Is a CRES administrator supposed to be able to generate and sign a BCE configuration XML file for a user outside his organization? I have tested this feature and it seems to work. That is, an admin for "mycompany.com" can create BCE config file for "firstname.lastname@example.org" to activate John's BCE app on his iPhone. It seems that if "encryption" option is used (instead of "flag" option), email@example.com can even send encrypted messages from his BCE mobile app.
Is this a supported feature of CRES? I thought the encryption in BCE was supposed to be constrained for organizational user and not the external users. If supported, could I assume that an external user could even install the Outlook plugin 7.3 and, after activation, send encrypted email from Outlook?
It has always been the case that if you sent an email via CRES to an external user, once they registered, they are able to send secure emails themselves to anyone else using CRES secure compose. Although it seemed Cisco were giving CRES away for free, it would not be very convenient to have to send all your email using CRES secure compose, and the upside for Cisco and all CRES users is that more people use the CRES service. It seems like the same kind of principle applies when using the BCE plug-ins. Whether that is the intention we will have to wait for Cisco to answer. However it is not quite as open ended as you suggest, as the Outlook plug-in download is not available anyone, you have to have a Cisco service contract, and if you are in a corporate environment you may not be able or allowed to install software without IT involvement and blessing.
Thanks David. I was not making any comments about openness (or not) of the process. I'm well aware of the need for admin to issue the XML config file for the external users to activate encryption on their devices.
I'm simply interested in finding out if this is a "supported" use case for EXTERNAL users so that people could simply use it (it is especially handy for mobile users).
You have to send them a signed config file from a CRES account admin id. On the CRES admin console there is an option to send such an email using a CSV file of addressees. This is explained in CRES admin guide here:
Correct - the BCE signed XML is a feature directly signed and sent from a CRES admin for the domain. The admin can send directly from CRES admin account, or send encrypted directly to the end user(s). As long as the end user receieves and opens the encypted email directly in Outlook - the automatic process of installing the XML should occur.
Now - for the iPhone BCE app - there is no configuration needed. As long as you install the app as instructed - and that user has already created or tied their email address to a CRES account for the email address in use.
1. Be sure that the iPhone (or Android phone) app is opened before you open and expect to open a CRES encrypted email.
(Search for “Cisco Business Class Email” -or- “Cisco Business Class Email (BCE)"in the AppStore/Google Play (Android)"
2. You just receive the CRES encrypted message through your mail app - and then press and hold the HTML attachement in that email - which will pop up and prompt you to select how you would like to open that attachment. The "Open in Cisco BCE" icon should be listed in the options.
3. Select your email address sent To - this will then be similar to opening the email via the CRES web access... prompting to select the email address sent to, and then associated CRES password.
4. Finally - the email will be displayed within the Cisco BCE app:
For further information, please see the Cisco Business Class Email 1.0 - For Mobile Apps User Guides, iPhone or Android:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...