Google Apps takes your office to the Internet

But the enterprise admin measures you’re used to are missing

We tested the Premier edition of Google Apps, an upgrade from the standard edition that is free until the end of the month, and found it adequately provides a place where users can manage their own schedules, store and share data, and collaborate with co-workers.

But the lack of administrative control and security measures that IT execs are accustomed to make Google’s hosted suite of applications unsuited for deployment beyond specialized or distributed workgroups.

To get started, organizations need to provide Google with an Internet domain name – either an existing one or a new, dedicated one. IT would maintain control over the domain name and the DNS records. Web-based administration of Google Apps can be conducted using either Firefox or Internet Explorer.

The domain is the container for all user accounts. There is no technical limitation on the number of users you can have in a domain.


Google Apps extrasHow we tested Google Apps

Archive of Network World tests

Subscribe to the Network Product Test Results newsletter


There are no other groupings of users from an administrative standpoint, nor is there any privilege hierarchy. You can create additional domain aliases (such as company.com, company.net and company.org) and link them, so they function as one domain inside of Google Apps.

Creating users requires four pieces of information: first name, last name, user name and password. You can’t store additional attributes, such as title, phone number, location or workgroup. Individual Google Apps programs do allow for some additional attributes, such as a picture, but users control those application-specific attributes.

Google provides a tool for creating users in bulk. A text file containing user information can be uploaded and hundreds of new users churned out very quickly. You cannot delete or suspend users using this bulk-load tool.

Screen shot of Google Users

Google doesn’t offer any granularity when setting user permissions. An account either has user privileges or administrator privileges and every administrator has free reign over all aspects of the domain.

Password control is very limited. While an administrator can expire a password immediately, forcing a password change at the next logon, it cannot be expired by a predetermined date. If your company needs any control over password use, you should use the Provisioning API that Google provides. This XML-based API lets administrators write a script that can automatically create or modify accounts as they are changed in your local system. This will take some work to set up, depending on your local systems, but it will allow for much tighter control of the accounts and passwords within your Google domain.

COLLABORATION AND OFFICE PRODUCTIVITY GOOGLE APPS PREMIER EDITION

Google.

3.95
Price:$50 per user, per year
Pros:Easy to set up, easy to use; no local software to maintain; users have a lot of control.
Cons:Very little administrative control, no hierarchy to storage; no administrative hierarchy allowed.
The breakdown
Ease of administration 25%4Scoring Key: 5: Exceptional4: Very good3: Average2: Below average1: Subpar or not available
Security 20%2.5

Platform support 15%

4.5
Functionality 15%4
Ease of use 15%4.5
Installation 10%5
TOTAL SCORE3.95
Check out our Collaboration Tools Buyer's Guide.

Google also provides a SAML-based Single Sign-On service. This service allows credentials to be authenticated by someone other than Google, whether that is your corporate site or a trusted third-party. If you already have a SAML-based Single Sign-On in place, you can connect your Google Apps domain to it.

The user point of view

Users access Google Apps via a start page. This is a user-customizable portal that can contain all sorts of Web “gadgets” and tools. For example, if you like to start each day by skimming the headlines or checking the stock market, there are gadgets that provide RSS feeds from your favorite sources of information. There are, of course, also links to each of the Google Apps available, but use of this start page is completely optional, as each application can be accessed directly from its own URL.

The heart of the Google Apps suite is called simply “Docs and Spreadsheets”. The files stored on the Google site are edited directly by users via the Web site. The most current version of any file is saved and all revisions are tracked, allowing users to revert to previous versions.

These files can be printed or exported to other formats, such as HTML or PDF. Documents can also be imported from or exported to Microsoft Word or Open Office Writer documents. There are no technical controls an IT department can place on the files shared to the Google system. .

The Docs and Spreadsheets application is fairly robust and can do most of the formatting functions that you can find in their Microsoft or Open Office counterparts. There are some limitations, of course. For example, the spreadsheets can use formulas, but you cannot create graphs or charts. Also, you cannot use macros within the documents.

Another limitation is the lack of hierarchical storage. While all users are allowed 10G-bytes of hosted storage space, all files, both documents and spreadsheets, are stored in one flat file space. The only tool available to assist with categorizing the files is a “tag.” A file can have multiple tags associated with it. You can then “filter” the listing based upon one or more tags to help find files. You can also “star” a file to flag it as important.

One important limitation is the Docs and Spreadsheets isn’t a general file store. You cannot save files of any type, such as slide decks or pictures. Further, you cannot save a native Word or Writer doc; it must be imported.

Files can then be shared with other users, either as collaborators or viewers. If permissions are given to someone – any collaborator can change permissions -- the item will appear in their file list and it will display what permissions they have been granted. If you “publish” your file, every user within your domain will be granted “viewing” permissions to it. The application does not send out a general invitation to all users alerting them to this published file, nor does it show up in their file list. However, you can e-mail them a unique URL to the file which the application provides.

With the Calendar application each user is provided with a private calendar space. The appointment information listed here can be shared with other users, even those in other domains. The administrator sets a default level of sharing during account creation, but the user is free to modify these settings. Users outside of the domain can be allowed to view free/busy information or see nothing. Users within the domain can be allowed to see appointment details, view only free/busy information or observe nothing. Specific users within the domain can be given permissions that are higher than the rest of the domain. For example, you may want to give your workgroup rights to see your appointments, but not everyone else in the company.

Calendar information can be imported from iCal or Microsoft Outlook’s CSV format. Meeting notifications can be sent via e-mail, pop-up windows or even via SMS to a cell phone or other mobile device.

The administrator can also create resources, such as conference rooms or equipment. These objects can be scheduled by other users on their own or shared calendars.

The Google Apps e-mail component has the already popular Gmail system at its core, but its outward facing communications are branded for your particular domain. The administrator can create e-mail groups for your domain which will deliver to multiple recipients. Likewise, aliases can be created, which redirect email to another personal account. For example, you may have an account called sales@yourdomain.com which redirects to BobSmith@yourdomain.com. Users can also manage their own address lists, groups and contacts as well.

There are not many other administrative tools associated with this component. As far as any limited spam is concerned, the program does allow an administrator to set up a white list.

The “label” function in Gmail attaches attributes to e-mails to help organize and categorize them for easier searching. There are no folders or other structure. The “star” function is also present in Gmail, which allows you to mark a message.

E-mail can be accessed remotely by using the Post Office Protocol (POP). Google still has not added support for the much newer Internet Message Access Protocol (IMAP). Users can set up forwarding rules to automatically send all incoming e-mail to another system, perhaps choosing to keep a copy of all messages on the initial Gmail account. Filters can also be created to treat e-mails differently based upon recipient, whom it was sent to or keywords in the subject or message body. Then, the message can be automatically archived, forwarded, starred, labeled or simply deleted.

There are a few quirks to the Google Apps worth noting. Each application can be disabled by an administrator, but only at the highest level. You can’t allow only certain users to use Docs and Spreadsheets, for example; it’s an all or nothing allocation proposition.

Another annoyance is the lack of consistency between applications. While they employ many of the same application functions, menus are laid out differently. Some are trivial, while others make navigation more difficult all around.

The biggest concern for administrators is the lack of control over what users can and can’t do. They are free to share files with whomever they want, whether inside or outside of the domain. And, there’s nowhere to see what your administrators are up to because there is no auditing or logging function that details which administrator did what and to whom.

If used properly by trusted users, Google Apps can be a great place for them to share information among coworkers. But the lack of any sort of administrative control or auditing oversight makes it an undesirable platform for managing sensitive data.

Berkley is the Associate Director for Networking and Telecommunications Services at the University of Kansas. He can be reached at berkley@ku.edu.

NW Lab Alliance

Berkley is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.

Learn more about this topic

Buyer's Guide: On-line Collaboration Tools and Services

Google Apps' Gmail faces downtime problems

03/27/07

Living with Google Apps — at Google

02/22/07

Google Apps suite to add Docs & Spreadsheets

02/16/07

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.