Authentication tools, Migration – Google Networking Best Practices for Large Deployments User Manual
Page 38
38
Networking Best Practices for Large Deployments
Single Sign-On for Selected Network Locations
It is possible to create a conditional SSO system for your users that is based on a network
subnet mask. This can be configured in the Google Apps control panel, under Advanced
tools -> Set up single sign-on (SSO). This type of configuration is recommended as it can be
configured to control whether users outside your network use your SSO system.
A recommended setup is to configure Google Apps so that only users inside of your network
require SSO authentication. Users outside of the network can use Google's authentication
system instead. This ensures that users who cannot connect to VPN can still access basic
mail services, and reduces the burden on your VPN services. This type of configuration
requires that users accessing Google Apps without the use of the SSO system use a
password stored in Google Apps.
Note:
Google cannot enforce the use of SSL connections by third-party gadgets, Google
Apps Marketplace apps, and other services. Please contact the appropriate providers
of these services for clarification on their level of use of secure authentication.
Authentication Tools
A helpful tool to resolve any SAML-related errors during the authentication process is a SAML
2.0 debugger, such as
Migration
Google Apps deployments often involve traffic from migrating user data, either through local
clients
or server-side clients like
.
If you are migrating user data as part of your Google Apps deployment, you can expect
substantial data load, depending on the amount of data you choose to migrate. To limit the
impact to your network, we recommend following these best practices:
•
Ensure that your migration servers are in the same location as your legacy data servers,
or at least that the connectivity between servers has low latency and high bandwidth.
•
Avoid routing traffic from the migration servers to Google through proxy servers, to
increase migration performance and to avoid unnecessary proxy server load.
•
Assess your network capacity before migration to determine the maximum amount of data
that you can migrate concurrently. Adjust your migration plan accordingly.
•
During migration, some of the connections established to Google servers can stay open
for a period of time depending on the migration tool. To avoid any possible migration
errors, and to reduce the need to remigrate data, it is important to keep these sessions
open and not close them prematurely with any proxy or firewall timeouts.