Cloudiway’s mail archive migration solution helps businesses perform migrations through a simple SaaS interface. As a result, vault migrations require no additional software installation or overhead, and migrations can be performed securely and quickly.
The Cloudiway platform is flexible enough to support all types of migration paths. However, this mini-guide focusses on migrating Google Vault archives. For more information about migration types (cutover vs. batch, please visit www.cloudiway.com/resources/ and download the mail migration whitepaper and the mail migration administration guide.
1.1. How does it work?
Google Vault can be migrated to the following targets:
The most common scenario is to migrate Google Vault contents to an Office 365 In-Place Archive. This guide explains how to migrate to an In-Place Archive, a mix of inbox and In-Place Archive, and a standard inbox.
The most standard scenario is a Vault to Office 365 migration. The new Vault migration engine is using the Office 365 PST Import Service.
The platform exports the archives from Vault in PST format and upload them directly into the Azure Blob Storage used the Office 365 PST Import service.
Once imported, you will run the Office 365 PST import service manually.
We take your privacy and security seriously at Cloudiway, and we have invested significant effort into making our platform and your data secure. Cloudiway provides a cloud-based application hosted on Windows Azure. It means that the software and data are centrally hosted and accessed by clients using a web browser and internet connection. In addition, Cloudiway’s SaaS benefits from Windows Azure’s certifications, ensuring the security of the infrastructure, network and physical security layers of the Cloudiway cloud.
For total assurance, Cloudiway provides auditing tools, secure, authenticated data connections and a logging system. More specifically:
*For the delta pass mechanism, the messageID of each email is used. This ensures that no data is duplicated, and for efficiency, only the changes are propagated. We automatically delete inactive records after 90 days, or upon request.
In addition, because the Cloudiway platform needs credentials to connect to the source and the target, you define connectors to connect to them and enter credentials that will be used for the connection. These credentials are stored encrypted using AES 256.
For complete peace of mind, we recommend that you create a temporary migration account during your migration which you can delete at the completion of your project.
The Cloudiway migration platform uses all available resources to provide the fastest migration possible and can support both small and large migrations. The on-demand migration engine allocates the capacity needed to migrate the volume of data of your choice in the time slot you have allocated.
However, there are limitations. Many mail systems can heavily throttle users. When you perform too many calls, the remote server will begin throttling and decrease the number of calls that can be performed each minute, thus reducing the migration throughput. Cloudiway constantly attempts to work at the maximum capacity allowed to achieve excellent throughput.
Google allows extracting 30 vault users concurrently.
Office 365 limitations
Office 365 uses throttling to limit resources consumed by a single account. To maximize throughput and limit throttling, Cloudiway follows Microsoft best practice and uses impersonation. An account with impersonation rights can pose as 100 users concurrently to migrate 100 mailboxes in parallel. The platform uses EWS protocol; Microsoft theoretically allows throughput of around 300 MB per user per hour. The Cloudiway platform typically sees throughput of 200 MB to 300 MB per mailbox per hour — an average of 500 GB per day with a constant migration of 100 concurrent mailboxes.
To further improve throughput, you can create additional connectors. For example, if you create two targets Office 365 connectors (each with its own distinct migration account), you can migrate 200 mailboxes concurrently and reach a throughput of around 1 TB per day.
Exchange On-Premises limitations
A major benefit of Exchange On-Premises is that you’re in control of all settings. If you’re migrating from Exchange, make sure your server(s) and network are optimized for maximum throughput.
Amazon WorkMail limitations
At the time of writing, Amazon WorkMail does not provide any native mail archiving tools. Although archives can be sent to an Amazon WorkMail inbox, all archive functionality will be lost. Throttling may also slow down migration, although exact measurements are not currently available.
4.1. What can be migrated?
Cloudiway is capable of migrating the following from Google Vaults:
4.2. Migration limitations
Google Vaults has the capacity to store Google Hangout chats if the history setting has been activated as well as any Google Talk chats that are on the record. The Cloudiway platform currently does not migrate Google Hangout chats or Google Talk chats
Google Vaults can retain Google Groups messages only if the Groups owner has archiving activated. The Cloudiway platform currently does not migrate Google Groups messages as part of Vault migration. However, it can handle Google Groups migrations to Office 365 (unified groups or shared mailboxes) as a separate migration project.
During migration, Outlook profiles are not created. This is the responsibility of the system administrators performing the migration.
Migration takes place between existing mailboxes, whether they’re dedicated archive mailboxes or standard mailboxes. This means that mailboxes must exist in the target at the time of migration. Before starting a migration, please ensure that all mailboxes to be migrated have had their target mailbox created in the target domain (steps are included in this guide). If required, you can use the optional IAM module to provision the target (get in touch via firstname.lastname@example.org for more information).
This guide is aimed at experienced system administrators who are capable of connecting to remote systems and using a variety of administration tools.
Although we provide support for our own products, we do not provide support for third-party products such as PowerShell or server administration of Google or Office 365.
If you are concerned you might have any difficulty completing these steps, please consider a solution with our consulting team, contactable via email@example.com. This will ensure a fast, cost-effective and stress-free implementation.
5.1. Before you start
Before you start, you will need to ensure you have the details outlined in the following table. In each case, we recommend you create an account especially for migration (we provide steps for each system), which you can delete upon completion of migration. This ensures full security and simplicity.
|Cloudiway login||Stores details and provides communication between the systems you already use.||https://apps.cloudiway.com|
|Knowledge base access||Our extensive knowledge base is always accessible, with videos, troubleshooting tools, samples & more.||https://kb.cloudiway.com|
|Google Vault Admin console||This is where administrators manage Google services for people in an organization.||https://admin.google.com|
|Target: Exchange On-Premises
Exchange account and secure port
|Used for impersonation to access mailboxes. This doesn’t have to be the main admin account. However, it must be an administrator account if you wish to migrate the permissions. The account must be able to bypass SSO and authenticate using username/password credentials (with a password set to never expire). This is not required if self-migration is used. The Cloudiway platform needs to connect to Exchange securely. Use SSL port 443.||If you can’t access an account with impersonation privileges, you can use the self-migration option.|
WorkMail migration account
|Used for impersonation to access mailboxes. It can be any user.||Your AWS console|
5.2. G Suite — Create and set up a migration account
You need the username and password of a Vault Administrator.
5.3. Office 365
The latest version of the Google Vault migration engine uses Office 365 PST Import Service.
There is no prerequisites.
5.4. Exchange On-Premises — set up an account via PowerShell
If you’re migrating from Exchange On-Premises, you can create a migration account with admin and impersonation permissions using your existing Exchange server interface or using the command line instructions shown in the steps below.
New-ManagementRoleAssignment –Name "Impersonation for migration " –Role "ApplicationImpersonation" –User "firstname.lastname@example.org"
Then paste the command into the command prompt, ensuring you have updated “email@example.com” with your own mail migration account
5.5. Amazon WorkMail — set up an account with mailbox permissions
Below are the steps to show you how to set up impersonation using the Amazon WorkMail Console. We recommend that you create a user especially for mail migration at both your source and target.
For the Cloudiway platform to migrate archives, it must connect (bind) to a source Vault mailbox with a specific Google Vault connector. Archives can be entirely migrated to the In-Place Archives folder within an Office 365/Exchange 2010 or later inbox or directly to an inbox or a mixture of both. Cloudiway requires a special archive license (quota) to ensure archive emails are migrated from an archive mailbox. (You can buy archive packages the same way you buy a standard user license for Cloudiway, or you can contact us at firstname.lastname@example.org to request archive packages.)
The most straightforward way to migrate archives is to create a new source and target connector to use especially for archive migrations. This allows you to begin an archive migration even if you’re performing standard mail migrations on the Cloudiway platform at the same time. In effect, this treats a Google Vault migration as separate migration on the Cloudiway platform.
The following steps are required to migrate a Google Vault:
6.1. Create your Google Vault source connector
To facilitate mail archive migration, the Cloudiway platform needs to be able to communicate with both your source and target domains. To do this, Cloudiway uses connectors, which are configured on apps.cloudiway.com. You will need to set up a connector for each Google Vault source and each target system. Follow the steps below to configure a Google Vault source connector.
Your source connector has now been created. Next up is the target connector.
6.2. Office 365 — Create your target connector
If you are migrating to Office 365, you need to create a target connector of type Office 365 PST Import.
The migration is a 3 Step Process.
The Cloudiway platform is automating the upload of the PST files to Office 365..
For the complete Microsoft documentation, follow:
Provision the Office 365 blob storage and store the connection string to access it
How to find the BlobStorage Connection String?
Login to the Office 365 portal as an administrator.
Click on Setup, then Data migration
Click on Upload PST files
Click on New import job
Name your Job and click Next.
Select Upload your data
Click on Show network upload SAS URL
Once Azure has provisioned the container, the URL is displayed.
Copy it to the clipboard and paste it in the Cloudiway connector.
You can leave the Import data page open (in case you need to copy the SAS URL again) or click Cancel to close it.
Upload the PST files to the blob storage using Cloudiway platform:
From the archive user list, select the users and click Start
When the migration is completed, proceed to step 3.
Once Cloudiway platform has uploaded the PST files to the blob storage, come back to this page or create a new import job.
Click on I’m done uploading my files and I have access to the mapping file
The next step is to upload the mapping file.
Generate the following csv file:
Workload,FilePath,Name,Mailbox,IsArchive,TargetRootFolder Exchange,,Export_lea@email.com-1.pst,email@example.com,FALSE, Exchange,, Export_bob@email.com-1.pst,firstname.lastname@example.org,FALSE, Exchange,, Export_john@email.com-1.pst,email@example.com,FALSE, Exchange,, Export_adm@email.com-1.pst,firstname.lastname@example.org,FALSE, Exchange,, Export_rob@email.com-1.pst,email@example.com,FALSE,
In the following line, the format is
Exchange,,Export_<source email address>-1.pst,<target email address>,FALSE,
For example, if the source email address is firstname.lastname@example.org, the platform will export the archive and upload it with the following name: Export_lea@email.com-1.pst
Upload your csv file to Office 365 and validate it.
Click on Validate and click Save.
Click Save to submit the job, and then click Close after the job is successfully created.
A status flyout page is displayed, with a status of Analysis in progress and the new import job is displayed in the list on the Import page.
Click the Refresh icon to update the status information that’s displayed in the Status column. When the analysis is complete and the data is ready to be imported, the status is changed to Analysis completed.
You can click the import job to display the status flyout page, which contains more detailed information about the import job such as the status of each PST file listed in the mapping file.
6.3. Other target connector configurations
It’s possible to migrate Google Vault archives to any other target, even if archiving isn’t supported. The Vault items will simply be placed directly into the target inbox, without being placed in a specific archive folder.
Follow the steps in the previous section to create the basics of your target connector, then check below for specific details.
If autodiscovery is active, the Server Name field doesn’t need to be filled. Make sure you select the right server version from the dropdown list.
The admin login is in UPN format.
Enter your Amazon WorkMail domain in Domain. For example, drypizza.awsapps.com.
Enter the Server Region that matches your WorkMail server region (shown in the top right corner of the Amazon WorkMail Console.
This Cloudiway connector will use the Cloudiway migration service account. Read more 5.6 G Suite —set up permissions for the Cloudiway service account
6.4. Check the global settings before migration
If you’ve already set up any other mail migrations on the Cloudiway platform, you have probably already configured the global settings according to your needs, and you can probably leave alone.
As these settings are global, changing them for a Vault migration will change them for all other migrations running concurrently. In addition, Vault data is less varied than an inbox, with no calendars, contracts or trash to migrate. Therefore, only a few global settings can apply to a Vault migration, so it’s unlikely that you’ll need to do any further configuration to the global settings.
However, if required, you can use the date and timestamp settings (in UTC) to choose particular dates of emails that should be migrated. For example, if you wish to migrate only the past three years of a Vault which has been active for five years, you can specify the date range here. Make sure that you check these settings before performing any other migrations later on, and that you don’t run any other migrations requiring different dates during Vault migration.
The Convert Email Address option can be used during Vault migration and is active by default. It rewrites email addresses found in the header and replaces source email addresses with their corresponding target email addresses.
The Convert X500 Address is not used for Gsuite or Vault Migration (it’s used only when the source is Exchange or Office 365).
For example, email@example.com sends an email to firstname.lastname@example.org. A week later, after migration, email@example.com replies to Bob. The Cloudiway platform has already updated the SMTP header in Bob’s original email in her inbox, so her reply will be sent to firstname.lastname@example.org. How does it do this?
6.5. Import or create your users
There are a number of ways to add users that you wish to migrate. These include:
Archive mail migration inboxes don’t require individual migration licenses on the Cloudiway platform.
6.5.1 Option 1: CSV import
You can upload a user CSV file to Cloudiway. It must have the following fields in the header row:
Many browsers limit CSV file uploads to 5000 lines. Larger files can be split and uploaded separately. Data already uploaded will not be overwritten, so you can upload as many files as needed.
The BatchName field can be left blank. If required, you can use this field to name different batches so they can be run in a certain order. A sample CSV file is available for download during the steps below.
6.5.2. Option 2: Import Users tool
Cloudiway’s Import Users tool helps you to retrieve users from your source. The functionality works via Identity Access Management. The tool requires you to specify any transformation rules you wish to apply. It will then add new users in the Mail Migration User List view within the Cloudiway platform. This is an advanced tool that is best used in partnership with Cloudiway consultants. If you are interested in using this option, please get in touch with your Cloudiway contact.
6.5.3. Option 3: Single user creation details
Many of our customers create a single user for testing. This lets you watch the migration process without affecting all users. Single users can also be created for migrations affecting just a few users.
6.6. Activate and monitor your migration
Now that you have performed all the pre-migration steps within your remote systems and within Cloudiway, you’re ready to migrate. We recommend you run a test migration on a single user first to check that your configuration produces the outcome you expect.
To start your migration, select the users or batch you wish to migrate and click on the Start button. Your batch will be scheduled and will begin as soon as resources are available.
Don’t forget that the Cloudiway migration platform supports delta passes and that migrations are therefore incremental; every time you restart the migration of a mailbox, only items that haven’t already been copied to the target will be migrated. The platform, therefore, does not duplicate items in the target.
Cloudiway provides an extensive knowledge base with many resources, including common error messages, video guides and downloads.
Please visit the entire knowledge base here (where you can search for keywords or read through topics): https://kb.cloudiway.com/
The knowledge base also contains information on how you can ask for further support, should you require it.