|Read more about this book|
(For more resources on BES, see here.)
BlackBerry Enterprise users must already exist on the Microsoft Exchange Server. As with the administrative users, to make tasks and management of device users easier, we can create groups and add users to the groups, and then assign policies to the whole group rather than individual users. Again, users can be part of multiple groups and we will see how the policies are affected and applied when users are in more than one group.
Creating users on the BES 5.0
We will go through the following steps to create users on the BES 5.0:
- Within the BlackBerry Administration Service, navigate to the BlackBerry solution management section.
- Expand User and select Create a user.
- We can now search for the user we want to add either by typing the user’s display name or e-mail address. Enter the search criteria and select Search.
- We then have the ability to add the user to any group we have already created; in our case we only have an administrative group. We have three options on how the user will be created, with regards to how the device for the user will be activated:
- With activation password: This will allow us to set an activation password along with the expiry time of the activation password for the user
- With generated activation password: The system will autogenerate a password for activation, based on the settings we have made in our BlackBerry Server (shown further on in this article)
- Without activation password: This will create just a user who will have no pre-configured method for assigning a device
- For this example, we will select Create a user without activation password. Once we have covered the theory and explored the settings within this article regarding activating devices, we will return to the other two options.
We can create a user even if the search results do not display the user—generally this occurs when the Exchange Server has not yet synched the user account to the BlackBerry Configuration Database, typically when new users are added. This method is shown in Lab.
Groups can be created to help manage users within our network and simplify tasks. Next we are going to look at creating a group that will house users—all belonging to our Sales Team.
Creating a user-based group
To create a user-based group, go through the following steps:
- Expand Group, select Create a group, in the Name field enter Sales Team, and click on Save.
- Select View group list.
- Click on Sales Team.
- Select Add users to group membership.
- Select the user we have just created by placing a tick in the checkbox next to the user’s name, and click on Add to group membership.
- We can click on View group membership to confirm the addition of our user to the group.
We will be adding more users to this group later on in the Lab when we import the users via a text file.
Preparing to distribute a BlackBerry device
Before we can distribute a BlackBerry device to a user using various methods, we need to address a few more settings that will affect how the device will initially be populated. By default when a device is activated for a user, the BlackBerry Enterprise Server will prepopulate/synchronize the BlackBerry device with the headers of 200 e-mail messages from the previous five days. We can alter these settings so that headers and the full body of the e-mail message can be synched to the device for up to a maximum of 750 messages over the past 14 days.
- In the BlackBerry Administration Service, under Servers and components expand BlackBerry Domain | Component view | Email and select the BES instance. On the right-hand pane select the Messaging tab.
- Scroll down and select Edit instance.
- To ensure that both headers and the full e-mail message is populated to the BlackBerry Device, in the Message prepopulation settings, change the Send headers only drop-down to False.
- Change the Prepopulation by message age to a max of 14 days, by entering 14.
- We can change the number of e-mails that are prepopulated on the device by changing the number of Prepopulation by message count, again a max of 750.
By making the preceding two values to zero, we can ensure that no previous e-mails are populated on the device.
Within the same tab, we can set our Messaging options, which we will examine next. We have the ability to set:
- A Prepended disclaimer (goes before the body of the message)
- An Appended disclaimer (goes after the user’s signature)
We can enter the text of our disclaimer in the space provided, then choose what happens if there is a conflict. The majority of these settings can also be set at a user level (settings made on the server override any settings made by the user, that’s why it is best practice to have these set on the server level), which we will see later in Lab. If user setting exists then we need to notify the server how to deal with a potential conflict. The default setting is to use the user’s disclaimer first then the one set on the server.
Bear in mind, the default setting will show both the user’s disclaimer and then the server disclaimer on the e-mail message.
Wireless message reconciliation should be set to True—the BlackBerry Enterprise Server synchronizes e-mail message status changes between the BlackBerry device and Outlook on the user’s computer. The BES reconciles e-mail messages that are moved from one folder to another, deleted messages, and also changes the status of read and unread messages. By default the BES performs a reconcile every 30 minutes; the reconcile is in effect checking that for a particular user the Outlook and the BlackBerry have the same information in their databases. If this is set to False then the above mentioned changes will only take effect when the device is plugged in to Desktop Manager or Web Desktop Access.
We have the option of setting the maximum size for a single attachment or multiple attachments in KB. We can also specify the maximum download size for a single attachment.
Rich content turned on set to True allows e-mail messages that contain HTML and rich content to be delivered to BlackBerry devices; having it set to False would mean all messages are delivered in plain text. This will save a lot of resources on the server(s) housing the BES components. We can set the same principle for downloading inline images.
Remote search turned on set to True—this will allow users to search the Microsoft Exchange server for e-mails from their BlackBerry devices.
In BES 5, we have a new feature that allows the user, when on his device-prior to sending out a meeting request—to check if a potential participant is available at that time or not. (Microsoft Exchange 2007 users need to make some changes to support this feature; see the BlackBerry website for further details on the hot fixes required.) Free busy lookup turned on is set to True if you want the above service. If system resources are being utilized heavily, this feature can be turned off by selecting False.
Hard deletes reconciliation allows users to delete e-mail messages permanently in Microsoft Outlook (by holding the shift + del keys). You can also configure the BES to remove permanently deleted messages from the user’s BlackBerry device. You must have wireless reconciliation turned on for this to work.
Now that we have prepared our messaging environment, we are ready to activate our first user.
When it comes to activating users, we have five options to choose from:
- BlackBerry Administration Service: We can connect the device to a computer and log on to the BAS to assign and activate a device for a user
- Over the Wireless Network (OTA): We can activate a BlackBerry to join our BES without needing it to be physically connected to our organization
- Over the LAN: A user who has BlackBerry Desktop Manager running on his or her computer in the corporate LAN can activate the device by plugging the device into his or her machine and running the BlackBerry Desktop Manager
- BlackBerry Web Desktop Manager: This is a new feature of BES 5 that allows users to connect the device to a computer and log in to the BlackBerry Web Desktop Manager to activate the device, with no other software required
- Over your corporate organization’s Wi-Fi network: You can activate Wi-Fi-enabled BlackBerry devices over your corporate Wi-Fi network
Before we look at each of the options available to us, let’s examine what enterprise activation is and how it works along with its settings; this will also help us choose the best option for activating devices for users and avoid errors during the enterprise activation.
Understanding enterprise activation
To allow a user’s device to join the BlackBerry Enterprise Server, we need to activate the device for the user when we create a user and assign the user an activation password. The user will enter his or her corporate e-mail address and the activation password into the device in the Enterprise Activation screen, which can be reached on the device by going to Options | Advance Options | Enterprise Activation. Once the user types in the information and selects Activate, the BlackBerry device will generate an ETP.dat message. It is important that if you have any virus scanning or e-mail sweeping systems running in your organization, we ensure that this type of filename with extension is added to the safe list. Please note that this ETP.dat message is only generated when we activate a device over the air. If we use other methods where the device is plugged in via a cable to activate it, NO ETP.dat file is generated. The ETP.dat message is then sent to the user’s mailbox on the Exchange Server over the wireless network. To ensure that the activation occurs smoothly, make sure the device has good battery life and the wireless coverage on the device is less than 100db. This can be checked by pressing the following combination on the device Alt + NMLL. The BlackBerry Enterprise Server then confirms that the activation password is correct and generates a new permanent encryption key and sends it to the BlackBerry device. The BlackBerry Policy service then receives a request to send out an IT policy.
Service books control the wireless synchronization data. Data is now transferred between the BlackBerry device and the user’s mailbox using a slow synch process. The information that is sent to the BlackBerry device is stored in databases on the device, and each application database is shown with a percentage completed next to it during the slow synch. Once the activation is complete, a message will pop up on the device stating ‘Activation complete’. The device is now fully in synch with the user’s mailbox and is ready to send and receive data.
Now that we have got a general grasp of the device activation process, we are going to look at the five options mentioned previously, in more detail.
Activating a device using BlackBerry Administration Service
This method provides a higher level of control over the device, but is more labor-intensive on the administrator as it requires no user interaction.
Connect the device to a computer that can access the BlackBerry Administration Service, and log in to the service using an account that has permissions to assign devices.
Under the Devices section, expand Attached devices. Click on Manage current device and then select Assign current device. This will then prompt you to search for the user’s account that we want to assign the device to. Once we have found the user, we can click on User and then select Associate user and finally click on Assign current device.