-
Sunshine Connections
General Architecture Overview
© 2008 Microsoft Corporation. All rights reserved.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of
publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS
DOCUMENT.
Microsoft and Visual Basic are either registered trademarks or trademarks of Microsoft in the United States and/or other countries.
-
01/22/2008 1
Table of Contents
Sunshine Connections.................................................................................................... 0 Table of Contents....................................................................................................... 1
Introduction.................................................................................................................... 2 Conceptual View............................................................................................................ 2 Logical View.................................................................................................................. 3 Physical View ................................................................................................................ 4
Client Computer..................................................................................................... 4 Server Computer .................................................................................................... 4
User Services (UI – User Interface)............................................................................... 5 User Interface Layer .............................................................................................. 5
Web Services Layer ....................................................................................................... 7 Data Storage Layer ........................................................................................................ 8 Security and Identity Management .............................................................................. 10 Development Approach ............................................................................................... 11 Implementation View .................................................................................................. 12 Deployment View........................................................................................................ 12 Execution and Operations Architecture....................................................................... 12
Sunshine Connections Servers............................................................................. 12 Summary...................................................................................................................... 13
Figure 1 – Conceptual View .......................................................................................... 2 Figure 2 - The Logical View.......................................................................................... 4 Figure 3 – High level Physical View............................................................................. 5 Figure 4 – User Interface Layer..................................................................................... 7 Figure 5 – Web Servcies Layer...................................................................................... 8 Figure 6 – Data Access Layer........................................................................................ 9 Figure 7 – Physical Architecture ................................................................................. 11 Figure 8 – Deployment View....................................................................................... 12
-
01/22/2008 2
Introduction
The Sunshine Connections implementation for the Florida Department of Education combines
several Microsoft technologies to provide a single portal with essential tools for teachers to
improve the quality and efficiency related activities and processes. This implementation is
built on a combination of Microsoft products that includes Microsoft Office SharePoint Server
(MOSS) 2007 and Microsoft SQL Server™ 2005.
MOSS 2007 provides enterprise portal functions and facilitates collaboration within Sunshine
Connections teams. MOSS 2007 makes it easier to aggregate and organize information, and
search capabilities for knowledge and relevant information across business processes in the
Sunshine Connections organization. SQL Server 2005 is the primary data repository for all
information related to cases and notes.
This chapter explains the conceptual, physical, logical architecture and the process flow
between the components for this implementation.
Conceptual View
The participants of the DOE and the pilot district users and administrators were instrumental
in outlining the business requirements of Sunshine Connections. A series of application
system requirements were developed with the use of use case analysis, process design and
joint application development (JAD).
The following diagram depicts the Sunshine Connections environment at the conceptual level.
Figure 1 – Conceptual View
-
01/22/2008 3
Logical View
This implementation consists of four logical layers: the user interface layer, the Web services
layer, the data storage layer, and the security and identity management layer.
• User interface layer. Components are delivered via Microsoft Office SharePoint Server
technologies. SharePoint web parts provide application functionality, information views, and
collaboration tools for end users. Web parts for Sunshine Connections are developed using
Microsoft Visual Studio 2005, or may be provided by vendors, participating school districts
and institutions, or from published web part libraries.
• Web services layer. XML web services provide a programmatic interface for local
information systems to incorporate Sunshine Connections data or functionality, and to
exchange data between local and state information systems. The web services layer also
provides data to Sunshine Connections user interface components to abstract them from
underlying data sources. Sunshine Connections web services are developed using the
Microsoft .Net 2.0 Framework based on current World Wide Web Consortium (W3C)
standards to ensure compatibility with web services developed on other platforms.
• Data storage layer. The data environment for Sunshine Connections supports data reporting
and analysis of state-level data, and will support data integration processes and store data for
state wide systems such as the on-line individual education plan (IEP) system. The data
environment uses Microsoft SQL Server 2005 technologies for relational and dimensional
databases, reporting, and data movement processes.
• Security and Identity Management Controlled access to student information is managed in
a Microsoft Windows 2003 Server Active Directory that will contain accounts that have been
synchronized with local directory services via XML web services or bulk data transfer, or
will “trust” local Microsoft Active Directory services via Microsoft Active Directory
Federation Services. Education professionals are matched to only the students they are
involved with from data provided from local student information systems.
https://restricted.sunshineconnections.org/sites/admin/documentation/sc/Architecture.htm#User_Interface_Layer_#User_Interface_Layer_https://restricted.sunshineconnections.org/sites/admin/documentation/sc/Architecture.htm#Web_Services_Layer#Web_Services_Layerhttps://restricted.sunshineconnections.org/sites/admin/documentation/sc/Architecture.htm#Data_Storage_Layer_#Data_Storage_Layer_https://restricted.sunshineconnections.org/sites/admin/documentation/sc/Architecture.htm#Security_and_Identity_Management_#Security_and_Identity_Management_
-
01/22/2008 4
Figure 2.1 represents a high-level view of the logical architecture for this implementation. It
depicts the three layers of functionality and their software components.
Active DirectoryAdmin Tool
FlexibleAuthorization
System
SharePointCollaboration
FCATData View
Web Services Layer
User Interface Layer
Microsoft SQL Server 2005 Enterprise
Data Storage Layer
Microsoft OperationsSharePoint Server (MOSS) 2007
XML Web Services
EDU Database Cluster MOSS 2007 Database Cluster
Figure 2 - The Logical View The following sections detail the components in each layer of the logical architecture.
Physical View
Client Computer
To access the Sunshine Connections Portal site, you can use any computer that runs a browser
compatible with Microsoft Windows XP or later or Windows 2000 SP3 or later.
Server Computer
To demonstrate the functionality that responds to the care manager's actions on the SharePoint
Portal Server portal site, you must include a server in the physical architecture. This server
must be running Microsoft Windows Server 2003 and have the hardware capacity to run all of
the following applications:
• Microsoft Office SharePoint Server 2007
-
01/22/2008 5
• Microsoft SQL Server 2005 SP2
When deploying your solution, you can use any physical deployment architecture supported
by Microsoft Office SharePoint Server 2007 and Microsoft SQL Server 2005 running either
on the same server or on physically separate servers.
• For more information about Microsoft Office SharePoint Servicer 2007, please
see the following resources http://msdn2.microsoft.com/en-us/library/ms550086.aspx
• For more information about SQL Server 2005, see the SQL Server home page on the
Microsoft Windows Server Web site at:
http://www.microsoft.com/sql/default.mspx
Figure 1.6 shows a high-level representation of the physical architecture for this
implementation.
Figure 3 – High level Physical View
User Services (UI – User Interface)
User Interface Layer
The user interface layer exposes information through the Microsoft Reporting Services Web
Part. Additional interfaces are accessible through the use of ASP pages.
The following components are part of the user interface layer:
http://msdn2.microsoft.com/en-us/library/ms550086.aspxhttp://www.microsoft.com/sql/default.mspx
-
01/22/2008 6
• FCAT Data View. A Microsoft Reporting Services Web Part that displays student FCAT
scores to users.
• FAS Interface. An ASP page provides the interface in which student mappings to IEP are
extended beyond the primary teacher.
• ADAT Interface. An ASP page provides the interface in which users reset their passwords.
• SharePoint Services Collaboration. Microsoft Office SharePoint Servicer interface to web
part, list, libraries, etc.
The user interface (UI) of Sunshine Connections is implemented using Windows Office
SharePoint Server. Information from DOE information systems will be rendered in the
SharePoint environment via reports and other views contained in web parts. Application
functionality may be contained in web parts, or in Active Server Pages (ASP) .Net application
components. In either case, most UI components of Sunshine Connections will access web
services rather than source data systems to provide a layer of abstraction from underlying data
systems to avoid having changes in those data systems force changes in application logic and
UI components, and to keep data sources isolated from external internet access.
Additionally, the SharePoint UI provides collaboration functionality such as document
management and sharing, shared workspaces, threaded discussions, alerts, surveys, and
calendars.
Districts and vendors may develop their own UI components, or add to existing application
UIs depending on local requirements and local technology platforms by consuming the same
web services that the web parts in Sunshine Connections use. Districts and vendors may also
create their own web parts if they are using SharePoint locally or Java applets if they are using
J2EE. The possibility exists to share web parts among districts where SharePoint is being
used and the DOE, or applets among districts using J2EE. The following diagram depicts the
SharePoint UI implemented with web parts that can be accessed directly by district users, it
also shows how local portal UI components could access DOE web services.
Sunshine Connections UI components that are deployed in the restricted area will use Active
Directory authentication for user access.
-
01/22/2008 7
Figure 4 – User Interface Layer
The Web services layer uses the information from the user interface layer to perform business
logic as part of the translation between these two layers.
Web Services Layer
The Web services layer of Sunshine Connections translates the information from the data
storage layer to the format required by the user interface layer. This layer includes components
that perform the business logic and allow access to the data stored in the databases. The web
services layer of Sunshine Connections is designed for the following:
• Contain application logic including access controls
• Allow loose coupling between UI components and data sources
• Allow integration between systems at the DOE and Districts
The Web services layer includes the following components:
• Web service. Communicates data between the user interface layer and data storage layer. The
Web Service includes a method called GetFCATXml. This method is used to access student
FCAT scores. The user interface calls the Web service to retrieve student data.
• Microsoft Office SharePoint Portal Server 2007. Provides the portal site functionality and
serves as the access point for student FCAT scores.
The data received and processed by the Web services layer is stored in the data storage layer.
-
01/22/2008 8
Figure 5 – Web Servcies Layer
The abstraction of source data using web services as an intermediary additionally aids in
controlling access to source data making it more difficult to hack the data directly.
Districts and vendors may consume web services provided by the DOE to embed state level
information or application functionality directly into their applications. Districts and Vendors
may also implement their own web services to create integration points between their local
systems and external systems at the DOE, other districts, and other local government agencies.
The Schools Interoperability Framework (SIF) specification will be used where applicable to
implement DOE web services and districts and vendors are encouraged to consider using SIF
in their integration solutions.
Top of page
Data Storage Layer
The data storage layer is the storage repository for all the components in the logical
architecture including the implementation and required software. This implementation
includes several custom databases. The Web services layer utilizes SQL stored procedures to
store and retrieve data in SQL Server tables.
This implementation stores data in the following databases:
• EDU_Production Stores all final information such as Student demographics and FCAT
https://restricted.sunshineconnections.org/sites/admin/documentation/sc/Architecture.htmhttps://restricted.sunshineconnections.org/sites/admin/documentation/sc/Architecture.htm#top#top
-
01/22/2008 9
scores.
Figure 6 – Data Access Layer
In addition to the custom database, the data storage layer consists of other SQL-based
databases. These additional databases store data related to SharePoint Services. However, this
implementation does not directly access the SharePoint Services databases.
The data environment for Sunshine Connections uses Microsoft SQL Server 2005 for
relational databases, dimensional databases, and extraction, transformation and loading (ETL)
processes. Data stored in this environment is loaded from other DOE data sources with the
DOE education data warehouse (EDW) being the primary source, and from district data files
that provide data to map teachers to their students.
This additional data environment exists to support reports and views of information, and web
services that provide information so that the data is structured according to user requirements
and DOE data sources don’t have to be queried directly.
The basic recommendation for solutions that are intended to work with Sunshine Connections
is that they either leverage existing data environments. If additional components are added,
-
01/22/2008 10
those components should be compliant with industry database access standards such as OLE
DB and ODBC.
Top of page
Security and Identity Management
Because of the sensitivity of the personally identifiable student information, the security layer
is the foundation to all Sunshine Connections services. This implementation uses Microsoft
Active Directory services for user authentication and access control.
Users will have either an account within the Sunshine Connections Active Directory
environment or they will be authenticated by the Active Directory through Active Directory
Federation Services (ADFS). Authentication is successful through a trust relationship between
Sunshine Connections and local district Active Directory environments.
An alternative solution is available for districts who are not running Microsoft Active
Directory. A web-based interface, accessible through SharePoint Services, uses XML web
services allowing district system administrators the ability to maintain account access to
Sunshine Connections.
The following XML web services are used for the account maintenance tool:
• AccountMaintenance Tool XML.
https://restricted.sunshineconnections.org/sites/admin/documentation/sc/Architecture.htmhttps://restricted.sunshineconnections.org/sites/admin/documentation/sc/Architecture.htm#top#top
-
01/22/2008 11
Figure 7 – Physical Architecture
Additionally, ADAT, a password management system has been developed for Sunshine
Connections to enable users to change and recover passwords.
It is strongly recommended that applications created for or by the DOE take advantage of the
Sunshine Connections Active Directory environment as it will ultimately have accounts for all
education professionals (teachers, counselors, principals, administrators, etc.) in the state.
Creation of individual application security schemes for the same set of users will result in
multiple security accounts per user, which can significantly increase the complexity of identity
management and become a security risk.
It is also strongly recommended that applications created for school districts use the local
district’s directory services environment for user authentication and access control, again to
minimize the complexity of user identity management.
District or vendor applications that consume Sunshine Connections web services that provide
protected information will require authentication as well. Sunshine Connections will use Web
Services Enhancements (WSE) for .Net for programmatic access of web services.
Development Approach
The Sunshine Connections team used an agile, milestone-driven approach to the construction of Sunshine Connections, initially focusing their attention on the most significant architectural elements.
Tools used during the construction of Sunshine Connections include:
• Microsoft Office SharePoint Server 2007
• Microsoft SQL Server 2005
• Microsoft Visual Studio.NET 2005: SSIS & Reporting Services
• Microsoft Internet Explorer 6.0
• Microsoft Visio Professional
• Microsoft Word 2003: Used to record requirements
Additional facts regarding the Sunshine Connections development approach:
• Source Control: The team maintains 1 Team Foundation Server source project
• Managing Builds:
-
01/22/2008 12
• Managing Deployments:
• Defect and Requirements Tracking:
Implementation View
The implementation view describes how the classes and interfaces are organized into
directories, projects, and assemblies in the file system and in the Microsoft Visual Studio
Team Foundation Server
Deployment View
For the system architecture, this view documents the likely physical topology. It includes
each computer in the implementation and describes how they are interconnected. The
configuration for each noted is also specified – operating system, database, and applications
Figure 8 – Deployment View
Execution and Operations Architecture
All the servers that run Sunshine Connections are managed by a team of experts at the DOE in Tallahassee. The DOE location provides network redundancy and failover capabilities. Additionally, all network load and traffic is monitored to ensure optimal performance. The Sunshine Connections systems run almost exclusively on Dell Servers with the following configurations: Sunshine Connections Servers
• Internal Web Servers CPU: 4 Itanium, XmHz RAM: 4 GB OS: Windows 2003 Server R2 Standard
• Public Web Server
CPU: 4 Itanium, XmHz RAM: 4 GB
-
01/22/2008 13
OS: Windows 2003 Server R2 Standard
• Database Cluster Servers CPU: 4 Itanium, XmHz RAM: 4 GB OS: Windows 2003 Server R2 Standard
• SharePoint Servcies
CPU: 4 Itanium, XmHz RAM: 4 GB OS: Windows 2003 Server R2 Standard
• Domain Controller
CPU: 2 32bit XmHz RAM: 4 GB OS: Windows 2003 Server R2 Standard
• FTP Server
CPU: 4 Itanium, XmHz RAM: 4 GB OS: Windows 2003 Server R2 Standard
Summary
In order to realize the maximum value of the information framework of Sunshine
Connections, DOE, district and vendor initiatives should develop solutions following the
architectural pattern described above. Minimizing the number of directories for identity
management, separating user interface, middle tier application logic and web services, and
data components are just a few of the recommended standards. Additionally use of standards
such as XML and SIF will facilitate interoperability among the variety of information systems
in use by education entities.
Sunshine Connections receives data from district student information systems and the DOE
education data warehouse into a Microsoft SQL Server database environment in the database
server tier to match students to FCAT results and students to their teachers.
The data is formatted for viewing using Microsoft SQL Server Reporting Services in the
application server tier, which houses the XML web services components of Reporting
Services.
-
01/22/2008 14
The Reporting Services reports are rendered in the SharePoint portal in the SharePoint server
tier, which serves as the UI for Sunshine Connections.
Users are challenged for login credentials by the reverse proxy server (a Microsoft ISA
Server), which authenticates the credentials against the Microsoft Active Directory domain
controller. Once authenticated, user credentials are used to access UI components in the
SharePoint portal, and also to control access to reports in the application server tier and
underlying data in the database server tier.
.
Sunshine ConnectionsGeneral Architecture OverviewTable of Contents
IntroductionConceptual ViewLogical ViewPhysical ViewClient ComputerServer Computer
User Services (UI – User Interface)User Interface Layer
Web Services LayerData Storage Layer Security and Identity ManagementDevelopment ApproachImplementation ViewDeployment ViewExecution and Operations ArchitectureSunshine Connections Servers
Summary
/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False
/Description > /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ > /FormElements false /GenerateStructure true /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles true /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /NA /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ]>> setdistillerparams> setpagedevice