blackberry enterprise service 10-10.2-installation...

BlackBerry Enterprise Service 10Version: 10.2

Inst

alla

tion

Gui

de

Published: 2015-08-17SWD-20150817115607897

Contents1 About this guide................................................................................................................................52 What is BlackBerry Enterprise Service 10?........................................................................................ 6

Key features of BlackBerry Enterprise Service 10..................................................................................................................6

3 Planning a BlackBerry Enterprise Service 10 installation................................................................... 8Installing all BlackBerry Enterprise Service 10 components on one computer....................................................................... 8

Installing the BlackBerry Enterprise Service 10 core components......................................................................................... 9

Installing the BlackBerry Enterprise Service 10 consoles.......................................................................................................9

4 Requirements.................................................................................................................................11System requirements: Your organization's environment...................................................................................................... 11

System requirements: Firewall.....................................................................................................................................12

System requirements: VPN hardware...........................................................................................................................12

Hardware requirements..................................................................................................................................................... 13

Log files...................................................................................................................................................................... 13

Projected database growth.......................................................................................................................................... 13

Hardware requirements: BlackBerry Enterprise Service 10.......................................................................................... 13

Hardware requirements: BlackBerry Router.................................................................................................................16

Hardware requirements: BlackBerry Collaboration Service.......................................................................................... 16

Software requirements.......................................................................................................................................................17

Applications that are installed with BlackBerry Enterprise Service 10........................................................................... 17

Software requirements: BlackBerry Enterprise Service 10 core components................................................................ 18

Software requirements: Remote consoles.................................................................................................................... 19

Software requirements: BlackBerry Router.................................................................................................................. 19

Software requirements: Database server..................................................................................................................... 20

Software requirements: Browser..................................................................................................................................20

Installation considerations..................................................................................................................................................22

Supported features and environments......................................................................................................................... 22

Unsupported environments......................................................................................................................................... 23

5 Preinstallation tasks........................................................................................................................24Configuring ports for the external firewall............................................................................................................................24

Outbound ports: Managing BlackBerry devices............................................................................................................24

Outbound ports: Managing iOS and Android devices....................................................................................................25

Outbound ports: Device data....................................................................................................................................... 27

Outbound ports: Work space-enabled devices on a work Wi-Fi network........................................................................ 27

Configure permissions for the service account.................................................................................................................... 28

Manually register ASP.NET.................................................................................................................................................29

Configuring connections for the BlackBerry Enterprise Service 10 databases......................................................................30

Specifying database permissions to create the BlackBerry Enterprise Service 10 databases.........................................30

Create the BlackBerry Enterprise Service 10 databases............................................................................................... 30

DBMgmt.cfg properties............................................................................................................................................... 31

Remove the WebDAV Publishing role service...................................................................................................................... 32

Configuring a BlackBerry Administration Service pool.........................................................................................................33

Create a DNS record for each BlackBerry Administration Service instance in a pool......................................................33

6 Installing the BlackBerry Enterprise Service 10 software..................................................................35Prerequisites: Installing the BlackBerry Enterprise Service 10 software............................................................................... 35

Specifying a name for the BlackBerry Administration Service pool during the installation process........................................36

Install all BlackBerry Enterprise Service 10 components on one computer.......................................................................... 36

Installing BlackBerry Enterprise Service 10 components on separate computers................................................................ 39

Install the BlackBerry Enterprise Service 10 core components..................................................................................... 39

Install the BlackBerry Enterprise Service 10 consoles.................................................................................................. 41

7 Installing a standby instance of the core components...................................................................... 43Prerequisites: Installing a standby instance of the core components................................................................................... 43

Install a standby instance of the core components.............................................................................................................. 44

Post-installation tasks..................................................................................................................................................46

8 Installing a standalone BlackBerry Router....................................................................................... 47Determining which service account to use to install and run the BlackBerry Router............................................................. 47

Install a standalone BlackBerry Router............................................................................................................................... 47

Connecting to the BlackBerry Router..................................................................................................................................49

Connect the BlackBerry Device Service to the BlackBerry Router.................................................................................49

9 Postinstallation tasks...................................................................................................................... 50Test the BlackBerry Enterprise Service 10 installation.........................................................................................................50

Test the connection to the BlackBerry Infrastructure...........................................................................................................50

Best practice: Running BlackBerry Enterprise Service 10................................................................................................... 51

Disable unnecessary algorithms......................................................................................................................................... 51

Configuring database permissions using Microsoft SQL Server roles....................................................................................52

Configure minimum database permissions for the service account or Microsoft SQL Server account.............................53

10 Removing the BlackBerry Enterprise Service 10 software................................................................ 54Remove the BlackBerry Enterprise Service 10 software...................................................................................................... 54

11 Product documentation.................................................................................................................. 5512 Glossary......................................................................................................................................... 5813 Legal notice ................................................................................................................................... 60

About this guideBlackBerry Enterprise Service 10 helps you manage BlackBerry devices, Android devices, and iOS devices for yourorganization. This guide provides instructions on how to install BlackBerry Enterprise Service 10.

This guide is intended for senior IT professionals who are responsible for installing the product. After you complete thetasks in this guide, you must activate licenses and configure your BlackBerry Enterprise Service 10. You can findinstructions for activating licenses in the BlackBerry Enterprise Service 10 Licensing Guide. You can find instructions onconfiguring BlackBerry Enterprise Service 10 in the BlackBerry Enterprise Service 10 Configuration Guide.

1

Installation Guide About this guide

5

What is BlackBerry EnterpriseService 10?BlackBerry Enterprise Service 10 helps you manage mobile devices for your organization. You can manage BlackBerrydevices and BlackBerry PlayBook tablets, as well as iOS and Android devices, all from a unified interface. BlackBerryEnterprise Service 10 is designed to help protect business information, keep mobile workers connected with theinformation they need, and provide administrators with efficient tools that help keep business moving forward.

BlackBerry Enterprise Service 10 includes the following components:

Component Description

BlackBerry Device Service Provides advanced administration for BlackBerry 10 devices and BlackBerryPlayBook tablets

Universal Device Service Provides advanced administration for iOS and Android devices

BlackBerry Management Studio Provides a unified interface to administer common tasks for BlackBerry 10devices, BlackBerry PlayBook tablets, BlackBerry 7.1 and earlier devices, iOSdevices, and Android devices

BES10 Self-Service Provides a console to users so that they can perform some self-service tasks.For example, users can create activation passwords, remotely change thepassword on their device, or delete data from the device.

Key features of BlackBerry EnterpriseService 10The table below describes some of the key features for BlackBerry Enterprise Service 10.

Feature Description

Management of most types of devices BlackBerry Enterprise Service 10 supports all types of BlackBerry devicesand tablets, as well as iOS devices and Android devices.

2

Installation Guide What is BlackBerry Enterprise Service 10?

6

Feature Description

Single, unified interface BlackBerry Management Studio is a single, web-based interface where youcan view all devices in one place and access the most commonmanagement tasks across multiple domains. These tasks include creatingand managing groups, managing device controls, and activating mobiledevices.

Trusted and secure experience Device controls give you precise management of how devices connect toyour network, what capabilities are enabled, and what apps are available.Whether the devices are owned by your organization or your users, you canprotect your organization's information.

Balance of work and personal needs BlackBerry Balance and Secure Work Space technology are designed toensure that personal and work information are kept separate and secure ondevices. If the device is lost or the employee leaves the organization, youcan delete only work-related information or all information from the device.Additional security features are available depending on the device type.

Installation Guide What is BlackBerry Enterprise Service 10?

7

Planning a BlackBerryEnterprise Service 10installationYou can install all BlackBerry Enterprise Service 10 components on one computer, or you can install specific componentson separate computers. The computer that hosts BlackBerry Enterprise Service 10 requires a valid DNS suffix and amultisegment host name.

You should consider any effect on system resources before you decide where to install the components. For example, youcan install all components on one computer if you plan to activate up to 1000 devices, and if you determine that thecomputer can manage the volume of traffic for the BlackBerry Enterprise Service 10 components.

BlackBerry Enterprise Service 10 stores data in its own databases. You can install multiple BlackBerry Enterprise Service10 instances that connect to the same BlackBerry Enterprise Service 10 databases. You must host the BlackBerryEnterprise Service 10 databases on the same database instance.

You can install the BlackBerry Enterprise Service 10 on a computer that hosts a BlackBerry Enterprise Server 5.0 SP4instance or BlackBerry Enterprise Server Express 5.0 SP4 instance.

BlackBerry Management Studio can manage multiple BlackBerry Enterprise Service 10 domains and BlackBerryEnterprise Server domains (version 5.0 SP3 or later).

Installing all BlackBerry Enterprise Service10 components on one computerYou can install the BlackBerry Enterprise Service 10 core components and the BlackBerry Enterprise Service 10 consoleson one computer.

You can use the BlackBerry Enterprise Service 10 Performance Calculator to determine whether the computer canaccommodate the needs of your organization.

Consider a distributed installation of BlackBerry Enterprise Service 10 if:

• Your computer has system resource limitations

• Your organization wants to prevent internal servers from accessing the Internet

• You are considering the high availability or disaster recovery options

3

Installation Guide Planning a BlackBerry Enterprise Service 10 installation

8

Installing the BlackBerry Enterprise Service10 core componentsBlackBerry Enterprise Service 10 consists of the following core components: the BlackBerry Controller, the BlackBerryDispatcher, the BlackBerry MDS Connection Service, the Enterprise Management Web Service, the Core Module, and theCommunication Module. You can install the core components on one computer.

For more information about BlackBerry Enterprise Service 10 core components, refer to the BlackBerry Enterprise Service10 Product Overview.

Installing the BlackBerry Enterprise Service10 consolesBlackBerry Enterprise Service 10 includes four consoles that you can use to manage the system and devices. TheBlackBerry Enterprise Service 10 setup application automatically adds the BlackBerry Device Service and the UniversalDevice Service to BlackBerry Management Studio.

Console Description

BlackBerry Management Studio BlackBerry Management Studio allows you to managelicenses, view reports of your system, and perform somemanagement tasks for BlackBerry 10 devices, BlackBerryPlayBook tablets, iOS devices, Android devices, andBlackBerry 7.1 and earlier devices.

BES10 Self-Service BES10 Self-Service is a web-based application that you canmake available to users so that they can perform someadministrative tasks on their devices. Using BES10 Self-Service, users can, for example, create activationpasswords, remotely change the password on their device,or delete data from the device. Users do not need to installany software on their computers to use BES10 Self-Service.You provide the web address and login information to usersso that they can log in to BES10 Self-Service.

BlackBerry Device Service console Also known as the BlackBerry Administration Service, theBlackBerry Device Service console allows you to manage


9

Console Description

BlackBerry Device Service components, BlackBerry 10devices, and BlackBerry PlayBook tablets.

Universal Device Service console Also known as the Administration Console, the UniversalDevice Service console allows you to manage iOS devicesand Android devices.


10

Requirements

System requirements: Your organization'senvironmentItem Requirement

Company directory One of the following to access the list of users in your organization when youcreate user accounts:

• Microsoft Active Directory, running at a domain functional level that is set toWindows Server 2003 or later

• LDAP with anonymous authentication or simple bind authentication, with orwithout SSL

Exchange ActiveSync • Exchange ActiveSync enabled on your organization's messaging server touse the native email, calendar, and contacts apps on devices. For minimumrequirements, refer to the BlackBerry Enterprise Service 10 CompatibilityMatrix.

Exchange ActiveSync gatekeeping To configure gatekeeping, the following conditions:

• Microsoft Exchange Server 2010

• Windows PowerShell 2.0 or later installed on the computer that hosts theBlackBerry Enterprise Service 10 core components.

Devices Any of the mobile operating systems listed in the BlackBerry Enterprise Service10 Compatibility Matrix

4

Installation Guide Requirements

11

System requirements: FirewallItem Requirement

DNS Support for resolving IP addresses into host names

System requirements: VPN hardwareIf your organization's environment includes VPNs, you can configure a device to authenticate with the VPN so that it canaccess your organization's network. BlackBerry devices can use the BlackBerry Infrastructure if a VPN or work Wi-Ficonnection is not available.

For information about VPN hardware for iOS, visit www.apple.com.

BlackBerry PlayBook OS 2.0 or later and BlackBerry 10 OS support the following IPsec VPN hardware:

• Any gateway from Check Point

• Cisco VPN 3000 Series Concentrator

• Cisco PIX Firewall

• Cisco IOS Easy VPN

• Any appliance in the Cisco ASA Series

• Any gateway in the Juniper SRX Series

• Any gateway in the Juniper NetScreen Series

• Any Windows Server with RRAS and IPsec configured that supports IKEv2

• Any VPN server that supports IKEv2

PlayBook OS 2.0 or later and BlackBerry 10 OS support the following SSL VPN hardware:

• Any gateway in the Juniper SA Series

• Any gateway in the Juniper MAG Series

For more information, visit www.blackberry.com/go/kbhelp to read article KB28128.


12

http://www.apple.com

http://www.blackberry.com/go/kbhelp

Hardware requirementsTo determine the memory and disk space requirements for BlackBerry Enterprise Service 10, you must consider thenumber of devices that you plan to activate, the type of connection that devices use, and the level and type of user activityon devices. For more information about calculating hardware requirements for a BlackBerry Enterprise Service 10environment, visit docs.blackberry.com/BES10 to see the BlackBerry Enterprise Service 10 Performance Calculator.

Log filesThe size of log files for BlackBerry Enterprise Service 10 and BlackBerry Enterprise Service 10 components varies basedon the number of devices in your organization's environment, the level of user activity on devices, and the logging levelsthat BlackBerry Enterprise Service 10 uses. It is a best practice to monitor and control the amount of disk space that theBlackBerry Enterprise Service 10 log files take up. For more information about configuring logging, visit docs.blackberry.com/BES10 to read the BlackBerry Device Service Advanced Administration Guide and the UniversalDevice Service Advanced Administration Guide.

Projected database growthThe size of the Microsoft SQL Server database used by BlackBerry Enterprise Service 10 will initially increase byapproximately 500 KB per user per day. The size of the database will stabilize after approximately 30 days becauseBlackBerry Enterprise Service 10 removes historical data from the database at regular intervals. The maximum expectedconcurrent database connections at any one time is 120. At peak times, the database IO per second (IOPS) projection is200 IOPS.

Hardware requirements: BlackBerry Enterprise Service10The following guidelines apply to a BlackBerry Enterprise Service 10 environment that supports email messages and appdownloads. The environment can include BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS devices, Androiddevices, and optionally, BlackBerry 7.1 and earlier devices.

For more information about using the Secure Work Space feature with iOS devices and Android devices, visit www.blackberry.com/go/kbhelp to read article KB34591.

Note: If you plan to activate BlackBerry 10 work space only devices, the processor, memory, and disk space requirementsare higher. For more specific sizing information, visit docs.blackberry.com/BES10 to see the BlackBerry Enterprise Service10 Performance Calculator.


13

http://docs.blackberry.com/BES10




Hardware requirements for 1 to 500 devicesIf BlackBerry Enterprise Service 10 is installed on a computer that hosts BlackBerry Enterprise Server 5.0 SP4, up to 500total devices are supported. Any combination of BlackBerry 10 devices, BlackBerry PlayBook tablets, iOS devices, Androiddevices, and BlackBerry 7.1 and earlier devices are supported up to a combined maximum of 500 devices.

Environment Requirement

All BlackBerry Enterprise Service 10components, Microsoft SQL ServerExpress, and BlackBerry EnterpriseServer 5.0 SP4 (optional)

• One processor, 2.2 GHz Intel Xeon ES-2400 Series (Quad Core)

• 12 GB of available memory

• 40 GB of disk space

Hardware requirements for 500 to 100,000 devicesFor 500 to 100,000 devices, install the BlackBerry Enterprise Service 10 core components, consoles, and databases onseparate computers.

Requirements for core componentsEach instance of BlackBerry Enterprise Service 10 core components can support up to 15,000 BlackBerry 10 devices andBlackBerry PlayBook tablets, and up to 7500 iOS and Android devices. Deploy as many instances of the core componentsas required to support the number of devices in your organization.

The number of instances of core components required depends on the combination of device types and workload, and onthe performance characteristics of your network. To obtain a more accurate estimate of the required hardware, go to docs.blackberry.com/BES10 to see the BlackBerry Enterprise Service 10 Performance Calculator.

Number of activated devices Number of instances of core components

500 to 5000 1

5000 to 10,000 1 to 2

10,000 to 22,500 1 to 4

22,500 to 100,000 2 to 10

Following are some examples of computer configurations that could support an instance of the BlackBerry EnterpriseService 10 core components.

Number of activated devices Configuration example

500 to 5000 • One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)



14


Number of activated devices Configuration example


5000 to 10,000 • One processor, 2 GHz Intel Xeon E5-2600 Series (Six Core)



10,000 to 22,500 • Two processors, 2 GHz Intel Xeon E5-2600 Series (Six Core)



Requirements for consolesThe computer that the BlackBerry Enterprise Service 10 consoles reside on must meet the following requirements.

Number of activated devices Requirement

500 to 22,500 • One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)



22,500 to 100,000 • Two processors, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)



Requirements for databasesThe computer that the BlackBerry Enterprise Service 10 databases reside on must meet the following requirements.


500 to 5000 • One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)



5000 to 22,500 • One processor, 2.2 GHz Intel Xeon E5-2400 Series (Quad Core)



15



22,500 to 100,000 • One processor, 2 GHz Intel Xeon E5-2600 Series (Six Core)



Hardware requirements: BlackBerry RouterThe following requirements apply to the computer that you install a standalone BlackBerry Router on. To support moredevices or a large number of app downloads, install more processing cores or use a more powerful processor.


1 to 10,000 • One processor, 2 GHz Single Core

• 0.5 GB of available memory (above the requirements for the operatingsystem)

• 500 KB of disk space (above the requirements for the operating system)

Hardware requirements: BlackBerry CollaborationServiceThe following requirements apply to the computer that you install the BlackBerry Collaboration Service on. For moreinformation about calculating hardware requirements, visit www.blackberry.com/go/serverdocs to see the BlackBerryEnterprise Service 10 Performance Calculator.

Item Description

Hardware requirements • One processor, 2.4 GHz Intel Xeon 5600 Series (Quad Core)

• 8 GB of available memory (for 1000 users or fewer)



16

http://www.blackberry.com/go/serverdocs

Item Description

Notes • Supports up to 5000 devices that go through the BlackBerry Infrastructure ifinstalled on the same computer as the BlackBerry Enterprise Service 10core components

• Supports up to 5000 devices per BlackBerry Collaboration Service instance,per computer

• Install an additional 3 GB of memory for each 1000 users beyond the first1000

Software requirementsBefore you install BlackBerry Enterprise Service 10, your organization's environment must meet certain requirements forsoftware.

Applications that are installed with BlackBerryEnterprise Service 10You can use the BlackBerry Enterprise Service 10 installation process to install third-party applications.

If you want to install Microsoft SQL Server 2008 R2 Express on a computer that does not host the BlackBerry EnterpriseService 10 core components, you can copy the BlackBerry Enterprise Service 10 installation files to the computer that youwant to install Microsoft SQL Server 2008 R2 Express on, navigate to the Tools folder and run the Sqlexpr.exe file (32-bit or64-bit).

Application Items that the application is installed with

JRE 7 Update 55 • BlackBerry Enterprise Service 10 core components

• BlackBerry Enterprise Service 10 consoles

Microsoft .NET Framework 3.5 SP1 (ifit is available for the setup applicationto enable through the Windows ServerManager)

• BlackBerry Enterprise Service 10 core components

• BlackBerry Enterprise Service 10 consoles

Microsoft XML Core Services 6.0 SP2 • BlackBerry Enterprise Service 10 consoles


17

Application Items that the application is installed with

Microsoft IIS 7.0, 7.5, or 8.0 • BlackBerry Enterprise Service 10 core components

Microsoft Web Deploy 3.0 • BlackBerry Enterprise Service 10 core components

Microsoft SQL Server 2008 R2 Express(if it is selected during the installationprocess)

• BlackBerry Enterprise Service 10 core components

Software requirements: BlackBerry Enterprise Service10 core componentsThe following requirements apply when you install all BlackBerry Enterprise Service 10 components on one computer, orwhen you install the BlackBerry Enterprise Service 10 core components on a separate computer.

Item Requirement

Operating system Any of the operating systems listed in the BlackBerry Enterprise Service 10Compatibility Matrix

Software framework All of the following:

• Microsoft .NET Framework 3.5 SP1

• Microsoft .NET Framework 4 (Standalone Installer or Web Installer)

Note:

• You must install the full Microsoft .NET Framework 4 instead ofMicrosoft .NET Framework 4 Client Profile.

• If you plan to install the BlackBerry Collaboration Service on the samecomputer as the BlackBerry Enterprise Service 10 core components, youmust install Microsoft Unified Communications Managed API 2.0 CoreRedistributable 64-bit before you install Microsoft .NET Framework 4. Formore information, visit support.microsoft.com to read article 2224981.

Web server Any of the web servers listed in the BlackBerry Enterprise Service 10Compatibility Matrix

The BlackBerry Enterprise Service 10 setup application installs Microsoft IIS andconfigures it so BlackBerry Enterprise Service 10 can work. If you install IISbefore you run the setup application, install the following IIS Role Services:


18

http://www.support.microsoft.com

Item Requirement

• Web Server: Static Content, Default Document, Directory Browsing, HTTPErrors

• Health and Diagnostics: HTTP Logging, Request Monitor

• Security: Request Filtering Performance: Static Content Compression

• Management Tools: IIS Management Console, IIS Management Scripts andTools, Management Service, IIS 6 Management Compatibility (allsubcomponents)

Software requirements: Remote consolesThe following requirements apply if you are installing the BlackBerry Enterprise Service 10 consoles on a separatecomputer.

Item Requirement

Operating system Any of the operating systems listed in the BlackBerry Enterprise Service 10Compatibility Matrix at docs.blackberry.com/BES10.

Software framework Microsoft .NET Framework 3.5 SP1; installed by the setup application.

Software requirements: BlackBerry RouterThe following requirements apply to the computer that you install a standalone BlackBerry Router on. If you do not installthe BlackBerry Router, you can connect the BlackBerry Device Service to an existing standalone BlackBerry Router in yourorganization's environment. You can use a standalone BlackBerry Router that you installed with BlackBerry EnterpriseServer 5.0 SP4 or BlackBerry Device Service 6.2.

Item Requirement

Operating system Any of the operating systems listed in the BlackBerry Enterprise Service 10Compatibility Matrix


19


Software requirements: Database serverItem Requirement

Database management system Any of the database management systems listed in the BlackBerry EnterpriseService 10 Compatibility Matrix

Collation setting To configure collation settings, the following conditions:

• Database server collation configured to default case-insensitive

• BlackBerry Enterprise Service 10 database collation configured to defaultcase-insensitive

Note: Default collations are suggested but non-default collations are supported(for more information, visit www.blackberry.com/go/kbhelp to read articlesKB04785 and KB15534).

Database connectivity • TCP/IP network protocols turned on

• No count option turned off

Nested triggers Nested triggers support turned on to allow triggers to perform actions thatinitiate other triggers. For more information, visit msdn.microsoft.com to readarticle ms178101.

Database mirroring To configure database mirroring, the following conditions:

• A version of Microsoft SQL Server that supports database mirroring

• High-safety mode with automatic failover

• A witness server for automatic failover

• A mirror database on a different computer than the principal database

• The same version and edition of Microsoft SQL Server to host the mirrordatabase and the principal database

Software requirements: BrowserThe following requirements apply to the browser that you use to log in to the BlackBerry Enterprise Service 10 consoles.


20


http://msdn.microsoft.com/

Item Requirement

Browser Any of the browsers listed in the BlackBerry Enterprise Service 10 CompatibilityMatrix.

Windows Internet Explorer 8 or later provides optimal support for BlackBerryAdministration Service features.

Note: If users use a wired connection to activate or manage their BlackBerry devices,they must use Windows Internet Explorer and allow incoming TCP/IP connections toRIMProxy.exe. The default port number for RIMProxy.exe is 5666.

To support browser access, you must configure the following settings:

• Support for JavaScript

• Cookies turned on

• Support for TLS or SSL

• The SSL certificate is installed to permit trusted connections to the consoles

Browser settings for WindowsInternet Explorer

To support browser access using Windows Internet Explorer, you must configure thefollowing settings:

• The latest Microsoft hotfixes installed

• Language preferences that display encoded web pages

• To support Microsoft ActiveX, the following settings are enabled:

• Automatic prompting for Microsoft ActiveX controls

• Download signed Microsoft ActiveX controls

• Run Microsoft ActiveX controls and plug-ins

• Script Microsoft ActiveX controls marked safe for scripting

• The console websites are assigned to the trusted websites security zone

• If you configure single sign-on authentication for the consoles, Enable IntegratedWindows Authentication is selected

Note: If Windows Internet Explorer Enhanced Security Configuration is turned on,some areas of the Universal Device Service console might not function correctly.


21

Installation considerations

Supported features and environmentsItem Description

Virtual environment Current in-market releases of VMware and Microsoft Hyper-V are supported withthe latest BlackBerry Enterprise Service 10 version. For more information, visit www.blackberry.com/go/kbhelp to read article KB29661.

IP The BlackBerry Enterprise Service 10 components support only IPv4 for TCP/IPconnections.

Installation on a computer that hostsBlackBerry Enterprise Server 5.0

BlackBerry Enterprise Service 10 can be installed on a computer that alreadyhosts BlackBerry Enterprise Server 5.0 SP4 or BlackBerry Enterprise ServerExpress 5.0 SP4.

You cannot connect BlackBerry Enterprise Service 10 and the BlackBerryEnterprise Server or BlackBerry Enterprise Server Express to the samedatabases. To run BlackBerry Enterprise Service 10 and the BlackBerryEnterprise Server or BlackBerry Enterprise Server Express in the sameorganization, you must configure the BlackBerry Enterprise Service 10databases for the BlackBerry Enterprise Service 10 instances, and a BlackBerryConfiguration Database for the BlackBerry Enterprise Server instances orBlackBerry Enterprise Server Express instances.

Remote access Administrators who use Remote Desktop Connection can access BlackBerryEnterprise Service 10 components remotely.

Certificate keystores The setup application generates and stores an SSL certificate in two password-protected keystore files: as.web.keystore and ncc.web.keystore. Thesekeystores replace the web.keystore that was used in previous releases. Thefollowing components use the SSL certificate to authenticate with browsers:

• BlackBerry Administration Service

• BlackBerry Management Studio

• BES10 Self-Service

• Enterprise Management Web Service


22


Item Description

• BlackBerry Web Services

You can use the BES10 Configuration Tool to change the password for the webkeystores or to import a new SSL certificate. When you use the tool to importcertificates into the keystores, the certificates are written to the BlackBerryEnterprise Service 10 databases and then to the keystores (this also occurswhen you restart the BlackBerry Administration Service). This processoverwrites any certificates that you imported into the keystores manually.BlackBerry Enterprise Service 10 does not support importing certificates intothe keystores manually.

Unsupported environmentsItem Description

DMZ The BlackBerry Enterprise Service 10 components, with the exception of theBlackBerry Router, do not support installation in a DMZ.


23

Preinstallation tasks

Configuring ports for the external firewallYou must configure the ports on the external firewall. For information about the internal ports that BlackBerry EnterpriseService 10 uses, see "Configuring connection types and port numbers" in the BlackBerry Enterprise Service 10Configuration Guide.

Outbound ports: Managing BlackBerry devicesBlackBerry Enterprise Service 10 components use the following ports to send data to sources that are outside of yourorganization's firewall, such as the BlackBerry Infrastructure, and to receive data back from these sources.

Configure your organization's firewall to allow outbound and inbound connections over these ports. For more informationabout domains and IP addresses to use in your firewall configuration, visit www.blackberry.com/go/kbhelp to read articlesKB34193 and KB03735.

From To Purpose Protocol Port Where you canchange the port

BlackBerry Router(optional)

BlackBerryInfrastructure

To connect to the blackberry.com andblackberry.net subdomains(<region>.srp.blackberry.com) toactivate and manage BlackBerry

TCP 3101 BES10Configuration Tool

5

Installation Guide Preinstallation tasks

24



devices and to enable the use of thework space on BlackBerry devices.

BlackBerryDispatcher


To connect to the blackberry.com andblackberry.net subdomains(<region>.srp.blackberry.com) toactivate and manage BlackBerrydevices and to enable the use of thework space on BlackBerry devices.

TCP 3101 BlackBerryAdministrationService

BlackBerryLicensing Service


To connect to the licensinginfrastructure(license.blackberry.com) to activatelicenses.

HTTPS 443 Cannot change

BlackBerryAdministrationService


To register activation information forBlackBerry devices and access deviceinformation.


BlackBerryAdministrationService


To specify public apps in BlackBerryWorld as optional work apps forBlackBerry devices.

HTTP 80 Cannot change

Outbound ports: Managing iOS and Android devicesBlackBerry Enterprise Service 10 components use the following ports to send data to sources that are outside of yourorganization's firewall, such as the BlackBerry Infrastructure, and to receive data back from these sources.

Configure your organization's firewall to allow outbound and inbound connections over these ports. For more informationabout domains and IP addresses to use in your firewall configuration, visit www.blackberry.com/go/kbhelp to read articlesKB34193 and KB03735.


25



BlackBerrySecure ConnectService


To connect to the bbsecure.comsubdomain (<region>.bbsecure.com)to allow work-space enabled devicesto access work data, to send activationand management data between iOSand Android devices and BlackBerryEnterprise Service 10, and to allow iOSdevices to connect to APNs for devicenotifications.

TCP 3101 Cannot change

BlackBerrySecure ConnectService through aTCP proxy server(optional)


To route data through a TCP proxyserver if you do not want a directconnection to the BlackBerryInfrastructure.

TCP 3101 AdministrationConsole

BlackBerryLicensing Service


To connect to the licensinginfrastructure(license.blackberry.com) to activatelicenses.


AdministrationConsole


To request a signed CSR fromBlackBerry so you can obtain andregister an APNs certificate. The APNscertificate is required to manage iOSdevices.


Universal DeviceService corecomponents


To connect to the<region>.swstps.bbsecure.comsubdomain to authenticate BlackBerryEnterprise Service 10 and enable theuse of the Secure Work Space on iOSand Android devices.


Universal DeviceService corecomponents


To connect to<region>.swsmanager.bbsecure.comsubdomain to enable administrativecontrol over the work space on iOSand Android devices.



26


BlackBerry WorkConnectNotificationService


To provide new or changed email andorganizer notifications to work space-enabled iOS devices.


Scheduler BlackBerryInfrastructure

To check a hosted metadata file eachday at midnight for new device or OSdata. Updates are downloaded to theUniversal Device Service database.

The hosted file is located at https://origin-www.blackberry.com/download/metadata/BES/metadata.xml.gz (IPaddress 208.65.77.102).


Core Module Apple RootCertificationAuthority

To check the certificate revocation list(used if you do not set up an APNsproxy server).

HTTPS

HTTP

443

80

Cannot change

Core Module SMTP gateway To enable SMTP for an external SMTPgateway (optional).

TCP 25 AdministrationConsole

Outbound ports: Device dataBlackBerry Enterprise Service 10 uses the outbound-initiated port 3101 to send and receive data for BlackBerry 10devices and work space-enabled iOS and Android devices.

For iOS and Android devices that are not work space-enabled, BlackBerry Enterprise Service 10 sends and receives onlyactivation and management data through the outbound-initiated port 3101. All other data, such as messaging data anddata from third-party applications, is not sent through port 3101. Consult the documentation or support resources for yourorganization's messaging software and third-party applications to determine the ports that you must open.

Outbound ports: Work space-enabled devices on awork Wi-Fi networkWork space-enabled iOS and Android devices that use your organization's Wi-Fi network use the following outbound portsto connect to the BlackBerry Infrastructure and external services. Configure your organization's firewall to allow outboundand inbound connections over these ports.


27


iOS devices

Android devices


To connect to the<region>.bbsecure.com subdomainwhen activating the device.

TLS 443 Cannot change

iOS devices

Android devices


To connect to the<region>.bbsecure.com subdomain sothat administration commands can beapplied to the devices.

Port 443 is the default. Port 80 is onlyused by devices that were activatedbefore you upgraded to BlackBerryEnterprise Service 10 version 10.2, orif the user specifies port 80.

TCP 443

80

Cannot change

iOS devices APNs To send management data to and fromiOS devices.

TCP 5223 Cannot change

Android devices BlackBerryInfrastructure

To connect to the<region>.swsmanager.bbsecure.comsubdomain.


Configure permissions for the serviceaccountThe service account is a Windows account that runs the services for BlackBerry Enterprise Service 10. The service accountmust be a member of the local Administrators group on the computer that you install BlackBerry Enterprise Service 10 on,and also requires other permissions. Without the correct permissions, BlackBerry Enterprise Service 10 cannot run.

If your organization's environment includes the BlackBerry Enterprise Server or the BlackBerry Device Service, you can usethe same service account to install BlackBerry Enterprise Service 10. Otherwise, create a service account in your companydirectory or a local Windows account on the computer that you want to install BlackBerry Enterprise Service 10 on.

After you create the service account:

1. On the taskbar, click Start > Administrative Tools > Computer Management.

2. In the left pane, expand Local Users and Groups.

3. Navigate to the Groups folder.


28

4. In the right pane, double-click Administrators.

5. Click Add.

6. In the Enter the object names to select field, type the name of the service account (for example, BES10Admin).

7. Click OK.

8. Click Apply.

9. Click OK.

10. On the taskbar, click Start > Administrative Tools > Local Security Policy.

11. If necessary, in the left pane, expand Security Settings.

12. In the left pane, expand Local policies.

13. Click User rights agreement.

14. Configure the following permissions for the service account:

• Allow log on locally (if not assigned by default)

• Log on as a service

• Log on as a batch job

Manually register ASP.NETIf Microsoft IIS is already installed on the computer, you must manually register ASP.NET for use with Microsoft IIS so thatthe Core Module and Communication Module can manage iOS and Android devices.

1. Open a Windows command prompt window as the administrator, and navigate to the folder of the .NET 4.0Framework.The path to the folder is similar to C:\Windows\Microsoft.NET\Framework64\v4.0.30319\.

2. Type aspnet_regiis -i -enable

3. Restart Microsoft IIS.


29

Configuring connections for the BlackBerryEnterprise Service 10 databasesYou create the BlackBerry Enterprise Service 10 databases when you install the BlackBerry Enterprise Service 10 corecomponents or when you run the CreateDB executable. BlackBerry Enterprise Service 10 can connect to the BlackBerryEnterprise Service 10 databases on the database server using Windows authentication or Microsoft SQL Serverauthentication. By default, BlackBerry Enterprise Service 10 connects to the BlackBerry Enterprise Service 10 databasesusing the service account that you use to complete the installation process or the Microsoft SQL Server account that youspecify during the installation process.

Specifying database permissions to create theBlackBerry Enterprise Service 10 databasesDepending on the database option and the type of authentication that you select, you might need to assign databasecreator permissions to the service account that you use to complete the installation process or the Microsoft SQL Serveraccount that you specify during the installation process. You can configure database permissions using Microsoft SQLServer roles.

Database option Database permission

Install Microsoft SQL Server Expressduring the BlackBerry EnterpriseService 10 installation process

• If you choose Windows authentication, the setup application automaticallyassigns the required database permissions to the service account

• If you choose Microsoft SQL Server authentication, you must add theMicrosoft SQL Server account to the dbcreator server role

Use an existing Microsoft SQL Server inyour organization's environment

• You must add the service account or Microsoft SQL Server account to thedbcreator server role

Create the BlackBerry Enterprise Service 10 databasesIf your organization's security policies do not allow applications to have permissions to create or upgrade databases, youcan run the CreateDB executable on the database server to create the BlackBerry Enterprise Service 10 databases insteadof using the setup application. After you create the BlackBerry Enterprise Service 10 databases using the CreateDBexecutable, you can run the setup application using a service account that has minimum permissions on the databaseserver.


30

Note: If you do not want to run the CreateDB executable on the database server, you must run it on a computer thatMicrosoft SQL Server 2008 Native Client is installed on and the computer must be able to connect to the computer thathosts the database server.

Before you begin: Verify that you configured the correct permissions on the database server.

1. Log in to the computer that hosts the database server that you want to configure as the host server for the BlackBerryEnterprise Service 10 databases. If you use a Windows account to create the BlackBerry Enterprise Service 10databases, you must log in to the computer using a Windows account that has database creator permissions.

2. Copy the BlackBerry Enterprise Service 10 installation files to the computer.

3. Extract the contents to a folder on the computer.

4. Navigate to <extracted_folder>\Database.

5. Open the DBMgmt.cfg file in a text editor.

6. Change the file to include information that is specific to your organization's environment.

7. Save and close the file.

8. Open a command prompt window.

9. Change the directory to <extracted_folder>\Database.

10. Type CreateDB.exe DBMgmt.cfg. Press ENTER.

DBMgmt.cfg propertiesThe following properties apply to the DBMgmt.cfg file, which you use when you run the CreateDB executable.

When you run the CreateDB executable to perform a test upgrade of the database, you are accessing the DBMgmt.cfg file.

The DBMgmt.cfg file contains the following properties:

Property Description

DATABASE_NAME_BDS This property specifies the name of the BlackBerry Configuration Database.

DATABASE_NAME_UDS This property specifies the name of the Management Database. If theManagement Database does not exist, the name must follow the format<BlackBerry Configuration Database name>_UDS.

SERVER This property specifies the name of the database server that hosts the databaseto create or upgrade. If a database instance hosts the database, follow theformat <database_server_name>\<database_instance_name>. If you configuredatabase mirroring, do not use named instances.


31

Property Description

MSSQL_PORT This property specifies the port number that Microsoft SQL Server uses. If you donot specify a port number, the CreateDB executable uses port number 1433 asthe default.

FAILOVER_SERVER This property specifies the name of the database server that hosts the mirrordatabase to upgrade.

USERID If you use database authentication, this property specifies the username for thedatabase account that has database creator permissions.

PASSWORD If you use database authentication, this property specifies the password for thedatabase account.

BACKUP This property specifies whether or not to back up the existing database. Thedefault value is FALSE.

BACKUP_DIR This property specifies an existing folder that you can save the database backupin.

By default, this folder is the same folder that the Microsoft SQL Server databasefiles are located in.

Remove the WebDAV Publishing role serviceIf Microsoft IIS is already installed on the computer that you want to install the BlackBerry Enterprise Service 10 corecomponents on, you must remove the WebDAV Publishing role service to avoid potential issues with updates that the setupapplication and the Universal Device Service perform. For example, WebDAV might cause issues when you create ausername and password for the Universal Device Service console during the installation process.

1. On the taskbar, click Start > Administrative Tools > Server Manager.

2. In the left pane, click Roles.

3. In the Web Server (IIS) section, click Remove Role Services.

4. Clear the WebDAV Publishing check box.

5. Apply your changes.


32

Configuring a BlackBerry AdministrationService poolWhen you install the BlackBerry Enterprise Service 10 consoles, you install a BlackBerry Administration Service instance. Ifyou install multiple instances, you must configure a BlackBerry Administration Service pool to send requests to availableinstances and to avoid a single point of failure. You can configure only one BlackBerry Administration Service pool in aBlackBerry Enterprise Service 10 domain.

You can configure a pool using one of the following options:

Item Description

DNS round robin If you configure a pool using DNS round robin, you must create the DNS recordsthat represent the instances in the pool, where each DNS record contains thestatic IP address of a computer that hosts an instance.

Hardware load balancer If you configure a pool using a hardware load balancer, you must implementsession persistence for SSL connections. When you implement sessionpersistence, a load balancer tracks and stores session data to make sure that allrequests in a browser session are consistently directed to the same instance inthe pool. For information on how to implement session persistence, contact thevendor of your hardware load balancer.

Create a DNS record for each BlackBerryAdministration Service instance in a poolTo configure a BlackBerry Administration Service pool using DNS round robin, you must create DNS records for theBlackBerry Administration Service pool name that contain the IP address of each computer that hosts a BlackBerryAdministration Service instance. The DNS pool name allows browsers to access available BlackBerry AdministrationService instances using a single DNS name. When you create the DNS records, you should include only computers thathost a BlackBerry Administration Service instance.

Before you begin:• Configure a static IP address for each computer that you want to install a BlackBerry Administration Service instance

on.

• Verify that you have correct permissions to manage the DNS server.

1. Log in to the DNS server.


33

2. In the DNS management console, access the forward lookup zone that you want to add the BlackBerryAdministration Service instances to.

3. To create a new DNS host record (or A record), specify the following information:

a. In the Name field, type the name that you want to use for the BlackBerry Administration Service pool name.

b. In the IP address field, type the IP address of the computer that you want to install a BlackBerry AdministrationService instance on.

c. Select the Create associated pointer (PTR) record check box.

4. Repeat step 3 for each BlackBerry Administration Service instance that you plan to install. When you create the DNSrecords, you must use the same pool name for all BlackBerry Administration Service instances in a pool.

After you finish: To remove a BlackBerry Administration Service instance from a pool, in the DNS server, delete the DNSpool name record that contains the IP address of the computer that hosts the instance.


34

Installing the BlackBerryEnterprise Service 10 software

Prerequisites: Installing the BlackBerryEnterprise Service 10 software• Verify that the computers that host the BlackBerry Enterprise Service 10 core components, the BlackBerry Enterprise

Service 10 consoles, and the BlackBerry Enterprise Service 10 databases are located in the same LAN environment.

• Verify that you opened the necessary ports on your organization's firewall.

• Verify that you installed all required third-party applications.

• If you perform the installation process on a computer that has more than one NIC, verify that the production NIC is firstin the bind order in the Windows network settings.

• If your organization uses a proxy server for Internet access, verify that you have the computer name, port number, andcredentials for the proxy server.

• When you run the setup application, use only standard characters to specify values. Unicode characters are notsupported.

Verify that you have the following information available for the BlackBerry Enterprise Service 10 software:

• SRP host

• SRP identifier

• SRP authentication key

6

Installation Guide Installing the BlackBerry Enterprise Service 10 software

35

Specifying a name for the BlackBerryAdministration Service pool during theinstallation processDuring the installation process, the setup application prompts you to specify the name of the BlackBerry AdministrationService pool.

The BlackBerry Administration Service instances use an SSL certificate that contains the pool name for interprocesscommunication. You must specify a valid DNS name during the installation process, even if you do not configure aBlackBerry Administration Service pool.

The setup application uses the FQDN of the computer that you install the first BlackBerry Administration Service instanceon as the default value for the pool name. If you keep the default value and configure a BlackBerry Administration Servicepool using DNS round robin or a hardware load balancer at a later time, you must use the BES10 Configuration Tool tochange the pool name to the DNS name for the pool.

You can keep the default value for the pool name when you install the first BlackBerry Administration Service instance, butyou must specify the DNS name for the pool when you install additional BlackBerry Administration Service instances.Afterwards, you must restart each computer that hosts a BlackBerry Enterprise Service 10 component.

Install all BlackBerry Enterprise Service 10components on one computerDuring the BlackBerry Enterprise Service 10 installation process, you might need to restart the computer.

Before you begin: Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software haslocal administrator permissions on the computer that you perform the installation process on.

1. Log in to the computer that you want to install BlackBerry Enterprise Service 10 on using the service account that hascorrect permissions. The service account runs the BlackBerry Enterprise Service 10 services.

2. In the BlackBerry Enterprise Service 10 installation files, double-click setup.exe. If a Windows message appears andrequests permission for setup.exe to make changes to the computer, click Yes.

3. Review the information for the account that you used to log in. Click Continue Installation.

4. In the License agreement dialog box, perform the following actions:


36

a. In the Customer information section, specify information for your organization and select your country orregion.

b. In the License agreement section, read the license agreement. To accept the license agreement, select Iaccept the terms of the license agreement.

c. Click Next.

5. In the Setup type dialog box, perform one of the following actions:

• For the first installation of the BlackBerry Enterprise Service 10 software, select Create a BlackBerry EnterpriseService 10 domain. You can install the database server on the same computer or use an existing database serverin your organization's environment (local or remote).

• For all other installations of the BlackBerry Enterprise Service 10 software, select Use an existing BlackBerryEnterprise Service 10 domain.

6. In the Setup options dialog box, all BlackBerry Enterprise Service 10 components are selected by default. Click Next.

7. In the Preinstallation checklist dialog box, read and verify the information. Click Next.

8. In the Accounts and folders dialog box, type the password for the service account that you used in step 1. Click Next.

9. In the Summary dialog box, verify that the information is correct. Click Install.

10. If the setup application prompts you to restart the computer, click Yes. Otherwise, click Next.

11. If you restart the computer, log in to the computer using the service account that you used in step 1.

12. In the Database information dialog box, perform the following actions:

a. In the Microsoft SQL Server name field, type the name of the computer that hosts the database server.

b. In the Database name field, type a name for the BlackBerry Configuration Database. The same name is used forthe Management Database (<database_name>_UDS).

c. If you configured the database server to use static ports, select the Static option. If the static port number is not1433, in the Port field, type the port number.

d. By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service10 databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQLServer account.

e. Click Next.

13. In the Instance information dialog box, type a name for this instance of the BlackBerry Enterprise Service 10 corecomponents. You must specify a unique name for each instance of the core components that you install in aBlackBerry Enterprise Service 10 domain. Click Next.

14. In the SRP information dialog box, perform the following actions:

a. In the SRP host section, if necessary, change the SRP address and port number for the BlackBerryInfrastructure. The default port number is 3101 and the default host name is determined by your country orregion.

b. In the SRP authentication information section, type the SRP identifier and SRP authentication key. EachBlackBerry Enterprise Service 10 instance must use a unique SRP identifier.


37

c. In the SRP host and SRP authentication information sections, click Verify to verify that the information iscorrect.

d. Click Next.

15. In the Core Module information dialog box, perform the following actions:

a. Type and confirm a password for the Core Module. The Universal Device Service components use the passwordto make trusted connections to the Core Module.

b. In the Website information section, in the drop-down list, click Create a website. If necessary, in the Websiteport field, change the default port number.

c. If necessary, in the Port settings section, change the default port numbers.

d. Click Next. If you changed any port numbers, the setup application verifies if the ports are available on thecomputer.

16. In the Communication Module information dialog box, perform the following actions:

a. In the Website information section, in the drop-down list, click Create a website. If necessary, in the Websiteport field, change the default port number.

b. Click Next. If you changed the port number, the setup application verifies if the port is available on thecomputer.

17. In the Create an administrator account dialog box, type and confirm a password for the administrator account thatthe setup application creates. Administrators use the login information that you specify to log in to the BlackBerryEnterprise Service 10 consoles for the first time. Click Next.

18. In the Administration settings dialog box, perform the following actions:

a. In the Pool name field, specify a valid FQDN or IP address that the setup application uses to create theBlackBerry Administration Service web address. If you install only one BlackBerry Administration Serviceinstance in a BlackBerry Enterprise Service 10 domain, you can accept the default pool name. If you installmultiple BlackBerry Administration Service instances, specify the DNS name that maps to the IP address ofeach computer that hosts a BlackBerry Administration Service instance, or the DNS name of a hardware loadbalancer.

b. If necessary, in the Port settings section, change the default port numbers.

c. Click Next. If you changed any port numbers, the setup application verifies if the ports are available on thecomputer.

19. In the Finalize installation dialog box, the setup application finishes the installation tasks and the BlackBerryEnterprise Service 10 services start automatically. When all the services are running, click Next.

20. In the Console addresses dialog box, click Finish. By default, the setup application exports the BlackBerry EnterpriseService 10 web addresses to a .txt file.

After you finish:• Verify that the collation setting for the BlackBerry Enterprise Service 10 databases is default case-insensitive.

• If you reinstalled the BlackBerry Enterprise Service 10 consoles, in Windows Internet Explorer, delete the cache.


38

Installing BlackBerry Enterprise Service 10components on separate computers

Install the BlackBerry Enterprise Service 10 corecomponentsYou can install the BlackBerry Enterprise Service 10 core components on a separate computer to address performanceconcerns or for high availability. During the BlackBerry Enterprise Service 10 installation process, you might need to restartthe computer.

Before you begin: Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software haslocal administrator permissions on the computer that you perform the installation process on.

1. Log in to the computer that you want to install BlackBerry Enterprise Service 10 on using the service account that hascorrect permissions. The service account runs the BlackBerry Enterprise Service 10 services.






c. Click Next.

5. In the Setup type dialog box, perform one of the following actions:

• For the first installation of the BlackBerry Enterprise Service 10 software, select Create a BlackBerry EnterpriseService 10 domain. You can install the database server on the same computer or use an existing database serverin your organization's environment (local or remote).

• For all other installations of the BlackBerry Enterprise Service 10 software, select Use an existing BlackBerryEnterprise Service 10 domain.

6. In the Setup options dialog box, verify that the Install the BlackBerry Enterprise Service 10 core components checkbox is selected and clear the check boxes for the other options. Click Next.



39







b. In the Database name field, type a name for the BlackBerry Configuration Database. The same name is used forthe Management Database (<database_name>_UDS).



e. Click Next.

13. In the Instance information dialog box, type a name for this instance of the BlackBerry Enterprise Service 10 corecomponents. You must specify a unique name for each instance of the core components that you install in aBlackBerry Enterprise Service 10 domain. Click Next.

14. In the SRP information dialog box, perform the following actions:

a. In the SRP host section, if necessary, change the SRP address and port number for the BlackBerryInfrastructure. The default port number is 3101 and the default host name is determined by your country orregion.

b. In the SRP authentication information section, type the SRP identifier and SRP authentication key. EachBlackBerry Enterprise Service 10 instance must use a unique SRP identifier.

c. In the SRP host and SRP authentication information sections, click Verify to verify that the information iscorrect.

d. Click Next.

15. In the Core Module information dialog box, perform the following actions:

a. Type and confirm a password for the Core Module. The Universal Device Service components use the passwordto make trusted connections to the Core Module.

b. In the Website information section, in the drop-down list, click Create a website. If necessary, in the Websiteport field, change the default port number.

c. If necessary, in the Port settings section, change the default port numbers.

d. Click Next. If you changed any port numbers, the setup application verifies if the ports are available on thecomputer.

16. In the Communication Module information dialog box, perform the following actions:


40

a. In the Website information section, in the drop-down list, click Create a website. If necessary, in the Websiteport field, change the default port number.

b. Click Next. If you changed the port number, the setup application verifies if the port is available on thecomputer.

17. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry EnterpriseService 10 services start automatically. When all the services are running, click Finish.

After you finish: Verify that the collation setting for the BlackBerry Enterprise Service 10 databases is default case-insensitive.

Install the BlackBerry Enterprise Service 10 consolesYou can install the BlackBerry Enterprise Service 10 consoles on a separate computer to address performance or disasterrecovery concerns. During the BlackBerry Enterprise Service 10 installation process, you might need to restart thecomputer.

Before you begin:• Verify that the service account that you use to install the BlackBerry Enterprise Service 10 software has local

administrator permissions on the computer that you perform the installation process on.

• Verify that the service account has permission to access and update the Windows registry on the computer that hoststhe BlackBerry Enterprise Service 10 core components.

• Install at least one instance of the BlackBerry Enterprise Service 10 core components.

1. Log in to the computer that you want to install the BlackBerry Enterprise Service 10 consoles on using the serviceaccount that has correct permissions. The service account runs the BlackBerry Enterprise Service 10 services.






c. Click Next.

5. In the Setup type dialog box, select Use an existing BlackBerry Enterprise Service 10 domain. Click Next.




41

b. In the Database name field, type the name of the existing BlackBerry Configuration Database (for example,BDSMgmt).



e. Click Next.

7. In the Setup options dialog box, verify that the Install the BlackBerry Enterprise Service 10 consoles check box isselected and clear the check boxes for the other options. Click Next.






13. In the Create an administrator account dialog box, type and confirm a password for the administrator account thatthe setup application creates. Administrators use the login information that you specify to log in to the BlackBerryEnterprise Service 10 consoles for the first time. Click Next.

14. In the Administration settings dialog box, perform the following actions:

a. In the Pool name field, specify a valid FQDN or IP address that the setup application uses to create theBlackBerry Administration Service web address. If you install only one BlackBerry Administration Serviceinstance in a BlackBerry Enterprise Service 10 domain, you can accept the default pool name. If you installmultiple BlackBerry Administration Service instances, specify the DNS name that maps to the IP address ofeach computer that hosts a BlackBerry Administration Service instance, or the DNS name of a hardware loadbalancer.

b. If necessary, in the Port settings section, change the default port numbers.

c. Click Next. If you changed any port numbers, the setup application verifies if the ports are available on thecomputer.

15. In the Finalize installation dialog box, the setup application finishes installation tasks and the BlackBerry EnterpriseService 10 services start automatically. When all the services are running, click Next.


After you finish:• Restart the computer that hosts the BlackBerry Enterprise Service 10 core components.

• If you reinstalled the BlackBerry Enterprise Service 10 consoles, in Windows Internet Explorer, delete the cache.


42

Installing a standby instance ofthe core componentsIf you want to enhance the stability and reliability of device service in your organization’s BlackBerry Enterprise Service 10domain, you can configure the core components to support high availability. A high availability configuration involves one ormore high availability pairs. A high availability pair consists of a primary instance of the core components, and a standbyinstance of the same components that you install on a different computer. If the primary instance is not performing asexpected (for example, a component is not responding), BlackBerry Enterprise Service 10 initiates an automatic failover ofdevice service to the standby instance. Both instances use the same SRP credentials, and are connected to the sameBlackBerry Enterprise Service 10 databases.

You can assign only one standby instance to each primary instance in the domain. You cannot change the primary andstandby roles by running the setup application again, but you can use the BlackBerry Administration Service to initiate amanual failover, or to change the primary and standby roles for a high availability pair.

When you install a standby instance of the core components, you can install additional instances of other components. Forexample, you can install additional components with the standby instance to distribute the performance load acrossmultiple computers.

For more information about configuring high availability for the core components and configuring high availability for theBlackBerry Enterprise Service 10 databases, visit docs.blackberry.com/BES10 to read the BlackBerry Enterprise Service10 Configuration Guide.

Prerequisites: Installing a standby instanceof the core components• Install a primary instance of the core components. Verify whether this instance is assigned the device management role

for Android devices and iOS devices. By default, the setup application assigns this role to the first instance of the corecomponents that you install in the domain, or to the first instance that you upgrade.

• Choose a different computer to host the standby instance of the core components. Verify that this computer meets theappropriate system requirements.

• When you install the standby instance, use the same service account that you used to install the primary instance, or aservice account with the same permissions.

7

Installation Guide Installing a standby instance of the core components

43


• It is a best practice to upgrade all BlackBerry 10 devices in your organization's environment to BlackBerry 10 OSversion 10.1 or later. If device service fails over to the standby instance, you can continue to use the consoles tomanage BlackBerry devices only if the devices use BlackBerry 10 OS version 10.1 or later.

If the devices use an earlier version of the BlackBerry 10 OS or the BlackBerry PlayBook OS, the devices cannotconnect to the Enterprise Management Web Service of the new primary instance (formerly the standby instance). As aresult, you cannot manage the devices from the consoles until you perform one of the following actions:

• Manually fail over device service back to the initial primary instance.

• Move the user account and any associated devices to another high availability pair in the domain.

• Activate the devices again.

Install a standby instance of the corecomponentsWhen you install a standby instance of the core components, the setup application associates the components on thestandby instance with the components on the primary instance. You can view and change settings for the standbycomponents using the BlackBerry Administration Service.

1. Log in to the computer that you want to install the standby instance on using a service account with the correctpermissions. The service account runs the BlackBerry Enterprise Service 10 services.


3. Review the Windows account information that will be used to install the standby instance. Click Continue Installation.


• In the Customer information section, specify information for your organization and select your country or region.

• In the License agreement section, read the license agreement. Select I accept the terms of the licenseagreement.

• Click Next.

5. In the Setup type dialog box, select Use an existing BlackBerry Enterprise Service 10 domain.

6. Click Next.


• In the Microsoft SQL Server name field, type the name of the computer that hosts the database server.

• In the Database name field, type the name of the BlackBerry Configuration Database that is associated with theprimary instance.


44

• If you configured the database server to use static ports, select the Static option. If the static port number is not1433, in the Port field, type the port number.

• By default, the setup application uses Windows authentication to connect to the BlackBerry Enterprise Service 10databases. If you select Microsoft SQL Server authentication, specify login information for a Microsoft SQLServer account.

• Click Next.

8. In the Setup options dialog box, perform the following actions:

• Select Install the BlackBerry Enterprise Service 10 core components.

• Select Install the BlackBerry Enterprise Service 10 core components as a standby instance and associate itwith a primary instance for high availability. In the drop-down list, click the primary instance.

• Click Next.


10. In the Accounts and folders dialog box, in the Password field, type the password for the service account that youused in step 1.

11. Click Next.


13. When the installation process completes, click Next.

14. In the Core Module Information dialog box, if necessary, change the port numbers in the Website informationsection and Port settings section. Click Next.

15. In the Communication Module information dialog box, if necessary, change the port number in the Websiteinformation section. Click Next.


Note: The BlackBerry Web Services, BlackBerry Work Connect Notification Service, and the Enterprise ManagementWeb Service do not start automatically. These services are designed to start after device service fails over to thestandby instance.


By default, the primary instance is configured to fail over automatically if any of the health parameters above the failoverthreshold become unhealthy. For automatic failover to succeed, on the standby instance, the health parameters above thepromotion threshold must be healthy.

Note: If you change the listening port for Microsoft SQL Server to a custom port, and you update the port value on theprimary instance using the BES10 Configuration Tool, the standby instance is not updated with the new port value andcannot connect to Microsoft SQL Server.

After you finish:• Restart the computer that hosts the primary instance.


45

• Restart the computer that hosts the standby instance.

• If you have additional primary instances in your domain and you want to configure additional high availability pairs,repeat this task as required.

Post-installation tasksPerform the following tasks, as required, after you install a standby instance. Instructions can be found in the appropriatesections of the BlackBerry Enterprise Service 10 Configuration Guide.

• If you want to manage iOS devices in your organization's domain, you must obtain an APNs certificate and upload it tothe primary instance and the standby instance.

• If the domain will support work space-enabled iOS devices, enable the Secure Work Space and configure the standbyinstance to support email notifications.

• If necessary, specify the same proxy mappings for the BlackBerry MDS Connection Service and EnterpriseManagement Web Service on the primary instance and the standby instance.

• Using the BlackBerry Administration Service, you can change the log file path for any instance of the core componentsin the domain. If you change the log file path for one instance in a high availability pair, for consistency, you can changethe log file path for the other instance.

Note: If you uninstall a high availability pair, and then you install new instances that will use the same databases, the setupapplication tries to install the second instance of the core components as a standby instance. If you do not want the setupapplication to install the second instance as a standby, use the BlackBerry Administration Service to remove the highavailability pair from the databases before you install the new instances.


46

Installing a standaloneBlackBerry RouterThe BlackBerry Router is designed so that you can install it outside your organization's firewall in the DMZ. The BlackBerryRouter connects to the Internet to send data between the BlackBerry Device Service and BlackBerry devices using theBlackBerry Infrastructure.

The BlackBerry Router is an optional component. If you choose to install the BlackBerry Router, you must install it on acomputer that does not host a BlackBerry Enterprise Service 10 instance or any BlackBerry Enterprise Service 10components. The setup application installs the BlackBerry Router and the BlackBerry Controller, which monitors theBlackBerry Router and restarts it if it stops responding.

Determining which service account to useto install and run the BlackBerry RouterYou can install the BlackBerry Router and run the BlackBerry Router service using any service account that has localadministrator permissions on the computer that you want to install the BlackBerry Router on. The computer that hosts theBlackBerry Router requires a valid DNS suffix and a multisegment host name.

On the computer that you want to install the BlackBerry Router on, you must verify that the following permissions areconfigured for the service account that you want to use (the permissions are part of the Local Security Policy):

• Allow log on locally (if not assigned by default)

• Log on as a service

Install a standalone BlackBerry RouterA standalone BlackBerry Router is a BlackBerry Router that is hosted by a computer that does not host any otherBlackBerry Enterprise Service 10 components except the BlackBerry Controller. The BlackBerry Controller monitors theBlackBerry Router and restarts it if it stops responding.

8

Installation Guide Installing a standalone BlackBerry Router

47

Note: You cannot manage the BlackBerry Controller that monitors a standalone BlackBerry Router in the BlackBerryAdministration Service. You must manage the BlackBerry Controller in the BES10 Configuration Tool on the computer thathosts the standalone BlackBerry Router.

Before you begin: Verify that the service account that you use to install the BlackBerry Router has local administratorpermissions on the computer that you perform the installation process on.

1. Log in to the computer that you want to install the BlackBerry Router on using the service account that you want touse to run the BlackBerry Router service.


3. Review the information for the account that you used to log in. To use this account to run the BlackBerry Routerservice, click Continue Installation.




c. Click Next.

5. In the Setup type dialog box, select Install a standalone BlackBerry Router. Click Next.


7. In the Accounts and folders dialog box, perform the following actions:

a. In the Password field, type the password for the service account that you used in step 1.

b. If necessary, change the location of the installation folder and log-file folder.

c. Click Next.


9. In the Installation dialog box, when the installation status is complete for all items, click Next.

10. In the SRP information dialog box, in the SRP host section, perform the following actions:

a. If necessary, change the SRP address and port number for the BlackBerry Infrastructure. The default portnumber is 3101 and the default host name is determined by your country or region.

b. Click Verify to verify that the information is correct.

c. Click Next.



48

Connecting to the BlackBerry RouterThe BlackBerry Router manages the connection to the BlackBerry Infrastructure for the BlackBerry Device Service. If youinstalled a standalone BlackBerry Router, you must permit the BlackBerry Dispatcher that you installed with theBlackBerry Enterprise Service 10 core components to connect to the BlackBerry Router. You can configure one or moreBlackBerry Dispatcher instances to use the same SRP address and connect to the BlackBerry Router.

Connect the BlackBerry Device Service to theBlackBerry Router1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution

topology > BlackBerry Domain > Component view > BlackBerry Device Service.

2. Click the BlackBerry Device Service that you want to assign the BlackBerry Router to.

3. Click Edit instance.

4. In the SRP addresses section, type the FQDN of the computer that hosts the BlackBerry Router.

5. If the BlackBerry Dispatcher instance uses a port number other than port number 3101 to open connections to theBlackBerry Router, in the Port override field, type the port number.

6. Click the Add icon.

7. Click the Delete icon beside the SRP address for the BlackBerry Infrastructure.

8. Click Save all.

9. Restart the BlackBerry Device Service using one of the following methods:

• Click Restart instance.

• In the Windows Services, restart the BlackBerry Dispatcher service.


49

Postinstallation tasks

Test the BlackBerry Enterprise Service 10installation1. In the Windows Services, verify that the services for BlackBerry Enterprise Service 10 are running.

2. In the Windows Event Viewer and log files that are located in <drive>:\Program Files (x86)\Research In Motion\BlackBerry Enterprise Service 10\Logs, check for error messages.

3. In Microsoft IIS, check that the websites for the Core Module and Communication Module are started.

4. Add a test user account in the BlackBerry Device Service console and the Universal Device Service console.If you can add a test user account, the connection from BlackBerry Enterprise Service 10 to the BlackBerryEnterprise Service 10 databases is open.

5. For the BlackBerry MDS Connection Service, browse to http://<server_name>:9080, where <server_name> is thename of the computer that hosts the BlackBerry Enterprise Service 10 core components.If the status page appears, the BlackBerry MDS Connection Service is running.

After you finish: For troubleshooting information, visit www.blackberry.com/support.

Test the connection to the BlackBerryInfrastructureTo make sure that the BlackBerry Dispatcher or BlackBerry Router can connect to the BlackBerry Infrastructure, you cantest the connection using the BBSRPTest tool that is included with the BlackBerry Enterprise Service 10 installation files.The BBSRPTest tool tries to connect to the BlackBerry Infrastructure using the SRP address and SRP port number that youspecified for the BlackBerry Infrastructure during the installation process.

Before you begin: Verify that the BlackBerry Enterprise Service 10 installation files are on the computer that you want totest the connection from.

9

Installation Guide Postinstallation tasks

50

http://www.blackberry.com/support

1. Log in to the computer that you want to test the connection from. If you installed a standalone BlackBerry Router, testthe connection from the computer that hosts the BlackBerry Router. Otherwise, test the connection from thecomputer that hosts the BlackBerry Enterprise Service 10 core components.

2. Open a command prompt window.

3. Change the directory to <installation_files>\Tools.

4. Type bbsrptest.exe -host <srp_address> -port <port>, where <srp_address> is the SRP address that you specifiedduring the installation process and <port> is the SRP port number. For example, at the command line, typebbsrptest.exe -host server1.example.com -port 3101.

5. Press ENTER.

After you finish: If the test does not complete, use the Windows Sockets (also known as WINSOCK) error code to diagnosethe problem. For more information, visit msdn.microsoft.com to read about Windows Sockets error codes.

Best practice: Running BlackBerryEnterprise Service 10Best practice Description

Do not change the startup type for theBlackBerry Enterprise Service 10services.

When you install or upgrade BlackBerry Enterprise Service 10, the setupapplication configures the startup type for the BlackBerry Enterprise Service 10services as either automatic or manual.

To avoid errors in BlackBerry Enterprise Service 10, do not change the startuptype for the BlackBerry Enterprise Service 10 services.

Do not change the account informationfor the BlackBerry Enterprise Service 10services.

When you install or upgrade BlackBerry Enterprise Service 10, the setupapplication configures the account information for the BlackBerry EnterpriseService 10 services.

Do not change the account information for BlackBerry Enterprise Service 10unless the BlackBerry Enterprise Service 10 documentation specifies that youcan.

Disable unnecessary algorithmsTo help protect your BlackBerry Enterprise Service 10 instance from malicious attacks, you can disable any unnecessaryalgorithms. To help you determine which algorithms to disable, visit support.microsoft.com to review KB245030, “How torestrict the use of certain cryptographic algorithms and protocols in Schannel.dll."


51

http://msdn.microsoft.com

https://www.support.microsoft.com

Configuring database permissions usingMicrosoft SQL Server rolesThe setup application requires the service account or Microsoft SQL Server account that it uses during the installation orupgrade process to have permissions on the database server to create or upgrade the BlackBerry Enterprise Service 10databases. After the installation or upgrade process completes, you can change the database permissions for the serviceaccount or Microsoft SQL Server account to the minimum permissions that BlackBerry Enterprise Service 10 requires torun.

When you change the database permissions, you can use Microsoft SQL Server security to minimize the operations that theservice account or Microsoft SQL Server account can perform on the BlackBerry Enterprise Service 10 databases. Thefollowing table describes the Microsoft SQL Server roles that are required by the setup application and BlackBerryEnterprise Service 10.

Database role Description

db_owner The setup application or the CreateDB executable automatically adds theaccount that you use to create the BlackBerry Enterprise Service 10 databasesto this role.

This role contains the minimum permissions that the setup application requiresto upgrade the BlackBerry Configuration Database and the ManagementDatabase.

rim_db_bes_server The setup application or the CreateDB executable automatically creates thisrole when it creates the BlackBerry Configuration Database.

This role contains the minimum permissions that BlackBerry Enterprise Service10 requires to perform necessary operations on the BlackBerry ConfigurationDatabase.

rim_db_uds_server The setup application or the CreateDB executable automatically creates thisrole when it creates the Management Database.

This role contains the minimum permissions that BlackBerry Enterprise Service10 requires to perform necessary operations on the Management Database.


52

Configure minimum database permissions for theservice account or Microsoft SQL Server accountYou can configure minimum database permissions for the service account or Microsoft SQL Server account thatBlackBerry Enterprise Service 10 uses to connect to the BlackBerry Enterprise Service 10 databases.

Before you begin: Add a different Windows account or Microsoft SQL Server account to the db_owner database role for theBlackBerry Configuration Database and the Management Database.

1. Open the Microsoft SQL Server Management Studio.

2. Expand Microsoft SQL Server > Security > Logins.

3. Right-click the service account or Microsoft SQL Server account and click Properties.

4. Click User Mapping and select the BlackBerry Configuration Database.

5. In the Database role membership section, select rim_db_bes_server.

6. Remove all other database role memberships except public.

7. Select the Management Database.

8. In the Database role membership section, select rim_db_uds_server.

9. Remove all other database role memberships except public.

10. Click OK.


53

Removing the BlackBerryEnterprise Service 10 softwareYou can use the uninstall application to remove the BlackBerry Enterprise Service 10 software from a computer that hostsBlackBerry Enterprise Service 10. The uninstall application can also remove the log files for the existing installation.

The uninstall application does not remove the BlackBerry Enterprise Service 10 databases from the database server and itdoes not remove the database instance that hosts the BlackBerry Enterprise Service 10 databases.

Remove the BlackBerry Enterprise Service10 software1. On the taskbar, click Start > Control Panel.

2. Click Uninstall a program.

3. Click BlackBerry Enterprise Service 10.

4. Click Uninstall.

5. If the uninstall application prompts you to restart the computer to finish removing the BlackBerry Enterprise Service10 software, click OK.

After you finish: You can remove third-party software that the setup application installed during the BlackBerry EnterpriseService 10 installation process (for example, you can remove the JRE software from the computer).

10

Installation Guide Removing the BlackBerry Enterprise Service 10 software

54

Product documentationTo read the following guides or other related materials, visit docs.blackberry.com/BES10.

Category Resource Description

Overview Introduction to BlackBerryEnterprise Service 10

• Quick, visual introduction to BlackBerry Enterprise Service10 at a high level

What's New in BlackBerryEnterprise Service 10 QuickReference

• Summary of new features, enhancements, and updates inBlackBerry Enterprise Service 10

BlackBerry Enterprise Service10 Product Overview

• Introduction to BlackBerry Enterprise Service 10 and itsfeatures

• Finding your way through the documentation

• Architecture

Enterprise Solution ComparisonChart

• Comparison of what features are available across differentBlackBerry enterprise solutions

Supported Features by DeviceType

• Comparison of what features are supported for each type ofdevice in BlackBerry Enterprise Service 10

BlackBerry Enterprise Service10 Architecture and Data FlowQuick Reference Guide

• Descriptions of BlackBerry Enterprise Service 10components

• Descriptions of activation and email data flows for differenttypes of devices

Release notes BlackBerry Enterprise Service10 Release Notes

• Descriptions of known issues and potential workarounds

Installation andupgrade

BlackBerry Enterprise Service10 Compatibility Matrix

• Software that is compatible with BlackBerry EnterpriseService 10

11

Installation Guide Product documentation

55



BlackBerry Enterprise Service10 Performance Calculator

• Tool to estimate the hardware required to support a givenworkload for BlackBerry Enterprise Service 10

BlackBerry Enterprise Service10 Installation Guide

• System requirements

• Installation instructions

BlackBerry Enterprise Service10 Upgrade Guide

• System requirements

• Upgrade instructions

Configuration BlackBerry Enterprise Service10 Licensing Guide

• Descriptions of different types of licenses

• Instructions for activating and managing licenses inBlackBerry Management Studio

BlackBerry Enterprise Service10 Configuration Guide

• Instructions for how to configure server components beforeyou start administering users and their devices

Administration BlackBerry Management StudioBasic Administration Guide

• Basic administration for all supported device types, includingBlackBerry 10 devices, BlackBerry PlayBook tablets, iOSdevices, Android devices, and BlackBerry 7.1 and earlierdevices

• Instructions for creating and managing user accounts inmultiple Services

• Instructions for managing multiple devices for each useraccount

BlackBerry Device ServiceAdvanced Administration Guide

• Advanced administration for BlackBerry 10 devices andBlackBerry PlayBook tablets

• Instructions for creating user accounts, groups, roles, andadministrator accounts

• Instructions for activating devices

• Instructions for creating and sending IT policies and profiles

• Instructions for managing apps on devices

Universal Device ServiceAdvanced Administration Guide

• Advanced administration for iOS and Android devices


56


• Instructions for creating user accounts, groups, andadministrator accounts

• Instructions for activating devices

• Instructions for creating and sending IT policies and profiles

• Instructions for managing apps on devices

• Descriptions of IT policy rules for iOS and Android devices

BlackBerry Device ServicePolicy Reference Spreadsheet

• Descriptions of IT policy rules for BlackBerry 10 devices andBlackBerry PlayBook tablets

Security BlackBerry Device ServiceSolution Security TechnicalOverview

• Description of the security maintained by the BlackBerryDevice Service, BlackBerry Infrastructure, and BlackBerry10 devices and BlackBerry PlayBook tablets to protect dataand connections

• Description of the BlackBerry 10 OS

• Description of the BlackBerry PlayBook OS

• Description of how work data is protected on BlackBerry 10devices and BlackBerry PlayBook tablets when you use theBlackBerry Device Service

Secure Work Space for iOS andAndroid Security Note

• Description of the security maintained by the UniversalDevice Service, BlackBerry Infrastructure, and work space-enabled devices to protect work space data at rest and intransit

• Description of how work space apps are protected on workspace-enabled devices when you use the Universal DeviceService


57

Glossary

APNs Apple Push Notification service

BlackBerryEnterprise Service10 databases

The BlackBerry Enterprise Service 10 databases are the BlackBerry Configuration Database(associated with the BlackBerry Device Service) and the Management Database (associatedwith the Universal Device Service). By default, the databases are named BDSMgmt andBDSMgmt_UDS, respectively, when you install BlackBerry Enterprise Service 10.

BlackBerryEnterprise Service10 domain

A BlackBerry Enterprise Service 10 domain consists of the BlackBerry Enterprise Service 10databases and any BlackBerry Enterprise Service 10 instances that connect to them.

BlackBerry MDS BlackBerry Mobile Data System

CSR certificate signing request

DMZ A demilitarized zone (DMZ) is a neutral subnetwork outside of an organization's firewall. It existsbetween the trusted LAN of the organization and the untrusted external wireless network andpublic Internet.

DNS Domain Name System

FQDN fully qualified domain name

HTTP Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol over Secure Sockets Layer

IIS Internet Information Services

IKE Internet Key Exchange

IP Internet Protocol

IP address An Internet Protocol (IP) address is an identification number that each computer or mobiledevice uses when it sends or receives information over a network, such as the Internet. Thisidentification number identifies the specific computer or mobile device on the network.

IPsec Internet Protocol Security

JRE Java Runtime Environment

LAN local area network

LDAP Lightweight Directory Access Protocol

12

Installation Guide Glossary

58

NIC network interface card

RRAS Routing and Remote Access service

SMTP Simple Mail Transfer Protocol

SRP Server Routing Protocol

SSL Secure Sockets Layer

TCP Transmission Control Protocol

TLS Transport Layer Security

VPN virtual private network

WebDAV Web Distributed Authoring and Versioning

XML Extensible Markup Language

Installation Guide Glossary

59

Legal notice©2015 BlackBerry. All rights reserved. BlackBerry® and related trademarks, names, and logos are the property ofBlackBerry Limited and are registered and/or used in the U.S. and countries around the world.

Apple is a trademark of Apple Inc. Check Point is a trademark of Check Point Software Technologies Ltd. Cisco, Cisco IOS,and PIX are trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. iOS is atrademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. iOS® is used under license byApple Inc. Android is a trademark of Google Inc. Intel and Xeon are trademarks of Intel Corporation in the U.S. and/or othercountries. Juniper and NetScreen are trademarks of Juniper Networks, Inc. Microsoft, ActiveSync, Active Directory,ActiveX, Hyper-V, Internet Explorer, SQL Server, Windows, Windows PowerShell, and Windows Server are either registeredtrademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Java, JavaScript, and JREare trademarks of Oracle and/or its affiliates. VMware is a registered trademark or trademark of VMware, Inc. in the UnitedStates and/or other jurisdictions. Wi-Fi is a trademark of the Wi-Fi Alliance. All other trademarks are the property of theirrespective owners.

This documentation including all documentation incorporated by reference herein such as documentation provided ormade available on the BlackBerry website provided or made accessible "AS IS" and "AS AVAILABLE" and withoutcondition, endorsement, guarantee, representation, or warranty of any kind by BlackBerry Limited and its affiliatedcompanies ("BlackBerry") and BlackBerry assumes no responsibility for any typographical, technical, or otherinaccuracies, errors, or omissions in this documentation. In order to protect BlackBerry proprietary and confidentialinformation and/or trade secrets, this documentation may describe some aspects of BlackBerry technology in generalizedterms. BlackBerry reserves the right to periodically change information that is contained in this documentation; however,BlackBerry makes no commitment to provide any such changes, updates, enhancements, or other additions to thisdocumentation to you in a timely manner or at all.

This documentation might contain references to third-party sources of information, hardware or software, products orservices including components and content such as content protected by copyright and/or third-party websites(collectively the "Third Party Products and Services"). BlackBerry does not control, and is not responsible for, any ThirdParty Products and Services including, without limitation the content, accuracy, copyright compliance, compatibility,performance, trustworthiness, legality, decency, links, or any other aspect of Third Party Products and Services. Theinclusion of a reference to Third Party Products and Services in this documentation does not imply endorsement byBlackBerry of the Third Party Products and Services or the third party in any way.

EXCEPT TO THE EXTENT SPECIFICALLY PROHIBITED BY APPLICABLE LAW IN YOUR JURISDICTION, ALL CONDITIONS,ENDORSEMENTS, GUARANTEES, REPRESENTATIONS, OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,INCLUDING WITHOUT LIMITATION, ANY CONDITIONS, ENDORSEMENTS, GUARANTEES, REPRESENTATIONS ORWARRANTIES OF DURABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, MERCHANTABILITY, MERCHANTABLEQUALITY, NON-INFRINGEMENT, SATISFACTORY QUALITY, OR TITLE, OR ARISING FROM A STATUTE OR CUSTOM OR ACOURSE OF DEALING OR USAGE OF TRADE, OR RELATED TO THE DOCUMENTATION OR ITS USE, OR PERFORMANCEOR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTY PRODUCTS AND SERVICESREFERENCED HEREIN, ARE HEREBY EXCLUDED. YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY BY STATE ORPROVINCE. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES AND

13

Installation Guide Legal notice

60

CONDITIONS. TO THE EXTENT PERMITTED BY LAW, ANY IMPLIED WARRANTIES OR CONDITIONS RELATING TO THEDOCUMENTATION TO THE EXTENT THEY CANNOT BE EXCLUDED AS SET OUT ABOVE, BUT CAN BE LIMITED, AREHEREBY LIMITED TO NINETY (90) DAYS FROM THE DATE YOU FIRST ACQUIRED THE DOCUMENTATION OR THE ITEMTHAT IS THE SUBJECT OF THE CLAIM.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, IN NO EVENT SHALLBLACKBERRY BE LIABLE FOR ANY TYPE OF DAMAGES RELATED TO THIS DOCUMENTATION OR ITS USE, ORPERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE, HARDWARE, SERVICE, OR ANY THIRD PARTYPRODUCTS AND SERVICES REFERENCED HEREIN INCLUDING WITHOUT LIMITATION ANY OF THE FOLLOWINGDAMAGES: DIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, SPECIAL, PUNITIVE, OR AGGRAVATEDDAMAGES, DAMAGES FOR LOSS OF PROFITS OR REVENUES, FAILURE TO REALIZE ANY EXPECTED SAVINGS, BUSINESSINTERRUPTION, LOSS OF BUSINESS INFORMATION, LOSS OF BUSINESS OPPORTUNITY, OR CORRUPTION OR LOSS OFDATA, FAILURES TO TRANSMIT OR RECEIVE ANY DATA, PROBLEMS ASSOCIATED WITH ANY APPLICATIONS USED INCONJUNCTION WITH BLACKBERRY PRODUCTS OR SERVICES, DOWNTIME COSTS, LOSS OF THE USE OF BLACKBERRYPRODUCTS OR SERVICES OR ANY PORTION THEREOF OR OF ANY AIRTIME SERVICES, COST OF SUBSTITUTE GOODS,COSTS OF COVER, FACILITIES OR SERVICES, COST OF CAPITAL, OR OTHER SIMILAR PECUNIARY LOSSES, WHETHER ORNOT SUCH DAMAGES WERE FORESEEN OR UNFORESEEN, AND EVEN IF BLACKBERRY HAS BEEN ADVISED OF THEPOSSIBILITY OF SUCH DAMAGES.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION, BLACKBERRY SHALL HAVE NOOTHER OBLIGATION, DUTY, OR LIABILITY WHATSOEVER IN CONTRACT, TORT, OR OTHERWISE TO YOU INCLUDING ANYLIABILITY FOR NEGLIGENCE OR STRICT LIABILITY.

THE LIMITATIONS, EXCLUSIONS, AND DISCLAIMERS HEREIN SHALL APPLY: (A) IRRESPECTIVE OF THE NATURE OF THECAUSE OF ACTION, DEMAND, OR ACTION BY YOU INCLUDING BUT NOT LIMITED TO BREACH OF CONTRACT,NEGLIGENCE, TORT, STRICT LIABILITY OR ANY OTHER LEGAL THEORY AND SHALL SURVIVE A FUNDAMENTALBREACH OR BREACHES OR THE FAILURE OF THE ESSENTIAL PURPOSE OF THIS AGREEMENT OR OF ANY REMEDYCONTAINED HEREIN; AND (B) TO BLACKBERRY AND ITS AFFILIATED COMPANIES, THEIR SUCCESSORS, ASSIGNS,AGENTS, SUPPLIERS (INCLUDING AIRTIME SERVICE PROVIDERS), AUTHORIZED BLACKBERRY DISTRIBUTORS (ALSOINCLUDING AIRTIME SERVICE PROVIDERS) AND THEIR RESPECTIVE DIRECTORS, EMPLOYEES, AND INDEPENDENTCONTRACTORS.

IN ADDITION TO THE LIMITATIONS AND EXCLUSIONS SET OUT ABOVE, IN NO EVENT SHALL ANY DIRECTOR,EMPLOYEE, AGENT, DISTRIBUTOR, SUPPLIER, INDEPENDENT CONTRACTOR OF BLACKBERRY OR ANY AFFILIATES OFBLACKBERRY HAVE ANY LIABILITY ARISING FROM OR RELATED TO THE DOCUMENTATION.

Prior to subscribing for, installing, or using any Third Party Products and Services, it is your responsibility to ensure thatyour airtime service provider has agreed to support all of their features. Some airtime service providers might not offerInternet browsing functionality with a subscription to the BlackBerry® Internet Service. Check with your service provider foravailability, roaming arrangements, service plans and features. Installation or use of Third Party Products and Services withBlackBerry's products and services may require one or more patent, trademark, copyright, or other licenses in order toavoid infringement or violation of third party rights. You are solely responsible for determining whether to use Third PartyProducts and Services and if any third party licenses are required to do so. If required you are responsible for acquiringthem. You should not install or use Third Party Products and Services until all necessary licenses have been acquired. AnyThird Party Products and Services that are provided with BlackBerry's products and services are provided as aconvenience to you and are provided "AS IS" with no express or implied conditions, endorsements, guarantees,representations, or warranties of any kind by BlackBerry and BlackBerry assumes no liability whatsoever, in relation


61

thereto. Your use of Third Party Products and Services shall be governed by and subject to you agreeing to the terms ofseparate licenses and other agreements applicable thereto with third parties, except to the extent expressly covered by alicense or other agreement with BlackBerry.

The terms of use of any BlackBerry product or service are set out in a separate license or other agreement with BlackBerryapplicable thereto. NOTHING IN THIS DOCUMENTATION IS INTENDED TO SUPERSEDE ANY EXPRESS WRITTENAGREEMENTS OR WARRANTIES PROVIDED BY BLACKBERRY FOR PORTIONS OF ANY BLACKBERRY PRODUCT ORSERVICE OTHER THAN THIS DOCUMENTATION.

BlackBerry Limited2200 University Avenue EastWaterloo, OntarioCanada N2K 0A7

BlackBerry UK Limited200 Bath RoadSlough, Berkshire SL1 3XEUnited Kingdom

Published in Canada


62

blackberry enterprise service 10-10.2-installation...

Documents