Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.13
  3. Planning and Architecture
  4. BlackBerry UEM Cloud Architecture and Data Flows
  5. BlackBerry UEM Cloud architecture and data flows

BlackBerry UEM Cloud
 architecture and data flows

BlackBerry UEM Cloud
 is a unified endpoint management solution from 
BlackBerry
. With 
BlackBerry UEM Cloud
 you can manage 
iOS
macOS
Android
Windows 10
, and 
BlackBerry 10
 devices using a simple web-based interface and protect business information on BYOD, COPE, and COBO devices. 
The 
BlackBerry UEM Cloud
 architecture was designed to help you manage mobile devices for your organization in a cloud environment and provide a secure link for data to travel between your organization's mail and content servers and your user's devices.
 

Architecture: 
BlackBerry UEM Cloud
 solution

Diagram that shows the components used in the in the BlackBerry UEM Cloud solution
Component
Description
BlackBerry UEM Cloud
BlackBerry UEM Cloud
 is a service that allows you to manage devices used in your organization's environment.
BlackBerry Infrastructure and BlackBerry Dynamics NOC
The 
BlackBerry Infrastructure
 registers user information for device activation and validates licensing information for 
BlackBerry UEM Cloud
. If you enable 
BlackBerry Secure Connect Plus
 or the 
BlackBerry Secure Gateway
, data in transit that uses these services passes through the 
BlackBerry Infrastructure
.
The 
BlackBerry Dynamics NOC
 is a separately located NOC that provides secure communications between 
BlackBerry Dynamics
 apps on devices and 
BlackBerry Proxy
 installed behind the firewall as part of the 
BlackBerry Connectivity Node
.
Devices
BlackBerry UEM Cloud
 supports 
iOS
macOS
Android
Windows 10
, and 
BlackBerry 10
 devices.
Notification services
BlackBerry UEM Cloud
 sends notifications to devices to contact 
BlackBerry UEM
 for updates and to report information for your organization's device inventory. These notifications are sent to the 
BlackBerry Infrastructure
, where they are sent to the devices using the appropriate notification service:
  • APNs is a service that 
    Apple
     provides to send notifications to 
    iOS
     and 
    macOS
     devices. 
  • FCM is a service that 
    Google
     provides to send notifications to 
    Android
     devices. 
  • WNS is a service that 
    Microsoft
     provides to send notifications to 
    Windows 10
     devices. 
BlackBerry Connectivity Node
The 
BlackBerry Connectivity Node
 is an optional component that you install inside your organization's firewall. It includes five components that add functionality to 
BlackBerry UEM Cloud
:
  • The 
    BlackBerry Cloud Connector
     connects 
    BlackBerry UEM Cloud
     to your company directory behind the firewall to allow basic attribute synchronization, search functionality, and user authentication services. If you don't install the 
    BlackBerry Connectivity Node
     and your company directory is behind the firewall, you must create local user accounts in 
    BlackBerry UEM Cloud
     instead of using the user accounts in your company directory. The 
    BlackBerry Cloud Connector
     is not required for 
    BlackBerry UEM Cloud
     to connect to 
    Microsoft Azure
    Active Directory
    .
  • BlackBerry Proxy
     maintains a secure connection between your organization and the 
    BlackBerry Dynamics NOC
    , which allows 
    BlackBerry Dynamics
     apps to communicate securely with your organization's resources behind the firewall. It also supports 
    BlackBerry Dynamics Direct Connect
    , which allows app data to bypass the 
    BlackBerry Dynamics NOC
    .
  • The 
    BlackBerry Gatekeeping Service
     sends commands to 
    Exchange ActiveSync
     to add devices to an allowed list when devices are activated on 
    BlackBerry UEM Cloud
    . Unmanaged devices that try to connect to an organization's mail server can be reviewed, verified, and blocked or allowed by an administrator using the 
    BlackBerry UEM
     management console.
  • BlackBerry Secure Connect Plus
     provides a secure IP tunnel between work apps on devices and your organization's network. One tunnel that supports standard IPv4 (TCP and UDP) data is established for each device through the 
    BlackBerry Infrastructure
    .
  • The 
    BlackBerry Secure Gateway
     provides a secure connection through the 
    BlackBerry Infrastructure
     and 
    BlackBerry UEM Cloud
     to your organization's mail server for 
    iOS
     devices.
The 
BlackBerry Connectivity Node
 uses port 3101 to communicate with 
BlackBerry UEM Cloud
.
BlackBerry Enterprise Mobility Server
If you have installed the 
BlackBerry Connectivity Node
, you can also install an on-premises 
BEMS
BEMS
 consolidates several services used to send work data to and from 
BlackBerry Dynamics
 apps:
  • BlackBerry Connect
     provides secure instant messaging, company directory look-up, and user presence information to 
    iOS
     and 
    Android
     devices.
  • BlackBerry Presence
     provides real-time presence status to 
    BlackBerry Dynamics
     apps.
  • BlackBerry Docs
     lets your 
    BlackBerry Dynamics
     app users access, synchronize, and share documents using their work file server, 
    SharePoint
    Box
    , and content management systems supporting CMIS, without the need for VPN software, firewall reconfiguration, or duplicate data stores.
BlackBerry Enterprise Mobility Server
 databases
The 
BEMS
 databases store user, app, policy, and configuration information.
Company directory
BlackBerry UEM Cloud
 supports connectivity with your organization's 
Microsoft Active Directory
 or LDAP company directory behind the firewall using the 
BlackBerry Connectivity Node
.
Microsoft Azure
Active Directory
Microsoft Azure
Active Directory
 is a cloud-based directory management service. If your organization uses 
Azure
Active Directory
 you can connect to it instead of, or in addition to, a company directory behind the firewall.
Content, application, and mail servers
When you enable 
BlackBerry Secure Connect Plus
 or when users have 
BlackBerry Dynamics
 apps, devices can connect to your organization's servers without requiring you to open a direct connection between the server and the Internet. Work data in transit between your servers and devices is sent through 
BlackBerry Secure Connect Plus
 and the 
BlackBerry Infrastructure
BlackBerry Dynamics
 app data is sent through 
BlackBerry Proxy
 and the 
BlackBerry Dynamics NOC
.
The 
BlackBerry Secure Gateway
 provides a secure connection through the 
BlackBerry Infrastructure
 and 
BlackBerry Connectivity Node
 between your organization's mail server and 
iOS
 devices.
BlackBerry
 plug-ins and 
BEMS
The cloud version of 
BlackBerry Enterprise Mobility Server
 provides 
BlackBerry Push Notifications
, which accepts push registration requests from 
iOS
 and 
Android
 devices and then communicates with 
Microsoft Exchange
 to monitor the user's work mail account for changes. If 
Microsoft Exchange
 is behind your organization's firewall, you must open a port for 
BEMS
 to communicate with 
Microsoft Exchange
.
BlackBerry UEM Cloud
 works with additional 
BlackBerry
 enterprise products such as 
BlackBerry Enterprise Identity
BlackBerry 2FA
, and 
BlackBerry Workspaces
, to allow you to extend 
UEM
 capabilities in your organization.