Google Apps including Webauthing
Barry Cornelius Google Apps including Webauthing Summary
Agenda
Details about GAFYD Barry Cornelius Details about the Apps
Managing Oxford University Computing Services users
Outsourcing June 2007 Conclusions
Questions, comments http://www.oucs.ox.ac.uk/oucsweb/gapps/ and resources Summary
Google Apps including 1 Summary: what is GAFYD? Webauthing 2 Barry Summary: managing users Cornelius 3 Summary: which Apps? Summary 4 Summary: outsourcing applications Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Summary: what is GAFYD?
Google Apps including Google Apps include: Webauthing Gmail, Calendar, Docs and Spreadsheets. Barry Cornelius Google Apps For Your Domain enables an organization Summary to make these Apps available to their users Agenda (using the organization’s own domain name in URLs). Details about GAFYD Google says it’s providing GAFYD to Details about ‘meet the needs of different organizations: ... a small the Apps business, a Fortune 500 company, a group or a school’. Managing users They provide three different editions of GAFYD. Outsourcing One of these is for educational establishments. Conclusions
Questions, OUCS is using the domain gapps.oxuni.org.uk comments and resources for an experiment with GAFYD. Summary: managing users
Google Apps including When using GAFYD, each user in the organization has Webauthing a separate account, where they can store their Barry Cornelius messages, calendars, documents and spreadsheets.
Summary Google provides the administrator of the domain with Agenda facilities for managing the users. Details about GAFYD If the organization already uses a Single-SignOn Details about system, the domain can be configured in Google so the Apps that the SSO is used instead of the user having to use Managing users a different username-password for their account. Outsourcing For gapps.oxuni.org.uk, Conclusions I have configured the domain in Google to use SSO, Questions, comments and have implemented this using Webauth. and resources Summary: which Apps?
Google Apps including Google allows an administrator to decide Webauthing which Apps are available to users of the domain. Barry Cornelius Seeing the University already has an established e-mail Summary system, we wanted our GAFYD to use that. So we Agenda chose to exclude GMail from gapps.oxuni.org.uk. Details about GAFYD Our experiment will mainly be concerned with seeing Details about whether Google Calendar provides a useful the Apps calendaring system perhaps for use by members of a Managing users department/college. Outsourcing
Conclusions
Questions, comments and resources Summary: outsourcing applications
Google Apps including Some educational establishments have already Webauthing outsourced their provision of applications to Google. Barry Cornelius OUCS has produced a checklist of some of the issues Summary to investigate when considering whether to outsource Agenda an application. Details about GAFYD So I’ll also briefly consider some of the issues involved Details about with outsourcing applications to Google. the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Agenda
Google Apps including 1 Details about GAFYD Webauthing 2 Barry Details about the Apps Cornelius 3 Managing users Summary 4 Outsourcing Agenda 5 Details about Conclusions GAFYD 6 Questions, comments and resources Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about GAFYD
Google Apps including 1 Details about GAFYD: three editions Webauthing 2 Barry Details about GAFYD: admin’s control panel Cornelius 3 Details about GAFYD: getting to Google Apps Summary 4 Details about GAFYD: usernames Agenda 5 Details about Details about GAFYD: getting e-mail delivered GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about GAFYD: three editions
Google Apps including There are three different editions of GAFYD: Webauthing
Barry standard premier education Cornelius price free free for 30 days free then $50/user/year Summary SSO no yes yes Agenda provisioning API no yes yes Details about 99.9% e-mail uptime guarantee no yes no GAFYD e-mail storage (per user) 2GB 10GB 2GB Details about ads alongside e-mail standard optional optional the Apps
Managing users Each edition allows any number of users. Outsourcing Each edition has the same limits for Conclusions the number and size of documents and spreadsheets: Questions, comments this will be discussed later. and resources Details about GAFYD: admin’s control panel
Google Apps including GAFYD provides the administrator of the domain with a Webauthing control panel for performing admin tasks. Barry Cornelius
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about GAFYD: getting to Google Apps
Google Apps including GAFYD provides the user with a Start Page which is a Webauthing bit like a personalized Google page. Barry Cornelius
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about GAFYD: getting to Google Apps
Google Apps including How does a user get to the Google Apps? Webauthing
Barry Suppose the domain is mydomain.com Cornelius A user can go to their Google Start Page using the URL Summary http://start.mydomain.com Agenda A user can instead reach each of the Google Apps Details about GAFYD using URLs like http://mail.mydomain.com, Details about http://calendar.mydomain.com the Apps and
Managing http://docs.mydomain.com users The administrator of the domain has to arrange to use Outsourcing CNAMEs in the DNS to route each of these addresses Conclusions
Questions, to ghs.google.com comments and resources Details about GAFYD: usernames
Google Apps including Each user of the domain has a username. Webauthing
Barry If the domain is SSO-enabled, this will be Cornelius an SSO username.
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about GAFYD: getting e-mail delivered
Google Apps including A user has an e-mail address which is Webauthing username@domainname, e.g., [email protected] Barry Cornelius If the domain has Gmail enabled, then, for incoming Summary e-mail to work, the DNS has to be configured with Agenda a MX record so that messages to mydomain.com are Details about routed to ASPMX.L.GOOGLE.COM. GAFYD Details about If this is done, then messages to addresses like the Apps [email protected] will be delivered to the Managing users Gmail inbox that the user has in the domain Outsourcing mydomain.com Conclusions
Questions, comments and resources Details about GAFYD: getting e-mail delivered
Google Apps including Even if the domain has Gmail disabled, Webauthing each user still has an e-mail address because Apps Barry Cornelius such as Google Calendar might want to invite a user to
Summary a meeting. Agenda So, if Gmail is disabled, the machine handling the mail Details about for the domain has to be configured to route messages GAFYD
Details about to [email protected] to some appropriate the Apps e-mail address. Managing users As has already been mentioned, Outsourcing gapps.oxuni.org.uk has Gmail disabled. The Conclusions OxMail machines are configured so that messages to Questions, comments [email protected] are routed to the and resources user’s preferred e-mail address. Details about the Apps
Google Apps including 1 Details about the Apps: Gmail Webauthing 2 Barry Details about the Apps: Calendar Cornelius 3 Details about the Apps: Docs Summary 4 Details about the Apps: Spreadsheets Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Gmail
Google Apps including Webauthing
Barry Cornelius
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Gmail
Google Apps including A user has an e-mail address which is Webauthing username@domainname, e.g., [email protected] Barry Cornelius The user has 2GB/10GB of space for messages. Summary Gmail has: Agenda searching Details about personal aliases GAFYD personal lists Details about the Apps ... Managing Gmail has virus, spam and phishing protection. users
Outsourcing You can access your Gmail using POP (but not IMAP).
Conclusions Confusingly, if the domain is SSO-enabled, Questions, POP access uses a password that is different from the comments and resources SSO password. You can download a client for a Blackberry smartphone that enables access to your Gmail. Details about the Apps: Gmail
Google Apps including Demonstration: Webauthing There is no demonstration, Barry Cornelius as Gmail is disabled for gapps.oxuni.org.uk
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Calendar
Google Apps including Webauthing
Barry Cornelius
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Calendar
Google Apps including You can keep your calendar private, share it with others Webauthing in the domain or share it with anyone. Barry Cornelius Calendars can be created for your organization/team Summary where each person can view/edit. Agenda Google Calendar shares the same contacts list as Details about GAFYD Gmail.
Details about the Apps You can import/export calendars using the iCalendar
Managing format. users You can also access your Google Calendar from a Outsourcing program using the Calendar API. Conclusions
Questions, comments and resources Details about the Apps: Calendar
Google Apps including Demonstration: Webauthing Log in to http://calendar.gapps.oxuni.org.uk Barry Cornelius using the SSO username barry. Use a different browser/PC to log in to Summary http://calendar.gapps.oxuni.org.uk Agenda using the SSO username barry2. Details about GAFYD Make an appointment in barry2’s calendar and invite
Details about barry to the meeting. the Apps Display barry’s calendar in barry2’s calendar and vice Managing versa. users Get barry2 to extend the meeting and watch all the Outsourcing references to it change. Conclusions Get barry2 to move the meeting to another day. Questions, comments and resources Details about the Apps: Docs
Google Apps including Webauthing
Barry Cornelius
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Docs
Google Apps including Here’s what Google says you can do with documents: Webauthing ‘Upload Word documents, OpenOffice, RTF, HTML or Barry Cornelius text (or create documents from scratch).’ ‘Use our simple WYSIWYG editor to format your Summary documents, spell-check them, etc.’ Agenda ‘Invite others (by e-mail address) to edit or view your Details about GAFYD documents and spreadsheets.’
Details about ‘Edit documents online with whomever you choose.’ the Apps ‘View your documents’ and spreadsheets’ revision Managing history and roll back to any version.’ users ‘Publish documents and spreadsheets online to the Outsourcing world, as web pages or post documents to your blog.’ Conclusions ‘Download documents to your desktop as Word, Questions, comments OpenOffice, RTF, PDF, HTML or zip.’ and resources ‘Email your documents as attachments.’ Details about the Apps: Docs
Google Apps including Each document can be up to 500K, Webauthing plus up to 2MB per embedded image. Barry Cornelius Each user has a limit of 1000 documents Summary and 1000 images. Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Docs
Google Apps including Demonstration: Webauthing Get barry2 to create a new document, write a line to it, Barry Cornelius save it. Write another line, save it. Repeat. Show revisions. Summary Revert back to an earlier version. Agenda Within docs, barry2 invites barry to collaborate. Go to Details about GAFYD barry’s e-mail. Click on the link for the doc. Get barry to
Details about edit the doc. See the change immediately turning up in the Apps barry2’s copy. Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Spreadsheets
Google Apps including Webauthing
Barry Cornelius
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Spreadsheets
Google Apps including Here’s Google’s feature list for spreadsheets: Webauthing ‘Import and export .xls, .csv and .ods formatted data Barry Cornelius (with export functionality for .pdf and .html).’ ‘Enjoy intuitive navigation and editing, like any Summary traditional document or spreadsheet.’ Agenda ‘Use formatting and formula editing in spreadsheets so Details about GAFYD you can calculate results and give your data the look
Details about you want.’ the Apps ‘Chat in real time with others who are editing your Managing spreadsheet.’ users ‘Embed a spreadsheet, or a piece of a spreadsheet, in Outsourcing your blog or website.’ Conclusions
Questions, You can also access a spreadsheet from a program comments and resources using the Spreadsheet API. Details about the Apps: Spreadsheets
Google Apps including Each spreadsheet can contain Webauthing up to 10,000 rows, or up to 256 columns, Barry Cornelius or up to 50,000 cells, or up to 20 sheets
Summary – whichever limit is reached first. Agenda Each user has a limit of 200 spreadsheets. Details about GAFYD The limit on spreadsheets that can be opened at one Details about time is 20. the Apps
Managing You can import spreadsheets of up to approximately users 1MB. Outsourcing
Conclusions
Questions, comments and resources Details about the Apps: Spreadsheets
Google Apps including No time for a demonstration. Webauthing
Barry However, Spreadsheets are similar to Docs. Cornelius Each time a person updates a cell, the new contents Summary immediately appears in any copy of the spreadsheet Agenda that has been opened by another collaborator. Details about GAFYD One big difference: Spreadsheets allows you to Chat to Details about the Apps a collaborator (and the conversation appears in the
Managing Spreadsheets window). users Although similar, there are some differences in the user Outsourcing interfaces: the two Apps should be more consistent. Conclusions
Questions, comments and resources Managing users
Google Apps including 1 Managing users: three ways to create users Webauthing 2 Barry Managing users: configuring to use SSO Cornelius 3 Managing users: redirect, login, redirect back Summary 4 Managing users: the reference implementation Agenda 5 Details about Managing users: providing an implementation GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Managing users: three ways to create users
Google Apps including Even if the domain has been configured to use SSO, Webauthing an account has to be created for each user in your Barry Cornelius Google Apps domain.
Summary There are three approaches to managing users: Agenda The GUI interface: an administrator can use the control Details about panel to create each user one at a time. GAFYD Bulk update: an administrator can bulk create new Details about the Apps accounts by uploading a CSV file where each line
Managing contains the information about a user. users Provisioning API: using the provisioning API from a Outsourcing program, an administrator can query whether a user Conclusions exists, add a new user, delete a user, ... . Questions, comments and resources Managing users: configuring to use SSO
Google Apps including If an administrator wishes to switch to SSO, they need Webauthing to provide: Barry Cornelius the URL of a login page, e.g., https://auth.gapps.oxuni.org.uk:8443/ Summary gapps/IDP Agenda the URL of a logout page, e.g., Details about GAFYD https://webauth.ox.ac.uk/logout
Details about the URL of a change password page, e.g., the Apps https://auth.gapps.oxuni.org.uk:8443/ Managing gapps/CPdecide?acsURL=https://www.google.com/a/gapps.oxuni.org.uk/acs users a public key that can be used by Google to confirm the Outsourcing authenticity of SAML responses that it receives for this Conclusions domain Questions, comments and resources Managing users: configuring to use SSO
Google Apps including Webauthing
Barry Cornelius
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Managing users: redirect, login, redirect back
Google Apps including 1 What happens when the user uses a browser to go to Webauthing http://start.gapps.oxuni.org.uk? Barry Cornelius 2 The CNAME routes this to http://ghs.google.com
Summary 3 Google detects that this is for a GAFYD that has SSO Agenda configured. It sends a redirect to the login URL: Details about https://auth.gapps.oxuni.org.uk:8443/ GAFYD gapps/IDP?parameters Details about the Apps 4 Tomcat is configured to ask for Webauth authentication. Managing users 5 The user supplies an Oxford username and password. Outsourcing 6 The servlet generates a digitally signed response Conclusions containing the Oxford username and redirects the Questions, comments browser to Google’s Assertion Consumer Service. and resources 7 The ACS verifies the response using its copy of the organization’s public key and redirects to the Start Page of gapps.oxuni.org.uk Managing users: the reference implementation
Google Apps including To help an organization integrate GAFYD with their Webauthing SSO, Google provides a reference implementation of Barry Cornelius the code needed by the login page.
Summary This is a Java servlet (called SAMLTestTool) that Agenda receives and parses SAML requests, Details about calls a function to authenticate users (login function), GAFYD generates a SAML response. Details about the Apps There are more details about the reference Managing users implementation at
Outsourcing http://code.google.com/apis/apps/sso/
Conclusions saml_reference_implementation.html
Questions, comments and resources Managing users: providing an implementation
Google Apps including I have slimmed down the code of the reference Webauthing implementation to what we need. Barry Cornelius For Webauthing, the code uses the Java library
Summary contributed to Stanford by Mats Henrikson (ex-OUCS). Agenda The code has been extended to use the Provisioning Details about API to see if the username exists in the GAFYD. GAFYD If it does not, a web page informs the user: Details about the Apps that their username, first name and last name will be Managing passed to Google; users that the data they provide for calendars and documents Outsourcing will be stored on a Google server; Conclusions that when they reach Google’s new user screen they Questions, comments will be asked to accept Google’s terms and conditions. and resources If they are happy to proceed, it creates the account for the user in Google before redirecting the user’s browser to Google. Outsourcing
Google Apps including 1 Outsourcing: users use external sources Webauthing 2 Barry Outsourcing: what are the issues? Cornelius 3 Outsourcing: who is using Google Apps? Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Outsourcing: users use external sources
Google Apps including In an internal OUCS paper, Lou Burnard writes: Webauthing In addition to such familiar web-based services as Barry Cornelius email, shopping, and banking, Oxford IT users are increasingly likely to take advantage of freely available Summary websites offering any person or group such services as Agenda arranging a meeting date Details about (http://www.meetomatic.com) GAFYD carrying out a questionnaire Details about the Apps (http://www.surveymonkey.com) Managing managing a project (http://basecamphq.com) users (http://www.hosted-projects.com) Outsourcing storing, managing, and disseminating photos Conclusions (http://www.flickr.com) Questions, videos (http://youtube.com) etc comments and resources developing and maintaining networks of contacts (http://www.facebook.com) managing complex interactive simulations (http://www.secondlife.com) Outsourcing: what are the issues?
Google Apps including Suppose we are considering whether to outsource Webauthing some service. What are the areas where we should ask Barry Cornelius questions? 1 Availability and reliability Summary 2 Continuity of service Agenda 3 Support issues Details about 4 GAFYD Migration issues 5 Details about Domino effects the Apps 6 Duplication effects Managing 7 Strategic and legal considerations users 8 Rights issues Outsourcing 9 Privacy and confidentiality Conclusions 10 Cost implications Questions, comments So, if we were to adopt GAFYD, perhaps just for and resources calendaring, we would need satisfactory answers in each of these areas. Outsourcing: who is using Google Apps?
Google Apps including Google’s list of customers of Google Apps is at: Webauthing http://www.google.com/a/help/intl/en/ Barry Cornelius admins/customers.html Under the Education heading they have: Summary Arizona State University, Arizona Agenda Lakehead University, Ontario, Canada Details about GAFYD Northwestern University, Chicago Details about Thunderbird School of Global Management, Arizona the Apps San Jose City College, San Francisco Bay Area Managing users Cambria-Rowe Business College, Pennsylvania
Outsourcing Faculty of Management Studies, Delhi University
Conclusions Hofstra University, Long Island Wyzsza Szkola Biznesu - National Louis University Questions, comments Manhattan Christian College, Manhattan, Kansas and resources Victoria Junior College, Singapore Prem Tinsulanonda International School, Thailand Politéico Grancolombiao University, Colombia South East European University, Macedonia Outsourcing: who is using Google Apps?
Google Apps including Arizona State University started to adopt Google Apps Webauthing for students’ email in October 2006: Barry Cornelius http://www.asu.edu/news/stories/200610/
Summary 20061010_asugmail.htm
Agenda The article says that the transition for its 65000 Details about students will complete in January 2007. GAFYD
Details about Lakehead University (Thunder Bay, Ontario) migrated in the Apps November 2006: http://communications. Managing users lakeheadu.ca/news/?display=news&nid=310
Outsourcing The article says that they moved ‘38000 student, Conclusions faculty, staff and alumni email accounts from existing Questions, systems to Google Apps’ in a week. comments and resources Outsourcing: who is using Google Apps?
Google Apps including ‘Northwestern University is partnering with Google to Webauthing provide e-mail and other services to students ...’: Barry Cornelius http://www.it.northwestern.edu/
Summary transitions/google.html
Agenda Northwestern has 14000 students. UGs will be invited Details about to sign up in June 2007. It is estimated it will be the GAFYD default e-mail service for incoming UGs by December. Details about the Apps They will have the option of keeping accounts post Managing graduation. Graduate students will be provided access users
Outsourcing sometime in 2007-2008.
Conclusions Not mentioned in the above list, Trinity College Dublin
Questions, has adopted Gmail for its students: comments and resources http://www.tcd.ie/Communications/news. php?headerID=551&vs_date=2007-3-1 The article says that the transition for its 15000 students should be completed by October 2007. Conclusions
Google Apps including 1 Conclusions: Google Apps Webauthing 2 Barry Conclusions: SSO and outsourcing Cornelius
Summary
Agenda
Details about GAFYD
Details about the Apps
Managing users
Outsourcing
Conclusions
Questions, comments and resources Conclusions: Google Apps
Google Apps including Google are providing some significantly useful Webauthing applications. Barry Cornelius They are likely to add to this portfolio. Currently,
Summary Presentations are planned to appear in Summer 2007. Agenda I wonder whether they will add a CMS to GAFYD. Details about Because Google Apps are accessed through the web, GAFYD
Details about your messages, calendars, documents and the Apps spreadsheets are available to you anywhere in the Managing users world.
Outsourcing They are providing extras as standard:
Conclusions user-controlled access to documents and calendars;
Questions, multiple-user access to documents and calendars; comments versioning of documents, and reversion; and resources APIs to access the data from programs; sophisticated user management; branding of the site. Conclusions: SSO and outsourcing
Google Apps including The Google Apps SSO is complicated to set up but, if Webauthing your organization uses SSO, then setting it up means Barry Cornelius there’s one less password for your users to manage.
Summary I think outsourcing of an institution’s e-mail is fraught Agenda with problems. Probably the same could be said about Details about documents. GAFYD Details about Maybe one role for GAFYD is to use it the Apps in addition to what you currently provide, Managing users perhaps for use on specific projects. Outsourcing OUCS is experimenting with using GAFYD for Conclusions calendaring. Questions, comments and resources We would interested in a few departments/colleges joining this experiment. If you are interested, please send a message to [email protected] Questions, comments and resources
Google Apps including Over to you: it’s time for your questions and comments. Webauthing
Barry ... Cornelius ... Summary ... Agenda
Details about The slides for this talk are available at GAFYD http://www.oucs.ox.ac.uk/oucsweb/gapps/ Details about the Apps If your department/college is interested in taking part in Managing users our experiment with GAFYD, please send a message to
Outsourcing [email protected] Conclusions An 18 minute video of Rajen Sheth (Product Manager, Questions, Google Apps) demonstrating Google Apps is at http: comments and resources //www.youtube.com/watch?v=wY2bpr1TAA4 I recommend this video as it’s succinct and helpful.