User Migration Guides | Google Workspace to Dropbox for Business
Contents
- 1 Introduction
- 1.1 How does DryvIQ Work?
- 1.1.1 The Engine
- 1.1.2 Security
- 1.1.3 Analyzer | Simulation Mode
- 1.1.4 Command and Control
- 1.2 Features and Functionality
- 1.3 Architecture and Performance
- 1.1 How does DryvIQ Work?
- 2 Supported Features
- 3 Connection Setup
- 4 Google Workspace
- 5 Dropbox for Business
- 5.1 Create Connection | User Interface
- 5.2 Features and Limitations
- 5.2.1 Files and Folders
- 5.2.2 Author Preservation
- 5.2.3 Business Team Folders
- 5.2.4 Character Sanitization
- 5.2.5 Dropbox Paper
- 5.2.6 Path Lengths
- 5.2.7 Versioning
- 5.2.8 Version Limits
- 5.3 Create Connection | REST API
- 5.4 Transferring Dropbox for Business Team Folders
- 6 Connection Pooling
- 7 User and Group Maps
- 8 Transfer Planner
- 9 Simulation Mode
- 10 Creating a Job
- 10.1 Job Type
- 10.1.1 Transfer Direction
- 10.2 Define Source & Destination Locations
- 10.3 Configuring Your Locations | Impersonation
- 10.4 Job Category
- 10.4.1 Create Job Category
- 10.5 Job Policies
- 10.6 Behaviors
- 10.7 Advanced
- 10.7.1 Filtering
- 10.7.2 Permission Preservation
- 10.7.3 Metadata Mapping
- 10.7.4 Scripting
- 10.8 Job Summary
- 10.9 Saving the Job
- 10.10 Defining the Job Schedule
- 10.11 Defining Stop Policies
- 10.1 Job Type
- 11 Reports
- 12 Generate Job Reports
- 12.1 Generate Report
- 12.1.1 Report Type
- 12.1.2 Report Contents
- 12.1 Generate Report
- 13 Remediation
Introduction
DryvIQ is an enterprise data integration platform that enables organizations to maximize business value and productivity from their content. It connects disparate storage platforms and business applications together, allowing organizations to move, copy, synchronize, gather, and organize files as well as their related data across any system. DryvIQ empowers your users with unified access to the most relevant, complete, and up-to-date content—no matter where it resides.
DryvIQ delivers a user-friendly, web-based experience optimized for PC, tablet, and mobile phone interfaces, so you can monitor and control your file transfers anywhere, from any device.
DryvIQ’s true bi-directional hybrid/sync capabilities enable organizations to leverage and preserve content across on-premises systems and any cloud service. Seamless to users, new files/file changes from either system are automatically reflected in the other.
How does DryvIQ Work?
Cloud storage and collaboration platforms continue to be the driving force of digital transformation within the enterprise. However, users need to readily access the content that resides within your existing network file systems, ECM, and other storage platforms—enabling them to be productive, wherever they are. DryvIQ is purpose-built to provide boundless enterprise content integration possibilities. The DryvIQ Platform is 100% open and provides a highly-scalable architecture that enables enterprises to meet evolving technology and user demands—no matter how complex.
The DryvIQ platform provides:
A low risk approach to moving content to the cloud while maintaining on-premises systems
No impact to users, IT staff, business operations, or existing storage integrations
The ability to extend cloud storage anywhere/any device capabilities to locally-stored content
Easy integration of newly acquired business storage platforms into existing infrastructures
The Engine
DryvIQ’s bi-directional synchronization engine enables your enterprise to fully-integrate and synchronize your existing on-premises platforms with any cloud service. It empowers your users to freely access the content they need while IT staff maintains full governance and control. DryvIQ integrates with each system's published Application Program Interface (API) at the deepest level—optimizing transfer speeds and preserving all file attributes.
Security
DryvIQ’s 100% security-neutral model does not incorporate or use any type of proxy cloud service or other intermediary presence point. All content and related data is streamed directly via HTTPS [256-bit encryption] from the origin to the destination system(s). Additionally, DryvIQ works with native database encryption. For more information, please see DryvIQ Platform | Security Whitepaper
Analyzer | Simulation Mode
The DryvIQ analyzer is a powerful enterprise file transfer simulation that eliminates the guesswork. You will gain granular insight into your entire content landscape including its structure, usage, age, type, applicable metadata, and more no matter where the files are located (in local storage, remote offices, or on user desktops).
Simulation mode allows you to create a job with all desired configuration options set and execute it as a dry-run. In this mode, no data transfers, no permissions are set, and no changes are made to either the source or the destination. This can be useful in answering several questions about your content prior to running any jobs against your content.
Command and Control
Via highly-advanced web, DryvIQ Command-line Interface (CLI), RESTful API, and/or .NET interfaces, DryvIQ administrators can easily integrate systems, control interactions and behaviors, or create and control end-user experiences for advanced self-service capabilities.
Features and Functionality
The DryvIQ Platform enables you with complete integration and control over:
User accounts
User networked home drives
User and group permissions
Document types, notes, and file attributes
Timestamps
Versions
Departmental, project, and team folders
Defined and custom metadata
Architecture and Performance
The DryvIQ platform is built on a pluggable, content–streaming architecture that enables highly–automated file/data transfer and synchronization capabilities for up to billions of files. File bytes stream in from one connection endpoint (defined by the administrator) and across a customer-owned and operated network and/or cloud service. They are then streamed out to a second connection endpoint. Content can also flow bidirectionally across two endpoints rather than solely from an "origin" to a "destination."
Supported Features
The DryvIQ Platform Comparison tool allows you to compare platform features and technical details to determine which are supported for your transfer scenario. Viewing the Platform Comparison results for your integration will display a list of features of each platform and provide insight early in the integration planning process on what details may need further investigation.
The Platform Comparison tool is available through the Platforms menu options. For further information, see Platform Comparison.
Connection Setup
DryvIQ is built on a concept of connections. A connection is made to the source platform, and another connection is made to the destination platform. A job is created to tie the two platforms together. When DryvIQ connects to a content platform, it does so by using the publicly available Application Programming Interface (API) for the specific platform. This ensures DryvIQ is “playing by the rules” for each platform.
Connections “connect” to a platform as a specific user account. The user account requires the proper permissions to the platform to read, write, update, and/or delete the content based on the actions the DryvIQ job is to perform. The connection user account should also be set up so the password does not expire; otherwise, the connection will no longer be able to access the platform until the connection has been refreshed with the new password. Most connections require a specific user account and its corresponding password. The user account is typically an email address.
Authenticated Connections
Authenticated Connections are accounts that have been verified with the cloud-based or network-based platform when created. The connection can be user/password-based or done through OAuth2 flow, where a token is generated based on the granting authorization to DryvIQ through a user login. This authorization allows DryvIQ access to the user's drive information (files and folder) on the platform. These connections are used as the source or the destination authentication to transfer your content.
OAuth2 Interactive (Web) Flow
Connectors such as Box, Google Drive, and Dropbox use the OAuth2 interactive (or web) flow.
OAuth2 Client Credentials Flow
Connections such as Syncplicity and Google Workspace uses the OAuth2 client credentials flow.
SharePoint
SharePoint (all versions, CSOM) uses a custom username/password authentication model.
OAuth2 Interactive (Web) Flow
You will need the following information when creating a connection to Network File System, Box, Dropbox, and Dropbox for Business:
A name for the connection
The account User ID (such as jsmith@company.com)
The password for the User ID.
Create Connections
Creating a connection in the DryvIQ Platform user interface is easy! Simply add a connection, select your platform, and enter the requested information. DryvIQ will securely validate your credentials and connect to your source content.
Google Workspace
The Google Workspace (formally G Suite) connector in DryvIQ allows you to analyze, migrate, copy, and synchronize files between your Google Workspace account and cloud storage repositories and on-premise network file shares. The first step is to create the Google Workspace connection by providing the connection information required for DryvIQ to connect to the platform/server.
Creating connection | DryvIQ application user-interface
Select Connections > Add connection.
Select Google Workspace as the platform on the Add connection modal.
Enter the connection information. Reference the table below for details about each field.
Test the connection to ensure DryvIQ can connect using the information entered.
You will see a "Connection test succeeded" message on the Add connection modal when DryvIQ establishes connection. (If you don't see this message, verify the information you entered.)
Select Done.
Add connection modal - Google Workspace
Field | Description | Required |
|---|---|---|
Display as | Enter the display name for the connection. If you will be creating multiple connections, ensure the name readily identifies the connection. The name displays in the application, and you can use it to search for the connection and filter lists. The maximum length is 255 characters. | Optional |
Service account email | Enter the email address created during the Service Account creation process. It will resemble <service-account-name>@<project-id>.iam.gserviceaccount.com | Required |
Private key | Enter the x509 private key. This is the value created when creating the new private key when creating a new Service Account in the Google IAM & admin Console. It will begin with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----. You can click the Choose a file on your computer link to import the key from a file on your computer. Use the file upload dialog that appears to locate the file that contains the key you want to use. | Required |
Drive Space | Select the level where the connection should be made. My Drive: This is the default entry. When selected, the connection will be made at the "My Drive" (the highest) level of the account. Unorganized: Selecting this option creates the connection to the unorganized content in the account. Unorganized files are files that are orphaned. This means the file exists but isn’t a part of a file structure. This happens when parent folders get deleted. These files can only be found by searching the drive for "is:unorganized owner:me." Shared with me: This creates the connection to the shared content (content available through the "Shared with me" menu option within the account). |
|
Subject email | Enter the email address for the account whose data will be transferred. This is the "sub" claim on the JSON Web Token that DryvIQ will use to connect with Google Workspace. If you create a job using impersonation (“run as”), that setting will override the account added here. | Required |
Domain | Enter the target domain name. For example, your-domain.com. If you do not include the domain for the Subject Email, you must include the domain in this field. This domain will then be used as the domain for the account. | Optional |
Token uri | Enter the custom authentication URI. If not supplied, the default is used - https://accounts.google.com/o/oauth2/token. | Optional |
Preserve content type | Indicate if DryvIQ should try to preserve files in their original content type. This feature is mainly used for Google to Google transfers. The default value is No. This means that an upload content type is not specified. Most files will still preserve content types. However, Google native documents and Microsoft Office files will transfer as Microsoft Office files. Selecting Yes will preserve files in their original content type. Google native documents will transfer as Google native documents. Microsoft Office files will transfer as Microsoft Office files. | Optional |
Import as Google native documents | Indicate if DryvIQ should import Microsoft Office documents as Google documents. This feature is mainly used when transferring from any platform, such as Box to Google. The default value is No. This means Microsoft Office files will be preserved as their original content type. Selecting Yes will import all Microsoft Office files as Google native documents. | Optional |
Behavior when deleting files
| Select the type of delete DryvIQ should perform when deleting items: Permanent or Soft. Soft delete is the default delete behavior; however, Permanent is the recommended behavior. A soft delete marks items as a deleted. You can still access them to restore or permanently delete the items. A permanent delete removes the items. This delete is not reversible. | Optional |
Allow file discovery | Indicate if files with shared links should be searchable. The default value is No. This means that only users with whom the file has been shared can find and access the file. Selecting Yes sets the "People can search for this file" setting in the file link settings to TRUE. This means any files with shared links can be found and accessed by any user through the search. | Optional |
Read-only Access | Specify if the connection should be created with read-only access. The default value is No. This means the connection will be created with the full access granted to the account used to create the connection. Selecting Yes creates the account with read-only access. The configuration for the Google account used to create the connection must match the access level for the read-only access to properly be applied. | Optional |
Features and Limitations
Platforms all have unique features and limitations. DryvIQ’s transfer engine manages these differences between platforms and allows you to configure actions based on Job Policies and Behaviors. Utilize the Platform Comparison tool to see how your integration platforms may interact regarding features and limitations.
Files and Folders
Below is list of supported and unsupported features as well as additional file/folder restrictions.
Supported | Not Supported | Other Features and Limitations |
|---|---|---|
File size maximum: 5 TB | ||
Path length maximum: None | ||
| Segment path length: 500 | |
| Restricted types: See Other Restrictions below. | |
| No leading spaces in file name/folder name | |
| No trailing spaces before or after file extensions | |
|
|
Path Lengths
Google Workspace does not impose restrictions for the total path length.
Segment path lengths are limited to 500 character. Segments are delimited by a forward slash (/). For example, <max 500 characters>/<max 500 characters>.
Other Restrictions and Limitations
Google Workspace also has the following restrictions and limitations for content. DryvIQ will handle the content as indicated.
Non-Transferable File Types and Elements
The following file types and elements cannot be transferred.
Sites, Forms, Fusion Tables, My Maps and Google Workspace Marketplace are all files that are not transferable.
Comments in Docs, Sheets, and Slides are not transferable.
Google Docs
Native Google documents will be handled as indicated below.
Although some platforms such as Box and Dropbox support Google Docs, DryvIQ does not currently support transferring them to Google Workspace.
When transferring Google Docs from Google Workspace to another platform, DryvIQ will export the documents as Microsoft Office documents.
Google Forms, Fusion Tables, Sites and My Maps are not available for download in Google Workspace. This means DryvIQ is prevented from transferring these items. Expected behavior is the item will be flagged with the error message "IO Violation and message:Downloading content is not supported for file...".
Microsoft Office Documents
When transferring Microsoft Office documents to Google Workspace, you can choose to either keep their original format or import them as Google Docs when setting up the connection.
Create Connection | Multiple Domains
DryvIQ supports creating a connection with access to multiple domains within an enterprise.
Ensure to use an Admin account that has full access to the corresponding domains.
Omit the domain name when creating the connection.
Use the admin account as the subject / Subject email when creating the connection.
Create connection | REST API
The sample code below shows how to create a Google Workspace connection that uses impersonation. Make sure the following fields are set accordingly.
The id should be google-suite.
The client_email should be the Google Workspace Admin Service Account.
The subject should be the email for the user you would like to impersonate.
{
"name": "Google Workspace Service Account (Admin Connection)",
"type": "service_account",
"project_id": "your-project-id",
"platform": {
"id": "google-suite"
},
"auth": {
"private_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n",
"client_email": "jd-service@your-project-id.iam.gserviceaccount.com",
"client_id": "12345678901234567890",
"subject": "jdeveloper@example.com,"
"delete_behavior": "permanent"
}
}
Dropbox for Business
The Dropbox connector in DryvIQ allows you to analyze, migrate, copy, and synchronize files to your Dropbox account from cloud storage repositories and on-premise network file shares. The first step is to create the Dropbox connection by providing the connection information required for DryvIQ to connect to the server. The connector can be created using a standard Dropbox account or a Dropbox for Business account. However, when creating a connection using a Dropbox for Business account, you must use an Administrator account. Standard accounts will return an error from the Dropbox for Business platform.
For more information on using a standard Dropbox account, please refer to the Dropbox connector page.
Create Connection | User Interface
Select Connections > Add connection.
Select Dropbox for Business as the platform on the Add connection modal.
Enter the connection information. Reference the table below for details about each field.
Select Sign in with Dropbox for Business.
On the Dropbox API Request Authorization modal, enter the Email and Password required to log in to the account and select Sign In. Only an Administrator account can be used for Dropbox for Business. Standard accounts will return an error from the Dropbox for Business platform.
Select Allow when prompted to authorize the connection.
You will see a "Connection test succeeded" message on the Add connection modal. (If you don't see this message, repeat the sign in and authorization steps above.)
Select Done to finish creating the connection.
Add Connection Modal - Dropbox for Business
Field | Description | Required |
|---|---|---|
Display as | Enter the display name for the connection. If you will be creating multiple connections, ensure the name readily identifies the connection. The name displays in the application, and you can use it to search for the connection and filter lists. If you do not add a display name, the connection will automatically be named, "Dropbox for Business." DryvIQ recommends that you edit the name to more readily identify the connection. | Optional |
Platform API client credentials | Required | |
Use the system default client credentials | Select this option to use the default DryvIQ client application. |
|
Use custom client credentials | Select this option to use custom client credentials provided by your administrator. When selected, two additional fields will be available to enter the credentials. |
|
Client ID | This field displays only when you select Use custom client credentials. This value will be provided by your administrator. | Required when using custom credentials |
Client Secret | This field displays only when you select Use custom client credentials. This value will be provided by your administrator. | Required when using custom credentials |
Dropbox API Request Authorization modal
Allow Access to Dropbox
Connection Test Succeeded
Features and Limitations
Platforms all have unique features and limitations. DryvIQ’s transfer engine manages these differences between platforms and allows you to configure actions based on Job Policies and Behaviors. Utilize the Platform Comparison tool to see how your integration platforms may interact regarding features and limitations.
Files and Folders
Below is list of Dropbox's supported and unsupported features as well as additional file/folder restrictions.
Supported | Unsupported | Other Features/Limitations |
|---|---|---|
< > \\ / : ? * \ | ~ | ||
File size maximum: 50 GB or smaller | ||
Path length maximum: n/a | ||
Segment path length: 255 | ||
| Maximum number of files per folder: 10,000 | |
| No trailing spaces after file extensions | |
|
| |
|
|
Author Preservation
The Dropbox connector uses "per-request impersonation." This means DryvIQ makes requests to the platform on behalf of the account owner, not the administrator. Therefore, files created by other users will fail to upload unless the account owner mounts the shared parent folder into their Dropbox drive before uploading the file. (See How to join a shared folder for more information.) Failed uploads will be logged with a message similar to the following example: "[PermissionFailure] The account 'Joe Smith' is not authorized to perform the requested operation."
Business Team Folders
Team folders transfer automatically with any transfer job; however, Team and Shared folders must first be mounted in Dropbox (Dropbox for Business API only surfaces mounted Team and Shared folders). If you include Job Filters | Filter Shared Content, Team Folders will not be transferred. The Dropbox for Business connector creates shared user folders by default. To create shared folders in a Team Folder, the root Team Folder must be created in the Dropbox UI and selected as the root of the job. Shared folders that are created in a Team Folder support permission disinheritance. Shared folders created in a user folder do not support disinheritance and will log a warning.
Character Sanitization
DryvIQ will sanitize file names that contain combined Unicode characters by replacing the characters with an underscore (_).
Dropbox Paper
DryvIQ does not support Dropbox paper. Dropbox Paper is a separate work space that stores Paper documents in your account on http://paper.dropbox.com . DryvIQ doesn't support have access to these documents as part of your Dropbox connection.
Path Lengths
Dropbox does not impose restrictions for the total path length.
Segment path lengths are limited to 255 character. Segments are delimited by a forward slash (/). For example, <max 255 characters>/<max 255 characters>.
Versioning
The Dropbox platform treats content version history differently than other cloud platforms, with each native move and rename tracked as a new version. In order to only transfer true version history, enable the Scripting option on step 6 during job creation and copy the following JSON into the scripting box:
{
"transfer": {
"versioning": {
"preserve": "native",
"select": "published"
}
}
}
For more information about how to use Advanced Scripting, refer to the Advanced Scripting | Additional Configuration Options page.
Version Limits
While Dropbox allows you to store unlimited versions, the platform restricts version downloads to 100. This means only the most recent 100 versions for a given file will be transferred to the destination. Refer to the Dropbox API Documentation for more information. You can also find additional information in the Dropbox Forum.
If you want to transfer just teams folders, you can use the Dropbox for Business Teams Folders connector to create a connection that will transfer only teams folders.
Create Connection | REST API
Create a New Dropbox for Business Connection
The following GET will return a target URL. Use this URL to log in to the Dropbox for Business account to authenticate and create the connection. Make sure you connect using an Administrator account.
GET {{url}}v1/connections/platforms/dfb/new
Create a New Dropbox for Business Connection Using Custom Credentials
Create a new connection using custom credentials with the example call below. Replace the name, client_id, and client_secret with information relevant to your connection.
{
"name": "Dropbox for Business",
"platform": {
"id": "dfb"
},
"auth": {
"client_id": "{{clientID}}",
"client_secret": "{{clientSecret}}"
}
}
Dropbox for Business with Single Sign-On (SSO)
Create a new connection using single sign-on with the example call below. You will need to obtain the applicable access token for your Dropbox for Business account.
{
"name": "Dropbox for Business",
"platform": {
"id": "dfb"
},
"auth": {
"access_token": "{{access_token}}"
}
}
Create Job | Dropbox for Business Account Admin Connection
Create a simple transfer job using the example call below. Replace the information with information relevant to your job and connectors.
Note that the following are known issues when creating a job for a Dropbox for Business account using an Administrator account connection.
Connection-based Impersonation should be used due to a caching issue which may incorrect shared folder detection
Connection-based Impersonation is shown in the user-interface as "Run As...." option on the Locations step when creating a new job.
Path-based impersonation should not be used, first 'folder' is a user name such as "path": "/user@company.com/"
{
"name":"Simple Job",
"kind": "transfer",
"transfer": {
"transfer_type": "copy",
"source": {
"connection": { "id": "{{DropboxForBusiness_Admin_ConnectionID}}" },
"impersonate_as": { "email": "user@company.com" },
"target": {
"path": "/sourceFolder"
}
},
"destination": {
"connection": { "id": "{{OneDriveForBusiness_connection_destinationID}}" },
"target": {
"path": "/Documents/destinationFolder"
}
},
"simulation_mode": false
},
"schedule": {
"mode": "manual"
},
"stop_policy": {
"on_success": 5,
"on_failure": 5,
"on_execute": 25
},
"category": {
"name": "Report Category {Name}"
}
}Transferring Dropbox for Business Team Folders
Team folders will transfer automatically with any transfer job; however, Team and Shared folders must first be mounted in Dropbox (Dropbox for Business API only surfaces mounted Team and Shared folders)
If you include Job Filters | Filter Shared Content, Team Folders will not be transferred
The Dropbox for Business connector creates shared user folders by default. To create shared folders in a Team Folder, the root Team Folder must be created in the Dropbox UI and selected as the root of the job.
Shared folders that are created in a Team Folder support permission disinheritance. Shared folders created in a user folder do not support disinheritance and will log a warning.
If you want to transfer just teams folders, you can use the Dropbox for Business Teams Folders connector to create a connection that will transfer only teams folders.
Connection Pooling
When transferring data between a source and destination, there are a number of factors that can limit the transfer speed. Most cloud providers have rate limitations that reduce the transfer rate, but if those limits are account based and it supports impersonation, DryvIQ can create a pool of accounts that issues commands in a round-robin format across all the accounts connected to the pool. Any modifications to the connection pool will used on the next job run.
For example, if a connection pool has two accounts, all commands will be alternated between them. If a third account is added to the pool, the next run of the job will use all three accounts.
Connection pooling is not supported with My Computer and Network File System (NFS) connection.
User and Group Maps
A user account or group map provides the ability to explicitly associate users and groups for the purposes of setting ownership and permissions on items transferred. These mappings can happen automatically using rules or explicitly using an exception. Accounts or groups can be excluded by specifying an exclusion, and unmapped users can be defaulted to a known user. For more information, see Permissions | Account Map / Group Map.