Wednesday, 25 September 2013

BES 10.1 Part 2


So after spending many hours banging my head against a brick wall in trying to get the push notification working I eventually got it working. I found that the password that the push notification uses for the account that is associated with the accessing push notification cannot have any capital letters in it.

I have also read posts that certain special characters have problems so for example we found that password.1  worked well. (clearly a more secure version of this would be needed).  I then found a separate problem that exchange was not routing the responses to the push notification subscription to the BES server and was being routed via a proxy server.  Once this corrected the push notification worked.

 We have had a couple of weeks playing around with this and still have a number of concerns. The biggest concern is the amount of time it takes to get into the email where it has to connect to the secure workspace.  I found a number of issues specifically relating where the phone may have connected to a wireless but not have an internet connection such as Virgin tube wirelesses or BT captive portal type wirelesses.

 This seems to cause the application to crash or have it continually  "continuing to workspace". I have also found the app to crash  even despite having deleted it and reinstalled it.  Finally I have also found the app to be sluggish in that you will be writing an email and it will hang for a few second.  We will be shortly testing it with an iPhone 5 and while I have it on my iPad I have not used it in anger in the same way I have used it on the iPhone.  Currently I still feel that the BlackBerrys that use a MAPI connection are superior to the active synch and I also found the application to eat battery life from the phone.

Blackbery BES 10.1


Blackberry Universal Device Control

 

Recently Blackberry have released their secure workspace product which will allow the putting of emails into a sandbox application that can be installed on android and IOS devices.  This is integrated as part of the BES 10.1 Server

For people who have only ever run the BES 5 Servers you will be aware that the Blackberry Servers communicate with exchange through MAPI.  As of the  BES 10 both the connection for the non-Blackberry devices and the Blackberry 10 devices are all carried out directly through active sync.  Blackberry have stated that they are moving away from the MAPI connection and this in itself poses some interesting challenges.

With the current BES 5 Servers if we have any issues relating to emails being populated twice or emails not syncing then  Blackberry Support are responsible for identifying the issue, with active sync  Blackberry support have stated to us that they will ask us to refer problems in synchronisation to Microsoft.  For SMB firms that do not have a support contract with Microsoft they will be liable for additional costs on top of the Blackberry Support if such issue arise.

With the active sync technology users are required to present their network password on the end device, this is a significant change from the standard BES 5 in which the user’s password are not required.  In many organisations that follow Microsoft’s best practices passwords are changed every thirty days and this is an additional inconvenience and seems a step backwards for our users.  This problem can be overcome by using the SCEP technology but this requires additional configuration and again is something that would have to be supported in house and not part of the Blackberry infrastructure.

Blackberry heavily relies on certificate technology to carry out the authentication between the non-Blackberry device and its Blackberry infrastructure; and while it can be argued what Blackberry are providing could easily be provided with your own internal VPN infrastructure the added complication of certificates is handled very nicely through the Blackberry product and takes a significant learning curve away from smaller IT departments.

That said one of the biggest drawbacks on using IOS is that the Apple does not allow external parties to connect directly to the iPhones and therefore pushing out emails as they come in is not an option.  In order to allow push notification your internal Blackberry server will have to notify the Apple Notification Service (APN) which in turn will notify your device and your device will then request the latest emails from Blackberry.  We have had significant problems in getting this working (see part 2)

 We have been working with the Blackberry Team for a number of days and it has been escalated but from reading around on other blogs it appears that we are not the only people having this working.  It should also be understood that as of IOS 6 still do not allow multi-thread applications.

 During some real world testing we have seen a number of problems in using the secure workspace on the IPhone when you are moving in and out of networks.  For instance using the secure workspace on the underground as the iPhone was connecting to different wireless networks the connecting to secure workspace box kept flashing on and off making it impossible to compose or delete emails offline.  Furthermore we found when the iPhone was connecting to wireless networks but did not have internet connection on those wireless networks such as Virgin Media it was causing the App to crash. 

 So initial thoughts on the Blackberry Workspaces the secure workspace is clearly a Mark 1 product and will take a good twelve months to mature.  It is arguable whether die hard Blackberry users that have been used to the rock solid reliability and ease of use will be able to suffer the imperfections of using the software on a non-Blackberry device.  Where I see this being most useful is the occasional user that checks their emails once a day in the evening from their iPad then the solution would be more than adequate.  We still have a number of problems to iron out such as push notification on Apple and will blog back later when we have resolved these problems.