Today #BBFactCheck challenges MobileIron’s perception of the NOC – BlackBerry’s Network Operations Center, or the “mission control” of our infrastructure. Their white paper could use some proofreading, but it’s the inaccuracies that we’re addressing now. MobileIron is ill-informed about the benefits and capabilities of our architecture, so we’ve picked up the red pen and made some edits to their whitepaper to help set them straight.
You can download a PDF copy of the whitepaper. (Click on ‘Save’ in the upper-right of the SlideShare widget, or click on the SlideShare text in bottom left in order to log-in and enable downloads). In that version, you’ll be able to click on our red text to read more about what BlackBerry really offers and how we are a better choice for customers.
1. !
The NOC is
“mission control.”
Data actually
runs through
data centers.
global infrastructure with data centers around the world
None of these “challenges” can be validated. We’ll #BBFactCheck each one
1
Another
first made
possible by
BlackBerry
415 East Middlefield Road
Mountain View, CA 94043 USA
Tel. +1.650.919.8100
Fax +1.650.919.8006
info@mobileiron.com
NOC: Network Operations
Center (MobileIron has this
confused with data center)
Advantages of the NOC-less
Architecture
revolutionary
When BlackBerry released their first e-mail enabled device in 1999, there were
significant architectural challenges to overcome. Mobile networks were not
inherently reliable and were optimized for occasional data use rather than always-on
connectivity. BlackBerry’s service, designed to deliver always on, push e-mail
services, leveraged a unique NOC-based architecture to overcome these
challenges. Using the NOC, BlackBerry maintained network connections to each
carrier, allowing them to provide secure network access from corporate enterprises
to mobile devices across disparate networks with varying qualities of service. Other
vendors in the email mobilization market would quickly follow suit with similar
models.
While the NOC architecture had technological advantages for the time, it was not
without fault. First, the NOC represented a single point of transit for all e-mail
communications, representing concerns for both availability and security. Second,
the NOC architectures presented potential issues with regard to security. And third,
NOC-based solutions present significant challenges in terms of scale.
Fortunately, alternatives to the NOC have since been developed and today’s mobile
networks are inherently more reliable making the NOC obsolete. This whitepaper
will explore the challenges that the NOC poses in the modern mobility world and
new architectures that can solve these challenges.
Service Reliability
One challenge with NOC-based architectures is that the NOC results in a single
point where all enterprise mobile traffic traverses. This poses two challenges, one of
reliability and another of security.
From a reliability perspective, an end user’s access to enterprise e-mail, data and
applications is only as good as the NOC’s connectivity. When the NOC goes down,
devices instantaneously lose connectivity to enterprise resources, even if those
resources are highly available within the enterprise. In the last six years,
BlackBerry’s NOC experienced seven major outages that were reported in the
press. During those outages, millions of subscribers completely access to their e-mail
The modern mobility world needs to be secure,
multi-platform and easily manageable.
and other services like mobile intranet access via BlackBerry Mobile Data
Services (MDS) until service was restored.
Next generation EMM systems do not have the same architectural constraints as
previous, NOC-based systems. Because platforms like MobileIron use an
application proxy to transfer data from the endpoint to the corporate resources,
availability can be architected to whatever SLA the enterprise desires. Without a
single point of failure as a part of the architecture, failover and availability can be
handled not just across individual components (e.g. a load balancer, or a Sentry) but
across entire datacenters for mission-critical deployments.
BlackBerry does NOT rely on
a single point of data transfer
All of our customers' data remained locked down and secure as we worked to
restore
connectivity
BES10 architecture also
allows for flexibility
Failovers are built
into the BlackBerry
architecture.
TO BLACKBERRY
ENTERPRISE
SERVICE 10 (BES10)
The global BlackBerry network
has 99.9% average uptime over
the past four years.
2. !
2!
Figure 1: A network diagram showing Sentry architected in a cluster for high
availability. This cluster could be replicated across datacenters for multi site
resiliency if desired.
False. With BlackBerry, the
security of your data is always
in the control of the customer
because they are the only ones
that have access to the keys
used to protect BES traffic.
Data Security
From a security perspective, the NOC architecture represents a single point at
which traffic can be intercepted. While NOC-based vendors generally institute
cryptographically secured sessions between the endpoint and the enterprise
servers, there have been concerns around placement of alternate NOCs for
governments to intercept device traffic and the security of these systems.
With MobileIron, organizations control their data. Sessions are cryptographically
secured between the endpoint and Sentry to ensure confidentiality of data between
the endpoint and the device. Sessions can be also validated with the use of
certificates to ensure integrity between the mobile device and the Sentry server.
These two factors, combined with the lack of a central point of intercept, helps to
ensure a high degree of confidentiality and integrity for mobile data sessions.
Scale
NOC based solutions have face significant scale challenges. BlackBerry servers
have, traditionally, only been able to scale to 2000 devices per management server.
Similar NOC-based architectures face the same scale challenges. While there are
many ways to scale these architectures to tens of thousands of devices, these
deployments end up resulting in a high degree of complexity and a high total cost of
ownership. As an example, a NOC-based platform might support 35,000 within a
single management domain, but might require upwards of 36 servers; one server
per 1000 devices for mail relay and data transport, plus the central management
console. When one adds the additional complexity of OS and database server
This ensures your data is
protected as it travels
across carrier networks, the
internet and anywhere else.
BlackBerry also supports
the use of strong VPNs as
an additional way to protect
your sensitive traffic.
Security-focused enterprises need an end-to-end solution,
which only BlackBerry can provide.
This is false. BES10 can
handle up to 100,000
devices per domain, allowing
us to handle mobility needs
for the biggest companies
in the world.
BES10 is the lowest TCO
EMM solution on the market
3. !
See note on TCO above… The BlackBerry cloud
licenses, plus physical or virtual hardware resources, the overall cost of managing a
NOC-based EMM system is extraordinarily high.
By comparison, a modern EMM system can be deployed either as a series of
appliances, or as a cloud-based service, which reduces overall complexity.
MobileIron has been built specifically to address the needs of securing and
managing modern mobile devices and has no overhead from legacy architecture to
contend with. Because of this, MobileIron’s management platform is able to manage
not just tens of thousands, but instead 100,000 devices per appliance. MobileIron is
also able to replicate the same access control and data tunneling resources as a
NOC infrastructure using Sentry as an inline data proxy. Again, the lack of legacy
overhead allows MobileIron Sentry to manage upwards of 10,000 simultaneous
application or email sessions per appliance, compared to only a thousand or two for
legacy competitors. In short, the lack of a legacy NOC to contend with affords
MobileIron upwards of a 3x performance scale improvement at the management
and policy layer and a 9x improvement in data traffic security over legacy, NOC-based
3!
architectures.
BES10 does this too!
This doesn’t even make sense… BlackBerry
uses the AES-256 bit encryption for all
data in-transit and at-rest. The BES10
Conclusion
While NOC-based architectures solved several challenges in the early days of
mobile, wireless networks have caught up in reliability, obviating the need for the
NOC architecture. There are solutions today, like MobileIron, which can address the
challenges posed by the NOC while still providing availability, confidentiality and
integrity for mobile information.
offering is in market
preview
BlackBerry’s network
architecture was
built with security in
mind from the very
beginning, long before
MobileIron was even
a company.
BlackBerry’s NOC and data center architecture beats
the competition in all three customer-based needs:
reliability, data security and scale. #BBFactCheck
architecture
allows it to manage
up to 20,000
simultaneous
applications or
email sessions
per server.