BlackBerry UEM
components

This diagram shows how the

BlackBerry UEM

components connect when all components are installed together in the product's simplest configuration.

For information about the ports used for connections between components, see "Configuring ports" in the Installation and upgrade content.

Component name	Description
BlackBerry UEM Core	The BlackBerry UEM Core is the central component of the BlackBerry UEM architecture. It consists of several subcomponents that are responsible for: Logging, monitoring, reporting, and management functions Authentication and authorization services Scheduling and sending commands, IT policies, and profiles to devices Sending user, policy, and other configuration data to BlackBerry Dynamics apps on devices.
BlackBerry UEM database	The BlackBerry UEM database is a relational database that contains user account information and configuration information that BlackBerry UEM uses to manage devices and BlackBerry Dynamics apps.
BlackBerry MDS Connection Service	The BlackBerry MDS Connection Service provides a secure connection between BlackBerry 10 devices and your organization's network when the device is not connected to your work Wi-Fi network or using a VPN connection.
BlackBerry Dispatcher	The BlackBerry Dispatcher provides secure connectivity using IPPP for BlackBerry 10 devices.
BlackBerry Affinity Manager	The BlackBerry Affinity Manager is responsible for maintaining an active SRP connection between BlackBerry 10 devices and the BlackBerry Infrastructure when the devices are not using BlackBerry Secure Connect Plus .
BlackBerry Proxy	BlackBerry Proxy maintains the secure connection between your organization and the BlackBerry Dynamics NOC . It also supports BlackBerry Dynamics Direct Connect, which allows app data to bypass the BlackBerry Dynamics NOC .
BlackBerry Secure Connect Plus	BlackBerry Secure Connect Plus provides a secure IP tunnel between work apps on devices and your organization's network. One tunnel that supports standard IPv4 (TCP and UDP) data is established for each device through the BlackBerry Infrastructure .
BlackBerry Secure Gateway	The BlackBerry Secure Gateway provides a secure connection through the BlackBerry Infrastructure and BlackBerry UEM to your organization's mail server for iOS devices.
BlackBerry Gatekeeping Service	The BlackBerry Gatekeeping Service sends commands to Exchange ActiveSync to add devices to an allowed list when devices are activated on BlackBerry UEM . Unmanaged devices that try to connect to an organization's mail server can be reviewed, verified, and blocked or allowed by an administrator using the BlackBerry UEM management console.
Management console and BlackBerry UEM Self-Service	The management console and BlackBerry UEM Self-Service provide a web-based user interface for administrator and user access to BlackBerry UEM . You use the management console to manage system settings, users, devices, and apps. Users can use BlackBerry UEM Self-Service to set an activation password and send commands to devices, such as set password, lock device, and delete device data.
BlackBerry Enterprise Mobility Server	BEMS consolidates several services used to send work data to and from BlackBerry Dynamics apps, including: BlackBerry Push Notifications , BlackBerry Connect , BlackBerry Presence , and BlackBerry Docs .
BlackBerry Enterprise Mobility Server databases	The BEMS databases store user, app, policy, and configuration information.
BlackBerry Push Notifications	BlackBerry Push Notifications accepts push registration requests from iOS and Android devices and then communicates with Microsoft Exchange to monitor the user's work mail account for changes.
BlackBerry Connect	BlackBerry Connect provides secure instant messaging, company directory look-up, and user presence information to iOS and Android devices.
BlackBerry Presence	BlackBerry Presence provides real-time presence status to BlackBerry Dynamics apps.
BlackBerry Docs	BlackBerry Docs lets your BlackBerry Dynamics app users access, synchronize, and share documents using their work file server, SharePoint , Box , and content management systems supporting CMIS, without the need for VPN software, firewall reconfiguration, or duplicate data stores.
BlackBerry Router and/or proxy servers	By default, BlackBerry UEM makes a direct connection to the BlackBerry Infrastructure over ports 3101 and 443. If your organization's security policy requires that internal systems not connect directly to the Internet, you can install the BlackBerry Router or use a third-party TCP proxy server that supports SOCKs v5 with no authentication. The BlackBerry UEM Core and BlackBerry Proxy support using a third-party HTTP proxy server to connect to the BlackBerry Dynamics NOC .
BlackBerry Infrastructure and BlackBerry Dynamics NOC	The BlackBerry Infrastructure registers user information for device activation, validates licensing information for BlackBerry UEM and provides a trusted path between the organization and every user based on strong, cryptographic, mutual authentication. The BlackBerry Dynamics NOC is a separately-located NOC that provides secure communications between BlackBerry Dynamics apps on devices and the BlackBerry UEM Core , BlackBerry Proxy , and BlackBerry Enterprise Mobility Server .