Skip to content
Help and manuals  >  Enterprise services  >  BlackBerry UEM  >  Architecture and data flows
Version: 12.9

BlackBerry UEM regional deployment

This diagram shows how the BlackBerry UEM components connect together when one or more instances of the BlackBerry Connectivity Node are installed in a separate location. You can use server groups to specify the regional instance of the BlackBerry Connectivity Node that a device connects to.

Architecture diagram showing a regional installation of the BlackBerry Connectivity Node

For information about the ports used for connections between components, see "Configuring ports" in the Installation and upgrade content.

Component name


Primary BlackBerry UEM components

The primary BlackBerry UEM components include the BlackBerry UEM Core and all components installed with it on the same server.

BlackBerry UEM Core

The BlackBerry UEM Core is the central component of the BlackBerry UEM architecture. It consists of several subcomponents that are responsible for:

  • Logging, monitoring, reporting, and management functions
  • Authentication and authorization services
  • Scheduling and sending commands, IT policies, and profiles to devices
  • Sending user, policy, and other configuration data to BlackBerry Dynamics apps on devices.

BlackBerry UEM database

The BlackBerry UEM database is a relational database that contains user account information and configuration information that BlackBerry UEM uses to manage devices and BlackBerry Dynamics apps.

BlackBerry MDS Connection Service

The BlackBerry MDS Connection Service provides a secure connection between BlackBerry 10 devices and your organization's network when the device is not connected to your work Wi-Fi network or using a VPN connection.

BlackBerry Collaboration Service

The BlackBerry Collaboration Service provides an encrypted connection between your organization's instant messaging server and the Enterprise IM app on BlackBerry 10 devices.

BlackBerry Dispatcher

The BlackBerry Dispatcher provides secure connectivity using IPPP for BlackBerry 10 devices.

BlackBerry Affinity Manager

The BlackBerry Affinity Manager is responsible for maintaining an active SRP connection between BlackBerry 10 devices and the BlackBerry Infrastructure when the devices are not using BlackBerry Secure Connect Plus.

BlackBerry Gatekeeping Service (primary)

The BlackBerry Gatekeeping Service sends commands to Exchange ActiveSync to add devices to an allowed list when devices are activated on BlackBerry UEM. Unmanaged devices that try to connect to an organization's mail server can be reviewed, verified, and blocked or allowed through the BlackBerry UEM management console by an administrator.

Management console and BlackBerry UEM Self-Service

The Management console and BlackBerry UEM Self-Service provide a web-based user interface for administrator and user access to BlackBerry UEM. It can be installed separately from other BlackBerry UEM components.

You use the management console to manage system settings, users, devices, and apps.

Users can access BlackBerry UEM Self-Service to set an activation password and send commands, such as set password, lock device, and delete device data, to devices.

BlackBerry Connectivity Node

The BlackBerry Connectivity Node installs instances of the BlackBerry UEM device connectivity components to your organization’s domain on a different server than the BlackBerry UEM Core. Each BlackBerry Connectivity Node contains these components:

  • BlackBerry Cloud Connector
  • BlackBerry Proxy
  • BlackBerry Secure Connect Plus
  • BlackBerry Secure Gateway
  • BlackBerry Gatekeeping Service

If you have regional deployments of the BlackBerry Connectivity Node you must configure the connection between the BlackBerry UEM Core and the server group containing the regional BlackBerry Connectivity Node.

BlackBerry Cloud Connector

The BlackBerry Cloud Connector allows the BlackBerry Connectivity Node components to communicate with the BlackBerry UEM Core. All communication between the BlackBerry Cloud Connector and BlackBerry UEM Core travels through the BlackBerry Infrastructure.

BlackBerry Proxy

BlackBerry Proxy maintains the secure connection between your organization and the BlackBerry Dynamics NOC. It also supports BlackBerry Dynamics Direct Connect, which allows app data to bypass the BlackBerry Dynamics NOC.

BlackBerry Secure Connect Plus

BlackBerry Secure Connect Plus provides a secure IP tunnel between work apps on devices and your organization's network. One tunnel that supports standard IPv4 (TCP and UDP) data is established for each device through the BlackBerry Infrastructure.

BlackBerry Secure Gateway

The BlackBerry Secure Gateway provides a secure connection through the BlackBerry Infrastructure and BlackBerry UEM to your organization's mail server for iOS devices.

BlackBerry Gatekeeping Service (BlackBerry Connectivity Node)

BlackBerry UEM can use instances of BlackBerry Gatekeeping Service installed with the BlackBerry Connectivity Node to manage gatekeeping for your mail server. Each instance must be able to access your organization’s gatekeeping server.

If you want gatekeeping data to be managed only by the BlackBerry Gatekeeping Service that is installed with the primary BlackBerry UEM components, you can disable the BlackBerry Gatekeeping Service in each BlackBerry Connectivity Node

BlackBerry Enterprise Mobility Server

BEMS consolidates several services used to send work data to and from BlackBerry Dynamics apps, including: BlackBerry Push Notifications, BlackBerry Connect, BlackBerry Presence, and BlackBerry Docs.

BlackBerry Enterprise Mobility Server databases

The BEMS databases store user, app, policy, and configuration information.

BlackBerry Infrastructure and BlackBerry Dynamics NOC

The BlackBerry Infrastructure registers user information for device activation, validates licensing information for BlackBerry UEM and provides a trusted path between the organization and every user based on strong, cryptographic, mutual authentication.

The BlackBerry Dynamics NOC is a separately-located NOC that provides secure communications between BlackBerry Dynamics apps on devices and the BlackBerry UEM Core, BlackBerry Proxy and BlackBerry Enterprise Mobility Server.