microservices_guide_title - montana.edu€¦ · Web viewThis version of the document replaces all previous versions. The following table describes the most recent changes to this

Microservices in the Brightspace Cloud

ContentsDocument Change History...................................................................................9Microservices in the Brightspace Cloud..........................................................11Microservices and the Brightspace Data Platform...............................................12

Microservices and data........................................................................................13

Microservices and on-premise clients..................................................................13

Microservices architecture....................................................................................14

Overview of released microservices.....................................................................15

Activity Feed Service...........................................................................................24

Description.........................................................................................................24

Location..............................................................................................................24

Dependencies....................................................................................................25

Data Transmitted/Stored....................................................................................25

How the Service Works......................................................................................25

Attributes Service................................................................................................25

Description.........................................................................................................25

Location..............................................................................................................26

Dependencies....................................................................................................26


Attributes Import Service.....................................................................................26

Description.........................................................................................................26

Location..............................................................................................................26

Dependencies....................................................................................................26


Authentication Service.........................................................................................27

Description.........................................................................................................27

Location..............................................................................................................27

Dependencies....................................................................................................27

Data Stored........................................................................................................27

Using a proxy server with the Authentication Service for on-premise clients.....27

2

© 2018 by D2L Corporation. All rights reserved.


Brightspace Assignment Grader Transcoding Service........................................28

Description.........................................................................................................28

Location..............................................................................................................28

Dependencies....................................................................................................28



Brightspace Binder Data Store............................................................................29

Description.........................................................................................................29

Location..............................................................................................................29

Dependencies....................................................................................................29



Brightspace Event Flow Service..........................................................................29

Description.........................................................................................................29

Location..............................................................................................................30

Dependencies....................................................................................................30

Data Stored........................................................................................................30


Brightspace Polling Service.................................................................................31

Description.........................................................................................................31

Location..............................................................................................................31

Dependencies....................................................................................................31



Completions Service...........................................................................................32

Description.........................................................................................................32

Location..............................................................................................................32

Dependencies....................................................................................................32


Content Service...................................................................................................32

Description.........................................................................................................32

3


Location..............................................................................................................33

Dependencies....................................................................................................33



Course Image Catalog Service...........................................................................35

Description.........................................................................................................35

Location..............................................................................................................35

Dependencies....................................................................................................35



Dates Service......................................................................................................36

Description.........................................................................................................36

Location..............................................................................................................36

Dependencies....................................................................................................36



Document Conversion Service............................................................................37

Description.........................................................................................................37

Location..............................................................................................................38

Dependencies....................................................................................................38



EduDentity Authentication Service......................................................................39

Description.........................................................................................................39

Location..............................................................................................................39

Dependencies....................................................................................................39



Enrollment Service..............................................................................................40

Description.........................................................................................................40

Location..............................................................................................................40

Dependencies....................................................................................................40

4



Feed Service.......................................................................................................40

Description.........................................................................................................40

Location..............................................................................................................41

Dependencies....................................................................................................41



Gator Service......................................................................................................43

Description.........................................................................................................43

Location..............................................................................................................43

Dependencies....................................................................................................44


Groups Service....................................................................................................44

Description.........................................................................................................44

Location..............................................................................................................44

Dependencies....................................................................................................44


Hypermedia Proxy Service..................................................................................44

Description.........................................................................................................44

Location..............................................................................................................45

Dependencies....................................................................................................45


IPSIS Service......................................................................................................45

Description.........................................................................................................45

Location..............................................................................................................45

Dependencies....................................................................................................46



Landlord Service.................................................................................................46

Description.........................................................................................................46

Location..............................................................................................................46

Dependencies....................................................................................................46

5


Data Stored........................................................................................................47

API Calls.............................................................................................................47

Provisioning a TenantId (on-premise clients only).............................................47

Confirming that a TenantId has been provided (on-premise clients only)..........47

Configuring Brightspace for the Landlord Service (on-premise clients only).....48

Changes to TenantID values (on-premise clients only)......................................48

Learning Outcomes Registry Service (LOReS)...................................................48

Description.........................................................................................................48

Location..............................................................................................................48

Dependencies....................................................................................................49



LMS Discovery Service.......................................................................................49

Description.........................................................................................................49

Location..............................................................................................................49

Dependencies....................................................................................................49

Data Stored........................................................................................................50


Muskrat Service...................................................................................................50

Description.........................................................................................................50

Location..............................................................................................................50

Dependencies....................................................................................................50


Notification Scheduler Service............................................................................51

Description.........................................................................................................51

Location..............................................................................................................51

Dependencies....................................................................................................51



Parents Service...................................................................................................52

Description.........................................................................................................52

Location..............................................................................................................52

6


Dependencies....................................................................................................52



Reflex Service.....................................................................................................53

Description.........................................................................................................53

Location..............................................................................................................53

Dependencies....................................................................................................53



User Info Service.................................................................................................54

Description.........................................................................................................54

Location..............................................................................................................54

Dependencies....................................................................................................54


Video Analysis Service........................................................................................55

Description.........................................................................................................55

Location..............................................................................................................56

Dependencies....................................................................................................56



Video Note Service..............................................................................................56

Description.........................................................................................................56

Dependencies....................................................................................................57

Location..............................................................................................................57


Virtual Classroom and Video Assignments service.............................................57

Description.........................................................................................................57

Location..............................................................................................................58

Dependencies....................................................................................................58


Data Transcoding (Canada, South America).....................................................59

Support and Management..................................................................................59

7


Wiggio Service....................................................................................................59

Description.........................................................................................................59

Dependencies....................................................................................................59

Location..............................................................................................................59


About D2L............................................................................................................61

8


Document Change HistoryThis version of the document replaces all previous versions. The following table describes the most recent changes to this document.

Revision Date Summary of ChangesApril 5, 2018 Updated the Overview of released microservices and

User Info Service topics to reflect Canada Central (Montreal) and Asia Pacific (Sydney, Singapore) region support.

March 1, 2018 Updated the Overview of released microservices and

IPSIS Service topics to mention that the IPSIS Service for OneRoster is now available in Canada.

Added the Parents Service topic and updated the Overview of released microservices topic to describe the Parents Service used by Brightspace for Parents.

Added the following microservices topics to the Overview of released microservices topic: Attributes Service, Attributes Import Service, Completions Service, Enrollment Service, Gator Service, Groups Service, and Muskrat Service.

Updated the Overview of released microservices, Feed Service, and Dates Service topics with new location information.

February 1, 2018 Updated the Document Conversion Service topic to indicate the microservice is turned on by default and impacts the Lessons tool.

January 4, 2017 Updated the Overview of released microservices topic to add the new Notification Scheduler Service.

Added the Notification Scheduler Service topic used by Brightspace for Parents.

December 7, 2017 Updated the Overview of released microservices and Brightspace Polling Service topics to include South America (São Paulo) and Europe (Ireland) support.

Updated the Overview of released microservices and Video Note topics to include Canada Central (Montreal) support.

November 2, 2017 Updated the Reflex Service and Overview of released

9


microservices topics with new AWS locations.

October 5, 2017 Updated the Landlord Service, Microservices and the Brightspace Data Platform, Content Service, and Overview of released microservices topics to replace the Distributed Event Framework Service with the new Brightspace Event Flow Service.

Renamed the Distributed Event Framework Service topic to Brightspace Event Flow Service.

Updated the Overview of released microservices topic to include Brightspace Portfolio in the list of tools that use specific microservices.

Updated the Overview of released microservices topic to include information on the Reflex Service.

Added a Reflex Service topic.

September 7, 2017 Update the Dates Service, Feed Service, and User Info Service topics to update the underlying database to AWS DynamoDB.

August 3, 2017 Updated the Overview of released microservices, Learning Outcomes Registry Service (LOReS), Content Service, and Microservices and the Brightspace Data Platform topics to add AWS Canada Central support.

Added Virtual Classroom and Video Assignments service topic and updated the Overview of released microservices to include information on the Virtual Classroom and Video Assignments service.

10


Microservices in the Brightspace CloudAs the Brightspace platform continues to improve and evolve, some of its functionality is now delivered using a pattern known as Microservice Architecture. This architecture involves separating software otherwise bundled together into independent and lightweight components (microservices or simply known as services) that communicate across a network (typically, via https) rather than being bundled directly together. The location of each microservice in the Brightspace Cloud is based on many factors including expected usage patterns, availability, resiliency, and dependencies on other microservices. As a result, some microservices reside in D2L data centers or Amazon Web Services™ (AWS). For the most part, the locations of microservices have no end-user impact on how the Brightspace platform is used. Some Brightspace products also use microservices that store data outside of D2L data centers. For example, the Brightspace Data Platform uses AWS for data storage and the Dates Service uses IBM® Cloudant® for database storage. If applicable, data storage considerations are covered as part of the D2L master agreement (MA) and/or amendments.

Development and operations teams at D2L experience many of the direct benefits of microservices, but that change and renewal also lets us further improve experiences and functionality for our users. These benefits flow from one key idea: narrowly focused system components that exchange functional services with other components via well-defined network API boundaries.

The narrowly focused and separated components give our teams the option to employ a variety of technologies and scalability strategies, rather than settling for those intended for combined application. For example, the Brightspace Data Platform takes advantage of the distributed processing provided by Apache™ Hadoop® clusters when performing its aggregation and analysis. This technique would not be relevant to other Brightspace product areas such as discussion posts.

Additionally, the separation also helps our teams effectively and quickly adapt to new technologies and approaches as they become available. For example, we have been able to create new user interfaces that leverage specialized web-side user interface frameworks and interact directly with microservices. This flexibility allows our teams to develop and refine new workflows for our users using the most effective technology.

Our test-focused staff also can make effective use of this architectural change because they can take advantage of alternatives around testing microservices that emerge because of the formal service boundaries. Our Brightspace developer platform community can also take advantage of these boundaries, because each of them naturally becomes an API candidate for users looking to develop custom workflows or tools that integrate into the Brightspace platform.

The implementation of microservices and the coordination of development and operations teams has enriched D2L's approach to network infrastructure and deepened our expertise in a variety of more specialized technology platforms.

11


Microservices and the Brightspace Data PlatformDescriptionThe Brightspace Data Platform is D2L’s analytics solution. The Brightspace Data Platform stores raw events, and computes and stores aggregated data which can be accessed through an API.LocationOne instance per region in AWS:

U.S. East (N. Virginia) Canada Central (Montreal)

Dependencies

Depends on the Brightspace Event Flow Service, Landlord Service, and Authentication Service.

Depended on by Brightspace Insights.

Data Transmitted/StoredThe Brightspace Data Platform stores and transmits analytics events and aggregated data. Events provide information about actions performed by the user. For example, a content visit event is triggered when a user opens a content topic. These events are aggregated across meaningful dimensions, for example, course access by all students in a course. The aggregated data can be transmitted via the Data API, for example, to a Brightspace Insights report.

Events contain programmatic identifiers for the user, the context of the event, and the type of the event. For example:

A programmatic identifier for the user such as User ID = 123. A programmatic identifier for courses such as Course ID = 987. A programmatic identifier for the event type such as Login = 4545.

Stored data is encrypted with unique keys generated by D2L and are unique to each region. The data is stored on encrypted volumes to guard against back-end services being compromised. When transmitting data, the Brightspace Data Platform uses the HTTPS networking protocol. While in transit, all events are encrypted. Data access is restricted on a per-customer basis using the TenantID of the originating Brightspace instance. API access is governed by user and system-level permissions.

How the Service Works

1. User events are generated in Brightspace Learning Environment. For example, when a user logs in to the system, a Login Event is generated.

2. The Brightspace Event Flow Service sends events to the Brightspace Data Platform.3. Events are stored in Brightspace Data Platform (BDP) Storage.

12


4. The Brightspace Data Platform aggregates data, and stores the aggregated data in BDP Storage. For example, Login Events could be aggregated along hourly, daily, and weekly dimensions.

5. Aggregated data is sent to Brightspace Learning Environment in response to API requests. For example, API requests could be used to generate a report showing the Login Events generated for learners in a course.

Microservices and dataDepending on its function, transmission and storage of data is a consideration for microservices. The location of each data store is based on many factors, including the location of the microservice itself, security of the data, availability of the data, and dependencies on other microservices. D2L works with customers in many regions, jurisdictions, and markets with different needs and requirements around data privacy. We provide information on the data that is transmitted and stored for each microservice, allowing organizations to review it as needed.

Microservices and on-premise clientsOn-premise clients access the same D2L microservices in AWS as hosted clients, but they access them through their on-premise Brightspace instances. D2L microservices in AWS do not require any installation. D2L microservices in AWS cannot be hosted in on-premise environments.

To access certain features in Brightspace platform 10.6, on-premise clients must agree to permit access to centrally hosted microservices. For example, the Landlord Service and Authentication Service are required for accessing Brightspace Insights and Brightspace Pulse. Specifics on how to do this depend on how each client's environment is configured. For example, a client may have specific firewall restrictions that their IT department must adjust to permit traffic to D2L microservices in AWS.

Health checks that report on the availability of D2L microservices in AWS are monitored by D2L and are not available to on-premise clients.

13


Microservices architectureThe following architecture diagram displays current D2L microservices, their deployment locations in the Brightspace Cloud, and the dependencies among them with new Brightspace products and other microservices. For detailed information, refer to the sections for individual microservices in this guide.

14


Overview of released microservices

Microservice Name

Role Released In

Instance Location Depends On Depended On By

Activity Feed Service

Provides the ability to use the Activity Feed widget.

10.7.0 1 instance per region

AWS U.S. East (N. Virginia)

AWS Canada Central (Montreal)

AWS EU (Ireland)

AWS Asia Pacific (Sydney)

AWS Asia Pacific (Singapore)

Authentication Service

Landlord Service

Lessons tool

Brightspace Assignment Grader Transcoding Service

Converts files from one format to another for Brightspace Assignment Grader to consume.

Pre 10.3 1 global instance

Azure (West U.S.)

EduDentity Authentication Service

Brightspace Assignment Grader

Attribute Service

Provides an API for maintaining the management structure (who reports to whom) and other attributes about each user in Manager Dashboard.

10.7.1 1 instance per region AWS U.S.

East (N. Virginia)


Brightspace Event Flow Service

Groups Service

Attributes Import Service

Allows admins to import bulk user attribute CSV files into


East (N. Virginia)

Attribute Service

15


the Attributes Service for Manager Dashboard.



Provides user and service-level authentication and authorization via the OAuth2 protocol.

10.5.0 1 global instance


Landlord Service Brightspace

Pulse

Brightspace Insights

Brightspace Data Platform

Caliper Gateway

Brightspace Portfolio

Brightspace Binder Data Store

Not a service but a storage area for Binder documents.


Azure (South Central U.S., West U.S.)

N/A Brightspace Pulse

Completions Service

This service defines course completion and implements a service that tracks this state per user per course in Manager Dashboard.


East (N. Virginia)


Brightspace Event Flow Service and Learning Environment

N/A

Content Service

Houses Brightspace content, and currently provides and standardizes functions such as import/export, storage, preview, permissions, and basic search of



AWS EU (Ireland)

AWS Asia Pacific (Sydney, Singapore)



LTI Outcomes v2

The new Brightspace SCORM solution, Brightspace Portfolio

16


SCORM objects in the Brightspace platform.

Course Image Catalog Service

Provides a catalog of images available that can be associated with a course.



N/A My Courses widget when Daylight is enabled

The course image banner, which may be added to widget-based homepages when Daylight is enabled.

Dates Service

Provides an API for learners' personal dates. Currently, only used by Brightspace Pulse.




AWS EU (Ireland)



Landlord Service


User Info Service

Brightspace Pulse

Enrollment Service

In Manager Dashboard, provides a method of enrolling users from off-stack services. It also allows for a


East (N. Virginia)


Learning Environment

Reflex Service

17


batch of enrollments to be completed and stores an audit trail of who requested the enrollment.


Provides awareness of Brightspace Learning Environment events for other Brightspace services such as Brightspace Insights.

Available to clients on 10.6.10+

1 instance per region



AWS EU (Ireland)

Landlord Service




Content Service


Document Conversion Service

Converts documents uploaded to the Content tool, Assignments tool, Brightspace Learning Repository, Lessons, or Brightspace ePortfolio into PDFs, which display inline in the tool or product.


U.S. East (N. Virginia)

Canada Central (Montreal)

Asia Pacific (Sydney)

AWS EU (Ireland)



Content tool

Lessons tool

Assignments tool

Brightspace Learning Repository

Brightspace ePortfolio

Brightspace Assignment Grader for iOS and Android


Stores, manages, and authenticates users independent of Brightspace Learning Environment.


Azure (South AWS Central U.S., West U.S.)

N/A Brightspace Binder Data Store

Feed ServiceProvides an 10.5.0 1 instance AWS U.S. Landlord Brightspace

18


API for learner updates to the Announcements, Grades, Content, and Discussions tools. Currently, only used by Brightspace Pulse.

per region East (N. Virginia)


AWS EU (Ireland)



Service


User Info Service

Pulse

Gator Service

Processes events from multiple sources to index information for Manager Dashboard. It also provides a method of filtering and querying that data, including fuzzy-text search.


East (N. Virginia)


Brightspace Event Flow Service, Muskrat Service (indirectly)

N/A

Groups Service

Used to attribute the membership in a learning group in Manager Dashboard with some additional context - such as group administrator.


East (N. Virginia)


Brightspace Event Flow Service, Attribute Service

N/A

Hypermedia Proxy

Acts as a proxy or mediator to


AWS U.S. East (N.

Landlord Service

Brightspace platform

19


Service learning paths within Brightspace platform.

Virginia) Authentication Service

IPSIS Service

A queue for IPSIS-formatted data. Allows new IPSIS adapters to be added quickly and with minimal changes to the existing infrastructure.




AWS EU (Ireland)



Landlord Service

OneRoster adapter

Landlord Service

Provides each Brightspace instance with a TenantId, a permanent globally unique identifier.



N/A Authentication Service

Distributed Event Framework Service

Brightspace Insights



Learning Outcomes Registry Service (LOReS)

Provides the ability to create and edit required learning outcomes for a course offering.


AWS U.S. East (N.Virginia)



Landlord Service

Lessons tool

LMS Discovery Service

Provides a list of Brightspace instances so app users




20


(such as Brightspace Pulse) don't need to know their instance URL.

AWS - EU (Ireland)

Muskrat Service

Used to simulate required events in Manager Dashboard.


East (N. Virginia)


Learning Environment

Gator Service (indirectly)

Notification Scheduler Service

The Notification Scheduler service maintains a user digest of activity in Brightspace. Based on notification preferences, the service makes the necessary calls to send email notifications on a weekly basis.


East (N. Virginia)


AWS EU (Ireland)




Landlord Service

Brightspace for Parents

Parents Service

Maps parent user IDs to child IDs for use with Brightspace for Parents.


East (N. Virginia)


AWS EU (Ireland)



Landlord Service


Portfolio Service

Microservices used by OneRoster

Notification

Brightspace for Parents

21


Scheduler Service

Brightspace Polling Service

Enables organizations to do quick surveys. The first integration is with Brightspace Capture for Live Events.

10.6.3 and Brightspace Capture 9.4

1 instance per region


Europe (Ireland)



South America (São Paulo)

N/A Brightspace Capture

Reflex Service

The Reflex Service is an internal service used to evaluate rules and perform actions. Currently used by Manager Dashboard and Activity Feed scheduled posts.

10.7.1 1 instance per AWS region



AWS EU (Ireland)



Enrollment Service

Groups service

Brightspace Event Flow service

Manager Dashboard

Activity Feed scheduled posts

User Info Service

Provides storage of user preferences and filters user information between Brightspace Pulse and Brightspace Learning Environment.




AWS EU (Ireland)

AWS Asia Pacific


Dates Service

Feed Service

22


(Sydney)


Video Analysis Service

Acts as a conduit between Brightspace Capture and the Brightspace Data Platform.





Brightspace Capture and Brightspace Learning Environment


Video Note Service

Enables learners and instructors to record short videos with a webcam. These videos can be added where video attachments are supported and when the HTML Editor’s Insert Stuff option is available.

Pre 10.3 1 instance per region


AWS - EU (Ireland)

AWS Asia Pacific (Sydney, Singapore)


N/A N/A

Virtual Classrooms and Video Assignments

Provides the ability to use Virtual Classrooms and Video Assignments in Brightspace Learning Environment.

Pre 10.7 Virtual Classroom and Video Assignment data is hosted outside of D2L’s infrastructure.

Virtual Classroom and Video Assignment data is hosted outside of D2L’s infrastructure. YouSeeU provides data hosting/storage

N/A Virtual Classroom and Video Assignments

23


locations in the following areas using Amazon AWS: Canada (AWS-Montreal) United States (AWS-Northern Virginia) South America (AWS-Sao Paulo) Europe (AWS-Ireland) Australia (AWS-Sydney)

Wiggio Service

Enables learners and instructors to collaborate in an informal setting.

10.3 1 global instance

AWS (U.S. East)

N/A N/A


DescriptionThe Activity Feed Service provides the ability to use the Activity Feed homepage widget. The Activity Feed widget creates a unique "feed" or "stream" for a course. The feed is a way for instructors to provide access to activities learners need to complete, deliver information they need to know, and facilitate learner engagement using simplified workflows in an intuitive and friendly interface.

24


LocationOne instance per region in AWS:

U.S. East (N. Virginia) Canada Central (Montreal) EMEA (Ireland) Sydney Singapore

Dependencies

Depends on Authentication Service and Landlord Service.

Data Transmitted/StoredData related to the Brightspace Learning Environment and course that launched the service:

TenantId OrgUnitId

Data related to the user generated post or comment:

User ID - a programmatic identifier for the user who created the post or comment such as User ID = 123

Timestamp - when the post or comment was created Message text - the post or comment Weblinks and titles related to any attachments on the post or comment


1. A course administrator adds the Activity Feed widget to a course homepage.2. An administrator sets up Brightspace Learning Environment’s IMS configuration and maps

Brightspace Learning Environment roles to the IMS roles for Instructor and Student.3. An instructor views the class feed, creates new posts, contributes comments, and

moderates all learner comments.4. Learners view the class feed and contribute comments.5. All user created posts and comments are visible inside the widget and stored in the

Activity Feed Service.

25


Attributes Service

DescriptionThe service provides an API for maintaining the management structure (who reports to whom) and other attributes about each user in Manager Dashboard. It manages attributes - an attribute is a property associated to an object. It gets a definition which describes the attribute, which types of objects it applies to, and possibly which values are allowed. A value holds all attributes for a particular user or group, where each attribute can be of several different recognized types (string, number, date, or boolean).

LocationOne instance per region in AWS automatically deployed to a specific region based on an organization’s geographic location:


Dependencies

Depends on Brightspace Event Flow Service Depended on by Groups Service

Data Transmitted/StoredThe solution stores information that can be used in conjunction with other systems to discover PII or in some configurations may itself store PII such as a user's name, email address, or parent's name.

Attributes Import Service

DescriptionThe Attributes Import Service allows admins to import bulk user attribute CSV files into the Attributes Service for Manager Dashboard.


26



Dependencies

Depends on the Attributes Service

Data Transmitted/StoredUsers and user data


DescriptionThe Authentication Service (or Auth) is an OAuth 2.0 security token microservice. Its primary responsibility is to issue security tokens to authorized clients (software applications, including free-range apps) to enable them to interact with D2L microservices.

By design, the Authentication Service, on which Brightspace Pulse is dependent, does not support self-signed, expired, or invalid certificates. Organizations using any of these will not be able to use Brightspace Pulse.

The Authentication Service is enabled by default. As a result, Brightspace features or products that depend on the Authentication Service, such as Brightspace Pulse, can be accessed. Currently, all features or products that depend on the Authentication Service are turned off by default. If those features or products are enabled, it is possible for data to flow into them.

LocationA globally accessible D2L microservice that resides in AWS U.S. East (N. Virginia).

Dependencies

Depends on the Landlord Service. Before using the Authentication Service, on-premise clients must register their org with the Landlord Service.

Depended on by multiple microservices, Brightspace Pulse, and Brightspace Insights.

Data StoredThe Authentication Service stores the URLs of authorized clients (software applications, including free-range apps) and provisions access tokens for these clients for service-to-service authentication used by Brightspace products. It stores the userId as part of the context for user

27


authentication - for example, when authenticating a user of the data API for the Brightspace Data Platform.

Using a proxy server with the Authentication Service for on-premise clientsThe Authentication Service supports proxy servers. This allows on-premise clients that use proxy servers to take advantage of Brightspace products that depend on the Authentication Service such as Brightspace Pulse.

For on-premise clients using a proxy server, allow outbound traffic from Brightspace Learning Environment to https://auth.brightspace.com.

Important: You must specify the host name (not the IP address) and port 443.

How the Service WorksThe Authentication Service facilitates service-level and user-level authentication and authorization. The following example summarizes user-level authentication and authorization.

1. A learner navigates to a tool that depends on the Authentication Service.2. The Learning Management System (LMS) contacts the Authentication Service, provisions

an Auth token (JSON Web Token) for the learner, and provides the Auth token to the tool/application.

3. While using the tool, JavaScript running in the learner’s browser can call secured D2L microservices directly, providing the Auth token during each request.

4. Microservices extract and authenticate the Auth token, then ensure that the caller is authorized to perform the requested operation before proceeding.

In this way, the learner’s browser is less tightly coupled to the LMS, which improves performance and robustness, and facilitates the development of new Brightspace features.

Brightspace Assignment Grader Transcoding Service

DescriptionThe Brightspace Assignment Grader Transcoding Service converts documents from a given format into a format that can be read by Brightspace Assignment Grader. Brightspace Assignment Grader requires this functionality to support annotating files submitted by learners for grading.

LocationOne global instance in Microsoft Azure West U.S.

28


Dependencies

Depends on EduDentity Authentication Service. Depended on by Brightspace Assignment Grader.

Data Transmitted/Stored

Data is cached for five days, after which is it is automatically deleted. There is no long term storage.

A programmatic identifier for the user such as User ID = 123. The converted file and the identified file type.


1. Brightspace Assignment Grader submits a file to the service.2. The service converts the file and returns a link.3. The file and associated data is deleted five days after the request is made.

Brightspace Binder Data Store

DescriptionThe Brightspace Binder Data Store contains Binder documents on behalf of a user. It is not a microservice, but is a centralized repository that is used by Brightspace Binder.

LocationOne global instance in Microsoft Azure South Central U.S. and West U.S.

Dependencies

Depended on by Brightspace Binder.


A programmatic identifier for the user such as User ID = 123. Files related to the user, including tags, annotations, and metadata.

29



1. Brightspace Binder submits documents for storage in the Brightspace Binder data store.2. At a later point in time, Brightspace Binder requests a document on behalf of a user.3. An authentication check happens for the user.4. The requested document is retrieved.


DescriptionThe Brightspace Event Flow Service provides awareness of Brightspace Learning Environment events for other products such as Brightspace Insights.


U.S. East (N. Virginia) (default location) EU (Ireland) (for configured EMEA clients) Asia Pacific (Sydney)

Dependencies

Depends on the Landlord Service. Depended on by the Brightspace Data Platform and Content Service.

Data StoredThe Brightspace Event Flow Service transmits and stores data in the form of events using Amazon Kinesis Stream with SSL encryption. Event data is encrypted at rest and while in transit. The events that are transmitted contain programmatic identifiers for the user, the context of the event, and the type of the event. For example:

A programmatic identifier for the user such as User ID = 123. A programmatic identifier for courses such as Course ID = 987. Events such as logins, tool access, and content visits are identified by the programmatic

identifier for the user.

Events are stored in the Brightspace Event Flow Service in AWS and transmitted to services such as the Brightspace Data Platform (also located in AWS).

30


How the Service WorksThe following example illustrates how the Brightspace Event Flow Service works with Brightspace Insights.

1. User events are generated in Brightspace Learning Environment. 2. These events are then stored in the Main DB split.3. The Telegraph Service pulls batches of events from the Main DB split and prepares to

publish them to the Brightspace Event Flow Service.4. Before publishing events, the Telegraph Service must attach a TenantId to each event. It

first looks for the TenantId in the Memcache (where a cached copy of the TenantId may be stored). If the TenantId is not there, it requests it from the Landlord Service.

5. The Landlord Service returns the unique TenantID to the Telegraph Service, which attaches the TenantId to each event and then publishes the events to the Brightspace Event Flow Service.

6. The Brightspace Event Flow Service processes the events for usage by other products/services. For example, the Brightspace Event Flow Service streams events to the Brightspace Data Platform.

Brightspace Polling Service

DescriptionThe Brightspace Polling Service allows organizations to run quick polls during webcasts (Example: What is your favorite subject?).

LocationOne instance per region. The Brightspace Polling Service is currently in the following AWS locations:

U.S. East (N. Virginia) Europe (Ireland) Canada Central (Montreal) Asia Pacific (Sydney) South America (São Paulo)

Client regions are determined by D2L to provide the best user experience and in accordance with data residency requirements.

Dependencies

Depended on by Brightspace Capture.

31



Content: Questions and choices created by the presenter and answers created by the participants.

User information: UserID (numerical identifier for each user, i.e. no portion of the name is stored)

Platform data: Tenant ID, and the context (e.g. Video ID including tags, annotations, and metadata).


1. In Brightspace Capture, a presenter creates a webcast and chooses to create a poll.2. The poll is created in the Polling Service.3. During the event, the presenter initiates the poll, which gets the information from the

Polling Service.4. Answers by participants are sent to the Polling Service.5. After the event, the presenter can access the results of the poll from the Polling Service.

Completions Service

DescriptionThis service defines course completion as when a user completes all required topics in a course and implements a service that tracks this state per user per course in Manager Dashboard.



Dependencies

Depends On: Brightspace Event Flow Service, Learning Environment

Data Transmitted/StoredUser information and course data

32


Content Service

DescriptionThe Content Service houses Brightspace content, and currently provides and standardizes functions such as import/export, storage, preview, permissions, and basic search of SCORM objects in the Brightspace platform. It makes use of a new SCORM Engine to play back SCORM objects in a new window.

Connections from the Content Service to Brightspace Learning Environment are made through Brightspace APIs.


U.S. East (N. Virginia) (default location) EU (Ireland) Asia Pacific (Sydney) Canada Central (Montreal)

Administrators first set the d2l.Tools.ContentService.Endpoint configuration variable to on, and then a call from the Brightspace platform is routed to the appropriate region based on its location. The endpoint URL is automatically set based on location.

Note: If administrators had already enabled the configuration variable and set the endpoint URL in a release prior to Brightspace Learning Environment 10.7.4, the region does not change automatically based on location. Administrators must manually change the URL if they want a different region than the one they initially set.

Important: Once the AWS region is specified and your users start to add SCORM content to their courses, you cannot change the region without loss of data. However, if you change the endpoint and then revert to the one you had data stored in previously, it is possible to reclaim that data.

If you are located in The United States, Central America, or South America, the US region is set (https://api.us-east-1.content-service.brightspace.com).

If you are located in Canada, the Canada region is set (https://api.ca-central-1.content-service.brightspace.com/).

If you are located in Europe, Africa, or the Middle East, the Ireland region is set (https://api.eu-west-1.content-service.brightspace.com).

If you are located in Australia, New Zealand, Oceania, China, India, or the rest of Asia (excluding Singapore), the Australia region is set (https://api.ap-southeast-2.content-service.brightspace.com)

33


Dependencies

Depends on the Authentication Service, Landlord Service, Brightspace Event Flow Service, and LTI Outcomes.

Depended on by the new Brightspace SCORM solution.

Data Transmitted/StoredThe following data is transmitted through/stored in the Content Service, the SCORM Engine, or S3:

Data related to upload sessions. Data related to the conversion process of content objects. Data related to user sessions, which can include:

User ID. First and last name. Where in Brightspace Learning Environment the user launched from. LTI roles. User roles in the LMS.

Data related to the content object, which can include: Where it is stored on S3. Revisions of the content object. Who owns the content. Metadata such as title or type. Where the content object is put in the LMS.

Report information on SCORM progress, attempts, score, user ID, and first and last name. SCORM Engine stores reporting data, progress in the SCORM package, and user ID. S3 stores data on the SCORM packages uploaded.

How the Service WorksEmbedding a SCORM package into the Content tool:

1. When a user clicks the option to add a SCORM package, an LTI (ContentItemSelectionRequest) launch is made to the Content Service.

2. The user selects a SCORM package (zip file) from their system. API calls are made to the Content Service to register the new object and sign requests to upload the package to S3.

3. After the SCORM package is uploaded to S3, processing occurs to unzip the package, re-upload the unzipped package to S3, and import it into the SCORM Engine.

4. When the processing of the package is complete, the user is notified that they can insert the content topic.

5. When the user inserts the content topic, a request is made from the Content Service to Brightspace Learning Environment that assigns a URL to the uploaded object, which is then embedded into the content topic.

34


Playing or interacting with a SCORM package in the Content tool:

1. When a user clicks on a content topic that includes a SCORM package, a button is displayed indicating that they can open the object in a new window. The user clicks the button and a new window is opened, which performs an LTI (basic-lti-launch-request) launch to the Content Service.

2. The Content Service checks the user’s IMS role from the LTI launch to determine whether the user is an instructor or learner.

3. The Content Service makes API calls to the SCORM Engine to register the launch and request a signed preview or launch URL. The preview URL is requested if the user is an instructor and the launch URL is requested if the user is a learner.

4. The Content Service redirects to the SCORM Engine preview or launch URL and the SCORM package displays to the user.

5. As the user interacts with the SCORM package, progress updates are sent to the SCORM Engine, which are then forwarded to the Content Service for its own reporting.

Course Image Catalog Service

DescriptionThe Course Image Catalog Service provides a list of publicly available images that can be associated with a course in the Learning Management System (LMS). It is used by the new My Courses experience and the new Course Image Banner when Daylight is enabled.

LocationDefault for all clients: a global cluster that resides in AWS U.S. East (N. Virginia).

Dependencies

Does not depend on any other microservice. Depended on by the My Courses widget when Daylight is enabled. Depended on by the course image banner, which may be added to widget-based

homepages when Daylight is enabled.

Data Transmitted/StoredThe Course Image Catalog Service contains a set of images stored on the Brightspace CDN along with keywords for searching through the catalog when choosing an image to associate with a course.

The Course Image Catalog Service does not store the association of an image to a course. This is stored in the LMS. There is no user or course information stored with the service.

35


Search terms used in requests are logged anonymously. These may be used to help prioritize future improvements to the service, such as search index improvements or possible catalog expansion.


1. If a course does not have a course image assigned to it, the LMS calls the Course Image Catalog Service for a random abstract image to assign to the course.

2. If users have permission to change a course image, they can search using the Course Image Catalog Service for a list of images they can assign to the course.

Dates Service

DescriptionThe Dates Service provides important dates to end user applications. For example, Brightspace Pulse uses the Dates Service to provide details on assignment due dates and scheduled exams. More specifically, the service:

Caches information from Brightspace Learning Environment, reducing load on that system. The Dates Service is designed to be highly (and dynamically) scalable and protects Brightspace Learning Environment from spikes in requests.

Filters information so that it is suitable for use by end users (as opposed to APIs that can be used to backup or synchronize all information across systems.) For example, the Dates Service can filter out inactive courses based on user preferences.

Stores information that is specific to an end user and not necessarily applicable to all users in Brightspace Learning Environment. For example, personal appointments or schedules.



Dependencies

Depends on the Authentication Service and Landlord Service, and User Info Service.

36


Depended on by Brightspace Pulse.

Data Transmitted/StoredTo communicate with one another, devices and microservices use the HTTPS networking protocol.

Data at rest residing in AWS DynamoDB is encrypted. While in transit, data is encrypted using SSL.

The user ID in data is a composite key along with the course offering ID; it is not a universally accepted global ID for the user. The user ID cannot be linked to a user's name or identity. In the database, user IDs appear as a series of repeated numbers.

Regarding data retention, D2L requires the user ID to report on general user data; it is not used to report on the activity of a specific user. For example, the user ID may be used to report on how many users have an average of three or more dates per month. D2L would not use the data to report on how many times John Smith looks at his deadlines. D2L retains the data as long as required to generate reports based on general user data. The reports are subject to change at D2L’s discretion and client-specific data is subject to the terms specified in the MA, including data retention past contract termination.

Dates Service Database Data Scope Retention Policy

Calendar/Personal dates

Note: Personal dates are created by learners (midterms, assignments, etc.); the information doesn't currently exist in the LMS. However, after creation, the dates persist between devices.

Course offering ID (OrgunitId), userId, tenantId, title, description, eventTimestamp, type (test, assignment), weight, progress status

All course offerings for all instances at a given data center

As long as required for analytical purposes


1. When a learner uses Brightspace Pulse, an API request is made to retrieve date information, for example, scheduled exams.

2. The request is forwarded to the Dates Service.3. If the data is stored in Brightspace Learning Environment, the data is retrieved using the

Brightspace APIs. If the data is not stored in Brightspace Learning Environment, the data is retrieved from the Dates Service database.

4. The date information is then sent to the device.

37


Document Conversion Service

DescriptionThe Document Conversion Service converts documents uploaded to the Content tool, Assignments tool, Brightspace Learning Repository, Lessons, or Brightspace ePortfolio into PDFs, which display inline in the tool or product.

Documents are converted during upload instead of during user access, which reduces wait times when rendering documents to users.

Valid file types include: .ppt, .pps, .pptx, .ppsx, .doc, .docx, .rtf, .odt, .odp, .xls, .xlsx.

Converted documents display as inline PDFs in the tool or product. If an uploaded document is an invalid file type, it fails to convert and render in the tool or product.

When users download documents, they are saved in their native file formats.

LocationOne instance per region. The Document Conversion Service is enabled by default and currently resides in the following AWS locations:

U.S. East (N. Virginia) Canada Central (Montreal) Asia Pacific (Sydney) AWS EU (Ireland) AWS Asia Pacific (Singapore)

A call from the Brightspace platform is routed to the appropriate region based on its geographic location using the Amazon Route 53 DNS web service. Currently, Canadian servers are routed to Canada Central, Australian servers to Asia-Pacific, and all others default to U.S. East.

Dependencies

Depends on the Authentication Service Depended on by the Content tool, Assignments tool, Brightspace Learning Repository,

Lessons, or Brightspace ePortfolio Depended on by Brightspace Assignment Grader for iOS and Android

Data Transmitted/StoredUploaded documents and converted PDFs are stored in AWS S3 and cleaned up every 180 days. There is no long-term storage.

38



1. User uploads a document to the Content tool, Assignments tool, Brightspace Learning Repository, Lessons, or Brightspace ePortfolio.

2. The Brightspace platform sends the file to the Document Conversion Service for conversion.

3. The service converts the file to a PDF, which is stored in AWS S3.4. A link to the PDF file is returned to the Brightspace platform for display in the tool or

product.5. After 180 days, the uploaded document and converted PDF are deleted.


DescriptionThe EduDentity Authentication Service allows users to verify their identity, similar to the login process in Brightspace Learning Environment. This service is independent of any particular instance of Brightspace Learning Environment, allowing users to log in even if they are not associated with any particular organization. This service is used with products where users may not need to have any affiliation to a specific institution or implementation of Brightspace Learning Environment, such as Brightspace Binder.

LocationOne global instance in Microsoft Azure South Central U.S. and West U.S.

Dependencies

Depended on by Brightspace Assignment Grader Transcoding Service. Depended on by Brightspace Binder system, including the Brightspace Binder Data Store,

Content Publishing Service (CPS), and Binder apps. Depended on by MyDesire2Learn. Depended on by Open Courses.

Data Transmitted/StoredFor each user registered in the system:

A programmatic identifier for the user such as User ID = 123. A hash of the password (but not the password itself to prevent decryption). A security question and three hashes for the answers (but not the answers themselves to

prevent decryption). Email address.

39


First name, last name, and display name. The date the user was created. Whether or not the user has been verified and the deadline for verification. Whether or not the user is currently active and the date of deactivation (if applicable). The last successful login date, the number of failed login attempts, and the date the user

was locked out (if applicable). Whether or not this is a dummy user and an expiry date (if applicable).


1. A separate solution verifies the credentials of a user with the service. The service authenticates the user and passes the results back to the calling solution.

2. Alternatively, a separate solution requests the security question of the service. The response is checked against the stored hashes.

Enrollment Service

DescriptionThe Enrollment Service provides a method of enrolling users from off-stack services. It also allows for a batch of enrollments to be completed and stores an audit trail of who requested the enrollment.



Dependencies

Depends on Learning Environment Depended on by Reflex Service

Data Transmitted/StoreduserId, tenantId, courseId, roleId

40


Feed Service

DescriptionThe Feed Service provides an API for learner updates to the Announcements, Grades, Content, and Discussions tools. It sends user notifications (the ones that appear in the minibar in Brightspace Learning Environment) to the Apple Push Notification Service (APNS) and Google Cloud Messaging (GCM) for use by the Apple iOS and Google Android platforms, respectively.

Note When users log in with Brightspace Pulse, data starts collecting automatically. To prevent data collection while you are evaluating this product for your environment, disable the Feed Service.



Dependencies

Depends on the Authentication Service. Depended on by Brightspace Pulse.

Data Transmitted/StoredThe Feed Service stores Announcements notifications that are pushed from the LMS as they happen (in the LMS) for Brightspace Pulse users. This service itself does not return to the LMS to retrieve historical data.

To communicate with one another, devices and microservices use the HTTPS networking protocol.


The user ID in data is a composite key along with the course offering ID; it is not a universally accepted global ID for the user. The user ID cannot be linked to a user's name or identity. In the database, user IDs appear as a series of repeated numbers.

Regarding data retention, D2L requires the user ID to report on general user data; it is not used to report on the activity of a specific user. For example, the user ID may be used to report on

41


how many users have an average of three or more dates per month. D2L would not use the data to report on how many times John Smith looks at his deadlines. D2L retains the data as long as required to generate reports based on general user data. The reports are subject to change at D2L’s discretion and client-specific data is subject to the terms specified in the MA, including data retention past contract termination.

Feed Service Database

Data Scope Retention Policy

Grades Event: Released Grade

Course offering ID (key), user ID (key), grade value

All users for all course offerings for all instances globally


Grades Event: Updated Grade

Course offering ID (key), user ID (key), grade value



Announcements Event: New Announcements Item

Course offering ID (key), title, description, posted date

All course offerings for all instances globally


Announcements Event: Updated Announcements Item

Course offering ID (key), title, description, posted date

All course offerings for all instances globally


Discussions Event: New Forum

Course offering ID (key), Forum ID (key) All users for all course offerings for all instances globally


Discussions Event: Update Forum

Course offering ID (key), Forum ID (key) All users for all course offerings for all instances globally


Discussions Event: New Topic

Course offering ID (key), Forum ID (key), Topic ID (key)



Discussions Event: Update

Course offering ID (key), Forum ID (key), Topic ID (key)

All users for all course offerings

As long as required for

42


Topic for all instances globally

analytical purposes

Discussions Event: New Post

Course offering ID (key), Forum ID (key), Topic ID (key), Post ID (key)



Discussions Event: Reply to Post

Course offering ID (key), Forum ID (key), Topic ID (key), Post ID (key)



User/Device Mapping

User ID (key), Device ID (key)

Note: The Device ID is an identifier supplied by Apple/Google servers so Brightspace can send push notifications to the user's device.

All devices for all users globally


Note The Feed Service does not transmit information from courses with an End Date that has passed or that have the Is Active setting disabled.


1. When a learner uses Brightspace Pulse for the first time, their device is registered and a unique Device ID is assigned.

2. In Brightspace Learning Environment, events are generated that need to be sent to the Feed Service as push notifications, for example, an exam grade.

3. The event is stored in the Feed Service database.4. The D2L Mobile Push Notification Service looks up the Device ID in the Mobile Push

Notification Service Database to determine who the intended recipient is.5. The D2L Mobile Push Notification Service sends the Device ID to the third party Push

Notification Service (i.e. Apple, Google), which retrieves the event directly.6. The 3rd party Push Notification Service sends a push notification to the device. No data is

sent with the request, only a notice that information is available such as an exam grade.

Gator Service

DescriptionThis service processes events from multiple sources in order to index information for Manager Dashboard. It also provides a method of filtering and querying that data, including fuzzy-text search.

43


Location{The number of instances of the microservice per region and the specific locations in Amazon Web Services (AWS)}:

{AWS location} {AWS location}

DependenciesOne instance per region in AWS:


Data Transmitted/StoredUsers, courses, enrollments, attributes, groups, and completions

Groups Service

DescriptionThis is used to attribute the membership in a learning group in Manager Dashboard with some additional context (such as group administrator.)



DependenciesDepends On: Brightspace Event Flow Service, and Attributes Service


userId

44


Hypermedia Proxy Service

DescriptionThe Hypermedia Proxy Service acts as a proxy or mediator to learning paths within Brightspace platform.

Connections from the Hypermedia Proxy Service to Brightspace Learning Environment are made through the Brightspace APIs.

LocationA global cluster that resides in AWS U.S. East (N. Virginia).

Dependencies

Landlord Service - If unavailable, this service will also be unavailable. Depended on by Brightspace platform:

Activity Sequence Viewer

Data Transmitted/StoredNo data is stored alongside this service. The data passed through this service is:

OrgUnitId For content modules and topics:

ID Parent ID, child IDs, sibling IDs Name Completion state Entity data representing files, links, LTI activity launch information, etc. Specifics

depend on the entity type and are dictated by Brightspace Learning Environment.

IPSIS Service

DescriptionThe IPSIS Service allows data from IPSIS adapters to be queued and consumed by the Brightspace platform.

The IPSIS Service currently supports the OneRoster adapter, which provisions the required roster related data (including schools, classes, users, and enrollments) according to the OneRoster v1.1 specification.

45


LocationOne instance per region. The IPSIS Service is currently located in the following Amazon Web Services™ (AWS) regions:

U.S. East (N. Virginia) Canada Central (Montreal) EU (Ireland) Asia Pacific (Sydney)

Dependencies

Depends on the Authentication Service and the Landlord Service. Depended on by the OneRoster adapter.

Data Transmitted/StoredThe following data is transmitted through the IPSIS Service:

Roster related data including schools, classes, users, enrollments and other types.


1. An adapter, for example, OneRoster, transforms data into a generic format.2. The formatted data flows into the IPSIS Service.3. The Brightspace platform consumes the IPSIS-formatted data.4. The appropriate data is created in the Brightspace platform.

Landlord Service

DescriptionThe Landlord Service is a global microservice that supports multi-tenancy and Service Oriented Architecture (SOA)-based solutions. It provides each Brightspace instance with a TenantId, a permanent globally unique identifier.

Note If a Brightspace instance cannot connect to the Landlord Service, a unique TenantId is not assigned and any features that require a TenantId are unavailable. Users receive a message that their organization's system is not set up.

LocationA global instance that resides in AWS U.S. East (N. Virginia).

46


DependenciesDepended on by:

Brightspace Event Flow Service Authentication Service Brightspace Insights Brightspace Data Platform Brightspace Pulse

Data Stored

The TenantId. The primary domain as well as any aliases of your Brightspace instance. The main database split server as configured in the instance.config file and the database

name.

API CallsLandlord allows the following public read-only API calls:

Given primary domain, database server name, and database, retrieve a TenantId. All three values are required to get a TenantId.

Given a TenantId, retrieve the primary domain.

Provisioning a TenantId (on-premise clients only)If you do not have a TenantId, submit a ticket to D2L Support requesting a TenantId with the following information for each of your sites:

the Brightspace site the DNS CNAME, where the value is the database server name name of the main database split

Important The DNS CNAME and name of the main database split must match the corresponding information in the instance.config file. The easiest method for providing this information to D2L Support is to copy the connection string element from instance.config for the main database split (excluding the password). For example:

<connectionString value="Data Source=MYSQLServer;Initial Catalog=D2L_Main;..." />

Having your TenantID provisioned using a DNS CNAME instead of a host name ensures that if you need to make an unplanned change to your database server, applications that rely on the TenantId are unaffected. For example, if your site fails over to a mirror database, you update the CNAME value to the new host name. In this situation, no changes to the TenantID are required. For example, Name: LVUDB, Type: CNAME, and Value: winsql01.lvu.com.

47


Confirming that a TenantId has been provided (on-premise clients only)As of 10.5.0, on-premise clients can check the ORG_ORGANIZATIONS table in their main database split to see if the TenantIdCachedForQueryString and CachedTenantId columns are populated for their org. If they are not populated, then Brightspace is unable to get the TenantId from the Landlord Service, meaning the TenantId is not provisioned yet or Brightspace cannot connect to the Landlord Service. The System Error Log should include a message that describes the issue.

Configuring Brightspace for the Landlord Service (on-premise clients only)If your institution's firewall configuration does not allow outbound traffic, you must use one of the following methods to establish an outgoing HTTPS connection to https://landlord.brightspace.com:

Add a firewall rule to allow outbound connections (port 80 and port 443) from all web and scalable servers to https://landlord.brightspace.com.

Configure a proxy server on the network by setting up the following configuration variables: d2l.System.Infrastructure.ProxyAddress - The address of the proxy server. It normally takes the form http://myproxy:8080/ or https://myproxy:8080/ where myproxy is the host name or IP address and 8080 is the port. d2l.System.Infrastructure.ProxyBypassAddresses - Addresses or address patterns that should not go through the proxy server. Address patterns take the form scheme://hostname:port/path where scheme is either http or https; hostname can be set as a * wildcard; port can be a specific number or a * wildcard to apply to all port numbers; and path is optional and can also contain a * wildcard.

Changes to TenantID values (on-premise clients only)Features that require the Landlord Service could experience problems if the primary domain of the Brightspace site, the database server name, or name of the main database split changes.

If you need to change the primary domain of your Brightspace site, the database server name, or the name of the main database split, contact your D2L Technical Account Manager.

Learning Outcomes Registry Service (LOReS)

DescriptionThe Learning Outcomes Registry Service (LOReS) provides the ability to create and edit required learning outcomes for a course offering.

48


LocationOne instance per region. LOReS is currently in the following AWS locations:


Dependencies

Depends on Authentication Service and Landlord Service. Depended on by Lessons.

Data Transmitted/StoredData communicated from Brightspace Learning Environment to LOReS:

Tenant ID Text of outcomes


1. A course administrator enables the Lessons experience for a course in the Config Variable Browser.

2. A curriculum owner adds or removes required learning outcomes to the course.3. Brightspace Learning Environment sends changes to outcomes text, along with the

appropriate tenant ID, to LOReS when updates are made.

LMS Discovery Service

DescriptionThe LMS Discovery Service provides a list of LMSs so users don't need to know their Brightspace instance URL. For example, when a learner uses Brightspace Pulse, they need to connect the app to a specific Brightspace instance. However, the learner may only know the name of the school and not the Brightspace instance URL. The LMS Discovery Service allows learners to enter the school name and the service provides them with the applicable Brightspace instance URL.

LocationDefault for all clients: AWS U.S. East (N. Virginia).

For configured EMEA clients: AWS - EU (Ireland).

49


DependenciesDepended on by Brightspace Pulse.

Data StoredData at rest is encrypted and stored in Amazon S3. While in transit, data is encrypted using SSL.

Regarding data retention, D2L requires the user ID to report on general user data; it is not used to report on the activity of a specific user. D2L retains the data as long as required to generate reports based on general user data. The reports are subject to change at D2L’s discretion and client-specific data is subject to the terms specified in the MA, including data retention past contract termination.

LMS Discovery Service Database Data Scope Retention Policy

Institution names (currently only Higher Education, U.S./Canada)

Institution name, Instance URL, Location

Stored in AWS regions

Service life time


1. From a device, a learner launches Brightspace Pulse for the first time and enters the name of their school. Brightspace Pulse contacts the LMS Discovery Service, which retrieves the Brightspace instance URL used by the school.

2. After entering the URL in Brightspace Pulse, the learner logs in, authenticating directly with the school’s Brightspace instance.

Muskrat Service

DescriptionUsed to simulate required events in Manager Dashboard.



50


Dependencies

Depends on Learning Environment Depended on by Gator Service (indirectly)

Data Transmitted/Storedusers, courses, enrollments

Notification Scheduler Service

DescriptionThe Notification Scheduler service maintains a user digest of activity in Brightspace. Based on user notification preferences, the service makes the necessary calls to send email notifications on a weekly basis.



Dependencies

Depends on Authentication Service and Landlord Service. Depended on by Brightspace for Parents.

Data Transmitted/StoredThe following data is transmitted through/stored by the Notification Scheduler service:

TenantId UserId Digest Type Frequency

Data at rest is partially encrypted. While in transit, data is encrypted using SSL.

51



1. A parent configures their personal email address in Brightspace Learning Environment.2. They receive an email that asks them to verify their email address.3. Once done, the parent chooses to receive the weekly activity summary.4. Each Saturday at 8 AM, the Notification Scheduler sends the weekly activity summary to

the parent.

Parents Service

DescriptionThe Parents Service maps parent user IDs to child user IDs for use in Brightspace for Parents.


U.S. East (N. Virginia) Canada Central (Montreal) EU (Ireland) Asia Pacific (Sydney)

Dependencies

Depends on the Authentication Service, Landlord Service, Activity Feed Service, Portfolio Service, Microservices used by OneRoster, Notification Scheduler Service

Depended on by Brightspace for Parents.

Data Transmitted/StoredThe Parents Service stores parent user IDs, child user IDs, and their relationships.

To communicate with one another, Brightspace Learning Environment, Brightspace for Parents, and the Parents Service use the HTTPS networking protocol.

While in transit, data is encrypted. Data at rest residing in AWS DynamoDB is unencrypted.


1. An organization provides parent-child relationships to Brightspace Learning Environment via a Student Information System (SIS) integration.

52


2. Brightspace Learning Environment transmits the parent user IDs, child user IDs, and their relationships to the Parents Service.

3. Parents log in to Brightspace for Parents to view the status of their children's learning activities.

4. Brightspace for Parents retrieves the child user IDs from the Parents Service. 5. The child user IDs are used to fetch the associated activities from Brightspace Learning

Environment.

Reflex Service

DescriptionThe Reflex Service is an internal service that evaluates rules and performs actions. Current uses:

Manager Dashboard - ensures all members in groups get enrolled in assigned courses. Activity Feed - enables scheduled posts.


U.S. East (N. Virginia) Canada Central (Montreal) EU (Ireland) Asia Pacific (Singapore) Asia Pacific (Sydney)

Dependencies

Manager Dashboard rules depend on Enrollment service, and Brightspace Event Flow service

Activity Feed rules depends on itself Depended on by Manager Dashboard, and Activity Feed scheduled posts

Data Transmitted/StoredThe following data is transmitted through/stored by the Reflex Service:

UserId TenantId CourseId RoleId

53



1. The Reflex Service provides a client for creation and modification of rules.2. Evaluates rules based on either incoming events from the Brightspace Event Flow

service, or based on a scheduled task.3. Takes defined actions when rule criteria are met.

User Info Service

DescriptionTo enhance the performance and scalability of microservices that support Brightspace Pulse, the User Info Service acts as a proxy microservice responsible for:

Modifying or filtering user information between Brightspace Pulse and other sources of information (currently, Brightspace Learning Environment only).

Storing user preferences for Brightspace Pulse.

By default, the User Info Service is turned on and cannot be disabled.

Connections from the User Info Service to Brightspace Learning Environment are made through the Brightspace API. On-premise clients must ensure the Brightspace API can be publicly accessed to allow connections from the User Info Service to Brightspace Learning Environment.


U.S. East (N. Virginia) Canada Central (Montreal) EU (Ireland) Asia Pacific (Sydney) Asia Pacific (Singapore)

The User Info Service Database is an AWS DynamoDB database that resides in the same AWS region.

For configured EMEA clients: a global cluster that resides in AWS - EU (Ireland).

Dependencies

No dependencies on other microservices. Depended on by Brightspace Pulse.

54


Data Transmitted/StoredThe User Info Service stores the following user data for course offering enrollments in an AWS DynamoDB database:

Composite key of tenantId and userId orgUnitId Org unit name Org unit code Org unit type Color (Brightspace Pulse only) Active flag (Brightspace Pulse only - was returned in previous enrollments, but is no

longer returned) Customized course names (edited in Brightspace Pulse)

To communicate with one another, devices and microservices use the HTTPS networking protocol.


Regarding data retention, D2L requires the user ID to report on general user data; it is not used to report on the activity of a specific user. D2L retains the data as long as required to generate reports based on general user data. The reports are subject to change at the discretion of D2L and client-specific data is subject to the terms specified in the MA, including data retention past contract termination.

User Info Service Database

Data Scope Retention Policy

Course Enrollment Tenant ID (key), Course offering ID (key) user ID (key)

User As long as required for analytical purposes

Org Unit: Personal Settings

Org unit name, Org unit code, Org unit type, Colour, Active flag

User As long as required for analytical purposes

Video Analysis Service

DescriptionThe Video Analysis Service acts as a conduit between Brightspace Capture and Brightspace Data Platform.

55


LocationOne instance per region. The Brightspace Polling Service is currently in the following AWS locations:

U.S. East (N. Virginia) Canada Central (Montreal) Asia Pacific (Sydney)

Dependencies

Depends on Brightspace Capture. Depends on Brightspace Learning Environment Depended on by Brightspace Data Platform.


Course ID (org-unit ID) User ID, user role Video ID Number of segments in the video Video segment #: indicates which segment of the video was watched, a number between

1 and the number of segments in the video


1. As a user watches a video, the data is sent to Brightspace Data Platform.2. This data is stored in Brightspace Data Platform, and is aggregated to create the analytics

dashboard in Brightspace Learning Environment.3. The aggregation calculation counts the number of times each user has watched each

segment of the video.

Video Note Service

DescriptionVideo Note is a light-weight video recording service that allows learners and instructors to record short videos with a webcam. These videos can be added where video attachments are supported and when the HTML Editor’s Insert Stuff option is available.

56


Dependencies

No dependencies on other microservices. Depended on by Brightspace Data Platform.

LocationDefault for all clients: AWS U.S. East (N. Virginia).

For configured EMEA clients: AWS EU (Ireland).

For configured APAC clients: AWS Asia Pacific (Sydney or Singapore).

For configured Canadian clients: Canada Central (Montreal).


The Brightspace Learning Environment instance name The organization name orgID orgUnitID Username Title of the video Description of the video Date/time video was created The location of the video The video – being recorded and played back

Virtual Classroom and Video Assignments service

DescriptionVirtual Classroom and Video Assignments are a service offering that delivers face-to-face classroom experiences over the internet. D2L has partnered with YouSeeU to provide access to these services. Virtual Classroom and Video Assignments allow instructors to schedule live discussions, office hours, video-based training, and assessments. YouSeeU is a US Based company that hosts and manages the service. As D2L uses a 3rd party to provide this service, please review the following information to ensure that it abides by the data processing and data residency policies of your organization. D2L remains accountable to its customers regarding any data security and data privacy obligations.

57


LocationVirtual Classroom and Video Assignment data is hosted outside of D2L’s infrastructure. YouSeeU provides data hosting and storage locations in the following regions using Amazon AWS:

Canada (AWS-Montreal) United States (AWS-Northern Virginia) South America (AWS-Sao Paulo) Europe (AWS-Ireland) Australia (AWS-Sydney)

Please review your organization’s data residency and data transfer policies to ensure that one of these regions meets your organization’s requirements.

DependenciesN/A

Data Transmitted/StoredData Transmitted/Stored In Region

LTI Tool consumer information LTI Context information LTI Link title LTI Link description Student/Instructor User ID Student/Instructor User Name Student/Instructor User email Organization (e.g. school, corporation) Recorded Videos of sessions (video, audio from webcams) Video captions Phone Bridge information (e.g. telephone dial-in information) Whiteboard information Course information (e.g. course name) Video Assignments creation and submission Video and text based Feedback Assessments and Grading of assignments in Virtual Classroom Resources uploaded to support the Virtual Classroom (text, video, audio, presentations,

etc.)

58


Data Transcoding (Canada, South America)The video and data being used by Virtual Classroom and Video Assignments is stored and processed within their respective data locations.

For Canada and South America, videos are transcoded (i.e. made suitable for streaming based on the destination device’s capabilities and network bandwidth), in an Amazon AWS service located within the United States. Data and video files are not stored in the transcoding service. Please review your organization’s data residency and data transfer policies to ensure that transcoding out of country is permitted.

Support and ManagementYouSeeU supports and manages the Virtual Classroom service from the United States. Data transfers outside of your selected data location may be necessary. Please review your data residency and data transfer policies to ensure that this data transfer is compatible with the requirements set by your organization.

Wiggio Service

DescriptionWiggio is an ad-hoc group collaboration product that allows instructors and learners to work together in a less formal setting that than Brightspace Learning Environment.

Dependencies

No dependencies on other microservices.

LocationAWS U.S. East (N. Virginia)


Brightspace Learning Environment user name User email address User names (first and last) orgUnitID orgID User mobile phone number (user provided, optional) Wiggio group memberships (which Wiggio groups the user is part of) Personal and group files uploaded to Wiggio (includes folder names)

59


Email and SMS notification settings (user configured) Social media account information (user configured) User photo (if provided by user) Wiggio specific:

Group calendar (Meetings and event dates, times, and invitees) ToDo list (list name, task name, and assignee) Polls and poll questions Discussion topics, messages, and responses Group website links

60


About D2LA global leader in EdTech, D2L is the creator of Brightspace, the world’s first integrated learning platform.

The company partners with thought-leading organizations to improve learning through data-driven technology that helps deliver a personalized experience to every learner, regardless of geography or ability. D2L’s open and extensible platform is used by more than 1,100 clients and almost 15 million individual learners in higher education, K–12, healthcare, government, and the enterprise sector—including Fortune 1000 companies.

The company has operations in the United States, Canada, Europe, Australia, Brazil, and Singapore. www.D2L.com

Contact Us Phone: 1.519.772.0325 (Worldwide)Toll Free: 1.888.772.0325 (North America)

0.808.234.4235 (United Kingdom and Europe)

0.800.452.069 (New Zealand)

1.800.656.210 (Australia)

0.800.891.4507 (Brazil)

Fax: 1.519.772.0324Email: [email protected]: @BrightspaceWeb: www.D2L.com

© 2018 D2L Corporation.

The D2L family of companies includes D2L Corporation, D2L Ltd, D2L Australia Pty Ltd, D2L Europe Ltd, D2L Asia Pte Ltd, and D2L Brasil Soluções de Tecnologia para Educação Ltda.

Brightspace, D2L, and other marks ("D2L marks") are trademarks of D2L Corporation, registered in the U.S. and other countries. Please visit d2l.com/trademarks for a list of other D2L marks.

61
