RIM’s road map to unified mobile management

When Research in Motion finally ships the BlackBerry 10 smartphones in early 2013, your existing BlackBerry Enterprise Server (BES) won’t be able to manage them. Instead, RIM offers a new server called BlackBerry Device Service (BDS) for the new BlackBerrys. You’ll continue to manage the earlier versions of BlackBerry — those running BlackBerry OS 5, 6, or 7 — on the current BES 5.04 product.

That sounds messy, especially when you throw in two more factors:

1. RIM is trying to convince IT organizations to manage iOS and Android devices through a third RIM server called Universal Device Service (UDS).
2. The BlackBerry 10 platform will support Microsoft’s Exchange ActiveSync (EAS) protocol, so you won’t need a proprietary RIM server to manage them.

[ Why RIM developers have faith in BlackBerry 10. | IT: The three steps to saying bye-bye to BlackBerry. Users: How to transfer your BlackBerry contacts to iOS or Android. | Keep up on key mobile developments and insights with InfoWorld’s Mobilize newsletter. ]

The good news is that RIM intends to merge the three servers into one product, to be called BES 10, in May 2013. The tripartite split previously announced, as well as their common Web console (called BlackBerry Enterprise Service), that debuts in early 2013 isn’t the endgame. Instead, it’s an interim step, says Jeff Holleran, director of enterprise management at RIM. He says the multiple servers were needed to get support for iOS, Android, and BlackBerry 10 (including the BlackBerry PlayBook tablets that are sort of a proto-BlackBerry 10 release) to enterprises quickly.

BlackBerry 10 and BES 10 are still very much works in progress. Holleran and several colleagues spent three hours with me recently to discuss BlackBerry 10 and the BES strategy, and they couldn’t answer many of my questions given the platform’s under-development reality. They also showed me some of the BlackBerry 10 user interface, but under very controlled circumstances that reinforce the product’s unfinished state.

The situation today If you want to manage BlackBerry devices, you need a BES as a front end to your email system to secure the manage the connections between the BlackBerry and the email server, as well as to impose policies on the device such as access to the camera, password requirements, and so on. There are more than 500 such policies that BES can impose on a BlackBerry.

Your other choice is to use the BlackBerry Internet Service to set up user email accounts in advance. It’s a fancy way of enabling email access via POP or IMAP but otherwise essentially leaving the device unmanaged.

RIM also sells BDS, which is used to manage just BlackBerry PlayBook tablets that have enabled RIM’s Balance technology — a managed virtual partition for access to corporate email and related resources.

And it sells UDS to manage iOS and Android devices. UDS delivers configuration profiles that let you manage VPN, Wi-Fi, and other network connections (such as to route communications only through secured ones), as well as provision apps and enforce basic policies around encryption and passwords. In iOS, UDS installs the same configuration profiles that any mobile device management (MDM) tool would, as Apple has made this facility native to the operating system to expose its security and management APIs universally.

You can also buy Mobile Fusion Studio, which is essentially a common administrative front end for BES, BDS, and UDS.

Just to confuse matters — RIM is good at this — iOS and Android devices managed by UDS run a client app called Mobile Fusion Client, which gives UDS visibility into device state and is the conduit through which the management profiles are delivered to the devices.

The plans for early 2013 When the BlackBerry 10 devices finally go on sale, RIM will continue to provide BES 5.04 for legacy BlackBerrys. BDS will manage both PlayBook tablets and BlackBerry 10 smartphones. UDS will manage Android and iOS devices essentially unchanged from today’s version. Mobile Fusion Studio will be renamed BlackBerry Management Studio (BMS), which keeps the role of the common administrative front end to all three servers. The collection of BES 5, BDS, UDS, and BMS will be called BlackBerry Enterpriser Service — easily confused with today’s BlackBerry Enterprise Server.

The plans for May 2013 If all goes according to plan, RIM will release BES 10 in May 2013, unifying BDS, MDS, and UDS into one server. BES 5 (for legacy devices) will remain a separate server that can be managed by BES 10’s admin console; operationally, they all will seem to be one server. BES 5 remains as a separate server mainly to let IT continue to use the BES servers already in operation and later remove them without affecting the rest of the BlackBerry management tools when all pre-BlackBerry 10 devices are retired.

But don’t confuse “unified server” with “universal policies.” iOS and Android devices will not support the same policies as BlackBerry 10 and PlayBook devices, which won’t support the same policies as legacy BlackBerrys. Some policies will be universal because all four platforms — BlackBerry 5 through 7, BlackBerry 10/PlayBook, iOS, and Android — happen to support them. But BlackBerrys new and old alike support several hundred policies, versus a couple dozen for Android (it varies from device to device) and about 50 for iOS.

Holleran says you should expect BlackBerry 10 to support the vast majority of current BES policies. Some will go away because they become part of the OS itself, such as enabling the Balance service. Others may go away because hardware differences make them irrelevant, though he declined to give examples.

iOS and Android devices will gain more management capabilities in UDS than the current UDS offers, likely through the introduction of a managed client for those platforms, similar to what established MDM providers Good Technology and MobileIron do. Holleran said it’s too soon to have determined exactly what new management capabilities will be added for iOS and Android devices within those client apps.

How EAS fits in I’ve seen a lot of confusion around RIM’s adoption of EAS. That’s because EAS is used in two different ways.

First, you can use EAS policies in Microsoft Exchange or other server to manage a BlackBerry PlayBook or BlackBerry 10 device, just as you would an iOS or Android device. It’s no longer a choice between using BES or nothing. Thus, smaller businesses will be able to manage BlackBerry 10 devices the same way they do their iOS and Android devices, using the same management tool they already have.

Second, BES 10 uses the EAS conduit to route its traffic between Exchange (or other server) and BES. In the familiar BES world, RIM is simply switching from its own communications protocol to the nearly universal EAS one. But the communication remains encrypted and does not mean BES 10 is using EAS policies. It is using just the EAS communications protocol.

In fact, Holleran explains that if you connect a BlackBerry 10 device to Exchange via BES 10, all EAS policies are automatically turned off except remote wipe. Instead, BES 10 policies are used. That prevents conflicts between EAS policies that may be set for non-BlackBerry users conflicting with BES policies set for BlackBerry users.

So why is remote wipe not disabled as well and replaced with the BES equivalent? Because a remote wipe is usually an urgent action that you don’t want to slow down by having whoever in IT is on call having to check whether to use BES instead of Exchange. Plus, if a person is being unexpectedly terminated, has unexpectedly resigned, or is under suspicion of being a spy, you want to be able to issue the remote wipe to all devices at once, which you can do from Exchange.

Of course, these scenarios assume you have BlackBerry management via BES and non-BlackBerry management via Exchange or an MDM tool — a common scenario today that RIM hopes will become less common if it can convince enterprises to consolidate all their device management under BES 10.

This article, “RIM’s road map to unified mobile management,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen’s mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.