googleapps@usf
DESCRIPTION
Developed for EDUCAUSE 2010 -- The University of South Florida moved student e-mail to Google Apps in February 2008. This presentation highlights the successes and challenges that USF has faced since the beginning of the project and offers practical knowledge for institutions that are either investigating outsourced e-mail or have recently taken the plunge.TRANSCRIPT
GoogleApps@USFFrom Development to Deployment & Beyond
Eric PierceIdentity Management Architect
October 15, 2010
#E10_SESS128
About Me
– Started at USF in 1996– Help Desk– System Administrator
• Student Email• Student Unix Accounts/Webpages• Student Blogs
– Identity Management Architect• Identity Reconciliation• Provisioning• Authentication & Authorization
University of South Florida• 47,000+ students• 4 Campuses
– Tampa– St. Petersburg– Lakeland– Sarasota/Manatee
• Medical School & research facilities in Tampa
#E10_SESS128
Student Email pre-GoogleApps
• Difficult to maintain– Cobbled together over a number of years– Assortment of Commercial & OSS technologies
• CommuniGate• SquirrelMail• AMaViS• SpamAssassin
• Fighting spam was a losing battle– 6 servers dedicated to spam/virus scanning– Long delays & constant tweaking required
#E10_SESS128
Student Email pre-GoogleApps
• Students wanted:– More space– Less spam– Calendaring & collaboration tools– More reliability
• I wanted:– More reliability– Geographic redundancy– To spend less time fighting spam or fixing hardware
issues
#E10_SESS128
Upgrade or Outsource?
• Price– About $1 million over 3 years to keep it ‘in-house’– Fully redundant storage for 70K+ mail users is
expensive– So is commercial spam/virus scanning
• Features– No single package compares to GoogleApps or
Live@edu– Even with multiple applications, many features are not
available
• Resources– IT resources required to develop new features and/or
upgrades– More admin time required for maintenance and trouble-
shooting #E10_SESS128
Get the students involved!
• Student Government– Improving Email was a top priority during a ‘Town-Hall’ meeting with
the CIO– Helped generate ‘buzz’ about the switch– Promoted GoogleApps to the students
• Create Pilot Groups– We selected 300 volunteers to evaluate GoogleApps & Live@edu– I stayed in contact with that group throughout the rollout period– Pick students from across campuses/colleges/departments
• Limited-release beta testing– The pilot group could send invitations to 5 other students– Those students could send invitations to 3 more
#E10_SESS128
Implementationo Scope – Students and Affiliates onlyo Project Initiated – October 2007o Student testing began – November 2007o Selection completed – December 2007o Released to students – February 2008o Legacy mail system shutdown – June 2008
#E10_SESS128
Identity Management
GoogleApps was a major component in our IdM plan– Web Single SignOn (Jasig CAS)– Automated account provisioning– Unified Acceptable Use policy– Increased password strength requirements
• 8 character minimum• Regular-Expression tests• Cracklib scoring• Windows Password Complexity requirements• 6-month password expiration
#E10_SESS128
Account Provisioning
• Utilized the PHP client to work with our existing account management application
• Up & running in an afternoon• Fully integrated with our account manager in a
few days
#E10_SESS128
Lesson Learned
Use the Java or Python cliento PHP client is not updated often (at all?)o Many new API features are not available in the PHP
client
On-Demand Account Creation
The announcement was in the middle of a semester, so a single move wasn’t feasible – An outage during the migration was unacceptable– Users were able to move when they were ready– A ‘cleanup’ after the semester ended moved all
remaining accounts
#E10_SESS128
#E10_SESS128
#E10_SESS128
#E10_SESS128
Password-Syncing
• All web-based access is done through SSO• IMAP clients and mobile access use the password
stored at Google• We sync passwords - most schools don’t
– Most schools have students set their Google password separately
– Some enforce the separation and keep students from setting them to the same value
– Lots of discussion of this on the Internet2 IdM list• http://listserv.educause.edu/cgi-bin/wa.exe?A0=IDM
#E10_SESS128
Mail Migration
• Mail Migration was semi-automated:– GoogleApps account created automatically– Username added to the migration DB– Daily process:
• Changed legacy IMAP password• Created the migration CSV file• Emailed CSV to the admin group
– Admin (usually me) logged into the GA admin page and started the migration process
#E10_SESS128
Promotion
• Student Government special event• Multiple mass emails to all students• Multiple articles in the Oracle• New Student Orientation brochure• Announcement in Blackboard Portal
#E10_SESS128
Lesson Learned
Google has help with planning the rollouthttp://deployment.googleapps.com/Home/resources-user-
adoption
ResultsWhere has 2+ years of GoogleApps taken us?
#E10_SESS128
Student Reaction
• Students love the new system– 70x storage increase– Docs & Calendar have been widely utilized– Several classes use Sites for assignments and portfolios
• Biggest complaints?– Not USF-branded enough– Missing features from ‘regular’ Google accounts– Some faculty felt like “second-class citizens”
#E10_SESS128
Cost-Savings
• Outsourcing Email != fewer jobs– The university gets more results from the same number
of jobs– Mail administration time has dropped from 2 FTE to .1
FTE– Both mail admins have moved to Identity Management– Most of the work involved with GoogleApps is now IdM-
related
• Retired or repurposed 12 servers & 2 storage arrays
• HUGE savings over upgrading legacy system– Hardware/software upgrades: $300,000/yr– Additional Personnel requirements: $60,000/yr
#E10_SESS128
Help Desk
• We expected a major impact to the help desk, but the traffic level has stayed roughly the same– Many more applications to cover, but students are more
familiar with Google tools– Help desk staff training is quicker & easier
#E10_SESS128
Lesson Learned
Have regular Q&A sessions with Help Desk staffo Better answers for your customerso Fewer support tickets for you
Campus Integration• Directory Synchronization
– LDAP -> GoogleApps– Contact entries are created for all non-GA accounts
• Group Synchronization– Slow for very large groups– We don’t use them effectively yet
#E10_SESS128
Lesson Learned
Find group applications BEFORE planning groups o Emergency notificationo College/department announcementso Class-based access for docs or sites
Staff & Faculty
• Exchange is still our ‘official’ mail system for faculty/staff– Except in St. Petersburg
• Faculty/staff can opt-in and forward their mail to Google
• Exchange Integration has been a challenge– Email is easy– Calendars are harder
#E10_SESS128
Lesson Learned
Having multiple Email environments is difficulto If there is any way to move everyone to
GoogleApps at one time, go for it
Where do we go from here?
• Google Calendar– USF Calendar of Events– Athletic practice & game schedules– Class schedules
• Blackboard Integration– Bboogle project (Calendar & Docs)– Gtalk links & status display
#E10_SESS128
New Google Tools
• New GoogleApps Infrastructure– GA accounts can be used with almost all
Google tools– Only for ‘early adopters’ right now
• Two-factor Authentication– iPhone/Android app or text messages
authenticate user in addition to their password– Can’t be used with SSO logins yet
#E10_SESS128