When you create an enterprise grade mobile application, you can see a lot of hurdles to actually be able to deploy in on the mobile devices. In this presentation a short overview is given on how the BlackBerry Enterprise Platform tackles this and shows how easy secure application development could be.
3. O V E R V I E W
BlackBerry Balance
BlackBerry Enterprise Service 10
BlackBerry Enterprise Push
Development Options
Development Considerations
Opportunities in the Enterprise
6. B L A C K B E R R Y B A L A N
C E
Separate File System for Work Applications
Secures Work Application data
No Access allowed from the Personal perimeter
Separated Network
Always on VPN to the internal Network of the Company
All network traffic is through the VPN
Application Management
Allows companies to manage, deploy, remove and update Applications
8. B L A C K B E R R Y W O R L D 4
W O R K
Provides the Enterprise App Store
Shows available and required Applications to the Employee
Allows install of additional Apps in the Work Perimeter
Allows white listing of Apps in the commercial BlackBerry World
Managed by the BlackBerry Enterprise Service 10 Admin
Uploads Application bar files for new and updated applications
Set Application availability to Optional or Required
Whitelists commercial BlackBerry World applications
9. B L A C K B E R R
Y
E N T E R P R I S
E
S E R V I C E 1 0
10. T H E L E A D E R I N E M
M
•90% of the Fortune 500 depend on BlackBerry
•The largest global MDM footprint with over 90K enterprise
customers globally. Over 10X the next largest MDM vendor
•>25,000 BES10 installations
•The trusted enterprise mobility partner for more than 14
years
•Gold standard for multi-platform mobile security,
management and control
11. B L A C K B E R R Y E N T E R P R I S E S E R V I C E
12. BlackBerry MDS
Connection Service
BlackBerry 10
Application Using
Push APIs
Content Push
Initiator Server
Application
Server
B L A C K B E R R Y E N T E R P R I S E P U S H
Pushed Data MDS-CS
Invocation
Framework
Your App
13. E N T E R P R I S E P U S H
Delivering application notification with a push of a button
Allows up to 8KB payload (WAP PAP 2.2) and BlackBerry Push
Provides different submission modes: Point to Point, Multicast and Broadcast
Immediate information with lowered battery usage
Reduce waiting time for real time data which translates to higher data efficiency for
customers
15. BlackBerry Enterprise Server 10
BlackBerry Enterprise Service Machine Requirement
(Virtual or Hardware)
Single processor, 2.0 GHz Intel® Xeon® (two processors recommended)
2 GB of memory
64-bit operating system: Two 64 GB drives (minimum), RAID 1
32-bit operating system: Two 36 GB drives (minimum), RAID 1
Disk space for the BlackBerry Enterprise Server and BlackBerry Administration Service: 550 MB
Disk space for log files: Approximately 2 MB per user per day (100 email messages per user)
19. D E V E L O P M E N T
C O N S I D E R A T I O
N S
20. D E V E L O P M E N T C O N S I D I R A T
I O N S
Work or Personal?
Network Constraints
File system and Access
Applications and Invocation
BlackBerry Push vs Enterprise Push
Impact from Policy Restrictions
Testing you Application
21. W H E R E A M I ?
#include <bb/system/SecurityPerimeter>
LIBS += -lbbsystem
Use bb::system::SecurityPerimeter
0 - Default context
1 – Work Perimeter
2 – Personal Perimeter
22. N E T W O R K S C O N S T R A I
N T S
Only through the MDS-CS VPN tunnel
HTTP/HTTPS Only traffic – NO SOCKETS!
No streaming
Internet access though Company infrastructure (Proxy)
23. G E T T I N G T O F I L E S
Cascades has a class that provides access to the sandbox:
Qdir
Also provided are static functions that give access to the
different paths
QDir::currentPath() – path to the apps working directory
QDir::homePath() – returns the app’s data directory path
QDir::tempPath() – access to the app’s temp directory
Personal File System: /accounts/1000/<your appid>
Work File system: /accounts/1000-enterprise/<your appid>
24. S A N D B O X F I L E S
homePath()app
Compiled application, assets, source (READ ONLY)
homePath()data
This is where you store your data. The $HOME environment variable is this directory (READ/WRITE)
homePath()db
The application's database files. (READ/WRITE though DB API’s)
homePath()logs
System logs for an application. The application's stderr and stdout are redirected to this directory.
homePath()shared
Subfolders that contain shared data grouped by type. All applications can read from this directory. An
application can write to this directory only if the access_shared permission is specified.
homePath()tmp
The application's temporary working files.
25. S H A R E D F I L E S
The Shared directory differs between the Personal and Work Perimeter:
From the personal perimeter you can not access the work perimeter shared
files. From the work perimeter you can access the personal perimeter
shared files (read)
• homePath()shared
Subfolders that contain shared data grouped by type. All applications can read from this directory. An
application can write to this directory only if the access_shared permission is specified.
Work File system: /accounts/1000-enterprise/shared
Personal File System: /accounts/1000/shared
26. D U A L I N G A P P L I C A T I
O N S
Personal
• Isolated to personal perimeter
• No access to work data
• Installed from App World via personal UI
Work
• Isolated to work perimeter
• Can read personal shared data (controllable by IT
rule)
• Deployed through the BES10
Dual
• Operate in both work and personal perimeters
• Simultaneous instances: isolated &
independent
• BlackBerry Apps only!
Hybrid
• Native RIM apps touch both perimeters
• Secures co-mingling of work and personal data
(adjustable by IT rules)
• BlackBerry Apps only!
Work Perimeter Personal Perimeter
Work Apps Hybrid Apps
Personal
Apps
Enterprise App
World
Calendar App World
Enterprise App 1 Contacts Social
Enterprise App 2 Unified Inbox BBM
Enterprise App 3 Reminder Video Chat
Enterprise App 4 Universal Search Camera
Enterprise App .. Dual Apps Phone
Mobile Voice
Service
File
Manager
File
Manager
Other IM &
P2P
Others Documents
To Go
Documents
To Go
Compass
Browser Browser Calculator
Music, Video
& Pictures
Music,
Video &
Android
Runtime
27. P U S H D I F F E R E N C E
S
Internal Network
BlackBerry MDS
Connection Service
BlackBerry 10
Application Using
Push APIs
Content Push
Initiator Server
Application
Server
B L A C K B E R R Y E N T E R P R I S E P U S H
BlackBerry NOC
Push Service
BlackBerry 10
Application Using
Push APIs
Content Push
Initiator Server
Application
Server
B L A C K B E R R Y C O M M E R C I A L P U S H
Internet
28. P U S H D I F F E R E N C E
S
Enterprise Push
Can push to single device (PIN)
Can push to all devices of a user (email address)
Can push to a Group (in BES10)
Can push to all users on a BES10 instance
Commercial Push
Can only push to a specific device (PIN, BBID)
Can push to a Group*
(*When using the Push SDK AddressList)
29. B L A C K B E R R Y
E N T E R P R I S E
IT P O L I C I E S
30. I T P O L I C I E S
IT Policies are used by companies to:
Adhere to compliancy requirements
Adhere to legal requirements
Provide enhanced security where needed
31. I T P O L I C I E S
Various IT Policies have an impact on you Application.
For a full current list of IT Policies of BES10.1.2:
http://docs.blackberry.com/en/admin/deliverables/55544/BE
S10_v10.1.2_BDS_Policy_and_Profile_Reference_Guide_
en.pdf
130 pages of detailed information
32. I T P O L I C I E S H I G H L I
G H T S
Wireless Service Provider Billing (BB10.0/BES10.0)
If Allowed, would make it possible for Employees to purchase apps through the
Companies Carrier Provider.
Application Security Timer Reset (BB10.0/BES10.0)
If allowed, the app can prevent the device from locking.
Restrict Development Mode rule (BB10.0/BDS 6.1)
Values: Yes, No, Default: No
If set to Yes, this will not allow you to debug applications on the device.
34. T E S T I N G Y O U R A P P
Testing your during development
When working on the Enterprise network with development machine:
Deploy on the simulator; It has access to the internal systems too. (this also allows
debugging)
When working outside of the Enterprise network
Establish a VPN on your development machine and use simulator. (this also allows
debugging)
Or use a VPN on a physical BB10 device to the Enterprise network (this will
complicate debugging)
35. T E S T I N G Y O U R A P P
Testing your app in the work perimeter
Upload to BES 10
Add to Software Config
Add to Group or User
Gets pushed to your device
38. G E T A H E A D S T A R T
Test your app in the work perimeter. Make use of the
BES10 trial
Verify your app against the considerations
Engage with/reach out to Enterprise to show your app
and availability in the BlackBerry World
39. D I R E C T S A L E S
Avoid the 30% BlackBerry World Fees
Enterprise License Agreements
Seat Licensing
Custom App Licensing
40. T H E L O N G T A I L
Continues development on contract
Development support (bug fixes)
Enterprise Support (call-desk for users)
Maintenance Updates… Not Free.
41. B U S I N E S S D E V E L O P M
E N T
Create Solutions and Services not just Apps
Work closely with BlackBery to market solutions
Think about Verticals (Financials, Legal, etc.)
Promotion through BlackBerry (BBW, Events, Mailings,
listings, etc)
42. B L A C K B E R R Y P A R T N E R P R O G
R A M
SJAneMa8k1 p0review APAC
Adrian Rusu
September 26-27, 2013
43. B L A C K B E R R Y P A R T N E R
APAC.BlackBerry-Partners.com
44. B L A C K B E R R Y P A R T N E R
Express your interest!
• Be part of first partner onboarding
• Support for all parts of business: sales,
marketing, technical
• Close touch with all BlackBerry enterprise
services & solutions
• Be part of a program that evolves with your
business
www.apac.BlackBerry-partners.com
45. B L A C K B E R R
Y
K E E P O N M O V I N G .
Q & A
46. R E F E R E N C E S / D E M O S
GitHub
https://github.com/blackberry/BES10-Cascades
Enterprise Push demo
http://bizblog.blackberry.com/2013/06/push-enterprise-apps/
Emergency Contact List
https://github.com/blackberry/BES10-Cascades/tree/master/ECL
BizBlog
http://bizblog.blackberry.com/
developer.blackbery.com
https://developer.blackberry.com/devzone/develop/enterprise/enterprise_overview.h
tml
47. R E F E R E N C E S / D E M O S
BlackBerry Jam Asia Enterprise Sessions
JAM811 – Enterprise 201: BlackBerry Enterprise Service 10.1
Overview and Deploying Apps in the Secure Workspace for Android
and iOS
Thursday, 26 Sep, 4:45 PM - 5:45 PM
JAM823 - Delivering Data with Push & MDS Push
Friday, 27 Sep,10:45 AM - 11:45 AM
JAM826 - Calling and Consuming Web Services with oData
Friday, 27 Sep, 3:30 PM - 4:30 PM
48. T H A N K Y O U
JAM810
Dennis Reumer - @reumerd
linkedin.com/in/dennisreumer
September 26-27, 2013
49. I T P O L I C I E S A P P E N
D I X
Overview of all the IT Policies that can have an impact
on your Application
Constraints
Disabled hardware
Limitation (to connectivity)
50. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Balance Devices
Wireless Service Provider Billing (BB10.0/BES10.0)
If Allowed, would make it possible for Employees to purchase apps through the
Companies Carrier Provider.
Transfer Work Contacts Using Bluetooth PBAP/HFP rule
(BB10.0/BES10.0)
Transfer Work Files Using Bluetooth OPP rule (BB10.0/BES10.0)
Transfer Work Messages Using Bluetooth MAP rule
(BB10.0/BES10.0)
Transfer Work Messages Using Bluetooth MAP Without Prompt rule
(BB10.1/BES10.1)
Application Security Timer Reset (BB10.0/BES10.0)
If allowed, the app can prevent the device from locking.
51. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Balance Devices
Security Timeout rule (BB10.0/BDS 6.0)
Time in Minutes. Once reached the Work Space is locked and to access your
application the users needs to enter the Work Space password. You app continues
to run in background.
Default: 45 minutes
Voice Control rule (BB10.0/BES10.0)
Values: Allow, Disallow for email and Calendar, Disallow
Default: Allow
Work Data Uses Only Work Network rule (BB10.1/BES10.1)
Values: Yes, No, Default: No
Work Data can use both the MDS-CS as the BlackBerry NOC infrastructure
52. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Balance Devices
Backup and Restore Work Space rule (BB10.0/BES10.0)
Values: Allow, Disallow, Default value: Allow
Allows you to make a backup of the work perimeter apps through BlackBerry Link.
Personal Apps Access to Work Contacts rule (BB10.0/BES10.0)
Values: All, Only BlackBerry Apps, None, Default value: All
Allows personal apps to access work contact data
Restrict Development Mode rule (BB10.0/BDS 6.1)
Values: Yes, No, Default: No
If set to Yes, this will not allow you to debug applications on the device.
53. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Balance Devices
Share Work Data During BBM Video Screen Sharing rule
(BB10.0/BES10.0)
Values: Allow, Disallow, Default value: Allow
Allows to share the Work Data (like contacts) screens over the commercial BBM
Voice Dictation in Work Apps rule (BB10.0/BES10.0)
Values: Allow, Disallow, Default value: Allow
Allows voice dictation to be used for Work Applications
Wipe the Work Space Without Network Connectivity rule
(BB10.0/BDS6.0)
Values: 2 to 8760 hours, Default: Null value (Disabled)
If set the device will wipe the Work Space after x hours of no connectivity to the
BlackBerry Enterprise Service.
54. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Balance Devices
Work App Access to Shared Files in the Personal Space
(BB10.1/BES10.0)
Values: Allow, Disallow, Default value: Allow
If set to disallow, work applications can not access the shared files in the personal
space.
Cloud Storage Access from Work Space rule (BB10.0/BES10.0)
Values: Allow, Disallow, Default value: Allow
If set to disallow, no Cloud Storage access is possible from the Work Space file
system. (e.g. Dropbox, Box)
Open Links in Work Email Messages in the Personal Browser rule
(BB10.0/BES10.0)
Values: Allow, Disallow, Default value: Allow
Allows links in work email messages to be opened in the Personal Browser
55. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Balance Devices
Work App Access to Shared Files in the Personal Space
(BB10.1/BES10.0)
Values: Allow, Disallow, Default value: Allow
If set to disallow, work applications can not access the shared files in the personal
space.
Cloud Storage Access from Work Space rule (BB10.1/BES10.0)
Values: Allow, Disallow, Default value: Allow
If set to disallow, no Cloud Storage access is possible from the Work Space file
system. (e.g. Dropbox, Box)
56. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
Bluetooth rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallowed, no Bluetooth can be used.
Bluetooth A2DP rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow no music can be played via Bluetooth
Bluetooth AVRCP rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, no media control is possible over bluetooth
57. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
Bluetooth Contacts Transfer Using PBAP rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If disallowed no contact transfer is possible through PBAP
Bluetooth Discoverable Mode rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, the device is not discoverable for Bluetooth
Bluetooth File Transfer Using OBEX rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, no file transfers are possible over Bluetooth
58. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
Bluetooth HFP rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If disallowed the HFP profile is disabled and carkits can not connect
Bluetooth MAP rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, the MAP profile is disable and can’t be used with a carkit
Bluetooth Pairing rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, no new connections can be made on the device
59. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
Bluetooth PAN Profile rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If disallowed the PAN profile is disabled and can’t be used
Bluetooth SPP rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, the SPP profile is disable and can’t be used
Camera rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use the camera on the device , also not in your
application.
60. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
Enforce Bluetooth Secure Simple Pairing Numeric Comparison rule
(BB10.1/BES10.1)
Values: Yes, No, Default value: No
If yes the user needs to use a full numeric comparison to establish pairing
Enforce Minimum Bluetooth Passkey Length rule (BB10.1/BES10.1)
Values: Yes, No Default value: No
If set to Yes, only device with at least 8 numerics are allowed to establish
connections
HDMI rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use the HDMI port , also not in your application.
61. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
Location Services rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use location services on the device, also not in your
application.
NFC rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use NFC services on the device, also not in your
application.
Wi-Fi rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use WiFi services on the device, also not in your
application.
62. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
Computer Access to Device rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use connect the device through USB or WiFi Sharing
to a computer.
Media Card rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use a media card in the device, also not in your
application.
Voice Dictation rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use voice dictation services on the device, also not in
your application.
63. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
BBM rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use BBM on the device through USB or WiFi Sharing
to a computer.
BBM Video/BBM Voice rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use BBM Video/Voice on the device, also not in your
application.
BlackBerry Maps rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use MAPS on the device, also not in your application.
64. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
Find More Contact Details rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use Find More contact on the device
Hotspot Browser rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use a HotSpot for connectivity on the device, also not
in your application.
Media Sharing rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use Media Sharing on the device, also not in your
application.
65. I T P O L I C I E S H I G H L I
G H T S
BlackBerry Work only Devices
SMS/MMS rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use SMS on the device
YouTube for BlackBerry Devices rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow
If set to disallow, you can not use YouTube on the device
Editor's Notes
Change the BlackBerry Device service to BES 10
-> Server requirements / Windows -> Virtual machine 2GB
Internal Enterprise deployements
-> Server requirements / Windows -> Virtual machine 2GB
Internal Enterprise deployements
This support is all delivered through www.apac.blackberry-partners.com
You simply create an account and invite other users from your businessYou’re in controlIt’s a secure, single interface that adapts content for your staff Tailored to your market, your business and your users
The support we offer is tailored to your business – and to the different employee roles.
There are multiple Tiers within the program. All Partners will start off in the Associate (**or Authorised – can’t recall what we agreed) tier with the opportunity to gain promotion, based on sales volume and program engagement.
Sales people will be supported with product information, selling guides, sales training, sales certification and target-driven incentive programs. In the near future, we plan to provide sales leads to your sales team as a part and benefit of being an engaged and active Partner.
The Marketing people in your business can access product and campaign templates, advice and guidance. In the future we plan to expand the range of joint marketing opportunities.
Your pre-sales Technical teams will have access to the appropriate documentation, guidance and tools that they need to fulfil their role.
As a Business owner, when you join our inner circle, we’ll share confidential solution and roadmap plans for the future, so that you can plan and adapt your business accordingly.
Most of all, as the program evolves; we plan to help you with related business planning, lead generation and sales conversion. We recognize that the successful future of our business depends on the successful future of your business.
This support is all delivered through www.apac.blackberry-partners.com
You simply create an account and invite other users from your businessYou’re in controlIt’s a secure, single interface that adapts content for your staff Tailored to your market, your business and your users