Admin Guide: Mail Migration – from Google Vault mail archives

Overview:

  1. Google Vault archive mail migration with Cloudiway
    1. How does it work?
  2. Security
  3. Performance
  4. Mail migration scope
    1. What can be migrated?
    2. Migration limitations
    3. Considerations
    4. Audience
  5. Pre-migration configuration
    1. Before you start
    2. G Suite — Create and set up a migration account
    3. Office 365
    4. Exchange On-Premises — set up an account via PowerShell
    5. Amazon WorkMail — set up an account with mailbox permissions
  6. Use the Cloudiway platform to migrate your mail
    1. Create your Google Vault source connector
    2. Office 365 — Create your target connector
    3. Other target connector configurations
    4. Check the global settings before migration
    5. Import or create your users
      1. Option 1: CSV import
      2. Option 2: Import Users tool
      3. Option 3: Single user creation details
    6. Activate and monitor your migration
  7. Troubleshooting

1. Google Vault archive mail migration with Cloudiway

Cloudiway’s mail archive migration solution helps businesses perform migrations through a simple SaaS interface. As a result, vault migrations require no additional software installation or overhead, and migrations can be performed securely and quickly.

The Cloudiway platform is flexible enough to support all types of migration paths. However, this mini-guide focusses on migrating Google Vault archives. For more information about migration types (cutover vs. batch, please visit www.cloudiway.com/resources/ and download the mail migration whitepaper and the mail migration administration guide.

1.1. How does it work?

Google Vault can be migrated to the following targets:

  • an Office 365 inbox (either a separate inbox for archiving or a user’s inbox);
  • within the In-Place Archive of an Office 365 inbox;
  • a mix of both an In-Place Archive and any Office 365 inbox;
  • an Exchange On-Premises inbox;
  • a Gmail inbox; or,
  • an Amazon WorkMail inbox.

The most common scenario is to migrate Google Vault contents to an Office 365 In-Place Archive. This guide explains how to migrate to an In-Place Archive, a mix of inbox and In-Place Archive, and a standard inbox.

The most standard scenario is a Vault to Office 365 migration. The new Vault migration engine is using the Office 365 PST Import Service.

The platform exports the archives from Vault in PST format and upload them directly into the Azure Blob Storage used the Office 365 PST Import service.

Once imported, you will run the Office 365 PST import service manually.

2. Security

For more information about security, please refer to this article.

3. Performance

For more information about migration performance, please refer to this article.

4. Mail migration scope

4.1. What can be migrated?

Cloudiway is capable of migrating the following from Google Vaults:

  • Emails
  • Attachments

4.2. Migration limitations

Google Vaults has the capacity to store Google Hangout chats if the history setting has been activated as well as any Google Talk chats that are on the record. The Cloudiway platform currently does not migrate Google Hangout chats or Google Talk chats

Google Vaults can retain Google Groups messages only if the Groups owner has archiving activated. The Cloudiway platform currently does not migrate Google Groups messages as part of Vault migration. However, it can handle Google Groups migrations to Office 365 (unified groups or shared mailboxes) as a separate migration project.

During migration, Outlook profiles are not created. This is the responsibility of the system administrators performing the migration.

4.3. Considerations

Migration takes place between existing mailboxes, whether they’re dedicated archive mailboxes or standard mailboxes. This means that mailboxes must exist in the target at the time of migration. Before starting a migration, please ensure that all mailboxes to be migrated have had their target mailbox created in the target domain (steps are included in this guide). If required, you can use the optional IAM module to provision the target (get in touch via presales@cloudiway.com for more information).

4.4. Audience

This guide is aimed at experienced system administrators who are capable of connecting to remote systems and using a variety of administration tools.

Although we provide support for our own products, we do not provide support for third-party products such as PowerShell or server administration of Google or Office 365.

If you are concerned you might have any difficulty completing these steps, please consider a solution with our consulting team, contactable via presales@cloudiway.com. This will ensure a fast, cost-effective and stress-free implementation.

5. Pre-migration configuration

5.1. Before you start

Before you start, you will need to ensure you have the details outlined in the following table. In each case, we recommend you create an account especially for migration (we provide steps for each system), which you can delete upon completion of migration. This ensures full security and simplicity.

Name Description Location
Cloudiway login Stores details and provides communication between the systems you already use. https://apps.cloudiway.com
Knowledge base access Our extensive knowledge base is always accessible, with videos, troubleshooting tools, samples & more. https://kb.cloudiway.com
Google Vault Admin console This is where administrators manage Google services for people in an organization.  https://admin.google.com
Target: Exchange On-Premises

Exchange account and secure port

Used for impersonation to access mailboxes. This doesn’t have to be the main admin account. However, it must be an administrator account if  you wish to migrate the permissions. The account must be able to bypass SSO and authenticate using username/password credentials (with a password set to never expire). This is not required if self-migration is used. The Cloudiway platform needs to connect to Exchange securely. Use SSL port 443. If you can’t access an account with impersonation privileges, you can use the self-migration option.
Target: WorkMail

WorkMail migration account

Used for impersonation to access mailboxes. It can be any user. Your AWS console

 

5.2. G Suite — Create and set up a migration account

You need the username and password of a Vault Administrator.

5.3. Office 365

The latest version of the Google Vault migration engine uses Office 365 PST Import Service.

There is no prerequisites.

5.4. Exchange On-Premises — set up an account via PowerShell

If you’re migrating from Exchange On-Premises, you can create a migration account with admin and impersonation permissions using your existing Exchange server interface or using the command line instructions shown in the steps below.

  1. Launch Exchange Management Shell to connect to your Exchange server with an Exchange Admin account
  2. Copy the commands below:
New-ManagementRoleAssignment –Name "Impersonation for migration " –Role "ApplicationImpersonation" –User "mailmigration@drypizza.com"

Then paste the command into the command prompt, ensuring you have updated “mailmigration@drypizza.com” with your own mail migration account

5.5. Amazon WorkMail — set up an account with mailbox permissions

Below are the steps to show you how to set up impersonation using the Amazon WorkMail Console. We recommend that you create a user especially for mail migration at both your source and target.

  1. Log in with your administrator account to the Amazon WorkMail Console
  2. Ensure that the region shown in the top right corner matches the region you set up for the Amazon WorkMail server (for example, US West (Oregon) is selected below):
  3. Scroll down to the Business Productivity and click on WorkMail to see a list of your WorkMail servers:
  4. Click on the target migration server to produce a list of all existing users:
  5. Click on Organization settings on the left, then the Migration settings tab:
  6. Click on the Edit button and turn Mailbox permissions on
  7. Use the Select User button to add your mail migration account
  8. Click on the Save button to save your changes

 

6. Use the Cloudiway platform to migrate your mail

For the Cloudiway platform to migrate archives, it must connect (bind) to a source Vault mailbox with a specific Google Vault connector. Archives can be entirely migrated to the In-Place Archives folder within an Office 365/Exchange 2010 or later inbox or directly to an inbox or a mixture of both. Cloudiway requires a special archive license (quota) to ensure archive emails are migrated from an archive mailbox. (You can buy archive packages the same way you buy a standard user license for Cloudiway, or you can contact us at sales@cloudiway.com to request archive packages.)

The most straightforward way to migrate archives is to create a new source and target connector to use especially for archive migrations. This allows you to begin an archive migration even if you’re performing standard mail migrations on the Cloudiway platform at the same time. In effect, this treats a Google Vault migration as separate migration on the Cloudiway platform.

The following steps are required to migrate a Google Vault:

  1. Create a Google Vault source connector
  2. Create a target connector (perhaps with ‘archive’ in the name), with the archive option, switched on and at zero for In-Place Archive migration, or switched of for migration directly to an inbox
  3. Create an archive user and link the user to the Google Vault source connector and the archive target connector

 

6.1. Create your Google Vault source connector

To facilitate mail archive migration, the Cloudiway platform needs to be able to communicate with both your source and target domains. To do this, Cloudiway uses connectors, which are configured on apps.cloudiway.com. You will need to set up a connector for each Google Vault source and each target system. Follow the steps below to configure a Google Vault source connector.

    1. From your browser, go to https://apps.cloudiway.com and log in
    2. Click on Mail Migration on the left, then Sources
    3. Click on the + New option at the bottom of the screen
    4. Click on Google Vault and type a meaningful name in Connector name
    5. Click on the Create button
    6. Set the administrator and password. Also fill the security questions: Google will detect that the migration account will login from an unusual location and will request to answer one or two security questions. Cloudiway would then have to logon to Google from the server in order to “whitelist” the IP address of the server. This would be necessary only one time, then the server would remain whitelisted during all the project.
    7. Click on the Save button at the bottom of the screen

Your source connector has now been created. Next up is the target connector.

6.2. Office 365 — Create your target connector

If you are migrating to Office 365, you need to create a target connector of type Office 365 PST Import.

  1. From your browser, go to https://apps.cloudiway.com and login
  2. Click on Mail Migration on the left, then Targets
  3. Click on the + New option at the bottom of the screen
  4. Click on PST Import and type a meaningful name in Connector name

The migration is a 3 Step Process.

The Cloudiway platform is automating the upload of the PST files to Office 365..

For the complete Microsoft documentation, follow:

https://support.office.com/en-us/article/use-network-upload-to-import-your-organization-s-pst-files-to-office-365-103f940c-0468-4e1a-b527-cc8ad13a5ea6?ui=en-US&rs=en-US&ad=US#step4

Step 1:

Provision the Office 365 blob storage and store the connection string to access it

How to find the BlobStorage Connection String?

Login to the Office 365 portal as an administrator.

Click on Setup, then Data migration

Click on Upload PST files

Click on New import job

Name your Job and click Next.

Select Upload your data

Click on Show network upload SAS URL

Once Azure has provisioned the container, the URL is displayed.

Copy it to the clipboard and paste it in the Cloudiway connector.

You can leave the Import data page open (in case you need to copy the SAS URL again) or click Cancel to close it.

 

Step 2.

Upload the PST files to the blob storage using Cloudiway platform:

From the archive user list, select the users and click Start

When the migration is completed, proceed to step 3.

Step 3.

Once Cloudiway platform has uploaded the PST files to the blob storage, come back to this page or create a new import job.

Click on I’m done uploading my files and I have access to the mapping file

Click Next

The next step is to upload the mapping file.

Generate the following csv file:

Workload,FilePath,Name,Mailbox,IsArchive,TargetRootFolder
Exchange,,Export_lea@email.com-1.pst,lea@drypizza.com,FALSE,
Exchange,, Export_bob@email.com-1.pst,bob@drypizza.com,FALSE,
Exchange,, Export_john@email.com-1.pst,john@drypizza.com,FALSE,
Exchange,, Export_adm@email.com-1.pst,adm@drypizza.com,FALSE,
Exchange,, Export_rob@email.com-1.pst,rob@drypizza.com,FALSE,

In the following line, the format is

Exchange,,Export_<source email address>-1.pst,<target email address>,FALSE,

For example, if the source email address is lea@email.com, the platform will export the archive and upload it with the following name: Export_lea@email.com-1.pst

Upload your csv file to Office 365 and validate it.

Click on Validate and click Save.

Click Save to submit the job, and then click Close after the job is successfully created.

A status flyout page is displayed, with a status of Analysis in progress and the new import job is displayed in the list on the Import page.

Click the Refresh icon to update the status information that’s displayed in the Status column. When the analysis is complete and the data is ready to be imported, the status is changed to Analysis completed.

You can click the import job to display the status flyout page, which contains more detailed information about the import job such as the status of each PST file listed in the mapping file.

6.3. Other target connector configurations

It’s possible to migrate Google Vault archives to any other target, even if archiving isn’t supported. The Vault items will simply be placed directly into the target inbox, without being placed in a specific archive folder.

Follow the steps in the previous section to create the basics of your target connector, then check below for specific details.

  • For Exchange On-Premises, the connector requires a few extra details:

If autodiscovery is active, the Server Name field doesn’t need to be filled. Make sure you select the right server version from the dropdown list.

The admin login is in UPN format.

  • For Amazon WorkMail, the connector requires a few extra details:

Enter your Amazon WorkMail domain in Domain. For example, drypizza.awsapps.com.

Enter the Server Region that matches your WorkMail server region (shown in the top right corner of the Amazon WorkMail Console.

  • For G Suite, the connector requires a few different details:

This Cloudiway connector will use the Cloudiway migration service account. Read more 5.6 G Suite —set up permissions for the Cloudiway service account

6.4. Check the global settings before migration

If you’ve already set up any other mail migrations on the Cloudiway platform, you have probably already configured the global settings according to your needs, and you can probably leave alone.

As these settings are global, changing them for a Vault migration will change them for all other migrations running concurrently. In addition, Vault data is less varied than an inbox, with no calendars, contracts or trash to migrate. Therefore, only a few global settings can apply to a Vault migration, so it’s unlikely that you’ll need to do any further configuration to the global settings.

However, if required, you can use the date and timestamp settings (in UTC) to choose particular dates of emails that should be migrated. For example, if you wish to migrate only the past three years of a Vault which has been active for five years, you can specify the date range here. Make sure that you check these settings before performing any other migrations later on, and that you don’t run any other migrations requiring different dates during Vault migration.

The Convert Email Address option can be used during Vault migration and is active by default. It rewrites email addresses found in the header and replaces source email addresses with their corresponding target email addresses.

The Convert X500 Address is not used for Gsuite or Vault Migration (it’s used only when the source is Exchange or Office 365).

For example, bob@source.com sends an email to chloe@source.com. A week later, after migration, chloe@target.com replies to Bob. The Cloudiway platform has already updated the SMTP header in Bob’s original email in her inbox, so her reply will be sent to bob@target.com. How does it do this?

  1. For migrations where both the domain name and alias change (bob@source.com becomes newbob@target.com), the Cloudiway platform already uses a mapping table to link each user.
  2. For migrations where only the domain name changes, the Cloudiway platform still uses the user list as a mapping table and if it doesn’t find a matching username in the list, it uses the domain name defined in the target connector to convert source email addresses. In other words, the user list mapping table is also used by the Convert Email Addresses option in this situation. Therefore, it’s important that all users exist in the mapping table before migration begins (this guide contains instructions).
  3. From the same Mail Migration area of https://apps.cloudiway.com, click on Global Settings
  4. Click on the Edit button at the bottom of the screen. The grey buttons will turn blue, indicating you can now edit these to your preferred global migration plan.
  5. Update any settings you wish to alter, remembering that time and dates are set to the UTC time zone, and that changes affect all mail migrations.
  6. Click on the Save button at the bottom of the screen to update your global settings.

6.5. Import or create your users

There are a number of ways to add users that you wish to migrate. These include:

  • CSV file upload;
  • Cloudiway’s Import Users tool (using IAM); and,
  • creation of single users.

Archive mail migration inboxes don’t require individual migration licenses on the Cloudiway platform.

6.5.1 Option 1: CSV import

You can upload a user CSV file to Cloudiway. It must have the following fields in the header row:

FirstName;LastName;SourceEmail;TargetEmail;BatchName

Many browsers limit CSV file uploads to 5000 lines. Larger files can be split and uploaded separately. Data already uploaded will not be overwritten, so you can upload as many files as needed.

The BatchName field can be left blank. If required, you can use this field to name different batches so they can be run in a certain order. A sample CSV file is available for download during the steps below.

  1. Ensure you’re still in the Mail Migration area of apps.cloudiway.com and go to Archive
  2. Click on User in the bottom left corner and select Upload CSV
  3. If required, click on Download sample CSV and add your users to the CSV file using the sample headers (FirstName;LastName;SourceEmail;TargetEmail;BatchName)
  4. When you have a complete CSV file with the correct headers, click on the Upload button.
  5. Locate your CSV file within your own file system, and double-click on it to select it.
  6. Select the appropriate connectors in the Source and Target fields
  7. Click on the Upload button: if the format is not correct, you will see an error message:
  8. If you see any error messages, check your CSV file to ensure it has five columns with a separator between each and try uploading again
    Once the CSV file format is correct, you will see a confirmation message:
  9. Check your email or refresh the screen to see when the user list has been updated.
    When you have received confirmation that the upload has been completed, you can refresh the Cloudiway platform to display your imported users

6.5.2. Option 2: Import Users tool

Cloudiway’s Import Users tool helps you to retrieve users from your source. The functionality works via Identity Access Management. The tool requires you to specify any transformation rules you wish to apply. It will then add new users in the Mail Migration User List view within the Cloudiway platform. This is an advanced tool that is best used in partnership with Cloudiway consultants. If you are interested in using this option, please get in touch with your Cloudiway contact.

6.5.3. Option 3: Single user creation details

Many of our customers create a single user for testing. This lets you watch the migration process without affecting all users. Single users can also be created for migrations affecting just a few users.

  1. Click on Archive from the Mail Migration menu
  2. Click on User in the bottom left corner and select Create Single to display the pop-up screen:
  3. Fill in all details for a new user
  4. Click on the Create button to add the new user to the Archive Migration / User List screen:
  5. Repeat steps 1 to 4 for any more users you’d like to create.

6.6. Activate and monitor your migration

Now that you have performed all the pre-migration steps within your remote systems and within Cloudiway, you’re ready to migrate. We recommend you run a test migration on a single user first to check that your configuration produces the outcome you expect.

To start your migration, select the users or batch you wish to migrate and click on the Start button. Your batch will be scheduled and will begin as soon as resources are available.

Don’t forget that the Cloudiway migration platform supports delta passes and that migrations are therefore incremental; every time you restart the migration of a mailbox, only items that haven’t already been copied to the target will be migrated. The platform, therefore, does not duplicate items in the target.

7. Troubleshooting

Cloudiway provides an extensive knowledge base with many resources, including common error messages, video guides and downloads.

Please visit the entire knowledge base here (where you can search for keywords or read through topics): https://kb.cloudiway.com/

The knowledge base also contains information on how you can ask for further support, should you require it.


Download PDF Here:
Free trial
Want to try?
Free trial
Demo
How it works
Demo
Contact
Any questions?
Contact