BES 5.0.0 has landed. The administration of this version of the software is radically different from previous versions - the BlackBerry Manager MMC snap-in component having been replaced by a web-based administration service. In this post I will run through the installation procedure which should be relevant to those both familiar with the solution and those accessing it for the first time.
Due to the number of screenshots I shall tackle the installation process only in this post, watch this space for further posts on how to handle routine administrative tasks.

Preparing the Microsoft Exchange environment

I have detailed the procedure for preparing a Microsoft Exchange environment in separate articles:

Exchange 2003
Exchange 2007 / 2010

The steps to run through are as follows:

• Create a domain user account and mailbox for the BesAdmin user account
• Assign the BesAdmin user account local admin rights on the BES server
• Assign the BesAdmin user account "log on as a service" rights on the BES server
• Assign Send As, Receive As and Administer Information Store rights to the BesAdmin user account on the Exchange server
• Assign Send As rights on the Domain to the BesAdmin user account
• Install Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 on the BES server

Installing the BES 5.0 software

In this post I shall be installing all BES components on the same server. Read the Deployment Guide for details on all deployment scenarios. I shall be using Server 2008 64-bit in this example.

Extract the contents of the self-extracting EXE installation package. Browse to the folder where the contents have been extracted to and run the setup.exe file:

Verify that you have followed the above article and configured the correct permissions on the BesAdmin user account. Click Continue Installation

Select your Country/Region, read the license agreement and select the option to Agree if you accept the terms and conditions. Click Next:

If this is a new installation rather than an upgrade, select the option to create a new database (watch this space for instructions on the procedure for upgrading an existing installation):

Select the components of the BES solution that you wish to install on this server. In this post I shall be installing all BES services on the same server. Click Next:

The BES installation package will install an instance of the Apache web server as well as several Java packages. Read the license agreement and select the option to Agree if you accept the terms and conditions. Click Next:

The installation wizard will determine that all pre-requisite components are present and indicate what corrective action needs to be taken:

Click Next. You will be prompted to specify the database server to use. If you have a separate Microsoft SQL Server available, select that option and complete the required details. In this post I will be installing the database locally on the BES server itself:

Click Next. Enter the password for the BesAdmin account and enter a name for the BES server itself:

Click Next:

Click Install:

The required components and program files will be copied to the local machine. This may take a few minutes. Once complete you will be prompted to reboot the server:

Click Yes. Once rebooted, the installation procedure will resume automatically:

Click Next. You will be prompted to create the BES Management database:

Click Yes. This may take a few minutes. Click OK once complete:

You will be given the option of specifying which TCP port the database service should access the database on:

Click Next. Enter the CAL (Client Access License) and SRP details:

Click Next. The MAPI component will now be invoked and will prompt for the details of the Exchange server to be accessed:

Complete the fields as required and verify that the Check Name function can resolve both the server and mailbox. Click OK:

Enter a name for the Mobile Data Service application pool as well as passwords for the default admin and publisher user account roles. Click Next:

You will be prompted to create the required database. Click Yes.

Click OK once complete.

You will be prompted to verify that the MDIS service has bee configured, consult the accompanying documentation for more information if required. Click OK.

If you selected the option to install the Monitoring Service you will be prompted to enter the database server details. Click Next:

You will be prompted to create the required database, click Yes:

Click OK when complete:

If you selected the option earlier, you will be prompted to specify your instant messaging environment. Make the appropriate selection and click Next:

Enter the details of the BlackBerry Administration Service web pool and enter the password for the SSL certificate for the admin web site. Click Next:

You will be prompted to enter details of the LDAP account used to access the Exchange Global Address List. Use the BesAdmin domain user account unless required otherwise. Click Next:

Enter the default password for the admin account that should be used to access the web administration web site. Click Next:

The installation wizard is now complete. Click the option to Start Services and verify that all services start successfully. Click Next:

Details of the web admin tool and the web desktop tool will be displayed, make a note of these addresses. Click Close.

The installation is now complete. The web-based admin tool can be accessed from the Start menu:

Launch the BlackBerry Administration Service:

Set the "login using" field to the BlackBerry Administration Service. Enter "admin" as the user name and the password you specified earlier:

You will be prompted to install an ActiveX component, select the option to install:

And again when prompted select the option to Install:

Once complete, you will be prompted to restart the BES server again. Select Yes.

Once rebooted, launch the Admin Tool again and log in using the same credentials as before, remembering to set the "Login using" field to the BlackBerry Administration Service. The BES Admin tool interface will be displayed:

NOTE - on my fully patched Server 2008 installation, which includes IE8, the Admin tool did not display until I enabled the Compatibility View mode.

You can now finalise your BES configuration and add users as required. Watch this space for more information on how to add users and perform routine admin tasks.

Firewall Rules

NOTE - on Server 2008 you will need to configure the built-in firewall to allow connections to the Apache web server instance on port 443 from all desired hosts before they will be able to access either the Administrator or Web Desktop tools.

Outbound SMTP access on TCP port 25 will need to be enabled between the BES and the Exchange server for activation and administrator mails to be delivered successfully.

If the SQL Server being used is external to the BES, SQL access on port 1433 will need to be configured (or the static port specified during the installation process).

Outbound access on TCP port 3101 to the BES Relay will need to be enabled.

Adding Users

To add users to the BES 5 server, log into the Administration Web Tool.
Browse to User --> Create A User:

To search for available users click on the Search link:

Select the target user and click Continue:

Select the BES server that the user should be added to and click Continue:

Enter the Activation Password for the user and click Create User:

An email will now be sent to the user containing the Activation Password:

The user will now be able to activate their handheld in a number of ways:

• Over the cellular network using the Enterprise Activation feature on the handheld device
• Over a local WiFi network using the Enterprise Activation feature on the handheld device by specifying the IP address of the activation server
• Via the BlackBerry Web Desktop by connecting the handheld to their local PC via USB

Activating over the cellular network

Once an enterprise activation password has been assigned to the user, the Enterprise Activation feature on the handheld can be located under Options --> Advanced Options --> Enterprise Activation.
In here the user simply need enter their full email address, including domain, and the activation password assigned by the administrator.

For detailed information on how the Activation Process works, read this article:

http://blog.brightpointuk.co.uk/how-does-bes-wireless-activation-process...

Activating over the WiFi network

For those devices that have WiFi capability, provided that the local wireless network can route to the BES server, devices can be activated by completing the Enterprise Activation wizard as above, but with the additional step of completing the Activation Server Address, which needs to contain the IP address of the BES server.

NOTE - this feature needs to be enabled on the BES manually as it is not enabled by default. If the BES server has been deployed in a multiple-box deployment, it is the IP address of the BES Router component that needs to be entered on the handheld device, and the Router needs to be configured to be able to relay SMTP traffic to the Exchange Server. To do this, on the BES server open the BlackBerry Server Configuration utility from the Start Menu. Click on the WiFi OTA Activation tab:

Complete the details of the Exchange server as required.

Also note, to accept activation requests on Server 2008, the built-in firewall will need to be configured to accept incoming requests on TCP port 4101.

Activating via the BlackBerry Web Desktop

Users can browse to the Web Desktop URL (https://(bes_server)/webdesktop) from their Windows PC running IE6 or later:

When logging in for the first time they will be prompted to install the "RIMWebComponents", this will install the required USB drivers and device manager software onto the PC. Administrative rights will be required for this.

Once installed, the user will be able to login using the domain credentials:

The user can now connect their handheld device to the PC via the USB connection. The device manager software will detect the device automatically. The user will be prompted to enter their activation password within the browser.
If the feature has been enabled on the BES by the administrator, users can even set their own activation passwords and enable their own devices, without the IT department getting involved at all (provided that their user account has been added to the BES):

Once activated, the device will be listed in the properties of the user account:

Clicking on the device entry will display detailed information about that device:

and provide a list of tasks that can be performed on that device, including the ability to perform a 'remote kill':