113 April 2023
GETTING DOWN TO BUSINESS
9 May 2014 Dennis Reumer @reumerd
DroidCon Berlin 2014
BLACKBERRY SECURE WORKSPACE& ANDROID
213 April 2023
CONTENTS• What makes up BlackBerry Enterprise Service 10.1
• BlackBerry 10 Recap
• Universal Device Service + Mobile Device Management
• BlackBerry Secure Workspace for Android and iOS
• Leveraging the Power of Secure Workspace in Your Application
• Deploying an Application to the Secure Workspace
• References
• Q&A
313 April 2023
Best in Class Enterprise Mobility Management
BLACKBERRY ENTERPRISE SERVICE 10
413 April 2023
SERVICE NOT SERVER ?
BlackBerry Device Service
Universal Device Service
BlackBerry Connection Service
BlackBerry Administration Service
BlackBerry Web Services
BlackBerry Management Console
Etc.
513 April 2023
BLACKBERRY ENTERPRISE SERVICEManage:
Users,
Devices,
Profiles
Policies
Group Users to
Simplify and Scale Deployments
Manage Applications
for Users and/or Groups
613 April 2023
BLACKBERRY BALANCEThe Work Perimeter• Secure• Encrypted File Space• Can be Revoked Centrally• Encrypted Connectivity Behind the
Firewall• Push to deliver Real Time Information• Corporate Application Management
713 April 2023
APPLICATIONMANAGEMENTWhitelisted Public ApplicationsLicensed or Corporate Applications
Company Apps Can BeOptional and appear for download,or be Required and pushed silentlyto the user’s device.
813 April 2023
Mobile Device Management on Android and iOS
UNIVERSAL DEVICESERVICE
913 April 2023
• Manage Users and Groups
• Configure Profiles, Policies etc
• Whitelist Applications
• Deploy Corporate Applications
MDM TO ANDROID & iOS
1013 April 2023
MDM TO ANDROID & iOS
1113 April 2023
CORPORATE DATA & BYOD
MDM is Great, but….
• User’s don’t want their personal devices locked down
• Eg. Hide the default camera application, Hide the default web browser, Disable data service when roaming
• Separation of Work and Personal
• Corporate Data needs to be secure at rest and in transit
1213 April 2023
Separation of work and personal data that is secured and controlled
BLACKBERRY SECURE WORKSPACE
1313 April 2023
A separation of work and personal data that is secured and controlled
• Authentication is required
• Data is saved to the secure file system as work data
• Work data cannot be shared outside the secure work space
• Cut / copy / paste is only allowed within the secured work space
• Personal applications cannot access work data
A device work space where applications are secured
• Integrated Email, Calendar, Contacts, Notes* and Tasks
• Secure Browser
• Secure attachment viewing and editing
• Ability to secure enterprise applications
Secure Connectivity
• Provides an AES 256bit secure connection between the Secure Workspace and corporate network via BlackBerry Enterprise Service 10
• All apps provided in the Secure Work Space will use this secure connection, including securely wrapped enterprise applications
• Does not require a 3rd party VPN for Secure Workspace apps
• Uses the port 3101 already configured for communication between BES and BlackBerry smartphones
BLACKBERRY SWS OVERVIEW
1413 April 2023
TITLEHEREWORK CONNECT
1513 April 2023
TITLEHEREWORK BROWSER
1613 April 2023
TITLEHEREDOCUMENTS To Go
1713 April 2023
Leverage Secure Connectivity and Storage for Your Applications
DEVELOPING FOR SWS
1813 April 2023
DEVELOPINGFOR SWS
EMBEDDING OF SDK
• Additional development effort
• Risk: Potential for error integrating the SDK
• Decision on whether the App can be securely deployed during App development.
APPLICATION WRAPPING
• No source modification required:• Saving effort• Preventing error
• Decision on whether the App can be deployed with MDM Admin
1913 April 2023
TRADITIONALAPPLICATIONARCHITECTURE
• Create application
• Interact with API’s and available OS entry points
• Manage all security for data at rest
2013 April 2023
WRAPPEDAPPLICATIONARCHITECTURE• Secure wrapping manages
interaction with system APIs• Compliance• Authentication• Application level controls• Network
• Data encryption using AES 256 for data-at-rest
2113 April 2023
TITLEHEREWRAPPING PROCESS1. Development Team Build and Sign Application
2. Pass to BlackBerry Enterprise Service Administrator
3. Administrator Uploads the Application to BES for Wrapping
4. Wrapped Application is Downloaded
5. Wrapped Application Passed Back to Development Team
Why? -> The Application has been modified in the process and thus requires re-signing
6. Development Team re-sign the application
7. Pass to BlackBerry Enterprise Service Administrator
8. Application Definition Created for Application
9. Added to a Software Configuration
2213 April 2023
WRAPPING PROCESS UPLOAD TO SERVER
2313 April 2023
WRAPPING PROCES WAIT
2413 April 2023
WRAPPING PROCESS DOWNLOAD
2513 April 2023
TITLEHEREWRAPPING PROCESS RESIGNjarsigner -verbose
-sigalg SHA1withRSA-digestalg SHA1-keystore C:\Users\<mich.user>\.android\release.keystore-storepass BlackBerry-keypass blackberrySecureUnsigned.apkandroidrelease
zipalign.exe -v 4SecureSigned.apkSecureSignedAligned.apk
2613 April 2023
WRAPPING PROCESAPPLICATION DEFINITION
2713 April 2023
WRAPPING PROCESS SOFTWARE CONFIGURATION
2813 April 2023
TITLEHERESECURE WORKSPACE REFERENCES• Wrapping for iOS and Android:
• http://developer.blackberry.com/devzone/develop/enterprise/install_android_or_ios_work_space_app.html
• Free Trial version of BlackBerry Enterprise Service 10 for testing:
• http://www.bes10.com
• Example app and resigning script:
• https://github.com/blackberry/Secure-Work-Space
• Administration Guide to the Universal Device Service 10.2.1:
• http://docs.blackberry.com/en/admin/deliverables/62506/BES10_v10.2.1_UDS_Advanced_Admin_Guide_en.pdf
2913 April 2023
Ask now or be forever silent ;-)
QUESTIONS &ANSWERS
K E E P O N M O V I N G .
BLACKBERRY
3113 April 2023
THANK YOU !
Dennis Reumer - @reumerd
linkedin.com/in/dennisreumer
MAY 08 2014
DroidCon Berlin 2014
BLACKBERRY SECURE WORKSPACE& ANDROID