Track 3: Extending BlackBerry Beyond Email Extending Web-Based Applications with the BlackBerry Browser Agenda

• Introduction to BlackBerry® Browser • Mark-Up Language, Security and Connectivity Options • Optimizing Web Content for BlackBerry • Server-Side PUSH Applications • What’s New in BlackBerry Enterprise Server™ and BlackBerry Browser v4.0 •Demo BlackBerry Solution: Architecture Recap

.NET Corporate Application Servers

J2EE Corporate Application Servers

HTTP(S)

BlackBerry Corporate Systems Enterprise (ERP, CRM, Databases, etc.) Server Web Servers (IIS, Apache-Tomcat) Extending Browser-Based Solutions to BlackBerry

From the developer’s perspective…

HTTP HTML / WML

BlackBerry Web / App Browser 3DES Encryption Server Push and Pull of Data Network-independent BlackBerry Browser Overview

• Main BlackBerry Browser versions include: – BlackBerry Browser v3.6 and v3.7 • All GPRS, iDEN and CDMA Java™-enabled BlackBerry handhelds • Support for color and monochrome screen handhelds – BlackBerry Browser v3.8 and v4.0 • Upgrade from BlackBerry Browser v3.7 with new features (JavaScript, Offline Forms, etc.)

– RIM Browser v2.5 and v2.6 • RIM 850™, RIM 857™, RIM 950™ and RIM 957™ handhelds • DataTAC and Mobitex wireless networks in North America Mark-up Connectivity Wireless Browser-Based Security User Experience Solutions in the Enterprise Dynamic Content Push

• Key questions for consideration: 1. What mark-up languages are supported? 2. How will I connect to my corporate web servers? 3. Is security important? If so, how can I address this? 4. How can I ensure that the applications will be adopted by users and will make them more productive? 5. How can I make the content dynamic or push updated pages to my users? Mark-up Connectivity BlackBerry Browser: Security User Experience Mark-Up Languages Dynamic Content Push

• BlackBerry Browser v3.6 and v3.7 –HTML – XHTML Basic, cHTML – WML 1.3, WML Script 1.2 – WBMP, PNG, GIF, JPEG images • BlackBerry Browser v3.8 and v4.0 adds… – JavaScript support – HTML Tables – Animated GIFs, WAP 2.0 Style Sheets • RIM Browser v2.5 and 2.6 for Mobitex/DataTAC –WML 1.3 – WBMP images Mark-up Connectivity Security Connectivity and Security User Experience Dynamic Content Push

• Network Connectivity: – Intranet-based Web servers can be connected to via the BlackBerry Enterprise Server’s Mobile Data Service (MDS) • Simply enter the same internal URL that you would on a desktop browser on your intranet! • Browser connects through the Intranet by default, even if requesting an Internet site

•Security: – All browser traffic through MDS is 3DES encrypted between the handheld and MDS – HTTPS (SSL/TLS) is also supported Mark-up Connectivity Security Connectivity and Security User Experience Dynamic Content Push

HTTP

HTTP

Connectivity Corporate INTERNET Firewall MDS Web Server Security

Optional TLS/SSL

Optional TLS/SSL

3DES Mark-up Connectivity Security User Authentication User Experience Dynamic Content Push

• MDS also supports a variety of corporate authentication schemes: – HTTP Basic –Kerberos – NT LAN Manager (NTLM) • If authentication is required for internal web site access, user will be challenged for credentials • MDS can optionally cache user credentials for future browsing sessions by that user Mark-up Connectivity Encryption and Security User Experience Authentication Dynamic Content Push

• A closer look at the role of MDS for encryption and authentication…

App/Web Server BlackBerry MDS

3DES De/Encryption TLS / SSL Handshaking 3DES 3DES TLS/SSL De/Encryption

SECURITY Optional TLS / SSL Encryption

Request Challenge

AUTH Credentials Authentication (Kerberos, Basic, NTLM) Mark-up Connectivity Connectivity and Security User Experience Management Features Dynamic Content Push

• MDS provide a number of other features for managing browser sessions: – Cache cookies and user credentials – Access control: manage which users are allowed to connect to the intranet via the browser – MDS transcodes and optimizes content for wireless delivery: • HTML – cHTML transcoder • All images are scaled and converted to PNG format • Unsupported tags are stripped, content is tokenized – MDS logs all browser requests Mark-up Connectivity MDS Connectivity to Web Security User Experience Servers Dynamic Content Push

• What does the web server see when a BlackBerry Browser connects via MDS? – User-Agent = BlackBerry/ – Accept Type = , chtml, basic, wml • Note: WML only for RIM 800 Series and RIM 900 Series handhelds – Source IP Address = MDS machine IP Address • Note: MDS can optionally add the requesting handheld’s PIN or email address as a header to each request Mark-up Connectivity Server-Side Content Security User Experience Management Dynamic Content Push

• Use any standard web development tools to publish content on intranet web servers – Static Content: • HTML or WML pages – Dynamic Content: • Java™ Server Pages (JSPs) or Active Server Pages (ASPs) • Perl Script, etc. • Recommendations: – Consider optimizing content to drive user experience • Avoid or limit tables, frames & large images in HTML pages – Leverage PUSH technology to deliver content proactively Mark-up Connectivity Optimizing Content for Security User Experience BlackBerry: Tips Dynamic Content Push

• Tips on Optimizing the User Experience – Use the “Accept” and “User-Agent” HTTP headers to detect the BlackBerry Browser – Loading a page from cache is much quicker than over the air – Do not discourage text entry – Email addresses and phone numbers automatically act as hot links to the handheld Email and Phone applications – Use cookies and cache controls to manage sessions and expiry Mark-up Connectivity BlackBerry Browser: Security User Experience Server-Side PUSH Dynamic Content Push

• BlackBerry enables you to pro-actively PUSH new web pages and links to your users’ handhelds – Alerts based on events that occur on the server – Silently update frequently accessed pages within the browser’s local cache – Push a permanent link to a frequently accessed site (such as an internal portal or entry point to an application)

Leverage the value of push for your own corporate data, without developing a custom client application or getting messages lost in the email inbox! Mark-up Connectivity Developing a PUSH Security User Experience Application Dynamic Content Push

• To push a web page to the BlackBerry Browser, you must develop a push application which: A. Determines: i. URL of the web page to be pushed ii. Email Address or PIN of the destination user B. Reads in the contents of the web page from the origin server (InputStream over an HTTP GET request) C. Writes out the contents of the web page to MDS, along with the information from step (a) above (OutputStream over an HTTP POST request) Mark-up Connectivity Developing a PUSH Security User Experience Application – Sample Code Dynamic Content Push

Server-side sample code for pushing web page (J2EE):

Determine Source Content URL & Destination User URL sourceContent = “http://corpWebServer01/inventory/productID=5”; String userEmail = “[email protected]”;

Open an Input Stream to the Web Server HttpURLConnection getConn = (HttpURLConnection)sourceContent.openConnection(); connection.setRequestMethod(“GET"); //HTTP GET InputStream cin = getConn.getInputStream(); //Open input stream to web server to read in web page InputStreamReader insr = new InputStreamReader(cin); //Attach an InputStream reader //We are now ready to read in the web page from the web server Mark-up Connectivity Developing a PUSH Security User Experience Application – Sample Code Dynamic Content Push

Construct the push URL // (http://:/push?DESTINATION=&PORT=) String mdsServer = “corpBesMds01:8300”; //Internal MDS server address + push listen port String mdsPushURL = "http://" + mdsServer + "/push?DESTINATION=" + userEmail + "&PORT=7874";

Set up the HTTP POST Push Connection to MDS HttpURLConnection postConn = (HttpURLConnection)mdsPushURL.openConnection(); connection.setRequestMethod("POST"); //HTTP POST connection.setRequestProperty("Content-Location", sourceURL); //URL where the web page lives connection.setRequestProperty(“Content-Type”, “text/html”); connection.setRequestProperty("X-RIM-Push-Title", “Product Alert!"); //BlackBerry-Specific Push headers

Connect the Streams – Open the connection to MDS and write the data from the Web Server OutputStream outs = postConn.getOutputStream(); //Open the OutputStream to MDS int c; while ((c = cin.read()) >= 0) { //Read in bytes of web page from web server outs.write(c); } //Write out all of the bytes to MDS outs.close(); Mark-up Connectivity PUSH Management Within Security User Experience MDS Dynamic Content Push

• What happens at MDS? 1. MDS receives HTTP POST and reads in the data 2. MDS checks database for existence of the user 3. If user exists, MDS responds to server app with confirmation (HTTP 200 OK) and closes connection 4. BlackBerry Server determines status of destination of handheld (online/offline, network, etc.) – If handheld is in coverage, data is pushed immediately – If handheld is out of coverage, push request is queued within MDS (currently within RAM, optionally in a database in BlackBerry Enterprise Server v4.0) Mark-up Connectivity PUSH Management Within Security User Experience MDS Dynamic Content Push

MDS Push Queuing for out of coverage handhelds • Flow Control: – 5 push packets will be queued in MDS for the flow control timeout period (Default = 10 minutes) – No further packets will be pushed until these 5 are ACK’d • Time-out: – Subsequent push packets are subject to a time-out – These push packets will be discarded after this time-out (Default = 3 minutes) • Increasing flow control and time-out parameters will increase reliability, at the expense of RAM usage Mark-up Connectivity Developing a PUSH Security User Experience Application: Tips Dynamic Content Push

• Tips and Considerations: – App can be written in any language that supports HTTP…Java (J2EE), .NET (C#) – Code to perform the push is very simple – Challenge: When do I push which content to which users, and how is my app notified to run? – For recurring pushes at intervals, consider a “subscription” model • Application runs on a timer or as a scheduled task • Dashboard reports, daily product or inventory updates, news, etc. – For event-based pushes, use database triggers or augment existing business logic to launch the push application Mark-up Connectivity BlackBerry Browser Push: Security User Experience Subscription Model Dynamic Content Push

Subscription Server: User Email URL to Push [email protected] http://myServer/inventory?ID=5 [email protected] http://myServer/inventory?ID=3 J2EE/.NET Push Application Subscription ODBC //Get subscriptions from database DB JDBC //LOOP (for each subscription) //HTTP GET page from web server HTTP GET Inventory //HTTP POST to MDS, include: Corporate Web Server - Page contents (http://myServer) - Destination user - Alert method

HTTP POST BlackBerry Enterprise Server with MDS Mark-up Connectivity BlackBerry Browser Push: Security User Experience Event-Based Model Dynamic Content Push

Event-Based Push: Existing Business Application //Trigger fired based on: - Flagged event occurring - Data reaching a min/max threshold -etc.Subscription //Generate webDB page //Pass web page and user info to J2EE/.NET Push Application pushHTTP app GET //HTTP POST to MDS, include: - Page contents - Destination user Corporate App Server - Alert method

HTTP POST BlackBerry Enterprise Server with MDS Mark-up Connectivity BlackBerry Browser Push: Security User Experience Push Types Dynamic Content Push

• There are 3 different options for alerting the user that new content has arrived: 1. Channel Push • Push a custom icon along with the Web page • Icon appears on the BlackBerry Home screen and acts as a permanent ‘channel’ to the referenced URL • When pushing an update to this page at a later time, the icon can change to an “unread” state 2. Message Push Channel Push • Push a message to the user’s inbox that automatically launches the browser to a specified page 3. Cache Push • Push a page to the browser’s local cache, but do not notify the user

Message Push Mark-up Connectivity BlackBerry Browser Push: Security User Experience Push Types Dynamic Content Push

• Sample Use-Cases for Browser PUSH: – Channel Push • Push an icon to act as a permanent link to an internal portal page or frequently visited application • Push an icon to act as a permanent channel for accessing alerts and notifications – Message Push Channel Push • One-time or periodic pushes, such as pushing reports or alerts – Cache Push • Push other pages that are linked to by a Message push or Channel push page Message Push BlackBerry Browser Recap

Key BlackBerry Browser Concepts: 1. Seamless connectivity to corporate Intranet 2. Support for standard web content, including HTML 3. Proxied authentication and user management by MDS to optimize wireless link 4. Enterprise Value: • Access to internal web-enabled applications • Server-side applications to push web pages • User management and access control 5. Success factors for wireless browser-based applications: • Optimizing content for BlackBerry • Leveraging push technology to distribute content proactively BlackBerry Browser and MDS: New in BlackBerry Browser v4.0: Content Support

• JavaScript 1.3 Support – Support for JavaScript that is executed when the page first renders and JavaScript associated with actions on the page – Does not include support for Style Sheets or DHTML • HTML Table Support – Support for rendering small tables within HTML pages • Support for animated GIF images • Support for multi-part responses BlackBerry Browser and MDS: New in BlackBerry Browser v4.0: Offline Forms

• Allows HTML forms to be queued for submission if submitted while out of coverage • How does it work? – Add “x-rim-queue-id=XXX” HTTP header to web page – If user submits the form while out of coverage, they will be prompted to queue the page for submission – Page will be submitted once handheld is in wireless coverage – User can view offline queues within the browser, including status and response • Essential feature for corporate forms, such as Customer Call Reports, Expense Reports, Field Data Collection, etc. BlackBerry Browser and MDS: New in BlackBerry Browser v4.0: Push Enhancements

1. Support for Push Access Protocol (PAP) • Evolving standard for pushing to wireless browsers • Also relies on HTTP POST to MDS • Push ID, destination user, etc. are specified in an XML document rather than the URL and Headers • More features for managing pushed data 2. Reliable and Managed Push • New features available for both RIM Push and PAP Push via MDS • MDS will return an ACK when the web page has been received by the handheld BlackBerry Browser and MDS: New in BlackBerry Browser v4.0: Push Enhancements

Reliable Push – RIM Push • During Push, specify reliability type: – Transport-Level: MDS will return an ACK when web page gets to the handheld (supported on all handhelds, including BlackBerry Browser v3.6/v3.7) – Application-Level: MDS will return an ACK when web page is processed by the browser (only supported on handhelds with BlackBerry Browser v4.0) • During Push, also specify URL for MDS to send the ACK to – Once data is received by handheld (or an error occurs) MDS will send the details to the application at this URL • Support for “Deliver-Before ” header – if push is not successful by this time, the push will be dropped BlackBerry Browser and MDS: New in BlackBerry Browser v4.0: Push Enhancements

Reliable Push – PAP Push • Same features as v4.0 RIM Push (described in previous slide), plus the following incremental features: – Reliable PAP pushes are stored in a database, rather than RAM – Support for following push queries and commands: • Deliver-After (command during push) • Push Status (query) • Cancel Push (command after push) • Replace Push (command after push) Browser-Based Applications: Considerations

Browser vs. Client/Server • Benefits of browser-based applications – Simpler to develop and deploy – Easier to maintain and manage – Support for multiple client devices • Limitations of browser-based applications – User Interface and navigation can be cumbersome – Lack of local data storage and client-side logic • May not be useful when out of coverage • Performance concerns when navigating or requesting updates BlackBerry Browser: Tools for Deployment and Testing

• BlackBerry Browser Developer Guides: – www.blackberry.com/developers • BlackBerry Java Development Environment (JDE): – BlackBerry handheld simulators with the BlackBerry Browser – MDS simulator – Ability to test both pull- and push-based connectivity

URL = “http://localhost:8080”; URL += “/push?DESTINATION=2100000A”; URL += “andPORT=7874”; BlackBerry Browser

Demonstration:Demonstration: CorporateCorporate BrowserBrowser PushPush ApplicationApplication Thank you! Questions?