Cloud computing Everything is done in the web, no need to download anything, but is possible, you can also have

files on you HDD. Cloud computing is the internet-base computing, whereby resources, SW and info are provided to computers and other devices on-demand like public utility. what is google apps? google apps is an Enterprise business suite created by google and comprised of several google products. if features several web application with similar functionalities to traditional office suites. these applications are delivered through data center and built on googles servers. as these applications are built on googles servers, it allows them to be accessible anywhere in the world, with The cloud appearing as a single point of access for all the computing needs of consumers

googles apps can be accessed at any place in the world. Gmail can also be sync with Outlook THE FOLLOWING APPS ARE THE ONE WE WILL PROVIDE SUPPORT services offered: Gmail: World leading email - less spam, huge inbox, search. Gmail using your domain name. world class email service mail stores on googles servers outstanding spam blocking integrated IM, voice and video chat storage varies between 7-25GB base on edition. accessed primarily via the Web interface. Talk: business class IM, voice and video chat. Groups: Groups for mail, contest sharing and communication. Calendar: Agendas, scheduling, share online calendar. create and manage event in your own personal calendar create and share calendar with your colleagues create bookable resources for you Google Apps users Sync with Outlook, iCal etc. Docs: Collaborative docs, Spreadsheets and Presentations. create documents, spreadsheets and presentations online. share and collaborate in real time safely store and organize your work control who can see your documents upload any file to your Doc list Sites: Secure, coding-free, collaborative sites for intranets. Single click page creation no HTML required create a company intranet, team or project site upload files and attachments collaborate and share indexed and searchable if the cust has an already running website is not supported and cannot be uploaded within Google Sites. Video: private, secure, hosted video sharing. storage limit of 3GB per user shared with the entire domain Ability to upload and share videos with everybody at your domain or just with specific people. search across your video content with google search technology. NOT ABLE TO UPLOAD AND PRECREATED SITE IN HERE.

Postini: security and compliance solution.

GMAIL USES LABELS NOT FOLDERS, AND STARS NOT FLAGS.

Benefits best tools for business Information overload lots of storage: dont worry about quotas search built into every application labels and threading: new ways to scope Collaboration is central make collaborating as easy as creating remove the IT barrier to collaboration access anywhere mobile version for applications. web-based, VPN and no thumb drive.

the just keep getting better frequent, small updates 2 weeks release cycle easier for user to adjust learn from users research usage analysis easy to manage no server or client upgrades no data migration everyone is on the latest release

more reliable and secure purpose-built infrastructure hundreds of thousand of identical servers custom, hardened Linux OS Can rapidly update all system no third-party security issues world class security industry-leading experts obfuscation of data at rest

security reviews for all code. SAS 70 Type II certification. FISMA certification.

to verify the Domain: going into the following site: http://apps100.enterprisetraining.org/

MX Records creations

Configure Email Delivery - Google Apps Mail Servers

To deliver mail to Gmail inboxes, configure your domain to route incoming messages to the Google email servers. To do that, add MX records that point to the Google servers shown in the table below. Priority 1 5 5 10 10 Mail server ASPMX.L.GOOGLE.COM ALT1.ASPMX.L.GOOGLE.COM ALT2.ASPMX.L.GOOGLE.COM ASPMX2.GOOGLEMAIL.COM ASPMX3.GOOGLEMAIL.COM

On Godaddy.com Go to the Zone File Editor within the DNS Manager and enter the MX Records on the MX(Mail Exchanger) Tab Obeying the appropriate Priority of each Record, Set The TTL to half and hour and then click on SAVE ZONE FILE. KP: http://support.google.com/a/bin/answer.py?hl=en&answer=174125 DNS records are also known as The File Zone

in the MX recored @: points to the primary domain.

-we can create as many groups as we want. -Groups are only for communication (Emails) purposes. -Roles can be added to the agents. INTRODUCTION TO DNS Objectives understands the difference between domain registrars, domains host and web hosts understand domains and whois information understand the purpose of DNS records and impact of propagation understand the use and format of the following DNS records NS records A records CNAME records TXT records DKIM records perform DNS lookups using a variety of tools understand MX records and Google apps MX setting. Domain registrars vs Domain Host vs web host Domain registrars: allows you to register a domain name bare minimum service; you only own a domain name with them Domain host: allow you to access and maintain your DNS records( known as a zone file) a domain host is required to use Google Apps Some host provide a control panel to make changes, other handle changes via phone/email web host: allow you to host files (web pages, images, etc) Today, most registrars also provide domain hosting at no extra cost. many registrars also offer web hosting for a fee. Google is not a domain registrar, a domain host or web host clients are free to register and host their domain with the provider of their choice some domain host limit the type of DNS modification that can be made we offer domain registration and domain hosting through our partners (GoDaddy and eNom) if a client requires web hosting, they can purchase it from a 3rd party web host. Domain A domain registry is an organization responsible for maintaining one or more Top Level Domain (TLDs): the two most common types of TLDs are: Generic TLD (gTLD): .COM, .NET, .ORG, .EDU, .INFO, .GOV, etc Country Code (ccTLD): .CA, .CC, .DE, .SV, .US, .UK, .TV, etc.

The Internet Assigned Number Authority (IANA) delegates authority to registries Registries may set policies or limitations on domain use ex. .EDU is limited to recognize post-secondary institutions in the USA. ex. Many ccTLD have presence/residence requirements Examples of registries include: VeriSign: .COM, .NET CIRA: .CA Afilias: .INFO

FOR EDUCATIONAL PURPOSES GOOGLE APPS ARE FOR FREE FOR MORE THAN 10 USERS.
What is a Domain Registrar? most registries do not sell domain directly to the public A domain registrar is an organization or business that sell domain names on behalf of one or more registries there are thousands of registrars and our clients are free to choose any of them. GoDaddy and eNom are the worlds two most popular registrars and account for > 40% of all registered domains. Registering a Domain to register a domain, you need to choose a registrar as well as an available domain name registrant are required to provide accurate contact information (name, address, phone number, email) and providing false information can result in loss of domain registrant information for a domain is publicly available; many registrars offer a domina privacy option either for free or an extra cost domain are registered for one year at a time; some registrars offer bulk discount for multi-year registrations and automatically renew the domain yearly on your behalf. Transferring a domain Client are free to transfer their domain to another registrar starting 60 days after initial registration. Domain transfers must be initiated at the new registrar and require a transfer code available from the old registrar clients do not lose whatever time is left their domain; the new registrar will extend the expiry period by a year. Whois Tools A Whois records is a public record containing a domain registrants contact information, the domain status, registration and expiry date and more. several free web-based tools exist to do whois lookups: https://mxtoolbox.com/ 6

https://whois.net some registrars only provide full whois record for searches done through their own whois tools useful information includes the expiry date and the authoritative name servers

what is DNS surfing the Web IP Address Unique identifying number assigned to each device on a network can be dynamic or static DNS (Domain Name System) translate domain names into IP address stores other info including list of mail servers that accept email from a domain name.

what is DNS system to organise and identify domain names associates a domain names with a collection of IP addresses distributed system with no single point of failure determines where mail is delivered

Using the Network-tool.com website this website allow us to use a lot of tools (lookup, ping, trace, express, etc.) Using the Lookup option: We are able to get the following information: IP address: 68.178.232.100 Host name: mackk.info canonical name: mackk.info
68.178.232.100 is from United States(US) in region North America

Using the express option: this is a combination of the result of the lookup, trace, whois, DNS record, network lookup
Using the DNS Record tool: Retrieving DNS records for mackk.info... DNS servers ns07.domaincontrol.com [216.69.185.4] ns08.domaincontrol.com [208.109.255.4]

provides the answer records: TXT Records NS Records MX Records A Records Authority records Additional records DNS overview What is an authoritative name server? set at the domain registrar lever, this record identified the domain host authoritative name servers store the master copy of the zone file DNS requires a primary name server and at least one secondary server what is a caching name server? caching servers store copies of zone files for a limited time purpose is to improve efficiency and reduce DNS traffic ISPs typically have caching name servers for their customer PCs and routers also have their own DNS cache. Propagation upon editing DNS, authoritative nameservers are updated quickly (time depends on DNS host service) the TTL (Time To Live) determines how long a caching DNS server should cache these particular DNS records

Propagation issues DNS records can have propagation issues causing discrepancies across several caching DNS servers Use the Squish DNS tool to check for propagation issues

Common DNS Record Types Common DNS record types include: A NS MC CNAME (is use to point at the right IP) TXT (is use for authentication purposes, subdomains and DKIM) SRV

A Records Central record of the DNS Links a domain or subdomain to an IP address Several A records can point to one IP address One A record can point to many IP addresses Not typically used with Google Apps NS Record NS = Name Server (can be obtanined by usining Network Tools) The authoritative name servers host the master zone file which contains the DNS information for a domain. You can determine the domain host by looking up a domains NS record. MX Records Q: When you send a message to admin@hammer-time.net, how does the email know to go into a Google Apps inbox? Why doesnt it end up in yahoo account? A: Mail system asks hammer-time.nets DNS where to send the mail. In the DNS, the MX records are pointing to Googles server information, so the makil end up in the admins Google Apps Inbox MX= Mail Exchanger Direct email to servers for a domain (Tells email where to go) to know the IP address of a server we just need to do a ping to its address. CNAME Records Cal, docs, mail and site are all CNAMEs for ghs.google.com ghs.google.com contains mappings to redirect each CNAME to the appropiate service ex. Users who type in docs.hammer-time.net will be redirected to Google Docks for hammer-time.net SRV Records SRV = SeRVice record

10

Specified which services are available In Google Apps, the SRV record is used for Google Chat Allows user to chat with people using other messaging services through a process known as federation By default, you can chat with other Google Apps mail users and consumer Gmail users To chat with users on federated networks, youll have to change your SRV records Note: Most domain host wont allow you to access the SRV record

1. A surfer type NHL.com in the address bar of Chrome 2. The surfers computer queries DNS to determine the IP of NHL.com 3. Assuming no cached record existed, DNS server queries the registrar to determine the authoritative name server 4. t\The authoritative NS, which host the zone file, priovede the IP address for NHL.com (8.20.73.150) 5. The IP address is returned to the surfers computer 6. The surfers computer connect to 8.20.73.150 via HTTP and request the website. 7. The web server at 8.20.73.150 proveds the websites to the surfer.

DNS Tools DNS Sanity Check (https://check-mx.appspot.com/) perform a range of checks on a domains DNS Google Apps Mail Google Apps offers customized email for your domain, with domain level control over the users mail experience. End user can customize Gmail the way he liked. logo can be change but only by the admin Google apps kail at a Glance Manage information better 25GB quotas per user - never waste time managing quotas again search your email - find what you need quickly and easily Use labels to filter and sort messages conversation threading to help manage your inbox Anytime, anywhere access

11

web access from any connection mobile access: blackberry, iphone, android, windows mobile outlook connector: allow users to keep their existing client real time communications instant messaging with text simple voice and video communications IMs archived and searchable with email integrated directly into the box Simple to deploy and manage no client applications built right into the web-browser video available on any machine with a webcam

Features Administrator managed Domain Features email routing gateways email retention POP and IMAP access mail delegation voice and video chat message security User managed account features forwarding and POP/IMAP Gmail Mail Fetcher Google email Uploader FiltersLabs Themes Send mail as

- setting can be changed by organizations, one by one - Labs are not supported (information might be find in support.google.com). Resources DNS lookup tools (DNS setting, search by domain) http://www.dnsstuff.com/ (username: googleapps, pass:gafydrules) http://www.kloth.net/ http://www.hashemian.com/tools/domain-email.php http://www.mob.net/~ted/tools/mx.php3 (MX records only) General informacion on DNS Google Apps Help Center: Basic Guide to DNS: ID: 48090 Wikipedia: http://en.wikipedia.org/wiki/Domain_Name_System

12

Gmail vs Google Apps Mail

Google Apps Mail Customization Usernames Yes - minimum: 1 character - Dashes - Common names. ex. John@domain.com - john.doe@ and johndoe@ are distinct - 25 GB for GA4B - 7 GB for GA full username for authentication. ex john.doe@domain.com User accounts only created by an domian Need to contact domain admin

Gmail No - 8 characters or more - no dashes - No common Names - john.doe@ and johndoe@ are the same. 7 + GB Only username for authentication ex. Johndoe sign up directly or receive a free invite Can reset by clicking on Forgot Password Link

Storage POP/IMAP

Invites Password Recovery

Roles can be found in support.google.com with this ID: 2405986

Pre-defined administrator roles

System Role Super Admin Description Full system administrator. Super administrators also have full access to all users' calendars and calendar event details. Administrator for creating and managing Google Groups. Administrator for creating and Privileges Complete access to the Google Apps control panel and all administrator actions. Only super administrators can create or assign administrator roles, or change administrator passwords. Full access to Groups tab View access to Organization & users tab Full access to all user operations performed on

Groups Admin User

13

Management Admin Help Desk Admin

managing user accounts.

users who are not administrators View access to organizations View access to user account information The ability to reset the password for nonadministrators

Administrator to take care of support issues that require access to user information and the ability to reset passwords. Administrator to manage Google Apps services

Services Admin

The ability to add or remove services Full access to the Settings tab and all sub-tabs

If you assigned delegated administrator privileges to users before administrator roles were available, Google Apps created roles for those settings. These custom roles have the name role_useremail, whereuseremail is the email address of the user to whom the privileges were assigned.

Common features Conversations Each message is grouped with its replies and displayed as a conversation Archive, dont delete With 25GB storage (GA4B users) you can archive, rather than delete, message for viewing Search, dont sort using keywords or the advanced search feature, Gmail users find what they need, when they need it Speed Gmail uses JavaScript that allows faster navigation with fewer request to the server

- just by typing the name of the contact gmail will auto-populate the contact email, and it will does it only with the users that are in the same domain. Filters filters allow you to organize incoming messages before they reach your inbox Labs - Labs are experimental features provided on an as-is basis. - This means we do not support labs and they may potentially impact other mail features

14

- Labs can be remprarily disabled via the escape hatch (http://mail. google.com/mail/u/0/?labs=0) Shortcut and Operators Navigate gmail without a mouse Use operator to refine search criteria Full list of shortcuts and operator available in the Help Center.

Document ID: 7190 (Using advanced search) and 6594 (Keyboard shortcuts) Forwarding, POP and IMAP forwarding all email to another email address enable POP and IMAP access configure POP and IMAP settings

Mobile access the interface is optimized for the phone youre using you can access attachments, including photos, .doc, and .pdf files must be using a supported phone on a supported network supported phones for applications (milu): Blackberry, phone with Java ME supported phones for browser (pudu/super pudu): iPhone, Android, windows mobile ~90% of all the phones with web browsers web access (pudu) via http://gmail.com Download (Milu) at http://m.gmail.com

SPF

It define the server (IP) that will be use to send the email

Configure a SPF Record for your domain

1. Read the Creating SPF Record help article 2. Log into the DNS registrar for your domain. 3. Create a TXT record for your primary domain with the following value:

v=spf1 include:_spf.google.com ~all

4. Optionally, create a TXT record for your domain alias with the same

value: v=spf1 include:_spf.google.com ~all

15

Note: The TXT record entries will look similar to the following:

Select Quick Add to enter a new TXT entry. Suggestion: Do not use the SPF Record wizard. It is easier to copy & paste the TXT value yourself. Select Save Zone File to save the entry. Include an at (@) sign within the host name field if required. Note: It can take several hours for the TXT records to propagate.

DKIM Its an electronic key that is use to verify the sender of an email, the main function is to protect the owner. Difference between SPF and DKIM SPF: you let the system know from where (IP) Im sending the emails DKIM: encrypts the email
Some organizations publish Sender Policy Framework (SPF) records to help reduce email spoofing of their domains. SPF records include a range of IP addresses that are authorized to send mail on a domains behalf. To help reduce the chance that your users will receive spoofed emails, you can enable the SPF Check feature at the Email Config level in the Administration Console (see Enabling SPF Check). Note: SPF Check is available for Google Message Security customers only.

SPF by Sender Domain

Field Description

Sender Domain Pass None/ Neutral Soft Fail Fail

Senders domain name. Number of messages with an SPF Check that passed successfully. Number of messages where no SPF record was found during the SPF Check. Number of messages with the Soft Fail response type during the SPF Check. Number of messages with the Fail response type during the SPF Check.

16

Error Total Messages

Number of messages that triggered an error during the SPF Check. Total number of SPF Check messages for a sender domain.

SPF by Recipient Domain

Two types of inbound SPF by Recipient Domain reports are available. One report aggregates all messages for sub-domains and aliased domains to the primary domain. A second type of report -- the SPF by Recipient Domain (& sub-domains) report -- includes all sub-domains and domain aliases exactly as they were received without any mapping to a primary domain. The fields in these two reports are identical, and each report has the same total emails processed.
Field Description

Recip Domain Pass None/ Neutral Soft Fail Fail Error Total Messages

Recipients domain name. Number of messages with an SPF Check that passed successfully. Number of messages where no SPF record was found during the SPF Check. Number of messages with the Soft Fail response type during the SPF Check. Number of messages with the Fail response type during the SPF Check. Number of messages that triggered an error during the SPF Check. Total number of SPF Check messages for a recipient domain.

Errors link:http://www.openspf.org/SPF_Record_Syntax

Result Pass Fail SoftFail Neutral

Explanation The SPF record designates the host to be allowed to send The SPF record has designated the host as NOT being allowed to send The SPF record has designated the host as NOT being allowed to send but is in transition The SPF record specifies explicitly that nothing can be said about validity

Intended action accept reject accept but mark accept

17

None PermError TempError

The domain does not have an SPF record or the SPF record does not evaluate to a result A permanent error has occured (eg. badly formatted SPF record) A transient error has occured

accept unspecified accept or reject

The message ID is unique for every mail sent (ex. Message-ID: <007801cd45c6$093b8830$1bb29890$@transactel.net>)

Google Apps Mail Objectives know the differentiate features of google apps mail understand difference between customer and apps google mail understand how conversations works understand the difference between label and folders familiarity with web UI for sending/receiving/managing messages familiarity with google apps mail setting including filters external access labs themes understand google chat understand contact manager understand offline gmail for chrome

Google Apps offers customized email for your domain, with domain level control over the users mail experience Google Apps mail at glance can be found in the previous document. Different option on how to access the Cpanel of Google Apps. www.google.com/a/mydomain.info

18

mail.mydomain.com from the mail inbox, you can access the manage this domain option

Gmail Offline Chrome Chrome browser apps allows offline access to Gmail Based on HTML5 as gears support is deprecated Still under iterative development (beta version) Release Aug 10th 2011

Main functionally users can read, reply, send, label/star messages search for messages using envelope data (from/to/subject/label) search message body not supported depending on inbox volume, it syncs between 3 and 7 days worth of mail + starred items sync attachments (at lunch: of certain types only) requires Chrome browser install the app from Chrome Web Store Requires Cpanel setting for Offline Gmail to be checked.

product specific features Chrome web store service must be enabled for their organization if the Cpanel. Offline Gmail control panel flag: When off, users can still install the app banner explains that offline is disabled per policy app will not sync IT admins can configure the Chrome MSI to reply chrome with Gmail Offline Supported languages are the same as Gmail for iPhone.

Known issues Incompatible with some Chrome extension full gmail keyboard shortcut support limit on attachments: 5MB per attachment on sending, 25MB total Attachment types supported no sync settings signature not displayed when composing but are appended to outgoing messages cannot modify importance markers no labs support does not work well with SSO Works on GA+ domains only uninstalling the apps doesnt automatically remove data

19

Support and Troubleshooting support fully supported by enterprise covered by SLA app HC support article consumer HC article troubleshooting check that gmail offline is enabled in Cpanel check users Org Service setting to ensure Chrome Web store is enable Disable any other Chrome Extensions Uninstall/Reinstall and reconfigure Gmail Offline For App not available offline, obtain copy of Apps local cache for other errors obtain list of recent actions check apps status dashboard for services disruptions check known issues page ID: 139154

GMAIL Objectives understand how email delivers works understand the role DNS plays in mail delivery recognize google apps MX records understand Postini and how it affect email delivery understand what dual delivery is and the business need for it Configuring Dual delivery for legacy to google apps configuring Dual delivery for google apps to legacy perform various mail test Email delivery basis 1. the sender types a message and send it using gmail or through an email client (outlook, thunderbird, etc) 2. the message goes through the outgoing mail server (smpt.gmail.com) which performs a DNS lookup on the recipients domain to determine the recipients MX server(s) 3. the message is delivered to the recipients MX which places the message in the recipients virtual mailbox. 4. the recipient checks their email and download new message waiting in the mailbox 5. the whole process is repeated in the other direction when the recipient replies to the sender

20

Email configuration with postini Enabling the Postini Mail Services

Message delivered to google apps

Message delivered to Google Apps MX records primary domain: 10 mydomain.com.s7a1.psmtp.com 20 mydomain.com.s7a2.psmtp.com 30 mydomain.com.s7b1.psmtp.com 40 mydomain.com.s7b2.psmtp.com

Message transferred to Google Apps

Introduction to Dual Delivery What is it, and why would I want to do it?. Dual delivery allows incoming mail to be delivered to your legacy email infrastructure as well as google Apps email With dual delivery, incoming mail is delivered to a primary mail server which processes and delivers each message then forwards a copy to a secondary mail server which delivers it to your second inbox Admins often like to keep a backup system when in the deployment stage they can even keep some users on the legacy system, while moving other to the new google apps system There are 2 possible configurations: Send message to the legacy server and then forward them to Google Apps Send message to Google Apps and forward them to the legacy server

Dual delivery (ID: 96855) There are 2 configuration possible: Legacy email first then Google Apps Mail (We discourage this configuration, except for pilots) Google Apps Mail then Legacy email (if dual delivery is necessary preferred configuration)

21

Mail flowing to Google Apps first MX Records primary Domain will be the same for google MX records Mail Delivery Details Outbound Mail Flow

SMTP session test Ability to send SMTP commands to mail server useful for sending the message to email accounts or groups Does account exist? is account over quota? is account provisioned in Postini? Does sender meet group sending requirements? no relay allow for group Recommended tools PC: MS-DOS

22

Mac: terminal Online: Network-Tools

SMTP session test: sending a test message: Perform an MX lookup to find top priority MX record Open MS DOS ir terminal and enter: telnet aspmx.l.google.com 25 EHLO MAIL FROM: <testaccount@yourdomian.com> RCPT TO: <customeraccount@customerdomain.com> DATA Online Tools: Enter the email address of the user or group on Network-tools.com and select EMail test and click Go (is a way to authenticate that the email address provided is a valid email address). Productivity Tip: Add a custom search engine to chrome keyword: smtp string: http://network-tools.com/default.asp?prog=test&host=%s when renaming an email you loose all the documents attached to that email address, so what you have to do is to change the ownership before renaming the email address, so we can go to the Cpanel of Google Apps, under Advanced tools and all the way to the bottom we do the ownership transfer from the old account to the new one or to any other one, and only after that is when we can rename the old email. if you change only the name of the user it will keep the documents, and for all the share files will keep be shared with the rest of the users.

POP3 and IMAP

POP POP allows users to send and receive message with a third party POP client, letting them forgot the webmail interface Important features secure login transaction on every send/receive every message in All Mails is downloaded Downloaded message and message sent from the client are not downloaded again

23

recent made allows multiple POP connections apps mails retinas control over mail on our servers apps mails does not have a synchronize feature

If switching from IMAP to POP the only folder that will be sync will be the INBOX. Enabling POP Access POP access is only available to GA4B/EDU domains POP access is disabled by default In CPanel, under settings > Email, uncheck Disable POP and IMAP access for all users in the domain. Changes to this setting may take 15-30 mins to take effect.

Try the POP and IMAP at home to check how long it takes to start working

POP Server Post Office Protocol pop.gmail.com allows client to download messages from Apps Mail

SMTP Server Simple Mail Transfer Protocol smtp.gmail.com Allows client to send message through Apps Mail

Ports For Connecting Web browser contact Gmail servers on port 80 POP ports are 995 (110 not supported) SMTP ports are 465, 587.

Supported clients (ID:12103) Desktop Mail Clients Apple Mail 4.0 Outlook Express 24

Outlook 2003 Outlook 2007 Thunderbird 3.0 Windows Mail Other

Wireless Devices iPhone

IMAP - Internet Message Access Protocol IMAP is a protocol for syncing mail between an email program running on a users machine (the client) and an email stored on a server IMAP is read/write. Changes you make on the client get propagated to the server, and viceversa IMAP is a direct to connection to the server. Examples: read a message on the client, it gets marked read on the server. Deleted a message from the inbox on the client, it gets Archived on the server.

- It can be accessed at any computer anywhere. - no duplicates emails - It depend on your business needs IMAP sync and Google Apps Mail (ID: 77657) IMAP translate labels with a forward slash (/) into a folder hierarchy like you see in your computers files system. Gmail-specific features and terms, such as conversations threading and stars, wont appear in your client Dont worry, you can still perform all the usual Gmail functions, just in a slightly different way. how do actions sync in IMAP Star will be shown as flags, and labels will be shown as folders. Enabling IMAP Access IMAP access is only available to GA4B/EDU domains

25

 IMAP access is disabled by default In Cpanel, under Setting > Email, uncheck Disable POP and IMAP access for all users in the domain Changes to this setting may take 15-30 mins to take effect Once enabled at the domain level, users must individually enable IMAP in their Gmail web UI under Settings > Forwarding & POP/IMAP Gmail Servers and Ports for IMAP IMAP Server internet message access protocol imap.gmail.com allows client to download messages from Apps Mail

SMTP Server Simple Mail Transfer Protocol smtp.gmail.com Allows client to send message through Appls Mails

Ports For Connecting Web browsers contact Gmail servers on port 80 IMAP ports are 993 (SSL port) SMTP ports are 465, 587

Supported IMAP Clients (ID: 75726) Desktop Mail Clients Outlook Express Outlook 2003 Outlook 2007 Apple Mail 3 Apple Mail 4 Windows Mail Thunderbird 2 Thunderbird 3 Other*

Mobile Devices Android

26

iPhone BlackBerry* Windows Mobile 6*

*We provide instruction but dont support this devices. Recommended IMAP Client Setting (ID:78892) Sending: Do NOT save sent messages on the server. If your client is sending mail through Gmail's SMTP2 server, your sent messages will be automatically copied to the [Gmail]/Sent Mail folder. DO save draft messages on the server. If you want your drafts in your mail client to sync correctly with Gmail's web interface, set your client to save drafts to the [Gmail]/Drafts folder. Deleting: Do NOT save deleted messages on the server. Messages that are deleted from an IMAP folder (except for those in [Gmail]/Spam or [Gmail]/Trash) only have that label removed and still exist in All Mail. Hence, your client doesn't need to store an extra copy of a deleted message. Do NOT save deleted messages to your [Gmail]/Trash folder because this will delete a message in all folders. Do NOT save deleted messages to your [Gmail]/All Mail folder as some clients will try to empty this folder and ultimately fail. This can lead to delayed mail access or excessive battery consumption on a mobile device. Junk mail and spam: Do NOT enable your client's junk mail filters. Gmail's spam filters also work in your IMAP client, and we recommend turning off any additional anti-spam or junk mail filters within your client. Your client's filter will attempt to download and classify all of your existing messages, which may slow down your client until the process is complete. - Do not save information into the inbox, it will never be send. - The junk filter is not supposed to be enabled within the client, it will give problems. Points of Failure Common Symptoms Name and/or password rejected Cant send Cant receive Download some messages but not all

27

Most Causes are a result of User error/product knowledge Unsupported client Incorrect POP client settings POP not enabled in Mail account Settings Network or ISP is blocking ports Unlock Captcha Password not strong enough Bandwidth & Sending limits reached Google outage.

Gathering information Interpreting Customer Responses Are you able to lig in to your account through the Web UI? If they cant log in to web interface, its a server or account issue Do you experience difficulties in sending mail, retrieving mail, or both? Do you have any internet security, firewall or antivirus software installed on your computer or network? If so, which application(s)? A few can block port access Are you using PO access from home, from work, or from a public location? work and public locations could have firewalls/proxies that block ports Which email client are you using, and what version? Confirm that the client version is supported have you ever been able to use POP access to send and download messages? Never - more likely a client/client settings/ network issue Yes, but stopped - more likely mail server or account settings please provide screenshots of your email clients POP and SMTP setting, along with any error message that you see when you try to use POP access compare with settings in the Help Center Troubleshooting POP/IMAP issues Help Center POP issues: 1669059 IMAP issues: 1668982 Problems sending mail: 78775 Gmail known issues:

CRs (Canned Responses)

28

[GD PIMT] - General POP/IMAP troubleshooting information [GD PICM] - Contact POP client manufacture [GD CLIENT] - List of client troubleshooting questions [GD UC] - Unlock CAPTCHA

Useful Articles: Suspend a user ID: 33312 Delete a user ID: 33314 Restore a suspended user ID: 1110339 Pre-defined administrator roles

PVC
Learning objectives Understand PVC features Know how to configure PVC settings including Spam Objectionable content Content compliance Attachment compliance Blocked senders Append folders

what is PVC? background: prior to PVC launch in January 2012, clients had access to integrated Postini for message security. PVC integrates message security directly into CPanel features: ability to control spam filtering in Gmail Ability to block certain users or domains from sending mail ability to whitelist certain users or domains ability to add footers to all outgoing messages ability to filter messages based on attachment name or type ability to filter messages based on content PVC filters can be applied to the enter domain or only certain sub-orgs

Main functionality - SPAM

29

SPAM setting allow Google Apps admins ability to prevent messages from going to the spam folder based on list of senders that can be created inside Google Apps Control Panel Examples: Approved messages from internal senders Appove messages from facebool.com

Only triggers when the sender is: Internal and message in authenticated via SPF/DKIM or sent by Google In the header portion of the message, not envelope (mail-from)

messages to affect: It applies to all incoming messages Conditions: It the message is detected as spam Consequences: Move them to spam label options: Check the box Bypass this setting for messages received from internal senders to prevent internal messages from being marked as spam Create a list of domains or/and addresses to bypass spam filtering by default sender authentication is required to bypass spam filtering there is a quota for sending email (daily): ID: 166852 Main functionality - Blocked Senders Blocked Sender allow Google apps admins ability to reject messages based on lists of senders that can be created inside Google Apps Control Panel Examples: Reject messages from entire domain or specific users Rejects messages from evite.com or user@evite.com

Only triggers when the sender is: in the header portion of the message, not envelope (mail-from) and is NOT part of an approved sender list

-for google the black list is the main priority Messages to affect: it applies to all incoming messages

30

Conditions: sender's address in header matches a list of domains and/or address created under blocked Sender list in CPanel Consequences: Reject the message with a customized bounce message Options: Bypass Blocked Senders list for messages that are received from addresses or domains within a configured approved sender list under Blocked Sender Settings.

Main functionality - Append Footer Append footer allow Google Apps admins to add footers to all outging messages examples: add footers to all internal and external sent messages sadd multiple footers to messages

Only triggers when: footer is appended to internal messages only when Append footer when sending internal message is checked. Main functionality - Attachments Compliance Attachment compliance allows Google Apps admins to filter messages based on attachment types or names. examples: Strip attachment types .wmv reject messages with file type .png change subject of messages with file type .txt BCC users when message contains file of type .pdf

Only triggers when: Message contains a file type that matches with the one configured in attachment compliance if a blocked file type is not part of a nested or compressed file messages to affect: any of the following can be selected per policy 1. Inbound mail - all incoming e-mail 2. outbound mail - all outgoing e-mail 3. internal - sending - outgoing e-mail only to internal recipient

31

4. internal - receiving - incoming e-mail only from internal sender conditions: multiple conditions can be created and they can be set to match all or any rule 1. File attached matches attachment fami y or type (as defined by the file extension) 2. File attached matches an attachment name 3. file attached exceeds certain size limit consequences: any of the following can be selected 1. modify message a. add header tags or prepend subject b. strip attachments with customized advisory notice c. notify other users via BCC 2. reject message with customized bounce message Options: Bypass attachment compliance settings for messages that are received form addresses or domains within a configured approved sender lists under attachment compliance -> Options Main functionality - Content Compliance Content compliance allows Google Apps admins to filter message based on predefined set of words, phrases, text patterns or numerical patterns (using regular expressions) examples: Match the phrase stock tips match viagra, vi@gra, v1agra, v1@gra, v!@gr@, etc. Match the word hell, but not hello, shell, shellac, etc

only triggers when: Message contains a match to expressions

Messages to affect: any of the following can be selected per policy 1. 2. 3. 4. Inbound mail - all incoming e-mail outbound mail - all outgoing e-mail internal - sending - outgoing e-mail only to internal recipient internal - receiving - incoming e-mail only from internal sender

32

Conditions: Multiple conditions can be created and they can be set to match all or any rule 1. Message content matches one or more expressions 2. message content matches all expressions consequences: any of the following can be selected 1. modify message a. add header tags or prepend subject b. notify other users via BCC 2. reject message with customized bounce message. Main functionality - Objectionable Content Objectionable content allows google apps admins to filter messages based on predefined sets of words examples: Match profanity/curse words Match racist/sexist/etc words Match sensitive words

Only triggers when: Message contains a match to a word in list

message to affect: any of the following can be selected per policy: 1. 2. 3. 4. Inbound mail - all incoming e-mail outbound mail - all outgoing e-mail internal - sending - outgoing e-mail only to internal recipient internal - receiving - incoming e-mail only from internal sender

condition: 1. Message content matches one or more objectionable words Consequences: Any of the following can be selected 1. Modify message a. add header tags or prepend subject b. notify other users via BCC 2. Reject messages with customized bounce message

33

Google Apps Mail - SPAM concept SPAM the term is linked to the widely-present and mass unsolicited electr4onic mail. it has increased considerably during a short period of time and has become a serious threat to the internet mail community as a whole. to prevent e-mail spam, both end users and administrator of e-mail systems use various antispam techniques. No one technique is a complete solution to the spam problem, and each has trade.offs between incorrectly rejecting legitimate e-mail vs. not rejecting all spam this document explain some an overview about spam and best practices on how and users and administrator can help to prevent spam Background the volume of SPAM in internet is very high its completely blind (there is no correlation between the receivers areas of interest and the actual mail send out) it can overload mail server storage it cost money (to receivers and ISP) many of the spam senders are dishonest it is common practice to make use of third party hosts as a relays to get the spam mail sent out to the receivers

34

SPAM in Google Google takes SPAM very seriously Tae SAD (Spam Abuse Delivery) system is in charge of classifying messages as SPAM for: inbound messages through SMTP-IN Outbound messages through SMTP-OUT POP/IMAP messages Users and administrators can help to prevent SPAM electronic emails in internet Google maintains a very high catch rate and is very effective in catching most of the spam.

Users and SPAM Gmail users can help to prevent spam blacklisting or whitelisting messages Report SPAM: Users should mark message as spam when receiving spammer electronics emails, This will make a change in the reputation score and will help prevent similar spam messages in the future. Link Not SPAM: Users should mark messages as not spam when a non spam message has been delivered to the spam label and not to the inbox, this will teach abuse systems and messages like that wont be marked as spam in the future. Link

35

 verify that the address book of the user contains valid contacts, messages coming from sender listed there are generally not marked as spam verify the forwarding and filtering rules to see there are not anomalies there, sometime there can cause NDR (Non Delivery Report: is the technical term for the bounce back message) SPAM. some users are sender to bulk messages. Bulk messaging refers to sending a large volume of legitimate mail ( ex. a company sending a newsletter to their clients) in order to send bulk messages in Google we recommend follow some best practices to prevent messages to be parked as SPAM for best practices follow anti-spam recommendations in RFC 2505 Administrators and SPAM if a domain is receiving a large amount of messages from a specific SMTP server, the admins should configure a whitelist with the range of IP addresses of the specific server. This will avoid messages from that server being marked as spam to configure whitelist, click here. alternately, individual email addresses or maions can be added to an appoved sender list using PVC or Postini if a domain is forwarding email from its legacy server to Google, then they need to add the server IP address to inbound Gateway. this helps in better spam handling and prevents false positives to configure an inbound gateway, click here. SPF records The standard SPF record recommended by Google is: v=spf1 include:_spf.google.com ~all v=spf1: indicates the version of SPF to use. Only spf1 currently exist. include:_spf.google.com: SPF record inherits all of Googles IP addresses and passes all email sent from those IPs ~all: SoftFail all messages sent from other IPs Result Pass Fail Explanation The SPF record designates the host to be allowed to send The SPF record has designated the host as NOT being allowed to send Intended action accept reject

Mechanism + -

36

SoftFail

The SPF record has designated the host as NOT being allowed to send but is in transition The SPF record specifies explicitly that nothing can be said about validity The domain does not have an SPF record or the SPF record does not evaluate to a result A permanent error has occured (eg. badly formatted SPF record) A transient error has occured

accept mark accept accept

but

Neutral None

PermError TempError

unspecified accept reject or

SPAM abuse policy (Link)

When you sign up for a Google Apps account, you agree not to use the account to send spam, distribute viruses, or otherwise abuse the service. All users on your domain are subject to these agreements, which are part of the Google Apps Acceptable Use Policy.

If Google identifies a Google Apps user who is violating these agreements, we reserve the right to immediately suspend the user. If the problem is domain-wide, we reserve the right to suspend the entire account and deny administrator access to all the Google Apps services. In such cases, we send a notification to the registered secondary email address for the domain administrator. If you identify a Google Apps user who is violating these agreements, at your domain or another domain, you can report the abuse to Google by sending an email message to abuse@domain.com orpostmaster@domain.com, where domain.com is the domain where the abuse occurs. Google monitors these addresses for every domain registered with Google Apps. Since abuse and postmaster are reserved aliases, you cannot to use them as user names or aliases. You can, however, subscribe to them and receive all mail sent to these addresses. (Learn more) DKIM Spammers can forge the From address on mail messages so that the spam appears to come from a user in your domain. To help prevent this sort of abuse, Google Apps enables you to add a digital signature to the header of mail messages sent from your domain. Recipients can check the domain signature to verify that the message really comes from your domain and that

37

it has not been changed along the way. Googles Apps digital signature conforms to be DomainKeys Identified Mail (DKIM) standard. To add a digital signature to outgoing mail , you generate a domain key that Google Apps uses to create encrypted mail header that are unique to your domain. You add the public key to the Domain Name System (DNS) records for your domain. Recipients can verify the source of a mail message by retrieving your public key and using it to decrypt the header. to configure the DKIM records, click here.

three major steps are required to setup DKIM 1. Generate the domain key for your domain a. in Cpanel: Advanced tools > Setup email authentication > Generate new record 2. Update your DNS records a. In DNS host admin console: Create a new TXT record containing the key generated in step 1 3. Turn on mail signing a. Cpanel > advanced tools > set up mail authentication > Start authentication b. Enabling authentication will check to make sure the correct DNS record was updated. If the record is incorrect or has not propagated yet, a warning message will be displayed Outage training Outage: Service Down. If there is an outage you will be able to find this information on the CPanel under dashboard. what is an outage? Known issues: parts of service dont work, but overall works. ex. no access to old attachments, calendar sends duplicate invitations Apps Dashboard Service inaccessible service unusable ex. service down, loging issues, severe latency

when there are problem we will get email and the alert in the dashboard

38

For email problems we need to try with different browser (this is a must). Apps Dashboard: http://www.google.com/appsstatus known issues: https://www.google.com/support/a/bin/static.py?page=known_issues.cs what we call an outage? >50% of users affected? >20% of users affected? >10% of users affected? >1% of users affected? >.1% of users affected? >.001 of users affected?

For emails we have 2 problems, bouncing states (half of the amount of users within the domain cant send emails) and outage. Bouncing states recovers itself eventually. Time Description were experiencing an issue affecting less than 0.003% if the google mail user base, the affected user are unable to access google mail. we will provide an update by February 23, 2011 2:13:00 PM UTC-8 detailing when we expect to resolve the problem. please note that this resolution time is an estimate and may change.

1:13 PM

note: the known issues page will contain many more issues that arent classified as an outage why do we post about outage? To let the customer that google had any problem bringing also the solution for it. is like: hey we had this problem but here is also the solution. Only admitting failures allows you to improve Our users deserve this level of transparency It reduces the amount of support volume and press request coming to Google Centralized communications allows engineers to focus on resolving the issue Transparency build trust

39

why do we post about outage? ...the cloud aint perfect. But you may draw some inspiration from a look at how Google reacted. outage priorities

1 2 3 4 1 2 3

During an outage, it is our priority to focus on fixing the problem.

Customer care most about three issues: were aware of the problem, were working on it, and well have it fixed by...

Speed of communications is critical to servicing our customers

Transparency and accuracy are desirable During an outage, we will prioritize accuracy over transparency speedy and accurate messaging = simple messaging

the role of apas support Track incoming case volume and identify an outage

Gather information that will help narrow down the issue to aid a quick resolution

Reassure customer that we are aware and working on fixing the issue already

How to deal with an outage Step 1 - Identify the issue

40

Watch out for increases in cases around: error 500, cant login, slow, loading, oops. Thresholds more than 5 calls an hour. more than 20 cases an hour. inform your manager if no manager is available, follow the line of communication outlined in the POC document Step 2 - Gather information Gather information in affected users in a spreadsheet Spreadsheet will typically be share with you by us attach relevant cover bug to case (provided by us) to track support impact and allow follow-up with customers Step 3 - Reassure our customer - before we post reassure customers we handle his request with priority provide customer with workaround if available refer to the Apps Dashboard in case they ask whether this is widespread

It will typically not take us more than 30 minutes to post to the dashboard. Step 3 - Reassured our customer - once posted Reassure customer we are aware of the issue

Ask customer information required for the shared spreadsheet reassure him we are currently working on resolving the issue provide him with a workaround, if available refer to Apps Dashboard for updates

It will typically not take us more than 30 minutes to post to the dashboard. customers FAQs When is this issue resolved? Were currently working on a resolution, but I unfortunately dont have an ETA yet. Looking at the Google Apps Status Dashboard, typically these issues are resolved within a few hours. Is my data safe? Yes, data safety is our top priority and we have several backups, well ensure you have access to your data soon again

41

Whats causing the issue? At this stage, our focus is on restoring our users, but well be providing an incident report on the Dashboard within 10 days of resolutions any specific message on the Dashboard should overwrite this info

Google Apps Vault

product overview google apps vault search, preserve and export company email data for personnel involved in litigation or investigations entirely web-based Gmail and o-the-road chats now, Docs in Q2, Groups, sites, etc in Q3/Q4 Editions: Business, EDU and GOV to follow. Google Apps Vault launches to Newly subscribed NA & LATAM offline and rep-assisted billing customer March 28, 2012 Vault launches to all New Online/Billing3 customer approximately 3-4 weeks later (including EMEA & APAC) $5/User/Month, or $50/User/Year. Main Functionality Search search your domains Gmail data for legal discovery purposes search saved results, which are automatically combined into a collection Preserve place user accounts (and related data) on litigation hold save search queries Organize and Share manage related searched and litigation hold under a single matter share matters among authorized users Exports export search results in standard file format Entirely web-based admin access via Cpanel login end-user access via ediscovery.google.com google Apps supported browsers (Chrome, IE, Firefox and Safari). STORES SELECTED DATA

http://googleenterprise.blogspot.com/2012/03/google-apps-vault-brings-information.html 42

vault quick start vault, click here. main reason why vault was deploy is because now a day all documents are electronic document vaulta assures you that nobody else will get into the information and modify it. Action that can be taken by user (what can you do with vault) Manage matters Administrative matters access all matters create holds remove holds access all data access held data count search view documents manage saved queries manage exports download exports view retention policies manage retention policies audit matters audit system

Matter: is a collection of documents that a customer would have related to an specific topic such as a case or investigation (more information here) Note: Cpanel Super Admin always has Super Admin access in Vault This will not change before Appsless CPanel Auditing a system Check email, files, users access, etc. for compliance or standards of the company Retention allows admins to automatically hold messages meeting certain criteria. This data is removed after the specified period (in days). Deleting an email message via Vaults retention settings will delete the message from the users mailbox. there is a 30 day period in which the data will still be available, but theres no quick migration path back to Gmail.

43

Period in days after which documents not matchingrules below should be deleted. to place on hold, enter a user account (auto-completed) and select place on hold note the following: holds trump individual retention rules individual retention rules trump the default retention rule, but longest policy wins Deleted a user account will delete all data stored in Vault

Exports gmail data is exported to an MBOX (.mBOX) file .MBOX is an industry-standard mailbox format that stores one or more exported messages in a single text file. Google Apps Vault exports data to a single MBOX file, up to just under 1GB, which you can transfer to physical storage. If you export more than 1 GB of Gmail data. Google Apps Vault creates multiple MBOX files If the same email message resides in multiples user accounts for which you exported data, Google Apps Vault includes only one copy of the message in the exported results file. product specific features how is it enabled? currently under CPanel > Dashboard > Service Settings > Marketplace services, but will be under CPanel > Dashboard > service setting > core google service at launch. CPanel > Organization & users > services > additional services Languages: EN only at launch, product UI is in EN and in Next Generation Control Panel (ref b/5999330) at launch, Vault is available to Newly-Created Offline and Rep Assisted Buy Flow (RABF)Domains Launch is English-Only for the immediate future (not external communications):3-4 Weeks after launch, the following groups will get access: Newly-created offline/rep assisted buy flow (EMEA/APAC) Newly-created NA/LATAM RESOLD demains (B3 resellers only) Newly-created Online B3 domains Existing customer will NOT HAVE ACCESS TO VAULT FOR THE IMMEDIATE FUTURE. Support and troubleshooting

44

Google Apps Vault is supported by the CPanel team Vault will not launch on the Apps Status Dashboard Cases will be filed under Google Apps Vault in Unify Canned Responses and Coverbugs(go/vault/crs) GD NoVault4U | b/6241816 - Google Apps Vault not availabe for domain GD SR4v | b/6240643 - Customer needs to contact sales representative to purchase Google apps Vault GD retention | b/6240329 - question on google Apps Vault retention Setting (expected behavior)

Known issues and expected behavior Deleting a Vault user will currently delete all of that users data in vault. The control panel will warn against user deletion, but not prevent it Customers must purchase the same number of vault licenses and user accounts. All customers should be directed to their sales rep for more information on acquiring Vault for their domain. End-users deleting message held in Vault Will remove them from the users web UI, but not the Vault UI. Message deletion based on retention settings is deletion, not trashing deleting an email message via Vaults retention settings will delete the message from the users mailbox. There is a 30-day period in which the data will still be available, but theres no quick migration path back to Gmail.

What is the External and internal names of Product? Google Apps Vault What is the launch date? 3/28 What is the launch timeline with stages? Is there a product schedule? Launch timeline is for Vault for Gmail and Chat in Q1, Docs eDiscovery to follow in Q2/ Q3, Docs archiving and retention in Q3, and other data sources thereafter. What is the pricing model? Pricing is sitewide for all users, Flex-RABF($5/month) or Annual-Offline Oracle ($50) What is the Product? (Basic description of main features) Google Apps Vault enables users to archive, manage and preserve Gmail and Docs data for information governance, eDiscovery and regulatory investigations designed to reduce costs and risks. (See presentation)

45

What is the Service description (internal and external facing descriptions)? Vault provides the ability for Apps Premiere, Gov, and Education users to manage their Gmail and Apps data from a single interface. They can use the system for records management, archiving, and eDiscovery capabilities. The product will initially launch on Gmail and Gmail Chats, expand to Docs and Gdrive, and then expand to other data sources included groups, sites, G+ and more. The draft sales presentation is here, and the draft data sheet is here. Does Vault need to be purchased for all Apps seats under a domain? For example, can a customer have 1,000 Apps seats but just buy 500 Vault seats? Yes, they need to purchase for all users. That gives them the retention and deletion policies for email and chats. It also gives them unlimited users "on hold" for discovery purposes. We will be arming the sales teams to explain why customers need to buy seats for all users as we know a subset of users was a common request with GMD. Does Vault need to be purchased for all Apps seats under a domain for edu customers? $10/user for faculty, admin Do Vault licenses always need to co-term with Apps licenses? So, if a customer is 6 months into their prepaid term, would we then always sell Vault for a 6 month term to co-term with the Apps order? For offline, co-term is a requirement. We cannot support a Vault license separate from Apps until Appsless CPanel launches. Once we have Appsless, customers will be able to maintain termed employee data in Vault by paying the Vault license (and not needing the Apps license). This will be explained fully as we move towards launch. For online, since it will be monthly, there is no impact. Will Vault and Apps sold together be billed on the same invoice or we will continue to invoice separately? Apps and Vault will be sold together on the same invoice

POSTINI
there are 2 flavor for it. and postini stand alone postini

46

customer that purchase postini on they own. Integrated postini is offered with the Google Apps account for free and is called GMS (Google Message Security). most of the best features from postini are integrated into the google CPanel and is called PVC. more than the 88% of the old customer of postini were transitioned to the integrated postini, and by the end of the year is intended to have the 100% transitioned to the Cpanel postini Dasher is the internal name for Google Apps tech support. 2 types of continuations events Mail flow continuation: mail is processed by secondary datacenter and primary datacenter is still available for AC and MC config changes, most features available. full continuation: mail is processed by secondary datacenter and primary datacenter is offline, AC and MC are not available, no config changes possible. how to determine system for an account? the system # is shown in the URL When logged into the admin console or message center. url shown for an account when logged into AC on System 8 https:// ac-s8.postine.com/exeec/administart? url shown for an account when logged into MC on system 200: https://mc-s200.postini.com/app/msg with the stand alone postini we need to tell postini all the emails that are in the domain with their nicknames. with the integrated postini we dont have to worry of adding any new email, it does it by itself. we will be able to know if the customer is using postini if we find the postini servers in the MX Records. Postini allow you to create setting for an organizations and for an specific user postini can filter the incoming and outgoing messages. SPAM Filtering BSB= Blatant Spam Blocking the less the score the more probability the email will get treated as SPAM

47

NSD= Null Sender Disposition ignore User quarantine sends the message to the recipients quarantine Blackhole discards the message bounce Returns the message with the following custom error

Spam Disposition user quarantine (used by most of the user) directs each users spam to a separate quarantine quarantine redirect message header tagging puts a message in the header to let you know that this message is an SPAM

Virus blocking Early detection filtering look for similarities within virus, is not 100% reliable, it does a best effort virus cleaning when on user has the option to clean infected virus messages, it does a best effort. Virus dispositions bounce User quarantine Quarantine redirect

ATTACHMENT MANAGER allows to choose the size, block specific files, and this postini is will not override the Gmail settings.

CONTACT MANAGER combine the objectionable content and the content compliance filer from PVC SENDER LIST

48

creation of approved sender blocked sender\

Default user is basically a template and is used for any new user added.

Log Search you can look for a message get in and what happen to that message but if it was bounce back or a black hole that message is gone. Message Center is meant for the end users not for admins

About header fields when messages are processed by the message security service, custom header fields are placed in email-message header. these are useful for either determining email disposition or for handling support issues. Received from: X-pstnvirus: X-pstn-2strike: X-pstn-neptune: X-pstn-addresses: X-pstn--nxpr: X-pstn-cm: X-pstn-levels: X-pstn-settings: X-pstn-xfilter: Industry Heuristics X-pstn-disposition: X-pstn-nxp: For more information and detail on all fields, refer to the Admin Guide Section on Interpreting Header Fields. popular message header analyzers: https://messageheader.appspot.com

49

every header ending in X is a custom headers postini transition (ID: 2381789) postini header (here) if the cust is getting SPAM into his inbox after doing the transition from postini, we need to request as much SPAM header from email as possible, once we have them we need to send them to Google

Groups for Business

learning objectives know the difference between admin-manage and the user-managed groups Recognize that groups have stricter spam filtering understand how groups work understand bulk sender bounce and how to resolve it understand bounce states and how to resolve them know common issues and how to handle them

support metrics: Email and Groups overall proportion of support volume* 33.5% proportion of support volume by customer size** 30.3% for 0-50 seat domains 38.7% for 50-3000 seat domains 38.6% for 3000+ seat domains

*percentage of all Google Apps cases filled for this product **percentage of cases filled by customer size bracket in comparison to total cases filled for that particular customer size bracket

User or Admin Managed adming managed groups Can only be managed by administrator in control panel basic contribution list functionality

50

Google Groups for business Administrator controls domain level settings user can create groups and control membership, access rights

A web application that allows your user to create, manage, and search groups (An administrator can also manage these groups), mail sent to groups is delivered whether this service is active or not.

Sequence of Groups checks Sequence: Sending to Groups Message to sent to Groups by sender Groups-lever performs checks spam check user check permission check message then set to members of group user-lever performs checks spam <many more>

conclusion notes Spam threshold for Groups is higher that Users because Groups are more prone to Spam and Abuse. How to identify Bulk Sender bounce? Individual sends email to group and receives bounce: Delivery to the following recipient failed permanently: address@fakedomain.com Technical details of permanent failure: Message rejected. Please visit this page to review or Bulk email Sender guidelines

51

Solution to Bulk Sender Bounce Solution Title Solution Detail Solution Owner Notes

SPF Records

Publish SPF records into Domains the domains TXT DNS DNS records administrator

this is a difficult solution to recommend if the sender is external

Adjust Spa in User-manage Groups -> Domain The recipient group must be a m controls Groups Settings -> Spam Administrator User-managed group Controls and/or Group Owner Ensure inbound Gateway configured correctly Whitelist Senders Especially if using Postini Domain or another Mail Transfer Administrator Agent also possible to add Postinis IP addresses to the Email whitelist

If you are consistently Domain getting issues with Bulk Administrator Sender bounce, you can whitelist senders

Whitelist the senders IP address in Settings -> Email and/or create an approved sender list in Email > Filters

With suspected spam Post them to the group messages: Send them to the moderation queue default Send them to the moderation queue, but do not send notification to moderator Immediately reject them

Bounce State What is a bounce State? protect the resource capacity of google Mail servers Googles mail servers handle billions of emails per day many of these emails are bounced from the receipient to conserve server capacity, google remembers which account are bouncing and temporarily stops sending emails to that account or group.

52

A users account enter Bounced State when: Account cannot receive mail for > 12 hours [Grace period]

A Group enter Bounced State when> more that 50% of the users have entered Bounce State

Bounce states are reset 1 Dealys: 1 hour 2 Delays: 2 hours 3 Delays: 12 Hours 4 Delays: 1 Day 5 Delays: 7 Days 6 Delays: 14 Days

When the email is bouncing the email that will be receive is: your message could not be delivered because of previous failures during delivery attempts to this mailing list;. please update the list with valid addresses. This is an example of some of the bounces we received: -----------------------------------------------------Recipient: test@fakecomdina290.com 550 550 Host not found for domain: fakecomdina290.com . psmtp (state 17). message-id: <XXXXXXXXXX@mail.gmail.com> -----------------------------------------------------Recipient: test@fakecomdina290290.com 550 550 Host not found for domain: fakecomdina290290.com . psmtp (state 14). message-id: <XXXXXXXXXX@mail.gmail.com>

Clear Users bounce states Check reason for bouncing in groups UI management task > Manage Members > Bouncing

53

Resolved bouncing issue [eg. Un-suspend or remove offending users from group] request user clar bounce state by accessing this URL:

https://groups.google.com/a/yourdomain.com/groups/bounced?pli=1

Tip: Ensure Postini is not causing message bouncing Check blatant Spam blocking is disabled in Postini Check group is created as alias in Postini Solution Detail Solution Owner Domain administrator and Group Members Notes

Solution Title

Clear Users in Identify users in bounce states Bounce State in user managed groups UI. request users in bounce state got to this URL

this is a difficult solution to recommend if the users are not willing to clear their Bounce States If you have not resolved the root cause to the bounce state this will only be a temporary fix Administrator balance need to

Request Contact the support Team and Google Support to request to have all users a Support clear domains groups bounce states cleared Bounce State Ensure Once the largest causes Domain Blatant Spam of bounce stated is BSB in Administrator Blocking is Postini disabled in Postini

Notes on Bounce State

User Bounce State is the root cause of Group Bounce State - Solve it first Small Groups are more prone to Bounce States - Small domain beware! Postini filters can cause Groups Bounce States - Especially Blatant Spam Blocking

When problems with bouncing states we need to check the filters

Top Issues and troubleshooting 1. Groups not appearing in Groups Directory

54

a. new groups take 6 hours to appear b. Old general groups can take 5 days to appear c. Check Group Setting > Access > Directory listing is set to List this group in Groups Directory
Directory Listing

List this group in the groups directory

Do not list this group

1. Message Sending Limits a. Group limits are not publicised (ID: 22839) b. User will receive a warning message. Solution > Reduce Sending volume 2. Group Incorrectly Created a. Symptoms: Group not accepting any mail, not appearing in Groups UI b. Solution: Delete and recreate group.

Telnet: Sending a test message Open MS-DOS [PC] or Terminal [Mac] telnet aspmx.l.google.com 25 EHLO MAIL FROM: <testaccount@yourdomain.com> RCPT TO: <groupemail@customerdomain.com> DATA . Telnet: Insights Does the group exist. is the group accepting mail. is the user sending mail allowed to post to group.

Resources tools Telnet Test [PC] or [Mac] SPF Validator MX Toolbox Network.Tools.com

Help Center Groups Help Center Migrate mailing list to google groups

55

Using google Groups with Postini services

Documentation Google Apps Directory Sync Bulk Sender Bounce

Exercise 1 Customer ticket I cannot send messages to my finance department my group is finance@groups.gatestaccount.com please investigate

Solution Ask customer if they receive a bounce message check Control Panel for Suspended accounts Instruct customer to Remove users from group OR Un-suspend the users

Exercise 2 Solution Ask customer if they have created the group recently groups take up to 6 hours to appear within the groups directory General Group converted to User Managed Groups can take up to 5 days to appear

Ask customer if Directory Listing is marked as Listing group in the Groups Directory Instruct customer to change the above setting.

Exercise 3 When i send messages to a group in my domain, I receive a bounce back message with reference to Bulk Mail Guidelines. Im not sending bulk mail. What is the problem please investigate

56

Solution Ask customer if they have an SPF record created yes Ask the customer if they have the moderation queue enabled in user managed groups yes Instruct customer to disable the moderation queue as email sent to groups is scanned twice for spam and can lead to false positive

CPanel Advanced Tools Agenda advanced user provisioning authentication reporting free/busy service email migration API references secure data connector google apps desktop feature restrict email delivery Advanced User Provisioning This functionality allows the admin to do the following: Bulk Upload: Upload a CSV file to create and update multiple user accounts at once. Download Directory Sync: Downloads Google Apps Directory Sync (GADS) to perform a directory sync with an existing LDAP server

57

Advanced security settings

Authentications SSO - SAML - based Single Sign-On (SSO) service allows clients to authenticate user account for web based applications (like Gmail or Calendar) as well as their own internal web-based applications and services. Many 3rd party SSO services are available in the marketplace (SSO troubleshooting guide) Advanced Password Settings - This allows the admin to have further control over the user's account security by dictating criteria for the account password. Two-step verification - Users can opt-in to two-step verification where they login with their Google Apps password and a one-time-password which gets sent to their mobile device or generated with the OTP app. Manage OAuth Access - OAuth is an open standard authorization protocol that allows third parties to access user data without the need to know a users password. Instead of users sharing their passwords directly with an application, OAuth acts as a Valet key that applications use to access a users data and act on their behalf. Federated Login using OpenID - OpenID is an open standard authentication protocol which allows users to sign in to 3rd party using their google Apps account without giving away their credentials Manage 3rd party OAuth Access - allows admins to control access to user data by 3rd party applications that use OAuth

Google Analytics Tracking google Analytics tracks where visitors come from and how they interact with the a site. by using google analytics with Google apps, admins can track with Google services are most popular and drill down to determine which documents or sites are most used. clients must for a free Google Analytics account in order to use this feature.

58

Secure Data Connector

Google Secure data Connector (SDC) is an agent tool that can be used with google apps for business and education and education to connect gadgets, application and spreadsheets to data that is protected behind a corporate firewall To use this tool the admin should: First activate the secure data connector and set a password for the SDC agent account Then downloaded and install the secure data connector agent. This is an open source component which runs behind a firewall and allows Google apps to make secure connections to the internal enterprise data.

APIs 59

API References the API allow administrator to interact with google apps on a more granular level. then can be used for a whole range of functions, from seeing usage statistics, to generation customer reports, to programmatically managing and provisioning user account as defined by the Admin. Provisioning API the provisioning API allows you to programmatically manage user account and synchronize your Google Apps user base with your own user management system. to enable this feature, the provisioning API box in the User Account settings must be checked Reporting API The reporting API allows you to view Google apps information (i.e usage data, user information and stats), so you can generate reports using your own reporting system. Email Migration API The email migration API allows you to migrate email from legacy systems into Google apps email accounts.

Google Apps desktop feature Advanced Service Access Features Windows users can install desktop access point preconfigured to work with their account on the domain. These apps launch in a streamlined chrome browser window. Users can also use this to set Gmail as their default email program

Restricting Email Delivery

http://support.google.com/a/bin/answer.py?hl=en&answer=177482 admins have the ability of restrict some or all users from exchanging mail with addresses outside of the specified domain The ability to restrict email delivery is available in google apps for business and education, and only when you are using the Next Generation control panel. By default, users with Gmail accounts at the domain can send mail to and receive mail from any other email address. In some cases, admins may want to restrict what users can exchange email with.

60

For example, a school might want to allow its students to exchange mail with the faculty and other students, but not with people outside of the school. Configuration instructions can be found here

Authenticate Email (DKIM) http://support.google.com/a/bin/answer.py?hl=en&answer=174124 Set up email authentication (DKIM) Google Apps digital signature conforms to the DomainKeys Identification Mail (DKIM) Standard. To add a digital signature to outgoing mail, you generate a domain key that Google Apps uses to create encrypted mail header that are unique to your domain. you add the public key to the domain name system (DNS) record for your domain. Recipients can verify the source of a mail message by retrieving your public key and using it to decrypt the header.

61

Configure security and authentication click here and here for DKIM

Document Management Document Ownership Transfer Admins can transfer the ownership of all document owned by a user to another user. The original owner will maintain edit right to the document

62

this feature is useful when deleting a user as it ensures that documents created by the user are not lost. Once the transfer is initiated, both users will receive an email when the process is completed. The transfer process can take several minutes or hours depending on how many documents are being transferred.

Advanced migration options http://support.google.com/a/bin/topic.py?hl=en&topic=14870&parent=2412036&ctx=topic Admin-managed Email upload Admins can migrate mail from their legacy server to Google Apps for their users using the following: Google Apps Migration for Microsoft Exchange tool (GAMME) - Migrates mail from Exchange to Google apps - Migrates mail from other IMAP servers to Google Apps Google Apps Migration for Lotus Notes Tool (GAMLN) - Migrates mail from IBM Lotus Notes server to Google Apps User Email Uploads This allows users to manage their mailbox migrations and upload mail from desktop programs such as Outlook to Apps. If the Admin wishes to manage the entire domain migration, they should disable this feature The email migration API allows your users to migrate mail from their old accounts into google apps email. If you prefer to manage the email migration for your domain , this feature can be disabled on the advanced tab.

63

The google email uploader for mac is a desktop utility for Mac OS X that uploads email archives from apple mail, eudora, thunderbird and exported entourage mail (along with other mbox and maildir archives) to your Google apps mailbox. More information can be found at http://code.google.com/p/google-email-uploader-mac/

64

For instructions on how to import a CSV file click here.

Google Discussion Forum learning objectives Groups products overview features of GDF Enhancements Troubleshooting

Groups overview Google discussion Forums Features and enhancements in GDF An entirely new look to match the google wide redesign collaborative mailbox functionality advanced search functionality like gmail offering to/from subject etc tagging posts (information is here). take and assign topics saved search functionality Quick scrolling through message in a group New overview in addition to the traditional discussion view Tree and flat view of topics Collapse and expand discussion create filters to narrow messages Create folders and favorites for categorizing discussions maintain user search history within groups rich multi domain support native web-based mobile version

Admin can allow users to access consumer groups where GDF is already launched

Google Calendar learning overview Calendar overview

65

calendar basics calendar resources migrations and clients google apps Sync for Microsoft Outlook Mobile calendar sync Calendar Offline

overview

Development (2005) Trusted test launch (December 2005) Public launch (April 2006) I18n Launch (september 2006) (I18n = Internationalization) google internal launch (dogfood = using your own products (eating your own dog food)) (October 2008) More languages and features (outlook sync Secondary Notifications, Mobile Access, etc) (2007)

Creating a new calendar Create a new calendar by using the add arrow to create secondary calendars

66

Import a calendar 1. Click add down-arrow button at the bottom of the calendar list on the left side of the page, and select Import calendar 2. click browse and choose the file that contains your events, then click open 3. Select the google calendar where youd like to import event, then click import

Calendar Resources
Google apps for business and education editions can create shared calendar resources that can be booked by users within the domain. These can be used for conference rooms, projectors, computers, delivery vans A resource is simply another form of calendar To make the resource available for all users to book, admins must log into their calendar to share it by allowing all users to See all event details To share a resource with specific users, they must be specifically added and able to See all events details, Make changes, or Make changes and manage sharing

Migration: Import/Export/feed Overview To migrate Calendars from other applications such as Yahoo!, Microsoft, Apple iCal or another Google Account we recommend exporting and importing calendar Import Google Calendar will accept iCal and CSV format options We dont investigate or troubleshoot import problems for self-created files. do troubleshoot files from programas we should reasonably be expected to support most import errors involve wrong formatting of the file How to format iCal files: http://support.google.com/calendar/bin/answer.py?hl=en&answer=45664 sometimes importing a large file will cause user to hot quota limits Export Will export in iCal format only must use private access for private calendars and public address for public calendars for export issues, ask user to reset Private URLs and try again for instruction on how to export from specific applications: ID: 83126 Please note that domain administrators can control exporting options available to users at their domains. If unable to export, check the Google apps control panel

67

Viewing Google calendar from other applications: Use private address in XML or iCal format to view read-only version of GC from apps (like feed reader or Apple iCal program) Subscribe to feed in google calendar: can view other calendars on google calendar by adding the iCal address. In calendar list, click Add then enter calendar address Feeds auto-update every few hours. No way to manually refresh the fee: Only investigate feed that havent updated in 24 hours

CalDAV http://support.google.com/calendar/bin/answer.py?hl=en&answer=99357 CalDAV is an open protocol that allows you to publish and subscribe to calendars, sharing them collaboratively, and syncing them between multiple users and devices. CalDAV allows you to edit and view your google calendar events directly in other applications CalDAV sync for google calendar is only supported Apple iCal or mozilla sunbird(other calendars applications may support CalDAV , but they will not work with google calendar) Changes made in these applications will appear in your google calendar and vice versa, Changes made in your application when offline will resync when you are next online. CalDav provides basic 2 way even synchronization, but some other features offered in bot google calendar and the calendar application may not work

Google calendar Sync for Microsoft Outlook http://support.google.com/calendar/bin/answer.py?hl=en&answer=98565 Released 3/5/08: sync Google Calendar with MS Outlook\ only Outlook 2003 and 2007 supported with Win XP, vista or 7 To install users go to getting Started article in HC at here

68

The Functionality of shared calendars was improved in v1.6 of the outlook sync tool. The current implementation work as follows: The primary calendar for a user is synchronized with google apps sync (two-way sync). Additionally, all calendars you create in Outlook will synchronize with the cloud and be available from Google calendar Similarly, calendars you create in Google Apps or that someone else grants you permission to make change to, will appear in outlook (as long as the calendar isnt hidden in your Google calendar list). This is outlined on this page under Synchronizing multiple calendars requires version 1.6.x or later http://support.google.com/a/bin/answer.py?hl=en&answer=156468

Resourcing Scheduling There are two ways to schedule a resource in outlook with Google Apps Sync: 1. Get shared on a resource calendar directly so it shows up as a shared calendar and then schedule on that calendar 2. You can copy in the resource email address to the scheduler Google calendar connectors Some customer use Google Apps Sync for MS Outlook for only a subset of the users within their domain If they are using Exchange for the other group, they can query Free/Busy information for users on Exchange Calendar by using Google Calendar Connectors

69

This tool is open sourced, available from Google Code and must be installed, maintained and configured by the Microsoft exchange administrator We do not provide support for Google calendar Connector Issues, directing any questions to the google code site

Mobile Calendar Sync Google Sync for mobile is available for most mobile phone. This is how it works with the following devices

70

Apple, Android, Windows Mobile and Nokia S60 device s: Google Active Sync of Gmail, Contact and Google Calendar to the built-in Mail, Calendar and address book applications on your phone Blackberry devices: Wireless synchronization of Google calendar and contacts to the built-in address book and calendar application Most other mobile phones: wireless synchronization of google contact to the built-in address book application. Note: Google Sync is beta software. make sure to read about the known limitation of Google Sync on your device More information : www.google.com/support/mobile/bin/topic.py?topic=14252 Known limitations: www.google.com/support/mobile/bin/answer.py? hl=en&answer=139635

Google Active Sync Google Sync lets users synchronize their mail, contacts and calendars to their mobile devices Users have access (viewing and editing) to their calendar events at any time They can also get alerts (sound or vibration) for upcoming meetings and incoming messages

Calendar Offline How it Works HTML 5 Chrome Extension > Works in Chrome only installed on a per user basis App will seamlessly flip to offline when connection is lost (Calendar Only) Data Stage Data is stored locally within the browser extension > Extension needs to be install on every machine per user we sync 60 days of data, 15 past days and 45 future days > data syncs only when GCal is opened in Chrome tab By default, only primary calendar is synced, but more can be added in the extension settings for now, events can be viewed and accepted. Events can;t be created or modified in this beta, but this is planned for later

71

Multiple Sign-in you can use multiple sign-in, but chrome can only sync one account for offline usage GA+

in order to allow users to install the Web app, the chrome web store needs to be enabled under service settings Only GA+ domains have the option to enable Other Google services

Expected support Questions It doesn't work on our domain! Are you using Chrome Is the WebStore available for your domain? if not, talk to your admin I dont want my users to use Calendar offline No cPanel option (yet) to disable or domain Google support can disabled [vendors, please push back 1st, escalate if customer insists] Will file an FR as we see request It works on our domain, but not for a specific user is he using a supported browser? Are other users using the same machine, or is he using multiple sign-in? it will only work for one account per machine Try uninstalling and reinstalling the app

How can I Sync more calendars on one account? You can sync more calendars via the following steps Click the gear icon and choose Offline from the drop-down Click the Offline setting link click the checkbox under available offline next to each calendar that youd like to be able to view while offline

Calendar offline troubleshooting Confirm reinstalling the app didnt resolved the issue Local configuration (Browser, OS, syncing clients) User details (user affected, anything specific about the user [i.e. recently renamed] Try to reproduce or get an affected user Check TELUS KB Check salesforce for similar cases Check know issues

72

Check apps status dashboard Check your @google.com emails

Google Docs Spreadsheets, presentations, documents, Drawings and Forms Google Spreadsheets Heres what you can do with google Spreadsheets Import and convert .xls, .csv, .txt and .ods formatted data Export .xls, .csv, .txt, and .ods formatted data and PDF and HTML files Use formatting and formula editing so you can calculate results and make your data look the way youd like Chat in real time with other who are editing your spreadsheet Create charts and gadgets Embed a spreadsheet, or individual sheets of your spreadsheets, in your blog or website Use fusion tables, Pivot tables, Scripts

Google Presentations Google presentations is an online presentations editor that allows you to show off your work in a visual way. heres what you can do with google presentations Share and edit presentation with your friends and coworkers Import and convert existing presentations in .pptx and .pps file types Download your presentations as a PDF, a PPT or a .txt file Insert images and videos and format your slides Allow real-time viewing of presentations, online, from separate remote locations. publish and embed your presentations in a website, allowing access to a wide audience add animations to your slides

Google Documents Heres what you can do with Google documents Convert most file types of Google docs format format your documents with options such as paint format, margins, spacing and fonts invite other people to collaborate on a doc with you, giving them edit, comment or view access. collaborate online in real time and chat with other collaborators

73

View your documents revision history and rollback to any version Download google docs to your desktop as word, OpenOffice, RTF, PDF, HTML or zip files Translate a document to a different lenguage Email your documents to other people as attachments

Google Drawings heres what you can do with Google drawings Share and edit drawings with your friends and coworkers Download your presentation as a PNG, JPEG, SVG or PDF files insert images, shapes and lines and format them to fit your preferences Real-Time Collaboration with other people, no matter where they are Insert a drawing into a document, Spreadsheet, or presentation

Google Forms A Google form is automatically connected to a spreadsheet with the same title. When you send or share a form, recipients responses will automatically be collected in that spreadsheet

Domain Provisioning options can be found in the CPanel > Setting > Drive and Docs

74

Docs templat

Drive UI Drive is the starting point from which Google Docs are created and organized Docs can now be uploaded directly to folders and immediately inherit their sharing and permissions settings

Sharing and permissions A single Doc can be shared in a variety of ways. sharing and visibility options can be accessed by selecting the share button

Import, Export and convert Google Drive Makes it easy to import files to the cloud There are size limits when converting files to Google Docs

75

Documents: 1,024,000 characters, regardless of the number of pages or font size. Uploaded document files that are converted to Google documents format cant be larger than 2MB. Spreadsheets: 400,000 cells, with a maximum of 256 columns per sheet. Uploaded spreadsheet files that are converted to Google spreadsheets format cant be larger than 20MB, and need to be under 400,000 cells and 256 columns per sheet. Presentations: Presentations can be up to 10MB - Which is about 200 slides Drawings: no published limit available other files: Files that you upload but dont convert can be up to 10GB. Other files: Files that you upload but don't conver can up to 10 GB (YES thats 10 GB) kb article 39567 File types supported by Google Docs Documents HTML RTF Word Open Office PDF TXT Spreadsheets CSV HTML ODS PD XLS TXT Presentations PDF PPTX TXT Drawings PNG JPEG SVG PDF Sync tools Google cloud connect for microsoft office Driver desktop sync for apple and windows Driver desktop sync for linux coming soon Drive Mobile sync for android and iOS Google Docs offline Common issues

76

Basic troubleshooting information to gather Name and URL of Doc Owner and users on the sharing list Screenshot of any error messages Do all users with access experience the issue Browser, network, hardware information Found in canned response: GD DOCS (*note- always tailor requested information to the issue description from the user, not all items will apply or will be useful)

Basic Troubleshooting steps to suggest Try accessing Google Docs from another browser make sure that cookies are enabled in their browser clear their cache and cookies, then try accessing their account again Try a different browser, computer and network Try logging in at docs.google.com/a/yourdomain.com Check the known issues page www.google.com/support/a/bin/static.py? page=known_issues.cs Check the app status dashboard: www.google.com/appsstatus#hl=en

Connection issues Temporary error message (502) or other server error messages (Oops) Cause Documents are temporarily unavailable, potential server errors, network issues, customer environment issues Troubleshooting These errors generally resolve themselves within a few minutes. Ask the customer if they are intermittent Check for known issues, outages Send GD Docs Latency issues Issues loading - taking a long time, not opening, error, etc Cause

77

There are many potential reasons for this - browser, computer, network, something on our end

Troubleshooting THese issues are quite difficult to troubleshoot as there are a variety of possibilities. Is it reproducible after clearing cache, cookies, different browser, computer and network? Use a test user or a screencast to see this issue.

Missing Docs Docs are missing or a permissions error displays when users try to access the Doc Cause: The owner of this document may be deleted Troubleshooting When an account is deleted, all documents owned by that account will no longer be accessible by collaborators and viewers after 5 days Suggest changing ownership before user deletion in the future

Cannot share doc with external users Users cannot share docs with users outside their domain. They see an error like, Were sorry, this document cannot be share with (email address) Cause Domain administrator have restricted users from sharing documents sent from outside of their domain Troubleshooting In order to share with this domain, the administrator will need to change the sharing setting from within the domains Control Panel

Sharing between Gmail Docs and Google Apps Docs Cannot transfer ownership from my consumer account Docs to my new Google Apps account user name? Cause: This is expected behavior Troubleshooting

78

This is because we treat gmail.com like a domain which cannot share documnets outside of the domain, making this ownership change impossible Workaround: help the customer export then re-import these docs

Uploading/downloading failure Getting a failure notice when uploading or downloading a doc/collection Cause Various Troubleshooting: Very file size File type compatibility/eligibility Hit Quota? Was the file being converted to GDocs format? Use test domain and attempt to reproduce the behavior with the original file Embedded Content (images, macros, formulas) causing failure Mobile Overview Learning objectives mobile strategy Solution overview iOS platform Windows Platform Blackberry Platform Symbian Platform Mobile browser access Other mobile Apps for Enterprise Mobile Troubleshooting Resources The main idea is to keep information into this devices and to keep it safe Mobile Strategy Supporting mobile is becoming increasingly important 80% of enterprises use smartphones (Android, blackberry, iPhone, etc) Mobile devices penetration increasing rapidly due to growth of individual liable devices Google apps mobility solution Google apps provides the most comprehensive and cost-effective means to manage mobile Multiple apps provides the most comprehensive and cost effective to manage mobile fleet

79

Multiple offering Google Apps connector for BES (BlackBerry Enterprise Service) Google Sync Activesync in the cloud Google Apps device Policy for Android Google Drive Sync Google Apps Lookup Google Authenticator Comprehensive cloud-based mobile management platform coming in 2011

Solution Overview Enterprise users can connect their mobile devices to their Apps Account in a variety of ways Mobile Browers POP/IMAP Mobile Sync Mobile Devices can also choose different networks to connect: WIFI B/G/N 3G CDMA 3G HSPA 4G LTE The current market leader in mobile platform for Enterprise are: Google (android) Apple (iOS) Microsoft (Windows Phone 7) Accenture (Symbian OS) Research in Motion (BlackBerry OS)

The 6 main ways to access a Google apps user account on a mobile device: Mobile browser - available on all current phones and smartphones ActiveSync - Mobile Exchange Technologi GBES - Sync with a BlackBerry Enterprise Server POP or IMAP - Standard use of your phone's native client Android Sync - Access to google apps through android platform Downloadable application- Dedicated applications to certain phones

admins with a fleet of Mobile Devices can manage them on these platforms Android - google Apps Mobile Management

80

iOS - Google Apps Mobile Management Windows Mobile/iPhone 7 - Google apps mobile management Blackberry - GBES connector for blackberry enterprise server

Google sync and Android Sync Google Sync Google Sync uses Microsoft Exchange ActiveSync to let your users synchronize their Google apps Mail, contact and calendars to their mobile devices. It also allows Admins to enforce Security Policies (on devices which support this feature) Google Sync works with: iOS Symbian* Windows Phone 7 Windows Mobile * Will not work with all the devices it can be enabled from the CPanel:

Android Sync? Android Sync uses Microsoft Exchange ActiveSync to natively synchronize Google Apps mail, contact and calendars to Android devices. Android sync allows admins to enforce security policies using the device policy app found in google play. Works on android devices using ver 2.2 or later. Common features of the mobile devices devices: Phone and Tablets Connections Android Sync ActiveSync IMAP/POP Browser network 3G HSPA and WIFI Mail Access

81

Android Sync IMAP/POP Browser Calendar Access: Android Sync Browser Contact Access Android Sync Browser Fleet Management Android Sync +Device Police App Availability Worldwide, US Englis Support Fully Supported

Fully cloud based business class mobile solution no on-premise server required. No CapEx, No IT involvement native Google device with Gmail and Google Apps UI More than just push email Access docs, spreadsheet, presentations, wikis, intranet and internet sites Business grade security, device management and apps Encryption, remote wipe and lock, passwords polices acceptable to IT and on an approved list of devices

Apple iOS Platform devices: iPod, iPhone, iPad Connections ActiveSync IMAP/POP Browser network 3G HSPA WIFI Mail Access ActiveSync IMAP/POP Browser Calendar Access:

82

ActiveSync Browser Contact Access ActiveSync Browser Fleet Management ActiveSync Availability Worldwide, US English Support Fully Supported

ActiveSync configuration: iPod, iPhone, iPad steps Add account Exchange follow the steps on the screen steps to configure here. Google Mobile Apps (iPhone only) Direct links to various google services through the app Available at m.google.com Confidential: Push mail on GMA for iPhone is in development final UI and functionality not yet confirmed Another Alternative solution to google sync/IMAP/Browser (pudu) access-

MS Mobile/Phone 7 Platform steps to configure it here.

Accenture Symbian Platform steps to configure it here

83

Many devices-specific idiosyncrasies: Nokia devices cannot sync if a label or folder has more than 49 characters, Mail Sync for Nokia/WinMo must be active in order for calendar to sync, etc. iPhone get locked out more frequently if too many accounts on devices DAta is pushed from the server to the device within 6 0seconds, as opposed to being Fetched by the device from the server (IMAP)

Mobile Browser Access Devices: all Services: Mail (separate web interface for calendar and contacts) Push?: No Device Management?: No The version of mobile browser UI aka Pudu used depends on the service's native web browser functionality Pudu Basic: requires HTML Pudu Fancy: requires CSS Pudu Rich: requires CSS + javascript* Support Pudu: requires CSS + javascript + HTML5 (most actively being developed) Super Pudu iPad: Super Pudu + dual pane Consumer Gmail URL: http://m.gmail.com Google apps user URL: www.mail.google.com/a/your_domain/m -- 4m users of which <1% are apps users Features multi login for Supor Pudu If javascript is disabled on phone, it will show Fancy No push notifications, must log in The 3 minimum requirements are: XHTML compliant browser (WML browsers will not work) Mobile network must support cookies (most do) The proxy/gateway of each mobile network is different and may affect the ability to use Gmail for mobile : for example, the same model phone may work with T-Mobile, but not work with Vodafone

Blackberry platform Google sync app for blackberry Services: Calendar, contacts

84

Push?: Yes Device Management: No Support: full download from m.google.com/sync

Limitations Historica Calendar event deletion = device settings and/or space restriction Recurring & multi-day events rendered as single = RAM API issue Cannot connect = often network-specific; reset sync The Blackberry Google Sync App is the only Supported way to sync calendars and contacts without using GBES. Deprecated on June 1st, 2012

Google Apps Connector for blackberry enterprise server aka GBES is a software component that is installed on a BlackBerry Enterprise Server (BES) for Microsoft

Exchange.

GBES EMail features Push email Offline access Read/delete sync folder/label sync

85

Gmail features in built-in email spam filter archive star message

Calendar features 2-way wireless sync, google Calendar > BlackBerry View location details, attendee list, acceptance status Support for recurring meetings Meeting notifications on device Contacts features Access names, email addresses, and phone numbers via Global Address List (GAL) 2-way wireless sync Full support for all fields Note: There are several feature limitations listed in the GBES Admin guide found here GBES Connector data flow 1. mail arrives from google in MIME format 2. GBES connector converts it and stores is in a local PST file associated to a user in the BES Server 3. BlackBerry Enterprise Server Aka BES retrieves the message, encrypts it and send it to recipient's device. 4. Message passes through the RIM infrastructure and then via the wireless carriers to the user's handset and it decrypted and available to be read System Requirements

86

Google apps Setup Steps

1. Create a Google Apps non-admin user account which is used by both the Google Apps connector and BlackBerry Enterprise Server 2. Enable Two-legged oAuth. 3. Enable google apps provisioning API 4. Enable the google apps sync email service setting. (service setting > email > Enable Google Apps Sync and Google Apps Connector for my user (Same as GLOOK)).

Install BlackBerry Enterprise Server Application Create Administration Account Install System Components Install BlackBerry Enterprise Server Here you can perform a test connection between your server and the internet Also, the SRP key information is here (problems can arise if the SRP is expired, more on this later) Install Outlook 2007 Install the Connector (free download from the HC) http://support.google.com/a/bin/answer.py?hl=en&answer=154346

87

Installation order Installation involves the following steps. Because these components interact with one another, be sure to go through installation steps in exactly this order. Important: Always install Google Apps Connector before the BlackBerry Enterprise Server software. The Google Apps Connector installer creates a required BlackBerry Server mail profile, and specific registry keys. If these are not present when BlackBerry Enterprise Server is installed, your installation will not be successful. The following steps are explained in detail in subsequent sections. For more information, see the sections below: 1. Choose Installation Plan 2. Download All Components 3. Configure Google Apps Domain 4. 24 Google Apps Connector for BlackBerry Enterprise Server Installation and Administration Guide 5. Install Google Apps Connector 6. Install BlackBerry Enterprise Server 7. Enable Optional Features 8. Add Users

Resources

Billing Overview

Learning objectives By the end of this training you should be able to Identify all Google Apps Billing systems Identify transaction types Know which payment methods pertain to each different billing system. Explain Google Apps billing policies Identify the tools relevant to each billing system Index the location of resources on billing cases

Google Apps uses various billing systems Nile

88

Billing 3.0 (commerce) Rhythm Vanilla

The Nile System Nile is the legacy billing system, the oldest one in use today. client pay $50/user per year upfront client can buy up to 500 seats on this system Transactions can be searched via the nile tool Glass Purchase are made exclusively through Google Checkout/Wallet Google Checkout/Wallet is similar to PayPal, a competing payment platform. Funding of a Google Wallet account can be Credit Card or Debit Card. Many Resellers are still in the nile system. Migrations to Billing 3 are have begun.

The Billing 3 system Billing 3 is the billing system, clients are actively being migrated to it from all other system whenever possible Clients are postpaid monthly on a flex or commitment period per user. Cost on Flex Plan is $5/user per Month on a commit plan is $4.17/user per Mo.

The Rhythm system (This cases will have to be transfer to google) This is a discontinued billing platform Client currently still on this system will be migrated to Billing 3. All cases involving the Rhythm system are to be handed off.

The Vanilla System (Offline clients) (Transfer to Google). Clients wishing to pay via Cheque are in this system Offline clients must sign a contract with Goole sale team for a minimum of 100 seats Client who are Offline will not be able to provision more users than their current seat count. The need to contact their Google Sales rep in order to add more seats Support Tool will show such domains as Offline

89

Beware that resold domains also show as Offline in error.

*note* the user cannot add new users online, they have to pay first then created the new users.

WE WILL DEAL ONLY WITH NILE AND BILLING 3 SYSTEM

Transaction Types
There are 4 transactions types Domain Name Registrations Licence purchases Renewals (domain and/or licenses) Google Drive/Vault

Domain Registrations: SLED (Deprecated) Clients optionally buy a domain when setting up Google Apps Clients can chose either Godaddy or Enom as the registrar Purchases via Google Checkout/wallet at signup Cost is $10 non-refundable and paid annually. Clients who buy their domain through Google can select the Free or Business edition of Apps. These types of domains are referred to as SLED domains This method is no longer available to new signups

Domain Registration: Troika Clients optionally buy a domain when setting up Google Apps Clients can chose either Godaddy or Enom as the registrar Purchase via Credit Card or Bank Account info at sign up Cost is $10 non-refundable and paid annually Clients who buy their domain through Google can select the Free or Business edition of Apps These types of domains are referred to as Troika domains

Licence Purchases: Nile (Deprecated) After a client signs up, they can upgrade their account to the business edition

90

clients pay upfront $50/user a year Nile is no longer being used for direct signups Nile clients are being actively migrated to the new billing 3 system Payment is made via Google checkout/wallet Many resellers are still on this system, transition to Billing 3 TBA

License Purchase: Billing 3 At after clients signup they can upgrade their account to the business edition The Commit plan is a contractual plan for a period of 1 year The Flex plan requires no contractual agreement. Both plans are post-paid and charged monthly Payment is configured directly via CPanel with a creditcard or bank account information when client is in the Billing 3 systems

*Visa/Mastercard debit card are also accepted as a substitute for credit card in certain counties.

Renewals: Niles This applies to Licenses and/or Domain purchase Domain renewals are pre-authorized 15 days prior to expiration date Clients can set auto-renew for both domain names and/or user licenses Domain name renewals are charged in full ($10 per domain) Licenses are pre-authorized before renewals.

Renewals: Billing 3 This applies to Licenses and/or Domain purchase Domain renewals are pre-authorized 15 days prior to expiration date Clients who are in Nile or Rhythm have the option to migrate to it 30 days before renewal Domain name renewals are charged in full ($10 per domain) Licenses are charges monthly based on the amount of total number of licenses (seats)

Renewals: Billing 3 commit Life Cycle

91

30 days free trial (max 10 users) Paid subscription period Flexible plan (gets charge post usage and can get as many months the customer wants) Paid subscription period Commitment Plan (annually)

Payment methods Nile Paid via Google Checkout/Wallet Billing 3 Paid via credit card or bank account via CPanel Vanilla Offline Clients orders are paid via Cheque Rhythm N/A handoff all cases Billing policies and procedures Policy issues https://sites.google.com/a/google..... Renewal Options http://support.google.com/a/bin/answer.py?hl=en Procedures & Troubleshooting https://sites.google.com/a UNDERSTAND BILLING http://support.google.com/a/?hl=en http://support.google.com/a/bin/topic.py?hl=en&topic=1224197&parent=1209326&ctx=topic

Available forms of payment

http://support.google.com/a/bin/answer.py?hl=en&answer=2380700&topic=1221175&ctx=topic
Google Apps is available for sale in over 230 countries with an international credit card. For credit card payments, you may use Visa, MasterCard or American Express. Any additional forms of payment available to you in the Google Apps billing system are determined by your location. For each country, there is a specific currency you will use to pay and up to two methods of payment. Please see the table below to determine your currency and form(s) of payment. Region

92

Country Africa South Africa Other Asia and Middle East Hong Kong Israel Japan Turkey Other Australia and Oceania Australia New Zealand Other Europe Austria

Currency

Form(s) of payment

U.S. Dollars U.S. Dollars

Credit card Credit card

U.S. Dollars U.S. Dollars Japanese Yen Euros U.S. Dollars

Credit card Credit card Credit card Credit card Credit card

Australian Dollars U.S. Dollars U.S. Dollars

Credit card Credit card Credit card

Euros

Bank account (direct debit) Credit card Credit card Credit card

Belgium Czech Republic

Euros Euros

93

Denmark Finland France

Euros Euros Euros

Credit card Credit card Bank account (direct debit) Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card

Germany

Euros

Greece Hungary Ireland Italy

Euros Euros Euros Euros

Netherlands

Euros

Norway Poland Slovakia Spain

Euros Euros Euros Euros

Sweden Switzerland Turkey

Euros Euros Euros

94

United Kingdom

British Pounds Sterling

Bank account (direct debit) Credit card Credit card

Other North and South America Canada United States

U.S. Dollars

Canadian Dollars U.S. Dollars

Credit card Bank account (direct debit) Credit card Credit card

Other

U.S. Dollars

Renewal options (Link)

For customers on the Annual Plan, the default renewal option for your account is to automatically renew the number of licenses when subscription expires. If you want to change this setting, follow the instructions below. 1. Sign in to your Google Apps control panel https://www.google.com/a/your_domain.com (Replace 'your_domain.com' with your actual domain name) 2. Select Domain Settings > Subscriptions & Billing 3. Click on the [+] to expand your Billing Details 4. Click the blue change link next to your current renewal option. 5. Select your new option and click Save. Note: Before the renewal date, you can change renewal options with no impact to your account. If you're in a 30 day trial and want to convert, see Upgrade to Google Apps for Business. The renewal options are: Auto-renew my contract This is the default setting. On the renewal date, you begin a new 12 month subscription for this account's number of user licenses. Notifications are sent automatically to you 30 days and 3 days before the renewal date.

Reduce my contract Use this option if you want to renew your annual number of licenses to be the same as your existing users. For example, for your account that currently has 50 licenses of which 45 are registered to existing users, the renewed number of licenses is 45. Do not auto-renew A non-automatic renewal will switch your account from the Annual Plan to the Flexible Plan at the end of the subscription period. See below for additional details on this option. Cancel my service at the end of my term Service for your account will be suspended when the subscription period ends. IN THIS CASE THE CUSTOMER CAN CANCEL THE ACCOUNT OR TO DOWNGRADE TO THE FREE VERSION.

95

If you select Do not auto-renew my contract, this is the timeline of what happens. 30 days before renewal date you are sent an email reminder. This message is sent again 3 days before your renewal date. On the renewal date, if you don't renew, your account is switched from the Annual Plan to the Flexible Plan.

Billing Overview

Learning objectives By the end of this training you should be able to Identify all Google Apps Billing systems Identify transaction types Know which payment methods pertain to each different billing system. Explain Google Apps billing policies Identify the tools relevant to each billing system Index the location of resources on billing cases

Google Apps uses various billing systems Nile Billing 3.0 (commerce) Rhythm Vanilla

The Nile System Nile is the legacy billing system, the oldest one in use today. client pay $50/user per year upfront client can buy up to 500 seats on this system Transactions can be searched via the nile tool Glass Purchase are made exclusively through Google Checkout/Wallet Google Checkout/Wallet is similar to PayPal, a competing payment platform. Funding of a Google Wallet account can be Credit Card or Debit Card. Many Resellers are still in the nile system. Migrations to Billing 3 are have begun.

The Billing 3 system

96

Billing 3 is the billing system, clients are actively being migrated to it from all other system whenever possible Clients are postpaid monthly on a flex or commitment period per user. Cost on Flex Plan is $5/user per Month on a commit plan is $4.17/user per Mo.

The Rhythm system (This cases will have to be transfer to google) This is a discontinued billing platform Client currently still on this system will be migrated to Billing 3. All cases involving the Rhythm system are to be handed off.

The Vanilla System (Offline clients) (Transfer to Google). Clients wishing to pay via Cheque are in this system Offline clients must sign a contract with Goole sale team for a minimum of 100 seats Client who are Offline will not be able to provision more users than their current seat count. The need to contact their Google Sales rep in order to add more seats Support Tool will show such domains as Offline Beware that resold domains also show as Offline in error.

*note* the user cannot add new users online, they have to pay first then created the new users.

WE WILL DEAL ONLY WITH NILE AND BILLING 3 SYSTEM

Transaction Types
There are 4 transactions types Domain Name Registrations Licence purchases Renewals (domain and/or licenses) Google Drive/Vault

Domain Registrations: SLED (Deprecated)

97

Clients optionally buy a domain when setting up Google Apps Clients can chose either Godaddy or Enom as the registrar Purchases via Google Checkout/wallet at signup Cost is $10 non-refundable and paid annually. Clients who buy their domain through Google can select the Free or Business edition of Apps. These types of domains are referred to as SLED domains This method is no longer available to new signups

Domain Registration: Troika Clients optionally buy a domain when setting up Google Apps Clients can chose either Godaddy or Enom as the registrar Purchase via Credit Card or Bank Account info at sign up Cost is $10 non-refundable and paid annually Clients who buy their domain through Google can select the Free or Business edition of Apps These types of domains are referred to as Troika domains

Licence Purchases: Nile (Deprecated) After a client signs up, they can upgrade their account to the business edition clients pay upfront $50/user a year Nile is no longer being used for direct signups Nile clients are being actively migrated to the new billing 3 system Payment is made via Google checkout/wallet Many resellers are still on this system, transition to Billing 3 TBA

License Purchase: Billing 3 At after clients signup they can upgrade their account to the business edition The Commit plan is a contractual plan for a period of 1 year The Flex plan requires no contractual agreement. Both plans are post-paid and charged monthly Payment is configured directly via CPanel with a creditcard or bank account information when client is in the Billing 3 systems

*Visa/Mastercard debit card are also accepted as a substitute for credit card in certain counties.

98

Renewals: Niles This applies to Licenses and/or Domain purchase Domain renewals are pre-authorized 15 days prior to expiration date Clients can set auto-renew for both domain names and/or user licenses Domain name renewals are charged in full ($10 per domain) Licenses are pre-authorized before renewals.

Renewals: Billing 3 This applies to Licenses and/or Domain purchase Domain renewals are pre-authorized 15 days prior to expiration date Clients who are in Nile or Rhythm have the option to migrate to it 30 days before renewal Domain name renewals are charged in full ($10 per domain) Licenses are charges monthly based on the amount of total number of licenses (seats)

Renewals: Billing 3 commit Life Cycle 30 days free trial (max 10 users) Paid subscription period Flexible plan (gets charge post usage and can get as many months the customer wants) Paid subscription period Commitment Plan (annually)

Payment methods Nile Paid via Google Checkout/Wallet Billing 3 Paid via credit card or bank account via CPanel Vanilla Offline Clients orders are paid via Cheque Rhythm N/A handoff all cases Billing policies and procedures Policy issues

99

https://sites.google.com/a/google.....

Renewal Options http://support.google.com/a/bin/answer.py?hl=en Procedures & Troubleshooting https://sites.google.com/a UNDERSTAND BILLING http://support.google.com/a/?hl=en http://support.google.com/a/bin/topic.py?hl=en&topic=1224197&parent=1209326&ctx=topic

Available forms of payment

http://support.google.com/a/bin/answer.py?hl=en&answer=2380700&topic=1221175&ctx=topic
Google Apps is available for sale in over 230 countries with an international credit card. For credit card payments, you may use Visa, MasterCard or American Express. Any additional forms of payment available to you in the Google Apps billing system are determined by your location. For each country, there is a specific currency you will use to pay and up to two methods of payment. Please see the table below to determine your currency and form(s) of payment. Region Country Africa South Africa Other Asia and Middle East Hong Kong Israel Japan U.S. Dollars U.S. Dollars Japanese Yen Credit card Credit card Credit card U.S. Dollars U.S. Dollars Credit card Credit card Currency Form(s) of payment

100

Turkey Other Australia and Oceania Australia New Zealand Other Europe Austria

Euros U.S. Dollars

Credit card Credit card

Australian Dollars U.S. Dollars U.S. Dollars

Credit card Credit card Credit card

Euros

Bank account (direct debit) Credit card Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card

Belgium Czech Republic Denmark Finland France

Euros Euros Euros Euros Euros

Germany

Euros

Greece Hungary Ireland

Euros Euros Euros

101

Italy

Euros

Bank account (direct debit) Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Credit card Credit card Credit card Bank account (direct debit) Credit card Credit card

Netherlands

Euros

Norway Poland Slovakia Spain

Euros Euros Euros Euros

Sweden Switzerland Turkey United Kingdom

Euros Euros Euros British Pounds Sterling

Other North and South America Canada United States

U.S. Dollars

Canadian Dollars U.S. Dollars

Credit card Bank account (direct debit) Credit card Credit card

Other

U.S. Dollars

Renewal options (Link)

102

For customers on the Annual Plan, the default renewal option for your account is to automatically renew the number of licenses when subscription expires. If you want to change this setting, follow the instructions below. 1. Sign in to your Google Apps control panel https://www.google.com/a/your_domain.com (Replace 'your_domain.com' with your actual domain name) 2. Select Domain Settings > Subscriptions & Billing 3. Click on the [+] to expand your Billing Details 4. Click the blue change link next to your current renewal option. 5. Select your new option and click Save. Note: Before the renewal date, you can change renewal options with no impact to your account. If you're in a 30 day trial and want to convert, see Upgrade to Google Apps for Business. The renewal options are: Auto-renew my contract This is the default setting. On the renewal date, you begin a new 12 month subscription for this account's number of user licenses. Notifications are sent automatically to you 30 days and 3 days before the renewal date.

Reduce my contract Use this option if you want to renew your annual number of licenses to be the same as your existing users. For example, for your account that currently has 50 licenses of which 45 are registered to existing users, the renewed number of licenses is 45.

Do not auto-renew A non-automatic renewal will switch your account from the Annual Plan to the Flexible Plan at the end of the subscription period. See below for additional details on this option. Cancel my service at the end of my term Service for your account will be suspended when the subscription period ends. IN THIS CASE THE CUSTOMER CAN CANCEL THE ACCOUNT OR TO DOWNGRADE TO THE FREE VERSION. If you select Do not auto-renew my contract, this is the timeline of what happens. 30 days before renewal date you are sent an email reminder. This message is sent again 3 days before your renewal date. On the renewal date, if you don't renew, your account is switched from the Annual Plan to the Flexible Plan. You have four options: Do nothing Your account is switched to the Flexible Plan with no annual commitment. Renew the annual commitment Your subscription is renewed through your Google Apps control panel. Downgrade to Google Apps (free edition) You can only do this if your account has less than 10 users. If the your account has more than 10 users, the additional users must be removed from the account before the downgrade is completed. For instructions and details of service changes, please see Downgrade to Google Apps. Delete the account All users must be deleted from the account before the deletion is completed. The account deletion is finalized within 7 days after this option is enabled. For instructions and details, please see Cancel your Google Apps account.

Telus knowledge base: link User vs License

103

User is an active license and license is just the amount of seats available to be use it doesnt matter if is used or available Domain Name Registration Agenda 1. 2. 3. 4. 5. Introduction to domain name registration (SLED) tour of the Domain in name registration process SLED tools Common SLED issues Domain registrations partner contact details

Introduction to domain name registration (SLED) What is a domain name registration? It is a prerequisite of Google Apps that customers have a Primary Domain Name to associate with their account Google facilitates the purchasing of a domain name from one of our registration partners for an annual subscription period, during the signup to the free edition of google apps www.google.com/a/cpanel/domain/new We have 2 domain registration partners: GoDaddy and eNom We charge $10 for each Domain Name Registration Purchase per year Only the following 5 Top-Level Domains are offered: .com, .net, .org, .info, .biz More localized domain names are not available to the customer through this process e.g. .com.au, .co.uk, .ca Supporting Domain Name Orders Free Edition and Education Edition Customers can purchase domain name through us when signing up for their Google Apps account Generally, this is the only time these customers will have a financial transaction with us for their Google Apps domains We will support them for domain name issues they may be experiencing if they ordered it through Google Issues may involve the renewal of the domain name or an issue with the order. This does not entitle Free Edition customers to unlimited support. Support is restricted to issues directly related to their Primary domain name.

104

Purchasing SLED Domains Customers have to create a Free Edition domain if they register a domain name through us, before they can upgrade to Google Apps for Business Edition They cannot upgrade to Business Edition at the same time as they are placing a registration order Education edition customers will also have to purchase it in conjunction with their signup to the free edition of google apps before upgrading to education edition A Tax Charge of $2.15 may be included depending on where the customer is based. Customers have to ensure that they complete the domain name purchase and press all confirmation buttons. Otherwise it could end up in a partially-created states and prevent service activation. Domain name verification and MX record configuration are automated. Services are instantly activated for the domain

7 STEPS VERIFICATION https://sites.google.com/a/google.com/telus-knowledge-base/Home/frontline-resources/policyissues/domain-ownership/contested-domain/contested-domain-admin-cannot-verify-throughcname-or-html

Public tools Top Level Domain .com, .net, .org, .info, .biz are the only tlds we offer Whois Lookup Whois lookups provide information about the current registrar help to make decision whether or not a Domain is a SLED domain Check MX records another indication are MX record lookups if MX records are pointing to Google it is an indication that MX records were set automatically during registration Common SLED isues

105

1. Admin wants a refund on the domain registration

no refunds on domain registration

1. Administrator wants to change domain host This is possible. They will need to contact the new domain host for instructions. We will not assist with the transfer in any way. Send the following Canned response: If youd like to host your new domain with another company, you can contact the new host for instructions to transfer your domain.

1. Administrator is trying to register their domain but message says domain is unavailable Admin already has a Google Apps account Check if the account is already an alias of a different account. IF so, the alias will have to be removed by Google Support and then have the admin try again Could be ibn system from before if there was a problem with the credit card Maybe somebody else already owns it! Domain name does not meet our requirements

1. Administrator is trying to add advanced web hosting to their hosting package If the account is with GoDaddy, they will need to contact GoDaddy If the Account is with eNom, they will need to be provided with eNoms contact information.

1. My Credit Card was declined, but im sure its right Call the credit card company, tell them the charge is valid

1. I want to renew my domain, but im passed the renewal date If < 19 days: Good news, grace period! Make sure your credit card will authorize and is correct GO to this link www.google.com/a/cpanel/domain/renew-domain/ [domain.com] If > 19 days. Sorry, redemption period

106

Customer will have to contact Godaddy or eNom and pay redemption fee (usually much greater than $10) to get the domain back.

Sample domain: landtoman.com support information:

GoDaddy Support info: Tier 1: End-users calling GoDaddy directly Phone: 480-366-3700 Email: gdomains@secureserver.net Tier 2: Google calling GoDaddy support Phone: 480-366-3366 Email: googleapisupport@secureserver.net Reseller ID: 10838801 Enom Support info: Tier 1: End-users calling Enom directly Phone: 425-298-2623 Email: GoogleClients@enom.com Tier 2: Google calling Enom support Phone: 425-974-4621 Email: GoogleService@enom.com Reseller ID: Google2448 Google Support info: Phone: 650-623-4000 Email: apps-support@google.com

Nile System (annual Prepaid) Agenda 1. Nile Architecture 2. Information available in Nile 3. Works flows and system events 4. Examples 5. Common Apps Billing Issues Nile Architecture

107

Billing related task should always be performed in Nile ICS to keep the system in sync (add users, remove users, refund, cancel orders) Adding a user in Rudolf without placing an order results in an out of sync system, preventing the user to purchase additional users Refunding a customer in Checkout wont notify Nile, the subscription will remain active and Nile will charge the customer again on renewal time.

Information in Nile You may search by: 1. Selecting domain_reg in the toolbar combobox, and entering a domain name for SLED orders 2. Selecting dasher in the toolbar combobox, and enter a domain name for Business editions orders 3. Selecting cbg# in the combobox (drop down menu), and entering a cbg order# for both

108

Searches are case sensitive. Please use lower cases.

Charge attempts and Cbg Notifications Nile received status information from checkout and dasher
ORDER_CONFIRMING waiting for the users to confirm the payment method in checkout

AUTHORIZING

Credit Card Authorization in progress (payment could be declined)

CHARGING

Credit Card charging in progress

109

PROVISIONING

Waiting to provision the service (dasher account / domain registration/ )

GRACE_PERIOD

charge/ auth/ reprovision failed during renewal (4

- 5 business

days)
CANCELING order failed , in progress of cancelling order

Refund Disclaimer: Review Policies There are a number of policies behind Google Apps Payment issues, that relate to renewal issues and providing to customer where required

No Refund Policy
110

The main Policies are the following: -We have a strict no-refunds policy -However, refunds may be issued if the customer contacts us within seven days of being charged -If it is more than seven days we absolutely do not issue refunds -When issuing a refund to the customer we need to communicate to them the fact that we are making a once-off exception in their case given their circumstances and that they contacted us shortly after they were charged -We will then educate them on billing procedures and policy accordingly in the case Note: We do not have to tell the cust about the 7 days policy is INTERNAL ONLY

Refund customer Domain: careertunity.com INITAL_ORDER_TRIAL: 9 seats - Google charge us for 9 users, but we only need 6 Nile lcs Customer placed 2 order, both were charged [A] 639824407955810 dec 11, 2009, quantity 4, CHARGED $200, DELIVERED [B] 371489589842493 Dec 12, 2009. Quantity 5. CHARGED $250, DELIVERED Refund $150 for order [A], using ChargeAttempts >> ChargeLines >> right click on order (4 accounts) Refund for DASHER, QuantityToKeep 1 Result: Refund success: pretax refunded = USD 150.0, total refunded = USD 150.0 confirm in rudolf that seat count was adjusted from 9 to 6 accounts. Missed 7-day windows User missed 7-day windows to update his credit card info for Business user account purchase User must wait for the account to be automatically downgraded to Free Edition User can then re-upgrade to Premier using new credit card information User receives another 30-day free trial (dont mention this to the user, but confirm if youre asked)

111

Update credit card information Card details need to be changed after customer has been charged, card expired/stolen Shortlink: checkout.google.com/updatecreditcard Note: if payment has been declined for Auth reasons, customer needs to re enter the card again so Nile can retry http://checkout.google.com/support/bin/answer.py?answer=29072

Billing 3.0 System (Commerce)

Agenda 1. 2. 3. 4. 5. Now There are 2 plans Pay as you go: $5/user/month, paid at the end of the month, based on the number of created users Annual plan: you commit to a given number of users for an entire year, and are charge $4.17 times this number a the end of every month Note that both plans are paid monthly after the month -- there is no pre-pay option Examples: I end trial June 1st, 2 created users. Im on the flex plan. On July 1, Ill be charged $10 I end trial June 1st, 3 licenses, commit plan On July 1, Ill be charge $12.48. Same in Aug, Sept, etc. how is Billing 3.0 different from before? What does it look like? New tools Policy changes Question?

After (the trial) 112

Trial is still 30 days long, but It's capped at 10 users If you want more than 10, youre prompted to enter your payment information and end your trial This means that no in-trial domain will have 10+ users. as a result, everyone in trial is yellow. Signup doesnt require a credit card, so there arent any authorization going on. After (sign up + credit card requirement) Sign up is 1 (albeit lengthy) page going! No credit card is required to sign up! (it just needs to be added at some point before trial ends)

After (payment options) Google checkout isn't used anymore--credit card is entered in the CPanel Credit card and direct debit (ie, bank transfer) are the 2 forms of payment well allow at launch. More will come later. Tools Billy ICS

Raise limits Unsuspend Take offline Change commits

See what the customer sees

Moneypenny used to request adjustments

Canceling/lowering customer commitment Cancel Completely Only if company wants to use a different domain name They have signed up for that domain and have committed to at least as many licenses as they have on the domain for which youll be cancelling the commit

113

Lowering Commit This should only be done if the user made an error and contacts us within the first 30 days after their first charge on the commit plan Reference next few slides for details on whether or not they qualify for ta refund. Note that you should not let someone out of the commit plan entirely--the within 30 days policy is simply for lowering the commit Adjustment (credits & refunds) Google Error If a user incurs erroneous charge due to error on our part, we will credit/refund Examples: Billing bugs resulting in overcharge, VAT calculations out wrong (needs to be our fault, wrong VAT number is users error) User Error only exception: commitment mistypes Must contact us within 30 days of first charge, and be off by a factor of 10 If they qualify, we will lower commitment and issue a refund/credit A refund will be issued if the overpayment is worth more than their contract value, a credit if less Lastly, note that no refunds, credits, or seat reductions will be done after the second charge (ie. 60 days in)

Examples: I want 10 licences, accidentally type 1000. Get charge $4,160 instead of $41.60 on my first bill, I freak out, call support within a month of the charge, Support lowers my commit to 10 in Billy and request a refund of $4,118.40 ($4,160 - $41.60 -- the amount of the overpayment). A refund is requested instead of a credit because $4,118.80 is greater than my remaining contract value of $458.40 ($500 for the users for the year - 1 month payment of $41.60) I want 10 Licenses, accidentally type 100. Get charged $416 instead of $41.60 on my first bill. I freak out, call support within a month of the charge. Support lowers my commit to 10 in Billy and requests a credit of $374.40 ($416 - $41.60 -- the amount of the overpayment). A credit is requested instead of a refund because $374 is less than my remaining contract value of $458.40 ($500 for ten users for the year - 1 month payment of $41.60). I want 10 licenses, accidentally type 11. I called support, they lower my commit to ten but do not issue any sort of credit/refund because I wasnt off by a factor of 10. The user has to deal with the $4.17 loss.

Changing limit

114

The 10-user trial limit this value should not be changed by support. If they want more than 10 users, they need to end their trial

The 50 after-trial flexible limit This value can be changed by support if requested by the end customer Use good judgement, however--if the email requesting the increase also includes an offer to ship you a car in return for wiring money to nigeria, or mentions that youve won the Angolan lottery, you might want to push back. Particularly if they havent had a bill paid yet. Additionally, only increase it as mush as necessary -- dont go making it 999,999.

Reseller Overview (extended)

Agenda 1. 2. 3. 4. overview The life of a reseller The reseller portal Reseller billing

The basis Background information Partners is the umbrella term for all external companies that add value in some way.

The different Partners from support perspective Vendors (Like Telus and VoxPro) Supporting our SMB customers Telcos (like VodaFone And Verizon) Managing their own resold customer base Resellers managing their own resold customer base

115

Background information The reseller program launched in January 2009 The reseller console launched in April 2009.Before reseller used the reseller API 2.0 to manage their customer they are four type of contracts for Reseller: A1 - longtail reseller A3 - Enterprise /Mid-Market A4 - Enterprise /Mid-Market Other terms - the big 11 still using the reseller API 2.0 Every Reseller has a Lead Owner which is the partner manager in Google for the Reseller (to find the Lead Owner, search for the domain name in SFDC and click through Lead or click Account name > Leads associate with Accounts) Customers can find name in SFDC and click through Lead or click on the Account name > resellers also through the google apps Marketplace (we dont recommend specific resellers)

116

WE DONT REFER ANY GOOGLE CUSTOMER TO ANY RESELLER

The different types

Type A1-Longtail Reseller A3-Enterprise Resellers A4-Enterprise Resellers

Characteristics

Authorized to sell fewer than 250 seats 20% discount Can sell domains worldwide Customer can contact Google support also directly Not obligated to provide tier-1 support

No limit for the amount of seats to they can sell Get 20% discount Can only sell domains in a certain country territory Customers can contact google support also directly Not obligated to provide tier-1 support

Customer can NOT contact Google Support directly. Obligated to provide tier-1 support Get 30% discount feb-2011, we have 30 of them world wide

Example Resellers

reseller.appspeople.dk cloudlogic.co.uk

reseller.onixnet.com reseller.cloudsherpas.com

reseller2.revevol.eu

117

The Life of a Reseller

The A1 application overview Reseller applies at the partner portal website (the console needs to be linked to a primary domain) The reseller must deploy 25 premier seats

Google will run a credit check on the Reseller business Once passed they assign the reseller legal agreement Reseller will be provisioned to give them access to the Reseller Portal Lead owner sends welcome email.

Once access to the Reseller portal the Reseller can start selling domains.

The sign up process Reseller first has to sign up with his potential Reseller Domain[1] Reseller then needs to register all the domains he deploys during his initial deployment phase He fills in his OWN reseller domain that he used in the application form [2.1] and clicks on Go He will be redirected to the login page for his own Reseller domain. After logging in as an Administrator user he will be redirected to a page [2.2] where he needs to fill in the domain name and the Customer Pin of the End-customer he want to register as initial deployment.

118

Getting access The Reseller can access the Reseller Portal through the Reseller Tools link on top right of their Google Apps control panel. We can see Reseller Tools of the reseller through CPanel Admin View in advanced rudolph

Adding customers In the reseller portal the reseller can add new or existing Google Apps domains (hell also need to transfer the initial deployments, they wont be automatically transferred to the console) If the domain is already a registered Google apps domain the reseller needs a transfer token. This can only be generated by the super admin through the control panel of the customer domain

How To Get Transfer Token (Here)

The Reseller Portal

The 30 day free trial period When signing up a new customer, resellers also have the option to enable a 30 day free trial for their customer The customer domain must qualify for a trial period. Examples are: Customer domains who do not exists in the Google apps system A standard edition account transferred to the reseller portal which has no previous premier edition history Premier Edition accounts that are presently in a direct 30 day free trial which are transferred to the reseller portal. Note: The default setting for the trial account is to be canceled at the end of the 30 days. It does not convert to an annual Premier Edition account.

Managing customers Resellers can manage the following for their customer

119

Increase Seats Set defaults such as language and time zone. Set support info and links that are shown in customers control panels View orders and invoices Manage the 30 day free trial and renewal options View customers control panel (customer can prevent this) Invoices and orders are only visible if they are ordered through the Reseller console. Note: Offline and legacy orders are not visible in the Reseller Portal.

Reseller Billing
The online billing flow Resellers are monthly invoiced for all domains bought or renewed. Only payment: bank transfer Reseller can dispute an invoice If they dont dispute and dont pay: Dunning--30 days Auto suspension--60 days Termination--90 days Note: this is for Reseller, not the customer

Reseller can PAY only by check or bank transfer

The customer side The transfer will start a new 12-month contract. No refunds are given for Reseller-toReseller transfer Customer will be automatically refunded for the unused period within 1 or 2 months (for direct premier apps customers who transfer). NileICS does this automated refund. Learn more Standard Edition domains will become an Apps for Business after the transfer. Resellers cannot officially resell EDU or STD domains.

120

Nile Reseller Overview & Troubleshooting

Learning objectives in this training, you will learn about the following topics Q&A Ive registered my seats and applied. Why this is taking so long? Answer: tell them to contact appsresellerapplicants@google.com Reseller must have been in business for 1 year (for credit check reasons) Our Reseller orders team will contact the Reseller if they dont pass the credit check When you are in doubt always ask the Lead Owner for further information The registration of the 25 seats for initial deployment is very confusing for Resellers. More information about this process is on the next sheet. Retailer Applications Issues Navigating NILE ICS tool Refund policies for Resellers Moneta Invoices Top call drivers for resellers

Refund policies for Nile Resellers In general we do NOT refund or cancel any order. There are, however, some exceptions: Obvious user error ordered wrong domain name (.com instead of .net) ordered 900 seats instead of 90 (must be done within 7 days after that the aq Corrected order already booked (if possible), or Reseller is requesting support to perform the correction domain change: reseller must place new order for the same n. of seats first quantity reduction: support will perform the correction

121

Must be requested by reseller within 7 days of order execution and before invoice generation Resellers may request to more seats between different end customer domains. This is strongly discouraged but there might be some cases this is approved. Contact the lead owner if it is a grey area of guidance.

Top Cases I Cant Register XXX among my depolyements - already registered Sometimes applicant resellers contact us because theyre unable to add a deployment in their reseller sign-up phase (to reach the requested 25 deployments) This is usually due to the fact that they signed them up under another domain Check the domain in the support Tool and make sure its not a reseller yet(customer pin not starting with 136-). If this is the case , have the reseller provide the customer pin of the customer he wants to add and FL will maje the necessary changed in the backend to allow the registration of the customer .

IMPORTANT: make sure you understand the difference between applicant resellers (see above) and authorized resellers. The Transfer Token will ONLY work for authorized resellers with the Reseller Tools provisioned in their CP!

Longtail Reseller wants to provision moren than 250 seats Longtail resellers are capped at provisioning domains with 250 users This request should be approved by Sales first - hand-off to Frontline specifying by how many seats the cap needs to be increased (when this will be possible for vendors, reroute the ticket directly to the Apps SMB Channel GTM queue specifying by how many seats the cap needs to be increased)

Im a customer of ________ Reseller and have this problem We DO support resellers end customers, unless they are through an advanced reseller If theyre an advanced reseller they dont get a pin so they cant even contact us If the customer is complaining about a reseller , hand off to FL and ask to reach out to the lead owner to contact the reseller to discuss >>> dont get into a discussion with the Reseller and the customer yourself

122

I want to move to another Reseller This is possible by using the normal transfer process of Google Apps accounts: The customer can generate a Transfer Token and provide it to the new Reseller The new Reseller can transfer the customer by using the Transfer Token and following the normal process. Note: The transfer will start a new 12-month contrat but we do NOT refund the customer for this process.

I want to resell an EDU/NP domain Resellers cannot officially resell Google Apps for Education/Non-Profit domains, as by definition there needs to be a billing relationship between Reseller and Resold customers However, the Reseller can still offer support to the potential customer by creating an Admin account and therefore managing their domain. It wont be possible through to add the customer to the Reseller console so it will be necessary to manage him separately from the other resold customers (see GD RESEDU) My customer has disappeard from my console Check Nile, youll probably see a canceled order because the Reseller didnt change the default option for trial (Automatically cancel this subscripcion and suyspend user access) or selecte the option to Do not renew subscription automatically so the customer was disconnected from the console at the end of the annual subscription >>> The customers Super Admin will need to log in to the CP at https://www.google.com/a/ your_domain.com and click on the link Initiate service transfer in the interstitial page.
NOTE: If theres no Super Admin created well need to request domain ownership verification and request which user should be converted to Super Admin - then hand-off the case to FL

123

I dont know where to find/how to pay invoices - how Im charged ~All new executed orders & renewals placed during a month are consolidated and invoiced in arrears (see Reseller Agreement FAQs), so all the orders placed in a specific month will be invoiced at the beginning of the following month. The Reseller will need to log in to the Reseller Console > Reseller Information > Invoices to view his invoice. When a new invoice is added to this page, Google sends a courtesy New Invoice is availble emal to the resellers address. The available payment options are currently CHEQUE or WIRE TRANSFER (NO credit) For specific questions about invoices, Resellers can contact the Collections team (the email address can be found at the bottom of every invoice).

The B3 Reseller Console

Credit Details Resellers who move from Nile to B3 will receive a mirgation credit, calculated for each of the resellers customers and the number of licenses purchased on the migration date. The amount of the credit for each customer is: seats * days remaining * annual cost/365

Note: Reseller will need to pay all invoices received from Google before, during and after the transition.

All resellers pin will start with <136> If the pin starts with another number its probably an applicant reseller

124

Troubleshooting
I want to change my customers billing plan Flexible Plan> Annual Plan Reseller can do this themselves from the customers subscription tab in the console Annual Plan > Flexible Plan Only possible during Trial. Otherwise, plans can be switched at the end of the annual commitment by selecting Do not auto-renew my contract

NOTE: for migrated customers from Nile to B3, the default plan is the Annual Plan.

Why cant I add Vault for my customer? Vault is only available to NA (US and CANADA) and LATAM (English TOS only) Resellers only. EMEA, JAPAN and APAC regional availability will follow shortly. See our FAQs for updates. Any update will be communicated through the Reseller Console and on our official Apps blog at http://googleapps.blogspot.com/ NOTE: Vault can only be ordered via the Reseller Tools Console, and ONLY for those resellers who have already converted from the annual prepay version of the Reseller Tools Console to the monthly post pay version. Vault is the only available to net new customers (i.e new domains/customers only) not to existing customers

Mobile Fleet Management

Learning objectives Overview Requirements Main Functionality Control panel functions Device policy app Mydevices Apps Lookup App Setup on Android

125

Setup on Google Sync Devices Troubleshooting Resources

Overview Located unser Control Panel>settings>mobile Offers provisioning of new devices to the Apps domain Fine-grained controls over mobile fleet and access to Apps data with organizational unit (OU) level control Device auditing and access the Apps data Management of mobile fleet with ability to approve/block and wipe devices

Requirements In order to view the mobile management feature, the domain must fulfill the following conditions: Google Apps for Business, EDU, Non-profit edition and Govt. Next Generation Control Panel Compatible Mobile Platforms Android iOS Windows Phone Incompatible Mobile Platforms Blackberry (GBES connector solution available) Accenture Symbian

Main functionality

126

Control Panel Functions

Password Settings
Setting Android support iOS support Windows Phone support

127

Require users to set passwords on their devices Password strength (Note: Windows Phone 7 and 7.5 support 'Standard' but not 'Strong') Minimum number of characters Number of days before password expires Number of expired passwords that are blocked Automatically lock the device after: Number of invalid passwords to allow before the device is wiped

Yes Yes

Yes Yes

Yes Yes

Yes 3.0+ 3.0+ Yes Yes

Yes Yes Yes Yes Yes

Yes Yes Yes Yes Yes

Device Settings Setting Require users to set passwords on their devices Automatic Sync Allow Camera Android 3.0+ No 4.0+ iOS YES YES YES Windows Phone YES No No

Device Policy Apps Key Features Multiple Apps account support User can set Device Policy with multiple Google Apps accounts and enforce policies across many accounts, in the one single app Policies Supported Device Encryption (Android 3.0+) 128

Number of days before password expires (Android 3.0+) Number of expired passwords that are blocked (Android 3.0+) Allow camera (android 4.0+)

Password Enforcement Required users set a password on handset Password Strength Password expiration and blocking of old passwords Device blocking & wiping after failed password entry Policy compliance clean-up If the device no longer meets enforced policies, cookies are deleted after 24 hours. Policy enforcement clean-up When an enforced Apps account is removed from device, it is also removed from Device Policy. Advanced Settings See HC article for more advanced functions.

Troubleshooting Integrated into the Control Panel Dashboard to review connection attempts, fist/last sync times, device OS, user agents, etc to assist support in gathering information and troubleshooting to verify customer actions. Known issues/limitations Enforcing policies for Android Sync requires Device Policy, which requires Android 2.2+ Android: only apps that access Dasher data is reported under View Details > Applications Other known issues to be addressed via documentation as device/OS combinations too varied address via UI panel When reporting a possible issue Check if device supported, verify make, model and OS Ensure the config of the apps account is correct as well as sync settings on device Check CPanel > Mobile Settings > Devices to verify it is listed Try to reproduce on a different device / different user Check Apps Status Dashboard Check Known issues page

129

Check your email & Salesforce for product bugs

Resource FAQ Supported editions: Business, Edu & Gov Existing devices: Automatically activated (approved) Google Sync: Covers iOS, Windows Phone and devices connecting via Exchange ActiveSync BlackBerry: Not supported Symbian: Not supported Easiest (Less secure) method: Enabled Google Sync, Android Sync without policy enforcement Locally applied: settings arent inherited from parent (applies locally to OU, vs. inherited) Android device policy: 2.2 and above

MOBILE TROUBLESHOOTING
Learning Objectives 1. 2. 3. 4. 5. 6. 7. Support Scope Mobile Browser Google Sync Android Sync GBES intro IMAP setup on mobile devices Gmail App for iOS

Support Scope Connection Method Mobile Browser Google Sync Scope Supported Only supported on iPhone/WinMo

130

Android sync GBES IMAP Gmail App for iOS

Supported Supported Supported Supported

Mobile Known Issues page: http://support.google.com/mobile/bin/answer.py? hl=en&answer=139635

Insufficient and unclear information provided by admins and by dispatch is a big efficiency drain in Enterprise Mobile. In particular it is essential to be absolutely clear about the connection method.

The canned response GD PHONE requests much of the necessary information

First-line troubleshooting There is much you can do to help resolve cases yourself. If appropriate Verify that required options are selected in CPanel Very that user is not suspended in CPanel or over quota in GAIT Verify that the connection has been deleted and recreated Check the Known Issues page & Apps Status dashboard Ask more probing questions as to the specific of the observed behaviour Search the resources listed below!

Where to search

131

Search online resources: Apps HC: google.com/support/a Mobile HC: google.com/support/mobile Known issues on: http://support.google.com/mobile/bin/answer.py? hl=en&answer=139635 Google it! Search TELUS KB Ask a MSM specialist or Team Lead

Troubleshooting challenges Users dont specify (or dont know) if they are using Pudu, Milu, Sync or POP/IMAP Troubleshooting: Availability on variety of devices and mobile providers leads to many unique problems Difficult to reproduce errors that occur in other countries

Some mobile services providers may block access to sites requiring HTTPS (ex. google.com) Whom to Consult If you cannot resolve a case yourself, youll need to escalate. go/mobile/help Ensure you assign to the correct team; directions in template ConOps/Eng then triage and assign bugs to relevant SWE This bug shortcut will populate most of the relevant fields. You can also use ir to ask questions which are not related to active cases.

Gmail for Mobile browser (Pudu)

Common user Issues Log-in Issues Cookies SSL/Encryption Username/Password is incorrect Network issues Some providers may limit or restrict access (deliberately or by accident) to Gmail via gateways Japan 132

DoCoMo uses cookieless browsers, sometimes causing errors

Google sync -Known Limitations Google Sync is in Beta Mail Search / Mail Drafts Custom form/ Reply to Actions in Gmail Calendar attendee status Recurring/ multi day events Adding/editing attendees Contacts information Not yet supported Not yet supported May have different effect Yes/No/Maybe not supported may be rendered as single events iPhone-created events wont send invites Limited fields are synced

ID:139635 http://support.google.com/mobile/bin/answer.py?hl=en&answer=139635

Troubleshooting Google Sync First step is always to delete and reset sync relationship Check CAPTCHA Establish all relevant information as per GD PHONE

File a bug at go/mobile help ____________________________________________________________________________ _

133

Debug logs sometime requested by SWE; they provide guidance Google sync can cause issues with Calendar on many devices Running Google sync and GBES concurrently will result in duplication of contacts Many once-off, non reproducible, intermittent issues Temporary network issues manifest as google sync errors Sync logs only go back a week

IMAP
No different to IMAP connection on desktop Only supported on Android and iPhone, in some cases Windows Mobile IMAP Gmail connection on BlackBerry is to the BlackBerry Internet Service (BIS) and is not supported Detailed configuration data is however provided for many devices (suck as BIS on Blackberry) Confusingly, IMAP is also sometimes referred to as Mail Sync

IMAP Configuration IMAP needs to be enabled by the user (not the admin) GMail > Settings > Forwarding and POP/IMAP > Enable IMAP Configuration http://support.google.com/mail/bin/answer.py?hl=en&answer=75726 Standard IMAP settings http://support.google.com/mail/bin/answer.py?hl=en&answer=78799 Fetch intervals configured in the device Settings App Fetching too often risks exceeding per-user IMAP connection quota

IMAP Troubleshooting Android and iPhone (and occasionally WinMO) supported Set up IMAP again, veriyfing settings Ensure username is entered with domain extension 134

Password issue sometimes solved by CAPTCHA on desktop Obtain screenshot of settings and error message. iPhone screenshot - p105 of user manual http://manuals.info.apple.com/en_US/iphone_user_guide.pdf
Follow standard support flow and file but at go/mobilehelp

GBES Standard Troubleshooting Steps (GD GBES) Confirm that provisioning API is enabled in the control panel Confirm that Sync is enabled in the control panel Check OAuth Consumer key Gather Affected email addresses Confirm data and time of issue Request BlackBerry log file Request Apps Connects logs

Common issues: Mail stopped flowing to the mobile device Messages not appearing as read on device or web UI Messages from other labels not being received by BlackBerry Enterprise Activation Fails

Mail Stopped Flowing to the Device SRP key shows disconnected in the BB manager Verify: The Blackberry manager server property pane should show SRP disconnected.

135

Also, the BES admin can run start>programs> blackberry Enterprise server> blackberrry server configuration. Click on the Blackberry Router Tab and click on Test Network Connection Alternatively: they can do this via CLI with a tool called BBSRPTest.exe under c:/programfiles/researchinmotion/blackberry enterprise server/utility Reason: SRP key expired. Every Temp SRP expires after somewhere between 60-90 days( Normal SRP keys dont expire) Reason if BES reconnect to RIM 5 times within short ;perod time, it will trigger DoS and couse SRP hey to be suspended Fix call RIM support to renew or reactiove the SRP key If customer has technical Support witn RIM, they can check SRP status and reactivate via BlackBerry Expert Support Center (http:// www.blackberry.com/besc)

OAuth key is invalid The connector logs shoudl show HTTP error code 401 when accessing https:// google.com/... Gmail is down The Connector logs should show HTTP error code 5xx when accessing https:// google.com/... Gmail is too slow The Connector logs should show error code 0x80072ee2 Potential bug The connector logs should show error code 0x8007xxxx related to GmailSyncTask. PST cache is corrupted The Connector logs should show error code 0x80040600 or 0x80040119. Blackberry Controller and Dispatcher Services are not communicating properly In the services manager, please shut down the dispatcher and controller services and restart them in that order.

Messages not appearing as read on UI or Device

Possible Causes 1. User didnt turn wireless reconciliation 136

 Fix: ask user to turn on email wireless reconciliation 2. User didnt wait long enough Reason: the read sync can be delayed by up to 15 min Fix: use menu Reconcile Now to force reconciliation.

Mail from other Labels not being received by BB

Possible Causes 1. User didnt turn on folder redirection Reason: by default, only Inbox and sent folder are redirected by default Fix: Enable folder redirection on BB, See http://docs.google.com/View? Docid=df5jsqd_0gwwwxvhc&pageview=1 i

Enterprise Activation Failed

Possible Causes: Activation Timed out Reason: Activation does not reach the Connector Verify: Check gmail account to see if there message from RIM with subject RIM_bca28a811d1-87fe-00600811c6a2. In particular, check the Spam folder and move the message inbox if this is the case Ask user to contact admin Reason: invalid password or password has expired Fix: ask admin to reset activation password The BlackBerry device does not have BES services enabled and may have a simple data plan or BIS service. Fix: Call your local carrier and verify that full BES service has been enabled.

Android
Gmail for Mobile Application (MILU)

Supporting MILU
Common Issues

137

Sign in problems are mostly customer error-solve a CAPTCHA Network Connection issues and features request Attachments/ rich text supports- plain text only

Troubleshooting http://support.google.com/mobile/bin/topic.py?hl=en-GB&topic=21165 Confidential Milu is de-staffed and future development outsourced to RIM There will be no new feature but thanks for your suggestion Push Dasher users towards GBES PO issues or high profile customers: go/mobilehelp

Common User Issues

Downloading and installing problems (phone not supported) Sign-in problems Unable to properly type username/password Using Google Apps (Dasher accounts) Problems running application after successful install/login Network Unavailable Loading... Other error messages Language and location availability Feature Requests

GBES Connector for Blackberry Enterprise Server

Technical Overview What is a BlackBerry Enterprise Server? Not a Hardware server Software package usually installed on Exchange Server Securely Syncs Mail/Calendar/Contacts with a fleet of BlackBerry clients.

138

What is the GBES Connector? A free software package installed prior to BES install Replaces Exchange as link between Google Cloud & BlackBerry fleet

MAPI protocol is the one used for BB for emails as well as the address book

DATA Flow: BES/Google: Blackberry device <--> [RIM] <-> BES <-> [IMAP]/Connector <-> PST

In addition GBES builds the users PST cache in the background Mail Calendar Contacts Global Address List (GAL)

GBES Configuration
General System Requirements Must be a dedicated server Fresh install of Windows Server Supported Server versions: 2003 Standard, 2003 R2 64-bit or 32-bit, SP2 installed 2008 Standard 64-bit or 32-bit, SP2 2008 R2 64-bit only

BES 5.0.2 or above Microsoft Outlook 2007 SP2

139

Hardware Requirements (<250 users) Dual Intel Pentium 4 processor 2Ghz or higher 4GB RAM minimum 1 GB per user minimum disk space

Hardware Requirements (up to 350-400 users) Quad Core Xeon 2.83GHz or greater 8GB RAM minimum 1 GB disk space per user minimum OS disk: 2 disk drivers: 15 K RPM SAS, 146GB, mirrored Cache disk 4 disk drives minimum, 15K RPM SAS, 300GB, RAID 5 Disk controller: SAS 3GB/s, with 256 MB onboard cache memory

Performance monitoring As users are added, check the following Average CPU load should be no more than 25% Committed bytes no more than 60%. Current disk queue no more than 3

PST files might corrupt if there is excessive utilization

When a New User is Created Last 1000 messages, calendars and contacts get cached to PST Only last 30 days of email is stored. Whitespace is not recovered,but can be via registry edits. Expect at least 500 MB per user and up to 1GB

GBES Connector Limitations

140

Calendar Sync: Only events in your primary user calendar are synced. Multiple calendars are not supported. Contacts sync: Only contracts within My Contacts label within Gmail are synced. (Although the GAL is searchable but not browsable, and it can take up to 24 hours for contacts to populate to the GAL) Contacts Sync Delay: Updates to contacts take about 5 minutes to synchronize. Global Address List: Searchable but not browsable, and it can take up to 24 hours for contracts to populate to the GAL Notes/Tasks: Notes and Tasks are not wirelessly synchronized to Google Apps. They are only local to the device.

Troubleshooting GBES issues

Installation Issues Connector related installation and configuration issues Ensure Google apps Oauth Is setup properly Check Consumer secret for starting/trailing spaces Ensure Consumer key is enabled Ensure Account on Google App is provisioned Ensure APIs are properly configured BES related installation issues Ensure steps are followed according to manual Ensure there are no network policies blocking installation Ensure server is freshly installed server

Common Issues
Mail stopped flowing devices PST corruption PST compaction Upgrade issues Enterprise Activation Issues

Standard Checks Confirm that provisioning API is enabled in the control panel Confirm that Sync is enabled in the control panel

141

Check Oauth Consumer Key Check Oauth Scopes Gather affected email address Check PST health

PST Corruption
Causes
A single corruption puts additional load on server May lead to additional corruptions Antivirus on server is accessing PST Exclude cache folder C:\Documents and settings\Administrator\Local Settings\Application Data\Google\Google Apps Synch\Cache Server not meeting hardware requirements may lead to performance issues and PST corruption.

Solutions
Use support tool located at http://code.google.com/p/google-apps-support-tools-forwindows/downloads/list to scan for and repair PSTs Remember to stop blackberry services list Use this metUse this method if many or all users are affected Reprovision users, if only one or two users are affected. In rare case where PST corruption is not logged, all users need to be reprovisioned Use GD GBESCORRUPTION

Enterprise Activation Fails

Make sure Connector logs shows the user account is syncing (look for his/her email address in the logs) and cache file increases to meaningful size (>>10MB). Make sure wait 10 minutes between adding user and actual activation Always specify activation password when adding a user. Do NOT use auto generated password. Make sure activation password is active, not expired. Make sure the device has good network coverage.

142

Make sure activation email arrives at Gmail. Make sure Connector logs shows Found activation message. Make sure the user is not on another BES server. If you see error message Ignored - let other server/desktop do it in BES logs, it means the user is still on another BES server or in another BE configuration user database. Make sure BED SRP status is connected.

API Authentications errors

Double check the server time is correct. Use public time server if possible. If time is off by more than 5 minutes, ALL requests will fail Run Google Apps Connector Manager and re-enter oAuth info. If the info is wrong, you will see an error dialog Only use primary email addresses. Aliases are not supported Check if the user still exists on the domain and is not suspended Make sure calendar service is enabled for the user

Calendar Syncing issues

Steps to correct any bad starteR 1. 2. 3. 4. 5. 6. 7. Download Google Apps Support tool l Gracefully stop BlackBerry Controller and Dispatcher via support tool Uninstall Google Apps Connector Download and install latest version of Google Connector from Repair any corrupt PSTs Re-enter oAuth key/secret Reboot

kb article 1349290 http://support.google.com/a/bin/answer.py?hl=en&answer=1349290

143

Troubleshooting and FAQ for Google Apps Connector for BlackBerry Enterprise Server
This document details common problems and troubleshooting methods for Google Apps Connector for BlackBerry Enterprise Server. For more information about Google Apps Connector, see the Overview andDownload pages. Each issue listed below includes a brief description of the issue. Some answers include a link to a detailed description in the Google Apps Connector Help Forum. Follow the links for more details.

Supported Features
What versions of BlackBerry Enterprise Server are supported? How do I upgrade BlackBerry Enterprise Server from 4.1.x to 5.0.x while using Google Apps Connector? Does Google Apps Connector support multiple domains? Does the Google Apps Connector support multiple calendars? What are the systems requirements and capacity limits for the connector?

Troubleshooting System Failures

How do I file a support ticket? Why does Google Apps Connector stop working after a system update? How do I repair cache data files after a server crash? How do I repair the cache data file for a single user? What causes email synchronization to stop working with 302 error messages? How can I troubleshoot General Authentication errors? How do I resolve the error "MAPI 0x8004011d error"?

Troubleshooting Other Issues

What can cause a large number of pending messages in the BlackBerry Enterprise Server? When do I need to update OAuth info? How do I resolve a GAL sync error with the message "XmlParser::ParseObjectFromXml()"? How do I resolve repeated "0x80040109" errors with CalSyncTask? What should I do if BlackBerry Enterprise Server installer (5.0) reports an error with MAPI version 1.0.2536? What should I do if CalHelper fails to initialize due to timezone related errors? Where is static galgenerator.exe for Google Apps Connector 3.0 or later? How can I resolve a GAL sync 404 error? Why are some of my domain's user email addresses not showing up in the global address list (GAL)?

Activation and Devices

What do I do if Enterprise Activation fails? How do I deliver old messages on the device? How long does it take for changes to the Global Address List to update? Can I activate my server user account?

Maintenance

144

How do I read the Google Apps Connector log files? How do I shut down Google Apps Connector properly? How can I identify hardware capacity issues? How do I resync the Global Address List (GAL)? How do I upgrade the Google Apps Connector to a new version? Is it possible to limit the cache file size to some specified value? How do I handle BlackBerry Enterprise Server account password changes? How do I verify GAL data with Google Apps Connector? How do I relocate existing cache files?

Migration & Sync Overview

Learning Objectives Overview Server side vs. Client Side Migration Identify the Migration tools available from Google Server side vs. Client Side Synchronization Identify the Sync tools available from Google. App Engine Apps Marketplace Migration API

Overview Many new clients to Apps are bringing data from their previous or existing system with them,. This data can exist in various locations such as: computers mobiles servers tablets

in some cases they will be abandoning the previous hardware/system. A migration from the source to Google Apps i.e. the Cloud is desired. Where there will be ongoing use of existing hardware in conjunction with Google Apps, a synchronization solution is preferred.

145

Contacts

Migration

VIP & power users Executives

Migrate

Mail

Personal Shared

Server side Client side

Headquarters

Directory Synchronization Mail Contacts Calendar Provisioning Calendar

Company Wide Most common In the field users Sales

Sync

Google Tools Marketplace Build your own

Events Resources Microsoft IBM Lotus Notes LDAP

Source System

Technicians Desk-less workers

Google tools Marketplace Build your own

The ultimate goal is a seamless transition and utilization of Apps Services and tools. The above are consideration an admins should thinking about. The source system will be the key factor in deciding method used.

Migration There are 2 approaches to migrating user data The Server Side All done by admin Done all at once Works on many server types Little granularity Can be slow Requires more equipment The Client Side DIY for Users Users select what to migrate Users can migrate at their own pace Less admin control User error abounds requires a support mail client (MS Outlook)

146

Server Side -------------->

VS <------------

Client Side

Migration Tools from Google

Server side Google Apps Migration for Microsodt Exchange (GAMME) Migrates from MS Exchange server IMAP server Google Apps (via IMAP) Mail *Calendar *Contacts (Personal) Google Apps Migration for Lotus Notes (GAMLN) Migrates from Lotus Notes Database Server Data that is migrated: Mail Calendar Contacts (Personal) Groups Provision Users
*only for MS exchange enviroment **Requires Provisioning UP be enable

Client Side Google Apps Migration for MS Outlook (GAMMO) Migrates Mail

147

 Calendar Contacts(Personal) Mail Fetcher (from Gmail) Migrates Mail (uses POP)

Sync
Sync tools simply the on-going use of the source system/software after the data is uploaded to Google Apps.

Sync Tools From Google

Sever Side Google Apps Directory Sync (GADS) One-way Sync From: Microsoft Active Directory Other LDAP Provisions & Sync User Accounts Groups (mailing list) global Address List (Shared contacts) Calendar Resources (Board Rooms, ect) Organizational Units (OUs) Client Side Google Apps Sync for MS Outlook (GLOOK aka GASMO) Initially, the following data is uploaded Mail Calendar Contacts(Personal) And then two-way syncs Email Calendar Contacts (personal) Global address List

Google Apps Password Sync (GAPS) One-way Sync from: Microsoft Active Directory only Data that is Synched: User Passwords

App Engine

148

Google app engine lets you create, host & run web application on Googles infrastructure. The allows IT professional to buld their own migration tool that in the cloud and migrate data to Google Apps. API (Automated Programming Interface) access should be enabled on the target Apps domain. Refer to: https://developers.google.com/appengine/ to learn more.This solution is NOT supported by the Google Apps Support Team.

APPS Maketplace
Developers have developed tools around APIs and market them on the Google Apps Marketplace. This means if a client cannot use our tools and is unable to create their own, there are people out there who will do it for you at a price. Keep in mind, just like App Engine, Marketplace Applications are NOT supported by our team either. Refer clients to the developer for support.

Email Migration API

Google Apps Administrative APIs allow developers to write applications to manage Google Apps domain. The google Apps Email Migration API allows administrators and users of Google

149

Apps to migrate mail from legacy email systems into their domains hosted Gmail Accounts. The API reference material can be found at https://developers.google.com/google-apps/ which cover the various APIs that can be used to automate and integrate with Google Apps.

Administrative APIs

GAMME Overview
Learning Objectives By the end of the training you should be able to Identify Migrations supported by the GAMME tool Verify API provisioning settings in the CPanel Correctly configure the GAMME tool Validate a properly formatted user list Understand potential network issues Perform a data migration Read and interpret logs

GAMME Tool Overview

The GAMME tool allows Admins to migrate user data to Google Apps. GAMME supports 3 types of data sources: Exchange Aggregated PST files IMAP (Also used in APPs to Apps Migrations)

150

GAMME Support article http://support.google.com/a/bin/answer.py?hl=en&answer=172212 GAMME Download page https://tools.google.com/dlpage/exchangemigration

This are all strictly for MICROSOFT EXCHANGE

There are 4 components to the GAMME tool: Migration Wizard Migration Configuration GUI Launched as ExchangeMigration.exe Command Prompt Executable i.e DOS command windows Command-line utility ExchangeMigration.exe Can reference configuration file or parameters for migration options User List CSV file containing list of users to migrate Enter each username on a separate line Admins can map a user on MS Exchange to a different user in Google Apps if needed. ** Log Files Created when running migration Two types are generated: Status and Trace log files.

** VERY IMPORTANT: they need to be escalated before escalating a GAMME issue

Hardware Requirements for GAMME

Article ID: 172212

151

Component Google Apps

Requirements

Mail server

Google Apps for Business or Education. Enable the Email Migration API option in the Google Apps control panel. Enable 2-Legged OAuth in the Google Apps control panel.

Microsoft Exchange Server (2000, 2003, 2007 or 2010) or IMAP server (any RFC 3501-compliant IMAP server, including Microsoft Exchange, Novell Groupwise, Cyrus, Courier, Dovecot, SunMail, Zimbra, and Gmail). One administrative account on your server that has permission to read each user's mailbox. In Microsoft Exchange, the permission Receive As is sufficient.

Client computer

Microsoft Windows (for each computer on which you install the utility): XP SP3, Vista XP3, Windows 7, Windows Server 2003/2008 Microsoft Outlook 2003 or 2007 We recommend that you use the latest patches for both Windows and Outlook.

CPanel Provisioning
Migrations require certain APIs in the Apps to be activated prior to attempting the migration. Admins MUST enable: Email Migration API (EMAPI) 2-Legged OAuth The users must be created in Google Apps prior to the migration

152

Migration Diagram Migrating from Microsoft Exchange The cloud -------- Firewall ------- Local Area Network (Mail, Calendar, Contacts (personal)) Migration from aggregated PST files The Admin (NOT THE END USER) takes each PST (backup file with email information) and will separate it with folders and then it will upload it into the cloud GAMME Administration Guide Migration from another Google Apps Account (IMAP) GAMME Download page https://tools.google.com/dlpage/exchangemigration

GAMME Interface
Start menu > All programs > Google Apps Migration

GAMME Walkthrough
Migrating from MS exchange
Your user list should be ready prior to configuration user1@testdomain.com user2@testdomain.com user3@testdomain.com Use this format if: Exchange username = Google Apps username user1@testdomain.com, user.one@testdomain.com Use this format if: MS Exchange username Google Apps username STEPS: Step 1a: Enter server hostname/IP address

153

Step 2: enter Apps domain & associated consumer key & secret found in the CPanel Step 2a: map the location of list of users to be migrated (SCV file or TXT) Step 3: set & review migration settings prior to launch the migration, hit next when ready to begin. Step 4: Diagnostic check performed, if successful...hit start to begin migration

Migrating PST Files

Collecting PST files from each users PC Each PST should be copied to a folder which in turns is named by the corresponding email address Once complete, all the user folders should be moved into a single migration folder on the machine that has the GAMME tool.This is how we aggregate PST files.

Your user list should be ready prior to configuration user1@testdomain.com user2@testdomain.com user3@testdomain.com Use this format if: Exchange username = Google Apps username user1@testdomain.com, user.one@testdomain.com Use this format if: MS Exchange username Google Apps username STEPS: Step 1a: Enter server hostname/IP address Step 2: enter Apps domain & associated consumer key & secret found in the CPanel Step 2a: map the location of list of users to be migrated (SCV file or TXT) Step 3: set & review migration settings prior to launch the migration, hit next when ready to begin. Step 4: Diagnostic check performed, if successful...hit start to begin migration

Migrating from IMAP Server

you user list should be ready prior to configuration user1@testdomain.com#user1password, user1@testdomain.com user2@testdomain.com#user2password, user2@testdomain.com

154

user3@testdomain.com#user3password, user3@testdomain.com

STEPS Step 1: Select IMAP Server Type Step 1b: Specify IMAP Security and Port as needed based in clients environment

Apps to Apps migrations are done using IMAP. Here are the required settings: Server Type: Other IMAP Server Hostname: imap.gmail.com Security: SSL Port: 993 IMAP Path Prefix: n/a

Network Configuration
Watch Out for firewalls Port 443, 993 and 143 Ensure the necessary ports are not blocked by any firewalls: 993/143 IMAP & 443 MS Exchange Antivirus Some antivirus programs will block ports and/or applications. Ensure that the Client machine as set to allow the GAMME tools to access the internet or disable the antivirus during migration. have you lately got a update or patch on your antivirus? they usually blocks ports

155

got Bandwidth? GAMME uploads at a maximum rate of 1 message/second/per user So if we have 10 users x 1000 emails, then it could take up to 27 hours to complete the migration

GAMME Logs Trying to read raw GAMME logs might feel like interpreting an ancient language but we.ve good tools to help us.

Google Apps Email Migration

Agenda 1. 2. 3. 4. Overview best practices Admin managed migration options User managed migration options

Overview of data migration Two categories of migrations Administrator Level User Level The choice depends on the organization needs but shall also strongly depend if mail is stored on a client or on a central server Administrator level User Level

156

Migration on behalf of the users From a server (usually microsoft exchange) to google servers

Users migrate data From a client (e.g. Microsoft Outlook) to Google servers

Server-side migration

Client-side migration

A general overview of all the methods suggested can be found here

GAMME = Google Apps Migration for Microsoft Exchange (is for the administrator, for all the users) GASMO = Google Apps Sync for Microsoft Outlook (also called Glook) GAMMO = Google Apps Migration for Microsoft Outlook (is for the end user) GADS = Google Apps Directory Sync

Best practices There are no limits on the number of migrations Migration a small number of account as a test In case of high number of users it is better to perform the migration in batches

Before to migrate remember Inbox does not exceed the email quota (25 GB) Potential attachment wont be migrated (.ini, .exe, .vbs), please backup Trash and Spam folders will not be migrated, as well as messages with attachments greater than 25 MB Disable all forwarding rules to prevent loops with other accounts Users may not be able to access to Google Apps during the migration For more information on Dual delivery review the following article

Admin doing the migration Google Apps Migration for Microsoft Exchange (GAMME)

157

Administrators/Server side: (Premier and Education Edition only) Advanced Tool which supports most server side migrations (N.B. other servers as well as Microsoft.) Recommended! Selectively migrate mail folders by choosing from a list of options, and by optionally specifying an exclusion list. Specify whether you also want to migrate calendar and contact data Only personal contacts are migrated for each user. (GADS for GAL) Specify a time frame for the email you migrate Specify the list of users that processed, and the number of users processed simultaneously by each instance of the utility The tool supports Microsoft Exchange Server 2003 & 2007 as well as other IMAP servers.
Please review Google Apps Migration for Microsoft exchange Help Center articles for extensive documentation.

GAMLN Administrators/Server Side: (Premier and Education Edition only) This server-side migration tool offers administrators: Schedule migrations and migrations templates Automatic provisioning of Google Apps account Tools for migration notifications, reporting, and logging. High data integrity for mail, calendar and contacts information from Lotus Notes to Google Apps.

User Managed Migration Option

158

Google Apps Sync for Microsoft Outlook (GASMO)

Individual/Client side: (Premier and Education Edition only) Plugin for Outlook 2003 Outlook 2007 Outlook 2010 What does it? Import the existing data in Outlook from an Exchange profile or a .pst file to Google Servers Syncs user created in Google Apps and the Google Profile in Outlook

What does it migrate? Mail Calendar events Contacts More information can be found here

Gmails Mail Fetcher

Individual/Client side: (all users) Google service for Gmail What does it do? Checks individual accounts for new messages at different rates Fetches via POP messages (needs POP access enabled) and thus does NOT perceives the folder structure As this service is cloud based, it can take some time to messages to be transferred over.

What does it migrate? Only mail More information can be found here

Google Apps Migration for Microsoft Outlook

159

Individual/client side: (All users) Perform a user driven individual migration Selectively migrate email, calendar or contacts (or any combination thereof)

More information can be found here

Google Apps Sync for MS Outlook

Learning Objectives
Overview Features Limitations Functionality System Requirements Troubleshooting Product behavior Resources

Overview
Google apps sync for Microsoft Outlook is: Plug-in that syncs Outlook with Apps just like Outlook natively syncs with Exchange. Features Fast email sync using Google-native protocol Full calendar sync, including recurrence patterns, attendees. Contacts sync for all Outlook fields Global address list for autocomplete and contacts lookup Lookup of free/busy information Availability Free with Google Apps Premier & Education Edition for more information click here

160

Allows apps customer to continue using Outlook with Google Apps Mail, calendar, contacts, Free/busy, Global Address List.. Erases migration concerns, provides a transition path for users to move to 100% web Provides great offline storage for Gmail

Google Apps Sync for Microsoft Outlook Limitations ID: 156812

The following Microsoft Outlook features aren't available in Gmail and therefore aren't available from the Gmail interface. Except where noted, however, these features are still available in your Google Apps profile in Outlook, when using Google Apps Sync.

Posts in folders: You can store posts in your Outlook mail folders and they remain available in Outlook. But they don't appear in Gmail. Message flag follow-up dates or reminders: Flagged messages in Outlook are starred in Gmail. But follow-up dates or reminders associated with a flag don't appear in Gmail (since Google stars don't have these features). Category assignments: Gmail doesn't have a feature equivalent to Outlook categories, so any categories you assign to a message in Outlook don't appear in Gmail. Multiple signatures: Unlike in Outlook, you can create only one signature in Gmail. Public folders: Google Apps doesn't support public folders, either in Outlook or in Gmail. Importance levels: You can't mark messages as Important or Low Priority in Gmail, as you can in Outlook. Delivery receipts: When sending a message from Gmail, you can't request an automatic response when the message is delivered. Forward or Reply arrows: Gmail doesn't mark messages you've forwarded or replied to, with a small arrow icon, like Outlook does. Editing messages in your Inbox: You can use Outlook to edit the body or subject of a mail message you've already received (or sent). However, those edits don't appear in Gmail.

161

Google Apps Sync 3.1

Support for Microsoft Office 2010 (32-bits and 64-bits) Rich Contact Data in Global Address List Enhanced support for customers From addresses New tool for Google Apps Migration - Full support for migrating data for existing Outlook profiles. Migrates contacts calendars, email Sources: Exchange profiles, Archived folders (archive.pst)

Features
Technical background Account, Profiles and PST files Account

Profile Profiles are essentially a view in Outlook Can contain several Accounts or email addresses Overview of Outlook profile HERE

162

PST

Type of file which Outlook uses to store data locally on a users computer Each Google Apps Sync profile will have its own PST file.

What is Glook? (aka GASMO)

Google Apps Sync for Microsoft Outlook is a Microsoft Outlook plugin that lets you use Microsoft Outlook as a client for Google Apps email, calendar and contacts. Email, calendar events and contacts are all synchronized between Google Apps and Microsoft Outlook. Your organizations Global Address List is automatically synchronized, as well. This includes your Google Apps users, groups and conference rooms, and provides contact lookup as well as free/busy information for users and conference rooms.

Data synchronization occurs on the following schedule: Email: Every minute (most likely on the final) Calendar: Immediately after you create or receive a meeting invitation, or every 10 minutes Contacts: Every 20 minutes Global Address List: Every 24 hours.

163

Key Features
1. Migration: Existing Outlook profile to Google cloud. 2. Two way sync: Email, Calendar and Contact 3. GAL (Global Address List)

How GLook Works

Sync uses MAPI (Messaging Application Programming Interface) to write data from Gmail into a PST API used by Outlook to communicate with exchange, and provides a more seamless exchange like experience for google apps users in outlook Technical details on MAPI Email upload/migration uses the Email Migration API (EMAPI) to dump messages into Google Apps Mailboxes. This API must be enabled for non-admins for successful email migration Technical details on EMAPI

System Requirements
OS requirements Windows 7 (32 and 64-bits) Windows vista SP1 (64 bits) Windows vista SP1 (32 bits) Windows XP SP3 (32 bits)

Microsoft Outlook requirements Microsoft Outlook 2010 (32 and 64 bit) and this free/busy hotfix Microsoft Outlook 2007 with Office SP2 Microsoft Outlook 2007 with Office SP1 and this hotfix Microsoft Outlook 2003 with Office SP3

Permissions requirements for users

164

Users need to have local admin permissions for their computers in order to perform the installation. Port requirements Open port 443 for the following applications on the computer on which you install google Apps Sync for Microsoft Outlook Outlook.exe ProfileEditor.exe

Control Panel Requirements

Edition Requirements Google Apps for Business or Education Verify that the Enable Google Apps Sync and Google Apps Connector for my users option is set in the Control Panel Verify that the Google Calendar service is enabled so your users can create profiles. Verify that contact sharing is enabled so that your Global Address List is dynamically updated for each instance of the utility If you plan to use Google Apps Sync for Microsoft Outlook to import email to Google Apps, set the Email Migration API option in the Control Panel

Product Behavior

Outlook Sync: Troubleshooting

1. 2. 3. 4. Check for Expected Behavior Check the Control Panel Settings Check the Users Account for Lockouts, Suspensions, or Service Outages Acquire and analyze the logs

Things to be aware of

165

The Exchange compatibility chart (page 12) details what feature are and are not present with Google apps Sync Install guides: Help and information for Users Help and information for administrator

When you install Google Apps Sync, you also have the option to migrate your mail, calendar, contacts and other data from your old Outlook profile. However, if all you want to do is migrate data (that is, you dont plan to keep working in Outlook afterwards), use Google Apps Migration for Microsoft Outlook, instead. See GMail vs Outlook Gmail vs. Outlook Google Calendar vs. Outlook Google Contacts vs. Outlook

What's not supported in Outlook Mail

Here are a few features that Google Apps Sync for Microsoft Outlookdoes not support in Outlook Mail. These features either arent available in Outlook, or they might not work as you'd expect.

Recovering deleted items After emptying your Deleted items folder, you cant use Recover Deleted Items in Outlooks Tools menu to get the messages back. (This menu item isnt available.)

166

Sharing mailbox folders You can't share a mailbox folder in Outlook with other users (Permissions settings aren't available in the folder's Properties dialog). This is because folders in Outlook map to labels in Gmail, which don't have permission properties.

Public folders Public folders aren't available with Google Apps Sync (they're missing from Outlook's navigation pane).

Sending executable attachments Google Apps Sync doesn't allow sending executable file attachments (including executables in compressed attachments) from either Outlook or the Gmail interface. Which file types can I not send?

Delivery receipts Delivery receipts aren't generated in Outlook when using Google Apps Sync. If you request a delivery receipt for a message you send from Outlook, you won't receive a response when the message is delivered. However, you can select a read receipt (see below).

Read receipts Read receipts are generated in Outlook with Google Apps Sync. However, your recipient must be using Outlook and must enable read receipts for their profile. In that case, you'll get a response when your message is read.

167

Recalling a sent

message In Outlook, you can choose Recall Message from a sent message's Other Actions menu, to try to recall a message you just sent. However, unlike Microsoft Exchange, Gmail can't recall messages. Instead, the recipient receives both the original message, along with a follow-up message saying you wanted to recall the message.

Setting importance levels for

recipients In Outlook, you can send mail marked as Important or Low Priority. But these values arent synchronized with your Google Apps account in the cloud and therefore dont show up for other users.

Problem or expected Behavior?

I archived a message in Outlook, but i cant find the [Archive] Folder in th Web UI! WHERE DID MY MESSAGE GO? this is an expected behavior

When I search for a contact, it only l has their email address and name! I cant see their additional information

168

expected behavior

When scheduling a meeting using Outlook, Im unable to see free/busy information for coworkers using Gmail on the web. Help me! this is not an expected behavior

Sync is not working

Symptoms: Email in the web not in OL, Sync Errors, actions in OL not synced to web System requirements are not met Problems with the individual item Problems with the PST size limits Network Googles service is down Their network is down Their firewall is blocking connections

More in depth troubleshooting

Important CRs: GD MIGL, GD MIGL1, GD UGL

For most cases, we need trace files Trace files are .log files which the Google Apps Sync Eng team uses to diagnose issues

1. Send CRs: GD MIGL or GD MIGL1 2. Use go/logalyzer to find initial troubleshooting steps 3. Due diligence research (sans) goto/glookguide outlines many more situations and troubleshooting tips

1. If not resolved then file a goto/dasherissue-glook

Registry Keys in Troubleshooting

Important CRs: GD MIGL, GD MIGL1, GD UGL

Disabling Sync Create this reg/key HKCU/Software/Google/Google Apps Sync/SyncFlagsEnabled (DWORD) value 1

169

The options are: HKCU/Software/Google/Google Apps Sync/AddressBookSync HKCU/Software/Google/Google Apps Sync/CalendarSync HKCU/Software/Google/Google Apps Sync/ContactSync HKCU/Software/Google/Google Apps Sync/EmailSync HKCU/Software/Google/Google Apps Sync/Gal

Sending large messages can time out over a slow connection If you send a message with large attachments (multiple megabytes) over a slow connection, the connection can time out, leaving the message unsent in your Outbox. By default, the timeout is hardcoded to occur at 90 seconds. You can extend this period to accommodate messages that take longer than 90 seconds to send by modifying your Windows registry. Specifically, add the following keys to override the hard-coded timeout values: HKEY_CURRENT_USER\Software\Google\Google Apps Sync\Other\ResolveTimeoutSeconds > DWORD Value = 00000030 HKEY_CURRENT_USER\Software\Google\Google Apps Sync\Other\ConnectTimeoutSeconds > DWORD Value = 00000030 HKEY_CURRENT_USER\Software\Google\Google Apps Sync\Other\SendTimeoutSeconds > DWORD Value = 00000600 HKEY_CURRENT_USER\Software\Google\Google Apps Sync\Other\ReceiveTimeoutSeconds > DWORD Value = 00000600 Note: If you're running a 32-bit version of Outlook on a 64-bit version of Windows, you'll need to add these registry keys in the correct location for 32 bit applications. For details, see the instructions on using the Windows registry at Configure limits and options via the registry.

http://support.google.com/a/bin/answer.py? hl=en&answer=163644&topic=1042001&ctx=topic

Sync is not working

Symptoms: EMail in web not in OL (Outlook), Sync Errors, actions in OL not synced to web Do you meet the System requirements (hotfixes, OS version, etc.)? Change mailbox size limit and retry syncing Ensure prohibited attachment types are not being sent Ensure PST is not corrupt (run scanpst utility) Do you have many messages with multiple labels in Gmail? (a message with 3 labels will appear as 3 messages in 3 folders in Outlook, increasing PST size) Does the sync icon shows up as offline? (network connection issues, or outlook may have switched into offline mode after a password reset) Are you unable to move messages between folders

170

Are you running into issues with meeting invitations? (ensure that invitations are iCal formatted; Note differences between OL & Google Calendar)

Resources
Glook Help Center http://mail.google.com/support/bin/topic.py?hl=en&topic=23333 Glook FAQ doc: goto.ext.google.com/glookFAQ Known Issues: http://support.google.com/a/bin/static.py?hl=en&page=known_issues.cs Logalyzer tool which reads trace files and outputs suggestions. Doesn't catch all issues, but is a good starting point. Troubleshooting guide: goto.ext.google.com/glookguide Everything known about troubleshooting GLOOK https://docs.google.com/a/google.com/document/d/ 1ibgdEv8AS6j7TyiaC5vs9qe1fkkKoa1vv3dMsrMkvKU/edit

Cant Access to Control Panel Troubleshooter

This troubleshooter contains Admin Password Reset (sled or non-sled), contested domain, team edition, 0-user domains, 0-admin accounts in one flow, so that approaches dont fragmented Decision Tree The following decision tree is provided as an overview of the whole process, but by clicking the links, you can go deeper and get details of the troubleshooting steps

171

Salesforce/Unify
Learning Objectives Personal Setup Cases Views Queues Case Management Updating a case Priority levels status case reason component, subcomponent, root cause Case owner Support language Sending a message Case comments vs. Email Handoffs Coverbug Tool: Bugs and Feature Requests

Personal Setup 1. Go to http://unify.ext.google.com 2. Set your Alias and community nickname a. My Personal Information > Personal Information > Edit 1. Set email name and return address esupport@google.com Email > Email Settings Case Views _My Unify Open Cases _My Unify Open Cases w/updates (i.e with client replies) Apps - Vendor All Cases (generalists take cases from this bin) Apps - Vendor -[Specialization here] Cases taken by TELUS by specialization pod Apps - Vender - [Specialization here]

172

 Cases taken by TELUS from Friday 8pm EST to TS Apps or MSC - [insert here] Cases from the different languages, Dispatch queues, etc. Case Queues Apps queues TS Apps, CS Apps, TS Apps - [Language here] CS Apps - [Language here] Other support teams TS Apps API = API Team* TS MSC = Technical Support Postini TS MSC OSO = same, but not entitled to support CS MSC = Customer Support Postini CS MSC OSO = same, but not entitled to support

Necessary only when reassigning cases...

1-2. Case: case management

Take cases with smallest response time left Focus on resolution time

3. Updating a Case
Priority Levels
Priority Level Type of issue Example

P1 - Critical Impact

Critical service issue affecting all users. Service unavailable or unusable with no workaround. Note: These type of issues tend to be rare. Information about any service disruptions is available through the Apps Status Dashboard. This issue is critically impacting a single user or critically impacting collaboration among users. Product does not work as expected, with no feasible workaround.

Widespread email delays affecting the majority of email being sent and/ or received

P2 - High Impact

A user is unable to access her email and is receiving a 500 error page

P3 - Medium Impact

Product does not work as expected but a workaround is easily available.

Unable to delete a group forum post using the Delete button, but the message can be deleted with some URL manipulation.

173

P4 - Low Impact

Product does not work as desired, but functions (a workaround is not necessary).

A user is not able to easily add new words to the spell check dictionary.

3. Updating a case:
Status In progress Google Support In progress Google Support # Youve consulted to backline In progress Google Eng Eng is looking into a Bub In progress Google Other Waiting on someone in Google outside the support organization Submitted for Disposition Bug is filed through go/dasherissue and waiting on backline triage to Eng Waiting on Customer Response Solution Offered You've given the customer instructions to solve the issue

3. Updating a case: case reason Main ones used: Customer Usually the case

174

Partner/Reseller Shouldnt be used Product Management For feature requests

Engineering In case its a bug 3. Updating a case: Component, Subcomponent Mandatory fields when putting a case in solution offered status

3. Updating a case: Support Language I don't speak this language! What to do? 1. Dont Panic! 2. Copy and paste the text in http://translate.google.com a. this will automatically detect the language used. 3. Is it Dutch, French, Italian, German, Spanish or Japanese? Change support language to the correct language Reassign case to correct queue (TS Apps-[Language here])

1. Different language? a. Send GD LNS and try to help using the translation

3. Updating a case: Case owner User Queue E.g. Postini = TS MSC, TS MSC OSO or CS MSC E.g. TS Apps - Spanish

4. Sending a Message

175

Guideline: look at case origin. If its portal, use Case comments. Else, send an email. Case Origin: Portal Use Case Comment Case Origin: everything else Use Emails

4. Sending a Message case comments Use the internal messages and Portal users Mark Public and send customer notification for portal users

4. Sending a Message EMails For the initial message

Cover bug configuration

If there is case with no cover bug will not pass the quality audit!!! more than a 100 users we don't... ( active users) Yellow White Blue >>If u make a change using the cpanel with the enterprise support tool // it will be taken as if the owner made it.

Steps to follow when taking a case

1. flag color 2. amount of seats 3. if its not taken 176

4. all steps into it 5. review previous emails 6. contact via: email (web) or portal (resellers use: P) or ECP (you reply as a public comment) (Enterprise Consumer Portal, for over 200 users) 7. change priority if needed 8. cover bugged check and add one. 9. select a status

Non-core Services Support Policy

Determine whether the service is non-core Go to www.google.com/a/yourtestdomain.com Go to Organization & users > Services Services under Additional Services is not core Make sure that the issue is not related to conflicting accounts If they say that they cannot access Youtube, Adwords, Analytics, etc., do not push back and try to resolve this issue as it may be related to conflicting accounts. Most customers know that non-core services are unsupported, so please approach to the cases with a suspicion that it may be a conflicting account issue. If the service is non-core and it is not related to conflicting accounts; Use GD Noncore and set it Waiting on Customer Response Make the CR as personalized as possible with relevant links Do not push back customers with unfriendly CRs and be as helpful as possible

Docs URLhttps://docs.google.com/a/google.com/document/d/ 1ms0ewlUq3Xd2vPosEZZpWbCwOUBLJYM5nrzjUEbvr48/edit

Marketplace Application Support Policies

YES Enterprise Support Team support Marketplace Applications when Theres a Google generated error page UI or functionality issue related to Control Panel, One bar. e.g. Marketplace application does not appear under More in one bar NO Enterprise Support Team does not support Marketplace Applications when It is a functionality issue that relates to a particular Marketplace Application

177

General questions about its use

Use GD Marketplace CR and set it to Waiting on Customer Response

NOT SURE Dont hesitate to ask in CPanel qq threads to clarify whether we support or not.

Docs URLhttps://docs.google.com/a/google.com/document/d/ 1vgPEfSXumzUvymwLpgbQfFLQ6_gjA8rNRK3gPOpIxoM/edit?pli=1

Canned Response
Here is what I use (ex: Analytics - obviously changed for other products): ---------------------------------------------------------------------------------------------------------Hello, Thank you for contacting Google Apps Support. Unfortunately, the added Googleservices apart of the new Google Apps infrastructure are outside the core suite of applications within Google Apps and are not currently covered by any support or service level agreement (you can find a full list of these new serviceshere: http://www.google.com/support/a/bin/answer.py?answer=181865). We do intend to evaluate possible support options for the added services in the near future. However, currently for those services, you'll find assistance through their respective Google Help Centers and Help forums. If you still require assistance with Google Analytics, I would suggest searching their Help Center and/or reaching out to the online community on the forums. You can find the full Google Analytics Help Center here: http://www.google.com/support/analytics/?hl=en Sincerely, Enterprise Support

----------------------------------------------------------------------------------------------------------

Internal Enterprise Guide to GA+ Support (for non-Core Services)

Overview (and external communication) Fully supported Not supported Best effort support

178

Overview The official Google Apps terms of service (and policy) is that any products and services beyond the core Google Apps suite of products (such as Gmail, Calendar, Sites, etc.) are not supported by Google Apps. Despite our official policies, however, we will be providing some support for certain aspects of GA+ administration and GA+ related topics. Please see below for more details. Fully supported Definition: Implies full TSSG support. (e.g. 24/7 phone access for emergency issues, defined bug escalation process, eng. pager support, etc.) All control panel components relating to GA+ and non-core-suite services. e.g. On/off access buttons for 90 new services, how they work, any issues with them, etc. Privacy, data ownership, or abuse questions e.g. What happens if I evict a user -- who owns the data then? OR One of my users shared our company information on a blog, and its shared with everyone! How do I stop this?!

Not supported Definition: Front-line support teams will not offer any support beyond guiding customer to available online/default resources from consumer teams (and other such resources that we are continuing to identify). Refers to end-user issues only (and does not refer to any administrative issues or components). How-to questions for end-user functionality e.g. How can my users create a filter in Reader? OR How can my users save a template in Blogger? Any technical issues (bugs) affecting a product (including bugs affecting c-level staff members). e.g. The save button in Reader does not work some times, Our Blogger templates has mis-formatting issues. Rationale: If we were to accept reports of technical issues for non-core-suite services, since none of these products currently have engineering support, we would not be able to effectively address issues, making for an

179

inefficient, cumbersome, and very mediocre customer experience. General messaging: Blogger/Reader (etc.) are not part of the core Apps Suite of services, and although you can access them and certainly make use of them, we dont recommend running your business critical functions on them, and currently we dont offer support services for them. (You can try the following existing services associated with the products ... online/ default resources, etc.).

For example: Country Blacklist Step 1: User A writes in to say that Blogger is not available for their domain. Step 2: Frontline person checks out the domain and it turns out it's been registered in Singapore, where Blogger is not available. Step 3: Frontline finds the relevant Help Content that states this fact, and sends to the customer. They can then suggest writing into the Blogger forums. OR Service On/Off Step 1: User A writes in to say that Blogger is not available for their domain. Step 2: Frontline person checks out the domain and it turns out it's been turned off in the Cpanel. Step 3: Frontline explains how to turn it on in Cpanel and how to access it via the URL. They can then suggest writing into the Blogger forums if they have any how-to type questions. OR Suspension (usually caused by Abuse) Step 1: User A writes in to say that Blogger is not available for a user. Step 2: Frontline person checks out the user in Harmony and sees the user has been Suspended Step 3: If Frontline can't figure out why, then file a consult to Backline who will escalate as far as they can. Alternatively, they can subtly send them to the Blogger Abuse Help Content. It would probably be the GAIA team to unsuspend the user anyway.

Supported (on a best-effort basis)

180

Definition: Although we are not bound by our terms of service to offer service for the following categories, we recognize that these are real-world use cases where we need to help our admins, and we will always attempt to help admins as much as possible. Integration of non-core-suite products with core-apps suite products e.g. I have embedded a blog into a Site, and I am getting an error. Rationale: Because these class of issues end up involving components of the product that we offer full TSSG support for (i.e. the core suite of services), we should take integration issues (and forward to backline if were unable to resolve). Feature requests regarding end-user products e.g. It would be great if I could set individual permissions on Blogger for each of my users. or It would be great if Blogger had more templates. Point them to the Google Apps product Ideas page General comments: The guidelines on this document are internal only. Externally we are communicating no support for non-core-suite Apps services. Well continue to monitor these lines, and well adjust them as necessary based on feedback from our teams and our customers, including the following metrics: 7-day Active Enterprise usage of a product. (For any product that approach the 5-10% or 10%+ 7-day active enterprise usage, well likely pursue the inclusion of that product in the core Apps suite). Number of weekly customer requests or issues with regards to a given product or sub-component. Over time we may end up with a few select (non-dasherized) products that get much more Enterprise usage by businesses, and if that proves to be true, we could potentially offer more support in the future for those services (or work with eng/PM to make them dasherized and part of the core suite of products).

Use GD Marketplace CR and set it to Waiting on Customer Response g+ age lock out article: http://support.google.com/a/bin/answer.py?hl=en&answer=1645514

181