what makes up blackberry enterprise service 10? - sharif penniman
DESCRIPTION
Interop Academy - June 17th, 14:00-14:30 - BlackBerry 10 overview of tools - Universal Device Service + Mobile Device Management - BlackBerry Secure Workspace for Android and iOS - Leveraging the Power of Secure Workspace in Your Application - Deploying an Application to the Secure Workspace - References – hear about real examples of companies who have deployed BES 10TRANSCRIPT
1 01 July 2014
Leverage your solution to its full potential 11 June 2014 Sharif Penniman @sfpenniman London Tech Week 2014
BLACKBERRY SECURE WORKSPACE & ANDROID
2 01 July 2014
CONTENTS • What makes up BlackBerry Enterprise Service 10.2
• BlackBerry 10 Recap
• Universal Device Service + Mobile Device Management
• BlackBerry Secure Workspace for Android and iOS
• Leveraging the Power of Secure Workspace in Your Application
• Deploying an Application to the Secure Workspace
• References
• Q&A
3 01 July 2014
Best in Class Enterprise Mobility Management
BLACKBERRY ENTERPRISE SERVICE 10
4 01 July 2014
SERVICE NOT SERVER ?
BlackBerry Device Service
Universal Device Service
BlackBerry Connection Service
BlackBerry Administration Service
BlackBerry Web Services
BlackBerry Management Console
Etc.
5 01 July 2014
BLACKBERRY ENTERPRISE SERVICE Manage:
Users,
Devices,
Profiles
Policies
Group Users to
Simplify and Scale Deployments
Manage Applications
for Users and/or Groups
6 01 July 2014
BLACKBERRY BALANCE The Work Perimeter • Secure • Encrypted File Space • Can be Revoked Centrally • Encrypted Connectivity Behind the Firewall • Push to deliver Real Time Information • Corporate Application Management
7 01 July 2014
APPLICATION MANAGEMENT Whitelisted Public Applications Licensed or Corporate Applications Company Apps Can Be Optional and appear for download, or be Required and pushed silently to the user’s device.
8 01 July 2014
Mobile Device Management on Android and iOS
UNIVERSAL DEVICE SERVICE
9 01 July 2014
• Manage Users and Groups
• Configure Profiles, Policies etc
• Whitelist Applications
• Deploy Corporate Applications
MDM TO ANDROID & iOS
10 01 July 2014
MDM TO ANDROID & iOS
11 01 July 2014
CORPORATE DATA & BYOD
MDM is Great, but….
• User’s don’t want their personal devices locked down
• Eg. Hide the default camera application, Hide the default web browser, Disable data service when roaming
• Separation of Work and Personal
• Corporate Data needs to be secure at rest and in transit
12 01 July 2014
Separation of work and personal data that is secured and controlled
BLACKBERRY SECURE WORKSPACE
13 01 July 2014
A separation of work and personal data that is secured and controlled • Authentication is required • Data is saved to the secure file system as
work data
• Work data cannot be shared outside the secure work space
• Cut / copy / paste is only allowed within the secured work space
• Personal applications cannot access work data
A device work space where applications are secured • Integrated Email, Calendar, Contacts,
Notes* and Tasks • Secure Browser • Secure attachment viewing and editing • Ability to secure enterprise applications
Secure Connectivity • Provides an AES 256bit secure connection between the
Secure Workspace and corporate network via BlackBerry Enterprise Service 10
• All apps provided in the Secure Work Space will use this secure connection, including securely wrapped enterprise applications
• Does not require a 3rd party VPN for Secure Workspace apps
• Uses the port 3101 already configured for communication between BES and BlackBerry smartphones
BLACKBERRY SWS OVERVIEW
14 01 July 2014
TITLE HERE WORK CONNECT
15 01 July 2014
TITLE HERE WORK BROWSER
16 01 July 2014
TITLE HERE DOCUMENTS To Go
17 01 July 2014
Leverage Secure Connectivity and Storage for Your Applications
DEVELOPING FOR SWS
18 01 July 2014
DEVELOPING FOR SWS
EMBEDDING OF SDK • Additional development effort
• Risk: Potential for error integrating the
SDK
• Decision on whether the App can be securely deployed during App development.
APPLICATION WRAPPING • No source modification required:
• Saving effort • Preventing error
• Decision on whether the App can be
deployed with MDM Admin
19 01 July 2014
TRADITIONAL APPLICATION ARCHITECTURE
• Create application
• Interact with API’s and available OS entry points
• Manage all security for data at rest
20 01 July 2014
WRAPPED APPLICATION ARCHITECTURE • Secure wrapping manages interaction
with system APIs • Compliance • Authentication • Application level controls • Network
• Data encryption using AES 256 for data-at-rest
21 01 July 2014
TITLE HERE WRAPPING PROCESS 1. Development Team Build and Sign Application
2. Pass to BlackBerry Enterprise Service Administrator
3. Administrator Uploads the Application to BES for Wrapping
4. Wrapped Application is Downloaded
5. Wrapped Application Passed Back to Development Team
Why? -> The Application has been modified in the process and thus requires re-signing
6. Development Team re-sign the application
7. Pass to BlackBerry Enterprise Service Administrator
8. Application Definition Created for Application
9. Added to a Software Configuration
22 01 July 2014
WRAPPING PROCESS UPLOAD TO SERVER
23 01 July 2014
WRAPPING PROCES WAIT
24 01 July 2014
WRAPPING PROCESS DOWNLOAD
25 01 July 2014
TITLE HERE WRAPPING PROCESS RESIGN jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore C:\Users\<mich.user>\.android\release.keystore -storepass BlackBerry -keypass blackberry SecureUnsigned.apk androidrelease zipalign.exe -v 4 SecureSigned.apk SecureSignedAligned.apk
26 01 July 2014
WRAPPING PROCES APPLICATION DEFINITION
27 01 July 2014
WRAPPING PROCESS SOFTWARE CONFIGURATION
28 01 July 2014
TITLE HERE SECURE WORKSPACE REFERENCES • Wrapping for iOS and Android:
• http://developer.blackberry.com/devzone/develop/enterprise/install_android_or_ios_work_space_app.html
• Free Trial version of BlackBerry Enterprise Service 10 for testing:
• http://www.bes10.com
• Example app and resigning script:
• https://github.com/blackberry/Secure-Work-Space
• Administration Guide to the Universal Device Service 10.2.1:
• http://docs.blackberry.com/en/admin/deliverables/62506/BES10_v10.2.1_UDS_Advanced_Admin_Guide_en.pdf
29 01 July 2014
Ask now or be forever silent ;-)
QUESTIONS & ANSWERS
K E E P O N M O V I N G .
BLACKBERRY
31 01 July 2014
THANK YOU ! Sharif Penniman- @sfpenniman linkedin.com/in/sfpenniman June 11 2014
BLACKBERRY SECURE WORKSPACE & ANDROID