1. Knowing That Your Data Is Being Securely Transmitted
Because MDS proxies all the application data requests
made by device-side applications, and an organization isn’t exposing
any firewall ports to enable BlackBerry applications, BlackBerry devices
look and feel to the network like PCs sitting inside the firewall.
Existing authentication mechanisms for internal systems can still apply
to mobile devices without worrying about malicious attackers having more
access to your internal environment than they did before the BlackBerry
devices came along.
Because
of this, there is no need to implement a Virtual Private Network (VPN)
to provide these mobile devices with access to internal applications.
This capability is already baked into the solution—a sort of pseudo-VPN.
The internal resources BlackBerry applications need to connect to are
already available to applications the moment you enable MDS. Adding a
VPN on top of this secure connection to internal resources provided by
MDS is just extra work that the device has to do for little value and
decreases the performance of the application (because it takes more time
to encrypt the data a second time for the VPN connection) and reduces
the device’s overall battery life.
If your organization is worried about what these
mobile devices are doing, your BlackBerry administrators can lock down
the devices so they can’t access any servers outside of your firewall
(block all external sites). They can lock down the connections so any
request has to come through MDS before it routes to the external network
and can even block access to certain internal servers. This allows an
organization to monitor all traffic (both internal and external) and
block access to sites that should not be accessed. All of this
capability is provided through components of the BlackBerry Enterprise
Solution.
|
I attended a meeting with the BES administrators for a
national retailer. I spent an hour talking about MDS, the free
development tools, and the benefits they can provide the organization.
The administrators listened politely and we all agreed that they’d let
me know when they needed to dig deeper into the topic.
A few days later, I received a call from one of the
administrators. He said he had a security person on the line and he
wanted to talk about BlackBerry security. At the start of the call, he
told me that security had an issue with all this access MDS was
providing BlackBerry users. He said, “So, a BlackBerry device has access
to any internal resource inside our firewall,” and I told him that it
was true, what MDS could see, devices could also see. If they wanted to
protect certain resources (servers), they needed to isolate the system
running MDS from the network segments that housed the servers in
question.
The response from the security guy was, “Well, we
can’t have that!” I asked him to explain, and what I heard was that,
because the company processed transactions with Visa and MasterCard, it
had to conform to standards that would prohibit these devices from
accessing the network.
I explained to him that I was sure that the major credit-card companies
were using BlackBerry devices and that it would be OK. I pointed him to
www.blackberry.com/security to find more details on how to ensure the company’s BlackBerry environment was as secure as it needed to be.
|
2. Using the BlackBerry MDS Simulator
The
BlackBerry MDS simulator provides developers with a local copy of the
BlackBerry MDS service the BlackBerry device simulators
can use to connect to local and network resources. With MDS running,
the BlackBerry device simulator can connect to resources running on the
local system (such as local web servers or other application servers)
and any remote network resources accessible from the system.
Most versions of the BlackBerry development tools
include the MDS simulator; the only exception was the 4.2.0 and 4.2.1
JDE. The only time you need to download it separately is if you’re
testing applications in the simulator outside of one of the development
tools or working with the specified versions of the JDE. If needed, you
can download it from the BlackBerry Developer’s website at http://na.blackberry.com/eng/developers/browserdev/devtoolsdownloads.jsp.
After you download the simulator, launch the file to begin the
installation and just accept all the default options. After
installation, start the MDS simulator by opening the Windows Start menu
and navigating to Programs, Research In Motion, BlackBerry Email and MDS
Services Simulators 4.1.2, then clicking the icon labeled MDS.
When the simulator opens, there is no interface for
the developer to interact with; it displays inside of a simple DOS
console window, as shown in Figure 1.
Whenever the MDS simulator receives a request from or returns data to
the BlackBerry device simulator, the console updates to show the
activity. You can use this display to verify that the device simulator
is talking to the network and receiving a response.
To close the MDS simulator, click the red X in the upper-right corner of the window.
