User Migration Guides | Google Workspace to Office 365
- Lindsey Byers (Deactivated)
- Andrea Harvey
Contents
- 1 Introduction
- 1.1 How does DryvIQ Work?
- 1.1.1 The Engine
- 1.1.2 Security
- 1.1.3 Analyzer | Simulation Mode
- 1.1.4 Command and Control
- 1.2 Features and Functionality
- 1.3 Architecture and Performance
- 1.1 How does DryvIQ Work?
- 2 Supported Features
- 3 Connection Setup
- 4 Google Workspace
- 5 Microsoft Office 365
- 5.1 Create Connection | User Interface
- 5.2 Features and Limitations
- 5.2.1 Files and Folders
- 5.2.2 File and Folder Name Restrictions
- 5.2.3 Connection Pooling
- 5.2.4 HTML Files
- 5.2.5 Invalid Characters and Spaces
- 5.2.6 Lock Events
- 5.2.7 Mapping
- 5.2.8 Metadata Mapping
- 5.2.9 Permissions Preservation
- 5.2.10 Timestamps
- 5.2.11 Version Deletes
- 5.2.12 Transfer Content to SharePoint Online Shared Document Library | Connection URI and Path Example
- 5.3 Create Connection | REST API
- 6 Connection Pooling
- 7 User and Group Maps
- 8 Transfer Planner
- 9 Simulation Mode
- 10 Creating a Job
- 10.1 Job Type
- 10.1.1 Transfer Direction
- 10.2 Define Source & Destination Locations
- 10.3 Configuring Your Locations | Impersonation
- 10.4 Job Category
- 10.4.1 Create Job Category
- 10.5 Job Policies
- 10.6 Behaviors
- 10.7 Advanced
- 10.7.1 Filtering
- 10.7.2 Permission Preservation
- 10.7.3 Metadata Mapping
- 10.7.4 Scripting
- 10.8 Job Summary
- 10.9 Saving the Job
- 10.10 Defining the Job Schedule
- 10.11 Defining Stop Policies
- 10.1 Job Type
- 11 Reports
- 12 Generate Job Reports
- 12.1 Generate Report
- 12.1.1 Report Type
- 12.1.2 Report Contents
- 12.1 Generate Report
- 13 Remediation
Introduction
DryvIQ is an enterprise data integration platform that enables organizations to maximize business value and productivity from their content. It connects disparate storage platforms and business applications together, allowing organizations to move, copy, synchronize, gather, and organize files as well as their related data across any system. DryvIQ empowers your users with unified access to the most relevant, complete, and up-to-date content—no matter where it resides.
DryvIQ delivers a user-friendly, web-based experience optimized for PC, tablet, and mobile phone interfaces, so you can monitor and control your file transfers anywhere, from any device.
DryvIQ’s true bi-directional hybrid/sync capabilities enable organizations to leverage and preserve content across on-premises systems and any cloud service. Seamless to users, new files/file changes from either system are automatically reflected in the other.
How does DryvIQ Work?
Cloud storage and collaboration platforms continue to be the driving force of digital transformation within the enterprise. However, users need to readily access the content that resides within your existing network file systems, ECM, and other storage platforms—enabling them to be productive, wherever they are. DryvIQ is purpose-built to provide boundless enterprise content integration possibilities. The DryvIQ Platform is 100% open and provides a highly-scalable architecture that enables enterprises to meet evolving technology and user demands—no matter how complex.
The DryvIQ platform provides:
A low risk approach to moving content to the cloud while maintaining on-premises systems
No impact to users, IT staff, business operations, or existing storage integrations
The ability to extend cloud storage anywhere/any device capabilities to locally-stored content
Easy integration of newly acquired business storage platforms into existing infrastructures
The Engine
DryvIQ’s bi-directional synchronization engine enables your enterprise to fully-integrate and synchronize your existing on-premises platforms with any cloud service. It empowers your users to freely access the content they need while IT staff maintains full governance and control. DryvIQ integrates with each system's published Application Program Interface (API) at the deepest level—optimizing transfer speeds and preserving all file attributes.
Security
DryvIQ’s 100% security-neutral model does not incorporate or use any type of proxy cloud service or other intermediary presence point. All content and related data is streamed directly via HTTPS [256-bit encryption] from the origin to the destination system(s). Additionally, DryvIQ works with native database encryption. For more information, please see DryvIQ Platform | Security Whitepaper
Analyzer | Simulation Mode
The DryvIQ analyzer is a powerful enterprise file transfer simulation that eliminates the guesswork. You will gain granular insight into your entire content landscape including its structure, usage, age, type, applicable metadata, and more no matter where the files are located (in local storage, remote offices, or on user desktops).
Simulation mode allows you to create a job with all desired configuration options set and execute it as a dry-run. In this mode, no data transfers, no permissions are set, and no changes are made to either the source or the destination. This can be useful in answering several questions about your content prior to running any jobs against your content.
Command and Control
Via highly-advanced web, DryvIQ Command-line Interface (CLI), RESTful API, and/or .NET interfaces, DryvIQ administrators can easily integrate systems, control interactions and behaviors, or create and control end-user experiences for advanced self-service capabilities.
Features and Functionality
The DryvIQ Platform enables you with complete integration and control over:
User accounts
User networked home drives
User and group permissions
Document types, notes, and file attributes
Timestamps
Versions
Departmental, project, and team folders
Defined and custom metadata
Architecture and Performance
The DryvIQ platform is built on a pluggable, content–streaming architecture that enables highly–automated file/data transfer and synchronization capabilities for up to billions of files. File bytes stream in from one connection endpoint (defined by the administrator) and across a customer-owned and operated network and/or cloud service. They are then streamed out to a second connection endpoint. Content can also flow bidirectionally across two endpoints rather than solely from an "origin" to a "destination."
Supported Features
The DryvIQ Platform Comparison tool allows you to compare platform features and technical details to determine which are supported for your transfer scenario. Viewing the Platform Comparison results for your integration will display a list of features of each platform and provide insight early in the integration planning process on what details may need further investigation.
The Platform Comparison tool is available through the Platforms menu options. For further information, see Platform Comparison.
Connection Setup
DryvIQ is built on a concept of connections. A connection is made to the source platform, and another connection is made to the destination platform. A job is created to tie the two platforms together. When DryvIQ connects to a content platform, it does so by using the publicly available Application Programming Interface (API) for the specific platform. This ensures DryvIQ is “playing by the rules” for each platform.
Connections “connect” to a platform as a specific user account. The user account requires the proper permissions to the platform to read, write, update, and/or delete the content based on the actions the DryvIQ job is to perform. The connection user account should also be set up so the password does not expire; otherwise, the connection will no longer be able to access the platform until the connection has been refreshed with the new password. Most connections require a specific user account and its corresponding password. The user account is typically an email address.
Authenticated Connections
Authenticated Connections are accounts that have been verified with the cloud-based or network-based platform when created. The connection can be user/password-based or done through OAuth2 flow, where a token is generated based on the granting authorization to DryvIQ through a user login. This authorization allows DryvIQ access to the user's drive information (files and folder) on the platform. These connections are used as the source or the destination authentication to transfer your content.
OAuth2 Interactive (Web) Flow
Connectors such as Box, Google Drive, and Dropbox use the OAuth2 interactive (or web) flow.
OAuth2 Client Credentials Flow
Connections such as Syncplicity and Google Workspace uses the OAuth2 client credentials flow.
SharePoint
SharePoint (all versions, CSOM) uses a custom username/password authentication model.
OAuth2 Interactive (Web) Flow
You will need the following information when creating a connection to Network File System, Box, Dropbox, and Dropbox for Business:
A name for the connection
The account User ID (such as jsmith@company.com)
The password for the User ID.
Create Connections
Creating a connection in the DryvIQ Platform user interface is easy! Simply add a connection, select your platform, and enter the requested information. DryvIQ will securely validate your credentials and connect to your source content.
Google Workspace
The Google Workspace (formally G Suite) connector in DryvIQ allows you to analyze, migrate, copy, and synchronize files between your Google Workspace account and cloud storage repositories and on-premise network file shares. The first step is to create the Google Workspace connection by providing the connection information required for DryvIQ to connect to the platform/server.
Creating connection | User Interface
Select Connections > Add connection.
Select Google Workspace as the platform on the Add connection modal.
Enter the connection information. Reference the table below for details about each field.
Test the connection to ensure DryvIQ can connect using the information entered.
You will see a "Connection test succeeded" message on the Add connection modal when DryvIQ establishes connection. (If you don't see this message, verify the information you entered.)
Select Done.
Add connection modal - Google Workspace
Field | Description | Required |
|---|---|---|
Display as | Enter the display name for the connection. If you will be creating multiple connections, ensure the name readily identifies the connection. The name displays in the application, and you can use it to search for the connection and filter lists. The maximum length is 255 characters. | Optional |
Service account email | Enter the email address created during the Service Account creation process. It will resemble <service-account-name>@<project-id>.iam.gserviceaccount.com | Required |
Private key | Enter the x509 private key. This is the value created when creating the new private key when creating a new Service Account in the Google IAM & admin Console. It will begin with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----. You can click the Choose a file on your computer link to import the key from a file on your computer. Use the file upload dialog that appears to locate the file that contains the key you want to use. | Required |
Drive Space | Select the level where the connection should be made. My Drive: This is the default entry. When selected, the connection will be made at the "My Drive" (the highest) level of the account. Unorganized: Selecting this option creates the connection to the unorganized content in the account. Unorganized files are files that are orphaned. This means the file exists but isn’t a part of a file structure. This happens when parent folders get deleted. These files can only be found by searching the drive for "is:unorganized owner:me." Shared with me: This creates the connection to the shared content (content available through the "Shared with me" menu option within the account). |
|
Subject email | Enter the email address for the account whose data will be transferred. This is the "sub" claim on the JSON Web Token that DryvIQ will use to connect with Google Workspace. If you create a job using impersonation (“run as”), that setting will override the account added here. | Required |
Domain | Enter the target domain name. For example, your-domain.com. If you do not include the domain for the Subject Email, you must include the domain in this field. This domain will then be used as the domain for the account. | Optional |
Token uri | Enter the custom authentication URI. If not supplied, the default is used - https://accounts.google.com/o/oauth2/token. | Optional |
Preserve content type | Indicate if DryvIQ should try to preserve files in their original content type. This feature is mainly used for Google to Google transfers. The default value is No. This means that an upload content type is not specified. Most files will still preserve content types. However, Google native documents and Microsoft Office files will transfer as Microsoft Office files. Selecting Yes will preserve files in their original content type. Google native documents will transfer as Google native documents. Microsoft Office files will transfer as Microsoft Office files. | Optional |
Import as Google native documents | Indicate if DryvIQ should import Microsoft Office documents as Google documents. This feature is mainly used when transferring from any platform, such as Box to Google. The default value is No. This means Microsoft Office files will be preserved as their original content type. Selecting Yes will import all Microsoft Office files as Google native documents. | Optional |
Behavior when deleting files
| Select the type of delete DryvIQ should perform when deleting items: Permanent or Soft. Soft delete is the default delete behavior; however, Permanent is the recommended behavior. A soft delete marks items as a deleted. You can still access them to restore or permanently delete the items. A permanent delete removes the items. This delete is not reversible. | Optional |
Allow file discovery | Indicate if files with shared links should be searchable. The default value is No. This means that only users with whom the file has been shared can find and access the file. Selecting Yes sets the "People can search for this file" setting in the file link settings to TRUE. This means any files with shared links can be found and accessed by any user through the search. | Optional |
Read-only Access | Specify if the connection should be created with read-only access. The default value is No. This means the connection will be created with the full access granted to the account used to create the connection. Selecting Yes creates the account with read-only access. The configuration for the Google account used to create the connection must match the access level for the read-only access to properly be applied. | Optional |
Features and Limitations
Platforms all have unique features and limitations. DryvIQ’s transfer engine manages these differences between platforms and allows you to configure actions based on Job Policies and Behaviors. Utilize the Platform Comparison tool to see how your integration platforms may interact regarding features and limitations.
Files and Folders
Below is list of supported and unsupported features as well as additional file/folder restrictions.
Supported | Not Supported | Other Features and Limitations |
|---|---|---|
File size maximum: 5 TB | ||
Path length maximum: None | ||
| Segment path length: 500 | |
| Restricted types: See Other Restrictions below. | |
| No leading spaces in file name/folder name | |
| No trailing spaces before or after file extensions | |
|
|
Path Lengths
Google Workspace does not impose restrictions for the total path length.
Segment path lengths are limited to 500 character. Segments are delimited by a forward slash (/). For example, <max 500 characters>/<max 500 characters>.
Other Restrictions and Limitations
Google Workspace also has the following restrictions and limitations for content. DryvIQ will handle the content as indicated.
Non-Transferable File Types and Elements
The following file types and elements cannot be transferred.
Sites, Forms, Fusion Tables, My Maps and Google Workspace Marketplace are all files that are not transferable.
Comments in Docs, Sheets, and Slides are not transferable.
Google Docs
Native Google documents will be handled as indicated below.
Although some platforms such as Box and Dropbox support Google Docs, DryvIQ does not currently support transferring them to Google Workspace.
When transferring Google Docs from Google Workspace to another platform, DryvIQ will export the documents as Microsoft Office documents.
Google Forms, Fusion Tables, Sites and My Maps are not available for download in Google Workspace. This means DryvIQ is prevented from transferring these items. Expected behavior is the item will be flagged with the error message "IO Violation and message:Downloading content is not supported for file...".
Microsoft Office Documents
When transferring Microsoft Office documents to Google Workspace, you can choose to either keep their original format or import them as Google Docs when setting up the connection.
Create Connection | Multiple Domains
DryvIQ supports creating a connection with access to multiple domains within an enterprise.
Ensure to use an Admin account that has full access to the corresponding domains.
Omit the domain name when creating the connection.
Use the admin account as the subject / Subject email when creating the connection.
Create connection | REST API
The sample code below shows how to create a Google Workspace connection that uses impersonation. Make sure the following fields are set accordingly.
The id should be google-suite.
The client_email should be the Google Workspace Admin Service Account.
The subject should be the email for the user you would like to impersonate.
{
"name": "Google Workspace Service Account (Admin Connection)",
"type": "service_account",
"project_id": "your-project-id",
"platform": {
"id": "google-suite"
},
"auth": {
"private_key": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n",
"client_email": "jd-service@your-project-id.iam.gserviceaccount.com",
"client_id": "12345678901234567890",
"subject": "jdeveloper@example.com,"
"delete_behavior": "permanent"
}
}Microsoft Office 365
DryvIQ connections to the Microsoft Office 365 platform can be made by using an administrator account with the proper privileges to manage Office 365 configurations. The connection can be made to a single site or to a site collection/tenant root. DryvIQ creates the connection using the OAuth 2.0 flow to simplify login and connection management.
Create Connection | User Interface
Select Connections > Add connection.
Select Microsoft Office 365 as the platform on the Add connection modal.
Enter the connection information. Reference the table below for details about each field.
Select Sign in with Microsoft Office 365.
Enter the email for the account being used to create the connection and click Next. You must use an admin account with the proper privileges to manage Office 365 configurations.
Enter the password for the account and select Sign in.
You will see a "Connection test succeeded" message on the Add connection modal. (If you don't see this message, repeat the sign in and authorization steps above. If the connection fails, verify the URL. DryvIQ cannot create the connection if the URL is incorrect.)
Select Done to finish creating the connection.
Add Connection Modal - Microsoft Office 365
Field | Description | Required |
|---|---|---|
Display as | Enter the display name for the connection. If you will be creating multiple connections, ensure the name readily identifies the connection. The name displays in the application, and you can use it to search for the connection and filter lists. If you do not add a display name, the connection will automatically be named using the URL. For example, Microsoft Office 365 (https://mycompany.sharepoint.com/). If it will be useful for you to reference the connection by account, you should use the default name. | Optional |
URL | Enter the URL of your Office 365 account. You can find the URL by logging into Microsoft Office 365 using the account you want to use to create the connection. The URL in the address bar is the URL you need to use. It will look something like "https://mycompany.sharepoint.com/_layouts/15/viewlsts.aspx?view=14," where mycompany will be the site name of your company. You can copy and paste the full URL or only the part before layouts "layouts" (https://mycompany-my.sharepoint.com/). DryvIQ will ignore the extra part of the URL in most cases. If the connection fails, verify the URL. DryvIQ cannot create the connection if the URL is incorrect. | Required |
Token endpoint | This setting is rare for most Microsoft connections and can be left blank. If needed, this value will be provided by your administrator. | Optional |
Graph API endpoint | This setting is rare for most Microsoft connections and can be left blank. If needed, this value will be provided by your administrator. | Optional |
External users notification | This indicates if you want to send notifications to external users. The default value is No, so no notifications will be sent. If you select Yes, notifications will be sent to external users when they have been granted access to content based on permissions. | Optional |
Set Tenant Level Connection | This indicates if the connection should be set at the tenant level. The default value is No, so the connection will be set based on the URL provided. If you select Yes, the connection will override the URL provided and connect to {tenant}-admin.sharepoint.com. Using a tenant level connection allows one connection to be used to create jobs that point at different site collections. When creating a job using the Microsoft Office 365 connection, you will need to make the root an actual site collection since DryvIQ cannot create a new site. | Optional |
Behavior When Deleting Items | Select the type of delete DryvIQ should perform when deleting items: Permanent or Soft. Soft delete is the default delete behavior; however, Permanent is the recommended behavior. A soft delete marks items as a deleted. You can still access them to restore or permanently delete the items. A permanent delete removes the items. This delete is not reversible. | Optional |
Microsoft Sign In Modal
Connection Test Succeeded
Features and Limitations
Platforms all have unique features and limitations. DryvIQ’s transfer engine manages these differences between platforms and allows you to configure actions based on Job Policies and Behaviors. Utilize the Platform Comparison tool to see how your integration platforms may interact regarding features and limitations.
SharePoint Online Connections must have full control of all SharePoint site collections.
OneDrive for Business Connections are automatically configured to the Documents library. When configuring your job JSON, do not include "Documents" in the location path, such as “/Documents/FolderName.” The correct configuration path is “/FolderName.”
SharePoint Tenant Connections must have full control of the SharePoint admin site ({tenant}-admin) as well as full control of all SharePoint site collections that are to be accessed.
Files and Folders
Office 365 has the following file/folder restrictions.
Supported Features | Unsupported Features | Other Features/Limitations |
|---|---|---|
Invalid characters: | " \ / : * ? < > | ||
File size maximum: 250 GB Microsoft limit | ||
| Segment path length: N/A | |
| Path length maximum: 400 | |
| Maximum number of files per folder: 5000 | |
| Maximum Enterprise Keyword length: 255 characters | |
| Restricted characters in Enterprise Keywords: < and > | |
| No leading whitespace | |
|
| No trailing periods and whitespace. |
|
| If a file extension is present, trailing periods and whitespace are allowed before the extension |
|
| No non-printable ASCII characters |
|
| Transferring Microsoft Lists is not supported. |
File and Folder Name Restrictions
The following are restricted file/folder names.
_vti_test
CON
PRN
AUX
NUL
COM0
COM1
COM2
COM3
COM4
COM5
COM6
COM7
COM8
COM9
LPT0
LPT1
LPT2
LPT3
LPT4
LPT5
LPT6
LPT7
LPT8
LPT9
For more information on Office 365 restrictions, see Microsoft’s official documentation.
Connection Pooling
Microsoft Office 365 connections using OAuth 2 authentication may experience bandwidth throttling from Microsoft when using connection pooling.
HTML Files
SharePoint online does not support uploading HTML files larger than 256 MB. If your migration includes HTML files that exceed this limit, the file transfer will fail, and an entry will be logged in the audit with the following message: "Unable to interpret the contents of this page because it exceeds the maximum page size of 268435456 bytes.”
Invalid Characters and Spaces
DryvIQ verifies file and folder names to identify unsupported characters based on the platform. It then replaces invalid characters with an underscore (_) so the files and folders can be transferred.
The logic includes leading and trailing spaces in file and folder names. DryvIQ replaces the space rather than trimming it because trimming the space could cause duplicate file names. Adding the underscore ensures the name remains unique.
DryvIQ will sanitize file names that contain combined Unicode characters by replacing the characters with an underscore (_).
Lock Events
Graph API does not support lock event detection without the use of a separate API call, which will slow down change detection. The workaround is to disable native event detection to transfer locks in each job run or to use a soft reset to transfer locks as needed.
Mapping
When creating CSV mapping files for import, the usernames must be lowercase to properly adhere to the search requirements for the connector.
Metadata Mapping
If a library requires specific metadata but the metadata is missing from a file being copied into the library, the file will be flagged and will not transfer on subsequent jobs runs. If you have files stuck in a flagged state due to missing metadata, you may need to manually transfer the files and add the required metadata.
Permissions Preservation
The following rules will be used when transferring permissions to Office 365.
If a user account is granted permissions to a file and the user is a member of a group that has greater or equal permissions to that file, no permissions changes will be made. The operation will show as succeeded, and no permissions will have changed. This behavior applies to both inherited and unique permissions scenarios.
If a user account is granted permissions to a file and the user is a member of a group that has lesser permissions to that file, inheritance will be broken, and the file will gain unique permissions for the user. The user account will be added with the requested permissions.
If a user account is granted permissions to a file and the user is not a member of a group that has permissions to that file, inheritance will be broken, and the file will gain unique permissions. The user account will be added with the requested permissions.
If a group is granted permissions to a file, inheritance will be broken, and the file will gain unique permissions. The group will be added with the requested permissions.
Timestamps
There is a discrepancy in timestamps for the SharePoint Online Folder Created Date when using CSOM and Batch Mode. This behavior is a known issue within OneDrive for Business/Office 365.
DryvIQ will attempt to preserve timestamps on folders when using both CSOM and the batch API. However, SharePoint Online updates the folder's modified dates whenever a file is uploaded into it. As a result, when using CSOM, the timestamps will be preserved when the folder is initially created but then updated after every file that gets uploaded. When using batch API, it preserves the timestamps on the folders after all of the files within the batch are committed. This is the cause for the discrepancy between the two methods.
Version Deletes
Version deletes are supported.
Transfer Content to SharePoint Online Shared Document Library | Connection URI and Path Example
PlatformType in Connection: office365
URI Pattern in Connection: https://company.sharepoint.com/[SiteNameWhereLibraryExists]/
Target/Path in Job:Connection Config: /[LibraryName]
This configuration will transfer data to the destination at the library specified. Connection will take it down to Site specific level.
Path in the 'Job:Connection:Target' should be the Document Library.
Use the Library name found in the URI (you do not have to escape/encode spaces, just enter a space if that exists in the library name).
If a path is not specified, files will transfer to the default library for the site specified.
Create Connection | REST API
You will need to add the relevant connection information into the GET request. The following GET will return a Microsoft login link. Use the link to complete logging into the account and to grant DryvIQ access to the account.
GET {{url}}v1/connections/platforms/office365-graph/new?domain={{YOUR URL}}&name={{YOUR CONNECTION NAME}}&client_id={{YOUR CLIENT ID}}&client_secret={{YOUR CLIENT SECRET}}
Create Job | Impersonation with Admin Connection
As a Office 365 administrator, you can impersonate a user using the path that relates to their content. Then, use their information in the impersonate_as block. (See Impersonation for more information on how to impersonate users.)
{
"name":"Basic job with impersonation",
"kind": "transfer",
"transfer": {
"audit_level": "trace",
"transfer_type": "copy",
"source": {
"connection": { "id": "{{nfs_source_connectionID}}" },
"target": {
"path": "/sourcePath"
}
},
"destination": {
"connection": { "id": "{{O365_destination_connectionID}}" },
"impersonate_as": {
"id": "00",
"name": "Joe Smith",
"email": "jsmith@company.onmicrosoft.com"
},
"target": {
"path": "/destinationPath"
}
},
"simulation_mode": false
},
"schedule": {
"mode": "manual"
},
"stop_policy": {
"on_success": 5,
"on_failure": 5,
"on_execute": 25
},
"category": {
"name": "category name"
}
}
Create Job | with Tenant Level Connection
When creating a job that is mapped to the default site collection of the tenant the value "Default" must be used even though the url does not have a ../sites/{site_name} representation. When setting the root site collection the name should not be prefixed with "sites/".
Connection Pooling
When transferring data between a source and destination, there are a number of factors that can limit the transfer speed. Most cloud providers have rate limitations that reduce the transfer rate, but if those limits are account based and it supports impersonation, DryvIQ can create a pool of accounts that issues commands in a round-robin format across all the accounts connected to the pool. Any modifications to the connection pool will used on the next job run.
For example, if a connection pool has two accounts, all commands will be alternated between them. If a third account is added to the pool, the next run of the job will use all three accounts.
Connection pooling is not supported with My Computer and Network File System (NFS) connection.
User and Group Maps
A user account or group map provides the ability to explicitly associate users and groups for the purposes of setting ownership and permissions on items transferred. These mappings can happen automatically using rules or explicitly using an exception. Accounts or groups can be excluded by specifying an exclusion, and unmapped users can be defaulted to a known user. For more information, see Permissions | Account Map / Group Map.
Here are a few things to consider when creating an account or group map:
A source and destination connection are required and need to match the source and destination of the job that will be referencing the user or group map.
A map can be created before or during the creation of the job.
A map can be used across multiple jobs.
Once updated, the updates will not be reapplied to content that has already been transferred.
User and Group Map Import Templates
Please see Account Map / Group Map | CSV File Guidelines for map templates and sample downloads. You can use these samples to help you build you own mapping files.
User & Group Map Exceptions
A user or group map exception provides the ability to explicitly map a specific user from one platform to another. These are exceptions to the automatic account or group mapping policies specified. User account or group map exceptions can be defined during the creation of the map or can be imported from a comma-separated values (CSV) file. See Account Map / Group Map | Exceptions for more information.
User and Group Map Exclusions
A user or group map exclusion provides the ability to explicitly exclude an account or group from owner or permissions preservation. User account or group map exclusions can be defined during the creation of the map or can be imported from a comma-separated values (CSV) file. See Account Map / Group Map | Exclusions for more information.
Transfer Planner
At the start of a project, it is common to begin planning with questions like "How long should I expect this to take?" Transfer Planner allows you to outline the basic assumptions of any integration, primarily around the initial content copy at the beginning of a migration or first synchronization. It uses basic assumptions to begin visualization of the process without requiring any setup of connections or jobs.
The tool estimates and graphs a time line to complete the transfer based on the information entered in the Assumptions area. The timeline assumes a start date of today and uses the values in the Assumptions section to model the content transfer. The window displays projected Total Transfer in dark blue and Daily Transfer Rate in light blue. Hovering the mouse pointer over the graph displays estimated transfer details for that day. The timeline recalculates if you change any of the values, making simple “what if?” scenario evaluations. If necessary, you can reset the timeline to display the default values for the transfer planner tool.
Note that the Transfer Planner is primarily driven by the amount of data needing to be processed. DryvIQ has various tools for transferring versions of files (if the platform supports this feature), which can increase the size of your data set. It also has the ability to filter out specific files by their type or by other rules you set. At this stage, a rough estimate of total size is recommended as it can refined later using Simulation Mode.
Simulation Mode
Simulation mode allows you to create a job with all desired configuration options set and execute it as a dry-run. In this mode, no data transfers, no permissions are set, and no changes are made to either the source or the destination. This can be useful in answering several questions about your content prior to running any jobs against your content.
How much content do I have?
An important first step in any migration is to determine how much content you actually have since this can help determine how long a migration will take.
What kinds of content do I have?
Another important step in any migration is to determine what kinds of content you actually have. Many organizations have accumulated a lot of content, and some of that may not be useful on the destination platform. The results of a simulation mode job can help you determine if you should introduce any filter rules to narrow the scope of the job. An example would be if you should exclude executable files (.exe or .bat files) or exclude files older than 3 years old.
What kinds of issues should I expect to run into?
During the course of a migration, there are many things to consider and unknown issues that can arise, many of which will only present themselves once you start doing something with the source and destination. Running a job in simulation mode can help you identify some of those issues before you actually start transferring content. Examples can include:
Are my user mappings configured correctly?
Does the scope of the job capture everything I expected it to capture?
Do I have files that are too large for the destination platform?
Do I have permissions that are incompatible with the destination platform (i.e. ACL vs waterfall)?
Do I have files or folders that are too long or contain invalid characters that the destination platform will not accept?
Creating a Simulation Job
During the last stage of the job creation process, you have the option to enable simulation mode. When a job is in simulation mode, it can be run and scheduled like any other job, but no data will be transferred.
Transitioning a Simulation Job to Transfer Content
After review, a simulation job can be transitioned to a live job that will begin to transfer your content to the destination platform.
Creating a Job
DryvIQ delivers a user-friendly, web-based experience optimized for PC, tablet, and mobile phone interfaces, so you can monitor and control your file transfers anywhere, from any device.
DryvIQ’s true bi-directional hybrid/sync capabilities enable organizations to leverage and preserve content across on-premises systems and any cloud service. Seamless to users, new files/file changes from either system are automatically reflected in the other.
DryvIQ uses jobs to perform specific actions between the source and destination platforms. The most common type of jobs are copy and sync; please see Create New Job | Transfer Direction for more information. All jobs can be configured to run manually or on a defined schedule. This option will be presented as the last configuration step.
To create a job, select the Jobs option from the left menu and click on Create Job. DryvIQ will lead you through a wizard to select all the applicable options for your scenario.
The main job creation steps include:
Selecting a Job Type
Configuring Locations
Defining Transfer Policies
Defining Job Transfer Behaviors
Selecting Advanced Options
Reviewing the job settings summary
Creating the job and defining the job schedule.
Job Type
Job type defines the kind of job and the actions the job will perform with the content. There are four job types available: basic transfer, folder mapping, user job mapping, and network home drive mapping.
Transfer Direction
The transfer direction determines if content is copied in one direction from the source to the destination or if the content syncs between the source and destination. There is also an option to replicate the folder structure of the source onto the destination. See Create New Job | Transfer Direction for more information.
Define Source & Destination Locations
All platform connections made in the DryvIQ Platform application will be available in the locations drop-down lists when creating a job. The source defines the current location of the content you wish to transfer, and destination defines the location of where you would like to transfer the content. If your connections were created with administrative privileges, you may have the ability to impersonate another user within your organization.
Configuring Your Locations | Impersonation
Impersonation allows a site admin access to all the folders on the site, including those that belong to other users. With DryvIQ, a job can be set up using the username and password of the site admin to sync/migrate/copy files to or from a different user's account without ever having the username or password of that user. This is done by enabling the Run as user toggle. Then choose the user.
Job Category
The category function allows for the logical grouping of jobs for reporting and filtering purposes. The category is optional and does not alter the job function in any way. DryvIQ comes with two default job categories:
Maintenance: DryvIQ maintenance jobs only. This category allows you to view the report of background maintenance jobs and is not intended for newly created transfer jobs.
Default: When a category is not defined during job creation, it will automatically be given the default category. This option allows you to create a report for all jobs that a custom category was not assigned.
Create Job Category
You can create custom categories to group jobs as needed. You can then filter the Jobs list by category to quickly find groups of jobs.
Job Policies
Job policies define what should happen once items have been successfully transferred and set up rules around how to deal with content as it is updated on the platforms while the job is running. DryvIQ works on the concept of “deltas,” where the transfer engine only transfers files after they have been updated. File version conflicts occur when the same file on the source and destination platforms have been updated between job executions. Policies define how DryvIQ handles file version conflicts and determine whether or not it persists a detected file deletion. Each job has its own defined policies, and the settings are NOT global across all jobs.
Conflict Policy | File Version Conflicts
When a conflict is detected on either the source or the destination, the Conflict Policy determines how DryvIQ will behave. See Conflict Policy for more information.
Delete Policy | Deleted Items
When a delete is detected on either the Source or the Destination, the Delete Policy determines how DryvIQ will behave. See Delete Policy for more information.
Behaviors
Behaviors determine how this job should execute and what course of action to take in different scenarios. Most behaviors are enabled by default as recommended settings to ensure content is transferred successfully to the destination.
Zip Unsupported Files / Restricted Content
Enabling this behavior tells DryvIQ to compress any file that is not supported on the destination into a ZIP file format before being transferred. This will be done instead of flagging the item for manual remediation to allow transfer of the file. For example, if you attempt to transfer the file "db123.cmd" from a Network File Share to SharePoint, DryvIQ will compress the file to "db123.zip" before transferring it over, avoiding an error message.
Allow unsupported file names to be changed
The Segment Transformation policy controls if DryvIQ can change folder and file names to comply to platform restrictions. This behavior allows DryvIQ to change the names of folders and files that don't comply with the platform rules for leading and trailing characters or that contain characters that are not supported by the destination. This will be done instead of flagging the file for manual remediation and preventing it from being transferred. There are two options for supporting characters that are not supported by the destination.
The Replace with underscore option replaces invalid characters with underscores. For example, if you attempted to transfer the file "Congrats!.txt" from Box to NFS, DryvIQ would rename the file to "Congrats_.txt" on the destination.
The Encode invalid character option encodes invalid characters instead of replacing them with an underscore. The UTF8 bytes for invalid characters are used and converted to a hex string. For example, a file names "123白雜.txt" would be converted to "123E799BDE99B9CE8.txt."
Allow truncation
Each platform has limits for path and segment lengths. The truncation option determines how to handle paths and segments that exceed these limits. If disabled (the default option), an item with a path or segment length that exceeds the platform limits will not transfer and will be be flagged for remediation. When enabled, truncation will shorten a path or segment name when it exceeds the maximum number of characters a platform allows by removing the right-most characters until the path meets the length requirements. Enabling truncation reduces the potential for flagged items.
Preserve file versioning between locations
Some platforms keep snapshots of every change made to files. Version preservation determines how file versions are handled in the transfer. If version preservation is enabled for a job, the application will attempt to preserve all or the specified number of versions of the files if supported on both platforms. See Version Preservation for more information.
Allow link detection on supported files
Link detection will scans files and identifies any links in the files. It will run for both simulation and transfer jobs. The Job reports will display link information when available for the job. See Link Detection for more information.
Advanced
These optional job configurations allow you to determine what features you want to preserve, filter, or add during your content transfer.
Filtering
Filtering defines rules for determining which items are included or excluded during transfer. There are multiple custom filter options available. See Job Filters and the following for more information.
Permission Preservation
This setting enables DryvIQ to determine how permissions are transferred across platforms. See the following resources for more information:
Permissions | Author/Owner Preservation
Permissions | Permissions Preservation
Permissions | Permissions Import
Permissions | Preserve Shared Links
Metadata Mapping
Metadata mapping allows you to import a CSV file that documents source metadata and how you want it applied to the destination. See Metadata Import for more information.
Scripting
Some DryvIQ features are not available in the user interface. The scripting feature allows the advanced DryvIQ user to enter advanced transfer features by inserting JSON formatted job controls. Enabling this option will allow you to leverage these features and apply it during job creation. See Advanced Scripting | Additional Configuration Options for more information.
Job Summary
Before you create your job, review all your configurations and adjust them as needed. The Edit option will take you directly to the configuration to make changes. Modifying your job after creation is not supported; however, the option to duplicate your current job will allow you to make any adjustments without starting from the beginning.
Saving the Job
Once you have verified the configuration options, you need to save the job. This allows you to specify a name for the job so it can be distinguished from any other jobs you need to create.
You also have the option of setting a schedule and stop policies for a job. If you choose not to schedule the job, it will run every 15 mins after the last execution completes.
Defining the Job Schedule
A job schedule allows you to control when the job runs. The schedule manages the job runs for you so you don't have to manually execute job runs. The schedule can be set to determine both how often a job runs and when a job should stop running. You have the option of editing schedules for jobs as needed once the job is created. See Scheduling a Job for more information.
Defining Stop Policies
Stop policies determine when a job should stop running. If none of the stop policies are enabled, a scheduled job will continue to run until it is manually stopped or removed. See Job Stop Policy for more information.
Reports
Reporting is paramount with the DryvIQ Platform. Whether you chose to utilize the DryvIQ manager application, CLI, or REST API, reporting options are available to help you manage and surface data about your content in real-time.
Job Overview Report
This report provides detailed transfer information for the individual job. The percentages displayed are intended to provide a quick summary of the content. In the event rounding applies to one of the values, the total of the percentages may not equal exactly 100%.
In some circumstances, bytes on the destination can be higher than listed on the source. This discrepancy is caused by property promotion on Word documents. See Report Values | Potential Differences due to Post Processing for more information.
Schedule: Provides information on how many times the job has executed, when the job will run again, and progress towards meeting the job stop policy defined
Transfer Details | Identified Chart: Reflects content identified on the source platform and the status summary for items
Transfer Details | Revised Chart: Reflects content that DryvIQ revised during transfer to meet destination requirements and user-defined job configurations
Transfer Details | Flagged Chart: Reflect content that DryvIQ could not transfer. Manual remediation is required
Run Breakdown Report: Provides job history information for each execution for the given job
Values in the run breakdown may differ from values presented in the charts. This is because the run breakdown tracks each individual occurrence where as an item can only exist in a single chart category.
Example: When an item is both truncated AND ignored, it would not show up in the "Revised" chart but would show up in the "Revised" run breakdown
The run breakdown also shows both files and folder values. The charts display files and folder values separately, with the "Transfer Details" dropdown available to switch between display values.
Run Breakdown | Select a specific Job Run
Run Breakdown | Last Activity
Job Content Insights Report
The Content Insight report presents a breakdown of your transferred data for your given job. Where applicable, DryvIQ will use the content modified date when supported by a given platform. This ensures accurate modified date timestamps when viewing the Content Insights charts. Use the drop-down options to change the chart views.
Job Sharing Insights Report
This report offers a breakdown of all permissions associated to your content. The values presented are based on the source content.
Job User Mappings Report
The User Mappings report for a given job presents the permission breakdown of your content. If any of the following features are enabled, User Mapping report will populate:
Lock Propagation | Mirror Owner
Job Validation Report
Control the level of tracking and reporting for content that exists on both the source and destination platform, including content that has been configured to be excluded from transfer and content that existed on the destination prior to the initial transfer. Items that have been ignored / skipped by policy or not shown because they already existed on the destination can now be seen on reports with the defined categories.
The default validation option is inspect none. This option does not need to be configured in the application user-interface or through the REST API; it is the system default.
This configuration will not track all items but will offer additional tracking with performance in mind. Inspect none will track all items on the source at all levels of the hierarchy but not including those configured to be ignored/skipped through policy. For the destination, all content in the root (files and folders) that existed prior to the initial transfer will be tracked as destination only items and reported as ignored/skipped. For more information, see Job Validation | Item Inspection Policy.
This option has the following features:
Source: All content (files and folders) at all levels in the hierarchy, but not including those configured to be ignored/skipped through policy. However, if the connection does not have access to a given folder in the hierarchy, we cannot track and report these items.
Destination: All content in the root (files and folders) that existed prior to the initial transfer will be tracked as destination only items and reported as ignored/skipped.
Destination: All content (files and folders) lower depths of the directory (sub-folders) that existed prior to the initial transfer will not be tracked.
If the connection does not have access to a given folder in the hierarchy, we cannot track and report these items.
Job Reports - Validation tab: At any time, you may run a validation run, which will trigger a full inspection of all content relating to the option you select for the next run only.
Generate Job Reports
DryvIQ Reports provide several options to combine multiple jobs into a single report for review. Reports are generated by category, individually selected jobs, or by convention job parent (user job mapping, network home drive mapping, or folder mapping job types). Reports are separated into two categories (report types): transfer jobs and simulation jobs.
Generate Report
Report Type
The report type determines which jobs can be selected for the report and on which tab the information displays. Transfer jobs are the jobs actively transferring content. These reports show under the Reports tab. Simulation jobs imitate transfer. These reports show under the Simulation jobs tab. If you don't specify the report type when creating the report, it is automatically created as a transfer job report and will be added to the Reports tab.
Report Contents
The report contents define which jobs the report includes.
All jobs: All jobs for the selected job type (transfer or simulation) will be added to the report.
Jobs under specific categories: This option allows you to include only jobs that have been assigned to specific categories. Select the category from the list that appears. All available categories display in the list. Only the jobs that match the selected job type (transfer or simulation) will be included. Select Add another category to add additional categories. You can click Remove if you want to remove a selected category.
Children under a specific parent job: This option will add all child jobs under the selected parent job to the report. Only jobs that match the selected job type (transfer or simulation) will display in the list.
Manually select jobs: This option allows you to select individual jobs you want to include on the report. Only jobs that match the job type selected for the report (transfer or simulation) display in the list. For convention jobs, the jobs display in the list as "Parent Job Name | Child Job Name" so you can easily identify each job. You must select at least two jobs. Select Add another job to add additional jobs. If you select more than two jobs, you can click Remove next to jobs to remove a job. (This option is only active for jobs three and on. If you need to remove one of the first two jobs, simply select a different job from the list.)
Remediation
Each item is a package, consisting of the media itself, version history, author, sharing, and any other metadata. DryvIQ ensures all pieces of the item package are transferred to the destination to preserve data integrity. If DryvIQ can't transfer an item, the item is set to retry. By default, DryvIQ will attempt three times to reconcile items that are in pending/retry status. Depending on your job configuration, this may occur with the defined schedule, or you can start the job manually. When an item is in a "flagged" status, this means DryvIQ has made all attempts to transfer the file without success, and it requires manual remediation. These items can be retried or ignored on subsequent job runs. If retried and successfully transferred, the item will be removed from the flagged items.
All migrations require some amount of manual user intervention to move content that fails to transfer automatically. One of the uses of simulation mode is to get an understanding prior to a live transfer of how many files might fail to transfer and the reasons. This can be used to adjust the job parameters to achieve a higher number of automatic remediation successes.
General Reasons Content does not Transfer
Errors from Source and Destination Platforms
This is a broad error category that indicates DryvIQ was prevented from reading, downloading, uploading, or writing content during content transfer by either the source or destination platform provider. Each situation is dependent on the storage provider rejection reason and will require manual investigation to resolve.
Insufficient Permissions
Many platforms require additional permissions in order to perform certain functions, even for site administrator accounts. These permissions typically require a special request from the storage provider. For example, content that has been locked, hidden, or flagged to disable download may require this special permission request from your storage provider.
Scenario-Specific Configuration
Content on your source storage platform is diverse, and users across your business will structure their data in a variety of ways. A single one-size-fits-all project configuration may not be suitable and can result in some content not transferring to the destination platform. DryvIQ Professional Services and Customer Support can assist in assessing these situations to help provide custom, scenario-specific configuration that may workaround the issue that is preventing the transfer.
Disparate Platform Features
Each platform provider has a given set of features that are generally shared concepts in the storage business industry. However, each storage platform may have behavioral or rule differences within these features, and aligning these discrepancies can be challenging. Features such as permission levels (edit, view, view+upload, etc.) may not align as an exact match from the source platform to the destination platform. File size restrictions or file names may need to be altered to conform to meet the destination platform's policies. DryvIQ will attempt to accommodate these restrictions through configurations in the system, but not all scenarios can be covered in a diverse data set.
Interruption in Service
DryvIQ must maintain connection to the database at all times during the transfer process. If there is an interruption in service, DryvIQ will fail the transfer as it is unable to track/write to the database.
How do I validate my content transferred successfully?
Verify the destination
DryvIQ will report all content that has transferred to the destination. Log into your destination platform and verify the content is located as expected.
DryvIQ is reporting items in "pending" or "retrying" status, what are my next steps?
Run the job again
DryvIQ defaults to retrying the job 3 times to reconcile items that are in pending/retry status. Depending on your job configuration, this may occur with the defined schedule or you can start the job manually.
Review the log message
DryvIQ logs a reason why the item is in pending/retry status. On the job Overview tab, click on the Transfer Details breakdown status "retrying." This will take you to the Items tab with the content filtered to show just items set for retry. Select the item and click the View item history link in toolbox on the right side of the page.
DryvIQ is reporting items in "Flagged" status. What are my next steps?
When an item is in "flagged" status, this means DryvIQ has made all attempts to transfer the file without success, and it requires manual remediation.
Review the log message
DryvIQ logs a reason why the item is in pending/retry status. On the job Overview tab, click on the Transfer Details breakdown status "flagged." This will take you to the Items tab with the content filtered to show just the flagged items. Select the item and click the View item history link in toolbox on the right side of the page. Review the message and determine if you can resolve the issue on the source platform.
Export the flagged items for a job
To export the a flagged item report,
Select Jobs and select the job with the flagged items.
Go to the Items tab.
Filter the list to show only items with the Status “Flagged.”
Select Export this report. This saves the list of flagged items to a CSV file for review.
Review Flagged Items page
The Flagged items menu option will display the flagged items across all jobs. Use the export option to export the report to a CSV file. You can then use the file to remediate issues by correcting issues that are preventing items from transferring and identifying flagged items that don't need to be transferred. Once you’ve worked through the export, return to the Flagged items page to set the job to retry an item or ignore it on the next job run. You can also choose to view the history of the item. You can work with one item at a time or select multiple items and select the appropriate action.
DryvIQ enables the world’s most successful enterprises with total control over and unbounded access to their content, empowering their evolving modern workforce. We connect disparate storage platforms, unite silos of information, and synchronize content spread across the enterprise—at scale. We enable our customers to achieve singular access and unified control over their content, so they can support the evolving needs of a modern workforce.
To dive in further, view our support documentation or contact us at info@dryviq.com for more information about how DryvIQ can help you connect and transform your content.