Architecture example: A videoconferencing system for remote learning
1 | Digital capabilities – the question of “what?”
2 | Application area and functional scope – the question of “why?”
3 | Technical-infrastructural area – the question of “with what?”
Regardless of the type of school one is dealing with in a given situation, a communication platform needs to be created in order to enable the exchange of information between teachers and students. This technical platform forms the foundation for digitally supported remote learning.
The didactic and methodological concepts that underly in-person learning need to be transferred to the remote learning environment in an appropriate manner. This represents a challenge because up until now, education instruction materials and interaction and communication approaches have been designed and structured in line with the in-person classroom learning environment.
Learning platforms and online learning apps can expand remote learning features while also addressing the application areas of “Learning with digital media” and “Evaluation of learning progress,” whereby these are not part of this example.
Example: BigBlueButton videoconferencing software, supporting software, and devices
BigBlueButton is a web application, which means it has to be run via a browser. Firefox and Google Chrome are the recommended browsers here. Browsers are also software components that are installed on a device. The various operating systems used for (mobile) devices (e.g. Microsoft Windows, Mac OS, Linux, iOS, Android) come with different preinstalled browsers. Common devices are PCs, notebooks, tablets, and smartphones. It is recommended that at least a notebook be used for remote learning, as anything smaller will present issues in terms of the size of the display and ease of use. For example, the lack of a physical keyboard (e.g. in the case of a tablet) will eventually lead to problems in terms of a student’s ability to carry out all required tasks. If a tablet is nevertheless used, a special stylus will at least make it easier to write on the device. A webcam and a headset will also be needed if a student’s device does not include these components. A headset is better than integrated device microphones and speakers, as these can cause unpleasant echoes, which will always occur if at least one device produces audio feedback.
- Finally, numerous software, hardware, and security components need to be aligned with one another when a videoconferencing system is used for remote learning.
- Many components of the sample architecture are not required exclusively for remote learning applications but can instead also be used in other application areas that relate to the capabilities needed in digital schools (see Figure 2).
Network and server infrastructure
A sufficiently fast and stable Internet connection is needed for remote learning via videoconferencing software like BigBlueButton. That means teachers and students need to have fast Internet connections and routers in their homes. The router is what allows the device to connect to the Internet either via wires (LAN) or wirelessly (Wi-Fi). Cell phone networks can also be used to connect to the Internet, but devices that connect this way need to have a SIM card slot, and the plan associated with the SIM card needs to include sufficient data volume.
- The bandwidth needed for stable video conferences depends mainly on the type of software used, as well as the number of participants and the content shared – e.g. webcam images, screen sharing, etc.
Different videoconferencing systems also process video and sound signals from conference participants in different ways. For example, while other software systems combine, compress, and scale down the two signals, thus conserving bandwidth and computing power, BigBlueButton only does this with the audio signal. As a result, bandwidth and computing power requirements for all participating devices increase in line with the number of people who participate in a BigBlueButton video conference with audio and video feeds. More specifically, this means that as participant numbers increase, each device needs to transmit a greater amount of data per second with a higher rate of CPU usage in order to ensure sufficient conference quality at all times (see Figure 6). This in turn means that the number of participants in each video conference generally needs to be limited to less than 20.
In order to maintain the focus on the educational mandate of schools, it makes sense to incorporate IT experts into the processes for creating and operating the required infrastructure. It’s also much more efficient to develop and implement a standardized overarching approach for these processes. In addition, the procurement of software or infrastructure services makes it possible to switch providers at any time. The use of an internal data center or a school’s own hardware, on the other hand, makes it more difficult to make adjustments in line with the services made available to the schools.
If a school does decide to operate its own infrastructure, numerous architecture-related aspects need to be considered. For example, just like the users’ physical devices (notebooks, tablets, etc.), the school’s servers also need to be equipped with the right operating systems. The BigBlueButton server requires the use of the Linux operating system Ubuntu. BigBlueButton also describes the minimum hardware requirements for maintaining the stability of its videoconferencing platform. This also includes information about the central processing unit (CPU) computing power needed for each server. When audio data is processed, for example, a server needs to use its computing power to mix all conference participants’ audio channels and then send this mixed signal to every participant.
Extensive technical and organizational measures also need to be implemented in order to manage access to the servers and prevent unauthorized access. Security architectures describe numerous components with features that go far beyond those of normal firewalls, and which need to be implemented on both the software level and the network/hardware level. Security systems also need to be installed for the data center and the server access systems.
- Various models can be used for IT infrastructure operation – the way people choose to eat pizza offers a good analogy here:
- On-premises: We do everything ourselves. The dough and the toppings are prepared and baked in our own oven, and we eat at our own table
- Infrastructure as a service: We eat a frozen pizza, which means all we have to do is unpack it and put it in the oven – then we can eat it.
- Platform as a service: The pizza is delivered hot and ready. All we have to do is eat it at our own table.
- Software as a service: We order the pizza in a restaurant and don’t have to do anything except eat it. Even the table is set for us.
Device management and access protection and authorization
Many teachers and students still use their own private devices, which makes it difficult to assist them if they encounter technical problems. The digital strategies employed in many states in Germany call for teachers, and in some cases students as well, to be equipped with the same type of devices.
The use of a centralized device management system with structured processes is in fact a must because old or outdated devices need to be turned in and replaced with new ones. Other devices need to be temporarily handed out and then returned – for example devices used by substitute teachers.
Software distribution systems ensure that only approved software is installed and used. In addition, such systems allow (security-)relevant updates and new standardized software to be installed on devices without teachers or students needing to obtain assistance for this.
Identity and access management systems (IAM) manage user accounts, verify identities, and authorize teachers and students and their accounts to use devices and software.
A single sign-on service (SSO) makes it easier for users to work with the remote learning system. An SSO makes it possible for teachers and students to use the same account to authenticate themselves on different devices and in different software systems. Entering a password also automatically logs the user into all linked programs – i.e. the password doesn’t have to be reentered each time.
By their very nature, schools display a much higher rate of student turnover than is the case with employees at a typical company. The use of an IAM system in conjunction with a well organized approach increases information security at schools and also standardizes user lifecycle management operations. Figure 7 shows how the accounts of students and substitute teachers are given an expiration date as soon as they are created in order to prevent unauthorized access to systems and data.
Data protection and child protection
In terms of security, schools also need to take data protection and child protection for minor students in particular into account when they select the software to be used for remote learning.
The focus here should be on the processing of personal data (i.e. all information which according to the General Data Protection Regulation (GDPR) is “related to an identified or identifiable natural person”). With regard to remote learning, schools thus need to choose software that only processes the personal data that is absolutely necessary for the remote learning system. It must also be ensured that the selected software doesn’t disclose this data to third parties and also deletes it as soon as the purpose of its processing no longer applies. In this regard, BigBlueButton represents a GDPR-compliant solution, provided it’s installed on appropriate infrastructure within the framework of an organization that utilizes suitable processes. Legal uncertainties are an issue with commercial solutions such as Microsoft Teams. Such commercial solutions are procured as a service and are used by some schools as a stable alternative that enables them to carry out their educational mandate in the best possible manner. Companies like Microsoft are now addressing these legal uncertainties by implementing additional data protection measures.2 In any case, use of a videoconferencing system requires the express agreement of all participating students or their legal guardians.
Child protection measures also need to be implemented for students. For example, devices that are given to students to use for remote learning must be equipped with suitable protection filters. In cases in which private devices are used, parents need to take similar precautions. Computer manufacturers, device manufacturers, and independent suppliers offer child protection features for devices and for browsers and other software. Such features, which are usually provided free of charge, restrict downloading activities and the installation of unsuitable apps or apps that cost money, for example. They can limit the duration of device use, or the times at which a device may be used, and they also come with filters for ads, web access, and web searches, as well as content-based website filters. In situations where students have been permitted to spend a certain amount of time in their school, measures must be taken to ensure that Wi-Fi use is managed on the basis of preconfigured access profiles and child protection filters. The simple denial of access to certain websites (blacklist), or permitting such access (whitelist), can be a good first step, but it is not as reliable as a content filter that allows or denies access to a website based on its content.
Naturally, whether or not IT systems are used in a safe and secure manner also depends in large part on who uses them. Training sessions on remote learning should be conducted for teachers and students in a way that ensures smooth and secure remote learning from an organizational point of view.
A secure password forms the foundation here. Multi-factor authentication (MFA) offers additional security. In a standard setup, users identify themselves on the basis of knowledge they possess – i.e. their secret password. MFA uses other factors, such as ownership of a device (SMS transmission of a token) or biometric attributes (e.g. fingerprints). MFA makes identity theft and unauthorized system use extremely difficult.
- Secure use of software involves more than just compliance with the GDPR. Installable software can and must only be centrally controlled and managed on loaned devices. Strong passwords, multi-factor authentication, and skilled configuration and use of software play a major role here.
- Students and (substitute) teachers should only be granted access to systems and data during the time they attend / are employed by the school. Child protection features for devices and the school network are extremely important.
The analysis of a sample architecture for the smooth and secure operation of videoconferencing software reveals the variety of technical components that need to be taken into account along with various organizational and social aspects.
Even after digitally supported remote learning is no longer a necessity, we will still see an increase in learning and instruction supported by digital media and associated learning software. The procedure used to identify the type of architecture needed for a videoconferencing system can also be employed in a similar manner to define the architectures that will be needed for learning platforms, whose relevance and importance will thus also continue to increase in the wake of remote learning.
Integrating diverse types of software into a standardized integrative education architecture will then become much more important. It will also become much more efficient, as such an integrative architecture will serve as the common foundation for digitally supported learning at a large number of schools. One can not expect schools to be able to define and implement such complex structures on their own. This process can only succeed if a common approach is used in which schools design the content and methodical structure of digital learning, while “digital education architects” assume responsibility for creating the technical framework.