Extent of integration with active directory, Location of blackberry administration service – Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide User Manual

30

Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide

Extent of Integration with Active Directory

During the BlackBerry Enterprise Server 5.0 installation, BlackBerry Enterprise Server
prompts you to provide credentials for a user in Active Directory. These credentials must
authenticate properly.

However, once authenticated, you can determine the visibility that this user has into Active
Directory. This will impact some BlackBerry Enterprise Server features. The credentials you
provide will be used by BlackBerry Enterprise Server when performing queries against this
Directory.

BlackBerry Enterprise Server queries AD for a couple of purposes:

•

Populating the configuration database with users that can be provisioned in BlackBerry
Enterprise Server.

•

Active Directory-based authentication in the BlackBerry Administration Service (BAS) web
client.

You can choose the level of visibility to give to BlackBerry Enterprise Server. You can either
provide a user account that has visibility to browse your Active Directory, or provide a valid
domain account without Active Directory visibility.

If your company does not wish to give BlackBerry Enterprise Server any visibility into Active
Directory, the MAPI Global Address List will be used to present the users that can be
provisioned in BlackBerry Enterprise Server, and all users will be required to log into the BAS
web client with BAS credentials. BAS credentials are credentials that are local to BlackBerry
Enterprise Server. BAS credentials are explicitly provided on a user by user basis by the
BlackBerry Enterprise Server administrator.

Choosing a domain account with visibility into your Active Directory provides a simpler
adminsitration experience, but for some environments this level of access may violate
company security policy. Choose the level of account access that is appropriate for your
administration and security needs.

Location of BlackBerry Administration Service

BlackBerry Enterprise Server version 5.0.2 uses a web-based administration interface through
BlackBerry Administration Service (BAS). This interface imposes additional performance
requirements, since BAS runs as a web server that is hosted by Apache, JBoss, and other
web server technologies. Web server components must be installed on the same machine that
is running BAS.

For performance purposes, you may wish to install BAS on a different server than BlackBerry
Enterprise Server, but with access to the same configuration database.

See the official BlackBerry Enterprise Server documentation provided by Research In Motion
for performance implications of running BAS and BlackBerry Enterprise Server on the same
server and how to install these components on different servers.