Google Apps Sync

I’m not sure how many people have picked up on an announcement that Google made last week, but it definitely caught the attention of my dev team. (For those that may be new to this blog, I work for a company that offers Hosted Exchange and Hosted OCS services.)

Here’s the announcement.

Google has developed a way to help companies move onto Google Apps–and away from Microsoft’s Exchange e-mail software–without forcing a migration to the Gmail user interface.

Microsoft’s Outlook has been the dominant e-mail client within the business world for years, and Google’s new Apps Sync for Outlook plug-in acknowledges that some business workers just aren’t ready to give up that familiar interface, even if their CIOs are anxious to get everybody onto Google’s version of the cloud. Businesses who have already signed up for Google Apps Premier Edition–as well as Education Edition customers–will be able to roll out this plug-in across their networks and allow Outlook messages, contacts, and calendar appointments to sync with Google Apps.

Google is trying to expand its presence inside the world’s corporate IT departments with products like Google Apps, which the company says offers a cheaper and more reliable alternative to traditional IT software companies. Quoting data from Forrester, Google’s David Girouard, president of Enterprise products, said companies who chose to use Google’s hosted Gmail service save about $17 per user per month as compared to companies that build and host their own e-mail servers.

Demo:

Now, I’m sure that there are a lot of people out there thinking that we’re screwed. And I’m not sure that is completely true yet.

First off, we’re the first hosting provider to tie in hosted OCS with Broadsoft. Not something that everyone has done. But what does that have to do with Exchange? Everything. Its about presence. The killer application for exchange is NOT email, its calendering. OCS + Broadsoft is an extension of that. Having your IM status update because you are on a call is pretty cool and not something that a hosted service can typically offer.

Second, is Google ready for the Enterprise? Is the Enterprise ready for Google? There is still the perception that Google is beta (more below). Exchange can safely say that they are a carrier grade solution. They have done some heavy lifting for enterprises for many years and enterprises are well entrenched in their Exchange systems. Having an outlook plug-in may break that for some of the smaller guys. But I highly doubt that they will be converting the big boys with the 20,000-30,000 users.

Now, how well does this play in the SMB space? These would be the 5-50 email account systems. Well, I think it will play fairly well for those that want to shell out the cash for the premier version which will be required for the outlook plug-in. But for most, even when the costs are cheaper, there is still a group of admins out there that will not outsource their email to Google. Here’s an example:

Recently, one of my former co-workers a few jobs back was talking about putting up a new email system. They were working away from having it dog food off their hosted service. This way in case there was a catastrophic issue with the system, they could still get support email. The system has been around for many many years and new development isn’t part of the daily routine anymore so moving it out makes logical sense.

Now, he mentioned how he was putting together this box that would allow IMAP, POP, incoming and outgoing mail and webmail access. I had to ask him why? Why not just setup Google apps for domains? You could be up and running with all those services in under an hour and with the number of employees there, it would cost him nothing which was an important selling point. Because believe me, I’d love to sell him my service but the budget just isn’t there. His response to me was two fold. First, he doesn’t want to use a beta product. I don’t think that the email is beta anymore but even if it is, I’ve never had an issue. Second, he doesn’t trust Google. Now that one I’m not sure any convincing on my part would be able to overcome. But this isn’t the first time that I have heard it. There are some people that are drinking the Kool-Aid and think that Google can do no wrong. There are others that sense something is not right under the hood there. I personally don’t have major issues with them. I think that they collect a lot of data which makes them a bit dangerous, but so far, they haven’t done anything to jeopardize my trust with them.

So where does that leave us? I’m not 100% sure. I’m not sure having the plug-in will suddenly make people look around and go, “Holy crap, I could move all my email to Google and still use outlook, freaking awesome! ” The area that I think it will play pretty well is the smaller customers that really need the calendaring and are big time outlook users. They might start struggling for a bit of money and maybe they decide to take the leap to Google away from their hosted Exchange service to save a few bucks. But I’m pretty sure that this won’t suddenly convert a huge group of the IMAP / POP crowd as they have always had the calendaring issues and use an array of clients. So they’re not 100% sold on the outlook side of things.

Time will tell I guess.

One Character == World of Suck

Ladies and Gentlemen, today you are going to learn a lesson on why you do NOT edit the active directory directly for exchange attributes.

Background
A long time ago, we had a very crappy provisioning system for our hosted Exchange 2003 platform. It worked ok, but missed a lot of things that we wanted to have set. They also were kind of pricks when it came to licensing so making a ton of money on the platform was hard to do. So, we decided to roll our own. It wasn’t that hard to reverse engineer what was being set for users, groups and contacts. There were a few obstacles of coarse but we were able to get a pretty good provisioning system setup. However, this too had its faults. Sure we had total control over the code and could update things as we needed. But we were still working in a void. We really didn’t know _everything_ that was happening on the system that needed to actually happen. Plain and simple, we were missing things. Not to mention future services would require the same amount of dev time reverse engineering what needed to be set. That’s not a scalable solution.

So, when it came time to roll out our Exchange 2007 environment, we have moved over to HMC and for the most part, things have been a lot happier.

The Issue
Since we have this shiny new 2007 platform, we thought it was in our best interest to start migrating our users from the 2003 platform and away from the old clunky provisioning. So far we have moved some smaller customers and everything has gone pretty smooth. Certain customers have required the migration to happen in stages so we have come up with a decent solution to make this as smooth as possible. We define the list of users to migrate, setup a temporary domain on the 2003 platform, add smtp aliases to the users on the 2007 platform and then enable forwarding on the 2003 platform to the 2007 temporary smtp alias. All mail still flows as it did before, its just that some users happen to be on the 2007 platform getting their email. Easy as can be right?

Well, the users that we have moved so far have been fairly small customers. So the need for automating certain aspects of the move have been put off. There is a lot of automation that happens, but some of the tasks were put off such as the setting of the forwarding address.

That is, until last week. Last week we were starting to move one of the bigger customers so I setup a script that would take the users that were being moved and automatically set the forwarding address. Here is the code that I had in place to figure out the forwarding address:

            // need to add forwarding address here.
            list($tuname, $tdmn) = explode("@", $user['mail']);
            // new address
            $fwd = "{$tuname}@{$newdomain}\n";

Notice the $fwd variable. This is where the trouble begins. You can ignore the {} as those simply tell the parser that these are valid variables contained within the string.

No, the real issue is at the end of the line. Specifically, the \n. Technically, you can set the AD object to whatever you want. It will take this as a value. However, Exchange does not like this. With forwarding in exchange, you set the forwarding to an object. Typically another user, group of contact. Since we allow for users to forward to multiple people, we create a group automatically and populate that with one or more users, groups or contacts.

Now for the really bad part. I’m not sure if this is just Exchange 2003 or if others are affected as well. But when you forward to a group that contains a single contact object that has invalid characters, your email message with be lost in the ether. Gone, Kaput, Not even an NDR will be generated. We were unable to even find logs that the message came in it failed that spectacularly.

Conclusion
So the moral of the story is, don’t do what we did. Microsoft will tell you the exact same thing. Its dumb to do what we did. You should not be messing with the AD attributes directly in this instance. There is a certain level of error checking that must take place at the upper levels which were missed by both my script, and the provisioning system. But in the same breath, I can’t say for sure that HMC was mature enough to use when we first rolled out the 2003 platform. So whether it is you editing AD directly or someone else doing it, its just as bad. It just depends on how much control you want over the gun pointed at your head.

George W. Bush’s lost e-mails

There has been a lot reported about the Bush administration’s missing email issue. The main details are this. A 1993 court decision stated that emails fell under the Presidential Records Act which requires the president to preserve documents related to the performance of his official duties. Seems pretty reasonable that the White House should keep a record of every email that is sent.

The Clinton Administration answered this decision by adding an archiving system to their Lotus Notes email system.

The issue happened when the Bush administration decided to upgrade the email system from Lotus Notes to Microsoft Exchange. The Exchange system was apparently incompatible with the old archiving system and they were unable to automatically archive email. And this is where I have a huge problem with the way that IT is run in the White House.

To me, if I was running this project, the first thing that I would do is gather the requirements of the platform. It would seem to me that FEDERAL LAW has mandated that an archive is kept of all emails. So if the new system that I am rolling out is not meeting all the requirements, the migration should have stopped. This is a show stopper requirement that should have stopped the cut over.

Why in the hell did they continue with the roll over? Its freaking insane!

If I did that at my job and rolled out a system that delivered less functionality than the current platform, I’d be let go in pretty short order.