ie8 fix
Click Here

Googling Google

Christopher Dawson
Home / News & Blogs / Googling Google

Google adds multi-domain support to Apps -- updated again (and still disappointed)

By | June 23, 2010, 12:19pm PDT

Summary: Earlier today I reported on Google’s addition of multi-domain support to its Premiere and Education Apps. It turns out I was a bit hasty in concluding just what sorts of functionality this update added. Although it brings important improvements to document, contact, and calendar sharing among different domains an organization might have, it does [...]

Earlier today I reported on Google’s addition of multi-domain support to its Premiere and Education Apps. It turns out I was a bit hasty in concluding just what sorts of functionality this update added. Although it brings important improvements to document, contact, and calendar sharing among different domains an organization might have, it does little to address the problem of user privilege and service management that makes many organizations create multiple domains in the first place.

A few corrections and clarifications are below, denoted with italics and strikethroughs.

Updated at 1:56am, 24 June: A last-minute clarification from a Google spokesperson and a correction to the Google Help Center means there are more corrections and even more significant limitations to the update that had me so excited Wednesday. Oh well. New corrections are in bold italics below.

Google announced one of the most anticipated features promised for Google Apps: multi-domain support.  This addresses a fundamental problem with Apps so far, both in the enterprise and in educational settings. Until now, if you wanted to implement different privileges for different groups of users, you needed to create and maintain completely separate domains for each group.  Now, While you still need multiple domains to act as organization units, you can manage them centrally and they can share contacts and groups.

It seems straightforward, doesn’t it? The idea that some people in your organization should have access to one set of features while another group should have access to a different set of features is pretty basic systems management.  However, if you want to turn off Chat for one group, limit another to Docs only, and limit another to email only, all the while making sure that they can share documents and access common address books, well, you had better look at SharePoint and Exchange.

Until now. Unfortunately, half of the above statement remains true: administration of differentiated services and privileges by domain still must be done for each domain an organization owns and can’t be done centrally. Bummer. In fact, for organizations looking to leverage this central control panel, individual domains CANNOT have varying services. They must remain separate. This is now reflected on the Google Help Site (see below). According to the Google Enterprise blog,

Multi-domain support is a new admin control that allows organizations with two or more domains on Google Apps to manage them from a single control panel. Users belonging to different domains within an organization keep their domain-specific email address but can see coworkers from other domains in the organization’s global address book. It’s also easy for users to share across domains in Google Docs, Sites and the rest of Google Apps.

Of course, if I ran the world, then Google Apps would allow for differentiated privileges among groups of users in a single domain. Maybe next week, right? The folks at Google made a handy Venn diagram to show how this works:

I’ll write more about this as I explore it with my own domains, but for now, there are great help articles on making it work available here. I figured this was worth sharing sooner than later, since it truly was a key element to enterprise manageability that Apps had been lacking.

The problem, though, is that while this addresses inter-domain collaboration, it is fairly limited. In fact, Google posted a document called, not surprisingly, “Limitations for multiple domains.” A few key limitations include:

  • You cannot set different policies or configuration settings for different domains. You can control which services are available to different groups of users (by turning services on or off for different organizational units), but all other settings in the Google Apps Control Panel apply equally to all domains that are part of your account.
    As of about 2:00 this morning, this statement now reads, “You cannot set different policies or configuration settings for different domains. All settings in the Google Apps administrator control panel apply equally to all domains that are part of your account.” Well there goes that workaround.
  • Google Apps account merge is not supported. Some current Google Apps customers with multiple domains currently have separate Google Apps accounts for each domain. Google does not currently support merging multiple Google Apps accounts into a single multiple domain account.
  • You cannot add additional domains to your account if you activate Postini Services through the Google Apps Control Panel. To use Postini Message Security for an account with multiple domains, you need to manage the Postini product separately.
  • Sharing a document with a group does not work correctly when the group includes users from other domains. When you share a document with a group, Google Docs generates a link for accessing the document that is based on the group’s domain. If the group includes users from other domains, the link will not work correctly for them.

Well, hey, it’s still cheaper than SharePoint, Exchange, and Server 2008, right? I’ll keep you posted on the evolution of management features in Apps. For now, though, when asked if there were any updates on intra-group differentiated privileges and services, Google spokesperson Kat Eller told me that there was “nothing to announce at this time.” I kind of figured, but I had to ask.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Googling Google”

Topics

Google Inc., Google Apps, Domain, Cloud Computing, Christopher Dawson

Chris Dawson is a freelance writer and consultant with years of experience in educational technology and web-based systems. In 2011, he became the Vice President of Marketing for WizIQ, Inc., a virtual classroom and learning network SaaS provider.

Disclosure

Christopher Dawson

Christopher Dawson is the Vice President of Marketing for WizIQ, Inc., by day and a freelance writer and educational technology consultant by night. Well, most of his colleagues at WizIQ are based in India, so really he's working with them whenever he can stay awake. He has worked for his local school district as a teacher and technology director, for the Johns Hopkins University School of Public Health, and for Biogen, Inc. (now Biogen-IDEC, Inc.). He has also consulted with STATNet and Cytyc Corporation and retains close ties with X2 Development Corporation (now owned by Follett Software, the supplier of the student information system he administered for several years). Follett is paying him a monthly honorarium to act as a presenter for their "SIS Voices for Student Achievement" community (he produces occasional blog posts and hosts a monthly webinar on the use of student information systems to inform data-driven instruction and school-wide change. He regularly purchases and/or recommends Dell hardware. This is because Dell makes good hardware and has truly committed itself to education in innovative ways, particularly with their "Connected Classroom" initiative. It isn't because he has dealings with the company through his role at WizIQ (which he does) or because they have provided him with long-term loans of a variety of equipment for in-depth testing (which they have). Intel (reference designer for the Classmate PCs he has implemented in his local schools) has provided him with long-term loans of Classmate PCs for testing, as have Dell and Lenovo with their educational offerings. He may report on any of these companies as his experiences with them have direct bearing on educational technology; positive reports are not necessarily an endorsement and he receives no direct financial compensation from these companies or any others. Intel paid all expenses for his attendance at the 2009 Intel Classmate PC Ecosystem Summit which he attended as the sole representative of the technology press. He was invited to attend in 2010 but his wife would have killed him if he spent 3 days in Vegas geeking out and left her home alone with a new baby. Acer provided him with a 50% discount on an Aspire One netbook in early 2009 after he tested it for 30 days through their educational seed program. He liked the netbook at the time but it has since broken and sits unused in his office. Canonical sent him Ubuntu lanyards, t-shirts, and mousepads for his kids. He stole one of the lanyards and proudly hangs his keys from it and occasionally features his 8-year old wearing an oversized Ubuntu t-shirt on his Facebook profile. Gunnar Optiks sent him a pair of computer glasses to evaluate for a holiday gift guide. He is wearing them now as he types this because they never asked for them back and they rock out loud. Seriously - they work brilliantly and make it much easier to spend 20 hours a day staring at an LCD. If they ever asked for them back, he would fork over the $99 and buy a pair. Microsoft gave him 2 free copies of Office 2010 professional, a desktop clock, and a useless book on Office 2010 when he attended the launch of Office/Sharepoint 2010. He occasionally uses the SharePoint lanyard they gave him instead of the Ubuntu lanyard for his keys, but feels dirty afterwards. Adobe provided him with a pre-release version of the CS5 Master Collection for evaluation and ultimately provided a full, licensed copy for ongoing testing of educational applications of this admittedly expensive software. Like the Gunnars, if the license expires or they come out with CS6, he'd actually go out and buy it himself. Which is saying something, because he's actually pretty cheap. Any other companies wishing to send him cool things to evaluate, wear, or otherwise adorn his kids are more than welcome to; he promises to disclose it here if he keeps any of the stuff. Finally, because WizIQ is a virtual classroom and learning network provider, Chris, as VP of Marketing, frequently interacts with, seeks out deals with, and directly or indirectly competes with a whole lot of LMS, SIS, and other Education 2.0 companies. In general, he'll limit his reporting about these companies to news that does not impact his relationship with them or with WizIQ. If he reports on them, it's because what they are doing is newsworthy or worth the attention of his readers and not because he's trying to broker some deal, damage competition, or otherwise advance his position in his day job. LMS and SIS companies, along with other online learning communities, are a pretty important part of Ed Tech. If he stops reporting on them completely, there won't be a whole lot left. He'll be sure to call out any overt conflicts of interest if they are unavoidable. Finally, Follett Software Company pays him a little tiny honorarium every month to present on their SIS Voices webinars and to write the occasional blog or discussion thread for them. Since Follett recently bought X2 (maker of an awesome web-based SIS that Chris just happened to have used, served in advisory groups for, and frequently reported on), this is probably also worth disclosing.

Biography

Christopher Dawson

Christopher Dawson grew up in Seattle, back in the days of pre-antitrust Microsoft, coffeeshops owned by something other than Starbucks, and really loud, inarticulate music. He escaped to the right coast in the early 90's and received a degree in Information Systems from Johns Hopkins University. While there, he began a career in health and educational information systems, with a focus on clinical trials and related statistical programming and database modeling. This focus led him to several positions at Johns Hopkins, a couple-year stint in private industry, teaching high school math and technology, and 2 years as the technology director for his local school district. Most recently, he started his own consulting business and is now the Vice President of Marketing for WizIQ, Inc., a virtual classroom and learning network provider. He lives with his wife, five kids (yes, 5), 2 dogs, and a hateful cat in a small town in north-central Massachusetts. Although he is no longer teaching, his roles with WizIQ and ZDNet allow him to continue helping students and teachers add value to education with technology rather than merely adding to the bottom line.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
5
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Google adds multi-domain support to Apps (finally!)
fabioq@... 24th Jun 2010
So what exactly DID change?

It would help if there was an administrator account that doesn't have paid for on each domain, so it would easy to administer multiple domains.
-Fabio
View in thread
0 Votes
+ -
As you point out, still inadequate. You need to be able to create groups
DonnieBoy 23rd Jun 2010
under a single domain name, and then assign different privileges to each group. It should be possible to go down to an individual user and turn privileges on/off.
0 Votes
+ -
Nice turf.
TriangleDoor 24th Jun 2010
Fast, efficient, starts the echo chamber ringing.
0 Votes
+ -
Pankaj from HyperOffice
pankajunk 24th Jun 2010
Hi Christopher,

The kind of functionality you may be looking for is available in HyperOffice. We have the concept of "profiles" (don't think a social networking profile) in HyperOffice. One can create an unlimited number of "profiles" within HyperOffice. A "profile" determines which group desktop a particular user will land at (as you know, one can created unlimited group workspaces within HyperOffice, which consists of a group desktop, and group collaboration modules), the collaboration modules that will be available to a user with that profile (calendars, contacts, tasks, shared documents, wikis, polls, forums etc), whether or not a user in that profile has access to "my workspace" (every user by default has a personal workspace with personal versions of collaboration modules - my calendars, my tasks, my mail, my reminders etc) and what collaboration modules are available in "my workspace".

You can add users to "profiles" as you wish. As you can see, profiles allow you to manage how different users will interact with the portal and what modules and information will be available to them. You can even use profiles to differentiate what different users can see even within the same group. For example, you can create a group extranet1 where users will land on your customer extranet group and have access to calendars, documents and wikis. You can create a profile "extranet2" where users will land on the customer extranet group but have access to contacts, forums and wikis to reflect their unique relationship with the company.

If you wouldn't like such finely tuned controls, there's always "group workspace" creation and administration tools which let you create as many group workspaces as you like, and determine what collaboration modules that workspace will have, and add users as you like.

Pankaj
http://www.hyperoffice.com
0 Votes
+ -
Pankaj from HyperOffice
pankajunk 24th Jun 2010
Hi Christopher,

The kind of functionality you may be looking for is available in HyperOffice. We have the concept of "profiles" (don't think a social networking profile) in HyperOffice. One can create an unlimited number of "profiles" within HyperOffice. "Profiles" allow you to manage how different users will interact with the portal and what modules and information will be available to them

A "profile" determines which group desktop a particular user will land at (as you know, one can created unlimited group workspaces within HyperOffice, which consists of a group desktop, and group collaboration modules), the collaboration modules that will be available to a user with that profile (calendars, contacts, tasks, shared documents, wikis, polls, forums etc), whether or not a user in that profile has access to "my workspace" (every user by default has a personal workspace with personal versions of collaboration modules - my calendars, my tasks, my mail, my reminders etc) and what collaboration modules are available in "my workspace".

You can add users to "profiles" as you wish. . You can even use profiles to differentiate what different users can see even within the same group. For example, you can create a group extranet1 where users will land on your customer extranet group and have access to calendars, documents and wikis. You can create a profile "extranet2" where users will land on the customer extranet group but have access to contacts, forums and wikis to reflect their unique relationship with the company.

If you wouldn't like such finely tuned controls, there's always "group workspace" creation and administration tools which let you create as many group workspaces as you like, and determine what collaboration modules that workspace will have, and add users as you like.

Pankaj
http://www.hyperoffice.com
0 Votes
+ -
RE: Google adds multi-domain support to Apps (finally!)
fabioq@... 24th Jun 2010
So what exactly DID change?

It would help if there was an administrator account that doesn't have paid for on each domain, so it would easy to administer multiple domains.
-Fabio

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix