Migrating to Google Apps (and getting everything working)

Saturday, January 12, 2008 - 14:00 — by Victor

Tags:

For the last few years I've been using Gmail exclusively and have been forwarding emails to @victortrac.com to my Gmail account. Google's spam filters are the best I've ever seen, and the interface is elegant and fast, and combined with loads of storage and IMAP access, Gmail is nearly the perfect email application. The XMPP integration is just icing on the cake.

Because of these features, I voluntarily gave up having a customized email address on my personal domain to take advantage of Google's infrastructure and technology. The decision was fairly easy - I was deluged in spam and GMail's web client was better than any other thin or thick client available. By forwarding my domain's email to my Gmail account, I was letting Google's wonderful anti-spam technology work its magic. This allowed me to retain some use of my previous email address, but as I started to use XMPP (aka Jabber or as Google calls it - Google Talk) I became more and more dependent on my Gmail identity. Sure, I had other Jabber IDs, but it was just too convenient having a unified email address and Jabber ID provided by Gmail.

However, let's say that in five years Google shuts down or, more likely, another company comes along and provides a better service or product. By this time your Gmail identity has evolved into a unified presence, communications, and identification address where anyone can reach you at any time and is also your OpenID login to the majority of sites on the internet. If you've spent 10 years building this identity around a Gmail address, you're not in a great position to easily transition. By using Google Apps on a domain that you own and control, you've at least separated the address from the services and would be able to move around as you want. It's like being able to live all over the world, moving to where the grass is always greener, yet still always having a constant mailing address.

Getting it all to work

So today I registered and migrated victortrac.com to Google Apps, allowing me to use all of Google's great software on my personalized address. The registration process is really quick and simple, and the actual migration part is just a handful of DNS changes depending on what services you want to switch over to Google. For me it is just email and chat, and Google's documentation made it clear which MX servers I need to point my domain to.

For XMPP, however, the documentation isn't very complete. According to this page, you need to add the following SRV records to your DNS server (replace gmail.com with your own domain):

_xmpp-server._tcp.gmail.com. IN SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp.gmail.com. IN SRV 20 0 5269 xmpp-server1.l.google.com.
_xmpp-server._tcp.gmail.com. IN SRV 20 0 5269 xmpp-server2.l.google.com.
_xmpp-server._tcp.gmail.com. IN SRV 20 0 5269 xmpp-server3.l.google.com.
_xmpp-server._tcp.gmail.com. IN SRV 20 0 5269 xmpp-server4.l.google.com.
_jabber._tcp.gmail.com. IN SRV 5 0 5269 xmpp-server.l.google.com.
_jabber._tcp.gmail.com. IN SRV 20 0 5269 xmpp-server1.l.google.com.
_jabber._tcp.gmail.com. IN SRV 20 0 5269 xmpp-server2.l.google.com.
_jabber._tcp.gmail.com. IN SRV 20 0 5269 xmpp-server3.l.google.com.
_jabber._tcp.gmail.com. IN SRV 20 0 5269 xmpp-server4.l.google.com.

The _xmpp-server._tcp and _jabber._tcp SRV records tell the requesting server to look at Google's XMPP servers when there's an XMPP request. There are two minor problems here:

Both _xmpp-server._tcp and _jabber._tcp records serve the same purpose (_jabber._tcp was even deprecated earlier this year)
There's no _xmpp-client._tcp record

This means that Google's example only really adds s2s functionality to the thin client built into Gmail or Google's GTalk thick client, which contradicts this help page for configuring Pidgin to work with your Google Apps domain (there's a whole thread on Google groups about people following Google's directions exactly but not being able to connect properly with Pidgin).

In order to get a third party client to connect to Google's XMPP servers, you'll have to manually configure a "Connect to server" to go directly to talk.google.com. The better solution, however, is to add another set of SRV records (again, replace gmail.com with your own domain):

_xmpp-client._tcp.gmail.com. IN SRV 5 0 5222 xmpp-server.l.google.com.
_xmpp-client._tcp.gmail.com. IN SRV 20 0 5222 xmpp-server1.l.google.com.
_xmpp-client._tcp.gmail.com. IN SRV 20 0 5222 xmpp-server2.l.google.com.
_xmpp-client._tcp.gmail.com. IN SRV 20 0 5222 xmpp-server3.l.google.com.
_xmpp-client._tcp.gmail.com. IN SRV 20 0 5222 xmpp-server4.l.google.com.

With these additional records, when XMPP clients try to log into your domain.com, your DNS server responds down the list and tells it to check on port 5222 on one of Google's servers.

OpenID next?

I'm only a few hours into my migration over to Google Apps, but I think it'll be a good fit for me. Now if only Google would roll out OpenID.... :)

Victor's blog
2594 reads

Eunix
January 23rd, 2008

XMPP-SERVER?

Is xmpp-server.l.google.com. for _xmpp-client._tcp.gmail.com? Some people say that talk.l.google.com. is true.

Victor
January 23rd, 2008

SRVs for your clients

If you have DNS SRV records that point xmpp-client._tcp.domain.com (where domain.com is your domain) to xmpp-server.l.google.com., then when a client makes an initial XMPP request to your domain, your DNS server responds by telling the client to check the real address of xmpp-server.l.google.com for the address responsible for XMPP service for domain.com. If you don't have this or if the Jabber client isn't smart enough to support SRV records, a user must manually enter into the client the actual address for the Jabber server.

Anonymous
March 3rd, 2008

Client Port - Jabber and other things

First of all, good useful post. Helped fill the gaps when I went for single sign on via gTalk.

Okay, I've a couple of questions

I've set up all SRVs for both xmpp server and client, and configured Psi. Tested all my now federated accounts, WinLive, Yahoo etc on my Google Apps account by logging in as an old say Yahoo user and IM'ing myself. Worked fine in PSi, gMail chat widget, and iChat (after configuring iChat's Jabber settings). HOWEVER. Although I can see the status of my own MSN/Yahoo test contact when signed into Google Apps, I cannot see the status of my friends. I wasn't sure whether they had authorised me or not, but I got one or 2 acceptances come in, but got a friend to test and still nothing.

Of course, AIM and Google contacts are fine, just MSN/Yahoo have the problem. I can also see my transport servers msn.jaim.at etc as contacts in Meebo or iChat, but still none of my contacts.

Is it the *.jaim.at transport or something else?

Victor
March 5th, 2008

You need transports

I don't believe Google offers any transports to other networks outside of AIM. To talk to your other contacts, you'll need to rely on a jabber server that provides these transports to other networks, like jaim.at. You'll have to use PSi to register your other networks accounts on a transport server and then authorize them. Only then should they show up natively in GTalk.

I don't use any of the other networks so I've never actually done this. :) Here's a seemingly good guide though: http://lifehacker.com/software/hack-attack/chat-with-aim-msn-yahoo-and-o...

Zachary Ozer
March 30th, 2008

Great tutorial, but I'm

Great tutorial, but I'm still having some trouble connecting from iChat / Meebo.

Are talk.l.google.com and xmpp-server.l.google.com the same?

I've posted my settings at http://nerddome.com/settings.tiff. Perhaps the explanation lies there…

Any help y'all can provide would be greatly appreciated.

Victor
March 31st, 2008

Does iChat support SRV?

Some clients don't actually support SRV records and you'll have to manually configure a connect-to server. Have you tried another client? I know Adium on OS X or Pidgin on Linux works.

Zach
April 2nd, 2008

iChat and SRV

It very well may not. What I'd like to do, ultimately is invest some time now so that things work smoothly and as expected in the future.

When I say "work as expected", I mean that people have the ability to chat with "me@mydomain.com" and for this to handle all standard XMPP protocol stuff (chat both directions, see status, status messages, etc).

Currently, I have to point iChat to talk.google.com on port 5223 and when I try to chat with someone not on GTalk, things only work one way, namely from GTalk to the external domain.

Chase
May 7th, 2008

It appears the computers are

It appears the computers are the same:

nslookup talk.l.google.com
Name: talk.l.google.com
Address: 209.85.163.125

nslookup xmpp-server.l.google.com
Name: xmpp-server.l.google.com
Address: 209.85.163.125

manony
April 24th, 2008

Enjoyed your guide. For

Enjoyed your guide.
For openID you don't have to wait until google does the roll-out. Just get your DNS changes pointing to the myopenid.com service and you'll have you domain acting as openID server. It runs great along google apps (I switched email, chat and calendar to their services as well, alongside myopenid)
greets

Anonymous
May 12th, 2008

Google Apps ID and Pidgin 2.4.1

To get Google Apps ID to work in Pidgin, select "Protocol" as "XMPP" (not "Google talk") and select "connect server" under "advance tab" as "talk.google.com"