Migrating a 50-person agency off Google Workspace and Slack onto self-hosted Nextcloud and Matrix is one of those projects that sounds daunting until you break it into small, testable steps. I've led migrations like this and the single best lever to keep downtime minimal is planning for parallel operation: run the new stack alongside the old, replicate data and workflows, then flip users over in small cohorts. Below I share a practical, hands-on plan that covers hosting, mail, Drive, calendars, Slack history, authentication, training and rollback strategies.
Why self-host Nextcloud and Matrix?
I won't rehash every philosophical argument for self-hosting, but from a practical standpoint the benefits that matter to an agency are: control over data residency, predictable costs, tighter security posture (when done right), and the ability to customize workflows. Nextcloud gives you file sync, calendars, contacts, collaborative editing and basic chat/file preview. Matrix (with a client like Element) provides modern, federated chat and VoIP. Together they cover most of what Google Workspace + Slack deliver.
High-level migration strategy
- Stage and test: Build a production-like environment, run it in parallel with the existing systems.
- Iterative migration: Move services in logical groups (mail routing and user accounts first, docs and files next, chat last) and migrate users in cohorts of 5–10.
- Minimize DNS flips: Prepare everything so the actual DNS changes are short and scripted.
- Communicate and support: Set expectations, run training sessions, keep a small emergency support team available during each cutover.
- Fallback plan: Be ready to revert mail MX, SSO, and critical DNS entries quickly if needed.
Infrastructure and hosting choices
For a 50-person agency you can choose between a single powerful VM or a small cluster. I prefer a mix: managed VPS instances across two providers (for redundancy) plus managed database and object storage. Options I've used successfully:
- Hetzner cloud or DigitalOcean droplets for Nextcloud and Matrix application servers.
- Managed PostgreSQL or MySQL for Nextcloud; Redis for caching and transactional locking.
- S3-compatible object storage (e.g., Backblaze B2, Wasabi, or Hetzner Object Storage) for files to avoid filling VM disks.
- Let's Encrypt for TLS, with automated renewal via certbot or Caddy.
Size guidance: start with 4–8 cores, 16–32GB RAM for Nextcloud (depending on file activity and Collabora/OnlyOffice needs), and 4 cores/8GB for Matrix homeserver (Synapse or Dendrite). Use a separate small server for TURN if you need voice/video.
Identity and authentication
You need a single source of truth for users. I recommend setting up an LDAP/AD-compatible directory (OpenLDAP or FreeIPA) or Keycloak for SSO. Keycloak works well because it supports OIDC/SAML, can federate with Google Workspace during transition, and can act as an IdP for Nextcloud and Element.
- Import users from Google Workspace (export CSV) into Keycloak/LDAP, keeping Google account emails as primary IDs.
- Enable 2FA for admin accounts immediately; roll out 2FA to users in the second phase.
- Plan OAuth/SAML connections: Nextcloud connects via SAML/OIDC; Matrix clients can use OIDC via Element.
Mail migration (least downtime, highest risk)
Mail is where minimal downtime matters most. I do a staged mail cutover:
- Set up your mail server (Postfix/Dovecot) or use a hosted mail provider that you control (e.g., Mailcow, Modoboa, or a managed provider). Ensure spam filtering and DKIM/SPF/DMARC configuration are in place.
- Sync mailboxes using IMAPsync from Google Workspace to the new server. Do an initial bulk sync days before cutover and schedule incremental syncs (every few hours) during the final day.
- At cutover, change MX records to new server and run a final delta IMAPsync for any messages received since the last incremental sync.
- Short TTL on MX and monitoring of bounce logs let you revert quickly if something breaks.
Tip: Keep a temporary alias or forwarding rule from the old system for 48–72 hours to catch misrouted mail.
Files, Drive and collaborative documents
Nextcloud can provide the file sync experience your team needs. For Google Docs, you have options: export to Office formats and use OnlyOffice/Collabora for collaborative editing inside Nextcloud, or run a hybrid model where Docs remain in Google for a short period while users adopt Nextcloud files.
- Export Google Drive content using Google Takeout or the Drive API. For automation, use rclone with the Google Drive remote to copy directly into Nextcloud's object storage (rclone copy -> object storage bucket connected to Nextcloud).
- Preserve permissions by mapping shared drives and folders to Nextcloud groups; create a migration matrix mapping Google sharing to Nextcloud groups and folders.
- Test collaborative editing: deploy OnlyOffice or Collabora Online and import a representative set of documents for users to test in advance.
Calendars and contacts
Calendars and contacts are straightforward with CalDAV/CardDAV. Export calendars from Google as .ics and import into Nextcloud calendars or sync programmatically via the Google Calendar API. Contacts export as vCard and import into Nextcloud Contacts.
- Verify event attendees; recurring events sometimes need manual adjustment.
- Set expectations: calendar invites sent to external Google accounts will still work, but internal notifications may change if clients’ behavior differs.
Slack history to Matrix
Migrating Slack is one of the trickiest parts because of threads, file attachments and app integrations. I approach Slack -> Matrix migration in two phases: history import and live bridging.
- Export Slack data (Workspace Owners can request a full export for standard plans or use the Compliance export for Enterprise Grid). Use tools like matrix-synapse-scripts or slack-export-to-matrix to import messages into Matrix rooms.
- For files, export and upload to Nextcloud and update post URLs in Matrix messages if you want files served from your storage.
- Deploy a Matrix<->Slack bridge (mautrix-slack or matrix-appservice-slack) for a soft-cutover: create parallel Matrix rooms and bridge real-time traffic so users can gradually move to Element while Slack remains live.
- When ready, stop the bridge and archive Slack workspace (after ensuring history in Matrix is satisfactory).
Apps, bots and integrations
App integrations are often neglected until late. Inventory everything: Zapier workflows, Slack bots, Google Scripts, CRM integrations, CI notifications, etc. For each integration:
- Decide whether to replace it (Matrix webhooks, Nextcloud webhooks, custom scripts) or keep it external connected to the new mail/chat endpoints.
- Test in staging. I commonly replace Slack webhooks with Matrix incoming webhooks via a small lambda or container that translates payloads.
- Document API keys and rotate credentials as part of the migration.
Cutover checklist (day of)
| Before cut | Complete final incremental IMAPsync; verify MX TTL is low; migration team on standby; support channels ready |
| DNS | Scripted TTL reduction (72h -> 300s) done 48h prior; have registrar credentials handy |
| Switch | Update MX, SPF, DKIM, update www / app hostnames to point to Nextcloud/Matrix cluster |
| Post-switch | Run IMAP delta sync; monitor mail queues; confirm login and SSO; stagger user communication |
| Rollback | Revert MX and DNS to previous records if critical failure; have snapshot policies for quick redeploy |
Training and change management
Even with a perfect technical migration, user friction can derail adoption. I run short live workshops and bite-sized video walkthroughs covering:
- How to use Nextcloud Drive and the desktop client
- Collaborative editing in OnlyOffice/Collabora
- Matrix basics in Element: rooms, threads, bridging quirks
- Mail client configuration and what changed with SSO
Set up a dedicated migration support channel in Matrix during the first week and keep a rotating "migration buddy" on-call for ad-hoc help. Capture FAQs into a simple intranet page in Nextcloud so users can self-serve.
Monitoring, backups and security
After cutover, watch logs and metrics closely for 7–14 days. Implement:
- Automated backups of Nextcloud files (object storage snapshots + database dumps) and Matrix homeserver data.
- Monitoring with Prometheus + Grafana or a managed monitoring service to watch memory, disk, CPU and queue sizes.
- Routine security practices: apply patches, rotate keys, enforce 2FA.
Don't forget legal and compliance needs: retention policies, eDiscovery exports and access controls—document them as part of the migration deliverables.
If you want, I can produce a tailored migration timeline and a runnable checklist for your specific DNS provider, hosting choice and current Slack/GWorkspace configuration. That makes the cutover nearly boring—and that's exactly what you want.
