BES 10: welcome to complexity
"There are more things to 'worry' about," Wilson says. The changes include opening new firewall ports, setting up and managing new certificates, creating and maintaining databases for device configuration. Some of these changes are simple checklists. But how easy it ultimately is may hinge on the level of "IT maturity" with regard to mobility, according to Haviland. So some companies may need to create a mobility strategy first, to guide mobile decision-making. Others may need to create unified deployment teams that bring together IT managers and line-of-business manager to relate mobile technology to business goals.
One big advantage in adding the BES 10 servers is that, together, they let you manage a multi-vendor mobile environment by means of a single management console, across three different groups of devices: existing BlackBerry devices via BES 5, BlackBerry 10 devices via the BDS (BlackBerry Device Service), and iOS and Android via UDS (Universal Device Service). There's a companion native app that lets iOS or Android devices connect to BES 10 for device management and control.
BES 10 also supports both SSL certificates for traffic on Port 443 of the corporate firewall and another certificate specific to Apple iOS: Apple Push Notification Service (APNS).
Another change is that for the first time, BES 10 leverages Microsoft EAS (Exchange ActiveSync) for email, calendaring and other personal information synchronization. That introduces some new things to think about, says Wilson.
"When I toggle that attribute to turn on EAS for a user, how do I make sure that the user can't bring in any device and connect to it?" he asks. "EAS is nothing more than a transport that sits on Microsoft IIS [Internet Information Server]. You're configuring that service to talk not only with BlackBerry Device Service but also you are telling EAS not to accept a request from anyone outside of that service or Universal Device Service."
With BES 10, administrators are now faced with setting up and maintaining three configuration databases, one each for BES 5, for BDS and UDS. BlackBerry provides installation scripts to support initial setup. "It's how these [databases] scale that can sometimes cause trouble," Wilson says. Figuring out how many BES 10 servers one needs for a given user population may be a trial and error process.
Expect a few BES 10 gaps ... for now
Until May, with the next major release of BES 10, these databases don't have built-in failover capability. "That's a challenge right now for enterprise," Wilson says. "But that is going to be fully baked-into the software."
Another missing feature: the ability to "mass configure" large numbers of handheld devices, as used to be possible with older BlackBerry devices. Vox, for example, created its own software program to automate configuring and imaging the traditional BlackBerry devices. But with the new platforms -- Android, iOS, BlackBerry 10 -- this capability is missing, says Jim Haviland. "For these, you're taking about 20-45 minutes per device to get it all boxed and ready to ship to an end user," he says. "It will be similar for BlackBerry 10 devices."
BlackBerry Balance is being pushed as a major feature "baked into" each BB10 device, allowing administrators to set up a secure space for corporate apps and data. Users with a gesture can switch between work space and personal space. "It's genuinely painless," to set up and use, according to Wilson.
"Given where it's come from, the BlackBerry software is mature," says Wilson. "With the May BES 10 upgrade release, for a BlackBerry shop it's a very compelling product."
John Cox covers wireless networking and mobile computing for Network World. Twitter: @johnwcoxnww Email: firstname.lastname@example.org
Read more about anti-malware in Network World's Anti-malware section.