[Jeff]

[jefferyds]

[frank69m]

Just curious before I look at it further?

For example, when I set one up, do I need to notify my Wireless Provider that I have one setup and I can enter in the EIDs such that the Blackberry devices can communicate with my BES via the Provider?

I'm a small business owner looking at doing this for some of my sales folks.

Wondering if I can also use the BES such that my sales people can get into the internal network resources. Eg. Intranet WEb servers with my BES on the internet.

[bfrye]

As far as the first question, no you will not have to notify your provider. As long as you have a data plan on your BES-enabled blackberries your provider should not care.

Second question, yes, MDS will allow you to access your internal network via a VPN-like connection through your blackberries. You can even specify via IT Policies whether or not you want internal or external access allowed.

For what your asking I would venture to say it would suit your needs very well.

[frank69m]

Quote:

Originally Posted by bfrye

As far as the first question, no you will not have to notify your provider. As long as you have a data plan on your BES-enabled blackberries your provider should not care.

Second question, yes, MDS will allow you to access your internal network via a VPN-like connection through your blackberries. You can even specify via IT Policies whether or not you want internal or external access allowed.

For what your asking I would venture to say it would suit your needs very well.

Thanks Bfrye.

Then, from a technical point of view, when I start up say a BB SSH client that uses BES, how does it get from my wireless provider to my BES when I make the request.

[bfrye]

Well your wireless provider is basically the POP or ISP you use to access your BES. BUT!, unlike your typical ISP, you connection is encrypted from the device to the BES, so no unencrypted traffic is sent via your ISP... so the connection path would basically go like this...

Say your bes server is bes1.mycompany.net. The server you want to access is ssh.mycompany.net. Install your favorite ssh proggie and it goes like this...

Blackberry->Carrier Network->bes1.mycompany.net->ssh.mycompany.net.

Basically what BES with MDS allows is for you to create a virtual VPN from the blackberry to your internal network.

[jibi]

and just like a VPN, it will show your connection to whatever internal resource as being made from the BES.

[WorldIRC]

Quote:

Originally Posted by bfrye

Well your wireless provider is basically the POP or ISP you use to access your BES. BUT!, unlike your typical ISP, you connection is encrypted from the device to the BES, so no unencrypted traffic is sent via your ISP... so the connection path would basically go like this...

Say your bes server is bes1.mycompany.net. The server you want to access is ssh.mycompany.net. Install your favorite ssh proggie and it goes like this...

Blackberry->Carrier Network->bes1.mycompany.net->ssh.mycompany.net.

Basically what BES with MDS allows is for you to create a virtual VPN from the blackberry to your internal network.

Couldn't 'a said it better myself

[frank69m]

Quote:

Originally Posted by bfrye

Well your wireless provider is basically the POP or ISP you use to access your BES. BUT!, unlike your typical ISP, you connection is encrypted from the device to the BES, so no unencrypted traffic is sent via your ISP... so the connection path would basically go like this...

Say your bes server is bes1.mycompany.net. The server you want to access is ssh.mycompany.net. Install your favorite ssh proggie and it goes like this...

Blackberry->Carrier Network->bes1.mycompany.net->ssh.mycompany.net.

Basically what BES with MDS allows is for you to create a virtual VPN from the blackberry to your internal network.

got it. understand it now. so then the bes will really need to be configured so that my carrier network can access it via the internet...probably behind my firewall.

Thanks man...appreciate it!

franko
Newbie 1 week BB user.

[jibi]

no. carrier network goes through your phone. the only thing you will need to configure for your BES for the firewall is to make sure that it can get out on port 3101. the BES should be behind the firewall, so don't think you need to allow internet traffic back to the server.

in his flowchart, it was:

Blackberry (the handset) -> Carrier Network (GPRS; normal data connection from handset) -> BES (encrypted connection from handset to BES across carrier's existing wireless network; all configured inside the BES's innerds) -> internal server (from BES; acts as a jump server, to an extent)

[jibi]

P.S.-Frank, RIM has a lot of whitepapers that actually outline the way the BES works. You should really think about referring to them. They are easy to read, I promise.

[bfrye]

Actually, unless you have a very restrictive firewall, you only need outgoing initiated connection on RIM's port (I forget what it is off the top of my head... 3500-something maybe?). But you usually won't need to make any firewall modifications unless your BES is using NAT or something.

[jibi]

3101.

[dpeters11]

You may need to call your carrier and have them setup the account to be able to use a BES. I don't think all carriers are this way, but know that with T-Mobile, if the account isn't setup for BES, you'll see "Refused by handheld" messages.

[NJBlackBerry]

The BES (via port 3101) talks to one of the RIM data centers. The BES never connects to the carriers networks.

BB Handheld -> Carrier -> RIM -> BES -> Internal Network

dpeters11 is correct, but it has nothing to do with the BES per se; the BlackBerry accounts must have BES service enabled.