The latest iteration of Research in Motion's enterprise device management solution, BlackBerry Enterprise Server 5.0, greatly simplifies centralized mobile administration tasks.
Delivering features such as server high availability, a new Web interface, improved deployment status visibility and role-based administration, BES 5.0 will simplify day-to-day mobile device management and allow more effective delegation of tasks among front-line and second-tier administrators.
I tested BES 5.0 for Microsoft Exchange. Pricing starts at $2,999 for the software (per server pair) and a single client access license, or $3,999 for the software and 20 CALs. A pack of 500 additional CALs costs $27,999. Customers needing 1,000 or more CALs can opt to join the BlackBerry Enterprise License Program for customized licensed packages at additional levels of discount.
Customers with current CALs who wish to upgrade BES from a previous version face a one-time charge of $999 per server.
To the Test
I tested BES 5.0 for Exchange in conjunction with a range of BlackBerry handsets to ensure compatibility with both the latest and older models in RIM's fleet. Client software versions ranged from 4.2 to 4.7, as the test bed included the BlackBerry Bold, the Curves 8310 and 8900, and the new BlackBerry Tour.
BES 5.0 features a new Web-based management console called the BlackBerry Administration Service, rather than the desktop software that was needed with previous BES versions. The Web interface--which can use either Microsoft Active Directory domain credentials or the built-in user database to authenticate administrators--makes it easier for administrators to log in and make quick changes even when not at their primary machine. However, I was disappointed in the lack of browser support. BAS works only with Internet Explorer browsers, and perhaps not every version, since I was cautioned by RIM representatives against using BAS with IE 8 (although I did not encounter any issues when doing so).
From the Web GUI, administrators will discover improved flexibility when assigning policy, although I didn't find the implementation as flexible as I expected in tests. RIM touts the fact that with BES 5.0, users can now be assigned to multiple groups simultaneously, that groups can be assigned to groups, and that policies can be assigned to any of those groups or directly to a user's account.
I expected to be able to tier and structure policies, creating a default policy that could apply to the entire user population and layering on additional policies that would apply to subsections of the inventory--something analogous to how Group Policy works in Active Directory.
What I found was that only one policy can be assigned to a user. If a user is assigned an individual policy, applicable group-assigned policies will be ignored. If multiple policies are assigned to the same group, only the policy with the greatest precedence will be enforced. Administrators therefore must take great care to establish a hierarchy of policy precedence to ensure that rules are deployed as expected.
I also wanted to be able to apply policy according to a user's hardware-for example, applying a certain rule or software configuration that would apply to the Bold--but BES 5.0 does not allow this kind of assignment. However, it does free a few categories of settings from standard policies, giving administrators the ability to create and assign wireless LAN, VPN and voice over IP settings via configuration templates alongside standard profiles (although these options can also be set within a standard policy).
Improved Management Experience
BES 5.0 vastly improves the management experience after deployment, providing much more insight into deployment job status once jobs have been sent to devices.
From BES, I could run reports against inventory to find devices still awaiting update, devices with update failures or devices with successfully completed updates to ensure that policy was being enforced across the deployment.
To enable better workflow when creating user accounts tied to particularly large Active Directory implementations, BES 5.0 performs a daily query and pull of users from AD. This somewhat speeds the discovery process when creating new user accounts within BES.
Another significant improvement with BES 5.0 is the new role-based administration implementation. With this feature, BES customers can more effectively organize the administration force according to task. Front-line administrators can be assigned only to the BES servers or user groups for which they are responsible, with read-only permissions if needed. By default, BES 5.0 comes with eight roles pre-defined, but senior administrators can create new roles or modify existing ones to tune permissions as appropriate within the company's management infrastructure.
Also new with BES 5.0 is high availability, creating a pool between each active server and a paired backup.
For no additional costs from RIM--one server license activates one active server and the redundant one--administrators can add resiliency to their BlackBerry management infrastructure. Failover from the active primary to the secondary server can occur automatically in case of a downed service or loss of connectivity, and administrators can set other health thresholds, as well. If failure to the standby server happens automatically, administrators will need to manually trigger the system to revert to the original server.
Administrators can also leverage the cluster to maintain uptime during upgrade cycles, moving users to the backup server before performing patches or upgrades. RIM's documentation claims administrators can share the load of certain BES components between the pair, although I did not test this.
BES 5.0 also lays the groundwork for additional new features that can be delivered to handsets once RIM updates the client software to Version 5.0, a move that is expected to occur later this year. Among the list of new features is remote access to Windows network file shares, direct manipulation of e-mail folders on the device, better handling of calendar items with attachments and e-mail flagging capabilities more compatible with Outlook.
Senior Analyst Andrew Garcia can be reached at [email protected]