Migrating from GSuite to Zoho

(updated )

Yesterday I wrote up some of my thoughts on Google's shutdown of legacy Apps for Domains accounts, and in the process of that largely settled on moving us over to Zoho's offering.

I've never been one to hang around, so today I started the process of migrating us from GSuite (sorry, Google Workspace) to Zoho's email and productivity suite.

This post details some of the prep I did, as well as some of my observations along the way.

Preparation

Before doing anything else I hopped into DNS to get things ready there.

I lowered the TTL on all my MX reccords to 15 minutes - the original TTL was only an hour, so I didn't need to wait too long before proceeding. Obviously, if yours is at 24 hours, you're going to want to drop the TTLs at least a day in advance.

I also updated my SPF record to allow Zoho to send mail for my domain

"v=spf1 include:zoho.eu include:_spf.google.com ~all"

And I doublechecked that my DMARC record was in report only (p=none)

"v=DMARC1; p=none; rua=mailto:<mymail>; ruf=mailto:<mymail>; rf=afrf; pct=100"

The DKIM config is in a Google specific record, so I didn't need to do anything with that.

Enabling Mail Hosting

I originally played around with Zoho in a free "Personal" account, so needed to upgrade it - I logged into Webmail, clicked my avatar and chose Enable Mailhosting

Upgrade option in the webmail view

The wizard took me through upgrading the account, and then adding/configuring a vanity domain. I wasn't quite ready, yet, to update MX records so skipped that.

Importing mail

Zoho has a built in data migrator, but to use it you have to first create a service account on Google's side. Once set up, the tool imports calendars and contacts as well as email.

The steps for setting the service account up on Google are well documented but gave me a feeling I often get with Google's offerings (and have commented on before): With GCP it often feels like you need someone to have laid out specific steps (with links) in order to get anything done. Because stuff is buried in different panels on different subdomains you just can't self-discover in quite the way that's possible with AWS. But, we're not here to discuss the relative merits of those two cloud providers.

Once you get past this obstacle, you have some creds you can enter into the Zoho side migration form, and before you know it you're ready to go

Upgrade option in the webmail view

It's not perfect: The first time you see this page, you'll almost certainly click Start Migration and be told you've not entered any user mappings on the Users tab. But that's quickly resolved.

How long migration takes depends, quite heavily, on how much mail+complexity you have. Smaller accounts were done within an hour, my personal account took forever because I've a ton of mail, and a ton of labels (which'll become folders in Zoho).

Setting up a catch-all address

I was pleasantly surprised at how simple this was. It used to be simple on Apps for Domains too, but apparently Google have complicated it.

Migrating Google Docs/Drive

Zoho do have a migration tool that GSuite users can use, unfortunately you have to request that it be enabled (the form raises a support ticket). When enabled, the tool can apparently do your entire domain and convert docs on the fly.

I didn't want to wait though, so I took the long way round. For each account I was migrating, I logged into https://takeout.google.com and triggered a TakeOut request - they take a while to run, but because of the different account sizes that helpfully meant the work was staggered.

Zoho have some documentation on migrating data from Drive into Workdrive but this is where I briefly came unstuck.

Their documentation's approach is

  • Install the Workdrive Sync app
  • Extract the takeout file
  • Copy the Drive folder from the takeout to the sync dir and wait

Now, this gets the files into Workdrive, but they're not going to be in a useful format. Takeout exports Sheets and Docs files as .xlsx and .docx (respectively), those formats are read-only in Zoho's productivity suite (actually, there's some inconsistency here - you can seem to edit .xlsx in the mobile app, but not the web interface). In the web interface you can make an editable copy of either, but have to do it on a per doc basis (and then delete the original).

That's really not a great workflow if you've more than a couple of docs, but I found a better way

  • If you've already uploaded them, delete the lot from Workdrive
  • In the Workdrive web interface click your avatar (top right)
  • Choose My Preferences
  • Scroll to the bottom and enable the option Convert all files to Zoho WorkDrive's format when you upload to My Folders

Now, this only affects uploads made through the web interface, but the web interface also allows you to upload entire directories, so you don't need to go through each file individually.

  • Go back to the main view and click My Folders
  • Select Upload Folder
  • Browse to wherever you unpacked your Takeout archive, and select the Drive directory
  • Hit Upload

Your files will then be uploaded and converted to Zoho's native formats, allowing you to edit them from the mobile app, the web interface and the desktop client.

I repeated this process for each of the users as and when their Takeout's became available.

Device Support

With Gmail/Gsuite we tended to use apps on Android, and a browser on the desktop.

As expected, Zoho have Android apps, but on the desktop we've actually got a little more choice: Zoho have desktop clients that you can install (and they even support Linux). I don't know how much use we'll make of them in practice, but it's definitely nice to have the option.

The Android app, unlike Gmail, allows encryption-at-rest for mail held on-device. I've not played around with that just yet (didn't want to run the risk of losing any of the data I'd just migrated in) but plan to toy with it later.

We're not huge Drive users, so although I've installed the desktop sync agent, I don't expect we'll make a huge amount of use of it - however it is is useful for is use in concert with the desktop docs package.

I've also hooked Thunderbird up to my mail account - I lost the ability to do that back when Google started messing around with the "Allow Insecure Apps" stuff (admittedly things have been fixed since then, but I never got around to trying it again).

Cutting Over

Just before I cut over, I wanted to enable DKIM in Zoho - again the process was well documented and simple.

Finally, I deleted my existing MX records and added new ones pointing to Zoho

@ 1800 IN MX 10 mx.zoho.eu.
@ 1800 IN MX 20 mx2.zoho.eu.
@ 1800 IN MX 50 mx3.zoho.eu.

Out of habit, I initially set quite a low TTL, and will bump it up further once I'm happy that everything's settled.

Lock-In

As successful as this migration seems to have been, none of this begins to address some of the concerns around lock-in that I detailed yesterday.

When I wrote yesterday, things were still up in the air in terms of whether Google will terminate only the services (so Gmail and GSuite) or whether they'll terminate accounts themselves.

A re-read of their announcement suggests it might be the former

If you have the G Suite legacy free edition, you need to upgrade to a paid Google Workspace subscription to keep your services

But, conversely, their documentation on upgrading talks more broadly

To maintain your services and accounts, review the information below and upgrade by May 1, 2022

Whilst then going on to suggest that some other services will still be accessible

After 60 days in suspension, you will no longer have access to Google Workspace core services, such as Gmail, Calendar, and Meet. You may still retain access to additional Google services, such as YouTube and Google Photos.

Making it clear as mud.

That last snippet seems to imply that the account will still work, and it's only the Workspace services that'll be lost, but there's an awful lot of weasel able to hide in the word "may".

However, things are a bit more explicit in the FAQ section of that page

If you don’t upgrade to a Google Workspace subscription, you will not lose access to other Google Services, including YouTube, Google Photos, and Google Play, nor paid content, including YouTube and Play Store purchases

So, the underlying accounts should continue to be valid even after the Workspace functionality is suspended. Even if that later proves not to be the case, it's probably better to take the hit and not let the lock-in perpetuate for any longer than it already has.

Other Bits - Auth and stuff

I set up 2 factor authentication for my Zoho account - they support a range of 2FA mechanisms

  • TOTP (i.e. Authy, Google Authenticator etc)
  • Yubikey
  • Dedicated Zoho app
  • SMS based MFA

What I found a little odd though, was the Yubikey support.

They're using U2F (meaning older Yubikeys aren't supported), but if you try and enroll a non-Yubico U2F dongle (I tested with one of these) then it fails. So, they seem to have locked to using Yubikeys, whilst using a non-Yubikey specific technology (I guess behind the scenes they've probably integrated around Yubico's key server product). Still, a little strange.

But, their suite works with Yubikeys, and you can register multiple (as well as enabling multiple types of second factors), so it ticks all the boxes for me.

I also reconfigured the account to use an email that isn't hosted/handled by Zoho as the main billing contact - my concern being that I'd not be able to access it if something went wrong and the account got suspended (or whatever). Had I been staying with Google, I'd have done something similar there too.

Conclusion

The migration has gone pretty well, and so far I'm with Zoho's offering - their onboarding process was simple, and processes are well documented. That documentation could perhaps do with refining in some areas (the Google Drive/Docs migration caught me a little of guard), but the product itself works well.

There's obviously going to be something of an adjustment period, and some things simply work different (even down to swiping to delete/archive in the mail app - you swipe left, not right). I don't doubt that, once the honeymoon period wears off, there'll be some frustrations as well as some stuff I've missed. But, I think in the long run, we're going to be better off.

The very fact that I needed to migrate us also meant that I've finally addressed an issue I've been ignoring for quite some time

A cursed inbox

For the first time in years I'm actually at Inbox 0. Just need to stay on top of it now.

I'm simply not going to get excited about a productivity suite (sorry marketers), but my initial impression of Zoho is that it's more than adequate for our needs.

Our data's now being held by someone who's core business does not revolve around profiling and advertising, who publishes a legible privacy policy, as well as crystal clear statements on GDPR compliance. All that, and at a price that matches Google's time-limited discounted pricing.

Basically, it was a choice between sticking with Google through apathy and paying less (and not getting profiled).

Update

The Drive migration tool got enabled on my account before I'd had chance to process the Takeout from some users, so I decided to give that a whirl instead.

It's worked exactly as expected:

  • You install a domain wide App in Gsuite
  • You allow API access to that App
  • You export a CSV of users (I trimmed out any I'd manually migrated)
  • In Zoho you use OAuth to authorise access
  • The migration checks a few details and then you set it running

It all ran smoothly (and quite quickly) with email notifications being sent out at start and end.

Share this post on Twitter Share this post on Reddit Share this post on LinkedIN Share this post via Whatsapp Share this post via Telegram Share this post via QQ Share this post via Email