What is good about BlackBerry and why are bosses choosing it?

In the West, BlackBerry is considered almost the No. 1 smartphone for business, but it is almost unknown in our country.

The reason is that BlackBerry is not just a “dialer”, but a whole combination of services and hardware for secure real-time synchronization of personal or corporate data .

The BlackBerry has a high level of security out of the box and the corresponding global infrastructure integrated with the network of the cellular operator.
')
Details under the cut.

History tour

Iron and software makes “Research in Motion” - a major telecommunications company from Canada. It was founded in 1984 by Mike Lazaridis. First, Mike experimented several years with different directions, and then concentrated only on mobile data transfer technologies. In 1999, the first BlackBerry appeared, which at first was just a beautiful pager, and then became a modern business smartphone.

The history of BlackBerry in Russia begins in 2005, when the first ideas about launching the service were announced. They, however, could not be put into practice due to the lack of coordination by law enforcement agencies. Only in 2008, Beeline launched a service that met the requirements of regulatory authorities and the wishes of customers. Work is underway to expand the functionality available in the Russian Federation.

Services

Currently there are two main types of services: BIS (personal) and BES (for corporate use only).

BlackBerry Internet Service - BIS is a solution aimed primarily at individuals. This is realtime push synchronization, traffic compression and privacy. For simplicity, it was also liked by some corporate users. It will perfectly work with any corporate mail server, on which it is possible to work with external clients using standard mail protocols. In the case of Exchange, BIS can be integrated via the OWA interface. When connecting Google and Yahoo mailboxes, additional functionality of address book and calendar synchronization appears.

Beeline provides two types of BIS services: regular, which includes only unlimited email traffic, and “all inclusive” (more expensive), which also includes BIS-browsing.

Blackberry Enterprise Server - BES - designed for a centralized secure connection between the corporate mail server, wireless carrier network and Blackberry smartphones. It should be noted that the BlackBerry was primarily created and developed to work with a corporate user, and in the course of its evolution, it was optimized specifically for business needs. BES provides secure and easy access to corporate information and applications. It also contains a set of tools that provide IT department employees with the ability to centrally and conveniently manage a Blackberry solution. Integrates with MS Exchange and IBM Lotus Domino mail servers.

BES is:

• Wireless email sync,
• Wireless synchronization of the organizer (contacts, calendar, tasks, etc.),
• Search in the corporate address book,
• Access to corporate data (Intranet, File Sharing),
• Advanced Security Settings
• The ability to wirelessly apply IT policies to smartphones,
• Organization of remote access from smartphones to various corporate applications (CRM, SFA, ERP and others),
• Easy installation and administration (server deployment is done by a partner company, usually takes about 3 hours to complete).

BlackBerry Enterprise Server Express - BESx - has all the important advantages and the main features of BES, however, it is simpler to install and less demanding on system resources (to the extent that it can be installed directly on the mail server). Being, in fact, a “lightweight” version of BES, it does not have some BES-integrated services (for example, the Collaboration service, through which you can extend the functionality of the corporate instant messaging service to users ’smartphones), contains a smaller number of available IT policies. At the same time, its undeniable advantage is the absence of the need to purchase user licenses, in contrast to the full version of BES. By the way, in my opinion, BESx is the best choice for 90% of corporate clients. Despite the fact that it is positioned as a product for the SME segment, it is also suitable for most large corporations.

BES and BESx is the name of the server software. The service implies the presence of a server part on the client’s site: both versions of BES are supplied by us in the form of a software and hardware complex. To reduce capital costs, three types of complexes were created, differing in the content of the hardware component. The first is a complete solution that includes a physical server that meets a specific specification, special hardware and software, an operating system, and BES software. The second is a solution for customers who have free server capacity; only BES software and special software and hardware are supplied to such customers. The third one was created for clients whose IT infrastructure uses virtualization (Hyper-V or VMware).

Depending on the type of BES and the chosen complex, the cost of service delivery varies. So, 1 + BES is the most expensive, 3 + BESx is the most economical.

Hosted Blackberry Enterprise Service - Hosted BES is a solution for customers who do not want to install and administer a BES server within the corporate infrastructure. The server is located remotely, on the Beeline site, and is administered by our IT specialists. This option has several specific advantages:

• Full access to the functionality of the Blackberry corporate solution, as if it were physically implemented in the company,
• Outsourcing (no need for IT administrator allocation),
• The minimum cost and implementation time,
• Direct integration of the hosting solution with the existing infrastructure of the company.

A set of BlackBerry services can be reflected in the following diagram (with a possible division by business scale):



Here in the table you can compare different solutions.

How it works

BlackBerry is a complete service solution. Without a special communication service at the mobile operator, the smartphone simply cannot function normally, as it will not have the opportunity to interact with the global infrastructure BB. The presence of this service makes it possible for the apparatus to participate in the process of provisioning. This is the process of determining the rights of a Blackberry device to access certain services. In the process of provisioning, activation, modification, control and blocking can be performed.

This can be expressed in such tasks as activating a specific BlackBerry device, assigning a specific set of parameters for subsequent standard activations, updating information in the RIM billing system.

The diagram below shows the BlackBerry Provisioning System nodes and the interactions between them. The key node is the BlackBerry Infrastructure (BBI), which interacts with devices directly and through other nodes in the system.



One of the main goals of provisioning is to ensure the normal operation of the smartphone. Roughly speaking, immediately out of the box all BB devices are the same. They are given a certain set of functions only after successful registration in the network, interaction with the system of provisioning and obtaining the necessary set of service books.

Service book - a configuration file that is sent to the device and contains information regarding a particular service or function. For example, the BlackBerry Internet Browsing Service [BrowserConfig] service book contains information about the Internet Browser application, including the settings for an access point, home page, default bookmarks.

The process of provisioning always happens when: the device is first registered in the wireless network, a new SIM card is installed in the device, the option “register now” is selected in the device settings (parameter settings - advanced parameters - node routing table), device firmware is updated, rolled back or reinstalled .

Let us consider an example of a new connection. The user bought the device and the SIM card to which one or another BlackBerry service was connected. With the connection of the service on the SIM card, the device gets the opportunity to build a packet connection via the access point blackberry.net (for almost all BB smartphones it is the default access point). All traffic from this access point is routed by the operator towards the BBI. In parallel with this, a command enters the production system from the billing system of the telecom operator, with information on which specific communication service was connected to the user, and what set of BB functions should correspond to it. Meanwhile, the smartphone has already built an active connection through blackberry.net and sends a request to BBI about which set of services is available to it. In the production system, this device is identified in conjunction with the service provider and the connected service, and through the Service Book Pushing node the necessary settings packages that correspond to the selected service type are sent to the device.

The device informs about the successful creation of the connection before the BBI by a special indication of the registration icon on the mobile operator’s network (large letters EDGE / GPRS or a berry icon near 3G).

Infrastructure

And now we will consider the scenario of sending an e-mail from user A to company A to user B to company B. In this scenario, email is synchronized when purchasing a BES (BESx) solution. Other solutions work by analogy.



So, user A creates a letter on the machine. Before sending a message to the network, the device encrypts and compresses the message. The mobile operator routes this message in the direction of the BBI, and there, in turn, the membership of this particular device is determined by the specific BES server. Company A's BES server picks up the e-mail message, decrypts it and unpacks it, and sends it to user B of company B via a privileged user in the mail system (endowed with send as rights). Then, mail server A sends a letter to user B of company B. BES server of company B (via the privileged user in the mail system, which has access rights to the user B box) retrieves this message from the mailbox, encrypts and compresses it and sends it to the BBI. From there, this message is pushed to the device of user B, where it is opened and decoded, and then displayed on the smartphone's display.

Russian reality

Separately, I would like to discuss the most burning issue of the implementation of this functionality in Russia. RIM has created a well-deserved reputation as a highly secure solution around it over the course of its long life and development. On many occasions, the company had to take part in fights around this decision at the level of state security services. However, the company has never allowed its customers to question the security of BlackBerry services. But in Russia, this reputation has played a cruel joke with RIM.

Attention, paranoid! It is no secret that we are all "under the hood" and tireless control, in some country more, in some less. But this control does not go beyond the law - there are a lot of legal acts, the requirements of which we, as a telecom operator, must comply with. For this reason, a product that is supplied in one form worldwide, in Russia, comes with an additional solution that provides the possibility of control by State Security Service employees. For this reason, we have to additionally supply special software and hardware for each server. For this reason, the BESx server, distributed worldwide for free, is sold to us. For the same reason, we cannot connect the service to our SIM cards if the devices are planned to be connected to BES located abroad. For this reason, smartphones officially imported into the territory of the Russian Federation are so far deprived of certain functions, and so on.

With all this, it also remains a mystery to me why many people express concern that the state security organs can read his mail, but at the same time a much smaller number of people worry that the same “people in uniform” can listen to their telephone conversations. Firstly, no one constantly reads or listens to anything, but only has a set of technical means to do this in the case of, for example, a terrorist threat. Secondly, these very technical means are applied only in accordance with the law, that is, it implies the existence of special grounds and permits (for example, a court decision). Thirdly, the system provides a very high level of protection against competitive intelligence, which, in theory, can only provide their own expensive IT solutions (which still need to be certified and also provide them with the ability to control - otherwise it will be an article).

Anticipating the majority of questions from readers, I want to say that before launching the service in Russia, we had two options: to do as much as possible, and to constantly improve the decision or not to do anything at all. In the second case, our users would never have been able to take advantage of the possibilities of a solution that has firmly won a place for itself under the sun all over the world.

Total

BlackBerry is better than a spherical phone in a vacuum by the fact that it has “out of the box” a properly configured protection, plus, again, out of the box it is ready to work with corporate services. As for security, it provides one of the best levels of privacy in the field of ready-made solutions.