High Availability or Disaster Recovery on Blackberry Enterprise Server with Failover Software

Blackberry devices are quickly growing in popularity for both business and personal uses (Browsing over BIS (RIM proxy) is fast enough for the mobility and its economical too, in all ways managing the Blackberry Enterprise Server is also a business critical in compare to any corporate messaging systems (Like Exchange or Lotus Domino).

This article examines how high availability can be accomplished using failover software, however a single server running on standalone mode is always a night mare to any level of administration and it's also a disaster threat to the entire organization mobility services, How can we have the 99% uptime, Let's see how we can achieve this:

Here by there are two solutions to overcome these issues:

Options -1

This only feasible, If you already have 02 BES licenses , then the best thing for you to do would be to split 50% of users on BES-1 other 50% on BES-2 and make sure they are in the same BB domain, same subnet with your messaging systems and sharing a common SQL DB (Recommended to have SQL cluster in place), as this will work when one of your BES goes down you can eventually move the affected users from one BES to the other and they would be all set to function in minutes.

Note: Make sure you have good backup solution in place.

Putting half your user on server 1 and half on the other is NOT a very smart failover solution. If one of those servers were to fail then half your users are down without any backup plan, during the failure the Half of users would be still remain down until you initiate the BlackBerry manager to move from one BES to the other.

As this is one of the failover solution posted across KB/forums (Not recommended as a DR), which doesn't make sense as a failover solution.

Note: The disadvantages for SMB (Small, Medium, Business) is it required 02 licenses and it makes management to think twice on the license cost, However SMB still as the Options-2 to opt.

Options-2

Here is the smart and intelligent failover solution, which follows the RIM article KB04647, if you are currently running BES 4.0 or higher or follow KB05032 if running 3.6.

Basically what you are doing in a nutshell is having 2 boxes with a mirror image BES, for example you currently have a 4.0.6 BES named BES-1. What you would need to do, is install the EXACT same version of BES on the new box (BES-1 as your previous box) **VERY IMPORTANT**

Then depending on what types of database you use, as follow the below:

1) Remote SQL - you simply point the new server to the database running the remote SQL server

2) local MSDE/SQL - you need to create a backup of the database from your old server and then restore it onto the new server (if using the server and it goes down then all you would need to do is create a backup from the new server, copy it to the failover server and restore it there) (follow RIM article KB03112 for proper commands)

Basically all you need to do is make sure you are constantly upgrading/updating both at the same time, like wise:

- If you decide to upgrade your new 4.0.6 server to 4.1.2 then perform the same on secondary node as well.

- This applies even for OS/security patches as well. If you've added 20 new users on the new server then make sure you copy that database over to the old server to reflect the same changes.

All you need to do having an environment like this is to keep the services on one server stopped, This way if you have a server down issue all you need to do is start the services on the failover server (secondary server) and your users don't notice anything other than a possible short 10 minutes delay during the time you started the failover server.

This is one of the cost cutting Implementation BES failover scenarios, if you are limited with budget. Using the Disaster Recovery Guide (for Exchange) from Blackberry. However this is a point to be considered that there is a transactional database replication and snapshots between the primary and stand by servers and not just a database recovery (only possible if using full SQL - not MSDE).

The servers are installation/configuration are recommended to installed using the same SRP identifier (ensure the stand by instance BES services remains disabled and not using the same SRP at RIM or else it will be deactivated as a security threat) and make sure you specify the same BES server name (the physical machine/Host name is independent).

Option-3

These options will achieve the High Availability on BES using Failover Software "Neverfail" as this product will allow you to deploy an active/passive BES cluster. As this software basically clones your existing BES on a secondary BES, The secondary severs will act as hot standby and it takes over failover automatically and transparently, when the primary BES fails.

Best of all, the Neverfail for BlackBerry solution is priced for the small and mid-size market, and its manageability is awesome, which can be deployed locally or across the WAN.

This product as captured the market very quickly, even while competition with other brand "CA" XOsoft High Availability (formerly CA XOsoft WANSyncHA).

Neverfail is the leading technology in providing continuous high availability and operation to the Blackberry and Microsoft environment. For more details on Neverfail BES data sheet and case study, please find the links below:

•    A link to RIM website where Never fail is the only High Availability and DR solution approved by them.

•    A link to Vodafone website and the existing partnership between them and NeverFail.

 

Who are the leading ISV's (independent software Vendors) in this segment?

• Never Fail
  
• CA XOsoft™ High Availability (formerly CA XOsoft WANSyncHA) for BlackBerry
  
• Double take
  

 

Hello, Happy Reading! Please value your reading to post the poll. Thank you!

What is role based administration in BES

Details

BlackBerry Manager uses pre-defined roles that correspond to common organization administrative roles in order to limit access to sensitive data.  The following table shows the pre-defined roles and their functions:

Role	Functionality
Security Administrator (rim_db_admin_security)	These administrators can perform all tasks. They are the only administrators who can manage role membership or change sensitive security properties, such as licenses and encryption keys.
Audit Security Administrator (rim_db_admin_audit_security)	This role can view the same options as the Security Administrator but cannot change or update any of these options.
Enterprise Administrator (rim_db_admin_enterprise)	These administrators can perform all tasks relating to BlackBerry device users, services, servers and global application data. This role can control the services in the BlackBerry Enterprise Server, but cannot view role membership, licenses, or encryption keys.
Audit Enterprise Administrator (rim_db_admin_audit_enterprise)	This role can view the same options as the Enterprise Administrator but cannot change or update any of these options.
Senior Help Desk Administrator (rim_db_admin_sr_helpdesk)	These administrators can perform all BlackBerry device user management tasks, including deleting BlackBerry device users, changing IT policy assignments, and issuing IT administration commands.
Audit Senior Help Desk Administrator (rim_db_admin_audit_sr_helpdesk)	This role can view the same options as the Senior Help Desk but cannot change or update any of these options.
Device Administrator (rim_db_admin_handheld)	These administrators can perform all tasks that relate to BlackBerry device users and BlackBerry device management. This role is designed for administrators who support new BlackBerry device users and deploy BlackBerry devices.
Audit Device Administrator (rim_db_admin_audit_handheld)	This role can view the same options as the Device Administrator but cannot change or update any of these options.
Junior Help Desk Administrator (rim_db_admin_jr_helpdesk)	These administrators can perform user account management tasks, including creating and sending wireless enterprise activation passwords, and resending service books or IT policies. These administrators cannot add, move, or delete user accounts or send certain IT administration commands. If administrators need view-only access to their role (for example, when training new administrators), the security administrator can assign an audit version of the role to them.
Audit Junior Help Desk Administrator (rim_db_admin__audit_jr_helpdesk)	This role can view the same options as the Junior Help Desk but cannot change or update any of these options.

Note: This information is an overview of the types of administrative roles for the BlackBerry Enterprise Server. For detailed information, see the Role Matrix section of the BlackBerry Enterprise Server: Administration Guide.

Original role matrix is based on RIM Doc ID : KB04889

http://www.blackberry.com/btsc/articles/946/KB04889_f.SAL_Public.html

How to add user in BES administrative roles?

Click on Blackberry Domain > Expand Servers > Servers > Role Administration (on right side pane as seen in above snapshot)

Can we customize the ROLE accordingly? Yes we can, how?
Below are the requirement:
- Any webserver (I will post the Html code in my next post)
- Create a BES DB SQL read only credential.

How To: Create, Assign, View, and Send IT policies

This applies to BlackBerry Enterprise Server™ software versions 3.6, 4.0, and 4.1 for Microsoft Exchange.

Getting Started...Happy reading!


The BlackBerry Enterprise Server uses an IT policy to control the behavior of the BlackBerry devices assigned to it. IT policies cover a wide range of BlackBerry device functions (for example, passwords, attachment viewing, and available browsers). Administrators can create custom IT policies in addition to the IT policies already present on the BlackBerry Enterprise Server.

Creating IT Policies

To create an IT policy, complete these steps:
BlackBerry Enterprise Server software versions 3.6 and 4.0

1. Depending on your version, open the BlackBerry Enterprise Server Management console or BlackBerry Manager.
   
2. Right-click the BlackBerry Enterprise Server name, then click IT Policy.
   
3. Click New, then create a name for the IT policy.
   
4. Select the check box beside each IT policy you would like to assign. A description of the IT policy will appear.
   
5. To enable the selected IT policy, in the description window, click TRUE. You can select FALSE but you will have to enable the IT policy at a later time.
   
6. Click Apply, then click OK.
   

BlackBerry Enterprise Server software version 4.1

1. In BlackBerry Manager, select Servers, then click Global tab.
   
2. From the Tasks menu, click Edit Properties.
   
3. Select IT Policy, then double-click IT Policies.
   
4. Click New, then create a name for the IT policy.
   
5. Select an IT policy group to view the associated IT policy rules.
   
6. Select the appropriate IT policy rules.
   
7. Click Apply, then click OK.
   

Assigning IT Policies

To assign an IT policy to a BlackBerry device user, complete the following steps:
BlackBerry Enterprise Server software versions 3.6 and 4.0

1. Depending on your version, open the BlackBerry Enterprise Server Management console or BlackBerry Manager.
   
2. Right-click the BlackBerry Enterprise Server name, then click IT Policy.
   
3. Select an IT policy, then click Edit User List.
   
4. Click Add Users to This Policy.
   
5. Select a BlackBerry device user, then click Add.
   
6. Click Close, then click OK to close the Edit IT Policy Userlist window.
   
7. Click OK again.
   

BlackBerry Enterprise Server software version 4.1

1. In BlackBerry Manager, select Servers, then click the Global tab.
   
2. From the Tasks menu, select Edit Properties.
   
3. Select IT Policy, then double click IT Policy to User Mapping.
   
4. Select a BlackBerry device user, then click the radio button associated next to the appropriate IT policy.
   
5. Click OK to close the IT policy to User Mapping window.
   
6. Click Apply, then click OK.
   

Viewing IT Policies

To view IT policies on the BlackBerry Enterprise Server, complete these steps:
BlackBerry Enterprise Server software versions 3.6 and 4.0

1. Depending on your version, open the BlackBerry Enterprise Server Management console or BlackBerry Manager
   
2. Right-click the BlackBerry Enterprise Server name, then click IT Policy.
   
3. Select an IT policy, then click View to see the BlackBerry device and Desktop Policy Settings that have been applied.
   
4. Click OK to close the View Policy window.
   
5. Click OK again.
   

BlackBerry Enterprise Server software version 4.1

1. In BlackBerry Manager, click Servers, then click the Global tab.
   
2. From the Tasks menu, select Edit Properties.
   
3. Select IT Policy, then double-click IT Policies.
   
4. To view the IT policy rules, click Properties.
   
5. Click OK.
   

To view an IT policy on a BlackBerry device, complete these steps:

1. From the Home screen, select Options.
   
2. Select Security Options > General Settings.
   
3. The IT policy Name, Last Updated, and Time Stamp fields will be listed. Note: Depending on the BlackBerry device and BlackBerry Device Software version, the instructions for viewing the IT policy on the BlackBerry device may vary. For example, on the BlackBerry 7100 series, the BlackBerry device user must select Settings or Tools, then select Security.
   

Sending IT Policies

To send an IT policy to a BlackBerry device user, complete the following steps:
Note: By default, when you assign an IT policy to BlackBerry device user, the IT policy is automatically sent to the BlackBerry device user.
BlackBerry Enterprise Server software versions 3.6 and 4.0

1. Depending on your version, open the BlackBerry Enterprise Server Management console or BlackBerry Manager
   
2. Select the BlackBerry Enterprise Server name, then right-click a BlackBerry device user name.
   
3. Click Properties.
   
4. On the IT Admin tab, click Resend policy.
   
5. Click Apply, then click OK.
   

BlackBerry Enterprise Server software version 4.1

1. In BlackBerry Manager, select the BlackBerry Enterprise Server name.
   
2. Select a BlackBerry device user, then click the question mark ( ? ) symbol beside IT Admin.
   
3. From the menu that appears, you can resend the IT policy or assign an IT policy to a BlackBerry device user.
   
4. Click OK.
   

What's RAID 10 And Why Should I Use It?

RAID is, of course, a Redundant Array of Independent (or Inexpensive) Disks. It is a method of storing information on multiple hard disks for greater protection and in some cases performance. Under the RAID umbrella are a number of different storage methods, called levels and numbered from 0 to 9, some of which are more useful than others.
Each level is a distinct method of organizing storage, but some of them can be combined which produces a two-digit RAID level, such as RAID 10, sometimes identified (and more appropriately so) as RAID 1+0. In general, each RAID level has its own advantages and disadvantages.

RAID 10, for example, is fast, it's crashproof and it eats disk space. If you need more protection for your storage, or faster storage performance, RAID 10 is a simple, relatively cheap fix.

To implement RAID 10 you need at least two physical hard drives; just using two partitions on the same hard drive is inadequate. You also need a disk controller that understands RAID.

RAID 10 works by striping and mirroring your data across at least two disks. Mirroring, or RAID 1, means writing your data to two or more disks at the same time. Even if one disk fails completely, the mirror preserves the information. Striping, or RAID 0, means breaking your data up into chunks and writing the chunks to different disks in succession. It improves performance because the computer can get data off more than one disk simultaneously. (For the purists out there: RAID 0 technically isn't a RAID level at all because it doesn't provide any redundancy to protect information. However, it is commonly referred to as a RAID level anyway.)

Before we go on, here's one important caveat about backup and RAID 1. Although data is written to two disks simultaneously, the data is not being backed up. Should your system, rather than the hard disk, suffer an error erroneous data could be sent to both disks at the same time, corrupting both drives simultaneously. You still must have a backup strategy in place, even if you use RAID 1. (For greater protection against data corruption, use a RAID level that includes a parity drive, but that's a different story.)

Put RAID 1 and RAID 0 together and you get RAID 10. RAID 10 is secure because mirroring duplicates all your data. It's fast because the data is striped across two or more disks, meaning chunks of data can be read and written to different disks simultaneously.

The drawback to RAID 10 is that it cuts your effective disk space in half. Since everything is mirrored (duplicated), two 60 GB disks give you a total system capacity of 60 GB. And remember, always use identical disks when creating a mirrored array. The disk geometry (number of heads, cylinders, etc.) is critical, and using disks that are different is discouraged in the strongest terms.

Given the cost of disks, storage space is much less of a problem than it was a few years ago. It's cheap enough to add additional disks to support your RAID 10 array and if the disk controller on your motherboard doesn't support RAID 10, you can get an add-in disk controller card for less than $50.

RAID 10 is also slightly more complex to set up than conventional storage, but it isn't particularly hard. The system or disk controller software includes install routines that will walk you through the process. It usually takes just a few minutes to install a RAID 10 array.