3.4 Archiving Blackberry Messenger Enterprise

3.4.1 Messenger Enterprise (BBME) Tab (Blackberry)

Path: Retain Server Manager > Configuration > Module Configuration > Blackberry-Configure > Messenger Enterprise

  • The Blackberry module lets Blackberry servers archive BBM Enterprise data into the Retain system using the Retain REST API. The Blackberry servers must be configured to log phone calls, PIN, BBM and SMS data.

  • The web server on the Retain Server and the Retain Router, and all other areas in Retain that require TLS must support TLS 1.2 or TLS 1.3. Earlier TLS versions are not sufficient.

    For configuration instructions, see the appropriate link:

  • BBMe Supported Ciphers are:

    • ECDHE-ECDSA-AES256-GCM-SHA384
    • ECDHE-RSA-AES256-GCM-SHA384
    • ECDHE-ECDSA-AES128-GCM-SHA256
    • ECDHE-RSA-AES128-GCM-SHA256
    • DHE-RSA-AES256-GCM-SHA384
    • DHE-DSS-AES256-GCM-SHA384
    • DHE-RSA-AES128-GCM-SHA256
    • DHE-DSS-AES128-GCM-SHA256
    • ECDHE-ECDSA-AES128-SHA256
    • ECDHE-ECDSA-AES256-SHA384
    • ECDHE-RSA-AES256-SHA
    • ECDHE-ECDSA-AES256-SHA

3.4.2 Setting Up Blackberry Auditing and Archiving Services (BAAS) for BBM

IMPORTANT:For questions about BAAS licensing, setup, and so on, contact your Blackberry representative.

The following information is provided for your benefit.

Setting up Retain Blackberry Auditing and Archiving Service for BBM Enterprise (BAAS) is quite simple, as the BBM Enterprise application directly inputs data to Retain

The BBM Enterprise app can forward data to either the Retain Router or the Retain Server, but it will only forward to one or the other.

Because the BBM Enterprise app communicates directly to the Retain BAAS system, Retain needs to have an open connection to the Internet.

Whichever will be used, Router or Server, the configuration and a security certificate must be obtained before setup can be completed.

This supports the BBM App for Desktop (Windows and macOS).

IMPORTANT:Due to the Internet-open-connection requirement, the desired connection should be placed in the network’s DMZ. To protect the Retain Server, the Retain Router has been designed to be placed in the DMZ. When the Router cannot be installed in the system, the Retain Server can handle all communication, but will need to be installed in the DMZ.

Blackberry Environment Requirements

  • Enterprise ID (From Blackberry)

  • Base API license (In licensing tab)

  • Blackberry license (In Licensing tab)

  • REST API base License (In REST API tab)

  • BBM REST API license (In REST API tab)

  • SSL security certificate obtained from a trusted third party certificate authority for either Server or Router (whichever is to be used).

Pre-setup Tasks

  1. Create a Network structure plan (Where to place the Retain Server, and whether to use the Router.)

  2. Set up and configure a Retain Server, or a Server and router.

  3. Make sure the Router or Server is connected to and accessible in your DMZ.

Setting Up the Retain Blackberry Environment

  1. Install the four required licenses to enable BAAS on the Retain server.

    The first two licenses, base Retain license and the Blackberry module license, are uploaded to the Licenses page in the Retain Server management console.

    The second two licenses are REST API licenses, REST API base license and the Blackberry REST API license, are installed under the Server Configuration | REST API tab.

  2. From the Blackberry module’s Messenger Enterprise tab, Export the BBM configuration file.

    The BBM Configuration file is generated through the Blackberry module configuration page. Open the module configuration and look at the Core Settings tab. Look at the BBM Integration section. Here the decision is made whether to use the Retain Router or to use the Retain Server. If the Retain Router is to be utilized, select the ‘Use Message Router’ check box.

    The Device Transmission Frequency setting is the setting which determines how often the BBM Enterprise application will upload archive data to the Retain Server. If there is no information to be archived, the BBM Enterprise application will wait until there is. The setting is in minutes. Minimum is every 5 minutes, maximum is 1440 minutes (24 hours). Once configured, select the ‘Export BBM Configuration’ button and save the file; you will need it later.

    The module may be given a name.

    The Send Method lets you send Blackberry items to an external system using FTP or SMTP. In most cases this should be disabled so that items are archived in Retain. To select the SMTP Forwarding or FTP features, you must first add and configure them in the Module Forwarding Tab on the Server Configuration page, otherwise the drop-down list is empty.

  3. Obtain an SSL security certificate for the destination server or router (if not already obtained)

    The security certificate must be obtained to configure the Blackberry Identity console. The security certificate needs to be in base 64 format.

  4. Go to the Blackberry Enterprise Identity Console. (https://idp.blackberry.com/enterprise

  5. Enter the credentials provided by Blackberry when the account was created.

  6. Enter the administrator console.

  7. Select the ‘Services’ page.

  8. BBM Enterprise must be enabled.

  9. Enter ‘entitlements’ and invite users/devices to be added to the service (In this case BBM Enterprise)

    Users must first be added to the BBM Enterprise system before they can be added to Retain BAAS.

  10. Enable BAAS for Protected.

    To enable BAAS for protected, from the ‘Services’ tab, select the ‘enable’ button for BAAS. There are two files which must be uploaded to the Blackberry Identity Console, these are the two files saved earlier: the full chain SSL security certificate for the Retain Server or the Retain router, (whichever is going to be used), and the BBM Configuration file created in step 3.

    The Archiving configuration file is the BBM Configuration File, and the full chain SSL certificate needs to be uploaded to the ‘Archiving SSL Certificate’ section. Select the ‘Choose file’ button and browse to the appropriate file to upload it. Once both files have been uploaded, select the ‘Save’ button.

  11. Enter Entitlements and invite users

    Users invited to BAAS MUST already be users of BBM Enterprise. If users are not registered to use BBM Enterprise, BAAS will not work. First invite them to BBM Enterprise, and then invite to BAAS after the device has been registered with the BBM server for BBM Enterprise service.

  12. Users will be notified that they have been added to the archiving

Once the devices and users have been invited to join the BAAS program, they will be sent a notification that they are now part of the BAAS archive.

They are now part of the BAAS system and their BBM Enterprise communication will be added to the Retain BAAS archive.

Blackberry Device Management

Devices are deleted from Retain through the Device Management interface. See Blackberry Device Management Overview in the Retain 4.9.2: Configuration and Administration.

Blackberry Support Explained

Retain supports archiving data from both Blackberry devices and devices running the BBM Enterprise system. Devices running the BBM Enterprise system can have their communication data archived through the BBM app, obtained from Blackberry.

The Blackberry device page displays all devices which have been registered into the Retain system. Native Blackberry and BBM Enterprise devices are displayed together. Retain registers Blackberry devices through log files from the BES server or through data sent by the device running the BBM Enterprise application. If a device is not yet registered, it is either not in the BES address book or no data has been archived for the device. The device list may be filtered for any specified content desired. In addition, devices may be selected for removal.