The BES communicates with exchange through MAPI protocol.

1. When a message comes into your inbox, we take a copy of it an wrap it up with AES (Advanced Encryption Security) (This is a Gov't security standard).
2. The message passes through the BLACKBERRY Enterprise Server.
3. Then it proceeds to go through your firewall port 3101 outbound initiated (you do not open any inbound ports on your firewall).
4. The message is then sent over the wireless network.
5. Down to the handset where is de-encrypted and you read your message
6. When you reply to your message and hit send right from the handheld it gets wrapped up with AES.
7. The message travels over the network.
8. At this point the message travels back through your firewall port 3101 outbound initiated utilizing the TCP/IP bidirectional connection from the BLACKBERRY enterprise server.
9. Upon entering the BLACKBERRY enterprise server the message is checked to see if it has the correct identifier and the message is decrypted.
10. The BLACKBERRY enterprise server takes the message and puts it in the user outbox and the exchange sends it out like you are sitting at your desk and a copy of your message is placed into your sent box.

Once again your message is never in clear text while in transmission from your computer to your BLACKBERRY and from your BLACKBERRY back to your computer.