The evaluation was undertaken as part of the Operational Excellence (OE) sponsored Productivity Suite project and focused on features and requirements to meet key objectives of OE including service improvement, project and operating cost, speed of deployment, architectural alignment, accessibility, storage of data in the United States, and privacy and security issues. For more information, see Campus Selects Google as New Email and Calendar Solution.
Microsoft vs Google Assessment Matrix
|Priority||Category: Issue||Google Apps for Education||Office 365||Advantage To:|
|1||Email/Calendar Cloud/Local Solution:|
|Speed of Migration and Deployment||As a guide, Google offers a 6-10 week migration plan for institutions wanting to migrate quickly. This would be a starting point for us. A UC Berkeley migration to Google can start faster and with less infrastructure investment. Also, we will be able to use a significant amount of our recently upgraded mail routing infrastructure with this solution. Due to the recent issues with CalMail, this is a very significant issue.||UC Berkeley requires an on-premise solution to complement their cloud solution, particular to the current UC Berkeley environment. UC Berkeley's assesment of Office 365 specifically included planning for and resourcing an installation and configuration of Exchange 2010 for on-premise email in a hybrid deployment, this was a chosen from the options Office 365 gives for on-premise email infrastructure. Considering Berkeley's expertise and requirement to re-use a significant portion of its current Exim/Cyrus infrastructure, including retaining its MX records, this would require a major effort. This has the tradeoff of giving more flexibility in integrating on-premise and cloud main and management of authentication.||Google has the advantage for speed of starting a migration in our current UC Berkeley email environment. Also, with a multiple Google Apps instance model, we can allow for large subdomains to independently plan and execute their own migrations.|
|Support of Migration and Deployment||Google relies on partner vendors for on-premise migration project management, but does have a deployment specialist that can answer questions. This, along with the support that we can gather from already-migrated partners, such as UC Santa Cruz and Lawrence Berkeley Lab, allows us to migrate, with support at a significantly lower cost.||Due to its current email ennviroment and campus expertise, UC Berkeley would require support from MS Premier Deployment or Partner-led deployment services that can manage the migration project. These come at a cost to the project.||Google, since we have close peer institutions that have already completed migrations and can offer support.|
|Integration with Collaboration Tools||The option of integration with the suite of other Google Apps products Google Docs, Groups, Sites. These applications were not extensively reviewed during this process, but are already used in other departments for teaching and learning purposes. Also, BOX, which campus has contracted with, integrates with Google.||Microsoft does offer a high-level of integration between the Office 365 components, Exchange Online, SharePoint Online and Lync Online. Currently we are not looking to purchase these as part of this migration. Integration with external 3rd party apps is something Microsoft enables through a rich set of PowerShell and Exchange Web Services APIs, though our current campus skillset does not widely support these technologies.||Google integrated with partner software campus has already purchased. Both Google and Office 365 would offer a more integrated collaborative tools environment than what currently exists on campus.|
|Ease of Tools Development||Powerful open standards-based API for extending base functionality. An API based on technologies that we currently have campus expertise in developing against. Also, specific APIs for migrating data in and out of the service. Google has a program for specifically moving data in and out of their products efficiently, see http://www.dataliberation.org/.||Microsoft does offer a robust set of development options through PowerShell and Exchange Web Services (EWS) interfaces; extensive documentation is available on Microsoft TechNet which would reduce ramp time for developers. Mail data can be migrated in and out of the service using EWS. Microsoft’s partners also offer a range of data migration tools. Despite these resources, in the current UC Berkeley environment, software development against Exchange and the MS suite of software is not a widely-held skill on campus. This would be a significant issue in porting the web tools and interfaces for the current mail system.||Google has an API better aligned with the current skillsets on the UC Berkeley campus and what our central IT group currently supports.|
|User Familiarity||The ability to leverage a better known interface and product by the student population based on email forwarding information. Using Google Apps, users will be able to continue to retain multiple, separate email accounts between their berkeley.edu and subdomain email accounts. Gmail, and to a lesser extent Google Calendar, is already used by a significant percentage of our students. An analysis done last year of CalMail forwarding showed 25 percent of students forwarded email with Google being far and ahead having the largest share of that percentage.||There is not a consumer version of Office365 that can be compared to Gmail/calendar, though current gmail users could POP their mail from an Exchange Online instance or continue their forwarding. Users with current multiple, separate @berkeley.edu or other @subdomain.berkeley.edu email accounts on the current CalMail system would be required to consolildate their multiple email accounts into a single identity. There are significant groups on campus that do use Outlook (the preferred client for Office365/Exchange).||Overall: Google.
Current Google Users: Google.
Users with multiple Berkeley accounts: Google.
Current Outlook and Exchange Users: Microsoft.
|Mailman Migration Option||The opportunity to, eventually, migrate Mailman mailing lists with the core product offering. Google Groups could be used for this purpose, but it is not part of this project.||Replacement of Mailman mailing list software without 3rd party software. Microsoft themselves recommended that we do not attempt to migrate from Mailman to Exchange distribution groups as it is an insufficient replacement.||Google has a product that could be evaluated for possible migration off of our Mailman product, offering an opportunity to reduce operational risk with very little cost. MS has no such product built into their suite.|
|On-Premise Integration||Google Apps does not offer integration with on-premise email or calendar software as part of their default product. Any on-premise email and calendar solution offered to users that require on-premise email will be different and lacking the same experience of Google Apps without local development toward that goal.||Integrated on-premise email /calendar solution. Office 365 offers as part of the core product, tight integration for mail, calendar, free/busy, and tasks between an on-premise Exchange 2010 installation and their cloud offering. What this will allow is for users and groups that are using on-premise email to seamlessly interact with cloud users and have the same tools and experience as cloud users.||Microsoft is built with this type of integration in mind. Since we would require an on-premise solution for any campus mail/calendar service, this gives it the advantage.|
|Administration||Google does not offer delegated administration for multiple domains hosted on a single Apps for Education instance. In order to effectively delegate full administration to current CalMail departmental email administrators, we would adopt a model with multiple Apps for Edu instances for our large CalMail subdomains.||Microsoft offers a range of role-based delegation options that can be
used to grant users or groups with access to administrative features.
This ranges from password management for Help Desk users through
to eDiscovery Management.
Rights to individual mailboxes and calendars can also be delegated using the full Outlook client where, for example, a manager wants to delegate access to their inbox or calendar to their assistant. Functions currently handled by CalMail and email support providers would have to be built out.
|Google. Neither solution offers the custom-developed management and delegated administration tools as CalMail currently does. Google has a system that will come closest to the current functionality.|
|Authentication||Google does not allow us to keep all passwords and authentication information onsite. Google supports SAML 2.0 for single sign-on for its web applications, but using Google with desktop applications and mobile devices requires storing credentials with Google. Universities such as NYU and University of Minnesota have (in documentation) strongly recommended that their users migrate to web clients only. Google-based passwords are still required for all mobile clients.||Office 365 has the ability to allow us to keep our authentication tied to local Active Directory infrastructure (for single sign-on, desktop, and mobile).||Microsoft has the advantage of giving us this option and keeping all our credentials within our borders.|
|Mobile Integration||Google Sync supports Android, iOS, Windows Mobile, and Blackberry devices. Standard IMAP for email is also supported.||Office 365 uses ActiveSync and works similar to an Exchange server for the purposes of mobile integration. Email, Calendar, Contacts can be synced to any device supporting ActiveSync. Mail can also be set up using standard IMAP. BlackBerrys are currently not supported with a BES server. This is on their roadmap.||Draw. Both products offer better integrated mobile support than campus's current offerings. Both solutions also support standard IMAP/SMTP for receiving and sending mail.|
|Email/Calendar Cloud/Local Solution: SUMMARY
Google's solution is optimized for web-based interaction. It is designed to be quickly provisioned and a migration to Google could begin more quickly than one to Office 365. The tradeoff is that without significant output of resources, the on-premise email and calendar system would not be on-par with the cloud services offered.
Office365 offers an integrated experience for on-premise and cloud users. This comes at a tradeoff of some operational expense and maintaining central infrastructure. Office365 is a very new service, even universities such as Nebraska that were first to sign-up are still not migrated. Microsoft's previous online service offerings (BPOS, Live@EDU) did not have exceptional track records for performance.
Migrating to either solution will require changes in the way campus runs their email and calendar service. From policies, security, DR, administration and end-user support, neither Google nor Microsoft will fit UC Berkeley exactly. That being said, both solutions have their advantages and weaknesses. Functionally, Google has significant advantages that Berkeley can quickly and cost-effectively take advantage of; its most significant weakness is its lack of integration with an on-premise email and calendar solution in the way Office365 does. A UC Berkeley Microsoft implemention requires some central AD and Exchange infrastructure to support the on-premise solution and our wish to keep our MX records at UC Berkeley.
|Acceptance||More general acceptance and familiarity with this solution in the community, particularly with faculty, researchers, and students. Haas and URel may want to splinter off and use an on-premises Exchange installation.||Faces less acceptance; less familiarity with it; notions on Microsoft. Many groups likely to splinter off and continue using Google.||Google: Faculty, researchers, and students.
Microsoft: Administrative power users, plus Haas and URel.
|Security & Privacy||Does not allow per-event privacy controls as Oracle Calendar
does. Can only set access rights to the calendar as a whole.
More difficult for an administrator to set access controls for groups of people. Cannot set access controls by role.
|Does not have the same per-event privacy controls as Oracle Calendar does.
A user is able to mark items in their calendar as Private which means that a 3rd
party viewing the calendar will not see the event details. Can only set access
rights to the calendar as a whole. Has 4 levels of access control. Easier for
administrators to set access controls from the PowerShell interface.
Can set access controls by role.
|Choice of access||Outlook 2010 (via Google Sync app) √
Outlook 2011 (Mac) ?
Outlook Web App(OWA) N/A
iCal (via CalDAV protocol) √
Google Calendar (web) +
√ Less supported; may be issues.
? Unknown if this configuration possible.
N/A This configuration not available.
|Outlook 2010 +
Outlook 2011 (Mac) +
Outlook Web App (web) +
Google Calendar (web) (via Google Sync app: requires Outlook 2010 to set up) √
√ Less supported; may be issues.
|Functionality & Features||Features superior to Microsoft
||Features superior to Google
|Interoperability||Google Calendar does not have interoperability with other
instances of Google Calendar nor other types of calendar systems.
While it is easy to see another person's calendar on the system,
it is not possible to schedule with them in real-time as it is
with Office 365. Calendaring invitations are sent by email and
responded to by email.
Invitations to users at an email address other than the one used for their main calendar may cause it to create a new calendar.
|Office 365 is fully interoperable with any other Exchange
installation (i.e., it would be fully interoperable with UCSF
and an on-premises Exchange installation.) It is possible to
schedule in real-time with cloud or on-premise or users on
another linked Exchange instance.
It is easy to schedule with external Outlook users. Outlook will recognize calendar events in an email and easily enter them on the calendar system. It is a standard among businesses, so many administrative departments that deal with external businesses or organizational would find it easy to schedule events with each other.
|Mobile Devices||Google Sync supports Android, Windows Mobile, iPhone, and BlackBerry platforms. (BlackBerrys require an additional app to be downloaded. Android phones connect natively. Other platforms use built-in ActiveSync client.)||Office 365 can sync with any device that has an ActiveSync client (includes iPhones, Android devices, Windows Mobile phones). BlackBerry phones would require a 3rd-party ActiveSync client or support via the upcoming hosted BES (BlackBerry Enterprise Server) that is scheduled to be part of the Office 365.||Draw.|
|Ease of Use / Familiarity||The Google calendar interface is widely regarded as intuitive and easy to use even for people unfamiliar with online calendaring. Many more people are familiar with its interface as it has been available for free for many years.||While the Outlook-style interface is familiar to many staff, the web version is less so and has a significant usability issue in that it cannot layer calendars. Its stronger features also means that it is more complicated to use, a factor for everyone, although less so for current CalAgenda power users.||Google: Everyone except CalAgenda power users.
Microsoft: CalAgenda power users.
|System Administration||Rudimentary system administration capabilities out of the box. Cannot easily distribute control to units (this might be possible with additional programming). Difficult to create or set up access rights in a batch mode. Lawrence Berkeley Lab reports that they don't need to do much in the system administration control panel.||More advanced system administration features including capability for doing many jobs in a batch mode such as setting permissions. Much easier to distribute administrative functions around the campus so individual units would have more control over their accounts. Capabilities for scripting administrative tasks are very robust.||Microsoft.|
|On-premises solution||None.||Exchange is a well-known calendaring and email system that could be hosted on campus (which already has several Exchange installations). It would work seamlessly with Office 365.||Microsoft.|
Calendar users are sharply divided on campus between three major categories: 1) those who do not use an online calendar or who only use one for themselves and don't schedule with others, 2) average CalAgenda users or users of other calendar systems who schedule only for themselves and maybe a few others, and 3) power CalAgenda users who may schedule dozens of meetings a day for several administrators and keep track of one to two dozen calendars minute by minute.
Google Calendar would be an acceptable alternative for the first two categories of users. They would easily adapt if unused to it, and it would meet their needs fairly well.
The third category would find the transition to Google Calendar hard, and it is likely that its use would impact their productivity both during the transition period and going forward due to problems with the migration and ongoing reduced functionality of the product.
It is also quite likely that some top University administrators' duties would be disrupted by problems with their calendars both during the actual cutover migration and during an extended transition period where events that existed on the previous CalAgenda were still in the new system.
Transition problems are also a possibility with a move to Office 365, but as best as can be estimated, would be less. There is more experience and understanding in the area of transition to Exchange than in the transition to Google, and fewer areas of stark incompatibility between Exchange/Office 365 and Oracle Calendar than between Google and Office 365.
The lessened functionality in Google would be a detriment to these power users' productivity going forward. While their total number may be five percent of the total users on the calendar system, their actual calendar use may well be half of the system.
|2||Security and Privacy:|
|Acceptable Use Policy (AUP)||UC adopts Google's acceptable use policy. With notice to UC, Google may interpret and enforce the policy in a manner UC finds objectionable.||UC retains the right to apply its own acceptable use policy and the contract assigns sole responsibility for AUP enforcement to UC.||Microsoft.|
|Non-consensual Access to End-User Data||Google will only use or disclose UC end-user data as provided in the agreement. Google has no obligation to supply UC with records detailing any access by Google to UC end-user data.||There are only a few circumstances in which Microsoft personnel have the right to monitor or disclose UC end-user data and any exception must be authorized in writing by UC. However, Microsoft declined to supply UC with records detailing any access by Microsoft to UC end-user data. And, Microsoft may disclose the contents of end-user messages to third parties if Microsoft determines the messages contain malware.||Draw.|
|Authentication||Credentials for email/calendar clients reside on Google's servers. Two-factor authentication available but specific to Google and only supported on web-based clients.||UC stores end-user credentials locally and may be able to leverage planned implementation of two-factor authentication for campus Active Directory.||Microsoft.|
|e-Discovery||Google contract offers no cost support to meet e-Discovery requirements if Admin Tool will not suffice. The contract is unclear about whether Google will help UC respond to third-party demands against UC. And, Google's e-Discovery capabilities are relatively immature.||Microsoft provides robust e-Discovery tools and supports configuration of different retention policies on specific sets of mailboxes. They also offer no cost support.||Draw.|
|Location of Data||Google contractually commits to permanently storing data at rest in the United States for Core Content (including email, calendar details, and Google docs). Google may also transfer, store, and process Customer Data in any country in which Google or its agents maintain facilities; Core Content shared with non-UC users may be stored outside the U.S.||Microsoft will contractually commit to locate all Exchange, SharePoint and Lync servers that will be accessed by End Users in production and disaster recovery data centers only in the continental United States. This does not apply to antivirus or antispam services. Microsoft has stated (not in the contract) that as Office 365 is presently architected, customer data will reside in the U.S. (except for AV, AS, and some support issues), but reserves the right to modify its architecture moving forward.||Microsoft (slight).
Google has more qualifications on U.S. data storage obligation in minor respects.
|Encryption of Email at Rest||Not available.||IRM add-on (extra cost) available to provide encryption of stored email so as to prevent Microsoft personnel from having access to sensitive messages and attachments.||Microsoft.|
|Security and Privacy: SUMMARY
Google inferior on all fronts but only by a small margin.
Microsoft superior. Microsoft offers a better AUP policy, better e-Discovery options, and slightly better terms on the location of data. On the whole, Microsoft comes out better than Google but only by a small margin on all categories.
|Data Transfer upon Termination:||Provided Customer requests that they do so prior to termination, Google commits to maintain Customer Data for at least six months after expiration or termination of an agreement. May charge data retention fee that shall not exceed the cost of providing the service. Provides self-service tools for data extraction.||Unless Customer requests immediate deletion of data, Microsoft commits to maintain Customer Data for 90 days after expiration or termination of an agreement. May charge data retention fee that shall not exceed the cost of providing the service. Provides self-service tools for data extraction.||Microsoft (don't need to request prior to termination trumps time delta).|
|Data Management and Transfer||Google contractually commits to permanently storing data at rest in the United States for Core Content (including email, calendar details, and Google docs). Google may also transfer, store, and process Customer Data in any country in which Google or its agents maintain facilities; Core Content shared with non-UC users may be stored outside the U.S.||Microsoft will contractually commit to locate all Exchange, SharePoint and Lync servers that will be accessed by End Users in production and disaster recovery data centers only in the continental United States. This does not apply to antivirus or antispam services. Microsoft has stated (not in the contract) that as Office 365 is presently architected, customer data will reside in the U.S. (except for AV, AS, and some support issues), but reserves the right to modify its architecture moving forward.||Draw.|
|Accessibility||Google is willing to make commercially reasonable efforts to provide updated VPATs.||Microsoft is unwilling to address this in the contract, though they have completed VPATS for all in scope services. Specifically completing VPATs for Exchange back as far as Exchange 2000.||Marginal in favor of Google.|
|HIPAA/BAA||No BAA in place. Contract silent on HIPAA.||Microsoft has an acceptable BAA in place.||Microsoft. Without commitment to HIPAA portions of campus, UHS and Optometry are not good fits.|
|Account Suspension||If Customer materially breaches contract, and subject to cure, Google may suspend service in whole or in part. Google may suspend the services in whole or in part as a result of an Emergency Security Issue. In the event of an Emergency Security Issue, Google will limit suspension to the minimum extent and duration possible. Google maintains the right to suspend accounts based off of AUP violations.||Microsoft may suspend the Office 365 Services in whole or in part and without notice: (1) if Microsoft believes that Enrolled Institution's use of the Office 365 Services represents a direct or indirect threat to Microsoft's network function or integrity or anyone else's use of the Office 365 Services; (2) if reasonably necessary to prevent unauthorized access to Institution Data; (3) to the extent necessary to comply with legal requirements. If Microsoft suspends the services without notice, Microsoft will provide the reason for such suspension if Institution requests. In the event of a breach of contract, and subject to cure, Microsoft may suspend services in whole or in part. Any suspension of Office 365 Services shall apply to the minimum necessary portion of the Office 365 Services.||Microsoft, due to Google rights to suspend related to AUP.|
|Notification on Access||Unless prohibited by law, Google will notify Customer of Legal Request and comply with Customer's reasonable requests to oppose such and provide tools to respond to such request.||Microsoft will attempt to redirect any Legal Request to Customer. If not successful and not prohibited by law, will provide Customer reasonable notice prior to disclosure.||Draw.|
|Limitation of Liability||Google does not limit their liability in regards to its confidentiality obligations and includes Customer Data in definition of Confidential Information. Google is responsible for any actions of its employees and agents.||Microsoft caps its liability for "free" services at $5K including any damages related to Institution Data short of Gross Negligence or Willful Misconduct.||Google is far superior.|
|Defaults||Google may modify its service and will make commercially reasonable efforts to notify customer of such. Google may change Service descriptions and SLAs, though if Customer objects within 30 days they may operate under the previous terms for the then current term.||Microsoft may modify its service from time to time. If customer objects to a modification it may terminate the service with no refund for unused paid services.||Google.|
|Service Level Agreements||Credit tied to payment.||Credit tied to payment.||Draw.|
Microsoft has a superior contract due to the following: HIPAA, Data Transfer, and Account Suspension.
Limitation of Liability is the most salient area where Google is superior.