Implement Blackberry Unified Endpoint Manager (UEM) Part 1 – Introduction and Prerequisites

Years ago, I implemented Blackberry Enterprise Server 5.0 (known to many as BES 5) for a small to medium size business. The setup was relatively straightforward, and device provisioning was a breeze. At the time, Blackberry (previously known as Research In Motion, or RIM) was the dominant player in the MDM market. Nowadays, the shift from the handset business to focus on enterprise security that major corporations and government agencies heavily depend on keeps Blackberry among some of the major contenders in the Unified Endpoint Management (UEM) market space. My experience with the Blackberry Unified Endpoint Manager (UEM) setup is a testament to the core value of this company.

This topic warrants a number of posts so you can follow along with ease. While this series is not a one size fits all solution, my goal is to help get your environment setup and running as swift and painless as possible. Having said that, here’s the general breakdown:

Based on the size of your user population, you can start with just a standalone Blackberry UEM host. However, I recommend setting up at least one additional host (preferably in a different location) for high availability or maybe even for disaster recovery. As you will see later in this post, adding additional Blackberry UEM host for HA/DR purpose does not even require any load balancer.

Below is a diagram showing the setup in its simplest form.

uem1.jpg

If you are interested in additional security or feature enhancement to supplement your UEM setup, you will definitely want to incorporate additional components in your setup similar to the diagram below. I will share my experience on two of these components (Blackberry Router and Blackberry Enterprise Mobility Server) in separate posts.

uem2.jpg

Before we begin, it’s prudent to review the documentation from Blackberry via this link such as hardware, software and port requirements. You can also download the software from the same link.

uem3.jpg

Before the actual installation, the following prerequisites should have been completed:

  1. Build server(s) per requirement (pay attention to both CPU and memory).
  2. Download and save the installers to the server(s).
  3. Create a service account and assign proper permission to it on both UEM and SQL servers.
    • UEM sever:
      • Must be part of the Administrators group.
      • Must have Log on as a service permission (i.e. Local Group Policy)
    • SQL server:
      • Must have db_creator privilege for database creation. This can be removed once installation completes.
      • Must have db_owner privilege on Blackberry databases (this is automatically added/assigned during installation).

In some organizations, you may think of granting db_creator privilege to a different account instead of the service account for security purpose. As you will see in part 2 of this series, however, this is prohibited since you will not be able to specify the service account during installation for running all the Blackberry services on the UEM server.

uem4.jpg

Optionally, you may run the Blackberry UEM Readiness Tool (download via this link) to make sure your server(s) is ready for installation.

uem5.jpguem6.jpguem7.jpg

I have a Blackberry Router setup in my environment, but again it’s optional depending on your security requirement.

uem8.jpguem9.jpg

If you have granted the service account proper privileges in your SQL environment, you can validate the database connection as well.

uem10.jpguem12.jpguem13.jpg

That’s it! Follow my journey by clicking here as we continue with the installation.

8 comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.