In this chapter, we will delve more deeply into the technical architecture of BES. In order to provide you with an understanding of what's under the hood, we will have a look at the information needed to get your users started on the BES. Specifically, we will cover administrative user roles, how messages are delivered, and other key elements of the BES. We will conclude the chapter with Lab 2, which will give a practical insight on how to use the BlackBerry Administration Service console and key elements we need to configure before activating users on our BES.

Delivering messages

Firstly, we are going to look at how the BES delivers messages and in return how a user can reply or forward a message using the end device — a BlackBerry handheld.

In the following scenario, our director Jim needs to send an e-mail to his PA, Susan. Jim is sitting on his computer in the office while Susan is out on the field armed with her corporate BlackBerry.

The following figure shows the components of the BES distributed on different servers for the ease of the diagram, but they can be installed all on one server as discussed in the previous chapter:

Sending a message to a BlackBerry device

1. Director Jim sends an e-mail to his PA, Susan. The e-mail arrives in Susan's mailbox on the Microsoft Exchange Server.
2. Microsoft Exchange notifies the BlackBerry Messaging Agent that a new message has arrived for Susan.
3. The BlackBerry Messaging Agent retrieves the message from the exchange mailbox then sends the first portion of the message (the first 2 KB) to the BlackBerry Dispatcher.
4. The BlackBerry Dispatcher compresses the first portion of the message, and encrypts the message with first a randomly generated session key (the session key is also referred to as a message key) and then the device transport key of Susan's BlackBerry device and passes the encrypted data to the BlackBerry Router to be delivered to the BlackBerry device.
5. The BlackBerry Router sends the first portion of the message to the RIM infrastructure over port 3101. The RIM infrastructure is also known as RIM NOC (Research In Motion Network Operation Centre). The RIM NOC will validate the SRP ID of the incoming BES and will route the message accordingly.
6. The wireless network locates the BlackBerry device and delivers the message. The BlackBerry device sends a delivery confirmation to the BlackBerry Dispatcher, which passes it on to the BlackBerry Messaging Agent. If the BES does not receive confirmation within four hours, it resubmits the message to the wireless network.

   Note

   This is not a delivery report, it does not confirm that the user has received and opened the e-mail; it confirms that the wireless network has delivered the message.

7. The BlackBerry device decrypts and decompresses the message so that Susan can view it, and the BlackBerry device notifies Susan of the arrival of the message. Only the first 2 KB of the message is delivered to the BlackBerry device initially. To view the full message, the user will need to click on the get more option at the end of the initial message, which will download the remaining message to the BlackBerry device, generating a new session key for each new data packet sent to the BlackBerry device to ensure that confidentiality of the data is intact.

Sending a message from a BlackBerry device

Now, we are going to have a look at the process involved in sending a message from a BlackBerry device.

1. Susan reads the message from Jim and needs to reply to him immediately. Using her BlackBerry device, she types out her reply and sends it to Jim. The BlackBerry device assigns the message a REFID. It is important to note that the original message is not sent back across the wireless network to the BES when Susan replies (or forwards the message). Only the content that Susan has added in her message is sent across the network — the original message contents are retrieved from the Inbox and appended to the message before sending it off. This is shown by noticing that you cannot modify the forward or reply content before sending.
2. The BlackBerry device compresses and encrypts the entire message.
3. The BlackBerry device sends the message over port 3101 to the wireless network, which in turn delivers it to the BES. The BES will ONLY accept messages that have been encrypted by the BlackBerry device. If the message is not encrypted with the correct value keys, it will reject it.
4. The BlackBerry Dispatcher first uses the device transport encryption key from Susan's device to decrypt and decompress the message, and secondly the session (or message keys) to decrypt the e-mail and display it. If the message cannot be decrypted using these unique key values then the BES rejects the message and sends an error message back to the BlackBerry device.
5. The BlackBerry Message Agent sends the message (on behalf of the user) to Susan's Microsoft Outlook mailbox.
6. The BlackBerry Messaging Agent copies the message to the Sent Items folder (unless there is a prior IT policy in place, which prevents messages from being copied/saved to the Sent Items folder).
7. The Microsoft Exchange Server then routes the message to Jim's mailbox.