Set up Business Continuity

Business Continuity is a secure, isolated Google Workspace environment that leadership and critical teams can use to communicate and collaborate during a crisis.

Before you begin

You must work with Google Sales to purchase Google Workspace for Business Continuity.

Contact sales

Prerequisites

Before you can set up Business Continuity, you must make some decisions:

What domain will you use?

Google recommends that you use a subdomain of your top-level domain (TLD), such as workspace.your-company.com. However, there are other options:

Option Recommended? Advantages Disadvantages
Subdomain of your TLD
  • Separate MX records ensure incoming mail to Workspace isn't affected during an outage.
  • Consistent TLD improves brand recognition during a crisis.
  • Users must remember the subdomain when they sign in to Workspace.
  • The subdomain could raise some suspicion among recipients.
Same domain for both primary and Workspace
  • Emails sent from Workspace have the same address as primary.
  • Users sign in to Workspace using a familiar email address.
  • If an outage occurs, incoming mail won't be delivered until you change MX records, and they propagate to the rest of the internet.
Unique TLD for Workspace
  • Incoming mail is unaffected during an outage on the primary.
  • Recipients won't recognize email addresses and may suspect spam or other malicious action.

Will you synchronize passwords?

Google recommends that you sync passwords between Workspace and your primary provider.

Option Recommended? Advantages Disadvantages
Sync passwords
  • Users don't need to remember a new password.
  • If passwords are compromised on the primary, they're also compromised on Workspace. Note: you can mitigate the risk by requiring pre-enrolled hardware security keys and forcing users to change passwords during first login.
Don't sync passwords
  • Prevents a compromised password from syncing to Workspace.
  • Risk of forgotten passwords due to infrequent use.

How will you synchronize user accounts with Google Workspace?

Google offers 2 directory sync tools:

Compare features

Feature GCDS Directory Sync
Hardware & software installation required? Yes, requires on-premises software. No, Directory Sync is a cloud-based solution.
External directory support Supports all LDAP-compliant directories, including Active Directory and OpenLDAP. Supports Microsoft Active Directory (AD) and Microsoft Azure Active Directory (Azure AD).
How it connects to the external server Usually resides on the same network as your LDAP server.
Types of data synced Users (including admins), groups, calendar resources, external contacts, passwords.

Go to What is synced?

 Non-admin users and groups.
Able to sync from multiple external sources? No
  • AD—Supports syncing from multiple directories.
  • Azure AD—Supports syncing from only one directory.
Complexity of set up Can be highly complex, depending on your organization's needs. Simplified setup using your Google Admin console.
Frequency of sync Configurable by admin. Requires third-party scheduling software to automate syncs. Full sync starts one hour after the previous sync finishes. This interval can't be altered.
Troubleshooting & logging Might need to compile log files from multiple servers. Centralized reporting in the Google Admin console. You can filter, search, and set custom alerts.
User attribute mapping You can map:
  • Up to 35 system attributes.
  • Custom attributes.

You can map the following attributes:

  • First name.
  • Last name.
  • Email address.
  • Recovery phone number.
  • Recovery email address.
Organizational unit mapping Automatically places users in designated organizational units. Users can be mapped to a specified organizational unit.

What happens to Workspace data when you return to your primary provider?

After an outage, you can export your Workspace data and return to your primary provider. However, the data created by your users will remain in Workspace.

Google recommends that you create a retention rule in Google Vault to delete all data after a set period of time.

Option Recommended? Advantages Disadvantages
Use Vault to delete data
  • Reduces ability for backup environment to be used for legal action.
  • Reduces potential exposure in the very unlikely case of a compromised backup environment.
  • Data beyond retention time is unavailable in Workspace during an outage.
Don't delete data
  • Reduces possibility for accidental deletion of important content
  • Workspace data can be used for legal action. Increased need for robust security settings and monitoring.

Get your domain ready for Workspace

After you buy Business Continuity, you'll need to prepare your domain for use with Google Workspace.

Verify your domain

When you subscribe to Business Continuity, you must prove that your company owns your domain.

Copy a TXT record value from the Google Admin console

  1. Go to the Setup tool.
  2. Click Get started, then follow the instructions.
  3. In the "TXT record" section, copy the Value.

Paste the unique TXT record value in your domain registrar settings

  1. Sign in to the website where your domain is managed.
  2. Go to your domain's DNS settings. Look for something like DNS Records, Domain Management, or Name Server Management.
  3. Find the TXT records.
  4. Add a new TXT record, using the following values:
    Type TXT
    Name / Host / Alias Leave this blank, or enter @
    If you're using a subdomain, enter the subdomain value in this field. (Example: For the subdomain workspace.your-company.com, you would enter workspace)
    Value / Answer / Destination Enter your unique ID, copied from the Google Admin console.

    Example: google-site-verification=abcdef123_456wx789yz
  5. Save your new TXT record.

Step 3: Verify ownership in the Google Admin console

  1. Go to the Setup tool.
  2. Follow the instructions to verify your domain. The Admin console then searches for your unique TXT record and checks if it's associated with the domain you're verifying.

If the Admin console finds your unique TXT record associated with the expected domain, you're all set. If it can't find your TXT record, a message appears telling you that your domain couldn't be verified. Review the tips on screen and try the troubleshooting steps in this page for help.

Troubleshooting steps

  • Double-check your entries: Make sure you entered everything correctly, following your domain registrar's preferred format.
  • Wait 72 hours: It can take some time for TXT record changes to be recognized across the internet.
  • Contact your domain registrar's support: They can help you troubleshoot any issues with your DNS settings. If you're not sure which registrar to contact, read our tips about how to identify your domain registrar.

Set up MX records

We recommend that you use a subdomain (like workspace.your-company.com) or a unique TLD with Google Workspace. When you do this, you must add MX records during initial Workspace setup to ensure incoming messages are delivered to Gmail during a service disruption.

Add Google's MX record to your domain

  1. Sign in to the website where your domain is managed.
  2. Go to your domain's DNS settings. Look for something like DNS Records, Domain Management, or Name Server Management.
  3. Find the MX records.
  4. Add a new MX record, using the following values:
    Type MX
    Name / Host / Alias Leave this blank, or enter @
    If you're using a subdomain, enter the subdomain value in this field. (Example: For the subdomain workspace.your-company.com, you would enter workspace)
    TTL Use your domain registrar's default value, or enter 1
    Priority 1
    Value / Answer / Destination smtp.google.com
    Important: Follow your domain registrar’s preferred format. For example, some domain registrars require a period at the end (smtp.google.com.). Other domain registrars, like Squarespace and Wix, have a preset option you can choose without typing anything.
  5. Save your new MX record.

Activate Gmail in the Admin console

  1. Go to the domain management page in the Admin console.

    Tip: If you recently signed up for Google Workspace, you can use the Setup tool.

  2. Click Activate Gmail for the domain you want to update. Then, follow the steps on screen.

    Remember: It can take up to 72 hours for new MX records to be recognized.

Troubleshooting steps

  • Make sure your domain ownership is verified: Before you can set up Gmail, you need to verify ownership of your domain or subdomain.
  • Double-check your entries: Make sure you typed everything correctly, following your domain registrar’s preferred format. For example, some domain registrars require a period at the end (smtp.google.com.) while others include the priority and destination in the same line (1 smtp.google.com).
  • Wait 72 hours: It can take some time for MX record changes to be recognized across the internet.
  • Run diagnostic tools: You can use the Admin Toolbox Dig tool to see if the MX records published to the internet for your domain match the values in this article.

Next steps

You're now ready to start setting up Business Continuity.

Choose a directory sync method and set it up

Optional: Set up retention rules in Google Vault

After an outage, you will export your Workspace data and return to your primary provider. However, the data created by your users will remain in Workspace.

Google recommends that you create a retention rule in Google Vault that deletes all data after a set period of time.