News

3/12/2021

Architecture example: A videoconferencing system for remote learning

This example utilizes the enterprise architecture management method to identify the technical-infrastructural conditions needed for digitally supported remote learning. The basis for the determinations made here are the digital capabilities that have been identified as necessary for the implementation of digital schools, as well as the specific application areas in which these capabilities are to be utilized.

1 | Digital capabilities – the question of “what?”

The example of a videoconferencing system focuses on the core task/capability for all schools in the context of digitalization, namely the digitally supported imparting of knowledge.

2 | Application area and functional scope – the question of “why?”

Schools need digital capabilities for imparting knowledge in several different application scenarios, the most important of which involve digital communication and the digital exchange of information, which in turn form the foundation for remote learning. Digitally supported learning and the monitoring and evaluation of progress made are also application areas that relate to imparting knowledge in a digital manner, which is why learning platforms are analyzed in a separate architecture example. Both of these application areas will increase in importance in the in-person learning environment as well in the future.

3 | Technical-infrastructural area – the question of “with what?”

Regardless of the type of school one is dealing with in a given situation, a communication platform needs to be created in order to enable the exchange of information between teachers and students. This technical platform forms the foundation for digitally supported remote learning.

The didactic and methodological concepts that underly in-person learning need to be transferred to the remote learning environment in an appropriate manner. This represents a challenge because up until now, education instruction materials and interaction and communication approaches have been designed and structured in line with the in-person classroom learning environment.

Despite the extensive differences that exist here, key aspects of in-person teaching and instruction can in fact be transferred to the digitally supported remote learning environment, as can be seen in Figure 3.

The functions shown in the table can be provided via various types of computer programs (including software, applications, and mobile applications). It’s also clear that many aspects can be managed using a videoconferencing system. In the case of our application scenario for “Remote Learning,” a videoconferencing system provides the first answer to the question of “with what?”

Learning platforms and online learning apps can expand remote learning features while also addressing the application areas of “Learning with digital media” and “Evaluation of learning progress,” whereby these are not part of this example.

The following section describes the technical-infrastructural architecture needed for a specific videoconferencing system.

Example: BigBlueButton videoconferencing software, supporting software, and devices

BigBlueButton software is a videoconferencing platform that offers users videoconferencing features and other digital options, such as whiteboards, virtual rooms, and messaging. In order to use BigBlueButton, teachers and students need to be provided with various software, network, and hardware components, and they also need to be able to run specific processes for installing, securely operating, and maintaining these components. An architecture design diagram provides a structured overview of the required components (see Figure 5). The procurement of tablets for students is only one of many aspects in this context.

BigBlueButton is a web application, which means it has to be run via a browser. Firefox and Google Chrome are the recommended browsers here. Browsers are also software components that are installed on a device. The various operating systems used for (mobile) devices (e.g. Microsoft Windows, Mac OS, Linux, iOS, Android) come with different preinstalled browsers. Common devices are PCs, notebooks, tablets, and smartphones. It is recommended that at least a notebook be used for remote learning, as anything smaller will present issues in terms of the size of the display and ease of use. For example, the lack of a physical keyboard (e.g. in the case of a tablet) will eventually lead to problems in terms of a student’s ability to carry out all required tasks. If a tablet is nevertheless used, a special stylus will at least make it easier to write on the device. A webcam and a headset will also be needed if a student’s device does not include these components. A headset is better than integrated device microphones and speakers, as these can cause unpleasant echoes, which will always occur if at least one device produces audio feedback.

• Finally, numerous software, hardware, and security components need to be aligned with one another when a videoconferencing system is used for remote learning.
• Many components of the sample architecture are not required exclusively for remote learning applications but can instead also be used in other application areas that relate to the capabilities needed in digital schools (see Figure 2).

Network and server infrastructure

A sufficiently fast and stable Internet connection is needed for remote learning via videoconferencing software like BigBlueButton. That means teachers and students need to have fast Internet connections and routers in their homes. The router is what allows the device to connect to the Internet either via wires (LAN) or wirelessly (Wi-Fi). Cell phone networks can also be used to connect to the Internet, but devices that connect this way need to have a SIM card slot, and the plan associated with the SIM card needs to include sufficient data volume.

• The bandwidth needed for stable video conferences depends mainly on the type of software used, as well as the number of participants and the content shared – e.g. webcam images, screen sharing, etc.

Different videoconferencing systems also process video and sound signals from conference participants in different ways. For example, while other software systems combine, compress, and scale down the two signals, thus conserving bandwidth and computing power, BigBlueButton only does this with the audio signal. As a result, bandwidth and computing power requirements for all participating devices increase in line with the number of people who participate in a BigBlueButton video conference with audio and video feeds. More specifically, this means that as participant numbers increase, each device needs to transmit a greater amount of data per second with a higher rate of CPU usage in order to ensure sufficient conference quality at all times (see Figure 6). This in turn means that the number of participants in each video conference generally needs to be limited to less than 20.

In terms of the users of a videoconferencing system, the number of conference participants with active microphones and cameras, and the amount of screen sharing, have the biggest influence on the amount of data that needs to be transferred at any given time. BigBlueButton recommends that participants have a minimum bandwidth of 0.5 Mbits/sec for upload and 1.0 Mbits/sec for download. The servers on which BigBlueButton is installed for teachers and students need to have much higher bandwidths. Network switches are used to send the data to these servers.

The following overview of various operating models for videoconferencing platforms presents answers to the questions of “who can provide the infrastructure?” and “how does infrastructure need to be designed in order to ensure smooth and secure operation?”:

In order to maintain the focus on the educational mandate of schools, it makes sense to incorporate IT experts into the processes for creating and operating the required infrastructure. It’s also much more efficient to develop and implement a standardized overarching approach for these processes. In addition, the procurement of software or infrastructure services makes it possible to switch providers at any time. The use of an internal data center or a school’s own hardware, on the other hand, makes it more difficult to make adjustments in line with the services made available to the schools.

If a school does decide to operate its own infrastructure, numerous architecture-related aspects need to be considered. For example, just like the users’ physical devices (notebooks, tablets, etc.), the school’s servers also need to be equipped with the right operating systems. The BigBlueButton server requires the use of the Linux operating system Ubuntu. BigBlueButton also describes the minimum hardware requirements for maintaining the stability of its videoconferencing platform. This also includes information about the central processing unit (CPU) computing power needed for each server. When audio data is processed, for example, a server needs to use its computing power to mix all conference participants’ audio channels and then send this mixed signal to every participant.

Extensive technical and organizational measures also need to be implemented in order to manage access to the servers and prevent unauthorized access. Security architectures describe numerous components with features that go far beyond those of normal firewalls, and which need to be implemented on both the software level and the network/hardware level. Security systems also need to be installed for the data center and the server access systems.

• Various models can be used for IT infrastructure operation – the way people choose to eat pizza offers a good analogy here:
  • On-premises: We do everything ourselves. The dough and the toppings are prepared and baked in our own oven, and we eat at our own table
  • Infrastructure as a service: We eat a frozen pizza, which means all we have to do is unpack it and put it in the oven – then we can eat it.
  • Platform as a service: The pizza is delivered hot and ready. All we have to do is eat it at our own table.
  • Software as a service: We order the pizza in a restaurant and don’t have to do anything except eat it. Even the table is set for us.

Device management and access protection and authorization

Many teachers and students still use their own private devices, which makes it difficult to assist them if they encounter technical problems. The digital strategies employed in many states in Germany call for teachers, and in some cases students as well, to be equipped with the same type of devices.

The use of a centralized device management system with structured processes is in fact a must because old or outdated devices need to be turned in and replaced with new ones. Other devices need to be temporarily handed out and then returned – for example devices used by substitute teachers.

Software distribution systems ensure that only approved software is installed and used. In addition, such systems allow (security-)relevant updates and new standardized software to be installed on devices without teachers or students needing to obtain assistance for this.

Identity and access management systems (IAM) manage user accounts, verify identities, and authorize teachers and students and their accounts to use devices and software.

A single sign-on service (SSO) makes it easier for users to work with the remote learning system. An SSO makes it possible for teachers and students to use the same account to authenticate themselves on different devices and in different software systems. Entering a password also automatically logs the user into all linked programs – i.e. the password doesn’t have to be reentered each time.

By their very nature, schools display a much higher rate of student turnover than is the case with employees at a typical company. The use of an IAM system in conjunction with a well organized approach increases information security at schools and also standardizes user lifecycle management operations. Figure 7 shows how the accounts of students and substitute teachers are given an expiration date as soon as they are created in order to prevent unauthorized access to systems and data.

Data protection and child protection

In terms of security, schools also need to take data protection and child protection for minor students in particular into account when they select the software to be used for remote learning.

The focus here should be on the processing of personal data (i.e. all information which according to the General Data Protection Regulation (GDPR) is “related to an identified or identifiable natural person”). With regard to remote learning, schools thus need to choose software that only processes the personal data that is absolutely necessary for the remote learning system. It must also be ensured that the selected software doesn’t disclose this data to third parties and also deletes it as soon as the purpose of its processing no longer applies. In this regard, BigBlueButton represents a GDPR-compliant solution, provided it’s installed on appropriate infrastructure within the framework of an organization that utilizes suitable processes. Legal uncertainties are an issue with commercial solutions such as Microsoft Teams. Such commercial solutions are procured as a service and are used by some schools as a stable alternative that enables them to carry out their educational mandate in the best possible manner. Companies like Microsoft are now addressing these legal uncertainties by implementing additional data protection measures.² In any case, use of a videoconferencing system requires the express agreement of all participating students or their legal guardians.

Child protection measures also need to be implemented for students. For example, devices that are given to students to use for remote learning must be equipped with suitable protection filters. In cases in which private devices are used, parents need to take similar precautions. Computer manufacturers, device manufacturers, and independent suppliers offer child protection features for devices and for browsers and other software. Such features, which are usually provided free of charge, restrict downloading activities and the installation of unsuitable apps or apps that cost money, for example. They can limit the duration of device use, or the times at which a device may be used, and they also come with filters for ads, web access, and web searches, as well as content-based website filters. In situations where students have been permitted to spend a certain amount of time in their school, measures must be taken to ensure that Wi-Fi use is managed on the basis of preconfigured access profiles and child protection filters. The simple denial of access to certain websites (blacklist), or permitting such access (whitelist), can be a good first step, but it is not as reliable as a content filter that allows or denies access to a website based on its content.

Naturally, whether or not IT systems are used in a safe and secure manner also depends in large part on who uses them. Training sessions on remote learning should be conducted for teachers and students in a way that ensures smooth and secure remote learning from an organizational point of view.

A secure password forms the foundation here. Multi-factor authentication (MFA) offers additional security. In a standard setup, users identify themselves on the basis of knowledge they possess – i.e. their secret password. MFA uses other factors, such as ownership of a device (SMS transmission of a token) or biometric attributes (e.g. fingerprints). MFA makes identity theft and unauthorized system use extremely difficult.

• Secure use of software involves more than just compliance with the GDPR. Installable software can and must only be centrally controlled and managed on loaned devices. Strong passwords, multi-factor authentication, and skilled configuration and use of software play a major role here.
• Students and (substitute) teachers should only be granted access to systems and data during the time they attend / are employed by the school. Child protection features for devices and the school network are extremely important.

The analysis of a sample architecture for the smooth and secure operation of videoconferencing software reveals the variety of technical components that need to be taken into account along with various organizational and social aspects.

Even after digitally supported remote learning is no longer a necessity, we will still see an increase in learning and instruction supported by digital media and associated learning software. The procedure used to identify the type of architecture needed for a videoconferencing system can also be employed in a similar manner to define the architectures that will be needed for learning platforms, whose relevance and importance will thus also continue to increase in the wake of remote learning.

Integrating diverse types of software into a standardized integrative education architecture will then become much more important. It will also become much more efficient, as such an integrative architecture will serve as the common foundation for digitally supported learning at a large number of schools. One can not expect schools to be able to define and implement such complex structures on their own. This process can only succeed if a common approach is used in which schools design the content and methodical structure of digital learning, while “digital education architects” assume responsibility for creating the technical framework.

Further information on this topic can also be found in the article “A forward-looking digital architecture as a key component of a successful foundation for digital schools”

1 – BigBlueButton Inc., viewed in February 2021, https://docs.bigbluebutton.org/support/faq.html#bandwidth-requirements

2 – Julie Brill, Microsoft, viewed in February 2021, https://news.microsoft.com/de-de/neue-massnahmen-zum-schutz-von-daten/