BlackBerry enterprise resilience

Research in Motion, makers of BlackBerry, are a spectacularly successful company. They had a great idea and made it work, when you would have put odds on Nokia or Sony beating them.

However the BlackBerry Enterprise Server software that makes BlackBerries work for businesses is a spectacularly bad piece of software. This piece is intended not as a criticism of RIM, but as a comment on the business of creating enterprise software.

There is nothing really special about BlackBerry, except the business concept. It’s a neat device but not obviously better than the alternatives. What makes it unique is the Push when a message arrives for you.

The BlackBerry Enterprise Server (BES) is what connects the corporate e-mail system to the carriers’ mobile network, to push the messages out. Company executives are very fond of their BlackBerry, so BES is a very important service. Never mind the ERP systems, BES is right up there as mission critical. If there were a disaster, the one service the executives would want to work is BlackBerry.

However there’s a flaw. You can’t make the BES service resilient in case the server or the network fail. If either happens, someone has to go and change things around a bit to get the service working. If they are on holiday, or can’t find the instructions, or it’s the weekend, then you just have to wait.

BlackBerry provide two methods for disaster recovery, but both are workarounds. Let’s just have a look at the problems:

  • The license key can only be installed on one server at a time, and the service stops if you install it on another. That’s very severe. It means you can’t easily set up a test server, or a replacement, or a standby unless it is switched off. You actually have to buy a complete second license in order to have a standby. That’s just extraordinary.
  • The BlackBerry service should run under an account so that it has network access. Of all daft things, the database connection is set up in the name of the person who is logged on, instead of the service account. If you want to put the database on a different server, as is normal, you need to allow the computer system account to access the remote server. Plain daft.
  • The installation creates a database, but it also modifies the base schema of the database system. This means you can’t really run it on a generic database server, as you can nearly every other database in the world. Even dafter. It also means that if you backup the database and put it on another server, you won’t be able to use it until you have done a "pretend" installation of BES on that server.
  • You can set up a second server, but if the first one fails you have to re-configure the service so that users are switched over to the other server. So even though you have set up a second server and bought a second license, it can’t be used until you manually switch over. There is no concept of connecting to the first available server, as there is with most services.
  • Normally when you connect something like BES to an external SQL server, you use an alias for the SQL server. So instead of setting up a connection to ServerA, you connect to an alias of the server, BESQSL. This means that if the SQL server fails, you just change the alias to point to a different SQL server. You don’t have to change the configuration of the connecting server at all. BES can’t do this. It is coded only to connect to a physical server name.

Here’s a contrast. The RSA SecurID Authentication Manager is another mission critical product. When you enter a one-time password using one of those key fobs, the Authentication Manager validates it and lets you in. If the Authentication Manager is not working, no-one can use the service. Unlike BES, the Authentication Manager is designed to be resilient:

  • You get a second spare license with the first.
  • All data is automatically replicated to the second server.
  • Authentication agents (running on the servers that are being secured) automatically balance between the available Authentication Manager servers.

Why the difference?

  1. BlackBerry has a very strong consumer pull in the business. IT people are never going to suggest not using BlackBerry because of the quality of the server software.
  2. RIM distribution is through the mobile carriers. A bit like Nokia, RIM could sell independently, but they don’t. The mobile carriers are also not really selling to their customers based on the quality of their software.
  3. Developing enterprise grade software is actually extraordinarily expensive.
  4. In contrast, RSA is a technical sell. There are plenty of other strong authentication methods. RSA are just aiming to be the best, which includes providing true enterprise grade software.

So, as I said, this is not in any way a criticism of RIM. Their business model makes providing this software less important than continuing to make a highly attractive consumer service.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.