Product Review: Netsec's GALsync V6
Product Name: Netsec's GALsync V6
Product Homepage: click here
Free Trial : click here
NETsec's GALsync is a product designed to reliably and flexibly synchronize global address data between Exchange organizations, including Exchange 2007 and above and Office 365. A very experienced player in the synchronization market, previous versions of GALsync have received the MSExchange.org Gold award, so we’ll be taking NETsec’s latest version for a spin and see if it remains just as impressive.
The challenge of cross-forest Exchange
Many organizations need to work together either due to a merger or acquisition or due to having a strong partnership. Ensuring the relevant people are available in each directory is essential, and forms the basis of allowing cross-organization free/busy sharing to function.
There are no built-in tools to make this simply for administrators to manage and although a certain level of synchronization can be achieved using tools like PowerShell, a solid synchronization engine is required in all but the most basic scenarios.
Because no built-in tools cater for this there are a few options available on the market. NETsec GALsync remains one of the leaders in the market and have thought through some of the more challenging aspects, such as maintaining reply-ability of contacts, ensuring federated sharing can work and even support for ensuring cross-forest delegation can work.
NETsec's GALsync is aimed at a variety of scenarios and includes the tools necessary to allow it to function in almost any scenario that you would want to maintain global address list data and free/busy across organizational boundaries.
A few common use cases that you should consider NETsec's GALsync for include:
- Implementing a global address list across two or more Exchange on-premises or Office 365 organizations when companies merge.
- Implementing a global address list when your organization uses multiple Office 365 tenants
- Maintaining a global address list when you have a Multi-Forest Hybrid topology with Office 365 and need to maintain Global Address List, correct mail routing and Free/Busy between on-premises Exchange organizations.
- Migrating from one Office 365 tenant to another, such as during a divestiture, and ensuring a correct global address list is shown during the transition.
- Preparing and maintaining a Global Address List when performing a large cross-forest Exchange on-premises migration.
- Working with a partner organization and ensuring that a subset of Global Address Entries are kept in sync between the two companies.
You will notice that the last scenario is not that unusual, but quite hard to achieve. Nearly all other products on the market do not have built-in capabilities to cross the hard boundaries between organizations. In addition to standard protocols like LDAP, file shares and Exchange Online PowerShell, GALsync has options to use SMTP and FTP as transport options for data, allowing for synchronization between any organization in nearly any scenario.
What’s new in Version 6
It’s been a few years since we reviewed version five of GALsync. In that time numerous fixes and new features have been added. New features of note include:
- A new sync engine for Office 365 and Exchange Online offering near parity with on-premises Exchange sync options.
In particular, it enables synchronization of additional object types, additional attributes and allows for tenant to tenant sync operations.
- Under the hood improvements to the core synchronization engine.
- Support for .Net Framework 4.5.1, Windows 10 and a new installer.
Setup and Installation
Installation is performed on a domain member computer or server. If you are synchronizing multiple organizations, then you will perform the installation in each organization to perform the import and export jobs.
The installer will require Windows Server 2008 or higher, .Net Framework 4.5.1 and PowerShell version 2.0 or above. The sync server should at a minimum have 2GB of RAM and two CPU cores.
Installation of GALsync is straightforward and consists of standard options for location and where to add shortcuts.
Figure 1: Installation of GALsync
After installation is complete, configuration of the GALsync service is required. A mail-enabled AD user account, with membership of Domain Users, is required to run the service.
With the details of the GALsync service account in hand, launch GALsync and follow the Service Wizard. This will prompt to enter the credentials for your service account.
Figure 2: Entering the GALsync service account details
After completing the details, the service account will be given appropriate local rights on the server and the GALsync service will be launched.
Figure 3: Completing the GALsync service setup wizard
GALsync uses two core concepts to move data around. The first is export policies, which extract data out of a source Exchange on-premises or online system. The second is import policies. These load data into a target system. Typically, an Exchange system will be both a source and a target.
It then uses transport mechanisms to move the data between systems. This can be via a simple file on the local disk, a remote file share, SMTP or FTP. An export will send or upload the data, and an import will retrieve and apply the data.
If you are syncing two systems, then you will typically have two policies per system, one to export and one to import global address list data.
If you are syncing more than two systems then you will need to consider the topology you implement, especially if you want to create a common global address list across the three or more organizations.
In the example below we’re looking to sync an Exchange Online organization and two on-premises organizations:
Figure 4: A three-way sync
In our example we’ll use a hub-spoke method. Exchange Labs is the hub and is running Exchange 2016 on-premises with a GALsync server in the same forest. Goodman UK is a standalone Exchange Online/Office 365 environment. Goodman Industries running Exchange 2013 on-premises and has its own GALsync server.
Synchronization runs in the following order:
- Exchange Labs runs an export profile to retrieve directory information from Goodman UK.
- Goodman Industries runs an export profile to save directory information and sends it to Exchange Labs.
- Exchange Labs run two import profiles to load the directory data into the local Exchange Labs directory.
- Exchange Labs runs an export profile to save information from the local directory, containing GAL information about Exchange Labs and Goodman Industries, and then runs an import profile to load that information into the Goodman UK Azure AD.
- Exchange Labs runs an export profile to save information from the local directory, containing GAL information about Exchange Labs and Goodman UK, and sends it over to Goodman Industries.
- Goodman Industries runs an import profile to load data sent over by Exchange Labs into the local directory.
You’ll see that even when we’ve got a reasonably complex scenario – spanning multiple organization boundaries – it’s a fairly simple set of steps.
Configuration of Sync Profiles
The main user interface for GALsync is focused on its main task and therefore after launching GALsync you’ll see the list of existing policies in place along with sync status and core settings.
To create either an import or export policy, click Create Policy:
Figure 5: The main GALsync GUI
Both Export and Import policies use the same underlying interface and method, making configuration of both online and on-premises synchronization reasonably intuitive.
In the example below we’ll create an Export policy, focused on exporting data from our Goodman UK Office 365 tenant. Choose Export Exchange Online information to another exchange organization, then press Next:
Figure 6: Selecting a sync mode
For Exchange on-premises policies the software will connect to the local Exchange org. For Exchange Online though, we’ll need to specify connection credentials. Using the wizard we can both enter credentials to use and then choose Test to attempt to connect Remote PowerShell immediately:
Figure 7: Connecting to Exchange Online
We’ll then be prompted to choose a Data Transfer Mode. Manual allows us to export to a file. Email allows us to transfer information to a remote GALsync instance using an Exchange Mailbox. Via Network Share allows us to save the file to a remote location, using a different set of credentials if needed. Via FTP allows us to use the older File Transfer Protocol to upload the data. If required, the data can be encrypted.
Figure 8: Selecting a data transfer mode
For Exchange Online policies we can select the type of objects to synchronize, attributes to sync and various options – such as excluding objects mastered on-premises if needed.
Figure 9: Choosing Exchange Online directory information
For an on-premises Exchange organization we have similar options, with the addition of the ability to select domains and organizations units to sync:
Figure 10: Selecting AD OUs for on-premises sync profiles
If we are configuring automatic jobs then the scheduler service can be used to regularly run the profile. Options are available to select when the profile will be executed. In the example below we’ve used every 3 hours every day with an offset of 10 minutes past the hour. The offset is useful if we wish to ensure profile runs do not overlap.
Figure 11: Configuring the scheduler service
As you can see it’s fairly straightforward. Additional options are available in the wizard – such as email notifications and of course ability to customize the name of the profile as desired. For our example we’ll simply create multiple export and import profiles to meet the requirements defined, scheduling them in the appropriate order.
Pricing and Support
The price for the product is based on two factors; the number of objects you want to synchronize and the number of mail organizations (i.e. Exchange forests or Office 365 tenants) you want to sync with. The pricing is reasonable compared to other solutions on the market, which is good news considering the ease of use and innovate methods it uses to achieve synchronization across potentially challenging organization boundaries.
NETsec were responsive when asked questions during the review, however during the actual setup and implementation the product documentation was comprehensive and easily accessible, so no support was needed. The intuitive user interface is unlikely to need much support. Similar products have required a full demo to help understand the logic behind the product.
We’ve previously been very happy with GALsync and this time round it has only improved. In particular, the updated Office 365 engine is great and would be a perfect companion for tenant to tenant migrations I’ve been involved with. As a tool to help with complex migrations with many organizations this ticks all the boxes. We have no hesitation in recommending GALsync.
MSExchange.org Rating 5/5