Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.13
  3. Administration
  4. Securing network connections
  5. Using BlackBerry Secure Connect Plus for connections to work resources

Using 
BlackBerry Secure Connect Plus
 for connections to work resources

BlackBerry Secure Connect Plus
 is a 
BlackBerry UEM
 component that provides a secure IP tunnel between apps and your organization's network:
  • For 
    Android Enterprise
     and 
    BlackBerry 10
     devices, all work apps use the secure tunnel.
  • For 
    Samsung Knox Workspace
     devices and 
    Samsung Knox
     devices with 
    Android Enterprise
     activations, you can allow all work space apps to use the tunnel or specify apps using per-app VPN.
  • For 
    iOS
     devices, you can allow all apps to use the tunnel or specify apps using per-app VPN.
If 
BlackBerry Secure Connect Plus
 is not available in your region, you must manually disable it for 
Android
 devices in the Enterprise connectivity profile.
The secure IP tunnel gives users access to work resources behind your organization’s firewall while ensuring the security of data using standard protocols and end-to-end encryption.
BlackBerry Secure Connect Plus
 and a supported device establish a secure IP tunnel when it is the best available option for connecting to the organization’s network. If a device is assigned a 
Wi-Fi
 profile or VPN profile, and the device can access the work 
Wi-Fi
 network or VPN, the device uses those methods to connect to the network. If those options are not available (for example, if the user is not in range of the work 
Wi-Fi
 network), then 
BlackBerry Secure Connect Plus
 and the device establish a secure IP tunnel.
For 
iOS
 devices, if you configure per-app VPN for 
BlackBerry Secure Connect Plus
, the configured apps always use a secure tunnel connection through 
BlackBerry Secure Connect Plus
, even if the app can connect to the work 
Wi-Fi
 network or the VPN specified in a VPN profile.
Supported devices communicate with 
BlackBerry UEM
 to establish the secure tunnel through the 
BlackBerry Infrastructure
. One tunnel is established for each device. The tunnel supports standard IPv4 protocols (TCP and UDP) and the IP traffic that is sent between devices and 
BlackBerry UEM
 is encrypted end-to-end using AES256. As long as the tunnel is open, apps can access network resources. When the tunnel is no longer required (for example, the user is in range of the work 
Wi-Fi
 network), it is terminated.
For more information about how 
BlackBerry Secure Connect Plus
 transfers data to and from devices, see the on-premises Architecture content or the Cloud Architecture content.