Bijur Vallarkodath

The force is strong in this one

Choosing a Learning Management System

| Comments

The Education strategy of a school would involve various products, solutions that are to be pieced together in harmony to provide a seamless education experience for students and professors. The complete solution and design would depend on the learning strategy and how professors decide that they need to teach.

The first step into designing and implementing a new LMS is what learning strategy we need to follow for our courses within a school.

Selecting a LMS should be done only after answering these three questions.

  1. Why is a new LMS being considered(i.e., new to eLearning, outgrown the current system, outdated or lack of functionality, too expensive, dissatisfied with vendor)?
  2. What are the key issues, problems and/or challenges your institution hopes to address with a new LMS?
  3. Have the staff and budget associated with the task of selecting, implementing, supporting and maintaining a new LMS been identified and earmarked.

Learning Strategy 1. How we plan to deliver programs 2. New learning processes? 3. Success and ROI of LMS 4. Pedagogical approaches and models of the institution

Why is a new LMS being considered?

We must address the following with this new LMS

  1. Course management for Faculty & Students.
  2. As a means to deliver content digitally to students
  3. Mobile Learning capabilities
  4. Ability to integrate with our planning systems.
  5. Ability to do distance learning and eLearning effectively.
  6. Simulations and Aids to teaching

Course management for Faculty and students

The current solution of Global campus using sharepoint leaves much to be desired. The concerns are

  1. There are over 800 live independant sites on sharepoint for Global campuses with no central control
  2. Usability of content is very low
  3. Cost of redesigning and recreating a new sharepoint site is very high and this cost climbs each year with more custom programs.
  4. Integrations with back end systems like faculty planner is virtually non-existent and any efforts currently is quite expensive.
  5. Faculty (and also students) have to navigate through a series of links before finally arriving at a relevant course page.

Apart from resolving the issues of the current platform, we need the following features to be more productive and usable.

  1. Accessibilty from multiple devices invluding, iOS, Android, Mac, Windows, Linux etc.
  2. Ability to do distance learning or eLearning effectively Traditionally we have been a program with a heavy focus on in-person training. Case based methodology to a big extent requires this.

We have distance learning modules focused on conducting a case based discussion using newsgroups. The newsgroups had several significant considerations:

  1. Replicate classroom discussions on an online asynchronous platform.
  2. Discussion should persist over a period of time
  3. Having prolonged discussions gives an opportunity for everyone to participate
  4. This helps professors to get to know students and if needed give individual help to them.
  5. Gives an opportunity to understand and thus help students who do not participate much in class.
  6. Ability to share links and contents and other attachments with students
  7. Possibility of different boards for different topics gives the ability to discuss different things in different places making sure that content is well organized.
  8. Every class and every case has its own board
  9. Nested replies and multi-level threads are great. It also allows two people to argue/debate something out, without hindering others (unlike a class discussion)
  10. The newsgroups are significant investment of professor time.

Thus, eLearning platforms, must strive to enable an offline classroom discussions and help aid in the case based methodology that a school is built on.

Distance learning platforms should also be quick courses we could deliver as a course pills. With its own Content and (maybe) and exam to verify appropriateness. These are especially attractive for soft skill course like Company Ethics etc. Quick course in Accounting principles of quantitative methods. These pills could contain multimedia material, video, audio and text along with an interactive element attached to it.

As means to deliver content digitally to students With the flourish of Mobile and table devices with incredible capabilities which are carried around by users (students, staff, faculty) wherever they go, delivering materials digitally is a no-brainer.

An LMS should enable the distribution of content digitally to users in a way such that relevant content is delivered through an open protocol to students. The following contents should be covered:

  1. Cases
  2. Technical Notes
  3. Case supplemental videos
  4. Other reading material.
  5. Annexes of cases
  6. Exercises and assignments.

The LMS should allow the following

  1. a school Back-office staff to upload and organize the content integrated with the current systems that are used to deliver content.
  2. Professors should need to update any content on their sessions at any time to allow flexibility. e.g. new article in today’s newspaper, change in case etc.
  3. Relevant content access. People with the right permissions can update, create content for courses.

Improved usability in our course management systems

Usability should be a key aspect for a Learning management systems.

The LMS should be platform independent for users. Access should be available with more or less same functionality with the following devices

  1. Windows PC
  2. Mac OSX
  3. Linux
  4. Android Phones & Tablet
  5. iOS Phones and Tablets

The LMS should ensure compatibility and elegant delivery on the following browsers

  1. Firefox
  2. Google Chrome
  3. Safari
  4. Internet Explorer 9+

Mobile Learning Capabilities

“Learning that happens across locations, or that takes advantage of learning opportunities offered by portable technologies”

Key capabilities in mobile can involve:

  1. Delivery of learning materials, including transcripts, audio or videos of lectures for review. (Integration of LMS having a mobile ui)
  2. Self-assessment and quiz aids
  3. Access to assignments and syllabi
  4. Creation of user generated content for sharing or later referral
  5. Campus tours or navigation and resources
  6. Access to grades
  7. Registration for classes
  8. In-class audience response and polling
  9. Access to faculty and fellow students
  10. Easy access to coaches, mentors and tutors
  11. Social networking, such as blogs, Facebook or Twitter
  12. Campus information - contacts, emergency exits, security contacts
  13. eBook Reader

Examples of use of social networks like facebook/twitter or socialcast.

  1. A professor in accounting can post an accounting problem and the first to give a solution would get extra points.
  2. Professors and program coordinators can use this for course and class announcements.

Important questions to answer

  1. How could faculty use mobile capabilities to enhance classroom learning?
  2. What capabilities would be of interest to students and prospective students?
  3. How can ubiquitous and asynchronous connectivity better enable faculty and student interaction?
  4. What campus services will help students be more productive or safe?
  5. What materials are already on hand that could be made easier to access via mobile devices? Does content already exist in another form?
  6. What network will be used for distribution? What actions or activities will need to be tracked?
  7. What mobile tools will the student be using upon graduation that they should gain experience with now?
  8. How will mobile learning integrate with other systems on our campus or does it need to?
  9. Who will handle any needed user support?
  10. Are there partners or potential funders for our initiative?
  11. How will this new opportunity be communicated/marketed? Simulations and other aids to teaching Simulations are used to aid teaching in various courses. Examples include the beer game, ipade project etc.

Current Identified needs include the following: 1. Simulation of the Beer Game. 2. In Company Projects, off-campus classes etc.

Key Issues at a school we want to tackle

Issues we need to consider

  1. Security for our content.
  2. Content have to be always:
  3. Password protected
  4. Contain a social watermark (e.g. “This content is delivered to MBA 2010 - Section B”)
  5. Ease of access through multiple platforms, through open protocols
  6. Ability to let consumerism take its way. Let the open market guide users to selecting applications they prefer.


We need to be able to customize php applications and use them integrated with blackboard. Embed php applications.

Third party applications include, webex, apple, etc.

Single Sign on - CAS Implementation Guide

| Comments

The capability of single sign on seems to be a very basic infrastructural requireme for any organisation, yet the number of companies without a functioning sso is amazingly high.

IESE for instance is one of them. So the first thing I did whe I accepted this job is to initiate a single sign on project. Implementing an SSO brings with it some additional challenge.

  • Why Single Sign On
  • Directory services
  • Application Design to use CAS
  • User Management
  • Inventorying the applications that must do SSO.

    Which users within the aplications should use SSO and what mode of authentication is best: Web, Kerberos or Direct authentication.

  • Product selection
  • Preparing infrastructure
  • Building a failsafe system.
  • Design
  • Integrating applications.

I will go through each of these steps that we followed and why?

Why Single Sign On

Before SSO the user experience within your organization looks somewhat like this.

Multiple logins and multiple accounts

After SSO the user experience could possibly be something like this.

Single login and one time entry

Directory Services and Identity management

We use active directory. Our University “Universidad de Navarra” uses OpenLDAP. We had to do single sign on between both our school and the University. CAS has in-built support for both. Specify within the Server xml which beans and the server details like, its port and a non-anonymous service login to bind for the search.

Most of the time, based on your directory service configuration you will be able to specify clusters of users to authenticate with particular branches of your directory server. This is recommended as it speeds up authentication process for CAS. for e.g. If you have all your students with the email :, and have your LDAP with a sub branch called students where all your students exist, then its a good idea to create a separate alumni LDAP server (even if its based on the same LDAP server as staff) just for students. This student’s ldap server item on your xml will instruct CAS to do search on the sub-branch of “DC=students,DC=iese,DC=edu”.

An example of the server configuration file is available here

Application design to use CAS

One thing to understand is that CAS provides authenticaton. You can configure it such that it will return a few LDAP attributes like email id, username etc. CAS also retains the user session so as to provide a single sign on experience. The scope ends there. Application designers have come to me with extremely weird requirements from the SSO because they were able to get all these information and access details directly from the Active Directory. This is not why CAS was made. CAS was made as your first door to the application. The apications that are going to use CAS need to follow this design.

Application design to use CAS

The application if it wants more user information, needs to have a service account in your LDAP with read-rights over the respective user accounts.

Once the user has logged in to the application using CAS now the application can safely connect to the LDAP with the service user account and get more information and decide what to do with the user.

This should cover the basic application design. Now you need to decide how you want to integrate the application with CAS. This fairly depends on the kind of application in itself. We here are integrating only web-based applications only. More or less most of our applications are web-based so it suits us well.

For Web based applications, the options are to use SAML. The application you use must support this structure. CAS (current version 3.3.4) supports SAML 1.1. Google Apps uses SAML to authenticate. SAML requires CAS to return an XML structure with the username back to the application. The application then deciphers this structure and unlocks it using the certificate of the CAS server that is installed in the application to read the username. Some applications can request for extra parameters from SAML. This could be done by adding a SAML bean for the particular application.

The modification for google apps is given here.

Other forms of integrations include client integration using PHP,.NET, Java or Python.

Using PHP

Using PHP, the supported client is PHPCas (current version 1.2.2). The installation is explained there, but you might find the below explaination easier.

Download PHPCas to a directory that can be accessed by the PHP page. Copy the certificate of the server x509.pem and save it to a directory cert_directory within reach. Also create a db schema (if required).

Edit your application php file to include the following.

phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
if (isset($_REQUEST['logout'])) {
if (phpCAS::isAuthenticated()) {
    $name = phpCAS::getUser(); //This is the variable that has the name. 
    // You could use this further in your program.
// And the program can continue for authenticated users with $name.

Use the config.php file that we included (the file can be found within PHPCas directory under examples) and add in the configuration details like host, db etc.

If your CAS url is something like :

$cas_host = ''
$cas_context = '/cas';
$cas_port = 443; // This will be the port of the initial server, not the catalina port.
$cas_server_ca_cert_path = '/path/to/cert_directory/x509.pem';
$db = 'mysql:host=localhost;dbname=<dbname>';
$db_user = 
$db_password = 
$db_table = 

Then go to your application php and it will redirect you to CAS for Authentication.

You could find more examples and other client integrations on the CAS wiki.

To get more information from the LDAP now you can use this $name to query information. An example is given below (Will be updated)

User Management

One of the things to consider while integrating your application with Single Sign On is the which users of the applications need the single sign on. Usually organizations get so lost in the frantic single-sign-on-paranoia that they issue mandates to application teams to integrate all users with SSO in all cases.

The general rule of thumb policy to follow would be to give your customers a single sign on. Administration & staff can use special administrative logins and letting them login multiple times is not an issue. SSO should be for your customers. So when the customer clicks on the login button of your website, take them to the SSO. Have a separate url (like for the admin and staff logins. This also makes it easier for application developers to have a separate area for admin & staff.

iPads & Tablets to Enrich In-class Learning Experience

| Comments

I was in charge of the IESE iPad application that was made to enable distribution of materials, class session slides etc. and enabling them to read and annotate on them. They could potentially share notes and annotations with other classmates. To enable further team work, we decided to use further collaboration tools, that could keep teammates in touch with each other wherever they are.

This was the first application made in this space to be really used in class. The coverage, we got in FT is here

Why am I writing this post?

Being one of the first pilots in this domain of using Tablets in education, there were several difficulties. Hopefully our experience that is documented here would be of help for others who are trying to use these tablets in classes. Feel free to get in touch with me if you need my help or guidance in this aspect.


Selection of Vendors & Lack of experience

Most vendors in this area are small scale. The larger consulting companies have not started making mobile application development a part of their business. Thus typical suppliers of this service are small companies with limited resources, experience and capabilities.

We opted a model of having annotation libraries from iAnnotate and a simple UI integrated with these libraries for the distribution of content.

On hindsight, and with better experience on portals like elance, I would highly recommend building a n application using a vendor on Elance following a scrum methodology.

Back Office

The level of unpreparedness within the organization to distribute content digitally was startingly surprising to us. Our processes were extremely streamlined to print materials, but was hugely inconvenient when it came to using the digital version of the same content.Some of the difficulties were with case formats, copyrights, distribution servers, security etc.

Case formats

We had to debate on the format of the materials. These materials are typically cases and technical notes that forms the core part of our business as a school. Thus we had an infrastructure built around DRM. The digital rights to distribute cases in the electronic format was unavailable and students were allowed to have only paper based cases. We analysed .mobi, .epub and pdf as the possible solutions. Creating annotations over the .mobi and .epub formats were the easiest as they were a lot more interactive, but building new libraries from scratch was a daunting task and our supplier was not capable of this. Thus we decided to use pdf as our delivery method. This also helped us to avoid having to convert the already existing pdfs to other formats.

Copyrights of Materials

The pdfs have to have the following conditions as per current agreements with other publishing vendors:

  • Social watermark on the sides saying these contents are distributed to students for a particular course and program

  • The files should be distributed through an IESE only intranet/medium

  • Limit the number of iPads that can actually install the applications. We did this using the provisioning certificate from the Apple Enterprise account of the school. So unless we enable the particular udid number in our enterprise account, the ipad will not be able to install this application.

As you can imagine some of these restrictions made scalability a very difficult task for us. Since then we have made some improvements in processes and in the way the Application is installed so as to overcome these scalability bottlenecks.

Automatic distribution of content

The content has to be automatically available to students instead of student having to download the materials one by one. This involved a huge effort as this required integrations with the course calendar, a server delivering content with 100% uptime and enough storage on the device to store all content, to be able to work offline. The devices also had to be connected with 3G or mobile data as well.

IT - Project & Support

Dealing with the change management in IT itself is huge step. considering we have an ageing IT with old skillsets training them in new technologies was very important task.

New technology & Project Methodology

For IT this is a disruptive change. The technology is new, the skillset is new. The traditional models of managing information is not enough.

Most new suppliers deal with Agile methodology using SCRUM to manage projects. Traditional waterfall methodology is what IT is used to and new methodology takes getting used to & more importantly to get accepted.

Scrum methodology though unsettling for first time users (our CIO and Project Management Office being two of them) has great advantages to counter and reduce risks. The time to market for a product also reduces greatly. Giving us the opportunity to be out with a product in 3 months and then progressively adding more and more features.

I will elaborate on the scrum methodology we used to get this project done later.

Traditional Support

The traditional support provides support 08:00 to 19:00 from Monday to Friday. Without the paper based cases, students when they study need to be able to use the iPads and the applications. The problem is that students in our executive programs study after they get home from work, which is usually after 20:00. Thus support should be available to them after this time. This was impossible for our support organization.

Collaborative Support through Socialcast

Socialcast is a twitter like microblogging platform where all the employees of a company share debates, work updates and issues.

We used this platform in a way such that whenever a student faced an issue, we encouraged them to post to socialcast which meant that it got not only our responses, but also responses from other student. This transparent form of support ensured that common issues are resolved fairly fast, even sometimes with IT getting involved.

Internet Security - Keeping Your Family Safe on the Internet

| Comments

This is a layman’s gudie, although the average geek could also skim through to directly use the commands given below.

This is Mac/Linux only. If you are using MS windows, you should either switch to one of these, or if you can’t I will specifically mention if the feature is available on windows or not


You do not display your ATM pin to anyone when you type them, nor do you yell out personal things in public. You dont tell your parents, neighbors and cops of every place you have been to, nor do you publicize to your entire friends network all the things you have ever done. Yes in real life, privacy, security and personal space is very important to you. Why ignore it online?

There are plenty of tools currently avaiable now in the market that are now capable of listening to you, understanding which websites or what data you are sending across and store it for later use. The information thus extracted can be used later to search not only for financial information, but also personal information like national ID number, social security number, Name, Age, Date of birth, security information you give on websites, your email, facebook or twitter usernames and passwords etc.

Imagine someone has access to your facebook, email or twitter accounts. With the information thats available on these websites, they can access any of your bank account, user account of any website, even if they do not know your username or password. If they click on “Forgot your password” on most of these websites, they will be able to easily answer all the security questions by simply listening to your internet traffic. This can now be done for any of the services you get online, which nowadays is everything significant in your life, maybe except for your weekly haircut or pedicure!

We are living in an internet age, everyone has access to everything. Your data along with billions of other people’s data is stored on servers millions of kilometers from where you live. These servers are prone to attacks and are succeptible. Recent examples of the Sony Playstation Networks servers getting cracked is just one example. Upto 74 million user profile information, credit card information, security questions and identities fell into the wrong hands.

In this book, we will cover the different aspects of online security that you should follow to stay safe in this new largely misunderstood world.

We will cover the following aspects of security.

  • Understanding security basics

    Computers, Operating systems, Internet, Networking, Identity, Security

  • Encrypting your communication

    Using SSL/TLS to protect yourself

  • Safer Browsing

    Anonymous browsing, DNS, Open DNS, Encrypting DNS and why?

  • Transactions online

    Paypal, Virtual Creditcards, Phishing

  • At home security

    Securing your wifi, using LAN

Understanding Security - basics

“You do not have to be a geek to know that you need a browser to access the internet” - The IT Crowd

When you go to a foreign land, you read up about the place, how to travel, what is safe to eat, where to stay etc. To keep yourself safe and to make sure you have most fun, you need to first know what you are dealing with. When you are talking about how to keep yourself safe in the online world, you have to understand the basics of life on the internet world also. Seldom, people take the time to understand what a browser is, or what is happening when you access an internet website. Computers are so cheap and the content on the internet is so attractive that people just dive right in without understanding what the risks are.


A computer is any device that calculates and can execute your commands. Thus, technically, from a small calculator to the device that controls the temperature automatically in your car are all computers. Here, we will talk about the laptops, desktops and similar computers that we use and refer to as computers in our daily life.

A computer has an output, input and a processing brain. Monitors/screens and printers are the output devices. Keyboard, mouse/trackpad are the input devices. The circuits inside the computer/laptop form the central processing unit which takes in all input and processes them into desired output for you.

Operating Systems

An operating system is the software that runs your computer. This is the software on top of which you install all your other applications like iPhoto, Internet Explorer, Chrome, Safari, iTunes etc. Windows, Linux and Mac OSX are examples of operating systems. When you start a computer, the first thing that starts up is the Operating system.

Each software that you install on your computer thus must run on your operating system. Thus each software needs to be specially made for each different operating system. This is why you cannot install an iPhoto on your Windows computer or install Internet Explorer on your Mac. Providers of applications now try to make a different version of each program available that can be installed on a Mac or a Windows computer. Typically the filename for the software for a Mac would end with .dmg or .pkg while that for Windows would end with .exe or .msi.

.. comments and feedback welcome.