Welcome to the forums!
Quote:
How, exactly, does a Blackberry device gain access to my corporate network.
I know the data is encrypted but how does it initiate the actual tunnel?
|
It doesn't initiate a tunnel with your network; but rather it initiates a connection to your carrier which hands it off to RIM. RIM's NOC has a connection to your BES (the port 3101 outbound-initiated hole in your firewall) ... RIM's NOC bridges the connection; hence the reason you don't need any specific inbound ports to your firewall opened.
Quote:
How are users able to gain access to internal network resources?
|
For things other than your corporate mail environment it uses MDS (Mobile Data System; previously called Mobile Data Service) ... search here or at
RIM's site for more info on MDS.
Quote:
Can I block this and allow only Exchange access without resorting to a DMZ type situation?
|
Absolutely. You can disable MDS on each and every device.
Quote:
Also, what is RIMs actually involvement in communications between a device and my BES? Does all data flow through a RIM server?
|
RIM is handler / validator. RIM routes traffic to/from your BES to/from your HH (via the Internet & your carrier's network) ... it also validates and identifies your BES with the SRP key & identifier.
Any traffic between your BES & your HH (after you have activated is encrypted using either the 3DES or AES encryption key generated during activation (or a key used that later replaced the original).