BlackBerry Secure Connect Service supportability with Proxy Firewall

Article ID: KB34307

Type: Support Content

Last Modified: 06-02-2014

 

Product(s) Affected:

  • BlackBerry Enterprise Service 10
CollapseEnvironment
  • BlackBerry Enterprise Service 10 version 10.1 to 10.2.2
  • BlackBerry Secure Connect Service
CollapseOverview

BlackBerry Secure Connect Service requires Outbound TCP connectivity to the BlackBerry Infrastructure. BlackBerry Secure Connect Service specifically requires a connection with <region>.bbsecure.com over port 3101.

The BlackBerry Secure Connect Service is installed along with the other Core components for BlackBerry Enterprise Service 10, internally behind the firewall.

If direct Outbound TCP connection via port 3101 is not allowed through the firewall:

  • BlackBerry Enterprise Service 10 version 10.1.0:
    • Only a transparent proxy can be used between the BlackBerry Secure Connect Service and the Internet.
       
  • BlackBerry Enterprise Service 10 version 10.1.1 to 10.2.2:
    • A transparent proxy can be used between the BlackBerry Secure Connect Service and the Internet.
    • A non-transparent proxy can also be used between the BlackBerry Secure Connect Service and the Internet.
    • A non-transparent proxy can be configured in the Universal Device Service console under Settings > Secure Connect Service > Enable TCP proxy.
CollapseAdditional Information

Transparent proxy

A transparent proxy intercepts normal communication at the network layer without requiring any special client configuration. Clients need not be aware of the existence of the proxy. A transparent proxy is normally located between the client and the Internet, with the proxy performing some of the functions of a gateway or router.

RFC 2616 (Hypertext Transfer Protocol—HTTP/1.1) offers standard definitions:

  • "A 'transparent proxy' is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification".
     
  • "A 'non-transparent proxy' is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering".

If the BlackBerry Secure Connect Service is unable to contact the BlackBerry Infrastructure, the following error message and exception would appear in the BSC log:

2013-05-22 15:06:56,554 WARN [localhost-startStop-1] [,] TcpClientConnector - Connection attempt failed to complete in 15000 millisecs
2013-05-22 15:06:56,566 WARN [New I/O boss #30] [,] TcpClientChannelHandler - Unexpected exception from downstream. connection timed out
java.net.ConnectException: connection timed out
at org.jboss.netty.channel.socket.nio.NioClientBoss.processConnectTimeout(NioClientBoss.java:136)
at org.jboss.netty.channel.socket.nio.NioClientBoss.process(NioClientBoss.java:82)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312)
at org.jboss.netty.channel.socket.nio.NioClientBoss.run(NioClientBoss.java:41)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
2013-05-22 15:06:56,589 WARN [localhost-startStop-1] [,] ApplicationEndpoint - Unable to connect to EndpointInfo[host=gb.bbsecure.com,port=3101,tls=false,mode=<null>], failureStreak is 1.

2013-05-22 15:07:06,312 WARN [pool-10-thread-1] [,] ApplicationEndpoint - Discovered that we're not connected to endpoint EndpointInfo[host=gb.bbsecure.com,port=3101,tls=false,mode=<null>]. Submitting ConnectJob.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.