This post was updated on 07/23/18 with clarification from Blackberry technical support on the recent outage.
The title of this post could be the longest one I’ve ever written. See if anyone can read the title repeatably without slurring. 🙂
What inspired me to write this post was another outage with Blackberry UEM cloud on 07/16/2018. Fortunately, it was resolved within a matter of hours.
While I wasn’t surprised that we were not able to access the UEM cloud tenant or activate any new device during the outage, I didn’t realize this issue also prevented users from sending/receiving their email with Blackberry Work as they didn’t mention specifically that Blackberry Dynamics NOC might also be affected.
As it turns out, the recent UEM cloud outage affected mail flow for BlackBerry Work in the following ways:
- If BlackBerry Proxy was restarted, it would have attempted to get its configuration from UEM Cloud Core and would have failed, resulting in loss of mail flow.
- Even if BlackBerry Proxy was NOT restarted, GD token refresh for BlackBerry Work would fail (it’s dependent on UEM Cloud Core, which was unavailable).
If you are interested in learning more about the data flow, check out the link below.
Data flow: Sending and receiving work data from a BlackBerry Dynamics app
During troubleshooting with Blackberry technical support (and there wasn’t much to troubleshoot other than asking to be kept informed when the issue would be resolved), he reminded me about setting up BlackBerry Dynamics Direct Connect which would bypass Blackberry Dynamics NOC if outage ever occurs again. In this case, users with Blackberry Work will continue sending/receiving email as if nothing ever happened.
Generally speaking, all it takes is to open port 17533 to your Blackberry Proxy within your Blackberry Connectivity Node. Then, log onto your UEM cloud tenant and navigate to Settings -> Blackberry Dynamics -> Direct Connect
Click on your Blackberry Proxy instance. Then check off Turn on Direct Connect and the FQDN of your Blackberry Proxy hostname should be filled in automatically.
Notice the field Use web proxy is initially grayed out until you check off Turn on Direct Connect first. Fill in the info here if it applies to your environment.
This backdoor option will sure come in handy next time around (and we all know it will happen sooner or later.)
Thomas Cheng 
If port 17533 all the way through is unaceptable, There are other flavors of Direct connect. You can use a forward proxy or SSL Bridging. More Info can be found here:
Click to access gd_direct_connect.pdf
LikeLike
Thanks for pointing this out!
LikeLike