That's what you consider a "potentially simple question"?
I read through that a few times and I'm still not entirely clear what you're trying to do, or what YOUR role is in the process.
Are you the BES administrator, or just an end user?
Are the end-users going to be responsible for getting a BES capable data plan for their devices? Do they understand this will be a higher monthly cost that what they're accustomed to paying?
Do the end-users understand their devices will have an IT Policy installed which can be used to control every aspect of the device?
Do the end-users understand their web browsing, text messages, pin messages and phone call logs are now able to be logged by the BES administrator without their knowing?
My point is that allowing personally owned devices to be activated on a corporate BES is far from simple. It's quite complex actually. There's privacy and security concerns that make this very involved.
In my opinion, the simplest (and my recommended) solution for you would be to disallow the use of personally owned BlackBerry devices on a corporate BES.
If the users have the ability to access their email via OWA, then just instruct them to integrate their OWA account into their BlackBerry using BIS. SInce you seem to be concerned mostly with email, then BES might not be what you need anyway. BIS should do just fine.