Deploying Google Apps: What Not To Do

Andrew SchwabBerryessa Union School District

http://bit.ly/gafetips

Mark MahacekMerced County Office of Edu.

Agenda

● Initial Setup & Planning● Syncing With Active Directory● Mail Migration Strategies● Hybrid Mail and Coexistence● User Training● Features Your Users Will Miss● Archiving With Vault● Google Drive● Google Groups● Questions

Some Vocabulary

● Apps Admin Console (Dashboard/CPanel)○ https://admin.google.com

● Migration - Moving from one email system to another

● Power Users - "Troublemakers"● Legacy Email System - Exchange● Legacy Email Client - Outlook

Initial Setup and Planning

Initial Setup & Planning

● Test your deployment● Choose your domain name wisely● Choose your naming scheme wisely● Plan your deployment timeline● To password sync or not to password sync

Test Your Deployment

● Set up an extra Apps organization for testing the deployment

● You can register multiple domains under one account

● You can have a separate “g.dusd.net” for planning

Don't:

● Start with one primary domain and switch to another○ district.k12.ca.us○ dusd.net○ mydistrict.org

Don't:

● Create accounts with long usernames and difficult passwords○ 18john.nguyen4816@student.district.k12.ca.us○ 18j.nguyen4816@stu.district.k12.ca.us○ j.n481632@dusd.net

● Forget to differentiate student accounts from staff○ Append a student disclaimer footer○ Use child domains

Don't:

● Forget to place student accounts in Sub Orgs

● Migrate 1600 staff accounts the week you leave for a new job

● Migrate users over a four month period● Rely on Local Contact Groups - They fail on

Mobile

Syncing With Active Directory

● Google Apps Directory Sync (GADS)○ Runs on any workstation/server○ Scheduled Task or CMD line

● Google Apps Password Sync (GAPS)○ Runs on every Domain Controller○ Syncs Password on Password Change

● Check for updates● Works with multiple child AD domains at

once○ GADS with enterprise admin and GAPS with local

domain LDAP user

Mail Migration

GAM Tips

Bulk Uploading via CSV places all users at the top level

So use GAM to Add Users to an OU after the upload

Migration In Flow

email

Exchange

User Inbox

Forward Rule

Gmail Inbox

@dusd.org

@district.k12.ca.us

Migration Out Flow

email

Exchange

User Inbox

Forward Rule

Gmail Inbox

email

Migration Complete

email

Exchange

User Inbox

Forward Rule

Gmail Inbox

Unity VM

email

Email Routing (Forwarding) By User

Mail Migration Strategies

● Google Apps Migration For Microsoft Exchange○ (Server Based)

● Google Apps Migration for Microsoft Outlook○ (Client Based)

● Google Apps Sync For Microsoft Outlook○ Legacy client access to hosted inbox

● Other Options● Migration from Exchange & Outlook Video

Migrating with GAMME

778 Accounts, 3.1 Million Emails

● Change email domains in the middle of migrating users with GAMME.○ @distict.k12.ca.us to @dusd.net

● And then run GAMME multiple times on the same accounts. Users get duplicate email!

*If I remigrate the same e-mail for a user will it duplicate e-mail in the user’s account?

No.*from http://www.google.com/support/enterprise/static/gapps/docs/admin/en/gapps_exchange_migration/2.1/troubleshooting.7.3.html

Don't:

Don't:

● Migrate users before they have checked their folder names for special characters:

● Change any folder names* that conflict with Google's naming rules. The following characters are not allowed:

colon (:), semi-colon (;), dash (-), carat symbol (^), forward slash (/), backslash (\) or a double-space. To be safe, remove any characters that are non-alpha/numeric. A single space is okay.

Hybrid and Coexistence

Hybrid and Coexistence

● Hybrid deployment with Staff hosted on internal Exchange and students hosted on Gmail

● Requires student accounts to have their own child domain

● Keep staff MX records internal and setup student MX records to forward to Google○ dusd.org MX mail.district.k12.ca.us○ student.dusd.org MX aspmx.l.google.com

Hybrid, Cont

● Staff still have access to all other Google services

● Notifications get sent to Exchange address● Initial deployment will work best with GADS

and GAPS and then have all users change their AD password

User Training

User Training

● None or "The Milpitas Way"● Scheduled PD, 2 Hour Intro Sessions● Volunteer PD, 1 Hour Intro & App Specific● A Google Apps Help Site (Template)● GAFE Summit

Don't:

● Assume users will remember to open a browser instead of opening Outlook

● Assume users will remember their GAFE password, even though it's synced with their AD password

● Assume users know how "Tabbed Browsing" works

● Assume users will use Chrome or Firefox or anything besides IE to login to GAFE

Don't:

● Expect everyone will get the same login page

Outlook Features Users Might Miss

● Delayed Send● Scheduled Recurring Send● Task Reminders (Google Now)● Sorting By Sender (Search by sender)● Snoozing Reminders● Phone message light (for VOIP users)

Don't:

● Use Outlook (Unless you really have to)

Archiving with Vault

"Archiving" With Vault

● https://ediscovery.google.com/

Default Retention Period

● Set to a ridiculously high length otherwise messages will be removed from inboxes

Google Drive

● Don't: Expect Users To Fill Up Their Own Drive

● Do: Create Resource Accounts (They're Free)

○ Space is calculated based on the owner of non-Google documents ○ Drive space calculation: https://support.google.com/drive/answer/2375194?hl=en

● drive-lib@dusd.net to replace network drives● Shared folders are awesome● Ownership can only be transferred within an

organization, otherwise you have to copy

Google Groups

● Enable Google Groups for Business● Domain managed groups - AD synced● User managed custom groups - Google-only● Mail contact groups - Personal lists● Can be used for mailing lists and/or security

permissions

Questions?

This Presentation: http://bit.ly/gafetips

Andrew:http://anotherschwab.wordpress.comhttp://smallschoolbigtech.comhttp://rebootedpodcast.com

Mark:http://plus.google.com/+MarkMahacek