One of the holy grails of Moodle is having it such that students are added to the right courses in an automated way. This becomes particularly true if you have individual courses for each and every class each of which could have up to 30 enrolments to go through (just far to many to do using manual methods).
Moodle has a number of ways to automate the process out of the box and my favourite way at the moment is using an external database…
So in this post I will show how to use SIMS reports (generated using CommandReporter.exe) to populate student and teacher enrolments in courses as part of a Moodle install using the External database enrolment plugin (more on this here – https://docs.moodle.org/27/en/External_database_enrolment).
- First up you will need to know your way around Capita SIMS (in particular creating custom reports) as well as the basics of SQL server management (in particular adding a database to an instance) and Microsoft SQL Server Integration Services (there is a great video series on SSIS here – https://www.youtube.com/playlist?list=PLNIs-AWhQzcmPg_uV2BZi_KRG4LKs6cRs).
- Next you will need a SQL server running Standard edition or higher (this gives you access to SSIS as per http://msdn.microsoft.com/en-gb/library/cc645993.aspx), if you only have Express edition installs in your environment then there isn’t much point in following this guide until you do.
- This guide also assumes that you are using LDAP authentication in your Moodle site and that you have your course lists already populated with the course shortname the same as the course name as it appears in SIMS (it is possible to generate courses using the Database Enrolment method but that’s something for another guide).
- Finally you must have the SIMS.net client (which includes CommandReporter.exe) installed on the SQL server from which you will be running the job to get the class lists into Moodle (more on this a little later).
Capita SIMS setup
For best results create a new SIMS user that will be used exclusively for your Moodle Reports, then login with that user and follow the instructions below.
In recent testing with iOS8 (specifically 8.0.2) we’ve discovered that any web application (in particular we’ve got a number of in house applications that were built using Visual Studio Lightswitch 2013) that relies on Windows Authentication (on Microsoft Internet Information Services) simply does not work.
In particular users get to the login prompt screen to enter their username and password and on attempting to login are just presented with the login window again with no apparent error message.
The work around for now is to use an alternative browser (Chrome works good for us), hopefully Apple will fix this annoyance soon.
Just a little snippet before hitting September…..Having recently tried to update the Firmware on my Plantronics Voyager Legand at work (using a Windows 8.1 problem) I found that the MyHeadset Updater (http://www.plantronics.com/uk/product/myheadset-updater) tool cannot handle web proxies (without having the URLs it tries to reach out to being in a authentication bypass list).
As I only had one headset to update I turned to the simple solution of take it home and do it there!
After playing with Windows Phone 8.1 on my Nokia Lumia 1020 for the past few days (since general release in the UK) thus far my favourite feature has to be the ability for the phone to automatically turn back on WiFi (after a set period of time) after you turn it off.
Certainly where I live and work WiFi is plentiful and as such it makes much more sense to use than cellular data however on occasion I have found myself turning off WiFi (for any strange and interesting reason) but forgetting to turn it back on.
Still looking forwards to the UK version of Cortana if only to ask her what is going to happen in the next Halo!
The past few weeks at work have been filled up with going from what has been a very successful pilot of Moodle 2.6 to a fully featured install of Moodle 2.7.1. Hopefully as time allows I’ll be able to get out some posts about how each aspect of Moodle goes down with the staff and students but for now this post serves as a way for me to highlight some features (in no great detail) which I think deserve recognition.
Things to be covered include-
- Linking AD accounts to class lists in Capita SIMS (a Schools Information Management System)
- Using the auto login feature to put Moodle front and centre
- My home
- OneDrive, Google Drive and Dropbox integration
- Moodle updates (going from 2.7 to 2.7.1)
This final network is quite possibly the ones that most Schools will shy away from on grounds of ‘security’ – where I work however that just isn’t an option as we have paying users of the school facilities right the way through the evening and weekends. Indeed the weekend after we put this public network in place we have ~110 users on the network all of which were taking part in a chess competition that was being held at the Academy.
James stop rambling and get on with the guide…
So for the Public WiFi network the objective is to provide guests with a shared key (which is changed regularly) to access the network and to be able to use the internet without putting in any web proxy settings.
As per with the BYOD network you must have the Smoothwall configured with a virtual adapter which sits in the Public VLAN (details here –https://myworldofit.net/?p=6473) before carrying on with this guide. The screen shots below cover the configuration required…
Windows DHCP Server
Next up you must configure your Windows DHCP server to provide the clients with their IP addresses…
The configuration on the HP MSM for this network is as easy as setting up the Mac Wi-Fi VLAN as I will just be using a pre shared key that is changed regularly. However there are plenty of other options available like a captive web portal or single use keys (Meraki have a pretty funky option where you are forced (or just directed to) to ‘like’ a Facebook page before you are authenticated onto the network).
Finally as part of the configurations for the BYOD and Public networks because we are using the Smoothwall (and not our internal router) as the default gateway we need a method to allow what are 3 separate networks (BYOD/Public/Internal) to communicate with each other. On Smoothwall firewalls this is called Zone Bridging. N.B. – To configure zone bridging you need to have the Zone feature installed as a module (System > Maintenance > Modules).
That’s all folks!
Here ends this series of posts; hopefully they have given you an interesting insight into one (of many) ways to configure a WiFi network inside a School (or indeed any workplace). Please note that for specific help on the Smoothwall side your best bet will be to get a hold of Smoothwall direct and for support on HP wireless networks you will probably need to get a VAR involved.
The BYOD network is quite possibly the hardest to setup (and thanks to the Smoothwall support guys for spotting an obvious mistake I made on my DHCP config the first time round!) of all 4 of the SSIDs by also the most rewarding when you see 300+ students and staff connected on their Phones, Laptops and Tablet PCs. In a typical school BYOD network setup you will have two hoops to jump through, authenticating onto the SSID and then authenticating against the schools web filter. However using the neat WPA Enterprise authentication mode on Smoothwall firewalls its possible to both authenticate onto the SSID and the web proxy at the same time making life much easier for your users.
So time to get the configuration going…
First up you must have configured a VLAN for the exclusive use of the BYOD network (as per the guide here – https://myworldofit.net/?p=6473) taking special note of setting the IP Helper Address to a virtual network adapter on your Smoothwall firewall which sits in the BYOD VLAN. Take a look at the screen shots below for more info…
NB – in this configuration the Smoothwall firewall will allow connectivity to the internet at the users policy level, if you want to allow BYOD guests to access your internal resources you will need to configure the Smoothwalls DNS and Zone Bridging features. I will touch on this in the next article.
The configuration on the HP MSM is similar to setting up the Domain WiFi network in that a RADIUS server is configured and the VSC is configured to use that RADIUS server.
To help you get started with your own user guides feel free to download and modify the ones that I have used at my establishment below.
OSA-BYOD - Android (498.4 KiB, 1,331 hits)
OSA-BYOD - iOS (3.3 MiB, 1,351 hits)
OSA-BYOD - Windows 7 (796.7 KiB, 1,212 hits)
OSA-BYOD - Windows 8 (2.1 MiB, 1,112 hits)
OSA-BYOD - Windows Phone (206.9 KiB, 925 hits)
OSA-BYOD - Windows Vista (1.5 MiB, 1,025 hits)
You will note that Windows XP is omitted as it is no longer a Microsoft supported operating system (although XP does work with this configuration).
By comparison to the Domain WiFi setup the configuration for the Apple network is much simpler.
The one tiny little exception is that the Apple Discovery Protocol (Bonjour) is by design unable to traverse VLANs. In many networks this wouldn’t be a problem however we have a item of software called AirServer on our Windows clients that ties into the AirPlay feature on iPads to project the iPad screen onto the PC screen. To get this feature working the Bonjour discovery packets need to move from the Windows VLAN to the Mac VLAN.
So first up the configuration for the SSID on our HP MSM controller-
To get the Bonjour packets to traverse the VLAN we need a ‘Bonjour Gateway’; to get this going I will be using a Virtual Machine with 3 network adapters running Ubuntu Client (if you are confidant with Linux then feel free to use the server edition!) and a bit of software called Avahi.
The guide here – http://community.spiceworks.com/how_to/show/38251-build-your-own-bonjour-gateway shows very well how to setup the Avahi software; in my case I went without the VLANs and just used native NICs sitting in the Server, Windows Clients and Mac Clients VLANs.
A few more details in the screen shots below-
Next up is an article on the BYOD SSID which uses a very cool feature on our Smoothwall firewall to make logins really easy.
Now that we have the basics configured its time to setup the first SSID (shown here as OSA-WiFi). This SSID will be used for Windows computers that are domain joined, this could be desktop PCs with wireless adapters as well as laptops and tablet PCs with built in wireless.
To complete this section you will need a Windows Server with the Network Access Protection role installed on it as well as a valid SSL assigned to it (the SSL cert must be ‘in date’ as otherwise your clients won’t connect to the network). If you don’t have a valid SSL certificate issued by a 3rd party you can use this guide here which shows you how to use the Active Directory certificate services to provision your own – http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Setting-up-Wi-Fi-Authentication-Windows-Server-2008-Part1.html.
One of the great things about using this kind of authentication in a domain environment is that you don’t need to manage individual passkeys for your clients (in a school it can be a massive time saver if you have a class set of 30 new laptops to roll out) as all the settings required to connect can be pushed down via Group Policy Object.
Network Access Protection Server
First to be setup is the Windows Network Access Protection Server; this server hosts a service called RADIUS which receives authentication requests from the HP MSM and then checks the credentials (in this case the fact that the computer wishing to connect is indeed a member of the Windows Active Directory Domain) against Active Directory and in turn allows/prevents the client from connecting to the network.
Now that we have the backend service together its time to get the HP MSM Controller to use the RADIUS/NAP server and present a SSID to the clients.
Group Policy Setup
As previously mentioned by using this Wireless authentication model you can easily pass out the settings to your domain joined Windows Computers without having to manually tap in a passkey on each machine. Ok so maybe it take a while to setup and maintain but in the long run shouldn’t we be nice to our technicians and get them doing something more important?
In the next part of this guide I’ll look at the setup of the Apple Mac wireless network as well as give you some pointers on how to get Bonjour packets to traverse between your Windows Wireless and Apple Network (great for the modern craze of Airplay).
Its VLANs time! In this part of the guide I am going to look at the VLAN configuration required to get all of this up and running. For the whole setup we have the following VLANs being used-
172.16.8.0/21 – VLAN 2 Services which includes 172.16.8.4 as our Windows DHCP server, 172.16.8.39 as the Wireless Controller and 172.16.15.254 as the Smoothwall firewall
172.16.24.0/21 – VLAN4 APs just a DHCP range (powered by Windows Server) that the APs sit in, once they have their first IP address it gets converted to a reservation
172.16.72.0/21 – VLAN10 Windows clients another DHCP range (powered by Windows Server)
172.16.104.0/21 – VLAN14 Apple clients another DHCP range (powered by Windows Server)
172.16.128.0/21 – VLAN17 BYOD clients another DHCP range (powered by the Smoothwall firewall)
172.16.136.0/21 – VLAN18 Public clients just one more DHCP range (powered by Windows Server)
The Windows DHCP server serves up IP addresses for various services as listed in the screen shot below.
Core switch configuration
The core switch provides Layer 3 routing (required to get VLANs to talk to each other) and also houses the Wireless Controller as an expansion module. The Smoothwall firewall actually sits on a separate switch in this configuration which can be found on port number K8.
Edge switch configuration (includes Smoothwall Firewall)
The edge switch config below shows how the switch talks back to the Core switch and which VLANs the Smoothwall sits in.
HP MSM Controller
This next part shows how the IP configuration is setup on the HP MSM wireless controller; click through the screen shots for more info.
HP MSM Access Points
This time its the turn for the access points, again just click through the screen shots.