Caption by: Simon Bisson
The secret of RIM's success isn't the BlackBerry itself (as useful as the latest generation of devices can be). What really makes BlackBerry one of the standard-bearers for business mobility is BES, the BlackBerry Enterprise Server. Sitting at the heart of many business networks, from SMEs to the largest enterprises, BES routes mail and data to and from BlackBerry devices securely, providing push email, hosting applications and routing voice traffic.
BES 5.0 is the latest version of RIM's push server, and it's a big upgrade from the previous release — changing the way that administrators work with BES, and adding new features for the latest BlackBerry devices. Previous BES systems were Windows applications, with a hefty Java back-end. That Java back-end is still there, completely re-architected to work in high-availability clusters, but the Windows administration tools are gone, replaced with a web-based administration front-end. Currently RIM has versions of BES for Exchange, GroupWise and Notes. We looked at the Exchange version, working with an Exchange 2007 system.
Upgrading BES used to be, if not a nightmare, then certainly a very bad dream. Devices had to be re-authorised, entailing working with every user to activate their devices. That could add days to an upgrade for a large BES install. Upgrading from BES 4.x to 5.0 is a seamless process, with minimal downtime. There's no reactivation and users will keep existing accounts — along with all their email, contacts and calendars. Users can also be moved between servers with no disruption; during RIMs internal beta test, users were migrated from BES 4.6 to BES 5.0 without noticing.
There's little difference between a clean install and an upgrade. The upgrade process will migrate existing BES databases to the new BES 5.0 schema. There's a backup and roll-back option, so if anything goes wrong with the upgrade you can return to the previous version without losing any configuration or user data. If you've installed a previous version of BES, you'll find RIM's installer very familiar. There's the same pre-requisite check, with more detail on what accounts need what permissions, and the same requirement to download and install the latest version of Microsoft's Exchange CDO components (if you're using BES with Exchange). The actual install is fairly quick (with a single reboot), so there'll be minimal downtime for any users being upgraded.
BES 5.0 will check for pre-requisite software before installing. It'll install most of the software you need — although you'll need to download and install the Exchange API components yourself. For more BES 5.0 images, see our screenshot gallery.
You can use BES's own authentication service, or Microsoft's Active Directory. We'd recommend the latter, as this simplifies self-service access for users. It's possible to work with both authentication schemes at the same time (locking down administrative access, while leaving things open for end users), although this isn't a practical approach for large deployments.
BES 5.0's high availability features mean that you can set up a two-machine cluster to host BES, with databases replicated between the two systems. RIM has taken a relatively simple approach to handling failover, with one system designated as a hot standby and enabled if the active server fails to respond to a heartbeat check. This approach keeps downtime to a minimum, and helps you respond to users' demands for reliable mobile email — although we wouldn't recommend putting the two servers on different networks and using it as the basis of a disaster recovery system. The BES databases are mirrored using the standard SQL Server high-availability features, simplifying setup and keeping the learning curve to a minimum.
As well as supporting high-availability installs, BES 5.0 now lets you install the various server components on separate machines. This improves reliability, and you can use this approach to deploy BES for performance — adding components as required and using load balancing where needed. RIM has also certified BES for use on virtual servers, so you can move VMs from machine to machine in order to maintain optimum performance, and deploy additional components to cope with demand spikes.
BES 5.0's new web front end isn't just for convenience. It also means that running BES is now cheaper and less risky. You can now handle all BlackBerry administration tasks from a copy of Internet Explorer, without leaving your desktop. As the web front end uses SSL connections, this also means that you can administer BES from anywhere, reducing the number of staff who need to be on-site around the clock. With BES 5.0 you can make BES administration an on-call service. A user-focused web-desktop also means that many BlackBerry functions can be handled directly by users, giving them a self-service BlackBerry that can be integrated into any intranet service.
There is one major issue with RIM's implementation. As BES is a Java application, it uses an Apache web server and the Tomcat application server — so we'd recommend ensuring you don't have Microsoft's IIS web server running on your BES servers. You can get the two to coexist, but this entails changing the ports used to connect to the BES web application, which can be confusing for end users.
We're still surprised by one of RIM's decisions. Web user interfaces are usually thought of as cross-platform and cross-browser. So it's a pity that you're limited to using a Windows PC running Internet Explorer to work with BES 5.0. That's because RIM is using an ActiveX control to handle communication with BlackBerrys connected to a server or to a desktop PC. You'll need to download the BES controls the first time you connect to BES. Oddly, RIM has also configured BES 5.0 to use self-signed certificates, which could confuse self-service users. Early versions of BES 5.0 required IE 8 users to work in compatibility mode. If you're still using the original release, we'd recommend downloading the SR1 update, as this also fixes some issues with the Windows LDAP interfaces that stop some administration pages from running.
The real benefit to administrators of BES 5.0 is the vastly expanded range of policies that can be deployed to devices. As Blackberrys have become more consumer-like, even with their own app store, keeping control of devices and ensuring compliance with regulatory requirements has become increasingly important. If you're running a 'bring your own device' programme, then good policy management has become essential.
The BES 5.0 policy management screen is more than a little cluttered — but you can drill down into nearly every aspect of a BlackBerry handset, ensuring that the devices connected to your BES operate just the way you want.
The (PDF) list of BES 5.0 policies is well worth reading, as it goes into some detail on how to manage the various settings on your users' devices. One important set of policies are the application controls. These allow you to control how third-party applications are allowed to interact with the devices and the network around them. You can block access to specific parts of the BlackBerry APIs, including ensuring that applications can't access local files, and that they can't surreptitiously capture screenshots or turn on microphones. You can also stop them from using GPS to track user locations.
You'll find the available policies let you drill down into some very fine-grained behaviour. One example is the ability to block RIM's own social networking applications, like the BlackBerry Facebook client, from linking into the rest of the BlackBerry stack. Disabling data access stops Facebook from updating calendars or adding photographs to contacts. RIM's policies are very powerful tools, and BES 5.0 gives you tools that deliver policies to specific users, or specific administrative roles. BES's groups are a probably the most powerful tool you have, as they let you administer several different users at the same time, grouping together all the sales users, or all the management team. You can also create groups of groups, and apply software configurations and policies to all the child groups from just one web page.
Your users don't need a desktop client — they can manage their accounts and their devices through their web browser. All they need is the web desktop URL and a USB cable.
The web desktop is easy enough to use, and users can log in using their existing Windows accounts. Most functions require a connected device, setting up and managing email, backing up phones and drilling down to see just how messages are being sent and when a BlackBerry last communicated with the BES. You can use the administration tools to customise the web desktop for your users, adding company logos and changing the colour scheme to fit in with your own brand. The ability to white label is important, as it allows BES to blend in with the rest of an intranet — or run as a hosted service — without disrupting the user experience.
You'll need OS 5.0 BlackBerry devices to get the most out of BES 5.0, though older devices will work just fine. With OS 5.0 updates now available for most recent devices (including the Bold 9000, the Storm 9550 and the Curve 8900) you'll be able to take advantage of BES 5.0's new over-the-air update tools to get all most, if not all, of your users onto the latest release. This will allow users to take advantage of more Outlook-like features on their handhelds, including flagging messages and setting reminder times, turning email into a task management tool. There's also distribution list support, and the ability to forward meeting invitations and calendar items (as well as viewing attachments sent in invite messages). Perhaps the most useful new feature is the ability to use a BlackBerry to securely browse and work with files on your network without having to implement a VPN.
You can use BES 5.0's VPN-free server access to get files from your network, wherever you are. All you need is the server name (and appropriate access credentials). Everything is routed over the secure BlackBerry network.
RIM continues to use BES for more than just email, and BES 5.0 is no exception. There's MDS, the Mobile Data System, which connects BlackBerry handsets to line of business systems. There's also an option to link BES into your PABX system, delivering calls to desk extensions straight to mobile devices, wherever your users are (as well as letting you route calls to and from local numbers to save money on long distance and international telephony).
BES 5.0 is definitely the best version of BES so far. RIM has done a lot of work in simplifying the administration process, as well as providing additional services for users. With so many new features it's hard to pick one reason for upgrading — although the VPN-less remote file access can quite quickly turn into a lifesaver. A seamless upgrade from earlier versions and high availability features make this an essential update for any business running BlackBerry devices.
Pricing (ex. VAT)
BES 5.0 for Microsoft Exchange - 1 user: £2,268
BES 5.0 for Microsoft Exchange - 20 users: £3,157
BES 5.0 upgrade for Microsoft Exchange: £999.99
BES CAL 1-user Licence: £79.99
BES CAL 10-user Licence £499
BES CAL 5 User Licence £349.99
BES CAL 50 User Licence £1,999
Caption by: Simon Bisson