Extend LMS With LTI Tools #USGRockEagle13

David Robinson, Georgia Gwinnett College

  • Mash up nifty tools with an Learning Management System.
  • It is a standard, so a defined protocol achieves application portability. The tool can work with any LMS the same.
  • Terms:
    • Tool Provider : the tool with its packaging.
    • Tool Consumer : the system using the tool, like D2L.
    • Context : the course or another other location with the consumer like the Org in D2L. IMS contexts need to be mapped to D2L contexts.
    • Link : is a link.
    • Roles : various systems call roles different things. The IMS roles need to be mapped to the D2L roles.
  • LTI Secret Sauce :
    • Tool admin provides link, key, and secret
    • D2L admin creates the External Learning Tool which includes the link, key, and secret.
    • Instructor adds the quick link to the tool for the course.
  • User clicks the link. Information sent to the tool provider such as user, context, role, key, and signature. User launched into the remote tool. A Single-Sign On, aka no login again.
  • Macmillan wants the admin to setup a link for every course. Impossible to sustain. McGraw-Hill one link and instructors setups the course by selecting a book.
  • Select where it will be deployed such as every Course Offering under a Course Template.
  • Open in New Window tends to work better than inside an iFrame.
  • Instructor role by default can create LTIs, even duplicates.

Integrating D2L-Drupal Via LTI #USGRockEagle13

Tom Boyle, Kennesaw State University

  • Half Drupal and half Desire2Learn interest.
  • Request to determine how to decrease time it takes for an online student to go from application to orientation to advisement to registration.
  • Orientation took place in Desire2Learn.
  • Script looks for applicants in Banner and creates the user in Bulk User Management. Registrar enrolls them in the course.
  • Student takes the quiz.
  • Learning Tools Interoperability (LTI) is a way to integrate systems parallel to an LMS without the need for separate custom integrations. Custom output module  uses D2L external learning tools and LTI.
  • Drupal link is not world readable and users do not have to login. D2L configuration familiar. Open source allowed to write custom code to output to Banner. Sometimes the user does not click the button within Drupal so nothing gets captured. Maybe they should automatically click the button for them?
  • YAY!! Tom is using his test instance of D2L to demo instead of production. Love it when our clients use our services right.
  • URLs are not usable unless sent over by Desire2Learn ELT. Yay, for security.
  • Added LTI Tool Provider and OAuth-PHP libraries to Drupal.
  • Got to explain to Tom what some of the values he sees in the session variables.

Discussion:

  • Alternative method:
    • Intelligent agent emails an address to inform them the orientation is complete.
  • KSU going to use similar method for putting staff into course(s) for Ethics test. Really anything where Tom needs to get new users into D2L fast.

BOF Windows Powershell #USGRockEagle13

Bird of a Feather so open discussion. Intro question:

  • How are you using it?
  • How do you like it?
  • Good sources of documentation? Information?
  • Tools/Modules used? e.g. editors, PowerTab module, ISE ScriptingGuy, Codeplex, etc/
  • Using Powershell: User-written functions, cmdlets, modules
  • Version 3? Version 4?

Discussion:

  • Passing around various books.
  • Manning occasionally has half off deals on ebooks. (True. Got my Powershell 2 book on such a deal.)
  • Listserv: ga-powershell at www.listserv.uga.edu.
  • Scripting works great for managing large number of virtual machines.

D2L Faculty Readiness #USGRockEagle13

Dee McKinney and Kathy Whitaker, East Georgia College

    • 3k students, access inst, grant associates degrees,
    • Many students first generation in family.
    • Part of first Georgia implementation group so started Fall 2012.
    • VP Academic Affairs asked all faculty to 1) upload a syllabus, 2) keep the grade book updated. So students can tell where they are in the course. At least an update every other week.
    • Purpose of study:
    • What training effective? Did it work/
    • 12 * 3 hour training sessions in May-July. 4 * 2 hour ‘quick start’ sessions in August. Covered basic tools: syllabus, grade book, discussions, dropbox, import content, email, quizzes, class lists, etc.
    • As time allowed: widgets, nav bars, news, pagers, custom profile, elementary design. Experiment.
    • 122 faculty. 33% attended training. 65% of those full time faculty. 2 dedicated trainers. Some trainees given stipend to be in the field mentors.
      • Online experts: substantial online experience. Mix of full and part time. 27 total. By choice came to earliest sessions.
      • Curious Optimists: some online experience. Mix of 2 to longer. 1 to quick.
      • Reluctant Participants: Little to no online teaching experience. All full time faculty. 7 total. A few admitted only there because required. Did not attend group training. Made appointments for individual.
    • Additional training: extensive list of docs, found apps, etc.
    • Survey before and after plus 5 weeks after start of Fall 2012. Emails approx 400 from help. Informal reviews.
    • Results: 3 hours was enough but not too much b/c workshop oriented not lecture. Essential for time to play with advisers to help. Instructors worked on own content not sample course. 1:8 trainer to trainee ratio. Participants collaborated. IT person on hand for passwords.
    • Multiple methods of training.
    • Mentors on hand regularly.
    • Perception of readiness: anxious prior. Confident after. Requests for advanced training.
    • Group one more competent. Reluctant willing try more positive.
    • Allow as much lead time as possible.
    • Accept some faculty will never buy into online teaching.
    • Suggestion faculty get a course release for first time teaching as so much work to start.
    • Was training or new LMS that made faculty happier.
    • Fall 2013: 2 hour training. Quick start guide. Start set0up while trainer in the room. Focused workshops for followup training on grade books, quizzes, widgets, intelligent agents (spring).
    • Met with professional advisers to focus on needs of online students.

Security Inside Out #USGRockEagle13

Eddie Carter and Orrin Char, Oracle

    • Identity management and security and access management.
    • Eddie wore a UGA shirt. Guy in front of me made fun of him obviously not wanting to sell to Georgia Tech. Turns out he’s from  Kennesaw. The GT-UGA rivalry knows no bounds. Love it!
    • Handout: Database firewall more auditing and ACLs than enterprise firewalls access to many hosts.
    • 67% records breached from servers. 76% breached through weak or stolen credentials. Discovered by an external party. 97% preventable with basic controls. Source: 2013 Data Breach Investigations Report.
    • Pre-1997: security issues mistakes. 1998-2007: Privilege abuse. Curiosity. Leakage. 2008-2009: Malicious. Social engineering. Sophisticated attacks. Business data theft. Loss of reputation.
    • Can be fined. Buy services for people affected by the breach.
    • DBAs are the targets. Phishing to get credentials.
    • Change is where gaps are opened. Being more available means more highly privileged users. Consultants and vendors claim they need DBA level access.
    • 80% of IT security programs do not address db security. They address outside computers such as with firewalls. More and more attacks exploit legitimate access applications and user credentials.
    • Supports SQL Server and MySQL.
    • Preventative
      • encryption : If data stolen in encrypted form, then do not have report the breach? Application should not even know it is encrypted. Network encryption now free to us. Autonegotiates with destination. No application changes. Little overhead. Integrated with Oracle technologies. Key management 2 layers. Master in hardware module or in a wallet. Wallet can be tied to hardware and accessed at restart. Data encrypted with table or column key. Table and column keys encrypted with master key.
      • redaction : Use ACLs to determine who can see. It will replace text such as on credit card numbers, SSNs, so can only see a full, partial, fixed.
      • data masking for nonproduction use : copy of production data in test with test being less secure. Masking means no longer valuable data. Finds sensitive columns through templates and convert the data so meaningless. Shuffle salaries. ID numbers randomized even partial. Randomize all but first two characters of last name. Can be two way so change for sending to a partner for process but then revert back when returned.
      • privileged user controls : Compartmentalization of commands. Prevent consultants from querying certain tables. Creates protective zones around schema objects.
    • Detective
      • activity monitoring :
      • database firewall : sits on the network. Parses SQL to determine the intent. Whitelist and Blacklist and exception list. If none, then alerts security to it and potentially added to a list. Have a learning and blocking mode. Can return empty result list to a hacker so thinks there are no records.
      • auditing and reporting : analyze audit-event data. Central audit repository so hacker unaware. Default and custom reports.
      • conditional auditing framework : if-this-then-that
    • Administrative
      • privilege analysis : privilege capture mode. report on what actual privileges and roles that are used. Revoke unnecessary.
      • sensitive data discovery : scan Oracle for sensitive fields. data definitions.
      • configuration management : discover and classify databases. scan for secure config.

Minimal Downtime #USGRockEagle13

Marc Pare, Oracle

    • Why work on weekends or late at night? (For us because of director policy because accidents during the day changes untenable with clients. But this is targeted to Banner to not GeorgiaVIEW.)
    • Weblogic High Available Topology (Maximum Available Architecture)
      • Client > Apache Server or OHS > WLS Cluster (> Admin Server) > RAC Cluster (> Oracle DB)
      • Why is this not being used?
    • Impressed someone from Oracle is so in touch with problems of Banner on Oracle and solutions.
    • Use Oracle Enterprise Manager to monitor middle tier. Uses mBeans and exposes most items except for some provisioning.
    • Cloning. Template builder. Add new nodes or setup test instances.
    • Rolling upgrades: Bring down first, patch, bring back up; find second, bring down, patch, bring back up. If it encounters a problem, then it rolls back the patch and brings it back up.
    • When experimenting, bring back up with end user access blocked, test and verify. Only when happy, enable end user access. We should consider giving campus administrators access to our direct nodes for testing so they can verify before release. Or even better really knock out the automated testing.