Confirmation of Blackberry message flow

Hi there

I was just hoping someone could help with a query I had about how Blackberry Enterprise Server works in a corporate environment;

Let's say we have;

We have two BES servers, BES1 and BES2. BES1 holds the account for User1 and BES2 for User2.

Likewise, we have two Exchange servers, Exch1 and Exch2. User1's account is on Exch1 and User2's on Exch2.

Our mail domain is

Am I correct in thinking that the message flow works like this;

BES1 and BES2 make a connection on port 3101 to the RIM server on the Internet. They authenticate themselves with the SRP Authentication key that is held on each BES server, and identifiy themselves with the SRP Identifier, also held on each server, and which is globally unique. This way, the RIM server has an identifier for each BES server and its corresponding mail domain that is connected to it. Both BES servers transfer information such as who has an account on which server, what the mail domain is etc etc.

We create an account for User1 on BES1. We also wirelessly activate User1's handheld. When we enter User1's mail address,, the handheld talks to the RIM server. The RIM server checks its table of mail domain names and finds out that is registered to BES1 and BES2. It then finds out which server holds the account for User1 and tells BES1 that User1 has a handheld with a PIN of #### and an IP of xxxxx (the device has an IP since it is on a GPRS network).

The same process occurs for User2.

The BES servers then communicate with Exch1 and Exch2 and pull information relating to User1 and User2 (e.g mails) and sends this information, via the RIM server, to the handheld devices.

If User1 sends a mail from his Blackberry, then the handheld device connects to the RIM server to state that a mail has been sent. The RIM server sends this information to BES1, and BES1 connects to Exch1 and sends a mail - on behalf of that user - using the BESAdmin account.

Am I correct in my thinking above?

Just a couple of questions;

a) Where do Service Books fit in with this?
b) How does encryption work with mails?
c) Do the BES servers connect to all Exchange servers in an organisation, or just one?

Hope someone can help! I would prefer an answer to my questions rather than a link to the Blackberry site, since it's from the Blackberry site that I'm getting my basic information.


Who is Participating?
Kurt_BraeckmansConnect With a Mentor Commented:
You're correct in your thinking.

Some answers on your questions:
a) the service books holds track of the SRP key. So the BB gives this key at RIM, and then they know were to send the message.
b)the BES encrypts the message
c)On the BES you have messaging agents who connects to the specific exchange servers.
Users on the BES are assigned to an messaging agent.  This means that the BES can connect to all exchange servers.
bruce_77Author Commented:
Hi Kurt

Ok, thanks...just some quick questions;

a) The service books are sent to the handhelds, correct? Why do the handhelds need to know the SRP key, or is this so that when they connect to the RIM server, the RIM server does not need to keep doing a lookup on the mail domain name?

b) Is the encryption data held in the service book as well?

c) What is a messaging agent exactly? Is it a user account?

a) the service books are indeed send to the handhelds.  probably to make the lookup easier when mail is  transferred from handheld to BES.

b) here you find a good explanation when encryption is used when activating a BB:

c)the agents looks in the exchange mailbox that there are new changed items and gives this at the BES.  This is taken care of by a service

I also found a good link what the service books do:
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

bruce_77Author Commented:
Thanks Kurt, just one final question and that will be all!

What information do the Service Books actually contain, apart from SRP keys?
ALogvinConnect With a Mentor Commented:
Think of a Service Book like a device driver for your computer mouse. It contains the data that allows the device to use advanced features of the hardware. For example, the Desktop [CICAL] service book can contains information that allows your device to be syncronized wirelessly. If you were to plug your device into Desktop Manager, it woudlnt sync it over the wire, as it knows that you sync wirelessly.
Alogvin is right.  That's the most simple explanation.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.