5.6 BlackBerry Auditing and Archiving Service for BBM

The setup for Retain BlackBerry Auditing and Archiving Service for BBM Enterprise (BAAS) is quite simple for Retain, as the BBM Enterprise application directly inputs data to the Retain BAAS system. The BBM Enterprise app can forward data to either the Retain Router or the Retain Server, but it will only archive to one or the other. Because the BBM Enterprise app communicates directly to the Retain BAAS system, Retain needs to have an open connection to the Internet. Due to this requirement, the desired connection should be placed in the network’s DMZ. To protect the Retain Server, the Retain Router has been designed to be placed in the DMZ. When the Router cannot be installed in the system, the Retain Server can handle all communication, but will need to be installed in the DMZ. Whichever will be used, Router or Server, the configuration and a security certificate must be obtained before setup can be completed.

This supports the BBM App for Desktop (Windows and macOS).

Item and Requirements Checklist:

  • Enterprise ID (From Blackberry)

  • Base API license (In licensing tab)

  • BlackBerry license (In Licensing tab)

  • REST API base License (In REST API tab)

  • BBM REST API license (In REST API tab)

  • SSL security certificate obtained from a trusted third party certificate authority for either Server or Router (whichever is to be used).

Pre-setup tasks:

  • Network structure plan (Where to place the Retain Server, and or to use the Router.)

  • Retain Server setup and configured – or – Server and router configured

  • Router or Server connected to, accessible in DMZ

Setting up the Retain environment:

  1. License Retain.

    Retain requires a total of 4 licenses to enable Retain BAAS. The first two licenses, base Retain license and the Blackberry module license, are uploaded to the Licenses page in the Retain Server management console. The second two licenses are REST API licenses, REST API base license and the Blackberry REST API license, are installed under the Server Configuration | REST API tab.

  2. Configure Retain server connection.

    Found under Server Configuration | Communications tab, the Retain server connection info at the bottom of the page. This connection setting is the information which will be used by the REST applications, (in this case BBM Enterprise application), or the Retain Router, to connect to the Retain Server. If this is not correct, the Router or the REST applications will not be able to connect the Retain Server. This must be configured before moving on to step

  3. From Blackberry module, Export BBM configuration file.

    The BBM Configuration file is generated through the Blackberry module configuration page. Open the module configuration and look at the Core Settings tab. Look at the BBM Integration section. Here the decision is made whether to use the Retain Router or to use the Retain Server. If the Retain Router is to be utilized, select the ‘Use Message Router’ checkbox.

    The Device Transmission Frequency setting is the setting which determines how often the BBM Enterprise application will upload archive data to the Retain Server. If there is no information to be archived, the BBM Enterprise application will wait until there is. The setting is in minutes. Minimum is every 5 minutes, maximum is 1440 minutes (24 hours). Once configured, select the ‘Export BBM Configuration’ button and save the file; you will need it later.

    The module may be given a name. The Send Method option enables either the SMTP Forwarding or FTP features. For either feature to appear and function, the Module Forwarding tab must be configured on the Server Configuration page. See that section for more information.

  4. Obtain a SSL security certificate for destination server/or router (if not already obtained)

    The security certificate must be obtained to configure the Blackberry Identity console. The security certificate needs to be in base 64 format.

  5. Go to the Blackberry Enterprise Identity Console. (https://idp.blackberry.com/enterprise

  6. Enter the credentials provided by Blackberry when account was created.

  7. Enter administrator console.

  8. Select the ‘Services’ page.

  9. BBM Enterprise must be enabled.

  10. Enter ‘entitlements’ and invite users/devices to be added to the service (In this case BBM Enterprise)

    Users must first be added to the BBM Enterprise system before they can be added to Retain BAAS.

  11. Enable BAAS for Protected.

    To enable BAAS for protected, from the ‘Services’ tab, select the ‘enable’ button for BAAS. There are two files which must be uploaded to the Blackberry Identity Console, these are the two files saved earlier: the full chain SSL security certificate for the Retain Server or the Retain router, (whichever is going to be used), and the BBM Configuration file created in step 3.

    The Archiving configuration file is the BBM Configuration File, and the full chain SSL certificate needs to be uploaded to the ‘Archiving SSL Certificate’ section. Select the ‘Choose file’ button and browse to the appropriate file to upload it. Once both files have been uploaded, select the ‘Save’ button.

  12. Enter Entitlements and invite users

    Users invited to BAAS MUST already be users of BBM Enterprise. If users are not registered to use BBM Enterprise, BAAS will not work. First invite them to BBM Enterprise, and then invite to BAAS after the device has been registered with the BBM server for BBM Enterprise service.

  13. Users will be notified that they have been added to the archiving

Once the devices and users have been invited to join the BAAS program, they will be sent a notification that they are now part of the BAAS archive.

They are now part of the BAAS system and their BBM Enterprise communication will be added to the Retain BAAS archive.

5.6.1 Device Management

Devices are deleted from Retain through the Device Management interface. Device Management

5.6.2 BlackBerry

Retain supports archiving data from both BlackBerry devices and devices running the BBM Enterprise system. Devices running the BBM Enterprise system can have their communication data archived through the BBM app, obtained from BlackBerry.

The BlackBerry device page displays all devices which have been registered into the Retain system. Native BlackBerry and BBM Enterprise devices are displayed together. Retain registers BlackBerry devices through log files from the BES server or through data sent by the device running the BBM Enterprise application. If a device is not yet registered, it is either not in the BES address book or no data has been archived for the device. The device list may be filtered for any specified content desired. In addition, devices may be selected for removal.