Would a Hub Do This?

Would a Hub Do This?

by Tadge O'Brien -
Number of replies: 3

So I have a question on how this all might work. I work for a K-12 organization and we have multiple school districts we support. I am wondering could we set up a Hub server that would allow our school districts to authenticate to their own Moodle install, using active directory, and these credentials would be passed to the Moodle hub for authentication?

This would then allow the teachers and students to share course materials.

The other part of the idea would be to also use the hub to hold classes between these different organizations. Would this also be possible?

I have added a sketch of what I am thinking.

Attachment Moodle-HubIdea.jpg
Average of ratings: -
In reply to Tadge O'Brien

Re: Would a Hub Do This?

by Ken Task -
Picture of Particularly helpful Moodlers

For the most part of what is described, Moodle 1.9.x can do.  Am doing same with a TCEA Area 3 implementation of Moodle (tcea.org) and 4 School District Moodles each hosted on a different internet domain (visd.net, wisd.net, fcisd.net, goliadisd.org).  Two ISD's use Active Directory LDAP, one uses Apples Directory LDAP, one uses Manual accounts in their own networks.  In one of above (the largest), they have 33 Elementary schools each with their own Moodle authenticating via AD LDAP and each is linked to an Elementary HUB.

Two things that might make it easier for you:

In the participating Moodles to be mnetted (and the HUB), add this line to their config files BEFORE setting up the mnetting between sites:

$CFG->mnetkeylifetime = '356';

Where 356 is however may days you desire the certificates to be valid.

The admin interface for mnetting servers doesn't provide a setting/dialog box to set this value.

2. All access from mnetted moodles to the hub will grant users access but will assign them roles as student by default (including teachers).  While in the HUB one can take an account that has authenticated via mnet and escalate their access level to a teacher role in the context of a category or course, it might be best to have those that will be teachers on/in the HUB apply for account on the HUB directly.

Be happy to discuss more or even grant some limited access if you desire.  Please contact off list.

'spirit of sharing',

Ken

Average of ratings: -
In reply to Tadge O'Brien

Re: Would a Hub Do This?

by John Andrewartha -

Looking at the map it looks workable.  SSO on a hub or archway give good control.

There is one trap that you should be awar of with Mnet.  It has a timing issue.  All the servers clocks must be within 15 second of each other.

If each server has ntpd running then that will fix that.   The next problem is time outs.  If a remote is to slow the Mnet will time out.   That can be increased but you need to roll the sleeves up and dig around.

If you are using Moodle 2 then I would suggest a Moodle Hub as a repositary allowing districts to share objects (courses).

The certificate rotation is not a big deal.  Extending the life of a certificate may get around any network issues.

The key areas to keep in mind are

  • Speed between the hub and remotes
  • Server time sync
Average of ratings: -
In reply to John Andrewartha

Re: Would a Hub Do This?

by Ken Task -
Picture of Particularly helpful Moodlers

Extending time for MNet'd servers to communicate their certificate, etc.: php.ini setting Maximum execution time - default is normally 30 seconds, I think.  Increasing in 30 second increments until timeouts did not occur fixed for me.

For server time sync ... point MNet'd server to the same ntpd service.

Certificate may not be a 'big deal', but last thing one wants is to have interruption of access.  An invalid certificate (ie, not current) will cause a link error thus no access.  Teachers are powerless to 'fix it' only an Admin level Moodle user can.  If I recall the default was for either 28 days or 128 days.  Teachers won't use if it doesn't work ... period.   So extending the life of the certificates just keeps everyone 'happy' and 'working'.

Now that I've said all that, might want to read and consider:

http://moodle.org/mod/forum/discuss.php?d=175158

As for my own thoughts ....
granted, MNet never used by many and not considered mission critical, but what potential MNet has had for prevention of re-invention of wheel in a distributed learning network.  Will hate to see it go.
'spirit of sharing',
Ken


Average of ratings: -