Schooltas (‘schoolbag’) is the next-generation e-learning environment by ThiemeMeulenhoff. Via iPad and web browser, students can access their schoolbooks in ‘eBooks’ format and interact with other students and teachers, using social and collaborative learning tools.
Reaching out to students via their beloved Apps and computers, clearly appeals to the modern student; the platform has been designed to service one million active users per day, and is already prepared for much further growth. With that many users, availability is vital – and the highly personal information of the participants means that privacy and security are equally important.
High availability built into the design
Even a short disruption of the platform would disrupt the learning experience, reduce the trust of teachers and students, and reflect negatively on ThiemeMeulenhoff and its e-learning solutions.
To counter these risks, Sentia has designed a sturdy platform that uses Amazon AWS’ Beanstalk that simplifies the publishing and management of the web applications (thereby reducing the risk on Human Error). Then, the virtual environment is spread over multiple Availability Zones (data centres) to counter the loss of one geographical location. Lastly, we’ve used our Design for Failure and AWS’ Auto Healing possibilities. Both assume that any component could potentially fail, and automatically solve the issue!
Each child is entitled to its-an learning process. We therefore combine new, smart learning methods with technology and didacted content.Eric RazenbergCEO ThiemeMeulenhoff
Establishing extreme levels of availability of one simple application is one thing; in the case of Schooltas, ThiemeMeulenhoff and Sentia have successfully established this in a complex ecosystem of Public Cloud and application resources:
- A back-office dashboard for the various content publishers;
- A secure management interface for system and application managers;
- Over a million of front-end applications (iPad clients and web browsers);
- Geo-distributed databases, caching, Content Delivery, and application releases;
- Application Program Interfaces (APIs) that interconnect services and systems.
Securing personal information, intellectual properties
It goes without saying that any personal information must be protected against prying eyes; existing legislation already puts some firm constraints on parties that process such information, but additional laws were announced for 2018 (the so-called ‘GDPR’). If for this reason alone, maintaining strict security already is very important. Yet in addition, the various publishers that provide the eBooks as well as the data of ThiemenMeulenhoff itself are for a large part their Intellectual Properties
that are of obviously critical importance, too ...
In a complex environment such as Schooltas, you can't simply add security as an after afterthought. It should be implemented from the bottom up, and automated, to rule out human error.Justin van HeerdeCloud Solution Architect Sentia
This is where Sentia’s HalloumiTM Delivery Engine comes in (in addition to the AWS-provided services such as Identity Access & Management, Amazon CloudWatch, and AWS CloudTrail). HalloumiTM uses templates that describe the ‘Infra-as-Code’ from which the virtual components are built and maintained. These templates also include many security parameters, so that a Cloud component will automatically inherit the security settings.
Better still, Sentia uses a clever mix of AWS-specific monitoring / compliance tools and our own (Open Source) tools, e.g. Beagle that continuously performs Compliance tests.
- 100% CI/CD environment, and 100% Infra-as-Code (template-based infra).
- Access to the environment is strictly controlled, for instance with a ‘Bastion Host’ for management access, Identity & Access Management in full compliance with the Security requirements of ThiemeMeulenhoff.
- Built in accordance with AWS’ Well-Architected Framework and its Security Best Practices.
- Also complies with various other Best Practices and Sentia’s own standards:
- Our ‘Design for Failure’ strategy, honed since 1999,
- Full separation into Cloud-based Test, Acceptation, and Production silos, o
- Auto Healing to raise the overall availability,
- Auto Scaling to deal with peak loads (school and homework hours),
- Encryption of all data traffic in transit.
This solution originally ran on two other Public Clouds; the migration onto AWS took place in close cooperation between our customer, the application managers, and Sentia’s Architects and Engineers.
Main AWS services used
- Application Load Balancer
- Amazon CloudFront
- Amazon DynamoDB
- AWS Elastic Beanstalk
- Amazon ElastiCache
- Amazon Simple Queue Service
- Amazon S3
Supportiing AWS services
- Identity & Access Management
- Trusted Advisor
- Amazon CloudWatch Logs
- Amazon CloudWatch metrics
- AWS CloudTrail