1 JAM810 Dennis Reumer @reumerd September 26-27, 2013 Enterprise 101: Your App's Been Deployed Behind the Firewall, Now What?
Your App is been deployed behind the Firewall! Now What?
Jun 20, 2015
When you create an enterprise grade mobile application, you can see a lot of hurdles to actually be able to deploy in on the mobile devices. In this presentation a short overview is given on how the BlackBerry Enterprise Platform tackles this and shows how easy secure application development could be.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
JAM810Dennis Reumer @reumerdSeptember 26-27, 2013
Enterprise 101: Your App's Been Deployed Behind the Firewall, Now What?
B L A C K B E R R YE N T E R P R I S E
O V E R V I E W
BlackBerry BalanceBlackBerry Enterprise Service 10
BlackBerry Enterprise PushDevelopment Options
Development ConsiderationsOpportunities in the Enterprise
Bla
ckB
err
y®
Z1
0 s
mart
ph
on
e
B L A C K B E R R Y B A L A N C E
B L A C K B E R R Y B A L A N C E Separate File System for Work Applications
Secures Work Application data No Access allowed from the Personal perimeter
Separated Network Always on VPN to the internal Network of the Company All network traffic is through the VPN
Application Management Allows companies to manage, deploy, remove and update
Applications
B L A C K B E R R Y W O R L D 4 W O R K
B L A C K B E R R Y W O R L D 4 W O R K
Provides the Enterprise App Store Shows available and required Applications to the
Employee Allows install of additional Apps in the Work Perimeter Allows white listing of Apps in the commercial BlackBerry
World
Managed by the BlackBerry Enterprise Service 10 Admin Uploads Application bar files for new and updated
applications Set Application availability to Optional or Required Whitelists commercial BlackBerry World applications
B L A C K B E R R YE N T E R P R I S ES E R V I C E 1 0
T H E L E A D E R I N E M M
• 90% of the Fortune 500 depend on BlackBerry
• The largest global MDM footprint with over 90K enterprise customers globally. Over 10X the next largest MDM vendor
• >25,000 BES10 installations
• The trusted enterprise mobility partner for more than 14 years
• Gold standard for multi-platform mobile security, management and control
B L A C K B E R R Y E N T E R P R I S E S E R V I C E
BlackBerry MDS Connection
Service
BlackBerry 10 Application Using
Push APIs
Content Push Initiator Server
Application Server
B L A C K B E R R Y E N T E R P R I S E P U S H
Pushed Data MDS-CS Invocation Framework Your App
E N T E R P R I S E P U S H
Delivering application notification with a push of a button Allows up to 8KB payload (WAP PAP 2.2) and BlackBerry Push Provides different submission modes: Point to Point, Multicast and Broadcast Immediate information with lowered battery usage Reduce waiting time for real time data which translates to higher data efficiency for
customers
BlackBerry Enterprise Server 10
Free 60 days trial (20 User Licenses)WWW.BES10.COM
partners.blackberry.com
BlackBerry Enterprise Server 10
BlackBerry Enterprise Service Machine Requirement (Virtual or Hardware)
Single processor, 2.0 GHz Intel® Xeon® (two processors recommended) 2 GB of memory 64-bit operating system: Two 64 GB drives (minimum), RAID 1 32-bit operating system: Two 36 GB drives (minimum), RAID 1 Disk space for the BlackBerry Enterprise Server and BlackBerry Administration Service: 550 MB Disk space for log files: Approximately 2 MB per user per day (100 email messages per user)
D E V E L O P M E N TO P T I O N S
C++/QtCascades
ActionScriptAdobe® AIR®
HTML5 BlackBerry®
WebWorks™
C/C++Native SDK
Java Android™
Runtime
Not in the work perimeter
D E V I C E S
D E V E L O P M E N TC O N S I D E R A T I O N S
D E V E L O P M E N T C O N S I D I R A T I O N S
Work or Personal? Network Constraints File system and Access Applications and Invocation BlackBerry Push vs Enterprise Push Impact from Policy Restrictions Testing you Application
W H E R E A M I ?
#include <bb/system/SecurityPerimeter>LIBS += -lbbsystem
Use bb::system::SecurityPerimeter 0 - Default context 1 – Work Perimeter 2 – Personal Perimeter
N E T W O R K S C O N S T R A I N T S Only through the MDS-CS VPN tunnel HTTP/HTTPS Only traffic – NO SOCKETS! No streaming Internet access though Company infrastructure (Proxy)
Cascades has a class that provides access to the sandbox:
Qdir
Also provided are static functions that give access to the different paths
QDir::currentPath() – path to the apps working directory
QDir::homePath() – returns the app’s data directory path
QDir::tempPath() – access to the app’s temp directory
Personal File System: /accounts/1000/<your appid>Work File system: /accounts/1000-enterprise/<your appid>
G E T T I N G T O F I L E S
S A N D B O X F I L E S
homePath()\app Compiled application, assets, source (READ ONLY)
homePath()\data This is where you store your data. The $HOME environment variable is this directory
(READ/WRITE)
homePath()\db The application's database files. (READ/WRITE though DB API’s)
homePath()\logs System logs for an application. The application's stderr and stdout are redirected to this directory.
homePath()\shared Subfolders that contain shared data grouped by type. All applications can read from this directory. An
application can write to this directory only if the access_shared permission is specified.
homePath()\tmp The application's temporary working files.
S H A R E D F I L E S
The Shared directory differs between the Personal and Work Perimeter:From the personal perimeter you can not access the work perimeter shared files. From the work perimeter you can access the personal perimeter shared files (read)
• homePath()\shared
Subfolders that contain shared data grouped by type. All applications can read from this directory. An application can write to this directory only if the access_shared permission is specified.
Work File system: /accounts/1000-enterprise/sharedPersonal File System: /accounts/1000/shared
D U A L I N G A P P L I C A T I O N S
Personal• Isolated to personal perimeter• No access to work data• Installed from App World via personal UI
Work• Isolated to work perimeter• Can read personal shared data (controllable
by IT rule)• Deployed through the BES10
Dual• Operate in both work and personal
perimeters• Simultaneous instances: isolated &
independent• BlackBerry Apps only!
Hybrid• Native RIM apps touch both perimeters• Secures co-mingling of work and personal
data (adjustable by IT rules)• BlackBerry Apps only!
Work Perimeter Personal Perimeter
Work Apps Hybrid AppsPersonal
Apps
Enterprise App World
Calendar App World
Enterprise App 1 Contacts Social
Enterprise App 2 Unified Inbox BBM
Enterprise App 3 Reminder Video Chat
Enterprise App 4 Universal Search Camera
Enterprise App .. Dual Apps Phone
Mobile Voice Service
File Manager
File Manager
Other IM & P2P
Others Documents To Go
Documents To Go
Compass
Browser Browser Calculator
Music, Video & Pictures
Music, Video & Pictures
Android Runtime
Print To GoPrint To Go
NFC Smart Tag
Other Other Other
P U S H D I F F E R E N C E S
BlackBerry MDS Connection
Service
BlackBerry 10 Application Using
Push APIs
Content Push Initiator Server
Application Server
B L A C K B E R R Y E N T E R P R I S E P U S H
BlackBerry NOCPush Service
BlackBerry 10 Application Using
Push APIs
Content Push Initiator Server
Application Server
B L A C K B E R R Y C O M M E R C I A L P U S H
Internal Network
Internet
P U S H D I F F E R E N C E S Enterprise Push
Can push to single device (PIN) Can push to all devices of a user (email address) Can push to a Group (in BES10) Can push to all users on a BES10 instance
Commercial Push Can only push to a specific device (PIN, BBID) Can push to a Group*
(*When using the Push SDK AddressList)
B L A C K B E R R YE N T E R P R I S EIT P O L I C I E S
I T P O L I C I E S
IT Policies are used by companies to:
Adhere to compliancy requirements
Adhere to legal requirements
Provide enhanced security where needed
I T P O L I C I E S
Various IT Policies have an impact on you Application.
For a full current list of IT Policies of BES10.1.2:http://docs.blackberry.com/en/admin/deliverables/55544/BES10_v10.1.2_BDS_Policy_and_Profile_Reference_Guide_en.pdf
130 pages of detailed information
I T P O L I C I E S H I G H L I G H T S
Wireless Service Provider Billing (BB10.0/BES10.0) If Allowed, would make it possible for Employees to purchase apps
through the Companies Carrier Provider. Application Security Timer Reset (BB10.0/BES10.0)
If allowed, the app can prevent the device from locking. Restrict Development Mode rule (BB10.0/BDS 6.1)
Values: Yes, No, Default: No If set to Yes, this will not allow you to debug applications on the device.
T E S T I N GY O U R A P P S
T E S T I N G Y O U R A P P
Testing your during development
When working on the Enterprise network with development machine: Deploy on the simulator; It has access to the internal systems too. (this
also allows debugging) When working outside of the Enterprise network
Establish a VPN on your development machine and use simulator. (this also allows debugging)
Or use a VPN on a physical BB10 device to the Enterprise network (this will complicate debugging)
T E S T I N G Y O U R A P P
Testing your app in the work perimeter
Upload to BES 10 Add to Software Config Add to Group or User Gets pushed to your device
B U S I N E S S O P P E R T U N I T I E S
G E T A H E A D S T A R T
Test your app in the work perimeter. Make use of the BES10 trial
Verify your app against the considerations Engage with/reach out to Enterprise to show your
app and availability in the BlackBerry World
D I R E C T S A L E S
Avoid the 30% BlackBerry World Fees Enterprise License Agreements Seat Licensing Custom App Licensing
T H E L O N G T A I L
Continues development on contract Development support (bug fixes) Enterprise Support (call-desk for users) Maintenance Updates… Not Free.
B U S I N E S S D E V E L O P M E N T
Create Solutions and Services not just Apps Work closely with BlackBery to market solutions Think about Verticals (Financials, Legal, etc.) Promotion through BlackBerry (BBW, Events,
Mailings, listings, etc)
B L A C K B E R R Y P A R T N E R P R O G R A MSneak preview APACJAM810Adrian RusuSeptember 26-27, 2013
B L A C K B E R R Y P A R T N E R
APAC.BlackBerry-Partners.com
B L A C K B E R R Y P A R T N E R
www.apac.BlackBerry-partners.com
Express your interest!
• Be part of first partner onboarding• Support for all parts of business: sales,
marketing, technical• Close touch with all BlackBerry enterprise
services & solutions• Be part of a program that evolves with
your business
K E E P O N M O V I N G .
B L A C K B E R R Y
Q & A
R E F E R E N C E S / D E M O S
GitHub https://github.com/blackberry/BES10-Cascades
Enterprise Push demo http://bizblog.blackberry.com/2013/06/push-enterprise-apps/
Emergency Contact List https://github.com/blackberry/BES10-Cascades/tree/master/ECL
BizBlog http://bizblog.blackberry.com/
developer.blackbery.com https://developer.blackberry.com/devzone/develop/enterprise/
enterprise_overview.html
R E F E R E N C E S / D E M O S
BlackBerry Jam Asia Enterprise Sessions
JAM811 – Enterprise 201: BlackBerry Enterprise Service 10.1 Overview and Deploying Apps in the Secure Workspace for Android and iOS Thursday, 26 Sep, 4:45 PM - 5:45 PM
JAM823 - Delivering Data with Push & MDS Push Friday, 27 Sep,10:45 AM - 11:45 AM
JAM826 - Calling and Consuming Web Services with oData Friday, 27 Sep, 3:30 PM - 4:30 PM
T H A N K Y O U
JAM810Dennis Reumer - @reumerdlinkedin.com/in/dennisreumerSeptember 26-27, 2013
I T P O L I C I E S A P P E N D I X
Overview of all the IT Policies that can have an impact on your Application
Constraints Disabled hardware Limitation (to connectivity)
I T P O L I C I E S H I G H L I G H T S
BlackBerry Balance Devices
Wireless Service Provider Billing (BB10.0/BES10.0) If Allowed, would make it possible for Employees to purchase apps
through the Companies Carrier Provider. Transfer Work Contacts Using Bluetooth PBAP/HFP rule
(BB10.0/BES10.0) Transfer Work Files Using Bluetooth OPP rule
(BB10.0/BES10.0) Transfer Work Messages Using Bluetooth MAP rule
(BB10.0/BES10.0) Transfer Work Messages Using Bluetooth MAP Without
Prompt rule (BB10.1/BES10.1) Application Security Timer Reset (BB10.0/BES10.0)
If allowed, the app can prevent the device from locking.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Balance Devices
Security Timeout rule (BB10.0/BDS 6.0) Time in Minutes. Once reached the Work Space is locked and to access
your application the users needs to enter the Work Space password. You app continues to run in background.
Default: 45 minutes Voice Control rule (BB10.0/BES10.0)
Values: Allow, Disallow for email and Calendar, Disallow Default: Allow
Work Data Uses Only Work Network rule (BB10.1/BES10.1) Values: Yes, No, Default: No Work Data can use both the MDS-CS as the BlackBerry NOC
infrastructure
I T P O L I C I E S H I G H L I G H T S
BlackBerry Balance Devices
Backup and Restore Work Space rule (BB10.0/BES10.0) Values: Allow, Disallow, Default value: Allow Allows you to make a backup of the work perimeter apps through
BlackBerry Link. Personal Apps Access to Work Contacts rule
(BB10.0/BES10.0) Values: All, Only BlackBerry Apps, None, Default value: All Allows personal apps to access work contact data
Restrict Development Mode rule (BB10.0/BDS 6.1) Values: Yes, No, Default: No If set to Yes, this will not allow you to debug applications on the device.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Balance Devices
Share Work Data During BBM Video Screen Sharing rule (BB10.0/BES10.0) Values: Allow, Disallow, Default value: Allow Allows to share the Work Data (like contacts) screens over the
commercial BBM Voice Dictation in Work Apps rule (BB10.0/BES10.0)
Values: Allow, Disallow, Default value: Allow Allows voice dictation to be used for Work Applications
Wipe the Work Space Without Network Connectivity rule (BB10.0/BDS6.0) Values: 2 to 8760 hours, Default: Null value (Disabled) If set the device will wipe the Work Space after x hours of no connectivity
to the BlackBerry Enterprise Service.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Balance Devices
Work App Access to Shared Files in the Personal Space (BB10.1/BES10.0) Values: Allow, Disallow, Default value: Allow If set to disallow, work applications can not access the shared files in the
personal space. Cloud Storage Access from Work Space rule
(BB10.0/BES10.0) Values: Allow, Disallow, Default value: Allow If set to disallow, no Cloud Storage access is possible from the Work
Space file system. (e.g. Dropbox, Box) Open Links in Work Email Messages in the Personal Browser
rule (BB10.0/BES10.0) Values: Allow, Disallow, Default value: Allow Allows links in work email messages to be opened in the Personal
Browser
I T P O L I C I E S H I G H L I G H T S
BlackBerry Balance Devices
Work App Access to Shared Files in the Personal Space (BB10.1/BES10.0) Values: Allow, Disallow, Default value: Allow If set to disallow, work applications can not access the shared files in the
personal space. Cloud Storage Access from Work Space rule
(BB10.1/BES10.0) Values: Allow, Disallow, Default value: Allow If set to disallow, no Cloud Storage access is possible from the Work
Space file system. (e.g. Dropbox, Box)
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
Bluetooth rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallowed, no Bluetooth can be used.
Bluetooth A2DP rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow no music can be played via Bluetooth
Bluetooth AVRCP rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, no media control is possible over bluetooth
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
Bluetooth Contacts Transfer Using PBAP rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If disallowed no contact transfer is possible through PBAP
Bluetooth Discoverable Mode rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, the device is not discoverable for Bluetooth
Bluetooth File Transfer Using OBEX rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, no file transfers are possible over Bluetooth
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
Bluetooth HFP rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If disallowed the HFP profile is disabled and carkits can not connect
Bluetooth MAP rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, the MAP profile is disable and can’t be used with a
carkit Bluetooth Pairing rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, no new connections can be made on the device
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
Bluetooth PAN Profile rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If disallowed the PAN profile is disabled and can’t be used
Bluetooth SPP rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, the SPP profile is disable and can’t be used
Camera rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use the camera on the device , also not in
your application.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
Enforce Bluetooth Secure Simple Pairing Numeric Comparison rule (BB10.1/BES10.1) Values: Yes, No, Default value: No If yes the user needs to use a full numeric comparison to establish
pairing Enforce Minimum Bluetooth Passkey Length rule
(BB10.1/BES10.1) Values: Yes, No Default value: No If set to Yes, only device with at least 8 numerics are allowed to establish
connections HDMI rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use the HDMI port , also not in your
application.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
Location Services rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use location services on the device, also
not in your application. NFC rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use NFC services on the device, also not in
your application. Wi-Fi rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use WiFi services on the device, also not in
your application.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
Computer Access to Device rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use connect the device through USB or WiFi
Sharing to a computer. Media Card rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use a media card in the device, also not in
your application. Voice Dictation rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use voice dictation services on the device,
also not in your application.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
BBM rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use BBM on the device through USB or WiFi
Sharing to a computer. BBM Video/BBM Voice rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use BBM Video/Voice on the device, also
not in your application. BlackBerry Maps rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use MAPS on the device, also not in your
application.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
Find More Contact Details rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use Find More contact on the device
Hotspot Browser rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use a HotSpot for connectivity on the
device, also not in your application. Media Sharing rule (BB10.1/BES10.1)
Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use Media Sharing on the device, also not
in your application.
I T P O L I C I E S H I G H L I G H T S
BlackBerry Work only Devices
SMS/MMS rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use SMS on the device
YouTube for BlackBerry Devices rule (BB10.1/BES10.1) Values: Allow, Disallow, Default value: Allow If set to disallow, you can not use YouTube on the device
Related Documents
