Version: 10.2.4 Installation Guide BlackBerry Enterprise Service 10 Published: 2015-01-29 SWD-20150129134004353 Contents 1 About this guide................................................................................................................................5 2 What is BlackBerry Enterprise Service 10?.........................................................................................6 Key features of BlackBerry Enterprise Service 10..................................................................................................................6 3 Planning a BlackBerry Enterprise Service 10 installation....................................................................8 Installing all BlackBerry Enterprise Service 10 components on one computer........................................................................8 Installing the BlackBerry Enterprise Service 10 core components......................................................................................... 9 Installing the BlackBerry Enterprise Service 10 consoles.......................................................................................................9 4 Requirements.................................................................................................................................11 System requirements: Your organization's environment...................................................................................................... 11 System requirements: Firewall.....................................................................................................................................12 System requirements: VPN hardware...........................................................................................................................12 Hardware requirements..................................................................................................................................................... 13 Log files...................................................................................................................................................................... 13 Projected database growth.......................................................................................................................................... 13 Hardware requirements: BlackBerry Enterprise Service 10.......................................................................................... 13 Hardware requirements: BlackBerry Router.................................................................................................................16 Hardware requirements: BlackBerry Collaboration Service...........................................................................................16 Software requirements....................................................................................................................................................... 17 Applications that are installed with BlackBerry Enterprise Service 10........................................................................... 17 Software requirements: BlackBerry Enterprise Service 10 core components................................................................ 18 Software requirements: Remote consoles.................................................................................................................... 19 Software requirements: BlackBerry Router.................................................................................................................. 19 Software requirements: Database server......................................................................................................................19 Software requirements: Browser..................................................................................................................................20 Installation considerations..................................................................................................................................................22 Supported features and environments......................................................................................................................... 22 Unsupported environments......................................................................................................................................... 23 5 Preinstallation tasks........................................................................................................................24 Configuring ports for the external firewall............................................................................................................................ 24 Outbound ports: Managing BlackBerry devices............................................................................................................24 Outbound ports: Managing iOS and Android devices.................................................................................................... 25 Outbound ports: Device data....................................................................................................................................... 27 Outbound ports: Work space-enabled devices on a work Wi-Fi network........................................................................ 27 Configure permissions for the service account.................................................................................................................... 28 Configuring connections for the BlackBerry Enterprise Service 10 databases...................................................................... 29 Specifying database permissions to create the BlackBerry Enterprise Service 10 databases......................................... 29 Create the BlackBerry Enterprise Service 10 databases............................................................................................... 30 DBMgmt.cfg properties............................................................................................................................................... 31 Remove the WebDAV Publishing role service...................................................................................................................... 32 Configuring a BlackBerry Administration Service pool......................................................................................................... 32 Create a DNS record for each BlackBerry Administration Service instance in a pool......................................................33 6 Installing the BlackBerry Enterprise Service 10 software..................................................................34 Prerequisites: Installing the BlackBerry Enterprise Service 10 software............................................................................... 34 Specifying a name for the BlackBerry Administration Service pool during the installation process........................................35 Install all BlackBerry Enterprise Service 10 components on one computer.......................................................................... 35 Installing BlackBerry Enterprise Service 10 components on separate computers.................................................................38 Install the BlackBerry Enterprise Service 10 core components..................................................................................... 38 Install the BlackBerry Enterprise Service 10 consoles.................................................................................................. 40 7 Installing a standby instance of the core components...................................................................... 42 Prerequisites: Installing a standby instance of the core components................................................................................... 42 Install a standby instance of the core components.............................................................................................................. 43 Post-installation tasks................................................................................................................................................. 45 8 Installing a standalone BlackBerry Router....................................................................................... 46 Determining which service account to use to install and run the BlackBerry Router............................................................. 46 Install a standalone BlackBerry Router............................................................................................................................... 46 Connecting to the BlackBerry Router..................................................................................................................................48 Connect the BlackBerry Device Service to the BlackBerry Router.................................................................................48 9 Postinstallation tasks...................................................................................................................... 49 Test the BlackBerry Enterprise Service 10 installation.........................................................................................................49 Test the connection to the BlackBerry Infrastructure.......................................................................................................... 49 Best practice: Running BlackBerry Enterprise Service 10................................................................................................... 50 Configuring database permissions using Microsoft SQL Server roles.................................................................................... 51 Configure minimum database permissions for the service account or Microsoft SQL Server account............................. 52 10 Removing the BlackBerry Enterprise Service 10 software................................................................ 53 Remove the BlackBerry Enterprise Service 10 software...................................................................................................... 53 11 Product documentation.................................................................................................................. 54 12 Glossary......................................................................................................................................... 57 13 Legal notice ................................................................................................................................... 59 Installation Guide About this guide About this guide 1 BlackBerry Enterprise Service 10 helps you manage BlackBerry devices, Android devices, and iOS devices for your organization. This guide provides instructions on how to install BlackBerry Enterprise Service 10. This guide is intended for senior IT professionals who are responsible for installing the product. After you complete the tasks in this guide, you must activate licenses and configure your BlackBerry Enterprise Service 10. You can find instructions for activating licenses in the BlackBerry Enterprise Service 10 Licensing Guide. You can find instructions on configuring BlackBerry Enterprise Service 10 in the BlackBerry Enterprise Service 10 Configuration Guide. 5 Installation Guide What is BlackBerry Enterprise Service 10? What is BlackBerry Enterprise Service 10? 2 BlackBerry Enterprise Service 10 helps you manage mobile devices for your organization. You can manage BlackBerry devices and BlackBerry PlayBook tablets, as well as iOS and Android devices, all from a unified interface. BlackBerry Enterprise Service 10 is designed to help protect business information, keep mobile workers connected with the information they need, and provide administrators with efficient tools that help keep business moving forward. BlackBerry Enterprise Service 10 includes the following components: Component Description BlackBerry Device Service Provides advanced administration for BlackBerry 10 devices and BlackBerry PlayBook tablets Universal Device Service Provides advanced administration for iOS and Android devices BlackBerry Management Studio Provides a unified interface to administer common tasks for BlackBerry 10 devices, BlackBerry PlayBook tablets, BlackBerry 7.1 and earlier devices, iOS devices, and Android devices BES10 Self-Service Provides a console to users so that they can perform some self-service tasks. For example, users can create activation passwords, remotely change the password on their device, or delete data from the device. Key features of BlackBerry Enterprise Service 10 The table below describes some of the key features for BlackBerry Enterprise Service 10. 6 Feature Description Management of most types of devices BlackBerry Enterprise Service 10 supports all types of BlackBerry devices and tablets, as well as iOS devices and Android devices. Installation Guide What is BlackBerry Enterprise Service 10? Feature Description Single, unified interface BlackBerry Management Studio is a single, web-based interface where you can view all devices in one place and access the most common management tasks across multiple domains. These tasks include creating and managing groups, managing device controls, and activating mobile devices. Trusted and secure experience Device controls give you precise management of how devices connect to your network, what capabilities are enabled, and what apps are available. Whether the devices are owned by your organization or your users, you can protect your organization's information. Balance of work and personal needs BlackBerry Balance and Secure Work Space technology are designed to ensure that personal and work information are kept separate and secure on devices. If the device is lost or the employee leaves the organization, you can delete only work-related information or all information from the device. Additional security features are available depending on the device type. 7 Installation Guide Planning a BlackBerry Enterprise Service 10 installation Planning a BlackBerry Enterprise Service 10 installation 3 You can install all BlackBerry Enterprise Service 10 components on one computer, or you can install specific components on separate computers. The computer that hosts BlackBerry Enterprise Service 10 requires a valid DNS suffix and a multisegment host name. You should consider any effect on system resources before you decide where to install the components. For example, you can install all components on one computer if you plan to activate up to 1000 devices, and if you determine that the computer can manage the volume of traffic for the BlackBerry Enterprise Service 10 components. BlackBerry Enterprise Service 10 stores data in its own databases. You can install multiple BlackBerry Enterprise Service 10 instances that connect to the same BlackBerry Enterprise Service 10 databases. You must host the BlackBerry Enterprise Service 10 databases on the same database instance. You can install the BlackBerry Enterprise Service 10 on a computer that hosts a BlackBerry Enterprise Server 5.0 SP4 instance or BlackBerry Enterprise Server Express 5.0 SP4 instance. BlackBerry Management Studio can manage multiple BlackBerry Enterprise Service 10 domains and BlackBerry Enterprise Server domains (version 5.0 SP3 or later). Installing all BlackBerry Enterprise Service 10 components on one computer You can install the BlackBerry Enterprise Service 10 core components and the BlackBerry Enterprise Service 10 consoles on one computer. You can use the BlackBerry Enterprise Service 10 Performance Calculator to determine whether the computer can accommodate the needs of your organization. Consider a distributed installation of BlackBerry Enterprise Service 10 if: • Your computer has system resource limitations • Your organization wants to prevent internal servers from accessing the Internet • You are considering the high availability or disaster recovery options 8 Installation Guide Planning a BlackBerry Enterprise Service 10 installation Installing the BlackBerry Enterprise Service 10 core components BlackBerry Enterprise Service 10 consists of the following core components: the BlackBerry Controller, the BlackBerry Dispatcher, the BlackBerry MDS Connection Service, the Enterprise Management Web Service, the Core Module, and the Communication Module. You can install the core components on one computer. For more information about BlackBerry Enterprise Service 10 core components, refer to the BlackBerry Enterprise Service 10 Product Overview. Installing the BlackBerry Enterprise Service 10 consoles BlackBerry Enterprise Service 10 includes four consoles that you can use to manage the system and devices. The BlackBerry Enterprise Service 10 setup application automatically adds the BlackBerry Device Service and the Universal Device Service to BlackBerry Management Studio. Console Description BlackBerry Management Studio BlackBerry Management Studio allows you to manage licenses, view reports of your system, and perform some management tasks for BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS devices, Android devices, and BlackBerry 7.1 and earlier devices. BES10 Self-Service BES10 Self-Service is a web-based application that you can make available to users so that they can perform some administrative tasks on their devices. Using BES10 SelfService, users can, for example, create activation passwords, remotely change the password on their device, or delete data from the device. Users do not need to install any software on their computers to use BES10 Self-Service. You provide the web address and login information to users so that they can log in to BES10 Self-Service. BlackBerry Device Service console Also known as the BlackBerry Administration Service, the BlackBerry Device Service console allows you to manage 9 Installation Guide Console Planning a BlackBerry Enterprise Service 10 installation Description BlackBerry Device Service components, BlackBerry 10 devices, and BlackBerry PlayBook tablets. Universal Device Service console 10 Also known as the Administration Console, the Universal Device Service console allows you to manage iOS devices and Android devices. Installation Guide Requirements Requirements 4 System requirements: Your organization's environment Item Requirement Company directory One of the following to access the list of users in your organization when you create user accounts: • Microsoft Active Directory, running at a domain functional level that is set to Windows Server 2003 or later • LDAP with anonymous authentication or simple bind authentication, with or without SSL Exchange ActiveSync • Exchange ActiveSync enabled on your organization's messaging server to use the native email, calendar, and contacts apps on devices. For minimum requirements, refer to the BlackBerry Enterprise Service 10 Compatibility Matrix. Exchange ActiveSync gatekeeping To configure gatekeeping, the following conditions: Devices • Microsoft Exchange Server 2010 • Windows PowerShell 2.0 or later installed on the computer that hosts the BlackBerry Enterprise Service 10 core components. Any of the mobile operating systems listed in the BlackBerry Enterprise Service 10 Compatibility Matrix 11 Installation Guide Requirements System requirements: Firewall Item Requirement DNS Support for resolving IP addresses into host names System requirements: VPN hardware If your organization's environment includes VPNs, you can configure a device to authenticate with the VPN so that it can access your organization's network. BlackBerry devices can use the BlackBerry Infrastructure if a VPN or work Wi-Fi connection is not available. For information about VPN hardware for iOS, visit www.apple.com. BlackBerry PlayBook OS 2.0 or later and BlackBerry 10 OS support the following IPsec VPN hardware: • Any gateway from Check Point • Cisco VPN 3000 Series Concentrator • Cisco PIX Firewall • Cisco IOS Easy VPN • Any appliance in the Cisco ASA Series • Any gateway in the Juniper SRX Series • Any gateway in the Juniper NetScreen Series • Any Windows Server with RRAS and IPsec configured that supports IKEv2 • Any VPN server that supports IKEv2 PlayBook OS 2.0 or later and BlackBerry 10 OS support the following SSL VPN hardware: • Any gateway in the Juniper SA Series • Any gateway in the Juniper MAG Series For more information, visit www.blackberry.com/go/kbhelp to read article KB28128. 12 Installation Guide Requirements Hardware requirements To determine the memory and disk space requirements for BlackBerry Enterprise Service 10, you must consider the number of devices that you plan to activate, the type of connection that devices use, and the level and type of user activity on devices. For more information about calculating hardware requirements for a BlackBerry Enterprise Service 10 environment, visit docs.blackberry.com/BES10 to see the BlackBerry Enterprise Service 10 Performance Calculator. Log files The size of log files for BlackBerry Enterprise Service 10 and BlackBerry Enterprise Service 10 components varies based on the number of devices in your organization's environment, the level of user activity on devices, and the logging levels that BlackBerry Enterprise Service 10 uses. It is a best practice to monitor and control the amount of disk space that the BlackBerry Enterprise Service 10 log files take up. For more information about configuring logging, visit docs.blackberry.com/BES10 to read the BlackBerry Device Service Advanced Administration Guide and the Universal Device Service Advanced Administration Guide. Projected database growth The size of the Microsoft SQL Server database used by BlackBerry Enterprise Service 10 will initially increase by approximately 500 KB per user per day. The size of the database will stabilize after approximately 30 days because BlackBerry Enterprise Service 10 removes historical data from the database at regular intervals. The maximum expected concurrent database connections at any one time is 120. At peak times, the database IO per second (IOPS) projection is 200 IOPS. Hardware requirements: BlackBerry Enterprise Service 10 The following guidelines apply to a BlackBerry Enterprise Service 10 environment that supports email messages and app downloads. The environment can include BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS devices, Android devices, and optionally, BlackBerry 7.1 and earlier devices. For more information about using the Secure Work Space feature with iOS devices and Android devices, visit www.blackberry.com/go/kbhelp to read article KB34591. Note: If you plan to activate BlackBerry 10 work space only devices, the processor, memory, and disk space requirements are higher. For more specific sizing information, visit docs.blackberry.com/BES10 to see the BlackBerry Enterprise Service 10 Performance Calculator. 13 Installation Guide Requirements Hardware requirements for 1 to 500 devices If BlackBerry Enterprise Service 10 is installed on a computer that hosts BlackBerry Enterprise Server 5.0 SP4, up to 500 total devices are supported. Any combination of BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS devices, Android devices, and BlackBerry 7.1 and earlier devices are supported up to a combined maximum of 500 devices. Environment Requirement All BlackBerry Enterprise Service 10 components, Microsoft SQL Server Express, and BlackBerry Enterprise Server 5.0 SP4 (optional) • One processor, 2.2 GHz Intel Xeon ES-2400 Series (Quad Core) • 12 GB of available memory • 40 GB of disk space Hardware requirements for 500 to 100,000 devices For 500 to 100,000 devices, install the BlackBerry Enterprise Service 10 core components, consoles, and databases on separate computers. Requirements for core components Each instance of BlackBerry Enterprise Service 10 core components can support up to 15,000 BlackBerry 10 devices and BlackBerry PlayBook tablets, and up to 7500 iOS and Android devices. Deploy as many instances of the core components as required to support the number of devices in your organization. The number of instances of core components required depends on the combination of device types and workload. To obtain a more accurate estimate of the required hardware, go to docs.blackberry.com/BES10 to see the BlackBerry Enterprise Service 10 Performance Calculator. Number of activated devices Number of instances of core components 500 to 5000 1 5000 to 10,000 1 to 2 10,000 to 22,500 1 to 4 22,500 to 100,000 2 to 10 Following are some examples of computer configurations that could support an instance of the BlackBerry Enterprise Service 10 core components. Number of activated devices Configuration example 500 to 5000 • One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core) • 12 GB of available memory 14 Installation Guide Number of activated devices 5000 to 10,000 10,000 to 22,500 Requirements Configuration example • 40 GB of disk space • One processor, 2 GHz Intel Xeon E5-2600 Series (Six Core) • 12 GB of available memory • 80 GB of disk space • Two processors, 2 GHz Intel Xeon E5-2600 Series (Six Core) • 12 GB of available memory • 120 GB of disk space Requirements for consoles The computer that the BlackBerry Enterprise Service 10 consoles reside on must meet the following requirements. Number of activated devices Requirement 500 to 22,500 • One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core) • 6 GB of available memory • 40 GB of disk space • Two processors, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core) • 8 GB of available memory • 80 GB of disk space 22,500 to 100,000 Requirements for databases The computer that the BlackBerry Enterprise Service 10 databases reside on must meet the following requirements. Number of activated devices Requirement 500 to 5000 • One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core) • 4 GB of available memory • 40 GB of disk space • One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core) • 6 GB of available memory 5000 to 22,500 15 Installation Guide Number of activated devices 22,500 to 100,000 Requirements Requirement • 80 GB of disk space • One processor, 2 GHz Intel Xeon E5-2600 Series (Six Core) • 8 GB of available memory • 120 GB of disk space Hardware requirements: BlackBerry Router The following requirements apply to the computer that you install a standalone BlackBerry Router on. To support more devices or a large number of app downloads, install more processing cores or use a more powerful processor. Number of activated devices Requirement 1 to 10,000 • One processor, 2 GHz Single Core • 0.5 GB of available memory (above the requirements for the operating system) • 500 KB of disk space (above the requirements for the operating system) Hardware requirements: BlackBerry Collaboration Service The following requirements apply to the computer that you install the BlackBerry Collaboration Service on. For more information about calculating hardware requirements, visit www.blackberry.com/go/serverdocs to see the BlackBerry Enterprise Service 10 Performance Calculator. Item Description Hardware requirements • One processor, 2.4 GHz Intel Xeon 5600 Series (Quad Core) • 8 GB of available memory (for 1000 users or fewer) • 100 GB of disk space 16 Installation Guide Requirements Item Description Notes • Supports up to 5000 devices that go through the BlackBerry Infrastructure if installed on the same computer as the BlackBerry Enterprise Service 10 core components • Supports up to 5000 devices per BlackBerry Collaboration Service instance, per computer • Install an additional 3 GB of memory for each 1000 users beyond the first 1000 Software requirements Before you install BlackBerry Enterprise Service 10, your organization's environment must meet certain requirements for software. Applications that are installed with BlackBerry Enterprise Service 10 You can use the BlackBerry Enterprise Service 10 installation process to install third-party applications. If you want to install Microsoft SQL Server 2008 R2 Express on a computer that does not host the BlackBerry Enterprise Service 10 core components, you can copy the BlackBerry Enterprise Service 10 installation files to the computer that you want to install Microsoft SQL Server 2008 R2 Express on, navigate to the Tools folder and run the Sqlexpr.exe file (32-bit or 64-bit). Application Items that the application is installed with JRE 7 Update 55 • BlackBerry Enterprise Service 10 core components • BlackBerry Enterprise Service 10 consoles Microsoft .NET Framework 3.5 SP1 (if it is available for the setup application to enable through the Windows Server Manager) • BlackBerry Enterprise Service 10 core components • BlackBerry Enterprise Service 10 consoles Microsoft XML Core Services 6.0 SP2 • BlackBerry Enterprise Service 10 consoles 17 Installation Guide Requirements Application Items that the application is installed with Microsoft IIS 7.0, 7.5, or 8.0 • BlackBerry Enterprise Service 10 core components Microsoft Web Deploy 3.0 • BlackBerry Enterprise Service 10 core components Microsoft SQL Server 2008 R2 Express • (if it is selected during the installation process) BlackBerry Enterprise Service 10 core components Software requirements: BlackBerry Enterprise Service 10 core components The following requirements apply when you install all BlackBerry Enterprise Service 10 components on one computer, or when you install the BlackBerry Enterprise Service 10 core components on a separate computer. Item Requirement Operating system Any of the operating systems listed in the BlackBerry Enterprise Service 10 Compatibility Matrix Software framework All of the following: • Microsoft .NET Framework 3.5 SP1 • Microsoft .NET Framework 4 (Standalone Installer or Web Installer) Note: Web server • You must install the full Microsoft .NET Framework 4 instead of Microsoft .NET Framework 4 Client Profile. • If you plan to install the BlackBerry Collaboration Service on the same computer as the BlackBerry Enterprise Service 10 core components, you must install Microsoft Unified Communications Managed API 2.0 Core Redistributable 64-bit before you install Microsoft .NET Framework 4. For more information, visit support.microsoft.com to read article 2224981. Any of the web servers listed in the BlackBerry Enterprise Service 10 Compatibility Matrix Note: For Microsoft IIS, the following role services must be installed: 18 Installation Guide Item Requirements Requirement • Management Tools: IIS Management Console, IIS Management Scripts and Tools, Management Service, IIS 6 Management Compatibility (all subcomponents) Software requirements: Remote consoles The following requirements apply if you are installing the BlackBerry Enterprise Service 10 consoles on a separate computer. Item Requirement Operating system Any of the operating systems listed in the BlackBerry Enterprise Service 10 Compatibility Matrix at docs.blackberry.com/BES10. Software framework Microsoft .NET Framework 3.5 SP1; installed by the setup application. Software requirements: BlackBerry Router The following requirements apply to the computer that you install a standalone BlackBerry Router on. If you do not install the BlackBerry Router, you can connect the BlackBerry Device Service to an existing standalone BlackBerry Router in your organization's environment. You can use a standalone BlackBerry Router that you installed with BlackBerry Enterprise Server 5.0 SP4 or BlackBerry Device Service 6.2. Item Requirement Operating system Any of the operating systems listed in the BlackBerry Enterprise Service 10 Compatibility Matrix Software requirements: Database server Item Requirement Database management system Any of the database management systems listed in the BlackBerry Enterprise Service 10 Compatibility Matrix Collation setting To configure collation settings, the following conditions: 19 Installation Guide Item Requirements Requirement • Database server collation configured to default case-insensitive • BlackBerry Enterprise Service 10 database collation configured to default case-insensitive Note: Default collations are suggested but non-default collations are supported (for more information, visit www.blackberry.com/go/kbhelp to read articles KB04785 and KB15534). Database connectivity • TCP/IP network protocols turned on • No count option turned off Nested triggers Nested triggers support turned on to allow triggers to perform actions that initiate other triggers. For more information, visit msdn.microsoft.com to read article ms178101. Database mirroring To configure database mirroring, the following conditions: • A version of Microsoft SQL Server that supports database mirroring • High-safety mode with automatic failover • A witness server for automatic failover • A mirror database on a different computer than the principal database • The same version and edition of Microsoft SQL Server to host the mirror database and the principal database Software requirements: Browser The following requirements apply to the browser that you use to log in to the BlackBerry Enterprise Service 10 consoles. Item Requirement Browser Any of the browsers listed in the BlackBerry Enterprise Service 10 Compatibility Matrix. Windows Internet Explorer 8 or later provides optimal support for BlackBerry Administration Service features. Note: If users use a wired connection to activate or manage their BlackBerry devices, they must use Windows Internet Explorer and allow incoming TCP/IP connections to RIMProxy.exe. The default port number for RIMProxy.exe is 5666. 20 Installation Guide Item Requirements Requirement To support browser access, you must configure the following settings: Browser settings for Windows Internet Explorer • Support for JavaScript • Cookies turned on • Support for TLS or SSL • The SSL certificate is installed to permit trusted connections to the consoles To support browser access using Windows Internet Explorer, you must configure the following settings: • The latest Microsoft hotfixes installed • Language preferences that display encoded web pages • To support Microsoft ActiveX, the following settings are enabled: • Automatic prompting for Microsoft ActiveX controls • Download signed Microsoft ActiveX controls • Run Microsoft ActiveX controls and plug-ins • Script Microsoft ActiveX controls marked safe for scripting • The console websites are assigned to the trusted websites security zone • If you configure single sign-on authentication for the consoles, Enable Integrated Windows Authentication is selected Note: If Windows Internet Explorer Enhanced Security Configuration is turned on, some areas of the Universal Device Service console might not function correctly. 21 Installation Guide Requirements Installation considerations Supported features and environments Item Description Virtual environment Current in-market releases of VMware and Microsoft Hyper-V are supported with the latest BlackBerry Enterprise Service 10 version. For more information, visit www.blackberry.com/go/kbhelp to read article KB29661. IP The BlackBerry Enterprise Service 10 components support only IPv4 for TCP/IP connections. Installation on a computer that hosts BlackBerry Enterprise Server 5.0 BlackBerry Enterprise Service 10 can be installed on a computer that already hosts BlackBerry Enterprise Server 5.0 SP4 or BlackBerry Enterprise Server Express 5.0 SP4. You cannot connect BlackBerry Enterprise Service 10 and the BlackBerry Enterprise Server or BlackBerry Enterprise Server Express to the same databases. To run BlackBerry Enterprise Service 10 and the BlackBerry Enterprise Server or BlackBerry Enterprise Server Express in the same organization, you must configure the BlackBerry Enterprise Service 10 databases for the BlackBerry Enterprise Service 10 instances, and a BlackBerry Configuration Database for the BlackBerry Enterprise Server instances or BlackBerry Enterprise Server Express instances. Remote access Administrators who use Remote Desktop Connection can access BlackBerry Enterprise Service 10 components remotely. Certificate keystores The setup application generates and stores an SSL certificate in two passwordprotected keystore files: as.web.keystore and ncc.web.keystore. These keystores replace the web.keystore that was used in previous releases. The following components use the SSL certificate to authenticate with browsers: 22 • BlackBerry Administration Service • BlackBerry Management Studio • BES10 Self-Service • Enterprise Management Web Service Installation Guide Item Requirements Description • BlackBerry Web Services You can use the BES10 Configuration Tool to change the password for the web keystores or to import a new SSL certificate. When you use the tool to import certificates into the keystores, the certificates are written to the BlackBerry Enterprise Service 10 databases and then to the keystores (this also occurs when you restart the BlackBerry Administration Service). This process overwrites any certificates that you imported into the keystores manually. BlackBerry Enterprise Service 10 does not support importing certificates into the keystores manually. Unsupported environments Item Description DMZ The BlackBerry Enterprise Service 10 components, with the exception of the BlackBerry Router, do not support installation in a DMZ. 23 Installation Guide Preinstallation tasks Preinstallation tasks 5 Configuring ports for the external firewall You must configure the ports on the external firewall. For information about the internal ports that BlackBerry Enterprise Service 10 uses, see "Configuring connection types and port numbers" in the BlackBerry Enterprise Service 10 Configuration Guide. Outbound ports: Managing BlackBerry devices BlackBerry Enterprise Service 10 components use the following ports to send data to sources that are outside of your organization's firewall, such as the BlackBerry Infrastructure, and to receive data back from these sources. Configure your organization's firewall to allow outbound and inbound connections over these ports. For more information about domains and IP addresses to use in your firewall configuration, visit www.blackberry.com/go/kbhelp to read articles KB34193 and KB03735. From To BlackBerry Router BlackBerry (optional) Infrastructure 24 Purpose Protocol To connect to the blackberry.com and TCP blackberry.net subdomains (<region>.srp.blackberry.com) to activate and manage BlackBerry Port Where you can change the port 3101 BES10 Configuration Tool Installation Guide From Preinstallation tasks To Purpose Protocol Port Where you can change the port devices and to enable the use of the work space on BlackBerry devices. BlackBerry Dispatcher BlackBerry Infrastructure To connect to the blackberry.com and TCP blackberry.net subdomains (<region>.srp.blackberry.com) to activate and manage BlackBerry devices and to enable the use of the work space on BlackBerry devices. 3101 BlackBerry Administration Service BlackBerry Licensing Service BlackBerry Infrastructure To connect to the licensing infrastructure (license.blackberry.com) to activate licenses. HTTPS 443 Cannot change BlackBerry Administration Service BlackBerry Infrastructure To register activation information for HTTPS BlackBerry devices and access device information. 443 Cannot change BlackBerry Administration Service BlackBerry Infrastructure To specify public apps in BlackBerry World as optional work apps for BlackBerry devices. 80 Cannot change HTTP Outbound ports: Managing iOS and Android devices BlackBerry Enterprise Service 10 components use the following ports to send data to sources that are outside of your organization's firewall, such as the BlackBerry Infrastructure, and to receive data back from these sources. Configure your organization's firewall to allow outbound and inbound connections over these ports. For more information about domains and IP addresses to use in your firewall configuration, visit www.blackberry.com/go/kbhelp to read articles KB34193 and KB03735. 25 Installation Guide Preinstallation tasks From To Purpose BlackBerry Secure Connect Service BlackBerry Infrastructure BlackBerry Secure Connect Service through a TCP proxy server (optional) Port Where you can change the port To connect to the bbsecure.com TCP subdomain (<region>.bbsecure.com) to allow work-space enabled devices to access work data, to send activation and management data between iOS and Android devices and BlackBerry Enterprise Service 10, and to allow iOS devices to connect to APNs for device notifications. 3101 Cannot change BlackBerry Infrastructure To route data through a TCP proxy server if you do not want a direct connection to the BlackBerry Infrastructure. TCP 3101 Administration Console BlackBerry Licensing Service BlackBerry Infrastructure To connect to the licensing infrastructure (license.blackberry.com) to activate licenses. HTTPS 443 Cannot change Administration Console BlackBerry Infrastructure To request a signed CSR from HTTPS BlackBerry so you can obtain and register an APNs certificate. The APNs certificate is required to manage iOS devices. 443 Cannot change Universal Device Service core components BlackBerry Infrastructure To connect to the HTTPS <region>.swstps.bbsecure.com subdomain to authenticate BlackBerry Enterprise Service 10 and enable the use of the Secure Work Space on iOS and Android devices. 443 Cannot change Universal Device Service core components BlackBerry Infrastructure To connect to <region>.swsmanager.bbsecure.com subdomain to enable administrative control over the work space on iOS and Android devices. 443 Cannot change 26 Protocol HTTPS Installation Guide Preinstallation tasks From To Purpose Protocol Port Where you can change the port BlackBerry Work Connect Notification Service BlackBerry Infrastructure To provide new or changed email and organizer notifications to work spaceenabled iOS devices. HTTPS 443 Cannot change Scheduler BlackBerry Infrastructure To check a hosted metadata file each day at midnight for new device or OS data. Updates are downloaded to the Universal Device Service database. HTTPS 443 Cannot change Apple Root Certification Authority To check the certificate revocation list HTTPS (used if you do not set up an APNs HTTP proxy server). 443 Cannot change SMTP gateway To enable SMTP for an external SMTP gateway (optional). 25 The hosted file is located at https:// origin-www.blackberry.com/download/ metadata/BES/metadata.xml.gz (IP address 208.65.77.102). Core Module Core Module TCP 80 Administration Console Outbound ports: Device data BlackBerry Enterprise Service 10 uses the outbound-initiated port 3101 to send and receive data for BlackBerry 10 devices and work space-enabled iOS and Android devices. For iOS and Android devices that are not work space-enabled, BlackBerry Enterprise Service 10 sends and receives only activation and management data through the outbound-initiated port 3101. All other data, such as messaging data and data from third-party applications, is not sent through port 3101. Consult the documentation or support resources for your organization's messaging software and third-party applications to determine the ports that you must open. Outbound ports: Work space-enabled devices on a work Wi-Fi network Work space-enabled iOS and Android devices that use your organization's Wi-Fi network use the following outbound ports to connect to the BlackBerry Infrastructure and external services. Configure your organization's firewall to allow outbound and inbound connections over these ports. 27 Installation Guide Preinstallation tasks From To Purpose Protocol Port Where you can change the port iOS devices BlackBerry Infrastructure To connect to the <region>.bbsecure.com subdomain when activating the device. TLS 443 Cannot change BlackBerry Infrastructure To connect to the TCP <region>.bbsecure.com subdomain so that administration commands can be applied to the devices. 443 Cannot change Android devices iOS devices Android devices 80 Port 443 is the default. Port 80 is only used by devices that were activated before you upgraded to BlackBerry Enterprise Service 10 version 10.2, or if the user specifies port 80. iOS devices APNs To send management data to and from iOS devices. TCP 5223 Cannot change Android devices BlackBerry Infrastructure To connect to the <region>.swsmanager.bbsecure.com subdomain. HTTPS 443 Cannot change Configure permissions for the service account The service account is a Windows account that runs the services for BlackBerry Enterprise Service 10. The service account must be a member of the local Administrators group on the computer that you install BlackBerry Enterprise Service 10 on, and also requires other permissions. Without the correct permissions, BlackBerry Enterprise Service 10 cannot run. If your organization's environment includes the BlackBerry Enterprise Server or the BlackBerry Device Service, you can use the same service account to install BlackBerry Enterprise Service 10. Otherwise, create a service account in your company directory or a local Windows account on the computer that you want to install BlackBerry Enterprise Service 10 on. After you create the service account: 1. On the taskbar, click Start > Administrative Tools > Computer Management. 2. In the left pane, expand Local Users and Groups. 3. Navigate to the Groups folder. 28 Installation Guide Preinstallation tasks 4. In the right pane, double-click Administrators. 5. Click Add. 6. In the Enter the object names to select field, type the name of the service account (for example, BES10Admin). 7. Click OK. 8. Click Apply. 9. Click OK. 10. On the taskbar, click Start > Administrative Tools > Local Security Policy. 11. Configure the following permissions for the service account: • Allow log on locally (if not assigned by default) • Log on as a service • Log on as a batch job Configuring connections for the BlackBerry Enterprise Service 10 databases You create the BlackBerry Enterprise Service 10 databases when you install the BlackBerry Enterprise Service 10 core components or when you run the CreateDB executable. BlackBerry Enterprise Service 10 can connect to the BlackBerry Enterprise Service 10 databases on the database server using Windows authentication or Microsoft SQL Server authentication. By default, BlackBerry Enterprise Service 10 connects to the BlackBerry Enterprise Service 10 databases using the service account that you use to complete the installation process or the Microsoft SQL Server account that you specify during the installation process. Specifying database permissions to create the BlackBerry Enterprise Service 10 databases Depending on the database option and the type of authentication that you select, you might need to assign database creator permissions to the service account that you use to complete the installation process or the Microsoft SQL Server account that you specify during the installation process. You can configure database permissions using Microsoft SQL Server roles. 29 Installation Guide Preinstallation tasks Database option Database permission Install Microsoft SQL Server Express during the BlackBerry Enterprise Service 10 installation process • If you choose Windows authentication, the setup application automatically assigns the required database permissions to the service account • If you choose Microsoft SQL Server authentication, you must add the Microsoft SQL Server account to the dbcreator server role Use an existing Microsoft SQL Server in • your organization's environment You must add the service account or Microsoft SQL Server account to the dbcreator server role Create the BlackBerry Enterprise Service 10 databases If your organization's security policies do not allow applications to have permissions to create or upgrade databases, you can run the CreateDB executable on the database server to create the BlackBerry Enterprise Service 10 databases instead of using the setup application. After you create the BlackBerry Enterprise Service 10 databases using the CreateDB executable, you can run the setup application using a service account that has minimum permissions on the database server. Note: If you do not want to run the CreateDB executable on the database server, you must run it on a computer that Microsoft SQL Server 2008 Native Client is installed on and the computer must be able to connect to the computer that hosts the database server. Before you begin: Verify that you configured the correct permissions on the database server. 1. Log in to the computer that hosts the database server that you want to configure as the host server for the BlackBerry Enterprise Service 10 databases. If you use a Windows account to create the BlackBerry Enterprise Service 10 databases, you must log in to the computer using a Windows account that has database creator permissions. 2. Copy the BlackBerry Enterprise Service 10 installation files to the computer. 3. Extract the contents to a folder on the computer. 4. Navigate to <extracted_folder>\Database. 5. Open the DBMgmt.cfg file in a text editor. 6. Change the file to include information that is specific to your organization's environment. 7. Save and close the file. 8. Open a command prompt window. 9. Change the directory to <extracted_folder>\Database. 10. Type CreateDB.exe DBMgmt.cfg. Press ENTER. 30 Installation Guide Preinstallation tasks DBMgmt.cfg properties The following properties apply to the DBMgmt.cfg file, which you use when you run the CreateDB executable. Property Description DATABASE_NAME_BDS This property specifies the name of the BlackBerry Configuration Database. DATABASE_NAME_UDS This property specifies the name of the Management Database. If the Management Database does not exist, the name must follow the format <BlackBerry Configuration Database name>_UDS. SERVER This property specifies the name of the database server that hosts the database to create or upgrade. If a database instance hosts the database, follow the format <database_server_name>\<database_instance_name>. If you configure database mirroring, do not use named instances. MSSQL_PORT This property specifies the port number that Microsoft SQL Server uses. If you do not specify a port number, the CreateDB executable uses port number 1433 as the default. FAILOVER_SERVER This property specifies the name of the database server that hosts the mirror database to upgrade. USERID If you use database authentication, this property specifies the username for the database account that has database creator permissions. PASSWORD If you use database authentication, this property specifies the password for the database account. BACKUP This property specifies whether or not to back up the existing database. The default value is FALSE. BACKUP_DIR This property specifies an existing folder that you can save the database backup in. By default, this folder is the same folder that the Microsoft SQL Server database files are located in. 31 Installation Guide Preinstallation tasks Remove the WebDAV Publishing role service If Microsoft IIS is already installed on the computer that you want to install the BlackBerry Enterprise Service 10 core components on, you must remove the WebDAV Publishing role service to avoid potential issues with updates that the setup application and the Universal Device Service perform. For example, WebDAV might cause issues when you create a username and password for the Universal Device Service console during the installation process. 1. On the taskbar, click Start > Administrative Tools > Server Manager. 2. In the left pane, click Roles. 3. In the Web Server (IIS) section, click Remove Role Services. 4. Clear the WebDAV Publishing check box. 5. Apply your changes. Configuring a BlackBerry Administration Service pool When you install the BlackBerry Enterprise Service 10 consoles, you install a BlackBerry Administration Service instance. If you install multiple instances, you must configure a BlackBerry Administration Service pool to send requests to available instances and to avoid a single point of failure. You can configure only one BlackBerry Administration Service pool in a BlackBerry Enterprise Service 10 domain. You can configure a pool using one of the following options: Item Description DNS round robin If you configure a pool using DNS round robin, you must create the DNS records that represent the instances in the pool, where each DNS record contains the static IP address of a computer that hosts an instance. Hardware load balancer If you configure a pool using a hardware load balancer, you must implement session persistence for SSL connections. When you implement session persistence, a load balancer tracks and stores session data to make sure that all requests in a browser session are consistently directed to the same instance in 32 Installation Guide Item Preinstallation tasks Description the pool. For information on how to implement session persistence, contact the vendor of your hardware load balancer. Create a DNS record for each BlackBerry Administration Service instance in a pool To configure a BlackBerry Administration Service pool using DNS round robin, you must create DNS records for the BlackBerry Administration Service pool name that contain the IP address of each computer that hosts a BlackBerry Administration Service instance. The DNS pool name allows browsers to access available BlackBerry Administration Service instances using a single DNS name. When you create the DNS records, you should include only computers that host a BlackBerry Administration Service instance. Before you begin: • Configure a static IP address for each computer that you want to install a BlackBerry Administration Service instance on. • Verify that you have correct permissions to manage the DNS server. 1. Log in to the DNS server. 2. In the DNS management console, access the forward lookup zone that you want to add the BlackBerry Administration Service instances to. 3. 4. To create a new DNS host record (or A record), specify the following information: a. In the Name field, type the name that you want to use for the BlackBerry Administration Service pool name. b. In the IP address field, type the IP address of the computer that you want to install a BlackBerry Administration Service instance on. c. Select the Create associated pointer (PTR) record check box. Repeat step 3 for each BlackBerry Administration Service instance that you plan to install. When you create the DNS records, you must use the same pool name for all BlackBerry Administration Service instances in a pool. After you finish: To remove a BlackBerry Administration Service instance from a pool, in the DNS server, delete the DNS pool name record that contains the IP address of the computer that hosts the instance. 33 Installation Guide Installing the BlackBerry Enterprise Service 10 software Installing the BlackBerry Enterprise Service 10 software 6 Prerequisites: Installing the BlackBerry Enterprise Service 10 software • Verify that the computers that host the BlackBerry Enterprise Service 10 core components, the BlackBerry Enterprise Service 10 consoles, and the BlackBerry Enterprise Service 10 databases are located in the same LAN environment. • Verify that you opened the necessary ports on your organization's firewall. • Verify that you installed all required third-party applications. • If you perform the installation process on a computer that has more than one NIC, verify that the production NIC is first in the bind order in the Windows network settings. • If your organization uses a proxy server for Internet access, verify that you have the computer name, port number, and credentials for the proxy server. • When you run the setup application, use only standard characters to specify values. Unicode characters are not supported. Verify that you have the following information available for the BlackBerry Enterprise Service 10 software: • SRP host • SRP identifier • SRP authentication key 34 Installation Guide Installing the BlackBerry Enterprise Service 10 software Specifying a name for the BlackBerry Administration Service pool during the installation process During the installation process, the setup application prompts you to specify the name of the BlackBerry Administration Service pool. The BlackBerry Administration Service instances use an SSL certificate that contains the pool name for interprocess communication. You must specify a valid DNS name during the installation process, even if you do not configure a BlackBerry Administration Service pool. The setup application uses the FQDN of the computer that you install the first BlackBerry Administration Service instance on as the default value for the pool name. If you keep the default value and configure a BlackBerry Administration Service pool using DNS round robin or a hardware load balancer at a later time, you must use the BES10 Configuration Tool to change the pool name to the DNS name for the pool. You can keep the default value for the pool name when you install the first BlackBerry Administration Service instance, but you must specify the DNS name for the pool when you install additional BlackBerry Administration Service instances. Afterwards, you must restart each computer that hosts a BlackBerry Enterprise Service 10 component. Install all BlackBerry Enterprise Service 10 components on one computer During the BlackBerry Enterprise Service 10 installation process, you might need to restart the computer. Before you begin: Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software has local administrator permissions on the computer that you perform the installation process on. 1. Log in to the computer that you want to install BlackBerry Enterprise Service 10 on using the service account that has correct permissions. The service account runs the BlackBerry Enterprise Service 10 services. 2. In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and requests permission for setup.exe to make changes to the computer, click Yes. 3. Review the information for the account that you used to log in. Click Continue Installation. 4. In the License agreement dialog box, perform the following actions: 35 Installation Guide 5. Installing the BlackBerry Enterprise Service 10 software a. In the Customer information section, specify information for your organization and select your country or region. b. In the License agreement section, read the license agreement. To accept the license agreement, select I accept the terms of the license agreement. c. Click Next. In the Setup type dialog box, perform one of the following actions: • For the first installation of the BlackBerry Enterprise Service 10 software, select Create a BlackBerry Enterprise Service 10 domain. You can install the database server on the same computer or use an existing database server in your organization's environment (local or remote). • For all other installations of the BlackBerry Enterprise Service 10 software, select Use an existing BlackBerry Enterprise Service 10 domain. 6. In the Setup options dialog box, all BlackBerry Enterprise Service 10 components are selected by default. Click Next. 7. In the Preinstallation checklist dialog box, read and verify the information. Click Next. 8. In the Accounts and folders dialog box, type the password for the service account that you used in step 1. Click Next. 9. In the Summary dialog box, verify that the information is correct. Click Install. 10. If the setup application prompts you to restart the computer, click Yes. Otherwise, click Next. 11. If you restart the computer, log in to the computer using the service account that you used in step 1. 12. In the Database information dialog box, perform the following actions: a. In the Microsoft SQL Server name field, type the name of the computer that hosts the database server. b. In the Database name field, type a name for the BlackBerry Configuration Database. The same name is used for the Management Database (<database_name>_UDS). c. If you configured the database server to use static ports, select the Static option. If the static port number is not 1433, in the Port field, type the port number. d. By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service 10 databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQL Server account. e. Click Next. 13. In the Instance information dialog box, type a name for this instance of the BlackBerry Enterprise Service 10 core components. You must specify a unique name for each instance of the core components that you install in a BlackBerry Enterprise Service 10 domain. Click Next. 14. In the SRP information dialog box, perform the following actions: 36 a. In the SRP host section, if necessary, change the SRP address and port number for the BlackBerry Infrastructure. The default port number is 3101 and the default host name is determined by your country or region. b. In the SRP authentication information section, type the SRP identifier and SRP authentication key. Each BlackBerry Enterprise Service 10 instance must use a unique SRP identifier. Installation Guide Installing the BlackBerry Enterprise Service 10 software c. In the SRP host and SRP authentication information sections, click Verify to verify that the information is correct. d. Click Next. 15. In the Core Module information dialog box, perform the following actions: a. Type and confirm a password for the Core Module. The Universal Device Service components use the password to make trusted connections to the Core Module. b. In the Website information section, in the drop-down list, click Create a website. If necessary, in the Website port field, change the default port number. c. If necessary, in the Port settings section, change the default port numbers. d. Click Next. If you changed any port numbers, the setup application verifies if the ports are available on the computer. 16. In the Communication Module information dialog box, perform the following actions: a. In the Website information section, in the drop-down list, click Create a website. If necessary, in the Website port field, change the default port number. b. Click Next. If you changed the port number, the setup application verifies if the port is available on the computer. 17. In the Create an administrator account dialog box, type and confirm a password for the administrator account that the setup application creates. Administrators use the login information that you specify to log in to the BlackBerry Enterprise Service 10 consoles for the first time. Click Next. 18. In the Administration settings dialog box, perform the following actions: a. In the Pool name field, specify a valid FQDN or IP address that the setup application uses to create the BlackBerry Administration Service web address. If you install only one BlackBerry Administration Service instance in a BlackBerry Enterprise Service 10 domain, you can accept the default pool name. If you install multiple BlackBerry Administration Service instances, specify the DNS name that maps to the IP address of each computer that hosts a BlackBerry Administration Service instance, or the DNS name of a hardware load balancer. b. If necessary, in the Port settings section, change the default port numbers. c. Click Next. If you changed any port numbers, the setup application verifies if the ports are available on the computer. 19. In the Finalize installation dialog box, the setup application finishes the installation tasks and the BlackBerry Enterprise Service 10 services start automatically. When all the services are running, click Next. 20. In the Console addresses dialog box, click Finish. By default, the setup application exports the BlackBerry Enterprise Service 10 web addresses to a .txt file. After you finish: • Verify that the collation setting for the BlackBerry Enterprise Service 10 databases is default case-insensitive. • If you reinstalled the BlackBerry Enterprise Service 10 consoles, in Windows Internet Explorer, delete the cache. 37 Installation Guide Installing the BlackBerry Enterprise Service 10 software Installing BlackBerry Enterprise Service 10 components on separate computers Install the BlackBerry Enterprise Service 10 core components You can install the BlackBerry Enterprise Service 10 core components on a separate computer to address performance concerns or for high availability. During the BlackBerry Enterprise Service 10 installation process, you might need to restart the computer. Before you begin: Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software has local administrator permissions on the computer that you perform the installation process on. 1. Log in to the computer that you want to install BlackBerry Enterprise Service 10 on using the service account that has correct permissions. The service account runs the BlackBerry Enterprise Service 10 services. 2. In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and requests permission for setup.exe to make changes to the computer, click Yes. 3. Review the information for the account that you used to log in. Click Continue Installation. 4. In the License agreement dialog box, perform the following actions: 5. a. In the Customer information section, specify information for your organization and select your country or region. b. In the License agreement section, read the license agreement. To accept the license agreement, select I accept the terms of the license agreement. c. Click Next. In the Setup type dialog box, perform one of the following actions: • For the first installation of the BlackBerry Enterprise Service 10 software, select Create a BlackBerry Enterprise Service 10 domain. You can install the database server on the same computer or use an existing database server in your organization's environment (local or remote). • For all other installations of the BlackBerry Enterprise Service 10 software, select Use an existing BlackBerry Enterprise Service 10 domain. 6. In the Setup options dialog box, verify that the Install the BlackBerry Enterprise Service 10 core components check box is selected and clear the check boxes for the other options. Click Next. 7. In the Preinstallation checklist dialog box, read and verify the information. Click Next. 38 Installation Guide Installing the BlackBerry Enterprise Service 10 software 8. In the Accounts and folders dialog box, type the password for the service account that you used in step 1. Click Next. 9. In the Summary dialog box, verify that the information is correct. Click Install. 10. If the setup application prompts you to restart the computer, click Yes. Otherwise, click Next. 11. If you restart the computer, log in to the computer using the service account that you used in step 1. 12. In the Database information dialog box, perform the following actions: a. In the Microsoft SQL Server name field, type the name of the computer that hosts the database server. b. In the Database name field, type a name for the BlackBerry Configuration Database. The same name is used for the Management Database (<database_name>_UDS). c. If you configured the database server to use static ports, select the Static option. If the static port number is not 1433, in the Port field, type the port number. d. By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service 10 databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQL Server account. e. Click Next. 13. In the Instance information dialog box, type a name for this instance of the BlackBerry Enterprise Service 10 core components. You must specify a unique name for each instance of the core components that you install in a BlackBerry Enterprise Service 10 domain. Click Next. 14. In the SRP information dialog box, perform the following actions: a. In the SRP host section, if necessary, change the SRP address and port number for the BlackBerry Infrastructure. The default port number is 3101 and the default host name is determined by your country or region. b. In the SRP authentication information section, type the SRP identifier and SRP authentication key. Each BlackBerry Enterprise Service 10 instance must use a unique SRP identifier. c. In the SRP host and SRP authentication information sections, click Verify to verify that the information is correct. d. Click Next. 15. In the Core Module information dialog box, perform the following actions: a. Type and confirm a password for the Core Module. The Universal Device Service components use the password to make trusted connections to the Core Module. b. In the Website information section, in the drop-down list, click Create a website. If necessary, in the Website port field, change the default port number. c. If necessary, in the Port settings section, change the default port numbers. d. Click Next. If you changed any port numbers, the setup application verifies if the ports are available on the computer. 16. In the Communication Module information dialog box, perform the following actions: 39 Installation Guide Installing the BlackBerry Enterprise Service 10 software a. In the Website information section, in the drop-down list, click Create a website. If necessary, in the Website port field, change the default port number. b. Click Next. If you changed the port number, the setup application verifies if the port is available on the computer. 17. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry Enterprise Service 10 services start automatically. When all the services are running, click Finish. After you finish: Verify that the collation setting for the BlackBerry Enterprise Service 10 databases is default caseinsensitive. Install the BlackBerry Enterprise Service 10 consoles You can install the BlackBerry Enterprise Service 10 consoles on a separate computer to address performance or disaster recovery concerns. During the BlackBerry Enterprise Service 10 installation process, you might need to restart the computer. Before you begin: • Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software has local administrator permissions on the computer that you perform the installation process on. • Verify that the service account has permission to access and update the Windows registry on the computer that hosts the BlackBerry Enterprise Service 10 core components. • Install at least one instance of the BlackBerry Enterprise Service 10 core components. 1. Log in to the computer that you want to install the BlackBerry Enterprise Service 10 consoles on using the service account that has correct permissions. The service account runs the BlackBerry Enterprise Service 10 services. 2. In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and requests permission for setup.exe to make changes to the computer, click Yes. 3. Review the information for the account that you used to log in. Click Continue Installation. 4. In the License agreement dialog box, perform the following actions: a. In the Customer information section, specify information for your organization and select your country or region. b. In the License agreement section, read the license agreement. To accept the license agreement, select I accept the terms of the license agreement. c. Click Next. 5. In the Setup type dialog box, select Use an existing BlackBerry Enterprise Service 10 domain. Click Next. 6. In the Database information dialog box, perform the following actions: a. 40 In the Microsoft SQL Server name field, type the name of the computer that hosts the database server. Installation Guide Installing the BlackBerry Enterprise Service 10 software b. In the Database name field, type the name of the existing BlackBerry Configuration Database (for example, BDSMgmt). c. If you configured the database server to use static ports, select the Static option. If the static port number is not 1433, in the Port field, type the port number. d. By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service 10 databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQL Server account. e. Click Next. 7. In the Setup options dialog box, verify that the Install the BlackBerry Enterprise Service 10 consoles check box is selected and clear the check boxes for the other options. Click Next. 8. In the Preinstallation checklist dialog box, read and verify the information. Click Next. 9. In the Accounts and folders dialog box, type the password for the service account that you used in step 1. Click Next. 10. In the Summary dialog box, verify that the information is correct. Click Install. 11. If the setup application prompts you to restart the computer, click Yes. Otherwise, click Next. 12. If you restart the computer, log in to the computer using the service account that you used in step 1. 13. In the Create an administrator account dialog box, type and confirm a password for the administrator account that the setup application creates. Administrators use the login information that you specify to log in to the BlackBerry Enterprise Service 10 consoles for the first time. Click Next. 14. In the Administration settings dialog box, perform the following actions: a. In the Pool name field, specify a valid FQDN or IP address that the setup application uses to create the BlackBerry Administration Service web address. If you install only one BlackBerry Administration Service instance in a BlackBerry Enterprise Service 10 domain, you can accept the default pool name. If you install multiple BlackBerry Administration Service instances, specify the DNS name that maps to the IP address of each computer that hosts a BlackBerry Administration Service instance, or the DNS name of a hardware load balancer. b. If necessary, in the Port settings section, change the default port numbers. c. Click Next. If you changed any port numbers, the setup application verifies if the ports are available on the computer. 15. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry Enterprise Service 10 services start automatically. When all the services are running, click Next. 16. In the Console addresses dialog box, click Finish. By default, the setup application exports the BlackBerry Enterprise Service 10 web addresses to a .txt file. After you finish: • Restart the computer that hosts the BlackBerry Enterprise Service 10 core components. • If you reinstalled the BlackBerry Enterprise Service 10 consoles, in Windows Internet Explorer, delete the cache. 41 Installation Guide Installing a standby instance of the core components Installing a standby instance of the core components 7 If you want to enhance the stability and reliability of device service in your organization’s BlackBerry Enterprise Service 10 domain, you can configure the core components to support high availability. A high availability configuration involves one or more high availability pairs. A high availability pair consists of a primary instance of the core components, and a standby instance of the same components that you install on a different computer. If the primary instance is not performing as expected (for example, a component is not responding), BlackBerry Enterprise Service 10 initiates an automatic failover of device service to the standby instance. Both instances use the same SRP credentials, and are connected to the same BlackBerry Enterprise Service 10 databases. You can assign only one standby instance to each primary instance in the domain. You cannot change the primary and standby roles by running the setup application again, but you can use the BlackBerry Administration Service to initiate a manual failover, or to change the primary and standby roles for a high availability pair. When you install a standby instance of the core components, you can install additional instances of other components. For example, you can install additional components with the standby instance to distribute the performance load across multiple computers. For more information about configuring high availability for the core components and configuring high availability for the BlackBerry Enterprise Service 10 databases, visit docs.blackberry.com/BES10 to read the BlackBerry Enterprise Service 10 Configuration Guide. Prerequisites: Installing a standby instance of the core components • Install a primary instance of the core components. Verify whether this instance is assigned the device management role for Android devices and iOS devices. By default, the setup application assigns this role to the first instance of the core components that you install in the domain, or to the first instance that you upgrade. • Choose a different computer to host the standby instance of the core components. Verify that this computer meets the appropriate system requirements. • When you install the standby instance, use the same service account that you used to install the primary instance, or a service account with the same permissions. 42 Installation Guide • Installing a standby instance of the core components It is a best practice to upgrade all BlackBerry 10 devices in your organization's environment to BlackBerry 10 OS version 10.1 or later. If device service fails over to the standby instance, you can continue to use the consoles to manage BlackBerry devices only if the devices use BlackBerry 10 OS version 10.1 or later. If the devices use an earlier version of the BlackBerry 10 OS or the BlackBerry PlayBook OS, the devices cannot connect to the Enterprise Management Web Service of the new primary instance (formerly the standby instance). As a result, you cannot manage the devices from the consoles until you perform one of the following actions: • Manually fail over device service back to the initial primary instance. • Move the user account and any associated devices to another high availability pair in the domain. • Activate the devices again. Install a standby instance of the core components When you install a standby instance of the core components, the setup application associates the components on the standby instance with the components on the primary instance. You can view and change settings for the standby components using the BlackBerry Administration Service. 1. Log in to the computer that you want to install the standby instance on using a service account with the correct permissions. The service account runs the BlackBerry Enterprise Service 10 services. 2. In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and requests permission for setup.exe to make changes to the computer, click Yes. 3. Review the Windows account information that will be used to install the standby instance. Click Continue Installation. 4. In the License agreement dialog box, perform the following actions: • In the Customer information section, specify information for your organization and select your country or region. • In the License agreement section, read the license agreement. Select I accept the terms of the license agreement. • Click Next. 5. In the Setup type dialog box, select Use an existing BlackBerry Enterprise Service 10 domain. 6. Click Next. 7. In the Database information dialog box, perform the following actions: • In the Microsoft SQL Server name field, type the name of the computer that hosts the database server. • In the Database name field, type the name of the BlackBerry Configuration Database that is associated with the primary instance. 43 Installation Guide 8. 9. Installing a standby instance of the core components • If you configured the database server to use static ports, select the Static option. If the static port number is not 1433, in the Port field, type the port number. • By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service 10 databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQL Server account. • Click Next. In the Setup options dialog box, perform the following actions: • Select Install the BlackBerry Enterprise Service 10 core components. • Select Install the BlackBerry Enterprise Service 10 core components as a standby instance and associate it with a primary instance for high availability. In the drop-down list, click the primary instance. • Click Next. In the Preinstallation checklist dialog box, read and verify the information. Click Next. 10. In the Accounts and folders dialog box, in the Password field, type the password for the service account that you used in step 1. 11. Click Next. 12. In the Summary dialog box, verify that the information is correct. Click Install. 13. When the installation process completes, click Next. 14. In the Core Module Information dialog box, if necessary, change the port numbers in the Website information section and Port settings section. Click Next. 15. In the Communication Module information dialog box, if necessary, change the port number in the Website information section. Click Next. 16. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry Enterprise Service 10 services start automatically. When all the services are running, click Next. Note: The BlackBerry Web Services, BlackBerry Work Connect Notification Service, and the Enterprise Management Web Service do not start automatically. These services are designed to start after device service fails over to the standby instance. 17. In the Console addresses dialog box, click Finish. By default, the setup application exports the BlackBerry Enterprise Service 10 web addresses to a .txt file. By default, the primary instance is configured to fail over automatically if any of the health parameters above the failover threshold become unhealthy. For automatic failover to succeed, on the standby instance, the health parameters above the promotion threshold must be healthy. Note: If you change the listening port for Microsoft SQL Server to a custom port, and you update the port value on the primary instance using the BES10 Configuration Tool, the standby instance is not updated with the new port value and cannot connect to Microsoft SQL Server. After you finish: • Restart the computer that hosts the primary instance. 44 Installation Guide Installing a standby instance of the core components • Restart the computer that hosts the standby instance. • If you have additional primary instances in your domain and you want to configure additional high availability pairs, repeat this task as required. Post-installation tasks Perform the following tasks, as required, after you install a standby instance. Instructions can be found in the appropriate sections of the BlackBerry Enterprise Service 10 Configuration Guide. • If you want to manage iOS devices in your organization's domain, you must obtain an APNs certificate and upload it to the primary instance and the standby instance. • If the domain will support work space-enabled iOS devices, enable the Secure Work Space and configure the standby instance to support email notifications. • If necessary, specify the same proxy mappings for the BlackBerry MDS Connection Service and Enterprise Management Web Service on the primary instance and the standby instance. • Using the BlackBerry Administration Service, you can change the log file path for any instance of the core components in the domain. If you change the log file path for one instance in a high availability pair, for consistency, you can change the log file path for the other instance. Note: If you uninstall a high availability pair, and then you install new instances that will use the same databases, the setup application tries to install the second instance of the core components as a standby instance. If you do not want the setup application to install the second instance as a standby, use the BlackBerry Administration Service to remove the high availability pair from the databases before you install the new instances. 45 Installation Guide Installing a standalone BlackBerry Router Installing a standalone BlackBerry Router 8 The BlackBerry Router is designed so that you can install it outside your organization's firewall in the DMZ. The BlackBerry Router connects to the Internet to send data between the BlackBerry Device Service and BlackBerry devices using the BlackBerry Infrastructure. The BlackBerry Router is an optional component. If you choose to install the BlackBerry Router, you must install it on a computer that does not host a BlackBerry Enterprise Service 10 instance or any BlackBerry Enterprise Service 10 components. The setup application installs the BlackBerry Router and the BlackBerry Controller, which monitors the BlackBerry Router and restarts it if it stops responding. Determining which service account to use to install and run the BlackBerry Router You can install the BlackBerry Router and run the BlackBerry Router service using any service account that has local administrator permissions on the computer that you want to install the BlackBerry Router on. The computer that hosts the BlackBerry Router requires a valid DNS suffix and a multisegment host name. On the computer that you want to install the BlackBerry Router on, you must verify that the following permissions are configured for the service account that you want to use (the permissions are part of the Local Security Policy): • Allow log on locally (if not assigned by default) • Log on as a service Install a standalone BlackBerry Router A standalone BlackBerry Router is a BlackBerry Router that is hosted by a computer that does not host any other BlackBerry Enterprise Service 10 components except the BlackBerry Controller. The BlackBerry Controller monitors the BlackBerry Router and restarts it if it stops responding. 46 Installation Guide Installing a standalone BlackBerry Router Note: You cannot manage the BlackBerry Controller that monitors a standalone BlackBerry Router in the BlackBerry Administration Service. You must manage the BlackBerry Controller in the BES10 Configuration Tool on the computer that hosts the standalone BlackBerry Router. Before you begin: Verify that the service account that you use to install the BlackBerry Router has local administrator permissions on the computer that you perform the installation process on. 1. Log in to the computer that you want to install the BlackBerry Router on using the service account that you want to use to run the BlackBerry Router service. 2. In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears and requests permission for setup.exe to make changes to the computer, click Yes. 3. Review the information for the account that you used to log in. To use this account to run the BlackBerry Router service, click Continue Installation. 4. In the License agreement dialog box, perform the following actions: a. In the Customer information section, specify information for your organization and select your country or region. b. In the License agreement section, read the license agreement. To accept the license agreement, select I accept the terms of the license agreement. c. Click Next. 5. In the Setup type dialog box, select Install a standalone BlackBerry Router. Click Next. 6. In the Preinstallation checklist dialog box, read and verify the information. Click Next. 7. In the Accounts and folders dialog box, perform the following actions: a. In the Password field, type the password for the service account that you used in step 1. b. If necessary, change the location of the installation folder and log-file folder. c. Click Next. 8. In the Summary dialog box, verify that the information is correct. Click Install. 9. In the Installation dialog box, when the installation status is complete for all items, click Next. 10. In the SRP information dialog box, in the SRP host section, perform the following actions: a. If necessary, change the SRP address and port number for the BlackBerry Infrastructure. The default port number is 3101 and the default host name is determined by your country or region. b. Click Verify to verify that the information is correct. c. Click Next. 11. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry Enterprise Service 10 services start automatically. When all the services are running, click Next. 47 Installation Guide Installing a standalone BlackBerry Router Connecting to the BlackBerry Router The BlackBerry Router manages the connection to the BlackBerry Infrastructure for the BlackBerry Device Service. If you installed a standalone BlackBerry Router, you must permit the BlackBerry Dispatcher that you installed with the BlackBerry Enterprise Service 10 core components to connect to the BlackBerry Router. You can configure one or more BlackBerry Dispatcher instances to use the same SRP address and connect to the BlackBerry Router. Connect the BlackBerry Device Service to the BlackBerry Router 1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > BlackBerry Device Service. 2. Click the BlackBerry Device Service that you want to assign the BlackBerry Router to. 3. Click Edit instance. 4. In the SRP addresses section, type the FQDN of the computer that hosts the BlackBerry Router. 5. If the BlackBerry Dispatcher instance uses a port number other than port number 3101 to open connections to the BlackBerry Router, in the Port override field, type the port number. 6. Click the Add icon. 7. Click the Delete icon beside the SRP address for the BlackBerry Infrastructure. 8. Click Save all. 9. Restart the BlackBerry Device Service using one of the following methods: 48 • Click Restart instance. • In the Windows Services, restart the BlackBerry Dispatcher service. Installation Guide Postinstallation tasks Postinstallation tasks 9 Test the BlackBerry Enterprise Service 10 installation 1. In the Windows Services, verify that the services for BlackBerry Enterprise Service 10 are running. 2. In the Windows Event Viewer and log files that are located in <drive>:\Program Files (x86)\Research In Motion \BlackBerry Enterprise Service 10\Logs, check for error messages. 3. In Microsoft IIS, check that the websites for the Core Module and Communication Module are started. 4. Add a test user account in the BlackBerry Device Service console and the Universal Device Service console. If you can add a test user account, the connection from BlackBerry Enterprise Service 10 to the BlackBerry Enterprise Service 10 databases is open. 5. For the BlackBerry MDS Connection Service, browse to http://<server_name>:9080, where <server_name> is the name of the computer that hosts the BlackBerry Enterprise Service 10 core components. If the status page appears, the BlackBerry MDS Connection Service is running. After you finish: For troubleshooting information, visit www.blackberry.com/support. Test the connection to the BlackBerry Infrastructure To make sure that the BlackBerry Dispatcher or BlackBerry Router can connect to the BlackBerry Infrastructure, you can test the connection using the BBSRPTest tool that is included with the BlackBerry Enterprise Service 10 installation files. The BBSRPTest tool tries to connect to the BlackBerry Infrastructure using the SRP address and SRP port number that you specified for the BlackBerry Infrastructure during the installation process. Before you begin: Verify that the BlackBerry Enterprise Service 10 installation files are on the computer that you want to test the connection from. 49 Installation Guide Postinstallation tasks 1. Log in to the computer that you want to test the connection from. If you installed a standalone BlackBerry Router, test the connection from the computer that hosts the BlackBerry Router. Otherwise, test the connection from the computer that hosts the BlackBerry Enterprise Service 10 core components. 2. Open a command prompt window. 3. Change the directory to <installation_files>\Tools. 4. Type bbsrptest.exe -host <srp_address> -port <port>, where <srp_address> is the SRP address that you specified during the installation process and <port> is the SRP port number. For example, at the command line, type bbsrptest.exe -host server1.example.com -port 3101. 5. Press ENTER. After you finish: If the test does not complete, use the Windows Sockets (also known as WINSOCK) error code to diagnose the problem. For more information, visit msdn.microsoft.com to read about Windows Sockets error codes. Best practice: Running BlackBerry Enterprise Service 10 Best practice Description Do not change the startup type for the BlackBerry Enterprise Service 10 services. When you install or upgrade BlackBerry Enterprise Service 10, the setup application configures the startup type for the BlackBerry Enterprise Service 10 services as either automatic or manual. To avoid errors in BlackBerry Enterprise Service 10, do not change the startup type for the BlackBerry Enterprise Service 10 services. Do not change the account information When you install or upgrade BlackBerry Enterprise Service 10, the setup for the BlackBerry Enterprise Service 10 application configures the account information for the BlackBerry Enterprise services. Service 10 services. Do not change the account information for BlackBerry Enterprise Service 10 unless the BlackBerry Enterprise Service 10 documentation specifies that you can. 50 Installation Guide Postinstallation tasks Configuring database permissions using Microsoft SQL Server roles The setup application requires the service account or Microsoft SQL Server account that it uses during the installation or upgrade process to have permissions on the database server to create or upgrade the BlackBerry Enterprise Service 10 databases. After the installation or upgrade process completes, you can change the database permissions for the service account or Microsoft SQL Server account to the minimum permissions that BlackBerry Enterprise Service 10 requires to run. When you change the database permissions, you can use Microsoft SQL Server security to minimize the operations that the service account or Microsoft SQL Server account can perform on the BlackBerry Enterprise Service 10 databases. The following table describes the Microsoft SQL Server roles that are required by the setup application and BlackBerry Enterprise Service 10. Database role Description db_owner The setup application or the CreateDB executable automatically adds the account that you use to create the BlackBerry Enterprise Service 10 databases to this role. This role contains the minimum permissions that the setup application requires to upgrade the BlackBerry Configuration Database and the Management Database. rim_db_bes_server The setup application or the CreateDB executable automatically creates this role when it creates the BlackBerry Configuration Database. This role contains the minimum permissions that BlackBerry Enterprise Service 10 requires to perform necessary operations on the BlackBerry Configuration Database. rim_db_uds_server The setup application or the CreateDB executable automatically creates this role when it creates the Management Database. This role contains the minimum permissions that BlackBerry Enterprise Service 10 requires to perform necessary operations on the Management Database. 51 Installation Guide Postinstallation tasks Configure minimum database permissions for the service account or Microsoft SQL Server account You can configure minimum database permissions for the service account or Microsoft SQL Server account that BlackBerry Enterprise Service 10 uses to connect to the BlackBerry Enterprise Service 10 databases. Before you begin: Add a different Windows account or Microsoft SQL Server account to the db_owner database role for the BlackBerry Configuration Database and the Management Database. 1. Open the Microsoft SQL Server Management Studio. 2. Expand Microsoft SQL Server > Security > Logins. 3. Right-click the service account or Microsoft SQL Server account and click Properties. 4. Click User Mapping and select the BlackBerry Configuration Database. 5. In the Database role membership section, select rim_db_bes_server. 6. Remove all other database role memberships except public. 7. Select the Management Database. 8. In the Database role membership section, select rim_db_uds_server. 9. Remove all other database role memberships except public. 10. Click OK. 52 Installation Guide Removing the BlackBerry Enterprise Service 10 software Removing the BlackBerry Enterprise Service 10 software 10 You can use the uninstall application to remove the BlackBerry Enterprise Service 10 software from a computer that hosts BlackBerry Enterprise Service 10. The uninstall application can also remove the log files for the existing installation. The uninstall application does not remove the BlackBerry Enterprise Service 10 databases from the database server and it does not remove the database instance that hosts the BlackBerry Enterprise Service 10 databases. Remove the BlackBerry Enterprise Service 10 software 1. On the taskbar, click Start > Control Panel. 2. Click Uninstall a program. 3. Click BlackBerry Enterprise Service 10. 4. Click Uninstall. 5. If the uninstall application prompts you to restart the computer to finish removing the BlackBerry Enterprise Service 10 software, click OK. After you finish: You can remove third-party software that the setup application installed during the BlackBerry Enterprise Service 10 installation process (for example, you can remove the JRE software from the computer). 53 Installation Guide Product documentation Product documentation 11 To read the following guides or other related materials, visit docs.blackberry.com/BES10. Category Resource Description Overview Introduction to BlackBerry Enterprise Service 10 • Quick, visual introduction to BlackBerry Enterprise Service 10 at a high level What's New in BlackBerry Enterprise Service 10 Quick Reference • Summary of new features, enhancements, and updates in BlackBerry Enterprise Service 10 BlackBerry Enterprise Service 10 Product Overview • Introduction to BlackBerry Enterprise Service 10 and its features • Finding your way through the documentation • Architecture Enterprise Solution Comparison • Chart Comparison of what features are available across different BlackBerry enterprise solutions Supported Features by Device Type • Comparison of what features are supported for each type of device in BlackBerry Enterprise Service 10 BlackBerry Enterprise Service 10 Architecture and Data Flow Quick Reference Guide • Descriptions of BlackBerry Enterprise Service 10 components • Descriptions of activation and email data flows for different types of devices Release notes BlackBerry Enterprise Service 10 Release Notes • Descriptions of known issues and potential workarounds Installation and upgrade BlackBerry Enterprise Service 10 Compatibility Matrix • Software that is compatible with BlackBerry Enterprise Service 10 54 Installation Guide Category Configuration Product documentation Resource Description BlackBerry Enterprise Service 10 Performance Calculator • Tool to estimate the hardware required to support a given workload for BlackBerry Enterprise Service 10 BlackBerry Enterprise Service 10 Installation Guide • System requirements • Installation instructions BlackBerry Enterprise Service 10 Upgrade Guide • System requirements • Upgrade instructions BlackBerry Enterprise Service 10 Licensing Guide • Descriptions of different types of licenses • Instructions for activating and managing licenses in BlackBerry Management Studio • Instructions for how to configure server components before you start administering users and their devices BlackBerry Enterprise Service 10 Configuration Guide Administration BlackBerry Management Studio • Basic Administration Guide Basic administration for all supported device types, including BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS devices, Android devices, and BlackBerry 7.1 and earlier devices • Instructions for creating and managing user accounts in multiple Services • Instructions for managing multiple devices for each user account BlackBerry Device Service • Advanced Administration Guide Advanced administration for BlackBerry 10 devices and BlackBerry PlayBook tablets • Instructions for creating user accounts, groups, roles, and administrator accounts • Instructions for activating devices • Instructions for creating and sending IT policies and profiles • Instructions for managing apps on devices Universal Device Service • Advanced Administration Guide Advanced administration for iOS and Android devices 55 Installation Guide Category Security Product documentation Resource • Instructions for creating user accounts, groups, and administrator accounts • Instructions for activating devices • Instructions for creating and sending IT policies and profiles • Instructions for managing apps on devices • Descriptions of IT policy rules for iOS and Android devices BlackBerry Device Service Policy Reference Spreadsheet • Descriptions of IT policy rules for BlackBerry 10 devices and BlackBerry PlayBook tablets BlackBerry Device Service Solution Security Technical Overview • Description of the security maintained by the BlackBerry Device Service, BlackBerry Infrastructure, and BlackBerry 10 devices and BlackBerry PlayBook tablets to protect data and connections • Description of the BlackBerry 10 OS • Description of the BlackBerry PlayBook OS • Description of how work data is protected on BlackBerry 10 devices and BlackBerry PlayBook tablets when you use the BlackBerry Device Service • Description of the security maintained by the Universal Device Service, BlackBerry Infrastructure, and work spaceenabled devices to protect work space data at rest and in transit • Description of how work space apps are protected on work space-enabled devices when you use the Universal Device Service Secure Work Space for iOS and Android Security Note 56 Description Installation Guide Glossary Glossary 12 APNs Apple Push Notification service BlackBerry Enterprise Service 10 databases The BlackBerry Enterprise Service 10 databases are the BlackBerry Configuration Database (associated with the BlackBerry Device Service) and the Management Database (associated with the Universal Device Service). By default, the databases are named BDSMgmt and BDSMgmt_UDS, respectively, when you install BlackBerry Enterprise Service 10. BlackBerry Enterprise Service 10 domain A BlackBerry Enterprise Service 10 domain consists of the BlackBerry Enterprise Service 10 databases and any BlackBerry Enterprise Service 10 instances that connect to them. BlackBerry MDS BlackBerry Mobile Data System CSR certificate signing request DMZ A demilitarized zone (DMZ) is a neutral subnetwork outside of an organization's firewall. It exists between the trusted LAN of the organization and the untrusted external wireless network and public Internet. DNS Domain Name System FQDN fully qualified domain name HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol over Secure Sockets Layer IIS Internet Information Services IKE Internet Key Exchange IP Internet Protocol IP address An Internet Protocol (IP) address is an identification number that each computer or mobile device uses when it sends or receives information over a network, such as the Internet. This identification number identifies the specific computer or mobile device on the network. IPsec Internet Protocol Security JRE Java Runtime Environment LAN local area network LDAP Lightweight Directory Access Protocol 57 Installation Guide Glossary NIC network interface card RRAS Routing and Remote Access service SMTP Simple Mail Transfer Protocol SRP Server Routing Protocol SSL Secure Sockets Layer TCP Transmission Control Protocol TLS Transport Layer Security VPN virtual private network WebDAV Web Distributed Authoring and Versioning XML Extensible Markup Language 58 Installation Guide Legal notice Legal notice 13 ©2014 BlackBerry. All rights reserved. BlackBerry® and related trademarks, names, and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. Apple is a trademark of Apple Inc. Check Point is a trademark of Check Point Software Technologies Ltd. Cisco, Cisco IOS, and PIX are trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. iOS is a trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. iOS® is used under license by Apple Inc. Android is a trademark of Google Inc. Intel and Xeon are trademarks of Intel Corporation. Juniper and NetScreen are trademarks of Juniper Networks, Inc. Microsoft, ActiveSync, Active Directory, ActiveX, Hyper-V, Internet Explorer, SQL Server, Windows, Windows PowerShell, and Windows Server are trademarks of Microsoft Corporation. Java, JavaScript, and JRE are trademarks of Oracle and/or its affiliates. VMware is a trademark of VMware, Inc. Wi-Fi is a trademark of the Wi-Fi Alliance. All other trademarks are the property of their respective owners. This documentation including all documentation incorporated by reference herein such as documentation provided or made available at www.blackberry.com/go/docs is provided or made accessible "AS IS" and "AS AVAILABLE" and without condition, endorsement, guarantee, representation, or warranty of any kind by BlackBerry Limited and its affiliated companies ("BlackBerry") and BlackBerry assumes no responsibility for any typographical, technical, or other inaccuracies, errors, or omissions in this documentation. In order to protect BlackBerry proprietary and confidential information and/or trade secrets, this documentation may describe some aspects of BlackBerry technology in generalized terms. BlackBerry reserves the right to periodically change information that is contained in this documentation; however, BlackBerry makes no commitment to provide any such changes, updates, enhancements, or other additions to this documentation to you in a timely manner or at all. This documentation might contain references to third-party sources of information, hardware or software, products or services including components and content such as content protected by copyright and/or third-party websites (collectively the "Third Party Products and Services"). BlackBerry does not control, and is not responsible for, any Third Party Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. The inclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement by BlackBerry of the Third Party Products and Services or the third party in any way. EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS OR WARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLE QUALITY, NON-INFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR A COURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE OR PROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THE DOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, ARE 59 Installation Guide Legal notice HEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEM THAT IS THE SUBJECT OF THE CLAIM. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALL BLACKBERRY BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, OR PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWING DAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATED DAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OF DATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED IN CONJUNCTION WITH BLACKBERRY PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF BLACKBERRY PRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS, COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES, WHETHER OR NOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF BLACKBERRY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, BLACKBERRY SHALL HAVE NO OTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANY LIABILITY FOR NEGLIGENCE OR STRICT LIABILITY. THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THE CAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTAL BREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDY CONTAINED HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS, AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSO INCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENT CONTRACTORS. IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR, EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF BLACKBERRY OR ANY AFFILIATES OF BLACKBERRY HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION. Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure that your airtime service provider has agreed to support all of their features. Some airtime service providers might not offer Internet browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider for availability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services with BlackBerry's products and services may require one or more patent, trademark, copyright, or other licenses in order to avoid infringement or violation of third party rights. You are solely responsible for determining whether to use Third Party Products and Services and if any third party licenses are required to do so. If required you are responsible for acquiring them. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. Any Third Party Products and Services that are provided with BlackBerry's products and services are provided as a convenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees, representations, or warranties of any kind by BlackBerry and BlackBerry assumes no liability whatsoever, in relation thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms of 60 Installation Guide Legal notice separate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by a license or other agreement with BlackBerry. Certain features outlined in this documentation require a minimum version of BlackBerry Enterprise Server, BlackBerry Desktop Software, and/or BlackBerry Device Software. The terms of use of any BlackBerry product or service are set out in a separate license or other agreement with BlackBerry applicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTEN AGREEMENTS OR WARRANTIES PROVIDED BY BLACKBERRY FOR PORTIONS OF ANY BLACKBERRY PRODUCT OR SERVICE OTHER THAN THIS DOCUMENTATION. BlackBerry Limited 2200 University Avenue East Waterloo, Ontario Canada N2K 0A7 BlackBerry UK Limited 200 Bath Road Slough, Berkshire SL1 3XE United Kingdom Published in Canada 61
© Copyright 2024