Installing Groupcall IDaaS in Your School

What is Groupcall IDaaS?

Groupcall IDaaS is an ‘as-a-service’ cloud identity management, identity provider, single sign-on and application provisioning service, for individuals in the education sector.

Groupcall IDaaS is highly scalable, highly resilient and secure.

The ethos behind the development of Groupcall IDaaS is akin to a utility service like water, power and communications:

  • simple to use,
  • compatible through the use of open and industry standards,
  • as well as always on.

Our IDaaS solution has been built from the ground-up as a completely fresh and innovative approach to identity management and single sign-on, with the added benefit of application provisioning.

We have considered the many pitfalls of traditional identity management implementations, together with a significant number of requirements and use cases taken from existing large-scale deployments.

Tell me more...
Groupcall IDaaS provides Identity-as-a-Service for individuals in the education sector, whether students, staff or parents.  It steps away from what a classic Identity Manager delivers and instead takes a fresh look at what a modern identity platform can do when it sets aside the complexities and legacies of a classic identity manager, providing the critical 80% of functionality that modern cloud-based collaborative learning products deliver, without the complexity and bloat required for the remaining 20% of barely used functionality.

Groupcall IDaaS is designed to keep things as simple and flexible for users as possible, putting them in full control of their identity but keeping it up to date via data entered into one or more school systems.

Groupcall IDaaS supports forward provisioning to other third party cloud-based products by providing both user and school information and identity to those systems as they require.  The specific detail of what is transferred will depend on the third party products(s) that you are using IDaaS to forward provision and is covered in a specific data sharing agreement for each third party product we support.  IDaaS is cleverly designed to dynamically adjust the data it requests from your school based on the requirements of the third party systems that it is forward provisioning to.

 

Overview of IDaaS Data Movement

Groupcall IDaaS uses the existing secure transport mechanism provided by the Groupcall WebService (used in our Emerge product), allowing a school to hold full control over data extraction by IDaaS but also allowing IDaaS to make requests for data that vary depending on the needs of the third party systems to which we forward provisioning.  The connection to your school MIS is provided by Groupcall’s established school data extraction product – Groupcall Xporter.

Groupcall Xporter is installed in your school, is connected to your MIS, and uses the Groupcall WebService to connect to IDaaS, which is delivered from Microsoft Azure.  IDaaS_Data_Overview

How does the data move once the initial installation is complete?

Once the initial installation is completed the data movement process works like this:

  • Your school Xporter notifies IDaaS if data has changed, and IDaaS makes a note to request your school changes as soon as possible.
  • As soon as it can, IDaaS connects to the Groupcall WebService and authenticates.  It requests recent changes to each area of data needed by IDaaS or for forward provisioning.
  • Your school MIS build responses to these requests one at a time to avoid excessive workload and encrypts them using a key unique to your specific school and IDaaS before transmitting them.
  • IDaaS applies changes to data within itself as soon as it receives them.
  • IDaaS queues changes to data via forward provisioning as soon as it receives them, but depending on the destination system there may be a delay before the changes appear to users.

 


Ok... So what do I do now?

Now you know a little bit about what IDaaS is and how data moves around the various elements of IDaaS you can prepare for installation.

Xporter

As you know, IDaaS uses Xporter to extract data from your MIS; you therefore need to meet the Xporter Pre-requisites in order to prepare for installation.

Tell me what they are...

Xporter Pre-Requisites

Where should I install Groupcall Xporter?

Groupcall recommends, where possible, that Xporter is installed on the MIS server. This will reduce potential complexity connecting to the MIS and will ensure that the Xporter installation is as highly available as the server.

If this is not possible in your environment, a suitable additional server or workstation will suffice. Please bear in mind that this machine should be left powered on at all times, this will ensure accuracy and availability of data. It must also have access to the MIS data and meet the pre-requisites detailed below.

Xporter Hardware requirements

Xporter has negligible hardware requirements and in most cases should go unnoticed on a computer running at least a 1.6GHz processor with at least 1GB of memory. The Disk Space required varies by extracts in use and how many you have installed, but as a rule of thumb the typical installation will need no more than 250MB working space, however busy installations can cache up to 1GB. An active internet connection is also required, this can be wireless, however a wired connection is usually more reliable.


 

Xporter Software requirements

Groupcall Xporter requires the following, and any additional MIS-specific requirements as below;

  • Administrator access to the computer
    • Both during installation and post-install to run the Xporter Management Console on an on-going basis
  • Microsoft .net Framework 4.5 Full (not Client Profile)
    • To be installed alongside the SIMS workstation client.
    • This must be enabled as a feature via Server Manager.
  • Microsoft .net Framework 3.5 SP1
    • This must be enabled as a feature via Server Manager.
    • Ensuring  this is available ahead of installation will significantly shorten the installation process as certain systems require a restart as part of the .net installation.
  • A Supported Windows Version
    • Windows Server
      • 2008 R2,
      • 2012,
      • 2012 R2
    • Windows Client (you should always try to install on a server when you are able to).
      • Windows 7
      • Windows 8.1
      • Windows 10
  • Older versions of Windows;
    • Microsoft have now discontinued support for Windows XP and Windows Server 2003.
    • Xporter will continue to run on these systems for a period of time but newer versions of Xporter are not guaranteed to be compatible.
    • Following best practices for data security you should migrate away from these Windows versions as soon as possible.

 

Xporter Internet Access

Groupcall Services require access to the following URLs in order to operate effectively:

 

  • https://dashboard.groupcall.com/ - To report health status and receive repair instructions
    • Please note this is a secured URL, i.e. it is HTTP + SSL = HTTPS. You must be able to connect to the HTTPS URL

 

 

These addresses can be accessed via proxy; the Xporter installer will copy the proxy settings from the current user at installation. Please ensure they are white-listed as appropriate.

Depending on the purpose of your installation there may be other URLs that require access, for example, a web service upload URL or a SIF Zone Integration Server URL.

Click here to close Xporter Pre-requisites and see the IDaaS specific Pre-requisites

IDaaS Specific Pre-Requisites

In addition to the Xporter Pre-requisites, to install IDaaS you will need;

The IDaaS installation executable
  • Groupcall Emerge for Parents Customers;
    • This will be provided by the Groupcall representative during installation.
  • Identity Services Subscribers
    • This will be provided to you on email by the third party to whom you are provisioning your school data.
    • You will be sent a URL from which to download the file. It will be something like - http://www.groupcall.co.uk/clients/idaas/idaas_setup.exe.

transparent_10x10

Access to the Service Bus URL -http://emergeen.servicebus.windows.net
ServiceBus_Connection

Successful connection to ServiceBus

    • To verify connectivity, open the service bus link above on the Server that will run IDaaS. If you see a screen like that shown to the right, the server can connect to Service Bus.
    • If you get any type of ‘page not found’ or ‘access blocked’ message, then it is likely your proxy settings need amending, possibly centrally.

transparent_10x10

IDaaS school administration Username and Password
  • Groupcall Emerge for Parents Customers;
    • This will be provided by the Groupcall representative during installation.
  • Identity Services Subscribers
    • These will be provided to you by the third party to whom you are provisioning your school data.
    • These credentials are used by your school to manage your IDaaS installation and the systems to which data is provisioned - you should keep them safe, as with any credentials,  they are central to secure data management!

transparent_10x10

Are you using Skype on the same server?

In rare circumstances the installer will not be able to access Port 80 for HTTP traffic to get the files it needs as the popular communications application 'Skype' sometimes block access over this port.
If you have Skype running on the computer on which you will install IDaaS, you will need to turn off communications over port 80 within skype - there are some resources on this available from the Skype support pages.

 transparent_10x10

Access to a 'current' version of an Internet Browser
In order to login to a third-party system powered by IDaaS you will need to use one of the following supported browsers;

Windows;

  • Chrome - Current version
  • Firefox - Current version
  • Internet Explorer v10 and above

Apple MacOS;

  • Chrome - Current version
  • Firefox - Current version
  • Safari - Current version

Mobile;

  • iOS - 5.1 or higher
  • Android 2.3.3 or 4+
  • Windows Phone 8.1

Not sure which version or browser you have? This external page might help.

transparent_10x10

IDaaS installation

Having met the Xporter and IDaaS specific Pre-requisites and ensured you have any relevant credentials to hand you can now begin installing IDaaS.

 

Installation Overview

The IDaaS installer will;

  • Install Xporter.
    • If you already have Xporter installed (for an existing data extraction to e.g. send data to your LA) it will apply the latest version of Xporter and carry out a basic health check and repair.
  • Install or upgrade the Groupcall WebService.
    • If you are running any other Groupcall products that use the Groupcall WebService, the latest version will be applied.
    • Please contact us before installing IDaaS if you are running Groupcall Emerge on the same server that will run IDaaS.
  • Prompt you to enter your 'IDaaS school administration Username and Password'.
  • Carry out various 'behind-the-scenes' tasks to set-up your system ready for IDaaS.
    • A unique identifier is generated to authenticate the server running IDaaS in your school to the IDaaS service held in the Azure cloud.
    • Enable Service Bus within the Groupcall Management Console - to allow communication with Azure.
    • Tells IDaaS in the cloud what the unique identifier for you school is, how to reach your schools installation of IDaaS and any other provisioning specific connection details.

As you can see from the above, a number of other services are involved in the setting up of IDaaS - if the installer fails with connectivity or time out errors, you should verify that all URLs are accessible as defined in the Xporter and IDaaS pre-requisites. You can then restart the installation once connectivity is restored.

 

Installation Walk-through

Download the installation file from the link you have been given, then save and run the file you downloaded as appropriate for your organisation.

Having started the '.exe' file running, you will find it a straightforward process to click through the installer.Accept the default installation points and select “Install”… IDaaS_Installer_1
Enter details of a technical contact.transparent_10x10Why are you asking me for this information? IDaaS_Installer_TechContact
Select SIMS from the list of MISs.At present, SIMS is the only supported MIS. If you have another MIS that you would like to use with IDaaS, please contact us.

Then click 'next' or 'install' as appropriate on the next few windows.Some files will be downloaded and you will see various information presented on screen along with some progress bars. Wait for this to complete.

IDaaS_Installer_MISSelect
When you see the SIMS.Net login screen within the installer you need to enter the 'groupcall user' credentials for your SIMS installation.Click 'Login' in order to verify the details and connection.

If you get a username or password error then try a different user or follow our SIMS user creation video and use that user to connect with instead.You shouldn’t click Next until you have a green connection message. If you’re unable to get a green connection message and have met all MIS specific Xporter pre-requisites then please contact us.

IDaaS_Installer_SIMSConnection
Verify your school details are correct. These details are read from SIMS, and MUST MATCH the details provided to the third party when you originally requested IDaaS credentials.The LA code and Establishment code (DfES code when used together*) form part of the authentication process so accuracy is paramount.

You can change the information shown here if you need to, if there is an error here, you should ensure you update SIMS also.

*In the example shown the DfES code would be 3281096.

IDaaS_Installer_SchoolDetails
The installer will now carry out various tasks... IDaaS_Installer_Progress
...including downloading Xporter scripts and starting the various services required to run IDaaS, and carrying out some post-install checks.Please wait for these tasks to complete. When they are completed, you will see a list confirming the Services have started and the scripts have downloaded as shown in the screen shot to the right.If you encounter any errors here, please check all pre-requisites are met. If this does not help, please contact us. IDaaS_Installer_Service&ScriptsIDaaS_Installer_XporterOK

Xporter, the Groupcall/Emerge WebService and the Groupcall/Emerge Management Console are now installed.

Next, we will configure the IDaaS settings and provide connection details.

You will now need to enter the IDaaS school administration Username and Password with which you were provided.If you do not have this information, please speak to the third party to whom you are provisioning your school data. Groupcall do not hold these details so cannot help in the event of lost credentials.There will be a short pause whilst the credentials are verified with the IDaaS registration service.  IDaaS_Installer_IDaaSCredentials
If you have connectivity issues, you will see an error like this stating that the IDaaS registration service could not be contacted... please check that the pre-requisites are met and that there are no general connectivity issues.  IDaaS_Installer_connectionerror
If you have entered the credentials incorrectly you will see an error like this stating that the credentials you have provided have not been accepted by IDaaS... please check they are correct. If they have been entered as supplied, please contact the third party that provided them to you.  IDaaS_Installer_credentialerror
Once the credentials are verified, you will see a confirmation window that the installer has completed.Clear each tick box and select finish.   IDaaS_Installer_endCLEAR

 

 

Click here to close the walk-through

 


Congratulations, you have completed the installation of IDaaS (including Xporter, the Groupcall Management Console and the Groupcall WebService)!

You should now inform the Local Authority or third-party whom provide IDaaS to you that the installation is complete and they will advise you on what to do next.

Next Steps...

If you need any further assistance or get in to any difficulty, then please contact Groupcall Support. If the issue affects Groupcall Partner products you should refer to the support arrangements for that specific Groupcall Partner.

…And Finally

Have you followed Groupcall on Twitter and Facebook? Stay informed, get the latest news, updates and useful tips on all of our products!


 

Print Friendly