation Guide
Item
Requirements
Description
•
BlackBerry Web Services
You can use the BES10 Configuration Tool to change the password for the web
keystores or to import a new SSL certificate. When you use the tool to import
certificates into the keystores, the certificates are written to the BlackBerry
Enterprise Service 10 databases and then to the keystores (this also occurs
when you restart the BlackBerry Administration Service). This process
overwrites any certificates that you imported into the keystores manually.
BlackBerry Enterprise Service 10 does not support importing certificates into
the keystores manually.
Unsupported environments
Item
Description
DMZ
The BlackBerry Enterprise Service 10 components, with the exception of the
BlackBerry Router, do not support installation in a DMZ.
23
Installation Guide
Preinstallation tasks
Preinstallation tasks
5
Configuring ports for the external firewall
You must configure the ports on the external firewall. For information about the internal ports that BlackBerry Enterprise
Service 10 uses, see "Configuring connection types and port numbers" in the BlackBerry Enterprise Service 10
Configuration Guide.
Outbound ports: Managing BlackBerry devices
BlackBerry Enterprise Service 10 components use the following ports to send data to sources that are outside of your
organization's firewall, such as the BlackBerry Infrastructure, and to receive data back from these sources.
Configure your organization's firewall to allow outbound and inbound connections over these ports. For more information
about domains and IP addresses to use in your firewall configuration, visit www.blackberry.com/go/kbhelp to read articles
KB34193 and KB03735.
From
To
BlackBerry Router BlackBerry
(optional)
Infrastructure
24
Purpose
Protocol
To connect to the blackberry.com and TCP
blackberry.net subdomains
(<region>.srp.blackberry.com) to
activate and manage BlackBerry
Port
Where you can
change the port
3101
BES10
Configuration Tool
Installation Guide
From
Preinstallation tasks
To
Purpose
Protocol
Port
Where you can
change the port
devices and to enable the use of the
work space on BlackBerry devices.
BlackBerry
Dispatcher
BlackBerry
Infrastructure
To connect to the blackberry.com and TCP
blackberry.net subdomains
(<region>.srp.blackberry.com) to
activate and manage BlackBerry
devices and to enable the use of the
work space on BlackBerry devices.
3101
BlackBerry
Administration
Service
BlackBerry
Licensing Service
BlackBerry
Infrastructure
To connect to the licensing
infrastructure
(license.blackberry.com) to activate
licenses.
HTTPS
443
Cannot change
BlackBerry
Administration
Service
BlackBerry
Infrastructure
To register activation information for
HTTPS
BlackBerry devices and access device
information.
443
Cannot change
BlackBerry
Administration
Service
BlackBerry
Infrastructure
To specify public apps in BlackBerry
World as optional work apps for
BlackBerry devices.
80
Cannot change
HTTP
Outbound ports: Managing iOS and Android devices
BlackBerry Enterprise Service 10 components use the following ports to send data to sources that are outside of your
organization's firewall, such as the BlackBerry Infrastructure, and to receive data back from these sources.
Configure your organization's firewall to allow outbound and inbound connections over these ports. For more information
about domains and IP addresses to use in your firewall configuration, visit www.blackberry.com/go/kbhelp to read articles
KB34193 and KB03735.
25
Installation Guide
Preinstallation tasks
From
To
Purpose
BlackBerry
Secure Connect
Service
BlackBerry
Infrastructure
BlackBerry
Secure Connect
Service through a
TCP proxy server
(optional)
Port
Where you can
change the port
To connect to the bbsecure.com
TCP
subdomain (<region>.bbsecure.com)
to allow work-space enabled devices
to access work data, to send activation
and management data between iOS
and Android devices and BlackBerry
Enterprise Service 10, and to allow iOS
devices to connect to APNs for device
notifications.
3101
Cannot change
BlackBerry
Infrastructure
To route data through a TCP proxy
server if you do not want a direct
connection to the BlackBerry
Infrastructure.
TCP
3101
Administration
Console
BlackBerry
Licensing Service
BlackBerry
Infrastructure
To connect to the licensing
infrastructure
(license.blackberry.com) to activate
licenses.
HTTPS
443
Cannot change
Administration
Console
BlackBerry
Infrastructure
To request a signed CSR from
HTTPS
BlackBerry so you can obtain and
register an APNs certificate. The APNs
certificate is required to manage iOS
devices.
443
Cannot change
Universal Device
Service core
components
BlackBerry
Infrastructure
To connect to the
HTTPS
<region>.swstps.bbsecure.com
subdomain to authenticate BlackBerry
Enterprise Service 10 and enable the
use of the Secure Work Space on iOS
and Android devices.
443
Cannot change
Universal Device
Service core
components
BlackBerry
Infrastructure
To connect to
<region>.swsmanager.bbsecure.com
subdomain to enable administrative
control over the work space on iOS
and Android devices.
443
Cannot change
26
Protocol
HTTPS
Installation Guide
Preinstallation tasks
From
To
Purpose
Protocol
Port
Where you can
change the port
BlackBerry Work
Connect
Notification
Service
BlackBerry
Infrastructure
To provide new or changed email and
organizer notifications to work spaceenabled iOS devices.
HTTPS
443
Cannot change
Scheduler
BlackBerry
Infrastructure
To check a hosted metadata file each
day at midnight for new device or OS
data. Updates are downloaded to the
Universal Device Service database.
HTTPS
443
Cannot change
Apple Root
Certification
Authority
To check the certificate revocation list HTTPS
(used if you do not set up an APNs
HTTP
proxy server).
443
Cannot change
SMTP gateway
To enable SMTP for an external SMTP
gateway (optional).
25
The hosted file is located at https://
origin-www.blackberry.com/download/
metadata/BES/metadata.xml.gz (IP
address 208.65.77.102).
Core Module
Core Module
TCP
80
Administration
Console
Outbound ports: Device data
BlackBerry Enterprise Service 10 uses the outbound-initiated port 3101 to send and receive data for BlackBerry 10
devices and work space-enabled iOS and Android devices.
For iOS and Android devices that are not work space-enabled, BlackBerry Enterprise Service 10 sends and receives only
activation and management data through the outbound-initiated port 3101. All other data, such as messaging data and
data from third-party applications, is not sent through port 3101. Consult the documentation or support resources for your
organization's messaging software and third-party applications to determine the ports that you must open.
Outbound ports: Work space-enabled devices on a
work Wi-Fi network
Work space-enabled iOS and Android devices that use your organization's Wi-Fi network use the following outbound ports
to connect to the BlackBerry Infrastructure and external services. Configure your organization's firewall to allow outbound
and inbound connections over these ports.
27
Installation Guide
Preinstallation tasks
From
To
Purpose
Protocol
Port
Where you can
change the port
iOS devices
BlackBerry
Infrastructure
To connect to the
<region>.bbsecure.com subdomain
when activating the device.
TLS
443
Cannot change
BlackBerry
Infrastructure
To connect to the
TCP
<region>.bbsecure.com subdomain so
that administration commands can be
applied to the devices.
443
Cannot change
Android devices
iOS devices
Android devices
80
Port 443 is the default. Port 80 is only
used by devices that were activated
before you upgraded to BlackBerry
Enterprise Service 10 version 10.2, or
if the user specifies port 80.
iOS devices
APNs
To send management data to and
from iOS devices.
TCP
5223
Cannot change
Android devices
BlackBerry
Infrastructure
To connect to the
<region>.swsmanager.bbsecure.com
subdomain.
HTTPS
443
Cannot change
Configure permissions for the service
account
The service account is a Windows account that runs the services for BlackBerry Enterprise Service 10. The service account
must be a member of the local Administrators group on the computer that you install BlackBerry Enterprise Service 10 on,
and also requires other permissions. Without the correct permissions, BlackBerry Enterprise Service 10 cannot run.
If your organization's environment includes the BlackBerry Enterprise Server or the BlackBerry Device Service, you can use
the same service account to install BlackBerry Enterprise Service 10. Otherwise, create a service account in your company
directory or a local Windows account on the computer that you want to install BlackBerry Enterprise Service 10 on.
After you create the service account:
1.
On the taskbar, click Start > Administrative Tools > Computer Management.
2.
In the left pane, expand Local Users and Groups.
3.
Navigate to the Groups folder.
28
Installation Guide
Preinstallation tasks
4.
In the right pane, double-click Administrators.
5.
Click Add.
6.
In the Enter the object names to select field, type the name of the service account (for example, BES10Admin).
7.
Click OK.
8.
Click Apply.
9.
Click OK.
10. On the taskbar, click Start > Administrative Tools > Local Security Policy.
11. Configure the following permissions for the service account:
•
Allow log on locally (if not assigned by default)
•
Log on as a service
•
Log on as a batch job
Configuring connections for the BlackBerry
Enterprise Service 10 databases
You create the BlackBerry Enterprise Service 10 databases when you install the BlackBerry Enterprise Service 10 core
components or when you run the CreateDB executable. BlackBerry Enterprise Service 10 can connect to the BlackBerry
Enterprise Service 10 databases on the database server using Windows authentication or Microsoft SQL Server
authentication. By default, BlackBerry Enterprise Service 10 connects to the BlackBerry Enterprise Service 10 databases
using the service account that you use to complete the installation process or the Microsoft SQL Server account that you
specify during the installation process.
Specifying database permissions to create the
BlackBerry Enterprise Service 10 databases
Depending on the database option and the type of authentication that you select, you might need to assign database
creator permissions to the service account that you use to complete the installation process or the Microsoft SQL Server
account that you specify during the installation process. You can configure database permissions using Microsoft SQL
Server roles.
29
Installation Guide
Preinstallation tasks
Database option
Database permission
Install Microsoft SQL Server Express
during the BlackBerry Enterprise
Service 10 installation process
•
If you choose Windows authentication, the setup application automatically
assigns the required database permissions to the service account
•
If you choose Microsoft SQL Server authentication, you must add the
Microsoft SQL Server account to the dbcreator server role
Use an existing Microsoft SQL Server in •
your organization's environment
You must add the service account or Microsoft SQL Server account to the
dbcreator server role
Create the BlackBerry Enterprise Service 10 databases
If your organization's security policies do not allow applications to have permissions to create or upgrade databases, you
can run the CreateDB executable on the database server to create the BlackBerry Enterprise Service 10 databases instead
of using the setup application. After you create the BlackBerry Enterprise Service 10 databases using the CreateDB
executable, you can run the setup application using a service account that has minimum permissions on the database
server.
Note: If you do not want to run the CreateDB executable on the database server, you must run it on a computer that
Microsoft SQL Server 2008 Native Client is installed on and the computer must be able to connect to the computer that
hosts the database server.
Before you begin: Verify that you configured the correct permissions on the database server.
1.
Log in to the computer that hosts the database server that you want to configure as the host server for the BlackBerry
Enterprise Service 10 databases. If you use a Windows account to create the BlackBerry Enterprise Service 10
databases, you must log in to the computer using a Windows account that has database creator permissions.
2.
Copy the BlackBerry Enterprise Service 10 installation files to the computer.
3.
Extract the contents to a folder on the computer.
4.
Navigate to <extracted_folder>\Database.
5.
Open the DBMgmt.cfg file in a text editor.
6.
Change the file to include information that is specific to your organization's environment.
7.
Save and close the file.
8.
Open a command prompt window.
9.
Change the directory to <extracted_folder>\Database.
10. Type CreateDB.exe DBMgmt.cfg. Press ENTER.
30
Installation Guide
Preinstallation tasks
DBMgmt.cfg properties
The following properties apply to the DBMgmt.cfg file, which you use when you run the CreateDB executable.
Property
Description
DATABASE_NAME_BDS
This property specifies the name of the BlackBerry Configuration Database.
DATABASE_NAME_UDS
This property specifies the name of the Management Database. If the
Management Database does not exist, the name must follow the format
<BlackBerry Configuration Database name>_UDS.
SERVER
This property specifies the name of the database server that hosts the database
to create or upgrade. If a database instance hosts the database, follow the
format <database_server_name>\<database_instance_name>. If you configure
database mirroring, do not use named instances.
MSSQL_PORT
This property specifies the port number that Microsoft SQL Server uses. If you do
not specify a port number, the CreateDB executable uses port number 1433 as
the default.
FAILOVER_SERVER
This property specifies the name of the database server that hosts the mirror
database to upgrade.
USERID
If you use database authentication, this property specifies the username for the
database account that has database creator permissions.
PASSWORD
If you use database authentication, this property specifies the password for the
database account.
BACKUP
This property specifies whether or not to back up the existing database. The
default value is FALSE.
BACKUP_DIR
This property specifies an existing folder that you can save the database backup
in.
By default, this folder is the same folder that the Microsoft SQL Server database
files are located in.
31
Installation Guide
Preinstallation tasks
Remove the WebDAV Publishing role
service
If Microsoft IIS is already installed on the computer that you want to install the BlackBerry Enterprise Service 10 core
components on, you must remove the WebDAV Publishing role service to avoid potential issues with updates that the setup
application and the Universal Device Service perform. For example, WebDAV might cause issues when you create a
username and password for the Universal Device Service console during the installation process.
1.
On the taskbar, click Start > Administrative Tools > Server Manager.
2.
In the left pane, click Roles.
3.
In the Web Server (IIS) section, click Remove Role Services.
4.
Clear the WebDAV Publishing check box.
5.
Apply your changes.
Configuring a BlackBerry Administration
Service pool
When you install the BlackBerry Enterprise Service 10 consoles, you install a BlackBerry Administration Service instance. If
you install multiple instances, you must configure a BlackBerry Administration Service pool to send requests to available
instances and to avoid a single point of failure. You can configure only one BlackBerry Administration Service pool in a
BlackBerry Enterprise Service 10 domain.
You can configure a pool using one of the following options:
Item
Description
DNS round robin
If you configure a pool using DNS round robin, you must create the DNS records
that represent the instances in the pool, where each DNS record contains the
static IP address of a computer that hosts an instance.
Hardware load balancer
If you configure a pool using a hardware load balancer, you must implement
session persistence for SSL connections. When you implement session
persistence, a load balancer tracks and stores session data to make sure that all
requests in a browser session are consistently directed to the same instance in
32
Installation Guide
Item
Preinstallation tasks
Description
the pool. For information on how to implement session persistence, contact the
vendor of your hardware load balancer.
Create a DNS record for each BlackBerry
Administration Service instance in a pool
To configure a BlackBerry Administration Service pool using DNS round robin, you must create DNS records for the
BlackBerry Administration Service pool name that contain the IP address of each computer that hosts a BlackBerry
Administration Service instance. The DNS pool name allows browsers to access available BlackBerry Administration
Service instances using a single DNS name. When you create the DNS records, you should include only computers that
host a BlackBerry Administration Service instance.
Before you begin:
• Configure a static IP address for each computer that you want to install a BlackBerry Administration Service instance
on.
•
Verify that you have correct permissions to manage the DNS server.
1.
Log in to the DNS server.
2.
In the DNS management console, access the forward lookup zone that you want to add the BlackBerry
Administration Service instances to.
3.
4.
To create a new DNS host record (or A record), specify the following information:
a.
In the Name field, type the name that you want to use for the BlackBerry Administration Service pool name.
b.
In the IP address field, type the IP address of the computer that you want to install a BlackBerry Administration
Service instance on.
c.
Select the Create associated pointer (PTR) record check box.
Repeat step 3 for each BlackBerry Administration Service instance that you plan to install. When you create the DNS
records, you must use the same pool name for all BlackBerry Administration Service instances in a pool.
After you finish: To remove a BlackBerry Administration Service instance from a pool, in the DNS server, delete the DNS
pool name record that contains the IP address of the computer that hosts the instance.
33
Installation Guide
Installing the BlackBerry Enterprise Service 10 software
Installing the BlackBerry
Enterprise Service 10 software
6
Prerequisites: Installing the BlackBerry
Enterprise Service 10 software
•
Verify that the computers that host the BlackBerry Enterprise Service 10 core components, the BlackBerry Enterprise
Service 10 consoles, and the BlackBerry Enterprise Service 10 databases are located in the same LAN environment.
•
Verify that you opened the necessary ports on your organization's firewall.
•
Verify that you installed all required third-party applications.
•
If you perform the installation process on a computer that has more than one NIC, verify that the production NIC is first
in the bind order in the Windows network settings.
•
If your organization uses a proxy server for Internet access, verify that you have the computer name, port number, and
credentials for the proxy server.
•
When you run the setup application, use only standard characters to specify values. Unicode characters are not
supported.
Verify that you have the following information available for the BlackBerry Enterprise Service 10 software:
•
SRP host
•
SRP identifier
•
SRP authentication key
34
Installation Guide
Installing the BlackBerry Enterprise Service 10 software
Specifying a name for the BlackBerry
Administration Service pool during the
installation process
During the installation process, the setup application prompts you to specify the name of the BlackBerry Administration
Service pool.
The BlackBerry Administration Service instances use an SSL certificate that contains the pool name for interprocess
communication. You must specify a valid DNS name during the installation process, even if you do not configure a
BlackBerry Administration Service pool.
The setup application uses the FQDN of the computer that you install the first BlackBerry Administration Service instance
on as the default value for the pool name. If you keep the default value and configure a BlackBerry Administration Service
pool using DNS round robin or a hardware load balancer at a later time, you must use the BES10 Configuration Tool to
change the pool name to the DNS name for the pool.
You can keep the default value for the pool name when you install the first BlackBerry Administration Service instance, but
you must specify the DNS name for the pool when you install additional BlackBerry Administration Service instances.
Afterwards, you must restart each computer that hosts a BlackBerry Enterprise Service 10 component.
Install all BlackBerry Enterprise Service 10
components on one computer
During the BlackBerry Enterprise Service 10 installation process, you might need to restart the computer.
Before you begin: Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software has
local administrator permissions on the computer that you perform the installation process on.
1.
Log in to the computer that you want to install BlackBerry Enterprise Service 10 on using the service account that has
correct permissions. The service account runs the BlackBerry Enterprise Service 10 services.
2.
In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and
requests permission for setup.exe to make changes to the computer, click Yes.
3.
Review the information for the account that you used to log in. Click Continue Installation.
4.
In the License agreement dialog box, perform the following actions:
35
Installation Guide
5.
Installing the BlackBerry Enterprise Service 10 software
a.
In the Customer information section, specify information for your organization and select your country or
region.
b.
In the License agreement section, read the license agreement. To accept the license agreement, select I
accept the terms of the license agreement.
c.
Click Next.
In the Setup type dialog box, perform one of the following actions:
•
For the first installation of the BlackBerry Enterprise Service 10 software, select Create a BlackBerry Enterprise
Service 10 domain. You can install the database server on the same computer or use an existing database server
in your organization's environment (local or remote).
•
For all other installations of the BlackBerry Enterprise Service 10 software, select Use an existing BlackBerry
Enterprise Service 10 domain.
6.
In the Setup options dialog box, all BlackBerry Enterprise Service 10 components are selected by default. Click Next.
7.
In the Preinstallation checklist dialog box, read and verify the information. Click Next.
8.
In the Accounts and folders dialog box, type the password for the service account that you used in step 1. Click Next.
9.
In the Summary dialog box, verify that the information is correct. Click Install.
10. If the setup application prompts you to restart the computer, click Yes. Otherwise, click Next.
11. If you restart the computer, log in to the computer using the service account that you used in step 1.
12. In the Database information dialog box, perform the following actions:
a.
In the Microsoft SQL Server name field, type the name of the computer that hosts the database server.
b.
In the Database name field, type a name for the BlackBerry Configuration Database. The same name is used for
the Management Database (<database_name>_UDS).
c.
If you configured the database server to use static ports, select the Static option. If the static port number is not
1433, in the Port field, type the port number.
d.
By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service
10 databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQL
Server account.
e.
Click Next.
13. In the Instance information dialog box, type a name for this instance of the BlackBerry Enterprise Service 10 core
components. You must specify a unique name for each instance of the core components that you install in a
BlackBerry Enterprise Service 10 domain. Click Next.
14. In the SRP information dialog box, perform the following actions:
36
a.
In the SRP host section, if necessary, change the SRP address and port number for the BlackBerry
Infrastructure. The default port number is 3101 and the default host name is determined by your country or
region.
b.
In the SRP authentication information section, type the SRP identifier and SRP authentication key. Each
BlackBerry Enterprise Service 10 instance must use a unique SRP identifier.
Installation Guide
Installing the BlackBerry Enterprise Service 10 software
c.
In the SRP host and SRP authentication information sections, click Verify to verify that the information is
correct.
d.
Click Next.
15. In the Core Module information dialog box, perform the following actions:
a.
Type and confirm a password for the Core Module. The Universal Device Service components use the password
to make trusted connections to the Core Module.
b.
In the Website information section, in the drop-down list, click Create a website. If necessary, in the Website
port field, change the default port number.
c.
If necessary, in the Port settings section, change the default port numbers.
d.
Click Next. If you changed any port numbers, the setup application verifies if the ports are available on the
computer.
16. In the Communication Module information dialog box, perform the following actions:
a.
In the Website information section, in the drop-down list, click Create a website. If necessary, in the Website
port field, change the default port number.
b.
Click Next. If you changed the port number, the setup application verifies if the port is available on the
computer.
17. In the Create an administrator account dialog box, type and confirm a password for the administrator account that
the setup application creates. Administrators use the login information that you specify to log in to the BlackBerry
Enterprise Service 10 consoles for the first time. Click Next.
18. In the Administration settings dialog box, perform the following actions:
a.
In the Pool name field, specify a valid FQDN or IP address that the setup application uses to create the
BlackBerry Administration Service web address. If you install only one BlackBerry Administration Service
instance in a BlackBerry Enterprise Service 10 domain, you can accept the default pool name. If you install
multiple BlackBerry Administration Service instances, specify the DNS name that maps to the IP address of
each computer that hosts a BlackBerry Administration Service instance, or the DNS name of a hardware load
balancer.
b.
If necessary, in the Port settings section, change the default port numbers.
c.
Click Next. If you changed any port numbers, the setup application verifies if the ports are available on the
computer.
19. In the Finalize installation dialog box, the setup application finishes the installation tasks and the BlackBerry
Enterprise Service 10 services start automatically. When all the services are running, click Next.
20. In the Console addresses dialog box, click Finish. By default, the setup application exports the BlackBerry Enterprise
Service 10 web addresses to a .txt file.
After you finish:
• Verify that the collation setting for the BlackBerry Enterprise Service 10 databases is default case-insensitive.
•
If you reinstalled the BlackBerry Enterprise Service 10 consoles, in Windows Internet Explorer, delete the cache.
37
Installation Guide
Installing the BlackBerry Enterprise Service 10 software
Installing BlackBerry Enterprise Service 10
components on separate computers
Install the BlackBerry Enterprise Service 10 core
components
You can install the BlackBerry Enterprise Service 10 core components on a separate computer to address performance
concerns or for high availability. During the BlackBerry Enterprise Service 10 installation process, you might need to restart
the computer.
Before you begin: Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software has
local administrator permissions on the computer that you perform the installation process on.
1.
Log in to the computer that you want to install BlackBerry Enterprise Service 10 on using the service account that has
correct permissions. The service account runs the BlackBerry Enterprise Service 10 services.
2.
In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and
requests permission for setup.exe to make changes to the computer, click Yes.
3.
Review the information for the account that you used to log in. Click Continue Installation.
4.
In the License agreement dialog box, perform the following actions:
5.
a.
In the Customer information section, specify information for your organization and select your country or
region.
b.
In the License agreement section, read the license agreement. To accept the license agreement, select I
accept the terms of the license agreement.
c.
Click Next.
In the Setup type dialog box, perform one of the following actions:
•
For the first installation of the BlackBerry Enterprise Service 10 software, select Create a BlackBerry Enterprise
Service 10 domain. You can install the database server on the same computer or use an existing database server
in your organization's environment (local or remote).
•
For all other installations of the BlackBerry Enterprise Service 10 software, select Use an existing BlackBerry
Enterprise Service 10 domain.
6.
In the Setup options dialog box, verify that the Install the BlackBerry Enterprise Service 10 core components check
box is selected and clear the check boxes for the other options. Click Next.
7.
In the Preinstallation checklist dialog box, read and verify the information. Click Next.
38
Installation Guide
Installing the BlackBerry Enterprise Service 10 software
8.
In the Accounts and folders dialog box, type the password for the service account that you used in step 1. Click Next.
9.
In the Summary dialog box, verify that the information is correct. Click Install.
10. If the setup application prompts you to restart the computer, click Yes. Otherwise, click Next.
11. If you restart the computer, log in to the computer using the service account that you used in step 1.
12. In the Database information dialog box, perform the following actions:
a.
In the Microsoft SQL Server name field, type the name of the computer that hosts the database server.
b.
In the Database name field, type a name for the BlackBerry Configuration Database. The same name is used for
the Management Database (<database_name>_UDS).
c.
If you configured the database server to use static ports, select the Static option. If the static port number is not
1433, in the Port field, type the port number.
d.
By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service
10 databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQL
Server account.
e.
Click Next.
13. In the Instance information dialog box, type a name for this instance of the BlackBerry Enterprise Service 10 core
components. You must specify a unique name for each instance of the core components that you install in a
BlackBerry Enterprise Service 10 domain. Click Next.
14. In the SRP information dialog box, perform the following actions:
a.
In the SRP host section, if necessary, change the SRP address and port number for the BlackBerry
Infrastructure. The default port number is 3101 and the default host name is determined by your country or
region.
b.
In the SRP authentication information section, type the SRP identifier and SRP authentication key. Each
BlackBerry Enterprise Service 10 instance must use a unique SRP identifier.
c.
In the SRP host and SRP authentication information sections, click Verify to verify that the information is
correct.
d.
Click Next.
15. In the Core Module information dialog box, perform the following actions:
a.
Type and confirm a password for the Core Module. The Universal Device Service components use the password
to make trusted connections to the Core Module.
b.
In the Website information section, in the drop-down list, click Create a website. If necessary, in the Website
port field, change the default port number.
c.
If necessary, in the Port settings section, change the default port numbers.
d.
Click Next. If you changed any port numbers, the setup application verifies if the ports are available on the
computer.
16. In the Communication Module information dialog box, perform the following actions:
39
Installation Guide
Installing the BlackBerry Enterprise Service 10 software
a.
In the Website information section, in the drop-down list, click Create a website. If necessary, in the Website
port field, change the default port number.
b.
Click Next. If you changed the port number, the setup application verifies if the port is available on the
computer.
17. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry Enterprise
Service 10 services start automatically. When all the services are running, click Finish.
After you finish: Verify that the collation setting for the BlackBerry Enterprise Service 10 databases is default caseinsensitive.
Install the BlackBerry Enterprise Service 10 consoles
You can install the BlackBerry Enterprise Service 10 consoles on a separate computer to address performance or disaster
recovery concerns. During the BlackBerry Enterprise Service 10 installation process, you might need to restart the
computer.
Before you begin:
• Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software has local
administrator permissions on the computer that you perform the installation process on.
•
Verify that the service account has permission to access and update the Windows registry on the computer that hosts
the BlackBerry Enterprise Service 10 core components.
•
Install at least one instance of the BlackBerry Enterprise Service 10 core components.
1.
Log in to the computer that you want to install the BlackBerry Enterprise Service 10 consoles on using the service
account that has correct permissions. The service account runs the BlackBerry Enterprise Service 10 services.
2.
In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and
requests permission for setup.exe to make changes to the computer, click Yes.
3.
Review the information for the account that you used to log in. Click Continue Installation.
4.
In the License agreement dialog box, perform the following actions:
a.
In the Customer information section, specify information for your organization and select your country or
region.
b.
In the License agreement section, read the license agreement. To accept the license agreement, select I
accept the terms of the license agreement.
c.
Click Next.
5.
In the Setup type dialog box, select Use an existing BlackBerry Enterprise Service 10 domain. Click Next.
6.
In the Database information dialog box, perform the following actions:
a.
40
In the Microsoft SQL Server name field, type the name of the computer that hosts the database server.
Installation Guide
Installing the BlackBerry Enterprise Service 10 software
b.
In the Database name field, type the name of the existing BlackBerry Configuration Database (for example,
BDSMgmt).
c.
If you configured the database server to use static ports, select the Static option. If the static port number is not
1433, in the Port field, type the port number.
d.
By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service
10 databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQL
Server account.
e.
Click Next.
7.
In the Setup options dialog box, verify that the Install the BlackBerry Enterprise Service 10 consoles check box is
selected and clear the check boxes for the other options. Click Next.
8.
In the Preinstallation checklist dialog box, read and verify the information. Click Next.
9.
In the Accounts and folders dialog box, type the password for the service account that you used in step 1. Click Next.
10. In the Summary dialog box, verify that the information is correct. Click Install.
11. If the setup application prompts you to restart the computer, click Yes. Otherwise, click Next.
12. If you restart the computer, log in to the computer using the service account that you used in step 1.
13. In the Create an administrator account dialog box, type and confirm a password for the administrator account that
the setup application creates. Administrators use the login information that you specify to log in to the BlackBerry
Enterprise Service 10 consoles for the first time. Click Next.
14. In the Administration settings dialog box, perform the following actions:
a.
In the Pool name field, specify a valid FQDN or IP address that the setup application uses to create the
BlackBerry Administration Service web address. If you install only one BlackBerry Administration Service
instance in a BlackBerry Enterprise Service 10 domain, you can accept the default pool name. If you install
multiple BlackBerry Administration Service instances, specify the DNS name that maps to the IP address of
each computer that hosts a BlackBerry Administration Service instance, or the DNS name of a hardware load
balancer.
b.
If necessary, in the Port settings section, change the default port numbers.
c.
Click Next. If you changed any port numbers, the setup application verifies if the ports are available on the
computer.
15. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry Enterprise
Service 10 services start automatically. When all the services are running, click Next.
16. In the Console addresses dialog box, click Finish. By default, the setup application exports the BlackBerry Enterprise
Service 10 web addresses to a .txt file.
After you finish:
• Restart the computer that hosts the BlackBerry Enterprise Service 10 core components.
•
If you reinstalled the BlackBerry Enterprise Service 10 consoles, in Windows Internet Explorer, delete the cache.
41
Installation Guide
Installing a standby instance of the core components
Installing a standby instance of
the core components
7
If you want to enhance the stability and reliability of device service in your organization’s BlackBerry Enterprise Service 10
domain, you can configure the core components to support high availability. A high availability configuration involves one or
more high availability pairs. A high availability pair consists of a primary instance of the core components, and a standby
instance of the same components that you install on a different computer. If the primary instance is not performing as
expected (for example, a component is not responding), BlackBerry Enterprise Service 10 initiates an automatic failover of
device service to the standby instance. Both instances use the same SRP credentials, and are connected to the same
BlackBerry Enterprise Service 10 databases.
You can assign only one standby instance to each primary instance in the domain. You cannot change the primary and
standby roles by running the setup application again, but you can use the BlackBerry Administration Service to initiate a
manual failover, or to change the primary and standby roles for a high availability pair.
When you install a standby instance of the core components, you can install additional instances of other components. For
example, you can install additional components with the standby instance to distribute the performance load across
multiple computers.
For more information about configuring high availability for the core components and configuring high availability for the
BlackBerry Enterprise Service 10 databases, visit docs.blackberry.com/BES10 to read the BlackBerry Enterprise Service
10 Configuration Guide.
Prerequisites: Installing a standby instance
of the core components
•
Install a primary instance of the core components. Verify whether this instance is assigned the device management role
for Android devices and iOS devices. By default, the setup application assigns this role to the first instance of the core
components that you install in the domain, or to the first instance that you upgrade.
•
Choose a different computer to host the standby instance of the core components. Verify that this computer meets the
appropriate system requirements.
•
When you install the standby instance, use the same service account that you used to install the primary instance, or a
service account with the same permissions.
42
Installation Guide
•
Installing a standby instance of the core components
It is a best practice to upgrade all BlackBerry 10 devices in your organization's environment to BlackBerry 10 OS
version 10.1 or later. If device service fails over to the standby instance, you can continue to use the consoles to
manage BlackBerry devices only if the devices use BlackBerry 10 OS version 10.1 or later.
If the devices use an earlier version of the BlackBerry 10 OS or the BlackBerry PlayBook OS, the devices cannot
connect to the Enterprise Management Web Service of the new primary instance (formerly the standby instance). As a
result, you cannot manage the devices from the consoles until you perform one of the following actions:
•
Manually fail over device service back to the initial primary instance.
•
Move the user account and any associated devices to another high availability pair in the domain.
•
Activate the devices again.
Install a standby instance of the core
components
When you install a standby instance of the core components, the setup application associates the components on the
standby instance with the components on the primary instance. You can view and change settings for the standby
components using the BlackBerry Administration Service.
1.
Log in to the computer that you want to install the standby instance on using a service account with the correct
permissions. The service account runs the BlackBerry Enterprise Service 10 services.
2.
In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and
requests permission for setup.exe to make changes to the computer, click Yes.
3.
Review the Windows account information that will be used to install the standby instance. Click Continue Installation.
4.
In the License agreement dialog box, perform the following actions:
•
In the Customer information section, specify information for your organization and select your country or region.
•
In the License agreement section, read the license agreement. Select I accept the terms of the license
agreement.
•
Click Next.
5.
In the Setup type dialog box, select Use an existing BlackBerry Enterprise Service 10 domain.
6.
Click Next.
7.
In the Database information dialog box, perform the following actions:
•
In the Microsoft SQL Server name field, type the name of the computer that hosts the database server.
•
In the Database name field, type the name of the BlackBerry Configuration Database that is associated with the
primary instance.
43
Installation Guide
8.
9.
Installing a standby instance of the core components
•
If you configured the database server to use static ports, select the Static option. If the static port number is not
1433, in the Port field, type the port number.
•
By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service 10
databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQL
Server account.
•
Click Next.
In the Setup options dialog box, perform the following actions:
•
Select Install the BlackBerry Enterprise Service 10 core components.
•
Select Install the BlackBerry Enterprise Service 10 core components as a standby instance and associate it
with a primary instance for high availability. In the drop-down list, click the primary instance.
•
Click Next.
In the Preinstallation checklist dialog box, read and verify the information. Click Next.
10. In the Accounts and folders dialog box, in the Password field, type the password for the service account that you
used in step 1.
11. Click Next.
12. In the Summary dialog box, verify that the information is correct. Click Install.
13. When the installation process completes, click Next.
14. In the Core Module Information dialog box, if necessary, change the port numbers in the Website information
section and Port settings section. Click Next.
15. In the Communication Module information dialog box, if necessary, change the port number in the Website
information section. Click Next.
16. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry Enterprise
Service 10 services start automatically. When all the services are running, click Next.
Note: The BlackBerry Web Services, BlackBerry Work Connect Notification Service, and the Enterprise Management
Web Service do not start automatically. These services are designed to start after device service fails over to the
standby instance.
17. In the Console addresses dialog box, click Finish. By default, the setup application exports the BlackBerry Enterprise
Service 10 web addresses to a .txt file.
By default, the primary instance is configured to fail over automatically if any of the health parameters above the failover
threshold become unhealthy. For automatic failover to succeed, on the standby instance, the health parameters above the
promotion threshold must be healthy.
Note: If you change the listening port for Microsoft SQL Server to a custom port, and you update the port value on the
primary instance using the BES10 Configuration Tool, the standby instance is not updated with the new port value and
cannot connect to Microsoft SQL Server.
After you finish:
• Restart the computer that hosts the primary instance.
44
Installation Guide
Installing a standby instance of the core components
•
Restart the computer that hosts the standby instance.
•
If you have additional primary instances in your domain and you want to configure additional high availability pairs,
repeat this task as required.
Post-installation tasks
Perform the following tasks, as required, after you install a standby instance. Instructions can be found in the appropriate
sections of the BlackBerry Enterprise Service 10 Configuration Guide.
•
If you want to manage iOS devices in your organization's domain, you must obtain an APNs certificate and upload it to
the primary instance and the standby instance.
•
If the domain will support work space-enabled iOS devices, enable the Secure Work Space and configure the standby
instance to support email notifications.
•
If necessary, specify the same proxy mappings for the BlackBerry MDS Connection Service and Enterprise
Management Web Service on the primary instance and the standby instance.
•
Using the BlackBerry Administration Service, you can change the log file path for any instance of the core components
in the domain. If you change the log file path for one instance in a high availability pair, for consistency, you can change
the log file path for the other instance.
Note: If you uninstall a high availability pair, and then you install new instances that will use the same databases, the setup
application tries to install the second instance of the core components as a standby instance. If you do not want the setup
application to install the second instance as a standby, use the BlackBerry Administration Service to remove the high
availability pair from the databases before you install the new instances.
45
Installation Guide
Installing a standalone BlackBerry Router
Installing a standalone
BlackBerry Router
8
The BlackBerry Router is designed so that you can install it outside your organization's firewall in the DMZ. The BlackBerry
Router connects to the Internet to send data between the BlackBerry Device Service and BlackBerry devices using the
BlackBerry Infrastructure.
The BlackBerry Router is an optional component. If you choose to install the BlackBerry Router, you must install it on a
computer that does not host a BlackBerry Enterprise Service 10 instance or any BlackBerry Enterprise Service 10
components. The setup application installs the BlackBerry Router and the BlackBerry Controller, which monitors the
BlackBerry Router and restarts it if it stops responding.
Determining which service account to use
to install and run the BlackBerry Router
You can install the BlackBerry Router and run the BlackBerry Router service using any service account that has local
administrator permissions on the computer that you want to install the BlackBerry Router on. The computer that hosts the
BlackBerry Router requires a valid DNS suffix and a multisegment host name.
On the computer that you want to install the BlackBerry Router on, you must verify that the following permissions are
configured for the service account that you want to use (the permissions are part of the Local Security Policy):
•
Allow log on locally (if not assigned by default)
•
Log on as a service
Install a standalone BlackBerry Router
A standalone BlackBerry Router is a BlackBerry Router that is hosted by a computer that does not host any other
BlackBerry Enterprise Service 10 components except the BlackBerry Controller. The BlackBerry Controller monitors the
BlackBerry Router and restarts it if it stops responding.
46
Installation Guide
Installing a standalone BlackBerry Router
Note: You cannot manage the BlackBerry Controller that monitors a standalone BlackBerry Router in the BlackBerry
Administration Service. You must manage the BlackBerry Controller in the BES10 Configuration Tool on the computer that
hosts the standalone BlackBerry Router.
Before you begin: Verify that the service account that you use to install the BlackBerry Router has local administrator
permissions on the computer that you perform the installation process on.
1.
Log in to the computer that you want to install the BlackBerry Router on using the service account that you want to
use to run the BlackBerry Router service.
2.
In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and
requests permission for setup.exe to make changes to the computer, click Yes.
3.
Review the information for the account that you used to log in. To use this account to run the BlackBerry Router
service, click Continue Installation.
4.
In the License agreement dialog box, perform the following actions:
a.
In the Customer information section, specify information for your organization and select your country or
region.
b.
In the License agreement section, read the license agreement. To accept the license agreement, select I
accept the terms of the license agreement.
c.
Click Next.
5.
In the Setup type dialog box, select Install a standalone BlackBerry Router. Click Next.
6.
In the Preinstallation checklist dialog box, read and verify the information. Click Next.
7.
In the Accounts and folders dialog box, perform the following actions:
a.
In the Password field, type the password for the service account that you used in step 1.
b.
If necessary, change the location of the installation folder and log-file folder.
c.
Click Next.
8.
In the Summary dialog box, verify that the information is correct. Click Install.
9.
In the Installation dialog box, when the installation status is complete for all items, click Next.
10. In the SRP information dialog box, in the SRP host section, perform the following actions:
a.
If necessary, change the SRP address and port number for the BlackBerry Infrastructure. The default port
number is 3101 and the default host name is determined by your country or region.
b.
Click Verify to verify that the information is correct.
c.
Click Next.
11. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry Enterprise
Service 10 services start automatically. When all the services are running, click Next.
47
Installation Guide
Installing a standalone BlackBerry Router
Connecting to the BlackBerry Router
The BlackBerry Router manages the connection to the BlackBerry Infrastructure for the BlackBerry Device Service. If you
installed a standalone BlackBerry Router, you must permit the BlackBerry Dispatcher that you installed with the
BlackBerry Enterprise Service 10 core components to connect to the BlackBerry Router. You can configure one or more
BlackBerry Dispatcher instances to use the same SRP address and connect to the BlackBerry Router.
Connect the BlackBerry Device Service to the
BlackBerry Router
1.
In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution
topology > BlackBerry Domain > Component view > BlackBerry Device Service.
2.
Click the BlackBerry Device Service that you want to assign the BlackBerry Router to.
3.
Click Edit instance.
4.
In the SRP addresses section, type the FQDN of the computer that hosts the BlackBerry Router.
5.
If the BlackBerry Dispatcher instance uses a port number other than port number 3101 to open connections to the
BlackBerry Router, in the Port override field, type the port number.
6.
Click the Add icon.
7.
Click the Delete icon beside the SRP address for the BlackBerry Infrastructure.
8.
Click Save all.
9.
Restart the BlackBerry Device Service using one of the following methods:
48
•
Click Restart instance.
•
In the Windows Services, restart the BlackBerry Dispatcher service.
Installation Guide
Postinstallation tasks
Postinstallation tasks
9
Test the BlackBerry Enterprise Service 10
installation
1.
In the Windows Services, verify that the services for BlackBerry Enterprise Service 10 are running.
2.
In the Windows Event Viewer and log files that are located in <drive>:\Program Files (x86)\Research In Motion
\BlackBerry Enterprise Service 10\Logs, check for error messages.
3.
In Microsoft IIS, check that the websites for the Core Module and Communication Module are started.
4.
Add a test user account in the BlackBerry Device Service console and the Universal Device Service console.
If you can add a test user account, the connection from BlackBerry Enterprise Service 10 to the BlackBerry
Enterprise Service 10 databases is open.
5.
For the BlackBerry MDS Connection Service, browse to http://<server_name>:9080, where <server_name> is the
name of the computer that hosts the BlackBerry Enterprise Service 10 core components.
If the status page appears, the BlackBerry MDS Connection Service is running.
After you finish: For troubleshooting information, visit www.blackberry.com/support.
Test the connection to the BlackBerry
Infrastructure
To make sure that the BlackBerry Dispatcher or BlackBerry Router can connect to the BlackBerry Infrastructure, you can
test the connection using the BBSRPTest tool that is included with the BlackBerry Enterprise Service 10 installation files.
The BBSRPTest tool tries to connect to the BlackBerry Infrastructure using the SRP address and SRP port number that you
specified for the BlackBerry Infrastructure during the installation process.
Before you begin: Verify that the BlackBerry Enterprise Service 10 installation files are on the computer that you want to
test the connection from.
49
Installation Guide
Postinstallation tasks
1.
Log in to the computer that you want to test the connection from. If you installed a standalone BlackBerry Router, test
the connection from the computer that hosts the BlackBerry Router. Otherwise, test the connection from the
computer that hosts the BlackBerry Enterprise Service 10 core components.
2.
Open a command prompt window.
3.
Change the directory to <installation_files>\Tools.
4.
Type bbsrptest.exe -host <srp_address> -port <port>, where <srp_address> is the SRP address that you specified
during the installation process and <port> is the SRP port number. For example, at the command line, type
bbsrptest.exe -host server1.example.com -port 3101.
5.
Press ENTER.
After you finish: If the test does not complete, use the Windows Sockets (also known as WINSOCK) error code to diagnose
the problem. For more information, visit msdn.microsoft.com to read about Windows Sockets error codes.
Best practice: Running BlackBerry
Enterprise Service 10
Best practice
Description
Do not change the startup type for the
BlackBerry Enterprise Service 10
services.
When you install or upgrade BlackBerry Enterprise Service 10, the setup
application configures the startup type for the BlackBerry Enterprise Service 10
services as either automatic or manual.
To avoid errors in BlackBerry Enterprise Service 10, do not change the startup
type for the BlackBerry Enterprise Service 10 services.
Do not change the account information When you install or upgrade BlackBerry Enterprise Service 10, the setup
for the BlackBerry Enterprise Service 10 application configures the account information for the BlackBerry Enterprise
services.
Service 10 services.
Do not change the account information for BlackBerry Enterprise Service 10
unless the BlackBerry Enterprise Service 10 documentation specifies that you
can.
50
Installation Guide
Postinstallation tasks
Configuring database permissions using
Microsoft SQL Server roles
The setup application requires the service account or Microsoft SQL Server account that it uses during the installation or
upgrade process to have permissions on the database server to create or upgrade the BlackBerry Enterprise Service 10
databases. After the installation or upgrade process completes, you can change the database permissions for the service
account or Microsoft SQL Server account to the minimum permissions that BlackBerry Enterprise Service 10 requires to
run.
When you change the database permissions, you can use Microsoft SQL Server security to minimize the operations that the
service account or Microsoft SQL Server account can perform on the BlackBerry Enterprise Service 10 databases. The
following table describes the Microsoft SQL Server roles that are required by the setup application and BlackBerry
Enterprise Service 10.
Database role
Description
db_owner
The setup application or the CreateDB executable automatically adds the
account that you use to create the BlackBerry Enterprise Service 10 databases
to this role.
This role contains the minimum permissions that the setup application requires
to upgrade the BlackBerry Configuration Database and the Management
Database.
rim_db_bes_server
The setup application or the CreateDB executable automatically creates this
role when it creates the BlackBerry Configuration Database.
This role contains the minimum permissions that BlackBerry Enterprise Service
10 requires to perform necessary operations on the BlackBerry Configuration
Database.
rim_db_uds_server
The setup application or the CreateDB executable automatically creates this
role when it creates the Management Database.
This role contains the minimum permissions that BlackBerry Enterprise Service
10 requires to perform necessary operations on the Management Database.
51
Installation Guide
Postinstallation tasks
Configure minimum database permissions for the
service account or Microsoft SQL Server account
You can configure minimum database permissions for the service account or Microsoft SQL Server account that
BlackBerry Enterprise Service 10 uses to connect to the BlackBerry Enterprise Service 10 databases.
Before you begin: Add a different Windows account or Microsoft SQL Server account to the db_owner database role for the
BlackBerry Configuration Database and the Management Database.
1.
Open the Microsoft SQL Server Management Studio.
2.
Expand Microsoft SQL Server > Security > Logins.
3.
Right-click the service account or Microsoft SQL Server account and click Properties.
4.
Click User Mapping and select the BlackBerry Configuration Database.
5.
In the Database role membership section, select rim_db_bes_server.
6.
Remove all other database role memberships except public.
7.
Select the Management Database.
8.
In the Database role membership section, select rim_db_uds_server.
9.
Remove all other database role memberships except public.
10. Click OK.
52
Installation Guide
Removing the BlackBerry Enterprise Service 10 software
Removing the BlackBerry
Enterprise Service 10 software
10
You can use the uninstall application to remove the BlackBerry Enterprise Service 10 software from a computer that hosts
BlackBerry Enterprise Service 10. The uninstall application can also remove the log files for the existing installation.
The uninstall application does not remove the BlackBerry Enterprise Service 10 databases from the database server and it
does not remove the database instance that hosts the BlackBerry Enterprise Service 10 databases.
Remove the BlackBerry Enterprise Service
10 software
1.
On the taskbar, click Start > Control Panel.
2.
Click Uninstall a program.
3.
Click BlackBerry Enterprise Service 10.
4.
Click Uninstall.
5.
If the uninstall application prompts you to restart the computer to finish removing the BlackBerry Enterprise Service
10 software, click OK.
After you finish: You can remove third-party software that the setup application installed during the BlackBerry Enterprise
Service 10 installation process (for example, you can remove the JRE software from the computer).
53
Installation Guide
Product documentation
Product documentation
11
To read the following guides or other related materials, visit docs.blackberry.com/BES10.
Category
Resource
Description
Overview
Introduction to BlackBerry
Enterprise Service 10
•
Quick, visual introduction to BlackBerry Enterprise Service
10 at a high level
What's New in BlackBerry
Enterprise Service 10 Quick
Reference
•
Summary of new features, enhancements, and updates in
BlackBerry Enterprise Service 10
BlackBerry Enterprise Service
10 Product Overview
•
Introduction to BlackBerry Enterprise Service 10 and its
features
•
Finding your way through the documentation
•
Architecture
Enterprise Solution Comparison •
Chart
Comparison of what features are available across different
BlackBerry enterprise solutions
Supported Features by Device
Type
•
Comparison of what features are supported for each type of
device in BlackBerry Enterprise Service 10
BlackBerry Enterprise Service
10 Architecture and Data Flow
Quick Reference Guide
•
Descriptions of BlackBerry Enterprise Service 10
components
•
Descriptions of activation and email data flows for different
types of devices
Release notes
BlackBerry Enterprise Service
10 Release Notes
•
Descriptions of known issues and potential workarounds
Installation and
upgrade
BlackBerry Enterprise Service
10 Compatibility Matrix
•
Software that is compatible with BlackBerry Enterprise
Service 10
54
Installation Guide
Category
Configuration
Product documentation
Resource
Description
BlackBerry Enterprise Service
10 Performance Calculator
•
Tool to estimate the hardware required to support a given
workload for BlackBerry Enterprise Service 10
BlackBerry Enterprise Service
10 Installation Guide
•
System requirements
•
Installation instructions
BlackBerry Enterprise Service
10 Upgrade Guide
•
System requirements
•
Upgrade instructions
BlackBerry Enterprise Service
10 Licensing Guide
•
Descriptions of different types of licenses
•
Instructions for activating and managing licenses in
BlackBerry Management Studio
•
Instructions for how to configure server components before
you start administering users and their devices
BlackBerry Enterprise Service
10 Configuration Guide
Administration
BlackBerry Management Studio •
Basic Administration Guide
Basic administration for all supported device types, including
BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS
devices, Android devices, and BlackBerry 7.1 and earlier
devices
•
Instructions for creating and managing user accounts in
multiple Services
•
Instructions for managing multiple devices for each user
account
BlackBerry Device Service
•
Advanced Administration Guide
Advanced administration for BlackBerry 10 devices and
BlackBerry PlayBook tablets
•
Instructions for creating user accounts, groups, roles, and
administrator accounts
•
Instructions for activating devices
•
Instructions for creating and sending IT policies and profiles
•
Instructions for managing apps on devices
Universal Device Service
•
Advanced Administration Guide
Advanced administration for iOS and Android devices
55
Installation Guide
Category
Security
Product documentation
Resource
•
Instructions for creating user accounts, groups, and
administrator accounts
•
Instructions for activating devices
•
Instructions for creating and sending IT policies and profiles
•
Instructions for managing apps on devices
•
Descriptions of IT policy rules for iOS and Android devices
BlackBerry Device Service
Policy Reference Spreadsheet
•
Descriptions of IT policy rules for BlackBerry 10 devices and
BlackBerry PlayBook tablets
BlackBerry Device Service
Solution Security Technical
Overview
•
Description of the security maintained by the BlackBerry
Device Service, BlackBerry Infrastructure, and BlackBerry
10 devices and BlackBerry PlayBook tablets to protect data
and connections
•
Description of the BlackBerry 10 OS
•
Description of the BlackBerry PlayBook OS
•
Description of how work data is protected on BlackBerry 10
devices and BlackBerry PlayBook tablets when you use the
BlackBerry Device Service
•
Description of the security maintained by the Universal
Device Service, BlackBerry Infrastructure, and work spaceenabled devices to protect work space data at rest and in
transit
•
Description of how work space apps are protected on work
space-enabled devices when you use the Universal Device
Service
Secure Work Space for iOS and
Android Security Note
56
Description
Installation Guide
Glossary
Glossary
12
APNs
Apple Push Notification service
BlackBerry
Enterprise Service
10 databases
The BlackBerry Enterprise Service 10 databases are the BlackBerry Configuration Database
(associated with the BlackBerry Device Service) and the Management Database (associated with
the Universal Device Service). By default, the databases are named BDSMgmt and
BDSMgmt_UDS, respectively, when you install BlackBerry Enterprise Service 10.
BlackBerry
Enterprise Service
10 domain
A BlackBerry Enterprise Service 10 domain consists of the BlackBerry Enterprise Service 10
databases and any BlackBerry Enterprise Service 10 instances that connect to them.
BlackBerry MDS
BlackBerry Mobile Data System
CSR
certificate signing request
DMZ
A demilitarized zone (DMZ) is a neutral subnetwork outside of an organization's firewall. It exists
between the trusted LAN of the organization and the untrusted external wireless network and
public Internet.
DNS
Domain Name System
FQDN
fully qualified domain name
HTTP
Hypertext Transfer Protocol
HTTPS
Hypertext Transfer Protocol over Secure Sockets Layer
IIS
Internet Information Services
IKE
Internet Key Exchange
IP
Internet Protocol
IP address
An Internet Protocol (IP) address is an identification number that each computer or mobile
device uses when it sends or receives information over a network, such as the Internet. This
identification number identifies the specific computer or mobile device on the network.
IPsec
Internet Protocol Security
JRE
Java Runtime Environment
LAN
local area network
LDAP
Lightweight Directory Access Protocol
57
Installation Guide
Glossary
NIC
network interface card
RRAS
Routing and Remote Access service
SMTP
Simple Mail Transfer Protocol
SRP
Server Routing Protocol
SSL
Secure Sockets Layer
TCP
Transmission Control Protocol
TLS
Transport Layer Security
VPN
virtual private network
WebDAV
Web Distributed Authoring and Versioning
XML
Extensible Markup Language
58
Installation Guide
Legal notice
Legal notice
13
©2014 BlackBerry. All rights reserved. BlackBerry® and related trademarks, names, and logos are the property of
BlackBerry Limited and are registered and/or used in the U.S. and countries around the world.
Apple is a trademark of Apple Inc. Check Point is a trademark of Check Point Software Technologies Ltd. Cisco, Cisco IOS,
and PIX are trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. iOS is a
trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. iOS® is used under license by
Apple Inc. Android is a trademark of Google Inc. Intel and Xeon are trademarks of Intel Corporation. Juniper and NetScreen
are trademarks of Juniper Networks, Inc. Microsoft, ActiveSync, Active Directory, ActiveX, Hyper-V, Internet Explorer, SQL
Server, Windows, Windows PowerShell, and Windows Server are trademarks of Microsoft Corporation. Java, JavaScript, and
JRE are trademarks of Oracle and/or its affiliates. VMware is a trademark of VMware, Inc. Wi-Fi is a trademark of the Wi-Fi
Alliance. All other trademarks are the property of their respective owners.
This documentation including all documentation incorporated by reference herein such as documentation provided or
made available at www.blackberry.com/go/docs is provided or made accessible "AS IS" and "AS AVAILABLE" and without
condition, endorsement, guarantee, representation, or warranty of any kind by BlackBerry Limited and its affiliated
companies ("BlackBerry") and BlackBerry assumes no responsibility for any typographical, technical, or other
inaccuracies, errors, or omissions in this documentation. In order to protect BlackBerry proprietary and confidential
information and/or trade secrets, this documentation may describe some aspects of BlackBerry technology in generalized
terms. BlackBerry reserves the right to periodically change information that is contained in this documentation; however,
BlackBerry makes no commitment to provide any such changes, updates, enhancements, or other additions to this
documentation to you in a timely manner or at all.
This documentation might contain references to third-party sources of information, hardware or software, products or
services including components and content such as content protected by copyright and/or third-party websites
(collectively the "Third Party Products and Services"). BlackBerry does not control, and is not responsible for, any Third
Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility,
performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The
inclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement by
BlackBerry of the Third Party Products and Services or the third party in any way.
EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS,
ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR
WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE
QUALITY, NON-INFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A
COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE
OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES
REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR
PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND
CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE
DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE
59
Installation Guide
Legal notice
HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM
THAT IS THE SUBJECT OF THE CLAIM.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL
BLACKBERRY BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR
PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY
PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING
DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED
DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS,
BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION
OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY
APPLICATIONS USED IN CONJUNCTION WITH BLACKBERRY PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF
THE USE OF BLACKBERRY PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST
OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR
PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF
BLACKBERRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, BLACKBERRY SHALL HAVE NO
OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING
ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY.
THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF
THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT,
NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL
BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY
CONTAINED HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS,
AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSO
INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT
CONTRACTORS.
IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR,
EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF BLACKBERRY OR ANY AFFILIATES OF
BLACKBERRY HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION.
Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that
your airtime service provider has agreed to support all of their features. Some airtime service providers might not offer
Internet browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for
availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with
BlackBerry's products and services may require one or more patent, trademark, copyright, or other licenses in order to
avoid infringement or violation of third party rights. You are solely responsible for determining whether to use Third Party
Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring
them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any
Third Party Products and Services that are provided with BlackBerry's products and services are provided as a
convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees,
representations, or warranties of any kind by BlackBerry and BlackBerry assumes no liability whatsoever, in relation
thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of
60
Installation Guide
Legal notice
separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a
license or other agreement with BlackBerry.
Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server, BlackBerry
Desktop Software, and/or BlackBerry Device Software.
The terms of use of any BlackBerry product or service are set out in a separate license or other agreement with BlackBerry
applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN
AGREEMENTS OR WARRANTIES PROVIDED BY BLACKBERRY FOR PORTIONS OF ANY BLACKBERRY PRODUCT OR
SERVICE OTHER THAN THIS DOCUMENTATION.
BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario
Canada N2K 0A7
BlackBerry UK Limited
200 Bath Road
Slough, Berkshire SL1 3XE
United Kingdom
Published in Canada
61

EsDocs.com

© Copyright 2024