Exploring the ways to activate your BlackBerry on a BES

Enterprise Activation - Complete

Back when the new BB7 devices launched I wrote an article about the Enterprise Activation application compatibility issues with OS7. The article stirred up quite a bit of controversy and some really "interesting" comments, some of which told me that there is a need for some clarification on the different methods of activating a BlackBerry on a BlackBerry Enterprise Server (BES).

So let's look at the many options for activating on a BES and what actually occurs duing this mysterious Enterprise Activation. Are you sitting comfortably? Than we'll begin.

Activating your BlackBerry on a BES

Wired Activation

This is the old school way to activate a BlackBerry on a BES. Prior to version 4.0 this was the only way to activate. In order to activate a BlackBerry via the USB cable you will need your BlackBerry connected and either BlackBerry Desktop Software (DM) or BlackBerry Web Desktop Manager (WDM). If you're unfamiliar with WDM, it was introduced with BES 5.0 and it allows you to do many of the housekeeping parts of the standard DM but without the need of installing any software. WDM won't allow you to reload an OS but you can provision a new BlackBerry on the BES yourself and even initiate a device wipe.

The downside to WDM is that it requires a LAN connection to the BES. This means you must be either local behind the corporate firewall or have VPN access. This is generally not a problem for standard corporate users but for users like myself who are on a hosted Exchange BES solution, we get VPN access. To use WDM you will be given a local internal IP from the IT department which you plug into your web browser from inside the corporate firewall and login with you standard active directory credentials.

Web DM screenshot

Standard DM offers you the option to connect from outside the corporate firewall using Remote Procedure Call over HTTPS. OK for those who don't have an MCSC, RPC over HTTPS is just a secure MAPI connection from your PC  to the exchange server without the need of a dedicated VPN connection. This is useful to reduce bandwidth on a company with many remote users. Instead of a constant data connection via VPN you can operate Outlook in a cached mode and periodically query the exchange server for data requests. Translation more users can efficiently access the mail server remotely.

If you have your Outlook configured for RPC of HTTPS the BlackBerry DM software will use the same connection to allow your BlackBerry connect to the BES and allow for a cable activation. At this point one may want to ask why would a cable connection be required?

Why not just wireless activate? Imagine you lost your BlackBerry while traveling. Your carrier sends you a new device to your hotel and now you want to activate on the BES. If this happened overseas that would be a serious roaming bill. My carrier, Rogers charges $30/mb for data roaming - I find that option to be unacceptable. So the cable activation is quite necessary here. What if you are in a 2G only coverage area? If you're on AT&T that is a real possibility and that could take quite some time depending on the size of your information store.

Desktop Manager


Wireless Activation

As mentioned previously, wireless activation was introduced back with BES 4.0 and what a welcome addition this was! Imagine not having to live tethered to a USB cable for provisioning your BlackBerry. I've also been in corporate environments where it's been necessary to activate 50 to 100 devices at the same time, the USB option is simply unrealistic for this.

Although data usage applies, most would agree that this is the preferred activation method. When RIM first introduced the BES Express last year carriers were blocking the ability to do a wireless activation if you didn't subscribe to the higher cost BES data plans. Thankfully RIM decided to end that madness and introduced the Enterprise Activation App back in March.

But some may ask, if you don't have a secure connection the BES how does this mysterious type of activation happen? Great question! Let's look at how it happens.

The very first step is to obtain an Enterprise Activation password from your BES Admin.

Next step is to access the Enterprise Activation screen.

  • OS 4.0 and 5.0 under Options, Advanced Options
  • OS 6.0+ using Universal Search type "Enterprise Activation" and tap on the wrench
  • If you don't have a BES data plan download the Enterprise Activation App from App World and tap on it from the home screen

Next is to enter your corporate email address and assigned password in the appropriate fields. Click "Activate"

EA Screen

The next process happens behind the scenes. Your BlackBerry will simply send an email to the address you typed. It will be a very bizzare looking email which will mean nothing except to the BES.

Network EPT.dat

As long as the password your BES admin provided you was correctly entered into the activation screen you will quickly see the activation process begin to unfold. 

Activation in Progress 1

The BlackBerry and the BES will exchange a common key that each will hold for data encryption and decryption. Once the email is setup all the services will begin downloading.

Activation Process 2

At this point you can sit back and relax, the BlackBerry will do all the work from here out. If you are activating as a brand new BES user the process will be very quick as you have little or no data to populate. If you are an existing BES user it could take some time, especially for databases like Phone Call Logs and Address Book.

Well that in a nutshell is how a BlackBerry Activates on a BES. In an article in the near future I'll share a couple of fun hacks that can be done with the Enterprise Activation screen.