The Google Apps Connector for BES is a free application that enables you to integrate a BES server with the Premier or Education Google Apps services, enabling push-based bi-directional synchronisation of Email, Contacts and Calendar data between your Google mailbox and a BlackBerry smartphone.

I have detailed in a previous article how to install the Google Apps Connector for BES 4, using version 2 of the Connector.
Now in version 3, the Google Apps Connector now supports BlackBerry Enterprise Server 5 and BlackBerry Enterprise Server Express.

Features

• Push email delivery
• Read / delete synchronisation
• Folder / label synchronisation (including Sent Items)
• Global Address lookup
• Calendar synchronisation
• Contacts synchronisation
• Hosting support - support multiple Google Apps domains on a single BES
• BlackBerry device management and policy enforcement

Architecture

The Google Apps Connector works by storing a copy of the user's Google mailbox locally on the BES server in a PST file, or Personal STore file - the same format used by Outlook Archive files. By default, the last 1000 emails are downloaded per user as well as all contacts and calendar information. The Google documentation therefore advises to allow 1GB of disk space per user on the BES. This behaviour is deliberate and has been written this way to ensure that users handheld still 'believe' they are synchronising successfully in the event that the connector between the BES and the Google Apps service fails.
This architecture therefore requires Outlook 2007 Service Pack 2 be installed onto the server that will host the BES, before the BES software is installed. I will run through the installation procedure in a moment.

Depending on the number of users you will be deploying on the BES, you may require a separate database server. By default, the BES installation will install a copy of MSDE locally, the Microsoft SQL Desktop Engine. This is sufficient for up to approximately 500 users, for larger deployments a separate SQL Server 2000 or 2005 installation should be considered.

Unlike the typical BES deployment, where the mail server is stored locally and the BES only requires outbound Internet access on port 3101 (to access RIM's network infrastructure), the BES also requires outbound access to Google's servers on port 443.

Considerations

It is important to note that Google already offer a number of ways of accessing the data stored in your Google account from your BlackBerry handheld, so deploying a BES to access your account from a BlackBerry handheld may not be necessary depending on your requirements.
If you are a BIS BlackBerry user (the BlackBerry Internet Service), then it is already possible to add your GMail account to your existing BIS profile as an additional IMAP email account, and the Google Sync for BlackBerry application enables the synchronisation of contacts and calendar information over the air.
BES users can also use the Google Sync application for contacts and calendar synchronisation.
BES users can also configure GMail access on handhelds by installing the Gmail for Mobile application onto the device, which provides a separate email client rather than the default BlackBerry Inbox. The Gmail for Mobile client provides additional functionality over the default Inbox application, such the ability to access mail older than 30 days.
The BES (and BES Connector) would be suitable if you require a central device management capability, wish to use the native BlackBerry device client software and require push-based email synchronisation. The BES Connector could be used to provide email synchronisation functionality, and the Google Sync application could be used concurrently to provide bi-directional synchronisation of contacts and calendar information. NOTE - if you choose to use this deployment scenario then contact and calendar sync should be DISABLED on the BES Connector otherwise you may end up with duplicate information.

Limitations

• 24 hour GAL updates: new users can take up to 24 hours before they are visible in the Global Address List.
• Only events in your primary calendar are synchronised. Multiple calendars are not supported.
• Only contacts within the "My Contacts" label within GMail are synchronised,
• Updates to contacts can take up to 5 minutes to synchronise.
• Notes and Tasks are not synchronised.
• Remote search only searches messages received within the last 30 days.
• Changing the status of an email older than 30 days will not be synchronised to GMail.
• Do not install the Google Sync software on a BlackBerry device that is activated using the BES Connector: doing so may result in duplicated information.
• Changes made within the BlackBerry Desktop Manager software will not be pushed to devices.

Requirements

The Google Apps Connector for BlackBerry Enterprise Server version 3 is compatible with BlackBerry Enterprise Server version 4.1.7 Maintenance Release 3, or version 5.0.2 (version 5 with Service Pack 2).

Windows Server 2003 SP2 or Server 2008 SP2 can be used on the server hosting the BES software.

Outlook 2007 SP2 needs to be installed onto the server that will host the BES.

Approximately 1GB of disk space should be available on the server per BlackBerry user.

The BES server will require outbound access to the Internet on ports TCP 3101 and 443.

The server hosting the BES software needs to be a member of an Active Directory domain (it may even be a domain controller itself).

A separate user account will need to be created in your Google Apps environment to be used as a courier account for the synchronisation of all users' mailboxes. This should not be an administrative account in the Google domain, and this user account will not be able to be BlackBerry-enabled itself.

Within the Google Apps environment, the following will need to be enabled:

• Two-legged OAuth
• Google Provisioning API
• Google Apps Sync email service

You should also read the requirements document for the BlackBerry Enterprise Server software itself, specifically the Microsoft SQL Server requirements depending on the number of users you plan to deploy.

The Windows Search software should NOT be installed on the server hosting the BES software, or should be disabled if already installed.

Configuring the Google Apps domain

Enable Two-legged OAuth authentication

Log into the administration pages for your Google Apps domain. Select Advanced Tools and then Manage OAuth domain key.
Enable OAuth, generating a consumer secret key. Make a note of this key.
Tick the option to Allow access to all APIs in the Two-legged OAuth access control section as shown below:

Enable the Google Apps Connector for your users

Within the domain administration pages, browse to Service Settings --> Email Settings and ensure that the option to Enable Google Apps Sync and Google Apps Connector for my users is ticked:

Enable the Google Provisioning API

Within the domain administration pages, browse to Domain Settings --> User Settings, and ensure that the Enable Provisioning API is ticked:

Installation

Add the Server to a domain

Add the server that is to host the BES software to an Active Directory domain. The BES server may be a domain controller itself for smaller deployments.
Log into the server as a domain user with local administrative rights on the server.

Install Windows Updates

It is recommended to run Windows Update and install all available high priority updates.
The Windows Search feature should NOT be installed onto the server, or should be disabled.
The latest Daylight Savings Time update should be installed (which it will be automatically as part of Windows Update). Details on this update are available here - http://support.microsoft.com/kb/979306/

Install Outlook 2007 Service Pack 2

Ensure that Microsoft Outlook 2007 is installed onto the BES and then upgraded to Service Pack 2.

Install the Google Apps Connector

Download version 3 of the Google Apps Connector from - https://tools.google.com/dlpage/appsconnector

Once installed, launch it from the Start Menu and enter the required settings:

Set the desired locations for the user mailbox stores.

Enter the connection details for your Google Apps domain in the Profiles section:

Enter in the email address of the service account created for the BES software.
Enter in the OAuth Consumer key - this is normally the name of your domain.

Enter in the OAuth Consumer Secret which was generated earlier.

Install the BlackBerry Enterprise Server

Launch the installer for the BES software, you will be prompted to select your desired installation language:

You will be prompted to confirm that the user account you are currently logged in as is indeed the correct user that should be used to install, and then run, the BlackBerry software:

You will be prompted to select your country and to accept the terms and conditions of the license agreement:

You will be prompted to create a new database for the BES to store its configuration settings in, or to use an existing database. For new installations, select the option to create a new database:

You will be prompted to select which components of the BES solution you want to install:

You will now be presented with a list of prerequisite checks. Ensure that all requirements are met. You will receive warnings about missing CDO and MAPI components, these warnings can be ignored at this stage:

When you continue you will receive a further warning about missing required components:

Select the option to Ignore the warning and continue. If the user account used to log into the server is a member of the Domain Administrators group you will receive a further warning. This would be an issue if the server was being deployed against a Microsoft Exchange server, but as we are accessing a Google Domain account instead, this warning can also be ignored:

Select Yes to continue. You will be prompted to specify whether you wish to install a copy of SQL Server Express on the BES itself, or to use an existing SQL server. Review the requirements of your deployment, in this article I shall install SQL Express locally:

You will be prompted to enter the password for the user account used to log into the server, and to enter a name for the BES server. This is separate from the machine name of the server and is used to identify the BlackBerry Enterprise Server instance within the BlackBerry Administration interface:

Review your installation options and click Install to begin the installation:

The required components will now be installed, this may take a few minutes:

When complete, you will be prompted to restart the server:

Once rebooted and logged back in the installation will resume automatically. You will be prompted to enter the details of the SQL Server and the name of the configuration database. If using a local SQL Express installation, leave the values at their default:

You will be prompted to create the new database:

You will be notified when the database has been created:

You will be prompted to enter in the Client Access License and the SRP information. You should have received this information via email when you registered for the software download with RIM:

Verify that the server is able to connect to the RIM infrastructure and authenticate:

You will be prompted to enter in a name for the web administration interface and enter in a password for the SSL certificate that will be generated automatically to secure the web site:

You will be prompted to enter the details of the active directory account that will be used to access the web administration interface using active directory credentials. This is a required step but in this type of deployment you will most likely use BlackBerry authentication instead which will be configured in a moment. In this installation I entered the same domain administrator account details used to install the software:

Here you can specify whether to use Active Directory or BlackBerry authentication to access the web administration interface. I recommend using BlackBerry authentication, this ensures that you are still able to access the BES administration pages even in the event of a problem with Active Directory:

Enter in a password for the default admin user account. The installation is now complete. Select the option to Start Services and verify that all of the BlackBerry services start successfully:

Once all services have started click Next. You will presented with the shortcut details of the server's web interface:

Click Finish to complete the installation and close the installer.

The BlackBerry Administration web interface can now be launched from the Start Menu, you may want to add an icon for this on the desktop. You will be warned that the certificate is not trusted by the browser:

Select the option to continue anyway. Add the web site to the browser's Trusted Sites zone:

and install the site certificate to the Trusted Root Certification Authority container:

You may now log into the BlackBerry Administration interface. Set the "Login Using" field to use BlackBerry authentication. Remember that the user name is "admin" and the password you entered during the installation:

The web interface will be displayed:

You can now select the option to Create a user:

Selecting Search will display all available users in your Google Apps domain:

Select the option to create a user with an activation password:

You can now enter an activation password for the user:

Alternatively you can choose to have an activation password generated automatically and emailed to the user. Once the user has their activation password they can run through the Enterprise Activation wizard on their BlackBerry handheld.

Alternatively devices can be activated locally on the BES via USB.

For more information on activating devices and troubleshooting the activation process, read the BlackBerry Enterprise Server section of the blog - http://blog.brightpointuk.co.uk/blackberry-enterprise-server