Skip to content
Help and manuals  >  Enterprise services  >  BlackBerry UEM  >  Architecture and data flows
Version: 12.9

BlackBerry UEM components

This diagram shows how the BlackBerry UEM components connect when all components are installed together in the product's simplest configuration.

Architecture diagram showing BlackBerry UEM components

For information about the ports used for connections between components, see "Configuring ports" in the Installation and upgrade content.

Component name


BlackBerry UEM Core

The BlackBerry UEM Core is the central component of the BlackBerry UEM architecture. It consists of several subcomponents that are responsible for:

  • Logging, monitoring, reporting, and management functions
  • Authentication and authorization services
  • Scheduling and sending commands, IT policies, and profiles to devices
  • Sending user, policy, and other configuration data to BlackBerry Dynamics apps on devices.

BlackBerry UEM database

The BlackBerry UEM database is a relational database that contains user account information and configuration information that BlackBerry UEM uses to manage devices and BlackBerry Dynamics apps.

BlackBerry MDS Connection Service

The BlackBerry MDS Connection Service provides a secure connection between BlackBerry 10 devices and your organization's network when the device is not connected to your work Wi-Fi network or using a VPN connection.

BlackBerry Collaboration Service

The BlackBerry Collaboration Service provides an encrypted connection between your organization's instant messaging server and the BlackBerry Enterprise IM app on BlackBerry 10 devices.

BlackBerry Dispatcher

The BlackBerry Dispatcher provides secure connectivity using IPPP for BlackBerry 10 devices.

BlackBerry Affinity Manager

The BlackBerry Affinity Manager is responsible for maintaining an active SRP connection between BlackBerry 10 devices and the BlackBerry Infrastructure when the devices are not using BlackBerry Secure Connect Plus.

BlackBerry Proxy

BlackBerry Proxy maintains the secure connection between your organization and the BlackBerry Dynamics NOC. It also supports BlackBerry Dynamics Direct Connect, which allows app data to bypass the BlackBerry Dynamics NOC.

BlackBerry Secure Connect Plus

BlackBerry Secure Connect Plus provides a secure IP tunnel between work apps on devices and your organization's network. One tunnel that supports standard IPv4 (TCP and UDP) data is established for each device through the BlackBerry Infrastructure.

BlackBerry Secure Gateway

The BlackBerry Secure Gateway provides a secure connection through the BlackBerry Infrastructure and BlackBerry UEM to your organization's mail server for iOS devices.

BlackBerry Gatekeeping Service

The BlackBerry Gatekeeping Service sends commands to Exchange ActiveSync to add devices to an allowed list when devices are activated on BlackBerry UEM. Unmanaged devices that try to connect to an organization's mail server can be reviewed, verified, and blocked or allowed by an administrator using the BlackBerry UEM management console.

Management console and BlackBerry UEM Self-Service

The management console and BlackBerry UEM Self-Service provide a web-based user interface for administrator and user access to BlackBerry UEM.

You use the management console to manage system settings, users, devices, and apps.

Users can use BlackBerry UEM Self-Service to set an activation password and send commands to devices, such as set password, lock device, and delete device data.

BlackBerry Enterprise Mobility Server

BEMS consolidates several services used to send work data to and from BlackBerry Dynamics apps, including: BlackBerry Push Notifications, BlackBerry Connect, BlackBerry Presence, and BlackBerry Docs.

BlackBerry Enterprise Mobility Server databases

The BEMS databases store user, app, policy, and configuration information.

BlackBerry Push Notifications

BlackBerry Push Notifications accepts push registration requests from iOS and Android devices and then communicates with Microsoft Exchange to monitor the user's work mail account for changes.

BlackBerry Connect

BlackBerry Connect provides secure instant messaging, company directory look-up, and user presence information to iOS and Android devices.

BlackBerry Presence

BlackBerry Presence provides real-time presence status to BlackBerry Dynamics apps.

BlackBerry Docs

BlackBerry Docs lets your BlackBerry Dynamics app users access, synchronize, and share documents using their work file server, SharePoint, Box, and content management systems supporting CMIS, without the need for VPN software, firewall reconfiguration, or duplicate data stores.

BlackBerry Router and/or proxy servers

By default, BlackBerry UEM makes a direct connection to the BlackBerry Infrastructure over ports 3101 and 443. If your organization's security policy requires that internal systems not connect directly to the Internet, you can install the BlackBerry Router or use a third-party TCP proxy server that supports SOCKs v5 with no authentication.

The BlackBerry UEM Core and BlackBerry Proxy support using a third-party HTTP proxy server to connect to the BlackBerry Dynamics NOC.

BlackBerry Infrastructure and BlackBerry Dynamics NOC

The BlackBerry Infrastructure registers user information for device activation, validates licensing information for BlackBerry UEM and provides a trusted path between the organization and every user based on strong, cryptographic, mutual authentication.

The BlackBerry Dynamics NOC is a separately-located NOC that provides secure communications between BlackBerry Dynamics apps on devices and the BlackBerry UEM Core, BlackBerry Proxy and BlackBerry Enterprise Mobility Server.