Skip to content
Help and manuals  >  Enterprise services  >  BlackBerry UEM  >  Architecture and data flows
Version: 12.9

BlackBerry UEM Architecture and data flows

The BlackBerry UEM architecture was designed to help you manage mobile devices for your organization and provide a secure link for data to travel between your organization's mail and content servers and your user's devices.

Architecture: BlackBerry UEM solution

Diagram that shows the components used in the in the BlackBerry UEM solution



BlackBerry UEM

BlackBerry UEM is a unified endpoint management solution that provides comprehensive multiplatform device, application, and content management with integrated security and connectivity.

BlackBerry Infrastructure

The BlackBerry Infrastructure registers user information for device activation, validates licensing information for BlackBerry UEM, and provides a trusted path between the organization and every user based on strong, cryptographic, mutual authentication.

BlackBerry UEM maintains a constant connection to the BlackBerry Infrastructure, meaning that organizations require only a single outbound connection to a trusted IP address to send data to users. All the data that travels between the BlackBerry Infrastructure and BlackBerry UEM is authenticated and encrypted to provide a secure communication channel into your organization for devices outside the firewall.

BlackBerry Dynamics NOC

The BlackBerry Dynamics NOC is a network operations center that provides secure communications between BlackBerry Dynamics apps on devices and BlackBerry UEM and the BlackBerry Enterprise Mobility Server.


BlackBerry UEM supports BlackBerry 10, iOS, macOS, Android, Windows, and BlackBerry OS (version 5.0 to 7.1) devices.

Notification services

BlackBerry UEM sends notifications to devices to contact BlackBerry UEM for updates and to report information for your organization’s device inventory. These notifications are sent to the BlackBerry Infrastructure, where they are sent to the devices using the appropriate notification service:

  • APNs is a service that Apple provides to send notifications to iOS and macOS devices.
  • GCM is a service that Google provides to send notifications to Android devices.
  • Windows Push Notification Services (WNS) is a service that Microsoft provides to send notifications to Windows devices.

Routing components

By default, BlackBerry UEM makes a direct connection to the BlackBerry Infrastructure over ports 3101 and 443, and you do not need to install more routing components. However, if your organization's security policy requires that internal systems cannot make connections directly to the Internet, you can use the BlackBerry Router or a proxy server.

The BlackBerry Router acts as a proxy server for connections over the BlackBerry Infrastructure between BlackBerry UEM and all devices. The BlackBerry Router can support SOCKs v5 with no authentication.

If your organization already has a TCP proxy server installed or requires one to meet networking requirements, you can use a TCP proxy server instead of the BlackBerry Router. The TCP proxy server can support SOCKs v5 with no authentication.

The BlackBerry UEM Core and BlackBerry Proxy support using an HTTP proxy server to connect to the BlackBerry Dynamics NOC.

Third-party application and content servers

Additional content servers and application servers in your organization's environment, including the company directory, mail server, certificate authorities, and so on.

BEMS and BlackBerry plug-ins

BlackBerry UEM works with additional BlackBerry enterprise products such as: BlackBerry Enterprise Identity, BlackBerry 2FA, BlackBerry Workspaces, and BlackBerry WorkLife, to allow you to extend UEM capabilities in your organization.

The BlackBerry Enterprise Mobility Server provides several services used to send work data to and from BlackBerry Dynamics apps.