This article will provide the complete onboarding task flow for setting up a Google Vault migration. Links to corresponding Knowledge Base articles are provided.
Migrating from Google Vault is a three-step process:
- Identify the data to be exported from Google Vault.
a. Complete export or targeted data.
2. Search, Export and Upload Files (to Azure) using BitTitan Google Vault Extractor.
a. Search Google Vault.
b. Export and download the contents from Google Vault.
c. Use UploaderWiz to upload the locally stored files to Azure Blob storage.
3. Migrate the data using MigrationWiz.
a. It is suggested to migrate the results into the Recoverable Items Folder in the primary Office 365 mailbox, but can be migrated to any location (Primary mailbox or Archive mailbox).
Google Vault migrations can be complex. Please review Google Vault Best Practices to get some tips and tricks, that will save you time and answer common questions.
This migration guide contains the necessary steps to perform the actual migration, but there are many steps to preparing for migration. If this is your first time performing a migration, we have created a Migration Planning & Strategy Guide to walk you through planning, set-up, and general migration best practices.
To discover what items are moved with MigrationWiz in this scenario, and which items will not be moved, see Moved Items. Note that these items will vary by source and destination, so check the proper environment listings carefully.
MigrationWiz is a migration tool, not a syncing tool. If changes are made at the source after migration, they will not sync to the destination, nor will changes made at the destination sync to the source. We do not have “live” monitoring of changes (as with a sync agent) and we cannot handle scenarios such as conflict resolution without user interaction.
Prerequisites for Google Vault Migrations
Export Server: It is required that BitTitan Google Vault Extractor be run from a locally managed server. This export server is setup and maintained by the customer. The export server is a requirement and not provided by BitTitan. This server can be a local workstation, on-premise server, or a virtual server.
Azure Storage Account (BLOB)
- Prepare the Azure subscription storage account.
a. Buy an Azure subscription (KB004996).
b. Create an Azure storage account.
Note: This information will be entered when creating your MSPComplete Destination Endpoint (KB004832).
c. To obtain your Access Key: Log on to the Azure portal > Dashboard > All Resources > All subscriptions > Click Storage Account name > Settings > Access Key.
Note: Make a note of the Storage Account Name and the Primary Access Key. These will need to be entered when creating your MSPComplete Destination Endpoint.
d. Create an Azure public blob container named migrationwiz. Confirm that the blob container is empty and accessible (KB008059).
Note: Migrationwiz is the default container name that MigrationWiz looks for. This can be modified in the Advanced Options of the MigrationWiz project.
Google Vault OAuth Client API Setup
BitTitan’s Google Vault Extractor allows for the use of your own OAuth Client API, rather than the BitTitan shared API. This option has many benefits and allows for greater control over throttling and security. It’s not a requirement of the migration, but BitTitan recommends this option.
List of Users to Export
BitTitan’s Google Vault Extractor requires a .txt file with the email addresses of the users that need to be extracted. As part of migration planning, you will need to consider batching the users into multiple text files. The extractor will systematically work its way down the list and process each user in a serial means. It is recommended that each user list contains no more than fifty users to easily manage the batch. You will also need to plan out the storage requirements for the list of users. If the list contains fifty users and those fifty users add up to 100GB in exported data volume, the local export server needs to have the required free space.
Sample input file:
Office 365 Mailboxes
Important note: If you are migrating into the Recoverable Items Folder of the users mailbox, make sure the user is on Litigation Hold in Office 365. If you do not, the data will be automatically deleted in Office 365. Learn how to place the mailboxes on Litigation Hold from this TechNet article.
Identify the data to be exported from Google Vault
The key to a successful Google Vault migration is to properly identify the data you want to extract from Google Vault. The key to getting data out of Google Vault is to search for it then export the search results. The search is the key to successfully exporting the data required. To correctly search the data, use Google Search Terms to target the data required. BitTitan Google Vault Extractor will programmatically search, export, and download the results automatically and at scale.
Search, Export and Upload Files (to Azure) using BitTitan Google Vault Extractor and UploaderWiz
1. From the Export Server, open an administrative command prompt.
2. Navigate to your working directory.
3. Run the command to Search, Export, Download and Upload (optional). Build your export command depending on the data export requirements
Important note: Refer to Use the Google Vault Extractor for more details.
Example: Search, Export, Download, then Upload automatically using your own Google Vault OAuth Client API Setup:
GoogleVaultExport.lnk -process-start-args "-command exportandupload -clientid GOOGLE CLIENT ID -clientSecret GOOGLE CLIENT SECRET -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms "label:^deleted""
Example: Search, Export, Download, then Upload automatically not using your own Google Vault OAuth Client API Setup:
GoogleVaultExport.lnk -process-start-args "-command exportandupload -NewEmailsTimeout 86400000 -CompressionTimeout 86400000 -inputFile C:\GVault\input.txt -outputFolder c:\GVault\Export -uploadAccessKey AZURE CLIENT -uploadSecretKey AZURE SECRET KEY -uploadBucketName AZURE BUCKET -searchTerms "label:^deleted""
4. This will automatically launch a browser window for authentication. Log in with the Google Administrator Account and select that account to authenticate for access to Google Vault data.
Note: To switch to a different Google Administrator account after logging in, you can use the reset option GoogleVaultExport.exe "-command reset".
5. Once access is granted, the extractor will run in the command window.
6. When completed:
a. Confirm that all expected Google Vault data is available in the Azure BLOB, if you used the option to extract and upload or
b. Manually upload the results to the Azure BLOB if you used the option to only extract.
Note: The extractor will download two files from Google; the compressed zip folder with the data and an XML file, and a .done file, which indicates a successful extraction. It will do this for each user in the input file. If the extractor fails on a user, it will create a .fail file for the user.
a. Run the extraction again. The extractor will skip any users with a .done file and only re-try the ones with a .fail.
b. Refer to the Troubleshooting Google Vault Extractor KB article.
Note: Storage management is critical on the Export Server.
Migrate the data using MigrationWiz
Prepare the Destination Environment
Note: These steps may have already been completed during a previous migration project.
Important note: If you are migrating into the Recoverable Items Folder of the mailbox, make sure the user is on Litigation Hold in Office 365. If you do not, the data will be automatically deleted in Office 365.
- Create an administrator account in Office 365 to be used for migration or use the global admin account for the tenant (KB004948).
- Set up accounts in Office 365 and assign licenses. These can be created in several ways:
a. Manually, one at a time.
b. By bulk import, via CSV file ( Microsoft instructions).
c. By PowerShell script (TechNet article).
d. By DirSync, AAD Sync, or AAD Connect (KB004336).
3. Place the mailboxes on Litigation Hold TechNet article.
1. Create the Customer. KB005421
2. Create the Source and Destination Endpoints.
a. For the Source Endpoint:
i. Click Endpoints >Add Endpoint > Enter Endpoint name > For Endpoint type, select Google Vault.
ii. Enter Storage Account Name and Access Key in the fields provided.
b. For the Destination Endpoint:
i. Click Endpoints > Add Endpoint > Enter Endpoint name > For Endpoint type, select Office 365> fill in the required fields.
3. Purchase User Migration Bundle licenses. User Migration Bundle licenses allow multiple types of migrations to be performed with a single license. They also allow DeploymentPro to be used to configure Outlook email profiles. Refer to these articles for more information:
- How do I purchase licenses?
- Migration License Types
- Apply User Migration Bundle licenses to the Customer's Users
1. Set up a Personal Archive project. Read the How do I create a new migration project? article for more information.
2. Add items to MigrationWiz project. We recommend that you use the AutoDiscover items feature to import all the items from the Azure BLOB container.
a. Select Add > Autodiscover Items.
3. Edit Destination email addresses as needed to set the Destination mailbox to ingest each file into.
a. Click the Edit Item icon to the right of the row.
b. Under Destination Email Address, enter the mailbox this file will be ingested into. KB004937
4. Set the Project Advanced Options. KB004834
a. Set the Destination to migrate data into: DESTINATION: MICROSOFT OFFICE 365 > Migrate to: Mailbox or Archive or Recoverable Items.
Note: Best practices recommend you migrate into the Recoverable Items Folder so the user does not have access to the data. The default setting is mailbox in MigrationWiz.
b. Optional: Add GoogleVaultCustomEndpointSuffix=Azure URI under Support/Support options. KB005896
c. Optional: Enable Audit Logging – KB Audit Logging.
5. Run Verify Credentials. KB004511
6. Perform a Full Migration pass.
a. Check the box next to the Root Path.
b. Select the Start button from the drop-down list.
c. Select Full Migration.
d. Click the Start Migration button.
Note: Delta migrations are not supported for Google Vault migrations. Google Vault migrations only require a single Full Migration pass. KB004938
7. If needed, run Retry Errors. KB004658
8. If problems persist, contact Support. KB004529
9. Click the pie chart icon on the MigrationWiz dashboard to receive an email containing all of the project migration statistics. KB004626
The following can be deleted:
- On the Google Vault admin portal:
a. Matter files that were created for each query
b. Downloaded Matter files
c. The client OAuth Client API (if one was created)
2. On the client computer being used to run the Google Vault Extractor:
a. The Google Vault Extractor and directory
3. On Azure:
a. Azure storage containers used for uploading the extracted matter files into
b. The Azure storage account, if it was set up just for the purpose of the Google Vault project
4. On MigrationWiz:
a. Your Google Vault MigrationWiz project
Note: This is optional because MigrationWiz has a 180-day auto-delete policy. For more information, see How do I extend the unused period of my Project?
5. On Office 365:
a. Endpoints that were created for this project
b. If a separate account was created for migrating the Google Vault items to Office 365 (e.g., email@example.com), this account can be deactivated and removed.