For almost as long as BlackBerry smartphones have been the darlings of enterprise business users, RIM's BlackBerry Enterprise Server (BES) has been the preferred solution for managing these devices and for providing secure access to corporate email. BlackBerry Enterprise Server has grown along the way, with the latest version 5.0.1 sporting a new, simplified web-based administration interface and groups for easier management of roles, IT policies, and software configurations. BlackBerry Enterprise Server 5 also promises better reliability through server failover features and system health checks. That's all good news for large organisations.
There's also good news for smaller organisations. The just-released BlackBerry Enterprise Server Express provides small and midsized businesses with many of the same security, management, and push technologies of BlackBerry Enterprise Server - but at no cost beyond their existing Microsoft servers.
From the BlackBerry user's perspective, BES and BES Express are the same. Both let users wirelessly synchronise email, calendars, and contacts, as well as access files stored on the server. The two products even play together nicely in large organizations. You could use Express to manage personal BlackBerry phones that employees purchase and bring to work, while BES handles the heavy lifting of corporate BlackBerry devices that are deployed in large numbers.
How do these two BlackBerry-only solutions stack up for companies and their IT organisations? I created a Microsoft Small Business Server 2008 test environment to find out.
Installing BlackBerry Enterprise Server or BlackBerry Enterprise Server Express requires about three hours, including any prerequisite software. (The process is much faster for upgraders, thanks to the BES Transporter Tool.) Experienced IT staff shouldn't have any problem with the step-driven setup application. Others, though, would be well advised to let a consultant do the job. I discovered several unintuitive settings related to user accounts and Active Directory, as well as configuration problems with the Web server that could easily trip you up.
Both editions share the new BlackBerry Administration Service, a Web-based console that only works with Microsoft Internet Explorer. The GUI eliminates the desktop software that was part of BES 4.x, and it's well designed. For example, the home screen provides options for managing users and groups, creating and assigning IT policies, handling operating system upgrades on the handsets, and dealing with applications on smartphones. Administrators can also manage the server from this console.
Although previous versions of BlackBerry Enterprise Server had groups, they're more flexible in BES and BES Express 5.0.1. For instance, groups can belong to other groups (nesting or child), which helps IT managers deal with complicated corporate structures. Groups, like individual users, can be assigned to roles, IT policies, and software configurations, and they'll inherit the roles, policies, and configuration from their parent groups. You'll need to construct group hierarchies carefully, because there's no easy way to manage exceptions for a specific user.
Both BlackBerry Enterprise Server and BlackBerry Enterprise Server Express 5.0.1 provide new administration roles that can be used to spread out IT management tasks more efficiently. For example, you could assign one person to serve as senior help desk administrator and others to administer a particular server or group of users.
Further, both editions turn over a lot of control to users - self-service that can reduce the work for help desk staff. The Web Desktop Manager (subject to policies) allows users to activate and configure their smartphone settings, back up and restore data residing on the phone, and install applications.
BlackBerry Enterprise Server vs. BlackBerry Enterprise Server Express
BlackBerry Enterprise Server Express features more than 35 controls and policies, including remotely wiping a lost smartphone and enforcing password policies. I had no trouble creating policies to lock out Bluetooth, enable the still camera, and allow software loading with the device tethered to a PC.
Using the tabbed interface, you pick the rule and whether the feature is enabled or disabled. Typically, both products start with most device features enabled, so you only need to create a rule when restricting a particular capability.
Most organisations will be satisfied with the basic controls in BlackBerry Enterprise Server Express, while those who need lots of fine-tuning will find it in BlackBerry Enterprise Server.
Where BES Express can either allow or prohibit the use of a feature (MMS, SMS, Bluetooth, camera, media card, modem, Wi-Fi, USB/serial, internal network connections, and so on), BlackBerry Enterprise Server can control exactly how the feature is used. For example, BES lets you control whether Bluetooth can connect to BlackBerry Desktop, be used for device discovery or dial-up networking, exchange contacts, or transfer files. You can set a minimum encryption level for Bluetooth connections and even ensure that the LED connection light flashes whenever the BlackBerry is connected to a Bluetooth device.
The one policy area where BES Express matches BES is application control. In both editions, "listed" applications (such as the BlackBerry Java applications you choose to include in your company's repository) can be made optional or mandatory, or they can be prohibited based on a user's permissions. Similarly, "unlisted" applications can be allowed or blocked; if allowed, these applications can be prevented from using device storage or limited in the types of connections they can establish.
The new Web-based BlackBerry Administration Service (above) makes it easy to assign IT policies and software configurations to users. With the Web Desktop Manager (below), admins can let users configure their phones, install applications, and handle backups and restores.
Both BlackBerry Enterprise Server and BlackBerry Enterprise Server Express automate operating system and application updates, but BES has additional tools to make the whole software management process more reliable. That's because you can check for any software dependencies that need to be installed first. It's even possible to trigger a software upgrade based on a device's hardware or wireless carrier. For instance, if you have a BlackBerry Storm 2 user on Verizon, you could specify a Verizon-specific version of BlackBerry OS 5 for the Storm to be installed. Again, that sort of precision isn't available with Express.
In both editions, application and IT policy updates can be pushed during off-peak hours to minimize disruptions to users. While BlackBerry Enterprise Server allows devices to be activated over the air, initial provisioning is a manual process in BlackBerry Enterprise Server Express. But with the Web Desktop Manager, users can handle it by themselves.
BlackBerry Enterprise Server also has high-availability features that Express lacks. For instance, you can configure primary and standby servers for automatic and manual failover -- which could keep downtime to a minimum when there's a hardware problem or during server upgrades. (There are no additional licensing fees for servers running in standby mode.)
Working in concert with failover, BES 5.0.1 adds system health checks. For example, you can create a certain performance threshold. If that measurement is exceeded, the failover to the backup server automatically occurs.
Both flavours of BlackBerry Enterprise Server do a very good job of providing BlackBerry users with secure, wireless access to email and documents behind the firewall, and the Web-based interface minimises the workload of IT administrators. For personally liable BlackBerry devices that only require access to an Exchange server and where a basic set of security policies is adequate, Express will do the trick. But when your support staff has to manage thousands of devices or when email to mobile executives absolutely positively must never stop flowing, then BlackBerry Enterprise Server is the only choice.