Product Review: NETsec’s GALsync (Version 5.0)
Product: GALsync (version 5.0)
Product Homepage: Click here
Free Trial: Click here
GALsync is developed by NETsec which is based in Duren Germany and develops tools for both Exchange and Active Directory. GALsync’s primary purpose is to synchronize address lists and objects between Active Directory environments thus making it easier for persons within different company’s to communicate with one another. The tool accomplishes this by providing each organization with a Global Address List that includes each company’s staff’s email address and associated information.
In addition to assisting with GAL synchronization, which is one aspect of GALsync, it can also help synchronize free/busy information between organizations. This is so essential in our modern economy where mergers are a constant occurrence with little thought put into how under-staffed IT teams are going to make it work smoothly. Having a tool like GALsync in your toolbag can help avoid a merger/migration nightmare.
Personally, I’ve reviewed GALsync in the past and loved the product, so I was excited to see what new features and tweaks were made with the latest iteration, v5.0. Beyond the obvious platform improvements (such as the ability to install and work with GALsync using Server 2012 and Exchange 2013, which I personally used for my review and found to be smooth) my favorite new feature is the ability in version 5.0 for GALsync to work with Exchange Online/Office 365 to export and import information (as shown in Figure 1). A real win for GALsync in my opinion.
Figure 1: Exchange Online export/import support
Specific Usage Cases
Understanding the primary usability scenarios here is a key to my evaluation of the software because rather than provide a tool that does a scattered number of things to a modest degree, the folks of NETsec have provided a tool that has laser focus on its objective with every possible feature provided.
Usability scenarios include the following:
- Multi-Forest Company Deployment: A company may have two Active Directories for any number of reasons and they have Exchange deployed in one (for example, if you use Exchange Online). Exchange cannot span AD forests so you deploy Exchange within that one AD and the Global Address List (GAL) pulls all its contacts and data from that one environment. Using GALsync you can export the data of user objects within the other AD and have that information imported (manually or automatically on a schedule) into your Exchange environment.Note:
GALsync only exports objects that have an email address. That’s reasonable because the whole point is for persons to be able to contact through email the person whose object is being exported and synchronized with the other AD. The target environment has these objects imported as contacts. This doesn’t create a security issue because the users don’t have access to resources. It’s focused on providing addresses, not providing those users access to resources.
- Company Mergers/Take-Overs or Partnerships: One company with an existing AD and Exchange organization may purchase another company that also has its own AD and Exchange organization. Perhaps the goal is to merge these two together one day, or perhaps these two companies have completely separate business models and focus and so you wish to allow them to remain separate. In either case, with GALsync you have the ability to share user and group information from one AD and Exchange organization over to the other. And you don’t have to share all information, you may want specific information about all persons, or you may want to narrow it down to just those users you need to sync. GALsync is extremely flexible to suit your needs.Note:
Although the typical focus is unidirectional from a source forest to a target forest, it’s just as easy to set up a bi or multi directional sync.
- Migrations: Imagine you have an Exchange 2007 SP1 organization that you wish to upgrade to Exchange 2013. At times administrators use these times as opportunities to start afresh. Your company might be setting up a whole new AD using the latest flavor of server (currently Server 2012) with Exchange 2013. As you migrate users from the legacy system to the new one you will want to ensure persons can contact each other through their GAL and here again is where GALsync can facilitate this.
There is plenty of documentation on the install and configuration process. I have to say when I reviewed version 4 there were 110 pages to plough through so I was quite pleased to see that the documentation to v5 was only 70 pages. An improvement if you ask me and a win for the support team. The clarity of the documentation improved in my estimation as well.
The install process is a Next-Next-Finish type of install. There is a good deal of flexibility on where you can install GALsync (either client system or server). You need to have the .NET Framework 3.5 installed (even if you have 4.0 installed). With Server 2012 it’s just a matter of going to Features and including it. You can install GALsync on a client OS (like Windows 7 Pro 64-bit) or on a server (like Server 2008 R2 or higher).
Here are some of the v5 updates, enhancements and deprecations:
- GALsync version 5 is able to synchronize the Global Address Lists between Exchange 2007 SP1, Exchange 2010 SP1, Exchange 2013 and Exchange Online.
- The Built-In Free/Busy Solution (Synchronizing Public Folder contents using MAPI) has been deprecated, thus version 5.0 of GALsync enables you to set up an live Free/Busy via internet using Online Free/Busy or MS Federation. This new Feature brings some major improvements including:
- Free/Busy data is updated live when scheduling an appointment
- More details: Depending on the settings, subject and body can be displayed
- No more transfer of Free/Busy data
- Faster policy-runs
- Less bandwidth
- Updated the GUI of GALsync to the new Windows8-Style.
- Exchange mailbox connection via Exchange Web Service and not via MAPI.
- Import setting: Add suffix to MailNickname only when GALsync creates a new contact.
To set this up according to appropriate policies within your organization you’ll need to create a service account in most cases and provide required permissions for that account. All of this is described in the documentation and isn’t all that complicated to do.
The installation itself is quite simple. A few screens in a wizard that you use to agree to the license determine the installation folder (shown in Figure 2) and you’re done. The install process is the first part to getting things up and running but it is the GALSync Service Wizard that gets your service set up (as shown in Figure 3). The GALsyncService is what you configure to run and this service will execute policies that you configure for exporting and/or importing.
Figure 2: The GALsync Installation Wizard
Figure 3: The GALsync Service Wizard
Configuring Export and Import Policies
The GUI interface for configuring and executing policies has a basic console tree, a content pane and an actions pane (shown in Figure 4). Easy to work with tabs help you adjust settings and policy preferences easily. Policy wizards walk you through the steps of what you need to create a usable policy that you can either run manually or have set on a schedule.
Figure 4: The GALsync GUI Interface
Once you have your options configured for the policy and run it (or have it run automatically) the directory information will be stored in an .xml file. During that process you can choose to encrypt the directory information (using either symmetric or asymmetric keys), as well as compress it. You can choose to share that file in one of four ways. Either manually by taking the file over to the other system, or through email, via a network share or through FTP (as shown in Figure 5). Note: Each of these options requires configuration on your part to make it work.
Figure 5: Choosing Your Data Transfer Mode
You may wonder why the need for encryption options but this ties into some of the real strengths to GALsync with regard to administrators who are now put in positions where they may be working with a new team of admins from the acquisition and merger. Administrators tend to be territorial and control oriented, so the idea of giving away too much control or creating accounts that give excessive control to newcomers just never sits well. GALsync requires no trust relationships be created and doesn’t require a change to administrator permissions in your AD forest. Using encryption is yet another level of control over this data and how it can be accessed, so all of these features play into the concerns of administrators when performing these types of cross forest synchronizations which almost always leaves a security “door” unlocked somewhere. That isn’t the case with GALsync.
Depending on how much control you want over the process there are a ton of options. But some of the features that jump out at you while you work with GALsync includes your ability to select specific AD objects you wish to export. You can use the Search tools to find what you are looking for through AD or you can scan through the hierarchy and pick Containers/OUs that you wish to export (shown in Figure 6). You can even select the properties (ie attributes) that you wish to have exported.
Figure 6: Selecting Containers/OUs to Export
Pricing and Support
The product’s price is based on the total number of objects you would like to sync and the number of Active Directory forests that you will need the tool installed in. Pricing is affordable and ranges from $5 - $2 an object. The website pricing says “licensing according to the number of objects (Mail enabled User, Contacts, Groups and Dynamic Distribution Groups) to be synchronized and the number of forests.” http://www.netsec.de/en/pricing/galsync/
As for support, I often hope to not require support for a straight forward product like this. The documentation should get me where I need to go. In this case, because I had prior experience with GALsync I didn’t need any assistance, which is nice. It tells me the changes with v5 were mostly internal and existing users won’t have to relearn the interface.
As mentioned earlier I was pleased that the documentation was clearer and more concise than earlier versions. As for the need for support, I could see a need for support if my configuration were a bit more complicated, requiring very specific settings and dealing with multiple forests and such. In those cases I appreciated that as a US purchaser I wouldn’t have to attempt to contact support during European working hours but could reach out to a “local” distributor/support vendor. However, again, I think the documentation is pretty clear even with complex scenarios.
GALsync has been, and continues to be, one of those products that does exactly what it advertises. In fact, with the ability to handle free/busy information, combined with so many necessary features (everything from method of export/import to encryption options to specific attribute export selection) and the more recent support for Exchange Online/Office 365, I was thrilled with this new version.
In my previous review of GALsync I complained about the documentation being too long and my inability to sync (or at least, inability for me to figure out how to sync) with Office 365. Both have been addressed with v5 and that really impressed me. One thing to note is that V5 no longer supports Exchange 2003. This is due to the fact that Exchange 2003 is being deprecated in early 2014 by Microsoft. As a result of the architectural changes in GALsync 5 it is not compatible with former versions. However, on the plus side the data files are compatible so you can export directory information (not Free/Busy information) from a GALsync 4 system to one using GALsync 5. Where this can be very helpful is if you are looking to sync directory information from an Exchange 2003 organization with Exchange 2007/2010/2013 or Exchange Online using GALsync 5.
I think this tool is perfect for what it is advertised as being able to do. Easy to install and configure, the GUI is polished and easy to work with (a set it and forget it approach), cost-effective and feature-rich.
MSExchange.org Rating 4.8/5