BlackBerry Word Template Arial

UK G-Cloud
BES10 Cloud and Managed Services
March 18, 2016
BlackBerry Confidential
BlackBerry Confidential
Page 2 of 34
Confidentiality
This proposal contains information that is proprietary and confidential to BlackBerry UK Limited. This
information is provided for the sole purpose of permitting the recipient to evaluate the proposal. In
consideration of receipt of this document, the recipient agrees to treat information as confidential and to
not reproduce or otherwise disclose this information to any persons outside the group directly responsible
for the evaluation of its contents, without the prior written consent of BlackBerry UK Limited.
Personal Information
This proposal may contain personal information about identifiable individuals such as the employment or
educational history of proposed resources. In consideration of receipt of this document, the recipient
agrees that it shall not use or disclose to any other person such personal information for any purpose
other than its evaluation of this proposal, without the express consent of BlackBerry UK Limited as
required or permitted by law.
RIM ON BEHALF OF ITSELF AND ITS AFFILIATES MAKES NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE
INFORMATION OR GRAPHICS CONTAINED IN THIS DOCUMENT FOR ANY PURPOSE. THE CONTENT CONTAINED IN
THIS DOCUMENT, INCLUDING RELATED GRAPHICS, ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. RIM
HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION, INCLUDING ALL
IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
NON-INFRINGEMENT. IN NO EVENT SHALL RIM BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH
THE USE OR PERFORMANCE OF INFORMATION CONTAINED HEREIN. THIS DOCUMENT, INCLUDING ANY GRAPHICS
CONTAINED WITHIN THE DOCUMENT, MAY CONTAIN TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS.
UPDATES ARE PERIODICALLY MADE TO THE INFORMATION HEREIN AND RIM MAY MAKE IMPROVEMENTS AND/OR
CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED HEREIN AT ANY TIME
Copyright
© 2013, Research In Motion Limited. All rights reserved. All other brand names of products mentioned are
registered trademarks or trademarks of their respective companies.
BlackBerry Confidential
Page 3 of 34
Table of Contents
1
Introduction ....................................................................................................................... 4
1.1
1.2
1.3
1.4
Executive Summary ............................................................................................................................4
BlackBerry Solution .............................................................................................................................4
BlackBerry Enterprise Service 10 .......................................................................................................5
Our Value Proposition to the UK Government ....................................................................................6
2
Services Overview ............................................................................................................ 8
2.1
UK G-Cloud Hosting Options ..............................................................................................................8
2.1.1
Information Assurance ...................................................................................................................8
2.1.2
UK G-Cloud Rollout........................................................................................................................9
2.2
BES10 Cloud Core Service .................................................................................................................9
2.2.1
BES10 Readiness Assessment .....................................................................................................9
2.2.2
BES10 Cloud Features ..................................................................................................................9
2.2.3
BES10 Cloud Core Infrastructure ................................................................................................10
2.2.4
Core Configuration .......................................................................................................................10
2.2.5
BES10 Cloud Monitoring & Maintenance.....................................................................................10
2.2.6
BlackBerry Technical Support Services (BTSS) ..........................................................................11
2.3
Optional Managed Services ..............................................................................................................13
2.3.1
Migration and Integration Services ..............................................................................................13
2.3.2
Training ........................................................................................................................................13
2.3.3
Manage on Behalf Of (MOBO) .....................................................................................................14
2.3.4
Manage on Behalf Of plus End User Help Desk ..........................................................................14
3
Infrastructure Operations................................................................................................. 16
3.1
3.2
3.3
3.4
BES10 Cloud Architecture.................................................................................................................16
Security..............................................................................................................................................17
Compliance .......................................................................................................................................17
Disaster Recovery and Failover ........................................................................................................17
4
Customer On-boarding & Off-boarding ............................................................................ 19
4.1
Ordering & Invoicing ..........................................................................................................................19
5
Customer Responsibilities & Technical Requirements..................................................... 21
6
Trial Service .................................................................................................................... 22
7
Pricing ............................................................................................................................. 23
8
Termination Terms .......................................................................................................... 25
9
Appendix A: Readiness Assessment Tasks .................................................................... 26
10
Appendix B: BES10 Core Configuration Tasks ................................................................ 28
11
Appendix C: BES10 Advanced Configuration Tasks ...................................................... 29
12
Appendix D: Service Level Agreements (SLAs)............................................................... 31
12.1 Core Services SLAs ..........................................................................................................................31
12.1.1
BES10 SLA Exclusions ................................................................................................................31
12.2 Managed Services SLAs ...................................................................................................................31
12.3 SLA Recompense .............................................................................................................................32
13
Appendix E: Response to UK G-Cloud Service Definition ............................................... 34
BlackBerry Confidential
Page 4 of 34
1 Introduction
1.1 Executive Summary
BlackBerry is delighted to provide a proposal to the UK Government for a hosted Enterprise
Mobility Management (EMM) solution that addresses the capabilities, security and cost model required by
the UK Government.
BlackBerry enjoys strong working relationships with a wide range of UK Government customers.
In the past, BlackBerry has been unable to provide truly cost effective services due to the complex nature
of the supply chain across UK Government. BlackBerry is now able to leverage changing service delivery
landscape, and new mechanisms such as PSN and G-Cloud to provide truly cost effective services.
BlackBerry has invested heavily in its Enterprise Platform and Operations in the past 18 months
resulting in significant improvements and changes to the UK Government’s account management
resource and product offerings. The most significant product offering enhancements can be seen in the
cross-platform device management and containerisation capabilities supported through BlackBerry
Enterprise Service10 (an evolution of BlackBerry’s market leading EMM solution BlackBerry Enterprise
Server), and BlackBerry’s new secure multi-tasking device OS BlackBerry10.
UK Government currently has an investment of approximately 250,000 BlackBerry devices and
hundreds of Enterprise servers to manage these devices. We are concerned by the version of the
enterprise software installed and the age of the devices deployed across Government as they are not
representative of the current portfolio which offers a greater opportunity to maximise on investments
made. An additional concern relates to the knowledge BlackBerry solutions held by companies
contracted to manage them on behalf of Government.
BlackBerry believes that its product evolution into cross-platform device management and
containerization allows the UK Government to leverage its significant investment already made in
BlackBerry solutions. The product evolution will allow Government to better meet the needs of new
requirements as a result of Bring/Choose-Your-Own-Device (BYOD/CYOD) or Corporate-OwnedPersonally-Enabled (COPE) initiatives and also the known mobility requirements of many areas of the UK
government.
This proposal addresses the needs of UK Government with a solution that is a simple evolution of
the existing on-premises solution to a secure hosted model for BES10 that allows for transparency in the
procurement of the services.
As a strategic customer of BlackBerry, the UK Government has at their disposal the absolute
priority and focus of experienced staff with appropriate security clearance. Benefits include Executive
Sponsorship, Direct Account Management, Product Roadmap Visibility and Direct Input into R&D and
Software Development.
1.2 BlackBerry Solution
BlackBerry has based this proposal to the UK Government on its flagship EMM solution
BlackBerry Enterprise Service 10.
BlackBerry Enterprise Service 10 (BES10) is architected for the enterprise from the ground up.
BES10 delivers the device management, application management and security organisations need whilst
embracing consumerisation of the business IT environment through BYOD, CYOD and COPE.
The BES10 platform provides comprehensive cross-platform support for smartphones and tablets
whether these are corporate or personal owned. Enterprises can now easily manage cross-platform
mobile device environments (BB10/iOS/Android) from one unified platform and console with BlackBerry
Balance and BlackBerry Secure Work Space.
BlackBerry Confidential
Page 5 of 34
Underpinning BES10, the trusted BlackBerry Secure Infrastructure enables seamless
connections between mobile end points and the corporate environment, behind the firewall, systems and
applications.
1.3 BlackBerry Enterprise Service 10
Since launch in January 2013, BES10 has supported Device Management, Application
Management and Security needs of customers with complex security and control requirements. This
functionality covers not only BlackBerry devices but also iOS and Android smartphones and tablets, but
from May 2014 BES10 will also support Windows Mobile 8 devices. BES10 supports both corporate
owned and personal owned (BYOD) devices.
BlackBerry Balance brings the capability for enterprises to secure corporate data without
restricting the user experience and personal privacy, content and applications of the employee. The ability
for IT to deploy, secure and manage corporate mobile applications to the end user’s device is built in and
seamlessly enabled as a BES10 feature. Working together with BlackBerry World, a flexible corporate
app store is delivered through the BlackBerry World for Work feature. This feature enables the enterprise
to securely provision employees for mandatory and optional mobile applications.
With BES10, BlackBerry has introduced a single solution to fully secure applications and
corporate data on iOS and Android devices by providing security of data at rest on these devices. This
solution brings the option of secure connectivity to iOS and Android devices, completing a comprehensive
device management, application management and security solution for customers with multi-OS
environments.
BES10 also brings Advanced EMM capabilities enabling BlackBerry 10 devices to be deployed
for corporate only use cases, using BlackBerry Balance to allow zero personal data and applications. For
instance in certain areas of the UK Government, some features such as Bluetooth or the camera need to
be disabled to limit the personal use of the device for either compliance, regulatory or policy reasons.
BlackBerry Confidential
Page 6 of 34
The BlackBerry platform truly does support all requirements of the UK Government, from low
security right up to the highest level of security and management.
1.4 Our Value Proposition to the UK Government
The power of the BlackBerry platform in the enterprise goes beyond the smartphone to connect
all facets of a traditional office and mobilise it. With BlackBerry at the hub of the UK Government mobile
computing environment, real-time information and unified communications are pushed to the device so
workers can be “in the office” virtually anywhere.
Behind each BlackBerry smartphone in the enterprise is the BlackBerry Enterprise Solution where
BlackBerry’s global network infrastructure integrates with the BlackBerry Enterprise Server software to
enable access to an organisation’s corporate data and telephone servers; providing a mobile platform that
maintains a high level of security outside the boundaries of a traditional office.
The functionality, security and reliability of the BlackBerry Enterprise Solution is what allows
BlackBerry to be the leader in the enterprise market with Fortune 500 companies worldwide deploying the
BlackBerry solution. The always-on connectivity of a BlackBerry smartphone is powered by BlackBerry's
BlackBerry Confidential
Page 7 of 34
own cloud infrastructure – an infrastructure that has been developed, managed and refined for more than
10 years.
Now BlackBerry has extended its cloud architecture to deliver a BES10 Cloud service that offers
the UK Government the following benefits:

Monitored and maintained in the BlackBerry cloud

Provides full functionality of on-premises BlackBerry Enterprise Service 10

Includes BlackBerry Technical Support Services for Client provided BES Administrator

Optional BlackBerry EMM services essential to the BES10 Cloud solution

Delivered as a per device per month service.
Core BES10 Cloud and Optional Managed Services
With service availability to the UK scheduled for July 2013, BlackBerry can now work with the UK
Government to bring this solution to the G-Cloud CloudStore and continue to evolve the service offering
to meet the essential criteria required of a private cloud solution.
BlackBerry Confidential
Page 8 of 34
2 Services Overview
2.1 UK G-Cloud Hosting Options
Hosting options provided by BlackBerry for BES10 Cloud adhere to the UK G-Cloud phase
definitions of public and private cloud service:

Public Cloud means Utility Computing that is available to individuals, public and private sector
organisations. Public Cloud is often non-geographically specific and can be accessed wherever
there is an Internet connection.

Private Cloud means a Utility Computing infrastructure exclusively for the use of one organisation
or community.

Hybrid Cloud means a combination of Public and Private Clouds, both remaining separate
entities, but with Workload able to migrate between them.
Beginning with BlackBerry’s standard public cloud offering for BES10 Cloud, our private cloud
offerings will provide progressively higher information assurance at impact level 3 and above through the
use of segregated communities of interest and more stringent accredited data center services and
infrastructure.
BlackBerry’s standard public cloud offering for BES10 Cloud offering provides dedicated, single
tenant BES10 services in shared public cloud clusters that are virtually separated by dedicated VLANS.
Based in an EU country, this service will meet Impact Level 2 accreditation for non-restricted or protected
information, a part of Phase I.
For subsequent phases, the same shared public cloud architecture will be applied in a private
cloud context by dedicating cloud clusters to specific communities of interest defined by UK government
requirements. For example, a separate cloud cluster can be dedicated for the shared use of general
public sector consumers or specific communities (such as Police) that have a trusted relationship and
need to work closely together. In the most stringent use case, the cloud cluster can be dedicated to one
single tenant for their exclusive use.
In addition to the BES10 Cloud offering, the option of deploying BES10 services on servers
supplied by the public sector consumer in either a traditional on-premises or on a platform-as-a-service
scenario is also available.
BES10 Public and Private Cloud Phased Approach
2.1.1 Information Assurance
The standard public cloud offering will be targeted at IL2 and below. Our private cloud offering,
based in the UK, will be targeted at IL3.
Each offering shall be evaluated and accredited by the Pan-Government Accreditation Service to
their respective Impact Levels, following standard PSN RMARD and GCloud methodologies.
Management of smartphones will be performed in accordance with the recommendations made by the
Communications Electronics Security Group (CESG) as part of the End User Device Strategy. BlackBerry
will sign up to the Open Procedure framework and apply to the Pan Government Accreditor (PGA) for
application onto the accreditation cycle.
BlackBerry is already an ISO27001-compliant company, providing assurance of our security. We
expect that the PGA will request some additional testing to guarantee separation of data between
customers and non-government systems, and these recommendations will be fully implemented.
BlackBerry Confidential
Page 9 of 34
At IL2, data will be held within the EU. It should be noted that very little sensitive data will be
persisted within the cloud offerings – these are primarily device management and network traffic routing
services. The primary persistent data will be the credentials of users, and log data.
At IL3, data will be held within an appropriately accredited facility within the UK.
Data aggregation, by both accumulation and association, has been considered and reasonable
steps taken to minimise the risks. Nonetheless it is the nature of cloud services that aggregation issues
be considered by customers when performing their own risk management exercises.
2.1.2 UK G-Cloud Rollout
BlackBerry has plans to launch our standard public cloud offering for BES10 Cloud in an EU
country in Fall 2013. This service is intended to meet the commercial needs of Public and Private sector
organisations based in the EMEA region. BlackBerry plans to utilise our public cloud offering to deliver
Impact Level 2 services for proof-of-concept and/or pilot scenarios with a select group of UK Government
organisaitons.
For Impact Level 3 services and higher, it is understood that private cloud deployments must be
based in a data center located in the United Kingdom. To meet this requirement, BlackBerry will work with
its infrastructure as a service partners and/or many alliance partners with suitable data center services in
the UK.
Dependent on the timelines of the UK G-Cloud accreditation and G-Cloud4 CloudStore
framework processes, BlackBerry intends to begin discussions with UK government organisations
regarding proof-of-concept and pilot scenarios to be deployed in an EU country now and be in a position
to have UK based services late in 2013/early 2014.
2.2 BES10 Cloud Core Service
The Core Service provides the foundation for all BlackBerry solutions and includes a Readiness
Assessment, choice of VPN or Excluding VPN deployments, core configuration, BES10 maintenance and
monitoring, and Advanced BlackBerry Technical Support Services.
2.2.1 BES10 Readiness Assessment
BlackBerry will conduct a preliminary environmental assessment of the customer's environment
to uncover gaps, identify potential issues, and validate all requirements are met to ensure a smooth and
easy deployment of the BES10 infrastructure. The assessment will include the tasks outlined in Appendix
A: BES 10 Cloud Readiness Assessment.
2.2.2 BES10 Cloud Features
BES10 Cloud allows for secure access from BlackBerry as well as iOS and Android devices to
the customer’s internal network via the Public Services Network (PSN) for IL2 and higher service
accreditation. The following chart provides the features of the BES 10 Cloud
BES10 Cloud Features
Feature
VPN
Tier
BlackBerry World for Work

BlackBerry Balance

Corporate Controls and Settings

Device Side VPN Connectivity

BlackBerry Confidential
Feature
Page 10 of 34
VPN
Tier
Direct Connectivity to Mail Server (if exposed to Internet)

Local Directory Accounts

Admin Access over the Internet

Admin Access via Secure Channel

Regulated Controls and Settings

Secure Workspace (iOS/Android)

Disaster Recovery

High Availability

SLA

Behind the Firewall Access
Intranet
Internal Apps

Active Directory Integration

2.2.3 BES10 Cloud Core Infrastructure
BlackBerry will be responsible for implementing and maintaining the following items as part of the
infrastructure required to support BES10 deployments in the BlackBerry cloud.
BlackBerry will be responsible for:

Deployment, maintenance and monitoring the base cloud infrastructure (Public and Private)

Deployment, maintenance and monitoring of the BES10 platform

Setup of high availability for the BES10 platform

Setup of backups and disaster recovery at appropriate alternative sites for failover purposes

Provisioning of additional servers as required to accommodate customer growth

Upgrading with software patches the underlying operating system, database servers etc.

Upgrading the BES10 platform to the latest version as feature enhancements are released

Measuring, meeting, validating, and reporting on SLAs

Performing planned maintenances during pre-defined maintenance windows

Procuring all required licenses for servers, databases etc.

Deployment, maintenance and monitoring of network connectivity up to the demarcation
points

Ensuring all required BlackBerry Infrastructure components are operational
2.2.4 Core Configuration
BlackBerry will configure the BES10 core environment to the specifications outlined in Appendix
B: BES 10 Cloud Core Configuration Tasks.
2.2.5 BES10 Cloud Monitoring & Maintenance
BlackBerry will monitor the solution end-to-end and perform any required maintenance to ensure
the service meets the specified SLAs. The monitoring and maintenance will be performed by the
BlackBerry Confidential
Page 11 of 34
BlackBerry Network Operations Center and BlackBerry Service Engineering teams. Both of these teams
are 24/7 and across all data centers the service is deployed in. Details of BES10 monitoring and
maintenance are as follows:

The goal of the monitoring systems is to allow BlackBerry teams the insight to proactively
isolate potential problems and execute required changes

Monitoring data is used for planning purposes to ensure there is ample capacity for the
customer as they continue to grow their device base

BlackBerry will monitor the service at the infrastructure, application, and service levels

Infrastructure monitoring will consist of monitoring virtual servers in the cloud environment,
database components, networking components such as F5 load balancers and network
switches

Application level monitoring will ensure each discrete component that constitutes the BES10
is up, healthy and performing at an expected level

Service level monitoring consists of ensuring the service as a whole, from the viewpoint of the
customer, is behaving as expected

BlackBerry will also monitor any BlackBerry services the BES10 service is dependent on

The data monitored will not contain any personally identifiable information but will be sets of
customer agnostic metrics designed to determine the health of the infrastructure, application
and service as a whole

As the BES10 platform evolves, BlackBerry will continue to update the monitoring systems to
ensure any new or modified components are monitored and the service as a whole meets the
required SLA

Predefined maintenance windows will be leveraged to perform upgrades of infrastructure via
software patches to the underlying operating system, database servers, as well as for
deployment of feature enhancements or fixes related to the BES10 service.
2.2.6 BlackBerry Technical Support Services (BTSS)
With mobile solutions increasingly driving essential business functions, even the smallest
amount of downtime has the potential to disrupt productivity and impact customer service. The BYOD
trend adds another layer of complexity with the need to securely manage both corporate and personal
owned devices. In this mission-critical environment, support is a key component of any EMM strategy. Yet
not all support is created equal – the UK Government requires a strategic partner who can reinforce
mobile business objectives and keep business moving.
BlackBerry takes an holistic approach to Enterprise Mobility Management, with an end-to-end
platform delivering device management, security, unified communications and applications, all
complemented by direct-from the- manufacturer services and technical support. We help you securely
manage and support BlackBerry, iOS and Android devices through BES10. We provide everything
needed to realize the full potential of the UK Governments’ BlackBerry investment.
BlackBerry improves communications and interactions with suppliers, partners, customers and
internal teams. Supporting this is key. BlackBerry Technical Support Services deliver the expertise,
options and tools.

BlackBerry has been providing technical support to customers for over 10 years

BlackBerry supports customers in over 90 countries
2.2.6.1 Advanced BlackBerry Technical Support Services (BTSS)
BlackBerry offers several levels of support globally to provide a wide range of choices that align
to the level of expertise, assistance and resolution time required by the UK Government.
The BES10 Cloud Core Service includes a level of support that blends technical knowledge,
quicker issue resolution and value added expertise. Advanced BlackBerry Technical Support Services
BlackBerry Confidential
Page 12 of 34
(BTSS) provides priority queuing and account management direct from BlackBerry to ensure the solution
meets expectations and maximises uptime.
Advanced BTSS for BES10 Cloud includes:

7/24 Global Support

Priority Queuing: Direct to Level 2*

2 hr electronic response

90 second phone pick up

BlackBerry Expert Support Center (BESC**)

Account Management: Support System Specialist (SSS***)

10 Named Callers

Web based training
*Direct to Level 2: Your organisation bypasses the general support queue and your technical issues are
routed directly to a more experience pool of support analysts.
**BlackBerry Expert Support Center: Your one-stop, self-service online resource that provides
productivity tools, learning and case management
***Support System Specialist: Your organisation has access to a team of trained escalation
professionals who can help manage escalated issues through to resolution, and who will conduct
quarterly program reviews with your support staff. This team will also liaise with Problem
Management for critical issues.
2.2.6.2 Optional Premium BlackBerry Technical Support Services
A Premium level of BlackBerry Technical Support Services (BTSS) is available as an upgrade to
the Advanced level of BTSS included with the Core Service. Premium provides relationship based
support, access to our most experienced support team, and faster response times for your mission critical
mobile environment. Support experts have an intimate knowledge of the customer’s deployment and
mobility management goals.
Premium BTSS for BES10 Cloud includes:

7/24 Global Support

Direct Advanced Response Team (DART*)

1 hour electronic response

90 Second phone Pick up

BlackBerry Expert Support Center (BESC)

Dedicated Account Management: Support Account Manager (SAM**)

15 Named Callers

2 Days On-Site Training (not applicable for customers with optional Managed on Behalf Of
Service).
*Direct Advanced Response Team (DART): Your organisation has direct access to our most
experienced support team to help resolve complex technical support issues.
**Support Account Manager (SAM): This is your trusted advisor at BlackBerry who will proactively notify
you of upcoming software releases or known issues that may be of interest, as well as monthly and
quarterly reviews.
BlackBerry Confidential
Page 13 of 34
2.3 Optional Managed Services
There are a number of optional Managed Services available to ensure that we provide you with
the level of assistance, expertise and partnership essential, to transition, manage your mobile
environment and support end users regardless of mobile device.
We offer Migration and Integration services, Training, Manage on Behalf Of services, Manage on
Behalf Of End User Help Desk Services for Smartphones to align to your mobile business objectives and
requirements.
2.3.1 Migration and Integration Services
Migration services are available to customers who have chosen the standard deployment option,
as a VPN connection is required to complete the automated migration tasks. Customers who opt for the
Migration Service will also receive the Advanced Configuration Service as defined.
BlackBerry will utilize best in class migration tools (such as the B*Nator Migration Toolkit) to
optimize migration to BES10. This tool automates the time intensive process of migrating server settings
and devices as follows:

Server Configuration Settings: Administrator Users, Roles, Profiles and Policy mapping of
current BES4 or BES5 settings are migrated to BES10, which allows the use of comparable
security and compliance settings.

User Migration: Using the B*Nator Migration Toolkit to automate the normally 17 manual
steps and leave only two tasks to schedule user/device migration, and to monitor and
troubleshoot the migration process. During decommissioning, the devices data will be backed
up, wiped, and prepared for recycling. The device account will then be removed from the
BES5 and added to the BES10 server. The provisioning steps include adding the user
account, assigning policies, groups, software configurations, profile settings and an
Enterprise Activation (EA) password. Entering the EA password is the only manual step
required.
2.3.2 Training
BlackBerry offers various training programs, delivered by Authorised Trainers, to provide
customers with the tools and understanding they need to take full advantage of their BES10 environment.
A sample course description for BES10 Cloud is provided below.
As part of the Core Service, Web Based Training (WBT) is included which will help provide insight
to customers on the new environment, addressing BBOS to BlackBerry 10 differences (such as Routing,
ActiveSync, Balance vs. Work Space mode only, Policy Changes and Troubleshooting).
For customers who upgrade to Premium Support, 2 days of Onsite Training is included to provide
detailed content for Technical Support and BES10 Administrators to manage BlackBerry devices using
BES10, as well as troubleshooting BES10 issues within the Cloud Environment. Please note that onsite
training is not applicable for customers who choose the optional Managed on Behalf Of.
For customers who would like to offer Training for their Help Desk on Supporting BlackBerry 10
OS and BlackBerry Link, there is an Optional Service available to provide the knowledge and confidence
to support End Users on BlackBerry 10.
BES10 Optional Course for Help Desk Staff
Course Title
Supporting
BlackBerry 10 OS
and BlackBerry
Link
Duration
2 days
Who Should Attend
Technical Support
Representatives
Course Overview
Through demonstrations and hands-on
activities and labs, participants will
familiarize themselves with BlackBerry
devices running BlackBerry 10 OS. The
focus will be on how to troubleshoot the
common issues that BlackBerry device
users encounter.
BlackBerry Confidential
Page 14 of 34
2.3.3 Manage on Behalf Of (MOBO)
For customers who would prefer to have BlackBerry manage their BES10 environment, 24 x 7
Manage on Behalf Of services are available as an add-on service to the Core Service Offering. It
includes the level of BlackBerry Technical Support Services (BTSS) the customer selects, Advanced
Configuration Service (see Appendix C: BES 10 Advanced Configuration Tasks), as well as BES10
Administration and Account management.
Manage on Behalf Of allows a customer to focus on other strategic initiatives while BlackBerry
manages:

Initial configurations and management of BES10 settings

Settings, profiles, policies, issues

Daily Management of Users and Devices* including MACDs

Apply settings (groups, policies, profiles)

Wipe/lock commands and Password resets
This Service allows for 10 of their Help Desk Named Callers to escalate calls into the MOBO
Admin for Daily Management of Users and Devices tasks as required (or 15 if the customer has uplifted to
Premium Support)
As part of this Service, BlackBerry will create and maintain a Joint Operations and Procedures
Manual (JOP) that will define the processes and procedures to be used by BlackBerry to manage the
customer's BlackBerry environment.
2.3.4 Manage on Behalf Of plus End User Help Desk
Another service available is Manage on Behalf of plus End User Help Desk. With this service, the
customers’ users are entitled to 24x7 service desk support for mobile and device issues (BlackBerry, iOS,
Android) via email and a telephone. The assistance available to end users includes support and
troubleshooting for device features & functions, BES10 Enterprise Activation, BlackBerry Balance,
BlackBerry ID, and BlackBerry Link. This service must be purchased with the Manage on Behalf Of
service offering. Additionally, customers can opt to have a private toll free number reserved for their
organization. By purchasing a private toll free number, customers can also opt to give designated
individuals access to an expedited higher level of support. Sample tasks included with the Manage on
Behalf of plus End User Help Desk have been outlined below.
End User Service Desk Support Tasks
Support Tasks
Daily Management
of Users and
Devices
(*If Help Desk is
selected these
tasks aren’t done at
MOBO Admin level)
Basic Feature and
Function Support
Troubleshooting
Tasks Performed
 User MACD *
 Apply appropriate settings to users* (e.g. groups, policies, profiles, software
configurations)
 Activate/remove devices*
 Initiate theft/loss protection commands* (e.g. remote wipe of device data, or
remote lock of device)
 Password reset in cases of forgotten passwords*
Corporate email and PIM (calendar, contacts, tasks, notes) configuration
Making phone calls
Browsing the Internet
Device messaging features (e.g. SMS & MMS)
Device security features (e.g. device password)
Network connections (e.g. Wi-Fi, Bluetooth, VPN)
Device options and settings (e.g. notifications, display, language and input,
BlackBerry Balance, BlackBerry ID)
 BlackBerry Link (e.g. device backup/restore, multimedia and document
synchronization)
 Activation issues
 Corporate email and PIM access from device







BlackBerry Confidential
Support Tasks
Software &
Applications






Page 15 of 34
Tasks Performed
Device network connectivity issues
Device messaging features (e.g. SMS & MMS)
Hardware issues (e.g. keyboard, touchscreen, Bluetooth, Wi-Fi, camera)
Device configuration issues
Upgrade/reinstall device software
Install/upgrade customer approved device applications
A report containing the following information will be provided on a monthly basis. Customer may
request up to one call per month to review report and processes.
Component
Service Desk Call
Metrics
Problem Reporting










Metrics Included
Total number of incoming calls
Average calls per day
Average call duration
Average time to answer
First call resolution percentage
Total lost calls
Total support cases opened
Total support cases closed
Top ten closed cases by category and sub-category
Top ten device models by case
BlackBerry Confidential
Page 16 of 34
3 Infrastructure Operations
3.1 BES10 Cloud Architecture
The BES10 Cloud architecture is designed with security and scalability in mind. The current version
of the architecture that is available is one in a Shared BlackBerry Cloud Cluster.
Within the Shared BlackBerry Cloud Cluster architecture, an EU Country based data center will
be used to host the dedicated BES10 instances. The internal network components, the DMZ and
management networks will also be securely separated via VLANs. The appropriate firewalls and access
control will be implemented. The VPN Tier outlined in more detail in section 2.2.2 offers high availability,
disaster recovery (another EU country based data center), and connectivity back to customer’s internal
network via the PSN
In addition to the Shared BlackBerry Cloud, BlackBerry has three other Private BlackBerry Cloud
architectures under development. These will allow for private cloud instances to be deployed solely for
the use by that customer. A disaster recovery private cloud will also be deployed to ensure service
availability in the event of a disaster.
UK G-Cloud Public and Private BES10 Cloud Architectures
Phase I: Public Cloud
Phase II & III: Private Cloud
Public BlackBerry
Cloud Cluster
Private BlackBerry
Cloud Cluster
Private BlackBerry
Cloud Cluster
EEC Country Based
Organisation A
HMG Cabinet Offices
IL3+: Dedicated Confidential
Single UK Gov’t Dept.
Police Services
Police Services
Organisation E
Police Services
Organisation D
Police Services
Organisation C
Police Services
Organisation B
Organisation A
Organisation E
Healthcare Services
Healthcare Services
Local Government
Organisation D
Local Government
Organisation C
Local Government
Organisation B
Organisation A
BlackBerry
Customer C
Specific UK Gov’t Dept(s)
BlackBerry
IL3: Shared Restricted
General UK Gov’t Depts
Customer B
IL2+: Shared Protected
Public Community
Customer A
IL2: Shared Protected
Private BlackBerry
Cloud Cluster
UK Country Based
The diagram below shows a detailed view of the Shared BlackBerry Cloud cluster architecture
which is currently available.
UK G-Cloud BES10 Cloud IL2 Architecture
G-Cloud BES 10 Cloud – Hosted
ISO 27001 Certified
IL2 Architecture
ITSHC Accrediation
Monitoring
DMZ
VLAN E
Internal Network
NOC
DMZ
Firewall C
Dedicated VPN or
MPLS Secure
Connectivity
Customer B (or B+C)
Segmented Secure Network
Dedicated BES 10
Internet or PSN
Dedicated VPN or
MPLS Secure
Connectivity
Firewall B
BlackBerry
Infrastructure
BlackBerry
Router
Pool (Shared)
Customer A
Segmented Secure Network
Firewall A
Dedicated BES 10
User Interfaces
User Interfaces
Universal Device Service
Universal Device Service
BlackBerry Device Service
BlackBerry Device Service
Local User
Support
Local User
Support
Customer AD
Integration
Customer AD
Integration
Shared SQL DB
Server
Management
Network
VLAN F
Customer A
BlackBerry Router
Shared Secure Network
Firewall E
Bastion Host
iOS/
Android
Schema C Schema D Schema n
BlackBerry Cloud Infrastructure
Single Altus Zone
BlackBerry 10/
PlayBook
BlackBerry Confidential
Page 17 of 34
3.2 Security
The solution has been designed in accordance with industry best practices. Data separation is
provided through use of bare-metal hypervisors, VLANs, and switch partitioning.
Customer separation will be generally managed by each customer having their own BES server –
this provides separation of accounts, as well as separation of network traffic. Only smartphones activated
against the customer’s own BES server will be allowed to access the customer’s internal network via the
VPN (if used). There may optionally be the facility to share VPNs between multiple customers.
Management within BlackBerry will only be performed by staff with appropriate approvals and
clearance levels. At IL2 this refers to BS7858 or equivalent, at IL3 this may include BPSS as needed. All
management activities are performed via the use of Bastion Hosts (also known as Jump Boxes), allowing
a centralised focus of audit, access control, and overall management. Audit logs will be maintained by
management access, and stored securely.
Customers may be allowed to perform some management activities on the BES servers
themselves. Each customer will only be allowed to access their own server, and management activities
will be limited to user administration, access to user activity logs, and activities which cannot adversely
impact the security of that customer’s instance – for example the customer will be able to review IT
policies, but not amend them. By design no customer can impact the security of any other customer.
Where customers are allowed some level of self-administration, access controls will be enforced by the
BES software’s group-based access control. Where self-administration is not allowed, this will be further
enforced by network access controls.
Physical access to data centers hosting the cloud offerings will be limited to only those with
necessary access. Any devices storing data, such as hard drives, will be wiped in accordance with
required levels prior to destruction.
Limited automated analysis will be performed of logs, in accordance with requirements of IL2. For
the IL3 offering, we will aim to meet the audit and protective monitoring requirements of CESG GPG13,
with the exact scope to be determined following discussion with the PGA.
3.3 Compliance
BlackBerry is an ISO27001-compliant company, certified by BSI Group.
We have extensive experience working with governments around the world. Our smartphone and
server offerings have been approved for government use at IL3/RESTRICTED since 2005, and we have
a close working relationship with CESG. We meet international security levels within a large numbers of
nations, ranging from the 5-Eyes community to countries in Eastern Europe, Africa, Asia, and the
Americas.
The overall architecture of each instance within the cloud offerings is compliant with the CESG
guidelines for use at OFFICIAL produced as part of the End User Strategy. For BlackBerry 10
management this means use of the BlackBerry VPN with a BlackBerry Router DMZ component. For iOS
and Android management, this means use of an appropriately configured VPN gateway within the DMZ,
with an overall Walled Garden architecture.
Our IL3 cloud offering will be compliant with any CESG Security Procedures for use of
smartphones at IL3. Currently this is limited to only BlackBerry OS 7.1 and earlier, and iOS 6.1.
Management of the solution will be performed by the customers themselves, and by BlackBerry
personnel. BlackBerry personnel with access to the system have all been hired through, and vetted
according to, standards equivalent to BS 7858.
3.4 Disaster Recovery and Failover
BlackBerry will implement a DR strategy that will have the service active within two paired data
centers. The paired data centers will be in an active/active state and in a high availability (HA) cluster.
SQL mirroring will be used for the databases. If the need for a DR is invoked, an automatic failover to the
paired data center will be executed which will include an automated rebuild and re-install of the service.
BlackBerry Confidential
Page 18 of 34
BlackBerry’s disaster recovery targets for the BES10 Cloud service are:
Target Name
Maximum Tolerable Outage (MTO)
Recovery Time Objective (RTO)
Recovery Point Objective (RPO)
Target Time
 6 hours
 4 hours
 1 hour
BlackBerry Confidential
Page 19 of 34
4 Customer On-boarding & Off-boarding
BlackBerry will employ an easy three step process to successfully onboard the customer onto the
BlackBerry Cloud Cluster. The onboarding process is also presented using an ITIL Service Lifecycle view
below.
The first stage in onboarding is Discovery, Planning and Deployment. During this stage, BlackBerry
will provide an overview of the entire BES10 Cloud service. BlackBerry and the customer will discuss
high level strategic topics regarding mobility within their organisation. BlackBerry will request information
regarding the customer’s current mobility setup and the current mobility services in use as outlined in
Section 2.2.1. Subsequent to these discussions, there will be discussions to completely understand the
customer needs and requirements, including location, security and network.
In the second phase of the onboarding process, BlackBerry will build a Pilot/Trial environment for
the customer to use. The environment will be fully featured and will allow the customer to become
intimately familiar with the feature set prior to moving into the Production stage. Section 7 contains more
detail on the Trial Service.
In the third stage, the customer’s production environments (primary and DR site) will be created as
per specifications and requirements discussed earlier. Deployment options and service tiers are
discussed in Section 2.2.2. Any migrations that need to occur will be completed by BlackBerry staff. The
customer will receive additional training if required.
BlackBerry will monitor the environment 24/7 for performance and security issues and take
appropriate pre-defined actions to resolve the issues as agreed up. Section 2.2.3 discusses the
responsibilities of BlackBerry once the customer is in production.
BlackBerry Onboarding Process with ITIL Service Lifecycle View
Service Strategy
•Kick-off Meeting with
BES10 Cloud Service
Overview
•Customer
Engagement
•Trial Service
Discussion
Service Design
•Customer Needs and
Requirements
•Technical & Support
Plan
•Allocation of server
space in appropriate
data centers
•Disaster Recovery
Site Selection
Service Transistion
Service Operation
•BES 10 Environment
Preparation
•Joint Setup and
Configuration
•IT Admin Training
•EMM Migrations
•Gap and Issue
Resolution
•Deployment
verification
•24/7 Performance
Monitoring
•24/7 Security
Monitoring
•Adding server
capacity as required
•Event, Incident and
Problem
Management
•Adherence to SLAs
Continual Service
Improvement
•Application server
upgrades
•Underlying operating
system upgrades
•Security patch
upgrades
•Cloud infrastructure
upgrades
•Comparison of
performance with
baseline
4.1 Ordering & Invoicing
Customers will have the ability to select BES10 from the online “CloudStore”. BlackBerry will
respond directly to confirm contact information and perform a high level needs assessment. This will
qualify the customer and ensure an optimal fit with the desired service. A quote will be prepared for the
customer. Pending customer acceptance of the offer, BlackBerry will perform a detailed needs
assessment with applicable service provisioning to initiate the BlackBerry Enterprise Service 10 Cloud
solution.
BlackBerry Confidential
Page 20 of 34
BlackBerry will generate monthly invoice statements for the customer based on the number and
type of device activations on their BES. Device charges will be calculated based on month end
snapshots, using full-month costs regardless of specific activation date within the month.
Customer contact info that will be requested:
 Company Name
 Company Location
 Billing Address
 Delivery Address
 Customer Contact Name
 Title
 Email address
 Phone number
 Customer VAT number(s)
BlackBerry proposes to work with our long term trusted Elite Systems Integration Partners, DMI
and ISec7, who have formed a strategic partnership to provide world-wide Managed Mobility Services. In
providing these services to UK Government customers, BlackBerry will use ISec7’s proven B*Nator tool to
automate most of the processes required to rapidly and securely transition Government users from the
BlackBerry BES platform to the BES10 Cloud service. B*Nator can also be used to transition user
accounts from competing MDM platforms to BES10.
DMI is a leading provider of mobile solutions and services for smart devices, with a turnover of
$250 million. DMI has been an elite BlackBerry Alliance Partner for more than 10 years and is
BlackBerry’s North American training Partner for Customers and other Partners. DMI’s commitment to
excellence in Enterprise Mobility and Cybersecurity Solutions, Strategic Consulting, Managed Services,
and Application Development has resulted in dramatic growth and an expanding global client base that
includes hundreds of commercial clients and all fifteen U.S. Federal Departments. Headquartered in
Bethesda, USA, DMI has offices in New York, Barcelona, Chicago, Pune, London, and Washington D.C.
For more information, visit www.dminc.com
The ISEC7 Group is a global provider of mobile business services and software solutions and has been
an elite BlackBerry Alliance Partner for more than 10 years. The company was one of the first movers to
mobilise company and business processes. Today, ISEC7 counts numerous renowned companies and
governmental organisations as committed customers. The innovative ISEC7 solutions, such as Mobility
for SAP, B*Nator and Mobile Exchange Delegate have proven to be ground-breaking in their sector and
are always state of the art. ISEC7 was founded in Hamburg in 2003 and has international subsidiaries
and offices including Germany, USA, Switzerland, Spain and Brazil. For more information, visit
www.isec7.com
BlackBerry Confidential
Page 21 of 34
5 Customer Responsibilities & Technical Requirements
The following are customer requirements and technical customer requirements which BlackBerry
needs the customer to adhere to. The list represents the most common requirements but there may be
others identified during further analysis of the customer's environment and needs.
Customer responsibilities:

Ensure attendance of key resources (technical and non-technical) at required meetings
(Kick off meeting, pricing discussions, customer needs and requirements discussions
etc.)

Provide a Project Manager (if complexity of integration requires)

Respond to communication in a timely fashion for information, clarification, form
completions requests etc.

Provide additional requirements in a timely fashion in addition to baseline requirements
proposed by BlackBerry

Inform BlackBerry of any internal processes relevant to the setup that may impact the
build-out and deployment of the customer's BES10 Cloud instance

Agree to pricing and legal terms and conditions

Provide BlackBerry a notification 4-8 weeks in advance of a large (1000+) increase in
user base after the initial user on boarding

Provide BlackBerry with any additional 3rd party security checks required

Ensure adequate connectivity to the PSN
Technical requirements needed by the customer:

Provide a clear description of the customer's current network and physical topology

Provide a clear description of any on-premises, cloud services or applications in use that
require integration with BES10 Cloud

Specify technical policies in use that may prohibit integration from the customer's system
(on-premises or cloud) to the BES10 Cloud

Have the required VPN concentrator equipment with ample capacity to allow for a VPN
connection from BES10 Cloud (if applicable)

Provide staff for joint configuration of networking equipment with BlackBerry to setup
required authentication and encryption schemes (if applicable)

Set up and own the MPLS circuit offered by a 3rd party that would connect to BES10
Cloud (if applicable)

Ensure the customer's services (on-premises or cloud) have failover capabilities and also
have network failover capabilities

Allow BlackBerry access to various IP/Ports within the customer's firewalls as required (if
applicable)

Allow BlackBerry access to the on-premises BES 4/5 installation for migration or
management purposes (if applicable)

Get an Apple Push Notification Service certificate signed by Apple and return to
BlackBerry for the sole use within the customer's BES10 Cloud instance

Allow access to the customer's Active Directory for integration with the customer's
BES10 Cloud instance (if applicable)
BlackBerry Confidential
Page 22 of 34
6 Trial Service
BlackBerry can provide a fully featured trial BES10 environment to evaluate the service. The
BES10 server will:
Include the latest version of the BES10 software

Offer the complete feature set including BlackBerry 10, iOS and Android EMM, Secure

Work Space for iOS and Android etc.
Be located in an EU Country

Be located in an IL2 data center in a Public Cloud

Be securely separated from other tenants

Meet all the security guidelines, accreditations and certifications for an IL2 Production

data center
Allow connection of a pre-defined number of devices for evaluation purposes

Allow administration of the BES via secured user interfaces

Allow for IPSEC VPN connectivity back to a PSN (if required)

Feature disaster recovery and high availability

Allow multiple government departments to have their own trial BES10 servers

Run for a pre-defined trial duration

Be securely cleaned of any data post evaluation

BlackBerry Confidential
Page 23 of 34
7 Pricing
BlackBerry Enterprise Service 10 v10.1 Client Access Licenses are available for purchase on a monthly
subscription basis.
The prices are summarized below.
Price per
Month
Price per
Month
Advanced
BTSS
Premium
BTSS
BES10 EMM Corporate CAL (BlackBerry 10, iOS, Android)
£4.75
£5.40
BES10 Secure Work Space CAL (iOS, Android)
£6.95
£7.60
Service Offering
Core Service
One Time Set Up and Service Charge
£975.00
Optional Enterprise Managed Mobility (EMM) Services
Manage on Behalf Of (MOBO)
£1.80
Manage on Behalf Of (MOBO) Plus End User Help Desk
£5.20
Manage on Behalf Of (MOBO) Plus End User Help Desk (Toll Free)
£5.36
Manage on Behalf Of (MOBO) Plus End User Help Desk (Toll Free w/ VIP)
£5.43
The BlackBerry Enterprise Service 10 Cloud Hosted server offers the following benefits:

Provides full functionality of on-premises BlackBerry Enterprise Service 10 for BB10, iOS
and Android device management

Includes BlackBerry Technical Support Services for Client provided BES Administrator

Monitored and maintained in the BlackBerry cloud

Optional BlackBerry EMM services essential to the BES10 Cloud solution including
Manage on Behalf Of and End User Help Desk

Delivered as a per device per month service
There is a onetime set up and service charge of £975.00. The minimum contract period for this offer is 2
years as per G-Cloud Framework Agreement.
Assumes G-Cloud consumer has connectivity to the Public Services Network (PSN). Also, end user
device and data costs are the responsibility of the consumer and not included in this service.
The pricing is based on a per device per month basis (minimum 1000 device/month commitment
required). Customization and training are not part of the license price and are negotiated separately.
Volume discounts are not available.
BES10 EMM Corporate CALs for BlackBerry 10, iOS and Android devices includes:





BlackBerry Balance Technology (BlackBerry 10 only)
BlackBerry secure connectivity which negates the need for 3rd party VPN solutions (BlackBerry
10 only)
Enterprise Application store
Device Management capabilities
Advanced Level Technical Support with optional upgrade to Premium Level T-Support
BlackBerry Confidential
Page 24 of 34
BES10 Secure Work Space Annual CALs includes:
 Application containerization for iOS and Android devices
 BlackBerry proprietary application wrapping technology to easily deploy applications into the
Secure Work Space
 BlackBerry secure connectivity which negates the need for 3rd party VPN solutions
 Secure Browser
 Docs to Go Premium Edition
 Advanced Level Technical Support with optional upgrade to Premium Level T-Support
For the cloud infrastructure, BlackBerry will assume responsibility for:
 Readiness assessment
 Deployment, maintenance and monitoring the base cloud infrastructure
 Deployment, maintenance and monitoring of the BES10 platform
 Setup of high availability for the BES10 platform
 Setup of backups and disaster recovery at appropriate alternative sites for failover purposes
 Provisioning of additional servers as required to accommodate customer growth
 Upgrading with software patches the underlying operating system, database servers etc.
 Upgrading the BES10 platform to the latest version as feature enhancements are released
 Measuring, meeting, validating, and reporting on SLAs
 Performing planned maintenances during pre-defined maintenance windows
 Procuring all required licenses for servers, databases etc.
 Deployment, maintenance and monitoring of network connectivity up to the demarcation points
 Ensuring all required BlackBerry Infrastructure components are operational
Advanced and Premium BlackBerry Technical Support Services (BTSS)
The Advanced Level Technical Support is included in the Core Service and provides i7/24 global support
for 10 named callers with priority queuing direct to Level 2, Account Management from a Support System
Specialist, access to the BlackBerry Expert Support Center, and web based training.
For customers who want a higher level of support, Premium is available as an option. This Level
provides7/24 Global Support for 15 named callers with queuing to our highest level Direct Advanced
Response Team (DART) , a dedicated Support Account Manager, access to the BlackBerry Expert
Support Center and 2 days on-site training.
Optional Enterprise Managed Mobility Services
Manage on Behalf Of (MOBO) Service provides the level of BlackBerry Technical Support Services
(BTSS) the customer selects, including:








7x24 Manage on Behalf Of whereby BlackBerry manages the BES 10 environment on behalf of
the customer
Advanced configuration service
Initial configurations and management of BES10 settings
Settings, profiles, policies, issues
Daily management of users and devices including MACDs
Apply settings (groups, policies, profiles)
Wipe/lock commands and Password resets
Ability for 15 Help Desk Named Callers to escalate calls into the MOBO Admin for daily
management of users and devices tasks as required
The Manage on Behalf plus End User Help Desk includes direct access for end users to receive
handheld support on iOS, Android and BlackBerry devices. This service entails support and
troubleshooting for device features and functions, BES10 Enterprise Activation, BlackBerry Balance,
BlackBerry Confidential
Page 25 of 34
BlackBerry ID, and BlackBerry Link. Additionally, customers can opt to have a private toll free number
reserved for your organization. Organizations can also opt to receive escalated support access for
designated individuals (i.e. VIP) requiring on-going expedited support.
8 Termination Terms
Upon termination or expiration of this Agreement, all authorised users right to use the BES10
Service will immediately cease. BlackBerry retains the right to delete all data from its servers upon
termination or expiration of this agreement. You agree that BlackBerry may retain your data for up to
ninety (90) days after expiration or termination of this agreement, or for so long as may be required to
comply with: (i) any law or regulation applicable to BlackBerry; or (ii) any court, regulatory agency or
authority to which BlackBerry is subject. Any data that is not returned or destroyed pursuant to this
agreement shall continue to be subject to confidentiality protections described in this agreement for so
long as it is in BlackBerry’s possession
BlackBerry Confidential
Page 26 of 34
9 Appendix A: Readiness Assessment Tasks
Stage
Customer
Engagement
Customer
Needs and
Requirements
Joint Setup
and
Configuration
Checklist
 Acquire basic customer contact information
 Understand customer's current Enterprise Mobile Computing Strategy (if
applicable)
 Name and details of current MDM provider
 Current policies such as Bring Your Own Device (BYOD) etc.
 Existing deployments of BES products
 Approximate count of devices across supported mobile platforms
 Understand the customer's current mail platform(s) and associated services
 Cloud and/or On-Premises
 Office 365 (Standard, Dedicated, Federated)
o Microsoft Exchange
o Microsoft Lync
o Microsoft Sharepoint
 IBM Lotus Domino
 Novel GroupWise
 Understand the customer's physical and network topologies
 Understand the customer's specific mobile computing needs such as
specific mobile apps
 Discuss migration to BES10 from an earlier BES product or a competitive
MDM platform
 Discuss any training needs the customer may have
 Discuss Trial/Pilot environment setup (if required)
 Trial start date/end date
 Key success factors
 Specific customer requirements
 Discuss customer's need for security and separation in the BlackBerry Cloud
 Discuss customer's support needs (Ex. BTSS etc.)
 Other Questions
 Understand current mobile device connectivity already in use by the
customer
 Discuss active directory integration (if desired)
 Discuss other specific requirements the customer may have
 IPSEC VPN and/or MPLS connectivity requires joint co-operation of
BlackBerry and the customer
 BlackBerry has pre-defined processes and forms which provide a clear
outline of the steps/input required but are also flexible to accommodate
specific customer requirements/needs
 Sign Apple Push Notification Service Certificate (APNS) for insertion into the
BES10
BlackBerry Confidential
Stage
BES10
Environment
Preparation(s)
Post Setup
Page 27 of 34
Checklist
 BlackBerry Engineering will create an environment as per the specifications of
the customer
 The data center will meet the location requirements and have the required
accreditation and certifications
 The network setup will meet the customer's requirements and will contain a
separate DMZ, Management Network and other network segments as
required
 The environment will also have the required security monitoring in place by the
BlackBerry Security Operations Center (SOC)
 Use of the environment can be for:
 Trial/Pilot Stage
 Production/Full Deployment Stage
 Connectivity to a PSN or other network via IPSEC VPN or MPLS will also be
set up
 High availability will be setup and appropriate disaster recovery sites will also
be created
 24/7 monitoring will be configured at the infrastructure, application and service
layers to meet pre-set SLAs
 Logging will be securely kept within BlackBerry infrastructure with retention
periods as determined by customer/legal requirements
 Appropriate access level restrictions will be enforced as per customer
requirements
 Device licenses will be configured in the customer's BES instance
 Customer's Apple Push Notification Service Certificate will be inserted into the
BES
 Any migrations required from an earlier BES instance or a competitive EMM
platform will be conducted
 Verification and validation testing will be done to ensure the setup was
successful
 Customer environment will be monitored for performance by the BlackBerry
Network Operations Center and for security threat by the BlackBerry Security
Operations Center
 Customer is able to administer the users or allows BlackBerry to manage on
their behalf
 BlackBerry teams will add more server capacity as required if the number of
users expands beyond the capacity of the already deployed server
 BlackBerry teams will continue to upgrade the operating system, BES platform,
DB software etc. as required without any involvement from the customer or
any impact to the customer. This will be done during planned maintenance
windows.
 Customer will have access to 24/7 help desk (if applicable)
BlackBerry Confidential
Page 28 of 34
10 Appendix B: BES10 Core Configuration Tasks
Component
BlackBerry Device
Service
Universal Device
Service
BlackBerry
Management Studio
BlackBerry
Administration Service
BlackBerry
Collaboration Service
(for Standard
Deployments)
Configuration Tasks
 Configure the following BlackBerry Administration Service settings:
 Configure log retention
 Create one site administrator account
 Configure SMTP settings
 Configure device activation settings and email template
 Create one custom IT policy
 Create one email profile
 Application Management
 Create application repository and specify location in BAS
 Configure organisation name for BlackBerry World for Work
 Create one group and associate properties with group
 Configure deployment job default delay
 Test configured settings and verify functionality
 Verify profiles and settings associated with BlackBerry devices
are applied (e.g. email profile, IT policy, etc.)
 Verify BlackBerry devices are able to receive and send email
messages and synchronize PIM information (e.g. calendars
and contacts)
 Configure High Availability if implementing a Standard Deployment
 Create BlackBerry Collaboration Service pool
 Enable BES10 high availability for automatic failover
 Configure the following settings in UDS Administration Console:
 Request and install Apple APNs certificate
 Integrate UDS with customer's environment for the following if
implementing a Standard Deployment:
o Active Directory
o Microsoft ActiveSync gatekeeping (requires Microsoft
Exchange 2010)
 Configure default device activation settings and customize
activation email template
 Configure device compliance settings
 Create and configure one device compliance profile
 Update template for device compliance notification
 Create one custom IT policy
 Create one Microsoft ActiveSync profile
 Create one group and associate properties with group
 Create one administrator account
 Test configured settings and verify functionality
 Verify profiles and settings associated with devices are applied
(e.g. ActiveSync, IT policy, etc.)
 Verify devices are able to receive and send email messages
and synchronize PIM information (e.g. calendars and contacts)
 Add additional EMM domains to BMS
 Log into BMS and verify access to EMM domain(s)
 Enter Client Access Licenses
 Configure BAS (for Standard Deployment)
 If using Microsoft Office Communications Server 2007 R2 or
Microsoft Lync Server 2010 or 2013, provision BlackBerry
Collaboration Service as a trusted application in Microsoft Active
Directory
 Publish BlackBerry Enterprise IM client to software repository and
create software configuration to deploy client to BlackBerry 10
devices
BlackBerry Confidential
Page 29 of 34
11 Appendix C: BES10 Advanced Configuration Tasks
Component
BlackBerry Device
Service
Universal Device
Service
BlackBerry
Management Studio
BlackBerry
Configuration Tasks
 Configure the following BlackBerry Administration Service settings:
 Create administrator accounts
 Configure device activation settings and email template
 Create custom IT policies
 Create one each of the following profiles: email, Wi-Fi, VPN,
Proxy
 Create SCEP profile, if implementing a Standard Deployment
 Application Management
 Create application repository and specify location in BAS
 Publish internal and/or BlackBerry World applications to
repository
 Create software configurations
 Configure organisation name for BlackBerry World for Work
 Create groups and associate properties with group
 Configure custom background for work perimeter on BlackBerry 10
devices
 Test configured settings and verify functionality
 Verify profiles and settings associated with BlackBerry devices
are applied (e.g. email profile, IT policy, etc.)
 Verify BlackBerry devices are able to receive and send email
messages and synchronize PIM information (e.g. calendars
and contacts)
 Configure High Availability if implementing a Standard Deployment
 Create BlackBerry Collaboration Service pool
 Enable BES10 high availability for automatic failover
 Configure the following settings in UDS Administration Console:
 Request and install Apple APNs certificate
 Integrate UDS with customer's environment for SMTP
 Integrate UDS with customer's environment for the following if
implementing a Standard Deployment:
o Active Directory
o SCEP
o Microsoft ActiveSync gatekeeping (requires Microsoft
Exchange 2010)
 Configure default device activation settings and customize
activation email template
 Configure device compliance settings
 Create and configure device compliance profile
 Update template for device compliance notification
 Review IT policy best practices and create IT policies
 Create each of the following profiles: Microsoft ActiveSync, Wi-Fi,
VPN, SCEP (for Standard Deployments), and Certificate (CA,
Shared, User)
 Application Management:
 Publish application definitions to application repository
 Create software configurations
 Create group and associate properties with group
 Create administrator accounts
 Test configured settings and verify functionality
 Verify profiles and settings associated with devices are applied
(e.g. ActiveSync, IT policy, etc.)
 Verify devices are able to receive and send email messages
and synchronize PIM information (e.g. calendars and contacts)
 Add additional EMM domains to BMS
 Log into BMS and verify access to EMM domain(s)
 Configure BAS pool (for Standard Deployment)
BlackBerry Confidential
Component
Administration Service
BlackBerry
Collaboration Service
(for Standard
Deployments)
Daily Management of
Users and Devices *
Page 30 of 34
Configuration Tasks
 If using Microsoft Office Communications Server 2007 R2 or
Microsoft Lync Server 2010 or 2013, provision BlackBerry
Collaboration Service as a trusted application in Microsoft Active
Directory
 Publish BlackBerry Enterprise IM client to software repository and
create software configuration to deploy client to BlackBerry 10
devices.=
 User MACD
 Apply appropriate settings to users (e.g. groups, policies, profiles,
software configurations)
 Activate/remove devices
 Initiate theft/loss protection commands (e.g. remote wipe of device
data, or remote lock of device)
 Password reset in cases of forgotten passwords
* These functions could be performed by the customer’s Help Desk as they do not have to be
performed by the EMM Admin. For customers who select the Optional Service, Manage on
Behalf Of plus End User Help Desk, daily management of users and devices will be performed
by the EMM End User Help Desk team instead of the EMM Admin.
BlackBerry Confidential
Page 31 of 34
12 Appendix D: Service Level Agreements (SLAs)
To validate our commitment to excellence, all of BlackBerry’s services are delivered under
formalised Service Level Agreements (SLAs). The following illustrates typical SLA metrics.
12.1 Core Services SLAs
During the Term of the applicable BlackBerry Agreement (the "Agreement"), the BlackBerry BES10
Cloud service will be operational and available to the customer at least 99.9% of the time in any calendar
month. If BlackBerry does not meet the BES10 Cloud SLA, and if the customer meets its obligations
under this BlackBerry SLA, the customer will be eligible to receive the Service Credits described in
section 6. This BES10 Cloud SLA states customer's sole and exclusive remedy for any failure by
BlackBerry to meet the BlackBerry BES10 SLA.
The following definitions shall apply to the BlackBerry BES10 Cloud SLA:



"Downtime" means, for a domain, if there is more than a five percent user error rate.
Downtime is measured based on server side error rate.
"BlackBerry BES10 Service" means the administration, network (VPN), BDS, and UDS
components of the Service.
"Monthly Uptime Availability" means for a given month, 1 minus the sum of the impact(s)
(where impact = Duration of incidents x % of users) divided by the total number of minutes in
a calendar month. As an example, if the total impact for a given month is 40 minutes:
Availability = 1 – (total impact/ (30days*24hours*60minutes)
= 1 – (40/43200)
= 1 – 0.0009259
= 0.9991 * 100
= 99.9%
12.1.1 BES10 SLA Exclusions
The BlackBerry BES10 SLA does not apply to any services that expressly exclude this BlackBerry
BES10 SLA (as stated in the documentation for such services) or any performance issues that result from
the customer's equipment, third party equipment and/or Carrier response/resolution not within the primary
control of BlackBerry. Will also exclude scheduled maintenance windows.
12.2 Managed Services SLAs
BlackBerry backs up our managed services, including Manage on Behalf Of and Manage on
Behalf Of with End User Help Desk with industry leading SLAs that are continuously monitored and
measured for conformance.
Update Interval SLAs
Severity
Level
1
Definition
A severity one issue is a catastrophic production
problem which may severely impact the Customer’s
production systems, or in which Customer’s
production systems are down or not functioning and
no procedural work around exists.
Update
Interval
1 hour
BlackBerry Confidential
2
3
4
Page 32 of 34
A severity two issues is a problem where the
Customer’s system is functioning but in a severely
reduced capacity. The situation is causing significant
impact to portions of the Customer’s business
operations and productivity. The system is exposed to
potential loss or interruption of service.
A severity three issue is a medium to low impact
problem which involves partial non-critical
functionality loss. One which impairs some operations
but allows the client to continue to function. This may
be a minor issue with limited loss or no loss of
functionality or impact to the client’s operation and
issues in which there is an easy circumvention or
avoidance by the end user.
A severity four issue is for a general usage question
or recommendation for a future product enhancement
or modification. There is no material impact on the
quality, performance, or functionality of the product.
2 hours
4 hours
Every 24
hours
Response Time SLAs
Service Agreement
Meet
First contact resolution
≥80%
Calls answered within 90 seconds
≥80%
Voice messages returned < 2 hours
≥80%
Advantage Customers Email response time < 2 hours
≥80%
Premium Customers Email response time < 1 hour
≥80%
Instant Messaging Response Time < 5 minutes
< 80%
Calls abandoned above 90 seconds
≤10%
Device Incident response time within 4 hours
≥80%
12.3 SLA Recompense
In general, the SLA recompense for missed service level agreement will follow the following
service credit definition for both core service and optional selected services.
During the Term of the applicable Service Order, the BES 10 Service will be operational and
available to You at least 99.9% of the time in any calendar month. If BlackBerry does not meet the
Service Levels, and if You have met Your obligations under these Service Levels, You will be eligible to
receive the Service Credits described below. These Service Levels state Your sole and exclusive remedy
for any failure by BlackBerry to meet these Service Levels.
Definitions. The following definitions shall apply to the BES 10 Service:

"Downtime" means, for a domain, if there is more than a five percent user error rate.
Downtime is measured based on server side error rate.
BlackBerry Confidential

Page 33 of 34
"Monthly Uptime Availability" means for a given month, 1 minus the sum of the impact(s)
(where impact = Duration of incidents x % of users) divided by the total number of minutes in
a calendar month. As an example, if the total impact for a given month is 40 minutes:
Availability = 1 – (total impact/ (30days*24hours*60minutes)
= 1 – (40/43200)
= 1 – 0.0009259
= 0.9991 * 100
= 99.9%
Service Level Exclusions. The Service Levels do not apply to any services expressly excluded by
these Service Levels (as stated in the documentation for such services) or any performance issues that
result from Your equipment or third party equipment, or both (not within the primary control of
BlackBerry). The Service Levels also exclude scheduled maintenance windows and are not applicable to
the Technical Support Services.
Service Level Credits. Credits for the failure to meet the Service Levels will apply to the BES 10
Service as follows:
"Service Credit" means the following:
Monthly Uptime Availability
Percentage of monthly
invoice to be reimbursed
< 99.9% - >= 99.0%
< 99.0% - >= 95.0%
< 95.0%
10%
25%
100%
Notification. In order to receive any of the Service Credits described above, You must notify
BlackBerry within thirty (30) days from the time You become eligible to receive a Service Credit. Failure to
comply with this requirement will forfeit Your right to receive a Service Credit.
Maximum Service Credit. The aggregate maximum number of Service Credits to be issued by
BlackBerry to customer for all Downtime that occurs in a single calendar month shall not exceed that
month’s service costs. Service Credits may not be exchanged for, or converted to, monetary amounts.
BlackBerry Confidential
Page 34 of 34
13 Appendix E: Response to UK G-Cloud Service Definition
Response
Provided?

Reference
Section
2.1
Information assurance – Impact Level (IL) at which
the G Cloud Service is accredited to hold and
process information

2.1.1
Details of disaster recovery and failover

3.4
Training

2.3.2
On-boarding and Off-boarding processes/scope etc.

4
Ordering and invoicing process

4.1
Service Levels Agreement details

12
Financial recompense model for not meeting service
levels

12.4
Consumer responsibilities

5
Technical requirements needed by the customer

5
Trial service details

6
Pricing (including unit prices, volume discounts (if
any), data extraction etc.)

7
Requirement
G-Cloud hosting options