Using enterprise connectivity and BlackBerry Secure Connect Plus for connections to work resources
You can use an enterprise connectivity profile to enable enterprise connectivity and BlackBerry Secure Connect Plus for supported devices.
Enterprise connectivity sends all work data through the BlackBerry Infrastructure to BlackBerry UEM. This feature allows you to avoid opening a direct connection through your organization's firewall to the Internet for device management and apps that connect to your mail server, internal CA, and other web or content servers.
Enterprise connectivity is always enabled for BlackBerry 10 devices, even if you don't use BlackBerry Secure Connect Plus. These devices choose the most efficient path based on network availability.
Enterprise connectivity can be enabled for iOS or Android devices with Secure Work Space, however, Secure Work Space is now in limited maintenance mode and end of life is scheduled for 31 December, 2016.
BlackBerry Secure Connect Plus
- For BlackBerry 10, Samsung KNOX Workspace, and Android for Work devices, all work space apps use the secure tunnel.
- For iOS devices with MDM controls activations, you can allow all apps to use the tunnel or specify apps using per-app VPN.
BlackBerry Secure Connect Plus and a supported device establish a secure IP tunnel when it is the best available option for connecting to the organization’s network. If a device is assigned a Wi-Fi profile or VPN profile, and the device can access the work Wi-Fi network or VPN, the device uses those methods to connect to the network. If those options are not available (for example, if the user is not in range of the work Wi-Fi network), then BlackBerry Secure Connect Plus and the device establish a secure IP tunnel.
For iOS devices with MDM controls activations, if you configure per-app VPN for BlackBerry Secure Connect Plus, the configured apps always use a secure tunnel connection through BlackBerry Secure Connect Plus, even if the app can connect to the work Wi-Fi network or VPN specified in a Wi-Fi or VPN profile.
Supported devices communicate with BlackBerry UEM to establish the secure tunnel through the BlackBerry Infrastructure. One tunnel is established for each device. The tunnel supports standard IPv4 protocols (TCP and UDP). As long as the tunnel is open, apps can access network resources. When the tunnel is no longer required (for example, the user is in range of the work Wi-Fi network), it is terminated.
- The IP traffic that is sent between devices and BlackBerry UEM is encrypted end-to-end using AES256, ensuring the security of work data.
- BlackBerry Secure Connect Plus provides a secure, reliable connection to work resources when a device user cannot access the work Wi-Fi network or VPN.
- BlackBerry Secure Connect Plus is installed behind your organization’s firewall, so data travels through a trusted zone that follows your organization’s security standards.
For more information about how enterprise connectivity and BlackBerry Secure Connect Plus transfer data to and from devices, see the Architecture content.