Notes from RIM BlackBerry presentation

Disclaimer: I’m not even a commited BlackBerry user. However, the platform and the supporting enterprise solution architecture are quite interesting to analyse.

Just few quick notes from the presentation. First off, I have asked RIM guys if they are going to support BlackBerry connection to Enterprise servers via public WiFi networks. After initial confusion I have received a positive answer – yes, BlackBerry will work via 802.11 (Wi-Fi) without the need for use of a mobile operator’s network. Here’s some information.

This is important. Research in Motion has built a clever business model, where mobile operators have a big role in, and profit significantly of, pushing BlackBerry to the enterprises. But now RIM probably has come to realise that users require flexibility in the ways they communicate. Or perhaps want to save on the mobile data bill by using free access, which is now available in many places and even blanket-covers some cities, according to the press (I’ve never been in one yet; I would test that!). I also would like to check whether WiFi connection takes priority over the phone network if both are available, and if different types of wireless connections can be disabled separately…

BlackBerry now supports VPN. That is crazy. Connection from the handheld to BlackBerry Enterprise Server (BES) is already secure; and BES will happily establish any type of connection to the internal network on behalf of the software running on the client handheld. Some consider that a vulnerability – although it only is if combined together with other factors (“All known vulnerabilities have been fixed”, was RIM’s comment). And if someone is being able to connect to the systems on internals network – that is not exactly equivalent of 0wning the network.

Well, back to the VPN feature. At the presentation, one guy said that it would be a good idea to transfom BlackBerry into VPN device – one that tunnels connections from PCs (connected to BlackBerry) securely into the enterprise. And I think – why not? But VPN must be connection type-independent to large extent. That is why Wi-Fi capability would be also important.

BlackBerry now supports smart card reader for strong authentication to the device and to the enterprise infrastructure. The Bluetooth reader also works in Windows. I have asked if RIM is going to integrate a TPM (Trusted Platform Module) into the handheld so that BlackBerry device itself will become an equivalent of a smart card. They weren’t aware of such plans, and suggested that SIM would provide the smart card functionality. I doubt that – it will take at many years (and maybe forever) for all SIMs to have necessary cryptographic capability, provide unified interface, and be available for all networks.

BlackBerry MDS services provide a way to deploy applications that consime XML Web Services onto the client devices. I don’t mind focus on XML Web Services. I’m concerned about the client side. Will we be able to use BlackBerry MDS Studio to develop applications to alternative platforms? I remember the early Java promise – “Write once, run everywhere“… And during the session we have been reminded of another late concept – the drag-and-drop application development. Funny as it is.

And one final note – aboout Googlisation of everything (I have already written about it). The guy sitting next to me was searching Google for the current local time in Melbourne. That is weird. Most of people in the room had wrist watches and one or many mobile phones, most running clock and many synchronising time with reliable service; the time zone here is quite common knowledge. Is that an extreme case of jetlag? I’ll inquire.

In the end, the notes turn out to be not that quick.

2 thoughts on “Notes from RIM BlackBerry presentation”

  1. What would be nice is if the blackberry device/connection can be identified when it travels back into the internal network by ip then you can get rid of the whole vpn function all together.
    Currently all comms going out of the mds by the clients are seen to be originating from the bes itself. If the blackberry connection can be id’ed then network acls can take care of the rest much like regular vpn’s. This shouldn’t be too hard considering that the blackberry unit it tied to an user/mailbox why not tie it to an ip as well.

Leave a Reply

Your email address will not be published. Required fields are marked *