Professional Documents
Culture Documents
files on you HDD. Cloud computing is the internet-base computing, whereby resources, SW and info are provided to computers and other devices on-demand like public utility. what is google apps? google apps is an Enterprise business suite created by google and comprised of several google products. if features several web application with similar functionalities to traditional office suites. these applications are delivered through data center and built on googles servers. as these applications are built on googles servers, it allows them to be accessible anywhere in the world, with The cloud appearing as a single point of access for all the computing needs of consumers
googles apps can be accessed at any place in the world. Gmail can also be sync with Outlook THE FOLLOWING APPS ARE THE ONE WE WILL PROVIDE SUPPORT services offered: Gmail: World leading email - less spam, huge inbox, search. Gmail using your domain name. world class email service mail stores on googles servers outstanding spam blocking integrated IM, voice and video chat storage varies between 7-25GB base on edition. accessed primarily via the Web interface. Talk: business class IM, voice and video chat. Groups: Groups for mail, contest sharing and communication. Calendar: Agendas, scheduling, share online calendar. create and manage event in your own personal calendar create and share calendar with your colleagues create bookable resources for you Google Apps users Sync with Outlook, iCal etc. Docs: Collaborative docs, Spreadsheets and Presentations. create documents, spreadsheets and presentations online. share and collaborate in real time safely store and organize your work control who can see your documents upload any file to your Doc list Sites: Secure, coding-free, collaborative sites for intranets. Single click page creation no HTML required create a company intranet, team or project site upload files and attachments collaborate and share indexed and searchable if the cust has an already running website is not supported and cannot be uploaded within Google Sites. Video: private, secure, hosted video sharing. storage limit of 3GB per user shared with the entire domain Ability to upload and share videos with everybody at your domain or just with specific people. search across your video content with google search technology. NOT ABLE TO UPLOAD AND PRECREATED SITE IN HERE.
Benefits best tools for business Information overload lots of storage: dont worry about quotas search built into every application labels and threading: new ways to scope Collaboration is central make collaborating as easy as creating remove the IT barrier to collaboration access anywhere mobile version for applications. web-based, VPN and no thumb drive.
the just keep getting better frequent, small updates 2 weeks release cycle easier for user to adjust learn from users research usage analysis easy to manage no server or client upgrades no data migration everyone is on the latest release
more reliable and secure purpose-built infrastructure hundreds of thousand of identical servers custom, hardened Linux OS Can rapidly update all system no third-party security issues world class security industry-leading experts obfuscation of data at rest
security reviews for all code. SAS 70 Type II certification. FISMA certification.
MX Records creations
On Godaddy.com Go to the Zone File Editor within the DNS Manager and enter the MX Records on the MX(Mail Exchanger) Tab Obeying the appropriate Priority of each Record, Set The TTL to half and hour and then click on SAVE ZONE FILE. KP: http://support.google.com/a/bin/answer.py?hl=en&answer=174125 DNS records are also known as The File Zone
-we can create as many groups as we want. -Groups are only for communication (Emails) purposes. -Roles can be added to the agents. INTRODUCTION TO DNS Objectives understands the difference between domain registrars, domains host and web hosts understand domains and whois information understand the purpose of DNS records and impact of propagation understand the use and format of the following DNS records NS records A records CNAME records TXT records DKIM records perform DNS lookups using a variety of tools understand MX records and Google apps MX setting. Domain registrars vs Domain Host vs web host Domain registrars: allows you to register a domain name bare minimum service; you only own a domain name with them Domain host: allow you to access and maintain your DNS records( known as a zone file) a domain host is required to use Google Apps Some host provide a control panel to make changes, other handle changes via phone/email web host: allow you to host files (web pages, images, etc) Today, most registrars also provide domain hosting at no extra cost. many registrars also offer web hosting for a fee. Google is not a domain registrar, a domain host or web host clients are free to register and host their domain with the provider of their choice some domain host limit the type of DNS modification that can be made we offer domain registration and domain hosting through our partners (GoDaddy and eNom) if a client requires web hosting, they can purchase it from a 3rd party web host. Domain A domain registry is an organization responsible for maintaining one or more Top Level Domain (TLDs): the two most common types of TLDs are: Generic TLD (gTLD): .COM, .NET, .ORG, .EDU, .INFO, .GOV, etc Country Code (ccTLD): .CA, .CC, .DE, .SV, .US, .UK, .TV, etc.
The Internet Assigned Number Authority (IANA) delegates authority to registries Registries may set policies or limitations on domain use ex. .EDU is limited to recognize post-secondary institutions in the USA. ex. Many ccTLD have presence/residence requirements Examples of registries include: VeriSign: .COM, .NET CIRA: .CA Afilias: .INFO
FOR EDUCATIONAL PURPOSES GOOGLE APPS ARE FOR FREE FOR MORE THAN 10 USERS.
What is a Domain Registrar? most registries do not sell domain directly to the public A domain registrar is an organization or business that sell domain names on behalf of one or more registries there are thousands of registrars and our clients are free to choose any of them. GoDaddy and eNom are the worlds two most popular registrars and account for > 40% of all registered domains. Registering a Domain to register a domain, you need to choose a registrar as well as an available domain name registrant are required to provide accurate contact information (name, address, phone number, email) and providing false information can result in loss of domain registrant information for a domain is publicly available; many registrars offer a domina privacy option either for free or an extra cost domain are registered for one year at a time; some registrars offer bulk discount for multi-year registrations and automatically renew the domain yearly on your behalf. Transferring a domain Client are free to transfer their domain to another registrar starting 60 days after initial registration. Domain transfers must be initiated at the new registrar and require a transfer code available from the old registrar clients do not lose whatever time is left their domain; the new registrar will extend the expiry period by a year. Whois Tools A Whois records is a public record containing a domain registrants contact information, the domain status, registration and expiry date and more. several free web-based tools exist to do whois lookups: https://mxtoolbox.com/ 6
https://whois.net some registrars only provide full whois record for searches done through their own whois tools useful information includes the expiry date and the authoritative name servers
what is DNS surfing the Web IP Address Unique identifying number assigned to each device on a network can be dynamic or static DNS (Domain Name System) translate domain names into IP address stores other info including list of mail servers that accept email from a domain name.
what is DNS system to organise and identify domain names associates a domain names with a collection of IP addresses distributed system with no single point of failure determines where mail is delivered
Using the Network-tool.com website this website allow us to use a lot of tools (lookup, ping, trace, express, etc.) Using the Lookup option: We are able to get the following information: IP address: 68.178.232.100 Host name: mackk.info canonical name: mackk.info
68.178.232.100 is from United States(US) in region North America
Using the express option: this is a combination of the result of the lookup, trace, whois, DNS record, network lookup
Using the DNS Record tool: Retrieving DNS records for mackk.info... DNS servers ns07.domaincontrol.com [216.69.185.4] ns08.domaincontrol.com [208.109.255.4]
provides the answer records: TXT Records NS Records MX Records A Records Authority records Additional records DNS overview What is an authoritative name server? set at the domain registrar lever, this record identified the domain host authoritative name servers store the master copy of the zone file DNS requires a primary name server and at least one secondary server what is a caching name server? caching servers store copies of zone files for a limited time purpose is to improve efficiency and reduce DNS traffic ISPs typically have caching name servers for their customer PCs and routers also have their own DNS cache. Propagation upon editing DNS, authoritative nameservers are updated quickly (time depends on DNS host service) the TTL (Time To Live) determines how long a caching DNS server should cache these particular DNS records
Propagation issues DNS records can have propagation issues causing discrepancies across several caching DNS servers Use the Squish DNS tool to check for propagation issues
Common DNS Record Types Common DNS record types include: A NS MC CNAME (is use to point at the right IP) TXT (is use for authentication purposes, subdomains and DKIM) SRV
A Records Central record of the DNS Links a domain or subdomain to an IP address Several A records can point to one IP address One A record can point to many IP addresses Not typically used with Google Apps NS Record NS = Name Server (can be obtanined by usining Network Tools) The authoritative name servers host the master zone file which contains the DNS information for a domain. You can determine the domain host by looking up a domains NS record. MX Records Q: When you send a message to admin@hammer-time.net, how does the email know to go into a Google Apps inbox? Why doesnt it end up in yahoo account? A: Mail system asks hammer-time.nets DNS where to send the mail. In the DNS, the MX records are pointing to Googles server information, so the makil end up in the admins Google Apps Inbox MX= Mail Exchanger Direct email to servers for a domain (Tells email where to go) to know the IP address of a server we just need to do a ping to its address. CNAME Records Cal, docs, mail and site are all CNAMEs for ghs.google.com ghs.google.com contains mappings to redirect each CNAME to the appropiate service ex. Users who type in docs.hammer-time.net will be redirected to Google Docks for hammer-time.net SRV Records SRV = SeRVice record
10
Specified which services are available In Google Apps, the SRV record is used for Google Chat Allows user to chat with people using other messaging services through a process known as federation By default, you can chat with other Google Apps mail users and consumer Gmail users To chat with users on federated networks, youll have to change your SRV records Note: Most domain host wont allow you to access the SRV record
1. A surfer type NHL.com in the address bar of Chrome 2. The surfers computer queries DNS to determine the IP of NHL.com 3. Assuming no cached record existed, DNS server queries the registrar to determine the authoritative name server 4. t\The authoritative NS, which host the zone file, priovede the IP address for NHL.com (8.20.73.150) 5. The IP address is returned to the surfers computer 6. The surfers computer connect to 8.20.73.150 via HTTP and request the website. 7. The web server at 8.20.73.150 proveds the websites to the surfer.
DNS Tools DNS Sanity Check (https://check-mx.appspot.com/) perform a range of checks on a domains DNS Google Apps Mail Google Apps offers customized email for your domain, with domain level control over the users mail experience. End user can customize Gmail the way he liked. logo can be change but only by the admin Google apps kail at a Glance Manage information better 25GB quotas per user - never waste time managing quotas again search your email - find what you need quickly and easily Use labels to filter and sort messages conversation threading to help manage your inbox Anytime, anywhere access
11
web access from any connection mobile access: blackberry, iphone, android, windows mobile outlook connector: allow users to keep their existing client real time communications instant messaging with text simple voice and video communications IMs archived and searchable with email integrated directly into the box Simple to deploy and manage no client applications built right into the web-browser video available on any machine with a webcam
Features Administrator managed Domain Features email routing gateways email retention POP and IMAP access mail delegation voice and video chat message security User managed account features forwarding and POP/IMAP Gmail Mail Fetcher Google email Uploader FiltersLabs Themes Send mail as
- setting can be changed by organizations, one by one - Labs are not supported (information might be find in support.google.com). Resources DNS lookup tools (DNS setting, search by domain) http://www.dnsstuff.com/ (username: googleapps, pass:gafydrules) http://www.kloth.net/ http://www.hashemian.com/tools/domain-email.php http://www.mob.net/~ted/tools/mx.php3 (MX records only) General informacion on DNS Google Apps Help Center: Basic Guide to DNS: ID: 48090 Wikipedia: http://en.wikipedia.org/wiki/Domain_Name_System
12
Google Apps Mail Customization Usernames Yes - minimum: 1 character - Dashes - Common names. ex. John@domain.com - john.doe@ and johndoe@ are distinct - 25 GB for GA4B - 7 GB for GA full username for authentication. ex john.doe@domain.com User accounts only created by an domian Need to contact domain admin
Gmail No - 8 characters or more - no dashes - No common Names - john.doe@ and johndoe@ are the same. 7 + GB Only username for authentication ex. Johndoe sign up directly or receive a free invite Can reset by clicking on Forgot Password Link
Storage POP/IMAP
13
users who are not administrators View access to organizations View access to user account information The ability to reset the password for nonadministrators
Administrator to take care of support issues that require access to user information and the ability to reset passwords. Administrator to manage Google Apps services
Services Admin
The ability to add or remove services Full access to the Settings tab and all sub-tabs
If you assigned delegated administrator privileges to users before administrator roles were available, Google Apps created roles for those settings. These custom roles have the name role_useremail, whereuseremail is the email address of the user to whom the privileges were assigned.
Common features Conversations Each message is grouped with its replies and displayed as a conversation Archive, dont delete With 25GB storage (GA4B users) you can archive, rather than delete, message for viewing Search, dont sort using keywords or the advanced search feature, Gmail users find what they need, when they need it Speed Gmail uses JavaScript that allows faster navigation with fewer request to the server
- just by typing the name of the contact gmail will auto-populate the contact email, and it will does it only with the users that are in the same domain. Filters filters allow you to organize incoming messages before they reach your inbox Labs - Labs are experimental features provided on an as-is basis. - This means we do not support labs and they may potentially impact other mail features
14
- Labs can be remprarily disabled via the escape hatch (http://mail. google.com/mail/u/0/?labs=0) Shortcut and Operators Navigate gmail without a mouse Use operator to refine search criteria Full list of shortcuts and operator available in the Help Center.
Document ID: 7190 (Using advanced search) and 6594 (Keyboard shortcuts) Forwarding, POP and IMAP forwarding all email to another email address enable POP and IMAP access configure POP and IMAP settings
Mobile access the interface is optimized for the phone youre using you can access attachments, including photos, .doc, and .pdf files must be using a supported phone on a supported network supported phones for applications (milu): Blackberry, phone with Java ME supported phones for browser (pudu/super pudu): iPhone, Android, windows mobile ~90% of all the phones with web browsers web access (pudu) via http://gmail.com Download (Milu) at http://m.gmail.com
SPF
It define the server (IP) that will be use to send the email
15
Note: The TXT record entries will look similar to the following:
Select Quick Add to enter a new TXT entry. Suggestion: Do not use the SPF Record wizard. It is easier to copy & paste the TXT value yourself. Select Save Zone File to save the entry. Include an at (@) sign within the host name field if required. Note: It can take several hours for the TXT records to propagate.
DKIM Its an electronic key that is use to verify the sender of an email, the main function is to protect the owner. Difference between SPF and DKIM SPF: you let the system know from where (IP) Im sending the emails DKIM: encrypts the email
Some organizations publish Sender Policy Framework (SPF) records to help reduce email spoofing of their domains. SPF records include a range of IP addresses that are authorized to send mail on a domains behalf. To help reduce the chance that your users will receive spoofed emails, you can enable the SPF Check feature at the Email Config level in the Administration Console (see Enabling SPF Check). Note: SPF Check is available for Google Message Security customers only.
Senders domain name. Number of messages with an SPF Check that passed successfully. Number of messages where no SPF record was found during the SPF Check. Number of messages with the Soft Fail response type during the SPF Check. Number of messages with the Fail response type during the SPF Check.
16
Number of messages that triggered an error during the SPF Check. Total number of SPF Check messages for a sender domain.
Recip Domain Pass None/ Neutral Soft Fail Fail Error Total Messages
Recipients domain name. Number of messages with an SPF Check that passed successfully. Number of messages where no SPF record was found during the SPF Check. Number of messages with the Soft Fail response type during the SPF Check. Number of messages with the Fail response type during the SPF Check. Number of messages that triggered an error during the SPF Check. Total number of SPF Check messages for a recipient domain.
Errors link:http://www.openspf.org/SPF_Record_Syntax
Explanation The SPF record designates the host to be allowed to send The SPF record has designated the host as NOT being allowed to send The SPF record has designated the host as NOT being allowed to send but is in transition The SPF record specifies explicitly that nothing can be said about validity
17
The domain does not have an SPF record or the SPF record does not evaluate to a result A permanent error has occured (eg. badly formatted SPF record) A transient error has occured
The message ID is unique for every mail sent (ex. Message-ID: <007801cd45c6$093b8830$1bb29890$@transactel.net>)
Google Apps Mail Objectives know the differentiate features of google apps mail understand difference between customer and apps google mail understand how conversations works understand the difference between label and folders familiarity with web UI for sending/receiving/managing messages familiarity with google apps mail setting including filters external access labs themes understand google chat understand contact manager understand offline gmail for chrome
Google Apps offers customized email for your domain, with domain level control over the users mail experience Google Apps mail at glance can be found in the previous document. Different option on how to access the Cpanel of Google Apps. www.google.com/a/mydomain.info
18
mail.mydomain.com from the mail inbox, you can access the manage this domain option
Gmail Offline Chrome Chrome browser apps allows offline access to Gmail Based on HTML5 as gears support is deprecated Still under iterative development (beta version) Release Aug 10th 2011
Main functionally users can read, reply, send, label/star messages search for messages using envelope data (from/to/subject/label) search message body not supported depending on inbox volume, it syncs between 3 and 7 days worth of mail + starred items sync attachments (at lunch: of certain types only) requires Chrome browser install the app from Chrome Web Store Requires Cpanel setting for Offline Gmail to be checked.
product specific features Chrome web store service must be enabled for their organization if the Cpanel. Offline Gmail control panel flag: When off, users can still install the app banner explains that offline is disabled per policy app will not sync IT admins can configure the Chrome MSI to reply chrome with Gmail Offline Supported languages are the same as Gmail for iPhone.
Known issues Incompatible with some Chrome extension full gmail keyboard shortcut support limit on attachments: 5MB per attachment on sending, 25MB total Attachment types supported no sync settings signature not displayed when composing but are appended to outgoing messages cannot modify importance markers no labs support does not work well with SSO Works on GA+ domains only uninstalling the apps doesnt automatically remove data
19
Support and Troubleshooting support fully supported by enterprise covered by SLA app HC support article consumer HC article troubleshooting check that gmail offline is enabled in Cpanel check users Org Service setting to ensure Chrome Web store is enable Disable any other Chrome Extensions Uninstall/Reinstall and reconfigure Gmail Offline For App not available offline, obtain copy of Apps local cache for other errors obtain list of recent actions check apps status dashboard for services disruptions check known issues page ID: 139154
GMAIL Objectives understand how email delivers works understand the role DNS plays in mail delivery recognize google apps MX records understand Postini and how it affect email delivery understand what dual delivery is and the business need for it Configuring Dual delivery for legacy to google apps configuring Dual delivery for google apps to legacy perform various mail test Email delivery basis 1. the sender types a message and send it using gmail or through an email client (outlook, thunderbird, etc) 2. the message goes through the outgoing mail server (smpt.gmail.com) which performs a DNS lookup on the recipients domain to determine the recipients MX server(s) 3. the message is delivered to the recipients MX which places the message in the recipients virtual mailbox. 4. the recipient checks their email and download new message waiting in the mailbox 5. the whole process is repeated in the other direction when the recipient replies to the sender
20
Message delivered to Google Apps MX records primary domain: 10 mydomain.com.s7a1.psmtp.com 20 mydomain.com.s7a2.psmtp.com 30 mydomain.com.s7b1.psmtp.com 40 mydomain.com.s7b2.psmtp.com
Introduction to Dual Delivery What is it, and why would I want to do it?. Dual delivery allows incoming mail to be delivered to your legacy email infrastructure as well as google Apps email With dual delivery, incoming mail is delivered to a primary mail server which processes and delivers each message then forwards a copy to a secondary mail server which delivers it to your second inbox Admins often like to keep a backup system when in the deployment stage they can even keep some users on the legacy system, while moving other to the new google apps system There are 2 possible configurations: Send message to the legacy server and then forward them to Google Apps Send message to Google Apps and forward them to the legacy server
Dual delivery (ID: 96855) There are 2 configuration possible: Legacy email first then Google Apps Mail (We discourage this configuration, except for pilots) Google Apps Mail then Legacy email (if dual delivery is necessary preferred configuration)
21
Mail flowing to Google Apps first MX Records primary Domain will be the same for google MX records Mail Delivery Details Outbound Mail Flow
SMTP session test Ability to send SMTP commands to mail server useful for sending the message to email accounts or groups Does account exist? is account over quota? is account provisioned in Postini? Does sender meet group sending requirements? no relay allow for group Recommended tools PC: MS-DOS
22
SMTP session test: sending a test message: Perform an MX lookup to find top priority MX record Open MS DOS ir terminal and enter: telnet aspmx.l.google.com 25 EHLO MAIL FROM: <testaccount@yourdomian.com> RCPT TO: <customeraccount@customerdomain.com> DATA Online Tools: Enter the email address of the user or group on Network-tools.com and select EMail test and click Go (is a way to authenticate that the email address provided is a valid email address). Productivity Tip: Add a custom search engine to chrome keyword: smtp string: http://network-tools.com/default.asp?prog=test&host=%s when renaming an email you loose all the documents attached to that email address, so what you have to do is to change the ownership before renaming the email address, so we can go to the Cpanel of Google Apps, under Advanced tools and all the way to the bottom we do the ownership transfer from the old account to the new one or to any other one, and only after that is when we can rename the old email. if you change only the name of the user it will keep the documents, and for all the share files will keep be shared with the rest of the users.
POP POP allows users to send and receive message with a third party POP client, letting them forgot the webmail interface Important features secure login transaction on every send/receive every message in All Mails is downloaded Downloaded message and message sent from the client are not downloaded again
23
recent made allows multiple POP connections apps mails retinas control over mail on our servers apps mails does not have a synchronize feature
If switching from IMAP to POP the only folder that will be sync will be the INBOX. Enabling POP Access POP access is only available to GA4B/EDU domains POP access is disabled by default In CPanel, under settings > Email, uncheck Disable POP and IMAP access for all users in the domain. Changes to this setting may take 15-30 mins to take effect.
Try the POP and IMAP at home to check how long it takes to start working
POP Server Post Office Protocol pop.gmail.com allows client to download messages from Apps Mail
SMTP Server Simple Mail Transfer Protocol smtp.gmail.com Allows client to send message through Apps Mail
Ports For Connecting Web browser contact Gmail servers on port 80 POP ports are 995 (110 not supported) SMTP ports are 465, 587.
Supported clients (ID:12103) Desktop Mail Clients Apple Mail 4.0 Outlook Express 24
IMAP - Internet Message Access Protocol IMAP is a protocol for syncing mail between an email program running on a users machine (the client) and an email stored on a server IMAP is read/write. Changes you make on the client get propagated to the server, and viceversa IMAP is a direct to connection to the server. Examples: read a message on the client, it gets marked read on the server. Deleted a message from the inbox on the client, it gets Archived on the server.
- It can be accessed at any computer anywhere. - no duplicates emails - It depend on your business needs IMAP sync and Google Apps Mail (ID: 77657) IMAP translate labels with a forward slash (/) into a folder hierarchy like you see in your computers files system. Gmail-specific features and terms, such as conversations threading and stars, wont appear in your client Dont worry, you can still perform all the usual Gmail functions, just in a slightly different way. how do actions sync in IMAP Star will be shown as flags, and labels will be shown as folders. Enabling IMAP Access IMAP access is only available to GA4B/EDU domains
25
IMAP access is disabled by default In Cpanel, under Setting > Email, uncheck Disable POP and IMAP access for all users in the domain Changes to this setting may take 15-30 mins to take effect Once enabled at the domain level, users must individually enable IMAP in their Gmail web UI under Settings > Forwarding & POP/IMAP Gmail Servers and Ports for IMAP IMAP Server internet message access protocol imap.gmail.com allows client to download messages from Apps Mail
SMTP Server Simple Mail Transfer Protocol smtp.gmail.com Allows client to send message through Appls Mails
Ports For Connecting Web browsers contact Gmail servers on port 80 IMAP ports are 993 (SSL port) SMTP ports are 465, 587
Supported IMAP Clients (ID: 75726) Desktop Mail Clients Outlook Express Outlook 2003 Outlook 2007 Apple Mail 3 Apple Mail 4 Windows Mail Thunderbird 2 Thunderbird 3 Other*
26
*We provide instruction but dont support this devices. Recommended IMAP Client Setting (ID:78892) Sending: Do NOT save sent messages on the server. If your client is sending mail through Gmail's SMTP2 server, your sent messages will be automatically copied to the [Gmail]/Sent Mail folder. DO save draft messages on the server. If you want your drafts in your mail client to sync correctly with Gmail's web interface, set your client to save drafts to the [Gmail]/Drafts folder. Deleting: Do NOT save deleted messages on the server. Messages that are deleted from an IMAP folder (except for those in [Gmail]/Spam or [Gmail]/Trash) only have that label removed and still exist in All Mail. Hence, your client doesn't need to store an extra copy of a deleted message. Do NOT save deleted messages to your [Gmail]/Trash folder because this will delete a message in all folders. Do NOT save deleted messages to your [Gmail]/All Mail folder as some clients will try to empty this folder and ultimately fail. This can lead to delayed mail access or excessive battery consumption on a mobile device. Junk mail and spam: Do NOT enable your client's junk mail filters. Gmail's spam filters also work in your IMAP client, and we recommend turning off any additional anti-spam or junk mail filters within your client. Your client's filter will attempt to download and classify all of your existing messages, which may slow down your client until the process is complete. - Do not save information into the inbox, it will never be send. - The junk filter is not supposed to be enabled within the client, it will give problems. Points of Failure Common Symptoms Name and/or password rejected Cant send Cant receive Download some messages but not all
27
Most Causes are a result of User error/product knowledge Unsupported client Incorrect POP client settings POP not enabled in Mail account Settings Network or ISP is blocking ports Unlock Captcha Password not strong enough Bandwidth & Sending limits reached Google outage.
Gathering information Interpreting Customer Responses Are you able to lig in to your account through the Web UI? If they cant log in to web interface, its a server or account issue Do you experience difficulties in sending mail, retrieving mail, or both? Do you have any internet security, firewall or antivirus software installed on your computer or network? If so, which application(s)? A few can block port access Are you using PO access from home, from work, or from a public location? work and public locations could have firewalls/proxies that block ports Which email client are you using, and what version? Confirm that the client version is supported have you ever been able to use POP access to send and download messages? Never - more likely a client/client settings/ network issue Yes, but stopped - more likely mail server or account settings please provide screenshots of your email clients POP and SMTP setting, along with any error message that you see when you try to use POP access compare with settings in the Help Center Troubleshooting POP/IMAP issues Help Center POP issues: 1669059 IMAP issues: 1668982 Problems sending mail: 78775 Gmail known issues:
28
[GD PIMT] - General POP/IMAP troubleshooting information [GD PICM] - Contact POP client manufacture [GD CLIENT] - List of client troubleshooting questions [GD UC] - Unlock CAPTCHA
Useful Articles: Suspend a user ID: 33312 Delete a user ID: 33314 Restore a suspended user ID: 1110339 Pre-defined administrator roles
PVC
Learning objectives Understand PVC features Know how to configure PVC settings including Spam Objectionable content Content compliance Attachment compliance Blocked senders Append folders
what is PVC? background: prior to PVC launch in January 2012, clients had access to integrated Postini for message security. PVC integrates message security directly into CPanel features: ability to control spam filtering in Gmail Ability to block certain users or domains from sending mail ability to whitelist certain users or domains ability to add footers to all outgoing messages ability to filter messages based on attachment name or type ability to filter messages based on content PVC filters can be applied to the enter domain or only certain sub-orgs
29
SPAM setting allow Google Apps admins ability to prevent messages from going to the spam folder based on list of senders that can be created inside Google Apps Control Panel Examples: Approved messages from internal senders Appove messages from facebool.com
Only triggers when the sender is: Internal and message in authenticated via SPF/DKIM or sent by Google In the header portion of the message, not envelope (mail-from)
messages to affect: It applies to all incoming messages Conditions: It the message is detected as spam Consequences: Move them to spam label options: Check the box Bypass this setting for messages received from internal senders to prevent internal messages from being marked as spam Create a list of domains or/and addresses to bypass spam filtering by default sender authentication is required to bypass spam filtering there is a quota for sending email (daily): ID: 166852 Main functionality - Blocked Senders Blocked Sender allow Google apps admins ability to reject messages based on lists of senders that can be created inside Google Apps Control Panel Examples: Reject messages from entire domain or specific users Rejects messages from evite.com or user@evite.com
Only triggers when the sender is: in the header portion of the message, not envelope (mail-from) and is NOT part of an approved sender list
-for google the black list is the main priority Messages to affect: it applies to all incoming messages
30
Conditions: sender's address in header matches a list of domains and/or address created under blocked Sender list in CPanel Consequences: Reject the message with a customized bounce message Options: Bypass Blocked Senders list for messages that are received from addresses or domains within a configured approved sender list under Blocked Sender Settings.
Main functionality - Append Footer Append footer allow Google Apps admins to add footers to all outging messages examples: add footers to all internal and external sent messages sadd multiple footers to messages
Only triggers when: footer is appended to internal messages only when Append footer when sending internal message is checked. Main functionality - Attachments Compliance Attachment compliance allows Google Apps admins to filter messages based on attachment types or names. examples: Strip attachment types .wmv reject messages with file type .png change subject of messages with file type .txt BCC users when message contains file of type .pdf
Only triggers when: Message contains a file type that matches with the one configured in attachment compliance if a blocked file type is not part of a nested or compressed file messages to affect: any of the following can be selected per policy 1. Inbound mail - all incoming e-mail 2. outbound mail - all outgoing e-mail 3. internal - sending - outgoing e-mail only to internal recipient
31
4. internal - receiving - incoming e-mail only from internal sender conditions: multiple conditions can be created and they can be set to match all or any rule 1. File attached matches attachment fami y or type (as defined by the file extension) 2. File attached matches an attachment name 3. file attached exceeds certain size limit consequences: any of the following can be selected 1. modify message a. add header tags or prepend subject b. strip attachments with customized advisory notice c. notify other users via BCC 2. reject message with customized bounce message Options: Bypass attachment compliance settings for messages that are received form addresses or domains within a configured approved sender lists under attachment compliance -> Options Main functionality - Content Compliance Content compliance allows Google Apps admins to filter message based on predefined set of words, phrases, text patterns or numerical patterns (using regular expressions) examples: Match the phrase stock tips match viagra, vi@gra, v1agra, v1@gra, v!@gr@, etc. Match the word hell, but not hello, shell, shellac, etc
Messages to affect: any of the following can be selected per policy 1. 2. 3. 4. Inbound mail - all incoming e-mail outbound mail - all outgoing e-mail internal - sending - outgoing e-mail only to internal recipient internal - receiving - incoming e-mail only from internal sender
32
Conditions: Multiple conditions can be created and they can be set to match all or any rule 1. Message content matches one or more expressions 2. message content matches all expressions consequences: any of the following can be selected 1. modify message a. add header tags or prepend subject b. notify other users via BCC 2. reject message with customized bounce message. Main functionality - Objectionable Content Objectionable content allows google apps admins to filter messages based on predefined sets of words examples: Match profanity/curse words Match racist/sexist/etc words Match sensitive words
message to affect: any of the following can be selected per policy: 1. 2. 3. 4. Inbound mail - all incoming e-mail outbound mail - all outgoing e-mail internal - sending - outgoing e-mail only to internal recipient internal - receiving - incoming e-mail only from internal sender
condition: 1. Message content matches one or more objectionable words Consequences: Any of the following can be selected 1. Modify message a. add header tags or prepend subject b. notify other users via BCC 2. Reject messages with customized bounce message
33
Google Apps Mail - SPAM concept SPAM the term is linked to the widely-present and mass unsolicited electr4onic mail. it has increased considerably during a short period of time and has become a serious threat to the internet mail community as a whole. to prevent e-mail spam, both end users and administrator of e-mail systems use various antispam techniques. No one technique is a complete solution to the spam problem, and each has trade.offs between incorrectly rejecting legitimate e-mail vs. not rejecting all spam this document explain some an overview about spam and best practices on how and users and administrator can help to prevent spam Background the volume of SPAM in internet is very high its completely blind (there is no correlation between the receivers areas of interest and the actual mail send out) it can overload mail server storage it cost money (to receivers and ISP) many of the spam senders are dishonest it is common practice to make use of third party hosts as a relays to get the spam mail sent out to the receivers
34
SPAM in Google Google takes SPAM very seriously Tae SAD (Spam Abuse Delivery) system is in charge of classifying messages as SPAM for: inbound messages through SMTP-IN Outbound messages through SMTP-OUT POP/IMAP messages Users and administrators can help to prevent SPAM electronic emails in internet Google maintains a very high catch rate and is very effective in catching most of the spam.
Users and SPAM Gmail users can help to prevent spam blacklisting or whitelisting messages Report SPAM: Users should mark message as spam when receiving spammer electronics emails, This will make a change in the reputation score and will help prevent similar spam messages in the future. Link Not SPAM: Users should mark messages as not spam when a non spam message has been delivered to the spam label and not to the inbox, this will teach abuse systems and messages like that wont be marked as spam in the future. Link
35
verify that the address book of the user contains valid contacts, messages coming from sender listed there are generally not marked as spam verify the forwarding and filtering rules to see there are not anomalies there, sometime there can cause NDR (Non Delivery Report: is the technical term for the bounce back message) SPAM. some users are sender to bulk messages. Bulk messaging refers to sending a large volume of legitimate mail ( ex. a company sending a newsletter to their clients) in order to send bulk messages in Google we recommend follow some best practices to prevent messages to be parked as SPAM for best practices follow anti-spam recommendations in RFC 2505 Administrators and SPAM if a domain is receiving a large amount of messages from a specific SMTP server, the admins should configure a whitelist with the range of IP addresses of the specific server. This will avoid messages from that server being marked as spam to configure whitelist, click here. alternately, individual email addresses or maions can be added to an appoved sender list using PVC or Postini if a domain is forwarding email from its legacy server to Google, then they need to add the server IP address to inbound Gateway. this helps in better spam handling and prevents false positives to configure an inbound gateway, click here. SPF records The standard SPF record recommended by Google is: v=spf1 include:_spf.google.com ~all v=spf1: indicates the version of SPF to use. Only spf1 currently exist. include:_spf.google.com: SPF record inherits all of Googles IP addresses and passes all email sent from those IPs ~all: SoftFail all messages sent from other IPs Result Pass Fail Explanation The SPF record designates the host to be allowed to send The SPF record has designated the host as NOT being allowed to send Intended action accept reject
Mechanism + -
36
SoftFail
The SPF record has designated the host as NOT being allowed to send but is in transition The SPF record specifies explicitly that nothing can be said about validity The domain does not have an SPF record or the SPF record does not evaluate to a result A permanent error has occured (eg. badly formatted SPF record) A transient error has occured
but
Neutral None
PermError TempError
If Google identifies a Google Apps user who is violating these agreements, we reserve the right to immediately suspend the user. If the problem is domain-wide, we reserve the right to suspend the entire account and deny administrator access to all the Google Apps services. In such cases, we send a notification to the registered secondary email address for the domain administrator. If you identify a Google Apps user who is violating these agreements, at your domain or another domain, you can report the abuse to Google by sending an email message to abuse@domain.com orpostmaster@domain.com, where domain.com is the domain where the abuse occurs. Google monitors these addresses for every domain registered with Google Apps. Since abuse and postmaster are reserved aliases, you cannot to use them as user names or aliases. You can, however, subscribe to them and receive all mail sent to these addresses. (Learn more) DKIM Spammers can forge the From address on mail messages so that the spam appears to come from a user in your domain. To help prevent this sort of abuse, Google Apps enables you to add a digital signature to the header of mail messages sent from your domain. Recipients can check the domain signature to verify that the message really comes from your domain and that
37
it has not been changed along the way. Googles Apps digital signature conforms to be DomainKeys Identified Mail (DKIM) standard. To add a digital signature to outgoing mail , you generate a domain key that Google Apps uses to create encrypted mail header that are unique to your domain. You add the public key to the Domain Name System (DNS) records for your domain. Recipients can verify the source of a mail message by retrieving your public key and using it to decrypt the header. to configure the DKIM records, click here.
three major steps are required to setup DKIM 1. Generate the domain key for your domain a. in Cpanel: Advanced tools > Setup email authentication > Generate new record 2. Update your DNS records a. In DNS host admin console: Create a new TXT record containing the key generated in step 1 3. Turn on mail signing a. Cpanel > advanced tools > set up mail authentication > Start authentication b. Enabling authentication will check to make sure the correct DNS record was updated. If the record is incorrect or has not propagated yet, a warning message will be displayed Outage training Outage: Service Down. If there is an outage you will be able to find this information on the CPanel under dashboard. what is an outage? Known issues: parts of service dont work, but overall works. ex. no access to old attachments, calendar sends duplicate invitations Apps Dashboard Service inaccessible service unusable ex. service down, loging issues, severe latency
when there are problem we will get email and the alert in the dashboard
38
For email problems we need to try with different browser (this is a must). Apps Dashboard: http://www.google.com/appsstatus known issues: https://www.google.com/support/a/bin/static.py?page=known_issues.cs what we call an outage? >50% of users affected? >20% of users affected? >10% of users affected? >1% of users affected? >.1% of users affected? >.001 of users affected?
For emails we have 2 problems, bouncing states (half of the amount of users within the domain cant send emails) and outage. Bouncing states recovers itself eventually. Time Description were experiencing an issue affecting less than 0.003% if the google mail user base, the affected user are unable to access google mail. we will provide an update by February 23, 2011 2:13:00 PM UTC-8 detailing when we expect to resolve the problem. please note that this resolution time is an estimate and may change.
1:13 PM
note: the known issues page will contain many more issues that arent classified as an outage why do we post about outage? To let the customer that google had any problem bringing also the solution for it. is like: hey we had this problem but here is also the solution. Only admitting failures allows you to improve Our users deserve this level of transparency It reduces the amount of support volume and press request coming to Google Centralized communications allows engineers to focus on resolving the issue Transparency build trust
39
why do we post about outage? ...the cloud aint perfect. But you may draw some inspiration from a look at how Google reacted. outage priorities
1 2 3 4 1 2 3
Customer care most about three issues: were aware of the problem, were working on it, and well have it fixed by...
Transparency and accuracy are desirable During an outage, we will prioritize accuracy over transparency speedy and accurate messaging = simple messaging
the role of apas support Track incoming case volume and identify an outage
Gather information that will help narrow down the issue to aid a quick resolution
Reassure customer that we are aware and working on fixing the issue already
40
Watch out for increases in cases around: error 500, cant login, slow, loading, oops. Thresholds more than 5 calls an hour. more than 20 cases an hour. inform your manager if no manager is available, follow the line of communication outlined in the POC document Step 2 - Gather information Gather information in affected users in a spreadsheet Spreadsheet will typically be share with you by us attach relevant cover bug to case (provided by us) to track support impact and allow follow-up with customers Step 3 - Reassure our customer - before we post reassure customers we handle his request with priority provide customer with workaround if available refer to the Apps Dashboard in case they ask whether this is widespread
It will typically not take us more than 30 minutes to post to the dashboard. Step 3 - Reassured our customer - once posted Reassure customer we are aware of the issue
Ask customer information required for the shared spreadsheet reassure him we are currently working on resolving the issue provide him with a workaround, if available refer to Apps Dashboard for updates
It will typically not take us more than 30 minutes to post to the dashboard. customers FAQs When is this issue resolved? Were currently working on a resolution, but I unfortunately dont have an ETA yet. Looking at the Google Apps Status Dashboard, typically these issues are resolved within a few hours. Is my data safe? Yes, data safety is our top priority and we have several backups, well ensure you have access to your data soon again
41
Whats causing the issue? At this stage, our focus is on restoring our users, but well be providing an incident report on the Dashboard within 10 days of resolutions any specific message on the Dashboard should overwrite this info
http://googleenterprise.blogspot.com/2012/03/google-apps-vault-brings-information.html 42
vault quick start vault, click here. main reason why vault was deploy is because now a day all documents are electronic document vaulta assures you that nobody else will get into the information and modify it. Action that can be taken by user (what can you do with vault) Manage matters Administrative matters access all matters create holds remove holds access all data access held data count search view documents manage saved queries manage exports download exports view retention policies manage retention policies audit matters audit system
Matter: is a collection of documents that a customer would have related to an specific topic such as a case or investigation (more information here) Note: Cpanel Super Admin always has Super Admin access in Vault This will not change before Appsless CPanel Auditing a system Check email, files, users access, etc. for compliance or standards of the company Retention allows admins to automatically hold messages meeting certain criteria. This data is removed after the specified period (in days). Deleting an email message via Vaults retention settings will delete the message from the users mailbox. there is a 30 day period in which the data will still be available, but theres no quick migration path back to Gmail.
43
Period in days after which documents not matchingrules below should be deleted. to place on hold, enter a user account (auto-completed) and select place on hold note the following: holds trump individual retention rules individual retention rules trump the default retention rule, but longest policy wins Deleted a user account will delete all data stored in Vault
Exports gmail data is exported to an MBOX (.mBOX) file .MBOX is an industry-standard mailbox format that stores one or more exported messages in a single text file. Google Apps Vault exports data to a single MBOX file, up to just under 1GB, which you can transfer to physical storage. If you export more than 1 GB of Gmail data. Google Apps Vault creates multiple MBOX files If the same email message resides in multiples user accounts for which you exported data, Google Apps Vault includes only one copy of the message in the exported results file. product specific features how is it enabled? currently under CPanel > Dashboard > Service Settings > Marketplace services, but will be under CPanel > Dashboard > service setting > core google service at launch. CPanel > Organization & users > services > additional services Languages: EN only at launch, product UI is in EN and in Next Generation Control Panel (ref b/5999330) at launch, Vault is available to Newly-Created Offline and Rep Assisted Buy Flow (RABF)Domains Launch is English-Only for the immediate future (not external communications):3-4 Weeks after launch, the following groups will get access: Newly-created offline/rep assisted buy flow (EMEA/APAC) Newly-created NA/LATAM RESOLD demains (B3 resellers only) Newly-created Online B3 domains Existing customer will NOT HAVE ACCESS TO VAULT FOR THE IMMEDIATE FUTURE. Support and troubleshooting
44
Google Apps Vault is supported by the CPanel team Vault will not launch on the Apps Status Dashboard Cases will be filed under Google Apps Vault in Unify Canned Responses and Coverbugs(go/vault/crs) GD NoVault4U | b/6241816 - Google Apps Vault not availabe for domain GD SR4v | b/6240643 - Customer needs to contact sales representative to purchase Google apps Vault GD retention | b/6240329 - question on google Apps Vault retention Setting (expected behavior)
Known issues and expected behavior Deleting a Vault user will currently delete all of that users data in vault. The control panel will warn against user deletion, but not prevent it Customers must purchase the same number of vault licenses and user accounts. All customers should be directed to their sales rep for more information on acquiring Vault for their domain. End-users deleting message held in Vault Will remove them from the users web UI, but not the Vault UI. Message deletion based on retention settings is deletion, not trashing deleting an email message via Vaults retention settings will delete the message from the users mailbox. There is a 30-day period in which the data will still be available, but theres no quick migration path back to Gmail.
What is the External and internal names of Product? Google Apps Vault What is the launch date? 3/28 What is the launch timeline with stages? Is there a product schedule? Launch timeline is for Vault for Gmail and Chat in Q1, Docs eDiscovery to follow in Q2/ Q3, Docs archiving and retention in Q3, and other data sources thereafter. What is the pricing model? Pricing is sitewide for all users, Flex-RABF($5/month) or Annual-Offline Oracle ($50) What is the Product? (Basic description of main features) Google Apps Vault enables users to archive, manage and preserve Gmail and Docs data for information governance, eDiscovery and regulatory investigations designed to reduce costs and risks. (See presentation)
45
What is the Service description (internal and external facing descriptions)? Vault provides the ability for Apps Premiere, Gov, and Education users to manage their Gmail and Apps data from a single interface. They can use the system for records management, archiving, and eDiscovery capabilities. The product will initially launch on Gmail and Gmail Chats, expand to Docs and Gdrive, and then expand to other data sources included groups, sites, G+ and more. The draft sales presentation is here, and the draft data sheet is here. Does Vault need to be purchased for all Apps seats under a domain? For example, can a customer have 1,000 Apps seats but just buy 500 Vault seats? Yes, they need to purchase for all users. That gives them the retention and deletion policies for email and chats. It also gives them unlimited users "on hold" for discovery purposes. We will be arming the sales teams to explain why customers need to buy seats for all users as we know a subset of users was a common request with GMD. Does Vault need to be purchased for all Apps seats under a domain for edu customers? $10/user for faculty, admin Do Vault licenses always need to co-term with Apps licenses? So, if a customer is 6 months into their prepaid term, would we then always sell Vault for a 6 month term to co-term with the Apps order? For offline, co-term is a requirement. We cannot support a Vault license separate from Apps until Appsless CPanel launches. Once we have Appsless, customers will be able to maintain termed employee data in Vault by paying the Vault license (and not needing the Apps license). This will be explained fully as we move towards launch. For online, since it will be monthly, there is no impact. Will Vault and Apps sold together be billed on the same invoice or we will continue to invoice separately? Apps and Vault will be sold together on the same invoice
POSTINI
there are 2 flavor for it. and postini stand alone postini
46
customer that purchase postini on they own. Integrated postini is offered with the Google Apps account for free and is called GMS (Google Message Security). most of the best features from postini are integrated into the google CPanel and is called PVC. more than the 88% of the old customer of postini were transitioned to the integrated postini, and by the end of the year is intended to have the 100% transitioned to the Cpanel postini Dasher is the internal name for Google Apps tech support. 2 types of continuations events Mail flow continuation: mail is processed by secondary datacenter and primary datacenter is still available for AC and MC config changes, most features available. full continuation: mail is processed by secondary datacenter and primary datacenter is offline, AC and MC are not available, no config changes possible. how to determine system for an account? the system # is shown in the URL When logged into the admin console or message center. url shown for an account when logged into AC on System 8 https:// ac-s8.postine.com/exeec/administart? url shown for an account when logged into MC on system 200: https://mc-s200.postini.com/app/msg with the stand alone postini we need to tell postini all the emails that are in the domain with their nicknames. with the integrated postini we dont have to worry of adding any new email, it does it by itself. we will be able to know if the customer is using postini if we find the postini servers in the MX Records. Postini allow you to create setting for an organizations and for an specific user postini can filter the incoming and outgoing messages. SPAM Filtering BSB= Blatant Spam Blocking the less the score the more probability the email will get treated as SPAM
47
NSD= Null Sender Disposition ignore User quarantine sends the message to the recipients quarantine Blackhole discards the message bounce Returns the message with the following custom error
Spam Disposition user quarantine (used by most of the user) directs each users spam to a separate quarantine quarantine redirect message header tagging puts a message in the header to let you know that this message is an SPAM
Virus blocking Early detection filtering look for similarities within virus, is not 100% reliable, it does a best effort virus cleaning when on user has the option to clean infected virus messages, it does a best effort. Virus dispositions bounce User quarantine Quarantine redirect
ATTACHMENT MANAGER allows to choose the size, block specific files, and this postini is will not override the Gmail settings.
CONTACT MANAGER combine the objectionable content and the content compliance filer from PVC SENDER LIST
48
Default user is basically a template and is used for any new user added.
Log Search you can look for a message get in and what happen to that message but if it was bounce back or a black hole that message is gone. Message Center is meant for the end users not for admins
About header fields when messages are processed by the message security service, custom header fields are placed in email-message header. these are useful for either determining email disposition or for handling support issues. Received from: X-pstnvirus: X-pstn-2strike: X-pstn-neptune: X-pstn-addresses: X-pstn--nxpr: X-pstn-cm: X-pstn-levels: X-pstn-settings: X-pstn-xfilter: Industry Heuristics X-pstn-disposition: X-pstn-nxp: For more information and detail on all fields, refer to the Admin Guide Section on Interpreting Header Fields. popular message header analyzers: https://messageheader.appspot.com
49
every header ending in X is a custom headers postini transition (ID: 2381789) postini header (here) if the cust is getting SPAM into his inbox after doing the transition from postini, we need to request as much SPAM header from email as possible, once we have them we need to send them to Google
support metrics: Email and Groups overall proportion of support volume* 33.5% proportion of support volume by customer size** 30.3% for 0-50 seat domains 38.7% for 50-3000 seat domains 38.6% for 3000+ seat domains
*percentage of all Google Apps cases filled for this product **percentage of cases filled by customer size bracket in comparison to total cases filled for that particular customer size bracket
User or Admin Managed adming managed groups Can only be managed by administrator in control panel basic contribution list functionality
50
Google Groups for business Administrator controls domain level settings user can create groups and control membership, access rights
A web application that allows your user to create, manage, and search groups (An administrator can also manage these groups), mail sent to groups is delivered whether this service is active or not.
Sequence of Groups checks Sequence: Sending to Groups Message to sent to Groups by sender Groups-lever performs checks spam check user check permission check message then set to members of group user-lever performs checks spam <many more>
conclusion notes Spam threshold for Groups is higher that Users because Groups are more prone to Spam and Abuse. How to identify Bulk Sender bounce? Individual sends email to group and receives bounce: Delivery to the following recipient failed permanently: address@fakedomain.com Technical details of permanent failure: Message rejected. Please visit this page to review or Bulk email Sender guidelines
51
Solution to Bulk Sender Bounce Solution Title Solution Detail Solution Owner Notes
SPF Records
Publish SPF records into Domains the domains TXT DNS DNS records administrator
Adjust Spa in User-manage Groups -> Domain The recipient group must be a m controls Groups Settings -> Spam Administrator User-managed group Controls and/or Group Owner Ensure inbound Gateway configured correctly Whitelist Senders Especially if using Postini Domain or another Mail Transfer Administrator Agent also possible to add Postinis IP addresses to the Email whitelist
If you are consistently Domain getting issues with Bulk Administrator Sender bounce, you can whitelist senders
Whitelist the senders IP address in Settings -> Email and/or create an approved sender list in Email > Filters
With suspected spam Post them to the group messages: Send them to the moderation queue default Send them to the moderation queue, but do not send notification to moderator Immediately reject them
Bounce State What is a bounce State? protect the resource capacity of google Mail servers Googles mail servers handle billions of emails per day many of these emails are bounced from the receipient to conserve server capacity, google remembers which account are bouncing and temporarily stops sending emails to that account or group.
52
A users account enter Bounced State when: Account cannot receive mail for > 12 hours [Grace period]
A Group enter Bounced State when> more that 50% of the users have entered Bounce State
Bounce states are reset 1 Dealys: 1 hour 2 Delays: 2 hours 3 Delays: 12 Hours 4 Delays: 1 Day 5 Delays: 7 Days 6 Delays: 14 Days
When the email is bouncing the email that will be receive is: your message could not be delivered because of previous failures during delivery attempts to this mailing list;. please update the list with valid addresses. This is an example of some of the bounces we received: -----------------------------------------------------Recipient: test@fakecomdina290.com 550 550 Host not found for domain: fakecomdina290.com . psmtp (state 17). message-id: <XXXXXXXXXX@mail.gmail.com> -----------------------------------------------------Recipient: test@fakecomdina290290.com 550 550 Host not found for domain: fakecomdina290290.com . psmtp (state 14). message-id: <XXXXXXXXXX@mail.gmail.com>
Clear Users bounce states Check reason for bouncing in groups UI management task > Manage Members > Bouncing
53
Resolved bouncing issue [eg. Un-suspend or remove offending users from group] request user clar bounce state by accessing this URL:
https://groups.google.com/a/yourdomain.com/groups/bounced?pli=1
Tip: Ensure Postini is not causing message bouncing Check blatant Spam blocking is disabled in Postini Check group is created as alias in Postini Solution Detail Solution Owner Domain administrator and Group Members Notes
Solution Title
Clear Users in Identify users in bounce states Bounce State in user managed groups UI. request users in bounce state got to this URL
this is a difficult solution to recommend if the users are not willing to clear their Bounce States If you have not resolved the root cause to the bounce state this will only be a temporary fix Administrator balance need to
Request Contact the support Team and Google Support to request to have all users a Support clear domains groups bounce states cleared Bounce State Ensure Once the largest causes Domain Blatant Spam of bounce stated is BSB in Administrator Blocking is Postini disabled in Postini
54
a. new groups take 6 hours to appear b. Old general groups can take 5 days to appear c. Check Group Setting > Access > Directory listing is set to List this group in Groups Directory
Directory Listing
Telnet: Sending a test message Open MS-DOS [PC] or Terminal [Mac] telnet aspmx.l.google.com 25 EHLO MAIL FROM: <testaccount@yourdomain.com> RCPT TO: <groupemail@customerdomain.com> DATA . Telnet: Insights Does the group exist. is the group accepting mail. is the user sending mail allowed to post to group.
Resources tools Telnet Test [PC] or [Mac] SPF Validator MX Toolbox Network.Tools.com
Help Center Groups Help Center Migrate mailing list to google groups
55
Exercise 1 Customer ticket I cannot send messages to my finance department my group is finance@groups.gatestaccount.com please investigate
Solution Ask customer if they receive a bounce message check Control Panel for Suspended accounts Instruct customer to Remove users from group OR Un-suspend the users
Exercise 2 Solution Ask customer if they have created the group recently groups take up to 6 hours to appear within the groups directory General Group converted to User Managed Groups can take up to 5 days to appear
Ask customer if Directory Listing is marked as Listing group in the Groups Directory Instruct customer to change the above setting.
Exercise 3 When i send messages to a group in my domain, I receive a bounce back message with reference to Bulk Mail Guidelines. Im not sending bulk mail. What is the problem please investigate
56
Solution Ask customer if they have an SPF record created yes Ask the customer if they have the moderation queue enabled in user managed groups yes Instruct customer to disable the moderation queue as email sent to groups is scanned twice for spam and can lead to false positive
CPanel Advanced Tools Agenda advanced user provisioning authentication reporting free/busy service email migration API references secure data connector google apps desktop feature restrict email delivery Advanced User Provisioning This functionality allows the admin to do the following: Bulk Upload: Upload a CSV file to create and update multiple user accounts at once. Download Directory Sync: Downloads Google Apps Directory Sync (GADS) to perform a directory sync with an existing LDAP server
57
Google Analytics Tracking google Analytics tracks where visitors come from and how they interact with the a site. by using google analytics with Google apps, admins can track with Google services are most popular and drill down to determine which documents or sites are most used. clients must for a free Google Analytics account in order to use this feature.
58
APIs 59
API References the API allow administrator to interact with google apps on a more granular level. then can be used for a whole range of functions, from seeing usage statistics, to generation customer reports, to programmatically managing and provisioning user account as defined by the Admin. Provisioning API the provisioning API allows you to programmatically manage user account and synchronize your Google Apps user base with your own user management system. to enable this feature, the provisioning API box in the User Account settings must be checked Reporting API The reporting API allows you to view Google apps information (i.e usage data, user information and stats), so you can generate reports using your own reporting system. Email Migration API The email migration API allows you to migrate email from legacy systems into Google apps email accounts.
Google Apps desktop feature Advanced Service Access Features Windows users can install desktop access point preconfigured to work with their account on the domain. These apps launch in a streamlined chrome browser window. Users can also use this to set Gmail as their default email program
60
For example, a school might want to allow its students to exchange mail with the faculty and other students, but not with people outside of the school. Configuration instructions can be found here
Authenticate Email (DKIM) http://support.google.com/a/bin/answer.py?hl=en&answer=174124 Set up email authentication (DKIM) Google Apps digital signature conforms to the DomainKeys Identification Mail (DKIM) Standard. To add a digital signature to outgoing mail, you generate a domain key that Google Apps uses to create encrypted mail header that are unique to your domain. you add the public key to the domain name system (DNS) record for your domain. Recipients can verify the source of a mail message by retrieving your public key and using it to decrypt the header.
61
Configure security and authentication click here and here for DKIM
Document Management Document Ownership Transfer Admins can transfer the ownership of all document owned by a user to another user. The original owner will maintain edit right to the document
62
this feature is useful when deleting a user as it ensures that documents created by the user are not lost. Once the transfer is initiated, both users will receive an email when the process is completed. The transfer process can take several minutes or hours depending on how many documents are being transferred.
Advanced migration options http://support.google.com/a/bin/topic.py?hl=en&topic=14870&parent=2412036&ctx=topic Admin-managed Email upload Admins can migrate mail from their legacy server to Google Apps for their users using the following: Google Apps Migration for Microsoft Exchange tool (GAMME) - Migrates mail from Exchange to Google apps - Migrates mail from other IMAP servers to Google Apps Google Apps Migration for Lotus Notes Tool (GAMLN) - Migrates mail from IBM Lotus Notes server to Google Apps User Email Uploads This allows users to manage their mailbox migrations and upload mail from desktop programs such as Outlook to Apps. If the Admin wishes to manage the entire domain migration, they should disable this feature The email migration API allows your users to migrate mail from their old accounts into google apps email. If you prefer to manage the email migration for your domain , this feature can be disabled on the advanced tab.
63
The google email uploader for mac is a desktop utility for Mac OS X that uploads email archives from apple mail, eudora, thunderbird and exported entourage mail (along with other mbox and maildir archives) to your Google apps mailbox. More information can be found at http://code.google.com/p/google-email-uploader-mac/
64
Google Discussion Forum learning objectives Groups products overview features of GDF Enhancements Troubleshooting
Groups overview Google discussion Forums Features and enhancements in GDF An entirely new look to match the google wide redesign collaborative mailbox functionality advanced search functionality like gmail offering to/from subject etc tagging posts (information is here). take and assign topics saved search functionality Quick scrolling through message in a group New overview in addition to the traditional discussion view Tree and flat view of topics Collapse and expand discussion create filters to narrow messages Create folders and favorites for categorizing discussions maintain user search history within groups rich multi domain support native web-based mobile version
Admin can allow users to access consumer groups where GDF is already launched
65
calendar basics calendar resources migrations and clients google apps Sync for Microsoft Outlook Mobile calendar sync Calendar Offline
overview
Development (2005) Trusted test launch (December 2005) Public launch (April 2006) I18n Launch (september 2006) (I18n = Internationalization) google internal launch (dogfood = using your own products (eating your own dog food)) (October 2008) More languages and features (outlook sync Secondary Notifications, Mobile Access, etc) (2007)
Creating a new calendar Create a new calendar by using the add arrow to create secondary calendars
66
Import a calendar 1. Click add down-arrow button at the bottom of the calendar list on the left side of the page, and select Import calendar 2. click browse and choose the file that contains your events, then click open 3. Select the google calendar where youd like to import event, then click import
Calendar Resources
Google apps for business and education editions can create shared calendar resources that can be booked by users within the domain. These can be used for conference rooms, projectors, computers, delivery vans A resource is simply another form of calendar To make the resource available for all users to book, admins must log into their calendar to share it by allowing all users to See all event details To share a resource with specific users, they must be specifically added and able to See all events details, Make changes, or Make changes and manage sharing
Migration: Import/Export/feed Overview To migrate Calendars from other applications such as Yahoo!, Microsoft, Apple iCal or another Google Account we recommend exporting and importing calendar Import Google Calendar will accept iCal and CSV format options We dont investigate or troubleshoot import problems for self-created files. do troubleshoot files from programas we should reasonably be expected to support most import errors involve wrong formatting of the file How to format iCal files: http://support.google.com/calendar/bin/answer.py?hl=en&answer=45664 sometimes importing a large file will cause user to hot quota limits Export Will export in iCal format only must use private access for private calendars and public address for public calendars for export issues, ask user to reset Private URLs and try again for instruction on how to export from specific applications: ID: 83126 Please note that domain administrators can control exporting options available to users at their domains. If unable to export, check the Google apps control panel
67
Viewing Google calendar from other applications: Use private address in XML or iCal format to view read-only version of GC from apps (like feed reader or Apple iCal program) Subscribe to feed in google calendar: can view other calendars on google calendar by adding the iCal address. In calendar list, click Add then enter calendar address Feeds auto-update every few hours. No way to manually refresh the fee: Only investigate feed that havent updated in 24 hours
CalDAV http://support.google.com/calendar/bin/answer.py?hl=en&answer=99357 CalDAV is an open protocol that allows you to publish and subscribe to calendars, sharing them collaboratively, and syncing them between multiple users and devices. CalDAV allows you to edit and view your google calendar events directly in other applications CalDAV sync for google calendar is only supported Apple iCal or mozilla sunbird(other calendars applications may support CalDAV , but they will not work with google calendar) Changes made in these applications will appear in your google calendar and vice versa, Changes made in your application when offline will resync when you are next online. CalDav provides basic 2 way even synchronization, but some other features offered in bot google calendar and the calendar application may not work
Google calendar Sync for Microsoft Outlook http://support.google.com/calendar/bin/answer.py?hl=en&answer=98565 Released 3/5/08: sync Google Calendar with MS Outlook\ only Outlook 2003 and 2007 supported with Win XP, vista or 7 To install users go to getting Started article in HC at here
68
The Functionality of shared calendars was improved in v1.6 of the outlook sync tool. The current implementation work as follows: The primary calendar for a user is synchronized with google apps sync (two-way sync). Additionally, all calendars you create in Outlook will synchronize with the cloud and be available from Google calendar Similarly, calendars you create in Google Apps or that someone else grants you permission to make change to, will appear in outlook (as long as the calendar isnt hidden in your Google calendar list). This is outlined on this page under Synchronizing multiple calendars requires version 1.6.x or later http://support.google.com/a/bin/answer.py?hl=en&answer=156468
Resourcing Scheduling There are two ways to schedule a resource in outlook with Google Apps Sync: 1. Get shared on a resource calendar directly so it shows up as a shared calendar and then schedule on that calendar 2. You can copy in the resource email address to the scheduler Google calendar connectors Some customer use Google Apps Sync for MS Outlook for only a subset of the users within their domain If they are using Exchange for the other group, they can query Free/Busy information for users on Exchange Calendar by using Google Calendar Connectors
69
This tool is open sourced, available from Google Code and must be installed, maintained and configured by the Microsoft exchange administrator We do not provide support for Google calendar Connector Issues, directing any questions to the google code site
Mobile Calendar Sync Google Sync for mobile is available for most mobile phone. This is how it works with the following devices
70
Apple, Android, Windows Mobile and Nokia S60 device s: Google Active Sync of Gmail, Contact and Google Calendar to the built-in Mail, Calendar and address book applications on your phone Blackberry devices: Wireless synchronization of Google calendar and contacts to the built-in address book and calendar application Most other mobile phones: wireless synchronization of google contact to the built-in address book application. Note: Google Sync is beta software. make sure to read about the known limitation of Google Sync on your device More information : www.google.com/support/mobile/bin/topic.py?topic=14252 Known limitations: www.google.com/support/mobile/bin/answer.py? hl=en&answer=139635
Google Active Sync Google Sync lets users synchronize their mail, contacts and calendars to their mobile devices Users have access (viewing and editing) to their calendar events at any time They can also get alerts (sound or vibration) for upcoming meetings and incoming messages
Calendar Offline How it Works HTML 5 Chrome Extension > Works in Chrome only installed on a per user basis App will seamlessly flip to offline when connection is lost (Calendar Only) Data Stage Data is stored locally within the browser extension > Extension needs to be install on every machine per user we sync 60 days of data, 15 past days and 45 future days > data syncs only when GCal is opened in Chrome tab By default, only primary calendar is synced, but more can be added in the extension settings for now, events can be viewed and accepted. Events can;t be created or modified in this beta, but this is planned for later
71
Multiple Sign-in you can use multiple sign-in, but chrome can only sync one account for offline usage GA+
in order to allow users to install the Web app, the chrome web store needs to be enabled under service settings Only GA+ domains have the option to enable Other Google services
Expected support Questions It doesn't work on our domain! Are you using Chrome Is the WebStore available for your domain? if not, talk to your admin I dont want my users to use Calendar offline No cPanel option (yet) to disable or domain Google support can disabled [vendors, please push back 1st, escalate if customer insists] Will file an FR as we see request It works on our domain, but not for a specific user is he using a supported browser? Are other users using the same machine, or is he using multiple sign-in? it will only work for one account per machine Try uninstalling and reinstalling the app
How can I Sync more calendars on one account? You can sync more calendars via the following steps Click the gear icon and choose Offline from the drop-down Click the Offline setting link click the checkbox under available offline next to each calendar that youd like to be able to view while offline
Calendar offline troubleshooting Confirm reinstalling the app didnt resolved the issue Local configuration (Browser, OS, syncing clients) User details (user affected, anything specific about the user [i.e. recently renamed] Try to reproduce or get an affected user Check TELUS KB Check salesforce for similar cases Check know issues
72
Google Docs Spreadsheets, presentations, documents, Drawings and Forms Google Spreadsheets Heres what you can do with google Spreadsheets Import and convert .xls, .csv, .txt and .ods formatted data Export .xls, .csv, .txt, and .ods formatted data and PDF and HTML files Use formatting and formula editing so you can calculate results and make your data look the way youd like Chat in real time with other who are editing your spreadsheet Create charts and gadgets Embed a spreadsheet, or individual sheets of your spreadsheets, in your blog or website Use fusion tables, Pivot tables, Scripts
Google Presentations Google presentations is an online presentations editor that allows you to show off your work in a visual way. heres what you can do with google presentations Share and edit presentation with your friends and coworkers Import and convert existing presentations in .pptx and .pps file types Download your presentations as a PDF, a PPT or a .txt file Insert images and videos and format your slides Allow real-time viewing of presentations, online, from separate remote locations. publish and embed your presentations in a website, allowing access to a wide audience add animations to your slides
Google Documents Heres what you can do with Google documents Convert most file types of Google docs format format your documents with options such as paint format, margins, spacing and fonts invite other people to collaborate on a doc with you, giving them edit, comment or view access. collaborate online in real time and chat with other collaborators
73
View your documents revision history and rollback to any version Download google docs to your desktop as word, OpenOffice, RTF, PDF, HTML or zip files Translate a document to a different lenguage Email your documents to other people as attachments
Google Drawings heres what you can do with Google drawings Share and edit drawings with your friends and coworkers Download your presentation as a PNG, JPEG, SVG or PDF files insert images, shapes and lines and format them to fit your preferences Real-Time Collaboration with other people, no matter where they are Insert a drawing into a document, Spreadsheet, or presentation
Google Forms A Google form is automatically connected to a spreadsheet with the same title. When you send or share a form, recipients responses will automatically be collected in that spreadsheet
Domain Provisioning options can be found in the CPanel > Setting > Drive and Docs
74
Docs templat
Drive UI Drive is the starting point from which Google Docs are created and organized Docs can now be uploaded directly to folders and immediately inherit their sharing and permissions settings
Sharing and permissions A single Doc can be shared in a variety of ways. sharing and visibility options can be accessed by selecting the share button
Import, Export and convert Google Drive Makes it easy to import files to the cloud There are size limits when converting files to Google Docs
75
Documents: 1,024,000 characters, regardless of the number of pages or font size. Uploaded document files that are converted to Google documents format cant be larger than 2MB. Spreadsheets: 400,000 cells, with a maximum of 256 columns per sheet. Uploaded spreadsheet files that are converted to Google spreadsheets format cant be larger than 20MB, and need to be under 400,000 cells and 256 columns per sheet. Presentations: Presentations can be up to 10MB - Which is about 200 slides Drawings: no published limit available other files: Files that you upload but dont convert can be up to 10GB. Other files: Files that you upload but don't conver can up to 10 GB (YES thats 10 GB) kb article 39567 File types supported by Google Docs Documents HTML RTF Word Open Office PDF TXT Spreadsheets CSV HTML ODS PD XLS TXT Presentations PDF PPTX TXT Drawings PNG JPEG SVG PDF Sync tools Google cloud connect for microsoft office Driver desktop sync for apple and windows Driver desktop sync for linux coming soon Drive Mobile sync for android and iOS Google Docs offline Common issues
76
Basic troubleshooting information to gather Name and URL of Doc Owner and users on the sharing list Screenshot of any error messages Do all users with access experience the issue Browser, network, hardware information Found in canned response: GD DOCS (*note- always tailor requested information to the issue description from the user, not all items will apply or will be useful)
Basic Troubleshooting steps to suggest Try accessing Google Docs from another browser make sure that cookies are enabled in their browser clear their cache and cookies, then try accessing their account again Try a different browser, computer and network Try logging in at docs.google.com/a/yourdomain.com Check the known issues page www.google.com/support/a/bin/static.py? page=known_issues.cs Check the app status dashboard: www.google.com/appsstatus#hl=en
Connection issues Temporary error message (502) or other server error messages (Oops) Cause Documents are temporarily unavailable, potential server errors, network issues, customer environment issues Troubleshooting These errors generally resolve themselves within a few minutes. Ask the customer if they are intermittent Check for known issues, outages Send GD Docs Latency issues Issues loading - taking a long time, not opening, error, etc Cause
77
There are many potential reasons for this - browser, computer, network, something on our end
Troubleshooting THese issues are quite difficult to troubleshoot as there are a variety of possibilities. Is it reproducible after clearing cache, cookies, different browser, computer and network? Use a test user or a screencast to see this issue.
Missing Docs Docs are missing or a permissions error displays when users try to access the Doc Cause: The owner of this document may be deleted Troubleshooting When an account is deleted, all documents owned by that account will no longer be accessible by collaborators and viewers after 5 days Suggest changing ownership before user deletion in the future
Cannot share doc with external users Users cannot share docs with users outside their domain. They see an error like, Were sorry, this document cannot be share with (email address) Cause Domain administrator have restricted users from sharing documents sent from outside of their domain Troubleshooting In order to share with this domain, the administrator will need to change the sharing setting from within the domains Control Panel
Sharing between Gmail Docs and Google Apps Docs Cannot transfer ownership from my consumer account Docs to my new Google Apps account user name? Cause: This is expected behavior Troubleshooting
78
This is because we treat gmail.com like a domain which cannot share documnets outside of the domain, making this ownership change impossible Workaround: help the customer export then re-import these docs
Uploading/downloading failure Getting a failure notice when uploading or downloading a doc/collection Cause Various Troubleshooting: Very file size File type compatibility/eligibility Hit Quota? Was the file being converted to GDocs format? Use test domain and attempt to reproduce the behavior with the original file Embedded Content (images, macros, formulas) causing failure Mobile Overview Learning objectives mobile strategy Solution overview iOS platform Windows Platform Blackberry Platform Symbian Platform Mobile browser access Other mobile Apps for Enterprise Mobile Troubleshooting Resources The main idea is to keep information into this devices and to keep it safe Mobile Strategy Supporting mobile is becoming increasingly important 80% of enterprises use smartphones (Android, blackberry, iPhone, etc) Mobile devices penetration increasing rapidly due to growth of individual liable devices Google apps mobility solution Google apps provides the most comprehensive and cost-effective means to manage mobile Multiple apps provides the most comprehensive and cost effective to manage mobile fleet
79
Multiple offering Google Apps connector for BES (BlackBerry Enterprise Service) Google Sync Activesync in the cloud Google Apps device Policy for Android Google Drive Sync Google Apps Lookup Google Authenticator Comprehensive cloud-based mobile management platform coming in 2011
Solution Overview Enterprise users can connect their mobile devices to their Apps Account in a variety of ways Mobile Browers POP/IMAP Mobile Sync Mobile Devices can also choose different networks to connect: WIFI B/G/N 3G CDMA 3G HSPA 4G LTE The current market leader in mobile platform for Enterprise are: Google (android) Apple (iOS) Microsoft (Windows Phone 7) Accenture (Symbian OS) Research in Motion (BlackBerry OS)
The 6 main ways to access a Google apps user account on a mobile device: Mobile browser - available on all current phones and smartphones ActiveSync - Mobile Exchange Technologi GBES - Sync with a BlackBerry Enterprise Server POP or IMAP - Standard use of your phone's native client Android Sync - Access to google apps through android platform Downloadable application- Dedicated applications to certain phones
admins with a fleet of Mobile Devices can manage them on these platforms Android - google Apps Mobile Management
80
iOS - Google Apps Mobile Management Windows Mobile/iPhone 7 - Google apps mobile management Blackberry - GBES connector for blackberry enterprise server
Google sync and Android Sync Google Sync Google Sync uses Microsoft Exchange ActiveSync to let your users synchronize their Google apps Mail, contact and calendars to their mobile devices. It also allows Admins to enforce Security Policies (on devices which support this feature) Google Sync works with: iOS Symbian* Windows Phone 7 Windows Mobile * Will not work with all the devices it can be enabled from the CPanel:
Android Sync? Android Sync uses Microsoft Exchange ActiveSync to natively synchronize Google Apps mail, contact and calendars to Android devices. Android sync allows admins to enforce security policies using the device policy app found in google play. Works on android devices using ver 2.2 or later. Common features of the mobile devices devices: Phone and Tablets Connections Android Sync ActiveSync IMAP/POP Browser network 3G HSPA and WIFI Mail Access
81
Android Sync IMAP/POP Browser Calendar Access: Android Sync Browser Contact Access Android Sync Browser Fleet Management Android Sync +Device Police App Availability Worldwide, US Englis Support Fully Supported
Fully cloud based business class mobile solution no on-premise server required. No CapEx, No IT involvement native Google device with Gmail and Google Apps UI More than just push email Access docs, spreadsheet, presentations, wikis, intranet and internet sites Business grade security, device management and apps Encryption, remote wipe and lock, passwords polices acceptable to IT and on an approved list of devices
Apple iOS Platform devices: iPod, iPhone, iPad Connections ActiveSync IMAP/POP Browser network 3G HSPA WIFI Mail Access ActiveSync IMAP/POP Browser Calendar Access:
82
ActiveSync Browser Contact Access ActiveSync Browser Fleet Management ActiveSync Availability Worldwide, US English Support Fully Supported
ActiveSync configuration: iPod, iPhone, iPad steps Add account Exchange follow the steps on the screen steps to configure here. Google Mobile Apps (iPhone only) Direct links to various google services through the app Available at m.google.com Confidential: Push mail on GMA for iPhone is in development final UI and functionality not yet confirmed Another Alternative solution to google sync/IMAP/Browser (pudu) access-
83
Many devices-specific idiosyncrasies: Nokia devices cannot sync if a label or folder has more than 49 characters, Mail Sync for Nokia/WinMo must be active in order for calendar to sync, etc. iPhone get locked out more frequently if too many accounts on devices DAta is pushed from the server to the device within 6 0seconds, as opposed to being Fetched by the device from the server (IMAP)
Mobile Browser Access Devices: all Services: Mail (separate web interface for calendar and contacts) Push?: No Device Management?: No The version of mobile browser UI aka Pudu used depends on the service's native web browser functionality Pudu Basic: requires HTML Pudu Fancy: requires CSS Pudu Rich: requires CSS + javascript* Support Pudu: requires CSS + javascript + HTML5 (most actively being developed) Super Pudu iPad: Super Pudu + dual pane Consumer Gmail URL: http://m.gmail.com Google apps user URL: www.mail.google.com/a/your_domain/m -- 4m users of which <1% are apps users Features multi login for Supor Pudu If javascript is disabled on phone, it will show Fancy No push notifications, must log in The 3 minimum requirements are: XHTML compliant browser (WML browsers will not work) Mobile network must support cookies (most do) The proxy/gateway of each mobile network is different and may affect the ability to use Gmail for mobile : for example, the same model phone may work with T-Mobile, but not work with Vodafone
Blackberry platform Google sync app for blackberry Services: Calendar, contacts
84
Limitations Historica Calendar event deletion = device settings and/or space restriction Recurring & multi-day events rendered as single = RAM API issue Cannot connect = often network-specific; reset sync The Blackberry Google Sync App is the only Supported way to sync calendars and contacts without using GBES. Deprecated on June 1st, 2012
Google Apps Connector for blackberry enterprise server aka GBES is a software component that is installed on a BlackBerry Enterprise Server (BES) for Microsoft
Exchange.
GBES EMail features Push email Offline access Read/delete sync folder/label sync
85
Calendar features 2-way wireless sync, google Calendar > BlackBerry View location details, attendee list, acceptance status Support for recurring meetings Meeting notifications on device Contacts features Access names, email addresses, and phone numbers via Global Address List (GAL) 2-way wireless sync Full support for all fields Note: There are several feature limitations listed in the GBES Admin guide found here GBES Connector data flow 1. mail arrives from google in MIME format 2. GBES connector converts it and stores is in a local PST file associated to a user in the BES Server 3. BlackBerry Enterprise Server Aka BES retrieves the message, encrypts it and send it to recipient's device. 4. Message passes through the RIM infrastructure and then via the wireless carriers to the user's handset and it decrypted and available to be read System Requirements
86
Install BlackBerry Enterprise Server Application Create Administration Account Install System Components Install BlackBerry Enterprise Server Here you can perform a test connection between your server and the internet Also, the SRP key information is here (problems can arise if the SRP is expired, more on this later) Install Outlook 2007 Install the Connector (free download from the HC) http://support.google.com/a/bin/answer.py?hl=en&answer=154346
87
Installation order Installation involves the following steps. Because these components interact with one another, be sure to go through installation steps in exactly this order. Important: Always install Google Apps Connector before the BlackBerry Enterprise Server software. The Google Apps Connector installer creates a required BlackBerry Server mail profile, and specific registry keys. If these are not present when BlackBerry Enterprise Server is installed, your installation will not be successful. The following steps are explained in detail in subsequent sections. For more information, see the sections below: 1. Choose Installation Plan 2. Download All Components 3. Configure Google Apps Domain 4. 24 Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide 5. Install Google Apps Connector 6. Install BlackBerry Enterprise Server 7. Enable Optional Features 8. Add Users
Resources
Billing Overview
Learning objectives By the end of this training you should be able to Identify all Google Apps Billing systems Identify transaction types Know which payment methods pertain to each different billing system. Explain Google Apps billing policies Identify the tools relevant to each billing system Index the location of resources on billing cases
88
The Nile System Nile is the legacy billing system, the oldest one in use today. client pay $50/user per year upfront client can buy up to 500 seats on this system Transactions can be searched via the nile tool Glass Purchase are made exclusively through Google Checkout/Wallet Google Checkout/Wallet is similar to PayPal, a competing payment platform. Funding of a Google Wallet account can be Credit Card or Debit Card. Many Resellers are still in the nile system. Migrations to Billing 3 are have begun.
The Billing 3 system Billing 3 is the billing system, clients are actively being migrated to it from all other system whenever possible Clients are postpaid monthly on a flex or commitment period per user. Cost on Flex Plan is $5/user per Month on a commit plan is $4.17/user per Mo.
The Rhythm system (This cases will have to be transfer to google) This is a discontinued billing platform Client currently still on this system will be migrated to Billing 3. All cases involving the Rhythm system are to be handed off.
The Vanilla System (Offline clients) (Transfer to Google). Clients wishing to pay via Cheque are in this system Offline clients must sign a contract with Goole sale team for a minimum of 100 seats Client who are Offline will not be able to provision more users than their current seat count. The need to contact their Google Sales rep in order to add more seats Support Tool will show such domains as Offline
89
*note* the user cannot add new users online, they have to pay first then created the new users.
Domain Registrations: SLED (Deprecated) Clients optionally buy a domain when setting up Google Apps Clients can chose either Godaddy or Enom as the registrar Purchases via Google Checkout/wallet at signup Cost is $10 non-refundable and paid annually. Clients who buy their domain through Google can select the Free or Business edition of Apps. These types of domains are referred to as SLED domains This method is no longer available to new signups
Domain Registration: Troika Clients optionally buy a domain when setting up Google Apps Clients can chose either Godaddy or Enom as the registrar Purchase via Credit Card or Bank Account info at sign up Cost is $10 non-refundable and paid annually Clients who buy their domain through Google can select the Free or Business edition of Apps These types of domains are referred to as Troika domains
Licence Purchases: Nile (Deprecated) After a client signs up, they can upgrade their account to the business edition
90
clients pay upfront $50/user a year Nile is no longer being used for direct signups Nile clients are being actively migrated to the new billing 3 system Payment is made via Google checkout/wallet Many resellers are still on this system, transition to Billing 3 TBA
License Purchase: Billing 3 At after clients signup they can upgrade their account to the business edition The Commit plan is a contractual plan for a period of 1 year The Flex plan requires no contractual agreement. Both plans are post-paid and charged monthly Payment is configured directly via CPanel with a creditcard or bank account information when client is in the Billing 3 systems
*Visa/Mastercard debit card are also accepted as a substitute for credit card in certain counties.
Renewals: Niles This applies to Licenses and/or Domain purchase Domain renewals are pre-authorized 15 days prior to expiration date Clients can set auto-renew for both domain names and/or user licenses Domain name renewals are charged in full ($10 per domain) Licenses are pre-authorized before renewals.
Renewals: Billing 3 This applies to Licenses and/or Domain purchase Domain renewals are pre-authorized 15 days prior to expiration date Clients who are in Nile or Rhythm have the option to migrate to it 30 days before renewal Domain name renewals are charged in full ($10 per domain) Licenses are charges monthly based on the amount of total number of licenses (seats)
91
30 days free trial (max 10 users) Paid subscription period Flexible plan (gets charge post usage and can get as many months the customer wants) Paid subscription period Commitment Plan (annually)
Payment methods Nile Paid via Google Checkout/Wallet Billing 3 Paid via credit card or bank account via CPanel Vanilla Offline Clients orders are paid via Cheque Rhythm N/A handoff all cases Billing policies and procedures Policy issues https://sites.google.com/a/google..... Renewal Options http://support.google.com/a/bin/answer.py?hl=en Procedures & Troubleshooting https://sites.google.com/a UNDERSTAND BILLING http://support.google.com/a/?hl=en http://support.google.com/a/bin/topic.py?hl=en&topic=1224197&parent=1209326&ctx=topic
92
Country Africa South Africa Other Asia and Middle East Hong Kong Israel Japan Turkey Other Australia and Oceania Australia New Zealand Other Europe Austria
Currency
Form(s) of payment
Credit card Credit card Credit card Credit card Credit card
Euros
Bank account (direct debit) Credit card Credit card Credit card
Euros Euros
93
Credit card Credit card Bank account (direct debit) Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card
Germany
Euros
Netherlands
Euros
94
United Kingdom
U.S. Dollars
Credit card Bank account (direct debit) Credit card Credit card
Other
U.S. Dollars
Reduce my contract Use this option if you want to renew your annual number of licenses to be the same as your existing users. For example, for your account that currently has 50 licenses of which 45 are registered to existing users, the renewed number of licenses is 45. Do not auto-renew A non-automatic renewal will switch your account from the Annual Plan to the Flexible Plan at the end of the subscription period. See below for additional details on this option. Cancel my service at the end of my term Service for your account will be suspended when the subscription period ends. IN THIS CASE THE CUSTOMER CAN CANCEL THE ACCOUNT OR TO DOWNGRADE TO THE FREE VERSION.
95
If you select Do not auto-renew my contract, this is the timeline of what happens. 30 days before renewal date you are sent an email reminder. This message is sent again 3 days before your renewal date. On the renewal date, if you don't renew, your account is switched from the Annual Plan to the Flexible Plan.
Billing Overview
Learning objectives By the end of this training you should be able to Identify all Google Apps Billing systems Identify transaction types Know which payment methods pertain to each different billing system. Explain Google Apps billing policies Identify the tools relevant to each billing system Index the location of resources on billing cases
Google Apps uses various billing systems Nile Billing 3.0 (commerce) Rhythm Vanilla
The Nile System Nile is the legacy billing system, the oldest one in use today. client pay $50/user per year upfront client can buy up to 500 seats on this system Transactions can be searched via the nile tool Glass Purchase are made exclusively through Google Checkout/Wallet Google Checkout/Wallet is similar to PayPal, a competing payment platform. Funding of a Google Wallet account can be Credit Card or Debit Card. Many Resellers are still in the nile system. Migrations to Billing 3 are have begun.
96
Billing 3 is the billing system, clients are actively being migrated to it from all other system whenever possible Clients are postpaid monthly on a flex or commitment period per user. Cost on Flex Plan is $5/user per Month on a commit plan is $4.17/user per Mo.
The Rhythm system (This cases will have to be transfer to google) This is a discontinued billing platform Client currently still on this system will be migrated to Billing 3. All cases involving the Rhythm system are to be handed off.
The Vanilla System (Offline clients) (Transfer to Google). Clients wishing to pay via Cheque are in this system Offline clients must sign a contract with Goole sale team for a minimum of 100 seats Client who are Offline will not be able to provision more users than their current seat count. The need to contact their Google Sales rep in order to add more seats Support Tool will show such domains as Offline Beware that resold domains also show as Offline in error.
*note* the user cannot add new users online, they have to pay first then created the new users.
97
Clients optionally buy a domain when setting up Google Apps Clients can chose either Godaddy or Enom as the registrar Purchases via Google Checkout/wallet at signup Cost is $10 non-refundable and paid annually. Clients who buy their domain through Google can select the Free or Business edition of Apps. These types of domains are referred to as SLED domains This method is no longer available to new signups
Domain Registration: Troika Clients optionally buy a domain when setting up Google Apps Clients can chose either Godaddy or Enom as the registrar Purchase via Credit Card or Bank Account info at sign up Cost is $10 non-refundable and paid annually Clients who buy their domain through Google can select the Free or Business edition of Apps These types of domains are referred to as Troika domains
Licence Purchases: Nile (Deprecated) After a client signs up, they can upgrade their account to the business edition clients pay upfront $50/user a year Nile is no longer being used for direct signups Nile clients are being actively migrated to the new billing 3 system Payment is made via Google checkout/wallet Many resellers are still on this system, transition to Billing 3 TBA
License Purchase: Billing 3 At after clients signup they can upgrade their account to the business edition The Commit plan is a contractual plan for a period of 1 year The Flex plan requires no contractual agreement. Both plans are post-paid and charged monthly Payment is configured directly via CPanel with a creditcard or bank account information when client is in the Billing 3 systems
*Visa/Mastercard debit card are also accepted as a substitute for credit card in certain counties.
98
Renewals: Niles This applies to Licenses and/or Domain purchase Domain renewals are pre-authorized 15 days prior to expiration date Clients can set auto-renew for both domain names and/or user licenses Domain name renewals are charged in full ($10 per domain) Licenses are pre-authorized before renewals.
Renewals: Billing 3 This applies to Licenses and/or Domain purchase Domain renewals are pre-authorized 15 days prior to expiration date Clients who are in Nile or Rhythm have the option to migrate to it 30 days before renewal Domain name renewals are charged in full ($10 per domain) Licenses are charges monthly based on the amount of total number of licenses (seats)
Renewals: Billing 3 commit Life Cycle 30 days free trial (max 10 users) Paid subscription period Flexible plan (gets charge post usage and can get as many months the customer wants) Paid subscription period Commitment Plan (annually)
Payment methods Nile Paid via Google Checkout/Wallet Billing 3 Paid via credit card or bank account via CPanel Vanilla Offline Clients orders are paid via Cheque Rhythm N/A handoff all cases Billing policies and procedures Policy issues
99
https://sites.google.com/a/google.....
Renewal Options http://support.google.com/a/bin/answer.py?hl=en Procedures & Troubleshooting https://sites.google.com/a UNDERSTAND BILLING http://support.google.com/a/?hl=en http://support.google.com/a/bin/topic.py?hl=en&topic=1224197&parent=1209326&ctx=topic
100
Turkey Other Australia and Oceania Australia New Zealand Other Europe Austria
Euros
Bank account (direct debit) Credit card Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card
Germany
Euros
101
Italy
Euros
Bank account (direct debit) Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Credit card
Netherlands
Euros
U.S. Dollars
Credit card Bank account (direct debit) Credit card Credit card
Other
U.S. Dollars
102
For customers on the Annual Plan, the default renewal option for your account is to automatically renew the number of licenses when subscription expires. If you want to change this setting, follow the instructions below. 1. Sign in to your Google Apps control panel https://www.google.com/a/your_domain.com (Replace 'your_domain.com' with your actual domain name) 2. Select Domain Settings > Subscriptions & Billing 3. Click on the [+] to expand your Billing Details 4. Click the blue change link next to your current renewal option. 5. Select your new option and click Save. Note: Before the renewal date, you can change renewal options with no impact to your account. If you're in a 30 day trial and want to convert, see Upgrade to Google Apps for Business. The renewal options are: Auto-renew my contract This is the default setting. On the renewal date, you begin a new 12 month subscription for this account's number of user licenses. Notifications are sent automatically to you 30 days and 3 days before the renewal date.
Reduce my contract Use this option if you want to renew your annual number of licenses to be the same as your existing users. For example, for your account that currently has 50 licenses of which 45 are registered to existing users, the renewed number of licenses is 45.
Do not auto-renew A non-automatic renewal will switch your account from the Annual Plan to the Flexible Plan at the end of the subscription period. See below for additional details on this option. Cancel my service at the end of my term Service for your account will be suspended when the subscription period ends. IN THIS CASE THE CUSTOMER CAN CANCEL THE ACCOUNT OR TO DOWNGRADE TO THE FREE VERSION. If you select Do not auto-renew my contract, this is the timeline of what happens. 30 days before renewal date you are sent an email reminder. This message is sent again 3 days before your renewal date. On the renewal date, if you don't renew, your account is switched from the Annual Plan to the Flexible Plan. You have four options: Do nothing Your account is switched to the Flexible Plan with no annual commitment. Renew the annual commitment Your subscription is renewed through your Google Apps control panel. Downgrade to Google Apps (free edition) You can only do this if your account has less than 10 users. If the your account has more than 10 users, the additional users must be removed from the account before the downgrade is completed. For instructions and details of service changes, please see Downgrade to Google Apps. Delete the account All users must be deleted from the account before the deletion is completed. The account deletion is finalized within 7 days after this option is enabled. For instructions and details, please see Cancel your Google Apps account.
103
User is an active license and license is just the amount of seats available to be use it doesnt matter if is used or available Domain Name Registration Agenda 1. 2. 3. 4. 5. Introduction to domain name registration (SLED) tour of the Domain in name registration process SLED tools Common SLED issues Domain registrations partner contact details
Introduction to domain name registration (SLED) What is a domain name registration? It is a prerequisite of Google Apps that customers have a Primary Domain Name to associate with their account Google facilitates the purchasing of a domain name from one of our registration partners for an annual subscription period, during the signup to the free edition of google apps www.google.com/a/cpanel/domain/new We have 2 domain registration partners: GoDaddy and eNom We charge $10 for each Domain Name Registration Purchase per year Only the following 5 Top-Level Domains are offered: .com, .net, .org, .info, .biz More localized domain names are not available to the customer through this process e.g. .com.au, .co.uk, .ca Supporting Domain Name Orders Free Edition and Education Edition Customers can purchase domain name through us when signing up for their Google Apps account Generally, this is the only time these customers will have a financial transaction with us for their Google Apps domains We will support them for domain name issues they may be experiencing if they ordered it through Google Issues may involve the renewal of the domain name or an issue with the order. This does not entitle Free Edition customers to unlimited support. Support is restricted to issues directly related to their Primary domain name.
104
Purchasing SLED Domains Customers have to create a Free Edition domain if they register a domain name through us, before they can upgrade to Google Apps for Business Edition They cannot upgrade to Business Edition at the same time as they are placing a registration order Education edition customers will also have to purchase it in conjunction with their signup to the free edition of google apps before upgrading to education edition A Tax Charge of $2.15 may be included depending on where the customer is based. Customers have to ensure that they complete the domain name purchase and press all confirmation buttons. Otherwise it could end up in a partially-created states and prevent service activation. Domain name verification and MX record configuration are automated. Services are instantly activated for the domain
Public tools Top Level Domain .com, .net, .org, .info, .biz are the only tlds we offer Whois Lookup Whois lookups provide information about the current registrar help to make decision whether or not a Domain is a SLED domain Check MX records another indication are MX record lookups if MX records are pointing to Google it is an indication that MX records were set automatically during registration Common SLED isues
105
1. Administrator wants to change domain host This is possible. They will need to contact the new domain host for instructions. We will not assist with the transfer in any way. Send the following Canned response: If youd like to host your new domain with another company, you can contact the new host for instructions to transfer your domain.
1. Administrator is trying to register their domain but message says domain is unavailable Admin already has a Google Apps account Check if the account is already an alias of a different account. IF so, the alias will have to be removed by Google Support and then have the admin try again Could be ibn system from before if there was a problem with the credit card Maybe somebody else already owns it! Domain name does not meet our requirements
1. Administrator is trying to add advanced web hosting to their hosting package If the account is with GoDaddy, they will need to contact GoDaddy If the Account is with eNom, they will need to be provided with eNoms contact information.
1. My Credit Card was declined, but im sure its right Call the credit card company, tell them the charge is valid
1. I want to renew my domain, but im passed the renewal date If < 19 days: Good news, grace period! Make sure your credit card will authorize and is correct GO to this link www.google.com/a/cpanel/domain/renew-domain/ [domain.com] If > 19 days. Sorry, redemption period
106
Customer will have to contact Godaddy or eNom and pay redemption fee (usually much greater than $10) to get the domain back.
Nile System (annual Prepaid) Agenda 1. Nile Architecture 2. Information available in Nile 3. Works flows and system events 4. Examples 5. Common Apps Billing Issues Nile Architecture
107
Billing related task should always be performed in Nile ICS to keep the system in sync (add users, remove users, refund, cancel orders) Adding a user in Rudolf without placing an order results in an out of sync system, preventing the user to purchase additional users Refunding a customer in Checkout wont notify Nile, the subscription will remain active and Nile will charge the customer again on renewal time.
Information in Nile You may search by: 1. Selecting domain_reg in the toolbar combobox, and entering a domain name for SLED orders 2. Selecting dasher in the toolbar combobox, and enter a domain name for Business editions orders 3. Selecting cbg# in the combobox (drop down menu), and entering a cbg order# for both
108
Charge attempts and Cbg Notifications Nile received status information from checkout and dasher
ORDER_CONFIRMING waiting for the users to confirm the payment method in checkout
AUTHORIZING
CHARGING
109
PROVISIONING
GRACE_PERIOD
- 5 business
days)
CANCELING order failed , in progress of cancelling order
Refund Disclaimer: Review Policies There are a number of policies behind Google Apps Payment issues, that relate to renewal issues and providing to customer where required
No Refund Policy
110
The main Policies are the following: -We have a strict no-refunds policy -However, refunds may be issued if the customer contacts us within seven days of being charged -If it is more than seven days we absolutely do not issue refunds -When issuing a refund to the customer we need to communicate to them the fact that we are making a once-off exception in their case given their circumstances and that they contacted us shortly after they were charged -We will then educate them on billing procedures and policy accordingly in the case Note: We do not have to tell the cust about the 7 days policy is INTERNAL ONLY
Refund customer Domain: careertunity.com INITAL_ORDER_TRIAL: 9 seats - Google charge us for 9 users, but we only need 6 Nile lcs Customer placed 2 order, both were charged [A] 639824407955810 dec 11, 2009, quantity 4, CHARGED $200, DELIVERED [B] 371489589842493 Dec 12, 2009. Quantity 5. CHARGED $250, DELIVERED Refund $150 for order [A], using ChargeAttempts >> ChargeLines >> right click on order (4 accounts) Refund for DASHER, QuantityToKeep 1 Result: Refund success: pretax refunded = USD 150.0, total refunded = USD 150.0 confirm in rudolf that seat count was adjusted from 9 to 6 accounts. Missed 7-day windows User missed 7-day windows to update his credit card info for Business user account purchase User must wait for the account to be automatically downgraded to Free Edition User can then re-upgrade to Premier using new credit card information User receives another 30-day free trial (dont mention this to the user, but confirm if youre asked)
111
Update credit card information Card details need to be changed after customer has been charged, card expired/stolen Shortlink: checkout.google.com/updatecreditcard Note: if payment has been declined for Auth reasons, customer needs to re enter the card again so Nile can retry http://checkout.google.com/support/bin/answer.py?answer=29072
Trial is still 30 days long, but It's capped at 10 users If you want more than 10, youre prompted to enter your payment information and end your trial This means that no in-trial domain will have 10+ users. as a result, everyone in trial is yellow. Signup doesnt require a credit card, so there arent any authorization going on. After (sign up + credit card requirement) Sign up is 1 (albeit lengthy) page going! No credit card is required to sign up! (it just needs to be added at some point before trial ends)
After (payment options) Google checkout isn't used anymore--credit card is entered in the CPanel Credit card and direct debit (ie, bank transfer) are the 2 forms of payment well allow at launch. More will come later. Tools Billy ICS
Canceling/lowering customer commitment Cancel Completely Only if company wants to use a different domain name They have signed up for that domain and have committed to at least as many licenses as they have on the domain for which youll be cancelling the commit
113
Lowering Commit This should only be done if the user made an error and contacts us within the first 30 days after their first charge on the commit plan Reference next few slides for details on whether or not they qualify for ta refund. Note that you should not let someone out of the commit plan entirely--the within 30 days policy is simply for lowering the commit Adjustment (credits & refunds) Google Error If a user incurs erroneous charge due to error on our part, we will credit/refund Examples: Billing bugs resulting in overcharge, VAT calculations out wrong (needs to be our fault, wrong VAT number is users error) User Error only exception: commitment mistypes Must contact us within 30 days of first charge, and be off by a factor of 10 If they qualify, we will lower commitment and issue a refund/credit A refund will be issued if the overpayment is worth more than their contract value, a credit if less Lastly, note that no refunds, credits, or seat reductions will be done after the second charge (ie. 60 days in)
Examples: I want 10 licences, accidentally type 1000. Get charge $4,160 instead of $41.60 on my first bill, I freak out, call support within a month of the charge, Support lowers my commit to 10 in Billy and request a refund of $4,118.40 ($4,160 - $41.60 -- the amount of the overpayment). A refund is requested instead of a credit because $4,118.80 is greater than my remaining contract value of $458.40 ($500 for the users for the year - 1 month payment of $41.60) I want 10 Licenses, accidentally type 100. Get charged $416 instead of $41.60 on my first bill. I freak out, call support within a month of the charge. Support lowers my commit to 10 in Billy and requests a credit of $374.40 ($416 - $41.60 -- the amount of the overpayment). A credit is requested instead of a refund because $374 is less than my remaining contract value of $458.40 ($500 for ten users for the year - 1 month payment of $41.60). I want 10 licenses, accidentally type 11. I called support, they lower my commit to ten but do not issue any sort of credit/refund because I wasnt off by a factor of 10. The user has to deal with the $4.17 loss.
Changing limit
114
The 10-user trial limit this value should not be changed by support. If they want more than 10 users, they need to end their trial
The 50 after-trial flexible limit This value can be changed by support if requested by the end customer Use good judgement, however--if the email requesting the increase also includes an offer to ship you a car in return for wiring money to nigeria, or mentions that youve won the Angolan lottery, you might want to push back. Particularly if they havent had a bill paid yet. Additionally, only increase it as mush as necessary -- dont go making it 999,999.
The basis Background information Partners is the umbrella term for all external companies that add value in some way.
The different Partners from support perspective Vendors (Like Telus and VoxPro) Supporting our SMB customers Telcos (like VodaFone And Verizon) Managing their own resold customer base Resellers managing their own resold customer base
115
Background information The reseller program launched in January 2009 The reseller console launched in April 2009.Before reseller used the reseller API 2.0 to manage their customer they are four type of contracts for Reseller: A1 - longtail reseller A3 - Enterprise /Mid-Market A4 - Enterprise /Mid-Market Other terms - the big 11 still using the reseller API 2.0 Every Reseller has a Lead Owner which is the partner manager in Google for the Reseller (to find the Lead Owner, search for the domain name in SFDC and click through Lead or click Account name > Leads associate with Accounts) Customers can find name in SFDC and click through Lead or click on the Account name > resellers also through the google apps Marketplace (we dont recommend specific resellers)
116
Characteristics
Authorized to sell fewer than 250 seats 20% discount Can sell domains worldwide Customer can contact Google support also directly Not obligated to provide tier-1 support
No limit for the amount of seats to they can sell Get 20% discount Can only sell domains in a certain country territory Customers can contact google support also directly Not obligated to provide tier-1 support
Customer can NOT contact Google Support directly. Obligated to provide tier-1 support Get 30% discount feb-2011, we have 30 of them world wide
Example Resellers
reseller.appspeople.dk cloudlogic.co.uk
reseller.onixnet.com reseller.cloudsherpas.com
reseller2.revevol.eu
117
Google will run a credit check on the Reseller business Once passed they assign the reseller legal agreement Reseller will be provisioned to give them access to the Reseller Portal Lead owner sends welcome email.
Once access to the Reseller portal the Reseller can start selling domains.
The sign up process Reseller first has to sign up with his potential Reseller Domain[1] Reseller then needs to register all the domains he deploys during his initial deployment phase He fills in his OWN reseller domain that he used in the application form [2.1] and clicks on Go He will be redirected to the login page for his own Reseller domain. After logging in as an Administrator user he will be redirected to a page [2.2] where he needs to fill in the domain name and the Customer Pin of the End-customer he want to register as initial deployment.
118
Getting access The Reseller can access the Reseller Portal through the Reseller Tools link on top right of their Google Apps control panel. We can see Reseller Tools of the reseller through CPanel Admin View in advanced rudolph
Adding customers In the reseller portal the reseller can add new or existing Google Apps domains (hell also need to transfer the initial deployments, they wont be automatically transferred to the console) If the domain is already a registered Google apps domain the reseller needs a transfer token. This can only be generated by the super admin through the control panel of the customer domain
Managing customers Resellers can manage the following for their customer
119
Increase Seats Set defaults such as language and time zone. Set support info and links that are shown in customers control panels View orders and invoices Manage the 30 day free trial and renewal options View customers control panel (customer can prevent this) Invoices and orders are only visible if they are ordered through the Reseller console. Note: Offline and legacy orders are not visible in the Reseller Portal.
Reseller Billing
The online billing flow Resellers are monthly invoiced for all domains bought or renewed. Only payment: bank transfer Reseller can dispute an invoice If they dont dispute and dont pay: Dunning--30 days Auto suspension--60 days Termination--90 days Note: this is for Reseller, not the customer
The customer side The transfer will start a new 12-month contract. No refunds are given for Reseller-toReseller transfer Customer will be automatically refunded for the unused period within 1 or 2 months (for direct premier apps customers who transfer). NileICS does this automated refund. Learn more Standard Edition domains will become an Apps for Business after the transfer. Resellers cannot officially resell EDU or STD domains.
120
Refund policies for Nile Resellers In general we do NOT refund or cancel any order. There are, however, some exceptions: Obvious user error ordered wrong domain name (.com instead of .net) ordered 900 seats instead of 90 (must be done within 7 days after that the aq Corrected order already booked (if possible), or Reseller is requesting support to perform the correction domain change: reseller must place new order for the same n. of seats first quantity reduction: support will perform the correction
121
Must be requested by reseller within 7 days of order execution and before invoice generation Resellers may request to more seats between different end customer domains. This is strongly discouraged but there might be some cases this is approved. Contact the lead owner if it is a grey area of guidance.
Top Cases I Cant Register XXX among my depolyements - already registered Sometimes applicant resellers contact us because theyre unable to add a deployment in their reseller sign-up phase (to reach the requested 25 deployments) This is usually due to the fact that they signed them up under another domain Check the domain in the support Tool and make sure its not a reseller yet(customer pin not starting with 136-). If this is the case , have the reseller provide the customer pin of the customer he wants to add and FL will maje the necessary changed in the backend to allow the registration of the customer .
IMPORTANT: make sure you understand the difference between applicant resellers (see above) and authorized resellers. The Transfer Token will ONLY work for authorized resellers with the Reseller Tools provisioned in their CP!
Longtail Reseller wants to provision moren than 250 seats Longtail resellers are capped at provisioning domains with 250 users This request should be approved by Sales first - hand-off to Frontline specifying by how many seats the cap needs to be increased (when this will be possible for vendors, reroute the ticket directly to the Apps SMB Channel GTM queue specifying by how many seats the cap needs to be increased)
Im a customer of ________ Reseller and have this problem We DO support resellers end customers, unless they are through an advanced reseller If theyre an advanced reseller they dont get a pin so they cant even contact us If the customer is complaining about a reseller , hand off to FL and ask to reach out to the lead owner to contact the reseller to discuss >>> dont get into a discussion with the Reseller and the customer yourself
122
I want to move to another Reseller This is possible by using the normal transfer process of Google Apps accounts: The customer can generate a Transfer Token and provide it to the new Reseller The new Reseller can transfer the customer by using the Transfer Token and following the normal process. Note: The transfer will start a new 12-month contrat but we do NOT refund the customer for this process.
I want to resell an EDU/NP domain Resellers cannot officially resell Google Apps for Education/Non-Profit domains, as by definition there needs to be a billing relationship between Reseller and Resold customers However, the Reseller can still offer support to the potential customer by creating an Admin account and therefore managing their domain. It wont be possible through to add the customer to the Reseller console so it will be necessary to manage him separately from the other resold customers (see GD RESEDU) My customer has disappeard from my console Check Nile, youll probably see a canceled order because the Reseller didnt change the default option for trial (Automatically cancel this subscripcion and suyspend user access) or selecte the option to Do not renew subscription automatically so the customer was disconnected from the console at the end of the annual subscription >>> The customers Super Admin will need to log in to the CP at https://www.google.com/a/ your_domain.com and click on the link Initiate service transfer in the interstitial page.
NOTE: If theres no Super Admin created well need to request domain ownership verification and request which user should be converted to Super Admin - then hand-off the case to FL
123
I dont know where to find/how to pay invoices - how Im charged ~All new executed orders & renewals placed during a month are consolidated and invoiced in arrears (see Reseller Agreement FAQs), so all the orders placed in a specific month will be invoiced at the beginning of the following month. The Reseller will need to log in to the Reseller Console > Reseller Information > Invoices to view his invoice. When a new invoice is added to this page, Google sends a courtesy New Invoice is availble emal to the resellers address. The available payment options are currently CHEQUE or WIRE TRANSFER (NO credit) For specific questions about invoices, Resellers can contact the Collections team (the email address can be found at the bottom of every invoice).
Note: Reseller will need to pay all invoices received from Google before, during and after the transition.
All resellers pin will start with <136> If the pin starts with another number its probably an applicant reseller
124
Troubleshooting
I want to change my customers billing plan Flexible Plan> Annual Plan Reseller can do this themselves from the customers subscription tab in the console Annual Plan > Flexible Plan Only possible during Trial. Otherwise, plans can be switched at the end of the annual commitment by selecting Do not auto-renew my contract
NOTE: for migrated customers from Nile to B3, the default plan is the Annual Plan.
Why cant I add Vault for my customer? Vault is only available to NA (US and CANADA) and LATAM (English TOS only) Resellers only. EMEA, JAPAN and APAC regional availability will follow shortly. See our FAQs for updates. Any update will be communicated through the Reseller Console and on our official Apps blog at http://googleapps.blogspot.com/ NOTE: Vault can only be ordered via the Reseller Tools Console, and ONLY for those resellers who have already converted from the annual prepay version of the Reseller Tools Console to the monthly post pay version. Vault is the only available to net new customers (i.e new domains/customers only) not to existing customers
125
Overview Located unser Control Panel>settings>mobile Offers provisioning of new devices to the Apps domain Fine-grained controls over mobile fleet and access to Apps data with organizational unit (OU) level control Device auditing and access the Apps data Management of mobile fleet with ability to approve/block and wipe devices
Requirements In order to view the mobile management feature, the domain must fulfill the following conditions: Google Apps for Business, EDU, Non-profit edition and Govt. Next Generation Control Panel Compatible Mobile Platforms Android iOS Windows Phone Incompatible Mobile Platforms Blackberry (GBES connector solution available) Accenture Symbian
Main functionality
126
Password Settings
Setting Android support iOS support Windows Phone support
127
Require users to set passwords on their devices Password strength (Note: Windows Phone 7 and 7.5 support 'Standard' but not 'Strong') Minimum number of characters Number of days before password expires Number of expired passwords that are blocked Automatically lock the device after: Number of invalid passwords to allow before the device is wiped
Yes Yes
Yes Yes
Yes Yes
Device Settings Setting Require users to set passwords on their devices Automatic Sync Allow Camera Android 3.0+ No 4.0+ iOS YES YES YES Windows Phone YES No No
Device Policy Apps Key Features Multiple Apps account support User can set Device Policy with multiple Google Apps accounts and enforce policies across many accounts, in the one single app Policies Supported Device Encryption (Android 3.0+) 128
Number of days before password expires (Android 3.0+) Number of expired passwords that are blocked (Android 3.0+) Allow camera (android 4.0+)
Password Enforcement Required users set a password on handset Password Strength Password expiration and blocking of old passwords Device blocking & wiping after failed password entry Policy compliance clean-up If the device no longer meets enforced policies, cookies are deleted after 24 hours. Policy enforcement clean-up When an enforced Apps account is removed from device, it is also removed from Device Policy. Advanced Settings See HC article for more advanced functions.
Troubleshooting Integrated into the Control Panel Dashboard to review connection attempts, fist/last sync times, device OS, user agents, etc to assist support in gathering information and troubleshooting to verify customer actions. Known issues/limitations Enforcing policies for Android Sync requires Device Policy, which requires Android 2.2+ Android: only apps that access Dasher data is reported under View Details > Applications Other known issues to be addressed via documentation as device/OS combinations too varied address via UI panel When reporting a possible issue Check if device supported, verify make, model and OS Ensure the config of the apps account is correct as well as sync settings on device Check CPanel > Mobile Settings > Devices to verify it is listed Try to reproduce on a different device / different user Check Apps Status Dashboard Check Known issues page
129
Resource FAQ Supported editions: Business, Edu & Gov Existing devices: Automatically activated (approved) Google Sync: Covers iOS, Windows Phone and devices connecting via Exchange ActiveSync BlackBerry: Not supported Symbian: Not supported Easiest (Less secure) method: Enabled Google Sync, Android Sync without policy enforcement Locally applied: settings arent inherited from parent (applies locally to OU, vs. inherited) Android device policy: 2.2 and above
MOBILE TROUBLESHOOTING
Learning Objectives 1. 2. 3. 4. 5. 6. 7. Support Scope Mobile Browser Google Sync Android Sync GBES intro IMAP setup on mobile devices Gmail App for iOS
Support Scope Connection Method Mobile Browser Google Sync Scope Supported Only supported on iPhone/WinMo
130
Insufficient and unclear information provided by admins and by dispatch is a big efficiency drain in Enterprise Mobile. In particular it is essential to be absolutely clear about the connection method.
First-line troubleshooting There is much you can do to help resolve cases yourself. If appropriate Verify that required options are selected in CPanel Very that user is not suspended in CPanel or over quota in GAIT Verify that the connection has been deleted and recreated Check the Known Issues page & Apps Status dashboard Ask more probing questions as to the specific of the observed behaviour Search the resources listed below!
Where to search
131
Search online resources: Apps HC: google.com/support/a Mobile HC: google.com/support/mobile Known issues on: http://support.google.com/mobile/bin/answer.py? hl=en&answer=139635 Google it! Search TELUS KB Ask a MSM specialist or Team Lead
Troubleshooting challenges Users dont specify (or dont know) if they are using Pudu, Milu, Sync or POP/IMAP Troubleshooting: Availability on variety of devices and mobile providers leads to many unique problems Difficult to reproduce errors that occur in other countries
Some mobile services providers may block access to sites requiring HTTPS (ex. google.com) Whom to Consult If you cannot resolve a case yourself, youll need to escalate. go/mobile/help Ensure you assign to the correct team; directions in template ConOps/Eng then triage and assign bugs to relevant SWE This bug shortcut will populate most of the relevant fields. You can also use ir to ask questions which are not related to active cases.
Google sync -Known Limitations Google Sync is in Beta Mail Search / Mail Drafts Custom form/ Reply to Actions in Gmail Calendar attendee status Recurring/ multi day events Adding/editing attendees Contacts information Not yet supported Not yet supported May have different effect Yes/No/Maybe not supported may be rendered as single events iPhone-created events wont send invites Limited fields are synced
ID:139635 http://support.google.com/mobile/bin/answer.py?hl=en&answer=139635
Troubleshooting Google Sync First step is always to delete and reset sync relationship Check CAPTCHA Establish all relevant information as per GD PHONE
133
Debug logs sometime requested by SWE; they provide guidance Google sync can cause issues with Calendar on many devices Running Google sync and GBES concurrently will result in duplication of contacts Many once-off, non reproducible, intermittent issues Temporary network issues manifest as google sync errors Sync logs only go back a week
IMAP
No different to IMAP connection on desktop Only supported on Android and iPhone, in some cases Windows Mobile IMAP Gmail connection on BlackBerry is to the BlackBerry Internet Service (BIS) and is not supported Detailed configuration data is however provided for many devices (suck as BIS on Blackberry) Confusingly, IMAP is also sometimes referred to as Mail Sync
IMAP Configuration IMAP needs to be enabled by the user (not the admin) GMail > Settings > Forwarding and POP/IMAP > Enable IMAP Configuration http://support.google.com/mail/bin/answer.py?hl=en&answer=75726 Standard IMAP settings http://support.google.com/mail/bin/answer.py?hl=en&answer=78799 Fetch intervals configured in the device Settings App Fetching too often risks exceeding per-user IMAP connection quota
IMAP Troubleshooting Android and iPhone (and occasionally WinMO) supported Set up IMAP again, veriyfing settings Ensure username is entered with domain extension 134
Password issue sometimes solved by CAPTCHA on desktop Obtain screenshot of settings and error message. iPhone screenshot - p105 of user manual http://manuals.info.apple.com/en_US/iphone_user_guide.pdf
Follow standard support flow and file but at go/mobilehelp
GBES Standard Troubleshooting Steps (GD GBES) Confirm that provisioning API is enabled in the control panel Confirm that Sync is enabled in the control panel Check OAuth Consumer key Gather Affected email addresses Confirm data and time of issue Request BlackBerry log file Request Apps Connects logs
Common issues: Mail stopped flowing to the mobile device Messages not appearing as read on device or web UI Messages from other labels not being received by BlackBerry Enterprise Activation Fails
Mail Stopped Flowing to the Device SRP key shows disconnected in the BB manager Verify: The Blackberry manager server property pane should show SRP disconnected.
135
Also, the BES admin can run start>programs> blackberry Enterprise server> blackberrry server configuration. Click on the Blackberry Router Tab and click on Test Network Connection Alternatively: they can do this via CLI with a tool called BBSRPTest.exe under c:/programfiles/researchinmotion/blackberry enterprise server/utility Reason: SRP key expired. Every Temp SRP expires after somewhere between 60-90 days( Normal SRP keys dont expire) Reason if BES reconnect to RIM 5 times within short ;perod time, it will trigger DoS and couse SRP hey to be suspended Fix call RIM support to renew or reactiove the SRP key If customer has technical Support witn RIM, they can check SRP status and reactivate via BlackBerry Expert Support Center (http:// www.blackberry.com/besc)
OAuth key is invalid The connector logs shoudl show HTTP error code 401 when accessing https:// google.com/... Gmail is down The Connector logs should show HTTP error code 5xx when accessing https:// google.com/... Gmail is too slow The Connector logs should show error code 0x80072ee2 Potential bug The connector logs should show error code 0x8007xxxx related to GmailSyncTask. PST cache is corrupted The Connector logs should show error code 0x80040600 or 0x80040119. Blackberry Controller and Dispatcher Services are not communicating properly In the services manager, please shut down the dispatcher and controller services and restart them in that order.
Fix: ask user to turn on email wireless reconciliation 2. User didnt wait long enough Reason: the read sync can be delayed by up to 15 min Fix: use menu Reconcile Now to force reconciliation.
Android
Gmail for Mobile Application (MILU)
Supporting MILU
Common Issues
137
Sign in problems are mostly customer error-solve a CAPTCHA Network Connection issues and features request Attachments/ rich text supports- plain text only
Troubleshooting http://support.google.com/mobile/bin/topic.py?hl=en-GB&topic=21165 Confidential Milu is de-staffed and future development outsourced to RIM There will be no new feature but thanks for your suggestion Push Dasher users towards GBES PO issues or high profile customers: go/mobilehelp
138
What is the GBES Connector? A free software package installed prior to BES install Replaces Exchange as link between Google Cloud & BlackBerry fleet
MAPI protocol is the one used for BB for emails as well as the address book
DATA Flow: BES/Google: Blackberry device <--> [RIM] <-> BES <-> [IMAP]/Connector <-> PST
In addition GBES builds the users PST cache in the background Mail Calendar Contacts Global Address List (GAL)
GBES Configuration
General System Requirements Must be a dedicated server Fresh install of Windows Server Supported Server versions: 2003 Standard, 2003 R2 64-bit or 32-bit, SP2 installed 2008 Standard 64-bit or 32-bit, SP2 2008 R2 64-bit only
139
Hardware Requirements (<250 users) Dual Intel Pentium 4 processor 2Ghz or higher 4GB RAM minimum 1 GB per user minimum disk space
Hardware Requirements (up to 350-400 users) Quad Core Xeon 2.83GHz or greater 8GB RAM minimum 1 GB disk space per user minimum OS disk: 2 disk drivers: 15 K RPM SAS, 146GB, mirrored Cache disk 4 disk drives minimum, 15K RPM SAS, 300GB, RAID 5 Disk controller: SAS 3GB/s, with 256 MB onboard cache memory
Performance monitoring As users are added, check the following Average CPU load should be no more than 25% Committed bytes no more than 60%. Current disk queue no more than 3
When a New User is Created Last 1000 messages, calendars and contacts get cached to PST Only last 30 days of email is stored. Whitespace is not recovered,but can be via registry edits. Expect at least 500 MB per user and up to 1GB
140
Calendar Sync: Only events in your primary user calendar are synced. Multiple calendars are not supported. Contacts sync: Only contracts within My Contacts label within Gmail are synced. (Although the GAL is searchable but not browsable, and it can take up to 24 hours for contacts to populate to the GAL) Contacts Sync Delay: Updates to contacts take about 5 minutes to synchronize. Global Address List: Searchable but not browsable, and it can take up to 24 hours for contracts to populate to the GAL Notes/Tasks: Notes and Tasks are not wirelessly synchronized to Google Apps. They are only local to the device.
Common Issues
Mail stopped flowing devices PST corruption PST compaction Upgrade issues Enterprise Activation Issues
Standard Checks Confirm that provisioning API is enabled in the control panel Confirm that Sync is enabled in the control panel
141
Check Oauth Consumer Key Check Oauth Scopes Gather affected email address Check PST health
PST Corruption
Causes
A single corruption puts additional load on server May lead to additional corruptions Antivirus on server is accessing PST Exclude cache folder C:\Documents and settings\Administrator\Local Settings\Application Data\Google\Google Apps Synch\Cache Server not meeting hardware requirements may lead to performance issues and PST corruption.
Solutions
Use support tool located at http://code.google.com/p/google-apps-support-tools-forwindows/downloads/list to scan for and repair PSTs Remember to stop blackberry services list Use this metUse this method if many or all users are affected Reprovision users, if only one or two users are affected. In rare case where PST corruption is not logged, all users need to be reprovisioned Use GD GBESCORRUPTION
142
Make sure activation email arrives at Gmail. Make sure Connector logs shows Found activation message. Make sure the user is not on another BES server. If you see error message Ignored - let other server/desktop do it in BES logs, it means the user is still on another BES server or in another BE configuration user database. Make sure BED SRP status is connected.
143
Troubleshooting and FAQ for Google Apps Connector for BlackBerry Enterprise Server
This document details common problems and troubleshooting methods for Google Apps Connector for BlackBerry Enterprise Server. For more information about Google Apps Connector, see the Overview andDownload pages. Each issue listed below includes a brief description of the issue. Some answers include a link to a detailed description in the Google Apps Connector Help Forum. Follow the links for more details.
Supported Features
What versions of BlackBerry Enterprise Server are supported? How do I upgrade BlackBerry Enterprise Server from 4.1.x to 5.0.x while using Google Apps Connector? Does Google Apps Connector support multiple domains? Does the Google Apps Connector support multiple calendars? What are the systems requirements and capacity limits for the connector?
Maintenance
144
How do I read the Google Apps Connector log files? How do I shut down Google Apps Connector properly? How can I identify hardware capacity issues? How do I resync the Global Address List (GAL)? How do I upgrade the Google Apps Connector to a new version? Is it possible to limit the cache file size to some specified value? How do I handle BlackBerry Enterprise Server account password changes? How do I verify GAL data with Google Apps Connector? How do I relocate existing cache files?
Overview Many new clients to Apps are bringing data from their previous or existing system with them,. This data can exist in various locations such as: computers mobiles servers tablets
in some cases they will be abandoning the previous hardware/system. A migration from the source to Google Apps i.e. the Cloud is desired. Where there will be ongoing use of existing hardware in conjunction with Google Apps, a synchronization solution is preferred.
145
Contacts
Migration
Migrate
Mail
Personal Shared
Headquarters
Sync
Source System
The ultimate goal is a seamless transition and utilization of Apps Services and tools. The above are consideration an admins should thinking about. The source system will be the key factor in deciding method used.
Migration There are 2 approaches to migrating user data The Server Side All done by admin Done all at once Works on many server types Little granularity Can be slow Requires more equipment The Client Side DIY for Users Users select what to migrate Users can migrate at their own pace Less admin control User error abounds requires a support mail client (MS Outlook)
146
VS <------------
Client Side
Client Side Google Apps Migration for MS Outlook (GAMMO) Migrates Mail
147
Calendar Contacts(Personal) Mail Fetcher (from Gmail) Migrates Mail (uses POP)
Sync
Sync tools simply the on-going use of the source system/software after the data is uploaded to Google Apps.
Google Apps Password Sync (GAPS) One-way Sync from: Microsoft Active Directory only Data that is Synched: User Passwords
App Engine
148
Google app engine lets you create, host & run web application on Googles infrastructure. The allows IT professional to buld their own migration tool that in the cloud and migrate data to Google Apps. API (Automated Programming Interface) access should be enabled on the target Apps domain. Refer to: https://developers.google.com/appengine/ to learn more.This solution is NOT supported by the Google Apps Support Team.
APPS Maketplace
Developers have developed tools around APIs and market them on the Google Apps Marketplace. This means if a client cannot use our tools and is unable to create their own, there are people out there who will do it for you at a price. Keep in mind, just like App Engine, Marketplace Applications are NOT supported by our team either. Refer clients to the developer for support.
149
Apps to migrate mail from legacy email systems into their domains hosted Gmail Accounts. The API reference material can be found at https://developers.google.com/google-apps/ which cover the various APIs that can be used to automate and integrate with Google Apps.
Administrative APIs
GAMME Overview
Learning Objectives By the end of the training you should be able to Identify Migrations supported by the GAMME tool Verify API provisioning settings in the CPanel Correctly configure the GAMME tool Validate a properly formatted user list Understand potential network issues Perform a data migration Read and interpret logs
150
There are 4 components to the GAMME tool: Migration Wizard Migration Configuration GUI Launched as ExchangeMigration.exe Command Prompt Executable i.e DOS command windows Command-line utility ExchangeMigration.exe Can reference configuration file or parameters for migration options User List CSV file containing list of users to migrate Enter each username on a separate line Admins can map a user on MS Exchange to a different user in Google Apps if needed. ** Log Files Created when running migration Two types are generated: Status and Trace log files.
151
Requirements
Mail server
Google Apps for Business or Education. Enable the Email Migration API option in the Google Apps control panel. Enable 2-Legged OAuth in the Google Apps control panel.
Microsoft Exchange Server (2000, 2003, 2007 or 2010) or IMAP server (any RFC 3501-compliant IMAP server, including Microsoft Exchange, Novell Groupwise, Cyrus, Courier, Dovecot, SunMail, Zimbra, and Gmail). One administrative account on your server that has permission to read each user's mailbox. In Microsoft Exchange, the permission Receive As is sufficient.
Client computer
Microsoft Windows (for each computer on which you install the utility): XP SP3, Vista XP3, Windows 7, Windows Server 2003/2008 Microsoft Outlook 2003 or 2007 We recommend that you use the latest patches for both Windows and Outlook.
CPanel Provisioning
Migrations require certain APIs in the Apps to be activated prior to attempting the migration. Admins MUST enable: Email Migration API (EMAPI) 2-Legged OAuth The users must be created in Google Apps prior to the migration
152
Migration Diagram Migrating from Microsoft Exchange The cloud -------- Firewall ------- Local Area Network (Mail, Calendar, Contacts (personal)) Migration from aggregated PST files The Admin (NOT THE END USER) takes each PST (backup file with email information) and will separate it with folders and then it will upload it into the cloud GAMME Administration Guide Migration from another Google Apps Account (IMAP) GAMME Download page https://tools.google.com/dlpage/exchangemigration
GAMME Interface
Start menu > All programs > Google Apps Migration
GAMME Walkthrough
Migrating from MS exchange
Your user list should be ready prior to configuration user1@testdomain.com user2@testdomain.com user3@testdomain.com Use this format if: Exchange username = Google Apps username user1@testdomain.com, user.one@testdomain.com Use this format if: MS Exchange username Google Apps username STEPS: Step 1a: Enter server hostname/IP address
153
Step 2: enter Apps domain & associated consumer key & secret found in the CPanel Step 2a: map the location of list of users to be migrated (SCV file or TXT) Step 3: set & review migration settings prior to launch the migration, hit next when ready to begin. Step 4: Diagnostic check performed, if successful...hit start to begin migration
Your user list should be ready prior to configuration user1@testdomain.com user2@testdomain.com user3@testdomain.com Use this format if: Exchange username = Google Apps username user1@testdomain.com, user.one@testdomain.com Use this format if: MS Exchange username Google Apps username STEPS: Step 1a: Enter server hostname/IP address Step 2: enter Apps domain & associated consumer key & secret found in the CPanel Step 2a: map the location of list of users to be migrated (SCV file or TXT) Step 3: set & review migration settings prior to launch the migration, hit next when ready to begin. Step 4: Diagnostic check performed, if successful...hit start to begin migration
154
user3@testdomain.com#user3password, user3@testdomain.com
STEPS Step 1: Select IMAP Server Type Step 1b: Specify IMAP Security and Port as needed based in clients environment
Apps to Apps migrations are done using IMAP. Here are the required settings: Server Type: Other IMAP Server Hostname: imap.gmail.com Security: SSL Port: 993 IMAP Path Prefix: n/a
Network Configuration
Watch Out for firewalls Port 443, 993 and 143 Ensure the necessary ports are not blocked by any firewalls: 993/143 IMAP & 443 MS Exchange Antivirus Some antivirus programs will block ports and/or applications. Ensure that the Client machine as set to allow the GAMME tools to access the internet or disable the antivirus during migration. have you lately got a update or patch on your antivirus? they usually blocks ports
155
got Bandwidth? GAMME uploads at a maximum rate of 1 message/second/per user So if we have 10 users x 1000 emails, then it could take up to 27 hours to complete the migration
GAMME Logs Trying to read raw GAMME logs might feel like interpreting an ancient language but we.ve good tools to help us.
Overview of data migration Two categories of migrations Administrator Level User Level The choice depends on the organization needs but shall also strongly depend if mail is stored on a client or on a central server Administrator level User Level
156
Migration on behalf of the users From a server (usually microsoft exchange) to google servers
Users migrate data From a client (e.g. Microsoft Outlook) to Google servers
Server-side migration
Client-side migration
GAMME = Google Apps Migration for Microsoft Exchange (is for the administrator, for all the users) GASMO = Google Apps Sync for Microsoft Outlook (also called Glook) GAMMO = Google Apps Migration for Microsoft Outlook (is for the end user) GADS = Google Apps Directory Sync
Best practices There are no limits on the number of migrations Migration a small number of account as a test In case of high number of users it is better to perform the migration in batches
Before to migrate remember Inbox does not exceed the email quota (25 GB) Potential attachment wont be migrated (.ini, .exe, .vbs), please backup Trash and Spam folders will not be migrated, as well as messages with attachments greater than 25 MB Disable all forwarding rules to prevent loops with other accounts Users may not be able to access to Google Apps during the migration For more information on Dual delivery review the following article
Admin doing the migration Google Apps Migration for Microsoft Exchange (GAMME)
157
Administrators/Server side: (Premier and Education Edition only) Advanced Tool which supports most server side migrations (N.B. other servers as well as Microsoft.) Recommended! Selectively migrate mail folders by choosing from a list of options, and by optionally specifying an exclusion list. Specify whether you also want to migrate calendar and contact data Only personal contacts are migrated for each user. (GADS for GAL) Specify a time frame for the email you migrate Specify the list of users that processed, and the number of users processed simultaneously by each instance of the utility The tool supports Microsoft Exchange Server 2003 & 2007 as well as other IMAP servers.
Please review Google Apps Migration for Microsoft exchange Help Center articles for extensive documentation.
GAMLN Administrators/Server Side: (Premier and Education Edition only) This server-side migration tool offers administrators: Schedule migrations and migrations templates Automatic provisioning of Google Apps account Tools for migration notifications, reporting, and logging. High data integrity for mail, calendar and contacts information from Lotus Notes to Google Apps.
158
What does it migrate? Mail Calendar events Contacts More information can be found here
What does it migrate? Only mail More information can be found here
159
Individual/client side: (All users) Perform a user driven individual migration Selectively migrate email, calendar or contacts (or any combination thereof)
Learning Objectives
Overview Features Limitations Functionality System Requirements Troubleshooting Product behavior Resources
Overview
Google apps sync for Microsoft Outlook is: Plug-in that syncs Outlook with Apps just like Outlook natively syncs with Exchange. Features Fast email sync using Google-native protocol Full calendar sync, including recurrence patterns, attendees. Contacts sync for all Outlook fields Global address list for autocomplete and contacts lookup Lookup of free/busy information Availability Free with Google Apps Premier & Education Edition for more information click here
160
Allows apps customer to continue using Outlook with Google Apps Mail, calendar, contacts, Free/busy, Global Address List.. Erases migration concerns, provides a transition path for users to move to 100% web Provides great offline storage for Gmail
Posts in folders: You can store posts in your Outlook mail folders and they remain available in Outlook. But they don't appear in Gmail. Message flag follow-up dates or reminders: Flagged messages in Outlook are starred in Gmail. But follow-up dates or reminders associated with a flag don't appear in Gmail (since Google stars don't have these features). Category assignments: Gmail doesn't have a feature equivalent to Outlook categories, so any categories you assign to a message in Outlook don't appear in Gmail. Multiple signatures: Unlike in Outlook, you can create only one signature in Gmail. Public folders: Google Apps doesn't support public folders, either in Outlook or in Gmail. Importance levels: You can't mark messages as Important or Low Priority in Gmail, as you can in Outlook. Delivery receipts: When sending a message from Gmail, you can't request an automatic response when the message is delivered. Forward or Reply arrows: Gmail doesn't mark messages you've forwarded or replied to, with a small arrow icon, like Outlook does. Editing messages in your Inbox: You can use Outlook to edit the body or subject of a mail message you've already received (or sent). However, those edits don't appear in Gmail.
161
Features
Technical background Account, Profiles and PST files Account
Profile Profiles are essentially a view in Outlook Can contain several Accounts or email addresses Overview of Outlook profile HERE
162
PST
Type of file which Outlook uses to store data locally on a users computer Each Google Apps Sync profile will have its own PST file.
Data synchronization occurs on the following schedule: Email: Every minute (most likely on the final) Calendar: Immediately after you create or receive a meeting invitation, or every 10 minutes Contacts: Every 20 minutes Global Address List: Every 24 hours.
163
Key Features
1. Migration: Existing Outlook profile to Google cloud. 2. Two way sync: Email, Calendar and Contact 3. GAL (Global Address List)
System Requirements
OS requirements Windows 7 (32 and 64-bits) Windows vista SP1 (64 bits) Windows vista SP1 (32 bits) Windows XP SP3 (32 bits)
Microsoft Outlook requirements Microsoft Outlook 2010 (32 and 64 bit) and this free/busy hotfix Microsoft Outlook 2007 with Office SP2 Microsoft Outlook 2007 with Office SP1 and this hotfix Microsoft Outlook 2003 with Office SP3
164
Users need to have local admin permissions for their computers in order to perform the installation. Port requirements Open port 443 for the following applications on the computer on which you install google Apps Sync for Microsoft Outlook Outlook.exe ProfileEditor.exe
Product Behavior
Things to be aware of
165
The Exchange compatibility chart (page 12) details what feature are and are not present with Google apps Sync Install guides: Help and information for Users Help and information for administrator
When you install Google Apps Sync, you also have the option to migrate your mail, calendar, contacts and other data from your old Outlook profile. However, if all you want to do is migrate data (that is, you dont plan to keep working in Outlook afterwards), use Google Apps Migration for Microsoft Outlook, instead. See GMail vs Outlook Gmail vs. Outlook Google Calendar vs. Outlook Google Contacts vs. Outlook
Recovering deleted items After emptying your Deleted items folder, you cant use Recover Deleted Items in Outlooks Tools menu to get the messages back. (This menu item isnt available.)
166
Sharing mailbox folders You can't share a mailbox folder in Outlook with other users (Permissions settings aren't available in the folder's Properties dialog). This is because folders in Outlook map to labels in Gmail, which don't have permission properties.
Public folders Public folders aren't available with Google Apps Sync (they're missing from Outlook's navigation pane).
Sending executable attachments Google Apps Sync doesn't allow sending executable file attachments (including executables in compressed attachments) from either Outlook or the Gmail interface. Which file types can I not send?
Delivery receipts Delivery receipts aren't generated in Outlook when using Google Apps Sync. If you request a delivery receipt for a message you send from Outlook, you won't receive a response when the message is delivered. However, you can select a read receipt (see below).
Read receipts Read receipts are generated in Outlook with Google Apps Sync. However, your recipient must be using Outlook and must enable read receipts for their profile. In that case, you'll get a response when your message is read.
167
Recalling a sent
message In Outlook, you can choose Recall Message from a sent message's Other Actions menu, to try to recall a message you just sent. However, unlike Microsoft Exchange, Gmail can't recall messages. Instead, the recipient receives both the original message, along with a follow-up message saying you wanted to recall the message.
recipients In Outlook, you can send mail marked as Important or Low Priority. But these values arent synchronized with your Google Apps account in the cloud and therefore dont show up for other users.
When I search for a contact, it only l has their email address and name! I cant see their additional information
168
expected behavior
When scheduling a meeting using Outlook, Im unable to see free/busy information for coworkers using Gmail on the web. Help me! this is not an expected behavior
For most cases, we need trace files Trace files are .log files which the Google Apps Sync Eng team uses to diagnose issues
1. Send CRs: GD MIGL or GD MIGL1 2. Use go/logalyzer to find initial troubleshooting steps 3. Due diligence research (sans) goto/glookguide outlines many more situations and troubleshooting tips
Disabling Sync Create this reg/key HKCU/Software/Google/Google Apps Sync/SyncFlagsEnabled (DWORD) value 1
169
The options are: HKCU/Software/Google/Google Apps Sync/AddressBookSync HKCU/Software/Google/Google Apps Sync/CalendarSync HKCU/Software/Google/Google Apps Sync/ContactSync HKCU/Software/Google/Google Apps Sync/EmailSync HKCU/Software/Google/Google Apps Sync/Gal
Sending large messages can time out over a slow connection If you send a message with large attachments (multiple megabytes) over a slow connection, the connection can time out, leaving the message unsent in your Outbox. By default, the timeout is hardcoded to occur at 90 seconds. You can extend this period to accommodate messages that take longer than 90 seconds to send by modifying your Windows registry. Specifically, add the following keys to override the hard-coded timeout values: HKEY_CURRENT_USER\Software\Google\Google Apps Sync\Other\ResolveTimeoutSeconds > DWORD Value = 00000030 HKEY_CURRENT_USER\Software\Google\Google Apps Sync\Other\ConnectTimeoutSeconds > DWORD Value = 00000030 HKEY_CURRENT_USER\Software\Google\Google Apps Sync\Other\SendTimeoutSeconds > DWORD Value = 00000600 HKEY_CURRENT_USER\Software\Google\Google Apps Sync\Other\ReceiveTimeoutSeconds > DWORD Value = 00000600 Note: If you're running a 32-bit version of Outlook on a 64-bit version of Windows, you'll need to add these registry keys in the correct location for 32 bit applications. For details, see the instructions on using the Windows registry at Configure limits and options via the registry.
http://support.google.com/a/bin/answer.py? hl=en&answer=163644&topic=1042001&ctx=topic
170
Are you running into issues with meeting invitations? (ensure that invitations are iCal formatted; Note differences between OL & Google Calendar)
Resources
Glook Help Center http://mail.google.com/support/bin/topic.py?hl=en&topic=23333 Glook FAQ doc: goto.ext.google.com/glookFAQ Known Issues: http://support.google.com/a/bin/static.py?hl=en&page=known_issues.cs Logalyzer tool which reads trace files and outputs suggestions. Doesn't catch all issues, but is a good starting point. Troubleshooting guide: goto.ext.google.com/glookguide Everything known about troubleshooting GLOOK https://docs.google.com/a/google.com/document/d/ 1ibgdEv8AS6j7TyiaC5vs9qe1fkkKoa1vv3dMsrMkvKU/edit
171
Salesforce/Unify
Learning Objectives Personal Setup Cases Views Queues Case Management Updating a case Priority levels status case reason component, subcomponent, root cause Case owner Support language Sending a message Case comments vs. Email Handoffs Coverbug Tool: Bugs and Feature Requests
Personal Setup 1. Go to http://unify.ext.google.com 2. Set your Alias and community nickname a. My Personal Information > Personal Information > Edit 1. Set email name and return address esupport@google.com Email > Email Settings Case Views _My Unify Open Cases _My Unify Open Cases w/updates (i.e with client replies) Apps - Vendor All Cases (generalists take cases from this bin) Apps - Vendor -[Specialization here] Cases taken by TELUS by specialization pod Apps - Vender - [Specialization here]
172
Cases taken by TELUS from Friday 8pm EST to TS Apps or MSC - [insert here] Cases from the different languages, Dispatch queues, etc. Case Queues Apps queues TS Apps, CS Apps, TS Apps - [Language here] CS Apps - [Language here] Other support teams TS Apps API = API Team* TS MSC = Technical Support Postini TS MSC OSO = same, but not entitled to support CS MSC = Customer Support Postini CS MSC OSO = same, but not entitled to support
3. Updating a Case
Priority Levels
Priority Level Type of issue Example
P1 - Critical Impact
Critical service issue affecting all users. Service unavailable or unusable with no workaround. Note: These type of issues tend to be rare. Information about any service disruptions is available through the Apps Status Dashboard. This issue is critically impacting a single user or critically impacting collaboration among users. Product does not work as expected, with no feasible workaround.
Widespread email delays affecting the majority of email being sent and/ or received
P2 - High Impact
A user is unable to access her email and is receiving a 500 error page
P3 - Medium Impact
Unable to delete a group forum post using the Delete button, but the message can be deleted with some URL manipulation.
173
P4 - Low Impact
Product does not work as desired, but functions (a workaround is not necessary).
A user is not able to easily add new words to the spell check dictionary.
3. Updating a case:
Status In progress Google Support In progress Google Support # Youve consulted to backline In progress Google Eng Eng is looking into a Bub In progress Google Other Waiting on someone in Google outside the support organization Submitted for Disposition Bug is filed through go/dasherissue and waiting on backline triage to Eng Waiting on Customer Response Solution Offered You've given the customer instructions to solve the issue
3. Updating a case: case reason Main ones used: Customer Usually the case
174
Engineering In case its a bug 3. Updating a case: Component, Subcomponent Mandatory fields when putting a case in solution offered status
3. Updating a case: Support Language I don't speak this language! What to do? 1. Dont Panic! 2. Copy and paste the text in http://translate.google.com a. this will automatically detect the language used. 3. Is it Dutch, French, Italian, German, Spanish or Japanese? Change support language to the correct language Reassign case to correct queue (TS Apps-[Language here])
1. Different language? a. Send GD LNS and try to help using the translation
3. Updating a case: Case owner User Queue E.g. Postini = TS MSC, TS MSC OSO or CS MSC E.g. TS Apps - Spanish
4. Sending a Message
175
Guideline: look at case origin. If its portal, use Case comments. Else, send an email. Case Origin: Portal Use Case Comment Case Origin: everything else Use Emails
4. Sending a Message case comments Use the internal messages and Portal users Mark Public and send customer notification for portal users
If there is case with no cover bug will not pass the quality audit!!! more than a 100 users we don't... ( active users) Yellow White Blue >>If u make a change using the cpanel with the enterprise support tool // it will be taken as if the owner made it.
4. all steps into it 5. review previous emails 6. contact via: email (web) or portal (resellers use: P) or ECP (you reply as a public comment) (Enterprise Consumer Portal, for over 200 users) 7. change priority if needed 8. cover bugged check and add one. 9. select a status
177
NOT SURE Dont hesitate to ask in CPanel qq threads to clarify whether we support or not.
Canned Response
Here is what I use (ex: Analytics - obviously changed for other products): ---------------------------------------------------------------------------------------------------------Hello, Thank you for contacting Google Apps Support. Unfortunately, the added Googleservices apart of the new Google Apps infrastructure are outside the core suite of applications within Google Apps and are not currently covered by any support or service level agreement (you can find a full list of these new serviceshere: http://www.google.com/support/a/bin/answer.py?answer=181865). We do intend to evaluate possible support options for the added services in the near future. However, currently for those services, you'll find assistance through their respective Google Help Centers and Help forums. If you still require assistance with Google Analytics, I would suggest searching their Help Center and/or reaching out to the online community on the forums. You can find the full Google Analytics Help Center here: http://www.google.com/support/analytics/?hl=en Sincerely, Enterprise Support
----------------------------------------------------------------------------------------------------------
178
Overview The official Google Apps terms of service (and policy) is that any products and services beyond the core Google Apps suite of products (such as Gmail, Calendar, Sites, etc.) are not supported by Google Apps. Despite our official policies, however, we will be providing some support for certain aspects of GA+ administration and GA+ related topics. Please see below for more details. Fully supported Definition: Implies full TSSG support. (e.g. 24/7 phone access for emergency issues, defined bug escalation process, eng. pager support, etc.) All control panel components relating to GA+ and non-core-suite services. e.g. On/off access buttons for 90 new services, how they work, any issues with them, etc. Privacy, data ownership, or abuse questions e.g. What happens if I evict a user -- who owns the data then? OR One of my users shared our company information on a blog, and its shared with everyone! How do I stop this?!
Not supported Definition: Front-line support teams will not offer any support beyond guiding customer to available online/default resources from consumer teams (and other such resources that we are continuing to identify). Refers to end-user issues only (and does not refer to any administrative issues or components). How-to questions for end-user functionality e.g. How can my users create a filter in Reader? OR How can my users save a template in Blogger? Any technical issues (bugs) affecting a product (including bugs affecting c-level staff members). e.g. The save button in Reader does not work some times, Our Blogger templates has mis-formatting issues. Rationale: If we were to accept reports of technical issues for non-core-suite services, since none of these products currently have engineering support, we would not be able to effectively address issues, making for an
179
inefficient, cumbersome, and very mediocre customer experience. General messaging: Blogger/Reader (etc.) are not part of the core Apps Suite of services, and although you can access them and certainly make use of them, we dont recommend running your business critical functions on them, and currently we dont offer support services for them. (You can try the following existing services associated with the products ... online/ default resources, etc.).
For example: Country Blacklist Step 1: User A writes in to say that Blogger is not available for their domain. Step 2: Frontline person checks out the domain and it turns out it's been registered in Singapore, where Blogger is not available. Step 3: Frontline finds the relevant Help Content that states this fact, and sends to the customer. They can then suggest writing into the Blogger forums. OR Service On/Off Step 1: User A writes in to say that Blogger is not available for their domain. Step 2: Frontline person checks out the domain and it turns out it's been turned off in the Cpanel. Step 3: Frontline explains how to turn it on in Cpanel and how to access it via the URL. They can then suggest writing into the Blogger forums if they have any how-to type questions. OR Suspension (usually caused by Abuse) Step 1: User A writes in to say that Blogger is not available for a user. Step 2: Frontline person checks out the user in Harmony and sees the user has been Suspended Step 3: If Frontline can't figure out why, then file a consult to Backline who will escalate as far as they can. Alternatively, they can subtly send them to the Blogger Abuse Help Content. It would probably be the GAIA team to unsuspend the user anyway.
180
Definition: Although we are not bound by our terms of service to offer service for the following categories, we recognize that these are real-world use cases where we need to help our admins, and we will always attempt to help admins as much as possible. Integration of non-core-suite products with core-apps suite products e.g. I have embedded a blog into a Site, and I am getting an error. Rationale: Because these class of issues end up involving components of the product that we offer full TSSG support for (i.e. the core suite of services), we should take integration issues (and forward to backline if were unable to resolve). Feature requests regarding end-user products e.g. It would be great if I could set individual permissions on Blogger for each of my users. or It would be great if Blogger had more templates. Point them to the Google Apps product Ideas page General comments: The guidelines on this document are internal only. Externally we are communicating no support for non-core-suite Apps services. Well continue to monitor these lines, and well adjust them as necessary based on feedback from our teams and our customers, including the following metrics: 7-day Active Enterprise usage of a product. (For any product that approach the 5-10% or 10%+ 7-day active enterprise usage, well likely pursue the inclusion of that product in the core Apps suite). Number of weekly customer requests or issues with regards to a given product or sub-component. Over time we may end up with a few select (non-dasherized) products that get much more Enterprise usage by businesses, and if that proves to be true, we could potentially offer more support in the future for those services (or work with eng/PM to make them dasherized and part of the core suite of products).
Use GD Marketplace CR and set it to Waiting on Customer Response g+ age lock out article: http://support.google.com/a/bin/answer.py?hl=en&answer=1645514
181