Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.11
  3. Administration
  4. Securing network connections
  5. Using enterprise connectivity and BlackBerry Secure Connect Plus for connections to work resources

Using 
enterprise connectivity and 
BlackBerry Secure Connect Plus
 for connections to work resources

You can use an enterprise connectivity profile to enable
 enterprise connectivity and
 
BlackBerry Secure Connect Plus
 for supported devices.
Enterprise connectivity
Enterprise connectivity sends all work data sent between 
BlackBerry 10
 devices and your organization's network through the 
BlackBerry Infrastructure
 to 
BlackBerry UEM
. This feature allows you to avoid opening a direct connection through your organization's firewall to the Internet for 
BlackBerry 10
 device management and apps that connect to your mail server, internal CA, and other web or content servers. Enterprise connectivity is always enabled for 
BlackBerry 10
 devices, even if you don't use 
BlackBerry Secure Connect Plus
. These devices choose the most efficient path based on network availability.
BlackBerry Secure Connect Plus
BlackBerry Secure Connect Plus
 is a 
BlackBerry UEM
 component that provides a secure IP tunnel between apps and your organization's network:
  • For 
    BlackBerry 10
     and 
    Android Enterprise
     devices, all work apps use the secure tunnel.
  • For 
    Samsung KNOX Workspace
     devices, you can allow all work space apps to use the tunnel or specify apps using per-app VPN
  • For 
    iOS
     devices, you can allow all apps to use the tunnel or specify apps using per-app VPN.
If 
BlackBerry Secure Connect Plus
 is not available in your region, you must manually disable it for 
Android
 devices in the Enterprise connectivity profile.
The secure IP tunnel gives users access to work resources behind your organization’s firewall while ensuring the security of data using standard protocols and end-to-end encryption.
BlackBerry Secure Connect Plus
 and a supported device establish a secure IP tunnel when it is the best available option for connecting to the organization’s network. If a device is assigned a 
Wi-Fi
 profile or VPN profile, and the device can access the work 
Wi-Fi
 network or VPN, the device uses those methods to connect to the network. If those options are not available (for example, if the user is not in range of the work 
Wi-Fi
 network), then 
BlackBerry Secure Connect Plus
 and the device establish a secure IP tunnel.
For 
iOS
 devices, if you configure per-app VPN for 
BlackBerry Secure Connect Plus
, the configured apps always use a secure tunnel connection through 
BlackBerry Secure Connect Plus
, even if the app can connect to the work 
Wi-Fi
 network or VPN specified in a 
Wi-Fi
 or VPN profile.
Supported devices communicate with 
BlackBerry UEM
 to establish the secure tunnel through the 
BlackBerry Infrastructure
. One tunnel is established for each device. The tunnel supports standard IPv4 protocols (TCP and UDP). As long as the tunnel is open, apps can access network resources. When the tunnel is no longer required (for example, the user is in range of the work 
Wi-Fi
 network), it is terminated.
BlackBerry Secure Connect Plus
 offers the following advantages:
  • The IP traffic that is sent between devices and 
    BlackBerry UEM
     is encrypted end-to-end using AES256, ensuring the security of work data.
  • BlackBerry Secure Connect Plus
     provides a secure, reliable connection to work resources when a device user cannot access the work 
    Wi-Fi
     network or VPN.
  • BlackBerry Secure Connect Plus
     is installed behind your organization’s firewall, so data travels through a trusted zone that follows your organization’s security standards.
For more information about how 
enterprise connectivity and 
BlackBerry Secure Connect Plus
 transfer data to and from devices, see the Architecture content.