Outbound connections: BlackBerry UEM to the BlackBerry Infrastructure
BlackBerry UEM
to the BlackBerry Infrastructure
BlackBerry UEM
must connect with and receive data from the BlackBerry Infrastructure
to perform tasks. BlackBerry UEM
connects with the BlackBerry Infrastructure
over the outbound-initiated, two-way port 3101 (TCP).Your organization's firewall must allow outbound two-way connections over port 3101 to
<region>
.srp.blackberry.com, <region>
.bbsecure.com, and <region>
.turnb.bbsecure.com. For more information about domains and IP addresses to use in your firewall configuration, visit support.blackberry.com/community to read article 36470.If you install the device connectivity components (the
BlackBerry Connectivity Node
) on a separate computer, your organization's firewall must allow connections from that computer over port 443 through the BlackBerry Infrastructure
(<region>
.bbsecure.com) to activate the BlackBerry Connectivity Node
. All other outbound connections from the BlackBerry Connectivity Node
use port 3101 through the BlackBerry Infrastructure
(<region>
.bbsecure.com). To add a BlackBerry Connectivity Node
instance to an existing server group when you activate it, your organization's firewall must allow connections from that server over port 443 through the BlackBerry Infrastructure
(<region>
.bbsecure.com) and to the same bbsecure.com region as the Core server. You have the option of routing data from
BlackBerry UEM
through your organization's TCP proxy server or the BlackBerry Router
to the BlackBerry Infrastructure
. If you choose to send data through a proxy server, configure the firewall to allow the following outbound two-way connections:
- Use port 3102 as the default listening port to connect theBlackBerry UEMcomponents to the TCP proxy server or theBlackBerry Router
- Use port 3101 as the default listening port to connect the components that manageBlackBerryOS devices to the TCP proxy server or theBlackBerry Router
If you configure
BlackBerry UEM
to use a TCP proxy server or the BlackBerry Router
, verify that the proxy allows connections over port 3101 to <region>
.srp.blackberry.com, <region>
.bbsecure.com, and <region>
.turnb.bbsecure.com.
Activities initiated by the
BlackBerry UEM Core
over the port 3101 connection to the BlackBerry Infrastructure
Purpose |
Description |
|---|---|
Authenticate BlackBerry UEM |
Connect to the authentication service to authenticate the BlackBerry UEM installation and allow the components to use the BlackBerry Infrastructure services. |
Enable licenses |
Connect to the licensing infrastructure to activate your organization’s server licenses and to enable BlackBerry 10 , iOS , Android , and Windows devices to use SIM licenses obtained from your service provider. |
Request a signed CSR |
Connect to the signing infrastructure so you can request a certificate signing request (CSR) from BlackBerry . You use the signed CSR to obtain and register an Apple Push Notification Service (APNs) certificate, which you require to manage iOS devices. |
Activate and manage BlackBerry 10 devices |
Connect to the BlackBerry Infrastructure to:
|
Communicate with notification services |
Connect to the BlackBerry Infrastructure to send data to the appropriate notification service for supported device types (APNs, FCM, or WNS). |
Communicate with the BlackBerry push data service |
Connect to the BlackBerry push data service so that you can manage and configure settings for BlackBerry 10 devices. |
Discover server connection during activation |
Connect to the discovery service so that BlackBerry UEM can find and use the server connection automatically when users activate devices. If you turn off this connection, users must specify the server manually when they activate devices. |
Update device OS data |
Connect to the BlackBerry Infrastructure each day at midnight to check a hosted metadata file for new device or OS data. Updates are downloaded to the BlackBerry UEM database. |
Search for apps |
Connect to the BlackBerry Infrastructure and then to the App Store or BlackBerry World so that you can search for apps to add to the available app list. |
Purchase and push apps to iOS devices |
Connect to the BlackBerry Infrastructure and then to the App Store to allow you to buy and push apps to iOS devices. |
Activities initiated by the
BlackBerry Affinity Manager
over the port 3101 connection to the BlackBerry Infrastructure
Purpose |
Description |
|---|---|
Send and receive data for BlackBerry 10 devices |
Connect to the BlackBerry Infrastructure to send and receive data for BlackBerry 10 devices, including Exchange ActiveSync data and enterprise connectivity data (for example, intranet browsing and third-party app data). |
Activities initiated by
BlackBerry Secure Connect Plus
over the port 3101 connection to the BlackBerry Infrastructure
Purpose |
Description |
|---|---|
Secure connection from work apps to work resources |
Connect to the BlackBerry Infrastructure to provide BlackBerry 10 , Android Enterprise , and Knox Workspace devices with a secure connection to work resources using BlackBerry Secure Connect Plus . |
Activities initiated by the components of the
BlackBerry Connectivity Node
over the port 3101 connection to the BlackBerry Infrastructure
Purpose |
Description |
|---|---|
Establish secure device connections to work resources |
You can install one or more instances of the BlackBerry Connectivity Node to add additional instances of the device connectivity components to your organization’s domain. Each BlackBerry Connectivity Node contains the following BlackBerry UEM components:
The BlackBerry Connectivity Node also includes the BlackBerry Proxy , which maintains the secure connection between your organization and the BlackBerry Dynamics NOC . The BlackBerry Proxy does not use the 3101 connection. |