Security-conscious companies will find much to like with the BlackBerry Enterprise Server (BES). All communication between the BES and handhelds occurs through a single TCP port, so firewall configuration is easy. Also, all data that flows to handhelds homed on a BES is encrypted.
With the latest version of the BES, all your PIM data, such as your Outlook contacts, calendar, tasks, and mail messages, are synchronized wirelessly. So, when you add a contact using Outlook on your desktop computer or mark an incoming mail message as read, that change is synced with your handheld. The synchronization is two-way, so when you make changes on your BlackBerry, they'll show up in your Outlook client as well.
Administration of the BES and all handhelds is performed using a convenient MMC admin console. You can view up-to-the-second statistics on a per-handheld basis, such as the last handheld contact time and the number of messages pending delivery to the handheld. Adding a BlackBerry for a new user is as simple as selecting the user from the directory. The newly provisioned device can be enabled wirelessly as long as the device is within a coverage area. The initial syncing of PIM data and security keys is performed over the air, although this can be completed over a USB connection to a desktop computer.
Figure 3. A user's real time delivery statistics
IT policies can be configured on the BES to centrally control almost every feature on the handheld. For example, you can enforce a device inactivity time-out in which the user must enter a password to use the device, or you can specify a certain home page for the BlackBerry Browser. You can create multiple policies and assign certain ones to specific users or groups. The IT policies are applied almost instantly over the air as they are changed. Administrators can assign certain third-party applications to handhelds and can specify that they be installed silently over the air.
Corporate web developers have several options to allow secure access to the mounds of data that exist on company intranets. Data can be pushed to the device using the Mobile Data Service, a component of the BES. Existing corporate web applications can be easily modified to communicate with wireless devices using existing internet protocols such as HTTP.