The new face of BES - Connecting Blackberry 10 devices to Exchange

by Ed Sparks

With Blackberry 10 just days away from launch, we're seeing an increasing amount of interest and confusion about how these new devices will connect with mail environments, and how it compares to previous versions of the devices and servers.

Part of this confusion is due to RIM somewhat changing the plan along the (very long) way to BB 10. Thankfully the initial impressions of the devices look solid, so we expect there to be an uptick in usage again.

So what's changed? In a word, everything.

BB 10 (and Playbook 2.x) devices all use Exchange Activesync (EAS) as their only supported method of syncing with email servers.  This is great news for Exchange, and reduces much of the complexity of past.  The biggest win is that the devices now natively support email without a BES or BIS connection - just like iOS, Windows Phone and Android.  MUCH better user experience.

In the Enterprise, a BES is no longer required at all, if you simply want to connect and manage your BB 10 handhelds in a mostly unmanaged way - simply by continuing to publish your EAS servers to the public internet.  Autodiscovery and all of those niceties are supported by BB10.  As are EAS policies for passwords, remote wiping and the like.

So what does RIM bring to the table beyond that as part of their 'legendary security'?

It turns out quite a nice set of functionality - albeit at a pretty high price point.

Blackberry Enterprise Service is (not Server) is the new BES 10 but this has no relation to the old BES.  It is simply a management tool, and is an updating and re-branding of their previous Mobile Fusion, and Universal/Blackberry device services products.  The new BES will NOT talk to older Blackberry devices.  Period.  You will always need to keep a BES 5 server around while still using legacy devices.

Nicely, however, the BES 10 management product will manage your old devices, by pushing down policy to BES 5 and onto the devices.  Likewise, it will manage Android and iOS devices with certificate management, and installable clients if desired.  You can keep consistent policy across all of these, and report on them etc.  Sounds quite promising.

As for syncing - where most of the confusion occurs due to the native EAS support - is what BES 10 adds to that part of the puzzle.  

RIM will offer three levels of EAS/security:

1. Native EAS - no BES involved
2. Native EAS with BES Management - pushes the email settings and policy to the devices (so user's don't have to enter anything, and BES policy trumps EAS policy)
3. Full BES (our name) - device connections will be routed over an encrypted tunnel through the RIM network, back into your BES and then proxied on behalf of the user into the internal EAS server.  External publishing of EAS is not required.  This will only function on the "Work" side of the Blackberry 10 or Playbook 2's "Balance" profiles.  Casual users cannot natively get this functionality.

Overall we think the approach they are taking makes a lot of sense, and is a huge improvement over the former days of the steaming pile of Java crud that was the old BES.
It remains to be seen how well all this comes together, but if RIM pulls this off correctly, they've got a fighting chance, at not only a good device, but a great MDM product as well.

BES 10 is now available for download.

Need help with updating your environment? Questions?  Contact us today for Blackberry therapy.