BlackBerry Live 2013 at Orlando, FL
BlackBerry 10 Takes Off
BlackBerry remains to have a strong vision in the mobility and collaboration space. BlackBerry 10 seems to be a major strike back as it is obviously geared towards providing the features which its competitors are missing or addressing the deficiencies they are facing. Below summarizes my findings and observations through the 3-day conference:
Key architectural change
Previous versions of BES use MAPI protocol to communicate with Exchange server and require the use of a service account to read (grab) and send from the user mailboxes. MAPI is a historical email protocol which will be obsoleted and withdrawn by Microsoft from next Exchange version (beyond Exchange 2013). BES10 does not use MAPI. It merely forms a secure tunnel (AES 256 encryption, FIPS140-2 compliant) for the device and the Exchange server to communicate with each other directly via ActiveSync. Think of it as the BES10 server acts as the man-in-the-middle but does not participate in the Email transcoding and relay.
Give up MAPI; Switch to ActiveSync
ActiveSync in its latest (v12 or above) implementations (Exchange 2010 and 2013) has tremendously improved and become a very mature protocol which emphasizes on Sync (email and PIM) with a “hanging” ping mechanism which makes it near real-time. It has become the industry standard for many hosted or cloud email service providers like Google Apps. ActiveSync is designed for mobility which has the characteristics of long latency, real-time and unstable connection. By switching from MAPI to ActiveSync, BES10 server can now support up to 15000 users/server (MAPI: up to 2000). ActiveSync is also much more tolerant in terms of network latency (250ms round trip OK) therefore the BES10 server does not need to be close to the Exchange server like required in previous versions. This gives more flexibility in terms of server location.
Containerization – BlackBerry Balance & Secure Work Space
At the conference there have been a lot of talks about Containerization. Major driver is believed to be the BYOD trend. Many enterprises as they start to adopt BYOD have to consider the consequences of data leakage and security. Containerization is believed to be the ultimate and the most secure solution. BlackBerry Balance cleanly separates the Work space and Personal space on BB10 devices. Each space has its own file system, data store and routing table. It separates data-at-rest as well as data-in-transit, meaning any communication in the Work space is restricted to route through the Mobile Device Service (MDS) secure tunnel. Even when the device is on public WiFi the Work data will always be encrypted while it traverses the secure tunnel. Think of it as Work communication is always taking place “behind” the corporate firewall.
Our strategy to adopt Good Technology (the only vendor providing container based solution at the time) for BYOD has proven to be correct and it remains to be valid even today. Many MDM providers are still struggling to provide true containerization.
BlackBerry has also extended the Balance concept to ride on iOS and Android. They brand it Secure Work Space (I believe this name will draw a lot of attentions this year). It comes with email, PIM, Intranet browser and a document viewer and editor. Enterprises can also deploy iOS and Android apps (iTune or enterprise app store) via Secure Work Space.
BlackBerry World (App store) for Work
Because of the separation between Work space and Personal space, enterprises can now deploy Work applications to the device and all communications to the backend systems and resources will be forced to route through the secure tunnel. Apps can be deployed as mandatory or optional. At the conference all the sessions on Apps development were focused on BlackBerry 10. BlackBerry is aggressive in making more applications available.
One unified (MDM + MAM) platform to support multiple device types
At the conference they have also released BES10.1 which is a revamped version aiming at managing all three platforms (BB10, iOS and Android) under one console – the BlackBerry Management Studio. We can begin testing it now and compare it with Good.
Regulated EMM vs EMM
BES10.1 also introduces a new feature called Regulated EMM (stands for Enterprise Mobility Management) targeted at government and financial institutions who are providing corporate liable devices to their staff. A richer set of IT policy (75 nos) can be enforced on the device (such as banning the camera). Standard BES10 contains 39 policies.
MDS-CS vs VPN
BlackBerry MDS is not something new. It has always been the foundation of how BB works. MDS is an always-on, always-connected technology which is essential for mobile devices. Currently only BlackBerry and Good can support true MDS as it requires a NOC (relay) between the enterprise and the device. The merits of MDS are: it does not require an inbound port to be opened; it consumes less power on the device compared to conventional VPN (which needs to continuously poll the device for keep-alive). Think of it as by making use of MDS, enterprises can “extend” their firewall perimeter to cover the mobile devices and run applications seamlessly eliminating the workflow performed by user to set up VPN.
Unified Communication – MVS, EIM
BlackBerry has also showcased their latest MVS (Mobile Voice) and EIM (Enterprise Instant Messenger). MVS supports single number reach / single number identity across office phone, softphone and BlackBerry. Great new features include Move to Desk Phone, Move to Mobile and Move to other number (e.g. a conferencing phone). Currently MVS does not support 3G/4G.
One interesting point is by US laws MVS is not allowed for emergency 911 calls.
EIM integrates with Lync 2010/2013. Supports three-way chat. Future version will support Persistent Chat. User can switch from an IM chat to a phone call (MVS or carrier).
BlackBerry Messenger on BB10 supports voice and video call. It also supports screen sharing. The new BBM Channel (now in beta) is a social networking platform designed for enterprises for disseminating information to its staff and clients using the secure BB platform.
Q5 was released at the conference. It targets on emerging market where carriers usually do not subsidize for the device.
BlackBerry 10 claims to support Cloud platforms including Google Apps, Office 365 and other platforms which support Active Sync. Not much details has been revealed at the conference.
Enterprise Mobility Strategy
Our mobility strategy must encompass at a minimum the following objectives.
1. High usability – while we continue to advocate BYOD, we need to clearly define the scope of supported devices and OS versions. iOS is pretty standard. Android, on the other hand, has thousands of variations and custom implementations. What about Windows Phone? We must have a clear support matrix (though constantly updated). Secondly, mobility is more than email and PIM. Mobility is also about data and applications. How can we enhance productivity while not compromising on security and data leakage? Don’t think pushing an MDM profile to the user owned devices will resolve the security question. It will upset the users.
2. Improved cost efficiency
One of the major drivers of BYOD is cost saving. We are seeing two extremes: Users who over use their company devices (and SIM) and incur high charges; Users who under utilize their devices and therefore waste the mobile plan. BYOD to a certain extent can bridge the gap. Some countries may have limitation to the extent of BYOD adoption. One note here is we have seen some branches asking their users to return their BlackBerry but allowing them to keep the SIM card. This is not helping to reduce cost.
3. High supportability
Our mobility platform must be highly available with zero allowance for downtime. Mobile devices are always-on and always-connected. The scenario that user notices a service interruption more promptly than IT admin is very common. How do we address this gap? Can the users support themselves (self service) when in trouble?